chore(deps): bump the actions group across 1 directory with 8 updates (#11)

Bumps the actions group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4.1.1` |
`6.0.2` |
| [github/codeql-action](https://github.com/github/codeql-action) |
`3.27.0` | `4.32.0` |
| [erlef/setup-beam](https://github.com/erlef/setup-beam) | `1.17.5` |
`1.20.4` |
| [actions/github-script](https://github.com/actions/github-script) |
`7.0.1` | `8.0.0` |
| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) |
`0.9.0` | `0.9.1` |
| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) |
`56f84321dbccf38fb67ce29ab63e4754056677e0` |
`f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561` |
|
[trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog)
| `3.92.3` | `3.92.5` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) |
`2.4.0` | `2.4.3` |


Updates `actions/checkout` from 4.1.1 to 6.0.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID
is set by <a
href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2355">actions/checkout#2355</a></li>
<li>Fix tag handling: preserve annotations and explicit fetch-tags by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6.0.1...v6.0.2">https://github.com/actions/checkout/compare/v6.0.1...v6.0.2</a></p>
<h2>v6.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update all references from v5 and v4 to v6 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2314">actions/checkout#2314</a></li>
<li>Add worktree support for persist-credentials includeIf by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li>
<li>Clarify v6 README by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2328">actions/checkout#2328</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6...v6.0.1">https://github.com/actions/checkout/compare/v6...v6.0.1</a></p>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>v6-beta by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li>
<li>update readme/changelog for v6 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p>
<h2>v6-beta</h2>
<h2>What's Changed</h2>
<p>Updated persist-credentials to store the credentials under
<code>$RUNNER_TEMP</code> instead of directly in the local git
config.</p>
<p>This requires a minimum Actions Runner version of <a
href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a>
to access the persisted credentials for <a
href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker
container action</a> scenarios.</p>
<h2>v5.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
<li>Prepare v5.0.0 release by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li>
</ul>
<h2>⚠️ Minimum Compatible Runner Version</h2>
<p><strong>v2.327.1</strong><br />
<a
href="https://github.com/actions/runner/releases/tag/v2.327.1">Release
Notes</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd"><code>de0fac2</code></a>
Fix tag handling: preserve annotations and explicit fetch-tags (<a
href="https://redirect.github.com/actions/checkout/issues/2356">#2356</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49"><code>064fe7f</code></a>
Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is
set (...</li>
<li><a
href="https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8"><code>8e8c483</code></a>
Clarify v6 README (<a
href="https://redirect.github.com/actions/checkout/issues/2328">#2328</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1"><code>033fa0d</code></a>
Add worktree support for persist-credentials includeIf (<a
href="https://redirect.github.com/actions/checkout/issues/2327">#2327</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5"><code>c2d88d3</code></a>
Update all references from v5 and v4 to v6 (<a
href="https://redirect.github.com/actions/checkout/issues/2314">#2314</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"><code>1af3b93</code></a>
update readme/changelog for v6 (<a
href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e"><code>71cf226</code></a>
v6-beta (<a
href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e"><code>069c695</code></a>
Persist creds to a separate file (<a
href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"><code>ff7abcd</code></a>
Update README to include Node.js 24 support details and requirements (<a
href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8"><code>08c6903</code></a>
Prepare v5.0.0 release (<a
href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/checkout/compare/v4.1.1...v6.0.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 3.27.0 to 4.32.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.32.0</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0">2.24.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3425">#3425</a></li>
</ul>
<h2>v4.31.11</h2>
<ul>
<li>When running a Default Setup workflow with <a
href="https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging">Actions
debugging enabled</a>, the CodeQL Action will now use more unique names
when uploading logs from the Dependabot authentication proxy as workflow
artifacts. This ensures that the artifact names do not clash between
multiple jobs in a build matrix. <a
href="https://redirect.github.com/github/codeql-action/pull/3409">#3409</a></li>
<li>Improved error handling throughout the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3415">#3415</a></li>
<li>Added experimental support for automatically excluding <a
href="https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github">generated
files</a> from the analysis. This feature is not currently enabled for
any analysis. In the future, it may be enabled by default for some
GitHub-managed analyses. <a
href="https://redirect.github.com/github/codeql-action/pull/3318">#3318</a></li>
<li>The changelog extracts that are included with releases of the CodeQL
Action are now shorter to avoid duplicated information from appearing in
Dependabot PRs. <a
href="https://redirect.github.com/github/codeql-action/pull/3403">#3403</a></li>
</ul>
<h2>v4.31.10</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.31.10 - 12 Jan 2026</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.9. <a
href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.31.10/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v4.31.9</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.31.9 - 16 Dec 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.31.9/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v4.31.8</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.31.8 - 11 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.8. <a
href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.31.8/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v4.31.7</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.31.7 - 05 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.7. <a
href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.32.0 - 26 Jan 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0">2.24.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3425">#3425</a></li>
</ul>
<h2>4.31.11 - 23 Jan 2026</h2>
<ul>
<li>When running a Default Setup workflow with <a
href="https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging">Actions
debugging enabled</a>, the CodeQL Action will now use more unique names
when uploading logs from the Dependabot authentication proxy as workflow
artifacts. This ensures that the artifact names do not clash between
multiple jobs in a build matrix. <a
href="https://redirect.github.com/github/codeql-action/pull/3409">#3409</a></li>
<li>Improved error handling throughout the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3415">#3415</a></li>
<li>Added experimental support for automatically excluding <a
href="https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github">generated
files</a> from the analysis. This feature is not currently enabled for
any analysis. In the future, it may be enabled by default for some
GitHub-managed analyses. <a
href="https://redirect.github.com/github/codeql-action/pull/3318">#3318</a></li>
<li>The changelog extracts that are included with releases of the CodeQL
Action are now shorter to avoid duplicated information from appearing in
Dependabot PRs. <a
href="https://redirect.github.com/github/codeql-action/pull/3403">#3403</a></li>
</ul>
<h2>4.31.10 - 12 Jan 2026</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.9. <a
href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li>
</ul>
<h2>4.31.9 - 16 Dec 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.8 - 11 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.8. <a
href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li>
</ul>
<h2>4.31.7 - 05 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.7. <a
href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li>
</ul>
<h2>4.31.6 - 01 Dec 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.5 - 24 Nov 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.6. <a
href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li>
</ul>
<h2>4.31.4 - 18 Nov 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.3 - 13 Nov 2025</h2>
<ul>
<li>CodeQL Action v3 will be deprecated in December 2026. The Action now
logs a warning for customers who are running v3 but could be running v4.
For more information, see <a
href="https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/">Upcoming
deprecation of CodeQL Action v3</a>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/b20883b0cd1f46c72ae0ba6d1090936928f9fa30"><code>b20883b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3428">#3428</a>
from github/update-v4.32.0-e3b8227a2</li>
<li><a
href="https://github.com/github/codeql-action/commit/c9aa45dd0f8ba0b0433386779eb4798c2545156b"><code>c9aa45d</code></a>
Update changelog for v4.32.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/e3b8227a28dee88b8eaf5597d892a0cea497e634"><code>e3b8227</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3427">#3427</a>
from github/henrymercer/bump-for-new-minor-series</li>
<li><a
href="https://github.com/github/codeql-action/commit/8a01181ce209b3e3f51c6add1b9e1e744bdf0064"><code>8a01181</code></a>
Compare minor version number</li>
<li><a
href="https://github.com/github/codeql-action/commit/80e142568fc335997bbf78abac097448213bd9ae"><code>80e1425</code></a>
Bump minor version for CLI v2.24.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/b748848f27bc46a97bbb965c606bbc298e760a9a"><code>b748848</code></a>
Bump the Action minor version number on new CodeQL minor version
series</li>
<li><a
href="https://github.com/github/codeql-action/commit/5e767eff5aa6e2b719f353611ff3c363d6225d18"><code>5e767ef</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3425">#3425</a>
from github/update-bundle/codeql-bundle-v2.24.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/975286947045be7e8b204a16b36b1b04b9feef86"><code>9752869</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/c62c214723e7c0cdfb907bede6988df3a0640c7e"><code>c62c214</code></a>
Update default bundle to codeql-bundle-v2.24.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/25a224b8085c21d4d61b7fc051468805fc3ac490"><code>25a224b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3423">#3423</a>
from github/mbg/ci/yq-windows</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/v3.27.0...b20883b0cd1f46c72ae0ba6d1090936928f9fa30">compare
view</a></li>
</ul>
</details>
<br />

Updates `erlef/setup-beam` from 1.17.5 to 1.20.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/erlef/setup-beam/releases">erlef/setup-beam's
releases</a>.</em></p>
<blockquote>
<h2>v1.20.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix: more versioning around <code>nightly</code> and
<code>maint</code>/<code>main</code> by <a
href="https://github.com/paulo-ferraz-oliveira"><code>@​paulo-ferraz-oliveira</code></a>
in <a
href="https://redirect.github.com/erlef/setup-beam/pull/359">erlef/setup-beam#359</a></li>
</ul>
<h2>Dependabot updates</h2>
<ul>
<li>Bump eslint from 9.30.0 to 9.30.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/erlef/setup-beam/pull/362">erlef/setup-beam#362</a></li>
<li>Bump <code>@​eslint/js</code> from 9.30.0 to 9.30.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/erlef/setup-beam/pull/360">erlef/setup-beam#360</a></li>
<li>Bump globals from 16.2.0 to 16.3.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/erlef/setup-beam/pull/361">erlef/setup-beam#361</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/erlef/setup-beam/compare/v1.20.3...v1.20.4">https://github.com/erlef/setup-beam/compare/v1.20.3...v1.20.4</a></p>
<h2>v1.20.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Handle <code>.tool-versions</code>' line break on Windows by <a
href="https://github.com/paulo-ferraz-oliveira"><code>@​paulo-ferraz-oliveira</code></a>
in <a
href="https://redirect.github.com/erlef/setup-beam/pull/357">erlef/setup-beam#357</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/erlef/setup-beam/compare/v1.20...v1.20.3">https://github.com/erlef/setup-beam/compare/v1.20...v1.20.3</a></p>
<h2>v1.20.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Test for updated doc. on <code>latest</code> / ranges /
<code>-rc</code> by <a
href="https://github.com/paulo-ferraz-oliveira"><code>@​paulo-ferraz-oliveira</code></a>
in <a
href="https://redirect.github.com/erlef/setup-beam/pull/349">erlef/setup-beam#349</a></li>
<li>Bump eslint from 9.29.0 to 9.30.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/erlef/setup-beam/pull/354">erlef/setup-beam#354</a></li>
<li>Bump prettier from 3.6.0 to 3.6.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/erlef/setup-beam/pull/353">erlef/setup-beam#353</a></li>
<li>Bump <code>@​eslint/js</code> from 9.29.0 to 9.30.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/erlef/setup-beam/pull/352">erlef/setup-beam#352</a></li>
<li>Fix calculating <code>-otp-</code> major for Elixir by <a
href="https://github.com/paulo-ferraz-oliveira"><code>@​paulo-ferraz-oliveira</code></a>
in <a
href="https://redirect.github.com/erlef/setup-beam/pull/351">erlef/setup-beam#351</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/erlef/setup-beam/compare/v1.20...v1.20.2">https://github.com/erlef/setup-beam/compare/v1.20...v1.20.2</a></p>
<h2>v1.20.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Add back deprecated runners with warning by <a
href="https://github.com/paulo-ferraz-oliveira"><code>@​paulo-ferraz-oliveira</code></a>
in <a
href="https://redirect.github.com/erlef/setup-beam/pull/348">erlef/setup-beam#348</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/erlef/setup-beam/compare/v1...v1.20.1">https://github.com/erlef/setup-beam/compare/v1...v1.20.1</a></p>
<h2>v1.20.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix broken link in <code>CODE_OF_CONDUCT.md</code> by <a
href="https://github.com/vkatsuba"><code>@​vkatsuba</code></a> in <a
href="https://redirect.github.com/erlef/setup-beam/pull/335">erlef/setup-beam#335</a></li>
<li>Improve output when failing to get a version from &quot;a
place&quot; by <a
href="https://github.com/paulo-ferraz-oliveira"><code>@​paulo-ferraz-oliveira</code></a>
in <a
href="https://redirect.github.com/erlef/setup-beam/pull/334">erlef/setup-beam#334</a></li>
<li>Support macOS via <a
href="https://github.com/erlef/otp_builds">https://github.com/erlef/otp_builds</a>
by <a
href="https://github.com/paulo-ferraz-oliveira"><code>@​paulo-ferraz-oliveira</code></a>
in <a
href="https://redirect.github.com/erlef/setup-beam/pull/332">erlef/setup-beam#332</a></li>
<li>Minor maintenance updates by <a
href="https://github.com/paulo-ferraz-oliveira"><code>@​paulo-ferraz-oliveira</code></a>
in <a
href="https://redirect.github.com/erlef/setup-beam/pull/336">erlef/setup-beam#336</a></li>
<li>Update 3rd party licenses (automation) by <a
href="https://github.com/github-actions"><code>@​github-actions</code></a>
in <a
href="https://redirect.github.com/erlef/setup-beam/pull/337">erlef/setup-beam#337</a></li>
<li>Act on CodeQL's suggestions for tightening security / improving
performance by <a
href="https://github.com/paulo-ferraz-oliveira"><code>@​paulo-ferraz-oliveira</code></a>
in <a
href="https://redirect.github.com/erlef/setup-beam/pull/338">erlef/setup-beam#338</a></li>
<li>Dependabot version updates by <a
href="https://github.com/paulo-ferraz-oliveira"><code>@​paulo-ferraz-oliveira</code></a>
in <a
href="https://redirect.github.com/erlef/setup-beam/pull/340">erlef/setup-beam#340</a></li>
<li>Match only on what we know should match (versions start with
numbers, after OTP-) by <a
href="https://github.com/paulo-ferraz-oliveira"><code>@​paulo-ferraz-oliveira</code></a>
in <a
href="https://redirect.github.com/erlef/setup-beam/pull/341">erlef/setup-beam#341</a></li>
</ul>
<h3><a
href="https://github.com/dependabot"><code>@​dependabot</code></a></h3>
<ul>
<li>Bump eslint from 9.27.0 to 9.28.0 in <a
href="https://redirect.github.com/erlef/setup-beam/pull/343">erlef/setup-beam#343</a></li>
<li>Bump <code>@​eslint/js</code> from 9.27.0 to 9.28.0 in <a
href="https://redirect.github.com/erlef/setup-beam/pull/342">erlef/setup-beam#342</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/erlef/setup-beam/commit/e6d7c94229049569db56a7ad5a540c051a010af9"><code>e6d7c94</code></a>
Automation: update setup-beam version output to fceaea9</li>
<li><a
href="https://github.com/erlef/setup-beam/commit/fceaea9f54d3e1728dcde37c9a0915bb4cfffeae"><code>fceaea9</code></a>
Fix: more versioning around <code>nightly</code> and
<code>maint</code>/<code>main</code> (<a
href="https://redirect.github.com/erlef/setup-beam/issues/359">#359</a>)</li>
<li><a
href="https://github.com/erlef/setup-beam/commit/2bb5b653d0dc50a139d649c97f117eb9afe7a2be"><code>2bb5b65</code></a>
Automation: update setup-beam version output to 1d4efdd</li>
<li><a
href="https://github.com/erlef/setup-beam/commit/1d4efdd2e925d87a724996fcb24daf76e8a6e79f"><code>1d4efdd</code></a>
Bump globals from 16.2.0 to 16.3.0 (<a
href="https://redirect.github.com/erlef/setup-beam/issues/361">#361</a>)</li>
<li><a
href="https://github.com/erlef/setup-beam/commit/73f047e3287cd08b822367defd635d37a0da60d3"><code>73f047e</code></a>
Automation: update setup-beam version output to 6dd8a1a</li>
<li><a
href="https://github.com/erlef/setup-beam/commit/6dd8a1a852cab582718c385599c7cb9c22f5d5af"><code>6dd8a1a</code></a>
Bump <code>@​eslint/js</code> from 9.30.0 to 9.30.1 (<a
href="https://redirect.github.com/erlef/setup-beam/issues/360">#360</a>)</li>
<li><a
href="https://github.com/erlef/setup-beam/commit/fd9a2e183fe60ca9731ee821a94a6a878cf63cb5"><code>fd9a2e1</code></a>
Automation: update setup-beam version output to 65085e3</li>
<li><a
href="https://github.com/erlef/setup-beam/commit/65085e37bcd79d7f8065964f111366eabf6f5be0"><code>65085e3</code></a>
Bump eslint from 9.30.0 to 9.30.1 (<a
href="https://redirect.github.com/erlef/setup-beam/issues/362">#362</a>)</li>
<li><a
href="https://github.com/erlef/setup-beam/commit/80c16595164d4aee66fe8c2a6beca905a73d0381"><code>80c1659</code></a>
Automation: update setup-beam version output to 8e7fdef</li>
<li><a
href="https://github.com/erlef/setup-beam/commit/8e7fdef09ffa3ea54328b5000c170a3b9b20ca96"><code>8e7fdef</code></a>
Automation: update setup-beam version output to 1fe9179</li>
<li>Additional commits viewable in <a
