Skip to content

chore(deps): update dependency semantic-release to v25.0.8#1839

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/semantic-release-monorepo
Open

chore(deps): update dependency semantic-release to v25.0.8#1839
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/semantic-release-monorepo

Conversation

@renovate

@renovate renovate Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
semantic-release 25.0.625.0.8 age confidence

Release Notes

semantic-release/semantic-release (semantic-release)

v25.0.8

Compare Source

v25.0.7

Compare Source

Bug Fixes
  • argument Injection via repositoryUrl in package.json (#​4245) (c46dbda)

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the automerge Auto merge PR with Kodiak label Jul 13, 2026
@renovate
renovate Bot enabled auto-merge (rebase) July 13, 2026 11:50
@github-actions

github-actions Bot commented Jul 13, 2026

Copy link
Copy Markdown

MegaLinter analysis: Error

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ COPYPASTE jscpd yes no no 0.72s
✅ EDITORCONFIG editorconfig-checker 2 0 0 0.03s
✅ JSON jsonlint 1 0 0 0.51s
✅ JSON npm-package-json-lint yes no no 0.54s
⚠️ JSON prettier 1 0 1 0 0.21s
✅ JSON v8r 1 0 0 5.6s
❌ REPOSITORY betterleaks yes 2 no 1.23s
❌ REPOSITORY checkov yes 5 no 27.54s
❌ REPOSITORY devskim yes 45 no 116.58s
✅ REPOSITORY dustilock yes no no 1.6s
✅ REPOSITORY git_diff yes no no 0.02s
❌ REPOSITORY grype yes 92 no 59.13s
❌ REPOSITORY kingfisher yes 1 no 8.38s
❌ REPOSITORY osv-scanner yes 92 no 2.34s
❌ REPOSITORY secretlint yes 1 no 0.93s
✅ REPOSITORY syft yes no no 3.59s
⚠️ REPOSITORY trivy yes 1 no 15.15s
✅ REPOSITORY trivy-sbom yes no no 4.87s
✅ REPOSITORY trufflehog yes no no 3.02s
✅ SPELL cspell 3 0 0 1.78s
❌ SPELL lychee 2 1 0 0.76s
✅ YAML prettier 1 0 0 0 0.37s
✅ YAML v8r 1 0 0 0.88s
❌ YAML yamllint 1 4 0 3.14s

Detailed Issues

❌ REPOSITORY / betterleaks - 2 errors
○
  ○
  ●
  ○  betterleaks 1.6.0

┌─generic-api-key──○
│
│ 9 │ SECRET=REDACTED
│   │        ^^^^^^^^
│
│ attributes:
│   path .......... .env.example
│   resource ...... fs.content
└○


┌─generic-api-key──○
│
│ 63 │           POSTGRES_PASSWORD: REDACTED
│    │                              ^^^^^^^^
│
│ attributes:
│   path .......... .github/workflows/ci.yml
│   resource ...... fs.content
└○


1:53AM INF scanned ~417722 bytes (417.72 KB) in 1.04s
1:53AM WRN leaks found: 2
❌ REPOSITORY / checkov - 5 errors
dockerfile scan results:

Passed checks: 77, Failed checks: 1, Skipped checks: 0

Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
	FAILED for resource: /Dockerfile.
	File: /Dockerfile:1-47
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created

		1  | ARG NODE_VERSION=lts-slim
		2  | 
		3  | FROM node:${NODE_VERSION} AS dependencies
		4  | 
		5  | WORKDIR /app
		6  | 
		7  | ENV PNPM_HOME="/pnpm"
		8  | ENV PATH="$PNPM_HOME:$PATH"
		9  | 
		10 | RUN --mount=type=cache,id=pnpm-store,target=/pnpm/store \
		11 |     --mount=type=bind,source=package.json,target=/app/package.json \
		12 |     --mount=type=bind,source=pnpm-lock.yaml,target=/app/pnpm-lock.yaml \
		13 |     corepack enable && \
		14 |     pnpm install --frozen-lockfile --strict-peer-dependencies
		15 | 
		16 | FROM dependencies AS builder
		17 | 
		18 | COPY --chown=node:node src/ /app/src
		19 | 
		20 | RUN --mount=type=bind,source=package.json,target=/app/package.json \
		21 |     --mount=type=bind,source=nest-cli.json,target=/app/nest-cli.json \
		22 |     --mount=type=bind,source=tsconfig.json,target=/app/tsconfig.json \
		23 |     --mount=type=bind,source=tsconfig.build.json,target=/app/tsconfig.build.json \
		24 |     pnpm build
		25 | 
		26 | FROM builder AS pruner
		27 | 
		28 | RUN --mount=type=cache,id=pnpm-store,target=/pnpm/store \
		29 |     --mount=type=bind,source=package.json,target=/app/package.json \
		30 |     --mount=type=bind,source=pnpm-lock.yaml,target=/app/pnpm-lock.yaml \
		31 |     pnpm prune --prod --ignore-scripts
		32 | 
		33 | FROM gcr.io/distroless/nodejs22-debian12:nonroot
		34 | 
		35 | WORKDIR /app
		36 | 
		37 | ENV PORT=3000
		38 | 
		39 | COPY --chown=nonroot:nonroot --from=pruner /app/node_modules ./node_modules
		40 | COPY --chown=nonroot:nonroot --from=builder /app/dist .
		41 | COPY --chown=nonroot:nonroot CHANGELOG.md LICENSE package.json /app/
		42 | 
		43 | EXPOSE ${PORT}
		44 | 
		45 | HEALTHCHECK --interval=30s --timeout=2s --start-period=10s --retries=2 CMD [ "/nodejs/bin/node", "bin/health-checker.js" ]
		46 | 
		47 | CMD ["main.js"]
github_actions scan results:

Passed checks: 212, Failed checks: 4, Skipped checks: 0

Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(CodeQL)
	File: /.github/workflows/codeql-analysis.yml:27-28
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Publish)
	File: /.github/workflows/publish.yml:11-12
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(CI)
	File: /.github/workflows/ci.yml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Release)
	File: /.github/workflows/release.yml:0-1
❌ REPOSITORY / devskim - 45 errors
rovider.ts"},"region":{"startLine":32,"startColumn":27,"endLine":32,"endColumn":31,"charOffset":773,"charLength":4,"snippet":{"text":"sha1","rendered":{"text":"sha1","markdown":"`sha1`"}},"sourceLanguage":"typescript"}}}],"fixes":[{"description":{"text":"A weak or broken hash algorithm was detected."},"artifactChanges":[{"artifactLocation":{"uri":"src/auth/providers/pwned-password.provider.ts"},"replacements":[{"deletedRegion":{"charOffset":773,"charLength":4},"insertedContent":{"text":"sha512"}}]}]},{"description":{"text":"A weak or broken hash algorithm was detected."},"artifactChanges":[{"artifactLocation":{"uri":"src/auth/providers/pwned-password.provider.ts"},"replacements":[{"deletedRegion":{"charOffset":773,"charLength":4},"insertedContent":{"text":"sha256"}}]}]}],"properties":{"tags":["Cryptography.BannedHashAlgorithm"],"DevSkimSeverity":"Critical","DevSkimConfidence":"High"}},{"ruleId":"DS126858","level":"error","message":{"text":"Weak/Broken Hash Algorithm"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/auth/providers/pwned-password.provider.ts"},"region":{"startLine":32,"startColumn":8,"endLine":32,"endColumn":12,"charOffset":754,"charLength":4,"snippet":{"text":"sha1","rendered":{"text":"sha1","markdown":"`sha1`"}},"sourceLanguage":"typescript"}}}],"fixes":[{"description":{"text":"A weak or broken hash algorithm was detected."},"artifactChanges":[{"artifactLocation":{"uri":"src/auth/providers/pwned-password.provider.ts"},"replacements":[{"deletedRegion":{"charOffset":754,"charLength":4},"insertedContent":{"text":"sha512"}}]}]},{"description":{"text":"A weak or broken hash algorithm was detected."},"artifactChanges":[{"artifactLocation":{"uri":"src/auth/providers/pwned-password.provider.ts"},"replacements":[{"deletedRegion":{"charOffset":754,"charLength":4},"insertedContent":{"text":"sha256"}}]}]}],"properties":{"tags":["Cryptography.BannedHashAlgorithm"],"DevSkimSeverity":"Critical","DevSkimConfidence":"High"}},{"ruleId":"DS126858","level":"error","message":{"text":"Weak/Broken Hash Algorithm"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/auth/providers/pwned-password.provider.spec.ts"},"region":{"startLine":20,"startColumn":22,"endLine":20,"endColumn":26,"charOffset":568,"charLength":4,"snippet":{"text":"sha1","rendered":{"text":"sha1","markdown":"`sha1`"}},"sourceLanguage":"typescript"}}}],"fixes":[{"description":{"text":"A weak or broken hash algorithm was detected."},"artifactChanges":[{"artifactLocation":{"uri":"src/auth/providers/pwned-password.provider.spec.ts"},"replacements":[{"deletedRegion":{"charOffset":568,"charLength":4},"insertedContent":{"text":"sha512"}}]}]},{"description":{"text":"A weak or broken hash algorithm was detected."},"artifactChanges":[{"artifactLocation":{"uri":"src/auth/providers/pwned-password.provider.spec.ts"},"replacements":[{"deletedRegion":{"charOffset":568,"charLength":4},"insertedContent":{"text":"sha256"}}]}]}],"properties":{"tags":["Cryptography.BannedHashAlgorithm"],"DevSkimSeverity":"Critical","DevSkimConfidence":"High"}},{"ruleId":"DS162092","level":"note","message":{"text":"Do not leave debug code in production"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"test/auth.end2end.spec.ts"},"region":{"startLine":188,"startColumn":20,"endLine":188,"endColumn":29,"charOffset":5337,"charLength":9,"snippet":{"text":"localhost","rendered":{"text":"localhost","markdown":"`localhost`"}},"sourceLanguage":"typescript"}}}],"properties":{"tags":["Hygiene.Network.AccessingLocalhost"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}}],"columnKind":"utf16CodeUnits"}]}

(Truncated to last 3636 characters out of 313735)
❌ REPOSITORY / grype - 92 errors
Medium    0.3% (25th)  0.2    
qs                    6.14.0     6.15.2    npm   GHSA-q8mj-m7cp-5q26  Medium    0.4% (27th)  0.2    
qs                    6.15.0     6.15.2    npm   GHSA-q8mj-m7cp-5q26  Medium    0.4% (27th)  0.2    
lodash                4.17.21    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    0.3% (23rd)  0.2    
lodash                4.17.23    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    0.3% (23rd)  0.2    
lodash-es             4.17.21    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    0.3% (23rd)  0.2    
diff                  4.0.2      4.0.4     npm   GHSA-73rr-hh4g-fpgx  Low       0.6% (42nd)  0.2    
qs                    6.14.0     6.14.2    npm   GHSA-w7fw-mjwx-w883  Low       0.5% (38th)  0.2    
brace-expansion       5.0.4      5.0.6     npm   GHSA-jxxr-4gwj-5jf2  Medium    0.3% (19th)  0.2    
jws                   3.2.2      3.2.3     npm   GHSA-869p-cjfg-cm3x  High      0.2% (9th)   0.1    
multer                2.0.2      2.2.0     npm   GHSA-3p4h-7m6x-2hcm  Medium    0.3% (19th)  0.1    
undici                6.14.1     6.27.0    npm   GHSA-p88m-4jfj-68fv  Medium    0.3% (17th)  0.1    
undici                6.23.0     6.27.0    npm   GHSA-p88m-4jfj-68fv  Medium    0.3% (17th)  0.1    
undici                7.22.0     7.28.0    npm   GHSA-p88m-4jfj-68fv  Medium    0.3% (17th)  0.1    
js-yaml               3.14.1     3.15.0    npm   GHSA-h67p-54hq-rp68  Medium    0.3% (17th)  0.1    
js-yaml               4.1.0      4.2.0     npm   GHSA-h67p-54hq-rp68  Medium    0.3% (17th)  0.1    
@nestjs/core          10.4.22    11.1.18   npm   GHSA-36xv-jgw5-4q75  Medium    0.2% (14th)  0.1    
undici                6.14.1     6.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    0.3% (17th)  0.1    
undici                6.23.0     6.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    0.3% (17th)  0.1    
undici                7.22.0     7.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    0.3% (17th)  0.1    
brace-expansion       1.1.11     1.1.12    npm   GHSA-v6h2-p8h4-qcjw  Low       0.5% (36th)  0.1    
brace-expansion       2.0.1      2.0.2     npm   GHSA-v6h2-p8h4-qcjw  Low       0.5% (36th)  0.1    
undici                6.14.1     6.19.2    npm   GHSA-3g92-w8c5-73pq  Low       0.5% (37th)  0.1    
tmp                   0.0.33     0.2.4     npm   GHSA-52f5-9888-hmc6  Low       0.3% (25th)  < 0.1  
undici                6.14.1     6.27.0    npm   GHSA-g8m3-5g58-fq7m  Low       0.2% (15th)  < 0.1  
undici                6.23.0     6.27.0    npm   GHSA-g8m3-5g58-fq7m  Low       0.2% (15th)  < 0.1  
undici                7.22.0     7.28.0    npm   GHSA-g8m3-5g58-fq7m  Low       0.2% (15th)  < 0.1  
undici                6.14.1     6.21.2    npm   GHSA-cxrh-j4jr-qwg3  Low       0.3% (18th)  < 0.1  
undici                6.14.1     6.27.0    npm   GHSA-35p6-xmwp-9g52  Low       0.2% (13th)  < 0.1  
undici                6.23.0     6.27.0    npm   GHSA-35p6-xmwp-9g52  Low       0.2% (13th)  < 0.1  
undici                7.22.0     7.28.0    npm   GHSA-35p6-xmwp-9g52  Low       0.2% (13th)  < 0.1  
webpack               5.97.1     5.104.1   npm   GHSA-8fgc-7cc6-rx7x  Low       0.2% (9th)   < 0.1  
webpack               5.97.1     5.104.0   npm   GHSA-38r7-794h-5758  Low       0.2% (9th)   < 0.1  
@babel/core           7.27.4     7.29.6    npm   GHSA-4x5r-pxfx-6jf8  Low       0.1% (1st)   < 0.1  
serialize-javascript  6.0.1      7.0.3     npm   GHSA-5c6j-r48x-rmvq  High      N/A          N/A    
follow-redirects      1.15.9     1.16.0    npm   GHSA-r4q5-vmmm-2653  Medium    N/A          N/A
[0058] ERROR discovered vulnerabilities at or above the severity threshold

(Truncated to last 3636 characters out of 9608)
❌ REPOSITORY / kingfisher - 1 error
New Kingfisher release 1.108.0 available
 INFO kingfisher: Launching with 8 concurrent scan jobs. Use --num-jobs to override.
 INFO kingfisher::rule_loader: Loaded 925 rules
 INFO kingfisher::scanner::runner: Using Vectorscan rule cache cache_dir=/github/home/.cache/kingfisher/rule-cache
 INFO kingfisher::scanner::runner: Starting secret validation phase...
POSTGRES URL WITH HARDCODED PASSWORD => [KINGFISHER.POSTGRES.1]
 |Finding.......: [REDACTED:5fd4a586]
 |Fingerprint...: 2034115162828868254
 |Confidence....: medium
 |Entropy.......: 3.87
 |Validation....: Inactive Credential
 |__Response....: Postgres connection failed.
 |Language......: YAML
 |Line Num......: 24
 |Path..........: ./.devcontainer/docker-compose.yml


==========================================
Scan Summary:
==========================================
 |Findings....................: 1
 |__Successful Validations....: 0
 |__Failed Validations........: 1
 |__Skipped Validations.......: 0
 |Rules Applied...............: 925
 |__Blobs Scanned.............: 228
 |Bytes Scanned...............: 8.20 MiB
 |Scan Duration...............: 81ms 779us 137ns
 |Scan Date...................: 2026-07-18 01:53:46 +00:00
 |Kingfisher Version..........: 1.104.0
 |__Latest Version............: 1.108.0
New Kingfisher release 1.108.0 available
❌ SPELL / lychee - 1 error
📝 Summary
---------------------
🔍 Total............7
🔗 Unique...........4
✅ Successful.......1
⏳ Timeouts.........0
🔀 Redirected.......1
👻 Excluded.........5
❓ Unknown..........0
🚫 Errors...........1
⛔ Unsupported......1

Errors in pnpm-lock.yaml
[403] https://www.npmjs.com/support (at 2283:65) | Rejected status code: 403 Forbidden

Hint: Followed 1 redirect. You might want to consider replacing redirecting URLs with the resolved URLs. Use verbose mode (`-v`/`-vv`) to see redirection details.
Hint: You can configure accepted/rejected response codes with `-a` or `--accept`
❌ REPOSITORY / osv-scanner - 92 errors
lock.yaml |
| https://osv.dev/GHSA-v9p9-hfj2-hcw8 | 7.5  | npm       | undici               | 6.14.1  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vrm6-8vpv-qv8q | 7.5  | npm       | undici               | 6.14.1  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vxpw-j846-p89q | 7.5  | npm       | undici               | 6.14.1  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-2mjp-6q6p-2qxm | 6.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-35p6-xmwp-9g52 | 3.7  | npm       | undici               | 6.23.0  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-4992-7rv2-5pvq | 4.6  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-f269-vfmq-vjvj | 7.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-g8m3-5g58-fq7m | 3.7  | npm       | undici               | 6.23.0  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-p88m-4jfj-68fv | 5.9  | npm       | undici               | 6.23.0  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-v9p9-hfj2-hcw8 | 7.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vrm6-8vpv-qv8q | 7.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vxpw-j846-p89q | 7.5  | npm       | undici               | 6.23.0  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-2mjp-6q6p-2qxm | 6.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-35p6-xmwp-9g52 | 3.7  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-4992-7rv2-5pvq | 4.6  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-f269-vfmq-vjvj | 7.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-g8m3-5g58-fq7m | 3.7  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-p88m-4jfj-68fv | 5.9  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-phc3-fgpg-7m6h | 5.9  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-pr7r-676h-xcf6 | 5.9  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-v9p9-hfj2-hcw8 | 7.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vrm6-8vpv-qv8q | 7.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vxpw-j846-p89q | 7.5  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-w5hq-g745-h8pq | 7.5  | npm       | uuid                 | 9.0.1   | 11.1.1        | pnpm-lock.yaml |
| https://osv.dev/GHSA-38r7-794h-5758 | 3.7  | npm       | webpack              | 5.97.1  | 5.104.0       | pnpm-lock.yaml |
| https://osv.dev/GHSA-8fgc-7cc6-rx7x | 3.7  | npm       | webpack              | 5.97.1  | 5.104.1       | pnpm-lock.yaml |
| https://osv.dev/GHSA-58qx-3vcg-4xpx | 4.4  | npm       | ws                   | 8.18.1  | 8.20.1        | pnpm-lock.yaml |
| https://osv.dev/GHSA-96hv-2xvq-fx4p | 7.5  | npm       | ws                   | 8.18.1  | 8.21.0        | pnpm-lock.yaml |
+-------------------------------------+------+-----------+----------------------+---------+---------------+----------------+

(Truncated to last 3636 characters out of 12374)
❌ REPOSITORY / secretlint - 1 error
.devcontainer/docker-compose.yml
  24:21  error  [PostgreSQLConnection] found PostgreSQL connection string: ****************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string

.github/workflows/ci.yml
  89:24  error  [PostgreSQLConnection] found PostgreSQL connection string: *************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string
  95:24  error  [PostgreSQLConnection] found PostgreSQL connection string: *************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string

✖ 3 problems (3 errors, 0 warnings, 0 infos)
❌ YAML / yamllint - 4 errors
pnpm-lock.yaml
  1:1       warning  missing document start "---"  (document-start)
  40:501    error    line too long (545 > 500 characters)  (line-length)
  10062:501 error    line too long (537 > 500 characters)  (line-length)
  10197:501 error    line too long (584 > 500 characters)  (line-length)
⚠️ JSON / prettier - 1 error
[error] Cannot find package 'prettier-plugin-toml' imported from noop.js
⚠️ REPOSITORY / trivy - 1 error
│                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-11525                   │
│                 ├────────────────┤          │        │                   │                                                         ├──────────────────────────────────────────────────────────────┤
│                 │ CVE-2026-6733  │          │        │                   │                                                         │ undici: Undici: Response queue poisoning on reused           │
│                 │                │          │        │                   │                                                         │ keep-alive sockets can lead to...                            │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-6733                    │
├─────────────────┼────────────────┼──────────┤        ├───────────────────┼─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ uuid            │ CVE-2026-41907 │ MEDIUM   │        │ 9.0.1             │ 11.1.1, 12.0.1, 13.0.1                                  │ uuid: uuid: Out-of-bounds write vulnerability impacts data   │
│                 │                │          │        │                   │                                                         │ integrity and confidentiality                                │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-41907                   │
└─────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────────────────────────────────┴──────────────────────────────────────────────────────────────┘

.devcontainer/Dockerfile (dockerfile)
=====================================
Tests: 27 (SUCCESSES: 25, FAILURES: 2)
Failures: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

See https://avd.aquasec.com/misconfig/ds-0002
────────────────────────────────────────


DS-0026 (LOW): Add HEALTHCHECK instruction in your Dockerfile
════════════════════════════════════════
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.

See https://avd.aquasec.com/misconfig/ds-0026
────────────────────────────────────────



Dockerfile (dockerfile)
=======================
Tests: 27 (SUCCESSES: 26, FAILURES: 1)
Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

See https://avd.aquasec.com/misconfig/ds-0002
────────────────────────────────────────



📣 Notices:
  - Version 0.72.0 of Trivy is now available, current version is 0.71.2

To suppress version checks, run Trivy scans with the --skip-version-check flag

(Truncated to last 3636 characters out of 35207)

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

@renovate
renovate Bot force-pushed the renovate/semantic-release-monorepo branch 2 times, most recently from fd60d5f to 131483d Compare July 13, 2026 22:56
@renovate
renovate Bot force-pushed the renovate/semantic-release-monorepo branch from 131483d to 6749e39 Compare July 18, 2026 01:49
@renovate renovate Bot changed the title chore(deps): update dependency semantic-release to v25.0.7 chore(deps): update dependency semantic-release to v25.0.8 Jul 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

automerge Auto merge PR with Kodiak

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants