Update CI dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	patch	v6.0.1 → v6.0.2
actions/setup-node	action	minor	v6.1.0 → v6.2.0
github/codeql-action	action	minor	v4.31.9 → v4.32.3

---

Release Notes

actions/checkout (actions/checkout)

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

actions/setup-node (actions/setup-node)

v6.2.0

Compare Source

github/codeql-action (github/codeql-action)

v4.32.3

Compare Source

• Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #​3466

v4.32.2

Compare Source

v4.32.1

Compare Source

• A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #​3422
• Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #​3421

v4.32.0

Compare Source

• Update default CodeQL bundle version to 2.24.0. #​3425

v4.31.11

Compare Source

• When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #​3409
• Improved error handling throughout the CodeQL Action. #​3415
• Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #​3318
• The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #​3403

v4.31.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.10 - 12 Jan 2026

• Update default CodeQL bundle version to 2.23.9. #​3393

See the full CHANGELOG.md for more information.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[kody-ai]

The setup steps for checking out the repository and setting up Node.js are repeated in both the 'lint' and 'test' jobs. This violates the DRY (Don't Repeat Yourself) principle. To centralize this logic, you can create a composite action (e.g., in .github/actions/setup/action.yml) containing the common steps. Then, both jobs can simply call this action using a single uses step, making the workflow cleaner and easier to maintain.

Kody Rule violation: Extract duplicated logic into functions

      steps:
        - name: Setup Environment
          uses: ./.github/actions/setup # Assumes a composite action is created at this path

Prompt for LLM

File .github/workflows/code-quality.yml:

Line 18 to 26:

I'm reviewing a GitHub Actions workflow file. I have a rule that says 'Duplicate sequences of statements must be extracted into a named function or utility.' In my workflow file, `.github/workflows/code-quality.yml`, I have two jobs, 'lint' and 'test'. Both of these jobs have the exact same initial steps: one to checkout the git repository and another to set up Node.js. This is a clear case of code duplication. How can I refactor this workflow to remove the duplication and follow my rule? Please suggest a solution using standard GitHub Actions features like composite actions or reusable workflows, and explain the benefits.

Suggested Code:

      steps:
        - name: Setup Environment
          uses: ./.github/actions/setup # Assumes a composite action is created at this path

_{Talk to Kody by mentioning @kody}

_{Was this suggestion helpful? React with 👍 or 👎 to help Kody learn from this interaction.}

​

​

[kody-ai]

Kody Review Complete

Great news! 🎉
No issues were found that match your current review configurations.

Keep up the excellent work! 🚀

Kody Guide: Usage and Configuration

Interacting with Kody

• Request a Review: Ask Kody to review your PR manually by adding a comment with the @kody start-review command at the root of your PR.

• Validate Business Logic: Ask Kody to validate your code against business rules by adding a comment with the @kody -v business-logic command.

• Provide Feedback: Help Kody learn and improve by reacting to its comments with a 👍 for helpful suggestions or a 👎 if improvements are needed.

Current Kody Configuration

Review Options

The following review options are enabled or disabled:

Options	Enabled
Bug	✅
Performance	✅
Security	✅
Cross File	✅

Access your configuration settings here.

​

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud