chore(deps): update github-actions deps by renovate-bot · Pull Request #7732 · jaegertracing/jaeger

renovate-bot · 2025-12-15T16:51:11Z

This PR contains the following updates:

Package	Type	Update	Change
actions/setup-go	action	minor	`v6.0.0` -> `v6.1.0`
actions/setup-node	action	minor	`v6.0.0` -> `v6.1.0`
actions/setup-python	action	minor	`v6.0.0` -> `v6.1.0`
docker/setup-qemu-action	action	minor	`v3.6.0` -> `v3.7.0`
github/codeql-action	action	minor	`v4.30.8` -> `v4.31.8`
step-security/harden-runner	action	minor	`v2.13.0` -> `v2.14.0`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

actions/setup-go (actions/setup-go)

`v6.1.0`

Compare Source

What's Changed

Enhancements

Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @nicholasngai in #665
Add support for .tool-versions file and update workflow by @priya-kinthali in #673
Add comprehensive breaking changes documentation for v6 by @mahabaleshwars in #674

Dependency updates

Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking changes in v6 by @dependabot in #617
Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot in #641
Upgrade semver and @types/semver by @dependabot in #652

New Contributors

@nicholasngai made their first contribution in #665
@priya-kinthali made their first contribution in #673
@mahabaleshwars made their first contribution in #674

Full Changelog: actions/setup-go@v6...v6.1.0

actions/setup-node (actions/setup-node)

`v6.1.0`

Compare Source

What's Changed

Enhancement:

Remove always-auth configuration handling by @priyagupta108 in #1436

Dependency updates:

Upgrade @actions/cache from 4.0.3 to 4.1.0 by @dependabot[bot] in #1384
Upgrade actions/checkout from 5 to 6 by @dependabot[bot] in #1439
Upgrade js-yaml from 3.14.1 to 3.14.2 by @dependabot[bot] in #1435

Documentation update:

Add example for restore-only cache in documentation by @aparnajyothi-y in #1419

Full Changelog: actions/setup-node@v6...v6.1.0

actions/setup-python (actions/setup-python)

`v6.1.0`

Compare Source

What's Changed

Enhancements:

Add support for pip-install input by @gowridurgad in #1201
Add graalpy early-access and windows builds by @timfel in #880

Dependency and Documentation updates:

Enhanced wording and updated example usage for allow-prereleases by @yarikoptic in #979
Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by @dependabot in #1139
Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by @dependabot in #1094
Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by @dependabot in #1199
Upgrade requests from 2.32.2 to 2.32.4 by @dependabot in #1130
Upgrade prettier from 3.5.3 to 3.6.2 by @dependabot in #1234
Upgrade @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by @dependabot in #1235

New Contributors

@yarikoptic made their first contribution in #979

Full Changelog: actions/setup-python@v6...v6.1.0

docker/setup-qemu-action (docker/setup-qemu-action)

`v3.7.0`

Compare Source

Bump @docker/actions-toolkit from 0.56.0 to 0.67.0 in #217 #230
Bump brace-expansion from 1.1.11 to 1.1.12 in #220
Bump form-data from 2.5.1 to 2.5.5 in #218
Bump tmp from 0.2.3 to 0.2.4 in #221
Bump undici from 5.28.4 to 5.29.0 in #219

Full Changelog: docker/setup-qemu-action@v3.6.0...v3.7.0

github/codeql-action (github/codeql-action)

`v4.31.8`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.8 - 11 Dec 2025

Update default CodeQL bundle version to 2.23.8. #3354

See the full CHANGELOG.md for more information.

`v4.31.7`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.7 - 05 Dec 2025

Update default CodeQL bundle version to 2.23.7. #3343

See the full CHANGELOG.md for more information.

`v4.31.6`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.6 - 01 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

`v4.31.5`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.5 - 24 Nov 2025

Update default CodeQL bundle version to 2.23.6. #3321

See the full CHANGELOG.md for more information.

`v4.31.4`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.4 - 18 Nov 2025

No user facing changes.

See the full CHANGELOG.md for more information.

`v4.31.3`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.3 - 13 Nov 2025

CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
Update default CodeQL bundle version to 2.23.5. #3288

See the full CHANGELOG.md for more information.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.30.9 - 17 Oct 2025

Update default CodeQL bundle version to 2.23.3. #3205
Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

See the full CHANGELOG.md for more information.

step-security/harden-runner (step-security/harden-runner)

`v2.14.0`

Compare Source

What's Changed

Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip_harden_runner, allowing organizations to opt out specific repos.
Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it.

