chore(deps): bump the github-actions group with 18 updates

[dependabot]

Bumps the github-actions group with 18 updates:

Package	From	To
step-security/harden-runner	2.13.1	2.13.2
actions/checkout	5.0.0	6.0.0
devops-actions/actionlint	0.1.9	0.1.10
Platane/snk	3.3.0	3.4.1
psf/black	25.9.0	25.11.0
github/codeql-action	4.31.2	4.31.6
actions/dependency-review-action	4.8.1	4.8.2
actions/setup-python	6.0.0	6.1.0
nick2bad4u/generate-repo-file-list	6de1b736f4684d3a8a4260f0bc3aea4ce1493f3f	4b742561166c6eafcf23fbb0c79ff8869bbceb27
oxsecurity/megalinter	9.1.0	9.2.0
google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml	2.2.4	2.3.0
google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml	2.2.4	2.3.0
peter-evans/create-pull-request	7.0.8	7.0.9
rojopolis/spellcheck-github-actions	0.53.0	0.55.0
actions/ai-inference	2.0.1	2.0.4
super-linter/super-linter	8.2.1	8.3.0
trufflesecurity/trufflehog	3.90.12	3.91.1
crate-ci/typos	1.39.0	1.40.0

Updates step-security/harden-runner from 2.13.1 to 2.13.2

Release notes

Sourced from step-security/harden-runner's releases.

v2.13.2

What's Changed

• Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.
• Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.

Full Changelog: step-security/harden-runner@v2.13.1...v2.13.2

Commits

• 95d9a5d Merge pull request #606 from step-security/rc-28
• 87e429d Update limitations.md
• ef891c3 feat: add support for custom vm image
• 1fa8c8a update agent
• 92c522a Merge pull request #593 from step-security/ak-readme-updates
• 4719ad5 README updates
• 4fde639 Merge pull request #591 from eromosele-stepsecurity/Upd
• f682f2f Update README.md
• See full diff in compare view

Updates actions/checkout from 5.0.0 to 6.0.0

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

V6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

V5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

V5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

V4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

V4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695

... (truncated)

Commits

• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• See full diff in compare view

Updates devops-actions/actionlint from 0.1.9 to 0.1.10

Release notes

Sourced from devops-actions/actionlint's releases.

Release v0.1.10

What's Changed

• [StepSecurity] Apply security best practices by @​step-security-bot in devops-actions/actionlint#66
• Correctly capitalize the variable name to match the setting by @​rajbos in devops-actions/actionlint#67
• [StepSecurity] ci: Harden GitHub Actions by @​step-security-bot in devops-actions/actionlint#68
• Add toplevel permissions with minimal scope by @​rajbos in devops-actions/actionlint#69
• Adding correct token scopes by @​rajbos in devops-actions/actionlint#70
• Bump step-security/harden-runner from 2.10.4 to 2.11.0 by @​dependabot[bot] in devops-actions/actionlint#73
• Bump actions/checkout from 4.1.1 to 4.2.2 by @​dependabot[bot] in devops-actions/actionlint#72
• Update actionlint version to 1.7.7 by @​github-actions[bot] in devops-actions/actionlint#71
• Bump actions/upload-artifact from 4.6.0 to 4.6.1 by @​dependabot[bot] in devops-actions/actionlint#77
• Bump github/codeql-action from 3.28.9 to 3.28.10 by @​dependabot[bot] in devops-actions/actionlint#76
• Bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @​dependabot[bot] in devops-actions/actionlint#75
• Bump github/codeql-action from 3.28.10 to 3.28.11 by @​dependabot[bot] in devops-actions/actionlint#78
• Bump github/codeql-action from 3.28.11 to 3.28.12 by @​dependabot[bot] in devops-actions/actionlint#80
• Bump actions/upload-artifact from 4.6.1 to 4.6.2 by @​dependabot[bot] in devops-actions/actionlint#79
• Bump github/codeql-action from 3.28.12 to 3.28.13 by @​dependabot[bot] in devops-actions/actionlint#81
• Bump actions/dependency-review-action from 4.5.0 to 4.6.0 by @​dependabot[bot] in devops-actions/actionlint#84
• Bump step-security/harden-runner from 2.11.0 to 2.11.1 by @​dependabot[bot] in devops-actions/actionlint#83
• Bump github/codeql-action from 3.28.13 to 3.28.14 by @​dependabot[bot] in devops-actions/actionlint#82
• Bump github/codeql-action from 3.28.14 to 3.28.15 by @​dependabot[bot] in devops-actions/actionlint#85
• Bump actions/dependency-review-action from 4.6.0 to 4.7.0 by @​dependabot[bot] in devops-actions/actionlint#88
• Bump step-security/harden-runner from 2.11.1 to 2.12.0 by @​dependabot[bot] in devops-actions/actionlint#87
• Bump github/codeql-action from 3.28.15 to 3.28.17 by @​dependabot[bot] in devops-actions/actionlint#86
• Bump actions/dependency-review-action from 4.7.0 to 4.7.1 by @​dependabot[bot] in devops-actions/actionlint#90
• Bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in devops-actions/actionlint#91
• Bump github/codeql-action from 3.28.17 to 3.28.19 by @​dependabot[bot] in devops-actions/actionlint#92
• Bump step-security/harden-runner from 2.12.0 to 2.12.1 by @​dependabot[bot] in devops-actions/actionlint#93
• Bump github/codeql-action from 3.28.19 to 3.29.0 by @​dependabot[bot] in devops-actions/actionlint#94
• Bump step-security/harden-runner from 2.12.1 to 2.12.2 by @​dependabot[bot] in devops-actions/actionlint#96
• Bump github/codeql-action from 3.29.0 to 3.29.2 by @​dependabot[bot] in devops-actions/actionlint#97
• Bump github/codeql-action from 3.29.2 to 3.29.5 by @​dependabot[bot] in devops-actions/actionlint#99
• Bump step-security/harden-runner from 2.12.2 to 2.13.0 by @​dependabot[bot] in devops-actions/actionlint#98
• Update actionlint version to 1.7.7 by @​github-actions[bot] in devops-actions/actionlint#74
• Bump github/codeql-action from 3.29.7 to 3.29.8 by @​dependabot[bot] in devops-actions/actionlint#100
• Bump actions/dependency-review-action from 4.7.1 to 4.7.3 by @​dependabot[bot] in devops-actions/actionlint#107
• Bump step-security/harden-runner from 2.13.0 to 2.13.1 by @​dependabot[bot] in devops-actions/actionlint#109
• Bump github/codeql-action from 3.29.8 to 3.30.3 by @​dependabot[bot] in devops-actions/actionlint#108
• Bump actions/dependency-review-action from 4.7.3 to 4.8.0 by @​dependabot[bot] in devops-actions/actionlint#111
• Bump github/codeql-action from 3.30.3 to 3.30.5 by @​dependabot[bot] in devops-actions/actionlint#110
• Bump github/codeql-action from 3.30.5 to 4.31.2 by @​dependabot[bot] in devops-actions/actionlint#120
• Bump actions/dependency-review-action from 4.8.0 to 4.8.1 by @​dependabot[bot] in devops-actions/actionlint#115
• Update actionlint version to 1.7.8 by @​github-actions[bot] in devops-actions/actionlint#114
• Bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in devops-actions/actionlint#101
• Bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @​dependabot[bot] in devops-actions/actionlint#113
• Bump step-security/harden-runner from 2.13.1 to 2.13.2 by @​dependabot[bot] in devops-actions/actionlint#119
• Update actionlint version to 1.7.9 by @​github-actions[bot] in devops-actions/actionlint#121

New Contributors

• @​step-security-bot made their first contribution in devops-actions/actionlint#66

... (truncated)

