Skip to content

Bump the npm_and_yarn group across 1 directory with 2 updates #6344

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 2 updates #6344

wants to merge 1 commit into from
+87 −75

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 13, 2025
edited
Loading

Bumps the npm_and_yarn group with 2 updates in the /.automation/test/repository_syft directory: brace-expansion and tmp.

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates brace-expansion from 2.0.1 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Removes tmp

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 13, 2025
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 13, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Oct 13, 2025
edited
Loading

⚠️MegaLinter analysis: Success with warnings

⚠️ PYTHON / bandit - 69 errors 
Run started:2025-11-17 13:12:35.815263

Test results:
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: ./.automation/build.py:11:0
10	import shutil
11	import subprocess
12	import sys

--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: ''
   Severity: Low   Confidence: Medium
   CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b105_hardcoded_password_string.html
   Location: ./.automation/build.py:3050:35
3049	                api_github_headers = {"content-type": "application/json"}
3050	                use_github_token = ""
3051	                if "GITHUB_TOKEN" in os.environ:

--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: ' (with GITHUB_TOKEN)'
   Severity: Low   Confidence: Medium
   CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b105_hardcoded_password_string.html
   Location: ./.automation/build.py:3054:39
3053	                    api_github_headers["authorization"] = f"Bearer {github_token}"
3054	                    use_github_token = " (with GITHUB_TOKEN)"
3055	                logging.info(

--------------------------------------------------
>> Issue: [B602:subprocess_popen_with_shell_equals_true] subprocess call with shell=True identified, security issue.
   Severity: High   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b602_subprocess_popen_with_shell_equals_true.html
   Location: ./.automation/build.py:3432:14
3431	        cwd=cwd,
3432	        shell=True,
3433	        executable=None if sys.platform == "win32" else which("bash"),
3434	    )
3435	    stdout = utils.clean_string(process.stdout)
3436	    logging.info(f"Format table results: ({process.returncode})\n" + stdout)
3437	
3438	
3439	def generate_json_schema_docs():
3440	    logging.info("Generating json schema html docs…")
3441	    if sys.platform == "win32":

--------------------------------------------------
>> Issue: [B602:subprocess_popen_with_shell_equals_true] subprocess call with shell=True identified, security issue.
   Severity: High   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b602_subprocess_popen_with_shell_equals_true.html
   Location: ./.automation/build.py:3455:14
3454	        cwd=cwd,
3455	        shell=True,
3456	        executable=None if sys.platform == "win32" else which("bash"),
3457	    )
3458	    stdout = utils.clean_string(process.stdout)
3459	    logging.info(
3460	        f"Generate json schema docs results: ({process.returncode})\n" + stdout
3461	    )
3462	
3463	
3464	def generate_version():

--------------------------------------------------
>> Issue: [B607:start_process_with_partial_path] Starting a process with a partial executable path
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b607_start_process_with_partial_path.html
   Location: ./.automation/build.py:3468:14
3467	    cwd_to_use = os.getcwd() + "/mega-linter-runner"
3468	    process = subprocess.run(
3469	        [
3470	            "npm",
3471	            "version",
3472	            "--newversion",
3473	            RELEASE_TAG,
3474	            "-no-git-tag-version",
3475	            "--no-commit-hooks",
3476	        ],
3477	        stdout=subprocess.PIPE,
3478	        universal_newlines=True,
3479	        cwd=cwd_to_use,
3480	        shell=True,
3481	    )
3482	    print(process.stdout)

--------------------------------------------------
>> Issue: [B602:subprocess_popen_with_shell_equals_true] subprocess call with shell=True identified, security issue.
   Severity: High   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b602_subprocess_popen_with_shell_equals_true.html
   Location: ./.automation/build.py:3480:14
3479	        cwd=cwd_to_use,
3480	        shell=True,
3481	    )
3482	    print(process.stdout)
3483	    print(process.stderr)
3484	    # Update python project version:
3485	    process = subprocess.run(
3486	        ["hatch", "version", RELEASE_TAG],
3487	        stdout=subprocess.PIPE,
3488	        text=True,
3489	        shell=True,
3490	        check=True,
3491	    )
3492	    # Update changelog
3493	    if UPDATE_CHANGELOG is True:
3494	        changelog_file = f"{REPO_HOME}/CHANGELOG.md"

--------------------------------------------------
>> Issue: [B607:start_process_with_partial_path] Starting a process with a partial executable path
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b607_start_process_with_partial_path.html
   Location: ./.automation/build.py:3485:14
3484	    # Update python project version:
3485	    process = subprocess.run(
3486	        ["hatch", "version", RELEASE_TAG],
3487	        stdout=subprocess.PIPE,
3488	        text=True,
3489	        shell=True,
3490	        check=True,
3491	    )
3492	    # Update changelog

--------------------------

(Truncated to 5714 characters out of 43891)
⚠️ BASH / bash-exec - 1 error 
Results of bash-exec linter (version 5.2.37)
See documentation on https://megalinter.io/beta/descriptors/bash_bash_exec/
-----------------------------------------------

✅ [SUCCESS] .automation/build_schemas_doc.sh
✅ [SUCCESS] .automation/format-tables.sh
✅ [SUCCESS] .vscode/testlinter.sh
✅ [SUCCESS] build.sh
✅ [SUCCESS] entrypoint.sh
❌ [ERROR] sh/megalinter_exec
    Error: File:[sh/megalinter_exec] is not executable
⚠️ REPOSITORY / grype - 30 errors 
[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
NAME                           INSTALLED  FIXED IN  TYPE    VULNERABILITY        SEVERITY  EPSS           RISK   
ejs                            3.1.6      3.1.7     npm     GHSA-phwq-j96m-2c2q  Critical  93.5% (99th)   87.9   
tar                            6.0.1      6.1.1     npm     GHSA-3jfq-g458-7qm9  High      85.5% (99th)   67.1   
requests                       2.24.0     2.31.0    python  GHSA-j8r2-6x86-q33q  Medium    6.1% (90th)    3.4    
ip                             1.1.5                npm     GHSA-2p57-rm9w-gvfp  High      3.8% (87th)    3.0    
minimist                       1.2.5      1.2.6     npm     GHSA-xvch-5gv4-984h  Critical  0.9% (74th)    0.8    
ejs                            3.1.6      3.1.10    npm     GHSA-ghr5-ch3p-vcr6  Medium    1.3% (78th)    0.6    
tar                            6.0.1      6.1.9     npm     GHSA-5955-9wpr-37jh  High      0.6% (68th)    0.5    
node-fetch                     2.6.6      2.6.7     npm     GHSA-r683-j2x4-v87g  High      0.5% (65th)    0.4    
minimatch                      3.0.4      3.0.5     npm     GHSA-f8q6-p94x-37v3  High      0.5% (66th)    0.4    
semver                         7.3.5      7.5.2     npm     GHSA-c2qf-rxjj-qqgw  High      0.3% (54th)    0.2    
braces                         3.0.2      3.0.3     npm     GHSA-grv7-fg5c-xmjg  High      0.2% (45th)    0.2    
ansi-regex                     3.0.0      3.0.1     npm     GHSA-93q8-gq69-wqmw  High      0.2% (44th)    0.2    
tar                            6.0.1      6.1.2     npm     GHSA-r628-mhmh-qjhw  High      0.2% (39th)    0.1    
tar                            6.0.1      6.2.1     npm     GHSA-f5x3-32g6-xq36  Medium    0.2% (44th)    0.1    
tar                            6.1.11     6.2.1     npm     GHSA-f5x3-32g6-xq36  Medium    0.2% (44th)    0.1    
http-cache-semantics           4.1.0      4.1.1     npm     GHSA-rc47-6667-2j5j  High      0.2% (37th)    0.1    
ip                             1.1.5      1.1.9     npm     GHSA-78xj-cgh5-2h22  Low       0.4% (59th)    0.1    
@octokit/request-error         2.1.0      5.1.1     npm     GHSA-xx4v-prfh-6cgc  Medium    0.2% (44th)    0.1    
@octokit/request               5.6.2      8.4.1     npm     GHSA-rmvr-2pp2-xj38  Medium    0.2% (41st)    0.1    
cross-spawn                    7.0.3      7.0.5     npm     GHSA-3xgq-45jj-v275  High      0.1% (33rd)    < 0.1  
@octokit/plugin-paginate-rest  2.17.0     9.2.2     npm     GHSA-h5c3-5r3r-rr8q  Medium    0.2% (39th)    < 0.1  
micromatch                     4.0.4      4.0.8     npm     GHSA-952p-6rrq-rcjv  Medium    0.1% (32nd)    < 0.1  
debug                          4.2.0      4.3.1     npm     GHSA-gxpj-cx7g-858c  Low       < 0.1% (27th)  < 0.1  
requests                       2.24.0     2.32.0    python  GHSA-9wx4-h78v-vm56  Medium    < 0.1% (13th)  < 0.1  
requests                       2.24.0     2.32.4    python  GHSA-9hjg-9r4m-mvj7  Medium    < 0.1% (13th)  < 0.1  
word-wrap                      1.2.3      1.2.4     npm     GHSA-j8xg-fqg3-53r7  Medium    < 0.1% (13th)  < 0.1  
tar                            6.0.1      6.1.7     npm     GHSA-9r2w-394v-53qc  High      < 0.1% (5th)   < 0.1  
tmp                            0.0.33     0.2.4     npm     GHSA-52f5-9888-hmc6  Low       < 0.1% (22nd)  < 0.1  
tar                            6.0.1      6.1.9     npm     GHSA-qq89-hq3f-393p  High      < 0.1% (4th)   < 0.1  
brace-expansion                1.1.11     1.1.12    npm     GHSA-v6h2-p8h4-qcjw  Low       < 0.1% (1st)   < 0.1
[0032] ERROR discovered vulnerabilities at or above the severity threshold
⚠️ SPELL / lychee - 21 errors 
[WARN ] WARNING: `--exclude-mail` is deprecated and will soon be removed; E-Mail is no longer checked by default. Use `--include-mail` to enable E-Mail checking.
[404] https://github.com/$ | Network error: Not Found
[ERROR] https://www.contributor-covenant.org/faq | Network error: error sending request for url (https://www.contributor-covenant.org/faq) Maybe a certificate error?
[403] https://htmlhint.com/integrations/task-runner/ | Network error: Forbidden
[403] https://cloudtuned.hashnode.dev/ | Network error: Forbidden
[403] https://cloudtuned.hashnode.dev/introducing-megalinter-streamlining-code-quality-checks-across-multiple-languages | Network error: Forbidden
[403] https://npmjs.org/package/mega-linter-runner | Network error: Forbidden
[403] https://npmjs.org/package/mega-linter-runner | Network error: Forbidden
[403] https://htmlhint.com/integrations/task-runner/ | Error (cached)
[403] https://htmlhint.com/ | Network error: Forbidden
[403] https://htmlhint.com/docs/user-guide/list-rules | Network error: Forbidden
[403] https://htmlhint.com/configuration/ | Network error: Forbidden
[403] https://www.npmjs.com/package/markdown-table-formatter | Network error: Forbidden
[404] https://plugins.jetbrains.com/plugin/11563-flake8-support | Network error: Not Found
[404] https://github.com/Lightning-Flow-Scanner | Network error: Not Found
[404] https://raku.org/camelia-logo.png | Network error: Not Found
[404] https://lychee.cli.rs/usage/cli/ | Network error: Not Found
[404] https://lychee.cli.rs/usage/config/ | Network error: Not Found
[404] https://robocop.readthedocs.io/en/stable/configuration/configuration.html | Network error: Not Found
[404] https://robocop.readthedocs.io/en/stable/rules/rules_list.html | Network error: Not Found
[404] https://github.com/pderichs/sublime_rubocop | Network error: Not Found
[404] https://robocop.readthedocs.io/en/stable/rules/rules_basics.html#selecting-and-ignoring-rules | Network error: Not Found
📝 Summary
---------------------
🔍 Total.........2373
✅ Successful....1888
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.......464
❓ Unknown..........0
🚫 Errors..........21

Errors in megalinter/descriptors/python.megalinter-descriptor.yml
[404] https://plugins.jetbrains.com/plugin/11563-flake8-support | Network error: Not Found

Errors in mega-linter-runner/README.md
[403] https://npmjs.org/package/mega-linter-runner | Network error: Forbidden

Errors in megalinter/descriptors/html.megalinter-descriptor.yml
[403] https://htmlhint.com/ | Network error: Forbidden
[403] https://htmlhint.com/docs/user-guide/list-rules | Network error: Forbidden
[403] https://htmlhint.com/integrations/task-runner/ | Error (cached)
[403] https://htmlhint.com/configuration/ | Network error: Forbidden

Errors in megalinter/descriptors/markdown.megalinter-descriptor.yml
[403] https://www.npmjs.com/package/markdown-table-formatter | Network error: Forbidden

Errors in megalinter/descriptors/raku.megalinter-descriptor.yml
[404] https://raku.org/camelia-logo.png | Network error: Not Found

Errors in megalinter/descriptors/salesforce.megalinter-descriptor.yml
[404] https://github.com/Lightning-Flow-Scanner | Network error: Not Found

Errors in megalinter/descriptors/robotframework.megalinter-descriptor.yml
[404] https://robocop.readthedocs.io/en/stable/rules/rules_list.html | Network error: Not Found
[404] https://robocop.readthedocs.io/en/stable/rules/rules_basics.html#selecting-and-ignoring-rules | Network error: Not Found
[404] https://robocop.readthedocs.io/en/stable/configuration/configuration.html | Network error: Not Found

Errors in README.md
[403] https://htmlhint.com/integrations/task-runner/ | Network error: Forbidden
[403] https://npmjs.org/package/mega-linter-runner | Network error: Forbidden
[403] https://cloudtuned.hashnode.dev/introducing-megalinter-streamlining-code-quality-checks-across-multiple-languages | Network error: Forbidden
[403] https://cloudtuned.hashnode.dev/ | Network error: Forbidden

Errors in megalinter/descriptors/spell.megalinter-descriptor.yml
[404] https://lychee.cli.rs/usage/config/ | Network error: Not Found
[404] https://lychee.cli.rs/usage/cli/ | Network error: Not Found

Errors in CODE_OF_CONDUCT.md
[ERROR] https://www.contributor-covenant.org/faq | Network error: error sending request for url (https://www.contributor-covenant.org/faq) Maybe a certificate error?

Errors in mega-linter-runner/generators/mega-linter-custom-flavor/templates/check-new-megalinter-version.yml
[404] https://github.com/$ | Network error: Not Found

Errors in megalinter/descriptors/ruby.megalinter-descriptor.yml
[404] https://github.com/pderichs/sublime_rubocop | Network error: Not Found
⚠️ MARKDOWN / markdownlint - 306 errors 
.github/copilot-instructions.md:9 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"]
.github/copilot-instructions.md:156 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"]
.github/linters/valestyles/proselint/README.md:12:601 MD013/line-length Line length [Expected: 600; Actual: 755]
CHANGELOG.md:147:90 MD059/descriptive-link-text Link text should be descriptive [Context: "[here]"]
CHANGELOG.md:2168:87 MD059/descriptive-link-text Link text should be descriptive [Context: "[here]"]
docs/articles.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "They talk about MegaLinter"]
docs/badge.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Badge"]
docs/config-activation.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Activation and deactivation"]
docs/config-apply-fixes.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Apply fixes"]
docs/config-cli-lint-mode.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "CLI lint mode"]
docs/config-file.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: ".mega-linter.yml file"]
docs/config-filtering.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Filter linted files"]
docs/config-linters.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Linter specific variables"]
docs/config-postcommands.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Post-commands"]
docs/config-precommands.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Pre-commands"]
docs/config-variables-security.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Environment variables security"]
docs/config-variables.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Common variables"]
docs/configuration.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Configuration"]
docs/descriptors/action_actionlint.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "actionlint"]
docs/descriptors/action.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "ACTION"]
docs/descriptors/ansible_ansible_lint.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "ansible-lint"]
docs/descriptors/ansible_ansible_lint.md:8:601 MD013/line-length Line length [Expected: 600; Actual: 795]
docs/descriptors/ansible.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "ANSIBLE"]
docs/descriptors/api_spectral.md:14:601 MD013/line-length Line length [Expected: 600; Actual: 746]
docs/descriptors/api.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "API"]
docs/descriptors/arm_arm_ttk.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "arm-ttk"]
docs/descriptors/arm.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "ARM"]
docs/descriptors/bash_bash_exec.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "bash-exec"]
docs/descriptors/bash_shellcheck.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "shellcheck"]
docs/descriptors/bash_shellcheck.md:8:601 MD013/line-length Line length [Expected: 600; Actual: 785]
docs/descriptors/bash_shfmt.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "shfmt"]
docs/descriptors/bash.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "BASH"]
docs/descriptors/bicep_bicep_linter.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "bicep_linter"]
docs/descriptors/bicep.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "BICEP"]
docs/descriptors/c_clang_format.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "clang-format"]
docs/descriptors/c_clang_format.md:8:601 MD013/line-length Line length [Expected: 600; Actual: 768]
docs/descriptors/c_cppcheck.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "cppcheck"]
docs/descriptors/c_cpplint.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "cpplint"]
docs/descriptors/c.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "C"]
docs/descriptors/clojure_cljstyle.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "cljstyle"]
docs/descriptors/clojure_cljstyle.md:8:601 MD013/line-length Line length [Expected: 600; Actual: 768]
docs/descriptors/clojure.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "CLOJURE"]
docs/descriptors/cloudformation_cfn_lint.md:14:601 MD013/line-length Line length [Expected: 600; Actual: 865]
docs/descriptors/cloudformation.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "CLOUDFORMATION"]
docs/descriptors/coffee_coffeelint.md:7 MD025/single-title/single-h1 Multiple top-level headings

(Truncated to 5714 characters out of 37912)
⚠️ YAML / prettier - 6 errors 
.automation/plugins.yml 91ms (unchanged)
.github/FUNDING.yml 6ms (unchanged)
.github/dependabot.yml 54ms (unchanged)
.github/linters/.cfnlintrc.yml 3ms (unchanged)
.github/linters/.checkov.yml 8ms (unchanged)
.github/linters/.golangci.yml 9ms (unchanged)
.github/linters/.hadolint.yml 3ms (unchanged)
.github/linters/.openapirc.yml 3ms (unchanged)
.github/linters/.protolintrc.yml 8ms (unchanged)
.github/linters/.ruby-lint.yml 2ms (unchanged)
.github/linters/.yamllint.yml 13ms (unchanged)
.github/linters/analysis_options.yml 7ms (unchanged)
.github/linters/valestyles/Microsoft/AMPM.yml 7ms (unchanged)
.github/linters/valestyles/Microsoft/Accessibility.yml 6ms (unchanged)
.github/linters/valestyles/Microsoft/Acronyms.yml 15ms (unchanged)
.github/linters/valestyles/Microsoft/Adverbs.yml 60ms (unchanged)
.github/linters/valestyles/Microsoft/Auto.yml 3ms (unchanged)
.github/linters/valestyles/Microsoft/Avoid.yml 4ms (unchanged)
.github/linters/valestyles/Microsoft/ComplexWords.yml 32ms (unchanged)
.github/linters/valestyles/Microsoft/Contractions.yml 10ms (unchanged)
.github/linters/valestyles/Microsoft/Dashes.yml 10ms (unchanged)
.github/linters/valestyles/Microsoft/DateFormat.yml 8ms (unchanged)
.github/linters/valestyles/Microsoft/DateNumbers.yml 7ms (unchanged)
.github/linters/valestyles/Microsoft/DateOrder.yml 2ms (unchanged)
.github/linters/valestyles/Microsoft/Ellipses.yml 4ms (unchanged)
.github/linters/valestyles/Microsoft/FirstPerson.yml 2ms (unchanged)
.github/linters/valestyles/Microsoft/Foreign.yml 2ms (unchanged)
.github/linters/valestyles/Microsoft/Gender.yml 2ms (unchanged)
.github/linters/valestyles/Microsoft/GenderBias.yml 4ms (unchanged)
.github/linters/valestyles/Microsoft/GeneralURL.yml 3ms (unchanged)
.github/linters/valestyles/Microsoft/HeadingAcronyms.yml 2ms (unchanged)
.github/linters/valestyles/Microsoft/HeadingColons.yml 2ms (unchanged)
.github/linters/valestyles/Microsoft/HeadingPunctuation.yml 2ms (unchanged)
.github/linters/valestyles/Microsoft/Headings.yml 2ms (unchanged)
.github/linters/valestyles/Microsoft/Hyphens.yml 2ms (unchanged)
.github/linters/valestyles/Microsoft/Negative.yml 2ms (unchanged)
.github/linters/valestyles/Microsoft/Ordinal.yml 2ms (unchanged)
.github/linters/valestyles/Microsoft/OxfordComma.yml 2ms (unchanged)
.github/linters/valestyles/Microsoft/Passive.yml 14ms (unchanged)
.github/linters/valestyles/Microsoft/Percentages.yml 3ms (unchanged)
.github/linters/valestyles/Microsoft/Quotes.yml 3ms (unchanged)
.github/linters/valestyles/Microsoft/RangeFormat.yml 2ms (unchanged)
.github/linters/valestyles/Microsoft/RangeTime.yml 3ms (unchanged)
.github/linters/valestyles/Microsoft/Ranges.yml 5ms (unchanged)
.github/linters/valestyles/Microsoft/Semicolon.yml 2ms (unchanged)
.github/linters/valestyles/Microsoft/SentenceLength.yml 6ms (unchanged)
.github/linters/valestyles/Microsoft/Spacing.yml 3ms (unchanged)
.github/linters/valestyles/Microsoft/Suspended.yml 2ms (unchanged)
.github/linters/valestyles/Microsoft/Terms.yml 6ms (unchanged)
.github/linters/valestyles/Microsoft/URLFormat.yml 3ms (unchanged)
.github/linters/valestyles/Microsoft/Units.yml 4ms (unchanged)
.github/linters/valestyles/Microsoft/Vocab.yml 7ms (unchanged)
.github/linters/valestyles/Microsoft/We.yml 2ms (unchanged)
.github/linters/valestyles/Microsoft/Wordiness.yml 17ms (unchanged)
.github/linters/valestyles/proselint/Airlinese.yml 3ms (unchanged)
.github/linters/valestyles/proselint/AnimalLabels.yml 8ms (unchanged)
.github/linters/valestyles/proselint/Annotations.yml 4ms (unchanged)
.github/linters/valestyles/proselint/Apologizing.yml 2ms (unchanged)
.github/linters/valestyles/proselint/Archaisms.yml 3ms (unchanged)
.github/linters/valestyles/proselint/But.yml 2ms (unchanged)
.github/linters/valestyles/proselint/Cliches.yml 51ms (unchanged)
.github/linters/valestyles/proselint/CorporateSpeak.yml 2ms (unchanged)
.github/linters/valestyles/proselint/Currency.yml 1ms (unchanged)
.github/linters/valestyles/proselint/Cursing.yml 2ms (unchanged)
.github/linters/valestyles/proselint/DateCase.yml 2ms (unchanged)
.github/linters/valestyles/proselint/DateMidnight.yml 1ms (unchanged)
.github/linters/valestyles/proselint/DateRedundancy.yml 7ms (unchanged)
.github/linters/valestyles/proselint/DateSpacing.yml 4ms (unchanged)
.github/linters/valestyles/proselint/DenizenLabels.yml 12ms (unchanged)
.github/linters/valestyles/proselint/Diacritical.yml 26ms (unchanged)
.github/linters/valestyles/proselint/GenderBias.yml 8ms (unchanged)
.github/linters/valestyles/proselint/GroupTerms.yml 8ms (unchanged)
.github/linters/valestyles/proselint/Hedging.yml 2ms (unchanged)
.github/linters/valestyles/proselint/Hyperbole.yml 1ms (unchanged)
.github/linters/valestyles/proselint/Jargon.yml 2ms (unchanged)
.github/linters/valestyles/proselint/LGBTOffensive.yml 2ms (unchanged)
.github/linters/valestyles/proselint/LGBTTerms.yml 2ms (unchanged)
.github/linters/valestyles/proselint/Malapropisms.yml 1ms (unchanged)
.github/linters/valestyles/proselint/Needless.yml 81ms (unchanged)
.github/linters/valestyles/proselint/Nonwords.yml 6ms (unchanged)
.github/linters/valestyles/proselint/Oxymorons.yml 6ms (unchanged)
.github/linters/valestyles/proselint/P-Value.yml 3ms (unchanged)
.github/linters/valestyles/proselint/RASSyndrome.yml 4ms (unchanged)
.github/linters/valestyles/proselint/Skunked.yml 2ms (unchanged)
.github/linters/valestyles/proselint/Spelling.yml 10ms (unchanged)
.github/linters/valestyles/proselint/Typography.yml 11ms (unchanged)
.github/linters/valestyles/proselint/Uncomparables.yml 13ms (unchanged)
.github/linters/valestyles/proselint/Very.yml 2ms (unchanged)
.github/release-drafter.yml 28ms (unchanged)
.gitpod.yml 4ms (u

(Truncated to 5714 characters out of 11545)
⚠️ YAML / yamllint - 188 errors 
.automation/plugins.yml
  1:1       warning  missing document start "---"  (document-start)

.github/FUNDING.yml
  3:1       warning  missing document start "---"  (document-start)

.github/dependabot.yml
  4:1       warning  missing document start "---"  (document-start)

.github/linters/.cfnlintrc.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/.checkov.yml
  2:1       warning  missing document start "---"  (document-start)

.github/linters/.golangci.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/.hadolint.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/.protolintrc.yml
  2:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/AMPM.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Accessibility.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Acronyms.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Adverbs.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Auto.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Avoid.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/ComplexWords.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Contractions.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Dashes.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/DateFormat.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/DateNumbers.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/DateOrder.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Ellipses.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/FirstPerson.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Foreign.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Gender.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/GenderBias.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/GeneralURL.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/HeadingAcronyms.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/HeadingColons.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/HeadingPunctuation.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Headings.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Hyphens.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Negative.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Ordinal.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/OxfordComma.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Passive.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Percentages.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Quotes.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/RangeFormat.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/RangeTime.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Ranges.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Semicolon.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/SentenceLength.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Spacing.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Suspended.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Terms.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/URLFormat.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Units.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/Vocab.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft/We.yml
  1:1       warning  missing document start "---"  (document-start)

.github/linters/valestyles/Microsoft

(Truncated to 5714 characters out of 21376)

✅ Linters with no issues

black, checkov, cspell, flake8, git_diff, hadolint, isort, jscpd, jsonlint, markdown-table-formatter, mypy, npm-groovy-lint, pylint, ruff, secretlint, shellcheck, shfmt, spectral, syft, trivy, trivy-sbom, trufflehog, v8r, v8r, xmllint

See detailed reports in MegaLinter artifacts

MegaLinter is graciously provided by OX Security

@github-actions
Copy link
Contributor

github-actions bot commented Nov 13, 2025

This pull request has been automatically marked as stale because it has not had recent activity.
It will be closed in 14 days if no further activity occurs.
Thank you for your contributions.

If you think this pull request should stay open, please remove the O: stale 🤖 label or comment on the pull request.

@github-actions github-actions bot added the O: stale 🤖 This issue or pull request is stale, it will be closed if there is no activity label Nov 13, 2025
@echoix
Copy link
Collaborator

echoix commented Nov 17, 2025

@dependabot recreate

@dependabot
Bump the npm_and_yarn group across 1 directory with 2 updates
a07f3a3 
Bumps the npm_and_yarn group with 2 updates in the /.automation/test/repository_syft directory: [brace-expansion](https://github.com/juliangruber/brace-expansion) and [tmp](https://github.com/raszi/node-tmp).


Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `brace-expansion` from 2.0.1 to 2.0.2
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Removes `tmp`

---
updated-dependencies:
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 2.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tmp
  dependency-version: 
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/dot-automation/test/repository_syft/npm_and_yarn-6f0ebf56d1 branch from 4341d01 to a07f3a3 Compare November 17, 2025 13:03
@github-actions github-actions bot removed the O: stale 🤖 This issue or pull request is stale, it will be closed if there is no activity label Nov 18, 2025
@echoix
Copy link
Collaborator

echoix commented Nov 18, 2025

@nvuillam do we merge this, or we need to exclude it? It is in the syft folder

And how come the frequency of dependabot is back up? It was configured once a month in case renovate missed something.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nvuillam nvuillam Awaiting requested review from nvuillam nvuillam is a code owner

@echoix echoix Awaiting requested review from echoix echoix is a code owner

@bdovaz bdovaz Awaiting requested review from bdovaz bdovaz is a code owner

@Kurt-von-Laven Kurt-von-Laven Awaiting requested review from Kurt-von-Laven Kurt-von-Laven is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@nvuillam nvuillam

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@echoix @nvuillam