deps(deps): update ansible/ansible-lint action to v24.12.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
ansible/ansible-lint	action	minor	v24.10.0 -> v24.12.0

---

Release Notes

ansible/ansible-lint (ansible/ansible-lint)

v24.12.0

Compare Source

Enhancements

• Refactor code to avoid use of rich library (#​4396) @​ssbarnea
• Search for config with the yml/yaml extension (#​4416) @​cornfeedhobo
• Rename color module to output (#​4433) @​ssbarnea
• Remove formatting options for listing rules (#​4432) @​ssbarnea

Bugfixes

• Accommodate specified inventory files (#​4393) @​cavcrosby
• Utilize create_matcherror more in other rules (#​4408) @​cavcrosby
• Add Astra Linux Platform to platform items (#​4429) @​razerisback
• Normalize version field for rules (#​4431) @​ssbarnea
• Enable pyright hook (#​4426) @​ssbarnea
• Remove dead code and prevent regressions (#​4425) @​ssbarnea
• Prepare for pyright hook enablement (#​4410) @​ssbarnea
• Activate and address some ruff violations (preview) (#​4421) @​ssbarnea
• Fix exception with 'skipped' test (#​4406) @​Gilles95
• Include ! as a shell word. closes #​4386 (#​4403) @​wimglenn

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:160b1df1c7a7cc91192c28e715fa038e6f914d00e87af71c5806014eb4f6e434
vulnerabilities
size	104 MB
packages	239

📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10

also known as	3 3.20 3.20.3 latest
digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.04% EPSS Percentile 17th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.19% EPSS Percentile 57th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.20.3
Digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilities
Pushed	3 months ago
Size	3.6 MB
Packages	17
OS	3.20.3

The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

Tag	Details	Pushed	Vulnerabilities
3 Newer image for same tag Also known as: 3.21.0 3.21 latest	Benefits: Newer image for same tag Minor OS version update Tag is preferred tag Tag was pushed more recently Image has similar size Tag is latest Image introduces no new vulnerability but removes 1 3 was pulled 251K times last month Image details: Size: 3.6 MB OS: 3.21.0	5 days ago

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:160b1df1c7a7cc91192c28e715fa038e6f914d00e87af71c5806014eb4f6e434
vulnerabilities
size	104 MB
packages	239

📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10

also known as	3 3.20 3.20.3 latest
digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.04% EPSS Percentile 17th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.19% EPSS Percentile 57th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

[github-actions]

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.20.3
Digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilities
Pushed	3 months ago
Size	3.6 MB
Packages	17
OS	3.20.3

The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

Tag	Details	Pushed	Vulnerabilities
3 Newer image for same tag Also known as: 3.21.0 3.21 latest	Benefits: Newer image for same tag Minor OS version update Tag is preferred tag Tag was pushed more recently Image has similar size Tag is latest Image introduces no new vulnerability but removes 1 3 was pulled 251K times last month Image details: Size: 3.6 MB OS: 3.21.0	5 days ago

Change base image

✅ There are no tag recommendations at this time.