fix(deps): update github-actions

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/dependency-review-action	action	minor	v4.8.3 → v4.9.0
actions/setup-node	action	minor	v6.2.0 → v6.3.0
github/codeql-action	action	patch	v4.32.4 → v4.32.6
node	uses-with	patch	22.22.0 → 22.22.1
step-security/harden-runner	action	patch	v2.15.0 → v2.15.1
tj-actions/changed-files	action	patch	v47.0.4 → v47.0.5

---

Release Notes

actions/dependency-review-action (actions/dependency-review-action)

v4.9.0: Dependency Review Action 4.9.0

Compare Source

This feature release contains a couple of notable changes:

• There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
• Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
• There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

• Compare normalized purls to account for encoding quirks by @​juxtin in #​1056
• Make purl comparisons case insensitive by @​juxtin in #​1057
• Feat: Add Patched Version to Vulnerabilities summary by @​felickz in #​1045
• fix: only get scorecard levels if user wants to see the OpenSSF scorecard by @​jantiebot in #​1060
• Bump actions/stale from 10.1.0 to 10.2.0 by @​dependabot[bot] in #​1058
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in #​1021
• Updates for release 4.9.0 by @​ahpook in #​1064

New Contributors

• @​jantiebot made their first contribution in #​1060

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

actions/setup-node (actions/setup-node)

v6.3.0

Compare Source

What's Changed

Enhancements:

• Support parsing devEngines field by @​susnux in #​1283

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:

• Fix npm audit issues by @​gowridurgad in #​1491
• Replace uuid with crypto.randomUUID() by @​trivikr in #​1378
• Upgrade minimatch from 3.1.2 to 3.1.5 by @​dependabot in #​1498

Bug fixes:

• Remove hardcoded bearer for mirror-url @​marco-ippolito in #​1467
• Scope test lockfiles by package manager and update cache tests by @​gowridurgad in #​1495

New Contributors

• @​susnux made their first contribution in #​1283

Full Changelog: actions/setup-node@v6...v6.3.0

github/codeql-action (github/codeql-action)

v4.32.6

Compare Source

• Update default CodeQL bundle version to 2.24.3. #​3548

v4.32.5

Compare Source

• Repositories owned by an organization can now set up the github-codeql-disable-overlay custom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the name github-codeql-disable-overlay and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to true to disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #​3507
• Added an experimental change so that when improved incremental analysis fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. #​3487
• The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. #​3515
• Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. #​3516
• Added an experimental change which lowers the minimum disk space requirement for improved incremental analysis, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. #​3498
• Added an experimental change which allows the start-proxy action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. #​3512
• The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. #​3503, #​3504

actions/node-versions (node)

v22.22.1: 22.22.1

Compare Source

Node.js 22.22.1

step-security/harden-runner (step-security/harden-runner)

v2.15.1

Compare Source

What's Changed

• Fixes #​642 bug due to which post step was failing on Windows ARM runners
• Updates npm packages

Full Changelog: step-security/harden-runner@v2.15.0...v2.15.1

tj-actions/changed-files (tj-actions/changed-files)

v47.0.5

Compare Source

What's Changed

• Upgraded to v47.0.4 by @​github-actions[bot] in #​2802
• Updated README.md by @​github-actions[bot] in #​2803
• Updated README.md by @​github-actions[bot] in #​2805
• chore(deps-dev): bump @​types/node from 25.2.2 to 25.3.2 by @​dependabot[bot] in #​2811
• chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 by @​dependabot[bot] in #​2810
• chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by @​dependabot[bot] in #​2809
• chore(deps-dev): bump eslint-plugin-jest from 29.12.1 to 29.15.0 by @​dependabot[bot] in #​2799
• chore(deps): bump github/codeql-action from 4.32.2 to 4.32.4 by @​dependabot[bot] in #​2806
• chore(deps-dev): bump prettier from 3.7.4 to 3.8.1 by @​dependabot[bot] in #​2775
• chore(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 by @​dependabot[bot] in #​2774
• chore(deps): bump lodash and @​types/lodash by @​dependabot[bot] in #​2807
• chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 by @​dependabot[bot] in #​2764
• chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 by @​dependabot[bot] in #​2815
• chore(deps-dev): bump @​types/node from 25.3.2 to 25.3.3 by @​dependabot[bot] in #​2814

Full Changelog: tj-actions/changed-files@v47.0.4...v47.0.5

---

Configuration

📅 Schedule: Branch creation - "after 10:00 before 19:00 every weekday except after 13:00 before 14:00" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Thank you for following the naming conventions! 🙏

[netlify]

❌ Deploy Preview for ai-models-table failed.

Name	Link
🔨 Latest commit	bd0b57b
🔍 Latest deploy log	https://app.netlify.com/projects/ai-models-table/deploys/69b3d3d165bb4a0008023cfa