chore(deps): bump the everything group across 1 directory with 2 updates

[dependabot]

Bumps the everything group with 2 updates in the / directory: step-security/harden-runner and trufflesecurity/trufflehog.

Updates step-security/harden-runner from 2.19.1 to 2.19.4

Release notes

Sourced from step-security/harden-runner's releases.

v2.19.4

What's Changed

• Improvements for HTTPS Monitoring for the Enterprise tier of Harden Runner

Full Changelog: step-security/harden-runner@v2.19.3...v2.19.4

v2.19.3

What's Changed

• Default to audit mode when api-key missing with use-policy-store by @​varunsh-coder in step-security/harden-runner#665

Full Changelog: step-security/harden-runner@v2.19.2...v2.19.3

v2.19.2

What's Changed

• Update the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.

Full Changelog: step-security/harden-runner@v2.19.1...v2.19.2

Commits

• 9af89fc Merge pull request #667 from step-security/update-agent-v1.8.6
• 485dce8 Update agent to v1.8.6
• ab7a940 Merge pull request #665 from step-security/fix/use-policy-store-default-audit
• ec41b78 Default to audit mode when api-key missing with use-policy-store
• 9ca718d Merge pull request #664 from step-security/update-agent-v1.8.5
• 1dee3df Update agent to v1.8.5
• See full diff in compare view

Updates trufflesecurity/trufflehog from 3.95.2 to 3.95.3

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.95.3

What's Changed

• Renamed AnypointOAuth2 detector's AnalysisInfo keys to make it consistent with its Analyzer by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4906
• Rename AnalysisInfo field to SecretParts on detectors.Result by @​mcastorina in trufflesecurity/trufflehog#4911
• Document SecretParts contract in detector-authoring docs by @​mcastorina in trufflesecurity/trufflehog#4912
• Add a static check for detectors that don't set SecretParts by @​mcastorina in trufflesecurity/trufflehog#4913
• Populate SecretParts on all detectors by @​mcastorina in trufflesecurity/trufflehog#4919
• Make checksecretparts required in CI by @​mcastorina in trufflesecurity/trufflehog#4921
• Deduplicate concurrent credential verification requests via singleflight by @​kashifkhan0771 in trufflesecurity/trufflehog#4314
• log non-critical chunk errors at V(2).Info instead of Error by @​johnelliott in trufflesecurity/trufflehog#4928
• [INS-320] Cloudinary detector by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4747
• ci: bump JS actions to Node 24 majors (incl. CodeQL v4 + WIF auth v3) by @​bryanbeverly in trufflesecurity/trufflehog#4933
• chore: bump golangci-lint-action v7 → v9 (Node 24) by @​bryanbeverly in trufflesecurity/trufflehog#4936
• Add default Content-Type: application/json header for custom detector verification request by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4947
• Make detector Result.SecretParts initialization stricter by @​mcastorina in trufflesecurity/trufflehog#4948
• Add Pinecone API key detector by @​dylanTruffle in trufflesecurity/trufflehog#4917
• adding customizable successRanges and rotatedRanges to customDetector by @​jordanTunstill in trufflesecurity/trufflehog#4892

Full Changelog: trufflesecurity/trufflehog@v3.95.2...v3.95.3

Commits

• 37b7700 adding customizable successRanges and rotatedRanges to customDetector (#4892)
• ba0a524 Add Pinecone API key detector (#4917)
• ab5dd03 Make detector Result.SecretParts initialization stricter (#4948)
• 90ca685 Add default Content-Type: application/json header for custom detector verific...
• 5f47aad chore: bump golangci-lint-action v7 → v9 (Node 24) (#4936)
• a4e3016 ci: bump JS actions to Node 24 majors (checkout v6, setup-go v6, codeql v4, a...
• 8a12e8e [INS-320] Cloudinary detector (#4747)
• cf31c26 Log non-critical chunk errors at V(2).Info instead of Error (#4928)
• 99dc7bd Deduplicate concurrent credential verification requests via singleflight (#4314)
• 3fc0c2a Make checksecretparts required in CI (#4921)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions