chore(deps): Bump github/codeql-action from 4.36.0 to 4.36.2

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.36.0 to 4.36.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/7211b7c8077ea37d8641b6271f6a365a22a5fbfa...8aad20d150bbac5944a9f9d289da16a4b0d87c1e)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/codeql.yml

@@ -35,12 +35,12 @@ jobs:
           node-version: ${{ env.NODE_VERSION }}
       -
         name: Initialize CodeQL
-        uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
+        uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
         with:
           languages: javascript-typescript
           build-mode: none
       -
         name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
+        uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
         with:
           category: "/language:javascript-typescript"

dev.Dockerfile

@@ -17,7 +17,7 @@ FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
   --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
-  yarn install --immutable && mkdir /vendor && cp yarn.lock /vendor
+  yarn install && mkdir /vendor && cp yarn.lock /vendor
 
 FROM scratch AS vendor-update
 COPY --from=deps /vendor /

dist/licenses.txt

@@ -4969,12 +4969,11 @@ THE SOFTWARE.
 
 -----------
 
-The following npm packages may be included in this product:
+The following npm package may be included in this product:
 
  - csv-parse@6.2.1
- - csv-parse@7.0.0
 
-These packages each contain the following license:
+This package contains the following license:
 
 The MIT License (MIT)
 

package.json

@@ -29,7 +29,7 @@
     "@actions/github": "^9.1.1",
     "@docker/actions-toolkit": "^0.91.0",
     "@renovate/pep440": "^1.0.0",
-    "csv-parse": "^7.0.0",
+    "csv-parse": "^6.2.1",
     "handlebars": "^4.7.9",
     "moment": "^2.30.1",
     "moment-timezone": "^0.6.2",

yarn.lock

@@ -2838,13 +2838,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"csv-parse@npm:^7.0.0":
-  version: 7.0.0
-  resolution: "csv-parse@npm:7.0.0"
-  checksum: 10/53c96e6b4ff80047713bb4d2967d06495890d4b628284a80271860be089fdb5a74cd97c76fd535a00ad26b11cc6e4fc5a243658e5377c0a6334ddd104620d169
-  languageName: node
-  linkType: hard
-
 "debug@npm:4, debug@npm:^4.3.1, debug@npm:^4.3.2, debug@npm:^4.3.4":
   version: 4.3.4
   resolution: "debug@npm:4.3.4"
@@ -2900,7 +2893,7 @@ __metadata:
     "@typescript-eslint/parser": "npm:^8.56.1"
     "@vitest/coverage-v8": "npm:^4.0.18"
     "@vitest/eslint-plugin": "npm:^1.6.9"
-    csv-parse: "npm:^7.0.0"
+    csv-parse: "npm:^6.2.1"
     dotenv: "npm:^17.3.1"
     esbuild: "npm:^0.28.0"
     eslint: "npm:^9.39.3"