Full Changelog: step-security/harden-runner@v2.13.3...v2.14.0

`v2.13.3`

Compare Source

What's Changed

Fixed an issue where process events were not uploaded in certain edge cases.

Full Changelog: step-security/harden-runner@v2.13.2...v2.13.3

`v2.13.2`

Compare Source

What's Changed

Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.
Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.

Full Changelog: step-security/harden-runner@v2.13.1...v2.13.2

`v2.13.1`

Compare Source

What's Changed

Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues.
Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions.
Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability.

Full Changelog: step-security/harden-runner@v2.13.0...v2.13.1

Configuration

📅 Schedule: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Signed-off-by: Mend Renovate <bot@renovateapp.com>

codecov · 2025-12-15T16:59:39Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 95.58%. Comparing base (593253f) to head (37aac9c).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7732      +/-   ##
==========================================
- Coverage   95.59%   95.58%   -0.02%     
==========================================
  Files         311      311              
  Lines       15519    15519              
==========================================
- Hits        14836    14834       -2     
- Misses        535      537       +2     
  Partials      148      148

Flag	Coverage Δ
badger_v1	`9.89% <ø> (ø)`
badger_v2	`2.06% <ø> (ø)`
cassandra-4.x-v1-manual	`14.04% <ø> (ø)`
cassandra-4.x-v2-auto	`2.05% <ø> (ø)`
cassandra-4.x-v2-manual	`2.05% <ø> (ø)`
cassandra-5.x-v1-manual	`14.04% <ø> (ø)`
cassandra-5.x-v2-auto	`2.05% <ø> (ø)`
cassandra-5.x-v2-manual	`2.05% <ø> (ø)`
clickhouse	`1.98% <ø> (ø)`
elasticsearch-6.x-v1	`18.78% <ø> (ø)`
elasticsearch-7.x-v1	`18.81% <ø> (ø)`
elasticsearch-8.x-v1	`18.98% <ø> (ø)`
elasticsearch-8.x-v2	`2.06% <ø> (ø)`
elasticsearch-9.x-v2	`2.06% <ø> (ø)`
grpc_v1	`9.72% <ø> (ø)`
grpc_v2	`2.06% <ø> (ø)`
kafka-3.x-v2	`2.06% <ø> (ø)`
memory_v2	`2.06% <ø> (ø)`
opensearch-1.x-v1	`18.86% <ø> (ø)`
opensearch-2.x-v1	`18.86% <ø> (ø)`
opensearch-2.x-v2	`2.06% <ø> (ø)`
opensearch-3.x-v2	`2.06% <ø> (ø)`
query	`2.06% <ø> (ø)`
tailsampling-processor	`0.59% <ø> (ø)`
unittests	`94.15% <ø> (-0.02%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

github-actions · 2025-12-15T17:00:49Z

Metrics Comparison Summary

Total changes across all snapshots: 53

Detailed changes per snapshot

summary_metrics_snapshot_cassandra

📊 Metrics Diff Summary

Total Changes: 53

🆕 Added: 0 metrics
❌ Removed: 53 metrics
🔄 Modified: 0 metrics

❌ Removed Metrics

http_server_request_body_size_bytes (18 variants)

View diff sample

-http_server_request_body_size_bytes{http_request_method="GET",http_response_status_code="503",le="+Inf",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_request_body_size_bytes{http_request_method="GET",http_response_status_code="503",le="0",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_request_body_size_bytes{http_request_method="GET",http_response_status_code="503",le="10",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_request_body_size_bytes{http_request_method="GET",http_response_status_code="503",le="100",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_request_body_size_bytes{http_request_method="GET",http_response_status_code="503",le="1000",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_request_body_size_bytes{http_request_method="GET",http_response_status_code="503",le="10000",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_request_body_size_bytes{http_request_method="GET",http_response_status_code="503",le="25",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
...

