chore(deps): bump the github-actions group with 5 updates

[dependabot]

Bumps the github-actions group with 5 updates:

Package	From	To
anchore/scan-action	7.2.1	7.2.2
github/codeql-action	4.31.7	4.31.8
ruby/setup-ruby	1.269.0	1.270.0
updatecli/updatecli-action	2.97.0	2.98.0
robfrank/kamal-accessories-updater	25.11.2	25.12.1

Updates anchore/scan-action from 7.2.1 to 7.2.2

Release notes

Sourced from anchore/scan-action's releases.

v7.2.2

New in scan-action v7.2.2

• update Grype to v0.104.2 (#557) [[anchore-actions-token-generator[bot]](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]
• bump glob from 10.4.5 to 10.5.0 (#546) [[dependabot[bot]](https://github.com/[dependabot[bot]](https://github.com/apps/dependabot))]

Commits

• 3c9a191 chore(deps): update Grype to v0.104.2 (#557)
• 0a9fbe8 chore(deps-dev): bump lint-staged from 16.2.6 to 16.2.7 (#547)
• 5ac7f2a chore(deps-dev): bump prettier from 3.6.2 to 3.7.4 (#555)
• 563e915 chore(deps): bump peter-evans/create-pull-request from 7.0.8 to 7.0.11 (#556)
• 49c6d26 chore(deps): bump actions/checkout from 5.0.0 to 6.0.1 (#554)
• 77906c3 chore(deps): bump actions/setup-node from 6.0.0 to 6.1.0 (#553)
• ed82e81 chore(deps): bump glob from 10.4.5 to 10.5.0 (#546)
• See full diff in compare view

Updates github/codeql-action from 4.31.7 to 4.31.8

Release notes

Sourced from github/codeql-action's releases.

v4.31.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #3354

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

• Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
• Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

• The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

• Bump minimum CodeQL bundle version to 2.17.6. #3223
• When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

4.30.9 - 17 Oct 2025

• Update default CodeQL bundle version to 2.23.3. #3205
• Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

... (truncated)

Commits

• 1b168cd Merge pull request #3355 from github/update-v4.31.8-1b0b941e1
• 120f277 Update changelog for v4.31.8
• 1b0b941 Merge pull request #3354 from github/update-bundle/codeql-bundle-v2.23.8
• db812c1 Add changelog note
• 2930dba Update default bundle to codeql-bundle-v2.23.8
• c43362b Merge pull request #3340 from github/kaspersv/check-for-overlayBaseSpecifier
• 002a7f2 Overlay: log overlayBaseSpecifier at debug log-level
• 5b7e7fc Update src/codeql.ts
• 149d184 Merge pull request #3345 from github/mergeback/v4.31.7-to-main-cf1bb45a
• 97c2630 Rebuild
• Additional commits viewable in compare view

Updates ruby/setup-ruby from 1.269.0 to 1.270.0

Release notes

Sourced from ruby/setup-ruby's releases.

v1.270.0

What's Changed

• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in ruby/setup-ruby#830
• When setting $JAVA_HOME also add $JAVA_HOME/bin to PATH by @​eregon in ruby/setup-ruby#836

Full Changelog: ruby/setup-ruby@v1.269.0...v1.270.0

Commits

• ac793fd When setting $JAVA_HOME also add $JAVA_HOME/bin to PATH
• 5f8a775 macos-13 is gone
• 30a6546 Bump actions/checkout from 5 to 6
• See full diff in compare view

Updates updatecli/updatecli-action from 2.97.0 to 2.98.0

Release notes

Sourced from updatecli/updatecli-action's releases.

v2.98.0 🌈

Changes

• Bump "@​types/node" package version @updateclibot[bot] (#991)
• deps: update updatecli version to v0.112.0 @updateclibot[bot] (#990)
• Bump "@​types/node" package version @updateclibot[bot] (#989)

Contributors

@​updateclibot[bot] and updateclibot[bot]

Commits

• b846825 Bump "@​types/node" package version (#991)
• fc534a8 deps: update updatecli version to v0.112.0 (#990)
• 0d62933 Bump "@​types/node" package version (#989)
• See full diff in compare view

Updates robfrank/kamal-accessories-updater from 25.11.2 to 25.12.1

Release notes

Sourced from robfrank/kamal-accessories-updater's releases.

Release v25.12.1

What's Changed

• Merge pull request #7 from robfrank/dependabot/github_actions/github-actions-0b8390718f (231507f)
• Merge pull request #8 from robfrank/dependabot/github_actions/actions/checkout-6.0.0 (7cad6b2)
• Bump actions/checkout from 5.0.0 to 6.0.0 (7f31bd5)
• Bump peter-evans/create-pull-request in the github-actions group (a8d7de4)
• Merge pull request #6 from emadb/patch-1 (18beb5d)
• update Readme to match the latest version (aab2b06)

Usage

To use this version in your workflows:

- name: Update Kamal accessories
  uses: robfrank/kamal-accessories-updater@v25.12.1
  with:
    config-dir: config
    mode: update-all

Full Changelog: robfrank/kamal-accessories-updater@...v25.12.1

Commits

• 231507f Merge pull request #7 from robfrank/dependabot/github_actions/github-actions-...
• 7cad6b2 Merge pull request #8 from robfrank/dependabot/github_actions/actions/checkou...
• 7f31bd5 Bump actions/checkout from 5.0.0 to 6.0.0
• a8d7de4 Bump peter-evans/create-pull-request in the github-actions group
• 18beb5d Merge pull request #6 from emadb/patch-1
• aab2b06 update Readme to match the latest version
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[mergify]

🧪 CI Insights

Here's what we observed from your CI run for 4c3403e.

🟢 All jobs passed!

But CI Insights is watching 👀