Skip to content

ci(deps): bump the github-actions group with 8 updates#1345

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-cf2bc3e972
Open

ci(deps): bump the github-actions group with 8 updates#1345
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-cf2bc3e972

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 8 updates:

Package From To
oxsecurity/megalinter/flavors/dotnet 9.5.0 9.6.0
github/codeql-action/upload-sarif 4.36.2 4.36.3
crazy-max/ghaction-container-scan 4.0.0 4.1.0
docker/setup-buildx-action 4.1.0 4.2.0
docker/login-action 4.2.0 4.3.0
docker/metadata-action 6.1.0 6.2.0
docker/build-push-action 7.2.0 7.3.0
philips-software/amp-devcontainer/.github/actions/container-size-diff 7.2.0 7.2.1

Updates oxsecurity/megalinter/flavors/dotnet from 9.5.0 to 9.6.0

Release notes

Sourced from oxsecurity/megalinter/flavors/dotnet's releases.

v9.6.0

What's Changed

  • Breaking changes

    • Linters can no longer be run via a sibling Docker image at runtime. The cli_docker_image, cli_docker_image_version and cli_docker_args descriptor properties (and the matching <LINTER>_DOCKER_IMAGE_VERSION variable) have been removed, and MegaLinter no longer mounts /var/run/docker.sock (in mega-linter-runner, the GitHub Action action.yml files, and the Docker daemon previously bundled in flavor images). This closes the host-privilege escalation surface that the mounted Docker socket exposed. The only linter that used this mechanism was SWIFT_SWIFTLINT, now installed natively (see below). (#8216)
    • SWIFT_SWIFTLINT is now installed from the static swiftlint-static binary instead of running the ghcr.io/realm/swiftlint container. It runs natively on the Alpine image with no Docker socket required. SourceKit-dependent rules are disabled in this build and reported to the console when encountered; pure-syntax style rules are unaffected. (#8216)
    • @eslint/eslintrc shim removed from JavaScript/TypeScript/JSX/TSX Docker images (was only needed for legacy FlatCompat); MegaLinter's bundled test fixtures use native flat config. (#7869)
    • ESLint linters now force migration off .eslintrc.*: JAVASCRIPT_ES, TYPESCRIPT_ES, JSX_ESLINT, TSX_ESLINT activate when they find any eslint.config.* or any deprecated .eslintrc.* / package.json#eslintConfig. In the legacy case the linter does not call ESLint at all — it emits a single hard failure with a migration message so the build stays red until the config is migrated to flat config. See the ESLint flat-config migration guide. To opt out, set DISABLE_LINTERS or DISABLE to exclude the affected linter/descriptor. (#7869)
    • JSON_ESLINT_PLUGIN_JSONC removed: upstream bug ota-meshi/eslint-plugin-jsonc#328 blocks ESLint v10 compatibility and will not be fixed. Use JSON_JSONLINT, JSON_PRETTIER, or JSON_V8R for JSON validation instead. (#7869)
  • Core

    • New linter descriptor property common_linter_errors: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed. (#7907)
    • Skipped-linters summary now explains why a linter was skipped by an activation rule, including the variable to set to activate it (e.g. MARKDOWN_RUMDL: MARKDOWN_DEFAULT_STYLE=markdownlint (set MARKDOWN_DEFAULT_STYLE=rumdl to activate)), fixing #8017.
  • New linters

    • Add betterleaks linter for repository secrets scanning — successor to gitleaks with higher recall (98.6% vs 70.4%), lower false-positive rates, and 4–5× faster scanning via BPE-based detection and CEL filter expressions (#8186)
  • Disabled linters

    • SALESFORCE_SFDX_SCANNER_APEX, SALESFORCE_SFDX_SCANNER_AURA and SALESFORCE_SFDX_SCANNER_LWC — disabled because sfdx-scanner 4.12.0 crashes on Node.js 22+ (TypeError: Cannot read properties of undefined (reading 'prototype'), caused by the removal of SlowBuffer.prototype), which is shipped with Alpine 3.24. These linters were already deprecated; use the SALESFORCE_CODE_ANALYZER_APEX / SALESFORCE_CODE_ANALYZER_AURA / SALESFORCE_CODE_ANALYZER_LWC variants instead (#8080).
  • Deprecated linters

    • REPOSITORY_GITLEAKS — deprecated in favour of REPOSITORY_BETTERLEAKS (same author, fully compatible config, significantly better detection). Will be removed in the next major release. Disable it by adding REPOSITORY_GITLEAKS to DISABLE_LINTERS in your .mega-linter.yml. (#8186)
  • Removed linters

    • JSON_ESLINT_PLUGIN_JSONC — permanently broken by upstream bug (see Breaking changes) (#7869)
  • Linters enhancements

    • REPOSITORY_CHECKOV: in pull-request mode, scan only the files modified in the PR instead of the whole repository (#7119)
  • Fixes

    • REPOSITORY_BETTERLEAKS: default scan now runs in filesystem (dir) mode instead of auto-switching to git-history (git) mode when a git repository is detected. betterleaks does not read the global git safe.directory config, so git mode failed with fatal: detected dubious ownership in repository in CI environments (e.g. GitHub Actions /github/workspace). Git-history mode is still used for the opt-in REPOSITORY_BETTERLEAKS_PR_COMMITS_SCAN feature. (#8186)
    • REPOSITORY_BETTERLEAKS: added --verbose so detected findings (file, line and rule) are reported instead of only the leaks found: N summary, matching gitleaks behavior. Secret values stay redacted via --redact. (#8186)
    • REPOSITORY_OSV_SCANNER: exit code 128 ("No package sources found") is now treated as a clean pass instead of a failure — osv-scanner returns this code when the repo contains no lockfiles/manifests/SBOMs, which is not a vulnerability finding (#7917).
    • Fix intermittent ansible-lint load-failure[not-found] error on github_conf/branch_protection_rules.json caused by a race condition with checkov running in parallel. Checkov's transient GitHub-conf directory is now written to a hidden path (.megalinter_github_conf) that project-mode linters skip, eliminating the conflict (#8092).
    • Complete the Alpine 3.24 upgrade across the whole image and fix how alpine version is detected. Docker images now build on the python:3.14-alpine3.24 base image (#8080).
    • Avoid DeprecationWarning / future breakage on Python 3.14 by no longer passing count and flags as positional arguments to re.sub (#8211).
    • Exclude REPORT_OUTPUT_FOLDER from linting when configured as an absolute path inside the workspace (e.g. /tmp/lint/megalinter-reports), fixing #7845.
    • Fix command injection in Roslynator linter (DOTNET_ROSLYNATOR) where a crafted .csproj filename could break out of dotnet restore arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu. (#7857)
    • Fix IndexError when building the single-linter Docker image for a linter whose activation depends on a file (e.g. SPELL_VALE requires .vale.ini): python -m megalinter.run --linterversion now bypasses activation filtering since the per-linter image is built for that linter unconditionally.
    • Fix make bootstrap appearing to hang because exported Make color variables re-evaluated tput during recursive make invocations. (#8090)
    • Allow MegaLinter containers to run in an opt-in non-root mode matching the host UID:GID on POSIX systems, avoiding root-owned generated files on the host (#1975).
    • Restore missing examples in the Dart descriptor that were dropped from the generated documentation (#7913).
  • Reporters

  • Doc

    • Add pnpm installation and usage documentation for JavaScript and TypeScript linters (#8177)
    • Update Docker pull counters in README badges and flavors-stats.json with latest ghcr.io stats
    • Bump peter-evans/create-pull-request to v8 in the documented workflow examples (#8089)

... (truncated)

Changelog

Sourced from oxsecurity/megalinter/flavors/dotnet's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

  • Breaking changes

  • Core

    • Add ENABLE_DISABLE_LINTERS_PRIORITY variable to let DISABLE_LINTERS override ENABLE_LINTERS when a linter is in both lists (e.g. to trim an inherited ENABLE_LINTERS list via EXTENDS), fixes #8296
  • New linters

  • Disabled linters

  • Re-enabled linters

  • Deprecated linters

  • Removed linters

  • Media

  • Linters enhancements

  • Fixes

    • Make remote configuration loading resilient to transient network failures by adding a request timeout and bounded retries with backoff when fetching MEGALINTER_CONFIG and EXTENDS files over HTTP (fixes intermittent config_test failures caused by raw.githubusercontent.com CDN cache lag)
    • Disable TERRAFORM_TERRASCAN (upstream repo archived by Tenable, unmaintained) and SQL_TSQLLINT (no upstream release since 2024-09), as both ship unpatched CVEs with no prospect of a fixed release
    • Fix SARIF_TO_HUMAN producing empty linter logs when the bundled sarif-fmt binary crashes by building it from source on Alpine and falling back to raw SARIF on conversion failure (#8294)
    • Keep the Docker Pulls badge in docs/index.md in sync by having docker_stats.py also update the hardcoded badge total in .automation/build.py
  • Reporters

  • Flavors

  • Doc

  • mega-linter-runner

  • Dev

  • CI

    • Fix per-linter Docker images being published single-arch. The BETA and RELEASE linter workflows split each linter into independent per-platform jobs that all pushed the same tag (:beta, :v9, :vX.Y.Z, :latest), so the last push won and overwrote the other architecture. They now push each platform by digest and a dedicated merge job assembles a proper multi-arch manifest list per linter, restoring linux/amd64 + linux/arm64 support for megalinter-only-* images.

... (truncated)

Commits
  • ef3e84b Release MegaLinter v9.6.0
  • 8b9259b Skill prepare-release (#8245)
  • 5810155 chore(deps): bump pymdown-extensions from 10.21.3 to 11.0 in /.config/python/...
  • aca415c chore(deps): update dependency semver to v7.8.5 (#8198)
  • 2d8b274 Remove max-parallel for linters
  • e9ab3e9 chore(ci): manual run of deploy linters beta job (#8242)
  • a8a6368 Changelog (#8241)
  • 7f363c6 [automation] Auto-update linters version, help and documentation (#8215)
  • bce5232 chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.25 (#8232)
  • 9d98266 chore(deps): update dependency realm/swiftlint to v0.65.0 (#8240)
  • Additional commits viewable in compare view

Updates github/codeql-action/upload-sarif from 4.36.2 to 4.36.3

Release notes

Sourced from github/codeql-action/upload-sarif's releases.

v4.36.3

No user facing changes.

Changelog

Sourced from github/codeql-action/upload-sarif's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.20.6 and earlier. These versions of CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise Server 3.16, and will be unsupported by the next minor release of the CodeQL Action. #3956

4.37.0 - 08 Jul 2026

  • Update default CodeQL bundle version to 2.26.0. #3995
  • In addition to the existing input format, the config-file input for the codeql-action/init step will soon support a new [owner/]repo[@ref][:path] format. All components except the repository name are optional. If omitted, owner defaults to the same owner as the repository the analysis is running for, ref to main, and path to .github/codeql-action.yaml. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. #3973

4.36.3 - 01 Jul 2026

No user facing changes.

4.36.2 - 04 Jun 2026

  • Cache CodeQL CLI version information across Actions steps. #3943
  • Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #3937
  • Update default CodeQL bundle version to 2.25.6. #3948

4.36.1 - 02 Jun 2026

No user facing changes.

4.36.0 - 22 May 2026

  • Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
  • Add support for SHA-256 Git object IDs. #3893
  • Update default CodeQL bundle version to 2.25.5. #3926

4.35.5 - 15 May 2026

  • We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
  • For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
  • If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
  • Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

4.35.4 - 07 May 2026

  • Update default CodeQL bundle version to 2.25.4. #3881

4.35.3 - 01 May 2026

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852

... (truncated)

Commits
  • 54f647b Merge pull request #3984 from github/update-v4.36.3-1f34ec164
  • e78819e Trigger checks
  • 2c9d3d6 Update changelog for v4.36.3
  • 1f34ec1 Merge pull request #3983 from github/mbg/repo-props/ff-for-config-file-prop
  • d5f0145 Log when repository property has a value but is ignored
  • f27f563 Add test for when the FF is off
  • 0025d0f Use FF
  • f7fa18f Add FF for config file repo property
  • 628fc3f Merge pull request #3979 from github/henrymercer/overlay-db-cleanup-size-tele...
  • 9cfb67b Add clarifying comments
  • Additional commits viewable in compare view

Updates crazy-max/ghaction-container-scan from 4.0.0 to 4.1.0

Release notes

Sourced from crazy-max/ghaction-container-scan's releases.

v4.1.0

Full Changelog: crazy-max/ghaction-container-scan@v4.0.0...v4.1.0

Commits
  • ffcba8d Merge pull request #276 from crazy-max/dependabot/npm_and_yarn/undici-6.27.0
  • dc4802f [dependabot skip] chore: update generated content
  • cbe1cb6 build(deps): bump undici from 6.23.0 to 6.27.0
  • da346fc Merge pull request #279 from crazy-max/dependabot/npm_and_yarn/actions/core-3...
  • 37850cf [dependabot skip] chore: update generated content
  • c8b927f build(deps): bump @​actions/core from 3.0.0 to 3.0.1
  • 77e6372 Merge pull request #271 from crazy-max/dependabot/npm_and_yarn/tmp-0.2.6
  • cf8d649 [dependabot skip] chore: update generated content
  • 960bae0 build(deps): bump tmp from 0.2.5 to 0.2.7
  • ddfd12b Merge pull request #226 from crazy-max/dependabot/npm_and_yarn/minimatch-3.1.5
  • Additional commits viewable in compare view

Updates docker/setup-buildx-action from 4.1.0 to 4.2.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.2.0

Full Changelog: docker/setup-buildx-action@v4.1.0...v4.2.0

Commits
  • bb05f3f Merge pull request #580 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 321c814 [dependabot skip] chore: update generated content
  • b9a36ef build(deps): bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • ebeab24 Merge pull request #570 from docker/dependabot/npm_and_yarn/undici-6.27.0
  • 5c7b8ae [dependabot skip] chore: update generated content
  • 037e618 build(deps): bump undici from 6.25.0 to 6.27.0
  • 66080e5 Merge pull request #577 from docker/dependabot/npm_and_yarn/sigstore-4.1.1
  • 409aef0 Merge pull request #562 from docker/dependabot/npm_and_yarn/js-yaml-4.2.0
  • 49c6e42 build(deps): bump sigstore from 4.1.0 to 4.1.1
  • 2211273 [dependabot skip] chore: update generated content
  • Additional commits viewable in compare view

Updates docker/login-action from 4.2.0 to 4.3.0

Release notes

Sourced from docker/login-action's releases.

v4.3.0

Full Changelog: docker/login-action@v4.2.0...v4.3.0

Commits
  • c99871d Merge pull request #1030 from docker/dependabot/npm_and_yarn/aws-sdk-dependen...
  • b433555 [dependabot skip] chore: update generated content
  • 678a46a build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
  • f9a0aea Merge pull request #1031 from docker/dependabot/npm_and_yarn/sigstore-4.1.1
  • cc1e4cb build(deps): bump sigstore from 4.1.0 to 4.1.1
  • 02e1730 Merge pull request #1029 from docker/dependabot/npm_and_yarn/sigstore/verify-...
  • b548518 build(deps): bump @​sigstore/verify from 3.1.0 to 3.1.1
  • a244be3 Merge pull request #1027 from docker/dependabot/npm_and_yarn/docker/actions-t...
  • ee0d698 [dependabot skip] chore: update generated content
  • 127dc2c build(deps): bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • Additional commits viewable in compare view

Updates docker/metadata-action from 6.1.0 to 6.2.0

Release notes

Sourced from docker/metadata-action's releases.

v6.2.0

Full Changelog: docker/metadata-action@v6.1.0...v6.2.0

Commits
  • dc80280 Merge pull request #696 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 2b9fe83 [dependabot skip] chore: update generated content
  • 8128ce3 chore(deps): Bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • 1d1c895 Merge pull request #695 from docker/dependabot/npm_and_yarn/semver-7.8.5
  • 7f0c2dd Merge pull request #694 from docker/dependabot/npm_and_yarn/sigstore-4.1.1
  • 025f8c5 [dependabot skip] chore: update generated content
  • e98d63c chore(deps): Bump semver from 7.8.1 to 7.8.5
  • 37d9379 chore(deps): Bump sigstore from 4.1.0 to 4.1.1
  • a1b8072 Merge pull request #690 from docker/dependabot/npm_and_yarn/sigstore/core-3.2.1
  • e0e3381 [dependabot skip] chore: update generated content
  • Additional commits viewable in compare view

Updates docker/build-push-action from 7.2.0 to 7.3.0

Release notes

Sourced from docker/build-push-action's releases.

v7.3.0

Full Changelog: docker/build-push-action@v7.2.0...v7.3.0

Commits
  • 53b7df9 Merge pull request #1572 from docker/dependabot/npm_and_yarn/docker/actions-t...
  • 154298c [dependabot skip] chore: update generated content
  • cb1238b chore(deps): Bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • 24f845d Merge pull request #1566 from docker/dependabot/npm_and_yarn/js-yaml-4.2.0
  • 9c69730 [dependabot skip] chore: update generated content
  • bc3a3a5 Merge pull request #1574 from docker/dependabot/github_actions/aws-actions/co...
  • a82c504 chore(deps): Bump js-yaml from 4.1.1 to 4.3.0
  • 0285a75 Merge pull request #1573 from docker/dependabot/github_actions/actions/cache-...
  • c6ad2a3 Merge pull request #1575 from docker/dependabot/github_actions/actions/checko...
  • d37484f Merge pull request #1564 from docker/dependabot/npm_and_yarn/undici-6.27.0
  • Additional commits viewable in compare view

Updates philips-software/amp-devcontainer/.github/actions/container-size-diff from 7.2.0 to 7.2.1

Release notes

Sourced from philips-software/amp-devcontainer/.github/actions/container-size-diff's releases.

v7.2.1

7.2.1 (2026-07-01)

📋 Summary

🔖 Packages

Container Full identifier
amp-devcontainer-base ghcr.io/philips-software/amp-devcontainer-base:v7.2.1@sha256:003b7f431359accb5438279777e1bcfde818bb881ff604fb4cd4d333525262d9
amp-devcontainer-cpp ghcr.io/philips-software/amp-devcontainer-cpp:v7.2.1@sha256:4d171db10d16f3f8ea17e694f8acce758cd3e5505fffbb62d1dc472afc1604d9
amp-devcontainer-rust ghcr.io/philips-software/amp-devcontainer-rust:v7.2.1@sha256:0c9d47f3bd5bd15f20d4097df2b7d327a876cad424bab1b0cdee5d6845545f07

Chores

  • deps, base: Update ca-certificates (#1312) (2884399)
  • deps, cpp: Update github.vscode-github-actions, github.vscode-pull-request-github in devcontainer.json (#1306) (0094359)
  • deps, cpp: Update github.vscode-github-actions, github.vscode-pull-request-github, sonarsource.sonarlint-vscode in devcontainer.json (#1325) (649e99c)
  • deps, cpp: Update sonarsource.sonarlint-vscode in devcontainer-metadata.json (#1292) (1d330ae)
  • deps, cpp: Update sonarsource.sonarlint-vscode in devcontainer-metadata.json (#1322) (5a66c0f)
  • deps, cpp: Update sonarsource.sonarlint-vscode in devcontainer.json (#1291) (a70d23a)
  • deps, rust: Update github.vscode-github-actions, github.vscode-pull-request-github, rust-lang.rust-analyzer in devcontainer.json (#1305) (c304898)
  • deps, rust: Update github.vscode-github-actions, github.vscode-pull-request-github, rust-lang.rust-analyzer, sonarsource.sonarlint-vscode in devcontainer.json (#1324) (98f6527)
  • deps, rust: Update rust-lang.rust-analyzer in devcontainer-metadata.json (#1290) (bddcaec)
  • deps, rust: Update rust-lang.rust-analyzer in devcontainer-metadata.json (#1300) (749e9a9)
  • deps, rust: Update rust-lang.rust-analyzer in devcontainer-metadata.json (#1307) (9424592)
  • deps, rust: Update rust-lang.rust-analyzer in devcontainer-metadata.json (#1323) (fdad01f)
  • deps, rust: Update rust-lang.rust-analyzer in devcontainer.json (#1301) (89b7ebf)
  • deps, rust: Update rust-lang.rust-analyzer, sonarsource.sonarlint-vscode in devcontainer.json (#1293) (6c60544)
Changelog

Sourced from philips-software/amp-devcontainer/.github/actions/container-size-diff's changelog.

CHANGELOG

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

7.2.1 (2026-07-01)

Chores

  • deps, base: Update ca-certificates (#1312) (2884399)
  • deps, cpp: Update github.vscode-github-actions, github.vscode-pull-request-github in devcontainer.json (#1306) (0094359)
  • deps, cpp: Update github.vscode-github-actions, github.vscode-pull-request-github, sonarsource.sonarlint-vscode in devcontainer.json (#1325) (649e99c)
  • deps, cpp: Update sonarsource.sonarlint-vscode in devcontainer-metadata.json (#1292) (1d330ae)
  • deps, cpp: Update sonarsource.sonarlint-vscode in devcontainer-metadata.json (#1322) (5a66c0f)
  • deps, cpp: Update sonarsource.sonarlint-vscode in devcontainer.json (#1291) (a70d23a)
  • deps, rust: Update github.vscode-github-actions, github.vscode-pull-request-github, rust-lang.rust-analyzer in devcontainer.json (#1305) (c304898)
  • deps, rust: Update github.vscode-github-actions, github.vscode-pull-request-github, rust-lang.rust-analyzer, sonarsource.sonarlint-vscode in devcontainer.json (#1324) (98f6527)
  • deps, rust: Update rust-lang.rust-analyzer in devcontainer-metadata.json (#1290) (bddcaec)
  • deps, rust: Update rust-lang.rust-analyzer in devcontainer-metadata.json (#1300) (749e9a9)
  • deps, rust: Update rust-lang.rust-analyzer in devcontainer-metadata.json (#1307) (9424592)
  • deps, rust: Update rust-lang.rust-analyzer in devcontainer-metadata.json (#1323) (fdad01f)
  • deps, rust: Update rust-lang.rust-analyzer in devcontainer.json (#1301) (89b7ebf)
  • deps, rust: Update rust-lang.rust-analyzer, sonarsource.sonarlint-vscode in devcontainer.json (#1293) (6c60544)

7.2.0 (2026-06-02)

Features

7.1.0 (2026-06-02)

Features

7.0.0 (2026-05-28)

⚠ BREAKING CHANGES

  • Switch base container to Ubuntu 26.04 (Description has been truncated

Bumps the github-actions group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [oxsecurity/megalinter/flavors/dotnet](https://github.com/oxsecurity/megalinter) | `9.5.0` | `9.6.0` |
| [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `4.36.2` | `4.36.3` |
| [crazy-max/ghaction-container-scan](https://github.com/crazy-max/ghaction-container-scan) | `4.0.0` | `4.1.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.1.0` | `4.2.0` |
| [docker/login-action](https://github.com/docker/login-action) | `4.2.0` | `4.3.0` |
| [docker/metadata-action](https://github.com/docker/metadata-action) | `6.1.0` | `6.2.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.2.0` | `7.3.0` |
| [philips-software/amp-devcontainer/.github/actions/container-size-diff](https://github.com/philips-software/amp-devcontainer) | `7.2.0` | `7.2.1` |


Updates `oxsecurity/megalinter/flavors/dotnet` from 9.5.0 to 9.6.0
- [Release notes](https://github.com/oxsecurity/megalinter/releases)
- [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md)
- [Commits](oxsecurity/megalinter@0e3ce9b...ef3e84b)

Updates `github/codeql-action/upload-sarif` from 4.36.2 to 4.36.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@8aad20d...54f647b)

