chore(deps): bump the github-actions group across 1 directory with 7 updates by dependabot[bot] · Pull Request #122 · egohygiene/ubi

dependabot · 2026-01-26T10:08:35Z

Bumps the github-actions group with 7 updates in the / directory:

Package	From	To
actions/setup-node	`4`	`6`
actions/setup-python	`5`	`6`
actions/cache	`4`	`5`
sigstore/cosign-installer	`3.7.0`	`4.0.0`
oxsecurity/megalinter	`9.2.0`	`9.3.0`
lewagon/wait-on-check-action	`1.4.1`	`1.5.0`
dawidd6/action-download-artifact	`11`	`12`

Updates actions/setup-node from 4 to 6

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Limit automatic caching to npm, update workflows and documentation by @priyagupta108 in actions/setup-node#1374

Dependency Upgrades

Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by @dependabot[bot] in #1336

Upgrade prettier from 2.8.8 to 3.6.2 by @dependabot[bot] in #1334

Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot[bot] in #1362

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

Enhance caching in setup-node with automatic package manager detection by @priya-kinthali in actions/setup-node#1348

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false
steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false
Upgrade action to use node24 by @salmanmkc in actions/setup-node#1325

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

Upgrade @octokit/request-error and @actions/github by @dependabot[bot] in actions/setup-node#1227

Upgrade uuid from 9.0.1 to 11.1.0 by @dependabot[bot] in actions/setup-node#1273

Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/setup-node#1295

Upgrade form-data to bring in fix for critical vulnerability by @gowridurgad in actions/setup-node#1332

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-node#1345

New Contributors

@priya-kinthali made their first contribution in actions/setup-node#1348

@salmanmkc made their first contribution in actions/setup-node#1325

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

... (truncated)

Commits

6044e13 Docs: bump actions/checkout from v5 to v6 (#1468)
8e49463 Fix README typo (#1226)
621ac41 README.md: bump to latest released checkout version v6 (#1446)
2951748 Bump @actions/cache to v5.0.1 (#1449)
21ddc7b Correct mirror option typos (#1442)
65d868f Update Documentation for Lockfile (#1454)
395ad32 Bump js-yaml from 3.14.1 to 3.14.2 (#1435)
a4d2e2b Bump actions/checkout from 5 to 6 (#1439)
b9b25d4 Remove always-auth configuration handling from action (#1436)
633bb92 Bump @actions/cache from 4.0.3 to 4.1.0 (#1384)
Additional commits viewable in compare view

Updates actions/setup-python from 5 to 6

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Add support for pip-version by @priyagupta108 in actions/setup-python#1129

Enhance reading from .python-version by @krystof-k in actions/setup-python#787

Add version parsing from Pipfile by @aradkdj in actions/setup-python#1067

Bug fixes:

Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @aparnajyothi-y in actions/setup-python#1183

Change missing cache directory error to warning by @aparnajyothi-y in actions/setup-python#1182

Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @aparnajyothi-y in actions/setup-python#1122

Include python version in PyPy python-version output by @cdce8p in actions/setup-python#1110

Update docs: clarification on pip authentication with setup-python by @priya-kinthali in actions/setup-python#1156

Dependency updates:

Upgrade idna from 2.9 to 3.7 in /tests/data by @dependabot[bot] in actions/setup-python#843

Upgrade form-data to fix critical vulnerabilities #182 & #183 by @aparnajyothi-y in actions/setup-python#1163

Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @aparnajyothi-y in actions/setup-python#1165

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-python#1181

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-python#1095

New Contributors

@krystof-k made their first contribution in actions/setup-python#787

@cdce8p made their first contribution in actions/setup-python#1110

@aradkdj made their first contribution in actions/setup-python#1067

Full Changelog: actions/setup-python@v5...v6.0.0

v5.6.0

What's Changed

Workflow updates related to Ubuntu 20.04 by @aparnajyothi-y in actions/setup-python#1065

Fix for Candidate Not Iterable Error by @aparnajyothi-y in actions/setup-python#1082

Upgrade semver and @types/semver by @dependabot in actions/setup-python#1091

Upgrade prettier from 2.8.8 to 3.5.3 by @dependabot in actions/setup-python#1046

Upgrade ts-jest from 29.1.2 to 29.3.2 by @dependabot in actions/setup-python#1081

Full Changelog: actions/setup-python@v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

Support free threaded Python versions like '3.13t' by @colesbury in actions/setup-python#973

Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade @action/cache from 4.0.0 to 4.0.3 by @priya-kinthali in actions/setup-python#1056

Add support for .tool-versions file in setup-python by @mahabaleshwars in actions/setup-python#1043

Bug fixes:

Fix architecture for pypy on Linux ARM64 by @mayeut in actions/setup-python#1011 This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.

... (truncated)

Commits

a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
bfe8cc5 Upgrade @actions dependencies to Node 24 compatible versions (#1259)
4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
83679a8 Bump @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...
bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...
cfd55ca graalpy: add graalpy early-access and windows builds (#880)
bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-releas...
Additional commits viewable in compare view

Updates actions/cache from 4 to 5

Release notes

Sourced from actions/cache's releases.

v5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

What's Changed

Upgrade to use node24 by @salmanmkc in actions/cache#1630

Prepare v5.0.0 release by @salmanmkc in actions/cache#1684

Full Changelog: actions/cache@v4.3.0...v5.0.0

v4.3.0

What's Changed

Add note on runner versions by @GhadimiR in actions/cache#1642

Prepare v4.3.0 release by @Link- in actions/cache#1655

New Contributors

@GhadimiR made their first contribution in actions/cache#1642

Full Changelog: actions/cache@v4...v4.3.0

v4.2.4

What's Changed

Update README.md by @nebuk89 in actions/cache#1620

Upgrade @actions/cache to 4.0.5 and move @protobuf-ts/plugin to dev depdencies by @Link- in actions/cache#1634

Prepare release 4.2.4 by @Link- in actions/cache#1636

New Contributors

@nebuk89 made their first contribution in actions/cache#1620

Full Changelog: actions/cache@v4...v4.2.4

v4.2.3

What's Changed

Update to use @actions/cache 4.0.3 package & prepare for new release by @salmanmkc in actions/cache#1577 (SAS tokens for cache entries are now masked in debug logs)

New Contributors

@salmanmkc made their first contribution in actions/cache#1577

Full Changelog: actions/cache@v4.2.2...v4.2.3

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

Changelog

5.0.2

Bump @actions/cache to v5.0.3 #1692

5.0.1

Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

4.3.0

Bump @actions/cache to v4.1.0

4.2.4

Bump @actions/cache to v4.0.5

4.2.3

Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

Bump @actions/cache to v4.0.2

4.2.1

Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

... (truncated)

Commits

8b402f5 Merge pull request #1692 from GhadimiR/main
304ab5a license for httpclient
609fc19 Update licensed record for cache
b22231e Build
93150cd Add PR link to releases
9b8ca9f Bump actions/cache to 5.0.3
9255dc7 Merge pull request #1686 from actions/cache-v5.0.1-release
8ff5423 chore: release v5.0.1
9233019 Merge pull request #1685 from salmanmkc/node24-storage-blob-fix
b975f2b fix: add peer property to package-lock.json for dependencies
Additional commits viewable in compare view

Updates sigstore/cosign-installer from 3.7.0 to 4.0.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.0.0

What's Changed?

Note: You must upgrade to cosign-installer v4 if you want to install Cosign v3+. You may still install Cosign v2.x with cosign-installer v4.

In version v3+, using cosign sign-blob requires adding the --bundle flag which may require you to update your signing command.

Add support for Cosign v3 releases (#201)

v3.10.1

What's Changed?

Note: cosign-installer v3.x cannot be used to install Cosign v3.x. You must upgrade to cosign-installer v4 in order to use Cosign v3.

Note: This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to Cosign v3.

