chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
astral-sh/setup-uv	action	minor	v7.1.6 → v7.2.0
oxsecurity/megalinter	action	minor	v9.2.0 → v9.3.0
zizmor (source)		minor	1.19.0 → 1.20.0

---

Release Notes

astral-sh/setup-uv (astral-sh/setup-uv)

v7.2.0: 🌈 add outputs python-version and python-cache-hit

Compare Source

Changes

Among some minor typo fixes and quality of life features for developers of actions the main feature of this release are new outputs:

• python-version: The Python version that was set (same content as existing UV_PYTHON)
• python-cache-hit: A boolean value to indicate the Python cache entry was found

While implementing this it became clear, that it is easier to handle the Python binaries in a separate cache entry. The added benefit for users is that the "normal" cache containing the dependencies can be used in all runs no matter if these cache the Python binaries or not.

[!NOTE]
This release will invalidate caches that contain the Python binaries. This happens a single time.

🐛 Bug fixes

• chore: remove stray space from UV_PYTHON_INSTALL_DIR message @​akx (#​720)

🚀 Enhancements

• add outputs python-version and python-cache-hit @​eifinger (#​728)
• Add action typings with validation @​krzema12 (#​721)

🧰 Maintenance

• fix: use uv_build backend for old-python-constraint-project @​eifinger (#​729)
• chore: update known checksums for 0.9.22 @​github-actions[bot] (#​727)
• chore: update known checksums for 0.9.21 @​github-actions[bot] (#​726)
• chore: update known checksums for 0.9.20 @​github-actions[bot] (#​725)
• chore: update known checksums for 0.9.18 @​github-actions[bot] (#​718)

⬆️ Dependency updates

• Bump peter-evans/create-pull-request from 7.0.9 to 8.0.0 @​dependabot[bot] (#​719)
• Bump github/codeql-action from 4.31.6 to 4.31.9 @​dependabot[bot] (#​723)

oxsecurity/megalinter (oxsecurity/megalinter)

v9.3.0

Compare Source

• Core

  • Add enum name support in MegaLinter config Json schema for better autocompletion in editors
  • Update base image to python:3.13-alpine3.23

• New linters

  • Add codespell
  • Add kingfisher by @​bdovaz
  • Add rumdl by @​bdovaz

• Linters enhancements

  • Change checkmake Docker image reference by @​bdovaz

• Reporters

  • Handle multiple MegaLinter runs on the same repo using custom value sent in variable MEGALINTER_MULTIRUN_KEY
  • Allow to override url to CI build in Git based reporters using REPORTERS_ACTION_RUN_URL variable
  • Fix sections display in Gitlab console logs

• Doc

  • Classify all JSON schema config variables by category and section

• CI

  • Free disk space on GitHub actions runner when releasing a new flavor
  • Add missing Dockerfile patterns to Renovate Dockerfile manager
  • Remove gitpod custom image, workflow, and makefile targets

• Linter versions upgrades (54)

  • actionlint from 1.7.9 to 1.7.10
  • ansible-lint from 25.11.1 to 25.12.2
  • bash-exec from 5.2.37 to 5.3.3
  • black from 25.11.0 to 25.12.0
  • cfn-lint from 1.41.0 to 1.43.1
  • checkov from 3.2.495 to 3.2.497
  • clang-format from 20.1.8 to 21.1.2
  • clippy from 0.1.91 to 0.1.92
  • clj-kondo from 2025.10.23 to 2025.12.23
  • code-analyzer-apex from 5.6.1 to 5.7.1
  • code-analyzer-aura from 5.6.1 to 5.7.1
  • code-analyzer-lwc from 5.6.1 to 5.7.1
  • cppcheck from 2.14.2 to 2.18.3
  • csharpier from 1.2.1 to 1.2.5
  • cspell from 9.3.2 to 9.4.0
  • dartanalyzer from 3.8.3 to 3.10.7
  • dotnet-format from 9.0.111 to 9.0.112
  • git_diff from 2.49.1 to 2.52.0
  • golangci-lint from 2.6.2 to 2.7.2
  • grype from 0.104.1 to 0.104.3
  • helm from 3.18.4 to 3.19.0
  • htmlhint from 1.7.1 to 1.8.0
  • kics from 2.1.16 to 2.1.18
  • kingfisher from 1.71.0 to 1.73.0
  • kubescape from 3.0.45 to 3.0.47
  • markdown-table-formatter from 1.6.1 to 1.7.0
  • markdownlint from 0.45.0 to 0.47.0
  • mypy from 1.18.2 to 1.19.1
  • npm-groovy-lint from 15.2.2 to 16.1.1
  • npm-package-json-lint from 9.0.0 to 9.1.0
  • php-cs-fixer from 3.90.0 to 3.92.4
  • phplint from 9.6.2 to 9.7.1
  • phpstan from 2.1.32 to 2.1.33
  • pmd from 7.18.0 to 7.20.0
  • prettier from 3.6.2 to 3.7.4
  • psalm from Psalm.6.13.1@​ to Psalm.6.14.3@​
  • pylint from 4.0.3 to 4.0.4
  • robocop from 6.11.0 to 7.2.0
  • roslynator from 0.11.0.0 to 0.12.0.0
  • rubocop from 1.81.7 to 1.82.0
  • rubocop from 1.82.0 to 1.82.1
  • ruff-format from 0.14.6 to 0.14.10
  • ruff from 0.14.6 to 0.14.10
  • rumdl from 0.0.199 to 0.0.208
  • scalafix from 0.14.4 to 0.14.5
  • snakemake from 9.13.7 to 9.14.5
  • stylelint from 16.26.0 to 16.26.1
  • swiftlint from 0.62.2 to 0.63.0
  • syft from 1.38.0 to 1.39.0
  • terraform-fmt from 1.14.0 to 1.14.1
  • terragrunt from 0.93.10 to 0.93.13
  • trivy-sbom from 0.67.2 to 0.68.2
  • trivy from 0.67.2 to 0.68.2
  • trufflehog from 3.91.1 to 3.92.4

zizmorcore/zizmor (zizmor)

v1.20.0

Compare Source

Enhancements 🌱🔗

• The excessive-permissions audit is now aware of the artifact-metadata and models permissions (#​1461)

• The cache-poisoning audit is now aware of the ramsey/composer-install action (#​1489)

• The unpinned-images audit is now significantly more precise in the presence of matrix references, e.g. image: ${{ matrix.image }} (#​1482)

Changes ⚠️🔗

• The default policy for the unpinned-uses audit has changed from allowing ref-pinning for first-party actions (those under actions/* and similar) to requiring hash-pinning. This makes the default policy more strict, as well as more consistent across the actions ecosystem.

  Users who with to retain the old (permissive policy) for first-party actions may configure it explicitly in their zizmor.yml:

zizmor.yml

rules:
  unpinned-uses:
    config:
      policies:
        actions/*: ref-pin
        github/*: ref-pin
        dependabot/*: ref-pin

Bug Fixes 🐛🔗

• The dependabot-cooldown audit no longer flags missing cooldowns on ecosystems that don't (yet) support cooldowns, such as opentofu (#​1480)

• Fixed a false positive in the cache-poisoning audit where zizmor would treat empty strings (e.g. cache: '') as enabling rather than disabling caching (#​1482)

• Fixed two gaps in the use-trusted-publishing audit's detection of common yarn publishing commands (#​1495)

Miscellaneous 🛠🔗

• zizmor's configuration now has an official JSON schema that will be available via SchemaStore soon!

  Many thanks to @​kiwamizamurai for implementing this improvement!

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	4		0	0	0.09s
✅ COPYPASTE	jscpd	yes		no	no	1.36s
✅ DOCKERFILE	hadolint	1		0	0	0.06s
✅ JSON	jsonlint	3		0	0	0.15s
✅ JSON	prettier	3		0	0	0.41s
✅ JSON	v8r	3		0	0	3.41s
✅ MARKDOWN	markdownlint	1		0	0	0.56s
✅ MARKDOWN	markdown-table-formatter	1		0	0	0.27s
✅ PYTHON	bandit	1		0	0	1.76s
✅ PYTHON	black	1		0	0	0.84s
✅ PYTHON	flake8	1		0	0	0.58s
✅ PYTHON	isort	1		0	0	0.25s
✅ PYTHON	mypy	1		0	0	3.4s
✅ PYTHON	pylint	1		0	0	2.58s
✅ PYTHON	pyright	1		0	0	1.89s
✅ PYTHON	ruff	1		0	0	0.09s
✅ REPOSITORY	checkov	yes		no	no	24.56s
✅ REPOSITORY	dustilock	yes		no	no	0.02s
✅ REPOSITORY	gitleaks	yes		no	no	0.3s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	37.66s
✅ REPOSITORY	kics	yes		no	no	3.85s
❌ REPOSITORY	kingfisher	yes		1	1	8.8s
✅ REPOSITORY	secretlint	yes		no	no	1.26s
✅ REPOSITORY	syft	yes		no	no	2.61s
✅ REPOSITORY	trivy	yes		no	no	8.65s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.17s
✅ REPOSITORY	trufflehog	yes		no	no	4.89s
✅ YAML	prettier	6		0	0	0.59s
✅ YAML	v8r	6		0	0	5.95s
✅ YAML	yamllint	6		0	0	0.61s

Detailed Issues

❌ REPOSITORY / kingfisher - 1 error

warning: Rule GitHub Secret Key matched ./megalinter-reports/megalinter.log
    ┌─ ./megalinter-reports/megalinter.log:264:9034
    │
264 │ SARIF:{'$schema': 'https://json.schemastore.org/sarif-2.1.0.json', 'properties': {'comment': 'Generated by MegaLinter for syft', 'docUrl': 'https://megalinter.io/9.3.0/descriptors/descriptors/repository_syft/', 'isSBOM': True}, 'runs': [{'tool': {'driver': {'informationUri': 'https://github.com/anchore/syft', 'name': 'syft', 'rules': []}}, 'properties': {'megalinter': {'sbom': {'artifacts': [{'id': '2591e2d9db5057a7', 'name': './.github/workflows/standard-build.yaml', 'version': 'UNKNOWN', 'type': 'github-action-workflow', 'foundBy': 'github-action-workflow-usage-cataloger', 'locations': [{'path': '/.github/workflows/ci.yaml', 'accessPath': '/.github/workflows/ci.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard-build.yaml:.\\/.github\\/workflows\\/standard-build.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard-build.yaml:.\\/.github\\/workflows\\/standard_build.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard_build.yaml:.\\/.github\\/workflows\\/standard-build.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard_build.yaml:.\\/.github\\/workflows\\/standard_build.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard:.\\/.github\\/workflows\\/standard-build.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard:.\\/.github\\/workflows\\/standard_build.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': '', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': './.github/workflows/standard-build.yaml'}}, {'id': '43b459536b40c97b', 'name': './.github/workflows/standard-lint.yaml', 'version': 'UNKNOWN', 'type': 'github-action-workflow', 'foundBy': 'github-action-workflow-usage-cataloger', 'locations': [{'path': '/.github/workflows/ci.yaml', 'accessPath': '/.github/workflows/ci.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard-lint.yaml:.\\/.github\\/workflows\\/standard-lint.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard-lint.yaml:.\\/.github\\/workflows\\/standard_lint.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard_lint.yaml:.\\/.github\\/workflows\\/standard-lint.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard_lint.yaml:.\\/.github\\/workflows\\/standard_lint.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard:.\\/.github\\/workflows\\/standard-lint.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard:.\\/.github\\/workflows\\/standard_lint.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': '', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': './.github/workflows/standard-lint.yaml'}}, {'id': '5e5e3ad31e5d6136', 'name': './.github/workflows/standard-release.yaml', 'version': 'UNKNOWN', 'type': 'github-action-workflow', 'foundBy': 'github-action-workflow-usage-cataloger', 'locations': [{'path': '/.github/workflows/ci.yaml', 'accessPath': '/.github/workflows/ci.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard-release.yaml:.\\/.github\\/workflows\\/standard-release.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard-release.yaml:.\\/.github\\/workflows\\/standard_release.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard_release.yaml:.\\/.github\\/workflows\\/standard-release.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard_release.yaml:.\\/.github\\/workflows\\/standard_release.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard:.\\/.github\\/workflows\\/standard-release.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:.\\/.github\\/workflows\\/standard:.\\/.github\\/workflows\\/standard_release.yaml:*:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': '', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': './.github/workflows/standard-release.yaml'}}, {'id': 'f3d929b8466ef355', 'name': 'actions/checkout', 'version': 'v6.0.1', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-build.yaml', 'accessPath': '/.github/workflows/standard-build.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:actions\\/checkout:actions\\/checkout:v6.0.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/actions/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'actions/checkout@HIDDEN_BY_MEGALINTER, 'comment': 'v6.0.1'}}, {'id': '3c2f34027ad932fb', 'name': 'actions/checkout', 'version': 'v6.0.1', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-lint.yaml', 'accessPath': '/.github/workflows/standard-lint.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:actions\\/checkout:actions\\/checkout:v6.0.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/actions/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'actions/checkout@HIDDEN_BY_MEGALINTER, 'comment': 'v6.0.1'}}, {'id': '27bac3e2c5348193', 'name': 'actions/checkout', 'version': 'v6.0.1', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-release.yaml', 'accessPath': '/.github/workflows/standard-release.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:actions\\/checkout:actions\\/checkout:v6.0.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/actions/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'actions/checkout@HIDDEN_BY_MEGALINTER, 'comment': 'v6.0.1'}}, {'id': '6363cf9786787299', 'name': 'actions/create-github-app-token', 'version': 'v2.2.1', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-release.yaml', 'accessPath': '/.github/workflows/standard-release.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:actions\\/create-github-app-token:actions\\/create-github-app-token:v2.2.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/create-github-app-token:actions\\/create_github_app_token:v2.2.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/create_github_app_token:actions\\/create-github-app-token:v2.2.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/create_github_app_token:actions\\/create_github_app_token:v2.2.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/create-github-app:actions\\/create-github-app-token:v2.2.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/create-github-app:actions\\/create_github_app_token:v2.2.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/create_github_app:actions\\/create-github-app-token:v2.2.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/create_github_app:actions\\/create_github_app_token:v2.2.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/create-github:actions\\/create-github-app-token:v2.2.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/create-github:actions\\/create_github_app_token:v2.2.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/create_github:actions\\/create-github-app-token:v2.2.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/create_github:actions\\/create_github_app_token:v2.2.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/create:actions\\/create-github-app-token:v2.2.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/create:actions\\/create_github_app_token:v2.2.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/actions/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'actions/create-github-app-token@HIDDEN_BY_MEGALINTER, 'comment': 'v2.2.1'}}, {'id': '48073152c14dadf3', 'name': 'actions/dependency-review-action', 'version': 'v4.8.2', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-lint.yaml', 'accessPath': '/.github/workflows/standard-lint.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:actions\\/dependency-review-action:actions\\/dependency-review-action:v4.8.2:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/dependency-review-action:actions\\/dependency_review_action:v4.8.2:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/dependency_review_action:actions\\/dependency-review-action:v4.8.2:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/dependency_review_action:actions\\/dependency_review_action:v4.8.2:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/dependency-review:actions\\/dependency-review-action:v4.8.2:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/dependency-review:actions\\/dependency_review_action:v4.8.2:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/dependency_review:actions\\/dependency-review-action:v4.8.2:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/dependency_review:actions\\/dependency_review_action:v4.8.2:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/dependency:actions\\/dependency-review-action:v4.8.2:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/dependency:actions\\/dependency_review_action:v4.8.2:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/actions/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'actions/dependency-review-action@HIDDEN_BY_MEGALINTER, 'comment': 'v4.8.2'}}, {'id': '87c060c9967a57ac', 'name': 'actions/download-artifact', 'version': 'v6.0.0', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/ci.yaml', 'accessPath': '/.github/workflows/ci.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:actions\\/download-artifact:actions\\/download-artifact:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/download-artifact:actions\\/download_artifact:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/download_artifact:actions\\/download-artifact:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/download_artifact:actions\\/download_artifact:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/download:actions\\/download-artifact:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/download:actions\\/download_artifact:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/actions/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'actions/download-artifact@HIDDEN_BY_MEGALINTER, 'comment': 'v6.0.0'}}, {'id': 'd5a96883c255d9ae', 'name': 'actions/download-artifact', 'version': 'v6.0.0', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-build.yaml', 'accessPath': '/.github/workflows/standard-build.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:actions\\/download-artifact:actions\\/download-artifact:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/download-artifact:actions\\/download_artifact:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/download_artifact:actions\\/download-artifact:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/download_artifact:actions\\/download_artifact:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/download:actions\\/download-artifact:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/download:actions\\/download_artifact:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/actions/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'actions/download-artifact@HIDDEN_BY_MEGALINTER, 'comment': 'v6.0.0'}}, {'id': 'c8ddbbb354c32d2c', 'name': 'actions/setup-dotnet', 'version': 'v5.0.1', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-lint.yaml', 'accessPath': '/.github/workflows/standard-lint.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:actions\\/setup-dotnet:actions\\/setup-dotnet:v5.0.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/setup-dotnet:actions\\/setup_dotnet:v5.0.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/setup_dotnet:actions\\/setup-dotnet:v5.0.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/setup_dotnet:actions\\/setup_dotnet:v5.0.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/setup:actions\\/setup-dotnet:v5.0.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/setup:actions\\/setup_dotnet:v5.0.1:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/actions/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'actions/setup-dotnet@HIDDEN_BY_MEGALINTER, 'comment': 'v5.0.1'}}, {'id': '01a2c1a1767232b4', 'name': 'actions/setup-java', 'version': 'v5.1.0', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-lint.yaml', 'accessPath': '/.github/workflows/standard-lint.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:actions\\/setup-java:actions\\/setup-java:v5.1.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/setup-java:actions\\/setup_java:v5.1.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/setup_java:actions\\/setup-java:v5.1.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/setup_java:actions\\/setup_java:v5.1.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/setup:actions\\/setup-java:v5.1.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/setup:actions\\/setup_java:v5.1.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/actions/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'actions/setup-java@HIDDEN_BY_MEGALINTER, 'comment': 'v5.1.0'}}, {'id': '6fbd59f2cbfa5041', 'name': 'actions/setup-node', 'version': 'v6.1.0', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-release.yaml', 'accessPath': '/.github/workflows/standard-release.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:actions\\/setup-node:actions\\/setup-node:v6.1.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/setup-node:actions\\/setup_node:v6.1.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/setup_node:actions\\/setup-node:v6.1.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/setup_node:actions\\/setup_node:v6.1.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/setup:actions\\/setup-node:v6.1.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/setup:actions\\/setup_node:v6.1.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/actions/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'actions/setup-node@HIDDEN_BY_MEGALINTER, 'comment': 'v6.1.0'}}, {'id': 'eea860aaecf57a65', 'name': 'actions/upload-artifact', 'version': 'v5.0.0', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-build.yaml', 'accessPath': '/.github/workflows/standard-build.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:actions\\/upload-artifact:actions\\/upload-artifact:v5.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/upload-artifact:actions\\/upload_artifact:v5.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/upload_artifact:actions\\/upload-artifact:v5.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/upload_artifact:actions\\/upload_artifact:v5.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/upload:actions\\/upload-artifact:v5.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/upload:actions\\/upload_artifact:v5.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/actions/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'actions/upload-artifact@HIDDEN_BY_MEGALINTER, 'comment': 'v5.0.0'}}, {'id': '578eda653247c2aa', 'name': 'actions/upload-artifact', 'version': 'v5.0.0', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-lint.yaml', 'accessPath': '/.github/workflows/standard-lint.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:actions\\/upload-artifact:actions\\/upload-artifact:v5.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/upload-artifact:actions\\/upload_artifact:v5.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/upload_artifact:actions\\/upload-artifact:v5.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/upload_artifact:actions\\/upload_artifact:v5.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/upload:actions\\/upload-artifact:v5.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:actions\\/upload:actions\\/upload_artifact:v5.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/actions/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'actions/upload-artifact@HIDDEN_BY_MEGALINTER, 'comment': 'v5.0.0'}}, {'id': '5d96cdf0e1795beb', 'name': 'astral-sh/setup-uv', 'version': 'v7.2.0', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-lint.yaml', 'accessPath': '/.github/workflows/standard-lint.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:astral-sh\\/setup-uv:astral-sh\\/setup-uv:v7.2.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:astral-sh\\/setup-uv:astral_sh\\/setup_uv:v7.2.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:astral_sh\\/setup_uv:astral-sh\\/setup-uv:v7.2.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:astral_sh\\/setup_uv:astral_sh\\/setup_uv:v7.2.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:astral-sh\\/setup:astral-sh\\/setup-uv:v7.2.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:astral-sh\\/setup:astral_sh\\/setup_uv:v7.2.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:astral_sh\\/setup:astral-sh\\/setup-uv:v7.2.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:astral_sh\\/setup:astral_sh\\/setup_uv:v7.2.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:astral:astral-sh\\/setup-uv:v7.2.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:astral:astral_sh\\/setup_uv:v7.2.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/astral-sh/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'astral-sh/setup-uv@HIDDEN_BY_MEGALINTER, 'comment': 'v7.2.0'}}, {'id': 'b4d693da8b9f8b41', 'name': 'cycjimmy/semantic-release-action', 'version': 'v6.0.0', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-release.yaml', 'accessPath': '/.github/workflows/standard-release.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:cycjimmy\\/semantic-release-action:cycjimmy\\/semantic-release-action:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:cycjimmy\\/semantic-release-action:cycjimmy\\/semantic_release_action:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:cycjimmy\\/semantic_release_action:cycjimmy\\/semantic-release-action:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:cycjimmy\\/semantic_release_action:cycjimmy\\/semantic_release_action:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:cycjimmy\\/semantic-release:cycjimmy\\/semantic-release-action:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:cycjimmy\\/semantic-release:cycjimmy\\/semantic_release_action:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:cycjimmy\\/semantic_release:cycjimmy\\/semantic-release-action:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:cycjimmy\\/semantic_release:cycjimmy\\/semantic_release_action:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:cycjimmy\\/semantic:cycjimmy\\/semantic-release-action:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:cycjimmy\\/semantic:cycjimmy\\/semantic_release_action:v6.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/cycjimmy/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'cycjimmy/semantic-release-action@HIDDEN_BY_MEGALINTER, 'comment': 'v6.0.0'}}, {'id': '07051965fb5bfbbe', 'name': 'docker/build-push-action', 'version': 'v6.18.0', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-build.yaml', 'accessPath': '/.github/workflows/standard-build.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:docker\\/build-push-action:docker\\/build-push-action:v6.18.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/build-push-action:docker\\/build_push_action:v6.18.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/build_push_action:docker\\/build-push-action:v6.18.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/build_push_action:docker\\/build_push_action:v6.18.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/build-push:docker\\/build-push-action:v6.18.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/build-push:docker\\/build_push_action:v6.18.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/build_push:docker\\/build-push-action:v6.18.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/build_push:docker\\/build_push_action:v6.18.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/build:docker\\/build-push-action:v6.18.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/build:docker\\/build_push_action:v6.18.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/docker/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'docker/build-push-action@HIDDEN_BY_MEGALINTER, 'comment': 'v6.18.0'}}, {'id': '562a2d9d9aaef647', 'name': 'docker/login-action', 'version': 'v3.6.0', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-build.yaml', 'accessPath': '/.github/workflows/standard-build.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:docker\\/login-action:docker\\/login-action:v3.6.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/login-action:docker\\/login_action:v3.6.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/login_action:docker\\/login-action:v3.6.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/login_action:docker\\/login_action:v3.6.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/login:docker\\/login-action:v3.6.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/login:docker\\/login_action:v3.6.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/docker/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'docker/login-action@HIDDEN_BY_MEGALINTER, 'comment': 'v3.6.0'}}, {'id': 'de08fedcd65b3435', 'name': 'docker/metadata-action', 'version': 'v5.10.0', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-build.yaml', 'accessPath': '/.github/workflows/standard-build.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:docker\\/metadata-action:docker\\/metadata-action:v5.10.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/metadata-action:docker\\/metadata_action:v5.10.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/metadata_action:docker\\/metadata-action:v5.10.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/metadata_action:docker\\/metadata_action:v5.10.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/metadata:docker\\/metadata-action:v5.10.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/metadata:docker\\/metadata_action:v5.10.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/docker/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'docker/metadata-action@HIDDEN_BY_MEGALINTER, 'comment': 'v5.10.0'}}, {'id': '60f8110116dad5b5', 'name': 'docker/setup-buildx-action', 'version': 'v3.12.0', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/ci.yaml', 'accessPath': '/.github/workflows/ci.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:docker\\/setup-buildx-action:docker\\/setup-buildx-action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup-buildx-action:docker\\/setup_buildx_action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup_buildx_action:docker\\/setup-buildx-action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup_buildx_action:docker\\/setup_buildx_action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup-buildx:docker\\/setup-buildx-action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup-buildx:docker\\/setup_buildx_action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup_buildx:docker\\/setup-buildx-action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup_buildx:docker\\/setup_buildx_action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup:docker\\/setup-buildx-action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup:docker\\/setup_buildx_action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/docker/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'docker/setup-buildx-action@HIDDEN_BY_MEGALINTER, 'comment': 'v3.12.0'}}, {'id': '29698866bbe850ee', 'name': 'docker/setup-buildx-action', 'version': 'v3.12.0', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-build.yaml', 'accessPath': '/.github/workflows/standard-build.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:docker\\/setup-buildx-action:docker\\/setup-buildx-action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup-buildx-action:docker\\/setup_buildx_action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup_buildx_action:docker\\/setup-buildx-action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup_buildx_action:docker\\/setup_buildx_action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup-buildx:docker\\/setup-buildx-action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup-buildx:docker\\/setup_buildx_action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup_buildx:docker\\/setup-buildx-action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup_buildx:docker\\/setup_buildx_action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup:docker\\/setup-buildx-action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup:docker\\/setup_buildx_action:v3.12.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/docker/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'docker/setup-buildx-action@HIDDEN_BY_MEGALINTER, 'comment': 'v3.12.0'}}, {'id': '7ab81fc36d5c7af2', 'name': 'docker/setup-qemu-action', 'version': 'v3.7.0', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-build.yaml', 'accessPath': '/.github/workflows/standard-build.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:docker\\/setup-qemu-action:docker\\/setup-qemu-action:v3.7.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup-qemu-action:docker\\/setup_qemu_action:v3.7.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup_qemu_action:docker\\/setup-qemu-action:v3.7.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup_qemu_action:docker\\/setup_qemu_action:v3.7.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup-qemu:docker\\/setup-qemu-action:v3.7.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup-qemu:docker\\/setup_qemu_action:v3.7.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup_qemu:docker\\/setup-qemu-action:v3.7.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup_qemu:docker\\/setup_qemu_action:v3.7.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup:docker\\/setup-qemu-action:v3.7.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:docker\\/setup:docker\\/setup_qemu_action:v3.7.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/docker/[email protected]', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'docker/setup-qemu-action@HIDDEN_BY_MEGALINTER, 'comment': 'v3.7.0'}}, {'id': '452d6bfcca0346a3', 'name': 'github/codeql-action/analyze', 'version': 'v4.31.9', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-lint.yaml', 'accessPath': '/.github/workflows/standard-lint.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:github\\/codeql-action\\/analyze:github\\/codeql-action\\/analyze:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql-action\\/analyze:github\\/codeql_action\\/analyze:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql_action\\/analyze:github\\/codeql-action\\/analyze:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql_action\\/analyze:github\\/codeql_action\\/analyze:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql:github\\/codeql-action\\/analyze:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql:github\\/codeql_action\\/analyze:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/github/[email protected]#analyze', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'github/codeql-action/analyze@HIDDEN_BY_MEGALINTER, 'comment': 'v4.31.9'}}, {'id': 'daf5b09862b24e63', 'name': 'github/codeql-action/autobuild', 'version': 'v4.31.9', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-lint.yaml', 'accessPath': '/.github/workflows/standard-lint.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:github\\/codeql-action\\/autobuild:github\\/codeql-action\\/autobuild:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql-action\\/autobuild:github\\/codeql_action\\/autobuild:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql_action\\/autobuild:github\\/codeql-action\\/autobuild:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql_action\\/autobuild:github\\/codeql_action\\/autobuild:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql:github\\/codeql-action\\/autobuild:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql:github\\/codeql_action\\/autobuild:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/github/[email protected]#autobuild', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'github/codeql-action/autobuild@HIDDEN_BY_MEGALINTER, 'comment': 'v4.31.9'}}, {'id': '04966e7d9ee389c4', 'name': 'github/codeql-action/init', 'version': 'v4.31.9', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-lint.yaml', 'accessPath': '/.github/workflows/standard-lint.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:github\\/codeql-action\\/init:github\\/codeql-action\\/init:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql-action\\/init:github\\/codeql_action\\/init:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql_action\\/init:github\\/codeql-action\\/init:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql_action\\/init:github\\/codeql_action\\/init:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql:github\\/codeql-action\\/init:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql:github\\/codeql_action\\/init:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/github/[email protected]#init', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'github/codeql-action/init@HIDDEN_BY_MEGALINTER, 'comment': 'v4.31.9'}}, {'id': 'dcc9a7388cf0b381', 'name': 'github/codeql-action/upload-sarif', 'version': 'v4.31.9', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-lint.yaml', 'accessPath': '/.github/workflows/standard-lint.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:github\\/codeql-action\\/upload-sarif:github\\/codeql-action\\/upload-sarif:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql-action\\/upload-sarif:github\\/codeql_action\\/upload_sarif:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql_action\\/upload_sarif:github\\/codeql-action\\/upload-sarif:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql_action\\/upload_sarif:github\\/codeql_action\\/upload_sarif:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql-action\\/upload:github\\/codeql-action\\/upload-sarif:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql-action\\/upload:github\\/codeql_action\\/upload_sarif:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql_action\\/upload:github\\/codeql-action\\/upload-sarif:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql_action\\/upload:github\\/codeql_action\\/upload_sarif:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql:github\\/codeql-action\\/upload-sarif:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:github\\/codeql:github\\/codeql_action\\/upload_sarif:v4.31.9:*:*:*:*:*:*:*', 'source': 'syft-generated'}], 'purl': 'pkg:github/github/[email protected]#upload-sarif', 'metadataType': 'github-actions-use-statement', 'metadata': {'value': 'github/codeql-action/upload-sarif@HIDDEN_BY_MEGALINTER, 'comment': 'v4.31.9'}}, {'id': 'bcd9c0ff30c8e84e', 'name': 'gradle/actions/wrapper-validation', 'version': 'v5.0.0', 'type': 'github-action', 'foundBy': 'github-actions-usage-cataloger', 'locations': [{'path': '/.github/workflows/standard-lint.yaml', 'accessPath': '/.github/workflows/standard-lint.yaml', 'annotations': {'evidence': 'primary'}}], 'licenses': [], 'language': '', 'cpes': [{'cpe': 'cpe:2.3:a:gradle\\/actions\\/wrapper-validation:gradle\\/actions\\/wrapper-validation:v5.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:gradle\\/actions\\/wrapper-validation:gradle\\/actions\\/wrapper_validation:v5.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:gradle\\/actions\\/wrapper_validation:gradle\\/actions\\/wrapper-validation:v5.0.0:*:*:*:*:*:*:*', 'source': 'syft-generated'}, {'cpe': 'cpe:2.3:a:gradle\\/actions\\/wrapper_validation:gradle\\/actions\\/wrapper_validation:v5.0.0:*:*:*:*:*:*:*', 'source': 'syft-gener

(Truncated to 40000 characters out of 89125)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx [email protected] --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,COPYPASTE_JSCPD,DOCKERFILE_HADOLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_DUSTILOCK,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_KICS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,REPOSITORY_KINGFISHER,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[github-actions]

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow-without-test-image:pr-219 (debian 13.2)

No Vulnerabilities found

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found

[github-actions]

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow:pr-219 (debian 13.2)

No Vulnerabilities found

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found

[github-actions]

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow-with-fixed-image-tags:v1.2.3-beta.123 (debian 13.2)

No Vulnerabilities found

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found