build(deps): bump the minor-and-patch-actions-weekly group across 1 directory with 12 updates

[dependabot]

Bumps the minor-and-patch-actions-weekly group with 12 updates in the / directory:

Package	From	To
step-security/harden-runner	2.13.0	2.13.1
step-security/publish-unit-test-result-action	2.20.2	2.20.4
step-security/gh-docker-logs	2.2.5	2.2.6
step-security/conventional-pr-title-action	3.2.3	3.2.4
step-security/foundry-toolchain	1.4.0	1.4.1
step-security/ghaction-import-gpg	6.3.0	6.3.1
step-security/semver-utils	4.3.1	4.3.2
step-security/close-milestone	2.2.0	2.2.1
step-security/release-notes-generator-action	3.1.8	3.1.9
ncipollo/release-action	1.18.0	1.20.0
docker/login-action	3.5.0	3.6.0
step-security/helm-gh-pages	1.7.3	1.7.4

Updates step-security/harden-runner from 2.13.0 to 2.13.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.13.1

What's Changed

• Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues.

• Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions.

• Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability.

Full Changelog: step-security/harden-runner@v2.13.0...v2.13.1

Commits

• f4a75cf Merge pull request #588 from step-security/rc-26
• 95503d0 ci: remove code-review workflow
• 4b250a0 ci: add job to confirm dist is as expected
• 5b0ab6a update dependencies
• d11f2c1 fix bug where status code was not being preserved
• b3fc98e improve error handling for policy store sceanrio
• 92fc5d4 update error message
• b61b0a4 policy store improvements
• e3d3f2b use GitHub release instead of packages
• 646ac01 update agent
• Additional commits viewable in compare view

Updates step-security/publish-unit-test-result-action from 2.20.2 to 2.20.4

Release notes

Sourced from step-security/publish-unit-test-result-action's releases.

v2.20.4

What's Changed

• fix: Subscription validation scenarios handled by @​Raj-StepSecurity in step-security/publish-unit-test-result-action#123
• feat: Update action.yml by @​Raj-StepSecurity in step-security/publish-unit-test-result-action#124
• feat: Update action.yml by @​Raj-StepSecurity in step-security/publish-unit-test-result-action#125
• feat: Update action.yml by @​Raj-StepSecurity in step-security/publish-unit-test-result-action#126
• feat: Update action.yml by @​Raj-StepSecurity in step-security/publish-unit-test-result-action#127
• feat: Update action.yml by @​Raj-StepSecurity in step-security/publish-unit-test-result-action#128
• feat: Update action.yml by @​Raj-StepSecurity in step-security/publish-unit-test-result-action#129

Full Changelog: step-security/publish-unit-test-result-action@v2...v2.20.4

Commits

• 5d195d4 Merge pull request #129 from step-security/Raj-StepSecurity-patch-16
• 29cc9d2 Update action.yml
• ea21df0 Merge pull request #128 from step-security/Raj-StepSecurity-patch-15
• 4847439 Update action.yml
• 230f6e8 Merge pull request #127 from step-security/Raj-StepSecurity-patch-14
• e4fde32 Update action.yml
• 738e9dc Merge pull request #126 from step-security/Raj-StepSecurity-patch-13
• 1c392e5 Update action.yml
• c59c519 Merge pull request #125 from step-security/Raj-StepSecurity-patch-12
• 6f634c8 Update action.yml
• Additional commits viewable in compare view

Updates step-security/gh-docker-logs from 2.2.5 to 2.2.6

Release notes

Sourced from step-security/gh-docker-logs's releases.

v2.2.6

What's Changed

• fix: Security updates by @​github-actions[bot] in step-security/gh-docker-logs#126
• fix: Security updates by @​github-actions[bot] in step-security/gh-docker-logs#128
• fix: fixed validate subscription check code by @​amanstep in step-security/gh-docker-logs#129

Full Changelog: step-security/gh-docker-logs@v2...v2.2.6

Commits

• 2ffe2e0 Merge pull request #129 from step-security/fix/subscription
• 73b6893 fix: fixed validate subscription check code
• 3a0e624 Merge pull request #128 from step-security/npm-audit-fix
• d233573 fix: apply audit fixes
• 7d94487 fix: apply audit fixes
• 31365cf fix: apply audit fixes
• f7ed209 Merge pull request #126 from step-security/npm-audit-fix
• d8437dc fix: apply audit fixes
• e410c2f fix: apply audit fixes
• 0830413 fix: apply audit fixes
• Additional commits viewable in compare view

Updates step-security/conventional-pr-title-action from 3.2.3 to 3.2.4

Release notes

Sourced from step-security/conventional-pr-title-action's releases.

v3.2.4

What's Changed

• fix: Security updates by @​github-actions[bot] in step-security/conventional-pr-title-action#112
• fix: Security updates by @​github-actions[bot] in step-security/conventional-pr-title-action#119
• feat: Validate Updated Subscription Flow by @​Raj-StepSecurity in step-security/conventional-pr-title-action#121
• feat: Update action.yml by @​Raj-StepSecurity in step-security/conventional-pr-title-action#122

Full Changelog: step-security/conventional-pr-title-action@v3...v3.2.4

Commits

• e2a9b8d Merge pull request #122 from step-security/Raj-StepSecurity-patch-7
• 688663a Update action.yml
• 122a073 Merge pull request #121 from step-security/Raj-StepSecurity-patch-6
• 75d1e4e Update index.js
• c6735da Merge pull request #119 from step-security/npm-audit-fix
• cc9169a fix: apply audit fixes
• 3dec774 Merge pull request #112 from step-security/npm-audit-fix
• 2d11c74 fix: apply audit fixes
• See full diff in compare view

Updates step-security/foundry-toolchain from 1.4.0 to 1.4.1

Release notes

Sourced from step-security/foundry-toolchain's releases.

v1.4.1

What's Changed

• fix: Security updates by @​github-actions[bot] in step-security/foundry-toolchain#110
• fix: Security updates by @​github-actions[bot] in step-security/foundry-toolchain#114
• fix: Security updates by @​github-actions[bot] in step-security/foundry-toolchain#115
• fix: fixed validate subscription code by @​amanstep in step-security/foundry-toolchain#117

New Contributors

• @​amanstep made their first contribution in step-security/foundry-toolchain#117

Full Changelog: step-security/foundry-toolchain@v1...v1.4.1

Commits

• 0f33b42 Merge pull request #117 from step-security/fix/subscription
• 534dd0e fix: fixed validate subscription code
• fc0b68a Merge pull request #115 from step-security/npm-audit-fix
• ce786fb fix: apply audit fixes
• 7a8af5c fix: apply audit fixes
• 18e3636 fix: apply audit fixes
• e4e72b3 fix: apply audit fixes
• 82be6fa fix: apply audit fixes
• 4bd4629 Merge pull request #114 from step-security/npm-audit-fix
• ea21368 fix: apply audit fixes
• Additional commits viewable in compare view

Updates step-security/ghaction-import-gpg from 6.3.0 to 6.3.1

Release notes

Sourced from step-security/ghaction-import-gpg's releases.

v6.3.1

What's Changed

• Update auto_cherry_pick.yml by @​Raj-StepSecurity in step-security/ghaction-import-gpg#146
• Create guarddog.yml by @​Raj-StepSecurity in step-security/ghaction-import-gpg#145
• fix: Security updates by @​github-actions[bot] in step-security/ghaction-import-gpg#151
• Bump brace-expansion from 1.1.11 to 1.1.12 by @​dependabot[bot] in step-security/ghaction-import-gpg#149
• fix: fixed subscription check code by @​amanstep in step-security/ghaction-import-gpg#175

New Contributors

• @​amanstep made their first contribution in step-security/ghaction-import-gpg#175

Full Changelog: step-security/ghaction-import-gpg@v6...v6.3.1

Commits

• 69c854a Merge pull request #175 from step-security/fix/subscription
• 347e30a fix: fixed subscription check code
• 4d3430a Merge pull request #149 from step-security/dependabot/npm_and_yarn/brace-expa...
• 2798f24 Bump brace-expansion from 1.1.11 to 1.1.12
• e702cb5 Merge pull request #151 from step-security/yarn-audit-fix
• 5800c46 fix: apply audit fixes
• a58f931 Merge pull request #145 from step-security/Raj-StepSecurity-patch-2
• d638834 Merge branch 'main' into Raj-StepSecurity-patch-2
• 9948152 Merge pull request #146 from step-security/Raj-StepSecurity-patch-3
• b93ede7 Update auto_cherry_pick.yml
• Additional commits viewable in compare view

Updates step-security/semver-utils from 4.3.1 to 4.3.2

Release notes

Sourced from step-security/semver-utils's releases.

v4.3.2

What's Changed

• fix: Security updates by @​github-actions[bot] in step-security/semver-utils#189
• chore: dist updated by @​github-actions[bot] in step-security/semver-utils#197
• feat: Validate Updated Subscription Flow by @​Raj-StepSecurity in step-security/semver-utils#196

Full Changelog: step-security/semver-utils@v4...v4.3.2

Commits

• 4ae9c1f feat: Validate Updated Subscription Flow (#196)
• e5db328 chore: dist updated
• 86044a1 Update main.ts
• a48fbb7 Merge pull request #189 from step-security/npm-audit-fix
• db54cc4 fix: apply audit fixes
• 2898593 fix: apply audit fixes
• 701989e fix: apply audit fixes
• See full diff in compare view

Updates step-security/close-milestone from 2.2.0 to 2.2.1

Release notes

Sourced from step-security/close-milestone's releases.

v2.2.1

What's Changed

• fix: Security updates by @​github-actions[bot] in step-security/close-milestone#83
• fix: Security updates by @​github-actions[bot] in step-security/close-milestone#91
• Create guarddog.yml by @​Raj-StepSecurity in step-security/close-milestone#78
• chore: dist updated by @​github-actions[bot] in step-security/close-milestone#100
• feat: Update main.ts by @​Raj-StepSecurity in step-security/close-milestone#99

Full Changelog: step-security/close-milestone@v2...v2.2.1

Commits

• b097272 feat: Update main.ts (#99)
• d0c3c89 Merge pull request #100 from step-security/npm-audit-fix
• b013a00 Update main.ts
• ab8a244 Merge pull request #78 from step-security/Raj-StepSecurity-patch-3
• 95c6220 Merge branch 'main' into Raj-StepSecurity-patch-3
• 8867439 Merge pull request #91 from step-security/npm-audit-fix
• 2483b18 fix: apply audit fixes
• 4b2a8ac fix: apply audit fixes
• 9f35898 fix: apply audit fixes
• 7c316d3 Merge pull request #83 from step-security/npm-audit-fix
• Additional commits viewable in compare view

Updates step-security/release-notes-generator-action from 3.1.8 to 3.1.9

Release notes

Sourced from step-security/release-notes-generator-action's releases.

v3.1.9

What's Changed

• feat: Validate Updated Subscription Flow by @​Raj-StepSecurity in step-security/release-notes-generator-action#50
• feat: Update action.yml With Latest Docker Image by @​Raj-StepSecurity in step-security/release-notes-generator-action#51

Full Changelog: step-security/release-notes-generator-action@v3...v3.1.9

Commits

• 192a937 Merge pull request #51 from step-security/Raj-StepSecurity-patch-6
• f3c2d9f feat: Update action.yml With Latest Docker Image
• 7640f8b Merge pull request #50 from step-security/Raj-StepSecurity-patch-5
• ba0e6bd Update entrypoint.sh
• See full diff in compare view

Updates ncipollo/release-action from 1.18.0 to 1.20.0

Release notes

Sourced from ncipollo/release-action's releases.

v1.20.0

What's Changed

• Fixes #542 Add previous tag option by @​ncipollo in ncipollo/release-action#550

Full Changelog: ncipollo/release-action@v1...v1.20.0

v1.19.2

What's Changed

• Update immutableCreate's default in the documentation by @​bblanchon in ncipollo/release-action#547
• Fixes #548 Add support body + generated release notes by @​ncipollo in ncipollo/release-action#549

New Contributors

• @​bblanchon made their first contribution in ncipollo/release-action#547

Full Changelog: ncipollo/release-action@v1...v1.19.2

v1.19.1

Defaults immutableCreate to false if it is omitted.

Full Changelog: ncipollo/release-action@v1.19.0...v1.19.1

v1.19.0

What's Changed

• Fixes #540 Add support for immutable releases by @​ncipollo in ncipollo/release-action#544
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in ncipollo/release-action#541
• Bump glob from 11.0.2 to 11.0.3 by @​dependabot[bot] in ncipollo/release-action#534

Full Changelog: ncipollo/release-action@v1...v1.19.0

Commits

• b7eabc9 preparing release 1.20.0
• e87de4c Fixes #542 Add previous tag option (#550)
• 98d25d4 preparing release 1.19.2
• d360126 Fixes #548 Add support body + generated release notes (#549)
• 571fe81 Update immutableCreate's default in the documentation (#547)
• 1c89adf preparing release 1.19.1
• 36bf8dd References #545 Default immutable builds to false
• b12185d preparing release 1.19.0
• defcf13 Fixes #540 Add support for immutable releases (#544)
• 05013d5 Standardize on separate call to generate release notes
• Additional commits viewable in compare view

Updates docker/login-action from 3.5.0 to 3.6.0

Release notes

Sourced from docker/login-action's releases.

v3.6.0

• Add registry-auth input for raw authentication to registries by @​crazy-max in docker/login-action#887
• Bump @​aws-sdk/client-ecr to 3.890.0 in docker/login-action#882 docker/login-action#890
• Bump @​aws-sdk/client-ecr-public to 3.890.0 in docker/login-action#882 docker/login-action#890
• Bump @​docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/login-action#883
• Bump brace-expansion from 1.1.11 to 1.1.12 in docker/login-action#880
• Bump undici from 5.28.4 to 5.29.0 in docker/login-action#879
• Bump tmp from 0.2.3 to 0.2.4 in docker/login-action#881

Full Changelog: docker/login-action@v3.5.0...v3.6.0

Commits

• 5e57cd1 Merge pull request #890 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
• 97e3143 chore: update generated content
• 3a0796b build(deps): bump the aws-sdk-dependencies group with 2 updates
• 5b7b28b Merge pull request #882 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
• abc9fb3 chore: update generated content
• d468688 build(deps): bump the aws-sdk-dependencies group with 2 updates
• a99b2f8 Merge pull request #883 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 0d7fae8 chore: update generated content
• 9832253 build(deps): bump @​docker/actions-toolkit from 0.62.1 to 0.63.0
• 09e05bb Merge pull request #881 from docker/dependabot/npm_and_yarn/tmp-0.2.4
• Additional commits viewable in compare view

Updates step-security/helm-gh-pages from 1.7.3 to 1.7.4

Release notes

Sourced from step-security/helm-gh-pages's releases.

v1.7.4

What's Changed

• feat: fixed subscription check code by @​Raj-StepSecurity in step-security/helm-gh-pages#96
• feat: Update action.yml by @​Raj-StepSecurity in step-security/helm-gh-pages#97
• feat: Update action.yml by @​Raj-StepSecurity in step-security/helm-gh-pages#98

Full Changelog: step-security/helm-gh-pages@v1...v1.7.4

Commits

• 7e699aa Merge pull request #98 from step-security/Raj-StepSecurity-patch-11
• 5c0a80e Update action.yml
• b858836 Merge pull request #97 from step-security/Raj-StepSecurity-patch-10
• fce9bf5 Update action.yml
• cfb2ddb Merge pull request #96 from step-security/Raj-StepSecurity-patch-9
• 68f3c05 Update entrypoint.sh
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

❌ Your project status has failed because the head coverage (69.04%) is below the target coverage (80.00%). You can increase the head coverage or adjust the target coverage.

❗ There is a different number of reports uploaded between BASE (533a976) and HEAD (a33534b). Click for more details.

HEAD has 20 uploads less than BASE

Flag	BASE (533a976)	HEAD (a33534b)
config-service	1	0
relay	1	0
server	1	0
ws-server	1	0
	19	3

@@             Coverage Diff             @@
##             main    #4462       +/-   ##
===========================================
- Coverage   96.23%   69.04%   -27.19%     
===========================================
  Files         121      121               
  Lines       20001    20001               
  Branches     1755      568     -1187     
===========================================
- Hits        19247    13810     -5437     
- Misses        735     6179     +5444     
+ Partials       19       12        -7     

Flag	Coverage Δ
config-service	?
relay	?
server	?
ws-server	?

Flags with carried forward coverage won't be shown. Click here to find out more.
see 68 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.