build(deps): bump the actions group across 1 directory with 7 updates

[dependabot]

Bumps the actions group with 7 updates in the / directory:

Package	From	To
step-security/harden-runner	2.10.2	2.14.0
reviewdog/action-actionlint	1.60.0	1.69.1
octo-sts/action	1.0.0	1.1.1
chainguard-dev/digestabot	1.2.2	1.2.3
terraform-docs/gh-actions	1.3.0	1.4.1
reviewdog/action-tflint	1.24.0	1.25.0
reviewdog/action-misspell	1.26.1	1.27.0

Updates step-security/harden-runner from 2.10.2 to 2.14.0

Release notes

Sourced from step-security/harden-runner's releases.

v2.14.0

What's Changed

• Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip_harden_runner, allowing organizations to opt out specific repos.
• Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it.

Full Changelog: step-security/harden-runner@v2.13.3...v2.14.0

v2.13.3

What's Changed

• Fixed an issue where process events were not uploaded in certain edge cases.

Full Changelog: step-security/harden-runner@v2.13.2...v2.13.3

v2.13.2

What's Changed

• Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.
• Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.

Full Changelog: step-security/harden-runner@v2.13.1...v2.13.2

v2.13.1

What's Changed

• Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues.

• Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions.

• Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability.

Full Changelog: step-security/harden-runner@v2.13.0...v2.13.1

v2.13.0

What's Changed

• Improved job markdown summary
• Https monitoring for all domains (included with the enterprise tier)

Full Changelog: step-security/harden-runner@v2...v2.13.0

v2.12.2

What's Changed

Added HTTPS Monitoring for additional destinations - *.githubusercontent.com Bug fixes:

• Implicitly allow local multicast, local unicast and broadcast IP addresses in block mode
• Increased policy map size for block mode

... (truncated)

Commits

• 20cf305 Merge pull request #622 from step-security/feature/custom-property-skip
• c51e8ee feat: skip agent install and post step on subsequent runs for GitHub-hosted r...
• e152b90 feat: skip harden-runner based on repository custom property
• ee1faec feat: replace skip-harden-runner with skip-on-custom-property input
• 1dc7c17 feat: add skip-harden-runner input to conditionally skip execution
• df199fb Merge pull request #620 from step-security/rc-29
• 03d096a update agent
• 4090107 fix: update agent
• 95d9a5d Merge pull request #606 from step-security/rc-28
• 87e429d Update limitations.md
• Additional commits viewable in compare view

Updates reviewdog/action-actionlint from 1.60.0 to 1.69.1

Release notes

Sourced from reviewdog/action-actionlint's releases.

Release v1.69.1

v1.69.1: PR #185 - feat: update action.yml

Release v1.69.0

v1.69.0: PR #183 - chore(deps): update actionlint to 1.7.9

Release v1.68.0

v1.68.0: PR #177 - chore(deps): update actionlint to 1.7.8

Release v1.67.0

v1.67.0: PR #172 - chore(deps): update reviewdog to 0.21.0

Release v1.66.1

v1.66.1: PR #171 - bump the patch version

v1.66.0

What's Changed

• chore(deps): update reviewdog/action-depup action to v1.6.4 by @​renovate[bot] in reviewdog/action-actionlint#158
• README: Pin GitHub Actions with commit SHA using pinact by @​haya14busa in reviewdog/action-actionlint#161
• chore(deps): update shogo82148/actions-create-release action to v1.7.7 by @​renovate[bot] in reviewdog/action-actionlint#162
• chore(deps): update shogo82148/actions-create-release action to v1.7.8 by @​renovate[bot] in reviewdog/action-actionlint#164
• chore(deps): update shellcheck to 0.11.0 by @​github-actions[bot] in reviewdog/action-actionlint#166
• chore(deps): update docker/setup-buildx-action action to v3.11.1 by @​renovate[bot] in reviewdog/action-actionlint#165
• chore(deps): update haya14busa/action-bumpr action to v1.11.4 by @​renovate[bot] in reviewdog/action-actionlint#163

Full Changelog: reviewdog/action-actionlint@v1.65.2...v1.66.0

Release v1.65.3

v1.65.3: PR #170 - bump the patch version

Release v1.65.2

v1.65.2: PR #159 - Pin reviewdog install script version with commit SHA

Release v1.65.1

v1.65.1: PR #157 - Pin GitHub Actions with commit SHA using pinact

Release v1.65.0

v1.65.0: PR #155 - feat: add arm support

Release v1.64.1

v1.64.1: PR #145 - chore(deps): update python docker tag to v3.13

Release v1.64.0

v1.64.0: PR #154 - chore(deps): update actionlint to 1.7.7

Release v1.63.0

v1.63.0: PR #153 - Parse the severity if the output is from shellcheck

Release v1.62.0

... (truncated)

Commits

• 83e4ed2 bump v1.69.1
• 651f708 Merge branch 'main' into releases/v1
• 44b7d68 Merge pull request #185 from vvanouytsel/patch-1
• 89ed127 feat: update action.yml
• 437bbe9 bump v1.69.0
• 54e9dc8 Merge branch 'main' into releases/v1
• 1e0347f Merge pull request #183 from reviewdog/depup/actionlint
• 63e99e6 Merge pull request #182 from reviewdog/renovate/actions-checkout-6.x
• 9947a32 Merge pull request #179 from reviewdog/renovate/shogo82148-actions-create-rel...
• 86dee71 Merge pull request #184 from reviewdog/renovate/peter-evans-create-pull-reque...
• Additional commits viewable in compare view

Updates octo-sts/action from 1.0.0 to 1.1.1

Release notes

Sourced from octo-sts/action's releases.

v1.1.1

What's Changed

• Include response body in fetch error output. by @​wlynch in octo-sts/action#41

Full Changelog: octo-sts/action@v1.1.0...v1.1.1

v1.1.0

What's Changed

• Add logging for JWT claims for debugging. by @​wlynch in octo-sts/action#40

Full Changelog: octo-sts/action@v1.0.3...v1.1.0

v1.0.3

What's Changed

• bump node to v24 by @​cpanato in octo-sts/action#38
• Log URL in thrown fetchWithRetry error by @​wlynch in octo-sts/action#39

Full Changelog: octo-sts/action@v1.0.2...v1.0.3

v1.0.2

What's Changed

• Don't try to parse response as JSON if it is an error. by @​wlynch in octo-sts/action#37

New Contributors

• @​wlynch made their first contribution in octo-sts/action#37

Full Changelog: octo-sts/action@v1.0.1...v1.0.2

v1.0.1

What's Changed

• Add Accept header for github revoke token by @​cpanato in octo-sts/action#13
• Update trust policy, workflow and README by @​mattmoor in octo-sts/action#15
• add presubmit test by @​imjasonh in octo-sts/action#18
• fix presubmit test by @​imjasonh in octo-sts/action#19
• use PR source for action by @​imjasonh in octo-sts/action#20
• presubmit: checkout PR ref by @​imjasonh in octo-sts/action#21
• add backoff and retry to fetches by @​imjasonh in octo-sts/action#17
• This logs the SHA256 of the issued token. by @​mattmoor in octo-sts/action#12
• Allow the action to customize the domain. by @​mattmoor in octo-sts/action#28
• chore: add jitter to retries by @​meysam81 in octo-sts/action#23
• update job to use git hash in actions by @​cpanato in octo-sts/action#35
• add scopes parameter by @​cpanato in octo-sts/action#34

New Contributors

• @​cpanato made their first contribution in octo-sts/action#13
• @​meysam81 made their first contribution in octo-sts/action#23

... (truncated)

Commits

• f603d3b Include response body in fetch error output. (#41)
• 8d6ac62 Add logging for JWT claims for debugging. (#40)
• d6c70ad Log URL in thrown fetchWithRetry error (#39)
• 3d59800 bump node to v24 (#38)
• a26b0c6 Don't try to parse response as JSON if it is an error. (#37)
• e480437 add scopes parameter (#34)
• bc99912 update job to use git hash in actions (#35)
• 210248e chore: add jitter to retries (#23)
• 43a7677 Allow the action to customize the domain. (#28)
• 3622e4d This logs the SHA256 of the issued token. (#12)
• Additional commits viewable in compare view

Updates chainguard-dev/digestabot from 1.2.2 to 1.2.3

Release notes

Sourced from chainguard-dev/digestabot's releases.

v1.2.3

What's Changed

• Add examples of the json output to the README by @​ribbybibby in chainguard-dev/digestabot#55
• document input/output and add a job to check that by @​cpanato in chainguard-dev/digestabot#56
• [StepSecurity] Apply security best practices by @​stepsecurity-app[bot] in chainguard-dev/digestabot#57
• Update README instructions by @​cupofpython in chainguard-dev/digestabot#59
• updates and cleanup by @​cpanato in chainguard-dev/digestabot#60

New Contributors

• @​stepsecurity-app[bot] made their first contribution in chainguard-dev/digestabot#57
• @​cupofpython made their first contribution in chainguard-dev/digestabot#59

Full Changelog: chainguard-dev/digestabot@v1...v1.2.3

Commits

• a3b776c updates and cleanup (#60)
• 5401aa7 Update README instructions (#59)
• dd76366 [StepSecurity] Apply security best practices (#57)
• a52d3b6 document input/output and add a job to check that (#56)
• 2b5b38b Add examples of the json output to the README (#55)
• See full diff in compare view

Updates terraform-docs/gh-actions from 1.3.0 to 1.4.1

Release notes

Sourced from terraform-docs/gh-actions's releases.

v1.4.1

What’s Changed

• chore: update and simplify action name (#155) @​khos2ow

v1.4.0

What’s Changed

• fix: use hardcoded name for the docker image org (#154) @​khos2ow
• feat: build multi-arch docker images (#153) @​khos2ow
• chore: revert the action name back for now (#144) @​khos2ow

Commits

• 6de6da0 chore: prepare release v1.4.1
• 79aa084 Merge pull request #155 from khos2ow/action-name
• 95f3281 chore: update and simplify action name
• 1052475 ci: push the v1 tag to correct repo
• 7f8a667 chore: prepare release v1.4.0
• 8d6dd55 Merge pull request #154 from terraform-docs/fix-docker-push
• 7afd9a4 fix: use hardcoded name for the docker image org
• c33123d Merge pull request #153 from terraform-docs/multi-arch-docker-image
• 4cc669c fix: continue on error for this step must fail
• d1c08ce feat: build multi-arch docker images
• Additional commits viewable in compare view

Updates reviewdog/action-tflint from 1.24.0 to 1.25.0

Release notes

Sourced from reviewdog/action-tflint's releases.

Release v1.25.0

What's Changed

• chore(deps): update reviewdog/action-misspell action to v1.26.2 by @​renovate[bot] in reviewdog/action-tflint#105
• chore(deps): update reviewdog/action-depup action to v1.6.4 by @​renovate[bot] in reviewdog/action-tflint#104
• chore(deps): update reviewdog/action-misspell action to v1.26.3 by @​renovate[bot] in reviewdog/action-tflint#106
• README: Pin GitHub Actions with commit SHA using pinact by @​haya14busa in reviewdog/action-tflint#108
• chore(deps): update reviewdog/reviewdog to 0.21.0 by @​github-actions[bot] in reviewdog/action-tflint#101

Full Changelog: reviewdog/action-tflint@v1.24.2...v1.25.0

Release v1.24.2

What's Changed

• Pin reviewdog install script version with commit SHA by @​haya14busa in reviewdog/action-tflint#103

Full Changelog: reviewdog/action-tflint@v1.24.1...v1.24.2

Release v1.24.1

What's Changed

• Pin GitHub Actions with commit SHA using pinact by @​haya14busa in reviewdog/action-tflint#102

Full Changelog: reviewdog/action-tflint@v1.24.0...v1.24.1

Commits

• 54a5e5a chore(deps): update reviewdog/reviewdog to 0.21.0 (#101)
• 92ecd5b README: Pin GitHub Actions with commit SHA using pinact (#108)
• 4e022bb chore(deps): update reviewdog/action-misspell action to v1.26.3 (#106)
• 1848510 chore(deps): update reviewdog/action-depup action to v1.6.4 (#104)
• f1101e4 chore(deps): update reviewdog/action-misspell action to v1.26.2 (#105)
• 41b4770 Pin reviewdog install script version with commit SHA (#103)
• 7b57187 Pin GitHub Actions with commit SHA using pinact (#102)
• See full diff in compare view

Updates reviewdog/action-misspell from 1.26.1 to 1.27.0

Release notes

Sourced from reviewdog/action-misspell's releases.

Release v1.27.0

What's Changed

• chore(deps): update haya14busa/action-depup action to v1.6.4 by @​renovate[bot] in reviewdog/action-misspell#80
• README: Pin GitHub Actions with commit SHA using pinact by @​haya14busa in reviewdog/action-misspell#81
• chore: Bump reviewdog version by @​jml in reviewdog/action-misspell#86

New Contributors

• @​jml made their first contribution in reviewdog/action-misspell#86

Full Changelog: reviewdog/action-misspell@v1.26.3...v1.27.0

Release v1.26.3

What's Changed

• Pin reviewdog install script version with commit SHA by @​haya14busa in reviewdog/action-misspell#79

Full Changelog: reviewdog/action-misspell@v1.26.2...v1.26.3

Release v1.26.2

What's Changed

• Pin GitHub Actions with commit SHA using pinact by @​haya14busa in reviewdog/action-misspell#78

Full Changelog: reviewdog/action-misspell@v1.26.1...v1.26.2

Commits

• d642941 Merge pull request #86 from jml/bump-reviewdog-version
• 3ec4ec5 chore: Bump reviewdog version
• 1d5fb16 Merge pull request #81 from reviewdog/pinact-readme-20250319-031957
• 3c33d77 README: Pin GitHub Actions with commit SHA using pinact
• 5c476d5 Merge pull request #80 from reviewdog/renovate/haya14busa-action-depup-1.x
• 9daa94a Merge pull request #79 from reviewdog/pin-install-script-ver
• f8d22a7 chore(deps): update haya14busa/action-depup action to v1.6.4
• 21691a4 Pin reviewdog install script version with commit SHA
• 8494bbc Merge pull request #78 from reviewdog/pinact-action-misspell
• 53419db Pin GitHub Actions with commit SHA using pinact
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions