fix(gha)(deps): bump the github-actions group with 22 updates #1004

dependabot · 2024-10-28T11:05:40Z

Bumps the github-actions group with 22 updates:

Package	From	To
actions/checkout	`3`	`4`
codacy/codacy-analysis-cli-action	`4.4.1`	`4.4.5`
github/codeql-action	`2`	`3`
actions/cache	`1`	`4`
jurplel/install-qt-action	`2`	`4`
wagoid/commitlint-github-action	`6.0.1`	`6.1.2`
microsoft/security-devops-action	`1.10.0`	`1.11.0`
dependabot/fetch-metadata	`2.1.0`	`2.2.0`
actions/dependency-review-action	`4.3.2`	`4.3.5`
docker/build-push-action	`5`	`6`
eps1lon/actions-label-merge-conflict	`3.0.1`	`3.0.2`
codelytv/pr-size-labeler	`1.10.0`	`1.10.1`
oxsecurity/megalinter	`7.13.0`	`8.1.0`
actions/upload-artifact	`4.3.3`	`4.4.3`
peter-evans/create-pull-request	`6.1.0`	`7.0.5`
withastro/action	`2.0.0`	`3.0.0`
actions/configure-pages	`4.0.0`	`5.0.0`
fsfe/reuse-action	`3.0.0`	`4.0.0`
ossf/scorecard-action	`2.3.3`	`2.4.0`
check-spelling/check-spelling	`0.0.22`	`0.0.23`
yokawasa/action-sqlcheck	`1.3.0`	`1.5.0`
DoozyX/clang-format-lint-action	`0.13`	`0.18`

Updates actions/checkout from 3 to 4

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

Update default runtime to node20 by @takost in actions/checkout#1436

Support fetching without the --progress option by @simonbaird in actions/checkout#1067

Release 4.0.0 by @takost in actions/checkout#1447

New Contributors

@takost made their first contribution in actions/checkout#1436

@simonbaird made their first contribution in actions/checkout#1067

Full Changelog: actions/checkout@v3...v4.0.0

v3.6.0

What's Changed

Mark test scripts with Bash'isms to be run via Bash by @dscho in actions/checkout#1377

Add option to fetch tags even if fetch-depth > 0 by @RobertWieczoreck in actions/checkout#579

Release 3.6.0 by @luketomlinson in actions/checkout#1437

New Contributors

@RobertWieczoreck made their first contribution in actions/checkout#579

@luketomlinson made their first contribution in actions/checkout#1437

Full Changelog: actions/checkout@v3.5.3...v3.6.0

v3.5.3

What's Changed

Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by @megamanics in actions/checkout#1196

Fix typos found by codespell by @DimitriPapadopoulos in actions/checkout#1287

Add support for sparse checkouts by @dscho and @dfdez in actions/checkout#1369

Release v3.5.3 by @TingluoHuang in actions/checkout#1376

New Contributors

@megamanics made their first contribution in actions/checkout#1196

@DimitriPapadopoulos made their first contribution in actions/checkout#1287

@dfdez made their first contribution in actions/checkout#1369

Full Changelog: actions/checkout@v3...v3.5.3

v3.5.2

What's Changed

Fix: Use correct API url / endpoint in GHES by @fhammerl in actions/checkout#1289 based on #1286 by @1newsr

Full Changelog: actions/checkout@v3.5.1...v3.5.2

v3.5.1

What's Changed

Improve checkout performance on Windows runners by upgrading @actions/github dependency by @BrettDong in actions/checkout#1246

New Contributors

@BrettDong made their first contribution in actions/checkout#1246

... (truncated)

Commits

11bd719 Prepare 4.2.2 Release (#1953)
e3d2460 Expand unit test coverage (#1946)
163217d url-helper.ts now leverages well-known environment variables. (#1941)
eef6144 Prepare 4.2.1 release (#1925)
6b42224 Add workflow file for publishing releases to immutable action package (#1919)
de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924)
d632683 Prepare 4.2.0 release (#1878)
6d193bf Bump braces from 3.0.2 to 3.0.3 (#1777)
db0cee9 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872)
b684943 Add Ref and Commit outputs (#1180)
Additional commits viewable in compare view

Updates codacy/codacy-analysis-cli-action from 4.4.1 to 4.4.5

Release notes

Sourced from codacy/codacy-analysis-cli-action's releases.

v4.4.5

What's Changed

Fix export REGISTRY_ADDRESS env variable by @heliocodacy in codacy/codacy-analysis-cli-action#133

v4.4.4

What's Changed

update cli version to 7.9.11 by @hjrocha in codacy/codacy-analysis-cli-action#132

v4.4.3

What's Changed

fix registry-address default value by @hjrocha in codacy/codacy-analysis-cli-action#131

v4.4.2

What's Changed

Fixed some broken links by @mushlih-almubarak in codacy/codacy-analysis-cli-action#77

bump: Bump codacy-analysis-cli to 7.6.4 CY-6112 by @lolgab in codacy/codacy-analysis-cli-action#80

feature: Introduce new versioning scheme vX.X.X by @lolgab in codacy/codacy-analysis-cli-action#81

doc: Mention setting up the Go environment DOCS-380 by @prcr in codacy/codacy-analysis-cli-action#83

[SE-140] Add max-tool-memory flag by @heliocodacy in codacy/codacy-analysis-cli-action#86

Bump gosec to v2.13.1 CY-6239 by @stefanvacareanu7 in codacy/codacy-analysis-cli-action#87

Fix typo by @pSub in codacy/codacy-analysis-cli-action#82

doc: Bump supported Go version to 1.19.1 CY-6239 by @prcr in codacy/codacy-analysis-cli-action#88

Update supported languages count by @nicklem in codacy/codacy-analysis-cli-action#91

doc: Improve CLI parameters DOCS-180 by @nicklem in codacy/codacy-analysis-cli-action#92

doc: Flag @codacy/techwriters as owners of README.md DOCS-483 by @nicklem in codacy/codacy-analysis-cli-action#93

added github_token in all requests to github api in action.yml by @DMarinhoCodacy in codacy/codacy-analysis-cli-action#96

removed github-token from action.yaml file by @DMarinhoCodacy in codacy/codacy-analysis-cli-action#100

changed staticcheck URL using github api to artifact TS-214 by @DMarinhoCodacy in codacy/codacy-analysis-cli-action#102

updated Clang-Tidy URL to artifact by @DMarinhoCodacy in codacy/codacy-analysis-cli-action#103

doc: Mention turning on and configuring the client-side tool by @prcr in codacy/codacy-analysis-cli-action#106

moved gosec and fauxpas to artifact by @DMarinhoCodacy in codacy/codacy-analysis-cli-action#107

fix installation staticcheck using official binary by @DMarinhoCodacy in codacy/codacy-analysis-cli-action#108

feature: allow skipping container engine check IO-423 by @pedrocodacy in codacy/codacy-analysis-cli-action#110

close if statement properly by @bjarkebm in codacy/codacy-analysis-cli-action#114

bump cli version by @pedrocodacy in codacy/codacy-analysis-cli-action#116

doc: Update Codacy logo DOCS-594 by @nicklem in codacy/codacy-analysis-cli-action#119

action: prevent globbing with double quotes by @ljmf00 in codacy/codacy-analysis-cli-action#68

Bump cli, staticheck, gosec versions TCE-614 by @stefanvacareanu7 in codacy/codacy-analysis-cli-action#124

TCE-937 add condition to setup go only if the user wants to run staticcheck by @DMarinhoCodacy in codacy/codacy-analysis-cli-action#126

feat: [TCE-1039] Add parameter 'registry-address' in order to support alternative registry addresses by @heliocodacy in codacy/codacy-analysis-cli-action#129

New Contributors

@mushlih-almubarak made their first contribution in codacy/codacy-analysis-cli-action#77

@stefanvacareanu7 made their first contribution in codacy/codacy-analysis-cli-action#87

@pSub made their first contribution in codacy/codacy-analysis-cli-action#82

@nicklem made their first contribution in codacy/codacy-analysis-cli-action#91

@DMarinhoCodacy made their first contribution in codacy/codacy-analysis-cli-action#96

@bjarkebm made their first contribution in codacy/codacy-analysis-cli-action#114

@ljmf00 made their first contribution in codacy/codacy-analysis-cli-action#68

... (truncated)

Commits

97bf5df feat: build for release
3ad04f4 feat: build for release
3987b1d feat: build for release
55bddef feat: build for release
See full diff in compare view

Updates github/codeql-action from 2 to 3

Release notes

Sourced from github/codeql-action's releases.

v2.27.0

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

2.27.0 - 22 Oct 2024

Bump the minimum CodeQL bundle version to 2.14.6. #2549

Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #2557

Update default CodeQL bundle version to 2.19.2. #2552

See the full CHANGELOG.md for more information.

CodeQL Bundle v2.19.2

Bundles CodeQL CLI v2.19.2

(changelog, release)

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.19.2:

codeql/cpp-queries (changelog, source)

codeql/cpp-all (changelog, source)

codeql/csharp-queries (changelog, source)

codeql/csharp-all (changelog, source)

codeql/go-queries (changelog, source)

codeql/go-all (changelog, source)

codeql/java-queries (changelog, source)

codeql/java-all (changelog, source)

codeql/javascript-queries (changelog, source)

codeql/javascript-all (changelog, source)

codeql/python-queries (changelog, source)

codeql/python-all (changelog, source)

codeql/ruby-queries (changelog, source)

codeql/ruby-all (changelog, source)

codeql/swift-queries (changelog, source)

codeql/swift-all (changelog, source)

CodeQL Bundle v2.19.1

Bundles CodeQL CLI v2.19.1

(changelog, release)

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.19.1:

codeql/cpp-queries (changelog, source)

codeql/cpp-all (changelog, source)

codeql/csharp-queries (changelog, source)

codeql/csharp-all (changelog, source)

codeql/go-queries (changelog, source)

codeql/go-all (changelog, source)

codeql/java-queries (changelog, source)

codeql/java-all (changelog, source)

... (truncated)

Commits

d591d17 Fix name of Python stdlib extraction feature flag
c470063 Merge pull request #2549 from github/henrymercer/remove-support-2.13.5
ad94f2f Merge pull request #2548 from github/angelapwen/fix-prepare-test
57f465f Add changelog note
9ccb1b7 Bump version to 3.27.0
4f2715b Update supported GHES versions table
See full diff in compare view

Updates actions/cache from 1 to 4

Release notes

Sourced from actions/cache's releases.

v4.0.0

What's Changed

Update action to node20 by @takost in actions/cache#1284

feat: save-always flag by @to-s in actions/cache#1242

New Contributors

@takost made their first contribution in actions/cache#1284

@to-s made their first contribution in actions/cache#1242

Full Changelog: actions/cache@v3...v4.0.0

v3.3.3

What's Changed

Cache v3.3.3 by @robherley in actions/cache#1302

New Contributors

@robherley made their first contribution in actions/cache#1302

Full Changelog: actions/cache@v3...v3.3.3

v3.3.2

What's Changed

Fixed readme with new segment timeout values by @kotewar in actions/cache#1133

Readme fixes by @kotewar in actions/cache#1134

Updated description of the lookup-only input for main action by @kotewar in actions/cache#1130

Change two new actions mention as quoted text by @bishal-pdMSFT in actions/cache#1131

Update Cross-OS Caching tips by @pdotl in actions/cache#1122

Bazel example (Take #2️⃣) by @vorburger in actions/cache#1132

Remove actions to add new PRs and issues to a project board by @jorendorff in actions/cache#1187

Consume latest toolkit and fix dangling promise bug by @chkimes in actions/cache#1217

Bump action version to 3.3.2 by @bethanyj28 in actions/cache#1236

New Contributors

@vorburger made their first contribution in actions/cache#1132

@jorendorff made their first contribution in actions/cache#1187

@chkimes made their first contribution in actions/cache#1217

@bethanyj28 made their first contribution in actions/cache#1236

Full Changelog: actions/cache@v3...v3.3.2

v3.3.1

What's Changed

Reduced download segment size to 128 MB and timeout to 10 minutes by @kotewar in actions/cache#1129

Full Changelog: actions/cache@v3...v3.3.1

v3.3.0

What's Changed

Bug: Permission is missing in cache delete example by @kotokaze in actions/cache#1123

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

4.1.2

Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474

Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

Restore original behavior of cache-hit output - #1467

4.1.0

Ensure cache-hit output is set when a cache is missed - #1404

Deprecate save-always input - #1452

4.0.2

Fixed restore fail-on-cache-miss not working.

4.0.1

Updated isGhes check

4.0.0

Updated minimum runner version support from node 12 -> node 20

3.3.3

Updates @actions/cache to v3.2.3 to fix accidental mutated path arguments to getCacheVersion actions/toolkit#1378

Additional audit fixes of npm package(s)

3.3.2

Fixes bug with Azure SDK causing blob downloads to get stuck.

3.3.1

Reduced segment size to 128MB and segment timeout to 10 minutes to fail fast in case the cache download is stuck.

3.3.0

Added option to lookup cache without downloading it.

3.2.6

Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners.

3.2.5

... (truncated)

Commits

6849a64 Release 4.1.2 #1477
5a1720c Merge branch 'Link-/prep-4.1.2' of https://github.com/actions/cache into Link...
d9fef48 Merge branch 'main' into Link-/prep-4.1.2
a50e8d0 Merge branch 'main' into Link-/prep-4.1.2
acc9ae5 Merge pull request #1481 from actions/dependabot/github_actions/actions/setup...
1ea5f18 Merge branch 'main' into Link-/prep-4.1.2
cc679ff Merge branch 'main' into dependabot/github_actions/actions/setup-node-4
366d43d Merge pull request #1483 from actions/dependabot/github_actions/github/codeql...
02bf319 Bump github/codeql-action from 2 to 3
6f6220b Merge branch 'main' into dependabot/github_actions/actions/setup-node-4
Additional commits viewable in compare view

Updates jurplel/install-qt-action from 2 to 4

Release notes

Sourced from jurplel/install-qt-action's releases.

install-qt-action v4.0.0

The biggest change with this version is aqtinstall being updated to 3.1. Most of the other changes are from PRs listed below. The reason this is 4.0.0 is due to (relatively small) breaking changes from the PRs annotated with [v4]. Consult the upgrade guide for details on breaking changes.

Auto-generated list of PRs:

Two small fixes in readme file. by @wy-luke in jurplel/install-qt-action#185

Add libgstreamer-gl1.0-0 to linux dependencies by @ddalcino in jurplel/install-qt-action#186

Add options to install source, docs, and examples by @ddalcino in jurplel/install-qt-action#179

[v4] Fix Qt5_DIR environment variable by @ddalcino in jurplel/install-qt-action#190

[v4] Install desktop Qt when required to by Qt 6.2+ mobile and WASM by @ddalcino in jurplel/install-qt-action#189

[v4] Add installed tools to path by @ddalcino in jurplel/install-qt-action#180

Bump tough-cookie and @azure/ms-rest-js in /action by @dependabot in jurplel/install-qt-action#197

Bump semver from 6.3.0 to 6.3.1 in /action by @dependabot in jurplel/install-qt-action#198

Bump word-wrap from 1.2.3 to 1.2.4 in /action by @dependabot in jurplel/install-qt-action#199

Update node.js version to 20; update CI dependencies to remove warnings by @pzhlkj6612 in jurplel/install-qt-action#222

update version of setup-python by @pionere in jurplel/install-qt-action#219

Add libxcb-cursor0 to Linux dependencies for Qt 6.5 and up by @IgKh in jurplel/install-qt-action#221

Add 'aqtsource' option that allows overriding where the action sources aqtinstall from by @timangus in jurplel/install-qt-action#234

Add Windows ARM support by @vicr123 in jurplel/install-qt-action#212

A big thanks to everyone involved for their contributions to the project, and a special thanks to those who have been helping to manage the Github issues.

install-qt-action v3.3.0

Add libgstreamer (@ddalcino)

Add option to install source, docs, and examples (@ddalcino)

install-qt-action v3.2.1

add back automatic libxkbcommon-x11-0 installation on linux

install-qt-action v3.2.0

Fix py7zr weirdness (@ddalcino)

install-qt-action v3.1.0

Fix detection of Qt architecture directory thanks to @ddalcino

install-qt-action v3.0.0

Move to aqtinstall v2.0.0 thanks to @ddalcino

Switch to automatic caching thanks to @bexnoss

Countless other things

install-qt-action v2.14.0

Note: Semantic versioning is now required for tools versions and for qt 5.9 (should be 5.9.0 now)

Updated aqtinstall to 1.2.5

Updated py7zr to 0.16.1

Install more ubuntu packages by default for running tests (#88)

install-qt-action v2.13.2

Fix apt-get install command not running as expected after v2.13.1

install-qt-action v2.13.1

... (truncated)

Commits

f03f055 Merge remote-tracking branch 'origin/master' into v4
b514934 Forgot action.yml workaround
0fe81f8 Update README_upgrade_guide.md
6d100a7 Merge remote-tracking branch 'origin/master' into v4
99da6f4 Forgot to add node_modules
518d652 Update README.md
dbcedf9 Build v4
3254977 Update packages
8c7ed71 fix lints
45ea618 Exit process after running, workaround for #236
Additional commits viewable in compare view

Updates wagoid/commitlint-github-action from 6.0.1 to 6.1.2

Changelog

Sourced from wagoid/commitlint-github-action's changelog.

Changelog

All notable changes to this project will be documented in this file. See commit-and-tag-version for commit guidelines.

6.1.2 (2024-09-04)

Bug Fixes

using compareCommits for push event commit query (#801) (47ff131)

6.1.1 (2024-08-21)

6.1.0 (2024-08-20)

Features

updating push event trigger to use rest API (OctoKit) vs push event (70e22e9)

Bug Fixes

updating unit tests with mocking push octokit list commits (c3ab7fd)

6.0.2 (2024-08-05)

6.0.1 (2024-04-10)

6.0.0 (2024-03-28)

⚠ BREAKING CHANGES

commitlint.config.js is not supported anymore, please use .mjs extension

Features

upgrade to commitlint v19 (732f0ad)

5.5.1 (2024-03-28)

Bug Fixes

upgrade commitlint to latest v18 (6ee28c9), closes #760

5.5.0 (2024-03-28)

... (truncated)

Commits

3d28780 chore(release): publish 6.1.2 [skip-ci]
47ff131 fix: using compareCommits for push event commit query (#801)
a2bc521 chore(release): publish 6.1.1 [skip-ci]
bc25072 Merge pull request #800 from wagoid/revert-798-feat/using-rest-for-push
09a8abb Revert "feat: updating push event trigger to use rest API (OctoKit) vs push e...
dbd4ecd chore(release): publish 6.1.0 [skip-ci]
0de1544 Merge pull request #798 from ncino/feat/using-rest-for-push
c3ab7fd fix: updating unit tests with mocking push octokit list commits
70e22e9 feat: updating push event trigger to use rest API (OctoKit) vs push event
baa1b23 chore(release): publish 6.0.2 [skip-ci]
Additional commits viewable in compare view

Updates microsoft/security-devops-action from 1.10.0 to 1.11.0

Release notes

Sourced from microsoft/security-devops-action's releases.

Enable Container Mapping by Default for Active Customers

In this release, we're enabling the container-mapping tool by default for customers who have onboarded to Microsoft Defender for Cloud and have enabled their GitHub organization.

Those who do not have Microsoft Defender for Cloud enabled on their GitHub organizations will not be able to run the container-mapping workload and it will be automatically skipped.

With this change, we are deprecating the includeTools option. If you would like to manually specify which tools to run, this can still be done via the tools option as before. See the wiki for further instructions.

