github-actions[bot]
commented
8 months ago 🦙 MegaLinter status: ❌ ERROR
| Descriptor | Linter | Files | Fixed | Errors | Elapsed time |
|---|---|---|---|---|---|
| ✅ ACTION | actionlint | 5 | 0 | 0.05s | |
| ✅ BASH | bash-exec | 2 | 0 | 0.03s | |
| ✅ BASH | shellcheck | 2 | 0 | 0.03s | |
| ✅ BASH | shfmt | 2 | 0 | 0.04s | |
| ✅ DOCKERFILE | hadolint | 2 | 0 | 0.21s | |
| ✅ JSON | jsonlint | 17 | 0 | 0.37s | |
| ✅ JSON | npm-package-json-lint | yes | no | 1.11s | |
| ✅ JSON | prettier | 17 | 0 | 2.97s | |
| ✅ MARKDOWN | markdownlint | 3 | 0 | 0.77s | |
| ✅ PYTHON | bandit | 31 | 0 | 1.8s | |
| ✅ PYTHON | black | 31 | 0 | 2.97s | |
| ✅ PYTHON | flake8 | 31 | 0 | 1.58s | |
| ✅ PYTHON | isort | 31 | 0 | 0.76s | |
| ✅ PYTHON | mypy | 31 | 0 | 9.96s | |
| ✅ PYTHON | pyright | 31 | 0 | 10.8s | |
| ✅ PYTHON | ruff | 31 | 0 | 0.04s | |
| ✅ REPOSITORY | checkov | yes | no | 15.68s | |
| ✅ REPOSITORY | gitleaks | yes | no | 0.18s | |
| ✅ REPOSITORY | git_diff | yes | no | 0.02s | |
| ✅ REPOSITORY | grype | yes | no | 15.82s | |
| ✅ REPOSITORY | kics | yes | no | 34.94s | |
| ✅ REPOSITORY | secretlint | yes | no | 1.15s | |
| ✅ REPOSITORY | syft | yes | no | 0.84s | |
| ❌ REPOSITORY | trivy | yes | 1 | 12.73s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | 8.42s | |
| ✅ REPOSITORY | trufflehog | yes | no | 4.33s | |
| ✅ YAML | prettier | 15 | 0 | 1.52s | |
| ✅ YAML | yamllint | 15 | 0 | 0.59s |
See detailed report in MegaLinter reports
You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.
_MegaLinter is graciously provided by 
_
miracum-bot
This PR contains the following updates:
v4.1.1->v4.1.6v4.3.1->v4.3.3v3.24.9->v3.25.7v1.6.2->v1.9.1v2.3.1->v2.3.3Release Notes
actions/checkout (actions/checkout)
### [`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5) #### What's Changed - Update NPM dependencies by [@cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@users.noreply.github.com` by [@cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707) **Full Changelog**: https://github.com/actions/checkout/compare/v4.1.4...v4.1.5 ### [`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692) - Add dependabot config by [@cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3) #### What's Changed - Update `actions/checkout` version in `update-main-version.yml` by [@jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650) - Check git version before attempting to disable `sparse-checkout` by [@jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656) - Add SSH user parameter by [@cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685) **Full Changelog**: https://github.com/actions/checkout/compare/v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@dscho](https://togithub.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598)actions/upload-artifact (actions/upload-artifact)
### [`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3) ##### What's Changed - updating `@actions/artifact` dependency to v2.1.6 by [@eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4.3.2...v4.3.3 ### [`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2) #### What's Changed - Update release-new-action-version.yml by [@konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516) - Minor fix to the migration readme by [@andrewakim](https://togithub.com/andrewakim) in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) - Update readme with v3/v2/v1 deprecation notice by [@robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561) - updating `@actions/artifact` dependency to v2.1.5 and `@actions/core` to v1.0.1 by [@eggyhead](https://togithub.com/eggyhead) in [https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562) #### New Contributors - [@andrewakim](https://togithub.com/andrewakim) made their first contribution in [https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4.3.1...v4.3.2github/codeql-action (github/codeql-action)
### [`v3.25.7`](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7) ### [`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) ### [`v3.25.3`](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3) ### [`v3.25.2`](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) ### [`v3.25.1`](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) ### [`v3.25.0`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.25.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.11...v3.25.0) ### [`v3.24.11`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11) ### [`v3.24.10`](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10)miracum/.github (miracum/.github)
### [`v1.9.1`](https://togithub.com/miracum/.github/releases/tag/v1.9.1) [Compare Source](https://togithub.com/miracum/.github/compare/v1.9.0...v1.9.1) ##### Miscellaneous Chores - **deps:** update github-actions ([#58](https://togithub.com/miracum/.github/issues/58)) ([614627d](https://togithub.com/miracum/.github/commit/614627d88ea531acb0b0f321f507b2c7c91a721d)) ### [`v1.9.0`](https://togithub.com/miracum/.github/releases/tag/v1.9.0) [Compare Source](https://togithub.com/miracum/.github/compare/v1.8.3...v1.9.0) ##### Features - show vuln severity counts in summary ([a12c29b](https://togithub.com/miracum/.github/commit/a12c29b6632a76314d8ccbb5a508e3be4111a5ee)) ##### Miscellaneous Chores - migrate to gradle/actions/wrapper-validation ([#59](https://togithub.com/miracum/.github/issues/59)) ([6687811](https://togithub.com/miracum/.github/commit/6687811887c6afb0cbbc3ee61eb5ae2f1365a06a)) ### [`v1.8.3`](https://togithub.com/miracum/.github/releases/tag/v1.8.3) [Compare Source](https://togithub.com/miracum/.github/compare/v1.8.2...v1.8.3) ##### Miscellaneous Chores - **deps:** update github-actions ([#54](https://togithub.com/miracum/.github/issues/54)) ([392030c](https://togithub.com/miracum/.github/commit/392030c6f94fcfaa509a606af2b0907d022f2257)) ### [`v1.8.2`](https://togithub.com/miracum/.github/releases/tag/v1.8.2) [Compare Source](https://togithub.com/miracum/.github/compare/v1.8.1...v1.8.2) ##### Miscellaneous Chores - **deps:** update github-actions ([#55](https://togithub.com/miracum/.github/issues/55)) ([ab3e0ac](https://togithub.com/miracum/.github/commit/ab3e0ac5d240798117e0292bb90ddfbe8af270a4)) - **renovate:** update default.json ([#53](https://togithub.com/miracum/.github/issues/53)) ([366d588](https://togithub.com/miracum/.github/commit/366d5887d82bcff0499381abe528591767e965f2)) ### [`v1.8.1`](https://togithub.com/miracum/.github/releases/tag/v1.8.1) [Compare Source](https://togithub.com/miracum/.github/compare/v1.8.0...v1.8.1) ##### Miscellaneous Chores - **deps:** update github-actions ([#52](https://togithub.com/miracum/.github/issues/52)) ([da9eb39](https://togithub.com/miracum/.github/commit/da9eb398ce562335372c0f48c32b26a2247d28f2)) ### [`v1.8.0`](https://togithub.com/miracum/.github/releases/tag/v1.8.0) [Compare Source](https://togithub.com/miracum/.github/compare/v1.7.2...v1.8.0) ##### Features - support for overwriting image tags ([#51](https://togithub.com/miracum/.github/issues/51)) ([13d484d](https://togithub.com/miracum/.github/commit/13d484d08281bdcb56393ed14cf15559212793b1)) ### [`v1.7.2`](https://togithub.com/miracum/.github/releases/tag/v1.7.2) [Compare Source](https://togithub.com/miracum/.github/compare/v1.7.1...v1.7.2) ##### Bug Fixes - collapse CVE list by default ([7be2f06](https://togithub.com/miracum/.github/commit/7be2f06ea2da99a29964a4bd2006f7313a9330fb)) ### [`v1.7.1`](https://togithub.com/miracum/.github/releases/tag/v1.7.1) [Compare Source](https://togithub.com/miracum/.github/compare/v1.7.0...v1.7.1) ##### Bug Fixes - only conditionally attest trivy vulnerability report ([bb8185d](https://togithub.com/miracum/.github/commit/bb8185d0f7b8fc29d1ff865c67e18735af4bd311)) ##### CI/CD - install cosign ([c3f13dd](https://togithub.com/miracum/.github/commit/c3f13dd53633bed28ff2667e559d74eae791a1a7)) ### [`v1.7.0`](https://togithub.com/miracum/.github/releases/tag/v1.7.0) [Compare Source](https://togithub.com/miracum/.github/compare/v1.6.3...v1.7.0) ##### Features - allow disabling trivy scanning ([ed38f7c](https://togithub.com/miracum/.github/commit/ed38f7c50102bc06b5bc2cea69b62ae341a8ddae)) ### [`v1.6.3`](https://togithub.com/miracum/.github/releases/tag/v1.6.3) [Compare Source](https://togithub.com/miracum/.github/compare/v1.6.2...v1.6.3) ##### Miscellaneous Chores - **deps:** update dependency gradle to v8.7 ([#50](https://togithub.com/miracum/.github/issues/50)) ([90c3c87](https://togithub.com/miracum/.github/commit/90c3c87db5ce0360791bc4549a8283ba8699d3ac)) - **deps:** update docker.io/library/python:3.12.2-slim docker digest to [`5dc6f84`](https://togithub.com/miracum/.github/commit/5dc6f84) ([#47](https://togithub.com/miracum/.github/issues/47)) ([8a89b76](https://togithub.com/miracum/.github/commit/8a89b76b8bbac0f2cbaa730ccae1f82d67beedea)) - **deps:** update gcr.io/distroless/python3-debian12:nonroot docker digest to [`95f5fa8`](https://togithub.com/miracum/.github/commit/95f5fa8) ([#48](https://togithub.com/miracum/.github/issues/48)) ([8f5234a](https://togithub.com/miracum/.github/commit/8f5234ad7f07df7232eca6faf8cacd47f139f421)) - **deps:** update github-actions ([#49](https://togithub.com/miracum/.github/issues/49)) ([6b7b53a](https://togithub.com/miracum/.github/commit/6b7b53a878bc0a66b1f8460450756f9feaeb2b9e))ossf/scorecard-action (ossf/scorecard-action)
### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) > \[!NOTE]\ > There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag #### What's Changed - :seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366) - :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374) - :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377) For a full changelist of what these include, see the [v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1) and [v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2) release notes. ##### Documentation - :book: Move token discussion out of main README. by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279) - :book: link to `ossf/scorecard` workflow instead of maintaining an example by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352) - :book: update api links to new scorecard.dev site by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376) **Full Changelog**: https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3 ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)Configuration
📅 Schedule: Branch creation - "every 3 months on the first day of the month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.