Skip to content

build(deps): bump the github-actions group across 1 directory with 3 updates#192

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-7295b2d557
Open

build(deps): bump the github-actions group across 1 directory with 3 updates#192
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-7295b2d557

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 19, 2026

Bumps the github-actions group with 3 updates in the / directory: actions/checkout, zizmorcore/zizmor-action and oxsecurity/megalinter.

Updates actions/checkout from 6.0.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits
  • de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
  • 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
  • See full diff in compare view

Updates zizmorcore/zizmor-action from 0.3.0 to 0.5.2

Release notes

Sourced from zizmorcore/zizmor-action's releases.

v0.5.2

What's Changed

  • zizmor 1.23.1 is now the default used by this action.

Full Changelog: zizmorcore/zizmor-action@v0.5.1...v0.5.2

v0.5.1

What's Changed

  • zizmor 1.23.0 is now the default used by this action.

Full Changelog: zizmorcore/zizmor-action@v0.5.0...v0.5.1

v0.5.0

What's Changed

New Contributors

Full Changelog: zizmorcore/zizmor-action@v0.4.1...v0.5.0

v0.4.1

This version fixes an error in the 0.4.0 release that prevented non-relative use of the action.

What's Changed

Full Changelog: zizmorcore/zizmor-action@v0.4.0...v0.4.1

v0.4.0

This new version of zizmor-action brings two major changes:

  • The new fail-on-no-inputs option can be used to control whether zizmor-action fails if no inputs were collected by zizmor. The default remains true, reflecting the pre-existing behavior.

  • The action's use of the official zizmor Docker images is now fully hash-checked internally, preventing accidental or malicious modification to the images. This also means that subsequent releases of zizmor will induce a release of this action, rather than the action always picking up the latest version by default.

What's Changed

... (truncated)

Commits
  • 71321a2 Sync zizmor versions (#96)
  • 5ed31db Bump pins (#95)
  • 195d10a Sync zizmor versions (#94)
  • c65bc88 chore(deps): bump github/codeql-action in the github-actions group (#93)
  • c2c887f chore(deps): bump zizmorcore/zizmor-action in the github-actions group (#91)
  • 5507ab0 Bump pins in README (#90)
  • 0dce257 chore(deps): bump peter-evans/create-pull-request (#88)
  • fb94974 Expose output-file as an output when advanced-security: true (#87)
  • 867562a chore(deps): bump the github-actions group with 2 updates (#85)
  • 7462f07 Bump pins in README (#84)
  • Additional commits viewable in compare view

Updates oxsecurity/megalinter from 9.2.0 to 9.4.0

Release notes

Sourced from oxsecurity/megalinter's releases.

v9.4.0

What's Changed

  • Core

    • Improve files browsing performances (2 PRs)
    • Optimize parallel linter processing and improve grouping logic
    • Improve performance of listing .gitignored files by sending excluded directories to git ls-files
    • If there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances
    • Reduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules
    • Cache subprocess environment per linter run and excluded directories per request
    • Optimize parallel linter result update from O(n²) to O(n)
    • Add support in the build of Docker images for linux/arm64 in compatible linters

  • New linters

  • Disabled linters

  • Linters enhancements

    • Use the official checkmake image by @​bdovaz
    • Spectral: Add sarif support to spectral by @​bdovaz
    • Spectral: Change cli_lint_mode to list_of_files to improve performances

  • Fixes

    • Add support for SSH remote origins when building custom flavors (fixes: #6511)
    • Fix issue with plugins ignored when FLAVOR_SUGGESTIONS=false
    • Fix wrong tagging apply_fixes=True when linter has no fix options configured
    • Python mypy: Remove .ipynb from file extensions (mypy doesn't support notebooks directly) - fixes #6904
    • Fix operator precedence bug in pre_post_factory pre/post command logic
    • Fix file handle leak in GitleaksLinter
    • Fix variable name bug in utils.get_git_context_info
    • Minor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter

  • Reporters

    • Add a link inviting to star MegaLinter
    • Display in the console reporter the working directory from which the commands are executed by @​bdovaz
    • Update WebHook reporter so it can send more events for a better integration with UI
    • When truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)
    • In case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead
    • Azure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib

  • Flavors

    • Custom flavor builder:
      • Add support for SSH remotes
      • Allow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms
      • Build & release custom flavor builder image for linux/arm64

  • Doc

    • JSON Schema: Add default values for file extensions and file names variables + improve descriptions

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

  • Core

  • New linters

  • Disabled linters

  • Deprecated linters

  • Removed linters

  • Media

  • Linters enhancements

  • Fixes

  • Reporters

  • Flavors

  • Doc

  • CI

  • mega-linter-runner

  • Linter versions upgrades (N)

    • isort from 8.0.0 to 8.0.1 on 2026-02-28
    • rumdl from 0.1.32 to 0.1.33 on 2026-03-04
    • trivy-sbom from 0.69.1 to 0.69.2 on 2026-03-04
    • trivy from 0.69.1 to 0.69.2 on 2026-03-04
    • cfn-lint from 1.45.0 to 1.46.0 on 2026-03-09
    • rumdl from 0.1.33 to 0.1.42 on 2026-03-09
    • black from 26.1.0 to 26.3.0 on 2026-03-09
    • grype from 0.109.0 to 0.109.1 on 2026-03-09
    • syft from 1.42.1 to 1.42.2 on 2026-03-09
    • clippy from 0.1.93 to 0.1.94 on 2026-03-09
    • npm-groovy-lint from 16.2.0 to 17.0.0 on 2026-03-10
    • dotnet-format from 9.0.114 to 10.0.103 on 2026-03-10
    • htmlhint from 1.9.1 to 1.9.2 on 2026-03-10

... (truncated)

Commits
  • 8fbdead Release MegaLinter v9.4.0
  • 9f605c4 Fix custom flavor builder workflow (#7306)
  • b7dcb60 Update changelog to prepare release (#7304)
  • 3077b04 chore(deps): update dependency regex to v2026.2.28 (#7303)
  • edba876 [automation] Auto-update linters version, help and documentation (#7299)
  • 07fb84d chore(deps): update dependency python-gitlab to v8.1.0 (#7302)
  • 4d42e33 chore(deps): update dependency fastapi to v0.134.0 (#7301)
  • 649726c chore(deps): update dependency rumdl to v0.1.32 (#7300)
  • 768b5a3 chore(deps): update dependency virtualenv to v21.1.0 (#7298)
  • 7e73a76 chore(deps): update dependency eslint-plugin-jsonc to v3 (#7260)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the github-actions group across 1 directory with 3 …
fbc47ae 
…updates

Bumps the github-actions group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) and [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter).


Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@8e8c483...de0fac2)

Updates `zizmorcore/zizmor-action` from 0.3.0 to 0.5.2
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](zizmorcore/zizmor-action@e639db9...71321a2)

Updates `oxsecurity/megalinter` from 9.2.0 to 9.4.0
- [Release notes](https://github.com/oxsecurity/megalinter/releases)
- [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md)
- [Commits](oxsecurity/megalinter@55a59b2...8fbdead)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: oxsecurity/megalinter
  dependency-version: 9.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 19, 2026
@dependabot dependabot bot requested a review from EkelmansPh as a code owner March 19, 2026 04:18
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 19, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 19, 2026

⚠️MegaLinter analysis: Success with warnings

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 8 0 0 0.09s
✅ DOCKERFILE hadolint 1 0 0 0.07s
✅ JSON prettier 6 1 0 0 1.0s
✅ JSON v8r 6 0 0 3.68s
⚠️ MARKDOWN markdownlint 9 1 11 0 1.33s
✅ MARKDOWN markdown-table-formatter 9 1 0 0 0.49s
⚠️ REPOSITORY checkov yes no 1 24.85s
✅ REPOSITORY git_diff yes no no 0.3s
⚠️ REPOSITORY grype yes no 18 42.25s
✅ REPOSITORY secretlint yes no no 2.6s
✅ REPOSITORY syft yes no no 4.96s
✅ REPOSITORY trivy yes no no 12.33s
✅ REPOSITORY trivy-sbom yes no no 0.44s
✅ REPOSITORY trufflehog yes no no 3.67s
⚠️ SPELL lychee 43 10 0 5.1s
✅ YAML prettier 12 0 0 0 1.04s
✅ YAML v8r 12 0 0 8.33s
✅ YAML yamllint 12 0 0 0.82s

Detailed Issues

⚠️ REPOSITORY / checkov - 1 warning 
warning: Ensure that a user for the container has been created
   ┌─ Dockerfile.flex:1:1
   │  
 1 │ ╭ FROM ghcr.io/philips-software/amp-devcontainer-cpp:v6.0.2@sha256:36afaaa5ba4bc4e9bb471012db9733c26a210e315ddb33600f73bb9532b02a25 AS builder
 2 │ │ 
 3 │ │ HEALTHCHECK NONE
 4 │ │ 
   · │
29 │ │ ENTRYPOINT ["/flex/postmaster.flex"]
30 │ │ CMD ["--help"]
   │ ╰──────────────^
   │  
   = Ensure that a user for the container has been created
   = Ensure that a user for the container has been created

warning: 1 warnings emitted
⚠️ REPOSITORY / grype - 18 warnings 
warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/flex-build-push.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/wc-continuous-integration.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/release-please.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/release-build.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/pr-conventional-title.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/linting-formatting.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/release-please.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/wc-continuous-integration.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/flex-build-push.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/release-build.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/pr-conventional-title.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/linting-formatting.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/flex-build-push.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/linting-formatting.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/pr-conventional-title.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/release-build.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/release-please.yml

warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.0 was found at: /.github/workflows/wc-continuous-integration.yml

warning: 18 warnings emitted
⚠️ SPELL / lychee - 10 errors 
[404] https://github.com/philips-internal/amp-postmaster/releases/latest | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/security | Network error: Not Found
[403] https://share.philips.com/sites/SWCoE/Lists/List%20of%20Business%20Categories/AllItems.aspx | Network error: Forbidden
[403] https://share.philips.com/sites/SWCoE/Lists/List%20of%20Business%20Categories/DispForm.aspx?ID=52 | Network error: Forbidden
[ERROR] https://confluence.atlas.philips.com/display/GITHUB/Contribution+Models | Network error: error sending request for url (https://confluence.atlas.philips.com/display/GITHUB/Contribution+Models) Maybe a certificate error?
[404] https://philips-software.github.io/amp-embedded-infra-lib/embedded_infrastructure_library/7.0.0/Echo.html | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/actions/workflows/linting-formatting.yml/badge.svg | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/workflows/Continuous%20Integration/badge.svg | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/actions/workflows/linting-formatting.yml | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/actions | Network error: Not Found
📝 Summary
---------------------
🔍 Total...........94
✅ Successful......84
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........0
❓ Unknown..........0
🚫 Errors..........10

Errors in .github/philips-repo.yaml
[403] https://share.philips.com/sites/SWCoE/Lists/List%20of%20Business%20Categories/DispForm.aspx?ID=52 | Network error: Forbidden
[403] https://share.philips.com/sites/SWCoE/Lists/List%20of%20Business%20Categories/AllItems.aspx | Network error: Forbidden

Errors in README.md
[404] https://github.com/philips-internal/amp-postmaster/actions/workflows/linting-formatting.yml/badge.svg | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/workflows/Continuous%20Integration/badge.svg | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/actions/workflows/linting-formatting.yml | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/actions | Network error: Not Found
[404] https://philips-software.github.io/amp-embedded-infra-lib/embedded_infrastructure_library/7.0.0/Echo.html | Network error: Not Found

Errors in CONTRIBUTING.md
[ERROR] https://confluence.atlas.philips.com/display/GITHUB/Contribution+Models | Network error: error sending request for url (https://confluence.atlas.philips.com/display/GITHUB/Contribution+Models) Maybe a certificate error?

Errors in .github/SECURITY.md
[404] https://github.com/philips-internal/amp-postmaster/security | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/releases/latest | Network error: Not Found
⚠️ MARKDOWN / markdownlint - 11 errors 
CHANGELOG.md:28 error MD024/no-duplicate-heading Multiple headings with the same content [Context: "Bug Fixes"]
CHANGELOG.md:40 error MD024/no-duplicate-heading Multiple headings with the same content [Context: "Bug Fixes"]
CHANGELOG.md:47 error MD024/no-duplicate-heading Multiple headings with the same content [Context: "Features"]
CHANGELOG.md:52 error MD024/no-duplicate-heading Multiple headings with the same content [Context: "Bug Fixes"]
CHANGELOG.md:59 error MD024/no-duplicate-heading Multiple headings with the same content [Context: "Bug Fixes"]
CHANGELOG.md:66 error MD024/no-duplicate-heading Multiple headings with the same content [Context: "Features"]
CHANGELOG.md:73 error MD024/no-duplicate-heading Multiple headings with the same content [Context: "Features"]
CHANGELOG.md:80 error MD024/no-duplicate-heading Multiple headings with the same content [Context: "Bug Fixes"]
LICENSE.md:1 error MD041/first-line-heading/first-line-h1 First line in a file should be a top-level heading [Context: "The MIT License (MIT) Copyrigh..."]
LICENSE.md:3:401 error MD013/line-length Line length [Expected: 400; Actual: 432]
LICENSE.md:7:401 error MD013/line-length Line length [Expected: 400; Actual: 460]

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

  • Documentation: Custom Flavors
  • Command: npx mega-linter-runner@9.4.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,DOCKERFILE_HADOLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@EkelmansPh EkelmansPh Awaiting requested review from EkelmansPh EkelmansPh is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants