chore(deps): update actions/dependency-review-action action to v5 by renovate[bot] · Pull Request #245 · chgl/.github

renovate · 2026-05-18T00:32:26Z

This PR contains the following updates:

Package	Type	Update	Change
actions/dependency-review-action	action	major	`v4.9.0` → `v5.0.0`

Release Notes

actions/dependency-review-action (actions/dependency-review-action)

`v5.0.0`: 5.0.0

Compare Source

This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.

What's Changed

Add .github/copilot-instructions.md for Copilot coding agent by @ahpook in #1067
Update Node.js runtime from 20 to 24 by @scottschreckengaust in #1084
Bump spdx-license-ids from 3.0.20 to 3.0.23 by @mongolyy in #1091
docs: bump actions/checkout from v4 to v6 in workflow examples by @Marukome0743 in #1077
fix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by @tspascoal in #1076
Resolve security findings by @AshelyTC in #1094
v5.0.0 release branch by @ahpook in #1098

New Contributors

@scottschreckengaust made their first contribution in #1084
@mongolyy made their first contribution in #1091
@Marukome0743 made their first contribution in #1077

Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0

Configuration

📅 Schedule: (UTC)

Branch creation
- Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2026-05-18T00:33:18Z

Trivy image scan report

`ghcr.io/chgl/github-reusable-workflow-without-test-image:pr-245 (debian 13.4)`

16 known vulnerabilities found (CRITICAL: 0 HIGH: 3 MEDIUM: 13 LOW: 0)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`libc-bin`	CVE-2026-4046	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libc-bin`	CVE-2026-4437	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libc-bin`	CVE-2026-4438	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libc6`	CVE-2026-4046	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libc6`	CVE-2026-4437	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libc6`	CVE-2026-4438	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libcap2`	CVE-2026-4878	HIGH	1:2.75-10+b8	1:2.75-10+deb13u1
`libsystemd0`	CVE-2026-29111	HIGH	257.9-1~deb13u1	257.13-1~deb13u1
`libsystemd0`	CVE-2026-40225	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`libsystemd0`	CVE-2026-40226	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`libsystemd0`	CVE-2026-4105	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`libudev1`	CVE-2026-29111	HIGH	257.9-1~deb13u1	257.13-1~deb13u1
`libudev1`	CVE-2026-40225	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`libudev1`	CVE-2026-40226	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`libudev1`	CVE-2026-4105	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`sed`	CVE-2026-5958	MEDIUM	4.9-2	4.9-2+deb13u1

No Misconfigurations found

`Python`

1 known vulnerabilities found (HIGH: 0 MEDIUM: 1 LOW: 0 CRITICAL: 0)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`pip`	CVE-2026-6357	MEDIUM	26.0.1	26.1

No Misconfigurations found

github-actions · 2026-05-18T00:33:32Z

Trivy image scan report

`ghcr.io/chgl/github-reusable-workflow:pr-245 (debian 13.4)`

16 known vulnerabilities found (CRITICAL: 0 HIGH: 3 MEDIUM: 13 LOW: 0)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`libc-bin`	CVE-2026-4046	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libc-bin`	CVE-2026-4437	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libc-bin`	CVE-2026-4438	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libc6`	CVE-2026-4046	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libc6`	CVE-2026-4437	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libc6`	CVE-2026-4438	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libcap2`	CVE-2026-4878	HIGH	1:2.75-10+b8	1:2.75-10+deb13u1
`libsystemd0`	CVE-2026-29111	HIGH	257.9-1~deb13u1	257.13-1~deb13u1
`libsystemd0`	CVE-2026-40225	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`libsystemd0`	CVE-2026-40226	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`libsystemd0`	CVE-2026-4105	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`libudev1`	CVE-2026-29111	HIGH	257.9-1~deb13u1	257.13-1~deb13u1
`libudev1`	CVE-2026-40225	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`libudev1`	CVE-2026-40226	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`libudev1`	CVE-2026-4105	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`sed`	CVE-2026-5958	MEDIUM	4.9-2	4.9-2+deb13u1

No Misconfigurations found

`Python`

1 known vulnerabilities found (CRITICAL: 0 HIGH: 0 MEDIUM: 1 LOW: 0)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`pip`	CVE-2026-6357	MEDIUM	26.0.1	26.1

No Misconfigurations found

github-actions · 2026-05-18T00:33:36Z

Trivy image scan report

`ghcr.io/chgl/github-reusable-workflow-with-fixed-image-tags:v1.2.3-beta.123 (debian 13.4)`

16 known vulnerabilities found (CRITICAL: 0 HIGH: 3 MEDIUM: 13 LOW: 0)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`libc-bin`	CVE-2026-4046	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libc-bin`	CVE-2026-4437	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libc-bin`	CVE-2026-4438	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libc6`	CVE-2026-4046	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libc6`	CVE-2026-4437	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libc6`	CVE-2026-4438	MEDIUM	2.41-12+deb13u2	2.41-12+deb13u3
`libcap2`	CVE-2026-4878	HIGH	1:2.75-10+b8	1:2.75-10+deb13u1
`libsystemd0`	CVE-2026-29111	HIGH	257.9-1~deb13u1	257.13-1~deb13u1
`libsystemd0`	CVE-2026-40225	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`libsystemd0`	CVE-2026-40226	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`libsystemd0`	CVE-2026-4105	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`libudev1`	CVE-2026-29111	HIGH	257.9-1~deb13u1	257.13-1~deb13u1
`libudev1`	CVE-2026-40225	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`libudev1`	CVE-2026-40226	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`libudev1`	CVE-2026-4105	MEDIUM	257.9-1~deb13u1	257.13-1~deb13u1
`sed`	CVE-2026-5958	MEDIUM	4.9-2	4.9-2+deb13u1

No Misconfigurations found

`Python`

1 known vulnerabilities found (CRITICAL: 0 HIGH: 0 MEDIUM: 1 LOW: 0)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`pip`	CVE-2026-6357	MEDIUM	26.0.1	26.1

No Misconfigurations found

github-actions · 2026-05-18T00:36:39Z

✅MegaLinter analysis: Success

Descriptor	Linter	Files	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	4	0	0	0.09s
✅ COPYPASTE	jscpd	yes	no	no	1.35s
✅ DOCKERFILE	hadolint	1	0	0	0.06s
✅ JSON	jsonlint	3	0	0	0.3s
✅ JSON	prettier	3	0	0	0.55s
✅ JSON	v8r	3	0	0	2.78s
✅ MARKDOWN	markdownlint	1	0	0	0.57s
✅ MARKDOWN	markdown-table-formatter	1	0	0	0.24s
✅ PYTHON	bandit	1	0	0	2.44s
✅ PYTHON	black	1	0	0	0.89s
✅ PYTHON	flake8	1	0	0	0.57s
✅ PYTHON	isort	1	0	0	0.23s
✅ PYTHON	mypy	1	0	0	3.22s
✅ PYTHON	pylint	1	0	0	3.5s
✅ PYTHON	pyright	1	0	0	1.91s
✅ PYTHON	ruff	1	0	0	0.03s
✅ REPOSITORY	checkov	yes	no	no	24.11s
✅ REPOSITORY	dustilock	yes	no	no	0.02s
✅ REPOSITORY	gitleaks	yes	no	no	0.27s
✅ REPOSITORY	git_diff	yes	no	no	0.01s
✅ REPOSITORY	grype	yes	no	no	49.75s
✅ REPOSITORY	kics	yes	no	no	3.64s
✅ REPOSITORY	kingfisher	yes	no	no	5.05s
✅ REPOSITORY	secretlint	yes	no	no	1.3s
✅ REPOSITORY	syft	yes	no	no	2.13s
✅ REPOSITORY	trivy	yes	no	no	10.0s
✅ REPOSITORY	trivy-sbom	yes	no	no	0.14s
✅ REPOSITORY	trufflehog	yes	no	no	3.85s
✅ YAML	prettier	6	0	0	0.78s
✅ YAML	v8r	6	0	0	6.7s
✅ YAML	yamllint	6	0	0	0.54s

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

Documentation: Custom Flavors
Command: npx mega-linter-runner@9.4.0 --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,COPYPASTE_JSCPD,DOCKERFILE_HADOLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_DUSTILOCK,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_KICS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,REPOSITORY_KINGFISHER,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository

chore(deps): update actions/dependency-review-action action to v5

db30754

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update actions/dependency-review-action action to v5#245

chore(deps): update actions/dependency-review-action action to v5#245
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/actions-dependency-review-action-5.x

renovate Bot commented May 18, 2026

Uh oh!

github-actions Bot commented May 18, 2026

Uh oh!

github-actions Bot commented May 18, 2026

Uh oh!

github-actions Bot commented May 18, 2026

Uh oh!

github-actions Bot commented May 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate Bot commented May 18, 2026

Release Notes

v5.0.0: 5.0.0

What's Changed

New Contributors

Configuration

Uh oh!

github-actions Bot commented May 18, 2026

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow-without-test-image:pr-245 (debian 13.4)

16 known vulnerabilities found (CRITICAL: 0 HIGH: 3 MEDIUM: 13 LOW: 0)

No Misconfigurations found

Python

1 known vulnerabilities found (HIGH: 0 MEDIUM: 1 LOW: 0 CRITICAL: 0)

No Misconfigurations found

Uh oh!

github-actions Bot commented May 18, 2026

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow:pr-245 (debian 13.4)

16 known vulnerabilities found (CRITICAL: 0 HIGH: 3 MEDIUM: 13 LOW: 0)

No Misconfigurations found

Python

1 known vulnerabilities found (CRITICAL: 0 HIGH: 0 MEDIUM: 1 LOW: 0)

No Misconfigurations found

Uh oh!

github-actions Bot commented May 18, 2026

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow-with-fixed-image-tags:v1.2.3-beta.123 (debian 13.4)

16 known vulnerabilities found (CRITICAL: 0 HIGH: 3 MEDIUM: 13 LOW: 0)

No Misconfigurations found

Python

1 known vulnerabilities found (CRITICAL: 0 HIGH: 0 MEDIUM: 1 LOW: 0)

No Misconfigurations found

Uh oh!

github-actions Bot commented May 18, 2026

✅MegaLinter analysis: Success

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

`v5.0.0`: 5.0.0

`ghcr.io/chgl/github-reusable-workflow-without-test-image:pr-245 (debian 13.4)`

`Python`

`ghcr.io/chgl/github-reusable-workflow:pr-245 (debian 13.4)`

`Python`

`ghcr.io/chgl/github-reusable-workflow-with-fixed-image-tags:v1.2.3-beta.123 (debian 13.4)`

`Python`