Bump the all group across 1 directory with 5 updates

[dependabot[bot]]

Bumps the all group with 5 updates in the / directory:

Package	From	To
step-security/harden-runner	2.7.0	2.7.1
actions/checkout	4.1.2	4.1.6
actions/setup-go	5.0.0	5.0.1
google-github-actions/auth	2.1.2	2.1.3
hashicorp/setup-terraform	3.0.0	3.1.1

Updates step-security/harden-runner from 2.7.0 to 2.7.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.7.1

What's Changed

Release v2.7.1 by @​varunsh-coder, @​h0x0er, @​ashishkurmi in step-security/harden-runner#397 This release:

• Improves the capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners
• Updates README to add link to case study video on how Harden-Runner detected a supply chain attack on a Google open-source project
• Addresses minor bugs

Full Changelog: https://github.com/step-security/harden-runner/compare/v2.7.0...v2.7.1

Commits

• a4aa98b Release v2.7.1 (#397)
• 6c3b1c9 Merge pull request #379 from step-security/dependabot/github_actions/step-sec...
• 3498091 Bump step-security/harden-runner from 2.6.1 to 2.7.0
• 63a88e2 Merge pull request #378 from step-security/update-readme3
• 07e5965 Update README
• See full diff in compare view

Updates actions/checkout from 4.1.2 to 4.1.6

Release notes

Sourced from actions/checkout's releases.

v4.1.6

What's Changed

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732
• Update for 4.1.6 release by @​cory-miller in actions/checkout#1733

Full Changelog: https://github.com/actions/checkout/compare/v4.1.5...v4.1.6

v4.1.5

What's Changed

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

Full Changelog: https://github.com/actions/checkout/compare/v4.1.4...v4.1.5

v4.1.4

What's Changed

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in actions/checkout#1692
• Add dependabot config by @​cory-miller in actions/checkout#1688
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693

Full Changelog: https://github.com/actions/checkout/compare/v4.1.3...v4.1.4

v4.1.3

What's Changed

• Update actions/checkout version in update-main-version.yml by @​jww3 in actions/checkout#1650
• Check git version before attempting to disable sparse-checkout by @​jww3 in actions/checkout#1656
• Add SSH user parameter by @​cory-miller in actions/checkout#1685

Full Changelog: https://github.com/actions/checkout/compare/v4.1.2...v4.1.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

v4.1.4

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in actions/checkout#1692
• Add dependabot config by @​cory-miller in actions/checkout#1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643

v4.1.3

• Check git version before attempting to disable sparse-checkout by @​jww3 in actions/checkout#1656
• Add SSH user parameter by @​cory-miller in actions/checkout#1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in actions/checkout#1650

v4.1.2

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in actions/checkout#1598

v4.1.1

• Correct link to GitHub Docs by @​peterbe in actions/checkout#1511
• Link to release page from what's new section by @​cory-miller in actions/checkout#1514

v4.1.0

• Add support for partial checkout filters

v4.0.0

• Support fetching without the --progress option
• Update to node20

v3.6.0

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

v3.5.3

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell
• Add support for sparse checkouts

v3.5.2

• Fix api endpoint for GHES

v3.5.1

... (truncated)

Commits

• a5ac7e5 Update for 4.1.6 release (#1733)
• 24ed1a3 Check platform for extension (#1732)
• 44c2b7a README: Suggest user.email to be `41898282+github-actions[bot]@​users.norepl...
• 8459bc0 Bump actions/upload-artifact from 2 to 4 (#1695)
• 3f603f6 Bump actions/setup-node from 1 to 4 (#1696)
• fd084cd Bump github/codeql-action from 2 to 3 (#1694)
• 9c1e94e Update NPM dependencies (#1703)
• 0ad4b8f Prep Release v4.1.4 (#1704)
• 43045ae Disable extensions.worktreeConfig when disabling sparse-checkout (#1692)
• 37b0821 Bump the minor-actions-dependencies group with 2 updates (#1693)
• Additional commits viewable in compare view

Updates actions/setup-go from 5.0.0 to 5.0.1

Release notes

Sourced from actions/setup-go's releases.

v5.0.1

What's Changed

• Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by @​dependabot , @​HarithaVattikuti in actions/setup-go#465
• Update documentation with latest V5 release notes by @​ab in actions/setup-go#459
• Update version documentation by @​178inaba in actions/setup-go#458
• Documentation update of actions/setup-go to v5 by @​chenrui333 in actions/setup-go#449

New Contributors

• @​ab made their first contribution in actions/setup-go#459

Full Changelog: https://github.com/actions/setup-go/compare/v5.0.0...v5.0.1

Commits

• See full diff in compare view

Updates google-github-actions/auth from 2.1.2 to 2.1.3

Release notes

Sourced from google-github-actions/auth's releases.

v2.1.3

What's Changed

• Security considerations: ids are strings, not integers by @​ewjoachim in google-github-actions/auth#400
• security: bump undici from 5.28.3 to 5.28.4 by @​dependabot in google-github-actions/auth#405
• Fix typo by @​sethvargo in google-github-actions/auth#408
• Switch to using universe helpers by @​sethvargo in google-github-actions/auth#410
• Add request_reason for plumbing though user-supplied audit information by @​sethvargo in google-github-actions/auth#413
• Release: v2.1.3 by @​google-github-actions-bot in google-github-actions/auth#414

New Contributors

• @​ewjoachim made their first contribution in google-github-actions/auth#400

Full Changelog: https://github.com/google-github-actions/auth/compare/v2.1.2...v2.1.3

Commits

• 71fee32 Release: v2.1.3 (#414)
• e0122d6 Add request_reason for plumbing though user-supplied audit information (#413)
• 34baaec Switch to using universe helpers (#410)
• 8d44d59 Fix typo (#408)
• d176447 security: bump undici from 5.28.3 to 5.28.4 (#405)
• 33e827c Security considerations: ids are strings, not integers (#400)
• See full diff in compare view

Updates hashicorp/setup-terraform from 3.0.0 to 3.1.1

Release notes

Sourced from hashicorp/setup-terraform's releases.

v3.1.1

BUG FIXES:

• wrapper: Fix wrapper to output to stdout and stderr immediately when data is received (#395)

v3.1.0

ENHANCEMENTS:

• Automatically fallback to darwin/amd64 for Terraform versions before 1.0.2 as releases for darwin/arm64 are not available (#409)

Changelog

Sourced from hashicorp/setup-terraform's changelog.

3.1.1 (2024-05-07)

BUG FIXES:

• wrapper: Fix wrapper to output to stdout and stderr immediately when data is received (#395)

3.1.0 (2024-04-23)

ENHANCEMENTS:

• Automatically fallback to darwin/amd64 for Terraform versions before 1.0.2 as releases for darwin/arm64 are not available (#409)

3.0.0 (2023-10-30)

NOTES:

• Updated default runtime to node20 (#346)
• The wrapper around the installed Terraform binary has been fixed to return the exact STDOUT and STDERR from Terraform when executing commands. Previous versions of setup-terraform may have required workarounds to process the STDOUT in bash, such as filtering out the first line or selectively parsing STDOUT with jq. These workarounds may need to be adjusted with v3.0.0, which will now return just the STDOUT/STDERR from Terraform with no errant characters/statements. (#367)

BUG FIXES:

• Fixed malformed stdout when wrapper is enabled (#367)

[2.0.3] (2022-11-01)

NOTES

• Reduced occurrences of GitHub Actions warnings for setting output #247

[2.0.2] (2022-10-12)

BUG FIXES

• Update 2.0.1 release metadata by @​jpogran in hashicorp/setup-terraform#253
• README.md updates - direct links to license and code of conduct, updated GitHub documents link by @​magnetikonline in hashicorp/setup-terraform#244

INTERNAL

• Bump jest from 29.0.3 to 29.1.2 by @​dependabot in hashicorp/setup-terraform#248

[2.0.1] (2022-10-12)

ENHANCEMENTS

• Do not fail when theres an exit-code 2 by @​dannyibishev in hashicorp/setup-terraform#125
• Updated README to reflect GitHub limitations by @​rnsc in hashicorp/setup-terraform#205

BUG FIXES

• Fix terraform extract by @​cpc-camarj in hashicorp/setup-terraform#187

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[dependabot[bot]]

Looks like these dependencies are updatable in another way, so this is no longer needed.