Updates `crazy-max/ghaction-container-scan` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/crazy-max/ghaction-container-scan/releases)
- [Commits](crazy-max/ghaction-container-scan@a0a3900...ffcba8d)

Updates `docker/setup-buildx-action` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@d7f5e7f...bb05f3f)

Updates `docker/login-action` from 4.2.0 to 4.3.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@650006c...c99871d)

Updates `docker/metadata-action` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](docker/metadata-action@80c7e94...dc80280)

Updates `docker/build-push-action` from 7.2.0 to 7.3.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@f9f3042...53b7df9)

Updates `philips-software/amp-devcontainer/.github/actions/container-size-diff` from 7.2.0 to 7.2.1
- [Release notes](https://github.com/philips-software/amp-devcontainer/releases)
- [Changelog](https://github.com/philips-software/amp-devcontainer/blob/main/CHANGELOG.md)
- [Commits](2c92278...6ade42b)

---
updated-dependencies:
- dependency-name: oxsecurity/megalinter/flavors/dotnet
  dependency-version: 9.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action/upload-sarif
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: crazy-max/ghaction-container-scan
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/login-action
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/metadata-action
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/build-push-action
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: philips-software/amp-devcontainer/.github/actions/container-size-diff
  dependency-version: 7.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 9, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 9, 2026 16:44
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 9, 2026
@sonarqubecloud

sonarqubecloud Bot commented Jul 9, 2026

Copy link
Copy Markdown

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-base:edgeghcr.io/philips-software/amp-devcontainer-base:pr-1345

📈 Size Comparison Table

OS/Platform Previous Current Change Trend
linux/amd64 71.79 MB 71.79 MB 348 B (0%) 🔽
linux/arm64 70.09 MB 70.09 MB +400 B (+0%) 🔼

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

⚠️MegaLinter analysis: Success with warnings

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 23 0 0 0.36s
✅ DOCKERFILE hadolint 4 0 0 0.44s
✅ JSON npm-package-json-lint yes no no 0.73s
✅ JSON prettier 32 6 0 0 0.85s
✅ JSON v8r 32 0 0 14.24s
⚠️ MARKDOWN markdownlint 13 0 1 0 1.28s
✅ MARKDOWN markdown-table-formatter 13 0 0 0 0.34s
✅ REPOSITORY betterleaks yes no no 1.58s
✅ REPOSITORY checkov yes no no 31.63s
✅ REPOSITORY gitleaks yes no no 1.23s
✅ REPOSITORY git_diff yes no no 0.02s
✅ REPOSITORY grype yes no no 60.37s
⚠️ REPOSITORY osv-scanner yes 1 no 1.24s
✅ REPOSITORY secretlint yes no no 2.56s
✅ REPOSITORY syft yes no no 2.89s
✅ REPOSITORY trivy yes no no 14.84s
✅ REPOSITORY trivy-sbom yes no no 0.37s
✅ REPOSITORY trufflehog yes no no 4.24s
⚠️ SPELL lychee 100 2 0 11.99s
✅ YAML prettier 32 0 0 0 1.27s
✅ YAML v8r 32 0 0 13.45s
✅ YAML yamllint 32 0 0 1.85s

Detailed Issues

⚠️ SPELL / lychee - 2 errors
📝 Summary
---------------------
🔍 Total..........147
🔗 Unique.........123
✅ Successful.....140
⏳ Timeouts.........0
🔀 Redirected......18
👻 Excluded.........0
❓ Unknown..........0
🚫 Errors...........2
⛔ Unsupported......2

Errors in .github/CODE_OF_CONDUCT.md
[ERROR] https://www.contributor-covenant.org/ (at 76:42) | Network error: Connection reset by peer (os error 104)

Errors in .github/TOOL_VERSION_ISSUE_TEMPLATE.md
[403] https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads (at 38:7) | Rejected status code: 403 Forbidden

