Skip to content

chore(deps): update all non-major dependencies#188

Merged
renovate[bot] merged 1 commit intomainfrom
renovate/all-minor-patch
Apr 16, 2026
Merged

chore(deps): update all non-major dependencies#188
renovate[bot] merged 1 commit intomainfrom
renovate/all-minor-patch

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Apr 15, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence Type Update
github.com/stackitcloud/stackit-sdk-go/services/dns v0.20.0v0.20.1 age confidence require patch
github/codeql-action v4.35.1v4.35.2 age confidence action patch
step-security/harden-runner v2.17.0v2.18.0 age confidence action minor

Release Notes

github/codeql-action (github/codeql-action)

v4.35.2

Compare Source

  • The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #​3795
  • The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #​3789
  • Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #​3794
  • Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #​3807
  • Update default CodeQL bundle version to 2.25.2. #​3823
step-security/harden-runner (step-security/harden-runner)

v2.18.0

Compare Source

What's Changed

Global Block List: During supply chain incidents like the recent axios and trivy compromises, StepSecurity will add known malicious domains and IP addresses (IOCs) to a global block list. These will be automatically blocked, even in audit mode, providing immediate protection without requiring any workflow changes.

Deploy on Self-Hosted VM: Added deploy-on-self-hosted-vm input that allows the Harden Runner agent to be installed directly on ephemeral self-hosted Linux runner VMs at workflow runtime. This is intended as an alternative when baking the agent into the VM image is not possible.

Full Changelog: step-security/harden-runner@v2.17.0...v2.18.0

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 1eccc2c to ca9adbc Compare April 16, 2026 08:54
@renovate renovate bot changed the title chore(deps): update step-security/harden-runner action to v2.18.0 chore(deps): update all non-major dependencies Apr 16, 2026
@renovate
chore(deps): update all non-major dependencies
bf11e7b 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from ca9adbc to bf11e7b Compare April 16, 2026 14:55
@renovate renovate bot merged commit e3b49e9 into main Apr 16, 2026
4 checks passed
@renovate renovate bot deleted the renovate/all-minor-patch branch April 16, 2026 19:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants