chore(deps): update github-actions

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
IEvangelist/profanity-filter	action	major	10.0 → 13.3.0
actions/cache	action	patch	v5.0.4 → v5.0.5
actions/checkout	action	patch	v6.0.1 → v6.0.2
actions/checkout	action	major	v4.2.2 → v6.0.2
actions/create-github-app-token	action	major	v2 → v3
actions/upload-artifact	action	major	v5.0.0 → v7.0.1
netcracker/qubership-workflow-hub	action	patch	2.2.0 → v2.2.2
netcracker/qubership-workflow-hub	action	patch	v2.2.0 → v2.2.2
netcracker/qubership-workflow-hub	action	minor	v2.0.4 → v2.2.2
webiny/action-conventional-commits	action	minor	v1.3.1 → v1.4.2

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

IEvangelist/profanity-filter (IEvangelist/profanity-filter)

v13.3.0: — Aspire 13.3 + Multi-language integration

Compare Source

What's Changed

• Refactor ux by @​IEvangelist in #​97
• Bump the dotnet group with 26 updates by @​dependabot[bot] in #​96
• Bump actions/cache from 4 to 5 by @​dependabot[bot] in #​99
• Bump the dotnet group with 1 update by @​dependabot[bot] in #​100
• Bump Microsoft.Extensions.Diagnostics.HealthChecks.Abstractions and Microsoft.Extensions.Hosting by @​dependabot[bot] in #​101
• Bump the dotnet group with 1 update by @​dependabot[bot] in #​102
• Add Astro documentation site with GitHub Pages deployment by @​Copilot in #​103
• Bump actions/upload-pages-artifact from 3 to 4 by @​dependabot[bot] in #​104
• Bump actions/configure-pages from 4 to 5 by @​dependabot[bot] in #​105
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in #​106
• Bump actions/setup-node from 4 to 6 by @​dependabot[bot] in #​107
• Bump the dotnet group with 20 updates by @​dependabot[bot] in #​110
• Bump devalue from 5.6.2 to 5.6.3 in /docs in the npm_and_yarn group across 1 directory by @​dependabot[bot] in #​111
• Bump actions/upload-pages-artifact from 4 to 5 by @​dependabot[bot] in #​131
• Bump docker/login-action from 3 to 4 by @​dependabot[bot] in #​115
• Bump the npm_and_yarn group across 2 directories with 1 update by @​dependabot[bot] in #​114

Full Changelog: IEvangelist/profanity-filter@10.0...13.3.0

actions/cache (actions/cache)

v5.0.5

Compare Source

What's Changed

• Update ts-http-runtime dependency by @​yacaovsnc in #​1747

Full Changelog: actions/cache@v5...v5.0.5

actions/checkout (actions/checkout)

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

actions/create-github-app-token (actions/create-github-app-token)

v3.2.0

Compare Source

Features

• add support for enterprise-level GitHub Apps (#​263) (952a2a7)
• support full repository names in repositories input (#​372) (85eb8dd)

Bug Fixes

• deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#​364) (43e5c34)
• validate private-key input (#​376) (f24bbd8)

v3.1.1

Compare Source

Bug Fixes

• improve error message when app identifier is empty (#​362) (07e2b76), closes #​249

v3.1.0

Compare Source

Bug Fixes

• deps: bump p-retry from 7.1.1 to 8.0.0 (#​357) (3bbe07d)

Features

• add client-id input and deprecate app-id (#​353) (e6bd4e6)
• update permission inputs (#​358) (076e948)

v3.0.0

Compare Source

• feat!: node 24 support (#​275) (2e564a0)
• fix!: require NODE_USE_ENV_PROXY for proxy support (#​342) (4451bcb)

Bug Fixes

• remove custom proxy handling (#​143) (dce0ab0)

BREAKING CHANGES

• Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.
• Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner.

v3

Compare Source

v2.2.2

Compare Source

Bug Fixes

• deps: bump @​actions/core from 1.11.1 to 3.0.0 (#​337) (b044133)
• deps: bump minimatch from 9.0.5 to 9.0.9 (#​335) (5cbc656)
• deps: bump the production-dependencies group with 4 updates (#​336) (6bda5bc)
• deps: bump undici from 7.16.0 to 7.18.2 (#​323) (b4f638f)

v2.2.1

Compare Source

Bug Fixes

• deps: bump the production-dependencies group with 2 updates (#​311) (b212e6a)

v2.2.0

Compare Source

Bug Fixes

• deps: bump glob from 10.4.5 to 10.5.0 (#​305) (5480f43)
• deps: bump p-retry from 6.2.1 to 7.1.0 (#​294) (dce3be8)
• deps: bump the production-dependencies group with 2 updates (#​292) (55e2a4b)

Features

• update permission inputs (#​296) (d90aa53)

v2.1.4

Compare Source

Bug Fixes

• deps: bump @​octokit/auth-app from 7.2.1 to 8.0.1 (#​257) (bef1eaf)

v2.1.3

Compare Source

Bug Fixes

• deps: bump undici from 7.8.0 to 7.10.0 in the production-dependencies group (#​254) (f3d5ec2)

v2.1.2

Compare Source

Bug Fixes

• deps: bump @​octokit/request from 9.2.3 to 10.0.2 (#​256) (5d7307b)

v2.1.1

Compare Source

Bug Fixes

• revert "use node24 as runner" (#​278) (5204204), closes actions/create-github-app-token#267

v2.1.0

Compare Source

Features

• use node24 as runner (#​267) (a1cbe0f)

v2.0.6

Compare Source

Bug Fixes

• replace - with _ (#​246) (3336784)

v2.0.5

Compare Source

Bug Fixes

• deps: bump the production-dependencies group with 3 updates (#​240) (d64d7d7)

v2.0.4

Compare Source

Bug Fixes

• permission input handling (#​243) (2950cbc)

v2.0.3

Compare Source

Bug Fixes

• README: use v2 in examples (#​234) (9ba274d), closes #​232
• use core.getBooleanInput() to retrieve boolean input values (#​223) (c3c17c7)

v2.0.2

Compare Source

Bug Fixes

• improve log messages for token creation (#​226) (eaef294)

v2.0.1

Compare Source

Bug Fixes

• deps: bump the production-dependencies group across 1 directory with 2 updates (#​228) (2411bfc)

actions/upload-artifact (actions/upload-artifact)

v7.0.1

Compare Source

What's Changed

• Update the readme with direct upload details by @​danwkennedy in #​795
• Readme: bump all the example versions to v7 by @​danwkennedy in #​796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in #​797

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

Compare Source

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in #​754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in #​762
• Support direct file uploads by @​danwkennedy in #​764

New Contributors

• @​Link- made their first contribution in #​754

Full Changelog: actions/upload-artifact@v6...v7.0.0

v7

Compare Source

v6.0.0

Compare Source

v6

Compare Source

netcracker/qubership-workflow-hub (netcracker/qubership-workflow-hub)

v2.2.2: 2.2.2

Compare Source

🚀 Release

What's Changed

• (#​748) chore(deps): bump webiny/action-conventional-commits from 1.3.1 to 1.4.2 in /.github/workflows by @​dependabot[bot]
• (#​746) chore(deps): bump Netcracker/qubership-workflow-hub from 1.0.7 to 2.2.1 in /.github/workflows by @​dependabot[bot]
• (#​740) chore: k8s-hardening-scan action changed default config path by @​borislavr
• (#​738) chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 in /actions/store-input-params by @​dependabot[bot]
• (#​737) chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 in /actions/maven-snapshot-deploy by @​dependabot[bot]
• (#​736) chore(deps): bump actions/cache from 5.0.4 to 5.0.5 in /actions/maven-snapshot-deploy by @​dependabot[bot]
• (#​735) chore(deps): bump actions/cache from 5.0.4 to 5.0.5 in /actions/maven-release by @​dependabot[bot]
• (#​734) chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 in /actions/docker-action by @​dependabot[bot]
• (#​733) chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 in /actions/charts-values-update-action by @​dependabot[bot]
• (#​732) chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 in /actions/cdxgen by @​dependabot[bot]
• (#​729) chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 in /.github/workflows by @​dependabot[bot]
• (#​728) chore(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 in /.github/workflows by @​dependabot[bot]
• (#​731) chore(deps): bump actions/cache from 5.0.4 to 5.0.5 in /.github/workflows by @​dependabot[bot]
• (#​730) chore(deps): bump github/codeql-action from 4.35.1 to 4.35.2 in /.github/workflows by @​dependabot[bot]
• (#​727) chore(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 in /.github/workflows by @​dependabot[bot]
• (#​726) chore(deps): bump @​actions/github from 9.0.0 to 9.1.1 in /actions/pr-assigner by @​dependabot[bot]
• (#​725) chore(deps-dev): bump esbuild from 0.27.7 to 0.28.0 in /actions/pr-assigner by @​dependabot[bot]
• (#​723) chore(deps-dev): bump esbuild from 0.27.7 to 0.28.0 in /actions/metadata-action by @​dependabot[bot]
• (#​724) chore(deps): bump @​actions/github from 9.0.0 to 9.1.1 in /actions/metadata-action by @​dependabot[bot]
• (#​721) chore(deps): bump @​actions/github from 9.0.0 to 9.1.1 in /actions/custom-event by @​dependabot[bot]
• (#​722) chore(deps-dev): bump esbuild from 0.27.7 to 0.28.0 in /actions/custom-event by @​dependabot[bot]
• (#​720) chore(deps-dev): bump esbuild from 0.27.7 to 0.28.0 in /actions/container-package-cleanup by @​dependabot[bot]
• (#​719) chore(deps): bump @​actions/github from 9.0.0 to 9.1.1 in /actions/container-package-cleanup by @​dependabot[bot]
• (#​718) chore(deps-dev): bump esbuild from 0.27.7 to 0.28.0 in /actions/assets-action by @​dependabot[bot]
• (#​717) chore(deps): bump @​actions/glob from 0.6.1 to 0.7.0 in /actions/assets-action by @​dependabot[bot]
• (#​716) chore(deps): bump @​actions/github from 9.0.0 to 9.1.1 in /actions/assets-action by @​dependabot[bot]

💡 New Features

• (#​739) feat: changed results filtration and log notification by @​borislavr

📝 Documentation

• (#​714) docs(actions/charts-values-update-action): sync README by @​borislavr
• (#​715) docs(actions): rewrite READMEs for maven-snapshot-deploy and maven-release by @​borislavr

---

Full Changelog: Netcracker/qubership-workflow-hub@v2.2.1...v2.2.2

v2.2.1: 2.2.1

Compare Source

🚀 Release

What's Changed

• (#​695) chore(deps-dev): bump esbuild from 0.27.4 to 0.27.7 in /actions/custom-event by @​dependabot[bot]
• (#​694) chore(deps-dev): bump esbuild from 0.27.4 to 0.27.7 in /actions/container-package-cleanup by @​dependabot[bot]
• (#​693) chore(deps-dev): bump esbuild from 0.27.4 to 0.27.7 in /actions/assets-action by @​dependabot[bot]
• (#​696) chore(deps-dev): bump esbuild from 0.27.4 to 0.27.7 in /actions/metadata-action by @​dependabot[bot]
• (#​697) chore(deps-dev): bump esbuild from 0.27.4 to 0.27.7 in /actions/pr-assigner by @​dependabot[bot]
• (#​705) chore(deps): bump aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0 in /.github/workflows by @​dependabot[bot]
• (#​704) chore(deps): bump docker/login-action from 4.0.0 to 4.1.0 in /.github/workflows by @​dependabot[bot]
• (#​706) chore(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 in /actions/cdxgen by @​dependabot[bot]
• (#​707) chore(deps): bump docker/login-action from 4.0.0 to 4.1.0 in /actions/docker-action by @​dependabot[bot]
• (#​702) chore(deps): bump github/codeql-action from 4.32.6 to 4.35.1 in /.github/workflows by @​dependabot[bot]
• (#​699) chore(deps): bump super-linter/super-linter from 8.5.0 to 8.6.0 in /.github/workflows by @​dependabot[bot]
• (#​701) chore(deps): bump netcracker/qubership-workflow-hub/.github/workflows/release-drafter.yml from 2.1.2 to 2.2.0 in /.github/workflows by @​dependabot[bot]
• (#​700) chore(deps): bump netcracker/qubership-workflow-hub/.github/workflows/re-security-scan.yml from 2.1.2 to 2.2.0 in /.github/workflows by @​dependabot[bot]
• (#​698) chore(deps): bump Netcracker/qubership-workflow-hub from 1.0.7 to 2.2.0 in /.github/workflows by @​dependabot[bot]
• (#​690) chore(deps): bump lodash from 4.17.23 to 4.18.1 in /actions/assets-action in the npm_and_yarn group across 1 directory by @​dependabot[bot]
• (#​689) chore(deps): bump azure/setup-helm from 4.3.1 to 5.0.0 in /actions/charts-values-update-action by @​dependabot[bot]
• (#​688) chore(deps): bump actions/setup-go from 6.3.0 to 6.4.0 in /.github/workflows by @​dependabot[bot]
• (#​687) chore(deps): bump anchore/scan-action from 7.3.2 to 7.4.0 in /.github/workflows by @​dependabot[bot]
• (#​686) chore(deps): bump azure/setup-helm from 4.3.1 to 5.0.0 in /.github/workflows by @​dependabot[bot]
• (#​681) chore(deps): bump the npm_and_yarn group across 1 directory with 1 update by @​dependabot[bot]

💡 New Features

• (#​711) feat(actions/k8s-hardening-scan): add Kubernetes container hardening scan action by @​nookyo
• (#​710) feat(.claude): add markdown and zizmor skills with pre-flight audit in pull-request by @​nookyo

---

Full Changelog: Netcracker/qubership-workflow-hub@v2.2.0...v2.2.1

webiny/action-conventional-commits (webiny/action-conventional-commits)

v1.4.2

Compare Source

v1.4.1

Compare Source

v1.4.0

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, on day 1 of the month (* 0-3 1 * *)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.