fix(deps): update all non-major dependencies

[renovate[bot]]

trafficstars

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/checkout	action	patch	v5.0.0 -> v5.0.1
actions/github-script	action	minor	v7.0.1 -> v7.1.0
codecov/codecov-action	action	patch	v5.5.0 -> v5.5.1
github.com/gin-gonic/gin	require	minor	v1.10.1 -> v1.11.0
github.com/go-vela/server	require	patch	v0.27.1 -> v0.27.3
github/codeql-action	action	minor	v3.29.11 -> v3.31.4

---

Release Notes

actions/checkout (actions/checkout)

v5.0.1

Compare Source

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in #​2301

Full Changelog: https://github.com/actions/checkout/compare/v5...v5.0.1

actions/github-script (actions/github-script)

v7.1.0

Compare Source

What's Changed

• Upgrade husky to v9 by @​benelan in #​482
• Add workflow file for publishing releases to immutable action package by @​Jcambass in #​485
• Upgrade IA Publish by @​Jcambass in #​486
• Fix workflow status badges by @​joshmgross in #​497
• Update usage of actions/upload-artifact by @​joshmgross in #​512
• Clear up package name confusion by @​joshmgross in #​514
• Update dependencies with npm audit fix by @​joshmgross in #​515
• Specify that the used script is JavaScript by @​timotk in #​478
• chore: Add Dependabot for NPM and Actions by @​nschonni in #​472
• Define permissions in workflows and update actions by @​joshmgross in #​531
• chore: Add Dependabot for .github/actions/install-dependencies by @​nschonni in #​532
• chore: Remove .vscode settings by @​nschonni in #​533
• ci: Use github/setup-licensed by @​nschonni in #​473
• make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by @​iamstarkov in #​508
• Remove octokit README updates for v7 by @​joshmgross in #​557
• docs: add "exec" usage examples by @​neilime in #​546
• Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by @​dependabot[bot] in #​563
• Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by @​dependabot[bot] in #​575
• Clearly document passing inputs to the script by @​joshmgross in #​603
• Update README.md by @​nebuk89 in #​610

New Contributors

• @​benelan made their first contribution in #​482
• @​Jcambass made their first contribution in #​485
• @​timotk made their first contribution in #​478
• @​iamstarkov made their first contribution in #​508
• @​neilime made their first contribution in #​546
• @​nebuk89 made their first contribution in #​610

Full Changelog: https://github.com/actions/github-script/compare/v7...v7.1.0

codecov/codecov-action (codecov/codecov-action)

v5.5.1

Compare Source

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in #​1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in #​1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in #​1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in #​1872
• docs: fix typo in README by @​datalater in #​1866
• Document a codecov-cli version reference example by @​webknjaz in #​1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in #​1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in #​1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

gin-gonic/gin (github.com/gin-gonic/gin)

v1.11.0

Compare Source

Features

• feat(gin): Experimental support for HTTP/3 using quic-go/quic-go (#​3210)
• feat(form): add array collection format in form binding (#​3986), add custom string slice for form tag unmarshal (#​3970)
• feat(binding): add BindPlain (#​3904)
• feat(fs): Export, test and document OnlyFilesFS (#​3939)
• feat(binding): add support for unixMilli and unixMicro (#​4190)
• feat(form): Support default values for collections in form binding (#​4048)
• feat(context): GetXxx added support for more go native types (#​3633)

Enhancements

• perf(context): optimize getMapFromFormData performance (#​4339)
• refactor(tree): replace string(/) with "/" in node.insertChild (#​4354)
• refactor(render): remove headers parameter from writeHeader (#​4353)
• refactor(context): simplify "GetType()" functions (#​4080)
• refactor(slice): simplify SliceValidationError Error method (#​3910)
• refactor(context):Avoid using filepath.Dir twice in SaveUploadedFile (#​4181)
• refactor(context): refactor context handling and improve test robustness (#​4066)
• refactor(binding): use strings.Cut to replace strings.Index (#​3522)
• refactor(context): add an optional permission parameter to SaveUploadedFile (#​4068)
• refactor(context): verify URL is Non-nil in initQueryCache() (#​3969)
• refactor(context): YAML judgment logic in Negotiate (#​3966)
• tree: replace the self-defined 'min' to official one (#​3975)
• context: Remove redundant filepath.Dir usage (#​4181)

Bug Fixes

• fix: prevent middleware re-entry issue in HandleContext (#​3987)
• fix(binding): prevent duplicate decoding and add validation in decodeToml (#​4193)
• fix(gin): Do not panic when handling method not allowed on empty tree (#​4003)
• fix(gin): data race warning for gin mode (#​1580)
• fix(context): verify URL is Non-nil in initQueryCache() (#​3969)
• fix(context): YAML judgment logic in Negotiate (#​3966)
• fix(context): check handler is nil (#​3413)
• fix(readme): fix broken link to English documentation (#​4222)
• fix(tree): Keep panic infos consistent when wildcard type build faild (#​4077)

Build process updates / CI

• ci: integrate Trivy vulnerability scanning into CI workflow (#​4359)
• ci: support Go 1.25 in CI/CD (#​4341)
• build(deps): upgrade github.com/bytedance/sonic from v1.13.2 to v1.14.0 (#​4342)
• ci: add Go version 1.24 to GitHub Actions (#​4154)
• build: update Gin minimum Go version to 1.21 (#​3960)
• ci(lint): enable new linters (testifylint, usestdlibvars, perfsprint, etc.) (#​4010, #​4091, #​4090)
• ci(lint): update workflows and improve test request consistency (#​4126)

Dependency updates

• chore(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.9 (#​4346, #​4356)
• chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 (#​4347)
• chore(deps): bump actions/setup-go from 5 to 6 (#​4351)
• chore(deps): bump github.com/quic-go/quic-go from 0.53.0 to 0.54.0 (#​4328)
• chore(deps): bump golang.org/x/net from 0.33.0 to 0.38.0 (#​4178, #​4221)
• chore(deps): bump github.com/go-playground/validator/v10 from 10.20.0 to 10.22.1 (#​4052)

Documentation updates

• docs(changelog): update release notes for Gin v1.10.1 (#​4360)
• docs: Fixing English grammar mistakes and awkward sentence structure in doc/doc.md (#​4207)
• docs: update documentation and release notes for Gin v1.10.0 (#​3953)
• docs: fix typo in Gin Quick Start (#​3997)
• docs: fix comment and link issues (#​4205, #​3938)
• docs: fix route group example code (#​4020)
• docs(readme): add Portuguese documentation (#​4078)
• docs(context): fix some function names in comment (#​4079)

---

go-vela/server (github.com/go-vela/server)

v0.27.3

Compare Source

What's Changed

• fix(patch-v0.27.3): backport yaml expansion fix by @​ecrupper in #​1362

Full Changelog: https://github.com/go-vela/server/compare/v0.27.2...v0.27.3

v0.27.2

Compare Source

What's Changed

• fix(compiler): always include build repo in install and add VELA_GIT_TOKEN by @​ecrupper in #​1346
• fix(db/log): remove redundant service_id and step_id indices from log table by @​wass3r in #​1344
• fix(oidc): no trailing colon on non-action events in claim by @​ecrupper in #​1355

Full Changelog: https://github.com/go-vela/server/compare/v0.27.1...v0.27.2

github/codeql-action (github/codeql-action)

v3.31.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.4 - 18 Nov 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.31.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
• Update default CodeQL bundle version to 2.23.5. #​3288

See the full CHANGELOG.md for more information.

v3.31.2

Compare Source

v3.31.1

Compare Source

v3.31.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.0 - 24 Oct 2025

• Bump minimum CodeQL bundle version to 2.17.6. #​3223
• When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #​3222

See the full CHANGELOG.md for more information.

v3.30.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.9 - 17 Oct 2025

• Update default CodeQL bundle version to 2.23.3. #​3205
• Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #​3204

See the full CHANGELOG.md for more information.

v3.30.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.8 - 10 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.7 - 06 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.6 - 02 Oct 2025

• Update default CodeQL bundle version to 2.23.2. #​3168

See the full CHANGELOG.md for more information.

v3.30.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.5 - 26 Sep 2025

• We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #​3160

See the full CHANGELOG.md for more information.

v3.30.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025

• We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #​3099 and #​3100
• We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #​3107
• You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #​3130
• Update default CodeQL bundle version to 2.23.1. #​3118

See the full CHANGELOG.md for more information.

v3.30.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.3 - 10 Sep 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.2 - 09 Sep 2025

• Fixed a bug which could cause language autodetection to fail. #​3084
• Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #​3064

See the full CHANGELOG.md for more information.

v3.30.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.1 - 05 Sep 2025

• Update default CodeQL bundle version to 2.23.0. #​3077

See the full CHANGELOG.md for more information.

v3.30.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.0 - 01 Sep 2025

• Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #​3054

See the full CHANGELOG.md for more information.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov[bot]]

Codecov Report

:white_check_mark: All modified and coverable lines are covered by tests. :white_check_mark: Project coverage is 89.56%. Comparing base (83b4e80) to head (9749625).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #372      +/-   ##
==========================================
- Coverage   91.20%   89.56%   -1.65%     
==========================================
  Files          22       22              
  Lines        1649      891     -758     
==========================================
- Hits         1504      798     -706     
+ Misses        108       56      -52     
  Partials       37       37              

see 21 files with indirect coverage changes

:rocket: New features to boost your workflow:

• :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[renovate[bot]]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 7 additional dependencies were updated

Details:

Package	Change
github.com/bytedance/sonic	v1.13.3 -> v1.14.0
github.com/bytedance/sonic/loader	v0.2.4 -> v0.3.0
github.com/cloudwego/base64x	v0.1.5 -> v0.1.6
github.com/go-playground/validator/v10	v10.26.0 -> v10.27.0
github.com/klauspost/cpuid/v2	v2.2.11 -> v2.3.0
golang.org/x/arch	v0.18.0 -> v0.20.0
google.golang.org/protobuf	v1.36.6 -> v1.36.9