Bump github.com/Open-CMSIS-Pack/cbuild/v2 from 2.10.0 to 2.11.0

[dependabot]

Bumps github.com/Open-CMSIS-Pack/cbuild/v2 from 2.10.0 to 2.11.0.

Release notes

Sourced from github.com/Open-CMSIS-Pack/cbuild/v2's releases.

v2.11.0

What's Changed

• Cleanup doesn't remove *.cbuild.yml file in Open-CMSIS-Pack/cbuild#432
• Add support for image-only solutions in Open-CMSIS-Pack/cbuild#437
• Handle cmd line option --active= (empty argument) in Open-CMSIS-Pack/cbuild#443

Full Changelog: Open-CMSIS-Pack/cbuild@v2.10.0...v2.11.0

Commits

• 5d4673d chore(deps): bump github/codeql-action from 3.29.11 to 3.30.1
• 170dc77 chore(deps): bump actions/setup-go from 5.5.0 to 6.0.0
• 079545b 🤖 [TPIP] Automated report updates (#461)
• 816fe54 chore(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.10
• fc84f0b chore(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1
• 89f6c3b chore(deps): bump actions/dependency-review-action from 4.7.2 to 4.7.3
• b799e95 chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1
• c6bef5d chore(deps): bump qltysh/qlty-action from 2.1.0 to 2.2.0
• ccbd3bd chore(deps): bump github/codeql-action from 3.29.9 to 3.29.11
• bda54da chore(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
gomod/github.com/Open-CMSIS-Pack/cbuild/v2	2.11.0	🟢 7.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 9 security policy file detected Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 License 🟢 10 license file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected SAST 🟢 8 SAST tool detected but not run on all commits Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Contributors 🟢 6 project has 2 contributing companies or organizations -- score normalized to 6 CI-Tests 🟢 9 28 out of 29 merged PRs checked by a CI test -- score normalized to 9
gomod/github.com/spf13/pflag	1.0.10	🟢 5.8	Details Check Score Reason Code-Review 🟢 9 Found 12/13 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 25 commit(s) and 30 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 10 all dependencies are pinned Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Files

• go.mod

[github-actions]

Test Results

  4 files  ±0   20 suites  ±0   1s ⏱️ -1s
 78 tests ±0   78 ✅ ±0  0 💤 ±0  0 ❌ ±0 
312 runs  ±0  312 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit 3ac02b2. ± Comparison against base commit c0e16a7.

[qltysh]

Diff Coverage: Not applicable. There was no coverage data reported for the files in this diff.

Total Coverage: This PR will not change total coverage.

🛟 Help

• Diff Coverage: Coverage for added or modified lines of code (excludes deleted files). Learn more.

• Total Coverage: Coverage for the whole repository, calculated as the sum of all File Coverage. Learn more.

• File Coverage: Covered Lines divided by Covered Lines plus Missed Lines. (Excludes non-executable lines including blank lines and comments.)

  • Indirect Changes: Changes to File Coverage for files that were not modified in this PR. Learn more.