chore(deps): update all non-major dependencies

[renovate-bot]

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	patch	v4.1.4 -> v4.1.6
actions/dependency-review-action	action	minor	v4.2.5 -> v4.3.2
github/codeql-action	action	patch	v3.25.3 -> v3.25.6
ossf/scorecard-action	action	patch	v2.3.1 -> v2.3.3
step-security/harden-runner	action	minor	v2.7.0 -> v2.8.0

---

Release Notes

actions/checkout (actions/checkout)

v4.1.6

Compare Source

• Check platform to set archive extension appropriately by @​cory-miller in https://github.com/actions/checkout/pull/1732

v4.1.5

Compare Source

What's Changed

• Update NPM dependencies by @​cory-miller in https://github.com/actions/checkout/pull/1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in https://github.com/actions/checkout/pull/1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in https://github.com/actions/checkout/pull/1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in https://github.com/actions/checkout/pull/1695
• README: Suggest user.email to be 41898282+github-actions[bot]@​users.noreply.github.com by @​cory-miller in https://github.com/actions/checkout/pull/1707

Full Changelog: actions/checkout@v4.1.4...v4.1.5

actions/dependency-review-action (actions/dependency-review-action)

v4.3.2

Compare Source

What's Changed

• Fix package-url parsing for allow-dependencies-licenses by @​juxtin in https://github.com/actions/dependency-review-action/pull/761

Full Changelog: actions/dependency-review-action@v4.3.1...v4.3.2

v4.3.1

Compare Source

What's Changed

This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See https://github.com/actions/dependency-review-action/pull/753.

Full Changelog: actions/dependency-review-action@V4.3.0...v4.3.1

v4.3.0

Compare Source

New Features

• The deny-packages option can now be used without a version number to exclude all versions of a package.

What's Changed

• Fix action variable name for scorecard by @​lukehinds in https://github.com/actions/dependency-review-action/pull/735
• Fix extra https:// in summary by @​jhutchings1 in https://github.com/actions/dependency-review-action/pull/748
• Bump typescript from 5.3.3 to 5.4.5 by @​dependabot in https://github.com/actions/dependency-review-action/pull/744
• Bump eslint-plugin-github from 4.10.1 to 4.10.2 by @​dependabot in https://github.com/actions/dependency-review-action/pull/737
• Show denied packages with red X by @​juxtin in https://github.com/actions/dependency-review-action/pull/750
• deny-packages configuration option can deny specified version or all packages by @​febuiles and @​bteng22 in https://github.com/actions/dependency-review-action/pull/733

New Contributors

• @​bteng22 made their first contribution in https://github.com/actions/dependency-review-action/pull/733
• @​lukehinds made their first contribution in https://github.com/actions/dependency-review-action/pull/735

Full Changelog: actions/dependency-review-action@v4.2.5...V4.3.0

github/codeql-action (github/codeql-action)

v3.25.6

Compare Source

v3.25.5

Compare Source

v3.25.4

Compare Source

ossf/scorecard-action (ossf/scorecard-action)

v2.3.3

Compare Source

[!NOTE]
There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag

What's Changed

• 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1366
• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1374
• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1377

For a full changelist of what these include, see the v5.0.0-rc1 and v5.0.0-rc2 release notes.

Documentation

• 📖 Move token discussion out of main README. by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1279
• 📖 link to ossf/scorecard workflow instead of maintaining an example by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1352
• 📖 update api links to new scorecard.dev site by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1376

Full Changelog: ossf/scorecard-action@v2.3.1...v2.3.3

v2.3.2

Compare Source

step-security/harden-runner (step-security/harden-runner)

v2.8.0

Compare Source

What's Changed

Release v2.8.0 by @​h0x0er and @​varunsh-coder in https://github.com/step-security/harden-runner/pull/416
This release includes:

• File Monitoring Enhancements: Adds the capability to view the name and path of every file written during the build process.
• Process Tracking Enhancements: Adds the capability to view process names and arguments of processes run during the build process.

These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process.

Full Changelog: step-security/harden-runner@v2...v2.8.0

v2.7.1

Compare Source

What's Changed

Release v2.7.1 by @​varunsh-coder, @​h0x0er, @​ashishkurmi in https://github.com/step-security/harden-runner/pull/397
This release:

• Improves the capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners
• Updates README to add link to case study video on how Harden-Runner detected a supply chain attack on a Google open-source project
• Addresses minor bugs

Full Changelog: step-security/harden-runner@v2.7.0...v2.7.1

---

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.