chore(deps): update all non-major dependencies

[renovate-bot]

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	minor	v4.2.2 -> v4.3.0
actions/dependency-review-action	action	minor	v4.7.1 -> v4.8.0
github/codeql-action	action	minor	v3.29.2 -> v3.30.5
go	uses-with	minor	1.24 -> 1.25
ossf/scorecard-action	action	patch	v2.4.2 -> v2.4.3
ruby/setup-ruby	action	minor	v1.247.0 -> v1.263.0
step-security/harden-runner	action	patch	v2.13.0 -> v2.13.1

---

Release Notes

actions/checkout (actions/checkout)

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in https://github.com/actions/checkout/pull/1971
• Add internal repos for checking out multiple repositories by @​mouismail in https://github.com/actions/checkout/pull/1977
• Documentation update - add recommended permissions to Readme by @​benwells in https://github.com/actions/checkout/pull/2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in https://github.com/actions/checkout/pull/2044
• Update README.md by @​nebuk89 in https://github.com/actions/checkout/pull/2194
• Update CODEOWNERS for actions by @​TingluoHuang in https://github.com/actions/checkout/pull/2224
• Update package dependencies by @​salmanmkc in https://github.com/actions/checkout/pull/2236
• Prepare release v4.3.0 by @​salmanmkc in https://github.com/actions/checkout/pull/2237

New Contributors

• @​motss made their first contribution in https://github.com/actions/checkout/pull/1971
• @​mouismail made their first contribution in https://github.com/actions/checkout/pull/1977
• @​benwells made their first contribution in https://github.com/actions/checkout/pull/2043
• @​nebuk89 made their first contribution in https://github.com/actions/checkout/pull/2194
• @​salmanmkc made their first contribution in https://github.com/actions/checkout/pull/2236

Full Changelog: actions/checkout@v4...v4.3.0

actions/dependency-review-action (actions/dependency-review-action)

v4.8.0

Compare Source

What's Changed

• Make Ruby Code Scannable by @​ljones140 in #​978
• Batch some contributions for release by @​brrygrdn in #​986
  • Make license lists collapsable by @​jasperkamerling
  • feat: add large summary handling with artifact upload by @​MattMencel

New Contributors

• @​ljones140 made their first contribution in #​978
• @​jasperkamerling made their first contribution in #​986
• @​MattMencel made their first contribution in #​986

Full Changelog: actions/dependency-review-action@v4...v4.8.0

v4.7.4

Compare Source

v4.7.3: 4.7.3

Compare Source

What's Changed

• Add explicit permissions to workflow files by @​AshelyTC in #​966
• Claire153/fix spamming mentioned issue by @​claire153 in #​974

Full Changelog: actions/dependency-review-action@v4...v4.7.3

v4.7.2: 4.7.2

Compare Source

What's Changed

• Add Missing Languages to CodeQL Advanced Configuration by @​KyFaSt in #​945
• Deprecate deny lists by @​claire153 in #​958
• Address discrepancy between docs and reality by @​ahpook in #​960

New Contributors

• @​KyFaSt made their first contribution in #​945
• @​claire153 made their first contribution in #​958
• @​ahpook made their first contribution in #​960

Full Changelog: actions/dependency-review-action@v4...v4.7.2

github/codeql-action (github/codeql-action)

v3.30.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.5 - 26 Sep 2025

• We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #​3160

See the full CHANGELOG.md for more information.

v3.30.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025

• We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #​3099 and #​3100
• We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #​3107
• You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #​3130
• Update default CodeQL bundle version to 2.23.1. #​3118

See the full CHANGELOG.md for more information.

v3.30.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.3 - 10 Sep 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.2 - 09 Sep 2025

• Fixed a bug which could cause language autodetection to fail. #​3084
• Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #​3064

See the full CHANGELOG.md for more information.

v3.30.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.1 - 05 Sep 2025

• Update default CodeQL bundle version to 2.23.0. #​3077

See the full CHANGELOG.md for more information.

v3.30.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.0 - 01 Sep 2025

• Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #​3054

See the full CHANGELOG.md for more information.

v3.29.11

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.11 - 21 Aug 2025

• Update default CodeQL bundle version to 2.22.4. #​3044

See the full CHANGELOG.md for more information.

v3.29.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.10 - 18 Aug 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.9 - 12 Aug 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.8 - 08 Aug 2025

• Fix an issue where the Action would autodetect unsupported languages such as HTML. #​3015

See the full CHANGELOG.md for more information.

v3.29.7

Compare Source

This is a re-release of v3.29.5 to mitigate an issue that was discovered with v3.29.6.

v3.29.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.6 - 07 Aug 2025

• The cleanup-level input to the analyze Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. #​2999
• Update default CodeQL bundle version to 2.22.3. #​3000

See the full CHANGELOG.md for more information.

v3.29.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.5 - 29 Jul 2025

• Update default CodeQL bundle version to 2.22.2. #​2986

See the full CHANGELOG.md for more information.

v3.29.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.4 - 23 Jul 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.3 - 21 Jul 2025

No user facing changes.

See the full CHANGELOG.md for more information.

actions/go-versions (go)

v1.25.1: 1.25.1

Compare Source

Go 1.25.1

v1.25.0: 1.25.0

Compare Source

Go 1.25.0

ossf/scorecard-action (ossf/scorecard-action)

v2.4.3

Compare Source

ruby/setup-ruby (ruby/setup-ruby)

v1.263.0

Compare Source

What's Changed

• Print lockfile contents earlier by @​Earlopain in #​811

New Contributors

• @​Earlopain made their first contribution in #​811

Full Changelog: ruby/setup-ruby@v1.262.0...v1.263.0

v1.262.0

Compare Source

Full Changelog: ruby/setup-ruby@v1.261.0...v1.262.0

v1.261.0

Compare Source

What's Changed

• Update CRuby releases on Windows by @​ruby-builder-bot in #​809

Full Changelog: ruby/setup-ruby@v1.260.0...v1.261.0

v1.260.0

Compare Source

What's Changed

• Revert "feat: upgrade to node 24" by @​eregon in #​808
• Reinstate testing against jruby 9.4 and head by @​chadlwilson in #​807

New Contributors

• @​chadlwilson made their first contribution in #​807

Full Changelog: ruby/setup-ruby@v1.259.0...v1.260.0

v1.259.0

Compare Source

What's Changed

• feat: upgrade to node 24 by @​chenrui333 in #​804

Full Changelog: ruby/setup-ruby@v1.258.0...v1.259.0

v1.258.0

Compare Source

What's Changed

• Add ruby-3.4.6 by @​ruby-builder-bot in #​802
• Add truffleruby-25.0.0,truffleruby+graalvm-25.0.0 by @​ruby-builder-bot in #​803

Full Changelog: ruby/setup-ruby@v1.257.0...v1.258.0

v1.257.0

Compare Source

What's Changed

• Update README.md by @​jwillemsen in #​799
• Add jruby-9.4.14.0 by @​ruby-builder-bot in #​800

Full Changelog: ruby/setup-ruby@v1.256.0...v1.257.0

v1.256.0

Compare Source

What's Changed

• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in #​797
• Add JRuby for Windows on Arm by @​ntkme in #​796

Full Changelog: ruby/setup-ruby@v1.255.0...v1.256.0

v1.255.0

Compare Source

What's Changed

• Update ruby version in README.md by @​fkmy in #​794
• Add jruby-10.0.2.0 by @​ruby-builder-bot in #​795

New Contributors

• @​fkmy made their first contribution in #​794

Full Changelog: ruby/setup-ruby@v1.254.0...v1.255.0

v1.254.0

Compare Source

What's Changed

• Bump form-data from 2.5.3 to 2.5.5 by @​dependabot[bot] in #​782
• Bump brace-expansion from 1.1.11 to 1.1.12 by @​dependabot[bot] in #​779
• Use case-insensitive key comparison for cache keys by @​BytewaveMLP in #​660

New Contributors

• @​BytewaveMLP made their first contribution in #​660

Full Changelog: ruby/setup-ruby@v1.253.0...v1.254.0

v1.253.0

Compare Source

What's Changed

• Add printing of the lockfile after installation (retry) by @​Fryguy in #​790

Full Changelog: ruby/setup-ruby@v1.252.0...v1.253.0

v1.252.0

Compare Source

What's Changed

• Revert "Add printing of the lockfile after installation" by @​eregon in #​789

Full Changelog: ruby/setup-ruby@v1.251.0...v1.252.0

v1.251.0

Compare Source

What's Changed

• Add printing of the lockfile after installation by @​Fryguy in #​785

Full Changelog: ruby/setup-ruby@v1.250.0...v1.251.0

v1.250.0

Compare Source

What's Changed

• Update CRuby releases on Windows by @​ruby-builder-bot in #​786

Full Changelog: ruby/setup-ruby@v1.249.0...v1.250.0

v1.249.0

Compare Source

What's Changed

• Add ruby-3.2.9,ruby-3.3.9 by @​ruby-builder-bot in #​784

Full Changelog: ruby/setup-ruby@v1.248.0...v1.249.0

v1.248.0

Compare Source

What's Changed

• Add jruby-10.0.1.0 by @​ruby-builder-bot in #​781

Full Changelog: ruby/setup-ruby@v1.247.0...v1.248.0

step-security/harden-runner (step-security/harden-runner)

v2.13.1

Compare Source

What's Changed

• Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues.

• Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions.

• Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability.

Full Changelog: step-security/harden-runner@v2.13.0...v2.13.1

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.