chore(deps): bump the github-actions-dependencies group across 2 directories with 4 updates

[dependabot]

Bumps the github-actions-dependencies group with 3 updates in the / directory: hoverkraft-tech/ci-github-publish/.github/workflows/release-actions.yml, hoverkraft-tech/ci-github-container/.github/workflows/docker-build-images.yml and github/codeql-action.
Bumps the github-actions-dependencies group with 1 update in the /actions/codecov directory: codecov/codecov-action.

Updates hoverkraft-tech/ci-github-publish/.github/workflows/release-actions.yml from 0.23.2 to 0.23.3

Release notes

Sourced from hoverkraft-tech/ci-github-publish/.github/workflows/release-actions.yml's releases.

0.23.3

Release Summary

Public actions and workflows documentation was refreshed.

Internal GitHub Actions dependencies were updated, including ci-dokumentor, pull-request-comment-trigger, and related grouped dependency bumps.

Breaking change(s)

There is no breaking change.

What's Changed

• docs: update actions and workflows documentation by @​hoverkraft-bot[bot] in hoverkraft-tech/ci-github-publish#370
• build(deps): Bump hoverkraft-tech/ci-dokumentor from 0.2.2 to 0.3.0 in the github-actions-dependencies group across 1 directory by @​dependabot[bot] in hoverkraft-tech/ci-github-publish#371
• build(deps): Bump the github-actions-dependencies group across 2 directories with 4 updates by @​dependabot[bot] in hoverkraft-tech/ci-github-publish#372
• docs: update actions and workflows documentation by @​hoverkraft-bot[bot] in hoverkraft-tech/ci-github-publish#373
• build(deps): Bump shanegenschaw/pull-request-comment-trigger from 3.0.0 to 3.0.1 in the github-actions-dependencies group across 1 directory by @​dependabot[bot] in hoverkraft-tech/ci-github-publish#374
• docs: update actions and workflows documentation by @​hoverkraft-bot[bot] in hoverkraft-tech/ci-github-publish#375

Full Changelog: hoverkraft-tech/ci-github-publish@0.23.2...0.23.3

Commits

• 281fe49 docs: update actions and workflows documentation
• 65186ad build(deps): Bump shanegenschaw/pull-request-comment-trigger
• 8c14b57 docs: update actions and workflows documentation
• 045142f build(deps): Bump the github-actions-dependencies group across 2 directories ...
• 8d06c88 build(deps): Bump hoverkraft-tech/ci-dokumentor
• e937ec3 docs: update actions and workflows documentation
• See full diff in compare view

Updates hoverkraft-tech/ci-github-container/.github/workflows/docker-build-images.yml from 0.33.1 to 0.34.0

Release notes

Sourced from hoverkraft-tech/ci-github-container/.github/workflows/docker-build-images.yml's releases.

0.34.0

Release Summary

Helm adds the new update-chart-values action, and Docker setup now uses BuildX v0.34.0 for newer build capabilities and fixes. Documentation for actions, workflows, and Helm charts was refreshed. No user-facing fixes are included in this release.

Internally, CI permissions were tightened, chart linting was cleaned up, and npm, GitHub Actions, devcontainer, and action-specific dependencies were updated.

Breaking changes

No breaking changes.

What's Changed

• docs: update actions and workflows documentation by @​hoverkraft-bot[bot] in hoverkraft-tech/ci-github-container#755
• chore(deps): bump ip-address and express-rate-limit in /actions/helm/generate-docs by @​dependabot[bot] in hoverkraft-tech/ci-github-container#756
• chore(deps): bump hono from 4.12.14 to 4.12.18 in /actions/helm/generate-docs by @​dependabot[bot] in hoverkraft-tech/ci-github-container#757
• chore(deps): bump the github-actions-dependencies group across 4 directories with 5 updates by @​dependabot[bot] in hoverkraft-tech/ci-github-container#758
• chore(deps): bump fast-uri from 3.1.0 to 3.1.2 in /actions/helm/generate-docs by @​dependabot[bot] in hoverkraft-tech/ci-github-container#759
• ci: improve scoped permissions by @​neilime in hoverkraft-tech/ci-github-container#760
• feat(docker/setup): upgrade BuildX from v0.33.0 to v0.34.0 by @​neilime in hoverkraft-tech/ci-github-container#761
• chore(deps): bump the npm-dependencies group across 2 directories with 3 updates by @​dependabot[bot] in hoverkraft-tech/ci-github-container#763
• chore(deps): bump the github-actions-dependencies group across 4 directories with 4 updates by @​dependabot[bot] in hoverkraft-tech/ci-github-container#762
• docs: update actions and workflows documentation by @​hoverkraft-bot[bot] in hoverkraft-tech/ci-github-container#764
• feat(helm): add new action 'update-chart-values' by @​neilime in hoverkraft-tech/ci-github-container#765
• chore: fix chart lint issues by @​neilime in hoverkraft-tech/ci-github-container#766
• chore(deps): bump the npm-dependencies group across 1 directory with 2 updates by @​dependabot[bot] in hoverkraft-tech/ci-github-container#768
• chore(deps): bump ghcr.io/devcontainers/features/docker-in-docker from 2.17.0 to 3.0.0 by @​dependabot[bot] in hoverkraft-tech/ci-github-container#767
• chore(deps): bump the github-actions-dependencies group across 2 directories with 2 updates by @​dependabot[bot] in hoverkraft-tech/ci-github-container#769
• docs: update Helm chart documentation for charts by @​hoverkraft-bot[bot] in hoverkraft-tech/ci-github-container#770

Full Changelog: hoverkraft-tech/ci-github-container@0.33.1...0.34.0

Commits

• 695db98 docs: update Helm chart documentation for charts
• 082e29e chore(deps): bump the github-actions-dependencies group across 2 directories ...
• 9338d0f chore(deps): bump ghcr.io/devcontainers/features/docker-in-docker
• 94bf73b chore(deps): bump the npm-dependencies group across 1 directory with 2 updates
• 2368780 fix(tests/charts): unblock helm test hooks under chart NetworkPolicy
• 9c3f1f3 chore: fix chart lint issues
• 644672e feat(helm): add new action 'update-chart-values'
• cb3b9dd docs: update actions and workflows documentation
• ce5ea7c chore(deps): bump the github-actions-dependencies group across 4 directories ...
• 582363c chore(deps): bump the npm-dependencies group across 2 directories with 3 updates
• Additional commits viewable in compare view

Updates github/codeql-action from 4.35.4 to 4.35.5

Release notes

Sourced from github/codeql-action's releases.

v4.35.5

• We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
• For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
• If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
• Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

• Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
• Add support for SHA-256 Git object IDs. #3893

4.35.5 - 15 May 2026

• We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
• For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
• If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
• Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

4.35.4 - 07 May 2026

• Update default CodeQL bundle version to 2.25.4. #3881

4.35.3 - 01 May 2026

• Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
• Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
• Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
• Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
• Update default CodeQL bundle version to 2.25.3. #3865

4.35.2 - 15 Apr 2026

• The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795
• The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789
• Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794
• Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807
• Update default CodeQL bundle version to 2.25.2. #3823

4.35.1 - 27 Mar 2026

• Fix incorrect minimum required Git version for improved incremental analysis: it should have been 2.36.0, not 2.11.0. #3781

4.35.0 - 27 Mar 2026

• Reduced the minimum Git version required for improved incremental analysis from 2.38.0 to 2.11.0. #3767
• Update default CodeQL bundle version to 2.25.1. #3773

4.34.1 - 20 Mar 2026

• Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #3762

4.34.0 - 20 Mar 2026

... (truncated)

Commits

• 9e0d7b8 Merge pull request #3905 from github/update-v4.35.5-d4b485515
• 6d7d599 Add changelog entry for #3899
• 51f7e38 Update changelog for v4.35.5
• d4b4855 Merge pull request #3899 from github/mbg/esbuild/split
• 127de81 Merge remote-tracking branch 'origin/main' into mbg/esbuild/split
• 7fde13f Use src + basename in header to avoid issues on Windows
• dfa61e7 Improve pattern matching and error handling
• 52aafec Import and call runWrapper normally in analyze tests
• 0d08c01 Auto-generate shared bundle
• 14085a6 Auto-generate entry points
• Additional commits viewable in compare view

Updates codecov/codecov-action from 6.0.0 to 6.0.1

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.1

What's Changed

• fix: prevent template injection in run: steps (VULN-1652) by @​thomasrockhu-codecov in codecov/codecov-action#1947
• chore(release): 6.0.1 by @​thomasrockhu-codecov in codecov/codecov-action#1949

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in codecov/codecov-action#1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in codecov/codecov-action#1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in codecov/codecov-action#1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in codecov/codecov-action#1872
• docs: fix typo in README by @​datalater in codecov/codecov-action#1866
• Document a codecov-cli version reference example by @​webknjaz in codecov/codecov-action#1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in codecov/codecov-action#1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in codecov/codecov-action#1864
• Pin actions/github-script by Git SHA by @​martincostello in codecov/codecov-action#1859
• fix: check reqs exist by @​joseph-sentry in codecov/codecov-action#1835
• fix: Typo in README by @​spalmurray in codecov/codecov-action#1838
• docs: Refine OIDC docs by @​spalmurray in codecov/codecov-action#1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​app/dependabot in codecov/codecov-action#1822
• fix: OIDC on forks by @​joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

• e79a696 chore(release): 6.0.1 (#1949)
• 51e6422 fix: prevent template injection in run: steps (VULN-1652) (#1947)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Hi, thank you for creating your PR, we will check it out very soon

[github-actions]

Code Coverage Report

Coverage Results

Coverage

Metric	Covered	Total	Percentage
Lines	2	2	100.00%
Functions	1	1	100.00%

Overall: 100.00% 🟢
🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (11ffb7b) to head (0f9ce9a).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #471   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            1         1           
  Lines            3         3           
=========================================
  Hits             3         3           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.