chore(deps): Bump the actions group across 1 directory with 6 updates

[dependabot]

Bumps the actions group with 6 updates in the / directory:

Package	From	To
actions/checkout	4.1.1	6.0.2
github/codeql-action	4.31.9	4.32.3
erlef/setup-beam	1.17.5	1.20.4
actions/github-script	7.0.1	8.0.0
dtolnay/rust-toolchain	f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561	efa25f7f19611383d5b0ccf2d1c8914531636bf9
trufflesecurity/trufflehog	3.92.4	3.93.3

Updates actions/checkout from 4.1.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

• Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @​TingluoHuang in actions/checkout#2355
• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

• Update all references from v5 and v4 to v6 by @​ericsciple in actions/checkout#2314
• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327
• Clarify v6 README by @​ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

v6.0.1

• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

... (truncated)

Commits

• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• 08c6903 Prepare v5.0.0 release (#2238)
• Additional commits viewable in compare view

Updates github/codeql-action from 4.31.9 to 4.32.3

Release notes

Sourced from github/codeql-action's releases.

v4.32.3

• Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #3466

v4.32.2

• Update default CodeQL bundle version to 2.24.1. #3460

v4.32.1

• A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #3422
• Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #3421

v4.32.0

• Update default CodeQL bundle version to 2.24.0. #3425

v4.31.11

• When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
• Improved error handling throughout the CodeQL Action. #3415
• Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
• The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

v4.31.10

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.10 - 12 Jan 2026

• Update default CodeQL bundle version to 2.23.9. #3393

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.32.3 - 13 Feb 2026

• Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #3466

4.32.2 - 05 Feb 2026

• Update default CodeQL bundle version to 2.24.1. #3460

4.32.1 - 02 Feb 2026

• A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #3422
• Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #3421

4.32.0 - 26 Jan 2026

• Update default CodeQL bundle version to 2.24.0. #3425

4.31.11 - 23 Jan 2026

• When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
• Improved error handling throughout the CodeQL Action. #3415
• Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
• The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

4.31.10 - 12 Jan 2026

• Update default CodeQL bundle version to 2.23.9. #3393

4.31.9 - 16 Dec 2025

No user facing changes.

4.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

... (truncated)

Commits

• 9e907b5 Merge pull request #3479 from github/update-v4.32.3-4bf6fa4e2
• 1814c9f Update changelog for v4.32.3
• 4bf6fa4 Merge pull request #3478 from github/mbg/changelog/add-connection-test-entry
• 9658e23 Merge pull request #3476 from github/henrymercer/retry-auth-errors
• be75dd9 Add changelog entry for #3466
• 05bca54 Apply suggestion from @​Copilot
• 2d6b98c Merge pull request #3475 from github/henrymercer/retry-auth-errors
• 876cecb Avoid requesting features in CCR
• 43b46a1 Retry API authentication errors since these can be transient
• 8ad4b6e Merge pull request #3472 from github/dependabot/github_actions/dot-github/wor...
• Additional commits viewable in compare view

Updates erlef/setup-beam from 1.17.5 to 1.20.4

Release notes

Sourced from erlef/setup-beam's releases.

v1.20.4

What's Changed

• Fix: more versioning around nightly and maint/main by @​paulo-ferraz-oliveira in erlef/setup-beam#359

Dependabot updates

• Bump eslint from 9.30.0 to 9.30.1 by @​dependabot in erlef/setup-beam#362
• Bump @​eslint/js from 9.30.0 to 9.30.1 by @​dependabot in erlef/setup-beam#360
• Bump globals from 16.2.0 to 16.3.0 by @​dependabot in erlef/setup-beam#361

Full Changelog: erlef/setup-beam@v1.20.3...v1.20.4

v1.20.3

What's Changed

• Handle .tool-versions' line break on Windows by @​paulo-ferraz-oliveira in erlef/setup-beam#357

Full Changelog: erlef/setup-beam@v1.20...v1.20.3

v1.20.2

What's Changed

• Test for updated doc. on latest / ranges / -rc by @​paulo-ferraz-oliveira in erlef/setup-beam#349
• Bump eslint from 9.29.0 to 9.30.0 by @​dependabot in erlef/setup-beam#354
• Bump prettier from 3.6.0 to 3.6.2 by @​dependabot in erlef/setup-beam#353
• Bump @​eslint/js from 9.29.0 to 9.30.0 by @​dependabot in erlef/setup-beam#352
• Fix calculating -otp- major for Elixir by @​paulo-ferraz-oliveira in erlef/setup-beam#351

Full Changelog: erlef/setup-beam@v1.20...v1.20.2

v1.20.1

What's Changed

• Add back deprecated runners with warning by @​paulo-ferraz-oliveira in erlef/setup-beam#348

Full Changelog: erlef/setup-beam@v1...v1.20.1

v1.20.0

What's Changed

• Fix broken link in CODE_OF_CONDUCT.md by @​vkatsuba in erlef/setup-beam#335
• Improve output when failing to get a version from "a place" by @​paulo-ferraz-oliveira in erlef/setup-beam#334
• Support macOS via https://github.com/erlef/otp_builds by @​paulo-ferraz-oliveira in erlef/setup-beam#332
• Minor maintenance updates by @​paulo-ferraz-oliveira in erlef/setup-beam#336
• Update 3rd party licenses (automation) by @​github-actions in erlef/setup-beam#337
• Act on CodeQL's suggestions for tightening security / improving performance by @​paulo-ferraz-oliveira in erlef/setup-beam#338
• Dependabot version updates by @​paulo-ferraz-oliveira in erlef/setup-beam#340
• Match only on what we know should match (versions start with numbers, after OTP-) by @​paulo-ferraz-oliveira in erlef/setup-beam#341

@​dependabot

• Bump eslint from 9.27.0 to 9.28.0 in erlef/setup-beam#343
• Bump @​eslint/js from 9.27.0 to 9.28.0 in erlef/setup-beam#342

... (truncated)

Commits

• e6d7c94 Automation: update setup-beam version output to fceaea9
• fceaea9 Fix: more versioning around nightly and maint/main (#359)
• 2bb5b65 Automation: update setup-beam version output to 1d4efdd
• 1d4efdd Bump globals from 16.2.0 to 16.3.0 (#361)
• 73f047e Automation: update setup-beam version output to 6dd8a1a
• 6dd8a1a Bump @​eslint/js from 9.30.0 to 9.30.1 (#360)
• fd9a2e1 Automation: update setup-beam version output to 65085e3
• 65085e3 Bump eslint from 9.30.0 to 9.30.1 (#362)
• 80c1659 Automation: update setup-beam version output to 8e7fdef
• 8e7fdef Automation: update setup-beam version output to 1fe9179
• Additional commits viewable in compare view

Updates actions/github-script from 7.0.1 to 8.0.0

Release notes

Sourced from actions/github-script's releases.

v8.0.0

What's Changed

• Update Node.js version support to 24.x by @​salmanmkc in actions/github-script#637
• README for updating actions/github-script from v7 to v8 by @​sneha-krip in actions/github-script#653

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

• @​salmanmkc made their first contribution in actions/github-script#637
• @​sneha-krip made their first contribution in actions/github-script#653

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

• Upgrade husky to v9 by @​benelan in actions/github-script#482
• Add workflow file for publishing releases to immutable action package by @​Jcambass in actions/github-script#485
• Upgrade IA Publish by @​Jcambass in actions/github-script#486
• Fix workflow status badges by @​joshmgross in actions/github-script#497
• Update usage of actions/upload-artifact by @​joshmgross in actions/github-script#512
• Clear up package name confusion by @​joshmgross in actions/github-script#514
• Update dependencies with npm audit fix by @​joshmgross in actions/github-script#515
• Specify that the used script is JavaScript by @​timotk in actions/github-script#478
• chore: Add Dependabot for NPM and Actions by @​nschonni in actions/github-script#472
• Define permissions in workflows and update actions by @​joshmgross in actions/github-script#531
• chore: Add Dependabot for .github/actions/install-dependencies by @​nschonni in actions/github-script#532
• chore: Remove .vscode settings by @​nschonni in actions/github-script#533
• ci: Use github/setup-licensed by @​nschonni in actions/github-script#473
• make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by @​iamstarkov in actions/github-script#508
• Remove octokit README updates for v7 by @​joshmgross in actions/github-script#557
• docs: add "exec" usage examples by @​neilime in actions/github-script#546
• Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by @​dependabot[bot] in actions/github-script#563
• Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by @​dependabot[bot] in actions/github-script#575
• Clearly document passing inputs to the script by @​joshmgross in actions/github-script#603
• Update README.md by @​nebuk89 in actions/github-script#610

New Contributors

• @​benelan made their first contribution in actions/github-script#482
• @​Jcambass made their first contribution in actions/github-script#485
• @​timotk made their first contribution in actions/github-script#478
• @​iamstarkov made their first contribution in actions/github-script#508
• @​neilime made their first contribution in actions/github-script#546
• @​nebuk89 made their first contribution in actions/github-script#610

Full Changelog: actions/github-script@v7...v7.1.0

Commits

• ed59741 Merge pull request #653 from actions/sneha-krip/readme-for-v8
• 2dc352e Bold minimum Actions Runner version in README
• 01e118c Update README for Node 24 runtime requirements
• 8b222ac Apply suggestion from @​salmanmkc
• adc0eea README for updating actions/github-script from v7 to v8
• 20fe497 Merge pull request #637 from actions/node24
• e7b7f22 update licenses
• 2c81ba0 Update Node.js version support to 24.x
• f28e40c Merge pull request #610 from actions/nebuk89-patch-1
• 1ae9958 Update README.md
• Additional commits viewable in compare view

Updates dtolnay/rust-toolchain from f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561 to efa25f7f19611383d5b0ccf2d1c8914531636bf9

Commits

• efa25f7 Add 1.93.1 patch release
• See full diff in compare view

Updates trufflesecurity/trufflehog from 3.92.4 to 3.93.3

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.93.3

What's Changed

• OpenAI Admin Key Detector by @​amanfcp in trufflesecurity/trufflehog#4689

Full Changelog: trufflesecurity/trufflehog@v3.93.2...v3.93.3

v3.93.2

What's Changed

• Fix pre-receive hook hangs and missing logs by flushing logs on signal and using CommandContext for git commands by @​jordanTunstill in trufflesecurity/trufflehog#4714
• [INS-285] Fix custom detectors line number reporting to match the full regex instead of capture group by @​mustansir14 in trufflesecurity/trufflehog#4697

Full Changelog: trufflesecurity/trufflehog@v3.93.1...v3.93.2

v3.93.1

What's Changed

• Enhance security reporting guidelines in SECURITY.md by @​joeleonjr in trufflesecurity/trufflehog#4725
• Allow logging of caller info by @​rosecodym in trufflesecurity/trufflehog#4731

Full Changelog: trufflesecurity/trufflehog@v3.93.0...v3.93.1

v3.93.0

What's Changed

• Remove ResultWithMetadata.Data by @​rosecodym in trufflesecurity/trufflehog#4659
• Add tests for processResult by @​rosecodym in trufflesecurity/trufflehog#4674
• Switch out default HTTP client use in detectors by @​bradlarsen in trufflesecurity/trufflehog#4670
• [INS-202] Add rate limiting to the Github Analyzer by @​mustansir14 in trufflesecurity/trufflehog#4617
• Fix/issue 4578 path normalization for unix and windows by @​Rusted2361 in trufflesecurity/trufflehog#4614
• Auto-configure TruffleHog for Pre-commit Hooks by @​kashifkhan0771 in trufflesecurity/trufflehog#4666
• Include key info for analyze by @​bill-rich in trufflesecurity/trufflehog#4686
• fix: typos in comments by @​NAM-MAN in trufflesecurity/trufflehog#4676
• Stop using detectableChunk in processResult by @​rosecodym in trufflesecurity/trufflehog#4691
• fix(github): preserve trailing hyphens in repository names by @​PascalThuet in trufflesecurity/trufflehog#4695
• Skip failing Git Engine test by @​mustansir14 in trufflesecurity/trufflehog#4701
• [INS-281] Github Bug fix: UnitErr and UnitOK called for the same repo by @​mustansir14 in trufflesecurity/trufflehog#4681
• [INS-258] Revert includeRepos removal from GitHub source by @​mustansir14 in trufflesecurity/trufflehog#4673
• Re-enable Git Engine Test by @​shahzadhaider1 in trufflesecurity/trufflehog#4715
• Add some false positive tests by @​rosecodym in trufflesecurity/trufflehog#4703
• Unify false positive/overlap tests by @​rosecodym in trufflesecurity/trufflehog#4699
• Unify some false positive logic by @​rosecodym in trufflesecurity/trufflehog#4720
• [INS-249] Updated Gitlab client from v0.129.0 to v1.12.0(latest) by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4655
• [INS-307] Added unspecified(0.0.0.0) check to DetectorHttpClientWithNoLocalAddresses by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4726
• Added Analysis info to tableau detector by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4717
• Remove first-class verification overlap tracker by @​rosecodym in trufflesecurity/trufflehog#4723
• [INS-280] Fix Github "repostories" filter does not respect GHES endpoint by @​mustansir14 in trufflesecurity/trufflehog#4677
• [INS-228] Add ignorePattern configuration support to Postgres and Sqlserver detectors by @​mustansir14 in trufflesecurity/trufflehog#4612

New Contributors

... (truncated)

Commits

• 6961f2b OpenAI Admin Key Detector (#4689)
• 4158734 [INS-285] Fix custom detectors line number reporting to match the full regex ...
• e9734c1 Fix pre-receive hook hangs and missing logs by flushing logs on signal and us...
• 7635b24 Allow logging of caller info (#4731)
• b78fbfd Enhance security reporting guidelines in SECURITY.md (#4725)
• 7f4e37d [INS-228] Add ignorePattern configuration support to Postgres and Sqlserver d...
• daf5bf1 [INS-280] Fix Github "repostories" filter does not respect GHES endpoint (#4677)
• 4d4080b remove tracker type (#4723)
• ddb9583 Added Analysis info to tableau detector (#4717)
• ef3bf34 [INS-307] Added unspecified(0.0.0.0) check to DetectorHttpClientWithNoLocalAd...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.