fix(deps): update dependency short-uuid to v6

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
short-uuid	5.2.0 → 6.0.3

---

Release Notes

oculus42/short-uuid (short-uuid)

v6.0.3

Compare Source

Changed

• Fixed TypeScript definitions

v6.0.2

Compare Source

Changed

• Fixed README.md to correctly represent require and import

v6.0.0

Compare Source

• TypeScript re-write

MAJOR CHANGES

• 🛑 Removes the uuid library as a dependency.
• 🛑 Removes the uuid method on the default export (previously imported from uuid/v4).
• 🛑 Removes the new method in favor of existing generate.
• 🛑 Removes createTranslator as default export.
• 🛑 The default generate method assumes crypto.randomUUID is available and may error prior to Node 18.
• ⚠️ Node 18 and lower may require passing a uuid generator to the translator.
• Uses crypto.randomUUID by default.
• Accepts alternative UUID generators such as uuidv7

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ COPYPASTE	jscpd	yes		no	no	3.41s
✅ EDITORCONFIG	editorconfig-checker	2		0	0	0.01s
✅ JSON	jsonlint	1		0	0	0.48s
✅ JSON	npm-package-json-lint	yes		no	no	0.46s
⚠️ JSON	prettier	1	0	1	0	0.37s
✅ JSON	v8r	1		0	0	5.0s
❌ REPOSITORY	checkov	yes		5	no	24.25s
❌ REPOSITORY	devskim	yes		45	no	159.41s
✅ REPOSITORY	dustilock	yes		no	no	0.96s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
❌ REPOSITORY	grype	yes		54	no	48.69s
❌ REPOSITORY	kics	yes		56	no	4.41s
❌ REPOSITORY	kingfisher	yes		1	no	4.83s
❌ REPOSITORY	secretlint	yes		1	no	1.17s
✅ REPOSITORY	syft	yes		no	no	5.71s
⚠️ REPOSITORY	trivy	yes		1	no	16.1s
✅ REPOSITORY	trivy-sbom	yes		no	no	3.48s
✅ REPOSITORY	trufflehog	yes		no	no	3.81s
✅ SPELL	cspell	3		0	0	3.28s
❌ SPELL	lychee	2		1	0	0.19s
✅ YAML	prettier	1	0	0	0	0.46s
✅ YAML	v8r	1		0	0	1.58s
❌ YAML	yamllint	1		4	0	5.22s

Detailed Issues

❌ REPOSITORY / checkov - 5 errors

dockerfile scan results:

Passed checks: 77, Failed checks: 1, Skipped checks: 0

Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
	FAILED for resource: /Dockerfile.
	File: /Dockerfile:1-47
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created

		1  | ARG NODE_VERSION=lts-slim
		2  | 
		3  | FROM node:${NODE_VERSION} AS dependencies
		4  | 
		5  | WORKDIR /app
		6  | 
		7  | ENV PNPM_HOME="/pnpm"
		8  | ENV PATH="$PNPM_HOME:$PATH"
		9  | 
		10 | RUN --mount=type=cache,id=pnpm-store,target=/pnpm/store \
		11 |     --mount=type=bind,source=package.json,target=/app/package.json \
		12 |     --mount=type=bind,source=pnpm-lock.yaml,target=/app/pnpm-lock.yaml \
		13 |     corepack enable && \
		14 |     pnpm install --frozen-lockfile --strict-peer-dependencies
		15 | 
		16 | FROM dependencies AS builder
		17 | 
		18 | COPY --chown=node:node src/ /app/src
		19 | 
		20 | RUN --mount=type=bind,source=package.json,target=/app/package.json \
		21 |     --mount=type=bind,source=nest-cli.json,target=/app/nest-cli.json \
		22 |     --mount=type=bind,source=tsconfig.json,target=/app/tsconfig.json \
		23 |     --mount=type=bind,source=tsconfig.build.json,target=/app/tsconfig.build.json \
		24 |     pnpm build
		25 | 
		26 | FROM builder AS pruner
		27 | 
		28 | RUN --mount=type=cache,id=pnpm-store,target=/pnpm/store \
		29 |     --mount=type=bind,source=package.json,target=/app/package.json \
		30 |     --mount=type=bind,source=pnpm-lock.yaml,target=/app/pnpm-lock.yaml \
		31 |     pnpm prune --prod --ignore-scripts
		32 | 
		33 | FROM gcr.io/distroless/nodejs22-debian12:nonroot
		34 | 
		35 | WORKDIR /app
		36 | 
		37 | ENV PORT=3000
		38 | 
		39 | COPY --chown=nonroot:nonroot --from=pruner /app/node_modules ./node_modules
		40 | COPY --chown=nonroot:nonroot --from=builder /app/dist .
		41 | COPY --chown=nonroot:nonroot CHANGELOG.md LICENSE package.json /app/
		42 | 
		43 | EXPOSE ${PORT}
		44 | 
		45 | HEALTHCHECK --interval=30s --timeout=2s --start-period=10s --retries=2 CMD [ "/nodejs/bin/node", "bin/health-checker.js" ]
		46 | 
		47 | CMD ["main.js"]
github_actions scan results:

Passed checks: 212, Failed checks: 4, Skipped checks: 0

Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(CI)
	File: /.github/workflows/ci.yml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Release)
	File: /.github/workflows/release.yml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(CodeQL)
	File: /.github/workflows/codeql-analysis.yml:27-28
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Publish)
	File: /.github/workflows/publish.yml:11-12

❌ REPOSITORY / devskim - 45 errors

dddf7d787c4c63d8b9b7f3e4c1dec1c9d3fd07c476a7f7493a04dafef1ce93a7f7ef9dee3d3939b8777c40f3faf484467bbaf774679fa667e78039e9fef1f1c1bdfb44bafdbd7b3498a7c7a727bb274f9ede3b7876fcf0e19383837bfbd2e9c9c9cedefd877b3b9fee1e1f3c79f2e4d307c79f3eb9777fefc18383a73b4f764ef64518ee9feeec1eec3d3da5b9a46ef69e7d7afa941a1decd0ec9edc7bb0b3fbe021e3f6e9eea7f7ef9d7cbab7bb737cbc7f0a7ade3fb87fffd9c3dd67a7c46cbb4f3f954e3ffd94c4fefe83bd4f4976efdf7bb2fb70e7e0d9cef1c1c1ce3ea1797ff7e4e4190fe15312e77b3bc49c24a14f9fec11f10e769eeeec3edbf9f4d9431acaeec99e403bfdf4608726e8dee9934ff7ee11bbdedb2515421cb07f7fefd933424526ebc1fda7fb9f3e2079a676f74e0e9e3d3d7e7af0607feff8c9e92981223e7d28cd0e9e3dbb4703ff941875f75362d387344b0f487e3e7df8e9a70f4e8989a5d9c3fb9f3e257e3d21d2ed136bd3504e774f0e3092e3ddbda7f75466a8d9f1d327a70f8818d46ee753e292fd070f3edda7b6a41e483e65080f8e1feceddd7ff2e0c10308ca83879f3e7b7aef1931d5c393dd07a4609edcd74e9fec11294848f6eeedef3ea16190823b21f21cdfbf7f42b343c2cba2458a91067872f02971d6d3fb3b27c73488fbc70f9e3d7bf0f0945ec1481fa2d9b3e3a7cf1e7ebaf3ec788f7a2065425a6ef721a69e44e3841876873b3dd83f\"","markdown":"`\"1f8b0800000000000400edbd07601c499625262f6dca7b7f4af54ad7e074a10880601324d8904010ecc188cde692ec1d69472329ab2a81ca6556655d661640cced9dbcf7de7befbdf7de7befbdf7ba3b9d4e27f7dfff3f5c6664016cf6ce4adac99e2180aac81f3f7e7c1f3f227676ee9d3cdddbbdffe0dec3a70f4e769feceded1e7cfa60e7e9dea7cf0e76f7770ef6ee3d78b4fb1b27d4ece9a707a74feedfdff9f4e0e4debde393d39d877bfb0f4e4ff74f3ebdf7f0decea74f1eed53b3ddbd93dd877b4ff69eedd2fb7ba7c73ba74f1e9e3edb3d78faf0e9fd7b0f9fec3c7dfae81e9addbbb773f2e9c1c3d3fb4f3fdd7ff6e9a73b4f3f7db8ffe0f8e1bde3a79fdedb3f7d76f08c3bddfd74f7e9c34f9fecdf7fb6b3f3f0e0607fe7f8d37b073bf7f69f3cdb3bde7b78f0e933c16df7e1c183fd8367f7eeedde7fb6bff364f7787767ef09757a4afdef3edc3f79faf0d11e9a3d7bb873efde937b273bd4f7fda74f9e3dfdf4e9eed393fda77b7b0f770f9edd3f7d284378f6f4d9bd83e327bb4f9e7efa8cd0bc7f6f67efe4f860e7e40191e6f4e1eec34fb9d3bd870f1feede27b4ef1def3e79f6e943a2e1098deff4c1fd03a2c1d3e34f4fb9d9bdfdfd83d39d7b07bba74f1fdc7f70fa6cff01357e7072727fef9408f3ecc98e4023b49fedef9e9e3c7c7070ffd993270f4eef3d7db27f7cbaff707f6feff8c1c1831d81b6bfb7fff4c9c3839307c73b07fb9f3edd3bf9f4e4c1fdd34f1f3ea0c938de3939b977fae8019aed1f1f3c3bbd7740bd9e3edb79fae4e4f8746f1f54fb74f7e4e983fda74f1f3041f61f3ca3a11fa3d5de83fd077bf7ef3d7b78f0f0c1d3e37b070ff73fa5577679b2f60f8eef3d3d79f8f074e7d9f1fefefd27bb270ff78f1fec9d1e1c1fef3c78f6f4e4e981e0767cefc1f1a70f3e3dbd474c70f20074bdf7e9c9c37bcf9e3c7d48d81ddf3b79b4bbc3ed4e770085a691887f6f67ffde93bddd4f8f4f890d7677764e4f7776a4d767f7f61e3c3cc0fced3edddd23e2ef1e3fd939bdf760ffd9b3fdd3a73411dcebfd1de2b28707445d9af59d9da70fefed3dd9dd79f6e0c1ce83a7f71e1081f71f7d8a667bf79f12173d387e7a7c707fef539aa5e37b4f77ee1f3f7df0e9d327bbcfee9d1c0bb47b0f9f115bdddf7d787c4c63d8b9b7f3e4c1dec1c9d3fd07c476a7f7493a04dafef1ce93a7f7ef9dee3d3939b8777c40f3faf484467bbaf774679fa667e78039e9fef1f1c1bdfb44bafdbd7b3498a7c7a727bb274f9ede3b7876fcf0e19383837bfbd2e9c9c9cedefd877b3b9fee1e1f3c79f2e4d307c79f3eb9777fefc18383a73b4f764ef64518ee9feeec1eec3d3da5b9a46ef69e7d7afa941a1decd0ec9edc7bb0b3fbe021e3f6e9eea7f7ef9d7cbab7bb737cbc7f0a7ade3fb87fffd9c3dd67a7c46cbb4f3f954e3ffd94c4fefe83bd4f4976efdf7bb2fb70e7e0d9cef1c1c1ce3ea1797ff7e4e4190fe15312e77b3bc49c24a14f9fec11f10e769eeeec3edbf9f4d9431acaeec99e403bfdf4608726e8dee9934ff7ee11bbdedb2515421cb07f7fefd933424526ebc1fda7fb9f3e2079a676f74e0e9e3d3d7e7af0607feff8c9e92981223e7d28cd0e9e3dbb4703ff941875f75362d387344b0f487e3e7df8e9a70f4e8989a5d9c3fb9f3e257e3d21d2ed136bd3504e774f0e3092e3ddbda7f75466a8d9f1d327a70f8818d46ee753e292fd070f3edda7b6a41e483e65080f8e1feceddd7ff2e0c10308ca83879f3e7b7aef1931d5c393dd07a4609edcd74e9fec11294848f6eeedef3ea16190823b21f21cdfbf7f42b343c2cba2458a91067872f02971d6d3fb3b27c73488fbc70f9e3d7bf0f0945ec1481fa2d9b3e3a7cf1e7ebaf3ec788f7a2065425a6ef721a69e44e3841876873b3dd83f\"`"}},"sourceLanguage":"json"}}}],"properties":{"tags":["Implementation.Privacy.Token"],"DevSkimSeverity":"Important","DevSkimConfidence":"Medium"}}],"columnKind":"utf16CodeUnits"}]}

(Truncated to last 4000 characters out of 313724)

❌ REPOSITORY / grype - 54 errors

(20th)  < 0.1  
immutable             4.3.4      4.3.8     npm   GHSA-wf6x-7x77-mvgw  High      < 0.1% (18th)  < 0.1  
multer                2.0.2      2.1.1     npm   GHSA-5528-5vmv-3xc2  High      < 0.1% (18th)  < 0.1  
multer                2.0.2      2.1.0     npm   GHSA-v52c-386h-88mc  High      < 0.1% (17th)  < 0.1  
multer                2.0.2      2.1.0     npm   GHSA-xf7r-hgr6-v32p  High      < 0.1% (17th)  < 0.1  
minimatch             3.1.2      3.1.3     npm   GHSA-3ppc-4f35-3m26  High      < 0.1% (16th)  < 0.1  
minimatch             7.4.6      7.4.7     npm   GHSA-3ppc-4f35-3m26  High      < 0.1% (16th)  < 0.1  
minimatch             9.0.5      9.0.6     npm   GHSA-3ppc-4f35-3m26  High      < 0.1% (16th)  < 0.1  
minimatch             3.1.2      3.1.3     npm   GHSA-7r86-cg39-jmmj  High      < 0.1% (16th)  < 0.1  
minimatch             7.4.6      7.4.8     npm   GHSA-7r86-cg39-jmmj  High      < 0.1% (16th)  < 0.1  
minimatch             9.0.5      9.0.7     npm   GHSA-7r86-cg39-jmmj  High      < 0.1% (16th)  < 0.1  
minimatch             3.1.2      3.1.4     npm   GHSA-23c5-xmqv-rm74  High      < 0.1% (16th)  < 0.1  
minimatch             7.4.6      7.4.8     npm   GHSA-23c5-xmqv-rm74  High      < 0.1% (16th)  < 0.1  
minimatch             9.0.5      9.0.7     npm   GHSA-23c5-xmqv-rm74  High      < 0.1% (16th)  < 0.1  
undici                7.22.0     7.24.0    npm   GHSA-phc3-fgpg-7m6h  Medium    < 0.1% (20th)  < 0.1  
flatted               3.3.3      3.4.0     npm   GHSA-25h7-pfq9-p65f  High      < 0.1% (15th)  < 0.1  
glob                  10.4.5     10.5.0    npm   GHSA-5j98-mcp5-4vw2  High      < 0.1% (13th)  < 0.1  
ajv                   8.12.0     8.18.0    npm   GHSA-2g4f-4pwh-qvx6  Medium    < 0.1% (18th)  < 0.1  
undici                6.14.1     6.24.0    npm   GHSA-2mjp-6q6p-2qxm  Medium    < 0.1% (15th)  < 0.1  
undici                6.23.0     6.24.0    npm   GHSA-2mjp-6q6p-2qxm  Medium    < 0.1% (15th)  < 0.1  
undici                7.22.0     7.24.0    npm   GHSA-2mjp-6q6p-2qxm  Medium    < 0.1% (15th)  < 0.1  
tmp                   0.0.33     0.2.4     npm   GHSA-52f5-9888-hmc6  Low       < 0.1% (24th)  < 0.1  
lodash                4.17.21    4.17.23   npm   GHSA-xxjr-mmjv-4gpg  Medium    < 0.1% (6th)   < 0.1  
lodash-es             4.17.21    4.17.23   npm   GHSA-xxjr-mmjv-4gpg  Medium    < 0.1% (6th)   < 0.1  
qs                    6.14.0     6.14.2    npm   GHSA-w7fw-mjwx-w883  Low       < 0.1% (12th)  < 0.1  
js-yaml               3.14.1     3.14.2    npm   GHSA-mh29-5h37-fv8m  Medium    < 0.1% (5th)   < 0.1  
js-yaml               4.1.0      4.1.1     npm   GHSA-mh29-5h37-fv8m  Medium    < 0.1% (5th)   < 0.1  
undici                6.14.1     6.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    < 0.1% (5th)   < 0.1  
undici                6.23.0     6.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    < 0.1% (5th)   < 0.1  
undici                7.22.0     7.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    < 0.1% (5th)   < 0.1  
undici                6.14.1     6.23.0    npm   GHSA-g9mf-h72j-4rw9  Medium    < 0.1% (4th)   < 0.1  
brace-expansion       1.1.11     1.1.12    npm   GHSA-v6h2-p8h4-qcjw  Low       < 0.1% (8th)   < 0.1  
brace-expansion       2.0.1      2.0.2     npm   GHSA-v6h2-p8h4-qcjw  Low       < 0.1% (8th)   < 0.1  
jws                   3.2.2      3.2.3     npm   GHSA-869p-cjfg-cm3x  High      < 0.1% (1st)   < 0.1  
diff                  4.0.2      4.0.4     npm   GHSA-73rr-hh4g-fpgx  Low       < 0.1% (4th)   < 0.1  
webpack               5.97.1     5.104.0   npm   GHSA-38r7-794h-5758  Low       < 0.1% (0th)   < 0.1  
webpack               5.97.1     5.104.1   npm   GHSA-8fgc-7cc6-rx7x  Low       < 0.1% (0th)   < 0.1  
flatted               3.3.3      3.4.2     npm   GHSA-rf6f-7fwh-wjgh  High      N/A            N/A    
serialize-javascript  6.0.1      7.0.3     npm   GHSA-5c6j-r48x-rmvq  High      N/A            N/A
[0048] ERROR discovered vulnerabilities at or above the severity threshold

(Truncated to last 4000 characters out of 5880)

❌ REPOSITORY / kics - 56 errors

Dockerfile:4

		003: # [Optional] Uncomment this section to install additional OS packages.
		004: RUN apt-get update && export DEBIAN_FRONTEND=noninteractive     && apt-get -y install --no-install-recommends silversearcher-ag httpie     && apt-get clean -y && rm -rf /var/lib/apt/lists/*;
		005: 


	[4]: .devcontainer/Dockerfile:4

		003: # [Optional] Uncomment this section to install additional OS packages.
		004: RUN apt-get update && export DEBIAN_FRONTEND=noninteractive     && apt-get -y install --no-install-recommends silversearcher-ag httpie     && apt-get clean -y && rm -rf /var/lib/apt/lists/*;
		005: 


	[5]: .devcontainer/Dockerfile:4

		003: # [Optional] Uncomment this section to install additional OS packages.
		004: RUN apt-get update && export DEBIAN_FRONTEND=noninteractive     && apt-get -y install --no-install-recommends silversearcher-ag httpie     && apt-get clean -y && rm -rf /var/lib/apt/lists/*;
		005: 


Passwords And Secrets - Password in URL, Severity: HIGH, Results: 3
Description: Query to find passwords and secrets in infrastructure code.
Platform: Common
CWE: 798
Risk Score: 7.8
Learn more about this vulnerability: https://docs.kics.io/latest/queries/common-queries/a88baa34-e2ad-44ea-ad6f-8cac87bc7c71

	[1]: .devcontainer/docker-compose.yml:24

		023:     environment:
		024:       - DATABASE_URL=<SECRET-MASKED-ON-PURPOSE>:5432/postgres
		025: 


	[2]: .github/workflows/ci.yml:95

		094:           SECRET: <SECRET-MASKED-ON-PURPOSE>
		095:           DATABASE_URL: <SECRET-MASKED-ON-PURPOSE>:${{ job.services.postgres.ports['5432'] }}/sharper
		096:           NODE_ENV: production


	[3]: .github/workflows/ci.yml:89

		088:         env:
		089:           DATABASE_URL: <SECRET-MASKED-ON-PURPOSE>:${{ job.services.postgres.ports['5432'] }}/sharper
		090:       - name: Run the server 🚀


Passwords And Secrets - Generic Secret, Severity: HIGH, Results: 2
Description: Query to find passwords and secrets in infrastructure code.
Platform: Common
CWE: 798
Risk Score: 7.8
Learn more about this vulnerability: https://docs.kics.io/latest/queries/common-queries/a88baa34-e2ad-44ea-ad6f-8cac87bc7c71

	[1]: .github/workflows/ci.yml:33

		032:         env:
		033:           SECRET: <SECRET-MASKED-ON-PURPOSE>
		034:       - name: Report test results 📝


	[2]: .github/workflows/ci.yml:94

		093:           PORT: 3000
		094:           SECRET: <SECRET-MASKED-ON-PURPOSE>
		095:           DATABASE_URL: <SECRET-MASKED-ON-PURPOSE>:${{ job.services.postgres.ports['5432'] }}/sharper


Passwords And Secrets - Generic Password, Severity: HIGH, Results: 2
Description: Query to find passwords and secrets in infrastructure code.
Platform: Common
CWE: 798
Risk Score: 7.8
Learn more about this vulnerability: https://docs.kics.io/latest/queries/common-queries/a88baa34-e2ad-44ea-ad6f-8cac87bc7c71

	[1]: .devcontainer/docker-compose.yml:32

		031:     environment:
		032:       POSTGRES_PASSWORD: <SECRET-MASKED-ON-PURPOSE>
		033:       POSTGRES_USER: postgres


	[2]: .github/workflows/ci.yml:63

		062:           POSTGRES_USER: armband
		063:           POSTGRES_PASSWORD: <SECRET-MASKED-ON-PURPOSE>
		064:           POSTGRES_DB: sharper


Missing User Instruction, Severity: HIGH, Results: 2
Description: Always set a user in the runtime stage of your Dockerfile. Without it, the container defaults to root, even if earlier build stages define a user.
Platform: Dockerfile
CWE: 250
Risk Score: 7.7
Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockerfile-queries/fd54f200-402c-4333-a5a4-36ef6709af2f

	[1]: .devcontainer/Dockerfile:1

		001: FROM mcr.microsoft.com/devcontainers/javascript-node:1-18-bullseye
		002: 
		003: # [Optional] Uncomment this section to install additional OS packages.


	[2]: Dockerfile:33

		032: 
		033: FROM gcr.io/distroless/nodejs22-debian12:nonroot
		034: 



Results Summary:
CRITICAL: 0
HIGH: 9
MEDIUM: 21
LOW: 24
INFO: 2
TOTAL: 56

A new version 'v2.1.20' of KICS is available, please consider updating

(Truncated to last 4000 characters out of 17401)

❌ REPOSITORY / kingfisher - 1 error

New Kingfisher release 1.90.0 available
 INFO kingfisher: Launching with 8 concurrent scan jobs. Use --num-jobs to override.
 INFO kingfisher::rule_loader: Loaded 453 rules
 INFO kingfisher::scanner::runner: Starting secret validation phase...
POSTGRES URL WITH HARDCODED PASSWORD => [KINGFISHER.POSTGRES.1]
 |Finding.......: [REDACTED:85396dc3]
 |Fingerprint...: 2034115162828868254
 |Confidence....: medium
 |Entropy.......: 3.87
 |Validation....: Inactive Credential
 |__Response....: Postgres connection failed.
 |Language......: YAML
 |Line Num......: 24
 |Path..........: ./.devcontainer/docker-compose.yml


==========================================
Scan Summary:
==========================================
 |Findings....................: 1
 |__Successful Validations....: 0
 |__Failed Validations........: 1
 |__Skipped Validations.......: 0
 |Rules Applied...............: 453
 |__Blobs Scanned.............: 283
 |Bytes Scanned...............: 7.79 MiB
 |Scan Duration...............: 154ms 663us 834ns
 |Scan Date...................: 2026-03-20 22:14:10 +00:00
 |Kingfisher Version..........: 1.84.0
 |__Latest Version............: 1.90.0
New Kingfisher release 1.90.0 available

❌ SPELL / lychee - 1 error

[403] https://www.npmjs.com/support | Network error: Forbidden
📝 Summary
---------------------
🔍 Total............4
✅ Successful.......1
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........2
❓ Unknown..........0
🚫 Errors...........1

Errors in pnpm-lock.yaml
[403] https://www.npmjs.com/support | Network error: Forbidden

❌ REPOSITORY / secretlint - 1 error

.devcontainer/docker-compose.yml
  24:21  error  [PostgreSQLConnection] found PostgreSQL connection string: ****************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string

.github/workflows/ci.yml
  89:24  error  [PostgreSQLConnection] found PostgreSQL connection string: *************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string
  95:24  error  [PostgreSQLConnection] found PostgreSQL connection string: *************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string

✖ 3 problems (3 errors, 0 warnings, 0 infos)

❌ YAML / yamllint - 4 errors

pnpm-lock.yaml
  1:1       warning  missing document start "---"  (document-start)
  37:501    error    line too long (545 > 500 characters)  (line-length)
  10189:501 error    line too long (537 > 500 characters)  (line-length)
  10324:501 error    line too long (584 > 500 characters)  (line-length)

⚠️ JSON / prettier - 1 error

[error] Cannot find package 'prettier-plugin-toml' imported from noop.js

⚠️ REPOSITORY / trivy - 1 error

│        │                   ├─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2026-22036 │          │        │                   │ 7.18.2, 6.23.0                                          │ undici: Undici: Denial of Service via excessive              │
│                 │                │          │        │                   │                                                         │ decompression steps                                          │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-22036                   │
│                 ├────────────────┼──────────┤        │                   ├─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2024-38372 │ LOW      │        │                   │ 6.19.2                                                  │ Undici vulnerable to data leak when using                    │
│                 │                │          │        │                   │                                                         │ response.arrayBuffer()                                       │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2024-38372                   │
│                 ├────────────────┤          │        │                   ├─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2025-47279 │          │        │                   │ 5.29.0, 6.21.2, 7.5.0                                   │ undici: Undici Memory Leak with Invalid Certificates         │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2025-47279                   │
└─────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────────────────────────────────┴──────────────────────────────────────────────────────────────┘

.devcontainer/Dockerfile (dockerfile)
=====================================
Tests: 27 (SUCCESSES: 25, FAILURES: 2)
Failures: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

See https://avd.aquasec.com/misconfig/ds-0002
────────────────────────────────────────


DS-0026 (LOW): Add HEALTHCHECK instruction in your Dockerfile
════════════════════════════════════════
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.

See https://avd.aquasec.com/misconfig/ds-0026
────────────────────────────────────────



Dockerfile (dockerfile)
=======================
Tests: 27 (SUCCESSES: 26, FAILURES: 1)
Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

See https://avd.aquasec.com/misconfig/ds-0002
────────────────────────────────────────



📣 Notices:
  - Version 0.69.3 of Trivy is now available, current version is 0.69.1

To suppress version checks, run Trivy scans with the --skip-version-check flag

(Truncated to last 4000 characters out of 23934)

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

Show us your support by starring ⭐ the repository

[kodiakhq]

This PR currently has a merge conflict. Please resolve this and then re-add the automerge label.