Build(deps): bump the minor-and-patch group across 1 directory with 6 updates

[dependabot]

Bumps the minor-and-patch group with 6 updates in the / directory:

Package	From	To
step-security/harden-runner	2.19.0	2.19.4
docker/login-action	4.1.0	4.2.0
docker/setup-qemu-action	4.0.0	4.1.0
docker/build-push-action	7.1.0	7.2.0
actions/setup-dotnet	5.2.0	5.3.0
aerospike/shared-workflows	3.5.0	3.6.0

Updates step-security/harden-runner from 2.19.0 to 2.19.4

Release notes

Sourced from step-security/harden-runner's releases.

v2.19.4

What's Changed

• Improvements for HTTPS Monitoring for the Enterprise tier of Harden Runner

Full Changelog: step-security/harden-runner@v2.19.3...v2.19.4

v2.19.3

What's Changed

• Default to audit mode when api-key missing with use-policy-store by @​varunsh-coder in step-security/harden-runner#665

Full Changelog: step-security/harden-runner@v2.19.2...v2.19.3

v2.19.2

What's Changed

• Update the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.

Full Changelog: step-security/harden-runner@v2.19.1...v2.19.2

v2.19.1

What's Changed

• fix: detect ubuntu-slim runners early and bail out by @​devantler in step-security/harden-runner#657

What the fix changes

• Harden-Runner will detect ubuntu-slim runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.

What the fix does not do

• Jobs running on ubuntu-slim will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).
• Per GitHub's docs on single-CPU runners: "The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported." Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.

For StepSecurity enterprise customers If your security posture requires that workflows are always monitored, you can block the use of ubuntu-slim via workflow run policies see the Runner Label Policy docs. This lets you enforce that jobs only run on monitored runner types.

New Contributors

• @​devantler made their first contribution in step-security/harden-runner#657

Full Changelog: step-security/harden-runner@v2.19.0...v2.19.1

Commits

• 9af89fc Merge pull request #667 from step-security/update-agent-v1.8.6
• 485dce8 Update agent to v1.8.6
• ab7a940 Merge pull request #665 from step-security/fix/use-policy-store-default-audit
• ec41b78 Default to audit mode when api-key missing with use-policy-store
• 9ca718d Merge pull request #664 from step-security/update-agent-v1.8.5
• 1dee3df Update agent to v1.8.5
• a5ad31d Merge pull request #657 from devantler/fix/ubuntu-slim-user-env
• 6e92856 build dist and trim ubuntu-slim message
• 4e0504e Merge branch 'main' into fix/ubuntu-slim-user-env
• 376d25a fix: detect ubuntu-slim runners early and bail out
• See full diff in compare view

Updates docker/login-action from 4.1.0 to 4.2.0

Release notes

Sourced from docker/login-action's releases.

v4.2.0

• Bump @​actions/core from 3.0.0 to 3.0.1 in docker/login-action#976
• Bump @​aws-sdk/client-ecr and @​aws-sdk/client-ecr-public to 3.1050.0 in docker/login-action#960
• Bump @​docker/actions-toolkit from 0.86.0 to 0.90.0 in docker/login-action#970
• Bump brace-expansion from 2.0.1 to 5.0.6 in docker/login-action#993
• Bump fast-xml-builder from 1.1.4 to 1.2.0 in docker/login-action#985
• Bump fast-xml-parser from 5.3.6 to 5.8.0 in docker/login-action#963
• Bump http-proxy-agent and https-proxy-agent to 9.0.0 in docker/login-action#961
• Bump postcss from 8.5.6 to 8.5.10 in docker/login-action#979
• Bump tar from 6.2.1 to 7.5.15 in docker/login-action#991
• Bump vite from 7.3.1 to 7.3.3 in docker/login-action#986

Full Changelog: docker/login-action@v4.1.0...v4.2.0

Commits

• 650006c Merge pull request #960 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
• 99df1a3 chore: update generated content
• 3ab375f build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
• 39d8580 Merge pull request #970 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 4eefcd3 chore: update generated content
• 56d092c build(deps): bump @​docker/actions-toolkit from 0.86.0 to 0.90.0
• e2e31ca Merge pull request #976 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
• 0bced94 chore: update generated content
• 3e75a0f build(deps): bump @​actions/core from 3.0.0 to 3.0.1
• 365bebd Merge pull request #984 from docker/dependabot/github_actions/aws-actions/con...
• Additional commits viewable in compare view

Updates docker/setup-qemu-action from 4.0.0 to 4.1.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.1.0

• Add reset input to uninstall current emulators by @​crazy-max in docker/setup-qemu-action#21
• Bump @​docker/actions-toolkit from 0.77.0 to 0.91.0 in docker/setup-qemu-action#250 docker/setup-qemu-action#247
• Bump brace-expansion from 1.1.12 to 1.1.15 in docker/setup-qemu-action#265
• Bump fast-xml-builder from 1.0.0 to 1.2.0 in docker/setup-qemu-action#286
• Bump fast-xml-parser from 5.4.2 to 5.8.0 in docker/setup-qemu-action#255
• Bump flatted from 3.3.3 to 3.4.2 in docker/setup-qemu-action#257
• Bump glob from 10.3.15 to 10.5.0 in docker/setup-qemu-action#254
• Bump handlebars from 4.7.8 to 4.7.9 in docker/setup-qemu-action#262
• Bump lodash from 4.17.23 to 4.18.1 in docker/setup-qemu-action#273
• Bump postcss from 8.5.6 to 8.5.10 in docker/setup-qemu-action#285
• Bump tar from 6.2.1 to 7.5.15 in docker/setup-qemu-action#287
• Bump tmp from 0.2.5 to 0.2.6 in docker/setup-qemu-action#291
• Bump undici from 6.23.0 to 6.26.0 in docker/setup-qemu-action#251
• Bump vite from 7.3.1 to 7.3.2 in docker/setup-qemu-action#271

Full Changelog: docker/setup-qemu-action@v4.0.0...v4.1.0

Commits

• 0611638 Merge pull request #21 from crazy-max/uninst
• ce59c81 chore: update generated content
• 2ddad44 uninstall current emulators
• 8c37cd6 Merge pull request #250 from docker/dependabot/npm_and_yarn/docker/actions-to...
• d1a0ff3 chore: update generated content
• 0a8f3dc build(deps): bump @​docker/actions-toolkit from 0.79.0 to 0.91.0
• 9430f61 Merge pull request #291 from docker/dependabot/npm_and_yarn/tmp-0.2.6
• 978bd77 chore: update generated content
• 3479feb build(deps): bump tmp from 0.2.5 to 0.2.6
• b113c26 Merge pull request #255 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...
• Additional commits viewable in compare view

Updates docker/build-push-action from 7.1.0 to 7.2.0

Release notes

Sourced from docker/build-push-action's releases.

v7.2.0

• Bump @​actions/core from 3.0.0 to 3.0.1 in docker/build-push-action#1525
• Bump @​docker/actions-toolkit from 0.87.0 to 0.90.0 in docker/build-push-action#1517
• Bump brace-expansion from 2.0.2 to 5.0.6 in docker/build-push-action#1534
• Bump fast-xml-builder from 1.1.4 to 1.2.0 in docker/build-push-action#1529
• Bump fast-xml-parser from 5.5.7 to 5.8.0 in docker/build-push-action#1521
• Bump postcss from 8.5.6 to 8.5.10 in docker/build-push-action#1526
• Bump tar from 6.2.1 to 7.5.15 in docker/build-push-action#1533

Full Changelog: docker/build-push-action@v7.1.0...v7.2.0

Commits

• f9f3042 Merge pull request #1517 from docker/dependabot/npm_and_yarn/docker/actions-t...
• 812d5fd chore: update generated content
• b6f6693 chore(deps): Bump @​docker/actions-toolkit from 0.87.0 to 0.90.0
• c1c626e Merge pull request #1525 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
• 51bb284 chore: update generated content
• 5f7884d chore(deps): Bump @​actions/core from 3.0.0 to 3.0.1
• e01deff Merge pull request #1521 from docker/dependabot/npm_and_yarn/fast-xml-parser-...
• 3804d49 chore: update generated content
• 71e8947 chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0
• 4925ad2 Merge pull request #1526 from docker/dependabot/npm_and_yarn/postcss-8.5.10
• Additional commits viewable in compare view

Updates actions/setup-dotnet from 5.2.0 to 5.3.0

Release notes

Sourced from actions/setup-dotnet's releases.

v5.3.0

What's Changed

Enhancements

• Add dotnet-version: latest support with dotnet-channel input by @​mahabaleshwars in actions/setup-dotnet#730
• Support global.json's rollForward latest* variants by @​js6pak in actions/setup-dotnet#538
• Improve version resolution by @​akoeplinger in actions/setup-dotnet#560

