chore(deps): update all non-major dependencies#167
Merged
Conversation
✅
|
| Descriptor | Linter | Files | Fixed | Errors | Warnings | Elapsed time |
|---|---|---|---|---|---|---|
| ✅ ACTION | actionlint | 7 | 0 | 0 | 0.11s | |
| ✅ COPYPASTE | jscpd | yes | no | no | 1.55s | |
| ✅ DOCKERFILE | hadolint | 1 | 0 | 0 | 0.06s | |
| ✅ JSON | jsonlint | 3 | 0 | 0 | 0.36s | |
| prettier | 3 | 1 | 0 | 0.89s | ||
| ✅ JSON | v8r | 3 | 0 | 0 | 3.41s | |
| ✅ PYTHON | bandit | 1 | 0 | 0 | 3.22s | |
| ✅ PYTHON | black | 1 | 0 | 0 | 1.29s | |
| ✅ PYTHON | flake8 | 1 | 0 | 0 | 0.77s | |
| ✅ PYTHON | isort | 1 | 0 | 0 | 0.22s | |
| ✅ PYTHON | mypy | 1 | 0 | 0 | 3.69s | |
| ✅ PYTHON | pylint | 1 | 0 | 0 | 3.39s | |
| ✅ PYTHON | pyright | 1 | 0 | 0 | 1.86s | |
| ✅ PYTHON | ruff | 1 | 0 | 0 | 0.02s | |
| ✅ REPOSITORY | checkov | yes | no | no | 24.98s | |
| ✅ REPOSITORY | devskim | yes | no | no | 1.77s | |
| ✅ REPOSITORY | dustilock | yes | no | no | 0.02s | |
| ✅ REPOSITORY | gitleaks | yes | no | no | 0.4s | |
| ✅ REPOSITORY | git_diff | yes | no | no | 0.01s | |
| grype | yes | no | 2 | 40.6s | ||
| ✅ REPOSITORY | kics | yes | no | no | 3.55s | |
| ✅ REPOSITORY | secretlint | yes | no | no | 1.84s | |
| ✅ REPOSITORY | syft | yes | no | no | 3.04s | |
| ✅ REPOSITORY | trivy | yes | no | no | 9.54s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | no | 0.14s | |
| ✅ REPOSITORY | trufflehog | yes | no | no | 3.7s | |
| ✅ YAML | prettier | 9 | 0 | 0 | 0.89s | |
| ✅ YAML | v8r | 9 | 0 | 0 | 7.73s | |
| ✅ YAML | yamllint | 9 | 0 | 0 | 0.95s |
Detailed Issues
⚠️ REPOSITORY / grype - 2 warnings
warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/standard-build.yaml
warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/standard-release.yaml
warning: 2 warnings emitted
⚠️ JSON / prettier - 1 error
Checking formatting...
[warn] renovate/default.json
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
See detailed reports in MegaLinter artifacts
Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)
- Documentation: Custom Flavors
- Command:
npx mega-linter-runner@9.2.0 --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,COPYPASTE_JSCPD,DOCKERFILE_HADOLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,REPOSITORY_CHECKOV,REPOSITORY_DEVSKIM,REPOSITORY_DUSTILOCK,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_KICS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
4 times, most recently
from
76b07ba to
365f9b3
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
365f9b3 to
fbe8aa4
Compare
Trivy image scan report
|
Trivy image scan report
|
Trivy image scan report
|
|
🎉 This PR is included in version 1.20.2 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.68.2→0.69.13.14.2-slim→3.14.3-slim9.2.1→9.3.11.20.0→1.22.0Release Notes
aquasecurity/trivy (aquasecurity/trivy)
v0.69.1Compare Source
Changelog
123888brelease: v0.69.1 [release/v0.69] (#10145)29d3b06ci: add composite action for Go setup [backport: release/v0.69] (#10150)3b30cc7fix(misconf): apply check aliases when filtering results via .trivyignore [backport: release/v0.69] (#10143)a8e279bchore(deps): bump to alpine:3.23.3 and go-1.25.6 to fix CVEs [backport: release/v0.69] (#10135)v0.69.0Compare Source
👉 Trivy v0.69.0 release notes (click here)
⬇️ Download Trivy
🐳 New Docker Install option
docker pull get.trivy.dev/image/trivy:0.69.0Changelog
https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0690-2026-01-30
gradle/gradle (gradle)
v9.3.1: 9.3.1Compare Source
This is a patch release for 9.3.0. We recommend using 9.3.1 instead of 9.3.0.
The following issues were resolved:
Read the Release Notes
Upgrade instructions
Switch your build to use Gradle 9.3.1 by updating your wrapper:
See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.
For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.
Reporting problems
If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.
We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.
v9.3.0Compare Source
zizmorcore/zizmor (zizmor)
v1.22.0Compare Source
Changes⚠️ 🔗
shell:findings when running with the "auditor" persona (#1532)Bug Fixes 🐛🔗
v1.21.0Compare Source
New Features 🌈🔗
Enhancements 🌱🔗
zizmor now uses exit code 3 to signal an audit that has failed because no input files were collected. See the exit code documentation for details (#1515)
The unpinned-uses audit now supports auto-fixes for many findings (#1525)
Changes⚠️ 🔗
Bug Fixes 🐛🔗
The unpinned-uses audit now flags reusable workflows that are unpinned, in addition to actions (#1509)
Many thanks to @johnbillion for implementing this fix!
Configuration
📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.