chore(deps): update github-actions

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/setup-python	action	minor	v4.7.1 -> v4.8.0
amannn/action-semantic-pull-request	action	minor	v5.3.0 -> v5.4.0
aquasecurity/trivy-action	action	minor	0.13.1 -> 0.16.1
ghcr.io/chgl/kube-powertools	container	patch	v2.2.16 -> v2.2.30
ghcr.io/miracum/ig-build-tools	container	patch	v2.0.9 -> v2.0.16
github/codeql-action	action	minor	v2.22.5 -> v2.23.0
google-github-actions/release-please-action	action	patch	v3.7.12 -> v3.7.13
lycheeverse/lychee-action	action	minor	v1.8.0 -> v1.9.1
micalevisk/last-issue-action	action	minor	v2.1.0 -> v2.3.0
oxsecurity/megalinter	action	minor	v7.5.0 -> v7.7.0
sigstore/cosign-installer	action	minor	v3.1.2 -> v3.3.0

---

Release Notes

actions/setup-python (actions/setup-python)

v4.8.0

Compare Source

What's Changed

In scope of this release we added support for GraalPy (https://github.com/actions/setup-python/pull/694). You can use this snippet to set up GraalPy:

steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4 
  with:
    python-version: 'graalpy-22.3' 
- run: python my_script.py

Besides, the release contains such changes as:

• Trim python version when reading from file by @​FerranPares in https://github.com/actions/setup-python/pull/628
• Use non-deprecated versions in examples by @​jeffwidman in https://github.com/actions/setup-python/pull/724
• Change deprecation comment to past tense by @​jeffwidman in https://github.com/actions/setup-python/pull/723
• Bump @​babel/traverse from 7.9.0 to 7.23.2 by @​dependabot in https://github.com/actions/setup-python/pull/743
• advanced-usage.md: Encourage the use actions/checkout@v4 by @​cclauss in https://github.com/actions/setup-python/pull/729
• Examples now use checkout@v4 by @​simonw in https://github.com/actions/setup-python/pull/738
• Update actions/checkout to v4 by @​dmitry-shibanov in https://github.com/actions/setup-python/pull/761

New Contributors

• @​FerranPares made their first contribution in https://github.com/actions/setup-python/pull/628
• @​timfel made their first contribution in https://github.com/actions/setup-python/pull/694
• @​jeffwidman made their first contribution in https://github.com/actions/setup-python/pull/724

Full Changelog: actions/setup-python@v4...v4.8.0

amannn/action-semantic-pull-request (amannn/action-semantic-pull-request)

v5.4.0

Compare Source

Features

• Use github.api_url as default for githubBaseUrl (#​243 by @​fty4) (4d5734a)

aquasecurity/trivy-action (aquasecurity/trivy-action)

v0.16.1

Compare Source

What's Changed

• Update Trivy to 0.48.1 by @​MartiUK in https://github.com/aquasecurity/trivy-action/pull/291
• docs: fix typo in README.md by @​hairmare in https://github.com/aquasecurity/trivy-action/pull/293

New Contributors

• @​MartiUK made their first contribution in https://github.com/aquasecurity/trivy-action/pull/291
• @​hairmare made their first contribution in https://github.com/aquasecurity/trivy-action/pull/293

Full Changelog: aquasecurity/trivy-action@0.16.0...0.16.1

v0.16.0

Compare Source

What's Changed

• Update to trivy version 0.48.0 by @​pragmaticivan in https://github.com/aquasecurity/trivy-action/pull/289

New Contributors

• @​pragmaticivan made their first contribution in https://github.com/aquasecurity/trivy-action/pull/289

Full Changelog: aquasecurity/trivy-action@0.15.0...0.16.0

v0.15.0

Compare Source

What's Changed

• feature(config): add terraform variable files by @​kderck in https://github.com/aquasecurity/trivy-action/pull/285

Full Changelog: aquasecurity/trivy-action@0.14.0...0.15.0

v0.14.0

Compare Source

What's Changed

• fix: set return code after each Trivy call by @​LiamMacP in https://github.com/aquasecurity/trivy-action/pull/247
• Update to trivy version 0.47.0 in Dockerfile by @​MPV in https://github.com/aquasecurity/trivy-action/pull/280
• feature: add filesystem alias by @​kderck in https://github.com/aquasecurity/trivy-action/pull/269

