build(dependencies): bump the github-actions group with 7 updates [skip ci]

[dependabot]

Bumps the github-actions group with 7 updates:

Package	From	To
step-security/harden-runner	2.7.0	2.8.1
actions/checkout	3	4
actions/setup-node	3	4
actions/download-artifact	4.1.2	4.1.7
actions/configure-pages	3	5
actions/upload-pages-artifact	2	3
actions/deploy-pages	2	4

Updates step-security/harden-runner from 2.7.0 to 2.8.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.8.1

What's Changed

• Bug fix: Update isGitHubHosted implementation by @​varunsh-coder in step-security/harden-runner#425 The previous implementation incorrectly identified large GitHub-hosted runners as self-hosted runners. As a result, harden-runner was not executing on these large GitHub-hosted runners.

Full Changelog: step-security/harden-runner@v2...v2.8.1

v2.8.0

What's Changed

Release v2.8.0 by @​h0x0er and @​varunsh-coder in step-security/harden-runner#416 This release includes:

• File Monitoring Enhancements: Adds the capability to view the name and path of every file written during the build process.
• Process Tracking Enhancements: Adds the capability to view process names and arguments of processes run during the build process.

These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process.

Full Changelog: step-security/harden-runner@v2...v2.8.0

v2.7.1

What's Changed

Release v2.7.1 by @​varunsh-coder, @​h0x0er, @​ashishkurmi in step-security/harden-runner#397 This release:

• Improves the capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners
• Updates README to add link to case study video on how Harden-Runner detected a supply chain attack on a Google open-source project
• Addresses minor bugs

Full Changelog: step-security/harden-runner@v2.7.0...v2.7.1

Commits

• 17d0e2b Merge pull request #425 from step-security/rc-9
• bb112d0 Update isGitHubHosted implementation
• f4f3f44 Merge pull request #407 from step-security/dependabot/github_actions/actions/...
• 7a946b5 Bump actions/dependency-review-action from 3.1.3 to 4.3.2
• 75a01c2 Merge pull request #417 from step-security/dependabot/github_actions/step-sec...
• 53413f1 Bump step-security/harden-runner from 2.7.1 to 2.8.0
• f086349 Merge pull request #416 from step-security/rc-8
• b9c325d Update image
• 808a771 Add info about file and process events
• 7171429 Update agent
• Additional commits viewable in compare view

Updates actions/checkout from 3 to 4

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

• Update default runtime to node20 by @​takost in actions/checkout#1436
• Support fetching without the --progress option by @​simonbaird in actions/checkout#1067
• Release 4.0.0 by @​takost in actions/checkout#1447

New Contributors

• @​takost made their first contribution in actions/checkout#1436
• @​simonbaird made their first contribution in actions/checkout#1067

Full Changelog: actions/checkout@v3...v4.0.0

v3.6.0

What's Changed

• Mark test scripts with Bash'isms to be run via Bash by @​dscho in actions/checkout#1377
• Add option to fetch tags even if fetch-depth > 0 by @​RobertWieczoreck in actions/checkout#579
• Release 3.6.0 by @​luketomlinson in actions/checkout#1437

New Contributors

• @​RobertWieczoreck made their first contribution in actions/checkout#579
• @​luketomlinson made their first contribution in actions/checkout#1437

Full Changelog: actions/checkout@v3.5.3...v3.6.0

v3.5.3

What's Changed

• Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by @​megamanics in actions/checkout#1196
• Fix typos found by codespell by @​DimitriPapadopoulos in actions/checkout#1287
• Add support for sparse checkouts by @​dscho and @​dfdez in actions/checkout#1369
• Release v3.5.3 by @​TingluoHuang in actions/checkout#1376

New Contributors

• @​megamanics made their first contribution in actions/checkout#1196
• @​DimitriPapadopoulos made their first contribution in actions/checkout#1287
• @​dfdez made their first contribution in actions/checkout#1369

Full Changelog: actions/checkout@v3...v3.5.3

v3.5.2

What's Changed

• Fix: Use correct API url / endpoint in GHES by @​fhammerl in actions/checkout#1289 based on #1286 by @​1newsr

Full Changelog: actions/checkout@v3.5.1...v3.5.2

v3.5.1

What's Changed

• Improve checkout performance on Windows runners by upgrading @​actions/github dependency by @​BrettDong in actions/checkout#1246

New Contributors

• @​BrettDong made their first contribution in actions/checkout#1246

... (truncated)

Commits

• 692973e Prepare 4.1.7 release (#1775)
• 6ccd57f Pin actions/checkout's own workflows to a known, good, stable version. (#1776)
• b17fe1e Handle hidden refs (#1774)
• b80ff79 Bump actions/checkout from 3 to 4 (#1697)
• b1ec302 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1739)
• a5ac7e5 Update for 4.1.6 release (#1733)
• 24ed1a3 Check platform for extension (#1732)
• 44c2b7a README: Suggest user.email to be `41898282+github-actions[bot]@​users.norepl...
• 8459bc0 Bump actions/upload-artifact from 2 to 4 (#1695)
• 3f603f6 Bump actions/setup-node from 1 to 4 (#1696)
• Additional commits viewable in compare view

Updates actions/setup-node from 3 to 4

Release notes

Sourced from actions/setup-node's releases.

v4.0.0

What's Changed

In scope of this release we changed version of node runtime for action from node16 to node20 and updated dependencies in actions/setup-node#866

Besides, release contains such changes as:

• Upgrade actions/checkout to v4 by @​gmembre-zenika in actions/setup-node#868
• Update actions/checkout for documentation and yaml by @​dmitry-shibanov in actions/setup-node#876

New Contributors

• @​gmembre-zenika made their first contribution in actions/setup-node#868

Full Changelog: actions/setup-node@v3...v4.0.0

v3.8.2

What's Changed

• Update semver by @​dmitry-shibanov in actions/setup-node#861
• Update temp directory creation by @​nikolai-laevskii in actions/setup-node#859
• Bump @​babel/traverse from 7.15.4 to 7.23.2 by @​dependabot in actions/setup-node#870
• Add notice about binaries not being updated yet by @​nikolai-laevskii in actions/setup-node#872
• Update toolkit cache and core by @​dmitry-shibanov and @​seongwon-privatenote in actions/setup-node#875

Full Changelog: actions/setup-node@v3...v3.8.2

v3.8.1

What's Changed

In scope of this release, the filter was removed within the cache-save step by @​dmitry-shibanov in actions/setup-node#831. It is filtered and checked in the toolkit/cache library.

Full Changelog: actions/setup-node@v3...v3.8.1

v3.8.0

What's Changed

Bug fixes:

• Add check for existing paths by @​dmitry-shibanov in actions/setup-node#803
• Resolve SymbolicLink by @​dmitry-shibanov in actions/setup-node#809
• Change passing logic for cache input by @​dmitry-shibanov in actions/setup-node#816
• Fix armv7 cache issue by @​louislam in actions/setup-node#794
• Update check-dist workflow name by @​sinchang in actions/setup-node#710

Feature implementations:

• feat: handling the case where "node" is used for tool-versions file. by @​xytis in actions/setup-node#812

Documentation changes:

• Refer to semver package name in README.md by @​olleolleolle in actions/setup-node#808

Update dependencies:

• Update toolkit cache to fix zstd by @​dmitry-shibanov in actions/setup-node#804
• Bump tough-cookie and @​azure/ms-rest-js by @​dependabot in actions/setup-node#802
• Bump semver from 6.1.2 to 6.3.1 by @​dependabot in actions/setup-node#807

... (truncated)

Commits

• 60edb5d Add support for arm64 Windows (#927)
• d86ebcd Add support for volta.extends (#921)
• b39b52d Fix node-version-file interprets entire package.json as a version (#865)
• 7247617 Add package.json to node-version-file list of examples. (#879)
• f3ec4ca Fix README.md (#898)
• ec97f37 Add fix for cache (#917)
• 5ef044f Update reusable workflows to use Node.js v20 (#889)
• c45882a update to setup-node@v4 in docs (#884)
• ee36e8b Ignore engines check in Yarn 1 e2e-cache tests (#882)
• 8f152de Update actions/checkout for documentation and yaml (#876)
• Additional commits viewable in compare view

Updates actions/download-artifact from 4.1.2 to 4.1.7

Release notes

Sourced from actions/download-artifact's releases.

v4.1.7

What's Changed

• Update @​actions/artifact dependency by @​bethanyj28 in actions/download-artifact#325

Full Changelog: actions/download-artifact@v4.1.6...v4.1.7

v4.1.6

What's Changed

• updating @actions/artifact dependency to v2.1.6 by @​eggyhead in actions/download-artifact#324

Full Changelog: actions/download-artifact@v4.1.5...v4.1.6

v4.1.5

What's Changed

• Update readme with v3/v2/v1 deprecation notice by @​robherley in actions/download-artifact#322
• Update dependencies @actions/core to v1.10.1 and @actions/artifact to v2.1.5

Full Changelog: actions/download-artifact@v4.1.4...v4.1.5

v4.1.4

What's Changed

• Update @​actions/artifact by @​bethanyj28 in actions/download-artifact#307

Full Changelog: actions/download-artifact@v4...v4.1.4

v4.1.3

What's Changed

• Update release-new-action-version.yml by @​konradpabjan in actions/download-artifact#292
• Update toolkit dependency with updated unzip logic by @​bethanyj28 in actions/download-artifact#299
• Update @​actions/artifact by @​bethanyj28 in actions/download-artifact#303

New Contributors

• @​bethanyj28 made their first contribution in actions/download-artifact#299

Full Changelog: actions/download-artifact@v4...v4.1.3

Commits

• 65a9edc Merge pull request #325 from bethanyj28/main
• fdd1595 licensed
• c13dba1 update @​actions/artifact dependency
• 0daa75e Merge pull request #324 from actions/eggyhead/use-artifact-v2.1.6
• 9c19ed7 Merge branch 'main' into eggyhead/use-artifact-v2.1.6
• 3d3ea87 updating license
• 89af5db updating artifact package v2.1.6
• b4aefff Merge pull request #323 from actions/eggyhead/update-artifact-v215
• 8caf195 package lock update
• d7a2ec4 updating package version
• Additional commits viewable in compare view

Updates actions/configure-pages from 3 to 5

Release notes

Sourced from actions/configure-pages's releases.

v5.0.0

Breaking Changes

⚠️ This version contains breaking changes! ⚠️

• When using the input param static_site_generator: next:
  • Added support for Next.js >= 13.3.0
  • Consequently, also dropped support for Next.js < 13.3.0

Full Changelog

• Attempt to auto-detect configuration files with varying file extensions @​JamesMGreene (#139)
• Convert errors into Actions-compatible logging with annotations @​JamesMGreene (#138)
• Bump @​actions/github from 5.1.1 to 6.0.0 @​dependabot (#123)
• Bump the non-breaking-changes group with 2 updates @​dependabot (#136)
• Update the Next.js configuration for v14 @​JamesMGreene (#137)
• Bump the non-breaking-changes group with 3 updates @​dependabot (#132)
• Bump release-drafter/release-drafter from 5 to 6 @​dependabot (#133)
• Bump github/codeql-action from 2 to 3 @​dependabot (#127)
• Bump actions/checkout from 3 to 4 @​dependabot (#120)
• Bump actions/setup-node from 3 to 4 @​dependabot (#118)
• Bump the non-breaking-changes group with 1 update @​dependabot (#131)
• Update Dependabot config to group non-breaking changes @​JamesMGreene (#130)

See details of all code changes since previous release.

v4.0.0

Changelog

• Use a centralized .node-version file @​JamesMGreene (#117)
• Update action to node20 @​takost (#108)

See details of all code changes since previous release.

v3.0.7

Changelog

• Update Actions workflows to use Node 20.x @​JamesMGreene (#116)
• Bump eslint-plugin-github from 4.7.0 to 4.10.1 @​dependabot (#114)
• Bump word-wrap from 1.2.3 to 1.2.5 @​dependabot (#113)
• Bump jest from 29.5.0 to 29.7.0 @​dependabot (#112)
• Bump @​babel/traverse from 7.21.3 to 7.23.5 @​dependabot (#110)
• Bump espree from 9.5.2 to 9.6.1 @​dependabot (#111)
• Bump eslint from 8.38.0 to 8.40.0 @​dependabot (#93)

See details of all code changes since previous release.

v3.0.6

Changelog

... (truncated)

Commits

• 983d773 Merge pull request #139 from actions/config-auto-detect
• 9cf6e24 Tweak comment
• f304bd8 Update distributables
• 215cd51 Attempt to detect existing config files matching the expected basename plus o...
• e9382ac Front-load the file extension warning
• 7781abd Merge pull request #138 from actions/error-utils
• fc47e3c Update distributables
• 9c9f8a2 Update tests to use the Octokit RequestError class
• 9a4705d Update distributables
• f6ded38 Fix syntax error and formatting
• Additional commits viewable in compare view

Updates actions/upload-pages-artifact from 2 to 3

Release notes

Sourced from actions/upload-pages-artifact's releases.

v3.0.0

Changelog

• Use v4 upload-artifact tag @​robherley (#80)
• Upload pages artifact with upload-artifact v4-beta @​konradpabjan (#78)

To deploy a GitHub Pages site which has been uploaded with this version of actions/upload-pages-artifact, you must also use actions/deploy-pages@v4 or newer.

⚠️ For use with products other than github.com, such as GitHub Enterprise Server, please be aware that this new Actions artifacts service is not yet supported in the latest GHES release at this time.

See details of all code changes since previous release.

Commits

• 56afc60 Merge pull request #94 from SilverRainZ/main
• d12fdfb Merge branch 'main' into main
• aef5542 Merge pull request #88 from uiolee/patch-1
• 29cedd7 Merge branch 'main' into patch-1
• a69c22e Merge pull request #92 from actions/dependabot/github_actions/non-breaking-ch...
• 794e304 Group tar's output to prevent it from messing up logs
• 14007f6 Bump the non-breaking-changes group with 1 update
• 0191170 Merge pull request #91 from actions/dependabot-grouping
• 0e7832d Update Dependabot config to group non-breaking changes
• 1a6d9fa Update README.md
• Additional commits viewable in compare view

Updates actions/deploy-pages from 2 to 4

Release notes

Sourced from actions/deploy-pages's releases.

v4.0.0

Changelog

• Deploy pages using artifact IDs @​konradpabjan (#251)
• This version requires the permission actions: read in the workflows which use it.

---

ℹ️ This version of actions/deploy-pages is ONLY compatible with artifacts uploaded by either:

• actions/upload-pages-artifact@v3 or newer
• actions/upload-artifact@v4 or newer.

See details of all code changes since previous release.

⚠️ For use with products other than github.com, such as GitHub Enterprise Server, please consult the compatibility table.

v3.0.1

Changelog

• Bump eslint from 8.54.0 to 8.55.0 @​dependabot (#266)
• Bump nock from 13.3.8 to 13.4.0 @​dependabot (#267)
• Bump eslint-config-prettier from 9.0.0 to 9.1.0 @​dependabot (#268)
• Bump @​actions/core from 1.10.0 to 1.10.1 @​dependabot (#269)
• Bump @​actions/github from 5.1.1 to 6.0.0 @​dependabot (#261)
• Update compatibility table for v3 @​JamesMGreene (#270)

🧰 Maintenance

• chore/docs: update version, fix typos @​kbdharun (#272)

---

See details of all code changes since previous release.

⚠️ For use with products other than github.com, such as GitHub Enterprise Server, please consult the compatibility table.

v3.0.0

Changelog

• Update action to node20 @​takost (#256)

---

See details of all code changes since previous release.

⚠️ For use with products other than github.com, such as GitHub Enterprise Server, please consult the compatibility table.

v2.0.5

Changelog

... (truncated)

Commits

• d6db901 Merge pull request #324 from actions/error-message-request-id
• 055f425 compile changes
• 5ab929b Include request id in the error message of an error response
• 3ff795b Merge pull request #318 from actions/dependabot/npm_and_yarn/non-breaking-cha...
• f5a2f0d Update distributables after Dependabot 🤖
• 1364cde Bump the non-breaking-changes group with 2 updates
• 2ed07f7 Merge pull request #316 from actions/dependabot/npm_and_yarn/non-breaking-cha...
• d5a892b Bump the non-breaking-changes group with 1 update
• 05977f5 Merge pull request #314 from actions/dependabot/npm_and_yarn/non-breaking-cha...
• 9414024 Update distributables after Dependabot 🤖
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[MLenterman]

🎉 This PR is included in version 1.20.19 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