Commits

• 467e2ce Update actionlint version to 1.7.9 (#121)
• 5e11a36 Bump step-security/harden-runner from 2.13.1 to 2.13.2 (#119)
• 666c887 Bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#113)
• a17659a Bump actions/checkout from 4.2.2 to 5.0.0 (#101)
• 21c0ee2 Update actionlint version to 1.7.8 (#114)
• 78d8915 Bump actions/dependency-review-action from 4.8.0 to 4.8.1 (#115)
• 6b74735 Bump github/codeql-action from 3.30.5 to 4.31.2 (#120)
• b37d855 Bump github/codeql-action from 3.30.3 to 3.30.5 (#110)
• ecd00d8 Bump actions/dependency-review-action from 4.7.3 to 4.8.0 (#111)
• a923f5d Bump github/codeql-action from 3.29.8 to 3.30.3 (#108)
• Additional commits viewable in compare view

Updates Platane/snk from 3.3.0 to 3.4.1

Release notes

Sourced from Platane/snk's releases.

v3.4.1

• fix gif color palette

v3.4.0

• add option for gif background

Commits

• e2cedf7 📦 3.4.1
• af8374a 🔧 fix gif colormap
• 651a2bc 📦 3.4.0
• 04ad071 ↑ update dependencies
• 1474e54 📓
• 4364e44 ✨ add gif implementation benchmark
• a89ad4c 👷 add gif generation tests
• 777a5cc rename animation options + add backgroundColor option for gif
• a865fcc 📓
• 257490f 📓
• Additional commits viewable in compare view

Updates psf/black from 25.9.0 to 25.11.0

Release notes

Sourced from psf/black's releases.

25.11.0

Highlights

• Enable base 3.14 support (#4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#4811)
• Comments containing fmt directives now preserve their exact formatting instead of being normalized (#4811)

Preview style

• Move multiline_string_handling from --unstable to --preview (#4760)
• Fix bug where module docstrings would be treated as normal strings if preceded by comments (#4764)
• Fix bug where python 3.12 generics syntax split line happens weirdly (#4777)
• Standardize type comments to form # type: <value> (#4645)
• Fix fix_fmt_skip_in_one_liners preview feature to respect # fmt: skip for compound statements with semicolon-separated bodies (#4800)

Configuration

• Add no_cache option to control caching behavior. (#4803)

Packaging

• Releases now include arm64 Linux binaries (#4773)

Output

• Write unchanged content to stdout when excluding formatting from stdin using pipes (#4610)

Blackd

• Implemented BlackDClient. This simple python client allows to easily send formatting requests to blackd (#4774)

Integrations

• Enable 3.14 base CI (#4804)
• Enhance GitHub Action psf/black to support the required-version major-version-only "stability" format when using pyproject.toml (#4770)
• Improve error message for vim plugin users. It now handles independently vim version
• Vim: Warn on unsupported Vim and Python versions independently (#4772)
• Vim: Print the import paths when importing black fails (#4675)
• Vim: Fix handling of virtualenvs that have a different Python version (#4675)

Changelog

Sourced from psf/black's changelog.

Change Log

Unreleased

Highlights

• Black no longer supports running with Python 3.9 (#4842)

Stable style

• Fix bug where comments preceding # fmt: off/# fmt: on blocks were incorrectly removed, particularly affecting Jupytext's # %% [markdown] comments (#4845)
• Fix possible crash when fmt: directives aren't on the top level (#4856)

Preview style

• Fix fmt: skip skipping the line after instead of the line it's on (#4855)
• Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting (#4865)
• Fix fix_fmt_skip_in_one_liners crashing on with statements (#4853)
• Fix fix_fmt_skip_in_one_liners crashing on annotated parameters (#4854)

Configuration

Packaging

Parser

Performance

Output

... (truncated)

Commits

• 05f0a8c Prepare for 25.11.0 release (#4825)
• ae17c61 Fix tests on pytest 9 (#4835)
• 138745e Include Windows and Python 3.14 in PR wheel build matrix, fix Windows build (...
• 18170d6 ci: add label for running all builds on a pull request (#4833)
• 0e793e3 fix windows wheels (#4830)
• b71f36c Use build[uv] as cibuildwheel frontend (#4831)
• a7bd594 Skip free threaded builds in cibuildwheel (#4829)
• 862dee9 Update cibuildwheel (#4828)
• b5f354c build: restrict to pytest 9.0 due to breakage in custom pytest_configure (#4827)
• f705197 t-string support (#4805)
• Additional commits viewable in compare view