New Contributors

• @​LiamMacP made their first contribution in https://github.com/aquasecurity/trivy-action/pull/247
• @​MPV made their first contribution in https://github.com/aquasecurity/trivy-action/pull/280
• @​kderck made their first contribution in https://github.com/aquasecurity/trivy-action/pull/269

Full Changelog: aquasecurity/trivy-action@0.13.1...0.14.0

chgl/kube-powertools (ghcr.io/chgl/kube-powertools)

v2.2.30

Compare Source

Miscellaneous Chores

• deps: update all non-major dependencies (#​383) (6c08296)
• deps: update github-actions (#​386) (1f4884b)

v2.2.29

Compare Source

Miscellaneous Chores

• deps: update docker.io/nginxinc/nginx-unprivileged:1.25.3 docker digest to c31635e (9c8581e)

v2.2.28

Compare Source

Miscellaneous Chores

• deps: update github-actions (ef1fa6c)

v2.2.27

Compare Source

Miscellaneous Chores

• deps: update docker.io/nginxinc/nginx-unprivileged:1.25.3 docker digest to f67dc75 (ad4ba23)

v2.2.26

Compare Source

Miscellaneous Chores

• deps: update docker.io/nginxinc/nginx-unprivileged:1.25.3 docker digest to 1d026ae (7f36b62)

v2.2.25

Compare Source

Miscellaneous Chores

• deps: update docker.io/bitnami/kubectl:1.28.4 docker digest to 6485a92 (3c8a95e)

v2.2.24

Compare Source

Miscellaneous Chores

• deps: update all non-major dependencies (#​378) (07d64cd)

v2.2.23

Compare Source

Miscellaneous Chores

• deps: update docker.io/nginxinc/nginx-unprivileged:1.25.3 docker digest to a7ef461 (3a46fdb)

v2.2.22

Compare Source

Miscellaneous Chores

• config: migrate config .renovaterc.json (#​377) (2c3a6e6)
• deps: update github-actions (3a1c690)
• re-prettified renovate config (d966e0e)
• updated renovate config and readme cosign verification (f4c3bdb)

v2.2.21

Compare Source

Miscellaneous Chores

• deps: update all non-major dependencies (8e75664)

v2.2.20

Compare Source

Miscellaneous Chores

• deps: update all non-major dependencies (daf7830)

v2.2.19

Compare Source

Miscellaneous Chores

• deps: update docker.io/nginxinc/nginx-unprivileged:1.25.2 docker digest to 6ead800 (10f1d52)

v2.2.18

Compare Source

Miscellaneous Chores

• deps: update docker.io/bitnami/kubectl:1.28.3 docker digest to 0defec7 (fb79816)

v2.2.17

Compare Source

Miscellaneous Chores

• deps: update actions/checkout action to v4 (#​370) (fa0f904)
• deps: update all non-major dependencies (b2c20e4)

miracum/ig-build-tools (ghcr.io/miracum/ig-build-tools)

v2.0.16

Compare Source

Miscellaneous Chores

• deps: update github-actions (a9537ac)

v2.0.15

Compare Source

Miscellaneous Chores

• deps: update all non-major dependencies (f03567f)

v2.0.14

Compare Source

Miscellaneous Chores

• deps: update docker.io/library/eclipse-temurin:11-jre docker digest to cfba8df (0de71fa)

v2.0.13

Compare Source

Miscellaneous Chores

• deps: update docker.io/library/eclipse-temurin:11-jre docker digest to 4f82e75 (957896c)

v2.0.12

Compare Source

Miscellaneous Chores

• deps: update dependency hl7/fhir-ig-publisher to v1.5.2 (20183c2)

v2.0.11

Compare Source

Miscellaneous Chores

• deps: update actions/checkout action to v4 (#​116) (3238b13)
• deps: update github-actions (#​118) (8e15091)

v2.0.10

Compare Source

Miscellaneous Chores

• deps: update docker.io/library/eclipse-temurin:11-jre docker digest to 1d986f9 (21c8fb8)
• switch to standard workflow and update deps (#​121) (437c44e)

github/codeql-action (github/codeql-action)

v2.23.0

Compare Source

v2.22.12

Compare Source

v2.22.11

Compare Source

v2.22.10

Compare Source

v2.22.9

Compare Source

v2.22.8

Compare Source

v2.22.7

Compare Source

v2.22.6

Compare Source

google-github-actions/release-please-action (google-github-actions/release-please-action)

v3.7.13

Compare Source

Bug Fixes

• deps: bump dependency versions (#​849) (9108012)

lycheeverse/lychee-action (lycheeverse/lychee-action)

v1.9.1: Version 1.9.1

Compare Source

This is a hotfix release which restores the behavior of the accept config parameter.
Integers are accepted again as status codes.

accept = [200, 201, 202, 203, 429]

is equivalent to

accept = ["200..=203", 429]

Integers and strings (e.g. for ranges) can be mixed.

v1.9.0: Version 1.9.0

Compare Source

What's Changed

• Document the current directory for the cache argument example by @​theredfish in https://github.com/lycheeverse/lychee-action/pull/193
• Add *.rst glob pattern to defaults by @​kdeldycke in https://github.com/lycheeverse/lychee-action/pull/197
• Automatically pass Github token by @​mre in https://github.com/lycheeverse/lychee-action/pull/196
• Always create output file; not only on error by @​mre in https://github.com/lycheeverse/lychee-action/pull/199
• Bump actions/checkout from 3 to 4 by @​dependabot in https://github.com/lycheeverse/lychee-action/pull/208
• add documentation on using the param when testing local files (as in… by @​tgaff in https://github.com/lycheeverse/lychee-action/pull/211
• fix: Lychee output to file (fixes #​214) by @​LilDrunkenSmurf in https://github.com/lycheeverse/lychee-action/pull/215
• Add integration test for custom output paths (#​215) by @​mre in https://github.com/lycheeverse/lychee-action/pull/217
• Add integration tests for absolute output path and --dump by @​mre in https://github.com/lycheeverse/lychee-action/pull/218

New Contributors

• @​theredfish made their first contribution in https://github.com/lycheeverse/lychee-action/pull/193
• @​kdeldycke made their first contribution in https://github.com/lycheeverse/lychee-action/pull/197
• @​tgaff made their first contribution in https://github.com/lycheeverse/lychee-action/pull/211
• @​LilDrunkenSmurf made their first contribution in https://github.com/lycheeverse/lychee-action/pull/215

Full Changelog: lycheeverse/lychee-action@v1...v1.9.0

micalevisk/last-issue-action (micalevisk/last-issue-action)

v2.3.0

Compare Source

v2.2.1

Compare Source

v2.2.0

Compare Source

oxsecurity/megalinter (oxsecurity/megalinter)

v7.7.0

Compare Source

• Core

  • Update base java apk package to openjdk 17 by @​nvuillam in #​3160
  • Update dotnet linters to .NET 7 by @​bdovaz in #​2402

• Media

  • Try using MegaLinter (article in japanese) by Takashi Minayaga

• New linters

  • Add clang-format c & cpp formatting linter including "apply fix" support
  • Add Roslynator C# linter by @​bdovaz in #​3155

• Fixes

  • Call jscpd with --gitignore to ignore copy-pastes in files matching .gitignore
  • cpplint: Dynamically add the list of extensions from list of files in --extensions parameter
  • Fix mkdocs generation + CI control job by @​nvuillam in #​3135
  • Add semgrep ruleset to validation schema by @​wesley-dean-flexion in #​3164
  • Downgrade stylelint to avoid crash with not v16 compliant dependencies
  • Fix count of yaml-lint errors
  • Remove openssl reinstall, as base image has updated version from alpine 3.18.5 by @​echoix in #​3181

• CI

  • Add arguments to make use of pytest-xdist, by @​echoix

• Linter versions upgrades

  • ansible-lint from 6.22.0 to 6.22.1
  • bandit from 1.7.5 to 1.7.6
  • cfn-lint from 0.83.3 to 0.83.4
  • checkov from 3.0.39 to 3.1.25
  • checkstyle from 10.12.5 to 10.12.6
  • csharpier from 0.26.2 to 0.26.4
  • cspell from 8.0.0 to 8.1.3
  • dotnet-format from 6.0.417 to 7.0.114
  • eslint from 8.54.0 to 8.55.0
  • gitleaks from 8.18.0 to 8.18.1
  • isort from 5.12.0 to 5.13.0
  • lightning-flow-scanner from 2.15.0 to 2.16.0
  • luacheck from 1.1.1 to 1.1.2
  • markdown-table-formatter from 1.4.0 to 1.5.0
  • markdownlint from 0.37.0 to 0.38.0
  • mypy from 1.7.0 to 1.7.1
  • npm-groovy-lint from 12.1.0 to 13.0.2
  • phpcs from 3.7.2 to 3.8.0
  • phplint from 9.0.4 to 9.0.6
  • phpstan from 1.10.42 to 1.10.48
  • psalm from Psalm.5.15.0@​ to Psalm.5.17.0@​
  • puppet-lint from 4.2.1 to 4.2.3
  • pyright from 1.1.336 to 1.1.339
  • roslynator from 0.8.0.0 to 0.8.1.0
  • rubocop from 1.57.2 to 1.58.0
  • ruff from 0.1.6 to 0.1.7
  • secretlint from 7.1.0 to 8.0.0
  • semgrep from 1.50.0 to 1.52.0
  • sfdx-scanner-apex from 3.18.0 to 3.19.0
  • sfdx-scanner-aura from 3.18.0 to 3.19.0
  • sfdx-scanner-lwc from 3.18.0 to 3.19.0
  • syft from 0.97.1 to 0.98.0
  • terraform-fmt from 1.6.4 to 1.6.5
  • terragrunt from 0.53.4 to 0.54.0
  • trivy from 0.47.0 to 0.48.0
  • trufflehog from 3.63.0 to 3.63.2
  • vale from 2.29.7 to 2.30.0

v7.6.0

Compare Source

• Major enhancements

  • New flavor c_cpp: New flavor for pure C/C++ projects, by @​daltonv in #​3067
  • New flavor formatters: Contains only formatter linters, by @​nvuillam in #​3071
  • Add Salesforce Lightning Flow Scanner, by @​nvuillam in #​3092

• Core

  • Allow to use value any to always activate a linter who as a _DIRECTORY variable. Example: KUBERNETES_DIRECTORY: any, by @​nvuillam in #​3058
  • Update base Docker image to python:3.11.6-alpine3.18

• Fixes

  • Fix issue Gitleaks --no-git does not work anymore, #​2945, in #​3112
  • Fix way to install powershell on Alpine linux image
  • Fix issue with VS Code devcontainer not building #​3114
  • Fix Default Workflow to handle latest ActionLint rules, by @​nvuillam in #​3130
  • Write checkov SARIF report results_sarif.sarif in REPORT_FOLDER, by @​gmeligio in #​3121
  • Updated lintr config template to use linters_with_defaults() (formerly with_defaults())
  • Fix csharp installation dependencies, by @​nvuillam in #​3075
  • Fix powershell installation by @​nvuillam in #​3126

• Doc

  • Update lintr links to their current locations, by @​echoix in #​3122
  • Update Pylint links to their current locations, by @​echoix in #​3116
  • Add R2DevOps way to setup MegaLinter on Gitlab, by @​nvuillam in #​3129

• CI

  • Upgrade pymdown-extensions and markdown, by @​BryanQuigley in #​3053
  • Use docker/metadata-action for some internal CI, by @​echoix in #​3110
  • Call docker buildx prune instead of docker builder prune, by @​echoix in #​3127
  • Set schedule earlier for auto-update-linters.yml, allow manual runs, by @​echoix in #​3066
  • Add mike to dev/requirements.txt, by @​echoix in #​3070
  • Modernize dependabot.yml in correct directories, by @​echoix in #​3093
  • Fix devcontainer Dockerfile typo (fixes #​3114) by @​daltonv in #​3115

• Linter versions upgrades

  • ansible-lint from 6.21.1 to 6.22.0
  • bicep_linter from 0.22.6 to 0.23.1
  • black from 23.10.1 to 23.11.0
  • cfn-lint from 0.83.0 to 0.83.3
  • checkov from 3.0.12 to 3.0.39
  • checkstyle from 10.12.4 to 10.12.5
  • clippy from 0.1.73 to 0.1.74
  • csharpier from 0.25.0 to 0.26.2
  • cspell from 7.3.8 to 8.0.0
  • dotnet-format from 6.0.416 to 6.0.417
  • eslint from 8.52.0 to 8.54.0
  • golangci-lint from 1.55.1 to 1.55.2
  • kics from 1.7.10 to 1.7.11
  • kubeconform from 0.6.3 to 0.6.4
  • mypy from 1.6.1 to 1.7.0
  • npm-groovy-lint from 11.1.1 to 12.1.0
  • npm-package-json-lint from 7.0.0 to 7.1.0
  • phpstan from 1.10.39 to 1.10.42
  • powershell from 7.3.9 to 7.4.0
  • powershell_formatter from 7.3.9 to 7.4.0
  • prettier from 3.0.3 to 3.1.0
  • protolint from 0.46.2 to 0.46.3
  • pyright from 1.1.333 to 1.1.336
  • ruff from 0.1.3 to 0.1.6
  • secretlint from 7.0.7 to 7.1.0
  • semgrep from 1.46.0 to 1.50.0
  • sfdx-scanner-apex from 3.17.0 to 3.18.0
  • sfdx-scanner-aura from 3.17.0 to 3.18.0
  • sfdx-scanner-lwc from 3.17.0 to 3.18.0
  • swiftlint from 0.53.0 to 0.54.0
  • syft from 0.94.0 to 0.97.1
  • terraform-fmt from 1.6.2 to 1.6.4
  • terragrunt from 0.53.0 to 0.53.4
  • tflint from 0.48.0 to 0.49.0
  • trivy-sbom from 0.46.1 to 0.47.0
  • trivy from 0.46.1 to 0.47.0
  • trufflehog from 3.61.0 to 3.63.0
  • vale from 2.29.5 to 2.29.7
  • xmllint from 21104 to 21106
  • yamllint from 1.32.0 to 1.33.0

sigstore/cosign-installer (sigstore/cosign-installer)

v3.3.0

Compare Source

What's Changed

• Bump actions/setup-go from 4.1.0 to 5.0.0 by @​dependabot in https://github.com/sigstore/cosign-installer/pull/152
• update action to use latest cosign v2.2.2 by @​cpanato in https://github.com/sigstore/cosign-installer/pull/153

Full Changelog: sigstore/cosign-installer@v3.2.0...v3.3.0

v3.2.0

Compare Source

Note: This release comes with a fix for CVE-2023-46737 described in this Github Security Advisory. Please upgrade to this release ASAP

see https://github.com/sigstore/cosign/releases/tag/v2.2.1

What's Changed

• Support the runner context of gitea act by @​josedev-union in https://github.com/sigstore/cosign-installer/pull/147
• bump cosign to v2.2.1 by @​cpanato in https://github.com/sigstore/cosign-installer/pull/148
• test with latest go version by @​bobcallaway in https://github.com/sigstore/cosign-installer/pull/150

New Contributors

• @​josedev-union made their first contribution in https://github.com/sigstore/cosign-installer/pull/147

Full Changelog: sigstore/cosign-installer@v3...v3.2.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions]

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ ACTION	actionlint	18		0	0.4s
✅ BASH	bash-exec	4		0	0.09s
✅ BASH	shellcheck	1		0	0.04s
✅ BASH	shfmt	4		0	0.01s
✅ CSHARP	csharpier	1		0	1.66s
⚠️ CSHARP	dotnet-format	1		1	3.26s
⚠️ CSHARP	roslynator	1		1	15.96s
✅ CSS	stylelint	1		0	1.12s
✅ DOCKERFILE	hadolint	4		0	0.2s
✅ EDITORCONFIG	editorconfig-checker	374		0	3.57s
✅ ENV	dotenv-linter	1		0	0.0s
✅ GROOVY	npm-groovy-lint	7		0	12.38s
✅ HTML	djlint	2		0	0.88s
✅ HTML	htmlhint	2		0	0.39s
✅ JAVA	checkstyle	59		0	7.83s
✅ JSON	eslint-plugin-jsonc	29		0	6.82s
✅ JSON	jsonlint	29		0	0.36s
⚠️ JSON	prettier	29		1	5.52s
✅ JSON	v8r	29		0	66.53s
⚠️ MARKDOWN	markdownlint	22		132	1.71s
✅ PYTHON	bandit	1		0	1.05s
✅ PYTHON	black	1		0	0.61s
✅ PYTHON	flake8	1		0	0.55s
✅ PYTHON	isort	1		0	0.29s
✅ PYTHON	mypy	1		0	6.71s
✅ PYTHON	ruff	1		0	0.02s
✅ REPOSITORY	checkov	yes		no	30.05s
✅ REPOSITORY	gitleaks	yes		no	1.68s
✅ REPOSITORY	git_diff	yes		no	0.13s
✅ REPOSITORY	grype	yes		no	20.56s
✅ REPOSITORY	kics	yes		no	65.23s
✅ REPOSITORY	secretlint	yes		no	2.27s
✅ REPOSITORY	syft	yes		no	1.54s
✅ REPOSITORY	trivy	yes		no	20.42s
✅ REPOSITORY	trivy-sbom	yes		no	8.04s
✅ REPOSITORY	trufflehog	yes		no	7.39s
✅ SQL	sql-lint	2		0	0.88s
✅ XML	xmllint	3		0	0.01s
✅ YAML	prettier	109		0	3.03s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

• Click here to request the new flavor

MegaLinter is graciously provided by