build(deps): bump the actions group with 2 updates

[dependabot]

Bumps the actions group with 2 updates: actions/checkout and github/codeql-action.

Updates actions/checkout from 5.0.1 to 6.0.0

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

Commits

• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• See full diff in compare view

Updates github/codeql-action from 4.31.5 to 4.31.6

Release notes

Sourced from github/codeql-action's releases.

v4.31.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.6 - 01 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

Commits

• fe4161a Merge pull request #3336 from github/update-v4.31.6-ecec1f887
• 88c2ab5 Update changelog for v4.31.6
• ecec1f8 Merge pull request #3335 from github/mbg/ci/run-codeql-on-all-prs
• 23da732 Merge pull request #3334 from github/kaspersv/overlay-minor-comments
• f7abc74 Remove branch filter for PR event in CodeQL workflow
• 32ada5e Merge branch 'main' into kaspersv/overlay-minor-comments
• 75b2f49 Merge pull request #3333 from github/kaspersv/overlay-no-resource-checks-option
• f036b1c Merge branch 'main' into kaspersv/overlay-no-resource-checks-option
• 58c5954 Add comment to runnerSupportsOverlayAnalysis
• b02fa13 Order feature flags alphabetically
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.23%. Comparing base (9dd6a2c) to head (9342f88).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2643   +/-   ##
=======================================
  Coverage   98.23%   98.23%           
=======================================
  Files          65       65           
  Lines        4190     4190           
  Branches      453      453           
=======================================
  Hits         4116     4116           
  Misses         45       45           
  Partials       29       29           

Flag	Coverage Δ
contrib	98.11% <ø> (ø)
doctest	98.23% <ø> (ø)
unittests-3.10	?
unittests-3.11	96.42% <ø> (ø)
unittests-3.12	96.42% <ø> (ø)
unittests-3.13	96.42% <ø> (ø)
unittests-3.9	96.46% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.