Commits

cc007d0 Merge pull request #100 from microsoft/serait/containerMappingDefault
481b67d Update documentation
416e86d Update documentation
2cc7798 Cleanup code
c23429e Cleanup code
25574b7 Cleanup code
a956936 Cleanup code
b0ce45b Cleanup code
daf2549 Cleanup code
3d86faf Merge pull request #99 from sethRait/serait/checkCallerIsOnboarded
Additional commits viewable in compare view

Updates dependabot/fetch-metadata from 2.1.0 to 2.2.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v2.2.0

What's Changed

Bump actions/create-github-app-token from 1.9.0 to 1.10.0 by @dependabot in dependabot/fetch-metadata#523

Bump actions/create-github-app-token from 1.10.0 to 1.10.2 by @dependabot in dependabot/fetch-metadata#534

Bump braces from 3.0.2 to 3.0.3 by @dependabot in dependabot/fetch-metadata#532

v2.2.0 by @fetch-metadata-action-automation in dependabot/fetch-metadata#520

Full Changelog: dependabot/fetch-metadata@v2...v2.2.0

Commits

dbb049a v2.2.0 (#520)
36bf1f9 Merge pull request #532 from dependabot/dependabot/npm_and_yarn/braces-3.0.3
a3420b5 Bump braces from 3.0.2 to 3.0.3
006e43f Merge pull request #534 from dependabot/dependabot/github_actions/actions/cre...
9c55ebe Bump actions/create-github-app-token from 1.10.0 to 1.10.2
325b863 Merge pull request #523 from dependabot/dependabot/github_actions/actions/cre...
aec2f3e Bump actions/create-github-app-token from 1.9.0 to 1.10.0
See full diff in compare view

Updates actions/dependency-review-action from 4.3.2 to 4.3.5

Release notes

Sourced from actions/dependency-review-action's releases.

v4.3.5

What's Changed

fix: getRefs function to handle merge_group events by @louis-bompart in actions/dependency-review-action#766

Create pull_request_template.md by @jonjanego in actions/dependency-review-action#794

Update CONTRIBUTING.md by @jonjanego in actions/dependency-review-action#793

Bump @types/node from 20.11.28 to 20.16.0 by @dependabot in actions/dependency-review-action#815

Upgrade transitive micromatch library by @elireisman in actions/dependency-review-action#829

Do not list changed dependencies in summary by @hmaurer in actions/dependency-review-action#828

Update stale.yaml by @jonjanego in actions/dependency-review-action#832

Bump got from 14.4.1 to 14.4.2 by @dependabot in actions/dependency-review-action#822

Bump eslint-plugin-jest and ts-jest by @Ahmed3lmallah in actions/dependency-review-action#840

New Contributors

@louis-bompart made their first contribution in actions/dependency-review-action#766

@Ahmed3lmallah made their first contribution in actions/dependency-review-action#840

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

v4.3.4

What's Changed

Include all added dependencies in scorecard entries by @elireisman in actions/dependency-review-action#783

Update SPDX Expression Parsing by @febuiles in actions/dependency-review-action#719

This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

Notes for v4.3.3

What's Changed

Allow slashes in purl package names by @juxtin in actions/dependency-review-action#765

use the v3 version of the deps.dev API by @josieang in actio...
Description has been truncated

Bumps the github-actions group with 22 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `3` | `4` | | [codacy/codacy-analysis-cli-action](https://github.com/codacy/codacy-analysis-cli-action) | `4.4.1` | `4.4.5` | | [github/codeql-action](https://github.com/github/codeql-action) | `2` | `3` | | [actions/cache](https://github.com/actions/cache) | `1` | `4` | | [jurplel/install-qt-action](https://github.com/jurplel/install-qt-action) | `2` | `4` | | [wagoid/commitlint-github-action](https://github.com/wagoid/commitlint-github-action) | `6.0.1` | `6.1.2` | | [microsoft/security-devops-action](https://github.com/microsoft/security-devops-action) | `1.10.0` | `1.11.0` | | [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.1.0` | `2.2.0` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.3.2` | `4.3.5` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `5` | `6` | | [eps1lon/actions-label-merge-conflict](https://github.com/eps1lon/actions-label-merge-conflict) | `3.0.1` | `3.0.2` | | [codelytv/pr-size-labeler](https://github.com/codelytv/pr-size-labeler) | `1.10.0` | `1.10.1` | | [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `7.13.0` | `8.1.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.3` | `4.4.3` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `6.1.0` | `7.0.5` | | [withastro/action](https://github.com/withastro/action) | `2.0.0` | `3.0.0` | | [actions/configure-pages](https://github.com/actions/configure-pages) | `4.0.0` | `5.0.0` | | [fsfe/reuse-action](https://github.com/fsfe/reuse-action) | `3.0.0` | `4.0.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.3` | `2.4.0` | | [check-spelling/check-spelling](https://github.com/check-spelling/check-spelling) | `0.0.22` | `0.0.23` | | [yokawasa/action-sqlcheck](https://github.com/yokawasa/action-sqlcheck) | `1.3.0` | `1.5.0` | | [DoozyX/clang-format-lint-action](https://github.com/doozyx/clang-format-lint-action) | `0.13` | `0.18` | Updates `actions/checkout` from 3 to 4 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v3...v4) Updates `codacy/codacy-analysis-cli-action` from 4.4.1 to 4.4.5 - [Release notes](https://github.com/codacy/codacy-analysis-cli-action/releases) - [Commits](codacy/codacy-analysis-cli-action@3ff8e64...97bf5df) Updates `github/codeql-action` from 2 to 3 - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v2...v3) Updates `actions/cache` from 1 to 4 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v1...v4) Updates `jurplel/install-qt-action` from 2 to 4 - [Release notes](https://github.com/jurplel/install-qt-action/releases) - [Commits](jurplel/install-qt-action@v2.0.0...v4) Updates `wagoid/commitlint-github-action` from 6.0.1 to 6.1.2 - [Changelog](https://github.com/wagoid/commitlint-github-action/blob/master/CHANGELOG.md) - [Commits](wagoid/commitlint-github-action@7f0a61d...3d28780) Updates `microsoft/security-devops-action` from 1.10.0 to 1.11.0 - [Release notes](https://github.com/microsoft/security-devops-action/releases) - [Commits](microsoft/security-devops-action@v1.10.0...v1.11.0) Updates `dependabot/fetch-metadata` from 2.1.0 to 2.2.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](dependabot/fetch-metadata@5e5f996...dbb049a) Updates `actions/dependency-review-action` from 4.3.2 to 4.3.5 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@0c155c5...a6993e2) Updates `docker/build-push-action` from 5 to 6 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v5...v6) Updates `eps1lon/actions-label-merge-conflict` from 3.0.1 to 3.0.2 - [Release notes](https://github.com/eps1lon/actions-label-merge-conflict/releases) - [Changelog](https://github.com/eps1lon/actions-label-merge-conflict/blob/main/CHANGELOG.md) - [Commits](eps1lon/actions-label-merge-conflict@6d74047...1b1b1fc) Updates `codelytv/pr-size-labeler` from 1.10.0 to 1.10.1 - [Release notes](https://github.com/codelytv/pr-size-labeler/releases) - [Commits](CodelyTV/pr-size-labeler@56f6f0f...c7a55a0) Updates `oxsecurity/megalinter` from 7.13.0 to 8.1.0 - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](oxsecurity/megalinter@bacb5f8...b38cdf1) Updates `actions/upload-artifact` from 4.3.3 to 4.4.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4.3.3...b4b15b8) Updates `peter-evans/create-pull-request` from 6.1.0 to 7.0.5 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@c5a7806...5e91468) Updates `withastro/action` from 2.0.0 to 3.0.0 - [Release notes](https://github.com/withastro/action/releases) - [Commits](withastro/action@acfe56d...44cbafd) Updates `actions/configure-pages` from 4.0.0 to 5.0.0 - [Release notes](https://github.com/actions/configure-pages/releases) - [Commits](actions/configure-pages@v4.0.0...v5.0.0) Updates `fsfe/reuse-action` from 3.0.0 to 4.0.0 - [Release notes](https://github.com/fsfe/reuse-action/releases) - [Commits](fsfe/reuse-action@a46482c...3ae3c6b) Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@dc50aa9...62b2cac) Updates `check-spelling/check-spelling` from 0.0.22 to 0.0.23 - [Release notes](https://github.com/check-spelling/check-spelling/releases) - [Changelog](https://github.com/check-spelling/check-spelling/blob/main/gh-release-downloader) - [Commits](check-spelling/check-spelling@00c989c...2c9e4a8) Updates `yokawasa/action-sqlcheck` from 1.3.0 to 1.5.0 - [Release notes](https://github.com/yokawasa/action-sqlcheck/releases) - [Commits](yokawasa/action-sqlcheck@v1.3.0...v1.5.0) Updates `DoozyX/clang-format-lint-action` from 0.13 to 0.18 - [Release notes](https://github.com/doozyx/clang-format-lint-action/releases) - [Commits](DoozyX/clang-format-lint-action@v0.13...v0.18) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: codacy/codacy-analysis-cli-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: jurplel/install-qt-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: wagoid/commitlint-github-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: microsoft/security-devops-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: dependabot/fetch-metadata dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: eps1lon/actions-label-merge-conflict dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: codelytv/pr-size-labeler dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: oxsecurity/megalinter dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: withastro/action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/configure-pages dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: fsfe/reuse-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: check-spelling/check-spelling dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: yokawasa/action-sqlcheck dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: DoozyX/clang-format-lint-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <[email protected]>

trunk-io · 2024-10-28T11:05:44Z

Merging to main in this repository is managed by Trunk.

To merge this pull request, check the box to the left or comment /trunk merge below.

github-actions · 2024-10-28T11:06:01Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 3 package(s) with unknown licenses.

See the Details below.

License Issues

.github/workflows/labeler.yml

Package	Version	License	Issue Type
eps1lon/actions-label-merge-conflict	1b1b1fcde06a9b3d089f3464c96417961dde1168	Null	Unknown License

.github/workflows/reuse-check.yml

Package	Version	License	Issue Type
fsfe/reuse-action	3ae3c6bdf1257ab19397fab11fd3312144692083	Null	Unknown License

.github/workflows/pages-astro.yml

Package	Version	License	Issue Type
withastro/action	44cbafd43567733e3b007918c6e0711480560516	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

actions/actions/checkout

11bd71901bbe5b1630ceea73d27597364c9af683

🟢 7.4

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	11 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 9	security policy file detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/codacy/codacy-analysis-cli-action

97bf5df3c09e75f5bcd72695998f96ebd701846e

🟢 4.8

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

actions/github/codeql-action/upload-sarif

662472033e021d55d94146f66f6058822b0b39fd

Unknown

actions/actions/checkout

11bd71901bbe5b1630ceea73d27597364c9af683

🟢 7.4

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	11 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 9	security policy file detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/github/codeql-action/analyze

3.*.*

Unknown

actions/github/codeql-action/init

3.*.*

Unknown

actions/jurplel/install-qt-action

4.*.*

Unknown

actions/actions/checkout

11bd71901bbe5b1630ceea73d27597364c9af683

🟢 7.4

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	11 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 9	security policy file detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/wagoid/commitlint-github-action

3d28780bbf0365e29b144e272b2121204d5be5f3

🟢 4.2

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 3/14 approved changesets -- score normalized to 2
Maintained	🟢 10	13 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	⚠️ 0	security policy file not detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

actions/microsoft/security-devops-action

1.11.0

🟢 7.5

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	24 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	🟢 9	SAST tool is not run on all commits -- score normalized to 9
Vulnerabilities	🟢 5	5 existing vulnerabilities detected

actions/dependabot/fetch-metadata

dbb049abf0d677abbd7f7eee0375145b417fdd34

🟢 6.8

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 9	10 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 9
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 5	SAST tool is not run on all commits -- score normalized to 5
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

actions/actions/checkout

11bd71901bbe5b1630ceea73d27597364c9af683

🟢 7.4

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	11 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 9	security policy file detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/actions/dependency-review-action

a6993e2c61fd5dc440b409aa1d6904921c5e1894

🟢 7.2

Details

Check	Score	Reason
Maintained	🟢 10	15 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 9	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 1	dependency not pinned by hash detected -- score normalized to 1
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

actions/actions/checkout

11bd71901bbe5b1630ceea73d27597364c9af683

🟢 7.4

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	11 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 9	security policy file detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/github/codeql-action/upload-sarif

662472033e021d55d94146f66f6058822b0b39fd

Unknown

actions/docker/build-push-action

6.*.*

🟢 6.6

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	24 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	🟢 9	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/codelytv/pr-size-labeler

c7a55a022747628b50f3eb5bf863b9e796b8f274

Unknown

actions/eps1lon/actions-label-merge-conflict

1b1b1fcde06a9b3d089f3464c96417961dde1168

🟢 3.9

Details

Check	Score	Reason
Code-Review	🟢 6	Found 7/11 approved changesets -- score normalized to 6
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
License	⚠️ 0	license file not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 8	2 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

actions/actions/checkout

11bd71901bbe5b1630ceea73d27597364c9af683

🟢 7.4

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	11 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 9	security policy file detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/actions/upload-artifact

b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 1	dependency not pinned by hash detected -- score normalized to 1
Security-Policy	🟢 9	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

actions/oxsecurity/megalinter

b38cdf1f0cbe056fad4112cb7cd99c2b574c9617

🟢 3.7

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/18 approved changesets -- score normalized to 2
Maintained	🟢 10	30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	⚠️ 0	21 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

actions/peter-evans/create-pull-request

5e914681df9dc83aa4e4905692ca88beb2f9e91f

🟢 5.2

Details

Check	Score	Reason
Code-Review	🟢 4	Found 5/11 approved changesets -- score normalized to 4
Maintained	🟢 10	30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts	🟢 10	no binaries found in the repo
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 1	dependency not pinned by hash detected -- score normalized to 1
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/actions/checkout

11bd71901bbe5b1630ceea73d27597364c9af683

🟢 7.4

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	11 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 9	security policy file detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/withastro/action

44cbafd43567733e3b007918c6e0711480560516

🟢 4.7

Details

Check	Score	Reason
Maintained	⚠️ 1	2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Code-Review	🟢 6	Found 11/18 approved changesets -- score normalized to 6
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches

actions/actions/configure-pages

5.0.0

🟢 6.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 5	7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 9	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

actions/actions/checkout

11bd71901bbe5b1630ceea73d27597364c9af683

🟢 7.4

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	11 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 9	security policy file detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/actions/checkout

11bd71901bbe5b1630ceea73d27597364c9af683

🟢 7.4

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	11 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 9	security policy file detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/fsfe/reuse-action

3ae3c6bdf1257ab19397fab11fd3312144692083

🟢 4

Details

Check	Score	Reason
Code-Review	🟢 3	Found 6/16 approved changesets -- score normalized to 3
Maintained	🟢 3	4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

actions/actions/checkout

11bd71901bbe5b1630ceea73d27597364c9af683

🟢 7.4

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	11 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 9	security policy file detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/actions/upload-artifact

b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 1	dependency not pinned by hash detected -- score normalized to 1
Security-Policy	🟢 9	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

actions/github/codeql-action/upload-sarif

662472033e021d55d94146f66f6058822b0b39fd

Unknown

actions/ossf/scorecard-action

62b2cac7ed8198b15735ed49ab1e5cf35480ba46

🟢 8.2

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests	🟢 10	30 out of 30 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	20 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	27 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 9	dependency not pinned by hash detected -- score normalized to 9
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	🟢 10	no vulnerabilities detected

actions/check-spelling/check-spelling

2c9e4a85102fa9b6df3cb8bb5a8dc8bdc2fb2fea

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 9	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	no SAST tool detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	⚠️ 1	branch protection is not maximal on development and all release branches

actions/DoozyX/clang-format-lint-action

0.18.*

🟢 3.3

Details

Check	Score	Reason
Code-Review	🟢 4	Found 7/16 approved changesets -- score normalized to 4
Maintained	🟢 10	15 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

actions/actions/cache

4.*.*

🟢 7.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	🟢 9	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/actions/checkout

4.*.*

🟢 7.4

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	11 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 9	security policy file detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/jurplel/install-qt-action

4.*.*

Unknown

actions/yokawasa/action-sqlcheck

1.5.0

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 2/11 approved changesets -- score normalized to 1
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

Scanned Files

.github/workflows/codacy-analysis.yml
.github/workflows/codeql-analysis.yml
.github/workflows/commitlint.yml
.github/workflows/defender-for-devops.yml
.github/workflows/dependabot-merge.yml
.github/workflows/dependency-review.yml
.github/workflows/devskim-analysis.yml
.github/workflows/docker-publish.yml
.github/workflows/labeler.yml
.github/workflows/mega-linter.yml
.github/workflows/pages-astro.yml
.github/workflows/pages.yml
.github/workflows/pr-lint.yaml
.github/workflows/reuse-check.yml
.github/workflows/scorecard.yml
.github/workflows/spelling.yml
.github/workflows/styles.yml

github-advanced-security

check-spelling found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

github-actions · 2024-10-28T11:07:28Z

@check-spelling-bot Report

🔴 Please review

See the 📂 files view, the 📜action log, or 📝 job summary for details.

Unrecognized words (2099)

aarch
abbd
abbo
ABCF
Aber
abf
abfb
Abh
abi
abid
ablebodied
abled
Ablist
aboutdialog
absint
abspath
Abteilung
Abteilungsnamen
ACA
acai
Accessname
accountinputarea
accusee
aci
AClass
activ
activeoff
activeon
addaction
Addresse
addstore
adf
adhd
Adresse
AECBA
aed
aee
AFCBA
affordability
affrontery
Afrikaaner
afxres
agendize
AGPL
ahmadnassri
airlinese
Aissue
Akeem
Aktiv
Aktueller
aktuellste
Albuquerquean
Albuquerquian
Alertmanager
alex
alexshev
alla
allem
Alles
ALLEXTERNALS
alrightlist
alrightlisting
altera
Alternativ
amazonaws
amd
aminya
ammaraskar
amperser
AMPM
ams
amsmath
analsex
ANamespace
Anchorageite
Anchoragite
anchore
andere
anderem
Anforderungen
angeben
Angelean
angie
Anmeldename
antialiasing
antimalware
antispyware
Anwendung
Anwendungsordner
Aopen
apdisk
apk
appdata
APPDIR
APPIMAGE
applicatie
applicazione
appquick
apps
appstore
appveyer
appveyor
APPY
aqt
aqtinstall
aquasecurityofficial
Arbeit
Archivos
Arcu
Areaa
Areaclass
Areeas
Arelease
argn
argparse
armhf
armv
ARPHELPLINK
ARPINSTALLOCATION
ARPNOREPAIR
ARPPRODUCTICON
ARPURLINFOABOUT
arrowsize
arrowtail
asciify
ASingle
astro
astrodoc
Asuper
Atest
athletesfoot
atx
auch
audiobook
aufbauen
aufgerufen
Aufruf
auot
aus
ausf
Ausr
ausw
AUTOBRIEF
autobuild
autoclean
autodesktop
Autodetected
autodoc
autogen
autolabeler
Autolayout
automerge
AUTOMOC
autoprograms
AUTORCC
autoremove
autosectionlabel
autosort
autotests
autotoc
AUTOUIC
aws
awscli
awscliv
azienda
aziendale
BACA
backlight
backticks
badgen
bak
banlist
banlisting
BATCHMODE
batshit
bbb
bbe
bbf
bcfbf
bdd
BDDD
bdf
Bearbeite
Bearbeiten
beastality
beastial
beb
bedeutet
bedrijf
Bedrijfscollector
beenden
Befehl
befindet
bei
beiden
beim
Belarusan
Belarusian
Benutzer
Benutzername
Benutzernamen
bereinstimmen
bergreifende
berpr
bersetzungen
betriebssystem
Betriebssystemen
Beyonc
Beyonce
Bezeichnung
bezier
bfb
bfd
Bibliothek
Bibliotheken
bibtex
bicurious
billyan
bincrafters
bindir
binutils
biomejs
bitbucket
bitmaps
Bitstream
blocklist
blocklisting
blogs
bme
Bmind
bmine
bmy
bocd
bomd
bountybar
boutonni
brac
brazilianportuguese
bre
bric
bridgecrewio
btford
BUGLIST
bugreport
bugtracker
Bugzilla
builddep
BUILDDIR
buildinfo
buildsystem
BUILDVERSION
buildx
butante
buttplug
byteorder
CAAA
caap
cac
callergraph
callgraph
Camerino
carta
casualities
Caymanian
cbafd
cbe
ccache
cci
ccmake
CCritical
CDAF
cdea
CDebug
cdfc
cdn
ceasefire
CECB
CECC
CEDA
ceea
cellphone
cellspacing
certifi
certs
certutil
cfeb
cfgv
cflags
cgi
chardet
charliermarsh
chatbot
checkboxes
checkconnect
checkov
cheshirekow
childrens
chipcard
chipcarddoor
chipcarddoorinputarea
chipcardinputarea
chipcardprofile
chipcardprofiledoor
chipcardprofiledoorinputarea
chipcardprofileinputarea
chocolateyinstall
chris
chrysalids
chstes
chten
chtml
Ciara
cigs
CInventory
Citian
Citro
Cityan
cityinputarea
cityname
ckgabe
CKV
clangd
clangformat
clangpath
clangtidy
classpath
clazy
cleftlipped
Clickedlist
Clockrate
clpath
cmakedefine
CMakelists
cmdline
cmds
cmp
coafile
cobertura
cocksucker
codacy
codecov
codecvt
CODEFILE
Codeium
codelytv
codeofconduct
CODEOWNERS
Codepage
codeql
codesandbox
codespaces
codespell
codespellrc
Codet
cohabitor
cois
colada
Colchane
collaborationgraph
collecter
Collecteur
COLORSTYLE
colortbl
colspan
Commandline
commitizen
commitlint
commondata
commondesktop
compamy
companyinputarea
Companyl
compat
Complementos
complicit
computerinputarea
Computernamen
computersoftware
computersoftwareinputarea
conan
conanbuildinfo
conanfile
conanrun
concrt
CONFIGDIR
Configjmbde
configversion
confirmands
confirmant
Connecticuter
conspiratorialist
Constructur
containerd
contard
conventionalcommits
conversate
cookiecutter
COPYONLY
Corroy
corsican
cout
cpack
cpes
cplusplus
cpmaddpackage
cpmgetpackageversion
cpmregisterpackage
cppcheck
cppcoreguidelines
cppdbg
cppm
cpprc
cppreference
cppstd
cpptools
cppvsdbg
cpr
cra
crackpipe
craftctl
crained
createrepo
crosscompile
CROSSCOMPILING
crt
crudit
Crue
cschlosser
cssvar
cstring
csvimportdialog
ctest
ctxt
cullmann
cunilingus
cunillingus
CUxl
CVJp
CVS
CXA
cxxflags
cxxm
cybersex
cyclonedx
Cygwin
CZip
Daher
damit
dann
dans
daringfireball
dass
databaseversion
datacare
datacontext
DATADIR
datafieldnames
Datafields
Datainput
Datakonsult
Datei
Dateien
Daten
Datenbank
Datenbankabfrage
Datenbankdatei
Datensammler
Datensatz
datenschutz
DATETIME
dati
davidanson
dawbarton
dbaeumer
dbb
DBUILD
DBus
dch
dcl
DCMAKE
dcompiler
dconf
DDDC
dde
DDEFAULT
ddl
deafmute
dearmor
debian
DEBUGLIBS
debugpy
debuild
DED
defamative
defraudulent
degeneratory
DEMANGLE
dena
DENABLE
deparment
departmentinputarea
departmet
deplan
DEPRECATEDLIST
derjenigen
desktopicon
dessant
destinationlabel
deth
devcontainer
developerapi
devguide
devicename
devicenameinputarea
devicetype
devicetypeinputarea
devilworshipper
devskim
dfa
DFAE
dfdfdf
DFF
DHTML
diafile
DIAPLAY
diesem
diesen
Dieser
diffability
directorygraph
dirvars
disabledoff
disabledon
discomforture
disfluency
disincentivize
disroop
distlib
distro
djlint
DKDE
dlg
DLGTM
dmg
dnd
dnf
docbook
dockerfiles
docoument
docset
docstrings
doctoc
doctrees
Docu
documentaton
Documente
documentinputarea
docutils
Dokument
Dokumente
Dokumenten
Dominguez
donjayamanne
donn
donotpresent
dontinclude
doppelg
DOPT
dotfile
DOTFONTPATH
dotnet
downlo
dox
doxdocgen
doxyfile
doxygen
doxygenfile
doxyindexer
doxyrules
doxysearch
Doxywizard
dpi
dput
DQAPPLICATION
DQT
dri
drirc
Drucke
Drucker
Druckernamen
dsc
DTDs
dummyobject
dummyvalue
dummyvariable
duplicatory
durch
DVI
DVT
DWORD
dylib
eabi
EAF
eafdc
eamodio
ebd
eca
ECLIPSEHELP
ecm
ecstacy
eda
eeaaad
eee
EEECBCDF
EGL
ehthumbs
eigentlichen
ein
eine
einem
einen
einer
eingeben
einige
Einstellungen
Einstellungsdatun
eklady
Elasticsearch
elems
Elysees
emacs
ement
emoji
employeeaccount
employeeaccountinputarea
employeedocument
employeedocumentinputarea
employeeinputarea
employeemodel
employeetable
emscripten
emsdk
endcond
enddate
Enddatum
endforeach
endfunction
endl
endmacro
enigmatas
enlargen
enplan
Entenhausen
Entenstra
enthalten
Entpacken
Entwickler
Entwicklungssystem
Equick
equinusocio
erfasst
erfolgreich
errorlevel
errorstop
ersetzen
erstellen
Erzeuge
erzeugen
erzeugt
Erzeugung
esbenp
esbonio
esktop
EULA
EUPL
exceuted
exelinkflags
Exportieren
EXPORTNAME
factorypath
faf
Fairbanksan
Fairbanksian
famfamfam
FAQs
Farbe
fastlane
fatfs
faxinputarea
Faxnumber
fcde
fcf
fcoroutines
fdd
fdec
featuredarticles
feb
febac
FEBD
Februar
FEEDNAME
FEEDURL
Fehler
Fehlerberichte
Fehlermeldung
felatio
Fertig
fetchcontent
ffcb
FFFA
ffne
ffnen
ffnet
fianc
fieldindexes
fieldname
fild
FILEFLAGS
FILEFLAGSMASK
filelock
FILEOS
FILESUBTYPE
filesystems
filetowrite
FILEVERSION
filipina
filmj
filmjolk
fina
finalise
finden
Findjmbdemodels
Findjmbdequick
Findjmbdewidgets
fingerfood
FINISHPAGE
Firefox
Firmen
Firstname
flatkpak
flatpak
flatpakimage
flawfinder
Flesch
Flickable
fltk
folgenden
fontcolor
fontello
fontname
FONTPATH
fontsize
fonttbl
footaction
forebearance
fortsetzen
Foto
fourtwenty
fpr
Fragen
fraice
fram
freedesktop
freedesktopsdk
fseventsd
fsfe
fswiss
fucktard
fuktion
fulcio
functioninputarea
Funktion
funktioniert
fwlink
gammaray
gasque
gbar
gbps
gcc
gcovr
gdiplus
GDK
geben
gebhard
Geburtstag
gedit
gefunden
gegevens
geht
genindex
Gernot
gerry
geschlossen
gesichert
gestellt
getenv
Gew
Gewurztraminer
gha
ghaction
GHE
Ghz
gibt
gitlab
gitleaks
gitlint
GLESV
glicherweise
glig
glx
gmail
gmx
gnueabi
gnueabihf
gnupg
gnuwin
goatherder
gonzagas
goodcheck
google
googleapis
goyum
gpg
GPLv
Grafana
grandfathered
grandfathering
graphviz
Grenadan
groe
grostulation
groupgraph
grudev
Grunds
gsettings
gtags
gtest
gtk
gtkmm
gub
gui
guisupport
guizi
guyutongxue
gyppo
hadolint
Halifaxer
hamas
Hampshireite
handicapable
handlet
handover
Harddisk
Hartlepoolian
Hartlepudlian
hashruler
hbenl
HCenter
HEADERFILE
hebephila
hebephile
hebephilia
hebephilic
heinrichreimer
hendrikmuhs
Hersteller
herunterladen
heshe
hhc
hhk
hhp
hicolor
hidecallergraph
hidecallgraph
hidecollaborationgraph
hidedirectorygraph
hidegroupgraph
hideincludedbygraph
hideincludegraph
hideinheritancegraph
hideinitializer
hier
Hilfe
hilfreiche
Hinweise
hinzf
hinzu
hinzuf
hiv
HKLM
HKMU
hlen
hlp
homeworkers
horney
horstretch
Hostx
hrbaren
hren
hrer
hsizetype
HSTS
htags
htmlhelp
htmlhint
htmlraw
hwrap
hykin
hymie
hyperlink
IBTo
icccm
icns
ICONDIR
iconengines
iconset
iconutil
Idcombo
IDEDM
Idform
idl
idna
idx
ieeetr
IExl
ifdef
ifndef
ifw
ignorecase
ignoreversion
IHELP
ihre
Ihrem
Ihren
Ihrer
IHRv
ikes
ilammy
imageformats
img
imgui
implementiert
Importieren
importlib
improprietous
inclimate
includedbygraph
includedir
includegraph
includehidden
incluye
Indexx
inexpense
Inferrable
inheritancegraph
inhouse
Initiaisiere
Initialisiere
initialisieren
Initialisierung
Initiallize
inkscape
innen
innnen
inno
innosetup
inout
inplace
inputarea
inputfields
insistment
Installationsanleitung
Installationspakete
Installationsprogramm
INSTALLDIR
installieren
installiert
installierten
Instantiator
INSTDIR
instructios
insuror
intelli
internalpointers
intersphinx
INTGER
intlimits
ints
Inuits
Inventar
Inventarnummer
inventoryinputarea
INVOKABLE
IOPTIONS
iostream
iot
Iowegian
ipp
IQUIT
ISCC
isdir
isfile
islamist
islu
ismap
israels
iss
issuecomment
italiano
itay
IVERSION
iwyu
ixx
jalape
japs
javadoc
Jax
jdkato
jeder
Jef
jesuschrist
jmbd
jmbde
jmbdemodels
jmbdepch
jmbdeqt
jmbdequick
jmbdetest
jmbdewidget
jmdbde
jmdbe
jmde
jmuelbert
jmuelbet
jquery
jsdelivr
JSONLINT
jstemmer
judgmentally
juergen
jurplel
Kandeler
kangeroos
kann
Karten
kate
kateconfig
kbd
kdab
kde
KDEC
keine
kevinkyang
keyserver
keysyms
kitware
Klar
KLocalized
kock
Kommandozeile
Kommentare
Kommunikation
kompilieren
kompiliert
Kompilierungs
komplette
Konger
Kongian
Kongite
konnte
konnten
kotex
krause
krazy
krb
Kritischer
kubernetes
kwarg
KWrite
labelfontname
labelfontsize
lala
lapdance
lastname
latina
Latinx
layoutdefault
Layouter
lbert
learngitbranching
Leedsian
leeren
Leitf
Leodenisian
Lesen
Letze
Letzte
lexicographicall
Lezte
lfs
LGBT
LGBTQ
Liau
libc
libclang
libcrypto
libdbus
libdir
libdrm
libegl
LIBEXEC
libgl
libglib
libglu
libgssapi
libharfbuzz
libiconv
libicu
LIBINFIX
libintl
libjmbde
libnewlib
libpcre
libqt
libsdl
libstdc
libstdcpp
libtard
libxcb
libxcursor
libxkbcommon
linewidth
linkid
liri
Liste
listfile
Liverpoolian
lix
Lizenz
Lizenzen
LJO
lld
lnk
localtime
localvars
LOGFILE
logicalcpu
logrus
Lokal
lolita
lon
longpaths
Lowenbrau
lproj
lsd
lstrip
lvdalens
lzma
lzo
macdeployqt
MACROFILE
madduci
Mailaddress
maincontroller
MAINPAGE
mainwindow
makedirs
Makefiles
makeindex
makeinfo
MAKEVAR
malware
Manchesterian
manfacturer
manhour
mansized
manufacturerinputarea
Manufacurer
markdownguide
markdownlint
masterplan
matepek
materialdesignicons
mathjax
Mattermost
matthiashermsen
maxdepth
mchen
MDFILE
mdlrc
mega
megalinter
mehreren
meisten
meldet
MEMB
menuselection
metafile
metainfo
METAINFODIR
metavar
microsoft
migr
mildy
milli
minimalize
minimalized
minimalizing
miniperl
minmax
Minneapolisian
MINSIZEREL
Missouran
Mitarbeiter
Mitarbeiternamen
mkpath
MML
mmt
mobileinputarea
Mobilelabel
Mobilenputarea
Mobiletelefon
Mobilnummer
moblienumber
moderncmakedomain
modindex
Modul
molestor
monetarize
monosans
mozilla
mployee
msc
mscfile
mscgen
msdo
msiexec
msix
mssql
msvc
msvcp
mudlet
muelbert
multiline
mutantdino
mvn
mycompany
myfile
myproj
myproject
mypy
mysql
Nachname
nage
nahmen
nalong
NAMELINK
nanapro
nand
Nassri
nativen
natvis
nauwelaerts
nbproject
nbut
ndere
nderung
nderungen
nderuung
ndex
ndig
ndigen
NDrop
Neargye
neologizer
Neopolitan
neovim
Nescaf
Nescafe
Netzwerk
neue
neuen
Neuer
neuere
neueste
Newcastleite
Newcastlite
newcommand
nez
nge
nger
ngigkeiten
ngstr
nicolas
niger
nipplering
njmbdequick
njmuelbert
nnen
noch
noenv
nojekyll
NOLOGO
NONINFRINGEMENT
nooner
NOPASSWD
norestart
normaloff
normalon
noscroll
nosubgrouping
NOSYSTEM
Notizen
notwendig
notwendigen
nouement
Novocastrian
npmpackagejsonlintrc
nproc
nset
nsis
NSOn
NSPACES
nsswitch
NSv
NSWT
nthe
nullptr
Nummer
nupkg
nur
Nutmegger
Nutzung
nvd
NVDA
nvidia
OAuth
ober
objdump
ocornut
odbc
oder
Odio
odl
officiis
oftware
Oklahomian
ombuds
OMG
opengl
opensource
openssh
optimalize
Orci
oreo
orita
Orleanian
Orleansian
Ortsnamen
Orvault
osama
OSId
osinputarea
ossf
OSX
OSXX
outfile
outputdir
outputfile
oxsecurity
Oxymorons
packagecloud
pacman
paederasts
pandoc
paperh
papersize
paperw
Papiergr
PARAMDOC
paret
parg
passlist
passlisting
Passwort
Patchveriosn
paydirt
PBitte
Pboard
pch
pdb
pdflatex
pearlnecklace
pedophiles
pendy
Peralillo
PERLMOD
Pfad
PFiles
pgsql
phoenisx
phoneinputarea
Phonelabel
Phonenumber
phonesex
pinays
pincode
pinoys
pipefail
pipx
pkgconfig
placeinputarea
plainnat
plantuml
platisd
plattform
Plattformen
Platz
PLZ
pmd
PNGs
pocahontas
podman
pointsize
policyowner
pooper
popd
popen
pornflick
postfacto
Postgre
POSTGRESQL
preclusory
precolumbian
PREDEF
preferencesdialog
preformat
preinstalled
prerequistes
primetime
printerinputarea
Printerr
printsupport
Priorit
privatedirectory
probieren
processorinputarea
procreational
PRODUCTVERSION
Profil
programa
PROGRAMFILES
PROGRAMLISTING
programm
Programmdateien
programu
propget
propput
proptags
proselint
prot
protobuf
Providencer
Providencian
Providentian
Prozessor
PTRACE
pube
pushd
pwsh
pyc
pygmaen
pygments
pylance
pylint
pylintrc
pyproject
pyright
pytest
pytz
pyyaml
QAbstract
qapplication
QBENCHMARK
qbs
QByte
QCbor
qch
QChar
QCheck
QClose
QCombo
QCommand
QCOMPARE
QCore
QData
QDate
QDebug
QDialog
QDir
qdocconf
QDouble
qenums
QFETCH
QFile
QForm
Qgd
qgenericbearer
qgetenv
qgif
QGraphics
QGrid
QGroup
QGui
qguiapplication
QHash
qhcp
qhelpgenerator
QHG
qhp
qicns
qico
QIcon
QIO
QItem
qjpeg
QJson
QLabel
QLatin
QLibrary
QLine
QList
QLocale
QLogging
qlonglong
QMain
qmake
QMenu
QMessage
QMeta
qml
qmldir
qmllint
qmlprofile
qmlprofiler
qmlproject
qmodel
qnatural
QObject
QODBC
qpa
QPage
QPoint
QPointer
QPrint
QPrinter
QPSQL
QPush
QQml
qrc
QRegular
QResize
qresource
QScroll
QSettings
qsf
QSize
qsizetype
QSlider
QSpin
QSplitter
QSql
qsqlite
qsqlmysql
qsqlodbc
qsqlpsql
QStandard
QStatus
QString
qsvg
qsvgicon
QTable
qtbase
qtbuildprofiles
qtcreator
qtdeclarative
qtdoc
qtds
qtest
QText
qtga
QTHELP
qthelpproject
qtiff
qtimageformats
Qtjmbde
QTool
qtqml
qtquick
qtquickcontrols
QTranslator
QTree
qtscript
qtshadertools
qtsingleapplication
qtsvg
qttools
qttranslations
qtversion
qtvsctools
Queensr
Queensryche
Quellcode
Quellen
quickinspector
quicklaunchicon
quickstart
quicktest
Quickversion
QUrl
QUuid
QVariant
QVERIFY
qvlog
qwbmp
qwebp
QWidget
qwindows
qwindowsvistastyle
raccogliere
Raccolta
Rahim
randr
rankdir
rapidjson
rarr
Raum
rdpart
rdparty
reapeating
Receipe
recived
recusement
redhat
redist
redistributable
redlight
Redmine
refact
refreshenv
Rekor
Relationmodel
RELEASELIBS
releation
Releted
relpath
RELWITHDEBINFO
renewcommand
resdirs
resourcemonitor
Ressourcen
retifrav
retributional
retributionary
revokeable
rgb
rgba
riverbankcomputing
rmrf
robmensching
Romani
rou
rpi
rpmbuild
rpmlint
rsource
rster
rstext
rtd
ruary
rubocop
runit
runtimes
Rxxx
rztraminer
safelist
safelisting
Salesforce
SAML
Sammeln
sanitizers
SAST
sbom
sbord
sche
schen
Schl
schlie
Schreiben
scht
Schwerer
scm
scottishgaelic
scpt
screenshot
scrollbars
SCXML
searchdata
SEARCHENGINE
Seattleite
Seattlite
seccomp
secretlint
secretlintrc
sectionauthor
selectedoff
selectedon
Selectio
serbiancyrillic
serbianlatin
Serialnumber
Seriennummer
servercore
servor
setattr
setuptools
setzen
sexample
sexchange
sexhouse
sextoy
sfml
sharedlinkflags
shehe
shellcheck
shemale
shinola
SHLIBDEPS
shlomo
showinitializer
showtime
shs
sideeffect
sidepane
signalsandslots
Signup
sigstore
singleapplication
singlehtml
sirupsen
sitemap
sizepolicy
Skoda
slanderize
sloc
Smath
SMPROGRAMS
snapcore
snapcraft
snapimage
snf
soci
socio
softwareinputarea
solicitate
sollte
solrsearch
sonarqube
sondern
Soubory
SOURCEDIR
sourceforge
sourcelabel
SOVERSION
spdlog
spdx
spercent
SPHINXBUILD
sphinxcontrib
SPHINXOPTS
sphinxsidebarwrapper
splitext
spyware
sqlcheck
sqldrivers
sqlite
sqlx
srcdirs
ssel
sselchip
ssen
Ssymbols
stackblitz
stackoverflow
stagg
standalone
startdate
starten
startmenu
startswith
startuml
statutorial
STDINT
stdset
stefanzweifel
steht
STGZ
stiffy
strangequark
strapon
STREQUAL
structs
styleguide
stylelint
stylelintrc
stylesheet
subbuild
subdir
subgrouping
SUBLANG
submergeable
Submodul
Subview
Suchow
Surinamer
Surinamese
suspendable
svgz
svn
swiftlint
swyddfa
SYFT
SYSREQUIRES
systemdata
systemdatainputarea
Systemdatem
Systemdaten
tabchars
Tabelle
Tabellen
Tabellename
Tablename
tagfile
tagname
Taktrate
Tallahassean
Tallahasseean
tamasfe
TARGETDIR
taskbar
taskfile
taskkill
tbl
TBZ
technet
Tehe
Telefon
Telefone
Telefonnr
Telefonnummer
tember
tename
tenamen
TESTLIST
testname
tetyp
texi
texinfo
textureextension
tgz
thea
thead
thlorenz
tigen
tigt
tigten
timezone
Tisch
Titel
titleinputarea
tituswormer
TLDR
tley
Toc
toctree
TODOLIST
tokei
TOLOWER
tomwhross
toolbar
toolset
TOPLEVEL
tourettes
tradesmans
Traduzioni
tranny
transexual
transgender
transgenderism
tre
treeview
Trentian
Trifluvian
trisexual
Tristique
trivy
Tsch
tsconfigs
tseslint
twxs
TXZ
typedef
typedef'ed
tzip
tzlich
TZST
tzt
tzte
uary
ucf
UDBZ
uft
UML
Umlna
unbekannte
Unbekannter
Uncomparables
uncrustify
und
undoc
une
unequivocable
UNIICON
uninstallexe
Uninstallprogram
Unistallprogram
unixlike
unmercilessly
Unported
unrelentlessly
unscript
unstall
unstalling
unter
Unternehmen
unterst
unversioned
Upate
UPDATA
Updateline
urllib
usd
usepackage
userappdata
Utahn
vadimcn
Valladolidian
Vallisoletano
valuelist
valuemap
varchar
Variante
vartags
VCenter
vcpkg
vcredist
vcruntime
vcvarsall
vcvarsallpath
venv
Verbindung
Verbrauchsmaterial
vercel
verf
verlieren
Verschiedenes
versionadded
versionchanged
VERSIONCODE
versioninfo
VERSIONSUFFIX
verstretch
verwendet
verzamelen
Verzeichnis
VFT
vhd
vhdl
viele
viewcode
virtualenv
virtuals
visualstudioexptteam
voil
volker
vollst
vom
Vorgang
vorhanden
Vorname
Vorschau
VOS
vre
vsc
vscodeintellicodes
vsizetype
vswhere
vuillamy
wagoid
Warsawer
Warsawian
webfont
Webrequest
Webseite
Website
weiter
wel
wenbr
werden
Werkzeuge
wheight
Widgetversion
wie
wifebeater
wifi
wikipedia
wil
wildcards
windeployqt
windowsprintersupport
WINDOWSSTATE
windowsvistastyle
winqt
winres
winresrc
winver
Winzig
wip
withastro
wix
wixtoolset
wixui
wmj
Wno
Wolverhamptonian
Wolverhamptonite
wom
womens
wordlist
Workaround
WORKDIR
workerscript
workflows
workspaces
Worther
Worthian
wpa
wronglist
wronglisting
Wulfrunian
wurde
wwwroot
xapian
xcode
xctoolchain
XCURSOR
xdg
XError
xfixes
xinerama
xkb
XShm
XSS
xtc
xterm
XWayland
xzf
yocto
yokawasa
yuv
yzhang
zainchen
Zeile
zentral
zestily
Ziehen
zipcitiyinputarea
zipcity
zipcityinputarea
zipcode
zipcodeinputarea
zipp
zoneinfo
zricethezav
zufuliu
Zugang
zum
zur
zwingend

Some files were automatically ignored 🙈

These sample patterns would exclude them:

(?:^|/)config\.cmake\.in$
/config/vocabularies/cspell/[^/]+$
/icons/[^/]+$
^\Q.cspellcache\E$
^\Q.github/CODE_OF_CONDUCT_de-DE.md\E$
^\Q.github/CONTRIBUTING_de-DE.md\E$
^\Q.github/styles/vale/alex/ProfanityLikely.yml\E$
^\Q.github/workflows/ci.yml\E$
^\Q.mailmap\E$
^\Qapps/libs/models/autotests/data/test.diff\E$
^\Qapps/libs/widgets/CMakeLists_files.cmake\E$
^\Qdocs/api/index.rst\E$
^\Qpackaging/ifw/README.md\E$
^\Qpackaging/win/chocolatey/jmbde.nuspec\E$
^\Qpackaging/win/CMakeLists.txt\E$
^\Qpackaging/win/installer_Qt5_x64.wxs\E$
^\Qpnpm-lock.yaml\E$
^\Qresources/text/database.qmodel\E$
^apps/libs/quick/src/qml/models/qmldir$
^apps/libs/quick/src/qml/ui/qmldir$
^config/
^packaging/linux/VERSIONSUFFIX$

You should consider excluding directory paths (e.g. (?:^|/)vendor/), filenames (e.g. (?:^|/)yarn\.lock$), or file extensions (e.g. \.gz$)

You should consider adding them to:

.github/actions/spelling/excludes.txt

File matching is via Perl regular expressions.

To check these files, more of their words need to be in the dictionary than not. You can use patterns.txt to exclude portions, add items to the dictionary (e.g. by adding them to allow.txt), or fix typos.

To accept these unrecognized words as correct and update file exclusions, you could run the following commands

... in a clone of the [email protected]:jmuelbert/jmbde-QT.git repository
on the dependabot/github_actions/github-actions-7471b81698 branch (ℹ️ how do I use this?):

curl -s -S -L 'https://raw.githubusercontent.com/check-spelling/check-spelling/00c989c97749eb0cb2d256bdc55ac61b0096c6d3/apply.pl' |
perl - 'https://github.com/jmuelbert/jmbde-QT/actions/runs/11552634310/attempts/1'

OR

To have the bot accept them for you, reply quoting the following line:
@check-spelling-bot apply updates.

Available 📚 dictionaries could cover words not in the 📘 dictionary

Dictionary	Entries	Covers	Uniquely
cspell:python/src/python/python-lib.txt	2417	51	15
cspell:python/src/python/python.txt	392	32	11
cspell:python/src/common/extra.txt	741	18	10
cspell:cpp/src/ecosystem.txt	51	14	10
cspell:php/dict/php.txt	1689	26	7

Consider adding them (in .github/workflows/spelling.yml) for uses: check-spelling/check-spelling@00c989c97749eb0cb2d256bdc55ac61b0096c6d3 in its with:

      with:
        extra_dictionaries:
          cspell:python/src/python/python-lib.txt
          cspell:python/src/python/python.txt
          cspell:python/src/common/extra.txt
          cspell:cpp/src/ecosystem.txt
          cspell:php/dict/php.txt

To stop checking additional dictionaries, add (in .github/workflows/spelling.yml) for uses: check-spelling/check-spelling@00c989c97749eb0cb2d256bdc55ac61b0096c6d3 in its with:

check_extra_dictionaries: ''

Pattern suggestions ✂️ (37)

You could add these patterns to .github/actions/spelling/patterns.txt:

# Automatically suggested patterns
# hit-count: 1000 file-count: 259
# Non-English
[a-zA-Z]*[ÀÁÂÃÄÅÆČÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæčçèéêëìíîïðñòóôõöøùúûüýÿĀāŁłŃńŅņŒœŚśŠšŜŝŸŽžź][a-zA-Z]{3}[a-zA-ZÀÁÂÃÄÅÆČÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæčçèéêëìíîïðñòóôõöøùúûüýÿĀāŁłŃńŅņŒœŚśŠšŜŝŸŽžź]*|[a-zA-Z]{3,}[ÀÁÂÃÄÅÆČÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæčçèéêëìíîïðñòóôõöøùúûüýÿĀāŁłŃńŅņŒœŚśŠšŜŝŸŽžź]|[ÀÁÂÃÄÅÆČÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæčçèéêëìíîïðñòóôõöøùúûüýÿĀāŁłŃńŅņŒœŚśŠšŜŝŸŽžź][a-zA-Z]{3,}

# hit-count: 575 file-count: 153
# https/http/file urls
(?:\b(?:https?|ftp|file)://)[-A-Za-z0-9+&@#/%?=~_|!:,.;]+[-A-Za-z0-9+&@#/%=~_|]

# hit-count: 526 file-count: 41
# in [email protected]+, printf markers aren't automatically consumed
# printf markers
(?<!\\)\\[nrt](?=[a-z]{2,})

# hit-count: 361 file-count: 7
# alternate markers if you run into latex and friends
(?<!\\)\\[nrt](?=[a-z]{2,})(?=.*['"`])

# hit-count: 352 file-count: 8
# uuid:
\b[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}\b

# hit-count: 223 file-count: 39
# GitHub SHAs (markdown)
(?:\[`?[0-9a-f]+`?\]\(https:/|)/(?:www\.|)github\.com(?:/[^/\s"]+){2,}(?:/[^/\s")]+)(?:[0-9a-f]+(?:[-0-9a-zA-Z/#.]*|)\b|)

# hit-count: 82 file-count: 24
# Compiler flags (Unix, Java/Scala)
# Use if you have things like `-Pdocker` and want to treat them as `docker`
(?:^|[\t ,>"'`=(])-(?:(?:J-|)[DPWXY]|[Llf])(?=[A-Z]{2,}|[A-Z][a-z]|[a-z]{2,})

# hit-count: 77 file-count: 21
# Compiler flags (Windows / PowerShell)
# This is a subset of the more general compiler flags pattern.
# It avoids matching `-Path` to prevent it from being treated as `ath`
(?:^|[\t ,"'`=(])-(?:[DPL](?=[A-Z]{2,})|[WXYlf](?=[A-Z]{2,}|[A-Z][a-z]|[a-z]{2,}))

# hit-count: 61 file-count: 10
# regex choice
\(\?:[^)]+\|[^)]+\)

# hit-count: 48 file-count: 23
# hex runs
\b[0-9a-fA-F]{16,}\b

# hit-count: 34 file-count: 34
# microsoft
\b(?:https?://|)(?:(?:download\.visualstudio|docs|msdn2?|research)\.microsoft|blogs\.msdn)\.com/[-_a-zA-Z0-9()=./%]*

# hit-count: 19 file-count: 3
# shields.io
\bshields\.io/[-\w/%?=&.:+;,]*

# hit-count: 16 file-count: 2
# .desktop localized entries
^[A-Z][a-z]+\[[a-z]+\]=.*$

# hit-count: 16 file-count: 2
# Localized .desktop content
Name\[[^\]]+\]=.*

# hit-count: 14 file-count: 2
# base64 encoded content, possibly wrapped in mime
(?:^|[\s=;:?])[-a-zA-Z=;:/0-9+]{50,}(?:[\s=;:?]|$)

# hit-count: 12 file-count: 6
# githubusercontent
/[-a-z0-9]+\.githubusercontent\.com/[-a-zA-Z0-9?&=_\/.]*

# hit-count: 10 file-count: 8
# Wikipedia
\ben\.wikipedia\.org/wiki/[-\w%.#]+

# hit-count: 10 file-count: 6
# version suffix <word>v#
(?:(?<=[A-Z]{2})V|(?<=[a-z]{2}|[A-Z]{2})v)\d+(?:\b|(?=[a-zA-Z_]))

# hit-count: 10 file-count: 4
# URL escaped characters
\%[0-9A-F][A-F]

# hit-count: 6 file-count: 1
# https://www.gnu.org/software/groff/manual/groff.html
# man troff content
\\f[BCIPR]

# hit-count: 4 file-count: 4
# hex digits including css/html color classes:
(?:[\\0][xX]|\\u|[uU]\+|#x?|\%23)[0-9_a-fA-FgGrR]*?[a-fA-FgGrR]{2,}[0-9_a-fA-FgGrR]*(?:[uUlL]{0,3}|[iu]\d+)\b

# hit-count: 3 file-count: 3
# This does not cover multiline strings, if your repository has them,
# you'll want to remove the `(?=.*?")` suffix.
# The `(?=.*?")` suffix should limit the false positives rate
# printf
%(?:(?:(?:hh?|ll?|[jzt])?[diuoxn]|l?[cs]|L?[fega]|p)(?=[a-z]{2,})|(?:X|L?[FEGA]|p)(?=[a-zA-Z]{2,}))(?=[_a-zA-Z]+\b)(?!%)(?=.*?['"])

# hit-count: 3 file-count: 1
# latex (check-spelling <= 0.0.21)
\\(?:n(?:ew|ormal|osub)|r(?:enew)|t(?:able(?:of|)|he|itle))(?=[a-z]+)

# hit-count: 2 file-count: 2
# node packages
(["'])\@[^/'" ]+/[^/'" ]+\g{-1}

# hit-count: 2 file-count: 2
# curl arguments
\b(?:\\n|)curl(?:\s+-[a-zA-Z]{1,2}\b)*(?:\s+-[a-zA-Z]{3,})(?:\s+-[a-zA-Z]+)*

# hit-count: 2 file-count: 2
# tar arguments
\b(?:\\n|)g?tar(?:\.exe|)(?:(?:\s+--[-a-zA-Z]+|\s+-[a-zA-Z]+|\s[ABGJMOPRSUWZacdfh-pr-xz]+\b)(?:=[^ ]*|))+

# hit-count: 2 file-count: 1
# apple
\bdeveloper\.apple\.com/[-\w?=/]+

# hit-count: 1 file-count: 1
# Google Storage
\b[-a-zA-Z0-9.]*\bstorage\d*\.googleapis\.com(?:/\S*|)

# hit-count: 1 file-count: 1
# git.io
\bgit\.io/[0-9a-zA-Z]+

# hit-count: 1 file-count: 1
# Internet Archive
\barchive\.org/web/\d+/(?:[-\w.?,'/\\+&%$#_:]*)

# hit-count: 1 file-count: 1
# vs devops
\bvisualstudio.com(?::443|)/[-\w/?=%&.]*

# hit-count: 1 file-count: 1
# Twitter markdown
\[\@[^[/\]:]*?\]\(https://twitter.com/[^/\s"')]*(?:/status/\d+(?:\?[-_0-9a-zA-Z&=]*|)|)\)

# hit-count: 1 file-count: 1
# Twitter status
\btwitter\.com/[^/\s"')]*(?:/status/\d+(?:\?[-_0-9a-zA-Z&=]*|)|)

# hit-count: 1 file-count: 1
# badgen.net
\bbadgen\.net/badge/[^")\]'\s]+

# hit-count: 1 file-count: 1
# sha-... -- uses a fancy capture
(\\?['"]|&quot;)[0-9a-f]{40,}\g{-1}

# hit-count: 1 file-count: 1
# Update Lorem based on your content (requires `ge` and `w` from https://github.com/jsoref/spelling; and `review` from https://github.com/check-spelling/check-spelling/wiki/Looking-for-items-locally )
# grep '^[^#].*lorem' .github/actions/spelling/patterns.txt|perl -pne 's/.*i..\?://;s/\).*//' |tr '|' "\n"|sort -f |xargs -n1 ge|perl -pne 's/^[^:]*://'|sort -u|w|sed -e 's/ .*//'|w|review -
# Warning, while `(?i)` is very neat and fancy, if you have some binary files that aren't proper unicode, you might run into:
## Operation "substitution (s///)" returns its argument for non-Unicode code point 0x1C19AE (the code point will vary).
## You could manually change `(?i)X...` to use `[Xx]...`
## or you could add the files to your `excludes` file (a version after 0.0.19 should identify the file path)
# Lorem
(?:\w|\s|[,.])*\b(?i)(?:amet|consectetur|cursus|dolor|eros|ipsum|lacus|libero|ligula|lorem|magna|neque|nulla|suscipit|tempus)\b(?:\w|\s|[,.])*

# hit-count: 1 file-count: 1
# latex (check-spelling >= 0.0.22)
\\\w{2,}\{

Errors (7)

See the 📂 files view, the 📜action log, or 📝 job summary for details.

❌ Errors	Count
ℹ️ binary-file	15
ℹ️ candidate-pattern	79
❌ check-file-path	841
❌ dictionary-not-found	6
❌ forbidden-pattern	23
ℹ️ large-file	5
ℹ️ noisy-file	23

See ❌ Event descriptions for more information.

If the flagged items are 🤯 false positives

If items relate to a ...

binary file (or some other file you wouldn't want to check at all).

Please add a file path to the excludes.txt file matching the containing file.

File paths are Perl 5 Regular Expressions - you can
test yours before committing to verify it will match
your files.

^ refers to the file's path from the root of the repository, so ^README\.md$ would exclude
README.md (on whichever branch you're using).
well-formed pattern.

If you can write a
pattern
that would match it, try adding it to the patterns.txt file.

Patterns are Perl 5 Regular Expressions - you can
test yours before committing to verify it will match
your lines.

Note that patterns can't match multiline strings.

🚂 If you're seeing this message and your PR is from a branch that doesn't have
check-spelling, please merge to your PR's base branch to get the version configured for your
repository.

dependabot · 2024-10-28T11:28:42Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Oct 28, 2024

github-advanced-security bot found potential problems Oct 28, 2024

View reviewed changes

dependabot bot closed this Oct 28, 2024

dependabot bot deleted the dependabot/github_actions/github-actions-7471b81698 branch October 28, 2024 11:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(gha)(deps): bump the github-actions group with 22 updates #1004

fix(gha)(deps): bump the github-actions group with 22 updates #1004

dependabot bot commented on behalf of github Oct 28, 2024 •

edited

Loading

trunk-io bot commented Oct 28, 2024

github-actions bot commented Oct 28, 2024

github-advanced-security bot left a comment

github-actions bot commented Oct 28, 2024

dependabot bot commented on behalf of github Oct 28, 2024

fix(gha)(deps): bump the github-actions group with 22 updates #1004

fix(gha)(deps): bump the github-actions group with 22 updates #1004

Conversation

dependabot bot commented on behalf of github Oct 28, 2024 • edited Loading

v4.0.0

What's Changed

New Contributors

v3.6.0

What's Changed

New Contributors

v3.5.3

What's Changed

New Contributors

v3.5.2

What's Changed

v3.5.1

What's Changed

New Contributors

v4.4.5

What's Changed

v4.4.4

What's Changed

v4.4.3

What's Changed

v4.4.2

What's Changed

New Contributors

v2.27.0

CodeQL Action Changelog

2.27.0 - 22 Oct 2024

CodeQL Bundle v2.19.2

CodeQL Bundle v2.19.1

v4.0.0

What's Changed

New Contributors

v3.3.3

What's Changed

New Contributors

v3.3.2

What's Changed

New Contributors

v3.3.1

What's Changed

v3.3.0

What's Changed

Releases

4.1.2

4.1.1

4.1.0

4.0.2

4.0.1

4.0.0

3.3.3

3.3.2

3.3.1

3.3.0

3.2.6

3.2.5

install-qt-action v4.0.0

Auto-generated list of PRs:

install-qt-action v3.3.0

install-qt-action v3.2.1

install-qt-action v3.2.0

install-qt-action v3.1.0

install-qt-action v3.0.0

install-qt-action v2.14.0

install-qt-action v2.13.2

install-qt-action v2.13.1

Changelog

6.1.2 (2024-09-04)

Bug Fixes

6.1.1 (2024-08-21)

6.1.0 (2024-08-20)

Features

Bug Fixes

6.0.2 (2024-08-05)

6.0.1 (2024-04-10)

6.0.0 (2024-03-28)

⚠ BREAKING CHANGES

Features

dependabot bot commented on behalf of github Oct 28, 2024 •

edited

Loading