chore(deps): update github-actions deps (#7732)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/setup-go](https://redirect.github.com/actions/setup-go) |
action | minor | `v6.0.0` -> `v6.1.0` |
| [actions/setup-node](https://redirect.github.com/actions/setup-node) |
action | minor | `v6.0.0` -> `v6.1.0` |
|
[actions/setup-python](https://redirect.github.com/actions/setup-python)
| action | minor | `v6.0.0` -> `v6.1.0` |
|
[docker/setup-qemu-action](https://redirect.github.com/docker/setup-qemu-action)
| action | minor | `v3.6.0` -> `v3.7.0` |
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | minor | `v4.30.8` -> `v4.31.8` |
|
[step-security/harden-runner](https://redirect.github.com/step-security/harden-runner)
| action | minor | `v2.13.0` -> `v2.14.0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>actions/setup-go (actions/setup-go)</summary>

###
[`v6.1.0`](https://redirect.github.com/actions/setup-go/releases/tag/v6.1.0)

[Compare
Source](https://redirect.github.com/actions/setup-go/compare/v6.0.0...v6.1.0)

#### What's Changed

##### Enhancements

- Fall back to downloading from go.dev/dl instead of
storage.googleapis.com/golang by
[@&#8203;nicholasngai](https://redirect.github.com/nicholasngai) in
[#&#8203;665](https://redirect.github.com/actions/setup-go/pull/665)
- Add support for .tool-versions file and update workflow by
[@&#8203;priya-kinthali](https://redirect.github.com/priya-kinthali) in
[#&#8203;673](https://redirect.github.com/actions/setup-go/pull/673)
- Add comprehensive breaking changes documentation for v6 by
[@&#8203;mahabaleshwars](https://redirect.github.com/mahabaleshwars) in
[#&#8203;674](https://redirect.github.com/actions/setup-go/pull/674)

##### Dependency updates

- Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document
breaking changes in v6 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[#&#8203;617](https://redirect.github.com/actions/setup-go/pull/617)
- Upgrade actions/publish-action from 0.3.0 to 0.4.0 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[#&#8203;641](https://redirect.github.com/actions/setup-go/pull/641)
- Upgrade semver and
[@&#8203;types/semver](https://redirect.github.com/types/semver) by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[#&#8203;652](https://redirect.github.com/actions/setup-go/pull/652)

#### New Contributors

- [@&#8203;nicholasngai](https://redirect.github.com/nicholasngai) made
their first contribution in
[#&#8203;665](https://redirect.github.com/actions/setup-go/pull/665)
- [@&#8203;priya-kinthali](https://redirect.github.com/priya-kinthali)
made their first contribution in
[#&#8203;673](https://redirect.github.com/actions/setup-go/pull/673)
- [@&#8203;mahabaleshwars](https://redirect.github.com/mahabaleshwars)
made their first contribution in
[#&#8203;674](https://redirect.github.com/actions/setup-go/pull/674)

**Full Changelog**:
<actions/setup-go@v6...v6.1.0>

</details>

<details>
<summary>actions/setup-node (actions/setup-node)</summary>

###
[`v6.1.0`](https://redirect.github.com/actions/setup-node/releases/tag/v6.1.0)

[Compare
Source](https://redirect.github.com/actions/setup-node/compare/v6.0.0...v6.1.0)

#### What's Changed

##### Enhancement:

- Remove always-auth configuration handling by
[@&#8203;priyagupta108](https://redirect.github.com/priyagupta108) in
[#&#8203;1436](https://redirect.github.com/actions/setup-node/pull/1436)

##### Dependency updates:

- Upgrade
[@&#8203;actions/cache](https://redirect.github.com/actions/cache) from
4.0.3 to 4.1.0 by
[@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in
[#&#8203;1384](https://redirect.github.com/actions/setup-node/pull/1384)
- Upgrade actions/checkout from 5 to 6 by
[@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in
[#&#8203;1439](https://redirect.github.com/actions/setup-node/pull/1439)
- Upgrade js-yaml from 3.14.1 to 3.14.2 by
[@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in
[#&#8203;1435](https://redirect.github.com/actions/setup-node/pull/1435)

##### Documentation update:

- Add example for restore-only cache in documentation by
[@&#8203;aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in
[#&#8203;1419](https://redirect.github.com/actions/setup-node/pull/1419)