Dependency Updates

• Upgrade @actions/* and fast-xml-parser dependencies by @​Copilot in actions/setup-dotnet#728
• Update install scripts to v2026.05.19 (preserve archive links) by @​MichaelSimons in actions/setup-dotnet#736
• Add rollForward note in README, improve proxy health check in e2e tests and bump version to v5.3.0 by @​priyagupta108 in actions/setup-dotnet#738

Bug Fixes

• Update Test Proxy job by @​priya-kinthali in actions/setup-dotnet#703

New Contributors

• @​Copilot made their first contribution in actions/setup-dotnet#728
• @​akoeplinger made their first contribution in actions/setup-dotnet#560
• @​MichaelSimons made their first contribution in actions/setup-dotnet#736
• @​js6pak made their first contribution in actions/setup-dotnet#538

Full Changelog: actions/setup-dotnet@v5...v5.3.0

Commits

• 9a946fd Add rollForward note in README, improve proxy health check in e2e tests and b...
• 98af08b Support global.json's rollForward latest* variants (#538)
• 8404272 Update install scripts to v2026.05.19 (#736)
• f1970f5 Don't download releases-index.json to resolve major version (#560)
• af9211b Add dotnet-version: latest support with dotnet-channel input (#730)
• df991ae chore: bump @actions/* and fast-xml-parser dependencies (#728)
• a66eefa CI: remove manual PowerShell install from test-proxy job (e2e-tests.yml) (#703)
• See full diff in compare view

Updates aerospike/shared-workflows from 3.5.0 to 3.6.0

Release notes

Sourced from aerospike/shared-workflows's releases.

v3.6.0

3.6.0 (2026-05-21)

Features

• [INFRA-480] Add nuGet package detection (#238) (610a943)
• workflows: [INFRA-493] Add windows artifact signing workflow (#222) (3f8bd2a)

Bug Fixes

• [INFRA-493] Fix sign path handling (#235) (93387ae)
• execute-build: [INFRA-482] decouple MATRIX_JSON from build-env, merge matrix-level entries (#237) (484c301)

What's Changed

• Build(deps): bump step-security/setup-jfrog-cli from 4.9.1 to 5.0.0 by @​dependabot[bot] in aerospike/shared-workflows#223
• Build(deps): bump ubuntu from 24.04 to 26.04 in /.github/workflows/execute-build/test_apps/hi by @​dependabot[bot] in aerospike/shared-workflows#227
• Build(deps): bump azure/setup-helm from 4.3.0 to 5.0.0 by @​dependabot[bot] in aerospike/shared-workflows#231
• Build(deps): bump distroless/cc-debian12 from 78f0e74 to 4b2ac73 in /.github/workflows/execute-build/test_apps/hi by @​dependabot[bot] in aerospike/shared-workflows#233
• Build(deps): bump the minor-and-patch group across 1 directory with 4 updates by @​dependabot[bot] in aerospike/shared-workflows#234
• feat(workflows): [INFRA-493] Add windows artifact signing workflow by @​alexs-aero in aerospike/shared-workflows#222
• fix: [INFRA-493] Fix sign path handling by @​alexs-aero in aerospike/shared-workflows#235
• fix(execute-build): [INFRA-482] decouple MATRIX_JSON from build-env, merge matrix-level entries by @​arrowplum in aerospike/shared-workflows#237
• chore(test): unpin test_execute-build-dotnet from v2.0.2 by @​arrowplum in aerospike/shared-workflows#239
• feat: [INFRA-480] Add nuGet package detection by @​alexs-aero in aerospike/shared-workflows#238

Full Changelog: v3.5.0...v3.6.0

Commits

• 610a943 feat: [INFRA-480] Add nuGet package detection (#238)
• de6d3a7 chore(test): unpin test_execute-build-dotnet from v2.0.2 (#239)
• 484c301 fix(execute-build): [INFRA-482] decouple MATRIX_JSON from build-env, merge ma...
• 93387ae fix: [INFRA-493] Fix sign path handling (#235)
• 3f8bd2a feat(workflows): [INFRA-493] Add windows artifact signing workflow (#222)
• 32b78fe Build(deps): bump the minor-and-patch group across 1 directory with 4 updates...
• 2786c1b Build(deps): bump distroless/cc-debian12 (#233)
• 0d5a7da Build(deps): bump azure/setup-helm from 4.3.0 to 5.0.0 (#231)
• 2e3a079 Build(deps): bump ubuntu (#227)
• 997043f Build(deps): bump step-security/setup-jfrog-cli from 4.9.1 to 5.0.0 (#223)
• See full diff in compare view