v2.12.2
What's Changed
Added HTTPS Monitoring for additional destinations - *.githubusercontent.comBug fixes:
Implicitly allow local multicast, local unicast and broadcast IP addresses in block mode
Increased policy map size for block mode
Full Changelog:step-security/harden-runner@v2...v2.12.2

Commits

6c439dc Merge pull request#562 from step-security/rc-22
bf56886 update agent
5436dac update agent
88d305a update agent
b976878 update agent
875cc92 Update agent
See full diff incompare view

Updatesfluxcd/flux2 from 2.6.2 to 2.6.3

Release notes

Sourced fromfluxcd/flux2's releases.

v2.6.3
Highlights
Flux v2.6.3 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.
Fixes:
Fix forrsa-sha2-512 andrsa-sha2-256 algorithms not being prioritized forssh-rsa host keys in source-controller, image-automation-controller and Flux CLI bootstrap.
Components changelog
source-controllerv1.6.2
image-automation-controllerv0.41.2
CLI changed
[release/v2.6.x] Update toolkit components by@fluxcdbot influxcd/flux2#5427
Full Changelog:fluxcd/flux2@v2.6.2...v2.6.3

Commits

bda4c81 Merge pull request#5427 from fluxcd/backport-5426-to-release/v2.6.x
3f281da Fix: Prioritize sha2-512 and sha2-256 for ssh-rsa host keys
963e991 Update toolkit components
See full diff incompare view

Updatesgithub/codeql-action from 3.29.0 to 3.29.1

Release notes

Sourced fromgithub/codeql-action's releases.

v3.29.1
CodeQL Action Changelog
See thereleases page for the relevant changes to the CodeQL CLI and language packs.
3.29.1 - 27 Jun 2025
Fix bug in PR analysis where user-providedinclude query filter fails to exclude non-included queries.#2938
Update default CodeQL bundle version to 2.22.1.#2950
See the fullCHANGELOG.md for more information.

Changelog

Sourced fromgithub/codeql-action's changelog.

CodeQL Action Changelog
See thereleases page for the relevant changes to the CodeQL CLI and language packs.
[UNRELEASED]
Experimental: When thequality-queries input for theinit action is provided with an argument, separate.quality.sarif files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time.#2376
3.29.1 - 27 Jun 2025
Fix bug in PR analysis where user-providedinclude query filter fails to exclude non-included queries.#2938
Update default CodeQL bundle version to 2.22.1.#2950
3.29.0 - 11 Jun 2025
Update default CodeQL bundle version to 2.22.0.#2925
Bump minimum CodeQL bundle version to 2.16.6.#2912
3.28.19 - 03 Jun 2025
The CodeQL Action no longer includes its own copy of the extractor for theactions language, which is currently in public preview.Theactions extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled theactions languageand you have pinnedyourtools: property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disableactions analysis.
Update default CodeQL bundle version to 2.21.4.#2910
3.28.18 - 16 May 2025
Update default CodeQL bundle version to 2.21.3.#2893
Skip validating SARIF produced by CodeQL for improved performance.#2894
The number of threads and amount of RAM used by CodeQL can now be set via theCODEQL_THREADS andCODEQL_RAM runner environment variables. If set, these environment variables override thethreads andram inputs respectively.#2891
3.28.17 - 02 May 2025
Update default CodeQL bundle version to 2.21.2.#2872
3.28.16 - 23 Apr 2025
Update default CodeQL bundle version to 2.21.1.#2863
3.28.15 - 07 Apr 2025
Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files.#2842
3.28.14 - 07 Apr 2025
Update default CodeQL bundle version to 2.21.0.#2838
3.28.13 - 24 Mar 2025

... (truncated)

Commits

39edc49 Merge pull request#2953 from github/update-v3.29.1-428aea55f
27c4fb1 Update changelog for v3.29.1
428aea5 Merge pull request#2952 from github/redsun82/fix-swift-test
973250f Swift: recreate a default Swift package to fix test
8ef1782 Merge pull request#2950 from github/update-bundle/codeql-bundle-v2.22.1
f3bfb98 Add changelog note
2b4afc2 Update default bundle to codeql-bundle-v2.22.1
9b02dc2 Merge pull request#2928 from github/update-supported-enterprise-server-versions
7ab92d0 Merge pull request#2948 from github/mbg/copilot-instructions
2cae828 Merge pull request#2947 from github/dependency-proxy/codeql-bundle-v2.22.0
Additional commits viewable incompare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting@dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

ci: bump the github-actions group with 3 updates

bae3210

Bumps the github-actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [fluxcd/flux2](https://github.com/fluxcd/flux2) and [github/codeql-action](https://github.com/github/codeql-action).Updates `step-security/harden-runner` from 2.12.1 to 2.12.2- [Release notes](https://github.com/step-security/harden-runner/releases)- [Commits](step-security/harden-runner@002fdce...6c439dc)Updates `fluxcd/flux2` from 2.6.2 to 2.6.3- [Release notes](https://github.com/fluxcd/flux2/releases)- [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml)- [Commits](fluxcd/flux2@a48f81a...bda4c81)Updates `github/codeql-action` from 3.29.0 to 3.29.1- [Release notes](https://github.com/github/codeql-action/releases)- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)- [Commits](github/codeql-action@ce28f5b...39edc49)---updated-dependencies:- dependency-name: step-security/harden-runner  dependency-version: 2.12.2  dependency-type: direct:production  update-type: version-update:semver-patch  dependency-group: github-actions- dependency-name: fluxcd/flux2  dependency-version: 2.6.3  dependency-type: direct:production  update-type: version-update:semver-patch  dependency-group: github-actions- dependency-name: github/codeql-action  dependency-version: 3.29.1  dependency-type: direct:production  update-type: version-update:semver-patch  dependency-group: github-actions...Signed-off-by: dependabot[bot] <support@github.com>