Skip to content

chore(ci)(deps): bump the github-actions group across 1 directory with 8 updates#85

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/github-actions-3a80f7a0c7
Open

chore(ci)(deps): bump the github-actions group across 1 directory with 8 updates#85
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/github-actions-3a80f7a0c7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 5, 2026

Copy link
Copy Markdown

Bumps the github-actions group with 8 updates in the / directory:

Package From To
actions/checkout 6.0.3 7.0.0
actions/cache 5.0.1 6.1.0
oxsecurity/megalinter 9.5.0 9.6.0
actions/github-script 8.0.0 9.0.0
actions/dependency-review-action 4.9.0 5.0.0
docker/setup-buildx-action 3.12.0 4.2.0
docker/build-push-action 6.19.2 7.3.0
actions/upload-code-coverage 1.2.0 1.3.0

Updates actions/checkout from 6.0.3 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates actions/cache from 5.0.1 to 6.1.0

Release notes

Sourced from actions/cache's releases.

v6.1.0

What's Changed

Full Changelog: actions/cache@v6...v6.1.0

v6.0.0

What's Changed

Full Changelog: actions/cache@v5...v6.0.0

v5.1.0

What's Changed

Full Changelog: actions/cache@v5...v5.1.0

v5.0.5

What's Changed

Full Changelog: actions/cache@v5...v5.0.5

v5.0.4

What's Changed

New Contributors

Full Changelog: actions/cache@v5...v5.0.4

v5.0.3

What's Changed

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE] Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

6.1.0

6.0.0

  • Updated @actions/cache to ^6.0.1, @actions/core to ^3.0.1, @actions/exec to ^3.0.0, @actions/io to ^3.0.2
  • Migrated to ESM module system
  • Upgraded Jest to v30 and test infrastructure to be ESM compatible

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

... (truncated)

Commits
  • 55cc834 Merge pull request #1768 from jasongin/readonly-cache
  • d8cd72f Bump @​actions/cache to v6.1.0 - handle cache write error due to RO token
  • 2c8a9bd Merge pull request #1760 from actions/samirat/esm_migration_and_package_update
  • e9b91fd Prettier fixes
  • e4884b8 Rebuild dist
  • 10baf01 Fixed licenses
  • e39b386 Fix test mock return order
  • b692820 PR feedback
  • 6074912 Rebuild dist bundles as ESM to match type:module
  • 5a912e8 Fix lint and jest issues
  • Additional commits viewable in compare view

Updates oxsecurity/megalinter from 9.5.0 to 9.6.0

Release notes

Sourced from oxsecurity/megalinter's releases.

v9.6.0

What's Changed

  • Breaking changes

    • Linters can no longer be run via a sibling Docker image at runtime. The cli_docker_image, cli_docker_image_version and cli_docker_args descriptor properties (and the matching <LINTER>_DOCKER_IMAGE_VERSION variable) have been removed, and MegaLinter no longer mounts /var/run/docker.sock (in mega-linter-runner, the GitHub Action action.yml files, and the Docker daemon previously bundled in flavor images). This closes the host-privilege escalation surface that the mounted Docker socket exposed. The only linter that used this mechanism was SWIFT_SWIFTLINT, now installed natively (see below). (#8216)
    • SWIFT_SWIFTLINT is now installed from the static swiftlint-static binary instead of running the ghcr.io/realm/swiftlint container. It runs natively on the Alpine image with no Docker socket required. SourceKit-dependent rules are disabled in this build and reported to the console when encountered; pure-syntax style rules are unaffected. (#8216)
    • @eslint/eslintrc shim removed from JavaScript/TypeScript/JSX/TSX Docker images (was only needed for legacy FlatCompat); MegaLinter's bundled test fixtures use native flat config. (#7869)
    • ESLint linters now force migration off .eslintrc.*: JAVASCRIPT_ES, TYPESCRIPT_ES, JSX_ESLINT, TSX_ESLINT activate when they find any eslint.config.* or any deprecated .eslintrc.* / package.json#eslintConfig. In the legacy case the linter does not call ESLint at all — it emits a single hard failure with a migration message so the build stays red until the config is migrated to flat config. See the ESLint flat-config migration guide. To opt out, set DISABLE_LINTERS or DISABLE to exclude the affected linter/descriptor. (#7869)
    • JSON_ESLINT_PLUGIN_JSONC removed: upstream bug ota-meshi/eslint-plugin-jsonc#328 blocks ESLint v10 compatibility and will not be fixed. Use JSON_JSONLINT, JSON_PRETTIER, or JSON_V8R for JSON validation instead. (#7869)
  • Core

    • New linter descriptor property common_linter_errors: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed. (#7907)
    • Skipped-linters summary now explains why a linter was skipped by an activation rule, including the variable to set to activate it (e.g. MARKDOWN_RUMDL: MARKDOWN_DEFAULT_STYLE=markdownlint (set MARKDOWN_DEFAULT_STYLE=rumdl to activate)), fixing #8017.
  • New linters

    • Add betterleaks linter for repository secrets scanning — successor to gitleaks with higher recall (98.6% vs 70.4%), lower false-positive rates, and 4–5× faster scanning via BPE-based detection and CEL filter expressions (#8186)
  • Disabled linters

    • SALESFORCE_SFDX_SCANNER_APEX, SALESFORCE_SFDX_SCANNER_AURA and SALESFORCE_SFDX_SCANNER_LWC — disabled because sfdx-scanner 4.12.0 crashes on Node.js 22+ (TypeError: Cannot read properties of undefined (reading 'prototype'), caused by the removal of SlowBuffer.prototype), which is shipped with Alpine 3.24. These linters were already deprecated; use the SALESFORCE_CODE_ANALYZER_APEX / SALESFORCE_CODE_ANALYZER_AURA / SALESFORCE_CODE_ANALYZER_LWC variants instead (#8080).
  • Deprecated linters

    • REPOSITORY_GITLEAKS — deprecated in favour of REPOSITORY_BETTERLEAKS (same author, fully compatible config, significantly better detection). Will be removed in the next major release. Disable it by adding REPOSITORY_GITLEAKS to DISABLE_LINTERS in your .mega-linter.yml. (#8186)
  • Removed linters

    • JSON_ESLINT_PLUGIN_JSONC — permanently broken by upstream bug (see Breaking changes) (#7869)
  • Linters enhancements

    • REPOSITORY_CHECKOV: in pull-request mode, scan only the files modified in the PR instead of the whole repository (#7119)
  • Fixes

    • REPOSITORY_BETTERLEAKS: default scan now runs in filesystem (dir) mode instead of auto-switching to git-history (git) mode when a git repository is detected. betterleaks does not read the global git safe.directory config, so git mode failed with fatal: detected dubious ownership in repository in CI environments (e.g. GitHub Actions /github/workspace). Git-history mode is still used for the opt-in REPOSITORY_BETTERLEAKS_PR_COMMITS_SCAN feature. (#8186)
    • REPOSITORY_BETTERLEAKS: added --verbose so detected findings (file, line and rule) are reported instead of only the leaks found: N summary, matching gitleaks behavior. Secret values stay redacted via --redact. (#8186)
    • REPOSITORY_OSV_SCANNER: exit code 128 ("No package sources found") is now treated as a clean pass instead of a failure — osv-scanner returns this code when the repo contains no lockfiles/manifests/SBOMs, which is not a vulnerability finding (#7917).
    • Fix intermittent ansible-lint load-failure[not-found] error on github_conf/branch_protection_rules.json caused by a race condition with checkov running in parallel. Checkov's transient GitHub-conf directory is now written to a hidden path (.megalinter_github_conf) that project-mode linters skip, eliminating the conflict (#8092).
    • Complete the Alpine 3.24 upgrade across the whole image and fix how alpine version is detected. Docker images now build on the python:3.14-alpine3.24 base image (#8080).
    • Avoid DeprecationWarning / future breakage on Python 3.14 by no longer passing count and flags as positional arguments to re.sub (#8211).
    • Exclude REPORT_OUTPUT_FOLDER from linting when configured as an absolute path inside the workspace (e.g. /tmp/lint/megalinter-reports), fixing #7845.
    • Fix command injection in Roslynator linter (DOTNET_ROSLYNATOR) where a crafted .csproj filename could break out of dotnet restore arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu. (#7857)
    • Fix IndexError when building the single-linter Docker image for a linter whose activation depends on a file (e.g. SPELL_VALE requires .vale.ini): python -m megalinter.run --linterversion now bypasses activation filtering since the per-linter image is built for that linter unconditionally.
    • Fix make bootstrap appearing to hang because exported Make color variables re-evaluated tput during recursive make invocations. (#8090)
    • Allow MegaLinter containers to run in an opt-in non-root mode matching the host UID:GID on POSIX systems, avoiding root-owned generated files on the host (#1975).
    • Restore missing examples in the Dart descriptor that were dropped from the generated documentation (#7913).
  • Reporters

  • Doc

    • Add pnpm installation and usage documentation for JavaScript and TypeScript linters (#8177)
    • Update Docker pull counters in README badges and flavors-stats.json with latest ghcr.io stats
    • Bump peter-evans/create-pull-request to v8 in the documented workflow examples (#8089)

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

  • Breaking changes

  • Core

    • Add ENABLE_DISABLE_LINTERS_PRIORITY variable to let DISABLE_LINTERS override ENABLE_LINTERS when a linter is in both lists (e.g. to trim an inherited ENABLE_LINTERS list via EXTENDS), fixes #8296
  • New linters

  • Disabled linters

  • Re-enabled linters

  • Deprecated linters

  • Removed linters

  • Media

  • Linters enhancements

  • Fixes

    • Fix SARIF_TO_HUMAN producing empty linter logs when the bundled sarif-fmt binary crashes by building it from source on Alpine and falling back to raw SARIF on conversion failure (#8294)
    • Keep the Docker Pulls badge in docs/index.md in sync by having docker_stats.py also update the hardcoded badge total in .automation/build.py
  • Reporters

  • Flavors

  • Doc

  • mega-linter-runner

  • Dev

  • CI

    • Fix per-linter Docker images being published single-arch. The BETA and RELEASE linter workflows split each linter into independent per-platform jobs that all pushed the same tag (:beta, :v9, :vX.Y.Z, :latest), so the last push won and overwrote the other architecture. They now push each platform by digest and a dedicated merge job assembles a proper multi-arch manifest list per linter, restoring linux/amd64 + linux/arm64 support for megalinter-only-* images.
  • Linter versions upgrades (N)

    • pyright from 1.1.410 to 1.1.411 on 2026-06-28

... (truncated)

Commits
  • ef3e84b Release MegaLinter v9.6.0
  • 8b9259b Skill prepare-release (#8245)
  • 5810155 chore(deps): bump pymdown-extensions from 10.21.3 to 11.0 in /.config/python/...
  • aca415c chore(deps): update dependency semver to v7.8.5 (#8198)
  • 2d8b274 Remove max-parallel for linters
  • e9ab3e9 chore(ci): manual run of deploy linters beta job (#8242)
  • a8a6368 Changelog (#8241)
  • 7f363c6 [automation] Auto-update linters version, help and documentation (#8215)
  • bce5232 chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.25 (#8232)
  • 9d98266 chore(deps): update dependency realm/swiftlint to v0.65.0 (#8240)
  • Additional commits viewable in compare view

Updates actions/github-script from 8.0.0 to 9.0.0

Release notes

Sourced from actions/github-script's releases.

v9.0.0

New features:

  • getOctokit factory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients with getOctokit for details and examples.
  • Orchestration ID in user-agent — The ACTIONS_ORCHESTRATION_ID environment variable is automatically appended to the user-agent string for request tracing.

Breaking changes:

  • require('@actions/github') no longer works in scripts. The upgrade to @actions/github v9 (ESM-only) means require('@actions/github') will fail at runtime. If you previously used patterns like const { getOctokit } = require('@actions/github') to create secondary clients, use the new injected getOctokit function instead — it's available directly in the script context with no imports needed.
  • getOctokit is now an injected function parameter. Scripts that declare const getOctokit = ... or let getOctokit = ... will get a SyntaxError because JavaScript does not allow const/let redeclaration of function parameters. Use the injected getOctokit directly, or use var getOctokit = ... if you need to redeclare it.
  • If your script accesses other @actions/github internals beyond the standard github/octokit client, you may need to update those references for v9 compatibility.

What's Changed

New Contributors

Full Changelog: actions/github-script@v8.0.0...v9.0.0

Commits
  • 3a2844b Merge pull request #700 from actions/salmanmkc/expose-getoctokit + prepare re...
  • ca10bbd fix: use @​octokit/core/types import for v7 compatibility
  • 86e48e2 merge: incorporate main branch changes
  • c108472 chore: rebuild dist for v9 upgrade and getOctokit factory
  • afff112 Merge pull request #712 from actions/salmanmkc/deployment-false + fix user-ag...
  • ff8117e ci: fix user-agent test to handle orchestration ID
  • 81c6b78 ci: use deployment: false to suppress deployment noise from integration tests
  • 3953caf docs: update README examples from @​v8 to @​v9, add getOctokit docs and v9 brea...
  • c17d55b ci: add getOctokit integration test job
  • a047196 test: add getOctokit integration tests via callAsyncFunction
  • Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.9.0 to 5.0.0

Release notes

Sourced from actions/dependency-review-action's releases.

5.0.0

This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0

Commits
  • a1d282b Merge pull request #1098 from actions/ahpook/v5-release
  • eb6c199 update examples to show @​v5
  • 3943c2c v5.0.0 release branch
  • 454943c Merge pull request #1094 from actions/ashelytc/security-findings
  • 6d92a12 revert @​typescript-eslint/parser update
  • a8e5a7e Merge pull request #1076 from tspascoal/fix-version-matching-for-non-string-s...
  • b6b7079 update @​typescript-eslint/parser to 8.40.0
  • 821a21d update more dependencies
  • 05aaaae run npm audit fix
  • 55d3e75 Merge pull request #1077 from Marukome0743/docs/checkout
  • Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.12.0 to 4.2.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.2.0

Full Changelog: docker/setup-buildx-action@v4.1.0...v4.2.0

v4.1.0

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0

v4.0.0

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

Commits
  • bb05f3f Merge pull request #580 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 321c814 [dependabot skip] chore: update generated content
  • b9a36ef build(deps): bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • ebeab24 Merge pull request #570 from docker/dependabot/npm_and_yarn/undici-6.27.0
  • 5c7b8ae [dependabot skip] chore: update generated content
  • 037e618 build(deps): bump undici from 6.25.0 to 6.27.0
  • 66080e5 Merge pull request #577 from docker/dependabot/npm_and_yarn/sigstore-4.1.1
  • 409aef0 Merge pull request #562 from docker/dependabot/npm_and_yarn/js-yaml-4.2.0
  • 49c6e42 build(deps): bump sigstore from 4.1.0 to 4.1.1
  • 2211273 [dependabot skip] chore: update generated content
  • Additional commits viewable in compare view

Updates docker/build-push-action from 6.19.2 to 7.3.0

Release notes

Sourced from docker/build-push-action's releases.

v7.3.0

Full Changelog: docker/build-push-action@v7.2.0...v7.3.0

v7.2.0

Full Changelog: docker/build-push-action@v7.1.0...v7.2.0

v7.1.0

Full Changelog: docker/build-push-action@v7.0.0...v7.1.0

v7.0.0

  • Node 24 ...

    Description has been truncated

…h 8 updates

Bumps the github-actions group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.3` | `7.0.0` |
| [actions/cache](https://github.com/actions/cache) | `5.0.1` | `6.1.0` |
| [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.5.0` | `9.6.0` |
| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.2.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.3.0` |
| [actions/upload-code-coverage](https://github.com/actions/upload-code-coverage) | `1.2.0` | `1.3.0` |



Updates `actions/checkout` from 6.0.3 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@df4cb1c...9c091bb)

Updates `actions/cache` from 5.0.1 to 6.1.0
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@v5.0.1...55cc834)

Updates `oxsecurity/megalinter` from 9.5.0 to 9.6.0
- [Release notes](https://github.com/oxsecurity/megalinter/releases)
- [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md)
- [Commits](oxsecurity/megalinter@0e3ce9b...ef3e84b)

Updates `actions/github-script` from 8.0.0 to 9.0.0
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@ed59741...3a2844b)

Updates `actions/dependency-review-action` from 4.9.0 to 5.0.0
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@2031cfc...a1d282b)

Updates `docker/setup-buildx-action` from 3.12.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@v3.12.0...bb05f3f)

Updates `docker/build-push-action` from 6.19.2 to 7.3.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@v6.19.2...53b7df9)

Updates `actions/upload-code-coverage` from 1.2.0 to 1.3.0
- [Commits](actions/upload-code-coverage@b51da2c...abb5995)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/cache
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: oxsecurity/megalinter
  dependency-version: 9.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/github-script
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/dependency-review-action
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/build-push-action
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/upload-code-coverage
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added automated Created or updated by automation, bots, or repository workflows. dependencies Dependency update, package maintenance, or lockfile change. type: ci GitHub Actions, continuous integration, or workflow automation. labels Jul 5, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 5, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
aerealith 2e135e4 Commit Preview URL

Branch Preview URL
Jul 05 2026, 03:21 AM

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown

Coverage Report for Aerealith Vitest Coverage (.)

Status Category Percentage Covered / Total
🔵 Lines 91.78% 893 / 973
🔵 Statements 91.79% 895 / 975
🔵 Functions 86.41% 267 / 309
🔵 Branches 87.2% 402 / 461
File CoverageNo changed files found.
Generated in workflow #138 for commit 2e135e4 by the Vitest Coverage Report Action

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/checkout 9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 🟢 6.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1016 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
actions/actions/checkout 9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 🟢 6.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1016 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
actions/docker/build-push-action 53b7df96c91f9c12dcc8a07bcb9ccacbed38856a 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 9security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST🟢 9SAST tool detected but not run on all commits
actions/docker/setup-buildx-action bb05f3f5519dd87d3ba754cc423b652a5edd6d2c 🟢 8.6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Security-Policy🟢 9security policy file detected
Maintained🟢 1030 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST🟢 9SAST tool detected but not run on all commits
actions/actions/checkout 9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 🟢 6.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1016 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
actions/actions/checkout 9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 🟢 6.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1016 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
actions/actions/checkout 9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 🟢 6.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1016 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits

Scanned Files

  • .github/workflows/04-graphql-schema.yaml
  • .github/workflows/09-container-security.yaml
  • .github/workflows/16-meticulous.yaml
  • .github/workflows/23-release.yaml
  • .github/workflows/28-hercules-insights.yaml

@github-actions github-actions Bot added the type: security Security hardening, vulnerability remediation, or threat mitigation. label Jul 5, 2026
@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown

Aerealith CI

Overall result: ✅ Passed
Run: #138

Check Result
Dependency install ✅ Passed
Nx installation ✅ Passed
Nx workspace reset ✅ Passed
Git comparison range ✅ Passed
Nx affected validation ✅ Passed
MegaLinter ✅ Passed

Cache

  • pnpm store: hit
  • Nx task cache: managed by Nx Cloud when configured for this workspace.
Run details
  • Base SHA: 491c1c647a622123477f6f848021e7fce207b8d9
  • Head SHA: 2e135e402514d90ebcba0d4500f98201ef8fc323
  • Validation targets: lint, typecheck, test, build
  • Logs: download the ci-logs artifact from the workflow run.

@github-code-quality

Copy link
Copy Markdown

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/vitest

The overall coverage remains at 92%, unchanged from the branch.


Code Coverage is in Public Preview. Learn more and provide us with your feedback.

@Sinless777 Sinless777 moved this to Inbox in Aerealith Delivery Jul 5, 2026
@Sinless777 Sinless777 moved this from Inbox to In Review in Aerealith Delivery Jul 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

automated Created or updated by automation, bots, or repository workflows. dependencies Dependency update, package maintenance, or lockfile change. type: ci GitHub Actions, continuous integration, or workflow automation. type: security Security hardening, vulnerability remediation, or threat mitigation.

Projects

Status: In Review

Development

Successfully merging this pull request may close these issues.

1 participant