href="https://github.com/erlef/setup-beam/compare/2f0cc07b4b9bea248ae098aba9e1a8a1de5ec24c...e6d7c94229049569db56a7ad5a540c051a010af9">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/github-script` from 7.0.1 to 8.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v8.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update Node.js version support to 24.x by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/637">actions/github-script#637</a></li>
<li>README for updating actions/github-script from v7 to v8 by <a
href="https://github.com/sneha-krip"><code>@​sneha-krip</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/653">actions/github-script#653</a></li>
</ul>
<h2>⚠️ Minimum Compatible Runner Version</h2>
<p><strong>v2.327.1</strong><br />
<a
href="https://github.com/actions/runner/releases/tag/v2.327.1">Release
Notes</a></p>
<p>Make sure your runner is updated to this version or newer to use this
release.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/637">actions/github-script#637</a></li>
<li><a
href="https://github.com/sneha-krip"><code>@​sneha-krip</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/653">actions/github-script#653</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v7.1.0...v8.0.0">https://github.com/actions/github-script/compare/v7.1.0...v8.0.0</a></p>
<h2>v7.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Upgrade husky to v9 by <a
href="https://github.com/benelan"><code>@​benelan</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/482">actions/github-script#482</a></li>
<li>Add workflow file for publishing releases to immutable action
package by <a
href="https://github.com/Jcambass"><code>@​Jcambass</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/485">actions/github-script#485</a></li>
<li>Upgrade IA Publish by <a
href="https://github.com/Jcambass"><code>@​Jcambass</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/486">actions/github-script#486</a></li>
<li>Fix workflow status badges by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/497">actions/github-script#497</a></li>
<li>Update usage of <code>actions/upload-artifact</code> by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/512">actions/github-script#512</a></li>
<li>Clear up package name confusion by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/514">actions/github-script#514</a></li>
<li>Update dependencies with <code>npm audit fix</code> by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/515">actions/github-script#515</a></li>
<li>Specify that the used script is JavaScript by <a
href="https://github.com/timotk"><code>@​timotk</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/478">actions/github-script#478</a></li>
<li>chore: Add Dependabot for NPM and Actions by <a
href="https://github.com/nschonni"><code>@​nschonni</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/472">actions/github-script#472</a></li>
<li>Define <code>permissions</code> in workflows and update actions by
<a href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in
<a
href="https://redirect.github.com/actions/github-script/pull/531">actions/github-script#531</a></li>
<li>chore: Add Dependabot for .github/actions/install-dependencies by <a
href="https://github.com/nschonni"><code>@​nschonni</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/532">actions/github-script#532</a></li>
<li>chore: Remove .vscode settings by <a
href="https://github.com/nschonni"><code>@​nschonni</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/533">actions/github-script#533</a></li>
<li>ci: Use github/setup-licensed by <a
href="https://github.com/nschonni"><code>@​nschonni</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/473">actions/github-script#473</a></li>
<li>make octokit instance available as octokit on top of github, to make
it easier to seamlessly copy examples from GitHub rest api or octokit
documentations by <a
href="https://github.com/iamstarkov"><code>@​iamstarkov</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/508">actions/github-script#508</a></li>
<li>Remove <code>octokit</code> README updates for v7 by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/557">actions/github-script#557</a></li>
<li>docs: add &quot;exec&quot; usage examples by <a
href="https://github.com/neilime"><code>@​neilime</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/546">actions/github-script#546</a></li>
<li>Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/github-script/pull/563">actions/github-script#563</a></li>
<li>Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/github-script/pull/575">actions/github-script#575</a></li>
<li>Clearly document passing inputs to the <code>script</code> by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/603">actions/github-script#603</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/610">actions/github-script#610</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/benelan"><code>@​benelan</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/482">actions/github-script#482</a></li>
<li><a href="https://github.com/Jcambass"><code>@​Jcambass</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/485">actions/github-script#485</a></li>
<li><a href="https://github.com/timotk"><code>@​timotk</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/478">actions/github-script#478</a></li>
<li><a
href="https://github.com/iamstarkov"><code>@​iamstarkov</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/508">actions/github-script#508</a></li>
<li><a href="https://github.com/neilime"><code>@​neilime</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/546">actions/github-script#546</a></li>
<li><a href="https://github.com/nebuk89"><code>@​nebuk89</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/610">actions/github-script#610</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v7...v7.1.0">https://github.com/actions/github-script/compare/v7...v7.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd"><code>ed59741</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/github-script/issues/653">#653</a>
from actions/sneha-krip/readme-for-v8</li>
<li><a
href="https://github.com/actions/github-script/commit/2dc352e4baefd91bec0d06f6ae2f1045d1687ca3"><code>2dc352e</code></a>
Bold minimum Actions Runner version in README</li>
<li><a
href="https://github.com/actions/github-script/commit/01e118c8d0d22115597e46514b5794e7bc3d56f1"><code>01e118c</code></a>
Update README for Node 24 runtime requirements</li>
<li><a
href="https://github.com/actions/github-script/commit/8b222ac82eda86dcad7795c9d49b839f7bf5b18b"><code>8b222ac</code></a>
Apply suggestion from <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a></li>
<li><a
href="https://github.com/actions/github-script/commit/adc0eeac992408a7b276994ca87edde1c8ce4d25"><code>adc0eea</code></a>
README for updating actions/github-script from v7 to v8</li>
<li><a
href="https://github.com/actions/github-script/commit/20fe497b3fe0c7be8aae5c9df711ac716dc9c425"><code>20fe497</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/github-script/issues/637">#637</a>
from actions/node24</li>
<li><a
href="https://github.com/actions/github-script/commit/e7b7f222b11a03e8b695c4c7afba89a02ea20164"><code>e7b7f22</code></a>
update licenses</li>
<li><a
href="https://github.com/actions/github-script/commit/2c81ba05f308415d095291e6eeffe983d822345b"><code>2c81ba0</code></a>
Update Node.js version support to 24.x</li>
<li><a
href="https://github.com/actions/github-script/commit/f28e40c7f34bde8b3046d885e986cb6290c5673b"><code>f28e40c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/github-script/issues/610">#610</a>
from actions/nebuk89-patch-1</li>
<li><a
href="https://github.com/actions/github-script/commit/1ae9958572fde544457e4d51aed5ea044e8936f3"><code>1ae9958</code></a>
Update README.md</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/github-script/compare/60a0d83039c74a4aee543508d2ffcb1c3799cdea...ed597411d8f924073f98dfc5c65a23a2325f34cd">compare
view</a></li>
</ul>
</details>
<br />

