ci(deps): bump the github-actions group across 1 directory with 8 updates

[dependabot]

Bumps the github-actions group with 8 updates in the /.github/workflows directory:

Package	From	To
step-security/harden-runner	2.14.0	2.14.1
actions/checkout	4.2.2	6.0.2
actions/upload-artifact	4.6.2	6.0.0
actions/download-artifact	4.3.0	7.0.0
github/codeql-action	3.28.18	4.31.11
docker/metadata-action	5.7.0	5.10.0
anchore/sbom-action	0.20.0	0.22.0
aquasecurity/trivy-action	0.31.0	0.33.1

Updates step-security/harden-runner from 2.14.0 to 2.14.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.14.1

What's Changed

1. In some self-hosted environments, the agent could briefly fall back to public DNS resolvers during startup if the system DNS was not yet available. This behavior was unintended for GitHub-hosted runners and has now been fixed to prevent any use of public DNS resolvers.

2. Fixed npm audit vulnerabilities

Full Changelog: step-security/harden-runner@v2.14.0...v2.14.1

Commits

• e3f713f Merge pull request #631 from step-security/rc-31
• 423acdd chore: fix npm audit vulnerabilities
• 0ddb86c update agent
• See full diff in compare view

Updates actions/checkout from 4.2.2 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

• Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @​TingluoHuang in actions/checkout#2355
• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

• Update all references from v5 and v4 to v6 by @​ericsciple in actions/checkout#2314
• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327
• Clarify v6 README by @​ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

v6.0.1

• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

... (truncated)

Commits

• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• 08c6903 Prepare v5.0.0 release (#2238)
• Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.2 to 6.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README.md by @​GhadimiR in actions/upload-artifact#681
• Update README.md by @​nebuk89 in actions/upload-artifact#712
• Readme: spell out the first use of GHES by @​danwkennedy in actions/upload-artifact#727
• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in actions/upload-artifact#725
• Bump @actions/artifact to v4.0.0
• Prepare v5.0.0 by @​danwkennedy in actions/upload-artifact#734

New Contributors

• @​GhadimiR made their first contribution in actions/upload-artifact#681
• @​nebuk89 made their first contribution in actions/upload-artifact#712
• @​danwkennedy made their first contribution in actions/upload-artifact#727
• @​patrikpolyak made their first contribution in actions/upload-artifact#725

Full Changelog: actions/upload-artifact@v4...v5.0.0

Commits

• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• ddc45ed docs: update README to correct action name for Node.js 24 support
• 615b319 chore: release v6.0.0 for Node.js 24 support
• 017748b Merge pull request #744 from actions/fix-storage-blob
• 38d4c79 chore: rebuild dist
• 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
• 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
• 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
• b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
• Additional commits viewable in compare view

Updates actions/download-artifact from 4.3.0 to 7.0.0

Release notes

Sourced from actions/download-artifact's releases.

v7.0.0

v7 - What's new

[!IMPORTANT] actions/download-artifact@v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in actions/download-artifact#440
• Download Artifact Node24 support by @​salmanmkc in actions/download-artifact#415
• fix: update @​actions/artifact to fix Node.js 24 punycode deprecation by @​salmanmkc in actions/download-artifact#451
• prepare release v7.0.0 for Node.js 24 support by @​salmanmkc in actions/download-artifact#452

New Contributors

• @​patrikpolyak made their first contribution in actions/download-artifact#440
• @​salmanmkc made their first contribution in actions/download-artifact#415

Full Changelog: actions/download-artifact@v6.0.0...v7.0.0

v6.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README for download-artifact v5 changes by @​yacaovsnc in actions/download-artifact#417
• Update README with artifact extraction details by @​yacaovsnc in actions/download-artifact#424
• Readme: spell out the first use of GHES by @​danwkennedy in actions/download-artifact#431
• Bump @actions/artifact to v4.0.0
• Prepare v6.0.0 by @​danwkennedy in actions/download-artifact#438

New Contributors

• @​danwkennedy made their first contribution in actions/download-artifact#431

Full Changelog: actions/download-artifact@v5...v6.0.0

v5.0.0

What's Changed

• Update README.md by @​nebuk89 in actions/download-artifact#407
• BREAKING fix: inconsistent path behavior for single artifact downloads by ID by @​GrantBirki in actions/download-artifact#416

v5.0.0

🚨 Breaking Change

This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.

What Changed

... (truncated)

Commits

• 37930b1 Merge pull request #452 from actions/download-artifact-v7-release
• 72582b9 doc: update readme
• 0d2ec9d chore: release v7.0.0 for Node.js 24 support
• fd7ae8f Merge pull request #451 from actions/fix-storage-blob
• d484700 chore: restore minimatch.dep.yml license file
• 03a8080 chore: remove obsolete dependency license files
• 56fe6d9 chore: update @​actions/artifact license file to 5.0.1
• 8e3ebc4 chore: update package-lock.json with @​actions/artifact@​5.0.1
• 1e3c4b4 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
• 458627d chore: use local @​actions/artifact package for Node.js 24 testing
• Additional commits viewable in compare view

Updates github/codeql-action from 3.28.18 to 4.31.11

Release notes

Sourced from github/codeql-action's releases.

v4.31.11

• When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
• Improved error handling throughout the CodeQL Action. #3415
• Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
• The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

v4.31.10

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.10 - 12 Jan 2026

• Update default CodeQL bundle version to 2.23.9. #3393

See the full CHANGELOG.md for more information.

v4.31.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.9 - 16 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #3354

See the full CHANGELOG.md for more information.

v4.31.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #3343

See the full CHANGELOG.md for more information.

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.11 - 23 Jan 2026

• When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
• Improved error handling throughout the CodeQL Action. #3415
• Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
• The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

4.31.10 - 12 Jan 2026

• Update default CodeQL bundle version to 2.23.9. #3393

4.31.9 - 16 Dec 2025

No user facing changes.

4.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

• Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
• Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

... (truncated)

Commits

• 19b2f06 Merge pull request #3417 from github/update-v4.31.11-1601acf88
• 03afde0 Add noteworthy changes to changelog
• 9469107 Update changelog for v4.31.11
• 1601acf Merge pull request #3415 from github/henrymercer/address-telemetry-gap
• fba7872 Address review comments
• a8dd5ab Merge pull request #3414 from github/dependabot/npm_and_yarn/lodash-4.17.23
• 28bfb7b Omit error from start-proxy Action
• 91f3460 Throw if in test mode
• edebb78 Differentiate unhandled errors in telemetry
• 529c266 Use getErrorMessage in more places
• Additional commits viewable in compare view

Updates docker/metadata-action from 5.7.0 to 5.10.0

Release notes

Sourced from docker/metadata-action's releases.

v5.10.0

• Bump @​docker/actions-toolkit from 0.66.0 to 0.68.0 in docker/metadata-action#559 docker/metadata-action#569
• Bump js-yaml from 3.14.1 to 3.14.2 in docker/metadata-action#564

Full Changelog: docker/metadata-action@v5.9.0...v5.10.0

v5.9.0

• Add tag-names output to return tag names without image base name by @​crazy-max in docker/metadata-action#553
• Bump @​babel/runtime-corejs3 from 7.14.7 to 7.28.2 in docker/metadata-action#539
• Bump @​docker/actions-toolkit from 0.62.1 to 0.66.0 in docker/metadata-action#555
• Bump brace-expansion from 1.1.11 to 1.1.12 in docker/metadata-action#540
• Bump csv-parse from 5.6.0 to 6.1.0 in docker/metadata-action#532
• Bump semver from 7.7.2 to 7.7.3 in in docker/metadata-action#554
• Bump tmp from 0.2.3 to 0.2.5 in docker/metadata-action#541

Full Changelog: docker/metadata-action@v5.8.0...v5.9.0

v5.8.0

• New is_not_default_branch global expression by @​crazy-max in docker/metadata-action#535
• Allow to match part of the git tag or value for semver/pep440 types by @​crazy-max in docker/metadata-action#536 docker/metadata-action#537
• Bump @​actions/github from 6.0.0 to 6.0.1 in docker/metadata-action#523
• Bump @​docker/actions-toolkit from 0.56.0 to 0.62.1 in docker/metadata-action#526
• Bump form-data from 2.5.1 to 2.5.5 in docker/metadata-action#533
• Bump moment-timezone from 0.5.47 to 0.6.0 in docker/metadata-action#525
• Bump semver from 7.7.1 to 7.7.2 in docker/metadata-action#524

Full Changelog: docker/metadata-action@v5.7.0...v5.8.0

Commits

• c299e40 Merge pull request #569 from docker/dependabot/npm_and_yarn/docker/actions-to...
• f015d79 chore: update generated content
• 121bcc2 chore(deps): Bump @​docker/actions-toolkit from 0.67.0 to 0.68.0
• f7b6bf4 Merge pull request #564 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
• 0b95c6b Merge pull request #565 from docker/dependabot/github_actions/actions/checkout-6
• 17f70d7 Merge pull request #568 from motoki317/docs/fix-to-24h-schedule-pattern
• afd7e6d docs(README): Fix date format from 12h to 24h in schedule pattern
• 602aff8 chore(deps): Bump actions/checkout from 5 to 6
• aecb1a4 chore(deps): Bump js-yaml from 3.14.1 to 3.14.2
• 8d8c7c1 Merge pull request #559 from docker/dependabot/npm_and_yarn/docker/actions-to...
• Additional commits viewable in compare view

Updates anchore/sbom-action from 0.20.0 to 0.22.0

Release notes

Sourced from anchore/sbom-action's releases.

v0.22.0

Changes in v0.22.0

⬆️ Dependencies

• chore(deps-dev): bump the dev-dependencies group with 19 updates (#566) [@​dependabot]
• chore(deps): bump npm-check-updates from 17.1.3 to 19.3.1 (#567) [@​dependabot]
• chore(deps): update Syft to v1.40.1 (#563) [@​anchore-actions-token-generator[bot]]

v0.21.1

Changes in v0.21.1

• chore(deps): update Syft to v1.40.0 (#562) [[anchore-actions-token-generator[bot]](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]

v0.21.0

• chore(deps): update Syft to v1.39.0 (#561)
• chore(deps): bump @​octokit/request-error, @​octokit/core and @​octokit/webhooks (#560)
• chore(deps): bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (#558)

v0.20.11

Changes in v0.20.11

• update Syft to v1.38.2 (anchore/sbom-action#557)
• bump @​octokit/plugin-paginate-rest, @​actions/artifact and @​actions/github (#550) [[dependabot[bot]](https://github.com/[dependabot[bot]](https://github.com/apps/dependabot))]
• bump js-yaml (#552) [[dependabot[bot]](https://github.com/[dependabot[bot]](https://github.com/apps/dependabot))]

v0.20.10

Changes in v0.20.10

• chore(deps): update Syft to v1.38.0 (#548) [[anchore-actions-token-generator[bot]](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]

v0.20.9

Changes in v0.20.9

• chore(deps): update Syft to v1.36.0 (#546) [[anchore-actions-token-generator[bot]](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]

v0.20.8

Changes in v0.20.8

• chore(deps): update Syft to v1.34.2 (#545) [[anchore-actions-token-generator[bot]](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]

v0.20.7

Changes in v0.20.7

• chore(deps): update Syft to v1.34.1 (#544)

v0.20.6

Changes in v0.20.6

• chore(deps): update Syft to v1.33.0 (#537) [[anchore-actions-token-generator[bot]](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]

... (truncated)

Commits

• 62ad528 chore: update release-drafter, dependencies (#571)
• 2657179 chore(deps-dev): bump the dev-dependencies group with 19 updates (#566)
• 61140b1 chore(deps): bump npm-check-updates from 17.1.3 to 19.3.1 (#567)
• f99cf3e ci: enable dependabot with groups (#565)
• 28b3d8f Chore better zizmor (#564)
• 3363a57 chore(deps): update Syft to v1.40.1 (#563)
• 0b82b0b chore(deps): update Syft to v1.40.0 (#562)
• a930d0a chore(deps): update Syft to v1.39.0 (#561)
• e4b2532 chore(deps): bump @​octokit/request-error, @​octokit/core and @​octokit/webhooks...
• 481b254 chore(deps): bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (#558)
• Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.31.0 to 0.33.1

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.33.1

What's Changed

• Update setup-trivy action to version v0.2.4 by @​martincostello in aquasecurity/trivy-action#486

Full Changelog: aquasecurity/trivy-action@0.33.0...0.33.1

v0.33.0

What's Changed

• Update dependencies in README by @​ibakshay in aquasecurity/trivy-action#378
• doc: correct sbom fs scan by @​yxtay in aquasecurity/trivy-action#458
• Pin actions/cache by SHA by @​martincostello in aquasecurity/trivy-action#480
• chore(ci): Add oras to correctly setup sync jobs by @​simar7 in aquasecurity/trivy-action#482
• chore(deps): Update trivy to v0.65.0 by @​aqua-bot in aquasecurity/trivy-action#481

New Contributors

• @​ibakshay made their first contribution in aquasecurity/trivy-action#378
• @​yxtay made their first contribution in aquasecurity/trivy-action#458
• @​martincostello made their first contribution in aquasecurity/trivy-action#480

Full Changelog: aquasecurity/trivy-action@0.32.0...0.33.0

v0.32.0

What's Changed

• chore(deps): Update trivy to v0.64.1 by @​aqua-bot in aquasecurity/trivy-action#474

Full Changelog: aquasecurity/trivy-action@0.31.0...0.32.0

Commits

• b6643a2 Update setup-trivy action to version v0.2.4 (#486)
• f9424c1 Merge pull request #481 from aquasecurity/bump-trivy-1755898251
• 85abccb dev: delete fanal.db before tests
• a169870 ci: update golden files on Trivy bump
• 71f6a8f dev: add update-golden goal
• bf330b1 test: update golden files
• 644762e Merge pull request #482 from aquasecurity/fix-gh-actions
• f2e2851 chore(ci): Add oras to correctly setup sync jobs
• 636fd3c fix: update tests
• 7c0244b chore(deps): Update trivy to v0.65.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[evansims]

@dependabot recreate