- `http_server_request_duration_seconds` (17 variants)

View diff sample

-http_server_request_duration_seconds{http_request_method="GET",http_response_status_code="503",le="+Inf",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_request_duration_seconds{http_request_method="GET",http_response_status_code="503",le="0.005",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_request_duration_seconds{http_request_method="GET",http_response_status_code="503",le="0.01",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_request_duration_seconds{http_request_method="GET",http_response_status_code="503",le="0.025",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_request_duration_seconds{http_request_method="GET",http_response_status_code="503",le="0.05",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_request_duration_seconds{http_request_method="GET",http_response_status_code="503",le="0.075",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_request_duration_seconds{http_request_method="GET",http_response_status_code="503",le="0.1",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
...

- `http_server_response_body_size_bytes` (18 variants)

View diff sample

-http_server_response_body_size_bytes{http_request_method="GET",http_response_status_code="503",le="+Inf",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_response_body_size_bytes{http_request_method="GET",http_response_status_code="503",le="0",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_response_body_size_bytes{http_request_method="GET",http_response_status_code="503",le="10",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_response_body_size_bytes{http_request_method="GET",http_response_status_code="503",le="100",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_response_body_size_bytes{http_request_method="GET",http_response_status_code="503",le="1000",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_response_body_size_bytes{http_request_method="GET",http_response_status_code="503",le="10000",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
-http_server_response_body_size_bytes{http_request_method="GET",http_response_status_code="503",le="25",network_protocol_name="http",network_protocol_version="1.1",otel_scope_name="go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp",otel_scope_schema_url="",otel_scope_version="0.64.0",server_address="localhost",server_port="13133",url_scheme="http"}
...

➡️ View full metrics file

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-go](https://redirect.github.com/actions/setup-go) | action | minor | `v6.0.0` -> `v6.1.0` | | [actions/setup-node](https://redirect.github.com/actions/setup-node) | action | minor | `v6.0.0` -> `v6.1.0` | | [actions/setup-python](https://redirect.github.com/actions/setup-python) | action | minor | `v6.0.0` -> `v6.1.0` | | [docker/setup-qemu-action](https://redirect.github.com/docker/setup-qemu-action) | action | minor | `v3.6.0` -> `v3.7.0` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | minor | `v4.30.8` -> `v4.31.8` | | [step-security/harden-runner](https://redirect.github.com/step-security/harden-runner) | action | minor | `v2.13.0` -> `v2.14.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v6.1.0`](https://redirect.github.com/actions/setup-go/releases/tag/v6.1.0) [Compare Source](https://redirect.github.com/actions/setup-go/compare/v6.0.0...v6.1.0) #### What's Changed ##### Enhancements - Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by [@&jaegertracing#8203;nicholasngai](https://redirect.github.com/nicholasngai) in [#&jaegertracing#8203;665](https://redirect.github.com/actions/setup-go/pull/665) - Add support for .tool-versions file and update workflow by [@&jaegertracing#8203;priya-kinthali](https://redirect.github.com/priya-kinthali) in [#&jaegertracing#8203;673](https://redirect.github.com/actions/setup-go/pull/673) - Add comprehensive breaking changes documentation for v6 by [@&jaegertracing#8203;mahabaleshwars](https://redirect.github.com/mahabaleshwars) in [#&jaegertracing#8203;674](https://redirect.github.com/actions/setup-go/pull/674) ##### Dependency updates - Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking changes in v6 by [@&jaegertracing#8203;dependabot](https://redirect.github.com/dependabot) in [#&jaegertracing#8203;617](https://redirect.github.com/actions/setup-go/pull/617) - Upgrade actions/publish-action from 0.3.0 to 0.4.0 by [@&jaegertracing#8203;dependabot](https://redirect.github.com/dependabot) in [#&jaegertracing#8203;641](https://redirect.github.com/actions/setup-go/pull/641) - Upgrade semver and [@&jaegertracing#8203;types/semver](https://redirect.github.com/types/semver) by [@&jaegertracing#8203;dependabot](https://redirect.github.com/dependabot) in [#&jaegertracing#8203;652](https://redirect.github.com/actions/setup-go/pull/652) #### New Contributors - [@&jaegertracing#8203;nicholasngai](https://redirect.github.com/nicholasngai) made their first contribution in [#&jaegertracing#8203;665](https://redirect.github.com/actions/setup-go/pull/665) - [@&jaegertracing#8203;priya-kinthali](https://redirect.github.com/priya-kinthali) made their first contribution in [#&jaegertracing#8203;673](https://redirect.github.com/actions/setup-go/pull/673) - [@&jaegertracing#8203;mahabaleshwars](https://redirect.github.com/mahabaleshwars) made their first contribution in [#&jaegertracing#8203;674](https://redirect.github.com/actions/setup-go/pull/674) **Full Changelog**: <actions/setup-go@v6...v6.1.0> </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v6.1.0`](https://redirect.github.com/actions/setup-node/releases/tag/v6.1.0) [Compare Source](https://redirect.github.com/actions/setup-node/compare/v6.0.0...v6.1.0) #### What's Changed ##### Enhancement: - Remove always-auth configuration handling by [@&jaegertracing#8203;priyagupta108](https://redirect.github.com/priyagupta108) in [#&jaegertracing#8203;1436](https://redirect.github.com/actions/setup-node/pull/1436) ##### Dependency updates: - Upgrade [@&jaegertracing#8203;actions/cache](https://redirect.github.com/actions/cache) from 4.0.3 to 4.1.0 by [@&jaegertracing#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in [#&jaegertracing#8203;1384](https://redirect.github.com/actions/setup-node/pull/1384) - Upgrade actions/checkout from 5 to 6 by [@&jaegertracing#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in [#&jaegertracing#8203;1439](https://redirect.github.com/actions/setup-node/pull/1439) - Upgrade js-yaml from 3.14.1 to 3.14.2 by [@&jaegertracing#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in [#&jaegertracing#8203;1435](https://redirect.github.com/actions/setup-node/pull/1435) ##### Documentation update: - Add example for restore-only cache in documentation by [@&jaegertracing#8203;aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [#&jaegertracing#8203;1419](https://redirect.github.com/actions/setup-node/pull/1419) **Full Changelog**: <actions/setup-node@v6...v6.1.0> </details> <details> <summary>actions/setup-python (actions/setup-python)</summary> ### [`v6.1.0`](https://redirect.github.com/actions/setup-python/releases/tag/v6.1.0) [Compare Source](https://redirect.github.com/actions/setup-python/compare/v6.0.0...v6.1.0) ##### What's Changed ##### Enhancements: - Add support for `pip-install` input by [@&jaegertracing#8203;gowridurgad](https://redirect.github.com/gowridurgad) in [#&jaegertracing#8203;1201](https://redirect.github.com/actions/setup-python/pull/1201) - Add graalpy early-access and windows builds by [@&jaegertracing#8203;timfel](https://redirect.github.com/timfel) in [#&jaegertracing#8203;880](https://redirect.github.com/actions/setup-python/pull/880) ##### Dependency and Documentation updates: - Enhanced wording and updated example usage for `allow-prereleases` by [@&jaegertracing#8203;yarikoptic](https://redirect.github.com/yarikoptic) in [#&jaegertracing#8203;979](https://redirect.github.com/actions/setup-python/pull/979) - Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by [@&jaegertracing#8203;dependabot](https://redirect.github.com/dependabot) in [#&jaegertracing#8203;1139](https://redirect.github.com/actions/setup-python/pull/1139) - Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by [@&jaegertracing#8203;dependabot](https://redirect.github.com/dependabot) in [#&jaegertracing#8203;1094](https://redirect.github.com/actions/setup-python/pull/1094) - Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by [@&jaegertracing#8203;dependabot](https://redirect.github.com/dependabot) in [#&jaegertracing#8203;1199](https://redirect.github.com/actions/setup-python/pull/1199) - Upgrade requests from 2.32.2 to 2.32.4 by [@&jaegertracing#8203;dependabot](https://redirect.github.com/dependabot) in [#&jaegertracing#8203;1130](https://redirect.github.com/actions/setup-python/pull/1130) - Upgrade prettier from 3.5.3 to 3.6.2 by [@&jaegertracing#8203;dependabot](https://redirect.github.com/dependabot) in [#&jaegertracing#8203;1234](https://redirect.github.com/actions/setup-python/pull/1234) - Upgrade [@&jaegertracing#8203;types/node](https://redirect.github.com/types/node) from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by [@&jaegertracing#8203;dependabot](https://redirect.github.com/dependabot) in [#&jaegertracing#8203;1235](https://redirect.github.com/actions/setup-python/pull/1235) ##### New Contributors - [@&jaegertracing#8203;yarikoptic](https://redirect.github.com/yarikoptic) made their first contribution in [#&jaegertracing#8203;979](https://redirect.github.com/actions/setup-python/pull/979) **Full Changelog**: <actions/setup-python@v6...v6.1.0> </details> <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.7.0`](https://redirect.github.com/docker/setup-qemu-action/releases/tag/v3.7.0) [Compare Source](https://redirect.github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0) - Bump [@&jaegertracing#8203;docker/actions-toolkit](https://redirect.github.com/docker/actions-toolkit) from 0.56.0 to 0.67.0 in [#&jaegertracing#8203;217](https://redirect.github.com/docker/setup-qemu-action/pull/217) [#&jaegertracing#8203;230](https://redirect.github.com/docker/setup-qemu-action/pull/230) - Bump brace-expansion from 1.1.11 to 1.1.12 in [#&jaegertracing#8203;220](https://redirect.github.com/docker/setup-qemu-action/pull/220) - Bump form-data from 2.5.1 to 2.5.5 in [#&jaegertracing#8203;218](https://redirect.github.com/docker/setup-qemu-action/pull/218) - Bump tmp from 0.2.3 to 0.2.4 in [#&jaegertracing#8203;221](https://redirect.github.com/docker/setup-qemu-action/pull/221) - Bump undici from 5.28.4 to 5.29.0 in [#&jaegertracing#8203;219](https://redirect.github.com/docker/setup-qemu-action/pull/219) **Full Changelog**: <docker/setup-qemu-action@v3.6.0...v3.7.0> </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v4.31.8`](https://redirect.github.com/github/codeql-action/releases/tag/v4.31.8) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v4.31.7...v4.31.8) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 4.31.8 - 11 Dec 2025 - Update default CodeQL bundle version to 2.23.8. [#&jaegertracing#8203;3354](https://redirect.github.com/github/codeql-action/pull/3354) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v4.31.8/CHANGELOG.md) for more information. ### [`v4.31.7`](https://redirect.github.com/github/codeql-action/releases/tag/v4.31.7) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v4.31.6...v4.31.7) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 4.31.7 - 05 Dec 2025 - Update default CodeQL bundle version to 2.23.7. [#&jaegertracing#8203;3343](https://redirect.github.com/github/codeql-action/pull/3343) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v4.31.7/CHANGELOG.md) for more information. ### [`v4.31.6`](https://redirect.github.com/github/codeql-action/releases/tag/v4.31.6) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v4.31.5...v4.31.6) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 4.31.6 - 01 Dec 2025 No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v4.31.6/CHANGELOG.md) for more information. ### [`v4.31.5`](https://redirect.github.com/github/codeql-action/releases/tag/v4.31.5) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v4.31.4...v4.31.5) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 4.31.5 - 24 Nov 2025 - Update default CodeQL bundle version to 2.23.6. [#&jaegertracing#8203;3321](https://redirect.github.com/github/codeql-action/pull/3321) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v4.31.5/CHANGELOG.md) for more information. ### [`v4.31.4`](https://redirect.github.com/github/codeql-action/releases/tag/v4.31.4) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v4.31.3...v4.31.4) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 4.31.4 - 18 Nov 2025 No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v4.31.4/CHANGELOG.md) for more information. ### [`v4.31.3`](https://redirect.github.com/github/codeql-action/releases/tag/v4.31.3) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v4.31.2...v4.31.3) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 4.31.3 - 13 Nov 2025 - CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see [Upcoming deprecation of CodeQL Action v3](https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/). - Update default CodeQL bundle version to 2.23.5. [#&jaegertracing#8203;3288](https://redirect.github.com/github/codeql-action/pull/3288) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v4.31.3/CHANGELOG.md) for more information. ### [`v4.31.2`](https://redirect.github.com/github/codeql-action/compare/v4.31.1...v4.31.2) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v4.31.1...v4.31.2) ### [`v4.31.1`](https://redirect.github.com/github/codeql-action/compare/v4.31.0...v4.31.1) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v4.31.0...v4.31.1) ### [`v4.31.0`](https://redirect.github.com/github/codeql-action/compare/v4.30.9...v4.31.0) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v4.30.9...v4.31.0) ### [`v4.30.9`](https://redirect.github.com/github/codeql-action/releases/tag/v4.30.9) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v4.30.8...v4.30.9) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 4.30.9 - 17 Oct 2025 - Update default CodeQL bundle version to 2.23.3. [#&jaegertracing#8203;3205](https://redirect.github.com/github/codeql-action/pull/3205) - Experimental: A new `setup-codeql` action has been added which is similar to `init`, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#&jaegertracing#8203;3204](https://redirect.github.com/github/codeql-action/pull/3204) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v4.30.9/CHANGELOG.md) for more information. </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.14.0`](https://redirect.github.com/step-security/harden-runner/releases/tag/v2.14.0) [Compare Source](https://redirect.github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0) ##### What's Changed - Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip\_harden\_runner, allowing organizations to opt out specific repos. - Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it. **Full Changelog**: <step-security/harden-runner@v2.13.3...v2.14.0> ### [`v2.13.3`](https://redirect.github.com/step-security/harden-runner/releases/tag/v2.13.3) [Compare Source](https://redirect.github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3) ##### What's Changed - Fixed an issue where process events were not uploaded in certain edge cases. **Full Changelog**: <step-security/harden-runner@v2.13.2...v2.13.3> ### [`v2.13.2`](https://redirect.github.com/step-security/harden-runner/releases/tag/v2.13.2) [Compare Source](https://redirect.github.com/step-security/harden-runner/compare/v2.13.1...v2.13.2) ##### What's Changed - Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured. - Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent. **Full Changelog**: <step-security/harden-runner@v2.13.1...v2.13.2> ### [`v2.13.1`](https://redirect.github.com/step-security/harden-runner/releases/tag/v2.13.1) [Compare Source](https://redirect.github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1) #### What's Changed - Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues. - Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions. - Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability. **Full Changelog**: <step-security/harden-runner@v2.13.0...v2.13.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jaegertracing/jaeger).  Signed-off-by: Mend Renovate <bot@renovateapp.com> Signed-off-by: SoumyaRaikwar <somuraik@gmail.com>

