BAU: Bump the gha-all-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the gha-all-dependencies group with 7 updates in the / directory:

Package	From	To
aws-actions/configure-aws-credentials	6.1.0	6.1.1
tj-actions/changed-files	5f4a0b68ac816d8cb4a52bd88b460549197b7ff1	934b2d2c7e653bb8c968afed5a0428617f09aa24
bridgecrewio/checkov-action	12.3096.0	12.3102.0
github/codeql-action	4.35.2	4.35.4
actions/dependency-review-action	4.9.0	5.0.0
aws-actions/setup-sam	d78e1a4a9656d3b223e59b80676a797f20093133	89ddb14d60e682855e3fea4be85b3c56485de310
govuk-one-login/devplatform-upload-action	3.13.0	3.14.0

Updates aws-actions/configure-aws-credentials from 6.1.0 to 6.1.1

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v6.1.1

What's Changed

• chore(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1722
• chore(deps-dev): bump @​types/node from 25.5.0 to 25.5.2 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1723
• chore(deps-dev): bump @​smithy/property-provider from 4.2.12 to 4.2.13 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1724
• chore(deps): bump proxy-agent from 8.0.0 to 8.0.1 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1726
• chore(deps): bump @​smithy/node-http-handler from 4.5.1 to 4.5.2 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1725
• chore(deps): bump @​aws-sdk/client-sts from 3.1020.0 to 3.1025.0 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1727
• chore(deps): bump basic-ftp from 5.2.0 to 5.2.1 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1728
• chore(deps): bump basic-ftp from 5.2.1 to 5.2.2 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1729
• chore(deps-dev): bump @​types/node from 25.5.2 to 25.6.0 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1730
• chore(deps-dev): bump @​aws-sdk/credential-provider-env from 3.972.24 to 3.972.25 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1733
• chore(deps): bump @​aws-sdk/client-sts from 3.1025.0 to 3.1030.0 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1732
• chore(deps-dev): bump @​biomejs/biome from 2.4.10 to 2.4.11 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1734
• chore(deps): bump basic-ftp from 5.2.2 to 5.3.0 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1736
• chore(deps-dev): bump memfs from 4.57.1 to 4.57.2 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1737
• chore(deps-dev): bump typescript from 6.0.2 to 6.0.3 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1740
• chore(deps-dev): bump @​smithy/property-provider from 4.2.13 to 4.2.14 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1741
• chore(deps-dev): bump @​aws-sdk/credential-provider-env from 3.972.25 to 3.972.28 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1742
• chore(deps): bump @​aws-sdk/client-sts from 3.1030.0 to 3.1033.0 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1743
• chore(deps-dev): bump @​biomejs/biome from 2.4.11 to 2.4.12 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1739
• chore(deps-dev): bump @​biomejs/biome from 2.4.12 to 2.4.13 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1747
• chore(deps): bump postcss from 8.5.6 to 8.5.12 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1752
• chore(deps): bump @​smithy/node-http-handler from 4.6.0 to 4.6.1 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1750
• chore(deps-dev): bump @​aws-sdk/credential-provider-env from 3.972.28 to 3.972.32 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1751
• chore(deps): bump @​aws-sdk/client-sts from 3.1033.0 to 3.1038.0 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1749
• chore: release 6.1.1 by @​lehmanmj in aws-actions/configure-aws-credentials#1757

Full Changelog: aws-actions/configure-aws-credentials@v6...v6.1.1

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

6.1.1 (2026-05-05)

Miscellaneous Chores

• various dependency updates

6.1.0 (2026-04-06)

Features

• add skip cleanup option (#1716) (11b1c58), closes #1545
• Support usage of AWS Profiles (#1696) (a7f0c82)

6.0.0 (2026-02-04)

⚠ BREAKING CHANGES

• Update action to use node24 (#1632) (a7a2c11)

Features

• add support to define transitive tag keys (#1316) (232435c) (930ebd9)

Bug Fixes

• properly output aws-account-id and authenticated-arn when using role-chaining (#1633) (7ceaf96)

5.1.1 (2025-11-24)

Miscellaneous Chores

• release 5.1.1 (56d6a58)

5.1.0 (2025-10-06)

Features

• Add global timeout support (#1487) (1584b8b)
• add no-proxy support (#1482) (dde9b22)
• Improve debug logging in retry logic (#1485) (97ef425)

... (truncated)

Commits

• d979d5b chore: release 6.1.1 (#1757)
• d4a9acd chore: Update dist
• fc44f4a chore(deps): bump @​aws-sdk/client-sts from 3.1033.0 to 3.1038.0 (#1749)
• 0b8336f chore: Update dist
• 8c5bf33 chore(deps-dev): bump @​aws-sdk/credential-provider-env (#1751)
• 53df0c1 chore: Update dist
• c2c5582 chore(deps): bump @​smithy/node-http-handler from 4.6.0 to 4.6.1 (#1750)
• bd0031d chore(deps): bump postcss from 8.5.6 to 8.5.12 (#1752)
• 6ab499a chore(deps-dev): bump @​biomejs/biome from 2.4.12 to 2.4.13 (#1747)
• bc94895 chore(deps-dev): bump @​biomejs/biome from 2.4.11 to 2.4.12 (#1739)
• Additional commits viewable in compare view

Updates tj-actions/changed-files from 5f4a0b68ac816d8cb4a52bd88b460549197b7ff1 to 934b2d2c7e653bb8c968afed5a0428617f09aa24

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

47.0.6 - (2026-04-18)

🔄 Update

• Updated README.md (#2817)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (c23d52b) - (github-actions[bot])

⚙️ Miscellaneous Tasks

• deps: Bump lodash from 4.17.23 to 4.18.1 (#2837) (9426d40) - (dependabot[bot])
• deps: Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#2843) (32de080) - (dependabot[bot])
• deps: Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#2844) (2487d12) - (dependabot[bot])
• deps-dev: Bump @​types/node from 25.5.0 to 25.6.0 (#2846) (cef85a3) - (dependabot[bot])
• deps-dev: Bump prettier from 3.8.1 to 3.8.3 (#2848) (7b082de) - (dependabot[bot])
• deps: Bump github/codeql-action from 4.35.1 to 4.35.2 (#2849) (07224ca) - (dependabot[bot])
• deps-dev: Bump jest from 30.2.0 to 30.3.0 (#2822) (2bb1357) - (dependabot[bot])
• deps: Bump nrwl/nx-set-shas from 4.4.0 to 5.0.1 (#2829) (cc98117) - (dependabot[bot])
• deps: Bump yaml from 2.8.2 to 2.8.3 (#2830) (786e421) - (dependabot[bot])
• deps-dev: Bump eslint-plugin-jest from 29.15.0 to 29.15.1 (#2831) (726b41b) - (dependabot[bot])
• deps: Bump github/codeql-action from 4.32.6 to 4.35.1 (#2834) (2c3585e) - (dependabot[bot])
• deps: Bump actions/download-artifact from 8.0.0 to 8.0.1 (#2824) (3d37a7f) - (dependabot[bot])
• deps-dev: Bump @​types/node from 25.3.5 to 25.5.0 (#2825) (445b0eb) - (dependabot[bot])
• deps: Bump github/codeql-action from 4.32.5 to 4.32.6 (#2819) (4f892cd) - (dependabot[bot])
• deps-dev: Bump @​types/node from 25.3.3 to 25.3.5 (#2820) (6118651) - (dependabot[bot])
• deps: Bump actions/setup-node from 6.2.0 to 6.3.0 (#2818) (e517d7a) - (dependabot[bot])

⬆️ Upgrades

• Upgraded to v47.0.5 (#2816)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (4750530) - (github-actions[bot])

47.0.5 - (2026-03-03)

🔄 Update

• Updated README.md (#2805)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (35dace0) - (github-actions[bot])

• Updated README.md (#2803)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (9ee99eb) - (github-actions[bot])

⚙️ Miscellaneous Tasks

... (truncated)

Commits

• 934b2d2 chore(deps): bump uuid from 13.0.0 to 14.0.0 in the npm_and_yarn group across...
• 0146bf4 chore(deps-dev): bump @​types/node from 25.7.0 to 25.8.0 (#2868)
• 6b924b1 chore(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (#2862)
• c0f1c88 chore(deps-dev): bump jest from 30.3.0 to 30.4.2 (#2865)
• 179874a chore(deps-dev): bump @​types/node from 25.6.0 to 25.7.0 (#2866)
• 70b968a chore(deps): bump yaml from 2.8.4 to 2.9.0 (#2867)
• 7dc4d75 chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (#2860)
• 37901fa chore(deps): bump yaml from 2.8.3 to 2.8.4 (#2861)
• 9d0c65d test: push and merge group support (#2856)
• 778ca51 chore(deps): bump flatted in the npm_and_yarn group across 1 directory
• Additional commits viewable in compare view

Updates bridgecrewio/checkov-action from 12.3096.0 to 12.3102.0

Commits

• 4048c97 Bump checkov container version to 3.2.527
• 9201a8e Bump checkov container version to 3.2.526
• 20fb358 Bump checkov container version to 3.2.525
• 3203f96 Bump checkov container version to 3.2.524
• e385091 Bump checkov container version to 3.2.523
• 5ef773c Bump checkov container version to 3.2.522
• See full diff in compare view

Updates github/codeql-action from 4.35.2 to 4.35.4

Release notes

Sourced from github/codeql-action's releases.

v4.35.4

• Update default CodeQL bundle version to 2.25.4. #3881

v4.35.3

• Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
• Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
• Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
• Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
• Update default CodeQL bundle version to 2.25.3. #3865

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

• For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
• If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
• Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

4.35.4 - 07 May 2026

• Update default CodeQL bundle version to 2.25.4. #3881

4.35.3 - 01 May 2026

• Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
• Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
• Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
• Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
• Update default CodeQL bundle version to 2.25.3. #3865

4.35.2 - 15 Apr 2026

• The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795
• The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789
• Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794
• Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807
• Update default CodeQL bundle version to 2.25.2. #3823

4.35.1 - 27 Mar 2026

• Fix incorrect minimum required Git version for improved incremental analysis: it should have been 2.36.0, not 2.11.0. #3781

4.35.0 - 27 Mar 2026

• Reduced the minimum Git version required for improved incremental analysis from 2.38.0 to 2.11.0. #3767
• Update default CodeQL bundle version to 2.25.1. #3773

4.34.1 - 20 Mar 2026

• Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #3762

4.34.0 - 20 Mar 2026

• Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #3569
• We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #3584
• Update default CodeQL bundle version to 2.25.0. #3585

4.33.0 - 16 Mar 2026

... (truncated)

Commits

• 68bde55 Merge pull request #3885 from github/update-v4.35.4-803d9e8c3
• 9739ad2 Update changelog for v4.35.4
• 803d9e8 Merge pull request #3883 from github/mbg/test/macro-wrapper
• 0fd9c7d Merge pull request #3882 from github/dependabot/github_actions/dot-github/wor...
• 922d6fb Use makeMacro instead of test.macro
• df77e87 Update test macro snippet
• 6e3f985 Add wrapper for test.macro
• e7a347d Merge pull request #3881 from github/update-bundle/codeql-bundle-v2.25.4
• 17eabb2 Rebuild
• aaef09c Bump ruby/setup-ruby
• Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.9.0 to 5.0.0

Release notes

Sourced from actions/dependency-review-action's releases.

5.0.0

This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.

What's Changed

• Add .github/copilot-instructions.md for Copilot coding agent by @​ahpook in actions/dependency-review-action#1067
• Update Node.js runtime from 20 to 24 by @​scottschreckengaust in actions/dependency-review-action#1084
• Bump spdx-license-ids from 3.0.20 to 3.0.23 by @​mongolyy in actions/dependency-review-action#1091
• docs: bump actions/checkout from v4 to v6 in workflow examples by @​Marukome0743 in actions/dependency-review-action#1077
• fix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by @​tspascoal in actions/dependency-review-action#1076
• Resolve security findings by @​AshelyTC in actions/dependency-review-action#1094
• v5.0.0 release branch by @​ahpook in actions/dependency-review-action#1098

New Contributors

• @​scottschreckengaust made their first contribution in actions/dependency-review-action#1084
• @​mongolyy made their first contribution in actions/dependency-review-action#1091
• @​Marukome0743 made their first contribution in actions/dependency-review-action#1077

Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0

Commits

• a1d282b Merge pull request #1098 from actions/ahpook/v5-release
• eb6c199 update examples to show @​v5
• 3943c2c v5.0.0 release branch
• 454943c Merge pull request #1094 from actions/ashelytc/security-findings
• 6d92a12 revert @​typescript-eslint/parser update
• a8e5a7e Merge pull request #1076 from tspascoal/fix-version-matching-for-non-string-s...
• b6b7079 update @​typescript-eslint/parser to 8.40.0
• 821a21d update more dependencies
• 05aaaae run npm audit fix
• 55d3e75 Merge pull request #1077 from Marukome0743/docs/checkout
• Additional commits viewable in compare view

Updates aws-actions/setup-sam from d78e1a4a9656d3b223e59b80676a797f20093133 to 89ddb14d60e682855e3fea4be85b3c56485de310

Commits

• 89ddb14 Update action to use node 24 (#136)
• f84ec7d chore(deps-dev): bump js-yaml from 3.14.1 to 3.14.2 (#121)
• 8050e57 chore(deps): bump glob from 10.4.5 to 10.5.0 (#124)
• fc7723b chore(deps): bump fast-xml-parser from 5.3.0 to 5.3.5 (#127)
• See full diff in compare view

Updates govuk-one-login/devplatform-upload-action from 3.13.0 to 3.14.0

Release notes

Sourced from govuk-one-login/devplatform-upload-action's releases.

v3.14.0

What's Changed

• Adding skip canaries as an option to skip canaries by @​dothomson in govuk-one-login/devplatform-upload-action#39

New Contributors

• @​dothomson made their first contribution in govuk-one-login/devplatform-upload-action#39

Full Changelog: govuk-one-login/devplatform-upload-action@v3.13.0...v3.14.0

Commits

• 5879c30 Merge pull request #39 from govuk-one-login/skip-canaries
• 740428d Merge pull request #40 from govuk-one-login/dependabot/npm_and_yarn/lodash-4....
• 6e5dc48 Bump lodash from 4.17.23 to 4.18.1
• cea990f Merge pull request #38 from govuk-one-login/dependabot/npm_and_yarn/flatted-3...
• 730c64c Adding skip canaries as an option for skipping canaries :)
• e8857f1 Bump flatted from 3.3.2 to 3.4.2
• 5963296 Merge pull request #37 from govuk-one-login/dependabot/npm_and_yarn/minimatch...
• 809ed49 Bump minimatch from 3.1.2 to 3.1.5
• See full diff in compare view

[github-actions]

Java Tests Skipped

No Java files were changed in this pull request. Java tests will be skipped¹.

Any Java files that are changed in a subsequent commit will trigger the Java tests.

Footnotes

1. These tests will still show as passing in the PR status check, but will not actually have run. ↩