Bump default Cosign to v2.6.1 (#203)

v3.10.0

What's Changed

Bump default Cosign to v2.6.0 in sigstore/cosign-installer#200

Full Changelog: sigstore/cosign-installer@v3.9.2...v3.10.0

v3.9.2

What's Changed

not fail fast and setup permissions in sigstore/cosign-installer#195

drop old unsupported versions <v2.0.0 in sigstore/cosign-installer#192

Update default to v2.5.3 in sigstore/cosign-installer#196

Full Changelog: sigstore/cosign-installer@v3.9.1...v3.9.2

v3.9.1

What's Changed

default action install to use release v2.5.1 by @cpanato in sigstore/cosign-installer#193

default cosign to v2.5.2 by @cpanato in sigstore/cosign-installer#194

Full Changelog: sigstore/cosign-installer@v3.9.0...v3.9.1

v3.9.0

What's Changed

Bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot in sigstore/cosign-installer#189

bump cosign install to use release v2.5.0 as default by @cpanato in sigstore/cosign-installer#191

Full Changelog: sigstore/cosign-installer@v3...v3.9.0

v3.8.2

... (truncated)

Commits

faadad0 add support for cosign v3 releases (#201)
d7543c9 Bump default Cosign to v2.6.0 (#200)
920f20f Bump actions/setup-go from 5.5.0 to 6.0.0 (#199)
bb9dfc1 Bump actions/github-script from 7.0.1 to 8.0.0 (#198)
074636b Bump actions/checkout from 4.2.2 to 5.0.0 (#197)
d58896d Update default to v2.5.3 (#196)
e40248c drop old unsupported versions <v2.0.0 (#192)
d9374b9 not fail fast and setup permissions (#195)
398d4b0 default cosign to v2.5.2 (#194)
84f54a2 default action install to use release v2.5.1 (#193)
Additional commits viewable in compare view

Updates oxsecurity/megalinter from 9.2.0 to 9.3.0

Release notes

Sourced from oxsecurity/megalinter's releases.

v9.3.0

What's Changed

Core

Add enum name support in MegaLinter config Json schema for better autocompletion in editors

Update base image to python:3.13-alpine3.23

New linters

Add codespell

Add kingfisher by @bdovaz

Add rumdl by @bdovaz

Linters enhancements

Change checkmake Docker image reference by @bdovaz

Reporters

Handle multiple MegaLinter runs on the same repo using custom value sent in variable MEGALINTER_MULTIRUN_KEY

Allow to override url to CI build in Git based reporters using REPORTERS_ACTION_RUN_URL variable

Fix sections display in Gitlab console logs

Doc

Classify all JSON schema config variables by category and section

CI

Free disk space on GitHub actions runner when releasing a new flavor

Add missing Dockerfile patterns to Renovate Dockerfile manager

Remove gitpod custom image, workflow, and makefile targets

Linter versions upgrades (54)

actionlint from 1.7.9 to 1.7.10

ansible-lint from 25.11.1 to 25.12.2

bash-exec from 5.2.37 to 5.3.3

black from 25.11.0 to 25.12.0

cfn-lint from 1.41.0 to 1.43.1

checkov from 3.2.495 to 3.2.497

clang-format from 20.1.8 to 21.1.2

clippy from 0.1.91 to 0.1.92

clj-kondo from 2025.10.23 to 2025.12.23

code-analyzer-apex from 5.6.1 to 5.7.1

code-analyzer-aura from 5.6.1 to 5.7.1

code-analyzer-lwc from 5.6.1 to 5.7.1

cppcheck from 2.14.2 to 2.18.3

csharpier from 1.2.1 to 1.2.5

cspell from 9.3.2 to 9.4.0

dartanalyzer from 3.8.3 to 3.10.7

dotnet-format from 9.0.111 to 9.0.112

git_diff from 2.49.1 to 2.52.0

golangci-lint from 2.6.2 to 2.7.2

grype from 0.104.1 to 0.104.3

helm from 3.18.4 to 3.19.0

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

[v9.3.0] - 2026-01-04

Core

Add enum name support in MegaLinter config Json schema for better autocompletion in editors

Update base image to python:3.13-alpine3.23

New linters

Add codespell

Add kingfisher by @bdovaz

Add rumdl by @bdovaz

Linters enhancements

Change checkmake Docker image reference by @bdovaz

Reporters

Handle multiple MegaLinter runs on the same repo using custom value sent in variable MEGALINTER_MULTIRUN_KEY

Allow to override url to CI build in Git based reporters using REPORTERS_ACTION_RUN_URL variable

Fix sections display in Gitlab console logs

Doc

Classify all JSON schema config variables by category and section

CI

Free disk space on GitHub actions runner when releasing a new flavor

Add missing Dockerfile patterns to Renovate Dockerfile manager

Remove gitpod custom image, workflow, and makefile targets

Linter versions upgrades (54)

actionlint from 1.7.9 to 1.7.10

ansible-lint from 25.11.1 to 25.12.2

bash-exec from 5.2.37 to 5.3.3

black from 25.11.0 to 25.12.0

cfn-lint from 1.41.0 to 1.43.1

checkov from 3.2.495 to 3.2.497

clang-format from 20.1.8 to 21.1.2

clippy from 0.1.91 to 0.1.92

clj-kondo from 2025.10.23 to 2025.12.23

code-analyzer-apex from 5.6.1 to 5.7.1

code-analyzer-aura from 5.6.1 to 5.7.1

code-analyzer-lwc from 5.6.1 to 5.7.1

cppcheck from 2.14.2 to 2.18.3

csharpier from 1.2.1 to 1.2.5

cspell from 9.3.2 to 9.4.0

dartanalyzer from 3.8.3 to 3.10.7

dotnet-format from 9.0.111 to 9.0.112

git_diff from 2.49.1 to 2.52.0

golangci-lint from 2.6.2 to 2.7.2

grype from 0.104.1 to 0.104.3

helm from 3.18.4 to 3.19.0

htmlhint from 1.7.1 to 1.8.0

... (truncated)

Commits

42bb470 Release MegaLinter v9.3.0
fe74938 changelog
edb083a [automation] Auto-update linters version, help and documentation (#6889)
824240c JSON Schema fix (#6888)
9af8d5b chore(deps): update dependency npm-package-json-lint to v9.1.0 (#6883)
781c95c [automation] Auto-update linters version, help and documentation (#6885)
101b802 JSON Schema (#6887)
3ab7a93 chore(deps): update dependency friendsofphp/php-cs-fixer to v3.92.4 (#6886)
12f7c03 chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.9.21 (#6882)
91a9dfb chore(deps): update dependency sfdx-hardis to v6.20.0 (#6884)
Additional commits viewable in compare view

Updates lewagon/wait-on-check-action from 1.4.1 to 1.5.0

Release notes

Sourced from lewagon/wait-on-check-action's releases.

v1.5.0

Added

Add fail-on-no-checks option (#133)

Fixed

Bump rexml to 3.4.2 (#128)

Changelog

Sourced from lewagon/wait-on-check-action's changelog.

v1.5.0 - 2026-01-25

Added

Add fail-on-no-checks option

Fixed

Bump rexml to 3.4.2

Commits

7404930 Bump version: 1.4.1 → 1.5.0
5e768e6 Add v1.5.0 changelog notes (#134)
5be5947 Add fail-on-no-checks (#133)
b8d9e2b docs: modernize README (#132)
8d48c65 Rename github actions files to .yaml
b94e629 Bump rexml from 3.3.9 to 3.4.2 (#128)
See full diff in compare view

Updates dawidd6/action-download-artifact from 11 to 12

Release notes

Sourced from dawidd6/action-download-artifact's releases.

v12

What's Changed

add missing merge_multiple docs by @timostroehlein in dawidd6/action-download-artifact#331

build(deps): bump actions/upload-artifact from 4 to 6 by @dependabot[bot] in dawidd6/action-download-artifact#333

build(deps): bump actions/checkout from 4 to 6 by @dependabot[bot] in dawidd6/action-download-artifact#332

build(deps): bump filesize from 9.0.11 to 11.0.13 by @dependabot[bot] in dawidd6/action-download-artifact#334

build(deps): bump @actions/core from 1.11.1 to 2.0.1 by @dependabot[bot] in dawidd6/action-download-artifact#336

build(deps): bump @actions/artifact from 2.3.2 to 5.0.1 by @dependabot[bot] in dawidd6/action-download-artifact#335

build(deps): bump glob from 10.4.5 to 10.5.0 by @dependabot[bot] in dawidd6/action-download-artifact#338

node_modules: update by @dawidd6 in dawidd6/action-download-artifact#343

build(deps): bump peter-evans/create-pull-request from 7 to 8 by @dependabot[bot] in dawidd6/action-download-artifact#344

node_modules: update by @dawidd6 in dawidd6/action-download-artifact#347

Full Changelog: dawidd6/action-download-artifact@v11...v12

Commits

0bd50d5 node_modules: update (#347)
c530ff8 Update commit and ref to use pull request SHA
a275236 Update dependencies in package.json
74a19a2 Downgrade @actions/core dependency version
d3cbd7e Change npm command from ci to install
18697ba Update @actions/artifact version in package.json
e369143 build(deps): bump peter-evans/create-pull-request from 7 to 8 (#344)
7157953 Rename update workflow to npm-updates
c648dad node_modules: update (#343)
7b0cd8f Change concurrency group from 'test' to 'upload'
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…updates Bumps the github-actions group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [actions/cache](https://github.com/actions/cache) | `4` | `5` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.7.0` | `4.0.0` | | [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.2.0` | `9.3.0` | | [lewagon/wait-on-check-action](https://github.com/lewagon/wait-on-check-action) | `1.4.1` | `1.5.0` | | [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) | `11` | `12` | Updates `actions/setup-node` from 4 to 6 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v4...v6) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v4...v5) Updates `sigstore/cosign-installer` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@v3.7.0...v4.0.0) Updates `oxsecurity/megalinter` from 9.2.0 to 9.3.0 - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](oxsecurity/megalinter@v9.2.0...v9.3.0) Updates `lewagon/wait-on-check-action` from 1.4.1 to 1.5.0 - [Release notes](https://github.com/lewagon/wait-on-check-action/releases) - [Changelog](https://github.com/lewagon/wait-on-check-action/blob/master/CHANGELOG.md) - [Commits](lewagon/wait-on-check-action@v1.4.1...v1.5.0) Updates `dawidd6/action-download-artifact` from 11 to 12 - [Release notes](https://github.com/dawidd6/action-download-artifact/releases) - [Commits](dawidd6/action-download-artifact@v11...v12) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: oxsecurity/megalinter dependency-version: 9.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: lewagon/wait-on-check-action dependency-version: 1.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: dawidd6/action-download-artifact dependency-version: '12' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-01-26T10:08:36Z

Labels

The following labels could not be found: automation, dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

github-actions · 2026-01-26T10:16:46Z

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Errors	Warnings	Elapsed time
❌ ACTION	actionlint	19	16	0	1.41s
❌ ANSIBLE	ansible-lint	yes	214	no	14.95s
✅ BASH	bash-exec	18	0	0	0.08s
❌ BASH	shellcheck	18	9	0	0.93s
❌ BASH	shfmt	18	15	0	0.08s
✅ CLOJURE	cljstyle	1	0	0	0.02s
❌ CLOJURE	clj-kondo	1	1	0	0.02s
❌ CLOUDFORMATION	cfn-lint	1	1	0	9.02s
❌ COPYPASTE	jscpd	yes	58	no	5.89s
❌ DOCKERFILE	hadolint	5	5	0	1.86s
❌ EDITORCONFIG	editorconfig-checker	279	279	0	3.61s
❌ JAVASCRIPT	eslint	4	4	0	2.03s
❌ JAVASCRIPT	prettier	4	4	0	1.17s
❌ JSON	jsonlint	32	2	0	5.84s
❌ JSON	npm-package-json-lint	yes	1	no	0.42s
❌ JSON	prettier	32	32	0	8.15s
❌ JSON	v8r	32	1	0	63.07s
❌ MARKDOWN	markdownlint	43	429	0	26.97s
❌ MARKDOWN	markdown-table-formatter	43	12	0	10.64s
❌ POWERSHELL	powershell	3	3	0	2.91s
❌ POWERSHELL	powershell_formatter	3	3	0	2.67s
✅ PYTHON	bandit	5	0	0	2.94s
❌ PYTHON	flake8	5	5	0	1.48s
✅ PYTHON	isort	5	0	0	1.09s
❌ PYTHON	mypy	5	11	0	5.99s
❌ PYTHON	pylint	5	11	0	10.38s
✅ PYTHON	pyright	5	0	0	8.95s
❌ PYTHON	ruff	5	26	0	0.44s
✅ PYTHON	ruff-format	5	0	0	0.06s
❌ REPOSITORY	checkov	yes	12	no	22.47s
✅ REPOSITORY	dustilock	yes	no	no	0.31s
❌ REPOSITORY	gitleaks	yes	1	no	0.02s
✅ REPOSITORY	git_diff	yes	no	no	0.02s
❌ REPOSITORY	grype	yes	2	no	58.49s
❌ REPOSITORY	kics	yes	92	no	47.93s
✅ REPOSITORY	kingfisher	yes	no	no	5.78s
❌ REPOSITORY	secretlint	yes	1	no	1.98s
❌ REPOSITORY	syft	yes	1	no	0.06s
❌ REPOSITORY	trivy	yes	1	no	10.7s
✅ REPOSITORY	trivy-sbom	yes	no	no	5.59s
❌ REPOSITORY	trufflehog	yes	1	no	4.68s
❌ SPELL	cspell	279	279	0	296.98s
❌ SPELL	lychee	173	173	0	45.77s
❌ SPELL	proselint	44	92	0	105.87s
❌ SPELL	vale	43	15	434	25.18s
❌ TERRAFORM	terragrunt	1	1	0	0.07s
✅ XML	xmllint	5	0	0	0.28s
❌ YAML	prettier	97	97	0	20.78s
❌ YAML	v8r	97	5	0	168.05s
❌ YAML	yamllint	97	185	0	16.09s

Detailed Issues

❌ ACTION / actionlint - 16 errors

Results of actionlint linter (version 1.7.10)
See documentation on https://megalinter.io/9.3.0/descriptors/action_actionlint/
-----------------------------------------------

❌ [ERROR] .github/workflows/benchmark.yml
    .github/workflows/benchmark.yml:256:9: shellcheck reported issue in this script: SC2001:style:27:17: See if you can use ${variable//search/replace} instead [shellcheck]
        |
    256 |         run: |
        |         ^~~~
    .github/workflows/benchmark.yml:256:9: shellcheck reported issue in this script: SC2001:style:28:16: See if you can use ${variable//search/replace} instead [shellcheck]
        |
    256 |         run: |
        |         ^~~~
    .github/workflows/benchmark.yml:256:9: shellcheck reported issue in this script: SC2001:style:57:21: See if you can use ${variable//search/replace} instead [shellcheck]
        |
    256 |         run: |
        |         ^~~~
    .github/workflows/benchmark.yml:256:9: shellcheck reported issue in this script: SC2001:style:62:16: See if you

(Truncated to 1025 characters out of 4996)

❌ ANSIBLE / ansible-lint - 214 errors

WARNING: PATH altered to expand ~ in it. Read https://stackoverflow.com/a/44704799/99834 and correct your system configuration.
DEBUG    Logging initialized to level 10
INFO     Identified /github/workspace as project root due .git directory.
DEBUG    Options: Options(_skip_ansible_syntax_check=False, cache_dir=PosixPath('.ansible'), colored=False, configured=True, cwd=PosixPath('/github/workspace'), display_relative_path=True, exclude_paths=['pnpm-lock.yaml', 'package-lock.json', 'yarn.lock', '.cache/', '.next/', '.nuxt/', '.vercel/', 'tasks/', 'config/', 'reports/', '.venv/', 'venv/', '.git/', '.idea/', '.history/', '.pytest_cache/', '.mypy_cache/', '.ruff_cache/', '.next/', '.nuxt/', '.vercel/', '.output/', 'build/', 'logs/', 'coverage/', 'node_modules/', '**/Taskfile.yml', '**/taskfile.yml', '**/Taskfile.yaml', '**/taskfile.yaml', '**/.megalinter.yml'], format=None, lintables=[], list_rules=False, list_tags=False, write_list=[], write_exclude_list=[], parseable=False, quiet=False, rulesdirs=[PosixPath('/ve

(Truncated to 1025 characters out of 123912)

❌ CLOUDFORMATION / cfn-lint - 1 error

Results of cfn-lint linter (version 1.43.1)
See documentation on https://megalinter.io/9.3.0/descriptors/cloudformation_cfn_lint/
-----------------------------------------------

❌ [ERROR] config/.cfnlintrc.yml
    E1001 'Resources' is a required property
    config/.cfnlintrc.yml:2:1
    
    E1001 Additional properties are not allowed ('regions' was unexpected)
    config/.cfnlintrc.yml:2:1
    
    E1001 Additional properties are not allowed ('include-checks' was unexpected)
    config/.cfnlintrc.yml:7:1
    
    E1001 Additional properties are not allowed ('ignore-checks' was unexpected)
    config/.cfnlintrc.yml:12:1
    
    E1001 Additional properties are not allowed ('templates' was unexpected)
    config/.cfnlintrc.yml:17:1
    
    E1001 Additional properties are not allowed ('transform' was unexpected. Did you mean 'Transform'?)
    config/.cfnlintrc.yml:24:1
    
    E1001 Additional properties are not allowed ('custom-rules' was unexpected)
    config/.cfnlintrc.yml:28:1
    
    E1001 Additional 

(Truncated to 1025 characters out of 1120)

❌ REPOSITORY / checkov - 12 errors

2026-01-26 10:12:38,583 [MainThread  ] [INFO ]  Checking necessary system dependencies for helm checks.
2026-01-26 10:12:38,857 [MainThread  ] [INFO ]  Found working version of helm dependencies: v3.19.0
2026-01-26 10:12:38,861 [MainThread  ] [INFO ]  Checking necessary system dependencies for kustomize checks.
2026-01-26 10:12:38,863 [MainThread  ] [INFO ]  Could not find usable tools locally to process kustomize checks. Framework will be disabled for this run.
2026-01-26 10:12:38,865 [MainThread  ] [INFO ]  The following frameworks will automatically be disabled due to missing system dependencies: kustomize
2026-01-26 10:12:39,187 [MainThread  ] [INFO ]  The framework "sca_image" is part of the "SCA" module, which is not enabled in the platform
2026-01-26 10:12:39,187 [MainThread  ] [INFO ]  The framework "sca_package" is part of the "SCA" module, which is not enabled in the platform
2026-01-26 10:12:39,187 [MainThread  ] [INFO ]  The framework "sast" is part of the "SAST" module, which is not enabled in the

(Truncated to 1025 characters out of 17705)

❌ CLOJURE / clj-kondo - 1 error

Results of clj-kondo linter (version 2025.12.23)
See documentation on https://megalinter.io/9.3.0/descriptors/clojure_clj_kondo/
-----------------------------------------------

❌ [ERROR] config/.clj-kondo/config.edn
    config/.clj-kondo/config.edn:12:3: warning: Unexpected linter name: :keyword-naming
    config/.clj-kondo/config.edn:13:3: warning: Unexpected linter name: :fn-arity
    config/.clj-kondo/config.edn:16:3: warning: Unexpected linter name: :wrong-arity
    config/.clj-kondo/config.edn:17:3: warning: Unexpected linter name: :macroexpand
    linting took 6ms, errors: 0, warnings: 4

❌ SPELL / cspell - 279 errors

Results of cspell linter (version 9.4.0)
See documentation on https://megalinter.io/9.3.0/descriptors/spell_cspell/
-----------------------------------------------

❌ [ERROR] .devcontainer/.env
    Configuration Error: Failed to read config file: "config/.cspell.config.mjs"
    -------------------------------------------
    CSpell: Files checked: 0, Issues found: 0 in 0 files with 1 error.

❌ [ERROR] .devcontainer/Dockerfile
    Configuration Error: Failed to read config file: "config/.cspell.config.mjs"
    -------------------------------------------
    CSpell: Files checked: 0, Issues found: 0 in 0 files with 1 error.

❌ [ERROR] .devcontainer/devcontainer.json
    Configuration Error: Failed to read config file: "config/.cspell.config.mjs"
    -------------------------------------------
    CSpell: Files checked: 0, Issues found: 0 in 0 files with 1 error.

❌ [ERROR] .devcontainer/docker-compose.yml
    Configuration Error: Failed to read config file: "config/.cspell.config.mjs"
    -----------------------

(Truncated to 1025 characters out of 66941)

❌ EDITORCONFIG / editorconfig-checker - 279 errors

Results of editorconfig-checker linter (version 3.6.0)
See documentation on https://megalinter.io/9.3.0/descriptors/editorconfig_editorconfig_checker/
-----------------------------------------------

❌ [ERROR] .devcontainer/.env
    The default configuration file name `.ecrc` is deprecated. Use `.editorconfig-checker.json` instead. You can simply rename it
    json: cannot unmarshal bool into Go struct field Config.Disable of type config.DisabledChecks

❌ [ERROR] .devcontainer/Dockerfile
    The default configuration file name `.ecrc` is deprecated. Use `.editorconfig-checker.json` instead. You can simply rename it
    json: cannot unmarshal bool into Go struct field Config.Disable of type config.DisabledChecks

❌ [ERROR] .devcontainer/devcontainer.json
    The default configuration file name `.ecrc` is deprecated. Use `.editorconfig-checker.json` instead. You can simply rename it
    json: cannot unmarshal bool into Go struct field Config.Disable of type config.DisabledChecks

❌ [ERROR] .devcontainer/docker-c

(Truncated to 1025 characters out of 74788)

❌ JAVASCRIPT / eslint - 4 errors

Results of eslint linter (version 8.57.1)
See documentation on https://megalinter.io/9.3.0/descriptors/javascript_eslint/
-----------------------------------------------

❌ [ERROR] examples/node-express/src/app.js
    
    Oops! Something went wrong! :(
    
    ESLint: 8.57.1
    
    YAMLException: Cannot read config file: config/.eslint.config.mjs
    Error: end of the stream or a document separator is expected (25:14)
    
     22 |     js.configs.recommended,
     23 | 
     24 |     {
     25 |         files: ["**/*.{ts,tsx}"],
    -------------------^
     26 |         languageOptions: {
     27 |             parser: tsparser,
        at generateError (/node-deps/node_modules/js-yaml/lib/loader.js:199:10)
        at throwError (/node-deps/node_modules/js-yaml/lib/loader.js:203:9)
        at readDocument (/node-deps/node_modules/js-yaml/lib/loader.js:1651:5)
        at loadDocuments (/node-deps/node_modules/js-yaml/lib/loader.js:1694:5)
        at Object.load (/node-deps/node_modules/js-yaml/lib/loader.j

(Truncated to 1025 characters out of 5723)

❌ PYTHON / flake8 - 5 errors

Results of flake8 linter (version 7.3.0)
See documentation on https://megalinter.io/9.3.0/descriptors/python_flake8/
-----------------------------------------------

✅ [SUCCESS] examples/polyglot/python/processor/__init__.py
✅ [SUCCESS] examples/polyglot/python/processor/main.py
❌ [ERROR] examples/polyglot/python/processor/utils.py
    examples/polyglot/python/processor/utils.py:25:17: F541 f-string is missing placeholders
    examples/polyglot/python/processor/utils.py:26:17: F541 f-string is missing placeholders
    examples/polyglot/python/processor/utils.py:32:21: F541 f-string is missing placeholders

✅ [SUCCESS] examples/python-cli/greet_cli/__init__.py
❌ [ERROR] examples/python-cli/greet_cli/cli.py
    examples/python-cli/greet_cli/cli.py:13:1: F401 'pathlib.Path' imported but unused
    examples/python-cli/greet_cli/cli.py:14:1: F401 'typing.Optional' imported but unused

❌ REPOSITORY / gitleaks - 1 error

○
    │╲
    │ ○
    ○ ░
    ░    gitleaks

10:15AM FTL Failed to load config error="[[allowlists]] must contain at least one check for: commits, paths, regexes, or stopwords"

❌ REPOSITORY / grype - 2 errors

[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) from=syft
NAME     INSTALLED  FIXED IN  TYPE    VULNERABILITY        SEVERITY  EPSS          RISK   
qs       6.14.0     6.14.1    npm     GHSA-6rw7-vpxm-498p  High      0.1% (35th)   0.1    
urllib3  2.6.2      2.6.3     python  GHSA-38jv-5279-wg99  High      < 0.1% (3rd)  < 0.1
[0058] ERROR discovered vulnerabilities at or above the severity threshold

❌ DOCKERFILE / hadolint - 5 errors

Results of hadolint linter (version 2.14.0)
See documentation on https://megalinter.io/9.3.0/descriptors/dockerfile_hadolint/
-----------------------------------------------

❌ [ERROR] .devcontainer/Dockerfile
    .devcontainer/Dockerfile:37 DL3026 error: Use only an allowed registry in the FROM image
    .devcontainer/Dockerfile:37 DL3049 info: Label `org.opencontainers.image.description` is missing.
    .devcontainer/Dockerfile:37 DL3049 info: Label `org.opencontainers.image.version` is missing.
    .devcontainer/Dockerfile:37 DL3049 info: Label `org.opencontainers.image.licenses` is missing.
    .devcontainer/Dockerfile:37 DL3049 info: Label `org.opencontainers.image.authors` is missing.
    .devcontainer/Dockerfile:37 DL3049 info: Label `org.opencontainers.image.documentation` is missing.
    .devcontainer/Dockerfile:37 DL3049 info: Label `org.opencontainers.image.title` is missing.
    .devcontainer/Dockerfile:37 DL3049 info: Label `org.opencontainers.image.sources` is missing.
    .devcontainer/Dockerfil

(Truncated to 1025 characters out of 21223)

❌ COPYPASTE / jscpd - 58 errors

Clone found (javascript):
 - examples/node-express/src/app.js [18:1 - 27:46] (9 lines, 103 tokens)
   examples/polyglot/node/src/app.js [20:1 - 29:39]

Clone found (javascript):
 - examples/node-express/src/app.js [120:2 - 133:7] (13 lines, 85 tokens)
   examples/polyglot/node/src/app.js [142:16 - 157:4]

Clone found (yaml):
 - config/styles/proselint/Cliches.yml [11:3 - 21:5] (10 lines, 116 tokens)
   config/styles/write-good/Cliches.yml [10:3 - 20:4]

Clone found (yaml):
 - config/styles/proselint/Cliches.yml [24:3 - 40:3] (16 lines, 184 tokens)
   config/styles/write-good/Cliches.yml [21:3 - 37:6]

Clone found (yaml):
 - config/styles/proselint/Cliches.yml [51:3 - 72:8] (21 lines, 236 tokens)
   config/styles/write-good/Cliches.yml [46:3 - 67:7]

Clone found (yaml):
 - config/styles/proselint/Cliches.yml [76:3 - 100:9] (24 lines, 264 tokens)
   config/styles/write-good/Cliches.yml [67:3 - 91:6]

Clone found (yaml):
 - config/styles/proselint/Cliches.yml [104:3 - 119:5] (15 lines, 141 tokens)
   config/style

(Truncated to 1025 characters out of 11965)

❌ JSON / jsonlint - 2 errors

Results of jsonlint linter (version 16.0.0)
See documentation on https://megalinter.io/9.3.0/descriptors/json_jsonlint/
-----------------------------------------------

❌ [ERROR] .devcontainer/devcontainer.json
    File: .devcontainer/devcontainer.json
    Parse error on line 2, column 3:
    {  // =================...
    ---^
    Unexpected token "/"

✅ [SUCCESS] .vscode/extensions.json
✅ [SUCCESS] .vscode/launch.json
❌ [ERROR] .vscode/settings.json
    File: .vscode/settings.json
    Parse error on line 53, column 5:
    ...ment": "never",    },      // Prevent ...
    ----------------------^
    Trailing comma in object

✅ [SUCCESS] .vscode/tasks.json
✅ [SUCCESS] config/.coffee-lint.json
✅ [SUCCESS] config/.devskim.json
✅ [SUCCESS] config/.eslintrc-json.json
✅ [SUCCESS] config/.flow-scanner.json
✅ [SUCCESS] config/.groovylintrc.json
✅ [SUCCESS] config/.jscpd.json
✅ [SUCCESS] config/.kics.config.json
✅ [SUCCESS] config/.markdown-link-check.json
✅ [SUCCESS] config/.markdownlint.json
✅ [SUCCESS] config/.npmpa

(Truncated to 1025 characters out of 1799)

❌ REPOSITORY / kics - 92 errors

MLLLLLM             MLLLLLLLLL   LLLLLLL             KLLLLLLLLLLLLLLLL       LLLLLLLLLLLLLLLLLLLLLLL 
   MMMMMMM           MMMMMMMMMML    MMMMMMMK       LMMMMMMMMMMMMMMMMMMMML   KLMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM         MMMMMMMMML       MMMMMMMK     LMMMMMMMMMMMMMMMMMMMMMML  LMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM      MMMMMMMMMML         MMMMMMMK   LMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM    LMMMMMMMMML           MMMMMMMK  LMMMMMMMMMLLMLLLLLLLLLLLLLL LMMMMMMMLLLLLLLLLLLLLLLLLLLLM 
   MMMMMMM  MMMMMMMMMLM             MMMMMMMK LMMMMMMMM                    LMMMMMML                      
   MMMMMMMLMMMMMMMML                MMMMMMMK MMMMMMML                     LMMMMMMMMLLLLLLLLLLLLLMLL     
   MMMMMMMMMMMMMMMM                 MMMMMMMK MMMMMML                       LMMMMMMMMMMMMMMMMMMMMMMMMML  
   MMMMMMMMMMMMMMMMMM               MMMMMMMK MMMMMMM                         LMMMMMMMMMMMMMMMMMMMMMMMML 
   MMMMMMM KLMMMMMMMMML             MMMMMMMK LMMMMMMM                              

(Truncated to 1025 characters out of 26441)

❌ SPELL / lychee - 173 errors

Results of lychee linter (version 0.18.0)
See documentation on https://megalinter.io/9.3.0/descriptors/spell_lychee/
-----------------------------------------------

❌ [ERROR] .devcontainer/devcontainer.json
    [200] https://raw.githubusercontent.com/devcontainers/spec/main/schemas/devContainer.schema.json
    [200] https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json
    [200] https://containers.dev/templates
    [200] https://containers.dev/features
    [200] https://containers.dev/
    [200] https://marketplace.visualstudio.com/vscode
    [200] https://containers.dev/implementors/json_reference/
    [200] https://github.com/devcontainers/features/tree/main/src/git
    [200] https://github.com/devcontainers/features/tree/main/src/node
    [200] https://github.com/devcontainers/features/tree/main/src/docker-in-docker
    [200] https://json.schemastore.org/github-workflow.json
    [200] https://github.com/devcontainers/features/tree/main/src/python
    [200] https://gith

(Truncated to 1025 characters out of 106073)

❌ MARKDOWN / markdown-table-formatter - 12 errors

Results of markdown-table-formatter linter (version 1.7.0)
See documentation on https://megalinter.io/9.3.0/descriptors/markdown_markdown_table_formatter/
-----------------------------------------------

✅ [SUCCESS] .github/COPILOT_ALLOWLIST.md
✅ [SUCCESS] .github/SECURITY_NOTES.md
✅ [SUCCESS] .github/copilot-instructions.md
✅ [SUCCESS] .github/pull_request_template.md
✅ [SUCCESS] CHANGELOG.md
❌ [ERROR] CONTRIBUTING.md
    1 files contain markdown tables to format:
    - CONTRIBUTING.md

❌ [ERROR] README.md
    1 files contain markdown tables to format:
    - README.md

❌ [ERROR] SECURITY.md
    1 files contain markdown tables to format:
    - SECURITY.md

❌ [ERROR] audit/UBI_AUDIT_2025-12-12_00-16-19.md
    1 files contain markdown tables to format:
    - audit/UBI_AUDIT_2025-12-12_00-16-19.md

❌ [ERROR] audit/UBI_AUDIT_PHASE2_2025-12-13_08-41-21.md
    1 files contain markdown tables to format:
    - audit/UBI_AUDIT_PHASE2_2025-12-13_08-41-21.md

❌ [ERROR] benchmarks/README.md
    1 files contain markdown ta

(Truncated to 1025 characters out of 2700)

❌ MARKDOWN / markdownlint - 429 errors

Results of markdownlint linter (version 0.47.0)
See documentation on https://megalinter.io/9.3.0/descriptors/markdown_markdownlint/
-----------------------------------------------

❌ [ERROR] .github/COPILOT_ALLOWLIST.md
    .github/COPILOT_ALLOWLIST.md:3:121 error MD013/line-length Line length [Expected: 120; Actual: 164]
    .github/COPILOT_ALLOWLIST.md:7:121 error MD013/line-length Line length [Expected: 120; Actual: 265]
    .github/COPILOT_ALLOWLIST.md:56 error MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"]
    .github/COPILOT_ALLOWLIST.md:150:31 error MD034/no-bare-urls Bare URL used [Context: "https://github.com/egohygiene/..."]

❌ [ERROR] .github/SECURITY_NOTES.md
    .github/SECURITY_NOTES.md:18:121 error MD013/line-length Line length [Expected: 120; Actual: 159]
    .github/SECURITY_NOTES.md:20:121 error MD013/line-length Line length [Expected: 120; Actual: 190]
    .github/SECURITY_NOTES.md:22:121 error MD013/line-length Line length [Expected: 120; Act

(Truncated to 1025 characters out of 60484)

❌ PYTHON / mypy - 11 errors

Results of mypy linter (version 1.19.1)
See documentation on https://megalinter.io/9.3.0/descriptors/python_mypy/
-----------------------------------------------

✅ [SUCCESS] examples/polyglot/python/processor/__init__.py
❌ [ERROR] examples/polyglot/python/processor/main.py
    examples/polyglot/python/processor/main.py:12:1: error: Cannot find
    implementation or library stub for module named "click"  [import-not-found]
        import click
        ^
    examples/polyglot/python/processor/main.py:12:1: note: See https://mypy.readthedocs.io/en/stable/running_mypy.html#missing-imports
    examples/polyglot/python/processor/main.py:54:2: error: Untyped decorator makes
    function "main" untyped  [untyped-decorator]
        @click.command()
         ^~~~~~~~~~~~~~~
    examples/polyglot/python/processor/main.py:55:2: error: Untyped decorator makes
    function "main" untyped  [untyped-decorator]
        @click.option(
         ^~~~~~~~~~~~~
    examples/polyglot/python/processor/main.py:62:2: error: Untyped de

(Truncated to 1025 characters out of 2753)

❌ JSON / npm-package-json-lint - 1 error

cli:
	Configuration for rule "name-format" is invalid:
	- severity must be a string.
	- severity must be either "off", "warning", or "error".

❌ POWERSHELL / powershell - 3 errors

Results of powershell linter (version 7.5.4)
See documentation on https://megalinter.io/9.3.0/descriptors/powershell_powershell/
-----------------------------------------------

❌ [ERROR] config/.arm-ttk.psd1
    Invoke-ScriptAnalyzer: powershellversion is not a valid key in the settings hashtable. Valid keys are CustomRulePath, ExcludeRules, IncludeRules, IncludeDefaultRules, RecurseCustomRulePath, Rules and Severity.

❌ [ERROR] config/.powershell-formatter.psd1
    Invoke-ScriptAnalyzer: rootmodule is not a valid key in the settings hashtable. Valid keys are CustomRulePath, ExcludeRules, IncludeRules, IncludeDefaultRules, RecurseCustomRulePath, Rules and Severity.

❌ [ERROR] config/.powershell-psscriptanalyzer.psd1
    Invoke-ScriptAnalyzer: rootmodule is not a valid key in the settings hashtable. Valid keys are CustomRulePath, ExcludeRules, IncludeRules, IncludeDefaultRules, RecurseCustomRulePath, Rules and Severity.

❌ POWERSHELL / powershell_formatter - 3 errors

Results of powershell_formatter linter (version 7.5.4)
See documentation on https://megalinter.io/9.3.0/descriptors/powershell_powershell_formatter/
-----------------------------------------------

❌ [ERROR] config/.arm-ttk.psd1
    Invoke-Formatter: converttoconsistentcommentstyle is not a valid key in the settings hashtable. Valid keys are CustomRulePath, ExcludeRules, IncludeRules, IncludeDefaultRules, RecurseCustomRulePath, Rules and Severity.

❌ [ERROR] config/.powershell-formatter.psd1
    Invoke-Formatter: maxlinelength is not a valid key in the settings hashtable. Valid keys are CustomRulePath, ExcludeRules, IncludeRules, IncludeDefaultRules, RecurseCustomRulePath, Rules and Severity.

❌ [ERROR] config/.powershell-psscriptanalyzer.psd1
    Invoke-Formatter: indentationsize is not a valid key in the settings hashtable. Valid keys are CustomRulePath, ExcludeRules, IncludeRules, IncludeDefaultRules, RecurseCustomRulePath, Rules and Severity.

❌ JAVASCRIPT / prettier - 4 errors

Results of prettier linter (version 3.7.4)
See documentation on https://megalinter.io/9.3.0/descriptors/javascript_prettier/
-----------------------------------------------

❌ [ERROR] examples/node-express/src/app.js
    Checking formatting...
    [error] Cannot find package 'prettier-plugin-sh' imported from noop.js

❌ [ERROR] examples/node-express/src/server.js
    Checking formatting...
    [error] Cannot find package 'prettier-plugin-sh' imported from noop.js

❌ [ERROR] examples/polyglot/node/src/app.js
    Checking formatting...
    [error] Cannot find package 'prettier-plugin-sh' imported from noop.js

❌ [ERROR] examples/polyglot/node/src/server.js
    Checking formatting...
    [error] Cannot find package 'prettier-plugin-sh' imported from noop.js

❌ JSON / prettier - 32 errors

Results of prettier linter (version 3.7.4)
See documentation on https://megalinter.io/9.3.0/descriptors/json_prettier/
-----------------------------------------------

❌ [ERROR] .devcontainer/devcontainer.json
    Checking formatting...
    [error] Cannot find package 'prettier-plugin-sh' imported from noop.js

❌ [ERROR] .vscode/extensions.json
    Checking formatting...
    [error] Cannot find package 'prettier-plugin-sh' imported from noop.js

❌ [ERROR] .vscode/launch.json
    Checking formatting...
    [error] Cannot find package 'prettier-plugin-sh' imported from noop.js

❌ [ERROR] .vscode/settings.json
    Checking formatting...
    [error] Cannot find package 'prettier-plugin-sh' imported from noop.js

❌ [ERROR] .vscode/tasks.json
    Checking formatting...
    [error] Cannot find package 'prettier-plugin-sh' imported from noop.js

❌ [ERROR] config/.coffee-lint.json
    Checking formatting...
    [error] Cannot find package 'prettier-plugin-sh' imported from noop.js

❌ [ERROR] config/.devskim.json
    Ch

(Truncated to 1025 characters out of 4712)

❌ YAML / prettier - 97 errors

Results of prettier linter (version 3.7.4)
See documentation on https://megalinter.io/9.3.0/descriptors/yaml_prettier/
-----------------------------------------------

❌ [ERROR] .devcontainer/docker-compose.yml
    Checking formatting...
    [error] Cannot find package 'prettier-plugin-sh' imported from noop.js

❌ [ERROR] .github/FUNDING.yml
    Checking formatting...
    [error] Cannot find package 'prettier-plugin-sh' imported from noop.js

❌ [ERROR] .github/actionlint.yaml
    Checking formatting...
    [error] Cannot find package 'prettier-plugin-sh' imported from noop.js

❌ [ERROR] .github/dependabot.yml
    Checking formatting...
    [error] Cannot find package 'prettier-plugin-sh' imported from noop.js

❌ [ERROR] .github/workflows/benchmark.yml
    Checking formatting...
    [error] Cannot find package 'prettier-plugin-sh' imported from noop.js

❌ [ERROR] .github/workflows/bump-version.yml
    Checking formatting...
    [error] Cannot find package 'prettier-plugin-sh' imported from noop.js

❌ [ERROR] .g

(Truncated to 1025 characters out of 14169)

❌ SPELL / proselint - 92 errors

Results of proselint linter (version 0.14.0)
See documentation on https://megalinter.io/9.3.0/descriptors/spell_proselint/
-----------------------------------------------

✅ [SUCCESS] .github/COPILOT_ALLOWLIST.md
✅ [SUCCESS] .github/SECURITY_NOTES.md
❌ [ERROR] .github/copilot-instructions.md
    .github/copilot-instructions.md:157:11: lexical_illusions.misc There's a lexical illusion here: a word is repeated.

✅ [SUCCESS] .github/pull_request_template.md
❌ [ERROR] CHANGELOG.md
    CHANGELOG.md:4:80: typography.symbols.ellipsis '...' is an approximation, use the ellipsis symbol '…'. Found 5 times elsewhere.
    CHANGELOG.md:10:80: typography.symbols.ellipsis '...' is an approximation, use the ellipsis symbol '…'.
    CHANGELOG.md:13:80: typography.symbols.ellipsis '...' is an approximation, use the ellipsis symbol '…'.

❌ [ERROR] CONTRIBUTING.md
    CONTRIBUTING.md:84:83: typography.symbols.curly_quotes Use curly quotes “”, not straight quotes "". Found 18 times elsewhere.
    CONTRIBUTING.md:176:48: leonard.ex

(Truncated to 1025 characters out of 12387)

❌ PYTHON / pylint - 11 errors

Results of pylint linter (version 4.0.4)
See documentation on https://megalinter.io/9.3.0/descriptors/python_pylint/
-----------------------------------------------

✅ [SUCCESS] examples/polyglot/python/processor/__init__.py
❌ [ERROR] examples/polyglot/python/processor/main.py
    ************* Module config/.pylintrc
    config/.pylintrc:1:0: E0015: Unrecognized option found: suggestion-mode (unrecognized-option)
    ************* Module processor.main
    examples/polyglot/python/processor/main.py:12:0: E0401: Unable to import 'click' (import-error)
    examples/polyglot/python/processor/main.py:149:4: E1120: No value for argument 'input' in function call (no-value-for-parameter)
    examples/polyglot/python/processor/main.py:149:4: E1120: No value for argument 'show_result' in function call (no-value-for-parameter)
    examples/polyglot/python/processor/main.py:149:4: E1120: No value for argument 'show_env' in function call (no-value-for-parameter)

✅ [SUCCESS] examples/polyglot/python/processor/utils.py
✅ 

(Truncated to 1025 characters out of 1913)

❌ PYTHON / ruff - 26 errors

Results of ruff linter (version 0.14.10)
See documentation on https://megalinter.io/9.3.0/descriptors/python_ruff/
-----------------------------------------------

❌ [ERROR] examples/polyglot/python/processor/__init__.py
    D212 [*] Multi-line docstring summary should start at the first line
     --> examples/polyglot/python/processor/__init__.py:1:1
      |
    1 | / """
    2 | | Data processor component of the polyglot example.
    3 | |
    4 | | This module provides data processing capabilities for the polyglot application.
    5 | | """
      | |___^
    6 |
    7 |   __version__ = "0.1.0"
      |
    help: Remove whitespace after opening quotes
    
    Found 1 error.
    [*] 1 fixable with the `--fix` option.

❌ [ERROR] examples/polyglot/python/processor/main.py
    EXE001 Shebang is present but file is not executable
     --> examples/polyglot/python/processor/main.py:1:1
      |
    1 | #!/usr/bin/env python3
      | ^^^^^^^^^^^^^^^^^^^^^^
    2 | """
    3 | Main data processor.
      |
    
    D2

(Truncated to 1025 characters out of 11419)

❌ REPOSITORY / secretlint - 1 error

AggregationError: secretlint loading errors

----

Failed to load rule module: @secretlint/secretlint-rule-git

Error: Failed to load secretlint's rule module: "@secretlint/secretlint-rule-git" is not found.

cwd: /github/workspace
baseDir: 


----

Failed to load rule module: @secretlint/secretlint-rule-npm

Error: Failed to load secretlint's rule module: "@secretlint/secretlint-rule-npm" is not found.

cwd: /github/workspace
baseDir: 


----

Failed to load rule module: @secretlint/secretlint-rule-no-homedir

Error: Failed to load secretlint's rule module: "@secretlint/secretlint-rule-no-homedir" is not found.

cwd: /github/workspace
baseDir: 


----

Failed to load rule module: @secretlint/secretlint-rule-no-dotenv

Error: Failed to load secretlint's rule module: "@secretlint/secretlint-rule-no-dotenv" is not found.

cwd: /github/workspace
baseDir: 


----

Failed to load rule module: @secretlint/secretlint-rule-github

Error: Failed to load secretlint's rule module: "@secretlint/secretlint-rule-github" is 

(Truncated to 1025 characters out of 25231)

❌ BASH / shellcheck - 9 errors

Results of shellcheck linter (version 0.11.0)
See documentation on https://megalinter.io/9.3.0/descriptors/bash_shellcheck/
-----------------------------------------------

✅ [SUCCESS] examples/polyglot/scripts/env-info.sh
✅ [SUCCESS] examples/polyglot/scripts/setup.sh
✅ [SUCCESS] examples/polyglot/scripts/start-all.sh
✅ [SUCCESS] examples/polyglot/scripts/status.sh
✅ [SUCCESS] tests/examples/test-node-express.sh
✅ [SUCCESS] tests/examples/test-polyglot.sh
✅ [SUCCESS] tests/examples/test-python-cli.sh
✅ [SUCCESS] tests/integration/test-env-vars.sh
✅ [SUCCESS] tests/integration/test-telemetry.sh
❌ [ERROR] tests/integration/test-variant-full.sh
    
    In tests/integration/test-variant-full.sh line 6:
    command_exists() { command -v "$1" >/dev/null 2>&1; }
    ^-- SC2329 (info): This function is never invoked. Check usage (or ignored if invoked indirectly).
    
    For more information:
      https://www.shellcheck.net/wiki/SC2329 -- This function is never invoked. C...

❌ [ERROR] tests/integration/test-vari

(Truncated to 1025 characters out of 3603)

❌ BASH / shfmt - 15 errors

Results of shfmt linter (version 3.12.0)
See documentation on https://megalinter.io/9.3.0/descriptors/bash_shfmt/
-----------------------------------------------

❌ [ERROR] examples/polyglot/scripts/env-info.sh
    diff examples/polyglot/scripts/env-info.sh.orig examples/polyglot/scripts/env-info.sh
    --- examples/polyglot/scripts/env-info.sh.orig
    +++ examples/polyglot/scripts/env-info.sh
    @@ -24,26 +24,26 @@
     
     # Python environment
     echo -e "${YELLOW}🐍 Python Environment:${NC}"
    -if command -v python &> /dev/null; then
    -    echo "  Python: $(python --version 2>&1)"
    -    echo "  Location: $(which python)"
    -    echo "  PYTHONUSERBASE: ${PYTHONUSERBASE:-Not set}"
    -    echo "  PYTHONPATH: ${PYTHONPATH:-Not set}"
    -else
    -    echo "  Python: Not available"
    +if command -v python &>/dev/null; then
    +  echo "  Python: $(python --version 2>&1)"
    +  echo "  Location: $(which python)"
    +  echo "  PYTHONUSERBASE: ${PYTHONUSERBASE:-Not set}"
    +  echo "  PYTHONP

(Truncated to 1025 characters out of 16986)

❌ REPOSITORY / syft - 1 error

[0000] ERROR invalid application config: decoding failed due to the following error(s):

'catalogers[0]' expected type 'string', got unconvertible type 'map[string]interface {}'

❌ TERRAFORM / terragrunt - 1 error

Results of terragrunt linter (version 0.93.13)
See documentation on https://megalinter.io/9.3.0/descriptors/terraform_terragrunt/
-----------------------------------------------

❌ [ERROR] config/terragrunt.hcl
    10:15:36.781 ERROR  flag `--config` is not a valid flag for `format`. Did you mean to use `run --config`?

❌ REPOSITORY / trivy - 1 error

2026-01-26T10:13:40Z	INFO	Loaded	file_path="config/trivy.yaml"
2026-01-26T10:13:40Z	INFO	[vulndb] Need to update DB
2026-01-26T10:13:40Z	INFO	[vulndb] Downloading vulnerability DB...
2026-01-26T10:13:40Z	INFO	[vulndb] Downloading artifact...	repo="mirror.gcr.io/aquasec/trivy-db:2"
26.96 MiB / 83.23 MiB [------------------->_________________________________________] 32.39% ? p/s ?56.80 MiB / 83.23 MiB [----------------------------------------->___________________] 68.25% ? p/s ?83.23 MiB / 83.23 MiB [----------------------------------------------------------->] 100.00% ? p/s ?83.23 MiB / 83.23 MiB [---------------------------------------------->] 100.00% 93.77 MiB p/s ETA 0s83.23 MiB / 83.23 MiB [---------------------------------------------->] 100.00% 93.77 MiB p/s ETA 0s83.23 MiB / 83.23 MiB [---------------------------------------------->] 100.00% 93.77 MiB p/s ETA 0s83.23 MiB / 83.23 MiB [---------------------------------------------->] 100.00% 87.72 MiB p/s ETA 0s83.23 MiB / 83.23 MiB [--------------------

(Truncated to 1025 characters out of 12010)

❌ REPOSITORY / trufflehog - 1 error

2026-01-26T10:13:53Z	error	trufflehog	error parsing the provided configuration file	{"error": "proto: (line 1:2): unknown field \"branch\""}

❌ JSON / v8r - 1 error

Results of v8r linter (version 5.1.0)
See documentation on https://megalinter.io/9.3.0/descriptors/json_v8r/
-----------------------------------------------

✅ [SUCCESS] .devcontainer/devcontainer.json
✅ [SUCCESS] .vscode/extensions.json
✅ [SUCCESS] .vscode/launch.json
✅ [SUCCESS] .vscode/settings.json
✅ [SUCCESS] .vscode/tasks.json
✅ [SUCCESS] config/.coffee-lint.json
✅ [SUCCESS] config/.devskim.json
✅ [SUCCESS] config/.eslintrc-json.json
✅ [SUCCESS] config/.flow-scanner.json
❌ [ERROR] config/.groovylintrc.json
    ℹ No config file found
    ℹ Pre-warming the cache
    ℹ Processing config/.groovylintrc.json
    ℹ Found schema in https://www.schemastore.org/api/json/catalog.json ...
    ℹ Validating config/.groovylintrc.json against schema from https://raw.githubusercontent.com/nvuillam/npm-groovy-lint/refs/heads/main/docs/groovy-lint.jsonschema.json ...
    ✖ config/.groovylintrc.json is invalid
    
    config/.groovylintrc.json# must NOT have additional properties, found additional property 'excludePaths'
 

(Truncated to 1025 characters out of 6520)

❌ YAML / v8r - 5 errors

Results of v8r linter (version 5.1.0)
See documentation on https://megalinter.io/9.3.0/descriptors/yaml_v8r/
-----------------------------------------------

✅ [SUCCESS] .devcontainer/docker-compose.yml
✅ [SUCCESS] .github/FUNDING.yml
✅ [SUCCESS] .github/actionlint.yaml
❌ [ERROR] .github/dependabot.yml
    ℹ No config file found
    ℹ Pre-warming the cache
    ℹ Processing .github/dependabot.yml
    ℹ Found schema in https://www.schemastore.org/api/json/catalog.json ...
    ℹ Validating .github/dependabot.yml against schema from https://www.schemastore.org/dependabot-2.0.json ...
    ✖ .github/dependabot.yml is invalid
    
    .github/dependabot.yml#/updates/0/schedule/timezone must be equal to one of the allowed values
    .github/dependabot.yml#/updates/1/schedule/timezone must be equal to one of the allowed values
    .github/dependabot.yml#/updates/2/schedule/timezone must be equal to one of the allowed values
    .github/dependabot.yml#/updates/3/schedule/timezone must be equal to one of the allowed valu

(Truncated to 1025 characters out of 7937)

❌ SPELL / vale - 15 errors

Results of vale linter (version 3.13.0)
See documentation on https://megalinter.io/9.3.0/descriptors/spell_vale/
-----------------------------------------------

❌ [ERROR] .github/COPILOT_ALLOWLIST.md
    
     .github/COPILOT_ALLOWLIST.md
     3:63    warning     'be allowlisted' may be         write-good.Passive   
                         passive voice. Use active                            
                         voice if you can.                                    
     3:63    suggestion  Try to avoid using 'be'.        write-good.E-Prime   
     7:125   suggestion  Try to avoid using 'are'.       write-good.E-Prime   
     7:125   warning     'are blocked' may be passive    write-good.Passive   
                         voice. Use active voice if you                       
                         can.                                                 
     11:28   warning     'be added' may be passive       write-good.Passive   
                         voice. Use active voice if you                   

(Truncated to 1025 characters out of 39477)

❌ YAML / yamllint - 185 errors

Results of yamllint linter (version 1.37.1)
See documentation on https://megalinter.io/9.3.0/descriptors/yaml_yamllint/
-----------------------------------------------

✅ [SUCCESS] .devcontainer/docker-compose.yml
✅ [SUCCESS] .github/FUNDING.yml
✅ [SUCCESS] .github/actionlint.yaml
✅ [SUCCESS] .github/dependabot.yml
✅ [SUCCESS] .github/workflows/benchmark.yml
✅ [SUCCESS] .github/workflows/bump-version.yml
✅ [SUCCESS] .github/workflows/copilot-setup-steps.yml
✅ [SUCCESS] .github/workflows/dependency-review.yml
✅ [SUCCESS] .github/workflows/docs.yml
✅ [SUCCESS] .github/workflows/megalinter-fix.yml
✅ [SUCCESS] .github/workflows/megalinter.yml
✅ [SUCCESS] .github/workflows/metrics.yml
✅ [SUCCESS] .github/workflows/monitor-base-image.yml
✅ [SUCCESS] .github/workflows/publish.yml
✅ [SUCCESS] .github/workflows/release-notes.yml
✅ [SUCCESS] .github/workflows/sanity.yml
✅ [SUCCESS] .github/workflows/secrets-scan.yml
✅ [SUCCESS] .github/workflows/semantic-release.yml
✅ [SUCCESS] .github/workflows/test-examples.yml
✅ [SUC

(Truncated to 1025 characters out of 16760)

See detailed reports in MegaLinter artifacts

dependabot · 2026-02-16T09:45:33Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot requested a review from szmyty as a code owner January 26, 2026 10:08

dependabot bot closed this Feb 16, 2026

dependabot bot deleted the dependabot/github_actions/github-actions-73214a34bd branch February 16, 2026 09:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the github-actions group across 1 directory with 7 updates#122

chore(deps): bump the github-actions group across 1 directory with 7 updates#122
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-73214a34bd

dependabot bot commented on behalf of github Jan 26, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Jan 26, 2026

Uh oh!

github-actions bot commented Jan 26, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 16, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.0

What's Changed

v5.0.0

What's Changed

Breaking Changes

Dependency Upgrades

New Contributors

v4.4.0

v6.0.0

What's Changed

Breaking Changes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

v5.6.0

What's Changed

v5.5.0

What's Changed

Enhancements:

Bug fixes:

v5.0.0

What's Changed

v4.3.0

What's Changed

New Contributors

v4.2.4

What's Changed

New Contributors

v4.2.3

What's Changed

New Contributors

Releases

Changelog

5.0.2

5.0.1

5.0.0

4.3.0

4.2.4

4.2.3

4.2.2

4.2.1

4.2.0

v4.0.0

What's Changed?

v3.10.1

What's Changed?

v3.10.0

What's Changed

v3.9.2

What's Changed

v3.9.1

What's Changed

v3.9.0

What's Changed

v3.8.2

v9.3.0

What's Changed

[v9.3.0] - 2026-01-04

v1.5.0

Added

Fixed

v1.5.0 - 2026-01-25

Added

Fixed

v12

What's Changed

Uh oh!

dependabot bot commented on behalf of github Jan 26, 2026

Labels

Uh oh!

github-actions bot commented Jan 26, 2026

❌MegaLinter analysis: Error

Detailed Issues

Uh oh!

dependabot bot commented on behalf of github Feb 16, 2026

dependabot bot commented on behalf of github Jan 26, 2026 •

edited

Loading