Hint: Followed 18 redirects. You might want to consider replacing redirecting URLs with the resolved URLs. Use verbose mode (`-v`/`-vv`) to see redirection details.
Hint: You can configure accepted/rejected response codes with `-a` or `--accept`
⚠️ MARKDOWN / markdownlint - 1 error
docs/adr/0000-record-architecture-decisions.md:30:401 error MD013/line-length Line length [Expected: 400; Actual: 520]
⚠️ REPOSITORY / osv-scanner - 1 error
Scanning dir .
Starting filesystem walk for root: /
Scanned .devcontainer/docs/requirements.txt file and found 14 packages
Scanned .devcontainer/cpp/requirements.txt file and found 20 packages
Scanned package-lock.json file and found 73 packages
Scanned test/rust/workspace/cargo/Cargo.lock file and found 1 package
Scanned test/rust/workspace/test/Cargo.lock file and found 1 package
Scanned test/rust/workspace/cortex-m/Cargo.lock file and found 20 packages
Scanned test/rust/workspace/clippy/Cargo.lock file and found 1 package
Scanned test/rust/workspace/cortex-mf/Cargo.lock file and found 20 packages
End status: 98 dirs visited, 317 inodes visited, 8 Extract calls, 40.640338ms elapsed, 40.640901ms wall time

Total 2 packages affected by 2 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 2 Unknown) from 1 ecosystem.
0 vulnerabilities can be fixed.

+-----------------------------------+------+-----------+------------+---------+---------------+------------------------------------------+
| OSV URL                           | CVSS | ECOSYSTEM | PACKAGE    | VERSION | FIXED VERSION | SOURCE                                   |
+-----------------------------------+------+-----------+------------+---------+---------------+------------------------------------------+
| https://osv.dev/RUSTSEC-2026-0110 |      | crates.io | bare-metal | 0.2.5   | --            | test/rust/workspace/cortex-m/Cargo.lock  |
| https://osv.dev/RUSTSEC-2026-0110 |      | crates.io | bare-metal | 0.2.5   | --            | test/rust/workspace/cortex-mf/Cargo.lock |
+-----------------------------------+------+-----------+------------+---------+---------------+------------------------------------------+

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

You could have the same capabilities but better runtime performances if you use a MegaLinter flavor:

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

  • Documentation: Custom Flavors
  • Command: npx mega-linter-runner@9.6.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,DOCKERFILE_HADOLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_BETTERLEAKS,REPOSITORY_GRYPE,REPOSITORY_OSV_SCANNER,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-docs:edgeghcr.io/philips-software/amp-devcontainer-docs:pr-1345

📈 Size Comparison Table

OS/Platform Previous Current Change Trend
linux/amd64 196.54 MB 196.54 MB +199 B (+0%) 🔼
linux/arm64 192.98 MB 192.98 MB +21 B (+0%) 🔼

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-rust:edgeghcr.io/philips-software/amp-devcontainer-rust:pr-1345

📈 Size Comparison Table

OS/Platform Previous Current Change Trend
linux/amd64 468.61 MB 468.61 MB +292 B (+0%) 🔼
linux/arm64 419.8 MB 419.8 MB +386 B (+0%) 🔼

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-cpp:edgeghcr.io/philips-software/amp-devcontainer-cpp:pr-1345

📈 Size Comparison Table

OS/Platform Previous Current Change Trend
linux/amd64 371.94 MB 371.94 MB +0 B (+0%) 🔄
linux/arm64 352.19 MB 352.2 MB +937 B (+0%) 🔼

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-embedded-cpp:edgeghcr.io/philips-software/amp-devcontainer-embedded-cpp:pr-1345

📈 Size Comparison Table

OS/Platform Previous Current Change Trend
linux/amd64 560.32 MB 560.32 MB +447 B (+0%) 🔼
linux/arm64 538.93 MB 538.93 MB 328 B (0%) 🔽

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Test Results

 20 files  + 16   20 suites  +16   16m 49s ⏱️ + 16m 49s
 39 tests + 38   39 ✅ + 38  0 💤 ±0  0 ❌ ±0 
168 runs  +164  168 ✅ +164  0 💤 ±0  0 ❌ ±0 

Results for commit bd8f633. ± Comparison against base commit 8731e2a.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant