fix(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/setup-go	action	minor	v6.3.0 → v6.4.0
alpine	final	patch	3.23.3 → 3.23.4
alpine	stage	patch	3.23.3 → 3.23.4
codecov/codecov-action	action	patch	v5.5.2 → v5.5.4
elgohr/Publish-Docker-Github-Action (changelog)	action	digest	4feac4d → 1c2f28c
github.com/go-vela/server	require	minor	v0.27.5 → v0.28.3
github.com/urfave/cli/v3	require	minor	v3.7.0 → v3.8.0
github/codeql-action	action	minor	v4.32.5 → v4.35.2
gohugoio/hugo		minor	0.157.0 → 0.160.1
reviewdog/action-golangci-lint	action	minor	v2.8.0 → v2.10

---

Release Notes

actions/setup-go (actions/setup-go)

v6.4.0

Compare Source

What's Changed

Enhancement

• Add go-download-base-url input for custom Go distributions by @​gdams in #​721

Dependency update

• Upgrade minimatch from 3.1.2 to 3.1.5 by @​dependabot in #​727

Documentation update

• Rearrange README.md, add advanced-usage.md by @​priyagupta108 in #​724
• Fix Microsoft build of Go link by @​gdams in #​734

New Contributors

• @​gdams made their first contribution in #​721

Full Changelog: actions/setup-go@v6...v6.4.0

codecov/codecov-action (codecov/codecov-action)

v5.5.4

Compare Source

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

• Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" by @​thomasrockhu-codecov in #​1926
• chore(release): 5.5.4 by @​thomasrockhu-codecov in #​1927

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

Compare Source

What's Changed

• build(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @​dependabot[bot] in #​1874
• chore(release): bump to 5.5.3 by @​thomasrockhu-codecov in #​1922

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

go-vela/server (github.com/go-vela/server)

v0.28.3

Compare Source

What's Changed

• fix(db/hook): trim error to fit db column by @​wass3rw3rk in #​1440
• fix: tighten up UpdateRepo calls and add sync-up to repair by @​ecrupper in #​1438
• fix(router): use install token for caller token and fix ptr derefs by @​ecrupper in #​1439
• fix(cancel): follow through cancel on missing executor by @​ecrupper in #​1441
• fix(hook): matching error with other updatehook calls by @​wass3rw3rk in #​1442
• chore(deps): update all non-major dependencies by @​renovate[bot] in #​1437

Full Changelog: go-vela/server@v0.28.2...v0.28.3

v0.28.2

Compare Source

What's Changed

• fix(compiler/types): use struct walk for Substitute instead of JSON marshal by @​ecrupper in #​1432
• fix(scm): handle nil on getcontents by @​wass3rw3rk in #​1434
• fix(deps): update module golang.org/x/crypto to v0.50.0 by @​renovate[bot] in #​1433

Full Changelog: go-vela/server@v0.28.1...v0.28.2

v0.28.1

Compare Source

What's Changed

• fix(compiler): address logic bug in de-dup for origin secrets in templates by @​ecrupper in #​1431
• chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by @​dependabot[bot] in #​1429
• fix(deps): update all non-major dependencies by @​renovate[bot] in #​1428

Full Changelog: go-vela/server@v0.28.0...v0.28.1

v0.28.0

Compare Source

What's Changed

• enhance(oidc): add jti claim by @​ecrupper in #​1356
• feat!: remove buildkite dependency by @​ecrupper in #​1352
• fix(compiler): prevent same-name stages in pipeline configs by @​ecrupper in #​1360
• fix(api): yaml expand on stage pipelines by @​wass3r in #​1363
• enhance(api)!: accept installation tokens for MustWrite and MustRead auth using caching by @​ecrupper in #​1373
• fix(mock): add refresh install token mock by @​ecrupper in #​1374
• fix(scm): proper expiration set to worker by @​ecrupper in #​1380
• fix(deps): bump aws-sdk to v2 by @​wass3r in #​1365
• fix(database)!: use transactions tied to repo counters for hook and build to avoid collisions by @​ecrupper in #​1353
• fix(scm): fall back on github info if role map missing entry by @​ecrupper in #​1382
• fix(deps): update module github.com/expr-lang/expr to v1.17.7 [security] by @​renovate[bot] in #​1379
• chore(build): reduce binary size by @​wass3r in #​1377
• chore: bump go-github to v81 by @​ecrupper in #​1383
• fix(deps): update module golang.org/x/crypto to v0.45.0 [security] by @​renovate[bot] in #​1370
• feat!: platform setting for enabling/disabling Vela secrets by @​ecrupper in #​1384
• fix(scm): add deployments as a default perm for deploy events by @​ecrupper in #​1386
• feat(events)!: support merge queue for GitHub SCM by @​ecrupper in #​1343
• fix(compiler): add origin secrets to pipeline validate func by @​ecrupper in #​1388
• enhance(app): add PR and Issue perms for install token by @​ecrupper in #​1389
• enhance(compiler)!: do not add duplicate origin secrets using name as key by @​ecrupper in #​1390
• chore(lint): update codebase for new linter rules by @​ecrupper in #​1393
• feat(artifacts): Object storage integration and artifacts key by @​KellyMerrick in #​1385
• feat: leverage checks API for CI statuses with app installation by @​ecrupper in #​1392
• fix(deps): update module github.com/google/go-github/v81 to v83 by @​renovate[bot] in #​1391
• fix(scm): add merge_group to events set by @​ecrupper in #​1394
• chore(deps): upgrade minor deps and apply some go fix changes by @​ecrupper in #​1395
• chore(deps): update actions/checkout action to v6 by @​renovate[bot] in #​1371
• chore(deps): update github/codeql-action action to v4 by @​renovate[bot] in #​1358
• chore(deps): update actions/github-script action to v8 by @​renovate[bot] in #​1349
• chore(deps): update actions/setup-go action to v6 by @​renovate[bot] in #​1348
• fix(artifacts): add upload to storage service by @​timhuynh94 in #​1397
• fix(deps): update all non-major dependencies by @​renovate[bot] in #​1396
• fix(scm): override details link to point to vela build by @​ecrupper in #​1400
• fix(artifacts): switch from sts to presigned put by @​timhuynh94 in #​1401
• fix(build): reset build number for restarts by @​ecrupper in #​1404
• fix(revert): use commit status API only by @​ecrupper in #​1405
• refactor(compiler): move script gen outside of compiler and into container by @​ecrupper in #​1403
• fix(env): remove id request url from compiler by @​ecrupper in #​1408
• fix(perm): allow for GETs when secrets are disabled by @​ecrupper in #​1406
• fix(deps): update all non-major dependencies by @​renovate[bot] in #​1398
• fix(deps): update module github.com/google/go-github/v83 to v84 by @​renovate[bot] in #​1399
• chore(deps): update docker/login-action action to v4 by @​renovate[bot] in #​1402
• chore(deps): update docker/metadata-action action to v6 by @​renovate[bot] in #​1407
• chore(deps): update docker/build-push-action action to v7 by @​renovate[bot] in #​1409
• chore(deps): bump go to 1.26.1 by @​wass3rw3rk in #​1410
• fix(webhook): generate token for status update on failed compile by @​ecrupper in #​1412
• fix(deps): update all non-major dependencies by @​renovate[bot] in #​1411
• fix: add clearer error message for post-subst unmarshal issues by @​ecrupper in #​1415
• fix(merge_group): set branch to base ref instead of head ref by @​ecrupper in #​1414
• fix(db): only update fields when necessary for repo hot path writes by @​ecrupper in #​1416
• fix(deps): update all non-major dependencies by @​renovate[bot] in #​1413
• fix(admin): add logs for secret toggles by @​wass3rw3rk in #​1419
• enhance: separate clone/build SCM token from status token by @​ecrupper in #​1420
• fix(deps): update all non-major dependencies by @​renovate[bot] in #​1417
• chore(deps): bump google.golang.org/grpc from 1.79.2 to 1.79.3 by @​dependabot[bot] in #​1418
• chore(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 by @​dependabot[bot] in #​1421
• fix(webhook): use webhook parsed build info on compile failures for status by @​ecrupper in #​1422
• fix: use install token if available for changeset call by @​ecrupper in #​1424
• fix(deps): update all non-major dependencies by @​renovate[bot] in #​1423
• chore(deps): update codecov/codecov-action action to v6 by @​renovate[bot] in #​1425
• fix(util): use filepath matching for allowlist by @​ecrupper in #​1426

Full Changelog: go-vela/server@v0.27.5...v0.28.0

urfave/cli (github.com/urfave/cli/v3)

v3.8.0

Compare Source

What's Changed

• chore(deps): bump mkdocs-material from 9.7.1 to 9.7.2 in the python-packages group by @​dependabot[bot] in #​2267
• chore(deps): bump mkdocs-material from 9.7.2 to 9.7.3 in the python-packages group by @​dependabot[bot] in #​2272
• chore(deps): bump mkdocs-material from 9.7.3 to 9.7.4 in the python-packages group by @​dependabot[bot] in #​2276
• Fix: check MutuallyExclusiveFlags across parent command chain by @​siutsin in #​2274
• Modernize source code by @​kolyshkin in #​2289
• flag: replace regexp use by @​kolyshkin in #​2288
• chore(deps): bump mkdocs-material from 9.7.4 to 9.7.5 in the python-packages group by @​dependabot[bot] in #​2284
• Fix:(issue_2281) Remove incorrect check for local flag for set by @​dearchap in #​2290
• Fix:(issue_2275) Make flag action execution consistent by @​dearchap in #​2295
• Fix:(issue_2293) --flag="" no longer rejected as missing argument by @​idelchi in #​2297
• Fix:(issue_2292) Empty positional args no longer break parse loop by @​idelchi in #​2296

New Contributors

• @​idelchi made their first contribution in #​2297

Full Changelog: urfave/cli@v3.7.0...v3.8.0

github/codeql-action (github/codeql-action)

v4.35.2

Compare Source

• The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #​3795
• The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #​3789
• Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #​3794
• Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #​3807
• Update default CodeQL bundle version to 2.25.2. #​3823

v4.35.1

Compare Source

• Fix incorrect minimum required Git version for improved incremental analysis: it should have been 2.36.0, not 2.11.0. #​3781

v4.35.0

Compare Source

• Reduced the minimum Git version required for improved incremental analysis from 2.38.0 to 2.11.0. #​3767
• Update default CodeQL bundle version to 2.25.1. #​3773

v4.34.1

Compare Source

• Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #​3762

v4.34.0

Compare Source

• Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #​3569
• We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #​3584
• Update default CodeQL bundle version to 2.25.0. #​3585

v4.33.0

Compare Source

• Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #​3562

  To opt out of this change:

  • Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
  • User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
  • User-owned repositories using advanced setup: Set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

• Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #​3557

• The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #​3559

• Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #​3563

• Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #​3564

• A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #​3570

v4.32.6

Compare Source

• Update default CodeQL bundle version to 2.24.3. #​3548

gohugoio/hugo (gohugoio/hugo)

v0.160.1

Compare Source

What's Changed

• Fix panic when passthrough elements are used in headings 8b00030 @​bep #​14677
• Fix panic on edit of legacy mapped template names that's also a valid path in the new setup c485516 @​bep #​14740
• Fix RenderShortcodes leaking context markers when indented 161d0d4 @​bep #​12457
• Strip nested page context markers from standalone RenderShortcodes 45e4596 @​bep #​14732
• Rename deprecated cascade._target to cascade.target in tests 58927aa @​bep
• Fix auto-creation of root sections in multilingual sites ce009e3 @​bep #​14681
• readme: Fix links 0755872 @​chicks-net

v0.160.0

Compare Source

Now you can inject CSS vars, e.g. from the configuration, into your stylesheets when building with css.Build. Also, now all the render hooks has a .Position method, now also more accurate and effective.

Bug fixes

• Fix some recently introduced Position issues 4e91e14 @​bep #​14710
• markup/goldmark: Fix double-escaping of ampersands in link URLs dc9b51d @​bep #​14715
• tpl: Fix stray quotes from partial decorator in script context 43aad71 @​bep #​14711

Improvements

• all: Replace NewIntegrationTestBuilder with Test/TestE/TestRunning 481baa0 @​bep
• tpl/css: Support @​import "hugo:vars" for CSS custom properties in css.Build 5d09b5e @​bep #​14699
• Improve and extend .Position handling in Goldmark render hooks 303e443 @​bep #​14663
• markup/goldmark: Clean up test 638262c @​bep

Dependency Updates

• build(deps): bump github.com/magefile/mage from 1.16.1 to 1.17.1 bf6e35a @​dependabot[bot]
• build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 0eda24e @​dependabot[bot]
• build(deps): bump golang.org/x/image from 0.37.0 to 0.38.0 beb57a6 @​dependabot[bot]

Documentation

• readme: Revise edition descriptions and installation instructions 9f1f1be @​jmooring

v0.159.2

Compare Source

Note that the security fix below is not a potential threat if you either:

• Trust your Markdown content files.
• Have custom render hook template for links and images.

EDIT IN: This release also adds release archives for non-extended-withdeploy builds.

What's Changed

• Fix potential content XSS by escaping dangerous URLs in Markdown links and images 479fe6c @​bep
• resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser df520e3 @​jmooring #​14684

v0.159.1

Compare Source

The regression fixed in this release isn't new, but it's so subtle that we thought we'd release this sooner rather than later. For some time now, the minifier we use have stripped namespaced attributes in SVGs, which broke dynamic constructs using e.g. AlpineJS' x-bind: namespace (library used by Hugo's documentation site).

To fix this, the upstream library has hadded a keepNamespaces slice option. It was not possible to find a default that would make all happy, so we opted for an option that at least would make AlpineJS sites work out of the box:

 [minify.tdewolff.svg]
      keepNamespaces = ['', 'x-bind']

What's Changed

• minifiers: Keep x-bind and blank namespace in SVG minification 42289d7 @​bep #​14669

v0.159.0

Compare Source

This release greatly improves and simplifies management of Node.js/npm dependencies in a multi-module setup. See this page for more information.

Note

• Replace deprecated site.Data with hugo.Data in tests a8fca59 @​bep
• Replace deprecated excludeFiles and includeFiles with files in tests 182b104 @​bep
• Replace deprecated :filename with :contentbasename in the permalinks test eb11c3d @​bep

Bug fixes

• tpl/tplimpl: Fix Vimeo shortcode test eaf4c75 @​jmooring #​14649

Improvements

• create: Return error instead of panic when page not found 807cae1 @​mango766 #​14112
• commands: Preserve non-content files in convert output c4fb61d @​xndvaz #​4621
• npm: Use workspaces to simplify hugo mod npm pack d88a29e @​bep
• commands: Close cpu profile file when StartCPUProfile fails 9dd9c76 @​buley
• Remove the AI Watchdog workflow for now 3315a86 @​bep
• Remove 'bep' from PR user logins skip list 3824484 @​bep
• tpl/tplimpl: Comment out the Vimeo simple shortcode tests 7813c5c @​bep #​14649

Dependency Updates

• build(deps): bump github.com/olekukonko/tablewriter from 1.1.3 to 1.1.4 (#​14641) 3ff9b7f @​dependabot[bot]
• build(deps): bump github.com/yuin/goldmark from 1.7.16 to 1.7.17 be93ccd @​dependabot[bot]
• build(deps): bump github.com/magefile/mage from 1.15.0 to 1.16.1 2669bca @​dependabot[bot]
• build(deps): bump golang.org/x/image from 0.36.0 to 0.37.0 753d447 @​dependabot[bot]
• build(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 4f39d72 @​dependabot[bot]

Documentation

• docs: Update docs.yaml d2043cf @​bep
• commands: Update docs linke to Node.js docs 4f3c398 @​bep

v0.158.0

Compare Source

This release adds css.Build, native and very fast bundling/transformation/minifying of CSS resources. Also see the new strings.ReplacePairs, a very fast option if you need to do many string replacements.

Notes

• Upgrade to to Go 1.26.1 (#​14597) (note) 1f578f1 @​bep #​14595. This fixes a security issue in Go's template package used by Hugo: https://www.cve.org/CVERecord?id=CVE-2026-27142

Deprecations

The methods and config options are deprecated and will be removed in a future Hugo release.

Also see this article

Language configuration

• languageCode → Use locale instead.
• languages.<lang>.languageCode → Use languages.<lang>.locale instead.
• languages.<lang>.languageName → Use languages.<lang>.label instead.
• languages.<lang>.languageDirection → Use languages.<lang>.direction instead.

Language methods

• .Site.LanguageCode → Use .Site.Language.Locale instead.
• .Language.LanguageCode → Use .Language.Locale instead.
• .Language.LanguageName → Use .Language.Label instead.
• .Language.LanguageDirection → Use .Language.Direction instead.

Bug fixes

• tpl/css: Fix external source maps e431f90 @​bep #​14620
• hugolib: Fix server no watch 59e0446 @​jmooring #​14615
• resources: Fix context canceled on GetRemote with per-request timeout 842d8f1 @​bep #​14611
• tpl/tplimpl: Prefer early suffixes when media type matches 4eafd9e @​bep #​13877 #​14601
• all: Run go fix ./... e310822 @​bep
• internal/warpc: Fix SIGSEGV in Close() when dispatcher fails to start c9b88e4 @​bep #​14536
• Fix index out of range panic in fileEventsContentPaths f797f84 @​bep #​14573

Improvements

• resources: Re-publish on transformation cache hit 3c980c0 @​bep #​14629
• create/skeletons: Use css.Build in theme skeleton 404ac00 @​jmooring #​14626
• tpl/css: Add a test case for rebuilds on CSS options changes 06fcb72 @​bep
• hugolib: Allow regular pages to cascade to self 9b5f1d4 @​jmooring #​14627
• tpl/css: Allow the user to override single loader entries 623722b @​bep #​14623
• tpl/css: Make default loader resolution for CSS @​import and url() always behave the same a7cbcf1 @​bep #​14619
• internal/js: Add default mainFields for CSS builds 36cdb2c @​jmooring #​14614
• Add css.Build 3e3b849 @​bep #​14609 #​14613
• resources: Use full path for Exif etc. decoding error/warning messages c47ec23 @​bep #​12693
• Move to new locales library and upgrade CLDR from v36.1 to v48.1 4652ae4 @​bep
• tpl/strings: Add strings.ReplacePairs function 13a95b9 @​jmooring #​14594
• github: Remove pull_request_template.md 54c8048 @​bep
• testing: Make commands tests pass in Go 1.26.1 157bfdd @​bep
• refactor: Deprecate language configuration and template methods d4f2122 @​jmooring #​14269
• Replace Exif with Meta in tests 991d2f9 @​bep
• resources: Improve getImageOps error message e857777 @​jmooring #​14571
• resources/images: Add IsImageResourceWithMeta etc. tests for bmp and gif 44dc384 @​bep #​14568

Dependency Updates

• deps: Upgrade github.com/evanw/esbuild v0.27.3 => v0.27.4 0e46a97 @​bep
• build(deps): bump github.com/getkin/kin-openapi from 0.133.0 to 0.134.0 c27d9e8 @​dependabot[bot]
• build(deps): bump golang.org/x/tools from 0.42.0 to 0.43.0 098eac5 @​dependabot[bot]
• build(deps): bump gocloud.dev from 0.44.0 to 0.45.0 87f8de8 @​dependabot[bot]
• build(deps): bump golang.org/x/sync from 0.19.0 to 0.20.0 67ef6c6 @​dependabot[bot]
• build(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 (#​14569) b29c2f7 @​dependabot[bot]
• build(deps): bump github.com/tdewolff/minify/v2 from 2.24.9 to 2.24.10 (#​14585) e91d191 @​dependabot[bot]
• build(deps): bump github.com/bep/imagemeta from 0.15.0 to 0.17.0 (#​14584) a8a54bd @​dependabot[bot]

reviewdog/action-golangci-lint (reviewdog/action-golangci-lint)

v2.10

Compare Source

v2.10.0

Compare Source

What's Changed

• fix: update go download url by @​kurochan in #​817
• chore(deps): update dependency @​types/node to v20.19.37 by @​renovate[bot] in #​802
• chore(deps): update dependency ts-jest to v29.4.6 by @​renovate[bot] in #​805
• chore(deps): update dependency @​vercel/ncc to v0.38.4 by @​renovate[bot] in #​812
• chore(deps): update actions/checkout action to v4.3.1 by @​renovate[bot] in #​813
• chore(deps): update dependency eslint-plugin-import to v2.32.0 by @​renovate[bot] in #​814
• chore(deps): update @​typescript-eslint/parser and eslint-plugin-jest by @​renovate[bot] in #​818
• chore(deps): update dependency prettier to v3.8.1 by @​renovate[bot] in #​819
• chore(deps): update dependency typescript to v5.9.3 by @​renovate[bot] in #​820
• chore(deps): update github/codeql-action action to v3.32.6 by @​renovate[bot] in #​821
• chore(deps): update reviewdog/action-actionlint action to v1.71.0 by @​renovate[bot] in #​822
• chore(deps): update reviewdog/action-eslint action to v1.34.0 by @​renovate[bot] in #​823
• Upgrade Node.js runtime to v24 by @​Copilot in #​824
• Migrate to ES Modules with Rollup by @​Copilot in #​825
• chore(deps): update actions/checkout action to v6 by @​renovate[bot] in #​827
• bump eslint 10.0.3 by @​shogo82148 in #​832
• introduce bundle script by @​shogo82148 in #​835
• chore(deps): update node.js to v24.14.0 by @​renovate[bot] in #​836
• chore(deps): update actions/setup-node action to v6 by @​renovate[bot] in #​828
• chore(deps): update github/codeql-action action to v4 by @​renovate[bot] in [#​829](https://

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 21.52%. Comparing base (f20bb6b) to head (cd22ee7).

❌ Your project check has failed because the head coverage (21.52%) is below the target coverage (90.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #99   +/-   ##
=======================================
  Coverage   21.52%   21.52%           
=======================================
  Files           7        7           
  Lines         432      432           
=======================================
  Hits           93       93           
  Misses        337      337           
  Partials        2        2           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 2 additional dependencies were updated

Details:

Package	Change
golang.org/x/sys	v0.34.0 -> v0.35.0
golang.org/x/text	v0.27.0 -> v0.28.0

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 3 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.25.7 -> 1.26.1
github.com/klauspost/compress	v1.17.11 -> v1.18.2
golang.org/x/sys	v0.39.0 -> v0.43.0
golang.org/x/text	v0.32.0 -> v0.36.0