ci(deps): bump the github-actions group with 8 updates#1345
ci(deps): bump the github-actions group with 8 updates#1345dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the github-actions group with 8 updates: | Package | From | To | | --- | --- | --- | | [oxsecurity/megalinter/flavors/dotnet](https://github.com/oxsecurity/megalinter) | `9.5.0` | `9.6.0` | | [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `4.36.2` | `4.36.3` | | [crazy-max/ghaction-container-scan](https://github.com/crazy-max/ghaction-container-scan) | `4.0.0` | `4.1.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.1.0` | `4.2.0` | | [docker/login-action](https://github.com/docker/login-action) | `4.2.0` | `4.3.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `6.1.0` | `6.2.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `7.2.0` | `7.3.0` | | [philips-software/amp-devcontainer/.github/actions/container-size-diff](https://github.com/philips-software/amp-devcontainer) | `7.2.0` | `7.2.1` | Updates `oxsecurity/megalinter/flavors/dotnet` from 9.5.0 to 9.6.0 - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](oxsecurity/megalinter@0e3ce9b...ef3e84b) Updates `github/codeql-action/upload-sarif` from 4.36.2 to 4.36.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@8aad20d...54f647b) Updates `crazy-max/ghaction-container-scan` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/crazy-max/ghaction-container-scan/releases) - [Commits](crazy-max/ghaction-container-scan@a0a3900...ffcba8d) Updates `docker/setup-buildx-action` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@d7f5e7f...bb05f3f) Updates `docker/login-action` from 4.2.0 to 4.3.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@650006c...c99871d) Updates `docker/metadata-action` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@80c7e94...dc80280) Updates `docker/build-push-action` from 7.2.0 to 7.3.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@f9f3042...53b7df9) Updates `philips-software/amp-devcontainer/.github/actions/container-size-diff` from 7.2.0 to 7.2.1 - [Release notes](https://github.com/philips-software/amp-devcontainer/releases) - [Changelog](https://github.com/philips-software/amp-devcontainer/blob/main/CHANGELOG.md) - [Commits](2c92278...6ade42b) --- updated-dependencies: - dependency-name: oxsecurity/megalinter/flavors/dotnet dependency-version: 9.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action/upload-sarif dependency-version: 4.36.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: crazy-max/ghaction-container-scan dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/metadata-action dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: 7.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: philips-software/amp-devcontainer/.github/actions/container-size-diff dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
|
📦 Container Size AnalysisNote Comparing 📈 Size Comparison Table
|
✅
|
| Descriptor | Linter | Files | Fixed | Errors | Warnings | Elapsed time |
|---|---|---|---|---|---|---|
| ✅ ACTION | actionlint | 23 | 0 | 0 | 0.36s | |
| ✅ DOCKERFILE | hadolint | 4 | 0 | 0 | 0.44s | |
| ✅ JSON | npm-package-json-lint | yes | no | no | 0.73s | |
| ✅ JSON | prettier | 32 | 6 | 0 | 0 | 0.85s |
| ✅ JSON | v8r | 32 | 0 | 0 | 14.24s | |
| markdownlint | 13 | 0 | 1 | 0 | 1.28s | |
| ✅ MARKDOWN | markdown-table-formatter | 13 | 0 | 0 | 0 | 0.34s |
| ✅ REPOSITORY | betterleaks | yes | no | no | 1.58s | |
| ✅ REPOSITORY | checkov | yes | no | no | 31.63s | |
| ✅ REPOSITORY | gitleaks | yes | no | no | 1.23s | |
| ✅ REPOSITORY | git_diff | yes | no | no | 0.02s | |
| ✅ REPOSITORY | grype | yes | no | no | 60.37s | |
| osv-scanner | yes | 1 | no | 1.24s | ||
| ✅ REPOSITORY | secretlint | yes | no | no | 2.56s | |
| ✅ REPOSITORY | syft | yes | no | no | 2.89s | |
| ✅ REPOSITORY | trivy | yes | no | no | 14.84s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | no | 0.37s | |
| ✅ REPOSITORY | trufflehog | yes | no | no | 4.24s | |
| lychee | 100 | 2 | 0 | 11.99s | ||
| ✅ YAML | prettier | 32 | 0 | 0 | 0 | 1.27s |
| ✅ YAML | v8r | 32 | 0 | 0 | 13.45s | |
| ✅ YAML | yamllint | 32 | 0 | 0 | 1.85s |
Detailed Issues
⚠️ SPELL / lychee - 2 errors
📝 Summary
---------------------
🔍 Total..........147
🔗 Unique.........123
✅ Successful.....140
⏳ Timeouts.........0
🔀 Redirected......18
👻 Excluded.........0
❓ Unknown..........0
🚫 Errors...........2
⛔ Unsupported......2
Errors in .github/CODE_OF_CONDUCT.md
[ERROR] https://www.contributor-covenant.org/ (at 76:42) | Network error: Connection reset by peer (os error 104)
Errors in .github/TOOL_VERSION_ISSUE_TEMPLATE.md
[403] https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads (at 38:7) | Rejected status code: 403 Forbidden
Hint: Followed 18 redirects. You might want to consider replacing redirecting URLs with the resolved URLs. Use verbose mode (`-v`/`-vv`) to see redirection details.
Hint: You can configure accepted/rejected response codes with `-a` or `--accept`
⚠️ MARKDOWN / markdownlint - 1 error
docs/adr/0000-record-architecture-decisions.md:30:401 error MD013/line-length Line length [Expected: 400; Actual: 520]
⚠️ REPOSITORY / osv-scanner - 1 error
Scanning dir .
Starting filesystem walk for root: /
Scanned .devcontainer/docs/requirements.txt file and found 14 packages
Scanned .devcontainer/cpp/requirements.txt file and found 20 packages
Scanned package-lock.json file and found 73 packages
Scanned test/rust/workspace/cargo/Cargo.lock file and found 1 package
Scanned test/rust/workspace/test/Cargo.lock file and found 1 package
Scanned test/rust/workspace/cortex-m/Cargo.lock file and found 20 packages
Scanned test/rust/workspace/clippy/Cargo.lock file and found 1 package
Scanned test/rust/workspace/cortex-mf/Cargo.lock file and found 20 packages
End status: 98 dirs visited, 317 inodes visited, 8 Extract calls, 40.640338ms elapsed, 40.640901ms wall time
Total 2 packages affected by 2 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 2 Unknown) from 1 ecosystem.
0 vulnerabilities can be fixed.
+-----------------------------------+------+-----------+------------+---------+---------------+------------------------------------------+
| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE |
+-----------------------------------+------+-----------+------------+---------+---------------+------------------------------------------+
| https://osv.dev/RUSTSEC-2026-0110 | | crates.io | bare-metal | 0.2.5 | -- | test/rust/workspace/cortex-m/Cargo.lock |
| https://osv.dev/RUSTSEC-2026-0110 | | crates.io | bare-metal | 0.2.5 | -- | test/rust/workspace/cortex-mf/Cargo.lock |
+-----------------------------------+------+-----------+------------+---------+---------------+------------------------------------------+
Notices
📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)
See detailed reports in MegaLinter artifacts
You could have the same capabilities but better runtime performances if you use a MegaLinter flavor:
- oxsecurity/megalinter/flavors/salesforce@v9.6.0 (57 linters)
- oxsecurity/megalinter/flavors/javascript@v9.6.0 (63 linters)
Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)
- Documentation: Custom Flavors
- Command:
npx mega-linter-runner@9.6.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,DOCKERFILE_HADOLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_BETTERLEAKS,REPOSITORY_GRYPE,REPOSITORY_OSV_SCANNER,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
📦 Container Size AnalysisNote Comparing 📈 Size Comparison Table
|
📦 Container Size AnalysisNote Comparing 📈 Size Comparison Table
|
📦 Container Size AnalysisNote Comparing 📈 Size Comparison Table
|
📦 Container Size AnalysisNote Comparing 📈 Size Comparison Table
|



Bumps the github-actions group with 8 updates:
9.5.09.6.04.36.24.36.34.0.04.1.04.1.04.2.04.2.04.3.06.1.06.2.07.2.07.3.07.2.07.2.1Updates
oxsecurity/megalinter/flavors/dotnetfrom 9.5.0 to 9.6.0Release notes
Sourced from oxsecurity/megalinter/flavors/dotnet's releases.
... (truncated)
Changelog
Sourced from oxsecurity/megalinter/flavors/dotnet's changelog.
... (truncated)
Commits
ef3e84bRelease MegaLinter v9.6.08b9259bSkill prepare-release (#8245)5810155chore(deps): bump pymdown-extensions from 10.21.3 to 11.0 in /.config/python/...aca415cchore(deps): update dependency semver to v7.8.5 (#8198)2d8b274Remove max-parallel for linterse9ab3e9chore(ci): manual run of deploy linters beta job (#8242)a8a6368Changelog (#8241)7f363c6[automation] Auto-update linters version, help and documentation (#8215)bce5232chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.25 (#8232)9d98266chore(deps): update dependency realm/swiftlint to v0.65.0 (#8240)Updates
github/codeql-action/upload-sariffrom 4.36.2 to 4.36.3Release notes
Sourced from github/codeql-action/upload-sarif's releases.
Changelog
Sourced from github/codeql-action/upload-sarif's changelog.
... (truncated)
Commits
54f647bMerge pull request #3984 from github/update-v4.36.3-1f34ec164e78819eTrigger checks2c9d3d6Update changelog for v4.36.31f34ec1Merge pull request #3983 from github/mbg/repo-props/ff-for-config-file-propd5f0145Log when repository property has a value but is ignoredf27f563Add test for when the FF is off0025d0fUse FFf7fa18fAdd FF for config file repo property628fc3fMerge pull request #3979 from github/henrymercer/overlay-db-cleanup-size-tele...9cfb67bAdd clarifying commentsUpdates
crazy-max/ghaction-container-scanfrom 4.0.0 to 4.1.0Release notes
Sourced from crazy-max/ghaction-container-scan's releases.
Commits
ffcba8dMerge pull request #276 from crazy-max/dependabot/npm_and_yarn/undici-6.27.0dc4802f[dependabot skip] chore: update generated contentcbe1cb6build(deps): bump undici from 6.23.0 to 6.27.0da346fcMerge pull request #279 from crazy-max/dependabot/npm_and_yarn/actions/core-3...37850cf[dependabot skip] chore: update generated contentc8b927fbuild(deps): bump@actions/corefrom 3.0.0 to 3.0.177e6372Merge pull request #271 from crazy-max/dependabot/npm_and_yarn/tmp-0.2.6cf8d649[dependabot skip] chore: update generated content960bae0build(deps): bump tmp from 0.2.5 to 0.2.7ddfd12bMerge pull request #226 from crazy-max/dependabot/npm_and_yarn/minimatch-3.1.5Updates
docker/setup-buildx-actionfrom 4.1.0 to 4.2.0Release notes
Sourced from docker/setup-buildx-action's releases.
Commits
bb05f3fMerge pull request #580 from docker/dependabot/npm_and_yarn/docker/actions-to...321c814[dependabot skip] chore: update generated contentb9a36efbuild(deps): bump@docker/actions-toolkitfrom 0.91.0 to 0.92.0ebeab24Merge pull request #570 from docker/dependabot/npm_and_yarn/undici-6.27.05c7b8ae[dependabot skip] chore: update generated content037e618build(deps): bump undici from 6.25.0 to 6.27.066080e5Merge pull request #577 from docker/dependabot/npm_and_yarn/sigstore-4.1.1409aef0Merge pull request #562 from docker/dependabot/npm_and_yarn/js-yaml-4.2.049c6e42build(deps): bump sigstore from 4.1.0 to 4.1.12211273[dependabot skip] chore: update generated contentUpdates
docker/login-actionfrom 4.2.0 to 4.3.0Release notes
Sourced from docker/login-action's releases.
Commits
c99871dMerge pull request #1030 from docker/dependabot/npm_and_yarn/aws-sdk-dependen...b433555[dependabot skip] chore: update generated content678a46abuild(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...f9a0aeaMerge pull request #1031 from docker/dependabot/npm_and_yarn/sigstore-4.1.1cc1e4cbbuild(deps): bump sigstore from 4.1.0 to 4.1.102e1730Merge pull request #1029 from docker/dependabot/npm_and_yarn/sigstore/verify-...b548518build(deps): bump@sigstore/verifyfrom 3.1.0 to 3.1.1a244be3Merge pull request #1027 from docker/dependabot/npm_and_yarn/docker/actions-t...ee0d698[dependabot skip] chore: update generated content127dc2cbuild(deps): bump@docker/actions-toolkitfrom 0.91.0 to 0.92.0Updates
docker/metadata-actionfrom 6.1.0 to 6.2.0Release notes
Sourced from docker/metadata-action's releases.
Commits
dc80280Merge pull request #696 from docker/dependabot/npm_and_yarn/docker/actions-to...2b9fe83[dependabot skip] chore: update generated content8128ce3chore(deps): Bump@docker/actions-toolkitfrom 0.91.0 to 0.92.01d1c895Merge pull request #695 from docker/dependabot/npm_and_yarn/semver-7.8.57f0c2ddMerge pull request #694 from docker/dependabot/npm_and_yarn/sigstore-4.1.1025f8c5[dependabot skip] chore: update generated contente98d63cchore(deps): Bump semver from 7.8.1 to 7.8.537d9379chore(deps): Bump sigstore from 4.1.0 to 4.1.1a1b8072Merge pull request #690 from docker/dependabot/npm_and_yarn/sigstore/core-3.2.1e0e3381[dependabot skip] chore: update generated contentUpdates
docker/build-push-actionfrom 7.2.0 to 7.3.0Release notes
Sourced from docker/build-push-action's releases.
Commits
53b7df9Merge pull request #1572 from docker/dependabot/npm_and_yarn/docker/actions-t...154298c[dependabot skip] chore: update generated contentcb1238bchore(deps): Bump@docker/actions-toolkitfrom 0.91.0 to 0.92.024f845dMerge pull request #1566 from docker/dependabot/npm_and_yarn/js-yaml-4.2.09c69730[dependabot skip] chore: update generated contentbc3a3a5Merge pull request #1574 from docker/dependabot/github_actions/aws-actions/co...a82c504chore(deps): Bump js-yaml from 4.1.1 to 4.3.00285a75Merge pull request #1573 from docker/dependabot/github_actions/actions/cache-...c6ad2a3Merge pull request #1575 from docker/dependabot/github_actions/actions/checko...d37484fMerge pull request #1564 from docker/dependabot/npm_and_yarn/undici-6.27.0Updates
philips-software/amp-devcontainer/.github/actions/container-size-difffrom 7.2.0 to 7.2.1Release notes
Sourced from philips-software/amp-devcontainer/.github/actions/container-size-diff's releases.
Changelog
Sourced from philips-software/amp-devcontainer/.github/actions/container-size-diff's changelog.