chore(deps): update github-actions - workflows - .github/workflows/e2e.yml

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout (changelog)	action	digest	08eba0b → 34e1148
actions/checkout	action	pinDigest	→ 8e8c483
actions/checkout	action	patch	v6.0.1 → v6.0.2
actions/setup-node	action	minor	v6.1.0 → v6.2.0
codecov/codecov-action	action	patch	v5.5.1 → v5.5.2
cypress-io/github-action	action	patch	v6.10.4 → v6.10.9
docker/build-push-action	action	pinDigest	→ 2634353
docker/login-action	action	pinDigest	→ c94ce9f
docker/setup-buildx-action	action	digest	e468171 → 7c525be
docker/setup-buildx-action	action	pinDigest	→ 8d2750c
docker/setup-compose-action	action	digest	364cc21 → e79596b
github/codeql-action	action	minor	v3.31.6 → v3.32.0
github/codeql-action	action	digest	1b168cd → f985be5
release-drafter/release-drafter (changelog)	action	digest	b1476f6 → 6db134d
step-security/harden-runner (changelog)	action	digest	df199fb → e3f713f
step-security/harden-runner	action	minor	v2.13.3 → v2.14.1

---

Release Notes

actions/checkout (actions/checkout)

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

actions/setup-node (actions/setup-node)

v6.2.0

Compare Source

codecov/codecov-action (codecov/codecov-action)

v5.5.2

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

cypress-io/github-action (cypress-io/github-action)

v6.10.9

Compare Source

Bug Fixes

• deps: update @​actions/* and debug (#​1638) (f790eee)

v6.10.8

Compare Source

Bug Fixes

• deps: update @​octokit/core to 7.0.6 (#​1615) (2ad32e6)

v6.10.7

Compare Source

Bug Fixes

• deps: update GitHub actions/toolkit dependencies (#​1612) (fa1d27a)

v6.10.6

Compare Source

Bug Fixes

• deps: update next to 16.0.10 (#​1607) (d842ab1)

v6.10.5

Compare Source

Bug Fixes

• deps: update next to 16.0.8 (#​1604) (e3ff965)

github/codeql-action (github/codeql-action)

v3.32.0

Compare Source

• Update default CodeQL bundle version to 2.24.0. #​3425

v3.31.11

Compare Source

• When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #​3409
• Improved error handling throughout the CodeQL Action. #​3415
• Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #​3318
• The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #​3403

v3.31.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.10 - 12 Jan 2026

• Update default CodeQL bundle version to 2.23.9. #​3393

See the full CHANGELOG.md for more information.

v3.31.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.9 - 16 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.31.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #​3354

See the full CHANGELOG.md for more information.

v3.31.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #​3343

See the full CHANGELOG.md for more information.

step-security/harden-runner (step-security/harden-runner)

v2.14.1

Compare Source

What's Changed

1. In some self-hosted environments, the agent could briefly fall back to public DNS resolvers during startup if the system DNS was not yet available. This behavior was unintended for GitHub-hosted runners and has now been fixed to prevent any use of public DNS resolvers.

2. Fixed npm audit vulnerabilities

Full Changelog: step-security/harden-runner@v2.14.0...v2.14.1

v2.14.0

Compare Source

What's Changed

• Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip_harden_runner, allowing organizations to opt out specific repos.
• Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it.

Full Changelog: step-security/harden-runner@v2.13.3...v2.14.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name	Link
🔨 Latest commit	4770c94
🔍 Latest deploy log	https://app.netlify.com/projects/endearing-brigadeiros-63f9d0/deploys/697ea745509881000823fd59

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/checkout	34e114876b0b11c390a56381ad16ebd13914f8d5	🟢 6.6	Details Check Score Reason Maintained 🟢 7 9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Vulnerabilities 🟢 8 2 existing vulnerabilities detected SAST 🟢 8 SAST tool detected but not run on all commits
actions/docker/setup-buildx-action	7c525be6cc8a882d5163ce04293cac18617c709f	🟢 5.1	Details Check Score Reason Maintained 🟢 9 9 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 4 Found 3/7 approved changesets -- score normalized to 4 Security-Policy 🟢 9 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Vulnerabilities ⚠️ 0 14 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
actions/docker/setup-compose-action	e79596b1b4769557c41cc0bb1e796ebe62acd639	Unknown	Unknown
actions/step-security/harden-runner	e3f713f2d8f53843e71c69a996d56f51aa9adfb9	🟢 8.5	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 6 project has 2 contributing companies or organizations -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 15 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 7 3 existing vulnerabilities detected
actions/step-security/harden-runner	e3f713f2d8f53843e71c69a996d56f51aa9adfb9	🟢 8.5	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 6 project has 2 contributing companies or organizations -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 15 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 7 3 existing vulnerabilities detected

Scanned Files

• .github/workflows/e2e.yml
• .github/workflows/npm.yml
• .github/workflows/unused-dependencies.yml

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.40%. Comparing base (7a7e368) to head (4770c94).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1370   +/-   ##
=======================================
  Coverage   80.40%   80.40%           
=======================================
  Files          65       65           
  Lines        4608     4608           
  Branches      775      775           
=======================================
  Hits         3705     3705           
  Misses        888      888           
  Partials       15       15           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.