chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/create-github-app-token	action	minor	v2.1.4 -> v2.2.1
actions/dependency-review-action	action	patch	v4.8.1 -> v4.8.2
actions/setup-dotnet	action	patch	v5.0.0 -> v5.0.1
actions/setup-java	action	minor	v5.0.0 -> v5.1.0
actions/setup-node	action	minor	v6.0.0 -> v6.1.0
aquasecurity/trivy		minor	0.67.2 -> 0.68.1
astral-sh/setup-uv	action	patch	v7.1.1 -> v7.1.6
docker.io/library/python	final	patch	3.14.0-slim -> 3.14.2-slim
docker/metadata-action	action	minor	v5.8.0 -> v5.10.0
docker/setup-qemu-action	action	minor	v3.6.0 -> v3.7.0
github/codeql-action	action	minor	v4.30.9 -> v4.31.8
oxsecurity/megalinter	action	minor	v9.1.0 -> v9.2.0
softprops/action-gh-release	action	minor	v2.4.1 -> v2.5.0
step-security/harden-runner	action	minor	v2.13.1 -> v2.14.0
zizmor (source)		minor	1.15.2 -> 1.18.0

---

Release Notes

actions/create-github-app-token (actions/create-github-app-token)

v2.2.1

Compare Source

Bug Fixes

• deps: bump the production-dependencies group with 2 updates (#​311) (b212e6a)

v2.2.0

Compare Source

Bug Fixes

• deps: bump glob from 10.4.5 to 10.5.0 (#​305) (5480f43)
• deps: bump p-retry from 6.2.1 to 7.1.0 (#​294) (dce3be8)
• deps: bump the production-dependencies group with 2 updates (#​292) (55e2a4b)

Features

• update permission inputs (#​296) (d90aa53)

actions/dependency-review-action (actions/dependency-review-action)

v4.8.2

Compare Source

Minor fixes:

• Fix PURL parsing for scoped packages (#​1008 from @​danielhardej)
• Fix for large summaries (#​1007 from @​gitulisca)
• README includes a working example for allow-dependencies-licenses (#​1009 from @​danielhardej)

actions/setup-dotnet (actions/setup-dotnet)

v5.0.1

Compare Source

What's Changed

• Upgrade typescript from 5.4.2 to 5.9.2 and document breaking changes in v5 by @​dependabot in #​624
• Upgrade eslint-plugin-jest from 27.9.0 to 29.0.1 by @​dependabot in #​648
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 and update macos-13 to macos-15-intel by @​dependabot in #​665

Full Changelog: actions/setup-dotnet@v5...v5.0.1

actions/setup-java (actions/setup-java)

v5.1.0

Compare Source

What's Changed

New Features

• Add support for .sdkmanrc file in java-version-file parameter by @​guicamest in #​736
• Add support for Microsoft OpenJDK 25 builds by @​the-mod in #​927

Bug Fixes & Improvements

• Update Regex to Support All ASDF Versions for the supported distributions in tool-versions File by @​aparnajyothi-y in #​767
• Enhance error logging for network failures to include endpoint/IP details, add retry mechanism and update workflows to use macos-15-intel by @​priya-kinthali in #​946
• Update SapMachine URLs by @​RealCLanger in #​955
• Add GitHub Token Support for GraalVM and Refactor Code by @​mahabaleshwars in #​849

Documentation changes

• Update documentation to use checkout and Java v5 by @​lmvysakh in #​903
• Clarify JAVA_HOME and PATH setup in README by @​chiranjib-swain in #​841

Dependency updates

• Upgrade prettier from 2.8.8 to 3.6.2 and document breaking changes in v5 by @​dependabot in #​873
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot in #​912

New Contributors

• @​lmvysakh made their first contribution in #​903
• @​chiranjib-swain made their first contribution in #​841
• @​the-mod made their first contribution in #​927
• @​priya-kinthali made their first contribution in #​946
• @​guicamest made their first contribution in #​736

Full Changelog: actions/setup-java@v5...v5.1.0

actions/setup-node (actions/setup-node)

v6.1.0

Compare Source

What's Changed

Enhancement:

• Remove always-auth configuration handling by @​priyagupta108 in #​1436

Dependency updates:

• Upgrade @​actions/cache from 4.0.3 to 4.1.0 by @​dependabot[bot] in #​1384
• Upgrade actions/checkout from 5 to 6 by @​dependabot[bot] in #​1439
• Upgrade js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in #​1435

Documentation update:

• Add example for restore-only cache in documentation by @​aparnajyothi-y in #​1419

Full Changelog: actions/setup-node@v6...v6.1.0

aquasecurity/trivy (aquasecurity/trivy)

v0.68.1

Compare Source

👉 Trivy v0.68.1 release notes (click here)

[!NOTE]
v0.68.0 was skipped due to issues with the release.

⬇️ Download Trivy

• MacOS Apple Silicon
• MacOS Intel
• Linux Intel
• Linux ARM
• Windows Intel

🐳 Docker Install

• docker pull get.trivy.dev/image/trivy:0.68.1

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0680-2025-12-02

astral-sh/setup-uv (astral-sh/setup-uv)

v7.1.6

Compare Source

v7.1.5: 🌈 allow setting cache-local-path without enable-cache: true

Compare Source

Changes

#​612 fixed a faulty behavior where this action set UV_CACHE_DIR even though enable-cache was false. It also fixed the cases were the cache dir is already configured in a settings file like pyproject.toml or UV_CACHE_DIR was already set. Here the action shouldn't overwrite or set UV_CACHE_DIR.

These fixes introduced an unwanted behavior: You can still set cache-local-path but this action didn't do anything. This release fixes that.

You can now use cache-local-path to automatically set UV_CACHE_DIR even when enable-cache is false (or gets set to false by default e.g. on self-hosted runners)

- name: This is now possible
  uses: astral-sh/setup-uv@v7
  with:
    enable-cache: false
    cache-local-path: "/path/to/cache"

🐛 Bug fixes

• allow cache-local-path w/o enable-cache @​eifinger (#​707)

🧰 Maintenance

• set biome files.maxSize to 2MiB @​eifinger (#​708)
• chore: update known checksums for 0.9.16 @​github-actions[bot] (#​706)
• chore: update known checksums for 0.9.15 @​github-actions[bot] (#​704)
• chore: use npm ci --ignore-scripts everywhere @​woodruffw (#​699)
• chore: update known checksums for 0.9.14 @​github-actions[bot] (#​700)
• chore: update known checksums for 0.9.13 @​github-actions[bot] (#​694)
• chore: update known checksums for 0.9.12 @​github-actions[bot] (#​693)
• chore: update known checksums for 0.9.11 @​github-actions[bot] (#​688)

⬆️ Dependency updates

• Bump peter-evans/create-pull-request from 7.0.8 to 7.0.9 @​dependabot[bot] (#​695)
• bump dependencies @​eifinger (#​709)
• Bump github/codeql-action from 4.30.9 to 4.31.6 @​dependabot[bot] (#​698)
• Bump zizmorcore/zizmor-action from 0.2.0 to 0.3.0 @​dependabot[bot] (#​696)
• Bump eifinger/actionlint-action from 1.9.2 to 1.9.3 @​dependabot[bot] (#​690)

v7.1.4: 🌈 Fix libuv closing bug on Windows

Compare Source

Changes

This release fixes the bug Assertion failed: !(handle->flags & UV_HANDLE_CLOSING) on Windows runners

🐛 Bug fixes

• Wait 50ms before exit to fix libuv bug @​eifinger (#​689)

🧰 Maintenance

• chore: update known checksums for 0.9.10 @​github-actions[bot] (#​681)
• chore: update known checksums for 0.9.9 @​github-actions[bot] (#​679)

v7.1.3: 🌈 Support act

Compare Source

Changes

This bug fix release adds support for https://github.com/nektos/act
It was previously broken because of a too new undici version and TS transpilation target.

Compatibility with act is now automatically tested.

🐛 Bug fixes

• use old undici and ES2022 target for act support @​eifinger (#​678)

🧰 Maintenance

• chore: update known checksums for 0.9.8 @​github-actions[bot] (#​677)
• chore: update known checksums for 0.9.7 @​github-actions[bot] (#​671)
• chore: update known checksums for 0.9.6 @​github-actions[bot] (#​670)

📚 Documentation

• Correct description of cache-dependency-glob @​allanlewis (#​676)

v7.1.2: 🌈 Speed up extraction on Windows

Compare Source

Changes

@​lazka fixed a bug that caused extracting uv to take up to 30s. Thank you!

🐛 Bug fixes

• Use tar for extracting the uv zip file on Windows too @​lazka (#​660)

🧰 Maintenance

• chore: update known checksums for 0.9.5 @​github-actions[bot] (#​663)

⬆️ Dependency updates

• Bump dependencies @​eifinger (#​664)
• Bump github/codeql-action from 4.30.8 to 4.30.9 @​dependabot[bot] (#​652)

docker/metadata-action (docker/metadata-action)

v5.10.0

Compare Source

• Bump @​docker/actions-toolkit from 0.66.0 to 0.68.0 in #​559 #​569
• Bump js-yaml from 3.14.1 to 3.14.2 in #​564

Full Changelog: docker/metadata-action@v5.9.0...v5.10.0

v5.9.0

Compare Source

• Add tag-names output to return tag names without image base name by @​crazy-max in #​553
• Bump @​babel/runtime-corejs3 from 7.14.7 to 7.28.2 in #​539
• Bump @​docker/actions-toolkit from 0.62.1 to 0.66.0 in #​555
• Bump brace-expansion from 1.1.11 to 1.1.12 in #​540
• Bump csv-parse from 5.6.0 to 6.1.0 in #​532
• Bump semver from 7.7.2 to 7.7.3 in in #​554
• Bump tmp from 0.2.3 to 0.2.5 in #​541

Full Changelog: docker/metadata-action@v5.8.0...v5.9.0

docker/setup-qemu-action (docker/setup-qemu-action)

v3.7.0

Compare Source

• Bump @​docker/actions-toolkit from 0.56.0 to 0.67.0 in #​217 #​230
• Bump brace-expansion from 1.1.11 to 1.1.12 in #​220
• Bump form-data from 2.5.1 to 2.5.5 in #​218
• Bump tmp from 0.2.3 to 0.2.4 in #​221
• Bump undici from 5.28.4 to 5.29.0 in #​219

Full Changelog: docker/setup-qemu-action@v3.6.0...v3.7.0

github/codeql-action (github/codeql-action)

v4.31.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #​3354

See the full CHANGELOG.md for more information.

v4.31.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #​3343

See the full CHANGELOG.md for more information.

v4.31.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.6 - 01 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.5 - 24 Nov 2025

• Update default CodeQL bundle version to 2.23.6. #​3321

See the full CHANGELOG.md for more information.

v4.31.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.4 - 18 Nov 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
• Update default CodeQL bundle version to 2.23.5. #​3288

See the full CHANGELOG.md for more information.

v4.31.2

Compare Source

v4.31.1

Compare Source

v4.31.0

Compare Source

oxsecurity/megalinter (oxsecurity/megalinter)

v9.2.0

Compare Source

• New linters

  • Salesforce Code Analyzer, by @​abdeslamads
    • SALESFORCE_CODE_ANALYZER_APEX
    • SALESFORCE_CODE_ANALYZER_AURA
    • SALESFORCE_CODE_ANALYZER_LWC

• Disabled linters

  • Reactivate checkov

• Deprecated linters

  • Deprecate terrascan as the project is discontinued. Will be completely removed in a future version.
  • SALESFORCE_SFDX_SCANNER_* linters have been deprecated and will be removed in a future version. (they are replaced by SALESFORCE_CODE_ANALYZER_* linters)

• Media

  • Looking for the best CI/CD Pipeline Linting Tool? Try MegaLinter!, by Seasoned Developer
  • (Brazilian) Qualidade e Segurança em Código com MegaLinter: automatizando análises em MAUI com GitHub Actions, by Canal dotNET

• Linters enhancements

  • Install dotenv-linter deterministically, by @​bdovaz in #​6385

• Fixes

  • #​6544: Add GITHUB_TOKEN in docker build command for custom flavor
  • Hide warning when compiling a regex
  • Fix formatting in descriptor files to reduce changes in generated markdown, by @​echoix in #​6449

• Reporters

  • Add conversion from Jenkins variables to related Git based reporters variables

• Doc

  • Keep jsonschema html docs updated when using build.py --doc, by @​echoix in #​6447
  • Commit updated license info generated from build script by @​echoix in #​6448
  • Recreate docs/descriptors folder, delete old pages by @​echoix in #​6451

• Flavors

  • Add GITHUB_TOKEN in docker buildx build command for custom flavor, by @​davidfevre-gouv-nc in #​6545

• CI

  • Optimize performances of standalone linters releases
  • Renovate: Add langchain group for package updates, by @​echoix in #​6400
  • Refactor file handling in build.py to use pathlib for improved readability, by @​echoix in #​6450

• mega-linter-runner

  • Handle upgrade of stefanzweifel/git-auto-commit-action to v7

• Linter versions upgrades (53)

  • actionlint from 1.7.7 to 1.7.9
  • ansible-lint from 25.9.1 to 25.11.1
  • bandit from 1.8.6 to 1.9.2
  • bicep_linter from 0.38.33 to 0.39.26
  • black from 25.9.0 to 25.11.0
  • cfn-lint from 1.40.0 to 1.41.0
  • checkov from 3.2.413 to 3.2.495
  • checkstyle from 11.1.0 to 12.1.0
  • clippy from 0.1.90 to 0.1.91
  • clj-kondo from 2025.09.22 to 2025.10.23
  • csharpier from 1.1.2 to 1.2.1
  • cspell from 9.2.1 to 9.3.2
  • dotenv-linter from 3.3.0 to 4.0.0
  • dotnet-format from 9.0.110 to 9.0.111
  • editorconfig-checker from 3.4.0 to 3.6.0
  • git_diff from 2.47.0 to 2.49.1
  • gitleaks from 8.28.0 to 8.30.0
  • golangci-lint from 2.5.0 to 2.6.2
  • grype from 0.100.0 to 0.104.1
  • isort from 6.1.0 to 7.0.0
  • kics from 2.1.14 to 2.1.16
  • ktlint from 1.7.1 to 1.8.0
  • kubescape from 3.0.41 to 3.0.45
  • php-cs-fixer from 3.88.2 to 3.90.0
  • phpcs from 4.0.0 to 4.0.1
  • phpstan from 2.1.30 to 2.1.32
  • pmd from 7.17.0 to 7.18.0
  • powershell from 7.5.3 to 7.5.4
  • pylint from 3.3.9 to 4.0.3
  • pyright from 1.1.406 to 1.1.407
  • raku from 2024.12 to 2025.11
  • revive from 1.12.0 to 1.13.0
  • robocop from 6.7.2 to 6.11.0
  • roslynator from 0.10.2.0 to 0.11.0.0
  • rst-lint from 1.4.0 to 2.0.2
  • rubocop from 1.81.1 to 1.81.7
  • ruff-format from 0.13.3 to 0.14.6
  • ruff from 0.13.3 to 0.14.6
  • scalafix from 0.14.3 to 0.14.4
  • secretlint from 11.2.4 to 11.2.5
  • snakemake from 9.11.9 to 9.13.7
  • sqlfluff from 3.4.2 to 3.5.0
  • stylelint from 16.24.0 to 16.26.0
  • swiftlint from 0.61.0 to 0.62.2
  • syft from 1.33.0 to 1.38.0
  • terraform-fmt from 1.13.3 to 1.14.0
  • terragrunt from 0.88.1 to 0.93.10
  • tflint from 0.59.1 to 0.60.0
  • trivy-sbom from 0.67.0 to 0.67.2
  • trivy from 0.67.0 to 0.67.2
  • trufflehog from 3.90.11 to 3.91.1
  • vale from 3.12.0 to 3.13.0
  • xmllint from 21308 to 21309

softprops/action-gh-release (softprops/action-gh-release)

v2.5.0

Compare Source

What's Changed

Exciting New Features 🎉

• feat: mark release as draft until all artifacts are uploaded by @​dumbmoron in #​692

Other Changes 🔄

• chore(deps): bump the npm group across 1 directory with 5 updates by @​dependabot[bot] in #​697
• chore(deps): bump actions/checkout from 5.0.0 to 5.0.1 in the github-actions group by @​dependabot[bot] in #​689

New Contributors

• @​dumbmoron made their first contribution in #​692

Full Changelog: softprops/action-gh-release@v2.4.2...v2.5.0

v2.4.2

Compare Source

What's Changed

Exciting New Features 🎉

• feat: Ensure generated release notes cannot be over 125000 characters by @​BeryJu in #​684

Other Changes 🔄

• dependency updates

New Contributors

• @​BeryJu made their first contribution in #​684

Full Changelog: softprops/action-gh-release@v2.4.1...v2.4.2

step-security/harden-runner (step-security/harden-runner)

v2.14.0

Compare Source

What's Changed

• Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip_harden_runner, allowing organizations to opt out specific repos.
• Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it.

Full Changelog: step-security/harden-runner@v2.13.3...v2.14.0

v2.13.3

Compare Source

What's Changed

• Fixed an issue where process events were not uploaded in certain edge cases.

Full Changelog: step-security/harden-runner@v2.13.2...v2.13.3

v2.13.2

Compare Source

What's Changed

• Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.
• Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.

Full Changelog: step-security/harden-runner@v2.13.1...v2.13.2

zizmorcore/zizmor (zizmor)

v1.18.0

Compare Source

Enhancements 🌱🔗

• The use-trusted-publishing audit now detects NuGet publishing commands (#​1369)

• The dependabot-cooldown audit now flags cooldown periods of less than 7 days by default (#​1375)

• The dependabot-cooldown audit can now be configured with a custom minimum cooldown period via rules.dependabot-cooldown.config.days (#​1377)

• zizmor now produces slightly more useful error messages when the user supplies an invalid configuration for the forbidden-uses audit (#​1381)

Bug Fixes 🐛🔗

• Fixed additional edge cases where auto-fixed would fail to preserve a document's final newline (#​1372)

v1.17.0

Compare Source

Enhancements 🌱🔗

• zizmor now produces a more useful error message when asked to collect only workflows from a remote input that contains no workflows (#​1324)

• zizmor now produces more precise severities on actions/checkout versions that have more misuse-resistant credentials persistence behavior (#​1353)

  Many thanks to @​ManuelLerchnerQC for proposing and implementing this improvement!

• The use-trusted-publishing audit now correctly detecting more "dry-run" patterns, making it significantly more accurate (#​1357)

• The obfuscation audit now detects usages of shell: cmd and similar, as the Windows CMD shell lacks a formal grammar and limits analysis of run: blocks in other audits (#​1361)

Performance Improvements 🚄🔗

• zizmor's core has been refactored to be asynchronous, making online and I/O-heavy audits significantly faster. Typical user workloads should see speedups of 40% to 70% (#​1314)

Bug Fixes 🐛🔗

• Fixed a bug where auto-fixes would fail to preserve a document's final newline (#​1323)

• zizmor now uses the native (OS) TLS roots when performing HTTPS requests, improving compatibility with user environments that perform TLS interception (#​1328)

• The github-env audit now falls back to assuming bash-like shell syntax in run: blocks if it can't infer the shell being used (#​1336)

• The concurrency-limits audit now correctly detects job-level concurrency settings, in addition to workflow-level settings (#​1338)

• Fixed a bug where zizmor would fail to collect workflows with names that overlapped with other input types (e.g. action.yml and dependabot.yml) when passed explicitly by path (#​1345)

v1.16.3

Compare Source

Bug Fixes 🐛🔗

• Fixed a bug where zizmor would crash on an unexpected caching middleware state. zizmor will now exit with a controlled error instead (#​1319)

v1.16.2

Compare Source

Enhancements 🌱🔗

• The concurrency-limits audit no longer flags explicit user concurrency overrides, e.g. cancel-in-progress: false (#​1302)
• zizmor now detects CI environments and specializes its panic handling accordingly, improving the quality of panic reports when running in CI (#​1307)

Bug Fixes 🐛🔗

• Fixed a bug where zizmor would reject some Dependabot configuration files with logically unsound schedules (but that are accepted by GitHub regardless) (#​1308)

v1.16.1

Compare Source

Enhancements 🌱🔗

• zizmor now produces a more useful error message when asked to indirectly access a nonexistent or private repository via a uses: clause (without a sufficiently privileged GitHub token) (#​1293)

v1.16.0

Compare Source

New Features 🌈🔗

• New audit: concurrency-limits detects insufficient concurrency limits in workflows (#​1227)

  Many thanks to @​jwallwork23 for proposing and implementing this audit!

Performance Improvements 🚄🔗

• zizmor's online mode is now significantly (40% to over 95%) faster on common workloads, thanks to a combination of caching improvements and conversion of GitHub API requests into Git remote lookups (#​1257)

  Many thanks to @​Bo98 for implementing these improvements!

Enhancements 🌱🔗

• When running in --fix mode and all fixes are successfully applied, zizmor now has similar exit code behavior as the --no-exit-codes and --format=sarif flags (#​1242)

  Many thanks to @​cnaples79 for implementing this improvement!

• The dependabot-cooldown audit now supports auto-fixes for many findings (#​1229)

  Many thanks to @​mostafa for implementing this improvement!

• The dependabot-execution audit now supports auto-fixes for many findings (#​1229)

  Many thanks to @​mostafa for implementing this improvement!

• zizmor now has limited, experimental support for handling inputs that contain YAML anchors (#​1266)

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

✅MegaLinter analysis: Success

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	4		0	0	0.14s
✅ COPYPASTE	jscpd	yes		no	no	1.36s
✅ DOCKERFILE	hadolint	1		0	0	0.13s
✅ JSON	jsonlint	3		0	0	0.17s
✅ JSON	prettier	3		0	0	0.51s
✅ JSON	v8r	3		0	0	3.58s
✅ MARKDOWN	markdownlint	1		0	0	0.52s
✅ MARKDOWN	markdown-table-formatter	1		0	0	0.24s
✅ PYTHON	bandit	1		0	0	1.83s
✅ PYTHON	black	1		0	0	1.08s
✅ PYTHON	flake8	1		0	0	0.57s
✅ PYTHON	isort	1		0	0	0.23s
✅ PYTHON	mypy	1		0	0	3.41s
✅ PYTHON	pylint	1		0	0	3.31s
✅ PYTHON	pyright	1		0	0	1.83s
✅ PYTHON	ruff	1		0	0	0.05s
✅ REPOSITORY	checkov	yes		no	no	24.5s
✅ REPOSITORY	dustilock	yes		no	no	0.02s
✅ REPOSITORY	gitleaks	yes		no	no	0.94s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	37.09s
✅ REPOSITORY	kics	yes		no	no	3.97s
✅ REPOSITORY	secretlint	yes		no	no	1.61s
✅ REPOSITORY	syft	yes		no	no	2.92s
✅ REPOSITORY	trivy	yes		no	no	8.79s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.16s
✅ REPOSITORY	trufflehog	yes		no	no	4.68s
✅ YAML	prettier	6		0	0	0.85s
✅ YAML	v8r	6		0	0	7.11s
✅ YAML	yamllint	6		0	0	0.65s

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx [email protected] --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,COPYPASTE_JSCPD,DOCKERFILE_HADOLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_DUSTILOCK,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_KICS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[github-actions]

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow-with-fixed-image-tags:v1.2.3-beta.123 (debian 13.2)

No Vulnerabilities found

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found

[github-actions]

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow:pr-206 (debian 13.2)

No Vulnerabilities found

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found

[github-actions]

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow-without-test-image:pr-206 (debian 13.2)

No Vulnerabilities found

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found

[github-actions]

🎉 This PR is included in version 1.11.10 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