ci(deps): bump the github-actions group across 1 directory with 5 updates

[dependabot]

Bumps the github-actions group with 5 updates in the / directory:

Package	From	To
zizmorcore/zizmor-action	0.5.2	0.5.3
actions/upload-artifact	7.0.0	7.0.1
actions/create-github-app-token	3.0.0	3.1.1
peter-evans/create-pull-request	8.1.0	8.1.1
docker/build-push-action	7.0.0	7.1.0

Updates zizmorcore/zizmor-action from 0.5.2 to 0.5.3

Release notes

Sourced from zizmorcore/zizmor-action's releases.

v0.5.3

What's Changed

• 1.24.0 and 1.24.1 are now available via the action
• 1.24.1 is now the default version of zizmor used by the action

Full Changelog: zizmorcore/zizmor-action@v0.5.2...v0.5.3

Commits

• b1d7e1f Sync zizmor versions (#102)
• a195b57 Sync zizmor versions (#100)
• 629d5d0 chore(deps): bump github/codeql-action in the github-actions group (#99)
• 453d591 chore(deps): bump the github-actions group with 2 updates (#98)
• ea2c18b Bump pins (#97)
• See full diff in compare view

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

• Update the readme with direct upload details by @​danwkennedy in actions/upload-artifact#795
• Readme: bump all the example versions to v7 by @​danwkennedy in actions/upload-artifact#796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits

• 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
• 634250c Include changes in typespec/ts-http-runtime 0.3.5
• e454baa Readme: bump all the example versions to v7 (#796)
• 74fad66 Update the readme with direct upload details (#795)
• See full diff in compare view

Updates actions/create-github-app-token from 3.0.0 to 3.1.1

Release notes

Sourced from actions/create-github-app-token's releases.

v3.1.1

3.1.1 (2026-04-11)

Bug Fixes

• improve error message when app identifier is empty (#362) (07e2b76), closes #249

v3.1.0

3.1.0 (2026-04-11)

Bug Fixes

• deps: bump p-retry from 7.1.1 to 8.0.0 (#357) (3bbe07d)

Features

• add client-id input and deprecate app-id (#353) (e6bd4e6)
• update permission inputs (#358) (076e948)

Commits

• 1b10c78 build(release): 3.1.1 [skip ci]
• 07e2b76 fix: improve error message when app identifier is empty (#362)
• ea01216 ci: remove publish-immutable-action workflow (#361)
• 7bd0371 build(release): 3.1.0 [skip ci]
• e6bd4e6 feat: add client-id input and deprecate app-id (#353)
• 076e948 feat: update permission inputs (#358)
• 3bbe07d fix(deps): bump p-retry from 7.1.1 to 8.0.0 (#357)
• 28a99e3 build(deps-dev): bump c8 from 10.1.3 to 11.0.0
• 4df5060 build(deps-dev): bump open-cli from 8.0.0 to 9.0.0
• 4843c53 build(deps-dev): bump the development-dependencies group with 3 updates
• See full diff in compare view

Updates peter-evans/create-pull-request from 8.1.0 to 8.1.1

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v8.1.1

What's Changed

• build(deps-dev): bump the npm group with 2 updates by @​dependabot[bot] in peter-evans/create-pull-request#4305
• build(deps): bump minimatch by @​dependabot[bot] in peter-evans/create-pull-request#4311
• build(deps): bump the github-actions group with 2 updates by @​dependabot[bot] in peter-evans/create-pull-request#4316
• build(deps): bump @​tootallnate/once and jest-environment-jsdom by @​dependabot[bot] in peter-evans/create-pull-request#4323
• build(deps-dev): bump undici from 6.23.0 to 6.24.0 by @​dependabot[bot] in peter-evans/create-pull-request#4328
• build(deps-dev): bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in peter-evans/create-pull-request#4334
• build(deps): bump picomatch by @​dependabot[bot] in peter-evans/create-pull-request#4339
• build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by @​dependabot[bot] in peter-evans/create-pull-request#4344
• build(deps-dev): bump the npm group with 3 updates by @​dependabot[bot] in peter-evans/create-pull-request#4349
• fix: retry post-creation API calls on 422 eventual consistency errors by @​peter-evans in peter-evans/create-pull-request#4356

Full Changelog: peter-evans/create-pull-request@v8.1.0...v8.1.1

Commits

• 5f6978f fix: retry post-creation API calls on 422 eventual consistency errors (#4356)
• d32e88d build(deps-dev): bump the npm group with 3 updates (#4349)
• 8170bcc build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 (#4344)
• 0041819 build(deps): bump picomatch (#4339)
• b993918 build(deps-dev): bump flatted from 3.3.1 to 3.4.2 (#4334)
• 36d7c84 build(deps-dev): bump undici from 6.23.0 to 6.24.0 (#4328)
• a45d1fb build(deps): bump @​tootallnate/once and jest-environment-jsdom (#4323)
• 3499eb6 build(deps): bump the github-actions group with 2 updates (#4316)
• 3f3b473 build(deps): bump minimatch (#4311)
• 6699836 build(deps-dev): bump the npm group with 2 updates (#4305)
• See full diff in compare view

Updates docker/build-push-action from 7.0.0 to 7.1.0

Release notes

Sourced from docker/build-push-action's releases.

v7.1.0

• Git context query format support by @​crazy-max in docker/build-push-action#1505
• Bump @​docker/actions-toolkit from 0.79.0 to 0.87.0 by @​crazy-max in docker/build-push-action#1505
• Bump brace-expansion from 1.1.12 to 1.1.13 in docker/build-push-action#1500
• Bump fast-xml-parser from 5.4.2 to 5.5.7 in docker/build-push-action#1489
• Bump flatted from 3.3.3 to 3.4.2 in docker/build-push-action#1491
• Bump glob from 10.3.12 to 10.5.0 in docker/build-push-action#1490
• Bump handlebars from 4.7.8 to 4.7.9 in docker/build-push-action#1497
• Bump lodash from 4.17.23 to 4.18.1 in docker/build-push-action#1510
• Bump picomatch from 4.0.3 to 4.0.4 in docker/build-push-action#1496
• Bump undici from 6.23.0 to 6.24.1 in docker/build-push-action#1486
• Bump vite from 7.3.1 to 7.3.2 in docker/build-push-action#1509

Full Changelog: docker/build-push-action@v7.0.0...v7.1.0

Commits

• bcafcac Merge pull request #1509 from docker/dependabot/npm_and_yarn/vite-7.3.2
• 18e62f1 Merge pull request #1510 from docker/dependabot/npm_and_yarn/lodash-4.18.1
• 46580d2 chore: update generated content
• 3f80b25 chore(deps): Bump lodash from 4.17.23 to 4.18.1
• efeec95 Merge pull request #1505 from crazy-max/refactor-git-context
• ddf04b0 Merge pull request #1511 from docker/dependabot/github_actions/crazy-max-dot-...
• db08d97 chore(deps): Bump the crazy-max-dot-github group with 2 updates
• ef1fb96 Merge pull request #1508 from docker/dependabot/github_actions/docker/login-a...
• 2d8f2a1 chore: update generated content
• 919ac7b fix test since secrets are not written to temp path anymore
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-base:edge ➔ ghcr.io/philips-software/amp-devcontainer-base:pr-1249

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	144.72 MB	144.72 MB	+137 B (+0%)	🔼
linux/arm64	137.03 MB	137.03 MB	+62 B (+0%)	🔼

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	23		0	0	0.28s
✅ DOCKERFILE	hadolint	3		0	0	0.34s
✅ JSON	npm-package-json-lint	yes		no	no	0.74s
✅ JSON	prettier	21	4	0	0	0.93s
✅ JSON	v8r	21		0	0	9.7s
✅ MARKDOWN	markdownlint	12	0	0	0	1.36s
✅ MARKDOWN	markdown-table-formatter	12	0	0	0	0.38s
✅ REPOSITORY	checkov	yes		no	no	26.16s
✅ REPOSITORY	gitleaks	yes		no	no	1.21s
✅ REPOSITORY	git_diff	yes		no	no	0.02s
✅ REPOSITORY	grype	yes		no	no	47.25s
✅ REPOSITORY	secretlint	yes		no	no	2.33s
✅ REPOSITORY	syft	yes		no	no	2.65s
✅ REPOSITORY	trivy	yes		no	no	15.46s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.44s
✅ REPOSITORY	trufflehog	yes		no	no	6.19s
⚠️ SPELL	lychee	83		4	0	11.42s
✅ YAML	prettier	31	0	0	0	1.25s
✅ YAML	v8r	31		0	0	13.43s
✅ YAML	yamllint	31		0	0	1.32s

Detailed Issues

⚠️ SPELL / lychee - 4 errors

[IGNORED] docker://pandoc/extra:3.9.0.0-ubuntu@sha256:72afa9c8d3300e5f10c9c4330e101725687f2179bffd912fb859c6d2ae85de62 | Unsupported: Error creating request client: builder error for url (docker://pandoc/extra:3.9.0.0-ubuntu@sha256:72afa9c8d3300e5f10c9c4330e101725687f2179bffd912fb859c6d2ae85de62)
[ERROR] https://www.conventionalcommits.org/en/v1.0.0/ | Network error: error sending request for url (https://www.conventionalcommits.org/en/v1.0.0/)
[403] https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads | Network error: Forbidden
[ERROR] https://docs.sigstore.dev/cosign/signing/overview/ | Network error: error sending request for url (https://docs.sigstore.dev/cosign/signing/overview/) Maybe a certificate error?
[IGNORED] https://vscode.dev/redirect?url=vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer | Unsupported: Error creating request client: builder error for url (vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer)
[ERROR] https://slsa.dev/spec/v1.0/verifying-artifacts | Network error: error sending request for url (https://slsa.dev/spec/v1.0/verifying-artifacts) Maybe a certificate error?
📝 Summary
---------------------
🔍 Total..........126
✅ Successful.....120
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........0
❓ Unknown..........0
🚫 Errors...........4

Errors in test/cpp/features/security.feature
[ERROR] https://slsa.dev/spec/v1.0/verifying-artifacts | Network error: error sending request for url (https://slsa.dev/spec/v1.0/verifying-artifacts) Maybe a certificate error?

Errors in .github/CONTRIBUTING.md
[ERROR] https://www.conventionalcommits.org/en/v1.0.0/ | Network error: error sending request for url (https://www.conventionalcommits.org/en/v1.0.0/)

Errors in README.md
[ERROR] https://docs.sigstore.dev/cosign/signing/overview/ | Network error: error sending request for url (https://docs.sigstore.dev/cosign/signing/overview/) Maybe a certificate error?

Errors in .github/TOOL_VERSION_ISSUE_TEMPLATE.md
[403] https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads | Network error: Forbidden

See detailed reports in MegaLinter artifacts

You could have the same capabilities but better runtime performances if you use a MegaLinter flavor:

• oxsecurity/megalinter/flavors/salesforce@v9.4.0 (58 linters)
• oxsecurity/megalinter/flavors/javascript@v9.4.0 (61 linters)

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.4.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,DOCKERFILE_HADOLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-rust:edge ➔ ghcr.io/philips-software/amp-devcontainer-rust:pr-1249

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	455.21 MB	455.21 MB	+105 B (+0%)	🔼
linux/arm64	408.39 MB	408.39 MB	+188 B (+0%)	🔼

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-cpp:edge ➔ ghcr.io/philips-software/amp-devcontainer-cpp:pr-1249

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	544.41 MB	544.41 MB	115 B (0%)	🔽
linux/arm64	525.87 MB	525.87 MB	+618 B (+0%)	🔼

[github-actions]

Test Results

 12 files   - 1   12 suites   - 1   16m 32s ⏱️ - 1m 32s
 32 tests  - 1   32 ✅  - 1  0 💤 ±0  0 ❌ ±0 
136 runs   - 1  136 ✅  - 1  0 💤 ±0  0 ❌ ±0 

Results for commit 8d9287f. ± Comparison against base commit 3994e82.

[github-actions]

Pull Request Report (#1249)

Static measures

Description	Value
Number of added lines	14
Number of deleted lines	14
Number of changed files	8
Number of commits	1
Number of reviews	2
Number of comments (w/o review comments)	6
Number of reviews that contains a comment to resolve	1
Number of reviews that requested a change from the author	0
Number of reviews that approved the Pull Request	1
Get the total number of participants of a Pull Request	5

Time related measures

Description	Value
PR lead time (from creation to close of PR)	1.7 Hours
Time that was spend on the branch before the PR was created	2 Sec
Time that was spend on the branch before the PR was merged	1.7 Hours
Time to merge after last review	49.3 Min

Status check related measures

Description	Value
Total runtime for last status check run (Workflow for PR)	1.1 Hours
Total time spend in last status check run on PR	24.2 Min

[github-actions]

🎉 Hooray! The changes in this pull request went live with the release of v6.10.2 🎉