Skip to content

Bump super-linter/super-linter from 7.3.0 to 8.5.0#158

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/super-linter/super-linter-8.5.0
Open

Bump super-linter/super-linter from 7.3.0 to 8.5.0#158
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/super-linter/super-linter-8.5.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 9, 2026

Bumps super-linter/super-linter from 7.3.0 to 8.5.0.

Release notes

Sourced from super-linter/super-linter's releases.

v8.5.0

8.5.0 (2026-02-06)

🚀 Features

  • update codespell skip patterns for go modules (#7465) (ff76a00)

🐛 Bugfixes

⬆️ Dependency updates

  • bundler: bump rubocop in /dependencies in the rubocop group (#7480) (c0b4a56)
  • docker: bump the docker group across 1 directory with 3 updates (#7474) (b8cb189)
  • docker: bump the docker group across 1 directory with 3 updates (#7490) (147e829)
  • docker: bump the docker group with 2 updates (#7463) (adc2836)
  • docker: bump the docker group with 3 updates (#7455) (a1b44ab)
  • java: bump com.google.googlejavaformat:google-java-format (#7489) (8758d94)
  • java: bump com.puppycrawl.tools:checkstyle (#7475) (929cd66)
  • java: bump com.puppycrawl.tools:checkstyle (#7498) (c285101)
  • npm: bump @​isaacs/brace-expansion in /dependencies (#7482) (c15b8ac)
  • npm: bump @​modelcontextprotocol/sdk in /dependencies (#7488) (675cbf6)
  • npm: bump fast-xml-parser and @​aws-sdk/xml-builder (#7491) (7012368)
  • npm: bump the npm group across 1 directory with 2 updates (#7457) (962a22b)
  • npm: bump the npm group across 1 directory with 2 updates (#7501) (ae44688)
  • npm: bump the npm group across 1 directory with 5 updates (#7487) (9be025d)
  • npm: bump the npm group across 1 directory with 6 updates (#7477) (b44fb3f)
  • python: bump ruff (#7486) (7e9df59)
  • python: bump snakemake (#7456) (5989994)
  • python: bump the pip group across 1 directory with 2 updates (#7476) (6b3b830)
  • python: bump the pip group across 1 directory with 2 updates (#7500) (4452db3)

🧰 Maintenance

v8.4.0

8.4.0 (2026-01-28)

🚀 Features

... (truncated)

Changelog

Sourced from super-linter/super-linter's changelog.

8.5.0 (2026-02-06)

🚀 Features

  • update codespell skip patterns for go modules (#7465) (ff76a00)

🐛 Bugfixes

⬆️ Dependency updates

  • bundler: bump rubocop in /dependencies in the rubocop group (#7480) (c0b4a56)
  • docker: bump the docker group across 1 directory with 3 updates (#7474) (b8cb189)
  • docker: bump the docker group across 1 directory with 3 updates (#7490) (147e829)
  • docker: bump the docker group with 2 updates (#7463) (adc2836)
  • docker: bump the docker group with 3 updates (#7455) (a1b44ab)
  • java: bump com.google.googlejavaformat:google-java-format (#7489) (8758d94)
  • java: bump com.puppycrawl.tools:checkstyle (#7475) (929cd66)
  • java: bump com.puppycrawl.tools:checkstyle (#7498) (c285101)
  • npm: bump @​isaacs/brace-expansion in /dependencies (#7482) (c15b8ac)
  • npm: bump @​modelcontextprotocol/sdk in /dependencies (#7488) (675cbf6)
  • npm: bump fast-xml-parser and @​aws-sdk/xml-builder (#7491) (7012368)
  • npm: bump the npm group across 1 directory with 2 updates (#7457) (962a22b)
  • npm: bump the npm group across 1 directory with 2 updates (#7501) (ae44688)
  • npm: bump the npm group across 1 directory with 5 updates (#7487) (9be025d)
  • npm: bump the npm group across 1 directory with 6 updates (#7477) (b44fb3f)
  • python: bump ruff (#7486) (7e9df59)
  • python: bump snakemake (#7456) (5989994)
  • python: bump the pip group across 1 directory with 2 updates (#7476) (6b3b830)
  • python: bump the pip group across 1 directory with 2 updates (#7500) (4452db3)

🧰 Maintenance

8.4.0 (2026-01-28)

🚀 Features

... (truncated)

Commits
  • 61abc07 chore(main): release 8.5.0 (#7459)
  • a18e2f6 fix: pass file to check as first bash-exec param (#7471)
  • c285101 deps(java): bump com.puppycrawl.tools:checkstyle (#7498)
  • 4452db3 deps(python): bump the pip group across 1 directory with 2 updates (#7500)
  • ae44688 deps(npm): bump the npm group across 1 directory with 2 updates (#7501)
  • 888d5a8 fix: mention summary comment in validation error (#7497)
  • 8758d94 deps(java): bump com.google.googlejavaformat:google-java-format (#7489)
  • 147e829 deps(docker): bump the docker group across 1 directory with 3 updates (#7490)
  • 7012368 deps(npm): bump fast-xml-parser and @​aws-sdk/xml-builder (#7491)
  • 9be025d deps(npm): bump the npm group across 1 directory with 5 updates (#7487)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump super-linter/super-linter from 7.3.0 to 8.5.0
0018915 
Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter) from 7.3.0 to 8.5.0.
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](super-linter/super-linter@v7.3.0...v8.5.0)

---
updated-dependencies:
- dependency-name: super-linter/super-linter
  dependency-version: 8.5.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 9, 2026
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 9, 2026
@dependabot dependabot bot mentioned this pull request Feb 9, 2026
Closed
@github-actions
Copy link

github-actions bot commented Feb 9, 2026

Super-linter summary

Language Validation result
BASH Pass ✅
BASH_EXEC Pass ✅
BIOME_FORMAT Fail ❌
BIOME_LINT Pass ✅
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Fail ❌
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
GO_MODULES Fail ❌
GO_RELEASER Pass ✅
JSCPD Pass ✅
JSON Pass ✅
JSON_PRETTIER Pass ✅
MARKDOWN Pass ✅
MARKDOWN_PRETTIER Pass ✅
NATURAL_LANGUAGE Fail ❌
PRE_COMMIT Pass ✅
SHELL_SHFMT Pass ✅
SPELL_CODESPELL Fail ❌
TERRAFORM_FMT Pass ✅
TERRAFORM_TFLINT Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

Super-linter detected linting errors

For more information, see the GitHub Actions workflow run

Powered by Super-linter

BIOME_FORMAT 
Checked 1 file in 3ms. No fixes applied.
Found 1 error..github/linters/.jscpd.json format ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  × Formatter would have printed the following content:

    1 1 │   {
    2   │ - ··"threshold":·20,
    3   │ - ··"absolute":·true
      2 │ + → "threshold":·20,
      3 │ + → "absolute":·true
    4 4 │   }
    5 5 │


format ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  × Some errors were emitted while running checks.
GITHUB_ACTIONS_ZIZMOR 
�[1m�[33mwarning[dependabot-cooldown]�[0m�[1m: insufficient cooldown in Dependabot updates�[0m
 �[1m�[94m--> �[0m/github/workspace/.github/dependabot.yml:6:5
  �[1m�[94m|�[0m
�[1m�[94m6�[0m �[1m�[94m|�[0m   - package-ecosystem: "github-actions"
  �[1m�[94m|�[0m     �[1m�[33m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[33mmissing cooldown configuration�[0m
  �[1m�[94m|�[0m
  �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
  �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
  �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#dependabot-cooldown�[39m

�[1m�[33mwarning[dependabot-cooldown]�[0m�[1m: insufficient cooldown in Dependabot updates�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/dependabot.yml:10:5
   �[1m�[94m|�[0m
�[1m�[94m10�[0m �[1m�[94m|�[0m   - package-ecosystem: "gomod"
   �[1m�[94m|�[0m     �[1m�[33m^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[33mmissing cooldown configuration�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#dependabot-cooldown�[39m

�[1m�[96mhelp[artipacked]�[0m�[1m: credential persistence through GitHub Actions artifacts�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/codeql.yml:30:9
   �[1m�[94m|�[0m
�[1m�[94m30�[0m �[1m�[94m|�[0m         - name: Checkout repository
   �[1m�[94m|�[0m �[1m�[96m _________^�[0m
�[1m�[94m31�[0m �[1m�[94m|�[0m �[1m�[96m|�[0m         uses: actions/checkout@v6.0.2
   �[1m�[94m|�[0m �[1m�[96m|_____________________________________^�[0m �[1m�[96mdoes not set persist-credentials: false�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → Low
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#artipacked�[39m

�[1m�[91merror[unpinned-uses]�[0m�[1m: unpinned action reference�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/codeql.yml:31:15
   �[1m�[94m|�[0m
�[1m�[94m31�[0m �[1m�[94m|�[0m         uses: actions/checkout@v6.0.2
   �[1m�[94m|�[0m               �[1m�[91m^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[91maction is not pinned to a hash (required by blanket policy)�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#unpinned-uses�[39m

�[1m�[91merror[unpinned-uses]�[0m�[1m: unpinned action reference�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/codeql.yml:33:15
   �[1m�[94m|�[0m
�[1m�[94m33�[0m �[1m�[94m|�[0m         uses: actions/setup-go@v6.2.0
   �[1m�[94m|�[0m               �[1m�[91m^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[91maction is not pinned to a hash (required by blanket policy)�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#unpinned-uses�[39m

�[1m�[91merror[unpinned-uses]�[0m�[1m: unpinned action reference�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/codeql.yml:38:15
   �[1m�[94m|�[0m
�[1m�[94m38�[0m �[1m�[94m|�[0m         uses: github/codeql-action/init@v4
   �[1m�[94m|�[0m               �[1m�[91m^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[91maction is not pinned to a hash (required by blanket policy)�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#unpinned-uses�[39m

�[1m�[91merror[unpinned-uses]�[0m�[1m: unpinned action reference�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/codeql.yml:42:15
   �[1m�[94m|�[0m
�[1m�[94m42�[0m �[1m�[94m|�[0m         uses: github/codeql-action/autobuild@v4
   �[1m�[94m|�[0m               �[1m�[91m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[91maction is not pinned to a hash (required by blanket policy)�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#unpinned-uses�[39m

�[1m�[91merror[unpinned-uses]�[0m�[1m: unpinned action reference�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/codeql.yml:44:15
   �[1m�[94m|�[0m
�[1m�[94m44�[0m �[1m�[94m|�[0m         uses: github/codeql-action/analyze@v4
   �[1m�[94m|�[0m               �[1m�[91m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[91maction is not pinned to a hash (required by blanket policy)�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#unpinned-uses�[39m

�[1m�[96mhelp[artipacked]�[0m�[1m: credential persistence through GitHub Actions artifacts�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/linters.yml:19:9
   �[1m�[94m|�[0m
�[1m�[94m19�[0m �[1m�[94m|�[0m         - name: Checkout Code
   �[1m�[94m|�[0m �[1m�[96m _________^�[0m
�[1m�[94m20�[0m �[1m�[94m|�[0m �[1m�[96m|�[0m         uses: actions/checkout@v6.0.2
�[1m�[94m21�[0m �[1m�[94m|�[0m �[1m�[96m|�[0m         with:
�[1m�[94m22�[0m �[1m�[94m|�[0m �[1m�[96m|�[0m           fetch-depth: 0
   �[1m�[94m|�[0m �[1m�[96m|________________________^�[0m �[1m�[96mdoes not set persist-credentials: false�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → Low
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#artipacked�[39m

�[1m�[91merror[unpinned-uses]�[0m�[1m: unpinned action reference�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/linters.yml:20:15
   �[1m�[94m|�[0m
�[1m�[94m20�[0m �[1m�[94m|�[0m         uses: actions/checkout@v6.0.2
   �[1m�[94m|�[0m               �[1m�[91m^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[91maction is not pinned to a hash (required by blanket policy)�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#unpinned-uses�[39m

�[1m�[91merror[unpinned-uses]�[0m�[1m: unpinned action reference�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/linters.yml:24:15
   �[1m�[94m|�[0m
�[1m�[94m24�[0m �[1m�[94m|�[0m         uses: super-linter/super-linter@v8.5.0
   �[1m�[94m|�[0m               �[1m�[91m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[91maction is not pinned to a hash (required by blanket policy)�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#unpinned-uses�[39m

�[1m�[91merror[excessive-permissions]�[0m�[1m: overly broad permissions�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/main_branch.yml:10:3
   �[1m�[94m|�[0m
�[1m�[94m10�[0m �[1m�[94m|�[0m   actions: write
   �[1m�[94m|�[0m   �[1m�[91m^^^^^^^^^^^^^^�[0m �[1m�[91mactions: write is overly broad at the workflow level�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#excessive-permissions�[39m

�[1m�[91merror[excessive-permissions]�[0m�[1m: overly broad permissions�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/main_branch.yml:11:3
   �[1m�[94m|�[0m
�[1m�[94m11�[0m �[1m�[94m|�[0m   pull-requests: write
   �[1m�[94m|�[0m   �[1m�[91m^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[91mpull-requests: write is overly broad at the workflow level�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#excessive-permissions�[39m

�[1m�[96mhelp[excessive-permissions]�[0m�[1m: overly broad permissions�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/main_branch.yml:12:3
   �[1m�[94m|�[0m
�[1m�[94m12�[0m �[1m�[94m|�[0m   statuses: write
   �[1m�[94m|�[0m   �[1m�[96m^^^^^^^^^^^^^^^�[0m �[1m�[96mstatuses: write is overly broad at the workflow level�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#excessive-permissions�[39m

�[1m�[96mhelp[artipacked]�[0m�[1m: credential persistence through GitHub Actions artifacts�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/release.yml:24:9
   �[1m�[94m|�[0m
�[1m�[94m24�[0m �[1m�[94m|�[0m         - name: Checkout
   �[1m�[94m|�[0m �[1m�[96m _________^�[0m
�[1m�[94m25�[0m �[1m�[94m|�[0m �[1m�[96m|�[0m         uses: actions/checkout@v6.0.2
   �[1m�[94m|�[0m �[1m�[96m|_____________________________________^�[0m �[1m�[96mdoes not set persist-credentials: false�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → Low
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#artipacked�[39m

�[1m�[91merror[excessive-permissions]�[0m�[1m: overly broad permissions�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/release.yml:10:3
   �[1m�[94m|�[0m
�[1m�[94m10�[0m �[1m�[94m|�[0m   contents: write
   �[1m�[94m|�[0m   �[1m�[91m^^^^^^^^^^^^^^^�[0m �[1m�[91mcontents: write is overly broad at the workflow level�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#excessive-permissions�[39m

�[1m�[91merror[excessive-permissions]�[0m�[1m: overly broad permissions�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/release.yml:11:3
   �[1m�[94m|�[0m
�[1m�[94m11�[0m �[1m�[94m|�[0m   actions: write
   �[1m�[94m|�[0m   �[1m�[91m^^^^^^^^^^^^^^�[0m �[1m�[91mactions: write is overly broad at the workflow level�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#excessive-permissions�[39m

�[1m�[91merror[excessive-permissions]�[0m�[1m: overly broad permissions�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/release.yml:12:3
   �[1m�[94m|�[0m
�[1m�[94m12�[0m �[1m�[94m|�[0m   pull-requests: write
   �[1m�[94m|�[0m   �[1m�[91m^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[91mpull-requests: write is overly broad at the workflow level�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#excessive-permissions�[39m

�[1m�[96mhelp[excessive-permissions]�[0m�[1m: overly broad permissions�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/release.yml:13:3
   �[1m�[94m|�[0m
�[1m�[94m13�[0m �[1m�[94m|�[0m   statuses: write
   �[1m�[94m|�[0m   �[1m�[96m^^^^^^^^^^^^^^^�[0m �[1m�[96mstatuses: write is overly broad at the workflow level�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#excessive-permissions�[39m

�[1m�[91merror[unpinned-uses]�[0m�[1m: unpinned action reference�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/release.yml:25:15
   �[1m�[94m|�[0m
�[1m�[94m25�[0m �[1m�[94m|�[0m         uses: actions/checkout@v6.0.2
   �[1m�[94m|�[0m               �[1m�[91m^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[91maction is not pinned to a hash (required by blanket policy)�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#unpinned-uses�[39m

�[1m�[91merror[unpinned-uses]�[0m�[1m: unpinned action reference�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/release.yml:29:15
   �[1m�[94m|�[0m
�[1m�[94m29�[0m �[1m�[94m|�[0m         uses: actions/setup-go@v6.2.0
   �[1m�[94m|�[0m               �[1m�[91m^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[91maction is not pinned to a hash (required by blanket policy)�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#unpinned-uses�[39m

�[1m�[91merror[unpinned-uses]�[0m�[1m: unpinned action reference�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/release.yml:34:15
   �[1m�[94m|�[0m
�[1m�[94m34�[0m �[1m�[94m|�[0m         uses: crazy-max/ghaction-import-gpg@v6
   �[1m�[94m|�[0m               �[1m�[91m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[91maction is not pinned to a hash (required by blanket policy)�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#unpinned-uses�[39m

�[1m�[91merror[unpinned-uses]�[0m�[1m: unpinned action reference�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/release.yml:40:15
   �[1m�[94m|�[0m
�[1m�[94m40�[0m �[1m�[94m|�[0m         uses: goreleaser/goreleaser-action@v6.4.0
   �[1m�[94m|�[0m               �[1m�[91m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[91maction is not pinned to a hash (required by blanket policy)�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#unpinned-uses�[39m

�[1m�[91merror[cache-poisoning]�[0m�[1m: runtime artifacts potentially vulnerable to a cache poisoning attack�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/release.yml:29:9
   �[1m�[94m|�[0m
�[1m�[94m 4�[0m �[1m�[94m|�[0m �[1m�[94m/�[0m on:
�[1m�[94m 5�[0m �[1m�[94m|�[0m �[1m�[94m|�[0m   push:
�[1m�[94m 6�[0m �[1m�[94m|�[0m �[1m�[94m|�[0m     tags:
�[1m�[94m 7�[0m �[1m�[94m|�[0m �[1m�[94m|�[0m       - "v*"
   �[1m�[94m|�[0m �[1m�[94m|____________-�[0m �[1m�[94mgenerally used when publishing artifacts generated at runtime�[0m
�[1m�[94m...�[0m
�[1m�[94m29�[0m �[1m�[94m|�[0m           uses: actions/setup-go@v6.2.0
   �[1m�[94m|�[0m           �[1m�[91m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[91mthis step�[0m
�[1m�[94m30�[0m �[1m�[94m|�[0m �[1m�[94m/�[0m         with:
�[1m�[94m31�[0m �[1m�[94m|�[0m �[1m�[94m|�[0m           go-version-file: "go.mod"
�[1m�[94m32�[0m �[1m�[94m|�[0m �[1m�[94m|�[0m           cache: true
   �[1m�[94m|�[0m �[1m�[94m|_____________________-�[0m �[1m�[94menables caching explicitly here�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → Low
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#cache-poisoning�[39m

�[1m�[96mhelp[artipacked]�[0m�[1m: credential persistence through GitHub Actions artifacts�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/tests.yml:22:9
   �[1m�[94m|�[0m
�[1m�[94m22�[0m �[1m�[94m|�[0m         - name: Checkout Code
   �[1m�[94m|�[0m �[1m�[96m _________^�[0m
�[1m�[94m23�[0m �[1m�[94m|�[0m �[1m�[96m|�[0m         uses: actions/checkout@v6.0.2
�[1m�[94m24�[0m �[1m�[94m|�[0m �[1m�[96m|�[0m         with:
�[1m�[94m25�[0m �[1m�[94m|�[0m �[1m�[96m|�[0m           fetch-depth: 0
   �[1m�[94m|�[0m �[1m�[96m|________________________^�[0m �[1m�[96mdoes not set persist-credentials: false�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → Low
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#artipacked�[39m

�[1m�[91merror[unpinned-uses]�[0m�[1m: unpinned action reference�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/tests.yml:23:15
   �[1m�[94m|�[0m
�[1m�[94m23�[0m �[1m�[94m|�[0m         uses: actions/checkout@v6.0.2
   �[1m�[94m|�[0m               �[1m�[91m^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[91maction is not pinned to a hash (required by blanket policy)�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#unpinned-uses�[39m

�[1m�[91merror[unpinned-uses]�[0m�[1m: unpinned action reference�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/tests.yml:27:15
   �[1m�[94m|�[0m
�[1m�[94m27�[0m �[1m�[94m|�[0m         uses: actions/setup-go@v6.2.0
   �[1m�[94m|�[0m               �[1m�[91m^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[91maction is not pinned to a hash (required by blanket policy)�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mnote�[0m: this finding has an auto-fix
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#unpinned-uses�[39m

�[1m�[91merror[unpinned-images]�[0m�[1m: unpinned image references�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/tests.yml:42:9
   �[1m�[94m|�[0m
�[1m�[94m42�[0m �[1m�[94m|�[0m         image: couchbase
   �[1m�[94m|�[0m         �[1m�[91m^^^^^^^^^^^^^^^^�[0m �[1m�[91mcontainer image is unpinned�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#unpinned-images�[39m

�[32m42�[39m findings (�[1m�[93m14�[39m suppressed, �[92m20�[39m fixable�[0m): �[35m0�[39m informational, �[36m6�[39m low, �[33m2�[39m medium, �[31m20�[39m high🌈 zizmor v1.22.0
�[32m INFO�[0m �[1maudit�[0m�[2m:�[0m �[2mzizmor�[0m�[2m:�[0m 🌈 completed /github/workspace/.github/dependabot.yml
�[32m INFO�[0m �[1maudit�[0m�[2m:�[0m �[2mzizmor�[0m�[2m:�[0m 🌈 completed /github/workspace/.github/workflows/codeql.yml
�[32m INFO�[0m �[1maudit�[0m�[2m:�[0m �[2mzizmor�[0m�[2m:�[0m 🌈 completed /github/workspace/.github/workflows/linters.yml
�[32m INFO�[0m �[1maudit�[0m�[2m:�[0m �[2mzizmor�[0m�[2m:�[0m 🌈 completed /github/workspace/.github/workflows/main_branch.yml
�[32m INFO�[0m �[1maudit�[0m�[2m:�[0m �[2mzizmor�[0m�[2m:�[0m 🌈 completed /github/workspace/.github/workflows/release.yml
�[32m INFO�[0m �[1maudit�[0m�[2m:�[0m �[2mzizmor�[0m�[2m:�[0m 🌈 completed /github/workspace/.github/workflows/tests.yml
GO_MODULES 
Error: can't load config: unsupported version of the configuration: "" See https://golangci-lint.run/docs/product/migration-guide for migration instructions
The command is terminated due to an error: can't load config: unsupported version of the configuration: "" See https://golangci-lint.run/docs/product/migration-guide for migration instructions
Error: can't load config: unsupported version of the configuration: "" See https://golangci-lint.run/docs/product/migration-guide for migration instructions
The command is terminated due to an error: can't load config: unsupported version of the configuration: "" See https://golangci-lint.run/docs/product/migration-guide for migration instructions
NATURAL_LANGUAGE 

/github/workspace/README.md
  16:3  ✓ error  Incorrect term: “docker”, use “Docker” instead  terminology
  17:3  ✓ error  Incorrect term: “docker”, use “Docker” instead  terminology

✖ 2 problems (2 errors, 0 warnings, 0 infos)
✓ 2 fixable problems.
Try to run: $ textlint --fix [file]
SPELL_CODESPELL 
/github/workspace/couchbase/bucket.go:13: fuction ==> function
/github/workspace/couchbase/constants.go:18: contants ==> constants, contents
/github/workspace/couchbase/constants.go:32: contants ==> constants, contents
/github/workspace/couchbase/constants.go:42: contants ==> constants, contents
/github/workspace/couchbase/constants.go:49: contants ==> constants, contents
/github/workspace/couchbase/constants.go:54: contants ==> constants, contents
/github/workspace/couchbase/provider.go:105: separeted ==> separated
/github/workspace/docs/index.md:56: shoud ==> should

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lukasbudisky lukasbudisky Awaiting requested review from lukasbudisky lukasbudisky is a code owner

@petoju petoju Awaiting requested review from petoju petoju is a code owner

@matokovacik matokovacik Awaiting requested review from matokovacik matokovacik is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants