chore(deps): update all non-major github action dependencies#567

Open

renovate[bot] wants to merge 1 commit into

mainfrom

renovate/all-non-major-github-action

renovate Bot commented Mar 28, 2026 •

edited

Loading

Contributor

This PR contains the following updates:

Package	Type	Update	Change	Pending
aws-actions/amazon-ecr-login	action	minor	`v2.0.2` → `v2.1.5`	`v2.1.6`
cds-snc/security-tools	action	patch	`v4.0.2` → `v4.0.3`
cds-snc/terraform-tools-setup	action	minor	`v1.2.0` → `v1.3.0`
github/codeql-action	action	minor	`v4.33.0` → `v4.36.2`

Review

Updates have been tested and work
If updates are AWS related, versions match the infrastructure (e.g. Lambda runtime, database, etc.)

Release Notes

aws-actions/amazon-ecr-login (aws-actions/amazon-ecr-login)

`v2.1.5`

See the changelog for details about the changes included in this release.

`v2.1.4`

See the changelog for details about the changes included in this release.

`v2.1.3`

See the changelog for details about the changes included in this release.

`v2.1.2`

See the changelog for details about the changes included in this release.

`v2.1.1`

See the changelog for details about the changes included in this release.

`v2.1.0`

See the changelog for details about the changes included in this release.

cds-snc/security-tools (cds-snc/security-tools)

`v4.0.3`

What's Changed

chore(deps): update cds-snc/security-tools action to v4 by @renovate[bot] in #587
chore: synced file(s) with cds-snc/site-reliability-engineering by @sre-read-write[bot] in #588
chore(deps): update dependency black to v26 [security] by @renovate[bot] in #589
feat: allow locally build Docker images to be scanned by @patheard in #590

Full Changelog: cds-snc/security-tools@v4.0.2...v4.0.3

cds-snc/terraform-tools-setup (cds-snc/terraform-tools-setup)

`v1.3.0`

What's Changed

chore: synced file(s) with cds-snc/site-reliability-engineering by @sre-read-write[bot] in #19
feat: allow user controlled checksums by @patheard in #23

Full Changelog: cds-snc/terraform-tools-setup@v1.2.0...v1.3.0

github/codeql-action (github/codeql-action)

`v4.36.2`

`v4.36.1`

`v4.36.0`

Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
Add support for SHA-256 Git object IDs. #3893
Update default CodeQL bundle version to 2.25.5. #3926

`v4.35.5`

We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

`v4.35.4`

Update default CodeQL bundle version to 2.25.4. #3881

`v4.35.3`

Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
Update default CodeQL bundle version to 2.25.3. #3865

`v4.35.2`

The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795
The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789
Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794
Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807
Update default CodeQL bundle version to 2.25.2. #3823

`v4.35.1`

Fix incorrect minimum required Git version for improved incremental analysis: it should have been 2.36.0, not 2.11.0. #3781

`v4.35.0`

Reduced the minimum Git version required for improved incremental analysis from 2.38.0 to 2.11.0. #3767
Update default CodeQL bundle version to 2.25.1. #3773

`v4.34.1`

Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #3762

`v4.34.0`

Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #3569
We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #3584
Update default CodeQL bundle version to 2.25.0. #3585

Configuration

📅 Schedule: (in timezone America/Montreal)

Branch creation
- "every weekend"
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate Bot added Dependencies Renovate labels

renovate Bot force-pushed the renovate/all-non-major-github-action branch 4 times, most recently from 1fd1788 to 2b0323e Compare

April 7, 2026 14:27

renovate Bot force-pushed the renovate/all-non-major-github-action branch from 2b0323e to bf7fa91 Compare

April 9, 2026 03:30

renovate Bot force-pushed the renovate/all-non-major-github-action branch 3 times, most recently from fec323d to 64527f7 Compare

April 29, 2026 03:03

renovate Bot force-pushed the renovate/all-non-major-github-action branch 3 times, most recently from c4662ed to 64bc529 Compare

May 14, 2026 19:03

renovate Bot force-pushed the renovate/all-non-major-github-action branch from 64bc529 to 4b7a696 Compare

May 22, 2026 11:42

renovate Bot force-pushed the renovate/all-non-major-github-action branch 3 times, most recently from 33c8ec8 to 11a7daa Compare

June 3, 2026 16:19

renovate Bot force-pushed the renovate/all-non-major-github-action branch from 11a7daa to 2e58b67 Compare

June 9, 2026 13:09


          chore(deps): update all non-major github action dependencies

1d8f0bf

renovate Bot force-pushed the renovate/all-non-major-github-action branch from 2e58b67 to 1d8f0bf Compare

June 11, 2026 15:22

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Dependencies Renovate