chore(deps): update all non-major dependencies

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
cloudevents	>=1.2.0,<=1.11.0 -> >=1.12.0,<=1.12.0					project.dependencies	minor
github/codeql-action	v3.28.18 -> v3.29.0					action	minor
ossf/scorecard-action	v2.4.1 -> v2.4.2					action	patch
step-security/harden-runner	v2.12.0 -> v2.12.1					action	patch

---

Release Notes

cloudevents/sdk-python (cloudevents)

v1.12.0

Compare Source

Changed

• Dropped Python3.8 support while it has reached EOL. ([])

v1.11.1

Compare Source

Fixed

• Kafka conversion marshaller and unmarshaller typings ([#​240])
• Improved public API type annotations and fixed unit test type errors ([#​248])

github/codeql-action (github/codeql-action)

v3.29.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.0 - 11 Jun 2025

• Update default CodeQL bundle version to 2.22.0. #​2925
• Bump minimum CodeQL bundle version to 2.16.6. #​2912

See the full CHANGELOG.md for more information.

v3.28.19

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.19 - 03 Jun 2025

• The CodeQL Action no longer includes its own copy of the extractor for the actions language, which is currently in public preview.
  The actions extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the actions language and you have pinned
  your tools: property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable
  actions analysis.
• Update default CodeQL bundle version to 2.21.4. #​2910

See the full CHANGELOG.md for more information.

ossf/scorecard-action (ossf/scorecard-action)

v2.4.2

Compare Source

What's Changed

This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard v5.2.0 and v5.2.1 release notes.

Full Changelog: ossf/scorecard-action@v2.4.1...v2.4.2

step-security/harden-runner (step-security/harden-runner)

v2.12.1

Compare Source

What's Changed

• Detection capabilities have been upgraded to better recognize attempts at runner tampering. These improvements are informed by real-world incident learnings, including analysis of anomalous behaviors observed in the tj-actions and reviewdog supply chain attack.
• Resolved an issue where the block policy was not enforced correctly when the GitHub Actions job was running inside a container on a self-hosted VM runner.

Full Changelog: step-security/harden-runner@v2...v2.12.1

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.