actions-update: Bump the actions-dependencies group with 3 updates

[dependabot]

Bumps the actions-dependencies group with 3 updates: step-security/harden-runner, gradle/actions and github/codeql-action.

Updates step-security/harden-runner from 2.13.0 to 2.13.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.13.1

What's Changed

• Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues.

• Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions.

• Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability.

Full Changelog: step-security/harden-runner@v2.13.0...v2.13.1

Commits

• f4a75cf Merge pull request #588 from step-security/rc-26
• 95503d0 ci: remove code-review workflow
• 4b250a0 ci: add job to confirm dist is as expected
• 5b0ab6a update dependencies
• d11f2c1 fix bug where status code was not being preserved
• b3fc98e improve error handling for policy store sceanrio
• 92fc5d4 update error message
• b61b0a4 policy store improvements
• e3d3f2b use GitHub release instead of packages
• 646ac01 update agent
• Additional commits viewable in compare view

Updates gradle/actions from 4.4.2 to 4.4.3

Release notes

Sourced from gradle/actions's releases.

v4.4.3

What's Changed

• Adapt tests to future new Build Scan publication message by @​alextu in gradle/actions#708
• Add missing Gradle version input to setup-gradle by @​jprinet in gradle/actions#713
• Bump the github-actions group across 2 directories with 4 updates by @​dependabot[bot] in gradle/actions#710
• Bump references to Develocity Gradle plugin from 4.1 to 4.1.1 by @​bot-githubaction in gradle/actions#712
• Update known wrapper checksums by @​github-actions[bot] in gradle/actions#709
• Bump the npm-dependencies group across 1 directory with 4 updates by @​dependabot[bot] in gradle/actions#711
• Do not run setup-gradle post action if workflow is cancelled by @​jprinet in gradle/actions#716
• Bump the github-actions group across 2 directories with 2 updates by @​dependabot[bot] in gradle/actions#715
• Bump the npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in gradle/actions#720
• Bump github/codeql-action from 3.29.11 to 3.30.0 in the github-actions group across 1 directory by @​dependabot[bot] in gradle/actions#719
• Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.19.2 to 2.20.0 in /sources/test/init-scripts in the gradle group across 1 directory by @​dependabot[bot] in gradle/actions#718
• Update known wrapper checksums by @​github-actions[bot] in gradle/actions#723
• Bump the npm-dependencies group in /sources with 5 updates by @​dependabot[bot] in gradle/actions#725

Full Changelog: gradle/actions@v4.4.2...v4.4.3

Commits

• ed40850 Bump the npm-dependencies group in /sources with 5 updates (#725)
• c5e1804 [bot] Update dist directory
• 467e56e Bump the npm-dependencies group in /sources with 5 updates
• 76d3b99 Update known wrapper checksums (#723)
• 70908db Update known wrapper checksums
• 0a4f8b4 Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.19.2 to...
• 267b96b Merge branch 'main' into dependabot/gradle/sources/test/init-scripts/gradle-e...
• 9302782 Bump github/codeql-action from 3.29.11 to 3.30.0 in the github-actions group ...
• 87d1c17 Bump the npm-dependencies group across 1 directory with 3 updates (#720)
• 5dc5adb Bump the npm-dependencies group across 1 directory with 3 updates
• Additional commits viewable in compare view

Updates github/codeql-action from 3.30.1 to 3.30.2

Release notes

Sourced from github/codeql-action's releases.

v3.30.2

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.2 - 09 Sep 2025

• Fixed a bug which could cause language autodetection to fail. #3084
• Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #3064

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.30.2 - 09 Sep 2025

• Fixed a bug which could cause language autodetection to fail. #3084
• Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #3064

3.30.1 - 05 Sep 2025

• Update default CodeQL bundle version to 2.23.0. #3077

3.30.0 - 01 Sep 2025

• Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #3054

3.29.11 - 21 Aug 2025

• Update default CodeQL bundle version to 2.22.4. #3044

3.29.10 - 18 Aug 2025

No user facing changes.

3.29.9 - 12 Aug 2025

No user facing changes.

3.29.8 - 08 Aug 2025

• Fix an issue where the Action would autodetect unsupported languages such as HTML. #3015

3.29.7 - 07 Aug 2025

This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.

3.29.6 - 07 Aug 2025

• The cleanup-level input to the analyze Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. #2999
• Update default CodeQL bundle version to 2.22.3. #3000

3.29.5 - 29 Jul 2025

• Update default CodeQL bundle version to 2.22.2. #2986

... (truncated)

Commits

• d3678e2 Merge pull request #3090 from github/update-v3.30.2-d7a501da0
• 14bbb6a Add changelog entries
• a879d03 Update changelog for v3.30.2
• d7a501d Merge pull request #3085 from github/mbg/multi-language-repo/gitignore
• c90f074 Merge pull request #3087 from github/dependabot/npm_and_yarn/npm-1cf7fedfcf
• d8df826 Merge pull request #3086 from github/mbg/docs/required-checks
• 23419de Rebuild
• 7d8e1e9 Bump the npm group with 5 updates
• 76a3ccc Clarify instructions for updating PR checks for PRs
• 01fd48d Remove comment about main from update-required-checks.sh
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}