Updates `webfactory/ssh-agent` from 0.9.0 to 0.9.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/webfactory/ssh-agent/releases">webfactory/ssh-agent's
releases</a>.</em></p>
<blockquote>
<h2>v0.9.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Acknowledge custom command inputs in cleanup.js by <a
href="https://github.com/janopae"><code>@​janopae</code></a> in <a
href="https://redirect.github.com/webfactory/ssh-agent/pull/235">webfactory/ssh-agent#235</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/janopae"><code>@​janopae</code></a> made
their first contribution in <a
href="https://redirect.github.com/webfactory/ssh-agent/pull/235">webfactory/ssh-agent#235</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1">https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md">webfactory/ssh-agent's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>,
and this project adheres to <a
href="https://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2>[Unreleased]</h2>
<h2>v0.9.1 [2024-03-17]</h2>
<h3>Fixed</h3>
<ul>
<li>Fix path used to execute ssh-agent in cleanup.js to respect custom
paths set by input (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/235">#235</a>)</li>
</ul>
<h2>v0.9.0 [2024-02-06]</h2>
<h3>Changed</h3>
<ul>
<li>Update all versions of <code>actions/checkout</code> to v4 (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/199">#199</a>)</li>
<li>Update to Node 20 (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/201">#201</a>)</li>
</ul>
<h2>v0.8.0 [2023-03-24]</h2>
<h3>Changed</h3>
<ul>
<li>No longer writing GitHub's SSH host keys to <code>known_hosts</code>
(<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/171">#171</a>)</li>
<li>Update to actions/checkout@v3 (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/143">#143</a>)</li>
<li>Allow the user to override the commands for git, ssh-agent, and
ssh-add (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/154">#154</a>)</li>
</ul>
<h2>v0.7.0 [2022-10-19]</h2>
<h3>Added</h3>
<ul>
<li>Add the <code>log-public-key</code> input that can be used to turn
off logging key identities (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/122">#122</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix path to <code>git</code> binary on Windows, assuming
GitHub-hosted runners (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/136">#136</a>,
<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/137">#137</a>)</li>
<li>Fix a nonsensical log message (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/139">#139</a>)</li>
</ul>
<h2>v0.6.0 [2022-10-19]</h2>
<h3>Changed</h3>
<ul>
<li>Update the version of Node used by the action from 12 to 16 (<a
href="https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/">https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/</a>).</li>
</ul>
<h2>v0.5.4 [2021-11-21]</h2>
<h3>Fixed</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd"><code>a6f90b1</code></a>
Release v0.9.1</li>
<li><a
href="https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e"><code>72c0bfd</code></a>
Improve documentation on why we use os.userInfo()</li>
<li><a
href="https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4"><code>e3f1a8e</code></a>
Acknowledge custom command inputs in cleanup.js (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/235">#235</a>)</li>
<li><a
href="https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7"><code>b504c19</code></a>
Update CHANGELOG.md</li>
<li>See full diff in <a
href="https://github.com/webfactory/ssh-agent/compare/dc588b651fe13675774614f8e6a936a468676387...a6f90b1f127823b31d4d4a8d96047790581349bd">compare
view</a></li>
</ul>
</details>
<br />

Updates `dtolnay/rust-toolchain` from
56f84321dbccf38fb67ce29ab63e4754056677e0 to
f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dtolnay/rust-toolchain/commit/f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561"><code>f7ccc83</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/rust-toolchain/issues/177">#177</a>
from dtolnay/permitcopyrename</li>
<li><a
href="https://github.com/dtolnay/rust-toolchain/commit/1c0547fbe5b79d7fc4a011e87ef4ac71cf485093"><code>1c0547f</code></a>
Permit cross-device copy</li>
<li><a
href="https://github.com/dtolnay/rust-toolchain/commit/0b1efabc08b657293548b77fb76cc02d26091c7e"><code>0b1efab</code></a>
Update actions/checkout@v5 -&gt; v6</li>
<li><a
href="https://github.com/dtolnay/rust-toolchain/commit/0f44b27771c32bda9f458f75a1e241b09791b331"><code>0f44b27</code></a>
Add 1.91.1 patch release</li>
<li><a
href="https://github.com/dtolnay/rust-toolchain/commit/6d653acede28d24f02e3cd41383119e8b1b35921"><code>6d653ac</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/rust-toolchain/issues/171">#171</a>
from dtolnay/up</li>
<li><a
href="https://github.com/dtolnay/rust-toolchain/commit/30dc51db75d080812bc4a28ba3f342840b2e7dd7"><code>30dc51d</code></a>
Update Linux arm64 runner to Ubuntu 24.04</li>
<li><a
href="https://github.com/dtolnay/rust-toolchain/commit/e97e2d8cc328f1b50210efc529dca0028893a2d9"><code>e97e2d8</code></a>
Update actions/checkout@v4 -&gt; v5</li>
<li><a
href="https://github.com/dtolnay/rust-toolchain/commit/3bd6ba104ce24f1366deac4a721798ad4b2fc2e8"><code>3bd6ba1</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/rust-toolchain/issues/168">#168</a>
from dtolnay/sed</li>
<li><a
href="https://github.com/dtolnay/rust-toolchain/commit/0185c0604231e18106b0f6fc3bdf12e3388029e7"><code>0185c06</code></a>
Fix update-revs.sh to recognize only the intended <code>required:
true</code></li>
<li><a
href="https://github.com/dtolnay/rust-toolchain/commit/350b8170d67565ecb255cb735a9c516a4106d651"><code>350b817</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/rust-toolchain/issues/166">#166</a>
from dtolnay/fix1</li>
<li>Additional commits viewable in <a
href="https://github.com/dtolnay/rust-toolchain/compare/56f84321dbccf38fb67ce29ab63e4754056677e0...f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561">compare
view</a></li>
</ul>
</details>
<br />

Updates `trufflesecurity/trufflehog` from 3.92.3 to 3.92.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/trufflesecurity/trufflehog/releases">trufflesecurity/trufflehog's
releases</a>.</em></p>
<blockquote>
<h2>v3.92.5</h2>
<h2>What's Changed</h2>
<ul>
<li>[INS-206] Store Gitlab Project ID in secret location metadata by <a
href="https://github.com/mustansir14"><code>@​mustansir14</code></a> in
<a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4601">trufflesecurity/trufflehog#4601</a></li>
<li>[INS-242] Add more validations to Custom Detector config by <a
href="https://github.com/mustansir14"><code>@​mustansir14</code></a> in
<a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4642">trufflesecurity/trufflehog#4642</a></li>
<li>Fix syslog test failing due to hardcoded timestamp by <a
href="https://github.com/MuneebUllahKhan222"><code>@​MuneebUllahKhan222</code></a>
in <a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4646">trufflesecurity/trufflehog#4646</a></li>
<li>[INS-120] Increase code coverage for Postman's source scanItem
function by <a
href="https://github.com/MuneebUllahKhan222"><code>@​MuneebUllahKhan222</code></a>
in <a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4648">trufflesecurity/trufflehog#4648</a></li>
<li>[INS-232] Fix S3 Source &quot;panic: runtime error: index out of
range&quot; bug by <a
href="https://github.com/mustansir14"><code>@​mustansir14</code></a> in
<a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4610">trufflesecurity/trufflehog#4610</a></li>
<li>[INS-170] Unify JDBC URL Parsing Across Detector and Analyzer
(Continued) by <a
href="https://github.com/mustansir14"><code>@​mustansir14</code></a> in
<a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4606">trufflesecurity/trufflehog#4606</a></li>
<li>Add exponential backoff retry logic in Twilio detector by <a
href="https://github.com/shahzadhaider1"><code>@​shahzadhaider1</code></a>
in <a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4652">trufflesecurity/trufflehog#4652</a></li>
<li>Fix typo in help description for Postman API metric by <a
href="https://github.com/shahzadhaider1"><code>@​shahzadhaider1</code></a>
in <a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4656">trufflesecurity/trufflehog#4656</a></li>
<li>Rework JWT detector to better block local IPs by <a
href="https://github.com/bradlarsen"><code>@​bradlarsen</code></a> in <a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4607">trufflesecurity/trufflehog#4607</a></li>
<li>Gitlab Source: Backoff from Scan2 which is experimental to legacy
pagination API call by <a
href="https://github.com/kashifkhan0771"><code>@​kashifkhan0771</code></a>
in <a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4608">trufflesecurity/trufflehog#4608</a></li>
<li>fix: git commit date parsing for non-English locales by <a
href="https://github.com/GLEF1X"><code>@​GLEF1X</code></a> in <a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4653">trufflesecurity/trufflehog#4653</a></li>
<li>fix: report accurate line numbers for chunked file scanning (<a
href="https://redirect.github.com/trufflesecurity/trufflehog/issues/1876">#1876</a>)
by <a href="https://github.com/GLEF1X"><code>@​GLEF1X</code></a> in <a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4615">trufflesecurity/trufflehog#4615</a></li>
<li>Add Postman API monthly request limit metric by <a
href="https://github.com/shahzadhaider1"><code>@​shahzadhaider1</code></a>
in <a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4667">trufflesecurity/trufflehog#4667</a></li>
<li>[INS-243] Fix jdbc detector detecting incomplete connection string
and fixed invalid… by <a
href="https://github.com/MuneebUllahKhan222"><code>@​MuneebUllahKhan222</code></a>
in <a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4636">trufflesecurity/trufflehog#4636</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/GLEF1X"><code>@​GLEF1X</code></a> made
their first contribution in <a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4653">trufflesecurity/trufflehog#4653</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/trufflesecurity/trufflehog/compare/v3.92.4...v3.92.5">https://github.com/trufflesecurity/trufflehog/compare/v3.92.4...v3.92.5</a></p>
<h2>v3.92.4</h2>
<h2>What's Changed</h2>
<ul>
<li>[INS-170] Unify JDBC URL parsing across detectors and analyzers by
<a href="https://github.com/mustansir14"><code>@​mustansir14</code></a>
in <a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4574">trufflesecurity/trufflehog#4574</a></li>
<li>Pagination and Rate-Limit Handling In Docker Registry Namespace API
Calls by <a
href="https://github.com/nabeelalam"><code>@​nabeelalam</code></a> in <a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4557">trufflesecurity/trufflehog#4557</a></li>
<li>[INS-226] Use pinned image for Quay registry Integration test by <a
href="https://github.com/mustansir14"><code>@​mustansir14</code></a> in
<a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4602">trufflesecurity/trufflehog#4602</a></li>
<li>Update module golang.org/x/crypto to v0.45.0 [SECURITY] by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4562">trufflesecurity/trufflehog#4562</a></li>
<li>[INS-207] Add Role-Aware Resumption Support for Legacy S3 Scan by <a
href="https://github.com/MuneebUllahKhan222"><code>@​MuneebUllahKhan222</code></a>
in <a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4600">trufflesecurity/trufflehog#4600</a></li>
<li>Enable line numbers for GitHub Real-time by <a
href="https://github.com/rosecodym"><code>@​rosecodym</code></a> in <a
href="https://redirect.github.com/trufflesecurity/trufflehog/pull/4611">trufflesecurity/trufflehog#4611</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/trufflesecurity/trufflehog/compare/v3.92.3...v3.92.4">https://github.com/trufflesecurity/trufflehog/compare/v3.92.3...v3.92.4</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/trufflesecurity/trufflehog/commit/116e7171542d2f1dad8810f00dcfacbe0b809183"><code>116e717</code></a>
[INS-243] Fix jdbc detector detecting incomplete connection string and
fixed ...</li>
<li><a
href="https://github.com/trufflesecurity/trufflehog/commit/b924c0bfbe821e54144a6172e4d4c0eb996c4cb5"><code>b924c0b</code></a>
added monthly requests limit to postman api request metrics collection
(<a
href="https://redirect.github.com/trufflesecurity/trufflehog/issues/4667">#4667</a>)</li>
<li><a
href="https://github.com/trufflesecurity/trufflehog/commit/f3eff52825b46da019dc3f68d7c3efb0d12fbd25"><code>f3eff52</code></a>
fix: report accurate line numbers for chunked file scanning (<a
href="https://redirect.github.com/trufflesecurity/trufflehog/issues/1876">#1876</a>)
(<a
href="https://redirect.github.com/trufflesecurity/trufflehog/issues/4615">#4615</a>)</li>
<li><a
href="https://github.com/trufflesecurity/trufflehog/commit/6a0bc788d2cadadc82df0a0d462c2c074f203790"><code>6a0bc78</code></a>
fix(git): use <code>--iso-strict</code> git arg to prevent locale issue
(<a
href="https://redirect.github.com/trufflesecurity/trufflehog/issues/4653">#4653</a>)</li>
<li><a
href="https://github.com/trufflesecurity/trufflehog/commit/fc3f35cedd93016c9458ef836c1b31f13d494fd7"><code>fc3f35c</code></a>
Gitlab Source: Backoff from Scan2 which is experimental to legacy
pagination ...</li>
<li><a
href="https://github.com/trufflesecurity/trufflehog/commit/728d71fbb3a928e64f29ee19c823aa679b33b028"><code>728d71f</code></a>
Rework JWT detector to better block local IPs; add HTTP instrumentation
(<a
href="https://redirect.github.com/trufflesecurity/trufflehog/issues/4607">#4607</a>)</li>
<li><a
href="https://github.com/trufflesecurity/trufflehog/commit/89cc34b8c42a503813ec4c15042900cf1bee0f2d"><code>89cc34b</code></a>
Fix typo in help description for Postman API metric (<a
href="https://redirect.github.com/trufflesecurity/trufflehog/issues/4656">#4656</a>)</li>
<li><a
href="https://github.com/trufflesecurity/trufflehog/commit/69045956f12223eecaffbae2d9c59468893dad9c"><code>6904595</code></a>
detectors/twilio: add exponential backoff retry logic (<a
href="https://redirect.github.com/trufflesecurity/trufflehog/issues/4652">#4652</a>)</li>
<li><a
href="https://github.com/trufflesecurity/trufflehog/commit/4e02afb0159d0de9be6ceaa2064177f1b16f5033"><code>4e02afb</code></a>
[INS-170] Unify JDBC URL Parsing Across Detector and Analyzer
(Continued) (<a
href="https://redirect.github.com/trufflesecurity/trufflehog/issues/4">#4</a>...</li>
<li><a
href="https://github.com/trufflesecurity/trufflehog/commit/964eab023ff111a9e4278296a5c4dc2ff083d61e"><code>964eab0</code></a>
[INS-232] Fix S3 Source &quot;panic: runtime error: index out of
range&quot; bug (<a
href="https://redirect.github.com/trufflesecurity/trufflehog/issues/4610">#4610</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/trufflesecurity/trufflehog/compare/v3.92.3...116e7171542d2f1dad8810f00dcfacbe0b809183">compare
view</a></li>
</ul>
</details>
<br />

Updates `ossf/scorecard-action` from 2.4.0 to 2.4.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.3</h2>
<h2>What's Changed</h2>
<p>This update bumps the Scorecard version to the v5.3.0 release. For a
complete list of changes, please refer to the <a
href="https://github.com/ossf/scorecard/releases/tag/v5.3.0">Scorecard
v5.3.0 release notes</a>.</p>
<h2>Documentation</h2>
<ul>
<li>docs: clarify <code>GITHUB_TOKEN</code> permissions needed for
private repos by <a
href="https://github.com/pankajtaneja5"><code>@​pankajtaneja5</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1574">ossf/scorecard-action#1574</a></li>
<li>:book: Fix recommended command to test the image in development by
<a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1583">ossf/scorecard-action#1583</a></li>
</ul>
<h2>Other</h2>
<ul>
<li>add missing top-level token permissions to workflows by <a
href="https://github.com/timothyklee"><code>@​timothyklee</code></a> in
<a
href="https://redirect.github.com/ossf/scorecard-action/pull/1566">ossf/scorecard-action#1566</a></li>
<li>setup codeowners for requesting reviews by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1576">ossf/scorecard-action#1576</a></li>
<li>:seedling: Improve printing options by <a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1584">ossf/scorecard-action#1584</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/timothyklee"><code>@​timothyklee</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1566">ossf/scorecard-action#1566</a></li>
<li><a
href="https://github.com/pankajtaneja5"><code>@​pankajtaneja5</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1574">ossf/scorecard-action#1574</a></li>
<li><a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1584">ossf/scorecard-action#1584</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3">https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3</a></p>
<h2>v2.4.2</h2>
<h2>What's Changed</h2>
<p>This update bumps the Scorecard version to the v5.2.1 release. For a
complete list of changes, please refer to the Scorecard <a
href="https://github.com/ossf/scorecard/releases/tag/v5.2.0">v5.2.0</a>
and <a
href="https://github.com/ossf/scorecard/releases/tag/v5.2.1">v5.2.1</a>
release notes.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2">https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2</a></p>
<h2>v2.4.1</h2>
<h2>What's Changed</h2>
<ul>
<li>This update bumps the Scorecard version to the v5.1.1 release. For a
complete list of changes, please refer to the <a
href="https://github.com/ossf/scorecard/releases/tag/v5.1.0">v5.1.0</a>
and <a
href="https://github.com/ossf/scorecard/releases/tag/v5.1.1">v5.1.1</a>
release notes.</li>
<li>Publishing results now uses half the API quota as before. The exact
savings depends on the repository in question.
<ul>
<li>use Scorecard library entrypoint instead of Cobra hooking by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1423">ossf/scorecard-action#1423</a></li>
</ul>
</li>
<li>Some errors were made into annotations to make them more visible
<ul>
<li>Make default branch error more prominent by <a
href="https://github.com/jsoref"><code>@​jsoref</code></a> in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1459">ossf/scorecard-action#1459</a></li>
</ul>
</li>
<li>There is now an optional <code>file_mode</code> input which controls
how repository files are fetched from GitHub. The default is
<code>archive</code>, but <code>git</code> produces the most accurate
results for repositories with <code>.gitattributes</code> files at the
cost of analysis speed.
<ul>
<li>add input for specifying <code>--file-mode</code> by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1509">ossf/scorecard-action#1509</a></li>
</ul>
</li>
<li>The underlying container for the action is now <a
href="https://github.com/ossf/scorecard-action/pkgs/container/scorecard-action">hosted
on GitHub Container Registry</a>. There should be no functional changes.
<ul>
<li>:seedling: publish docker images to GitHub Container Registry by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1453">ossf/scorecard-action#1453</a></li>
</ul>
</li>
</ul>
<h3>Docs</h3>
<ul>
<li>Installation docs update by <a
href="https://github.com/JeremiahAHoward"><code>@​JeremiahAHoward</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1416">ossf/scorecard-action#1416</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/JeremiahAHoward"><code>@​JeremiahAHoward</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1416">ossf/scorecard-action#1416</a></li>
<li><a href="https://github.com/jsoref"><code>@​jsoref</code></a> made
their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1459">ossf/scorecard-action#1459</a>
<strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1">https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ossf/scorecard-action/commit/4eaacf0543bb3f2c246792bd56e8cdeffafb205a"><code>4eaacf0</code></a>
bump docker to ghcr v2.4.3 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1587">#1587</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/42e3a017b9617c5bbc5f1c692cdbc2cd041bd97a"><code>42e3a01</code></a>
:seedling: Bump the github-actions group with 3 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1585">#1585</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/88c07acb7bc818897f9ea58eba9d81c53b322f15"><code>88c07ac</code></a>
:seedling: Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1579">#1579</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/6c690f2f38ab31402da4e3f8d698c15405764128"><code>6c690f2</code></a>
Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1586">#1586</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/92083b52695004080225eb9301fde390183707cd"><code>92083b5</code></a>
:book: Fix recommended command to test the image in development (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1583">#1583</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/7975ea6064717f16f09a57ad5f8e24017ad4dbd9"><code>7975ea6</code></a>
:seedling: Bump the docker-images group across 1 directory with 2
updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1">#1</a>...</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/0d1a74394f208e63c946c1b5377d3ad15f0265bf"><code>0d1a743</code></a>
:seedling: Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1575">#1575</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/46e6e0c0ac415287a696b2be6d98071134fd27a7"><code>46e6e0c</code></a>
:seedling: Bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1580">#1580</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/c3f13501596645d3bd6fee6b843bd36b66df4f5d"><code>c3f1350</code></a>
:seedling: Improve printing options (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1584">#1584</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/43e475b79a8bd5217334edc08879005b2229d79a"><code>43e475b</code></a>
:seedling: Bump golang.org/x/net from 0.42.0 to 0.44.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1578">#1578</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ossf/scorecard-action/compare/62b2cac7ed8198b15735ed49ab1e5cf35480ba46...4eaacf0543bb3f2c246792bd56e8cdeffafb205a">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

.github/workflows/codeql.yml

@@ -26,15 +26,15 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.28.1
+        uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v3.28.1
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.28.1
+        uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v3.28.1
         with:
           category: "/language:${{ matrix.language }}"

.github/workflows/guix-nix-policy.yml

@@ -10,7 +10,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Enforce Guix primary / Nix fallback
         run: |
           # Check for package manager files

.github/workflows/hypatia-scan.yml

@@ -20,12 +20,12 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
         with:
           fetch-depth: 0  # Full history for better pattern analysis
 
       - name: Setup Elixir for Hypatia scanner
-        uses: erlef/setup-beam@2f0cc07b4b9bea248ae098aba9e1a8a1de5ec24c # v1.18.2
+        uses: erlef/setup-beam@e6d7c94229049569db56a7ad5a540c051a010af9 # v1.18.2
         with:
           elixir-version: '1.19.4'
           otp-version: '28.3'
@@ -146,7 +146,7 @@ jobs:
 
       - name: Comment on PR with findings
         if: github.event_name == 'pull_request' && steps.scan.outputs.findings_count > 0
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v7
         with:
           script: |
             const fs = require('fs');

.github/workflows/jekyll-gh-pages.yml

@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.2
       - name: Setup Pages
         uses: actions/configure-pages@v5
       - name: Build with Jekyll

.github/workflows/mirror.yml

@@ -14,11 +14,11 @@ jobs:
     runs-on: ubuntu-latest
     if: vars.GITLAB_MIRROR_ENABLED == 'true'
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
         with:
           fetch-depth: 0
 
-      - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
+      - uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
         with:
           ssh-private-key: ${{ secrets.GITLAB_SSH_KEY }}
 
@@ -32,11 +32,11 @@ jobs:
     runs-on: ubuntu-latest
     if: vars.BITBUCKET_MIRROR_ENABLED == 'true'
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
         with:
           fetch-depth: 0
 
-      - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
+      - uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
         with:
           ssh-private-key: ${{ secrets.BITBUCKET_SSH_KEY }}
 
@@ -50,11 +50,11 @@ jobs:
     runs-on: ubuntu-latest
     if: vars.CODEBERG_MIRROR_ENABLED == 'true'
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
         with:
           fetch-depth: 0
 
-      - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
+      - uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
         with:
           ssh-private-key: ${{ secrets.CODEBERG_SSH_KEY }}
 
@@ -68,11 +68,11 @@ jobs:
     runs-on: ubuntu-latest
     if: vars.SOURCEHUT_MIRROR_ENABLED == 'true'
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
         with:
           fetch-depth: 0
 
-      - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
+      - uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
         with:
           ssh-private-key: ${{ secrets.SOURCEHUT_SSH_KEY }}
 
@@ -86,11 +86,11 @@ jobs:
     runs-on: ubuntu-latest
     if: vars.DISROOT_MIRROR_ENABLED == 'true'
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
         with:
           fetch-depth: 0
 
-      - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
+      - uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
         with:
           ssh-private-key: ${{ secrets.DISROOT_SSH_KEY }}
 
@@ -104,11 +104,11 @@ jobs:
     runs-on: ubuntu-latest
     if: vars.GITEA_MIRROR_ENABLED == 'true'
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
         with:
           fetch-depth: 0
 
-      - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
+      - uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
         with:
           ssh-private-key: ${{ secrets.GITEA_SSH_KEY }}
 
@@ -122,12 +122,12 @@ jobs:
     runs-on: ubuntu-latest
     if: vars.RADICLE_MIRROR_ENABLED == 'true'
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
         with:
           fetch-depth: 0
 
       - name: Setup Rust
-        uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 # stable
+        uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # stable
         with:
           toolchain: stable
 

.github/workflows/npm-bun-blocker.yml

@@ -10,7 +10,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Block npm/bun
         run: |
           if [ -f "package-lock.json" ] || [ -f "bun.lockb" ] || [ -f ".npmrc" ]; then

.github/workflows/quality.yml

@@ -11,14 +11,14 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Check file permissions
         run: |
           find . -type f -perm /111 -name "*.sh" | head -10 || true
       
       - name: Check for secrets
-        uses: trufflesecurity/trufflehog@05cccb53bc9e13bc6d17997db5a6bcc3df44bf2f # v3.92.3
+        uses: trufflesecurity/trufflehog@6961f2bace57ab32b23b3ba40f8f420f6bc7e004 # v3.93.3
         with:
           path: ./
           base: ${{ github.event.pull_request.base.sha || github.event.before }}
@@ -43,7 +43,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Check documentation
         run: |
           MISSING=""

.github/workflows/rsr-antipattern.yml

@@ -22,7 +22,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Check for TypeScript
         run: |

.github/workflows/scorecard-enforcer.yml

@@ -18,19 +18,19 @@ jobs:
       security-events: write
       id-token: write  # For OIDC
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
         with:
           persist-credentials: false
 
       - name: Run Scorecard
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif
           publish_results: true
 
       - name: Upload SARIF
-        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3
+        uses: github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6 # v3
         with:
           sarif_file: results.sarif
 
@@ -53,7 +53,7 @@ jobs:
   check-critical:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
 
       - name: Check SECURITY.md exists
         run: |

.github/workflows/scorecard.yml

@@ -16,17 +16,17 @@ jobs:
       security-events: write
       id-token: write
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
 
       - name: Run Scorecard
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.3.1
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.3.1
         with:
           results_file: results.sarif
           results_format: sarif
 
       - name: Upload results
-        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.31.8
+        uses: github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6 # v3.31.8
         with:
           sarif_file: results.sarif