Updates github/codeql-action from 4.31.2 to 4.31.6

Release notes

Sourced from github/codeql-action's releases.

v4.31.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.6 - 01 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.5 - 24 Nov 2025

• Update default CodeQL bundle version to 2.23.6. #3321

See the full CHANGELOG.md for more information.

v4.31.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.4 - 18 Nov 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.3

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
• Update default CodeQL bundle version to 2.23.5. #3288

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

• Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
• Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

• The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

• Bump minimum CodeQL bundle version to 2.17.6. #3223
• When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

4.30.9 - 17 Oct 2025

• Update default CodeQL bundle version to 2.23.3. #3205
• Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

4.30.8 - 10 Oct 2025

No user facing changes.

4.30.7 - 06 Oct 2025

• [v4+ only] The CodeQL Action now runs on Node.js v24. #3169

... (truncated)

Commits

• fe4161a Merge pull request #3336 from github/update-v4.31.6-ecec1f887
• 88c2ab5 Update changelog for v4.31.6
• ecec1f8 Merge pull request #3335 from github/mbg/ci/run-codeql-on-all-prs
• 23da732 Merge pull request #3334 from github/kaspersv/overlay-minor-comments
• f7abc74 Remove branch filter for PR event in CodeQL workflow
• 32ada5e Merge branch 'main' into kaspersv/overlay-minor-comments
• 75b2f49 Merge pull request #3333 from github/kaspersv/overlay-no-resource-checks-option
• f036b1c Merge branch 'main' into kaspersv/overlay-no-resource-checks-option
• 58c5954 Add comment to runnerSupportsOverlayAnalysis
• b02fa13 Order feature flags alphabetically
• Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.8.1 to 4.8.2

Release notes

Sourced from actions/dependency-review-action's releases.

v4.8.2

Minor fixes:

• Fix PURL parsing for scoped packages (#1008 from @​danielhardej)
• Fix for large summaries (#1007 from @​gitulisca)
• README includes a working example for allow-dependencies-licenses (#1009 from @​danielhardej)

Commits

• 3c4e3dc Merge pull request #1016 from actions/dra-release
• 02930b2 Update CONTRIBUTING to reflect new guidelines
• 49ffd9f Update CONTRIBUTING to reflect the need to build
• 70cb25e 4.8.2 release
• ebabd31 Merge pull request #1008 from danielhardej/danielhardej-patch-20251023
• 19f9360 Update package-lock.json
• 5fd2f98 Bump @​types/jest to version 29.5.14
• 28647f4 Fix PURL parsing by removing encodeURI
• f620fd1 Merge pull request #1013 from actions/dangoor/token-fix
• 9b42b7e Remove bad token reference
• Additional commits viewable in compare view

Updates actions/setup-python from 6.0.0 to 6.1.0

Release notes

Sourced from actions/setup-python's releases.

v6.1.0

What's Changed

Enhancements:

• Add support for pip-install input by @​gowridurgad in actions/setup-python#1201
• Add graalpy early-access and windows builds by @​timfel in actions/setup-python#880

Dependency and Documentation updates:

• Enhanced wording and updated example usage for allow-prereleases by @​yarikoptic in actions/setup-python#979
• Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by @​dependabot in actions/setup-python#1139
• Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by @​dependabot in actions/setup-python#1094
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by @​dependabot in actions/setup-python#1199
• Upgrade requests from 2.32.2 to 2.32.4 by @​dependabot in actions/setup-python#1130
• Upgrade prettier from 3.5.3 to 3.6.2 by @​dependabot in actions/setup-python#1234
• Upgrade @​types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by @​dependabot in actions/setup-python#1235

New Contributors

• @​yarikoptic made their first contribution in actions/setup-python#979

Full Changelog: actions/setup-python@v6...v6.1.0

Commits

• 83679a8 Bump @​types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...
• bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
• 97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
• 443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...
• cfd55ca graalpy: add graalpy early-access and windows builds (#880)
• bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
• 18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-releas...
• 2e3e4b1 Add support for pip-install input (#1201)
• 4267e28 Bump urllib3 from 1.26.19 to 2.5.0 in /tests/data and document breaking c...
• See full diff in compare view

Updates nick2bad4u/generate-repo-file-list from 6de1b736f4684d3a8a4260f0bc3aea4ce1493f3f to 4b742561166c6eafcf23fbb0c79ff8869bbceb27

Commits

• 4b74256 📝 [docs] Update CODE_OF_CONDUCT and add LICENSE file
• ea827ac Merge pull request #36 from Nick2bad4u/dependabot/pip/github-actions-85b6f7c93c
• 78c63b7 Merge pull request #37 from Nick2bad4u/dependabot/github_actions/github-actio...
• 06f2895 🎨 [style] Remove unnecessary blank line in auto-release workflow
• 0a319d8 ✨ [feat] Enable manual triggering of auto-release workflow
• 9423e43 ✨ [feat] Enhance auto-release workflow for version bumping and changelog gene...
• 625f8cf Bump the github-actions group with 2 updates
• 8ca785b Update pytest requirement in the github-actions group
• de6e8c4 🧪 [test] Add comprehensive tests for file list generation and configuration
• ac06e0a Merge pull request #35 from Nick2bad4u/dependabot/github_actions/github-actio...
• Additional commits viewable in compare view

Updates oxsecurity/megalinter from 9.1.0 to 9.2.0

Release notes

Sourced from oxsecurity/megalinter's releases.

v9.2.0

What's Changed

• New linters

  • Salesforce Code Analyzer, by @​abdeslamads
    • SALESFORCE_CODE_ANALYZER_APEX
    • SALESFORCE_CODE_ANALYZER_AURA
    • SALESFORCE_CODE_ANALYZER_LWC

• Disabled linters

  • Reactivate checkov

• Deprecated linters

  • Deprecate terrascan as the project is discontinued. Will be completely removed in a future version.
  • SALESFORCE_SFDX_SCANNER_* linters have been deprecated and will be removed in a future version. (they are replaced by SALESFORCE_CODE_ANALYZER_* linters)

• Media

  • Looking for the best CI/CD Pipeline Linting Tool? Try MegaLinter!, by Seasoned Developer
  • (Brazilian) Qualidade e Segurança em Código com MegaLinter: automatizando análises em MAUI com GitHub Actions, by Canal dotNET

• Linters enhancements

  • Install dotenv-linter deterministically, by @​bdovaz in oxsecurity/megalinter#6385

• Fixes

  • #6544: Add GITHUB_TOKEN in docker build command for custom flavor
  • Hide warning when compiling a regex
  • Fix formatting in descriptor files to reduce changes in generated markdown, by @​echoix in oxsecurity/megalinter#6449

• Reporters

  • Add conversion from Jenkins variables to related Git based reporters variables

• Doc

  • Keep jsonschema html docs updated when using build.py --doc, by @​echoix in oxsecurity/megalinter#6447
  • Commit updated license info generated from build script by @​echoix in oxsecurity/megalinter#6448
  • Recreate docs/descriptors folder, delete old pages by @​echoix in oxsecurity/megalinter#6451

• Flavors

  • Add GITHUB_TOKEN in docker buildx build command for custom flavor, by @​davidfevre-gouv-nc in oxsecurity/megalinter#6545

• CI

  • Optimize performances of standalone linters releases
  • Renovate: Add langchain group for package updates, by @​echoix in oxsecurity/megalinter#6400
  • Refactor file handling in build.py to use pathlib for improved readability, by @​echoix in oxsecurity/megalinter#6450

• mega-linter-runner

  • Handle upgrade of stefanzweifel/git-auto-commit-action to v7

• Linter versions upgrades (53)

  • actionlint from 1.7.7 to 1.7.9
  • ansible-lint from 25.9.1 to 25.11.1

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

• Core

• New linters

  • Add codespell

• Disabled linters

• Deprecated linters

• Removed linters

• Media

• Linters enhancements

• Fixes

• Reporters

• Doc

• Flavors

• CI

  • Free disk space on GitHub actions runner when releasing a new flavor

• mega-linter-runner

• Linter versions upgrades (N)

[v9.2.0]...

Description has been truncated

[dependabot]

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[Nick2bad4u]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud