ci(deps): bump the github-actions group with 3 updates

[dependabot]

Bumps the github-actions group with 3 updates: oxsecurity/megalinter, docker/metadata-action and philips-software/amp-devcontainer.

Updates oxsecurity/megalinter from 9.1.0 to 9.2.0

Release notes

Sourced from oxsecurity/megalinter's releases.

v9.2.0

What's Changed

• New linters

  • Salesforce Code Analyzer, by @​abdeslamads
    • SALESFORCE_CODE_ANALYZER_APEX
    • SALESFORCE_CODE_ANALYZER_AURA
    • SALESFORCE_CODE_ANALYZER_LWC

• Disabled linters

  • Reactivate checkov

• Deprecated linters

  • Deprecate terrascan as the project is discontinued. Will be completely removed in a future version.
  • SALESFORCE_SFDX_SCANNER_* linters have been deprecated and will be removed in a future version. (they are replaced by SALESFORCE_CODE_ANALYZER_* linters)

• Media

  • Looking for the best CI/CD Pipeline Linting Tool? Try MegaLinter!, by Seasoned Developer
  • (Brazilian) Qualidade e Segurança em Código com MegaLinter: automatizando análises em MAUI com GitHub Actions, by Canal dotNET

• Linters enhancements

  • Install dotenv-linter deterministically, by @​bdovaz in oxsecurity/megalinter#6385

• Fixes

  • #6544: Add GITHUB_TOKEN in docker build command for custom flavor
  • Hide warning when compiling a regex
  • Fix formatting in descriptor files to reduce changes in generated markdown, by @​echoix in oxsecurity/megalinter#6449

• Reporters

  • Add conversion from Jenkins variables to related Git based reporters variables

• Doc

  • Keep jsonschema html docs updated when using build.py --doc, by @​echoix in oxsecurity/megalinter#6447
  • Commit updated license info generated from build script by @​echoix in oxsecurity/megalinter#6448
  • Recreate docs/descriptors folder, delete old pages by @​echoix in oxsecurity/megalinter#6451

• Flavors

  • Add GITHUB_TOKEN in docker buildx build command for custom flavor, by @​davidfevre-gouv-nc in oxsecurity/megalinter#6545

• CI

  • Optimize performances of standalone linters releases
  • Renovate: Add langchain group for package updates, by @​echoix in oxsecurity/megalinter#6400
  • Refactor file handling in build.py to use pathlib for improved readability, by @​echoix in oxsecurity/megalinter#6450

• mega-linter-runner

  • Handle upgrade of stefanzweifel/git-auto-commit-action to v7

• Linter versions upgrades (53)

  • actionlint from 1.7.7 to 1.7.9
  • ansible-lint from 25.9.1 to 25.11.1

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

• Core

• New linters

  • Add codespell

• Disabled linters

• Deprecated linters

• Removed linters

• Media

• Linters enhancements

• Fixes

• Reporters

• Doc

• Flavors

• CI

  • Free disk space on GitHub actions runner when releasing a new flavor

• mega-linter-runner

• Linter versions upgrades (N)

  • dotnet-format from 9.0.111 to 9.0.112 on 2025-12-01
  • phplint from 9.6.2 to 9.6.3 on 2025-12-01
  • terragrunt from 0.93.10 to 0.93.11 on 2025-12-01
  • ruff-format from 0.14.6 to 0.14.7 on 2025-12-03
  • ruff from 0.14.6 to 0.14.7 on 2025-12-03
  • kics from 2.1.16 to 2.1.17 on 2025-12-03
  • pylint from 4.0.3 to 4.0.4 on 2025-12-04
  • stylelint from 16.26.0 to 16.26.1 on 2025-12-04
  • trufflehog from 3.91.1 to 3.91.2 on 2025-12-04

... (truncated)

Commits

• 55a59b2 Release MegaLinter v9.2.0
• c94f8c8 prep release
• bca0a38 chore(deps): update dependency rubocop-rails to v2.34.2 (#6648)
• 8d505bf [automation] Auto-update linters version, help and documentation (#6659)
• a7d0161 Add conversion from Jenkins variables to related Git provider variables (#6658)
• 663b45a chore(deps): update mstruebing/editorconfig-checker docker tag to v3.6.0 (#6652)
• 64fbcca chore(deps): update docker/metadata-action action to v5.10.0 (#6651)
• b2f3c63 Hides regex compilation warning (#6657)
• 0eac80b chore(deps): update zricethezav/gitleaks docker tag to v8.30.0 (#6653)
• d1fdceb CI: Optimize standalone linters release perfs (#6656)
• Additional commits viewable in compare view

Updates docker/metadata-action from 5.9.0 to 5.10.0

Release notes

Sourced from docker/metadata-action's releases.

v5.10.0

• Bump @​docker/actions-toolkit from 0.66.0 to 0.68.0 in docker/metadata-action#559 docker/metadata-action#569
• Bump js-yaml from 3.14.1 to 3.14.2 in docker/metadata-action#564

Full Changelog: docker/metadata-action@v5.9.0...v5.10.0

Commits

• c299e40 Merge pull request #569 from docker/dependabot/npm_and_yarn/docker/actions-to...
• f015d79 chore: update generated content
• 121bcc2 chore(deps): Bump @​docker/actions-toolkit from 0.67.0 to 0.68.0
• f7b6bf4 Merge pull request #564 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
• 0b95c6b Merge pull request #565 from docker/dependabot/github_actions/actions/checkout-6
• 17f70d7 Merge pull request #568 from motoki317/docs/fix-to-24h-schedule-pattern
• afd7e6d docs(README): Fix date format from 12h to 24h in schedule pattern
• 602aff8 chore(deps): Bump actions/checkout from 5 to 6
• aecb1a4 chore(deps): Bump js-yaml from 3.14.1 to 3.14.2
• 8d8c7c1 Merge pull request #559 from docker/dependabot/npm_and_yarn/docker/actions-to...
• Additional commits viewable in compare view

Updates philips-software/amp-devcontainer from 6.5.3 to 6.6.1

Release notes

Sourced from philips-software/amp-devcontainer's releases.

v6.6.1

6.6.1 (2025-11-25)

📋 Summary

This release contains an update to the Ubuntu base image. And it contains a fix for an issue in amp-devcontainer-cpp, where the clangd configuration was not properly loaded on container start as the compile-commands folder did not exist yet, leading to missing features in the editor. Next to that several extensions have been updated.

🔖 Packages

Container	Full identifier
amp-devcontainer-cpp	ghcr.io/philips-software/amp-devcontainer-cpp:v6.6.1@sha256:9ba2d20db24a646edd6ea7a8a075e76239ce63d1542cc823242e680901e792f9
amp-devcontainer-rust	ghcr.io/philips-software/amp-devcontainer-rust:v6.6.1@sha256:f170c7e499626d626efadf44247bd3e029b72a226e803e5ff78105f1e670a826

Bug Fixes

• cpp: Pre-create .amp directory to allow clangd to find it (#1025) (533d040)

Chores

• deps: Bump ubuntu from 66460d5 to c35e29c in amp-devcontainer-cpp (#1023) (e5cabe2) and amp-devcontainer-rust (#1024) (964d3e3)
• deps, rust: Update rust-lang.rust-analyzer in devcontainer-metadata.json (#1018) (652ab13)
• deps, cpp: Update github.vscode-github-actions, github.vscode-pull-request-github, ms-playwright.playwright in devcontainer.json (#1017) (63d431a)
• deps, rust: Update github.vscode-github-actions, github.vscode-pull-request-github, rust-lang.rust-analyzer in devcontainer.json (#1019) (4ae17ec)

v6.6.0

6.6.0 (2025-11-18)

📋 Summary

[!NOTE] Clang/LLVM version

This release of amp-devcontainer is based upon Clang/LLVM 19.

This release contains major updates to amp-devcontainer-cpp and amp-devcontainer-rust. Clang/LLVM has been updated to version 19, Conan has been updated to 2.22.2. Rust is updated to version 1.91.1.

Dev Container templates have been added to make consuming amp-devcontainer even easier.

🔖 Packages

Container	Full identifier
amp-devcontainer-cpp	ghcr.io/philips-software/amp-devcontainer-cpp:v6.6.0@sha256:3f65569a719ca9b2d996222bcdce3dfe9797903ba4c3aafff364fa6fe9ca114d
amp-devcontainer-rust	ghcr.io/philips-software/amp-devcontainer-rust:v6.6.0@sha256:825da1a2260535d22a39aa46980624379f12a376a0a853438eb8440fac42dea8

Features

• Add devcontainer templates (#1010) (6b53395)

... (truncated)

Changelog

Sourced from philips-software/amp-devcontainer's changelog.

CHANGELOG

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

6.6.1 (2025-11-25)

Bug Fixes

• cpp: Pre-create .amp directory to allow clangd to find it (#1025) (533d040)

Chores

• deps, cpp: Update github.vscode-github-actions, github.vscode-pull-request-github, ms-playwright.playwright in devcontainer.json (#1017) (63d431a)
• deps, rust: Update github.vscode-github-actions, github.vscode-pull-request-github, rust-lang.rust-analyzer in devcontainer.json (#1019) (4ae17ec)
• deps, rust: Update rust-lang.rust-analyzer in devcontainer-metadata.json (#1018) (652ab13)
• deps: Bump ubuntu from 66460d5 to c35e29c in /.devcontainer/cpp (#1023) (e5cabe2)
• deps: Bump ubuntu from 66460d5 to c35e29c in /.devcontainer/rust (#1024) (964d3e3)
• deps: Bump ubuntu in /.devcontainer/cpp (e5cabe2)
• deps: Bump ubuntu in /.devcontainer/rust (964d3e3)

6.6.0 (2025-11-18)

Features

• Add devcontainer templates (#1010) (6b53395)
• Update rust to 1.91.1 and update dependencies (#1009) (a686b74)
• Update to clang/LLVM 19 (#988) (db0c8b6)

Chores

• deps, cpp: Update github.vscode-pull-request-github, sonarsource.sonarlint-vscode in devcontainer.json (#1003) (ff427c9)
• deps, cpp: Update github.vscode-pull-request-github, sonarsource.sonarlint-vscode in devcontainer.json (#1012) (ac78660)
• deps, cpp: Update sonarsource.sonarlint-vscode in devcontainer-metadata.json (#1000) (3e75d08)
• deps, cpp: Update sonarsource.sonarlint-vscode in devcontainer-metadata.json (#1011) (087ab13)
• deps, rust: Update github.vscode-pull-request-github, rust-lang.rust-analyzer, sonarsource.sonarlint-vscode in devcontainer.json (#1002) (bff578e)
• deps, rust: Update github.vscode-pull-request-github, rust-lang.rust-analyzer, sonarsource.sonarlint-vscode in devcontainer.json (#1013) (37e7c95)
• deps, rust: Update rust-lang.rust-analyzer in devcontainer-metadata.json (#1001) (29b2290)
• deps, rust: Update rust-lang.rust-analyzer in devcontainer-metadata.json (#1004) (58e442c)
• deps, rust: Update rust-lang.rust-analyzer in devcontainer-metadata.json (#1014) (72e027d)
• deps, rust: Update rust-lang.rust-analyzer in devcontainer.json (#1005) (ebe4ca0)
• deps: Bump conan from 2.21.0 to 2.22.1 in /.devcontainer (#1006) (2f44c35)
• deps: Bump conan from 2.22.1 to 2.22.2 in /.devcontainer (#1015) (1de5fd2)

6.5.3 (2025-10-27)

... (truncated)

Commits

• 0d202a6 chore(main): release 6.6.1 (#1020)
• 533d040 fix(cpp): pre-create .amp directory to allow clangd to find it (#1025)
• e5cabe2 chore(deps): bump ubuntu from 66460d5 to c35e29c in /.devcontainer/cpp (#...
• 964d3e3 chore(deps): bump ubuntu from 66460d5 to c35e29c in /.devcontainer/rust (...
• 975fda5 test(deps): bump the npm group with 2 updates (#1022)
• 08c518b ci(deps): bump the github-actions group with 2 updates (#1021)
• 652ab13 chore(deps, rust): update rust-lang.rust-analyzer in devcontainer-metadata.js...
• 4ae17ec chore(deps, rust): update github.vscode-github-actions, github.vscode-pull-re...
• 63d431a chore(deps, cpp): update github.vscode-github-actions, github.vscode-pull-req...
• 25ceea2 chore(main): release 6.6.0 (#999)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	20		0	0	0.58s
✅ DOCKERFILE	hadolint	2		0	0	0.79s
✅ GHERKIN	gherkin-lint	6		0	0	2.34s
✅ JSON	npm-package-json-lint	yes		no	no	0.48s
✅ JSON	prettier	19	4	0	0	0.65s
✅ JSON	v8r	19		0	0	6.79s
✅ MARKDOWN	markdownlint	11	0	0	0	0.96s
✅ MARKDOWN	markdown-table-formatter	11	0	0	0	0.29s
✅ REPOSITORY	checkov	yes		no	no	18.37s
✅ REPOSITORY	gitleaks	yes		no	no	0.51s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	28.06s
✅ REPOSITORY	secretlint	yes		no	no	1.02s
✅ REPOSITORY	syft	yes		no	no	1.95s
✅ REPOSITORY	trivy	yes		no	no	7.54s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.24s
✅ REPOSITORY	trufflehog	yes		no	no	2.22s
⚠️ SPELL	lychee	77		2	0	11.63s
✅ YAML	prettier	28	0	0	0	1.05s
✅ YAML	v8r	28		0	0	8.17s
✅ YAML	yamllint	28		0	0	0.9s

Detailed Issues

⚠️ SPELL / lychee - 2 errors

[IGNORED] docker://pandoc/extra:3.7.0@sha256:a703d335fa237f8fc3303329d87e2555dca5187930da38bfa9010fa4e690933a | Unsupported: Error creating request client: builder error for url (docker://pandoc/extra:3.7.0@sha256:a703d335fa237f8fc3303329d87e2555dca5187930da38bfa9010fa4e690933a)
[ERROR] https://www.sigstore.dev/ | Network error: error sending request for url (https://www.sigstore.dev/) Maybe a certificate error?
[ERROR] https://docs.sigstore.dev/cosign/verifying/verify/ | Network error: error sending request for url (https://docs.sigstore.dev/cosign/verifying/verify/) Maybe a certificate error?
[IGNORED] https://vscode.dev/redirect?url=vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer | Unsupported: Error creating request client: builder error for url (vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer)
📝 Summary
---------------------
🔍 Total..........126
✅ Successful.....122
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........0
❓ Unknown..........0
🚫 Errors...........2

Errors in README.md
[ERROR] https://docs.sigstore.dev/cosign/verifying/verify/ | Network error: error sending request for url (https://docs.sigstore.dev/cosign/verifying/verify/) Maybe a certificate error?
[ERROR] https://www.sigstore.dev/ | Network error: error sending request for url (https://www.sigstore.dev/) Maybe a certificate error?

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.2.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,DOCKERFILE_HADOLINT,GHERKIN_GHERKIN_LINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-rust:edge ➔ ghcr.io/philips-software/amp-devcontainer-rust:pr-1040

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	545.87 MB	545.86 MB	1.65 kB (0%)	🔽
linux/arm64	500.48 MB	500.48 MB	2.54 kB (0%)	🔽

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-cpp:edge ➔ ghcr.io/philips-software/amp-devcontainer-cpp:pr-1040

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	681.04 MB	681.04 MB	6 B (0%)	🔽
linux/arm64	662.79 MB	662.79 MB	194 B (0%)	🔽

[github-actions]

Test Results

 5 files  ±0   5 suites  ±0   3m 41s ⏱️ +5s
32 tests ±0  32 ✅ ±0  0 💤 ±0  0 ❌ ±0 
67 runs  ±0  67 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit ba79bd7. ± Comparison against base commit 3bad158.

♻️ This comment has been updated with latest results.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Pull Request Report (#1040)

Static measures

Description	Value
Number of added lines	4
Number of deleted lines	4
Number of changed files	2
Number of commits	2
Number of reviews	1
Number of comments (w/o review comments)	5
Number of reviews that contains a comment to resolve	0
Number of reviews that requested a change from the author	0
Number of reviews that approved the Pull Request	1
Get the total number of participants of a Pull Request	5

Time related measures

Description	Value
PR lead time (from creation to close of PR)	1.3 Hours
Time that was spend on the branch before the PR was created	1 Sec
Time that was spend on the branch before the PR was merged	1.3 Hours
Time to merge after last review	13.8 Min

Status check related measures

Description	Value
Total runtime for last status check run (Workflow for PR)	40.9 Min
Total time spend in last status check run on PR	16.1 Min

[github-actions]

🎉 Hooray! The changes in this pull request went live with the release of v6.6.2 🎉