chore: update taiga-family/ci action to v1.163.0

[taiga-family-bot]

This PR contains the following updates:

Package	Type	Change
taiga-family/ci	action	v1.162.0 -> v1.163.0

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[github-actions]

🚨 NPM Audit Error

29 vulnerabilities (4 low, 16 moderate, 2 high, 7 critical)

Show details

# npm audit report

@angular/platform-server  16.0.0-next.0 - 18.2.13
Severity: high
Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage - https://github.com/advisories/GHSA-68x2-mx4q-78m7
fix available via `npm audit fix --force`
Will install @angular/platform-server@20.3.2, which is a breaking change
node_modules/@angular/platform-server
  @angular-devkit/build-angular  <lt;=19.2.14 || 20.0.0-next.0 - 20.0.0-rc.4
  Depends on vulnerable versions of @angular-devkit/build-webpack
  Depends on vulnerable versions of @angular/platform-server
  Depends on vulnerable versions of @babel/runtime
  Depends on vulnerable versions of esbuild
  Depends on vulnerable versions of inquirer
  Depends on vulnerable versions of ng-packagr
  Depends on vulnerable versions of vite
  Depends on vulnerable versions of webpack-dev-server
  node_modules/@angular-devkit/build-angular

@babel/runtime  <lt;7.26.10
Severity: moderate
Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups - https://github.com/advisories/GHSA-968p-4wvh-cqc8
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@20.3.3, which is a breaking change
node_modules/@babel/runtime

@conventional-changelog/git-client  <lt;2.0.0
Severity: moderate
@conventional-changelog/git-client has Argument Injection vulnerability - https://github.com/advisories/GHSA-vh25-5764-9wcr
fix available via `npm audit fix --force`
Will install @taiga-ui/release-it-config@0.220.0, which is a breaking change
node_modules/conventional-changelog-core/node_modules/@conventional-changelog/git-client
node_modules/conventional-recommended-bump/node_modules/@conventional-changelog/git-client
node_modules/git-semver-tags/node_modules/@conventional-changelog/git-client
  conventional-recommended-bump  10.0.0
  Depends on vulnerable versions of @conventional-changelog/git-client
  node_modules/conventional-recommended-bump
    @release-it/conventional-changelog  >gt;=8.0.2-next.0
    Depends on vulnerable versions of conventional-changelog
    Depends on vulnerable versions of conventional-recommended-bump
    Depends on vulnerable versions of git-semver-tags
    node_modules/@release-it/conventional-changelog
      @taiga-ui/release-it-config  >gt;=0.221.0
      Depends on vulnerable versions of @release-it/conventional-changelog
      node_modules/@taiga-ui/release-it-config
  git-raw-commits  >gt;=5.0.0
  Depends on vulnerable versions of @conventional-changelog/git-client
  node_modules/conventional-changelog-core/node_modules/git-raw-commits
  git-semver-tags  >gt;=8.0.0
  Depends on vulnerable versions of @conventional-changelog/git-client
  node_modules/git-semver-tags
    conventional-changelog-core  >gt;=8.0.0
    Depends on vulnerable versions of git-raw-commits
    Depends on vulnerable versions of git-semver-tags
    node_modules/conventional-changelog-core
      conventional-changelog  6.0.0
      Depends on vulnerable versions of conventional-changelog-core
      node_modules/conventional-changelog

dompurify  <lt;3.2.4
Severity: moderate
DOMPurify allows Cross-site Scripting (XSS) - https://github.com/advisories/GHSA-vhxf-7vqr-mrjg
fix available via `npm audit fix --force`
Will install @taiga-ui/dompurify@5.0.1, which is a breaking change
node_modules/dompurify
  @taiga-ui/dompurify  4.1.10 - 4.1.11
  Depends on vulnerable versions of dompurify
  node_modules/@taiga-ui/dompurify

esbuild  <lt;=0.24.2
Severity: moderate
esbuild enables any website to send any requests to the development server and read the response - https://github.com/advisories/GHSA-67mh-4wv8-2f99
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@20.3.3, which is a breaking change
node_modules/esbuild
node_modules/ng-packagr/node_modules/esbuild
  ng-packagr  12.2.0-next.0 - 19.2.0-next.2
  Depends on vulnerable versions of esbuild
  node_modules/ng-packagr
  vite  <lt;=6.1.6
  Depends on vulnerable versions of esbuild
  node_modules/vite

koa  <lt;=2.16.1
Severity: critical
Inefficient Regular Expression Complexity in koa - https://github.com/advisories/GHSA-593f-38f6-jp5m
Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function - https://github.com/advisories/GHSA-x2rg-q646-7m2v
Koa Open Redirect via Referrer Header (User-Controlled) - https://github.com/advisories/GHSA-jgmv-j7ww-jx2x
fix available via `npm audit fix --force`
Will install @nx/angular@20.8.2, which is outside the stated dependency range
node_modules/koa
  @module-federation/dts-plugin  <lt;=0.8.12
  Depends on vulnerable versions of koa
  node_modules/@module-federation/dts-plugin
    @module-federation/enhanced  <lt;=0.0.1-rc.0 || 0.1.2 - 0.8.12
    Depends on vulnerable versions of @module-federation/dts-plugin
    Depends on vulnerable versions of @module-federation/manifest
    Depends on vulnerable versions of @module-federation/rspack
    node_modules/@module-federation/enhanced
      @nx/angular  <lt;=0.0.0-pr-31222-862e973 || 19.5.0-beta.0 - 20.2.0-rc.0
      Depends on vulnerable versions of @module-federation/enhanced
      Depends on vulnerable versions of @nx/webpack
      node_modules/@nx/angular
      @nx/webpack  <lt;=0.0.0-pr-31222-862e973 || 19.5.1 - 20.2.0-rc.0
      Depends on vulnerable versions of @module-federation/enhanced
      node_modules/@nx/webpack
    @module-federation/manifest  <lt;=0.0.0-next-20250926024003 || 0.1.3 - 0.8.12
    Depends on vulnerable versions of @module-federation/dts-plugin
    node_modules/@module-federation/manifest
      @module-federation/rspack  <lt;=0.8.12
      Depends on vulnerable versions of @module-federation/dts-plugin
      Depends on vulnerable versions of @module-federation/manifest
      node_modules/@module-federation/rspack

tmp  <lt;=0.2.3
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter - https://github.com/advisories/GHSA-52f5-9888-hmc6
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@20.3.3, which is a breaking change
node_modules/external-editor/node_modules/tmp
  external-editor  >gt;=1.1.1
  Depends on vulnerable versions of tmp
  node_modules/external-editor
    inquirer  3.0.0 - 8.2.6 || 9.0.0 - 9.3.7
    Depends on vulnerable versions of external-editor
    node_modules/inquirer
      @angular/cli  <lt;=1.4.0-rc.2 || 7.0.0-beta.0 - 18.1.0-rc.1
      Depends on vulnerable versions of inquirer
      node_modules/@angular/cli


webpack-dev-server  <lt;=5.2.0
Severity: moderate
webpack-dev-server users'#39; source code may be stolen when they access a malicious web site with non-Chromium based browser - https://github.com/advisories/GHSA-9jgg-88mc-972h
webpack-dev-server users'#39; source code may be stolen when they access a malicious web site - https://github.com/advisories/GHSA-4v9v-hfq4-rm2v
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@20.3.3, which is a breaking change
node_modules/webpack-dev-server
  @angular-devkit/build-webpack  <lt;=0.1703.17
  Depends on vulnerable versions of webpack-dev-server
  node_modules/@angular-devkit/build-webpack

29 vulnerabilities (4 low, 16 moderate, 2 high, 7 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

[github-actions]

LGTM (Automated approved)

[taiga-family-approve-bot]

LGTM (Automated approved)