chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/setup-node	action	minor	v4.1.0 -> v4.2.0
docker/build-push-action	action	minor	v6.12.0 -> v6.13.0
github/codeql-action	action	patch	v3.28.1 -> v3.28.5
oxsecurity/megalinter	action	minor	v8.3.0 -> v8.4.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

actions/setup-node (actions/setup-node)

v4.2.0

Compare Source

docker/build-push-action (docker/build-push-action)

v6.13.0

Compare Source

• Bump @​docker/actions-toolkit from 0.51.0 to 0.53.0 in https://github.com/docker/build-push-action/pull/1308

Full Changelog: docker/build-push-action@v6.12.0...v6.13.0

github/codeql-action (github/codeql-action)

v3.28.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.5 - 24 Jan 2025

• Update default CodeQL bundle version to 2.20.3. #​2717

See the full CHANGELOG.md for more information.

v3.28.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.4 - 23 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.3 - 22 Jan 2025

• Update default CodeQL bundle version to 2.20.2. #​2707
• Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #​2710
• Uploading debug artifacts for CodeQL analysis is temporarily disabled. #​2712

See the full CHANGELOG.md for more information.

v3.28.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.2 - 21 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

oxsecurity/megalinter (oxsecurity/megalinter)

v8.4.0

Compare Source

• Core

  • PHP Linters use now the bartlett/sarif-php-converters first official release 1.0.0 to generate SARIF reports, by @​llaville in #​4357
  • Upgrade PHP engine from 8.3 to 8.4 and allow Psalm 5.26 to run on this context (by @​llaville)
  • Linters can specify in the pre/post commands with a run_before_linters / run_after_linters parameter whether the command is to be executed before/after the execution of the linters themselves (by @​bdovaz in #​4482)
  • Bump python version to 3.12.8, by @​echoix in #​4372
  • Update to .NET 9, by @​bdovaz in #​4488
  • Upgrade PHP engine from 8.3 to 8.4, by @​llaville in #​4524

• New linters

  • Reactivate clj-style (Clojure formatter) since its bug is fixed, by @​nvuillam in #​4369
  • New python formatter: PYTHON_RUFF_FORMAT, by @​nvuillam in #​4329

• Disabled linters

  • Snakemake has been disabled, because its dependency datrie not maintained, and issue open in snakemake repo since july is still pending

• Linters enhancements

  • Add support to phpstan/extension-installer Composer plugin for automatic installation of PHPStan extensions, by @​llaville in #​4337
    • Learn more about context on GH-4328
  • Allow Terrascan to lint in file lint mode, by @​bdovaz in #​4498
  • Add sarif output to golangci-lint, by @​bdovaz in #​4557

• Plugins

  • Add prettier for markdown, by Qin Li

• Fixes

  • swiftlint Fix swiftlint error where linter is unable to find lintable files. Fixes #​440, by @​Noraldeno in #​4427
  • jscpd url fixes, by @​alexanderbazhenoff in #​4352
  • Don't call get_pr_data if GitLeaks linter is not active, by @​bdovaz in #​4469
  • Fix linter disabled reason usage, by @​bdovaz in #​4466

• Doc

  • Add contributing docs on venv, by @​bdovaz in #​4479
  • Add disabled linter badge, by @​bdovaz in #​4477
  • Add AzureCommentReporter instructions, by @​bdovaz in #​4480

• CI

  • Fix up gitpod config and workflow to support uv 0.5.0+ by @​echoix in #​4373
  • Use uv.lock file to build docker images, by @​echoix in #​4374
  • Update Renovate schedules for uv and sfdx-hardis, by @​echoix in #​4568
  • Variabilize version and use renovate for updates for the following linters:
    • all GO linters
    • all REPOSITORY linters
    • arm-ttk
    • bash-shfmt
    • bicep
    • clj-kondo
    • cljstyle
    • csharpier
    • dart
    • ktlint
    • kubescape
    • lychee
    • luacheck
    • markdown-link-check
    • perlcritic
    • raku
    • tsqllint

• Linter versions upgrades (66)

  • actionlint from 1.7.6 to 1.7.7
  • ansible-lint from 24.12.2 to 25.1.0
  • banditto 1.8.2
  • bash-exec from 5.2.26 to 5.2.37
  • bicep_linter from to 0.33.13
  • cfn-lint 1.22.7
  • checkov from to 3.2.357
  • checkstyle from 10.20.1 to 10.21.1
  • clang-format from 17.0.6 to 19.1.4
  • clippy 0.1.84
  • clj-kondo from 2024.11.14 to 2025.01.16
  • cljstyle from 0.15.0 to 0.17.642
  • csharpier from 0.30.2 to 0.30.6
  • cspell from 8.16.0 to 8.17.2
  • devskim from 1.0.44 to 1.0.51
  • djlint from 1.36.1 to 1.36.4
  • dotnet-format from 8.0.111 to 9.0.102
  • editorconfig-checker from 3.0.3 to 3.1.2
  • git_diff from 2.45.2 to 2.47.2
  • gitleaks from 8.21.2 to 8.23.2
  • golangci-lint from 1.62.0 to 1.63.4
  • grype from 0.79.5 to 0.87.0
  • helm from 3.14.3 to 3.16.3
  • ktlint from 1.4.1 to 1.5.0
  • lightning-flow-scanner from 2.36.0 to 2.39.0
  • lychee from 0.17.0 to 0.18.0
  • markdownlint from 0.43.0 to 0.44.0
  • mypy from 1.13.0 to 1.14.0
  • mypy from 1.14.0 to 1.14.1
  • php-cs-fixer from 3.64.0 to 7.4.0
  • phpcs from 3.11.1 to 3.11.3
  • phplint from 9.5.4 to 9.5.6
  • phpstan from 2.0.2 to 2.1.2
  • pmd from 7.7.0 to 7.9.0
  • powershell from 7.4.2 to 7.4.6
  • powershell_formatter from 7.4.2 to 7.4.6
  • prettier from 3.3.3 to 3.4.2
  • protolint from 0.50.5 to 0.52.0
  • psalm from Psalm.5.26.1@​ to Psalm.6.0.0@​
  • pylint from 3.3.1 to 3.3.3
  • pyright from 1.1.389 to 1.1.392
  • raku from 2020.10 to 2024.10
  • revive from 1.5.1 to 1.6.0
  • rubocop from 1.68.0 to 1.71.0
  • ruff-format from 0.8.6 to 0.9.3
  • ruff from 0.8.0 to 0.9.3
  • scalafix from 0.13.0 to 0.14.0
  • selene from 0.27.1 to 0.28.0
  • sfdx-scanner-apex from 4.7.0 to 4.8.0
  • sfdx-scanner-aura from 4.7.0 to 4.8.0
  • sfdx-scanner-lwc from 4.7.0 to 4.8.0
  • snakemake from 8.25.3 to 8.27.1
  • sqlfluff from 3.2.5 to 3.3.0
  • stylelint from 16.10.0 to 16.14.0
  • swiftlint from 0.57.0 to 0.58.2
  • syft from 1.17.0 to 1.19.0
  • terraform-fmt from 1.10.0 to 1.10.3
  • terraform-fmt from 1.9.8 to 1.10.0
  • terragrunt from 0.68.14 to 0.69.13
  • tflint from 0.54.0 to 0.55.0
  • trivy-sbom from 0.57.1 to 0.58.2
  • trivy from 0.57.1 to 0.58.2
  • trufflehog from 3.84.1 to 3.88.2
  • v8r from 4.2.0 to 4.2.1
  • vale from 3.9.1 to 3.9.4
  • xmllint from 21207 to 21304

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ ACTION	actionlint	5		0	0.08s
✅ COPYPASTE	jscpd	yes		no	1.12s
✅ DOCKERFILE	hadolint	1		0	0.07s
✅ JSON	jsonlint	5		0	0.47s
✅ JSON	prettier	5		0	0.33s
✅ JSON	v8r	5		0	3.12s
⚠️ MARKDOWN	markdownlint	2		3	0.93s
✅ MARKDOWN	markdown-link-check	2		0	4.42s
⚠️ MARKDOWN	markdown-table-formatter	2		1	0.39s
✅ PYTHON	bandit	1		0	3.05s
✅ PYTHON	black	1		0	0.94s
✅ PYTHON	flake8	1		0	0.96s
✅ PYTHON	isort	1		0	0.22s
✅ PYTHON	mypy	1		0	3.33s
✅ PYTHON	pylint	1		0	2.0s
✅ PYTHON	pyright	1		0	1.74s
✅ PYTHON	ruff	1		0	0.02s
✅ REPOSITORY	checkov	yes		no	19.55s
✅ REPOSITORY	dustilock	yes		no	0.01s
✅ REPOSITORY	gitleaks	yes		no	0.81s
✅ REPOSITORY	git_diff	yes		no	0.01s
✅ REPOSITORY	grype	yes		no	14.47s
✅ REPOSITORY	kics	yes		no	4.01s
✅ REPOSITORY	secretlint	yes		no	0.86s
✅ REPOSITORY	syft	yes		no	2.0s
✅ REPOSITORY	trivy	yes		no	8.28s
✅ REPOSITORY	trivy-sbom	yes		no	0.18s
✅ REPOSITORY	trufflehog	yes		no	2.9s
✅ YAML	prettier	7		0	0.67s
✅ YAML	v8r	7		0	5.91s
✅ YAML	yamllint	7		0	0.63s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

• Click here to request the new flavor

[github-actions]

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow-without-test-image:pr-136 (debian 12.9)

No Vulnerabilities found

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found

[github-actions]

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow:pr-136 (debian 12.9)

No Vulnerabilities found

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found

[github-actions]

🎉 This PR is included in version 1.10.8 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