**Full Changelog**:
<actions/setup-node@v6...v6.1.0>

</details>

<details>
<summary>actions/setup-python (actions/setup-python)</summary>

###
[`v6.1.0`](https://redirect.github.com/actions/setup-python/releases/tag/v6.1.0)

[Compare
Source](https://redirect.github.com/actions/setup-python/compare/v6.0.0...v6.1.0)

##### What's Changed

##### Enhancements:

- Add support for `pip-install` input by
[@&#8203;gowridurgad](https://redirect.github.com/gowridurgad) in
[#&#8203;1201](https://redirect.github.com/actions/setup-python/pull/1201)
- Add graalpy early-access and windows builds by
[@&#8203;timfel](https://redirect.github.com/timfel) in
[#&#8203;880](https://redirect.github.com/actions/setup-python/pull/880)

##### Dependency and Documentation updates:

- Enhanced wording and updated example usage for `allow-prereleases` by
[@&#8203;yarikoptic](https://redirect.github.com/yarikoptic) in
[#&#8203;979](https://redirect.github.com/actions/setup-python/pull/979)
- Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in
v6 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in
[#&#8203;1139](https://redirect.github.com/actions/setup-python/pull/1139)
- Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[#&#8203;1094](https://redirect.github.com/actions/setup-python/pull/1094)
- Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation
update for pip-install input by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[#&#8203;1199](https://redirect.github.com/actions/setup-python/pull/1199)
- Upgrade requests from 2.32.2 to 2.32.4 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[#&#8203;1130](https://redirect.github.com/actions/setup-python/pull/1130)
- Upgrade prettier from 3.5.3 to 3.6.2 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[#&#8203;1234](https://redirect.github.com/actions/setup-python/pull/1234)
- Upgrade [@&#8203;types/node](https://redirect.github.com/types/node)
from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[#&#8203;1235](https://redirect.github.com/actions/setup-python/pull/1235)

##### New Contributors

- [@&#8203;yarikoptic](https://redirect.github.com/yarikoptic) made
their first contribution in
[#&#8203;979](https://redirect.github.com/actions/setup-python/pull/979)

**Full Changelog**:
<actions/setup-python@v6...v6.1.0>

</details>

<details>
<summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary>

###
[`v3.7.0`](https://redirect.github.com/docker/setup-qemu-action/releases/tag/v3.7.0)

[Compare
Source](https://redirect.github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0)

- Bump
[@&#8203;docker/actions-toolkit](https://redirect.github.com/docker/actions-toolkit)
from 0.56.0 to 0.67.0 in
[#&#8203;217](https://redirect.github.com/docker/setup-qemu-action/pull/217)
[#&#8203;230](https://redirect.github.com/docker/setup-qemu-action/pull/230)
- Bump brace-expansion from 1.1.11 to 1.1.12 in
[#&#8203;220](https://redirect.github.com/docker/setup-qemu-action/pull/220)
- Bump form-data from 2.5.1 to 2.5.5 in
[#&#8203;218](https://redirect.github.com/docker/setup-qemu-action/pull/218)
- Bump tmp from 0.2.3 to 0.2.4 in
[#&#8203;221](https://redirect.github.com/docker/setup-qemu-action/pull/221)
- Bump undici from 5.28.4 to 5.29.0 in
[#&#8203;219](https://redirect.github.com/docker/setup-qemu-action/pull/219)

**Full Changelog**:
<docker/setup-qemu-action@v3.6.0...v3.7.0>

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v4.31.8`](https://redirect.github.com/github/codeql-action/releases/tag/v4.31.8)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.31.7...v4.31.8)

##### CodeQL Action Changelog

See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

##### 4.31.8 - 11 Dec 2025

- Update default CodeQL bundle version to 2.23.8.
[#&#8203;3354](https://redirect.github.com/github/codeql-action/pull/3354)

See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v4.31.8/CHANGELOG.md)
for more information.

###
[`v4.31.7`](https://redirect.github.com/github/codeql-action/releases/tag/v4.31.7)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.31.6...v4.31.7)

##### CodeQL Action Changelog

See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

##### 4.31.7 - 05 Dec 2025

- Update default CodeQL bundle version to 2.23.7.
[#&#8203;3343](https://redirect.github.com/github/codeql-action/pull/3343)

See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v4.31.7/CHANGELOG.md)
for more information.

###
[`v4.31.6`](https://redirect.github.com/github/codeql-action/releases/tag/v4.31.6)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.31.5...v4.31.6)

##### CodeQL Action Changelog

See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

##### 4.31.6 - 01 Dec 2025

No user facing changes.

See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v4.31.6/CHANGELOG.md)
for more information.

###
[`v4.31.5`](https://redirect.github.com/github/codeql-action/releases/tag/v4.31.5)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.31.4...v4.31.5)

##### CodeQL Action Changelog

See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

##### 4.31.5 - 24 Nov 2025

- Update default CodeQL bundle version to 2.23.6.
[#&#8203;3321](https://redirect.github.com/github/codeql-action/pull/3321)

See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v4.31.5/CHANGELOG.md)
for more information.

###
[`v4.31.4`](https://redirect.github.com/github/codeql-action/releases/tag/v4.31.4)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.31.3...v4.31.4)

##### CodeQL Action Changelog

See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

##### 4.31.4 - 18 Nov 2025

No user facing changes.

See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v4.31.4/CHANGELOG.md)
for more information.

###
[`v4.31.3`](https://redirect.github.com/github/codeql-action/releases/tag/v4.31.3)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.31.2...v4.31.3)

##### CodeQL Action Changelog

See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

##### 4.31.3 - 13 Nov 2025

- CodeQL Action v3 will be deprecated in December 2026. The Action now
logs a warning for customers who are running v3 but could be running v4.
For more information, see [Upcoming deprecation of CodeQL Action
v3](https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/).
- Update default CodeQL bundle version to 2.23.5.
[#&#8203;3288](https://redirect.github.com/github/codeql-action/pull/3288)

See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v4.31.3/CHANGELOG.md)
for more information.

###
[`v4.31.2`](https://redirect.github.com/github/codeql-action/compare/v4.31.1...v4.31.2)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.31.1...v4.31.2)

###
[`v4.31.1`](https://redirect.github.com/github/codeql-action/compare/v4.31.0...v4.31.1)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.31.0...v4.31.1)

###
[`v4.31.0`](https://redirect.github.com/github/codeql-action/compare/v4.30.9...v4.31.0)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.30.9...v4.31.0)

###
[`v4.30.9`](https://redirect.github.com/github/codeql-action/releases/tag/v4.30.9)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.30.8...v4.30.9)

##### CodeQL Action Changelog

See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

##### 4.30.9 - 17 Oct 2025

- Update default CodeQL bundle version to 2.23.3.
[#&#8203;3205](https://redirect.github.com/github/codeql-action/pull/3205)
- Experimental: A new `setup-codeql` action has been added which is
similar to `init`, except it only installs the CodeQL CLI and does not
initialize a database. Do not use this in production as it is part of an
internal experiment and subject to change at any time.
[#&#8203;3204](https://redirect.github.com/github/codeql-action/pull/3204)

See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v4.30.9/CHANGELOG.md)
for more information.

</details>

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.14.0`](https://redirect.github.com/step-security/harden-runner/releases/tag/v2.14.0)

[Compare
Source](https://redirect.github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0)

##### What's Changed

- Selective installation: Harden-Runner now skips installation on
GitHub-hosted runners when the repository has a custom property
skip\_harden\_runner, allowing organizations to opt out specific repos.
- Avoid double install: The action no longer installs Harden-Runner if
it’s already present on a GitHub-hosted runner, which could happen when
a composite action also installs it.

**Full Changelog**:
<step-security/harden-runner@v2.13.3...v2.14.0>

###
[`v2.13.3`](https://redirect.github.com/step-security/harden-runner/releases/tag/v2.13.3)

[Compare
Source](https://redirect.github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3)

##### What's Changed

- Fixed an issue where process events were not uploaded in certain edge
cases.

**Full Changelog**:
<step-security/harden-runner@v2.13.2...v2.13.3>

###
[`v2.13.2`](https://redirect.github.com/step-security/harden-runner/releases/tag/v2.13.2)

[Compare
Source](https://redirect.github.com/step-security/harden-runner/compare/v2.13.1...v2.13.2)

##### What's Changed

- Fixed an issue where there was a limit of 512 allowed endpoints when
using block egress policy. This restriction has been removed, allowing
for an unlimited number of endpoints to be configured.
- Harden Runner now automatically detects if the agent is already
pre-installed on a custom VM image used by a GitHub-hosted runner. When
detected, the action will skip reinstallation and use the existing
agent.

**Full Changelog**:
<step-security/harden-runner@v2.13.1...v2.13.2>

###
[`v2.13.1`](https://redirect.github.com/step-security/harden-runner/releases/tag/v2.13.1)

[Compare
Source](https://redirect.github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1)

#### What's Changed

- Graceful handling of HTTP errors: Improved error handling when
fetching Harden Runner policies from the StepSecurity Policy Store API,
ensuring more reliable execution even in case of temporary network/API
issues.

- Security updates for npm dependencies: Updated vulnerable npm package
dependencies to the latest secure versions.

- Faster enterprise agent downloads: The enterprise agent is now
downloaded from GitHub Releases instead of packages.stepsecurity.io,
improving download speed and reliability.

**Full Changelog**:
<step-security/harden-runner@v2.13.0...v2.13.1>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on the first day of the month" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jaegertracing/jaeger).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41NC4yIiwidXBkYXRlZEluVmVyIjoiNDIuNTQuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiY2hhbmdlbG9nOmRlcGVuZGVuY2llcyJdfQ==-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>

Author: renovate-bot

.github/actions/setup-go-tip/action.yml

@@ -37,7 +37,7 @@ runs:
 
     - name: Install Go toolchain
       if: steps.download.outputs.success == 'false'
-      uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+      uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
       with:
         go-version: ${{ steps.get_go_version.outputs.LATEST_GO_VERSION }}
 

.github/actions/setup-node.js/action.yml

@@ -8,7 +8,7 @@ runs:
       run: |
         echo "JAEGER_UI_NODE_JS_VERSION=$(cat jaeger-ui/.nvmrc)" >> ${GITHUB_ENV}
 
-    - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+    - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
       with:
         node-version: ${{ env.JAEGER_UI_NODE_JS_VERSION }}
         cache: 'npm'

.github/workflows/ci-build-binaries.yml

@@ -36,7 +36,7 @@ jobs:
       matrix: ${{fromJson(needs.generate-matrix.outputs.matrix)}}
     name: build-binaries-${{ matrix.os }}-${{ matrix.arch }}
     steps:
-    - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+    - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
@@ -48,7 +48,7 @@ jobs:
       run: |
         git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+    - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
       with:
         go-version: 1.25.x
 

.github/workflows/ci-crossdock.yml

@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+    - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
@@ -33,15 +33,15 @@ jobs:
       run: |
         git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+    - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
       with:
         go-version: 1.25.x
 
     - uses: ./.github/actions/setup-branch
 
     - run: make install-ci
 
-    - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+    - uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
 
     - name: Build, test, and publish crossdock image
       run: bash scripts/build/build-crossdock.sh

.github/workflows/ci-docker-all-in-one.yml

@@ -21,7 +21,7 @@ jobs:
     timeout-minutes: 30 # max + 3*std over the last 2600 runs
 
     steps:
-    - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+    - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
@@ -32,7 +32,7 @@ jobs:
     - name: Fetch git tags
       run: git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+    - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
       with:
         go-version: 1.25.x
 
@@ -42,7 +42,7 @@ jobs:
 
     - run: make install-ci
 
-    - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+    - uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
 
     - name: Define BUILD_FLAGS var if running on a Pull Request or Merge Queue
       run: |

.github/workflows/ci-docker-build.yml

@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+    - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
@@ -32,7 +32,7 @@ jobs:
     - name: Fetch git tags
       run: git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+    - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
       with:
         go-version: 1.25.x
 
@@ -42,7 +42,7 @@ jobs:
 
     - run: make install-ci
 
-    - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+    - uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
 
     - name: Build only linux/amd64 container images for a Pull Request
       if: github.ref_name != 'main'

.github/workflows/ci-docker-hotrod.yml

@@ -26,7 +26,7 @@ jobs:
         jaeger-version: [v2]
 
     steps:
-    - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+    - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
@@ -38,15 +38,15 @@ jobs:
       run: |
         git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+    - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
       with:
         go-version: 1.25.x
 
     - uses: ./.github/actions/setup-node.js
 
     - uses: ./.github/actions/setup-branch
 
-    - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+    - uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
 
     - name: Define BUILD_FLAGS var if running on a Pull Request
       run: |

.github/workflows/ci-e2e-badger.yaml

@@ -20,12 +20,12 @@ jobs:
         version: [v1, v2]
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
     - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
-    - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+    - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
       with:
         go-version: 1.25.x
 

.github/workflows/ci-e2e-cassandra.yml

@@ -33,13 +33,13 @@ jobs:
     name: ${{ matrix.version.distribution }}-${{ matrix.version.major }} ${{ matrix.jaeger-version }} schema=${{ matrix.create-schema }}
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
     - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
-    - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+    - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
       with:
         go-version: 1.25.x
 

.github/workflows/ci-e2e-clickhouse.yml

@@ -16,13 +16,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
     - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
-    - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+    - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
       with:
         go-version: 1.25.x