From a1a1ccf461b1f03935b41c9648f88289663b7fbc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 3 Mar 2026 00:04:20 +0000
Subject: [PATCH] Bump the actions group with 3 updates

Bumps the actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [chainguard-dev/actions](https://github.com/chainguard-dev/actions) and [actions/setup-go](https://github.com/actions/setup-go).


Updates `step-security/harden-runner` from 2.14.2 to 2.15.0
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/5ef0c079ce82195b2a36a210272d6b661572d83e...a90bcbc6539c36a85cdfeb73f7e2f433735f215b)

Updates `chainguard-dev/actions` from 1.6.4 to 1.6.5
- [Release notes](https://github.com/chainguard-dev/actions/releases)
- [Commits](https://github.com/chainguard-dev/actions/compare/eab208ef2d05b13404296a5e194a6b237e8bb213...71714a76c3df10b544595a2294c16649dc3472e5)

Updates `actions/setup-go` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5...4b73464bb391d4059bd26b0524d20df3927bd417)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: chainguard-dev/actions
  dependency-version: 1.6.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: actions/setup-go
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/autodocs-platform.yaml         | 4 ++--
 .github/workflows/build-terminal-images.yaml     | 2 +-
 .github/workflows/check-links.yaml               | 4 ++--
 .github/workflows/cloud-run.yaml                 | 2 +-
 .github/workflows/compile-ai-docs-from-gcs.yaml  | 2 +-
 .github/workflows/compile-docs-on-webhook.yml    | 2 +-
 .github/workflows/compile-docs.yml               | 2 +-
 .github/workflows/compile-public-docs.yml        | 2 +-
 .github/workflows/export-edu-docs-to-gcs.yaml    | 2 +-
 .github/workflows/rumble-vulnerability-data.yaml | 4 ++--
 .github/workflows/validate-nginx-config.yaml     | 2 +-
 11 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/autodocs-platform.yaml b/.github/workflows/autodocs-platform.yaml
index eeb7f77653..7ade314f3d 100644
--- a/.github/workflows/autodocs-platform.yaml
+++ b/.github/workflows/autodocs-platform.yaml
@@ -22,7 +22,7 @@ jobs:
 
     steps:
     - name: 'Github Actions Runner'
-      uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+      uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
       with:
         egress-policy: audit
 
@@ -30,7 +30,7 @@ jobs:
       uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
     - name: 'Setup gitsign'
-      uses: chainguard-dev/actions/setup-gitsign@eab208ef2d05b13404296a5e194a6b237e8bb213 # v1.6.4
+      uses: chainguard-dev/actions/setup-gitsign@71714a76c3df10b544595a2294c16649dc3472e5 # v1.6.5
 
     - name: Authenticate to Google Cloud
       id: auth
diff --git a/.github/workflows/build-terminal-images.yaml b/.github/workflows/build-terminal-images.yaml
index 8cb9c7c310..96d7ea322a 100644
--- a/.github/workflows/build-terminal-images.yaml
+++ b/.github/workflows/build-terminal-images.yaml
@@ -34,7 +34,7 @@ jobs:
 
     steps:
       - name: 'Github Actions Runner'
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/check-links.yaml b/.github/workflows/check-links.yaml
index 4b93ccab5f..b52cde2e00 100644
--- a/.github/workflows/check-links.yaml
+++ b/.github/workflows/check-links.yaml
@@ -26,7 +26,7 @@ jobs:
 
     steps:
       - name: 'Github Actions Runner'
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
 
@@ -44,7 +44,7 @@ jobs:
           sudo chmod +x /usr/local/bin/yq
 
       - name: Set up Go
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
+        uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
         with:
           go-version: '1.24'
 
diff --git a/.github/workflows/cloud-run.yaml b/.github/workflows/cloud-run.yaml
index eb06a8cab6..0054acb97f 100644
--- a/.github/workflows/cloud-run.yaml
+++ b/.github/workflows/cloud-run.yaml
@@ -23,7 +23,7 @@ jobs:
 
     steps:
     - name: 'Github Actions Runner'
-      uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+      uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
       with:
         egress-policy: audit
 
diff --git a/.github/workflows/compile-ai-docs-from-gcs.yaml b/.github/workflows/compile-ai-docs-from-gcs.yaml
index 8503e55e6d..9005fada70 100644
--- a/.github/workflows/compile-ai-docs-from-gcs.yaml
+++ b/.github/workflows/compile-ai-docs-from-gcs.yaml
@@ -30,7 +30,7 @@ jobs:
     
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+      uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
       with:
         egress-policy: audit
 
diff --git a/.github/workflows/compile-docs-on-webhook.yml b/.github/workflows/compile-docs-on-webhook.yml
index 9fe5674cb0..c469248932 100644
--- a/.github/workflows/compile-docs-on-webhook.yml
+++ b/.github/workflows/compile-docs-on-webhook.yml
@@ -20,7 +20,7 @@ jobs:
     
     steps:
     - name: Harden the runner (Audit all outbound calls)
-      uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+      uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
       with:
         egress-policy: audit
 
diff --git a/.github/workflows/compile-docs.yml b/.github/workflows/compile-docs.yml
index b297106877..265b37707a 100644
--- a/.github/workflows/compile-docs.yml
+++ b/.github/workflows/compile-docs.yml
@@ -32,7 +32,7 @@ jobs:
     
     steps:
     - name: Harden the runner (Audit all outbound calls)
-      uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+      uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
       with:
         egress-policy: audit
 
diff --git a/.github/workflows/compile-public-docs.yml b/.github/workflows/compile-public-docs.yml
index 6732d98afb..273aa211ee 100644
--- a/.github/workflows/compile-public-docs.yml
+++ b/.github/workflows/compile-public-docs.yml
@@ -34,7 +34,7 @@ jobs:
     
     steps:
     - name: Harden the runner (Audit all outbound calls)
-      uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+      uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
       with:
         egress-policy: audit
 
diff --git a/.github/workflows/export-edu-docs-to-gcs.yaml b/.github/workflows/export-edu-docs-to-gcs.yaml
index b225558e19..c3b769af9b 100644
--- a/.github/workflows/export-edu-docs-to-gcs.yaml
+++ b/.github/workflows/export-edu-docs-to-gcs.yaml
@@ -24,7 +24,7 @@ jobs:
     
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+      uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
       with:
         egress-policy: audit
 
diff --git a/.github/workflows/rumble-vulnerability-data.yaml b/.github/workflows/rumble-vulnerability-data.yaml
index 4dde41d7f3..52cc68e92c 100644
--- a/.github/workflows/rumble-vulnerability-data.yaml
+++ b/.github/workflows/rumble-vulnerability-data.yaml
@@ -28,7 +28,7 @@ jobs:
 
     steps:
       - name: 'Github Actions Runner'
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
 
@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Set up Go
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
+        uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
         with:
           go-version-file: ./tools/rumble/go.mod
           check-latest: true
diff --git a/.github/workflows/validate-nginx-config.yaml b/.github/workflows/validate-nginx-config.yaml
index b122c6330d..8a94d35f65 100644
--- a/.github/workflows/validate-nginx-config.yaml
+++ b/.github/workflows/validate-nginx-config.yaml
@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: 'Github Actions Runner'
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit