search

miracum / ahd2fhir

A REST service for mapping text analysis results from Averbis Health Discovery to FHIR resources.
Apache License 2.0
8 stars 0 forks source link

chore(deps): update github-actions #159

Closed renovate[bot] closed 8 months ago

renovate[bot] commented 8 months ago

Mend Renovate

This PR contains the following updates:

Package Type Update Change
actions/setup-java action minor v4.0.0 -> v4.2.1
github/codeql-action action patch v3.24.3 -> v3.24.9
miracum/.github action minor v1.5.8 -> v1.6.2

Release Notes

actions/setup-java (actions/setup-java) ### [`v4.2.1`](https://togithub.com/actions/setup-java/releases/tag/v4.2.1) [Compare Source](https://togithub.com/actions/setup-java/compare/v4.2.0...v4.2.1) ##### What's Changed - Patch for java version file to accept it from any path by [@​mahabaleshwars](https://togithub.com/mahabaleshwars) in [https://github.com/actions/setup-java/pull/610](https://togithub.com/actions/setup-java/pull/610) **Full Changelog**: https://github.com/actions/setup-java/compare/v4...v4.2.1 ### [`v4.2.0`](https://togithub.com/actions/setup-java/releases/tag/v4.2.0) [Compare Source](https://togithub.com/actions/setup-java/compare/v4.1.0...v4.2.0) ##### What's Changed - Updated actions/httpclient version to 2.2.1 and other dependencies by [@​HarithaVattikuti](https://togithub.com/HarithaVattikuti) in [https://github.com/actions/setup-java/pull/607](https://togithub.com/actions/setup-java/pull/607) - Added .tool-versions file support along with .java-version file by [@​mahabaleshwars](https://togithub.com/mahabaleshwars) in [https://github.com/actions/setup-java/pull/606](https://togithub.com/actions/setup-java/pull/606) ##### New Contributors - [@​HarithaVattikuti](https://togithub.com/HarithaVattikuti) made their first contribution in [https://github.com/actions/setup-java/pull/607](https://togithub.com/actions/setup-java/pull/607) **Full Changelog**: https://github.com/actions/setup-java/compare/v4...v4.2.0 ### [`v4.1.0`](https://togithub.com/actions/setup-java/releases/tag/v4.1.0) [Compare Source](https://togithub.com/actions/setup-java/compare/v4.0.0...v4.1.0) #### What's Changed - Added Windows Arm64 Support for Windows Arm64 Runners by [@​mahabaleshwars](https://togithub.com/mahabaleshwars) in [https://github.com/actions/setup-java/pull/595](https://togithub.com/actions/setup-java/pull/595) - feat: bump actions/checkout and actions/setup-java to v4 by [@​kbdharun](https://togithub.com/kbdharun) in [https://github.com/actions/setup-java/pull/533](https://togithub.com/actions/setup-java/pull/533) - Handle authorization when the token is undefined by [@​peter-murray](https://togithub.com/peter-murray) in [https://github.com/actions/setup-java/pull/556](https://togithub.com/actions/setup-java/pull/556) - Documentation update of Java 21 by [@​Okeanos](https://togithub.com/Okeanos) in [https://github.com/actions/setup-java/pull/566](https://togithub.com/actions/setup-java/pull/566) - Documentation update about maven-gpg-plugin version note by [@​IvanZosimov](https://togithub.com/IvanZosimov) in [https://github.com/actions/setup-java/pull/570](https://togithub.com/actions/setup-java/pull/570) - Oracle JDK 21 support by [@​jdubois](https://togithub.com/jdubois) in [https://github.com/actions/setup-java/pull/538](https://togithub.com/actions/setup-java/pull/538) - Fix typo in configuration example by [@​Bananeweizen](https://togithub.com/Bananeweizen) in [https://github.com/actions/setup-java/pull/572](https://togithub.com/actions/setup-java/pull/572) #### New Contributors - [@​kbdharun](https://togithub.com/kbdharun) made their first contribution in [https://github.com/actions/setup-java/pull/533](https://togithub.com/actions/setup-java/pull/533) - [@​peter-murray](https://togithub.com/peter-murray) made their first contribution in [https://github.com/actions/setup-java/pull/556](https://togithub.com/actions/setup-java/pull/556) - [@​jdubois](https://togithub.com/jdubois) made their first contribution in [https://github.com/actions/setup-java/pull/538](https://togithub.com/actions/setup-java/pull/538) - [@​Bananeweizen](https://togithub.com/Bananeweizen) made their first contribution in [https://github.com/actions/setup-java/pull/572](https://togithub.com/actions/setup-java/pull/572) - [@​mahabaleshwars](https://togithub.com/mahabaleshwars) made their first contribution in [https://github.com/actions/setup-java/pull/595](https://togithub.com/actions/setup-java/pull/595) **Full Changelog**: https://github.com/actions/setup-java/compare/v4...v4.1.0
github/codeql-action (github/codeql-action) ### [`v3.24.9`](https://togithub.com/github/codeql-action/compare/v3.24.8...v3.24.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.8...v3.24.9) ### [`v3.24.8`](https://togithub.com/github/codeql-action/compare/v3.24.7...v3.24.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.7...v3.24.8) ### [`v3.24.7`](https://togithub.com/github/codeql-action/compare/v3.24.6...v3.24.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.6...v3.24.7) ### [`v3.24.6`](https://togithub.com/github/codeql-action/compare/v3.24.5...v3.24.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.5...v3.24.6) ### [`v3.24.5`](https://togithub.com/github/codeql-action/compare/v3.24.4...v3.24.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.4...v3.24.5) ### [`v3.24.4`](https://togithub.com/github/codeql-action/compare/v3.24.3...v3.24.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.3...v3.24.4)
miracum/.github (miracum/.github) ### [`v1.6.2`](https://togithub.com/miracum/.github/releases/tag/v1.6.2) [Compare Source](https://togithub.com/miracum/.github/compare/v1.6.1...v1.6.2) ##### Miscellaneous Chores - **deps:** update docker.io/library/python:3.12.2-slim docker digest to [`36d57d7`](https://togithub.com/miracum/.github/commit/36d57d7) ([#​41](https://togithub.com/miracum/.github/issues/41)) ([cc6fa0f](https://togithub.com/miracum/.github/commit/cc6fa0f9913128e1b27770bcd43df2c19e547a25)) - **deps:** update github-actions ([#​46](https://togithub.com/miracum/.github/issues/46)) ([ebc01f6](https://togithub.com/miracum/.github/commit/ebc01f6bcb49c40fbf61b5888244bd7996d2e229)) ### [`v1.6.1`](https://togithub.com/miracum/.github/releases/tag/v1.6.1) [Compare Source](https://togithub.com/miracum/.github/compare/v1.6.0...v1.6.1) ##### Miscellaneous Chores - **deps:** update github-actions ([#​45](https://togithub.com/miracum/.github/issues/45)) ([f9d64a7](https://togithub.com/miracum/.github/commit/f9d64a7dbe928557fde9f96defa3e372bc0eaf21)) ### [`v1.6.0`](https://togithub.com/miracum/.github/releases/tag/v1.6.0) [Compare Source](https://togithub.com/miracum/.github/compare/v1.5.9...v1.6.0) ##### Features - add trivy report as a PR comment ([#​44](https://togithub.com/miracum/.github/issues/44)) ([f0e7b63](https://togithub.com/miracum/.github/commit/f0e7b6366b88a4c6b73e9c9f6200b26327d73b75)) ##### Miscellaneous Chores - **deps:** updated pr comment template location ([829c942](https://togithub.com/miracum/.github/commit/829c942d4310a22df627505bb807af03b1e7edd7)) ### [`v1.5.9`](https://togithub.com/miracum/.github/releases/tag/v1.5.9) [Compare Source](https://togithub.com/miracum/.github/compare/v1.5.8...v1.5.9) ##### Bug Fixes - create temp dir ([#​43](https://togithub.com/miracum/.github/issues/43)) ([78c448c](https://togithub.com/miracum/.github/commit/78c448ce94b095535278b2d7ff5d13def3bed87f)) - set TMPDIR to avoid trivy out of disk errors ([265b57e](https://togithub.com/miracum/.github/commit/265b57e3b1623738fc95d6e5d97b4bead183141d)) ##### Miscellaneous Chores - default back to monthly renovations ([24a47ab](https://togithub.com/miracum/.github/commit/24a47abe24071f23a5fc793ad42b34f01115331d)) - **deps:** update github-actions ([#​42](https://togithub.com/miracum/.github/issues/42)) ([0acca4e](https://togithub.com/miracum/.github/commit/0acca4e2cf641d828c9514dce0ff70511b448cc2))

Configuration

πŸ“… Schedule: Branch creation - "every 3 months on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ‘» Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

This PR has been generated by Mend Renovate. View repository job log here.

github-actions[bot] commented 8 months ago

Target ghcr.io/miracum/ahd2fhir:pr-159 (debian 12.5)

Vulnerabilities (66)

Package ID Severity Installed Version Fixed Version
libc6 CVE-2010-4756 LOW 2.36-9+deb12u4
libc6 CVE-2018-20796 LOW 2.36-9+deb12u4
libc6 CVE-2019-1010022 LOW 2.36-9+deb12u4
libc6 CVE-2019-1010023 LOW 2.36-9+deb12u4
libc6 CVE-2019-1010024 LOW 2.36-9+deb12u4
libc6 CVE-2019-1010025 LOW 2.36-9+deb12u4
libc6 CVE-2019-9192 LOW 2.36-9+deb12u4
libexpat1 CVE-2023-52425 HIGH 2.5.0-1
libexpat1 CVE-2024-28757 HIGH 2.5.0-1
libexpat1 CVE-2023-52426 LOW 2.5.0-1
libgcc-s1 CVE-2023-4039 MEDIUM 12.2.0-14
libgcc-s1 CVE-2022-27943 LOW 12.2.0-14
libgomp1 CVE-2023-4039 MEDIUM 12.2.0-14
libgomp1 CVE-2022-27943 LOW 12.2.0-14
libgssapi-krb5-2 CVE-2024-26458 HIGH 1.20.1-2+deb12u1
libgssapi-krb5-2 CVE-2024-26461 HIGH 1.20.1-2+deb12u1
libgssapi-krb5-2 CVE-2024-26462 HIGH 1.20.1-2+deb12u1
libgssapi-krb5-2 CVE-2018-5709 LOW 1.20.1-2+deb12u1
libk5crypto3 CVE-2024-26458 HIGH 1.20.1-2+deb12u1
libk5crypto3 CVE-2024-26461 HIGH 1.20.1-2+deb12u1
libk5crypto3 CVE-2024-26462 HIGH 1.20.1-2+deb12u1
libk5crypto3 CVE-2018-5709 LOW 1.20.1-2+deb12u1
libkrb5-3 CVE-2024-26458 HIGH 1.20.1-2+deb12u1
libkrb5-3 CVE-2024-26461 HIGH 1.20.1-2+deb12u1
libkrb5-3 CVE-2024-26462 HIGH 1.20.1-2+deb12u1
libkrb5-3 CVE-2018-5709 LOW 1.20.1-2+deb12u1
libkrb5support0 CVE-2024-26458 HIGH 1.20.1-2+deb12u1
libkrb5support0 CVE-2024-26461 HIGH 1.20.1-2+deb12u1
libkrb5support0 CVE-2024-26462 HIGH 1.20.1-2+deb12u1
libkrb5support0 CVE-2018-5709 LOW 1.20.1-2+deb12u1
libncursesw6 CVE-2023-50495 MEDIUM 6.4-4
libncursesw6 CVE-2023-45918 LOW 6.4-4
libpython3.11-minimal CVE-2023-24329 HIGH 3.11.2-6
libpython3.11-minimal CVE-2023-41105 HIGH 3.11.2-6
libpython3.11-minimal CVE-2023-27043 MEDIUM 3.11.2-6
libpython3.11-minimal CVE-2023-40217 MEDIUM 3.11.2-6
libpython3.11-minimal CVE-2023-6597 UNKNOWN 3.11.2-6
libpython3.11-minimal CVE-2024-0450 UNKNOWN 3.11.2-6
libpython3.11-stdlib CVE-2023-24329 HIGH 3.11.2-6
libpython3.11-stdlib CVE-2023-41105 HIGH 3.11.2-6
libpython3.11-stdlib CVE-2023-27043 MEDIUM 3.11.2-6
libpython3.11-stdlib CVE-2023-40217 MEDIUM 3.11.2-6
libpython3.11-stdlib CVE-2023-6597 UNKNOWN 3.11.2-6
libpython3.11-stdlib CVE-2024-0450 UNKNOWN 3.11.2-6
libsqlite3-0 CVE-2023-7104 HIGH 3.40.1-2
libsqlite3-0 CVE-2024-0232 MEDIUM 3.40.1-2
libsqlite3-0 CVE-2021-45346 LOW 3.40.1-2
libssl3 CVE-2023-5678 MEDIUM 3.0.11-1~deb12u2
libssl3 CVE-2023-6129 MEDIUM 3.0.11-1~deb12u2
libssl3 CVE-2023-6237 MEDIUM 3.0.11-1~deb12u2
libssl3 CVE-2024-0727 MEDIUM 3.0.11-1~deb12u2
libssl3 CVE-2007-6755 LOW 3.0.11-1~deb12u2
libssl3 CVE-2010-0928 LOW 3.0.11-1~deb12u2
libstdc++6 CVE-2023-4039 MEDIUM 12.2.0-14
libstdc++6 CVE-2022-27943 LOW 12.2.0-14
libtinfo6 CVE-2023-50495 MEDIUM 6.4-4
libtinfo6 CVE-2023-45918 LOW 6.4-4
libuuid1 CVE-2024-28085 HIGH 2.38.1-5+b1 2.38.1-5+deb12u1
libuuid1 CVE-2022-0563 LOW 2.38.1-5+b1
python3.11-minimal CVE-2023-24329 HIGH 3.11.2-6
python3.11-minimal CVE-2023-41105 HIGH 3.11.2-6
python3.11-minimal CVE-2023-27043 MEDIUM 3.11.2-6
python3.11-minimal CVE-2023-40217 MEDIUM 3.11.2-6
python3.11-minimal CVE-2023-6597 UNKNOWN 3.11.2-6
python3.11-minimal CVE-2024-0450 UNKNOWN 3.11.2-6
zlib1g CVE-2023-45853 CRITICAL 1:1.2.13.dfsg-1

No Misconfigurations found

Target Python

Vulnerabilities (1)

Package ID Severity Installed Version Fixed Version
pip CVE-2023-5752 MEDIUM 23.2.1 23.3

No Misconfigurations found

github-actions[bot] commented 8 months ago

πŸ¦™ MegaLinter status: βœ… SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time
βœ… ACTION actionlint 5 0 0.03s
βœ… BASH bash-exec 2 0 0.04s
βœ… BASH shellcheck 2 0 0.02s
βœ… BASH shfmt 2 0 0.03s
βœ… DOCKERFILE hadolint 2 0 0.15s
βœ… JSON eslint-plugin-jsonc 17 0 2.89s
βœ… JSON jsonlint 17 0 0.56s
βœ… JSON npm-package-json-lint yes no 0.69s
βœ… JSON prettier 17 0 2.09s
βœ… MARKDOWN markdownlint 3 0 0.64s
βœ… PYTHON bandit 31 0 1.71s
βœ… PYTHON black 31 0 2.41s
βœ… PYTHON flake8 31 0 1.1s
βœ… PYTHON isort 31 0 0.52s
βœ… PYTHON mypy 31 0 10.17s
βœ… PYTHON pyright 31 0 10.6s
βœ… PYTHON ruff 31 0 0.1s
βœ… REPOSITORY checkov yes no 15.38s
βœ… REPOSITORY gitleaks yes no 0.13s
βœ… REPOSITORY git_diff yes no 0.01s
βœ… REPOSITORY grype yes no 14.02s
βœ… REPOSITORY kics yes no 39.73s
βœ… REPOSITORY secretlint yes no 1.19s
βœ… REPOSITORY syft yes no 0.55s
βœ… REPOSITORY trivy yes no 12.05s
βœ… REPOSITORY trivy-sbom yes no 8.64s
βœ… REPOSITORY trufflehog yes no 13.09s
βœ… YAML prettier 15 0 1.2s
βœ… YAML yamllint 15 0 0.51s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

_MegaLinter is graciously provided by OX Security_

miracum-bot commented 7 months ago

:tada: This PR is included in version 3.1.6 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: