Skip to content

chore: bump the github-actions-dependencies group across 1 directory with 8 updates#1146

Merged
neilime merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-dependencies-9e43dbd51d
Jun 13, 2026
Merged

chore: bump the github-actions-dependencies group across 1 directory with 8 updates#1146
neilime merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-dependencies-9e43dbd51d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 5, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions-dependencies group with 8 updates in the / directory:

Package From To
hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml 0.24.0 0.24.4
hoverkraft-tech/ci-github-common/.github/workflows/greetings.yml 0.35.0 0.37.1
actions/checkout 6.0.2 6.0.3
hoverkraft-tech/ci-github-common 0.35.0 0.37.1
hoverkraft-tech/ci-github-publish 0.23.2 0.26.3
hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml 0.35.0 0.37.1
hoverkraft-tech/ci-github-common/.github/workflows/semantic-pull-request.yml 0.35.0 0.37.1
hoverkraft-tech/ci-github-common/.github/workflows/stale.yml 0.35.0 0.37.1

Updates hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml from 0.24.0 to 0.24.4

Release notes

Sourced from hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml's releases.

0.24.4

Release Summary

Fixed the actions/has-installed-dependencies action by removing usage of a deprecated flag. Updated the actions and workflows documentation.

Internal maintenance updated ci-github-common from 0.36.0 to 0.36.2.

Breaking change(s)

There is no breaking change.

What's Changed

Full Changelog: hoverkraft-tech/ci-github-nodejs@0.24.3...0.24.4

0.24.3

Release Summary

Documentation for actions and workflows has been updated.

Internal dependency maintenance updates GitHub Actions dependencies across multiple directories.

Breaking changes

There is no breaking change.

What's Changed

Full Changelog: hoverkraft-tech/ci-github-nodejs@0.24.2...0.24.3

0.24.2

Release Summary

Documentation for GitHub Actions and workflows was refreshed.

The release process now uses Node.js LTS, and GitHub Actions dependencies were updated across workflow directories.

... (truncated)

Commits
  • df34807 docs: update actions and workflows documentation
  • 1980542 chore: bump ci-github-common fomr 0.36.0 to 0.36.2
  • b0e4e97 docs: update actions and workflows documentation
  • 59ea221 fix(actions/has-installed-dependencies): remove use of deprecated flag
  • 37a362e docs: update actions and workflows documentation
  • 87e6019 chore(deps): bump the github-actions-dependencies group across 10 directories...
  • 51be237 docs: update actions and workflows documentation
  • 65fc821 docs: add GitHub Verified Creator badge
  • 1633f3b docs: update actions and workflows documentation
  • 3e90690 chore(deps): bump the github-actions-dependencies group across 2 directories ...
  • Additional commits viewable in compare view

Updates hoverkraft-tech/ci-github-common/.github/workflows/greetings.yml from 0.35.0 to 0.37.1

Release notes

Sourced from hoverkraft-tech/ci-github-common/.github/workflows/greetings.yml's releases.

0.37.1

Release Summary

Fixed actions/checkout to prevent unexpected double checkouts.

Updated actions and workflows documentation.

Internal dependency maintenance: bumped actions/checkout from 6.0.2 to 6.0.3.

Breaking change(s)

There is no breaking change.

What's Changed

Full Changelog: hoverkraft-tech/ci-github-common@0.37.0...0.37.1

0.37.0

Release Summary

The linter workflow now uses the required GitHub permissions and token fallback to improve CI reliability. The CI checkout action was updated to actions/checkout v6.0.3. Internal actions and workflow documentation was refreshed.

Breaking changes

The linter permissions fix is marked as breaking, so reusable workflow consumers may need to update granted permissions for linter-related jobs.

What's Changed

Full Changelog: hoverkraft-tech/ci-github-common@0.36.4...0.37.0

0.36.4

Release Summary

actions/local-workflow-actions now supports tokens for private repositories, improving compatibility with private GitHub projects.

Documentation for actions and workflows was updated.

Internal maintenance includes GitHub Actions dependency updates across multiple directories.

... (truncated)

Commits
  • 624be17 chore: bump actions/checkout
  • cf65783 fix(actions/checkout): unexpected double checkouts
  • 732153a docs: update actions and workflows documentation
  • 59c0629 fix(actions/checkout): bump actions/checkout to v6.0.3
  • 6908a61 fix(linter)!: fix linter required permissions
  • 0381055 docs: update actions and workflows documentation
  • 23e4b6a docs: update actions and workflows documentation
  • 6a0fdae chore: bump the github-actions-dependencies group across 3 directories with 2...
  • 1613dbb docs: update actions and workflows documentation
  • 93916b4 fix(actions/local-workflow-actions): support token for private repositories
  • Additional commits viewable in compare view

Updates actions/checkout from 6.0.2 to 6.0.3

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

... (truncated)

Commits

Updates hoverkraft-tech/ci-github-common from 0.35.0 to 0.37.1

Release notes

Sourced from hoverkraft-tech/ci-github-common's releases.

0.37.1

Release Summary

Fixed actions/checkout to prevent unexpected double checkouts.

Updated actions and workflows documentation.

Internal dependency maintenance: bumped actions/checkout from 6.0.2 to 6.0.3.

Breaking change(s)

There is no breaking change.

What's Changed

Full Changelog: hoverkraft-tech/ci-github-common@0.37.0...0.37.1

0.37.0

Release Summary

The linter workflow now uses the required GitHub permissions and token fallback to improve CI reliability. The CI checkout action was updated to actions/checkout v6.0.3. Internal actions and workflow documentation was refreshed.

Breaking changes

The linter permissions fix is marked as breaking, so reusable workflow consumers may need to update granted permissions for linter-related jobs.

What's Changed

Full Changelog: hoverkraft-tech/ci-github-common@0.36.4...0.37.0

0.36.4

Release Summary

actions/local-workflow-actions now supports tokens for private repositories, improving compatibility with private GitHub projects.

Documentation for actions and workflows was updated.

Internal maintenance includes GitHub Actions dependency updates across multiple directories.

... (truncated)

Commits
  • 624be17 chore: bump actions/checkout
  • cf65783 fix(actions/checkout): unexpected double checkouts
  • 732153a docs: update actions and workflows documentation
  • 59c0629 fix(actions/checkout): bump actions/checkout to v6.0.3
  • 6908a61 fix(linter)!: fix linter required permissions
  • 0381055 docs: update actions and workflows documentation
  • 23e4b6a docs: update actions and workflows documentation
  • 6a0fdae chore: bump the github-actions-dependencies group across 3 directories with 2...
  • 1613dbb docs: update actions and workflows documentation
  • 93916b4 fix(actions/local-workflow-actions): support token for private repositories
  • Additional commits viewable in compare view

Updates hoverkraft-tech/ci-github-publish from 0.23.2 to 0.26.3

Release notes

Sourced from hoverkraft-tech/ci-github-publish's releases.

0.26.3

Release Summary

Actions and workflows documentation was refreshed.

Internal changes include dependency updates for LangChain and GitHub Actions dependencies.

Breaking changes

There is no breaking change.

What's Changed

Full Changelog: hoverkraft-tech/ci-github-publish@0.26.2...0.26.3

0.26.2

Release Summary

Release planning now uses the GitHub API instead of local Git, improving reliability in CI environments. Documentation for actions and workflows has been updated.

Internal changes include GitHub Actions dependency updates.

Breaking change(s)

There is no breaking change.

What's Changed

Full Changelog: hoverkraft-tech/ci-github-publish@0.26.1...0.26.2

0.26.1

Release Summary

Release planning now passes the GitHub token to the tag-check process, improving release tag validation reliability.

Actions and workflows documentation has been refreshed.

Internal updates include the GitHub Actions dependency group bump to hoverkraft-tech/ci-github-container 0.36.0, bringing BuildKit 0.30.0, Helm documentation merged-sha output support, and related workflow maintenance.

... (truncated)

Commits
  • b2562b4 docs: update actions and workflows documentation
  • f3c020b build(deps): Bump the github-actions-dependencies group across 8 directories ...
  • b71de10 build(deps): Bump langchain
  • c8f9d50 docs: update actions and workflows documentation
  • 2a2ebbc docs: add GitHub Verified Creator badge
  • 0f55946 docs: update actions and workflows documentation
  • 0437797 docs: update actions and workflows documentation
  • 84d583b Merge pull request #403 from hoverkraft-tech/dependabot/github_actions/github...
  • 201f32d build(deps): Bump the github-actions-dependencies group across 1 directory wi...
  • 59c58ea docs: update actions and workflows documentation
  • Additional commits viewable in compare view

Updates hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml from 0.35.0 to 0.37.1

Release notes

Sourced from hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml's releases.

0.37.1

Release Summary

Fixed actions/checkout to prevent unexpected double checkouts.

Updated actions and workflows documentation.

Internal dependency maintenance: bumped actions/checkout from 6.0.2 to 6.0.3.

Breaking change(s)

There is no breaking change.

What's Changed

Full Changelog: hoverkraft-tech/ci-github-common@0.37.0...0.37.1

0.37.0

Release Summary

The linter workflow now uses the required GitHub permissions and token fallback to improve CI reliability. The CI checkout action was updated to actions/checkout v6.0.3. Internal actions and workflow documentation was refreshed.

Breaking changes

The linter permissions fix is marked as breaking, so reusable workflow consumers may need to update granted permissions for linter-related jobs.

What's Changed

Full Changelog: hoverkraft-tech/ci-github-common@0.36.4...0.37.0

0.36.4

Release Summary

actions/local-workflow-actions now supports tokens for private repositories, improving compatibility with private GitHub projects.

Documentation for actions and workflows was updated.

Internal maintenance includes GitHub Actions dependency updates across multiple directories.

... (truncated)

Commits
  • 624be17 chore: bump actions/checkout
  • cf65783 fix(actions/checkout): unexpected double checkouts
  • 732153a docs: update actions and workflows documentation
  • 59c0629 fix(actions/checkout): bump actions/checkout to v6.0.3
  • 6908a61 fix(linter)!: fix linter required permissions
  • 0381055 docs: update actions and workflows documentation
  • 23e4b6a docs: update actions and workflows documentation
  • 6a0fdae chore: bump the github-actions-dependencies group across 3 directories with 2...
  • 1613dbb docs: update actions and workflows documentation
  • 93916b4 fix(actions/local-workflow-actions): support token for private repositories
  • Additional commits viewable in compare view

Updates hoverkraft-tech/ci-github-common/.github/workflows/semantic-pull-request.yml from 0.35.0 to 0.37.1

Release notes

Sourced from hoverkraft-tech/ci-github-common/.github/workflows/semantic-pull-request.yml's releases.

0.37.1

Release Summary

Fixed actions/checkout to prevent unexpected double checkouts.

Updated actions and workflows documentation.

Internal dependency maintenance: bumped actions/checkout from 6.0.2 to 6.0.3.

Breaking change(s)

There is no breaking change.

What's Changed

Full Changelog: hoverkraft-tech/ci-github-common@0.37.0...0.37.1

0.37.0

Release Summary

The linter workflow now uses the required GitHub permissions and token fallback to improve CI reliability. The CI checkout action was updated to actions/checkout v6.0.3. Internal actions and workflow documentation was refreshed.

Breaking changes

The linter permissions fix is marked as breaking, so reusable workflow consumers may need to update granted permissions for linter-related jobs.

What's Changed

Full Changelog: hoverkraft-tech/ci-github-common@0.36.4...0.37.0

0.36.4

Release Summary

actions/local-workflow-actions now supports tokens for private repositories, improving compatibility with private GitHub projects.

Documentation for actions and workflows was updated.

Internal maintenance includes GitHub Actions dependency updates across multiple directories.

... (truncated)

Commits
  • 624be17 chore: bump actions/checkout
  • cf65783 fix(actions/checkout): unexpected double checkouts
  • 732153a docs: update actions and workflows documentation
  • 59c0629 fix(actions/checkout): bump actions/checkout to v6.0.3
  • 6908a61 fix(linter)!: fix linter required permissions
  • 0381055 docs: update actions and workflows documentation
  • 23e4b6a docs: update actions and workflows documentation
  • 6a0fdae chore: bump the github-actions-dependencies group across 3 directories with 2...
  • 1613dbb docs: update actions and workflows documentation
  • 93916b4 fix(actions/local-workflow-actions): support token for private repositories
  • Additional commits viewable in compare view

Updates hoverkraft-tech/ci-github-common/.github/workflows/stale.yml from 0.35.0 to 0.37.1

Release notes

Sourced from hoverkraft-tech/ci-github-common/.github/workflows/stale.yml's releases.

0.37.1

Release Summary

Fixed actions/checkout to prevent unexpected double checkouts.

Updated actions and workflows documentation.

Internal dependency maintenance: bumped actions/checkout from 6.0.2 to 6.0.3.

Breaking change(s)

There is no breaking change.

What's Changed

Full Changelog: hoverkraft-tech/ci-github-common@0.37.0...0.37.1

0.37.0

Release Summary

The linter workflow now uses the required GitHub permissions and token fallback to improve CI reliability. The CI checkout action was updated to actions/checkout v6.0.3. Internal actions and workflow documentation was refreshed.

Breaking changes

The linter permissions fix is marked as breaking, so reusable workflow consumers may need to update granted permissions for linter-related jobs.

What's Changed

Full Changelog: hoverkraft-tech/ci-github-common@0.36.4...0.37.0

0.36.4

Release Summary

actions/local-workflow-actions now supports tokens for private repositories, improving compatibility with private GitHub projects.

Documentation for actions and workflows was updated.

Internal maintenance includes GitHub Actions dependency updates across multiple directories.

... (truncated)

Commits
  • 624be17 chore: bump actions/checkout
  • cf65783 fix(actions/checkout): unexpected double checkouts
  • 732153a docs: update actions and workflows documentation
  • 59c0629 fix(actions/checkout): bump actions/checkout to v6.0.3
  • 6908a61 fix(linter)!: fix linter required permissions
  • 0381055 docs: update actions and workflows documentation
  • 23e4b6a docs: update actions and workflows documentation
  • 6a0fdae chore: bump the github-actions-dependencies group across 3 directories with 2...
  • 1613dbb docs: update actions and workflows documentation
  • 93916b4 fix(actions/local-workflow-actions): support token for private repositories
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 5, 2026
@github-actions

github-actions Bot commented Jun 5, 2026

Copy link
Copy Markdown

Hi, thank you for creating your PR, we will check it out very soon

@dependabot dependabot Bot changed the title chore(deps): Bump the github-actions-dependencies group across 1 directory with 8 updates Bump the github-actions-dependencies group across 1 directory with 8 updates Jun 12, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-dependencies-9e43dbd51d branch from cf4a296 to 38537f9 Compare June 12, 2026 07:34
@neilime neilime force-pushed the dependabot/github_actions/github-actions-dependencies-9e43dbd51d branch from 38537f9 to 355583a Compare June 12, 2026 20:22
@neilime neilime changed the title Bump the github-actions-dependencies group across 1 directory with 8 updates chore: bump the github-actions-dependencies group across 1 directory with 8 updates Jun 13, 2026
@neilime neilime force-pushed the dependabot/github_actions/github-actions-dependencies-9e43dbd51d branch from 355583a to 1984192 Compare June 13, 2026 07:02
@github-actions

github-actions Bot commented Jun 13, 2026

Copy link
Copy Markdown

Code Coverage Report

Coverage Results

Coverage

Metric Covered Total Percentage
Lines 200 679 29.46%
Branches 11 198 5.56%
Functions 8 195 4.10%

Overall: 29.46% 🔴
🟥🟥🟥🟥🟥🟥⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜

@neilime neilime force-pushed the dependabot/github_actions/github-actions-dependencies-9e43dbd51d branch from 1984192 to cbffc60 Compare June 13, 2026 07:09
…updates

Bumps the github-actions-dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml](https://github.com/hoverkraft-tech/ci-github-nodejs) | `0.24.0` | `0.24.4` |
| [hoverkraft-tech/ci-github-common/.github/workflows/greetings.yml](https://github.com/hoverkraft-tech/ci-github-common) | `0.35.0` | `0.37.1` |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |
| [hoverkraft-tech/ci-github-common](https://github.com/hoverkraft-tech/ci-github-common) | `0.35.0` | `0.37.1` |
| [hoverkraft-tech/ci-github-publish](https://github.com/hoverkraft-tech/ci-github-publish) | `0.23.2` | `0.26.3` |
| [hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml](https://github.com/hoverkraft-tech/ci-github-common) | `0.35.0` | `0.37.1` |
| [hoverkraft-tech/ci-github-common/.github/workflows/semantic-pull-request.yml](https://github.com/hoverkraft-tech/ci-github-common) | `0.35.0` | `0.37.1` |
| [hoverkraft-tech/ci-github-common/.github/workflows/stale.yml](https://github.com/hoverkraft-tech/ci-github-common) | `0.35.0` | `0.37.1` |

Updates `hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml` from 0.24.0 to 0.24.4
- [Release notes](https://github.com/hoverkraft-tech/ci-github-nodejs/releases)
- [Commits](hoverkraft-tech/ci-github-nodejs@a10d5e3...df34807)

Updates `hoverkraft-tech/ci-github-common/.github/workflows/greetings.yml` from 0.35.0 to 0.37.1
- [Release notes](https://github.com/hoverkraft-tech/ci-github-common/releases)
- [Commits](hoverkraft-tech/ci-github-common@4c9d517...624be17)

Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...df4cb1c)

Updates `hoverkraft-tech/ci-github-common` from 0.35.0 to 0.37.1
- [Release notes](https://github.com/hoverkraft-tech/ci-github-common/releases)
- [Commits](hoverkraft-tech/ci-github-common@4c9d517...624be17)

Updates `hoverkraft-tech/ci-github-publish` from 0.23.2 to 0.26.3
- [Release notes](https://github.com/hoverkraft-tech/ci-github-publish/releases)
- [Commits](hoverkraft-tech/ci-github-publish@2c8e24b...b2562b4)

Updates `hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml` from 0.35.0 to 0.37.1
- [Release notes](https://github.com/hoverkraft-tech/ci-github-common/releases)
- [Commits](hoverkraft-tech/ci-github-common@4c9d517...624be17)

Updates `hoverkraft-tech/ci-github-common/.github/workflows/semantic-pull-request.yml` from 0.35.0 to 0.37.1
- [Release notes](https://github.com/hoverkraft-tech/ci-github-common/releases)
- [Commits](hoverkraft-tech/ci-github-common@4c9d517...624be17)

Updates `hoverkraft-tech/ci-github-common/.github/workflows/stale.yml` from 0.35.0 to 0.37.1
- [Release notes](https://github.com/hoverkraft-tech/ci-github-common/releases)
- [Commits](hoverkraft-tech/ci-github-common@4c9d517...624be17)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-dependencies
- dependency-name: hoverkraft-tech/ci-github-common
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: hoverkraft-tech/ci-github-common/.github/workflows/greetings.yml
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: hoverkraft-tech/ci-github-common/.github/workflows/semantic-pull-request.yml
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: hoverkraft-tech/ci-github-common/.github/workflows/stale.yml
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml
  dependency-version: 0.24.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-dependencies
- dependency-name: hoverkraft-tech/ci-github-publish
  dependency-version: 0.26.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Emilien Escalle <emilien.escalle@escemi.com>
@neilime neilime force-pushed the dependabot/github_actions/github-actions-dependencies-9e43dbd51d branch from cbffc60 to 035b2fa Compare June 13, 2026 07:11
@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@github-actions

Copy link
Copy Markdown

Super-linter summary

Language Validation result
BIOME_FORMAT Pass ✅
BIOME_LINT Pass ✅
CHECKOV Pass ✅
DOCKERFILE_HADOLINT Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
MARKDOWN Pass ✅
MARKDOWN_PRETTIER Pass ✅
NATURAL_LANGUAGE Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Fail ❌
YAML Pass ✅
YAML_PRETTIER Pass ✅

Super-linter detected linting errors

For more information, see the GitHub Actions workflow run

Powered by Super-linter

TRIVY

Report Summary

┌───────────────────────────────┬────────────┬─────────────────┬───────────────────┬─────────┐
│            Target             │    Type    │ Vulnerabilities │ Misconfigurations │ Secrets │
├───────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ application/package-lock.json │    npm     │        5        │         -         │    -    │
├───────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ Dockerfile                    │ dockerfile │        -        │         0         │    -    │
└───────────────────────────────┴────────────┴─────────────────┴───────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


application/package-lock.json (npm)
===================================
Total: 5 (UNKNOWN: 0, LOW: 0, MEDIUM: 3, HIGH: 1, CRITICAL: 1)

┌──────────────────────┬─────────────────────┬──────────┬────────┬───────────────────┬────────────────────────┬────────────────────────────────────────────────────────────┐
│       Library        │    Vulnerability    │ Severity │ Status │ Installed Version │     Fixed Version      │                           Title                            │
├──────────────────────┼─────────────────────┼──────────┼────────┼───────────────────┼────────────────────────┼────────────────────────────────────────────────────────────┤
│ joi                  │ CVE-2026-48038      │ MEDIUM   │ fixed  │ 17.13.3           │ 18.2.1, 17.13.4        │ joi has an uncaught RangeError on deeply nested input      │
│                      │                     │          │        │                   │                        │ through recursive `link()`...                              │
│                      │                     │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2026-48038                 │
├──────────────────────┼─────────────────────┼──────────┤        ├───────────────────┼────────────────────────┼────────────────────────────────────────────────────────────┤
│ serialize-javascript │ GHSA-5c6j-r48x-rmvq │ HIGH     │        │ 6.0.2             │ 7.0.3                  │ Serialize JavaScript is Vulnerable to RCE via RegExp.flags │
│                      │                     │          │        │                   │                        │ and Date.prototype.toISOString()                           │
│                      │                     │          │        │                   │                        │ https://github.com/advisories/GHSA-5c6j-r48x-rmvq          │
│                      ├─────────────────────┼──────────┤        │                   ├────────────────────────┼────────────────────────────────────────────────────────────┤
│                      │ CVE-2026-34043      │ MEDIUM   │        │                   │ 7.0.5                  │ serialize-javascript: serialize-javascript: Denial of      │
│                      │                     │          │        │                   │                        │ Service via specially crafted array-like object            │
│                      │                     │          │        │                   │                        │ serialization                                              │
│                      │                     │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2026-34043                 │
├──────────────────────┼─────────────────────┼──────────┤        ├───────────────────┼────────────────────────┼────────────────────────────────────────────────────────────┤
│ shell-quote          │ CVE-2026-9277       │ CRITICAL │        │ 1.8.3             │ 1.8.4                  │ shell-quote: shell-quote: Arbitrary code execution via     │
│                      │                     │          │        │                   │                        │ command injection due to unescaped line...                 │
│                      │                     │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2026-9277                  │
├──────────────────────┼─────────────────────┼──────────┤        ├───────────────────┼────────────────────────┼────────────────────────────────────────────────────────────┤
│ uuid                 │ CVE-2026-41907      │ MEDIUM   │        │ 8.3.2             │ 11.1.1, 12.0.1, 13.0.1 │ uuid: uuid: Out-of-bounds write vulnerability impacts data │
│                      │                     │          │        │                   │                        │ integrity and confidentiality                              │
│                      │                     │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2026-41907                 │
└──────────────────────┴─────────────────────┴──────────┴────────┴───────────────────┴────────────────────────┴────────────────────────────────────────────────────────────┘

@neilime neilime merged commit d2ac577 into main Jun 13, 2026
58 of 61 checks passed
@neilime neilime deleted the dependabot/github_actions/github-actions-dependencies-9e43dbd51d branch June 13, 2026 07:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants