Skip to content

chore(deps): update all non-major dependencies #217

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
renovate merged 1 commit into from
Dec 22, 2025
Merged

chore(deps): update all non-major dependencies #217

renovate merged 1 commit into from
Dec 22, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 22, 2025

This PR contains the following updates:

Package Type Update Change Age Confidence
aquasecurity/trivy patch 0.68.1 -> 0.68.2 age confidence
docker/setup-buildx-action action minor v3.11.1 -> v3.12.0 age confidence
github/codeql-action action patch v4.31.8 -> v4.31.9 age confidence
zizmor (source) minor 1.18.0 -> 1.19.0 age confidence

Release Notes

aquasecurity/trivy (aquasecurity/trivy)

v0.68.2

Compare Source

Changelog

docker/setup-buildx-action (docker/setup-buildx-action)

v3.12.0

Compare Source

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

github/codeql-action (github/codeql-action)

v4.31.9

Compare Source

zizmorcore/zizmor (zizmor)

v1.19.0

Compare Source

New Features 🌈🔗
Enhancements 🌱🔗

  • The use-trusted-publishing audit now detects additional publishing command patterns, including common "wrapped" patterns like bundle exec gem publish (#​1394)

  • zizmor now produces better error messages on a handful of error cases involving invalid input files. Specifically, a subset of syntax and schema errors now produce more detailed and actionable error messages (#​1396)

  • The use-trusted-publishing audit now detects additional publishing command patterns, including uv run ..., uvx ..., and poetry publish (#​1402)

  • zizmor now produces more useful and less ambiguous spans for many findings, particularly those from the anonymous-definition audit (#​1416)

  • zizmor now discovers configuration files named zizmor.yaml, in addition to zizmor.yml (#​1431)

  • zizmor now produces a more useful error message when input collection yields no inputs (#​1439)

  • The --render-links flag now allows users to control zizmor's OSC 8 terminal link rendering behavior. This is particularly useful in environments that advertise themselves as terminals but fail to correctly render or ignore OSC 8 links (#​1454)

Performance Improvements 🚄🔗
  • The [impostor-commit] audit is now significantly faster on true positives, making true positive detection virtually as fast as true negative detection. In practice, true positive runs are over 100 times faster than before (#​1429)
Bug Fixes 🐛🔗

  • Fixed a bug where the obfuscation audit would crash if it encountered a CMD shell that was defined outside of the current step block (i.e. as a job or workflow default) (#​1418)

  • Fixed a bug where the opentofu ecosystem was not recognized in Dependabot configuration files (#​1452)

  • --color=always no longer implies --render-links=always, as some environments (like GitHub Actions) support ANSI color codes but fail to handle OSC escapes gracefully (#​1454)

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 22, 2025

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow-without-test-image:pr-217 (debian 13.2)

No Vulnerabilities found

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found

@github-actions
Copy link
Contributor

github-actions bot commented Dec 22, 2025

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow-with-fixed-image-tags:v1.2.3-beta.123 (debian 13.2)

No Vulnerabilities found

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found

@github-actions
Copy link
Contributor

github-actions bot commented Dec 22, 2025

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow:pr-217 (debian 13.2)

No Vulnerabilities found

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found

@github-actions
Copy link
Contributor

github-actions bot commented Dec 22, 2025

MegaLinter analysis: Success

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 4 0 0 0.22s
✅ COPYPASTE jscpd yes no no 1.4s
✅ DOCKERFILE hadolint 1 0 0 0.23s
✅ JSON jsonlint 3 0 0 0.23s
✅ JSON prettier 3 0 0 0.49s
✅ JSON v8r 3 0 0 3.74s
✅ MARKDOWN markdownlint 1 0 0 0.58s
✅ MARKDOWN markdown-table-formatter 1 0 0 0.41s
✅ PYTHON bandit 1 0 0 2.22s
✅ PYTHON black 1 0 0 0.78s
✅ PYTHON flake8 1 0 0 0.86s
✅ PYTHON isort 1 0 0 0.22s
✅ PYTHON mypy 1 0 0 3.2s
✅ PYTHON pylint 1 0 0 2.68s
✅ PYTHON pyright 1 0 0 1.74s
✅ PYTHON ruff 1 0 0 0.04s
✅ REPOSITORY checkov yes no no 23.51s
✅ REPOSITORY dustilock yes no no 0.03s
✅ REPOSITORY gitleaks yes no no 0.3s
✅ REPOSITORY git_diff yes no no 0.01s
✅ REPOSITORY grype yes no no 35.4s
✅ REPOSITORY kics yes no no 3.69s
✅ REPOSITORY secretlint yes no no 1.58s
✅ REPOSITORY syft yes no no 2.89s
✅ REPOSITORY trivy yes no no 8.71s
✅ REPOSITORY trivy-sbom yes no no 0.1s
✅ REPOSITORY trufflehog yes no no 3.8s
✅ YAML prettier 6 0 0 1.22s
✅ YAML v8r 6 0 0 6.98s
✅ YAML yamllint 6 0 0 0.64s

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

  • Documentation: Custom Flavors
  • Command: npx mega-linter-runner@9.2.0 --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,COPYPASTE_JSCPD,DOCKERFILE_HADOLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_DUSTILOCK,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_KICS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security

@renovate renovate bot merged commit 9e70ebf into master Dec 22, 2025
40 checks passed
@renovate renovate bot deleted the renovate/all-minor-patch branch December 22, 2025 06:03
@github-actions
Copy link
Contributor

github-actions bot commented Dec 22, 2025

🎉 This PR is included in version 1.11.11 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

@renovate-approve-2 renovate-approve-2[bot] renovate-approve-2[bot] approved these changes

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant