Bump the actions-minor group across 1 directory with 7 updates

[dependabot]

Bumps the actions-minor group with 7 updates in the / directory:

Package	From	To
actions/checkout	4.2.0	4.2.2
actions/setup-node	4.0.4	4.1.0
actions/upload-artifact	4.4.0	4.4.3
github/codeql-action	3.26.10	3.27.6
super-linter/super-linter	7.1.0	7.2.0
sigstore/cosign-installer	3.6.0	3.7.0
softprops/action-gh-release	2.0.8	2.1.0

Updates actions/checkout from 4.2.0 to 4.2.2

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

New Contributors

• @​Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

v4.1.4

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in actions/checkout#1692
• Add dependabot config by @​cory-miller in actions/checkout#1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643

v4.1.3

• Check git version before attempting to disable sparse-checkout by @​jww3 in actions/checkout#1656
• Add SSH user parameter by @​cory-miller in actions/checkout#1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in actions/checkout#1650

v4.1.2

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in actions/checkout#1598

v4.1.1

• Correct link to GitHub Docs by @​peterbe in actions/checkout#1511
• Link to release page from what's new section by @​cory-miller in actions/checkout#1514

v4.1.0

• Add support for partial checkout filters

... (truncated)

Commits

• 11bd719 Prepare 4.2.2 Release (#1953)
• e3d2460 Expand unit test coverage (#1946)
• 163217d url-helper.ts now leverages well-known environment variables. (#1941)
• eef6144 Prepare 4.2.1 release (#1925)
• 6b42224 Add workflow file for publishing releases to immutable action package (#1919)
• de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924)
• See full diff in compare view

Updates actions/setup-node from 4.0.4 to 4.1.0

Release notes

Sourced from actions/setup-node's releases.

v4.1.0

What's Changed

• Resolve High Security Alerts by upgrading Dependencies by @​aparnajyothi-y in actions/setup-node#1132
• Upgrade IA Publish by @​Jcambass in actions/setup-node#1134
• Revise isGhes logic by @​jww3 in actions/setup-node#1148
• Add architecture to cache key by @​pengx17 in actions/setup-node#843 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format.

New Contributors

• @​jww3 made their first contribution in actions/setup-node#1148
• @​pengx17 made their first contribution in actions/setup-node#843

Full Changelog: actions/setup-node@v4...v4.1.0

Commits

• 39370e3 fix: add arch to cached path (#843)
• abb238b Revise isGhes logic (#1148)
• aca7b64 Merge pull request #1134 from actions/Jcambass-patch-1
• 88de2a3 Resolve High Security Alerts by upgrading Dependencies (#1132)
• d6ebc7b Upgrade IA Publish
• See full diff in compare view

Updates actions/upload-artifact from 4.4.0 to 4.4.3

Release notes

Sourced from actions/upload-artifact's releases.

v4.4.3

What's Changed

• Undo indirect dependency updates from #627 by @​joshmgross in actions/upload-artifact#632

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

What's Changed

• Bump @actions/artifact to 2.1.11 by @​robherley in actions/upload-artifact#627
  • Includes fix for relative symlinks not resolving properly

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

What's Changed

• Add a section about hidden files by @​joshmgross in actions/upload-artifact#607
• Add workflow file for publishing releases to immutable action package by @​Jcambass in actions/upload-artifact#621
• Update @​actions/artifact to latest version, includes symlink and timeout fixes by @​robherley in actions/upload-artifact#625

New Contributors

• @​Jcambass made their first contribution in actions/upload-artifact#621

Full Changelog: actions/upload-artifact@v4.4.0...v4.4.1

Commits

• b4b15b8 Merge pull request #632 from actions/joshmgross/undo-dependency-changes
• 92b01eb Undo indirect dependency updates from #627
• 8448086 Merge pull request #627 from actions/robherley/v4.4.2
• b1d4642 add explicit relative and absolute symlinks to workflow
• d50e660 bump version
• aabe6f8 build with @​actions/artifact v2.1.11
• 604373d Merge pull request #625 from actions/robherley/artifact-2.1.10
• 0150148 paste right core version
• a009b25 update licenses
• 9f6f6f4 update @​actions/core and @​actions/artifact to latest versions
• Additional commits viewable in compare view

Updates github/codeql-action from 3.26.10 to 3.27.6

Release notes

Sourced from github/codeql-action's releases.

v3.27.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.6 - 03 Dec 2024

• Update default CodeQL bundle version to 2.19.4. #2626

See the full CHANGELOG.md for more information.

v3.27.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.5 - 19 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.4 - 14 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.3

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.3 - 12 Nov 2024

No user facing changes.

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

• We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631
• Update default CodeQL bundle version to 2.20.0. #2636

3.27.6 - 03 Dec 2024

• Update default CodeQL bundle version to 2.19.4. #2626

3.27.5 - 19 Nov 2024

No user facing changes.

3.27.4 - 14 Nov 2024

No user facing changes.

3.27.3 - 12 Nov 2024

No user facing changes.

3.27.2 - 12 Nov 2024

• Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #2590

3.27.1 - 08 Nov 2024

• The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. #2573
• Update default CodeQL bundle version to 2.19.3. #2576

3.27.0 - 22 Oct 2024

• Bump the minimum CodeQL bundle version to 2.14.6. #2549
• Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #2557
• Update default CodeQL bundle version to 2.19.2. #2552

3.26.13 - 14 Oct 2024

No user facing changes.

3.26.12 - 07 Oct 2024

• Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. #2520

... (truncated)

Commits

• aa57810 Merge pull request #2628 from github/update-v3.27.6-af49565b8
• 34e77b7 Update changelog for v3.27.6
• af49565 Merge pull request #2620 from github/cklin/DiffThunkRange-fix
• 5659f01 Merge pull request #2626 from github/update-bundle/codeql-bundle-v2.19.4
• 5333ff3 Add changelog note
• e4fb28d Update default bundle to codeql-bundle-v2.19.4
• 3d3d628 Merge pull request #2617 from github/update-supported-enterprise-server-versions
• 2eea97e Fix DiffThunkRange access
• f8e782a Merge pull request #2618 from github/mergeback/v3.27.5-to-main-f09c1c0a
• 49b7c97 Update checked-in dependencies
• Additional commits viewable in compare view

Updates super-linter/super-linter from 7.1.0 to 7.2.0

Release notes

Sourced from super-linter/super-linter's releases.

v7.2.0

7.2.0 (2024-11-17)

🚀 Features

• allow passing custom options to rust clippy (#6094) (05d4d4e), closes #4001
• implement a linter to check git conflicts (#6113) (e0d8b4f)
• lint commit messages with commitlint (#6118) (5d6e3fc)
• optionally remove color codes from output (#6095) (94920ff), closes #5540

🐛 Bugfixes

• correctly load custom linter commands (#6085) (ad0ff68), closes #6084

⬆️ Dependency updates

• bundler: bump standard from 1.40.0 to 1.40.1 in /dependencies (#6239) (75fb343)
• bundler: bump standard from 1.41.0 to 1.41.1 in /dependencies (#6291) (54782ec)
• bundler: bump the rubocop group across 1 directory with 3 updates (#6348) (6e23e6e)
• bundler: bump the rubocop group in /dependencies with 6 updates (#6252) (a8920a4)
• docker: bump composer/composer from 2.7.6 to 2.8.1 (#6237) (95b56f1)
• docker: bump golang from 1.23.0-alpine to 1.23.2-alpine (#6236) (2a42244)
• docker: bump python from 3.12.5-alpine3.20 to 3.12.7-alpine3.20 (#6235) (c97987c)
• docker: bump the docker group across 1 directory with 15 updates (#6356) (ddabcba)
• java: bump the java-gradle group across 2 directories with 2 updates (#6248) (fd28996)
• java: bump the java-gradle group across 2 directories with 2 updates (#6335) (d4402a4)
• npm: bump @​babel/eslint-parser in /dependencies (#6261) (0891581)
• npm: bump @​babel/eslint-parser in /dependencies (#6307) (538bda9)
• npm: bump @​react-native/eslint-config (#6355) (4013f55)
• npm: bump @​stoplight/spectral-cli in /dependencies (#6181) (468901b)
• npm: bump @​stoplight/spectral-cli in /dependencies (#6337) (918f185)
• npm: bump @​stoplight/spectral-cli in /dependencies (#6359) (9b3e0cd)
• npm: bump asl-validator from 3.8.3 to 3.8.4 in /dependencies (#6312) (e8c508a)
• npm: bump asl-validator from 3.8.4 to 3.9.0 in /dependencies (#6357) (f955866)
• npm: bump eslint from 8.57.0 to 8.57.1 in /dependencies (#6177) (86df3f8)
• npm: bump markdownlint-cli from 0.41.0 to 0.42.0 in /dependencies (#6199) (1f9b00c)
• npm: bump next (#6256) (6994834)
• npm: bump next (#6329) (9b2933b)
• npm: bump next from 14.2.6 to 14.2.11 in /dependencies (#6157) (b526eff)
• npm: bump npm-groovy-lint from 14.6.0 to 15.0.2 in /dependencies (#6266) (b8dc2a1)
• npm: bump renovate from 38.55.1 to 39.15.4 in /dependencies (#6358) (3aff158)
• npm: bump standard from 17.1.0 to 17.1.2 in /dependencies (#6265) (22f5beb)
• npm: bump textlint (#6305) (e55903c)
• npm: bump the eslint-plugins-configs group across 1 directory with 5 updates (#6255) (5e252d4)
• npm: bump the react group across 1 directory with 4 updates (#6257) (7b76efb)
• npm: bump the react group across 1 directory with 4 updates (#6332) (b9520be)
• npm: bump the stylelint group across 1 directory with 7 updates (#6340) (f9e2182)

... (truncated)

Changelog

Sourced from super-linter/super-linter's changelog.

Changelog

7.2.0 (2024-11-17)

🚀 Features

• allow passing custom options to rust clippy (#6094) (05d4d4e), closes #4001
• implement a linter to check git conflicts (#6113) (e0d8b4f)
• lint commit messages with commitlint (#6118) (5d6e3fc)
• optionally remove color codes from output (#6095) (94920ff), closes #5540

🐛 Bugfixes

• correctly load custom linter commands (#6085) (ad0ff68), closes #6084

⬆️ Dependency updates

• bundler: bump standard from 1.40.0 to 1.40.1 in /dependencies (#6239) (75fb343)
• bundler: bump standard from 1.41.0 to 1.41.1 in /dependencies (#6291) (54782ec)
• bundler: bump the rubocop group across 1 directory with 3 updates (#6348) (6e23e6e)
• bundler: bump the rubocop group in /dependencies with 6 updates (#6252) (a8920a4)
• docker: bump composer/composer from 2.7.6 to 2.8.1 (#6237) (95b56f1)
• docker: bump golang from 1.23.0-alpine to 1.23.2-alpine (#6236) (2a42244)
• docker: bump python from 3.12.5-alpine3.20 to 3.12.7-alpine3.20 (#6235) (c97987c)
• docker: bump the docker group across 1 directory with 15 updates (#6356) (ddabcba)
• java: bump the java-gradle group across 2 directories with 2 updates (#6248) (fd28996)
• java: bump the java-gradle group across 2 directories with 2 updates (#6335) (d4402a4)
• npm: bump @​babel/eslint-parser in /dependencies (#6261) (0891581)
• npm: bump @​babel/eslint-parser in /dependencies (#6307) (538bda9)
• npm: bump @​react-native/eslint-config (#6355) (4013f55)
• npm: bump @​stoplight/spectral-cli in /dependencies (#6181) (468901b)
• npm: bump @​stoplight/spectral-cli in /dependencies (#6337) (918f185)
• npm: bump @​stoplight/spectral-cli in /dependencies (#6359) (9b3e0cd)
• npm: bump asl-validator from 3.8.3 to 3.8.4 in /dependencies (#6312) (e8c508a)
• npm: bump asl-validator from 3.8.4 to 3.9.0 in /dependencies (#6357) (f955866)
• npm: bump eslint from 8.57.0 to 8.57.1 in /dependencies (#6177) (86df3f8)
• npm: bump markdownlint-cli from 0.41.0 to 0.42.0 in /dependencies (#6199) (1f9b00c)
• npm: bump next (#6256) (6994834)
• npm: bump next (#6329) (9b2933b)
• npm: bump next from 14.2.6 to 14.2.11 in /dependencies (#6157) (b526eff)
• npm: bump npm-groovy-lint from 14.6.0 to 15.0.2 in /dependencies (#6266) (b8dc2a1)
• npm: bump renovate from 38.55.1 to 39.15.4 in /dependencies (#6358) (3aff158)
• npm: bump standard from 17.1.0 to 17.1.2 in /dependencies (#6265) (22f5beb)
• npm: bump textlint (#6305) (e55903c)
• npm: bump the eslint-plugins-configs group across 1 directory with 5 updates (#6255) (5e252d4)
• npm: bump the react group across 1 directory with 4 updates (#6257) (7b76efb)
• npm: bump the react group across 1 directory with 4 updates (#6332) (b9520be)

... (truncated)

Commits

• e1cb86b chore(main): release 7.2.0 (#6091)
• 538bda9 deps(npm): bump @​babel/eslint-parser in /dependencies (#6307)
• 4013f55 deps(npm): bump @​react-native/eslint-config (#6355)
• 3aff158 deps(npm): bump renovate from 38.55.1 to 39.15.4 in /dependencies (#6358)
• 9b2933b deps(npm): bump next (#6329)
• e55903c deps(npm): bump textlint (#6305)
• ddabcba deps(docker): bump the docker group across 1 directory with 15 updates (#6356)
• f955866 deps(npm): bump asl-validator from 3.8.4 to 3.9.0 in /dependencies (#6357)
• 9b3e0cd deps(npm): bump @​stoplight/spectral-cli in /dependencies (#6359)
• 99b4bf6 chore: move base image to a dedicated group (#6351)
• Additional commits viewable in compare view

Updates sigstore/cosign-installer from 3.6.0 to 3.7.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.7.0

What's Changed

• Bump actions/checkout from 4.1.7 to 4.2.0 by @​dependabot in sigstore/cosign-installer#172
• bump for latest cosign v2.4.1 release by @​bobcallaway in sigstore/cosign-installer#173

Full Changelog: sigstore/cosign-installer@v3.6.0...v3.7.0

Commits

• dc72c7d bump for latest cosign v2.4.1 release (#173)
• 08bb361 Bump actions/checkout from 4.1.7 to 4.2.0 (#172)
• See full diff in compare view

Updates softprops/action-gh-release from 2.0.8 to 2.1.0

Release notes

Sourced from softprops/action-gh-release's releases.

v2.1.0

What's Changed

Exciting New Features 🎉

• feat: add support for release assets with multiple spaces within the name by @​dukhine in softprops/action-gh-release#518
• feat: preserve upload order by @​richarddd in softprops/action-gh-release#500

Other Changes 🔄

• chore(deps): bump @​types/node from 22.8.2 to 22.8.7 by @​dependabot in softprops/action-gh-release#539

New Contributors

• @​dukhine made their first contribution in softprops/action-gh-release#518
• @​richarddd made their first contribution in softprops/action-gh-release#500

Full Changelog: softprops/action-gh-release@v2...v2.1.0

v2.0.9

What's Changed

• maintenance release with updated dependencies

New Contributors

• @​kbakdev made their first contribution in softprops/action-gh-release#521

Full Changelog: softprops/action-gh-release@v2...v2.0.9

Changelog

Sourced from softprops/action-gh-release's changelog.

2.1.0

What's Changed

Exciting New Features 🎉

• feat: add support for release assets with multiple spaces within the name by @​dukhine in softprops/action-gh-release#518
• feat: preserve upload order by @​richarddd in softprops/action-gh-release#500

Other Changes 🔄

• chore(deps): bump @​types/node from 22.8.2 to 22.8.7 by @​dependabot in softprops/action-gh-release#539

New Contributors

• @​dukhine made their first contribution in softprops/action-gh-release#518
• @​richarddd made their first contribution in softprops/action-gh-release#500

Full Changelog: softprops/action-gh-release@v2...v2.1.0

2.0.9

• maintenance release with updated dependencies

2.0.8

Other Changes 🔄

• chore(deps): bump prettier from 2.8.0 to 3.3.3 by @​dependabot in softprops/action-gh-release#480
• chore(deps): bump @​types/node from 20.14.9 to 20.14.11 by @​dependabot in softprops/action-gh-release#483
• chore(deps): bump @​octokit/plugin-throttling from 9.3.0 to 9.3.1 by @​dependabot in softprops/action-gh-release#484
• chore(deps): bump glob from 10.4.2 to 11.0.0 by @​dependabot in softprops/action-gh-release#477
• refactor: write jest config in ts by @​chenrui333 in softprops/action-gh-release#485
• chore(deps): bump @​actions/github from 5.1.1 to 6.0.0 by @​dependabot in softprops/action-gh-release#470

2.0.7

Bug fixes 🐛

• Fix missing update release body by @​FirelightFlagboy in softprops/action-gh-release#365

Other Changes 🔄

• Bump @​octokit/plugin-retry from 4.0.3 to 7.1.1 by @​dependabot in softprops/action-gh-release#443
• Bump typescript from 4.9.5 to 5.5.2 by @​dependabot in softprops/action-gh-release#467
• Bump @​types/node from 20.14.6 to 20.14.8 by @​dependabot in softprops/action-gh-release#469
• Bump @​types/node from 20.14.8 to 20.14.9 by @​dependabot in softprops/action-gh-release#473
• Bump typescript from 5.5.2 to 5.5.3 by @​dependabot in softprops/action-gh-release#472
• Bump ts-jest from 29.1.5 to 29.2.2 by @​dependabot in softprops/action-gh-release#479
• docs: document that existing releases are updated by @​jvanbruegge in softprops/action-gh-release#474

2.0.6

• maintenance release with updated dependencies

... (truncated)

Commits

• 01570a1 chore: release 2.1.0
• d5f028c feature: preserve upload order (#500)
• 98daca2 feat: add support for release assets with multiple spaces within the name (#518)
• b019a5b chore: bump @​types/node to 22.9.0
• 73e673b chore(deps): bump @​types/node from 22.8.2 to 22.8.7 (#539)
• e7a8f85 chore: release 2.0.9
• 04afa13 chore(deps): bump actions/setup-node from 4.0.4 to 4.1.0 (#535)