build(deps): bump the dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the dependencies group with 7 updates in the / directory:

Package	From	To
actions/setup-node	4.1.0	4.2.0
docker/build-push-action	6.12.0	6.13.0
peter-murray/workflow-application-token-action	4.0.0	4.0.1
github/codeql-action	3.28.1	3.28.8
actions/setup-java	4.6.0	4.7.0
checkmarx/kics-github-action	2.1.3	2.1.4
trufflesecurity/trufflehog	3.88.2	3.88.4

Updates actions/setup-node from 4.1.0 to 4.2.0

Release notes

Sourced from actions/setup-node's releases.

v4.2.0

What's Changed

• Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by @​aparnajyothi-y in actions/setup-node#1174
• Add recommended permissions section to readme by @​benwells in actions/setup-node#1193
• Configure Dependabot settings by @​HarithaVattikuti in actions/setup-node#1192
• Upgrade @actions/cache to ^4.0.0 by @​priyagupta108 in actions/setup-node#1191
• Upgrade pnpm/action-setup from 2 to 4 by @​dependabot in actions/setup-node#1194
• Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot in actions/setup-node#1195
• Upgrade semver from 7.6.0 to 7.6.3 by @​dependabot in actions/setup-node#1196
• Upgrade @​types/jest from 29.5.12 to 29.5.14 by @​dependabot in actions/setup-node#1201
• Upgrade undici from 5.28.4 to 5.28.5 by @​dependabot in actions/setup-node#1205

New Contributors

• @​benwells made their first contribution in actions/setup-node#1193

Full Changelog: actions/setup-node@v4...v4.2.0

Commits

• 1d0ff46 Bump undici from 5.28.4 to 5.28.5 (#1205)
• 574f09a Bump @​types/jest from 29.5.12 to 29.5.14 (#1201)
• 260f870 Bump semver from 7.6.0 to 7.6.3 (#1196)
• 111c4be Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#1195)
• 0bc26de Bump pnpm/action-setup from 2 to 4 (#1194)
• 8f9cc17 Use the new cache service: upgrade @actions/cache to ^4.0.0 (#1191)
• 5eef37b Create dependabot.yml (#1192)
• fbeca22 Update README.md (#1193)
• 48b9067 Add macos-13 to the workflows and upgrade publish-actions from 0.2.2 to 0.3.0...
• See full diff in compare view

Updates docker/build-push-action from 6.12.0 to 6.13.0

Release notes

Sourced from docker/build-push-action's releases.

v6.13.0

• Bump @​docker/actions-toolkit from 0.51.0 to 0.53.0 in docker/build-push-action#1308

Full Changelog: docker/build-push-action@v6.12.0...v6.13.0

Commits

• ca877d9 Merge pull request #1308 from docker/dependabot/npm_and_yarn/docker/actions-t...
• d2fe919 chore: update generated content
• f0fc9ec chore(deps): Bump @​docker/actions-toolkit from 0.51.0 to 0.53.0
• See full diff in compare view

Updates peter-murray/workflow-application-token-action from 4.0.0 to 4.0.1

Release notes

Sourced from peter-murray/workflow-application-token-action's releases.

v4.0.1

Updating dependencies to resolve security vulnerabilities

Commits

• d17e3a9 Updating packages
• 8f7fb6a Update README.md to reference v4 version of actions examples
• See full diff in compare view

Updates github/codeql-action from 3.28.1 to 3.28.8

Release notes

Sourced from github/codeql-action's releases.

v3.28.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.8 - 29 Jan 2025

• Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

See the full CHANGELOG.md for more information.

v3.28.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.7 - 29 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.6 - 27 Jan 2025

• Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

See the full CHANGELOG.md for more information.

v3.28.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.5 - 24 Jan 2025

• Update default CodeQL bundle version to 2.20.3. #2717

See the full CHANGELOG.md for more information.

v3.28.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.4 - 23 Jan 2025

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.8 - 29 Jan 2025

• Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

• Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

3.28.5 - 24 Jan 2025

• Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

3.28.3 - 22 Jan 2025

• Update default CodeQL bundle version to 2.20.2. #2707
• Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #2710
• Uploading debug artifacts for CodeQL analysis is temporarily disabled. #2712

3.28.2 - 21 Jan 2025

No user facing changes.

3.28.1 - 10 Jan 2025

• CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677
• Update default CodeQL bundle version to 2.20.1. #2678

3.28.0 - 20 Dec 2024

• Bump the minimum CodeQL bundle version to 2.15.5. #2655
• Don't fail in the unusual case that a file is on the search path. #2660.

3.27.9 - 12 Dec 2024

... (truncated)

Commits

• dd74661 Merge pull request #2746 from github/update-v3.28.8-a91a3f767
• 3210a3c Fix Kotlin version in changelog
• 72f9d02 Update changelog for v3.28.8
• a91a3f7 Merge pull request #2744 from github/igfoo/kot2.1.10
• c520fb5 Merge pull request #2745 from github/mergeback/v3.28.7-to-main-6e545590
• 3879c57 Add changelog entry
• 0c21937 Run "npm run build"
• 5a61bf0 Kotlin: The 2.20.3 release supports Kotlin 2.1.10.
• 163d119 Update checked-in dependencies
• bcf5cec Update changelog and version after v3.28.7
• Additional commits viewable in compare view

Updates actions/setup-java from 4.6.0 to 4.7.0

Release notes

Sourced from actions/setup-java's releases.

v4.7.0

What's Changed

• Configure Dependabot settings by @​HarithaVattikuti in actions/setup-java#722
• README Update: Added a permissions section by @​benwells in actions/setup-java#723
• Upgrade cache from version 3.2.4 to 4.0.0 by @​aparnajyothi-y in actions/setup-java#724
• Upgrade @actions/http-client from 2.2.1 to 2.2.3 by @​dependabot in actions/setup-java#728
• Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot in actions/setup-java#727
• Upgrade @types/jest from 29.5.12 to 29.5.14 by @​dependabot in actions/setup-java#729

New Contributors

• @​benwells made their first contribution in actions/setup-java#723

Full Changelog: actions/setup-java@v4...v4.7.0

Commits

• 3a4f6e1 Bump @​types/jest from 29.5.12 to 29.5.14 (#729)
• 25f376e Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#727)
• d4e4b6b Bump @​actions/http-client from 2.2.1 to 2.2.3 (#728)
• 28b532b Create dependabot.yml (#722)
• 51ab6d2 Update cache from 3.2.4 to 4.0.0 (#724)
• 99d3141 Update README.md (#723)
• See full diff in compare view

Updates checkmarx/kics-github-action from 2.1.3 to 2.1.4

Release notes

Sourced from checkmarx/kics-github-action's releases.

v2.1.4

What's Changed

• Update to KICS v2.1.4 by @​cxMiguelSilva in Checkmarx/kics-github-action#123

Full Changelog: Checkmarx/kics-github-action@v2.1.3...v2.1.4

Commits

• 5a6152e Merge pull request #123 from Checkmarx/v2.1.4-updates
• a3a61fd Update Dockerfile
• 0954b0e Update README.md
• See full diff in compare view

Updates trufflesecurity/trufflehog from 3.88.2 to 3.88.4

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.88.4

What's Changed

• Update postman metadata by @​casey-tran in trufflesecurity/trufflehog#3852
• Support exclude regexes, excludewords, and entropy filters for custom detectors by @​zricethezav in trufflesecurity/trufflehog#3860

Full Changelog: trufflesecurity/trufflehog@v3.88.3...v3.88.4

v3.88.3

What's Changed

• [chore] Use static token in GitHub source by @​mcastorina in trufflesecurity/trufflehog#3834
• Update log for large s3 file by @​0x1 in trufflesecurity/trufflehog#3835
• oss-87: added new sanity detector by @​kashifkhan0771 in trufflesecurity/trufflehog#3836
• Support for Customize Endpoint in Gitlab Analyzer by @​abmussani in trufflesecurity/trufflehog#3832
• fixed jirav1 detector email pattern by @​kashifkhan0771 in trufflesecurity/trufflehog#3826
• Actually run unit tests by @​rgmz in trufflesecurity/trufflehog#3773
• Run detector tests from test workflow by @​rgmz in trufflesecurity/trufflehog#3839
• issue:3838 - fixed common email pattern by @​kashifkhan0771 in trufflesecurity/trufflehog#3840
• [Fix] Opsgenie Analyzer Http Client by @​abmussani in trufflesecurity/trufflehog#3841
• [chore] - fix import issue by @​ahrav in trufflesecurity/trufflehog#3842
• [URI] Do not attempt multiple verification attempts if host is non-resolvable by @​rgmz in trufflesecurity/trufflehog#3656
• Remove if len(match) != 2 check in detectors by @​rgmz in trufflesecurity/trufflehog#2746
• Fix Ngrok detector by @​rgmz in trufflesecurity/trufflehog#3844
• fix ngrok test by @​zricethezav in trufflesecurity/trufflehog#3845
• Remove global variable scanning implementation for Postman by @​casey-tran in trufflesecurity/trufflehog#3843
• fixed sentry auth token detector by @​kashifkhan0771 in trufflesecurity/trufflehog#3827
• Fix typo in scope description by @​hxnyk in trufflesecurity/trufflehog#3846
• use first capture group in custom detector regex if available by @​zricethezav in trufflesecurity/trufflehog#3853
• Improve Jenkins error message by @​rosecodym in trufflesecurity/trufflehog#3855
• [Fix] use unrestricted http client only for non-safe requests by @​abmussani in trufflesecurity/trufflehog#3847

New Contributors

• @​casey-tran made their first contribution in trufflesecurity/trufflehog#3843

Full Changelog: trufflesecurity/trufflehog@v3.88.2...v3.88.3

Commits

• 853e1e8 Support exclude regexes, excludewords, and entropy filters for custom detecto...
• 9ecaf07 Update postman metadata (#3852)
• b6b00bb [Fix] use unrestricted http client only for non-safe requests (#3847)
• d509097 update jenkins err message (#3855)
• 7550057 use first capture group in custom detector regex if available (#3853)
• 20a3840 fix typo (#3846)
• 39d2453 fixed sentry auth token detector (#3827)
• 1fc8961 Removed global variable scanning implementationfor Postman (#3843)
• eea7e06 raw (#3845)
• 1a1fe7b fix(ngrok): panic from broken pattern (#3844)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud