🆙 action: Bump the actions group with 2 updates

[dependabot]

Bumps the actions group with 2 updates: github/codeql-action and actions/setup-node.

Updates github/codeql-action from 3.28.0 to 3.28.10

Release notes

Sourced from github/codeql-action's releases.

v3.28.10

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.10 - 21 Feb 2025

• Update default CodeQL bundle version to 2.20.5. #2772
• Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

See the full CHANGELOG.md for more information.

v3.28.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.9 - 07 Feb 2025

• Update default CodeQL bundle version to 2.20.4. #2753

See the full CHANGELOG.md for more information.

v3.28.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.8 - 29 Jan 2025

• Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

See the full CHANGELOG.md for more information.

v3.28.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.7 - 29 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.10 - 21 Feb 2025

• Update default CodeQL bundle version to 2.20.5. #2772
• Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

3.28.9 - 07 Feb 2025

• Update default CodeQL bundle version to 2.20.4. #2753

3.28.8 - 29 Jan 2025

• Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

• Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

3.28.5 - 24 Jan 2025

• Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

3.28.3 - 22 Jan 2025

• Update default CodeQL bundle version to 2.20.2. #2707
• Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #2710
• Uploading debug artifacts for CodeQL analysis is temporarily disabled. #2712

3.28.2 - 21 Jan 2025

No user facing changes.

3.28.1 - 10 Jan 2025

• CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677

... (truncated)

Commits

• b56ba49 Merge pull request #2778 from github/update-v3.28.10-9856c48b1
• 60c9c77 Update changelog for v3.28.10
• 9856c48 Merge pull request #2773 from github/redsun82/rust
• 9572e09 Rust: fix log string
• 1a52936 Rust: special case default setup
• cf7e909 Merge pull request #2772 from github/update-bundle/codeql-bundle-v2.20.5
• b7006aa Merge branch 'main' into update-bundle/codeql-bundle-v2.20.5
• cfedae7 Rust: throw configuration errors if requested and not correctly enabled
• 3971ed2 Merge branch 'main' into redsun82/rust
• d38c6e6 Merge pull request #2775 from github/angelapwen/bump-octokit
• Additional commits viewable in compare view

Updates actions/setup-node from 4.1.0 to 4.2.0

Release notes

Sourced from actions/setup-node's releases.

v4.2.0

What's Changed

• Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by @​aparnajyothi-y in actions/setup-node#1174
• Add recommended permissions section to readme by @​benwells in actions/setup-node#1193
• Configure Dependabot settings by @​HarithaVattikuti in actions/setup-node#1192
• Upgrade @actions/cache to ^4.0.0 by @​priyagupta108 in actions/setup-node#1191
• Upgrade pnpm/action-setup from 2 to 4 by @​dependabot in actions/setup-node#1194
• Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot in actions/setup-node#1195
• Upgrade semver from 7.6.0 to 7.6.3 by @​dependabot in actions/setup-node#1196
• Upgrade @​types/jest from 29.5.12 to 29.5.14 by @​dependabot in actions/setup-node#1201
• Upgrade undici from 5.28.4 to 5.28.5 by @​dependabot in actions/setup-node#1205

New Contributors

• @​benwells made their first contribution in actions/setup-node#1193

Full Changelog: actions/setup-node@v4...v4.2.0

Commits

• 1d0ff46 Bump undici from 5.28.4 to 5.28.5 (#1205)
• 574f09a Bump @​types/jest from 29.5.12 to 29.5.14 (#1201)
• 260f870 Bump semver from 7.6.0 to 7.6.3 (#1196)
• 111c4be Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#1195)
• 0bc26de Bump pnpm/action-setup from 2 to 4 (#1194)
• 8f9cc17 Use the new cache service: upgrade @actions/cache to ^4.0.0 (#1191)
• 5eef37b Create dependabot.yml (#1192)
• fbeca22 Update README.md (#1193)
• 48b9067 Add macos-13 to the workflows and upgrade publish-actions from 0.2.2 to 0.3.0...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @stoe.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

The following labels could not be found: github-action :robot:.

[stoe]

@dependabot rebase

[stoe]

@dependabot squash and merge

[stoe]

@dependabot rebase

[dependabot]

One of your CI runs failed on this pull request, so Dependabot won't merge it.

Dependabot will still automatically merge this pull request if you amend it and your tests pass.