From 299338805667d6b76aca38b462d238036a3de9d7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 May 2026 17:01:26 +0000
Subject: [PATCH] Bump the external-dependencies group

Bumps the external-dependencies group in /.github/workflows with 3 updates: [actions/setup-node](https://github.com/actions/setup-node), [step-security/harden-runner](https://github.com/step-security/harden-runner) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/setup-node` from 4.0.2 to 6.4.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4.0.2...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e)

Updates `step-security/harden-runner` from 2.19.1 to 2.19.2
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/a5ad31d6a139d249332a2605b85202e8c0b78450...9ca718d3bf646d6534007c269a635b3e54cadf99)

Updates `actions/create-github-app-token` from 3.1.1 to 3.2.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/create-github-app-token/compare/1b10c78c7865c340bc4f6099eb2f838309f1e8c3...bcd2ba49218906704ab6c1aa796996da409d3eb1)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: external-dependencies
- dependency-name: step-security/harden-runner
  dependency-version: 2.19.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: external-dependencies
- dependency-name: actions/create-github-app-token
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: external-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/CopilotPRReviewRunner.yaml   | 2 +-
 .github/workflows/PowerShell.yaml              | 2 +-
 .github/workflows/RerunUnstableFailures.yaml   | 2 +-
 .github/workflows/SubmitStabilityJobs.yaml     | 2 +-
 .github/workflows/UpdateALGoProjects.yaml      | 4 ++--
 .github/workflows/UpdateBCArtifactVersion.yaml | 4 ++--
 .github/workflows/UpdatePackageVersions.yaml   | 4 ++--
 .github/workflows/WorkitemValidation.yaml      | 4 ++--
 .github/workflows/scorecard-analysis.yml       | 2 +-
 9 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/CopilotPRReviewRunner.yaml b/.github/workflows/CopilotPRReviewRunner.yaml
index ce5db91496..e830a0a4dc 100644
--- a/.github/workflows/CopilotPRReviewRunner.yaml
+++ b/.github/workflows/CopilotPRReviewRunner.yaml
@@ -95,7 +95,7 @@ jobs:
           persist-credentials: true
 
       - name: Setup Node.js
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v6.4.0
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
           node-version: 24
 
diff --git a/.github/workflows/PowerShell.yaml b/.github/workflows/PowerShell.yaml
index fe53b97145..984cedaab0 100644
--- a/.github/workflows/PowerShell.yaml
+++ b/.github/workflows/PowerShell.yaml
@@ -22,7 +22,7 @@ jobs:
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
+        uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/RerunUnstableFailures.yaml b/.github/workflows/RerunUnstableFailures.yaml
index c235f19b8a..43e96d2f71 100644
--- a/.github/workflows/RerunUnstableFailures.yaml
+++ b/.github/workflows/RerunUnstableFailures.yaml
@@ -28,7 +28,7 @@ jobs:
 
       - name: Create GitHub App Token
         id: app-token
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
         with:
           app-id: ${{ vars.APP_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
diff --git a/.github/workflows/SubmitStabilityJobs.yaml b/.github/workflows/SubmitStabilityJobs.yaml
index c76bf1be0d..9d689be439 100644
--- a/.github/workflows/SubmitStabilityJobs.yaml
+++ b/.github/workflows/SubmitStabilityJobs.yaml
@@ -32,7 +32,7 @@ jobs:
         branch: ${{ fromJson(needs.GetBranches.outputs.officialBranches) }}
       fail-fast: false
     steps:
-      - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+      - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
diff --git a/.github/workflows/UpdateALGoProjects.yaml b/.github/workflows/UpdateALGoProjects.yaml
index f84e897379..7ede9ea9bf 100644
--- a/.github/workflows/UpdateALGoProjects.yaml
+++ b/.github/workflows/UpdateALGoProjects.yaml
@@ -20,7 +20,7 @@ jobs:
       updateBranches: ${{ steps.getOfficialBranches.outputs.branchesJson }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
+        uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2
         with:
           egress-policy: audit
 
@@ -48,7 +48,7 @@ jobs:
         with:
           ref: ${{ matrix.branch }}
 
-      - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+      - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
diff --git a/.github/workflows/UpdateBCArtifactVersion.yaml b/.github/workflows/UpdateBCArtifactVersion.yaml
index b48d57cf53..e6dbfbcc20 100644
--- a/.github/workflows/UpdateBCArtifactVersion.yaml
+++ b/.github/workflows/UpdateBCArtifactVersion.yaml
@@ -20,7 +20,7 @@ jobs:
       updateBranches: ${{ steps.getOfficialBranches.outputs.branchesJson }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
+        uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2
         with:
           egress-policy: audit
 
@@ -48,7 +48,7 @@ jobs:
         with:
           ref: ${{ matrix.branch }}
 
-      - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+      - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
diff --git a/.github/workflows/UpdatePackageVersions.yaml b/.github/workflows/UpdatePackageVersions.yaml
index de47ddbcd9..f8b7dbd503 100644
--- a/.github/workflows/UpdatePackageVersions.yaml
+++ b/.github/workflows/UpdatePackageVersions.yaml
@@ -20,7 +20,7 @@ jobs:
       updateBranches: ${{ steps.getOfficialBranches.outputs.branchesJson }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
+        uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2
         with:
           egress-policy: audit
 
@@ -48,7 +48,7 @@ jobs:
         with:
           ref: ${{ matrix.branch }}
 
-      - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+      - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
diff --git a/.github/workflows/WorkitemValidation.yaml b/.github/workflows/WorkitemValidation.yaml
index 9cb7c13ba3..2e8a057ed9 100644
--- a/.github/workflows/WorkitemValidation.yaml
+++ b/.github/workflows/WorkitemValidation.yaml
@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
+        uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2
         with:
           egress-policy: audit
 
@@ -40,7 +40,7 @@ jobs:
     needs: GitHubIssueValidation
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
+        uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml
index 25a7449dbd..4d616749e8 100644
--- a/.github/workflows/scorecard-analysis.yml
+++ b/.github/workflows/scorecard-analysis.yml
@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
+        uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2
         with:
           egress-policy: audit