chore(deps): bump the github-actions group across 1 directory with 5 updates

[dependabot]

Bumps the github-actions group with 5 updates in the / directory:

Package	From	To
github/codeql-action	4.32.1	4.32.3
crate-ci/typos	1.43.0	1.43.5
zgosalvez/github-actions-ensure-sha-pinned-actions	4.0.1	5.0.0
reviewdog/action-actionlint	1.70.0	1.71.0
DataDog/dd-trace-go/.github/workflows/orchestrion.yml	85daf7cbba902c8e372fdaa16aa7d96352c85430	0b4e12c3f12236f465b843f051ff056c06f2ffc1

Updates github/codeql-action from 4.32.1 to 4.32.3

Release notes

Sourced from github/codeql-action's releases.

v4.32.3

• Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #3466

v4.32.2

• Update default CodeQL bundle version to 2.24.1. #3460

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.32.3 - 13 Feb 2026

• Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #3466

4.32.2 - 05 Feb 2026

• Update default CodeQL bundle version to 2.24.1. #3460

4.32.1 - 02 Feb 2026

• A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #3422
• Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #3421

4.32.0 - 26 Jan 2026

• Update default CodeQL bundle version to 2.24.0. #3425

4.31.11 - 23 Jan 2026

• When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
• Improved error handling throughout the CodeQL Action. #3415
• Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
• The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

4.31.10 - 12 Jan 2026

• Update default CodeQL bundle version to 2.23.9. #3393

4.31.9 - 16 Dec 2025

No user facing changes.

4.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

... (truncated)

Commits

• 9e907b5 Merge pull request #3479 from github/update-v4.32.3-4bf6fa4e2
• 1814c9f Update changelog for v4.32.3
• 4bf6fa4 Merge pull request #3478 from github/mbg/changelog/add-connection-test-entry
• 9658e23 Merge pull request #3476 from github/henrymercer/retry-auth-errors
• be75dd9 Add changelog entry for #3466
• 05bca54 Apply suggestion from @​Copilot
• 2d6b98c Merge pull request #3475 from github/henrymercer/retry-auth-errors
• 876cecb Avoid requesting features in CCR
• 43b46a1 Retry API authentication errors since these can be transient
• 8ad4b6e Merge pull request #3472 from github/dependabot/github_actions/dot-github/wor...
• Additional commits viewable in compare view

Updates crate-ci/typos from 1.43.0 to 1.43.5

Release notes

Sourced from crate-ci/typos's releases.

v1.43.5

[1.43.5] - 2026-02-16

Fixes

• (pypi) Hopefully fix the sdist build

v1.43.4

[1.43.4] - 2026-02-09

Fixes

• Don't correct pincher

v1.43.3

[1.43.3] - 2026-02-06

Fixes

• (action) Adjust how typos are reported to github

v1.43.2

[1.43.2] - 2026-02-05

Fixes

• Don't correct certifi in Python

v1.43.1

[1.43.1] - 2026-02-03

Fixes

• Don't correct consts

Changelog

Sourced from crate-ci/typos's changelog.

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

[Unreleased] - ReleaseDate

[1.43.5] - 2026-02-16

Fixes

• (pypi) Hopefully fix the sdist build

[1.43.4] - 2026-02-09

Fixes

• Don't correct pincher

[1.43.3] - 2026-02-06

Fixes

• (action) Adjust how typos are reported to github

[1.43.2] - 2026-02-05

Fixes

• Don't correct certifi in Python

[1.43.1] - 2026-02-03

Fixes

• Don't correct consts

[1.43.0] - 2026-02-02

Compatibility

• Bumped MSRV to 1.91

Features

• Updated the dictionary with the January 2026 changes

[1.42.3] - 2026-01-27

... (truncated)

Commits

• 57b11c6 chore: Release
• 105ced2 docs: Update changelog
• 4f89be7 Merge pull request #1504 from schnellerhase/bump-maturin
• d8547ad Merge pull request #1503 from 1195343015/patch-1
• 60527f0 Bump maturin to 1.12
• 3a925ad [Bugfix] Fix whitespace in unicode setting
• 78bc6fb chore: Release
• c3402c6 docs: Update changelog
• 5ad68cd Merge pull request #1500 from epage/pincher
• 3907364 fix(dict): Allow pincher
• Additional commits viewable in compare view

Updates zgosalvez/github-actions-ensure-sha-pinned-actions from 4.0.1 to 5.0.0

Release notes

Sourced from zgosalvez/github-actions-ensure-sha-pinned-actions's releases.

v5.0.0

What's Changed

• Bump actions/cache from 4.3.0 to 5.0.1 by @​dependabot[bot] in zgosalvez/github-actions-ensure-sha-pinned-actions#277
• Bump eslint from 9.39.1 to 10.0.0 by @​dependabot[bot] in zgosalvez/github-actions-ensure-sha-pinned-actions#281
• Bump @​actions/glob from 0.5.0 to 0.6.1 by @​dependabot[bot] in zgosalvez/github-actions-ensure-sha-pinned-actions#280
• Bump @​actions/core from 1.11.1 to 3.0.0 by @​dependabot[bot] in zgosalvez/github-actions-ensure-sha-pinned-actions#282
• Potential fix for code scanning alert no. 11: Workflow does not contain permissions by @​zgosalvez in zgosalvez/github-actions-ensure-sha-pinned-actions#283
• Potential fix for code scanning alert no. 10: Workflow does not contain permissions by @​zgosalvez in zgosalvez/github-actions-ensure-sha-pinned-actions#284
• Potential fix for code scanning alert no. 12: Shell command built from environment values by @​zgosalvez in zgosalvez/github-actions-ensure-sha-pinned-actions#285
• Potential fix for code scanning alert no. 12: Shell command built from environment values by @​zgosalvez in zgosalvez/github-actions-ensure-sha-pinned-actions#286

Full Changelog: zgosalvez/github-actions-ensure-sha-pinned-actions@v4...v5.0.0

v4.0.2

What's Changed

• Bump zgosalvez/github-actions-get-action-runs-using-version from 2.0.24 to 2.0.25 by @​dependabot[bot] in zgosalvez/github-actions-ensure-sha-pinned-actions#275
• Bump stefanzweifel/git-auto-commit-action from 7.0.0 to 7.1.0 by @​dependabot[bot] in zgosalvez/github-actions-ensure-sha-pinned-actions#274
• Bump actions/setup-node from 6.0.0 to 6.1.0 by @​dependabot[bot] in zgosalvez/github-actions-ensure-sha-pinned-actions#276
• Bump actions/checkout from 6.0.0 to 6.0.1 by @​dependabot[bot] in zgosalvez/github-actions-ensure-sha-pinned-actions#278

Full Changelog: zgosalvez/github-actions-ensure-sha-pinned-actions@v4...v4.0.2

Commits

• d5d20e1 Potential fix for code scanning alert no. 12: Shell command built from enviro...
• 225225b Potential fix for code scanning alert no. 12: Shell command built from enviro...
• c392958 Potential fix for code scanning alert no. 10: Workflow does not contain permi...
• 8c37409 Potential fix for code scanning alert no. 11: Workflow does not contain permi...
• 88d12a1 Bump @​actions/core from 1.11.1 to 3.0.0 (#282)
• 6b65263 Bump @​actions/glob from 0.5.0 to 0.6.1 (#280)
• 8459c7e Bump eslint from 9.39.1 to 10.0.0 (#281)
• c0631bf Bump actions/cache from 4.3.0 to 5.0.1 (#277)
• e4e4623 Bump actions/checkout from 6.0.0 to 6.0.1 (#278)
• 99499c8 Bump actions/setup-node from 6.0.0 to 6.1.0 (#276)
• Additional commits viewable in compare view

Updates reviewdog/action-actionlint from 1.70.0 to 1.71.0

Release notes

Sourced from reviewdog/action-actionlint's releases.

Release v1.71.0

v1.71.0: PR #193 - chore(deps): update actionlint to 1.7.11

Commits

• 0d952c5 bump v1.71.0
• e9dfe1d Merge branch 'main' into releases/v1
• 2a3d15f Merge pull request #193 from reviewdog/depup/actionlint
• e5de731 chore(deps): update actionlint to 1.7.11
• See full diff in compare view

Updates DataDog/dd-trace-go/.github/workflows/orchestrion.yml from 85daf7cbba902c8e372fdaa16aa7d96352c85430 to 0b4e12c3f12236f465b843f051ff056c06f2ffc1

Commits

• 0b4e12c fix(appsec): align downstream body analysis env var with RFC (#4398)
• 6845906 feat(contrib): Add rs/zerolog ddtracer integration (#4370)
• dd05598 chore(deps): bump the gh-actions-packages group across 3 directories with 15 ...
• f49f670 chore(ci): add nofilter for reviewdog (#4418)
• ab547c3 fix: make lint pass clean(er) (#4390)
• e1c020b feat(version): drop v1 version detection (#4409)
• 3379e30 feat(v2fix): expand analyzer coverage and harden suggested fix generation (#4...
• 7196cbb chore: bump minimum support Go version to 1.25 (#4403)
• da2b212 docs(contrib/aws/datadog-lambda-go): add README with migration guidance (#4378)
• 80bf124 feat(otel): adding support for OpenTelemetry logs (#4350)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.56%. Comparing base (e061d12) to head (78dbf3b).
⚠️ Report is 58 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #790      +/-   ##
==========================================
+ Coverage   65.72%   69.56%   +3.84%     
==========================================
  Files         113      116       +3     
  Lines        7926     6893    -1033     
==========================================
- Hits         5209     4795     -414     
+ Misses       2192     1551     -641     
- Partials      525      547      +22     

Components	Coverage Δ
Generators	83.23% <ø> (+2.98%)	⬆️
Instruments	∅ <ø> (∅)
Go Driver	75.58% <65.38%> (-0.23%)	⬇️
Toolexec Driver	74.78% <100.00%> (+7.25%)	⬆️
Aspects	76.75% <76.37%> (+4.83%)	⬆️
Injector	76.99% <77.04%> (+4.19%)	⬆️
Job Server	68.38% <55.55%> (+2.46%)	⬆️
Other	69.56% <65.01%> (+3.84%)	⬆️

Files with missing lines	Coverage Δ
internal/toolexec/proxy/compile.flags.go	100.00% <100.00%> (ø)
internal/toolexec/proxy/link.flags.go	100.00% <100.00%> (ø)

... and 106 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.