fix(deps): update all non-major dependencies

[renovate-coveooss]

Jira: DT-4929

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
github.com/getsentry/sentry-go	v0.46.0 → v0.46.2					require	patch
step-security/harden-runner	v2.19.0 → v2.19.1					action	patch

[skip release]

---

Release Notes

getsentry/sentry-go (github.com/getsentry/sentry-go)

v0.46.2: 0.46.2

Compare Source

Bug Fixes 🐛

• Add attachments to new event path by @​giortzisg in #​1295

v0.46.1: 0.46.1

Compare Source

Bug Fixes 🐛

• Correctly capture request body for fasthttp and fiber by @​giortzisg in #​1284
• (http) Avoid async transport shutdown panics by @​giortzisg in #​1288
• (httpclient) Clone request before adding trace headers by @​giortzisg in #​1290
• (scope) Use scoped client for request PII by @​giortzisg in #​1289
• Safe concurrent access for span and scope by @​giortzisg in #​1285

step-security/harden-runner (step-security/harden-runner)

v2.19.1

Compare Source

What's Changed

• fix: detect ubuntu-slim runners early and bail out by @​devantler in #​657

What the fix changes

• Harden-Runner will detect ubuntu-slim runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.

What the fix does not do

• Jobs running on ubuntu-slim will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).
• Per GitHub's docs on single-CPU runners: "The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported." Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.

For StepSecurity enterprise customers
If your security posture requires that workflows are always monitored, you can block the use of ubuntu-slim via workflow run policies see the Runner Label Policy docs. This lets you enforce that jobs only run on monitored runner types.

New Contributors

• @​devantler made their first contribution in #​657

Full Changelog: step-security/harden-runner@v2.19.0...v2.19.1

---

Configuration

📅 Schedule: (in timezone America/Toronto)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • "after 9:00am and before 12:00pm on tuesday, wednesday, thursday"

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

[svcsnykcoveo]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.