chore(deps): update github actions

[oep-renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/cache	action	digest	0400d5f -> 0057852
actions/create-github-app-token	action	patch	v2.1.1 -> v2.1.4
actions/stale	action	digest	3a9db7e -> 5f858e3
astral-sh/setup-uv	action	minor	v6.6.1 -> v6.8.0
github/codeql-action	action	patch	v3.30.1 -> v3.30.6
github/codeql-action	action	minor	v3.29.9 -> v3.30.6
ossf/scorecard-action	action	patch	v2.4.2 -> v2.4.3
renovatebot/github-action	action	patch	v43.0.11 -> v43.0.15
returntocorp/semgrep	container	digest	62aaded -> ee3c01c
softprops/action-gh-release	action	patch	v2.3.3 -> v2.3.4
step-security/harden-runner	action	patch	v2.13.0 -> v2.13.1
tj-actions/changed-files	action	major	v46.0.5 -> v47.0.0

---

Release Notes

actions/create-github-app-token (actions/create-github-app-token)

v2.1.4

Compare Source

Bug Fixes

• deps: bump @​octokit/auth-app from 7.2.1 to 8.0.1 (#​257) (bef1eaf)

v2.1.3

Compare Source

Bug Fixes

• deps: bump undici from 7.8.0 to 7.10.0 in the production-dependencies group (#​254) (f3d5ec2)

v2.1.2

Compare Source

Bug Fixes

• deps: bump @​octokit/request from 9.2.3 to 10.0.2 (#​256) (5d7307b)

astral-sh/setup-uv (astral-sh/setup-uv)

v6.8.0: 🌈 Add **/*.py.lock to cache-dependency-glob

Compare Source

Changes

Thanks to @​parched the default cache-dependency-glob now also find all lock files generated by uv lock --script

🚀 Enhancements

• Always show prune cache output @​eifinger (#​597)
• Add **/*.py.lock to cache-dependency-glob @​parched (#​590)

🧰 Maintenance

• persist credentials for version update @​eifinger (#​584)

📚 Documentation

• README.md: Fix Python versions and update checkout action @​cclauss (#​572)

⬆️ Dependency updates

• Bump zizmorcore/zizmor-action from 0.1.2 to 0.2.0 @​dependabot[bot] (#​571)

v6.7.0: 🌈 New inputs restore-cache and save-cache

Compare Source

Changes

This release adds fine-grained control over the caching steps.

• The input restore-cache (true by default) can be set to false to skip restoring the cache while still allowing to save the cache.
• The input save-cache (true by default) can be set to false to skip saving the cache.

Skipping cache saving can be useful if you know, that you will never use this version of the cache again and don't want to waste storage space:

- name: Save cache only on main branch
  uses: astral-sh/setup-uv@v6
  with:
    enable-cache: true
    save-cache: ${{ github.ref == 'refs/heads/main' }}

🚀 Enhancements

• Add inputs restore-cache and save-cache @​eifinger (#​568)

🧰 Maintenance

• bump deps @​eifinger (#​569)
• Automatically push updated known versions @​eifinger (#​565)
• chore: update known versions for 0.8.16/0.8.17 @​github-actions[bot] (#​562)
• chore: update known versions for 0.8.15 @​github-actions[bot] (#​550)
• chore(ci): address CI lint findings @​woodruffw (#​545)

⬆️ Dependency updates

• Bump github/codeql-action from 3.29.11 to 3.30.3 @​dependabot[bot] (#​566)
• Bump actions/setup-node from 4.4.0 to 5.0.0 @​dependabot[bot] (#​551)

github/codeql-action (github/codeql-action)

v3.30.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.6 - 02 Oct 2025

• Update default CodeQL bundle version to 2.23.2. #​3168

See the full CHANGELOG.md for more information.

v3.30.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.5 - 26 Sep 2025

• We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #​3160

See the full CHANGELOG.md for more information.

v3.30.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025

• We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #​3099 and #​3100
• We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #​3107
• You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #​3130
• Update default CodeQL bundle version to 2.23.1. #​3118

See the full CHANGELOG.md for more information.

v3.30.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.3 - 10 Sep 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.2 - 09 Sep 2025

• Fixed a bug which could cause language autodetection to fail. #​3084
• Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #​3064

See the full CHANGELOG.md for more information.

ossf/scorecard-action (ossf/scorecard-action)

v2.4.3

Compare Source

What's Changed

This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.

Documentation

• docs: clarify GITHUB_TOKEN permissions needed for private repos by @​pankajtaneja5 in #​1574
• 📖 Fix recommended command to test the image in development by @​deivid-rodriguez in #​1583

Other

• add missing top-level token permissions to workflows by @​timothyklee in #​1566
• setup codeowners for requesting reviews by @​spencerschrock in #​1576
• 🌱 Improve printing options by @​deivid-rodriguez in #​1584

New Contributors

• @​timothyklee made their first contribution in #​1566
• @​pankajtaneja5 made their first contribution in #​1574
• @​deivid-rodriguez made their first contribution in #​1584

Full Changelog: ossf/scorecard-action@v2.4.2...v2.4.3

renovatebot/github-action (renovatebot/github-action)

v43.0.15

Compare Source

Documentation

• update references to ghcr.io/renovatebot/renovate to v41.135.5 (d25f294)
• update references to renovatebot/github-action to v43.0.14 (7e5b43d)

Miscellaneous Chores

• deps: update dependency @​tsconfig/strictest to v2.0.6 (5d813bf)
• deps: update dependency typescript-eslint to v8.44.1 (f6bc225)
• deps: update pnpm to v10.17.1 (0ae638a)

Build System

• deps: lock file maintenance (f0415ba)

Continuous Integration

• deps: update renovate docker tag to v41.131.11 (364e9b5)
• deps: update renovate docker tag to v41.131.12 (9a63c76)
• deps: update renovate docker tag to v41.132.1 (f990802)
• deps: update renovate docker tag to v41.132.2 (9a330a0)
• deps: update renovate docker tag to v41.132.3 (8edac8a)
• deps: update renovate docker tag to v41.132.4 (f316df9)
• deps: update renovate docker tag to v41.132.5 (e34a617)
• deps: update renovate docker tag to v41.135.3 (8d70b7f)
• deps: update renovate docker tag to v41.135.4 (d05b24a)
• deps: update renovate docker tag to v41.135.5 (0110626)

v43.0.14

Compare Source

Documentation

• update references to ghcr.io/renovatebot/renovate to v41.131.9 (f118af5)
• update references to renovatebot/github-action to v43.0.13 (481f9d4)

Miscellaneous Chores

• deps: update actions/cache action to v4.3.0 (8ff082c)
• deps: update dependency @​types/node to v20.19.15 (558a1a3)
• deps: update dependency @​types/node to v20.19.16 (79a41cc)
• deps: update dependency @​types/node to v20.19.17 (#​955) (bc387e7)
• deps: update dependency esbuild to v0.25.10 (2546b81)
• deps: update dependency semantic-release to v24.2.9 (273629c)
• deps: update dependency typescript-eslint to v8.44.0 (8d71aec)
• deps: update linters to v9.36.0 (f9889aa)
• deps: update pnpm to v10.17.0 (b0558f1)

Build System

• deps: lock file maintenance (ef5811e)

Continuous Integration

• deps: update renovate docker tag to v41.123.0 (f7655cb)
• deps: update renovate docker tag to v41.124.0 (a99b47f)
• deps: update renovate docker tag to v41.125.0 (5453724)
• deps: update renovate docker tag to v41.125.1 (703a628)
• deps: update renovate docker tag to v41.125.2 (1a523fb)
• deps: update renovate docker tag to v41.125.3 (40934fa)
• deps: update renovate docker tag to v41.127.2 (#​954) (4fb3a1c)
• deps: update renovate docker tag to v41.128.0 (a82c6ac)
• deps: update renovate docker tag to v41.128.1 (c0fa79a)
• deps: update renovate docker tag to v41.130.0 (a3b2a11)
• deps: update renovate docker tag to v41.130.1 (637e5d4)
• deps: update renovate docker tag to v41.131.0 (1a210f2)
• deps: update renovate docker tag to v41.131.1 (e325b6c)
• deps: update renovate docker tag to v41.131.2 (65181bd)
• deps: update renovate docker tag to v41.131.5 (d23315a)
• deps: update renovate docker tag to v41.131.6 (b42492f)
• deps: update renovate docker tag to v41.131.8 (6effd59)
• deps: update renovate docker tag to v41.131.9 (0689a44)

v43.0.13

Compare Source

Documentation

• update references to ghcr.io/renovatebot/renovate to v41.122.3 (e77f32f)
• update references to renovatebot/github-action to v43.0.12 (653e4da)

Miscellaneous Chores

• deps: update dependency @​semantic-release/github to v11.0.6 (ea536ec)
• deps: update dependency @​types/node to v20.19.14 (ed55387)
• deps: update dependency globals to v16.4.0 (ba12fc4)
• deps: update dependency semantic-release to v24.2.8 (bdb84f9)
• deps: update dependency typescript-eslint to v8.43.0 (616a01b)
• deps: update pnpm to v10.16.0 (08a05ea)
• deps: update pnpm to v10.16.1 (bcc5fe0)

Build System

• deps: lock file maintenance (1278ad3)

Continuous Integration

• deps: update renovate docker tag to v41.113.5 (8107f7d)
• deps: update renovate docker tag to v41.113.6 (c25039a)
• deps: update renovate docker tag to v41.113.7 (547c0f0)
• deps: update renovate docker tag to v41.114.0 (9b1f431)
• deps: update renovate docker tag to v41.115.0 (f757c34)
• deps: update renovate docker tag to v41.115.1 (d585b00)
• deps: update renovate docker tag to v41.115.2 (8c011ca)
• deps: update renovate docker tag to v41.115.4 (52f66bb)
• deps: update renovate docker tag to v41.115.5 (7390745)
• deps: update renovate docker tag to v41.115.6 (498edef)
• deps: update renovate docker tag to v41.116.1 (4f9581d)
• deps: update renovate docker tag to v41.116.10 (c9a9c99)
• deps: update renovate docker tag to v41.116.2 (ed4d0bb)
• deps: update renovate docker tag to v41.116.3 (1b30889)
• deps: update renovate docker tag to v41.116.5 (b96fb41)
• deps: update renovate docker tag to v41.116.6 (9bcf08c)
• deps: update renovate docker tag to v41.116.7 (b89adc7)
• deps: update renovate docker tag to v41.116.8 (abee5ff)
• deps: update renovate docker tag to v41.117.0 (4a4709f)
• deps: update renovate docker tag to v41.118.0 (ecbe520)
• deps: update renovate docker tag to v41.118.1 (051f97e)
• deps: update renovate docker tag to v41.119.0 (28e7e1d)
• deps: update renovate docker tag to v41.119.4 (a1ffb8d)
• deps: update renovate docker tag to v41.119.5 (49be121)
• deps: update renovate docker tag to v41.119.6 (8f6f258)
• deps: update renovate docker tag to v41.121.1 (3e88114)
• deps: update renovate docker tag to v41.121.3 (db50bb4)
• deps: update renovate docker tag to v41.121.4 (47f54ca)
• deps: update renovate docker tag to v41.122.0 (0d90aa6)
• deps: update renovate docker tag to v41.122.1 (41ba176)
• deps: update renovate docker tag to v41.122.2 (18ca40b)
• deps: update renovate docker tag to v41.122.3 (8462f7c)

v43.0.12

Compare Source

Documentation

• update references to ghcr.io/renovatebot/renovate to v41.113.3 (6ff1007)
• update references to renovatebot/github-action to v43.0.11 (b1f4d3e)

Miscellaneous Chores

• deps: update dependency @​types/node to v20.19.12 (9e39ec0)
• deps: update dependency @​types/node to v20.19.13 (c45925e)
• deps: update dependency typescript-eslint to v8.42.0 (0065091)
• deps: update linters to v9.35.0 (da1ea10)
• deps: update pnpm to v10.15.1 (19bd80c)

Build System

• deps: lock file maintenance (983234a)

Continuous Integration

• deps: update renovate docker tag to v41.100.0 (f3ac028)
• deps: update renovate docker tag to v41.103.0 (bc2b208)
• deps: update renovate docker tag to v41.105.0 (c64558a)
• deps: update renovate docker tag to v41.107.0 (8891399)
• deps: update renovate docker tag to v41.109.0 (71ce752)
• deps: update renovate docker tag to v41.111.0 (3e4fb61)
• deps: update renovate docker tag to v41.112.0 (4833cda)
• deps: update renovate docker tag to v41.113.0 (23d00ec)
• deps: update renovate docker tag to v41.113.2 (94eed51)
• deps: update renovate docker tag to v41.113.3 (1bdfd59)
• deps: update renovate docker tag to v41.97.10 (dc222e4)
• deps: update renovate docker tag to v41.98.0 (6675bb6)
• deps: update renovate docker tag to v41.98.1 (e8c62d0)
• deps: update renovate docker tag to v41.98.2 (b33786c)
• deps: update renovate docker tag to v41.98.3 (ad18df2)
• deps: update renovate docker tag to v41.98.4 (3194766)
• deps: update renovate docker tag to v41.99.1 (04f5a7f)
• deps: update renovate docker tag to v41.99.11 (c4dc84e)
• deps: update renovate docker tag to v41.99.2 (f8e1197)
• deps: update renovate docker tag to v41.99.5 (ff05f9e)
• deps: update renovate docker tag to v41.99.6 (e66f3a5)
• deps: update renovate docker tag to v41.99.7 (ace35a1)
• deps: update renovate docker tag to v41.99.8 (be9ee49)
• deps: update renovate docker tag to v41.99.9 (ab4314a)

softprops/action-gh-release (softprops/action-gh-release)

v2.3.4

Compare Source

What's Changed

Bug fixes 🐛

• fix(action): handle 422 already_exists race condition by @​stephenway in #​665

Other Changes 🔄

• chore(deps): bump actions/setup-node from 4.4.0 to 5.0.0 in the github-actions group by @​dependabot[bot] in #​656
• chore(deps): bump @​types/node from 20.19.11 to 20.19.13 in the npm group by @​dependabot[bot] in #​655
• chore(deps): bump vite from 7.0.0 to 7.1.5 by @​dependabot[bot] in #​657
• chore(deps): bump the npm group across 1 directory with 2 updates by @​dependabot[bot] in #​662
• chore(deps): bump the npm group with 3 updates by @​dependabot[bot] in #​666

Full Changelog: softprops/action-gh-release@v2...v2.3.4

step-security/harden-runner (step-security/harden-runner)

v2.13.1

Compare Source

What's Changed

• Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues.

• Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions.

• Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability.

Full Changelog: step-security/harden-runner@v2.13.0...v2.13.1

tj-actions/changed-files (tj-actions/changed-files)

v47.0.0

Compare Source

What's Changed

• Upgraded to v46.0.5 by @​github-actions[bot] in #​2531
• chore(deps-dev): bump eslint-config-prettier from 10.1.1 to 10.1.2 by @​dependabot[bot] in #​2532
• chore(deps): bump tj-actions/branch-names from 8.1.0 to 8.2.1 by @​dependabot[bot] in #​2535
• remove: commit and push step from build job by @​jackton1 in #​2538
• chore(deps-dev): bump @​types/node from 22.14.0 to 22.14.1 by @​dependabot[bot] in #​2537
• chore(deps-dev): bump ts-jest from 29.3.1 to 29.3.2 by @​dependabot[bot] in #​2536
• chore(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @​dependabot[bot] in #​2539
• chore(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @​dependabot[bot] in #​2542
• chore(deps-dev): bump @​types/node from 22.14.1 to 22.15.0 by @​dependabot[bot] in #​2544
• chore(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @​dependabot[bot] in #​2545
• chore(deps-dev): bump @​types/node from 22.15.0 to 22.15.3 by @​dependabot[bot] in #​2548
• chore(deps-dev): bump eslint-plugin-prettier from 5.2.6 to 5.4.0 by @​dependabot[bot] in #​2553
• chore(deps-dev): bump @​types/node from 22.15.3 to 22.15.10 by @​dependabot[bot] in #​2552
• chore(deps): bump github/codeql-action from 3.28.16 to 3.28.17 by @​dependabot[bot] in #​2551
• chore(deps-dev): bump eslint-config-prettier from 10.1.2 to 10.1.5 by @​dependabot[bot] in #​2558
• chore(deps-dev): bump @​types/node from 22.15.14 to 22.15.17 by @​dependabot[bot] in #​2557
• chore(deps): bump @​actions/github from 6.0.0 to 6.0.1 by @​dependabot[bot] in #​2556
• chore(deps-dev): bump @​types/lodash from 4.17.16 to 4.17.17 by @​dependabot[bot] in #​2565
• chore(deps): bump yaml from 2.7.1 to 2.8.0 by @​dependabot[bot] in #​2561
• chore(deps-dev): bump ts-jest from 29.3.2 to 29.3.4 by @​dependabot[bot] in #​2563
• chore(deps-dev): bump @​types/node from 22.15.17 to 22.15.21 by @​dependabot[bot] in #​2566
• chore(deps): bump @​octokit/rest from 21.1.1 to 22.0.0 by @​dependabot[bot] in #​2568
• chore(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​dependabot[bot] in #​2564
• chore: update build job to fail when there are uncommited changes by @​jackton1 in #​2571
• chore(deps-dev): bump @​types/node from 22.15.21 to 22.15.24 by @​dependabot[bot] in #​2572
• docs: add Jellyfrog as a contributor for code, and doc by @​allcontributors[bot] in #​2573
• Updated README.md by @​github-actions[bot] in #​2574
• chore(deps-dev): bump @​types/node from 22.15.24 to 22.15.26 by @​dependabot[bot] in #​2576
• chore(deps-dev): bump eslint-plugin-jest from 28.11.0 to 28.12.0 by @​dependabot[bot] in #​2575
• chore(deps-dev): bump eslint-plugin-jest from 28.12.0 to 28.13.0 by @​dependabot[bot] in #​2583
• chore(deps-dev): bump ts-jest from 29.3.4 to 29.4.0 by @​dependabot[bot] in #​2589
• docs: update link to glob patterns by @​jackton1 in #​2590
• Updated README.md by @​github-actions[bot] in #​2591
• feat: add any_added to outputs by @​Jellyfrog in #​2567
• chore(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by @​dependabot[bot] in #​2588
• Updated README.md by @​github-actions[bot] in #​2592
• chore(deps-dev): bump eslint-plugin-jest from 28.13.0 to 28.13.3 by @​dependabot[bot] in #​2585
• chore(deps-dev): bump eslint-plugin-prettier from 5.4.0 to 5.4.1 by @​dependabot[bot] in #​2578
• chore(deps-dev): bump @​types/node from 22.15.26 to 24.0.1 by @​dependabot[bot] in #​2587
• chore(deps-dev): bump eslint-plugin-jest from 28.13.5 to 29.0.1 by @​dependabot[bot] in #​2600
• chore(deps-dev): bump prettier from 3.5.3 to 3.6.2 by @​dependabot[bot] in #​2610
• chore(deps-dev): bump @​types/node from 24.0.1 to 24.0.7 by @​dependabot[bot] in #​2609
• chore(deps): bump github/codeql-action from 3.29.0 to 3.29.1 by @​dependabot[bot] in #​2608
• chore(deps-dev): bump @​types/lodash from 4.17.17 to 4.17.19 by @​dependabot[bot] in #​2605
• chore(deps-dev): bump jest and @​types/jest by @​dependabot[bot] in #​2604
• chore(deps-dev): bump eslint-plugin-prettier from 5.4.1 to 5.5.1 by @​dependabot[bot] in #​2607
• chore(deps-dev): bump jest from 30.0.3 to 30.0.4 by @​dependabot[bot] in #​2615
• chore(deps-dev): bump @​types/node from 24.0.7 to 24.0.10 by @​dependabot[bot] in #​2614
• chore(deps): bump github/codeql-action from 3.29.1 to 3.29.2 by @​dependabot[bot] in #​2612
• chore(deps-dev): bump @​types/node from 24.0.10 to 24.0.12 by @​dependabot[bot] in #​2616
• chore(deps-dev): bump @​types/lodash from 4.17.19 to 4.17.20 by @​dependabot[bot] in #​2613
• chore(deps-dev): bump @​types/node from 24.0.12 to 24.0.13 by @​dependabot[bot] in #​2617
• chore(deps-dev): bump eslint-config-prettier from 10.1.5 to 10.1.8 by @​dependabot[bot] in #​2624
• chore(deps-dev): bump @​types/node from 24.0.13 to 24.0.15 by @​dependabot[bot] in #​2623
• chore(deps-dev): bump eslint-plugin-prettier from 5.5.1 to 5.5.3 by @​dependabot[bot] in #​2622
• chore(deps): bump codacy/codacy-analysis-cli-action from 4.4.5 to 4.4.7 by @​dependabot[bot] in #​2620
• chore(deps): bump github/codeql-action from 3.29.2 to 3.29.3 by @​dependabot[bot] in #​2625
• chore(deps): bump nrwl/nx-set-shas from 4.3.0 to 4.3.3 by @​dependabot[bot] in #​2630
• chore(deps): bump github/codeql-action from 3.29.3 to 3.29.4 by @​dependabot[bot] in #​2628
• chore(deps-dev): bump jest from 30.0.4 to 30.0.5 by @​dependabot[bot] in #​2627
• chore(deps-dev): bump @​types/node from 24.0.15 to 24.1.0 by @​dependabot[bot] in #​2626
• chore(deps): bump tj-actions/branch-names from 8.2.1 to 9.0.1 by @​dependabot[bot] in #​2633
• chore(deps): bump tj-actions/git-cliff from 1.5.0 to 2.0.2 by @​dependabot[bot] in #​2632
• chore(deps): bump github/codeql-action from 3.29.4 to 3.29.5 by @​dependabot[bot] in #​2635
• chore(deps): bump tj-actions/branch-names from 9.0.1 to 9.0.2 by @​dependabot[bot] in #​2636
• test: manual triggered workflows by @​jackton1 in #​2637
• chore(deps-dev): bump ts-jest from 29.4.0 to 29.4.1 by @​dependabot[bot] in #​2639
• chore(deps): bump tj-actions/eslint-changed-files from 25.3.1 to 25.3.2 by @​dependabot[bot] in #​2638
• chore(deps-dev): bump eslint-plugin-prettier from 5.5.3 to 5.5.4 by @​dependabot[bot] in #​2643
• chore(deps): bump yaml from 2.8.0 to 2.8.1 by @​dependabot[bot] in #​2642
• chore(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @​dependabot[bot] in #​2641
• chore(deps-dev): bump @​types/node from 24.1.0 to 24.2.0 by @​dependabot[bot] in #​2640
• chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in #​2646
• chore(deps-dev): bump @​types/node from 24.2.0 to 24.2.1 by @​dependabot[bot] in #​2645
• chore(deps): bump github/codeql-action from 3.29.7 to 3.29.8 by @​dependabot[bot] in #​2644
• chore(deps): bump github/codeql-action from 3.29.8 to 3.29.9 by @​dependabot[bot] in #​2647
• chore(deps): bump tj-actions/git-cliff from 2.0.2 to 2.1.0 by @​dependabot[bot] in #​2648
• chore(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​dependabot[bot] in #​2651
• chore(deps-dev): bump @​types/node from 24.2.1 to 24.3.0 by @​dependabot[bot] in #​2649
• chore(deps-dev): bump [@​types/node](https://redirect.gi

---

Configuration

📅 Schedule: Branch creation - On day 1 of the month ( * * 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!