Skip to content

fix(deps): update github-actions#337

Merged
prisis merged 1 commit intomainfrom
renovate/github-actions
Mar 13, 2026
Merged

fix(deps): update github-actions#337
prisis merged 1 commit intomainfrom
renovate/github-actions

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Mar 3, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/dependency-review-action action minor v4.8.3v4.9.0
actions/setup-node action minor v6.2.0v6.3.0
github/codeql-action action patch v4.32.4v4.32.6
step-security/harden-runner action minor v2.14.2v2.15.1

Release Notes

actions/dependency-review-action (actions/dependency-review-action)

v4.9.0: Dependency Review Action 4.9.0

Compare Source

This feature release contains a couple of notable changes:

  • There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
  • Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
  • There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

actions/setup-node (actions/setup-node)

v6.3.0

Compare Source

What's Changed

Enhancements:

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:
Bug fixes:

New Contributors

Full Changelog: actions/setup-node@v6...v6.3.0

github/codeql-action (github/codeql-action)

v4.32.6

Compare Source

v4.32.5

Compare Source

  • Repositories owned by an organization can now set up the github-codeql-disable-overlay custom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the name github-codeql-disable-overlay and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to true to disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #​3507
  • Added an experimental change so that when improved incremental analysis fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. #​3487
  • The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. #​3515
  • Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. #​3516
  • Added an experimental change which lowers the minimum disk space requirement for improved incremental analysis, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. #​3498
  • Added an experimental change which allows the start-proxy action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. #​3512
  • The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. #​3503, #​3504
step-security/harden-runner (step-security/harden-runner)

v2.15.1

Compare Source

What's Changed
  • Fixes #​642 bug due to which post step was failing on Windows ARM runners
  • Updates npm packages

Full Changelog: step-security/harden-runner@v2.15.0...v2.15.1

v2.15.0

Compare Source

What's Changed
Windows and macOS runner support

We are excited to announce that Harden Runner now supports Windows and macOS runners, extending runtime security beyond Linux for the first time.

Insights for Windows and macOS runners will be displayed in the same consistent format you are already familiar with from Linux runners, giving you a unified view of runtime activity across all platforms.

Full Changelog: step-security/harden-runner@v2.14.2...v2.15.0

Configuration

📅 Schedule: Branch creation - "after 10:00 before 19:00 every weekday except after 13:00 before 14:00" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from prisis as a code owner March 3, 2026 17:21
@renovate renovate bot force-pushed the renovate/github-actions branch from dbfd659 to f48ebca Compare March 5, 2026 13:35
@renovate renovate bot changed the title fix(deps): update step-security/harden-runner action to v2.15.0 fix(deps): update github-actions Mar 5, 2026
@renovate renovate bot force-pushed the renovate/github-actions branch from f48ebca to 1e44c56 Compare March 6, 2026 14:40
@renovate
fix(deps): update github-actions
3bf0d76 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
@renovate renovate bot force-pushed the renovate/github-actions branch from 1e44c56 to 3bf0d76 Compare March 9, 2026 09:10
@prisis prisis merged commit 8b41ff1 into main Mar 13, 2026
8 of 11 checks passed
@prisis prisis deleted the renovate/github-actions branch March 13, 2026 08:16
prisis pushed a commit that referenced this pull request Mar 17, 2026
@github-actions
chore(release): v11.3.2 [skip ci]\n\n## [11.3.2](v11.3.1...v11.3.2) (…
ecc6cea 
…2026-03-17)

### Bug Fixes

* **deps:** update anolilab/workflows digest to 063d79a ([#345](#345)) ([64ac232](64ac232))
* **deps:** update commitlint monorepo to ^20.4.4 (patch) ([#346](#346)) ([61b2e64](61b2e64))
* **deps:** update dependency conventional-changelog-conventionalcommits to v9.3.0 ([#340](#340)) ([41ebeec](41ebeec))
* **deps:** update github-actions ([#337](#337)) ([8b41ff1](8b41ff1))
* **deps:** update github-actions ([#342](#342)) ([249297b](249297b))
* **deps:** update minor updates ([#321](#321)) ([8df4ef1](8df4ef1))
* **deps:** update minor updates (minor) ([#339](#339)) ([6e73117](6e73117))
* **deps:** update minor updates (minor) ([#343](#343)) ([063d79a](063d79a))
* **deps:** update patch updates ([#335](#335)) ([0f28eaf](0f28eaf))
* **deps:** update patch updates (patch) ([#336](#336)) ([03af722](03af722))

### Miscellaneous Chores

* **deps:** update dependency @anolilab/lint-staged-config to v6 ([#332](#332)) ([71d2bd1](71d2bd1))
* **deps:** update dependency brace-expansion@&gt;&[#x3d](https://github.com/anolilab/workflows/issues/x3d);1.0.0 &lt;&[#x3d](https://github.com/anolilab/workflows/issues/x3d);1.1.11 to v5 ([#333](#333)) ([59c15dc](59c15dc))
* **deps:** update dependency undici@&lt;6.23.0 to v7 ([#334](#334)) ([e71f5d1](e71f5d1))

### Continuous Integration

* **deps:** update actions/upload-artifact action to v7 ([#338](#338)) ([d0923af](d0923af))
* **deps:** update crazy-max/ghaction-github-labeler action to v6 ([#341](#341)) ([6824100](6824100))
* **deps:** update marocchino/sticky-pull-request-comment action to v3 ([#344](#344)) ([eddbaf2](eddbaf2))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prisis prisis Awaiting requested review from prisis prisis is a code owner

Assignees

No one assigned

Labels

github-actions

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@prisis