From 383f067e620f1d1ea7176c875d4556821c94ff8c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 May 2026 12:10:47 +0000 Subject: [PATCH 1/2] build(deps): bump the github-action-updates group across 1 directory with 5 updates Bumps the github-action-updates group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/cache](https://github.com/actions/cache) | `5.0.4` | `5.0.5` | | [hendrikmuhs/ccache-action](https://github.com/hendrikmuhs/ccache-action) | `1.2.22` | `1.2.23` | | [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.4.0` | `9.5.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.35.1` | `4.36.0` | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `3.1.1` | `3.2.0` | Updates `actions/cache` from 5.0.4 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae) Updates `hendrikmuhs/ccache-action` from 1.2.22 to 1.2.23 - [Release notes](https://github.com/hendrikmuhs/ccache-action/releases) - [Commits](https://github.com/hendrikmuhs/ccache-action/compare/33522472633dbd32578e909b315f5ee43ba878ce...d62db5f07c26379fc4b4e0916f098a92573c3b03) Updates `oxsecurity/megalinter` from 9.4.0 to 9.5.0 - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](https://github.com/oxsecurity/megalinter/compare/8fbdead70d1409964ab3d5afa885e18ee85388bb...0e3ce9b9c8c10effb9b269509cc47ca17cae31c7) Updates `github/codeql-action` from 4.35.1 to 4.36.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...7211b7c8077ea37d8641b6271f6a365a22a5fbfa) Updates `actions/create-github-app-token` from 3.1.1 to 3.2.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/create-github-app-token/compare/1b10c78c7865c340bc4f6099eb2f838309f1e8c3...bcd2ba49218906704ab6c1aa796996da409d3eb1) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-action-updates - dependency-name: actions/create-github-app-token dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-action-updates - dependency-name: github/codeql-action dependency-version: 4.35.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-action-updates - dependency-name: hendrikmuhs/ccache-action dependency-version: 1.2.23 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-action-updates - dependency-name: oxsecurity/megalinter dependency-version: 9.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-action-updates ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 8 ++++---- .github/workflows/linting-formatting.yml | 4 ++-- .github/workflows/release-please.yml | 2 +- .github/workflows/security.yml | 2 +- .github/workflows/static-analysis.yml | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c8c8e542..73e0e92c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,14 +32,14 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - if: ${{ matrix.target == 'Windows' }} - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 id: cache-winsdk with: path: /winsdk key: cache-winsdk-10.0.26100-14.43.17.13 - if: ${{ matrix.target == 'Windows' && steps.cache-winsdk.outputs.cache-hit != 'true' }} run: ./get-winsdk.sh - - uses: hendrikmuhs/ccache-action@33522472633dbd32578e909b315f5ee43ba878ce # v1.2.22 + - uses: hendrikmuhs/ccache-action@d62db5f07c26379fc4b4e0916f098a92573c3b03 # v1.2.23 with: key: ${{ github.job }}-${{ matrix.target }} max-size: 2G @@ -59,7 +59,7 @@ jobs: container: ghcr.io/philips-software/amp-devcontainer-cpp:v6.10.2@sha256:6dcb2bba0b158b055995b728631e1b92c7e8bae97119b0f171429423ed9d5e19 # v6.10.2 steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: hendrikmuhs/ccache-action@33522472633dbd32578e909b315f5ee43ba878ce # v1.2.22 + - uses: hendrikmuhs/ccache-action@d62db5f07c26379fc4b4e0916f098a92573c3b03 # v1.2.23 with: key: ${{ github.job }} max-size: 2G @@ -88,7 +88,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: hendrikmuhs/ccache-action@33522472633dbd32578e909b315f5ee43ba878ce # v1.2.22 + - uses: hendrikmuhs/ccache-action@d62db5f07c26379fc4b4e0916f098a92573c3b03 # v1.2.23 with: key: ${{ github.job }}-${{ matrix.os }}-${{ matrix.type }}${{ matrix.preset_suffix }} max-size: 2G diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index 88822524..878f13c8 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -26,13 +26,13 @@ jobs: with: fetch-depth: 0 persist-credentials: false - - uses: oxsecurity/megalinter/flavors/c_cpp@8fbdead70d1409964ab3d5afa885e18ee85388bb # v9.4.0 + - uses: oxsecurity/megalinter/flavors/c_cpp@0e3ce9b9c8c10effb9b269509cc47ca17cae31c7 # v9.5.0 env: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: git diff - - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + - uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index b4b4cb20..d7e72745 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -19,7 +19,7 @@ jobs: name: Create Release runs-on: [ubuntu-latest] steps: - - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 + - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: token with: app-id: ${{ vars.FOREST_RELEASER_APP_ID }} diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index c97fb7ca..95512311 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -31,6 +31,6 @@ jobs: results_format: sarif repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} publish_results: true - - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + - uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: sarif_file: scorecards.sarif diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index 851a9b0d..6641c9d0 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -27,7 +27,7 @@ jobs: fetch-depth: 0 # Disable shallow clone to enable blame information persist-credentials: false - - uses: hendrikmuhs/ccache-action@33522472633dbd32578e909b315f5ee43ba878ce # v1.2.22 + - uses: hendrikmuhs/ccache-action@d62db5f07c26379fc4b4e0916f098a92573c3b03 # v1.2.23 with: key: ${{ github.job }} max-size: 2G @@ -73,14 +73,14 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: hendrikmuhs/ccache-action@33522472633dbd32578e909b315f5ee43ba878ce # v1.2.22 + - uses: hendrikmuhs/ccache-action@d62db5f07c26379fc4b4e0916f098a92573c3b03 # v1.2.23 with: key: ${{ github.job }} - - uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + - uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: languages: cpp - uses: lukka/run-cmake@5d55ea7949e25f69f0ecb516d8d572297e03a956 # v10.9 with: configurePreset: "Host" buildPreset: "Host-Debug" - - uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + - uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 From fcb5c0115e7adc441999e09e6d28496d44d65dfd Mon Sep 17 00:00:00 2001 From: "Timmer, Daan" Date: Thu, 28 May 2026 13:12:42 +0000 Subject: [PATCH 2/2] build(linter): add REPOSITORY_OSV_SCANNER to disabled errors and GITHUB_TOKEN to unsecured env variables --- .mega-linter.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.mega-linter.yml b/.mega-linter.yml index 3cac3b79..bfd7a14e 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -20,10 +20,13 @@ DISABLE_LINTERS: - SPELL_CSPELL DISABLE_ERRORS_LINTERS: - MARKDOWN_MARKDOWN_LINK_CHECK + - REPOSITORY_OSV_SCANNER - SPELL_PROSELINT - SPELL_LYCHEE CPP_CLANG_FORMAT_FILTER_REGEX_EXCLUDE: (external) SPELL_PROSELINT_FILE_EXTENSIONS: [".md", ".adoc"] +ACTION_ZIZMOR_UNSECURED_ENV_VARIABLES: + - GITHUB_TOKEN SARIF_REPORTER: true PRINT_ALPACA: false SHOW_SKIPPED_LINTERS: false