Title: Bump the github-actions-version-updates group across 1 directory with 4 updates by dependabot[bot] · Pull Request #3450 · secureCodeBox/secureCodeBox · GitHub
Open Graph Title: Bump the github-actions-version-updates group across 1 directory with 4 updates by dependabot[bot] · Pull Request #3450 · secureCodeBox/secureCodeBox
X Title: Bump the github-actions-version-updates group across 1 directory with 4 updates by dependabot[bot] · Pull Request #3450 · secureCodeBox/secureCodeBox
Description: Bumps the github-actions-version-updates group with 4 updates in the /.github/workflows directory: oven-sh/setup-bun, oxsecurity/megalinter, github/codeql-action and docker/setup-buildx-action.
Updates oven-sh/setup-bun from 2.0.2 to 2.1.0
Release notes
Sourced from oven-sh/setup-bun's releases.
v2.1.0
oven-sh/setup-bun is the github action for setting up Bun.
What's Changed
chore: add settings for vscode by @okineadev in oven-sh/setup-bun#120
feat: support for multiple registries by @xhyrom in oven-sh/setup-bun#109
feat: read engines from package json by @xhyrom in oven-sh/setup-bun#132
ci: disable tests with version selectors by @xhyrom in oven-sh/setup-bun#133
chore(ci): Pin GitHub Actions to SHA-1s by @dgilmanuni in oven-sh/setup-bun#140
feat: Check for existing bun before downloading by @erikaxel in oven-sh/setup-bun#138
docs: restore missing no-cache input by @bashonly in oven-sh/setup-bun#149
release: v2.1.0 by @xhyrom in oven-sh/setup-bun#151
New Contributors
@dgilmanuni made their first contribution in oven-sh/setup-bun#140
@erikaxel made their first contribution in oven-sh/setup-bun#138
@bashonly made their first contribution in oven-sh/setup-bun#149
Full Changelog: oven-sh/setup-bun@v2...v2.1.0
Commits
b7a1c7c release: v2.1.0 (#151)
ad1208b docs: restore missing no-cache input (#149)
bc6f04c [autofix.ci] apply automated fixes
1dbab06 feat: Check for existing bun before downloading (#138)
6356405 chore(ci): Pin GitHub Actions to SHA-1s (#140)
22457c8 docs: remove unnecessary note
237a6a7 [autofix.ci] apply automated fixes
53e6487 ci(format): use bun
68643ea ci: disable tests with version selectors (#133)
56169ab feat: read engines from package json (#132)
Additional commits viewable in compare view
Updates oxsecurity/megalinter from 9.2.0 to 9.3.0
Release notes
Sourced from oxsecurity/megalinter's releases.
v9.3.0
What's Changed
Core
Add enum name support in MegaLinter config Json schema for better autocompletion in editors
Update base image to python:3.13-alpine3.23
New linters
Add codespell
Add kingfisher by @bdovaz
Add rumdl by @bdovaz
Linters enhancements
Change checkmake Docker image reference by @bdovaz
Reporters
Handle multiple MegaLinter runs on the same repo using custom value sent in variable MEGALINTER_MULTIRUN_KEY
Allow to override url to CI build in Git based reporters using REPORTERS_ACTION_RUN_URL variable
Fix sections display in Gitlab console logs
Doc
Classify all JSON schema config variables by category and section
CI
Free disk space on GitHub actions runner when releasing a new flavor
Add missing Dockerfile patterns to Renovate Dockerfile manager
Remove gitpod custom image, workflow, and makefile targets
Linter versions upgrades (54)
actionlint from 1.7.9 to 1.7.10
ansible-lint from 25.11.1 to 25.12.2
bash-exec from 5.2.37 to 5.3.3
black from 25.11.0 to 25.12.0
cfn-lint from 1.41.0 to 1.43.1
checkov from 3.2.495 to 3.2.497
clang-format from 20.1.8 to 21.1.2
clippy from 0.1.91 to 0.1.92
clj-kondo from 2025.10.23 to 2025.12.23
code-analyzer-apex from 5.6.1 to 5.7.1
code-analyzer-aura from 5.6.1 to 5.7.1
code-analyzer-lwc from 5.6.1 to 5.7.1
cppcheck from 2.14.2 to 2.18.3
csharpier from 1.2.1 to 1.2.5
cspell from 9.3.2 to 9.4.0
dartanalyzer from 3.8.3 to 3.10.7
dotnet-format from 9.0.111 to 9.0.112
git_diff from 2.49.1 to 2.52.0
golangci-lint from 2.6.2 to 2.7.2
grype from 0.104.1 to 0.104.3
helm from 3.18.4 to 3.19.0
... (truncated)
Changelog
Sourced from oxsecurity/megalinter's changelog.
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
[Unreleased] (beta, main branch content)
Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image
Core
Add support for SSH remote origins when building custom flavors (fixes: #6511)
New linters
Disabled linters
Deprecated linters
Removed linters
Media
Linters enhancements
Fixes
Reporters
Doc
Flavors
CI
mega-linter-runner
Linter versions upgrades (N)
code-analyzer-apex from 5.7.1 to 5.8.0 on 2026-01-05
code-analyzer-aura from 5.7.1 to 5.8.0 on 2026-01-05
code-analyzer-lwc from 5.7.1 to 5.8.0 on 2026-01-05
cfn-lint from 1.43.1 to 1.43.2 on 2026-01-05
rumdl from 0.0.208 to 0.0.210 on 2026-01-05
[v9.3.0] - 2026-01-04
Core
Add enum name support in MegaLinter config Json schema for better autocompletion in editors
Update base image to python:3.13-alpine3.23
... (truncated)
Commits
42bb470 Release MegaLinter v9.3.0
fe74938 changelog
edb083a [automation] Auto-update linters version, help and documentation (#6889)
824240c JSON Schema fix (#6888)
9af8d5b chore(deps): update dependency npm-package-json-lint to v9.1.0 (#6883)
781c95c [automation] Auto-update linters version, help and documentation (#6885)
101b802 JSON Schema (#6887)
3ab7a93 chore(deps): update dependency friendsofphp/php-cs-fixer to v3.92.4 (#6886)
12f7c03 chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.9.21 (#6882)
91a9dfb chore(deps): update dependency sfdx-hardis to v6.20.0 (#6884)
Additional commits viewable in compare view
Updates github/codeql-action from 4.31.8 to 4.31.9
Release notes
Sourced from github/codeql-action's releases.
v4.31.9
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.9 - 16 Dec 2025
No user facing changes.
See the full CHANGELOG.md for more information.
Changelog
Sourced from github/codeql-action's changelog.
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
[UNRELEASED]
No user facing changes.
4.31.9 - 16 Dec 2025
No user facing changes.
4.31.8 - 11 Dec 2025
Update default CodeQL bundle version to 2.23.8. #3354
4.31.7 - 05 Dec 2025
Update default CodeQL bundle version to 2.23.7. #3343
4.31.6 - 01 Dec 2025
No user facing changes.
4.31.5 - 24 Nov 2025
Update default CodeQL bundle version to 2.23.6. #3321
4.31.4 - 18 Nov 2025
No user facing changes.
4.31.3 - 13 Nov 2025
CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
Update default CodeQL bundle version to 2.23.5. #3288
4.31.2 - 30 Oct 2025
No user facing changes.
4.31.1 - 30 Oct 2025
The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.
4.31.0 - 24 Oct 2025
Bump minimum CodeQL bundle version to 2.17.6. #3223
When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222
... (truncated)
Commits
5d4e8d1 Merge pull request #3371 from github/update-v4.31.9-998798e34
1dc115f Update changelog for v4.31.9
998798e Merge pull request #3352 from github/nickrolfe/jar-min-ff-cleanup
5eb7519 Merge pull request #3358 from github/henrymercer/database-upload-telemetry
d29eddb Extract version number to constant
e962687 Merge branch 'main' into henrymercer/database-upload-telemetry
19c7f96 Rename isOverlayBase
ae5de9a Use getErrorMessage in log too
0cb8633 Prefer performance.now()
c07cc0d Merge pull request #3351 from github/henrymercer/ghec-dr-determine-tools-vers...
Additional commits viewable in compare view
Updates docker/setup-buildx-action from 3.11.1 to 3.12.0
Release notes
Sourced from docker/setup-buildx-action's releases.
v3.12.0
Deprecate install input by @crazy-max in docker/setup-buildx-action#455
Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/setup-buildx-action#434
Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-buildx-action#436
Bump form-data from 2.5.1 to 2.5.5 in docker/setup-buildx-action#432
Bump undici from 5.28.4 to 5.29.0 in docker/setup-buildx-action#435
Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0
Commits
8d2750c Merge pull request #455 from crazy-max/install-deprecated
e81846b deprecate install input
65d18f8 Merge pull request #454 from docker/dependabot/github_actions/actions/checkout-6
000d75d build(deps): bump actions/checkout from 5 to 6
1583c0f Merge pull request #443 from nicolasleger/patch-1
ed158e7 doc: bump actions/checkout from 4 to 5
4cc794f Merge pull request #441 from docker/dependabot/github_actions/actions/checkout-5
4dfc3d6 build(deps): bump actions/checkout from 4 to 5
af1b253 Merge pull request #440 from crazy-max/k3s-build
3c6ab92 ci: k3s test with latest buildx
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show
Open Graph Description: Bumps the github-actions-version-updates group with 4 updates in the /.github/workflows directory: oven-sh/setup-bun, oxsecurity/megalinter, github/codeql-action and docker/setup-buildx-action. Upd...
X Description: Bumps the github-actions-version-updates group with 4 updates in the /.github/workflows directory: oven-sh/setup-bun, oxsecurity/megalinter, github/codeql-action and docker/setup-buildx-action. Upd...
Opengraph URL: https://github.com/secureCodeBox/secureCodeBox/pull/3450
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:34807a44-627b-1bd2-dfc5-5aacb32ef06d |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | 8F2C:1B8E26:644DB87:8294002:69756708 |
| html-safe-nonce | 7afb0a5947aeab77e13cd3b9eb5ef3a50d859c76dfe8d1badffaee4972c984cb |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI4RjJDOjFCOEUyNjo2NDREQjg3OjgyOTQwMDI6Njk3NTY3MDgiLCJ2aXNpdG9yX2lkIjoiMjc0MTMwOTkxMjYyODE2MDI2NCIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | 40d002523f968c3008b782987ab52771902f25a4c3d7cfb204b00d3d78041b6f |
| hovercard-subject-tag | pull_request:3148749197 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/secureCodeBox/secureCodeBox/pull/3450/files |
| twitter:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| og:image:alt | Bumps the github-actions-version-updates group with 4 updates in the /.github/workflows directory: oven-sh/setup-bun, oxsecurity/megalinter, github/codeql-action and docker/setup-buildx-action. Upd... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | 4a4bf5f4e28041a9d2e5c107d7d20b78b4294ba261cab243b28167c16a623a1f |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/secureCodeBox/secureCodeBox git https://github.com/secureCodeBox/secureCodeBox.git |
| octolytics-dimension-user_id | 34573705 |
| octolytics-dimension-user_login | secureCodeBox |
| octolytics-dimension-repository_id | 80711933 |
| octolytics-dimension-repository_nwo | secureCodeBox/secureCodeBox |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 80711933 |
| octolytics-dimension-repository_network_root_nwo | secureCodeBox/secureCodeBox |
| turbo-body-classes | logged-out env-production page-responsive full-width |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 488b30e96dfd057fbbe44c6665ccbc030b729dde |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width