chore(deps): update github-actions deps

37aac9c

Signed-off-by: Mend Renovate <bot@renovateapp.com>

forking-renovate bot added the changelog:dependencies Update to dependencies label Dec 15, 2025

renovate-bot requested a review from a team as a code owner December 15, 2025 16:51

renovate-bot requested a review from albertteoh December 15, 2025 16:51

yurishkuro approved these changes Dec 15, 2025

View reviewed changes

yurishkuro merged commit 697356f into jaegertracing:main Dec 15, 2025
62 checks passed

renovate-bot deleted the renovate/github-actions-deps branch December 15, 2025 17:08

Copilot AI mentioned this pull request Dec 16, 2025

Document root cause and solution for PR #7742 CI failure #7743

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update github-actions deps#7732

chore(deps): update github-actions deps#7732
yurishkuro merged 1 commit intojaegertracing:mainfrom
renovate-bot:renovate/github-actions-deps

renovate-bot commented Dec 15, 2025

Uh oh!

codecov bot commented Dec 15, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Dec 15, 2025

summary_metrics_snapshot_cassandra

📊 Metrics Diff Summary

❌ Removed Metrics

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

renovate-bot commented Dec 15, 2025

Release Notes

What's Changed

Enhancements

Dependency updates

New Contributors

What's Changed

Enhancement:

Dependency updates:

Documentation update:

What's Changed

Enhancements:

Dependency and Documentation updates:

New Contributors

CodeQL Action Changelog

4.31.8 - 11 Dec 2025

CodeQL Action Changelog

4.31.7 - 05 Dec 2025

CodeQL Action Changelog

4.31.6 - 01 Dec 2025

CodeQL Action Changelog

4.31.5 - 24 Nov 2025

CodeQL Action Changelog

4.31.4 - 18 Nov 2025

CodeQL Action Changelog

4.31.3 - 13 Nov 2025

CodeQL Action Changelog

4.30.9 - 17 Oct 2025

What's Changed

What's Changed

What's Changed

What's Changed

Configuration

Uh oh!

codecov bot commented Dec 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

github-actions bot commented Dec 15, 2025

Metrics Comparison Summary

summary_metrics_snapshot_cassandra

📊 Metrics Diff Summary

❌ Removed Metrics

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

codecov bot commented Dec 15, 2025 •

edited

Loading