chore(deps): update github-actions - workflows - .github/workflows/dependency-review.yml

[renovate]

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package	Type	Update	Change
actions/dependency-review-action	action	digest	595b5ae -> 56339e5
github/codeql-action	action	patch	v3.30.3 -> v3.30.5
github/codeql-action	action	digest	192325c -> 3599b3b

---

Release Notes

github/codeql-action (github/codeql-action)

v3.30.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.5 - 26 Sep 2025

• We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #​3160

See the full CHANGELOG.md for more information.

v3.30.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025

• We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #​3099 and #​3100
• We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #​3107
• You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #​3130
• Update default CodeQL bundle version to 2.23.1. #​3118

See the full CHANGELOG.md for more information.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name	Link
🔨 Latest commit	8ede52d
🔍 Latest deploy log	https://app.netlify.com/projects/endearing-brigadeiros-63f9d0/deploys/68dbb31678e0c700083e749b

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/github/codeql-action/analyze	3599b3baa15b485a2e49ef411a7a4bb2452e7f93	Unknown	Unknown
actions/github/codeql-action/autobuild	3599b3baa15b485a2e49ef411a7a4bb2452e7f93	Unknown	Unknown
actions/github/codeql-action/init	3599b3baa15b485a2e49ef411a7a4bb2452e7f93	Unknown	Unknown
actions/actions/dependency-review-action	56339e523c0409420f6c2c9a2f4292bbb3c07dd3	🟢 7.9	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 9 security policy file detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected
actions/github/codeql-action/upload-sarif	3599b3baa15b485a2e49ef411a7a4bb2452e7f93	Unknown	Unknown

Scanned Files

• .github/workflows/codeql.yml
• .github/workflows/dependency-review.yml
• .github/workflows/scorecard.yml

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.20%. Comparing base (0e16394) to head (8ede52d).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1226   +/-   ##
=======================================
  Coverage   84.20%   84.20%           
=======================================
  Files          68       68           
  Lines        2938     2938           
  Branches      374      374           
=======================================
  Hits         2474     2474           
  Misses        404      404           
  Partials       60       60           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.