chore(deps): update github-actions

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	minor	v3.4.0 -> v3.5.0
actions/checkout	action	digest	24cb908 -> 8f4b7f8
actions/setup-java	action	digest	3f07048 -> 5ffc13f
ghcr.io/chgl/kube-powertools	container	patch	v1.22.16 -> v1.22.17
github/codeql-action	action	patch	v2.2.7 -> v2.2.9
github/codeql-action	action	digest	168b99b -> 04df126
google-github-actions/release-please-action	action	patch	v3.7.5 -> v3.7.6
ossf/scorecard-action	action	patch	v2.1.2 -> v2.1.3
oxsecurity/megalinter	action	minor	v6.20.1 -> v6.22.1

---

Release Notes

actions/checkout

v3.5.0

Compare Source

What's Changed

• Add new public key for known_hosts by @​cdb in https://github.com/actions/checkout/pull/1237

New Contributors

• @​cdb made their first contribution in https://github.com/actions/checkout/pull/1237

Full Changelog: actions/checkout@v3.4.0...v3.5.0

chgl/kube-powertools

v1.22.17

Compare Source

Miscellaneous Chores

• deps: update all non-major dependencies (ae7559f)

github/codeql-action

v2.2.9

Compare Source

v2.2.8

Compare Source

google-github-actions/release-please-action

v3.7.6

Compare Source

Bug Fixes

• bump release-please from 15.8.1 to 15.9.1 (#​738) (9997fc9)

ossf/scorecard-action

v2.1.3

Compare Source

What's Changed

• 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1111

Bug Fixes

• Invalid SARIF files from a bug in scorecard
  • #​1076, #​1094
• Vulnerabilities check crashes if a vulnerable dependency is found via OSVScanner
  • #​1092
• Scorecard action not reporting binary artifacts in the repo
  • #​1116

Full Scorecard Changelog: ossf/scorecard@v4.10.2...v4.10.5

Full Changelog: ossf/scorecard-action@v2.1.2...v2.1.3

oxsecurity/megalinter

v6.22.1

Compare Source

• Core

  • Changed vars in AzureCommentReporter to reflects official Azure DevOps naming convention + fallback to keep backward compatibility, see #​2509
  • Update AzureCommentReport to have only one MegaLinter thread instead of a new one for each run of MegaLinter

• Documentation

  • Updated usage scenario for Azure DevOps, see #​2509

• Linter versions upgrades

  • checkov from 2.3.141 to 2.3.145
  • phpstan from 1.10.9 to 1.10.10
  • rstfmt from 0.0.12 to 0.0.13

v6.22.0

Compare Source

• New linters

  • Add ruff, by @​lars-reimann in #​2458

• Linter enhancements & fixes

  • Pin markdown-link-check to 3.10.3 until tcort/markdown-link-check#​246 is fixed, by @​Kurt-von-Laven (#​2498).

• Core

  • Fix MegaLinter doc version & url displayed in logs, by @​nvuillam in #​2485

  • Use megalinter-bot to create apply fixes commits, by @​lars-reimann, @​nvuillam and @​megalinter-bot :)

    • If you are an existing user of MegaLinter, you must update your github actions workflows to add the following parameters to stefanzweifel/git-auto-commit-action@v4 :

    commit_user_name: megalinter-bot
    commit_user_email: [email protected]

    • You can also use any github username and email you like :)

• Documentation

  • Close parentheses in ci_light flavour doc by @​moverperfect in #​2494

• Linter versions upgrades

  • black from 23.1.0 to 23.3.0
  • cfn-lint from 0.75.1 to 0.76.1
  • checkov from 2.3.120 to 2.3.141
  • eslint from 8.36.0 to 8.37.0
  • kics from 1.6.12 to 1.6.13
  • markdown-link-check from 3.11.0 to 3.10.3
  • phpstan from 1.10.8 to 1.10.9
  • psalm from Psalm.5.8.0@​ to Psalm.5.9.0@​
  • pyright from 1.1.300 to 1.1.301
  • ruff from 0.0.255 to 0.0.260
  • semgrep from 1.15.0 to 1.16.0
  • sfdx-scanner-apex from 3.10.0 to 3.11.0
  • sfdx-scanner-aura from 3.10.0 to 3.11.0
  • sfdx-scanner-lwc from 3.10.0 to 3.11.0
  • stylelint from 15.3.0 to 15.4.0
  • swiftlint from 0.50.3 to 0.51.0
  • syft from 0.75.0 to 0.76.0
  • terraform-fmt from 1.4.2 to 1.4.4
  • trivy from 0.38.3 to 0.39.0

v6.21.0

Compare Source

• New linters
  • Add helm lint, by @​ThomasSanson in #​2386

• Medias
  • Video: Code quality - Ep01 - MegaLinter, one linter to rule them all, by @​devpro
  • Video: DevSecOps Webinar using MegaLinter, by 5.15 Technologies
  • Video: (FR) Coding Tech - L'importance de la CI/CD dans le développement de logiciels, by @​GridexX from R2DevOps
  • Article: (FR) MegaLinter, votre meilleur ami pour un code de qualité, by @​ThomasSanson

• Linter enhancements & fixes

  • phpcs: Add regex in descriptor to be able to extract the number of found errors, by @​nvuillam in #​2453
  • Replace babel-eslint with @​babel/eslint-parser, by @​bdovaz in #​2445
  • Use docker image to install phpstan, by @​nvuillam in #​2469
  • Avoid cspell error on readonly workspaces, by @​nvuillam in #​2474
  • Allow bandit to use pyproject.toml, by @​nvuillam in #​2475
  • Bring back stylelint-config-sass-guidelines package, by @​nvuillam in #​2477
  • Display only errors in markdown-link-check logs for better readability, by @​nvuillam in #​2479

• Core

  • Run CI linter jobs only on Pull requests to avoid doubling jobs

• Documentation

  • mega-linter-runner: doc fix for env list of values, see #​2448, by @​DariuszPorowski in #​2449

• Linter versions upgrades

  • ansible-lint from 6.14.1 to 6.14.3
  • bandit from 1.7.4 to 1.7.5
  • cfn-lint from 0.74.1 to 0.75.1
  • checkov from 2.3.70 to 2.3.120
  • checkstyle from 10.8.0 to 10.9.3
  • clippy from 0.1.67 to 0.1.68
  • clj-kondo from 2023.02.17 to 2023.03.17
  • cspell from 6.28.0 to 6.31.1
  • dotnet-format from 6.0.406 to 6.0.407
  • eslint-plugin-jsonc from 2.6.0 to 2.7.0
  • eslint from 8.35.0 to 8.36.0
  • gitleaks from 8.16.0 to 8.16.1
  • jscpd from 3.5.3 to 3.5.4
  • jsonlint from 14.0.1 to 14.0.2
  • kics from 1.6.11 to 1.6.12
  • markdown-link-check from 3.10.3 to 3.11.0
  • phpstan from 1.10.5 to 1.10.8
  • prettier from 2.8.4 to 2.8.7
  • psalm from Psalm.5.7.7@​ to Psalm.5.8.0@​
  • pylint from 2.16.4 to 2.17.1
  • pyright from 1.1.296 to 1.1.300
  • revive from 1.2.5 to 1.3.1
  • rstcheck from 6.1.1 to 6.1.2
  • rubocop from 1.48.0 to 1.48.1
  • semgrep from 1.14.0 to 1.15.0
  • snakefmt from 0.8.1 to 0.8.3
  • snakemake from 7.24.0 to 7.25.0
  • sqlfluff from 1.4.5 to 2.0.2
  • stylelint from 15.2.0 to 15.3.0
  • syft from 0.74.0 to 0.75.0
  • terraform-fmt from 1.3.9 to 1.4.2
  • terragrunt from 0.44.4 to 0.45.0
  • trivy from 0.38.1 to 0.38.3
  • v8r from 0.14.0 to 1.0.0
  • yamllint from 1.29.0 to 1.30.0

---

Configuration

📅 Schedule: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ ACTION	actionlint	16		0	0.26s
✅ EDITORCONFIG	editorconfig-checker	17		0	0.06s
✅ REPOSITORY	checkov	yes		no	25.7s
✅ REPOSITORY	gitleaks	yes		no	0.91s
✅ REPOSITORY	git_diff	yes		no	0.11s
✅ REPOSITORY	secretlint	yes		no	1.94s
✅ REPOSITORY	syft	yes		no	1.03s
✅ REPOSITORY	trivy	yes		no	20.67s
✅ SPELL	misspell	17		0	0.04s
✅ YAML	prettier	17		0	0.98s
✅ YAML	v8r	17		0	5.97s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.