build(deps): bump the patch-minor-action-updates group across 1 directory with 5 updates

[dependabot]

Bumps the patch-minor-action-updates group with 5 updates in the / directory:

Package	From	To
actions/checkout	4.1.3	4.1.5
hendrikmuhs/ccache-action	1.2.12	1.2.13
oxsecurity/megalinter	7.10.0	7.11.1
github/codeql-action	3.25.2	3.25.4
reviewdog/action-suggester	1.11.0	1.12.0

Updates actions/checkout from 4.1.3 to 4.1.5

Release notes

Sourced from actions/checkout's releases.

v4.1.5

What's Changed

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

Full Changelog: actions/checkout@v4.1.4...v4.1.5

v4.1.4

What's Changed

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in actions/checkout#1692
• Add dependabot config by @​cory-miller in actions/checkout#1688
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693

Full Changelog: actions/checkout@v4.1.3...v4.1.4

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.4

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in actions/checkout#1692
• Add dependabot config by @​cory-miller in actions/checkout#1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643

v4.1.3

• Check git version before attempting to disable sparse-checkout by @​jww3 in actions/checkout#1656
• Add SSH user parameter by @​cory-miller in actions/checkout#1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in actions/checkout#1650

v4.1.2

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in actions/checkout#1598

v4.1.1

• Correct link to GitHub Docs by @​peterbe in actions/checkout#1511
• Link to release page from what's new section by @​cory-miller in actions/checkout#1514

v4.1.0

• Add support for partial checkout filters

v4.0.0

• Support fetching without the --progress option
• Update to node20

v3.6.0

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

v3.5.3

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell
• Add support for sparse checkouts

v3.5.2

• Fix api endpoint for GHES

v3.5.1

• Fix slow checkout on Windows

v3.5.0

• Add new public key for known_hosts

v3.4.0

• Upgrade codeql actions to v2
• Upgrade dependencies
• Upgrade @​actions/io

... (truncated)

Commits

• 44c2b7a README: Suggest user.email to be `41898282+github-actions[bot]@​users.norepl...
• 8459bc0 Bump actions/upload-artifact from 2 to 4 (#1695)
• 3f603f6 Bump actions/setup-node from 1 to 4 (#1696)
• fd084cd Bump github/codeql-action from 2 to 3 (#1694)
• 9c1e94e Update NPM dependencies (#1703)
• 0ad4b8f Prep Release v4.1.4 (#1704)
• 43045ae Disable extensions.worktreeConfig when disabling sparse-checkout (#1692)
• 37b0821 Bump the minor-actions-dependencies group with 2 updates (#1693)
• 9839dc1 Add dependabot config (#1688)
• 9b4c13b Bump word-wrap from 1.2.3 to 1.2.5 (#1643)
• See full diff in compare view

Updates hendrikmuhs/ccache-action from 1.2.12 to 1.2.13

Release notes

Sourced from hendrikmuhs/ccache-action's releases.

v1.2.13

What's Changed

• add emscripten to the compiler list by @​mmomtchev in hendrikmuhs/ccache-action#187
• Bump @​actions/cache from 3.2.3 to 3.2.4 by @​dependabot in hendrikmuhs/ccache-action#183
• Bump typescript from 5.3.3 to 5.4.2 by @​dependabot in hendrikmuhs/ccache-action#190
• Bump typescript from 5.4.2 to 5.4.3 by @​dependabot in hendrikmuhs/ccache-action#191
• fix: early exit process so node doesn't wait for hanging promises by @​chirag-droid in hendrikmuhs/ccache-action#182
• Bump typescript from 5.4.3 to 5.4.5 by @​dependabot in hendrikmuhs/ccache-action#193
• Update windows by @​virtuald in hendrikmuhs/ccache-action#180
• Bump @​types/node from 20.11.10 to 20.12.7 by @​dependabot in hendrikmuhs/ccache-action#194

New Contributors

• @​mmomtchev made their first contribution in hendrikmuhs/ccache-action#187
• @​chirag-droid made their first contribution in hendrikmuhs/ccache-action#182
• @​virtuald made their first contribution in hendrikmuhs/ccache-action#180

Full Changelog: hendrikmuhs/ccache-action@v1.2.12...v1.2.13

Commits

• c92f40b Bump @​types/node from 20.11.10 to 20.12.7 (#194)
• ff9f6cc update checksum
• 9851637 update code
• 40738ee Update windows (#180)
• ba6e323 Bump typescript from 5.4.3 to 5.4.5 (#193)
• 550708f fix: early exit process so node doesn't wait for hanging promises (#182)
• 259dcb3 Bump typescript from 5.4.2 to 5.4.3 (#191)
• a16392e update code
• 3818c20 Bump typescript from 5.3.3 to 5.4.2 (#190)
• b647aa9 Bump @​actions/cache from 3.2.3 to 3.2.4 (#183)
• Additional commits viewable in compare view

Updates oxsecurity/megalinter from 7.10.0 to 7.11.1

Release notes

Sourced from oxsecurity/megalinter's releases.

v7.11.1

What's Changed

• Fixes

  • Implement fallback in case git diff does not work with merge-base, by @​nvuillam in oxsecurity/megalinter#3503

• Linter versions upgrades

  • stylelint from 16.3.1 to 16.4.0

MegaLinter is graciously provided by

Full Changelog: oxsecurity/megalinter@v7.11.0...v7.11.1

v7.11.0

What's Changed

• Core

  • Allow to override the number of parallel cores used, with variable PARALLEL_PROCESS_NUMBER, by @​nvuillam in oxsecurity/megalinter#3428
  • Upgrade base python image from 3.12.2-alpine3.19 to 3.12.3-alpine3.19
  • Upgrade PHP 8.1 to 8.3 by @​llaville in oxsecurity/megalinter#3464
  • Add descriptor pre / post commands, by @​bdovaz in oxsecurity/megalinter#3468
  • Allow merge lists with EXTENDS, by @​bdovaz in oxsecurity/megalinter#3469

• Media

• New linters

  • Add Kotlin detekt linter, by @​enciyo in oxsecurity/megalinter#3408

• Reporters

  • Add ruff sarif support, by @​Skitionek in oxsecurity/megalinter#3486

• Fixes

  • Fix listing of modified files, by @​vkucera in oxsecurity/megalinter#3472. Fixes oxsecurity/megalinter#2125.
  • Fix conflict between prettier and yamllint about spaces, by @​apeyrat in oxsecurity/megalinter#3426
  • Ensure trufflehog does not auto-update itself, by @​wandering-tales in oxsecurity/megalinter#3430
  • Salesforce linters: use sf + default Flow Scanner rules, by @​nvuillam in oxsecurity/megalinter#3435
  • Disable JSON_ESLINT_PLUGIN_JSONC until ota-meshi/eslint-plugin-jsonc#328 is fixed
  • Upgrade tar in mega-linter-runner
  • secretlint: remove default .secretlintignore that was never used but .gitignore is used instead. Fixes #3328
  • Add jpeg, xlsx to .gitleaks.toml, by @​rasa in oxsecurity/megalinter#3434
  • Fix Json Schema, by @​nvuillam in oxsecurity/megalinter#3470
  • Remove TEMPLATES/.secretlintignore, by @​pjungermann in oxsecurity/megalinter#3476

• Doc

  • Update R2DevOps logo, by @​nvuillam in oxsecurity/megalinter#3436
  • Update Roslynator repo url and logo, by @​TommyE123 in oxsecurity/megalinter#3444
  • Fix clang-format documentation links to point to the correct version. Fixes #3452, by @​daltonv in oxsecurity/megalinter#3453
  • Add copy to clipboard button in code block (documentation), by @​nikkii86 in oxsecurity/megalinter#3491

• Flavors

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

• Core

  • Add new logs (at debug level) on each linter activation/deactivation
  • Clean MegaLinter own CVE exceptions and order the remaining ones with links to related issues
  • Upgrade to Java 21 except for npm-groovy-lint that requires Java 17

• Media

• Linters

  • API_SPECTRAL was added as replacement for OPENAPI_SPECTRAL (deprecated), supporting AsyncAPI and OpenAPI by default. Uses Spectral's standard config file name .spectral.yaml instead of .openapirc.yml with a default config with rulesets for AsyncAPI and OpenAPI enabled. Fixes #3387
  • Disable SQL_TSQLLINT until security issues are solved. Related to tsqllint/tsqllint#333

• Reporters

• Fixes

  • Change golangci-lint lint mode to project
  • Disable sql-lint as it is no longer maintained
  • Add new entries findUnusedCode and findUnusedBaselineEntry in default psalm.xml configuration file for PHP_PSALM linter. Related to oxsecurity/megalinter#3538

• Doc

  • Handle disabled_reason property in descriptors

• Flavors

• CI

  • Build: take in account disabled linters for workflow auto-update
  • Remove useless package-lock.json that was in python tests folder
  • Fix SARIF_REPORTER that was wrongly sent to true to format & fix test methods
  • Build: Write ARG lines at the top of Dockerfiles if they are used by FROM variables
  • Remove Github Actions Workflow telemetry to improve performances

• Linter versions upgrades

  • phpcs from 3.9.1 to 3.9.2 on 2024-04-23
  • csharpier from 0.28.1 to 0.28.2 on 2024-04-26
  • roslynator from 0.8.6.0 to 0.8.7.0 on 2024-04-26
  • black from 24.4.0 to 24.4.2 on 2024-04-26
  • mypy from 1.9.0 to 1.10.0 on 2024-04-26
  • pyright from 1.1.359 to 1.1.360 on 2024-04-26
  • ruff from 0.4.1 to 0.4.2 on 2024-04-26
  • grype from 0.77.0 to 0.77.1 on 2024-04-26
  • syft from 1.2.0 to 1.3.0 on 2024-04-26

... (truncated)

Commits

• 03986e6 Release MegaLinter v7.11.1
• 4199f64 [automation] Auto-update linters version, help and documentation (#3504)
• eac233f Implement fallback in case git diff does not work with merge-base (#3503)
• 57b35ba Release MegaLinter v7.11.0
• 41567e1 [automation] Auto-update linters version, help and documentation (#3498)
• cee23e5 [automation] Auto-update linters version, help and documentation (#3492)
• 578b801 ci: add consistent python3/python handling at build.sh (#3475)
• c80e12a Add copy to clipboard button in code block (documentation) (#3491)
• fc8c26a Allow merge lists with extends (#3469)
• 5cec3c2 [automation] Auto-update linters version, help and documentation (#3488)
• Additional commits viewable in compare view

Updates github/codeql-action from 3.25.2 to 3.25.4

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.25.4 - 08 May 2024

• Update default CodeQL bundle version to 2.17.2. #2270
• Avoid printing out a warning for a missing on.push trigger when the CodeQL Action is triggered via a workflow_call event. #2274

3.25.3 - 25 Apr 2024

• Update default CodeQL bundle version to 2.17.1. #2247
• Workflows running on macos-latest using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as macos-12. ARM machines with SIP disabled, including the newest macos-latest image, are unsupported for CLI versions before 2.15.1. #2261

3.25.2 - 22 Apr 2024

No user facing changes.

3.25.1 - 17 Apr 2024

• We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the autobuild build mode. #2235
• Fix a bug where the init Action would fail if --overwrite was specified in CODEQL_ACTION_EXTRA_OPTIONS. #2245

3.25.0 - 15 Apr 2024

• The deprecated feature for extracting dependencies for a Python analysis has been removed. #2224

  As a result, the following inputs and environment variables are now ignored:

  • The setup-python-dependencies input to the init Action
  • The CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION environment variable

  We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.

• Automatically overwrite an existing database if found on the filesystem. #2229

• Bump the minimum CodeQL bundle version to 2.12.6. #2232

• A more relevant log message and a diagnostic are now emitted when the file program is not installed on a Linux runner, but is required for Go tracing to succeed. #2234

3.24.10 - 05 Apr 2024

• Update default CodeQL bundle version to 2.17.0. #2219
• Add a deprecation warning for customers using CodeQL version 2.12.5 and earlier. These versions of CodeQL were discontinued on 26 March 2024 alongside GitHub Enterprise Server 3.8, and will be unsupported by CodeQL Action versions 3.25.0 and later and versions 2.25.0 and later. #2220
  • If you are using one of these versions, please update to CodeQL CLI version 2.12.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
  • Alternatively, if you want to continue using a version of the CodeQL CLI between 2.11.6 and 2.12.5, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.24.10 and github/codeql-action/*@v2 by github/codeql-action/*@v2.24.10 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

... (truncated)

Commits

• ccf74c9 Merge pull request #2275 from github/update-v3.25.4-4b812a5df
• 4fdf4ac Update changelog for v3.25.4
• 4b812a5 Merge pull request #2270 from github/update-bundle/codeql-bundle-v2.17.2
• 1e21373 Merge pull request #2272 from github/marcogario-patch-1
• 4673d41 Build js files
• 65297ef Update link to deprecation changelog
• 84d6ead Merge pull request #2271 from github/koesie10/remove-cli-sarif-merge-ff
• b20bf59 Remove CLI SARIF merge feature flag
• 93b8232 Merge pull request #2265 from github/koesie10/deprecate-merge
• ee63da2 Add changelog note
• Additional commits viewable in compare view

Updates reviewdog/action-suggester from 1.11.0 to 1.12.0

Release notes

Sourced from reviewdog/action-suggester's releases.

Release v1.12.0

What's Changed

• chore(deps): update reviewdog/reviewdog to 0.17.4 by @​github-actions in reviewdog/action-suggester#52

Full Changelog: reviewdog/action-suggester@v1.11.0...v1.12.0

Commits

• 185c9c0 Merge pull request #52 from reviewdog/depup/reviewdog/reviewdog
• 723f29e chore(deps): update reviewdog/reviewdog to 0.17.4
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ ACTION	actionlint	5		0	0.04s
✅ CPP	clang-format	162	0	0	1.23s
✅ DOCKERFILE	hadolint	1		0	0.08s
✅ JSON	jsonlint	8		0	0.24s
✅ JSON	prettier	8	1	0	1.02s
✅ MARKDOWN	markdownlint	4	0	0	1.01s
⚠️ MARKDOWN	markdown-link-check	4		21	4.99s
✅ MARKDOWN	markdown-table-formatter	4	0	0	0.33s
✅ REPOSITORY	checkov	yes		no	16.88s
✅ REPOSITORY	git_diff	yes		no	0.01s
✅ REPOSITORY	grype	yes		no	13.81s
✅ REPOSITORY	secretlint	yes		no	1.75s
✅ REPOSITORY	trivy	yes		no	9.16s
✅ REPOSITORY	trivy-sbom	yes		no	6.13s
✅ REPOSITORY	trufflehog	yes		no	2.68s
⚠️ SPELL	lychee	33		3	0.73s
✅ YAML	prettier	7	0	0	0.98s
✅ YAML	v8r	7		0	6.04s
✅ YAML	yamllint	7		0	0.36s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.