Update all dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/cache	action	digest	1bd1e32 -> 5a3ec84
actions/setup-node	action	minor	v4.2.0 -> v4.4.0
actions/setup-python	action	digest	4237552 -> 8d9ed9a
aquasecurity/trivy-action	action	digest	a11da62 -> 99baf0d
docker/build-push-action	action	minor	v6.13.0 -> v6.15.0
docker/login-action	action	minor	v3.3.0 -> v3.4.0
docker/setup-buildx-action	action	digest	f7ce87c -> b5ca514
docker/setup-qemu-action	action	digest	4574d27 -> 2910929
github/codeql-action	action	patch	v3.28.9 -> v3.28.15
ncipollo/release-action	action	digest	cdcc88a -> 440c8c1
sigstore/cosign-installer	action	patch	v3.8.0 -> v3.8.2
step-security/harden-runner	action	minor	v2.11.0 -> v2.12.0

---

Release Notes

actions/setup-node (actions/setup-node)

v4.4.0

Compare Source

v4.3.0

Compare Source

docker/build-push-action (docker/build-push-action)

v6.15.0

Compare Source

• Bump @​docker/actions-toolkit from 0.55.0 to 0.56.0 in https://github.com/docker/build-push-action/pull/1330

Full Changelog: docker/build-push-action@v6.14.0...v6.15.0

v6.14.0

Compare Source

• Bump @​docker/actions-toolkit from 0.53.0 to 0.55.0 in https://github.com/docker/build-push-action/pull/1324

Full Changelog: docker/build-push-action@v6.13.0...v6.14.0

docker/login-action (docker/login-action)

v3.4.0

Compare Source

• Bump @​actions/core from 1.10.1 to 1.11.1 in https://github.com/docker/login-action/pull/791
• Bump @​aws-sdk/client-ecr to 3.766.0 in https://github.com/docker/login-action/pull/789 https://github.com/docker/login-action/pull/856
• Bump @​aws-sdk/client-ecr-public to 3.758.0 in https://github.com/docker/login-action/pull/789 https://github.com/docker/login-action/pull/856
• Bump @​docker/actions-toolkit from 0.35.0 to 0.57.0 in https://github.com/docker/login-action/pull/801 https://github.com/docker/login-action/pull/806 https://github.com/docker/login-action/pull/858
• Bump cross-spawn from 7.0.3 to 7.0.6 in https://github.com/docker/login-action/pull/814
• Bump https-proxy-agent from 7.0.5 to 7.0.6 in https://github.com/docker/login-action/pull/823
• Bump path-to-regexp from 6.2.2 to 6.3.0 in https://github.com/docker/login-action/pull/777

Full Changelog: docker/login-action@v3.3.0...v3.4.0

github/codeql-action (github/codeql-action)

v3.28.15

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.15 - 07 Apr 2025

• Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. #​2842

See the full CHANGELOG.md for more information.

v3.28.14

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.14 - 07 Apr 2025

• Update default CodeQL bundle version to 2.21.0. #​2838

See the full CHANGELOG.md for more information.

v3.28.13

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.13 - 24 Mar 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.12

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.12 - 19 Mar 2025

• Dependency caching should now cache more dependencies for Java build-mode: none extractions. This should speed up workflows and avoid inconsistent alerts in some cases.
• Update default CodeQL bundle version to 2.20.7. #​2810

See the full CHANGELOG.md for more information.

v3.28.11

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.11 - 07 Mar 2025

• Update default CodeQL bundle version to 2.20.6. #​2793

See the full CHANGELOG.md for more information.

v3.28.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.10 - 21 Feb 2025

• Update default CodeQL bundle version to 2.20.5. #​2772
• Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #​2768

See the full CHANGELOG.md for more information.

sigstore/cosign-installer (sigstore/cosign-installer)

v3.8.2

Compare Source

What's Changed

• install cosign v2 from main in https://github.com/sigstore/cosign-installer/pull/186

Full Changelog: sigstore/cosign-installer@v3...v3.8.2

v3.8.1

Compare Source

What's Changed

• use cosign 2.4.3 and other updates by @​cpanato in https://github.com/sigstore/cosign-installer/pull/182

Full Changelog: sigstore/cosign-installer@v3...v3.8.1

step-security/harden-runner (step-security/harden-runner)

v2.12.0

Compare Source

What's Changed

1. A new option, disable-sudo-and-containers, is now available to replace the disable-sudo policy, addressing Docker-based privilege escalation (CVE-2025-32955). More details can be found in this blog post.

2. New detections have been added based on insights from the tj-actions and reviewdog actions incidents.

Full Changelog: step-security/harden-runner@v2...v2.12.0

v2.11.1

Compare Source

What's Changed

• cache: add support for GitHub Actions cache v2 by @​h0x0er in https://github.com/step-security/harden-runner/pull/529

Full Changelog: step-security/harden-runner@v2...v2.11.1

---

Configuration

📅 Schedule: Branch creation - "every 1 hours every weekday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.