Skip to content

chore(deps): update github-actions #274

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update github-actions #274

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Sep 2, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
github/codeql-action action minor v3.29.4 -> v3.31.0
googleapis/release-please-action action minor v4.2.0 -> v4.4.0
miracum/.github action minor v1.16.19 -> v1.18.0
ossf/scorecard-action action patch v2.4.2 -> v2.4.3

Release Notes

github/codeql-action (github/codeql-action)

v3.31.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.0 - 24 Oct 2025
  • Bump minimum CodeQL bundle version to 2.17.6. #​3223
  • When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #​3222

See the full CHANGELOG.md for more information.

v3.30.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.9 - 17 Oct 2025
  • Update default CodeQL bundle version to 2.23.3. #​3205
  • Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #​3204

See the full CHANGELOG.md for more information.

v3.30.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.8 - 10 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.7 - 06 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.6 - 02 Oct 2025

  • Update default CodeQL bundle version to 2.23.2. #​3168

See the full CHANGELOG.md for more information.

v3.30.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.5 - 26 Sep 2025

  • We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #​3160

See the full CHANGELOG.md for more information.

v3.30.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025

  • We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #​3099 and #​3100
  • We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #​3107
  • You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #​3130
  • Update default CodeQL bundle version to 2.23.1. #​3118

See the full CHANGELOG.md for more information.

v3.30.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.3 - 10 Sep 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.2 - 09 Sep 2025

  • Fixed a bug which could cause language autodetection to fail. #​3084
  • Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #​3064

See the full CHANGELOG.md for more information.

v3.30.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.1 - 05 Sep 2025

  • Update default CodeQL bundle version to 2.23.0. #​3077

See the full CHANGELOG.md for more information.

v3.30.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.0 - 01 Sep 2025

  • Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #​3054

See the full CHANGELOG.md for more information.

v3.29.11

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.11 - 21 Aug 2025

  • Update default CodeQL bundle version to 2.22.4. #​3044

See the full CHANGELOG.md for more information.

v3.29.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.10 - 18 Aug 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.9 - 12 Aug 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.8 - 08 Aug 2025

  • Fix an issue where the Action would autodetect unsupported languages such as HTML. #​3015

See the full CHANGELOG.md for more information.

v3.29.7

Compare Source

This is a re-release of v3.29.5 to mitigate an issue that was discovered with v3.29.6.

v3.29.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.6 - 07 Aug 2025

  • The cleanup-level input to the analyze Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. #​2999
  • Update default CodeQL bundle version to 2.22.3. #​3000

See the full CHANGELOG.md for more information.

v3.29.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.5 - 29 Jul 2025

  • Update default CodeQL bundle version to 2.22.2. #​2986

See the full CHANGELOG.md for more information.

googleapis/release-please-action (googleapis/release-please-action)

v4.4.0

Compare Source

Features
  • add ability to select versioning-strategy and release-as (#​1121) (ee0f5ba)
Bug Fixes
  • changelog-host parameter ignored when using manifest configuration (#​1151) (535c413)
  • bump mocha from 11.7.1 to 11.7.2 in the npm_and_yarn group across 1 directory (#​1149) (3612a99)
  • bump release-please from 17.1.2 to 17.1.3 (#​1158) (66fbfe9)

v4.3.0

Compare Source

Features
  • deps: update release-please to 17.1.2 (f07192c)
miracum/.github (miracum/.github)

v1.18.0

Compare Source

Features
  • added replacement for gcr.io/distroless/java21-debian12 (9e83a2b)

v1.17.0

Compare Source

Features
Miscellaneous Chores

v1.16.29

Compare Source

Miscellaneous Chores

v1.16.28

Compare Source

Miscellaneous Chores

v1.16.27

Compare Source

Miscellaneous Chores

v1.16.26

Compare Source

Miscellaneous Chores

v1.16.25

Compare Source

Miscellaneous Chores

v1.16.24

Compare Source

Miscellaneous Chores

v1.16.23

Compare Source

Miscellaneous Chores

v1.16.22

Compare Source

Miscellaneous Chores

v1.16.21

Compare Source

Miscellaneous Chores

v1.16.20

Compare Source

Miscellaneous Chores
ossf/scorecard-action (ossf/scorecard-action)

v2.4.3

Compare Source

What's Changed

This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.

Documentation

Other

New Contributors

Full Changelog: ossf/scorecard-action@v2.4.2...v2.4.3

Configuration

📅 Schedule: Branch creation - On day 1 of the month, every 3 months ( * * 1 */3 * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link

github-actions bot commented Sep 2, 2025
edited
Loading

⚠️MegaLinter analysis: Success with warnings

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 6 0 0 0.11s
✅ BASH bash-exec 1 0 0 0.01s
✅ BASH shellcheck 1 0 0 0.03s
✅ BASH shfmt 1 0 0 0.01s
✅ CSHARP csharpier 99 0 0 10.73s
⚠️ CSHARP roslynator 3 3 0 31.17s
✅ DOCKERFILE hadolint 1 0 0 0.07s
✅ EDITORCONFIG editorconfig-checker 192 0 0 1.3s
✅ JSON jsonlint 33 0 0 0.27s
✅ JSON prettier 33 0 0 1.91s
✅ JSON v8r 33 0 0 9.96s
✅ MARKDOWN markdownlint 5 0 0 1.3s
✅ PROTOBUF protolint 4 0 0 5.71s
✅ REPOSITORY dustilock yes no no 0.04s
✅ REPOSITORY gitleaks yes no no 0.32s
✅ REPOSITORY git_diff yes no no 0.08s
✅ REPOSITORY grype yes no no 45.68s
⚠️ REPOSITORY kics yes no 9 14.62s
✅ REPOSITORY secretlint yes no no 2.25s
✅ REPOSITORY syft yes no no 6.16s
✅ REPOSITORY trivy yes no no 9.17s
✅ REPOSITORY trivy-sbom yes no no 0.98s
✅ REPOSITORY trufflehog yes no no 4.73s
✅ XML xmllint 2 0 0 0.11s
✅ YAML prettier 32 0 0 1.34s
✅ YAML v8r 32 0 0 15.49s
✅ YAML yamllint 32 0 0 1.41s

Detailed Issues

⚠️ REPOSITORY / kics - 9 warnings 
warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
   ┌─ compose.dev.yaml:23:1
   │
23 │   vfps-db:
   │ ^^^^^^^^^^
   │
   = Container Capabilities Unrestricted
   = Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.

warning: Docker compose file doesn't have 'ports' attribute bound to a specific host interface
   ┌─ compose.dev.yaml:19:1
   │
19 │     ports:
   │ ^^^^^^^^^^
   │
   = Container Traffic Not Bound To Host Interface
   = Incoming container traffic should be bound to a specific host interface

warning: Healthcheck is not defined.
  ┌─ compose/compose.yaml:2:1
  │
2 │   fhir-pseudonymizer:
  │ ^^^^^^^^^^^^^^^^^^^^^
  │
  = Healthcheck Not Set
  = Check containers periodically to see if they are running properly.

warning: Healthcheck is not defined.
   ┌─ compose.dev.yaml:79:1
   │
79 │   gpas-entici-mock:
   │ ^^^^^^^^^^^^^^^^^^^
   │
   = Healthcheck Not Set
   = Check containers periodically to see if they are running properly.

warning: Healthcheck is not defined.
  ┌─ compose.dev.yaml:2:1
  │
2 │   jaeger:
  │ ^^^^^^^^^
  │
  = Healthcheck Not Set
  = Check containers periodically to see if they are running properly.

warning: Healthcheck is not defined.
   ┌─ compose.dev.yaml:43:1
   │
43 │   vfps:
   │ ^^^^^^^
   │
   = Healthcheck Not Set
   = Check containers periodically to see if they are running properly.

warning: Healthcheck is not defined.
    ┌─ compose.dev.yaml:103:1
    │
103 │   keycloak:
    │ ^^^^^^^^^^^
    │
    = Healthcheck Not Set
    = Check containers periodically to see if they are running properly.

warning: Healthcheck is not defined.
   ┌─ compose.dev.yaml:23:1
   │
23 │   vfps-db:
   │ ^^^^^^^^^^
   │
   = Healthcheck Not Set
   = Check containers periodically to see if they are running properly.

warning: There are COPY instructions that could be grouped
   ┌─ Dockerfile:70:1
   │
70 │ COPY --from=build /build/publish .
   │ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   │
   = Multiple RUN, ADD, COPY, Instructions Listed
   = Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers.

warning: 9 warnings emitted
⚠️ CSHARP / roslynator - 3 errors 
Results of roslynator linter (version 0.10.2.0)
See documentation on https://megalinter.io/9.1.0/descriptors/csharp_roslynator/
-----------------------------------------------

❌ [ERROR] src/FhirPseudonymizer.StressTests/FhirPseudonymizer.StressTests.csproj
    Loading project 'src/FhirPseudonymizer.StressTests/FhirPseudonymizer.StressTests.csproj'...
    Analyze 'FhirPseudonymizer.StressTests'
    System.AggregateException: One or more errors occurred. (Could not load file or assembly 'System.Composition.AttributedModel, Version=9.0.0.9, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'. The system cannot find the file specified.
    )
     ---> System.IO.FileNotFoundException: Could not load file or assembly 'System.Composition.AttributedModel, Version=9.0.0.9, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'. The system cannot find the file specified.
    
    File name: 'System.Composition.AttributedModel, Version=9.0.0.9, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'
       at System.ModuleHandle.ResolveType(QCallModule module, Int32 typeToken, IntPtr* typeInstArgs, Int32 typeInstCount, IntPtr* methodInstArgs, Int32 methodInstCount, ObjectHandleOnStack type)
       at System.ModuleHandle.ResolveTypeHandle(Int32 typeToken, RuntimeTypeHandle[] typeInstantiationContext, RuntimeTypeHandle[] methodInstantiationContext)
       at System.Reflection.RuntimeModule.ResolveType(Int32 metadataToken, Type[] genericTypeArguments, Type[] genericMethodArguments)
       at System.Reflection.CustomAttribute.FilterCustomAttributeRecord(MetadataToken caCtorToken, MetadataImport& scope, RuntimeModule decoratedModule, MetadataToken decoratedToken, RuntimeType attributeFilterType, Boolean mustBeInheritable, ListBuilder`1& derivedAttributes, RuntimeType& attributeType, IRuntimeMethodInfo& ctorWithParameters, Boolean& isVarArg)
       at System.Reflection.CustomAttribute.AddCustomAttributes(ListBuilder`1& attributes, RuntimeModule decoratedModule, Int32 decoratedMetadataToken, RuntimeType attributeFilterType, Boolean mustBeInheritable, ListBuilder`1 derivedAttributes)
       at System.Reflection.CustomAttribute.GetCustomAttributes(RuntimeModule decoratedModule, Int32 decoratedMetadataToken, Int32 pcaCount, RuntimeType attributeFilterType)
       at System.Reflection.CustomAttribute.GetCustomAttributes(RuntimeType type, RuntimeType caType, Boolean inherit)
       at System.Attribute.GetCustomAttributes(MemberInfo element, Type attributeType, Boolean inherit)
       at Roslynator.AnalyzerAssembly.Load(Assembly analyzerAssembly, Boolean loadAnalyzers, Boolean loadFixers, String language) in /_/src/Workspaces.Core/AnalyzerAssembly.cs:line 129
       at Roslynator.AnalyzerLoader.GetAnalyzersAndFixers(Project project, Boolean loadFixers) in /_/src/Workspaces.Core/AnalyzerLoader.cs:line 112
       at Roslynator.AnalyzerLoader.GetAnalyzers(Project project) in /_/src/Workspaces.Core/AnalyzerLoader.cs:line 55
       at Roslynator.Diagnostics.CodeAnalyzer.AnalyzeProjectCoreAsync(Project project, CancellationToken cancellationToken) in /_/src/Workspaces.Core/Diagnostics/CodeAnalyzer.cs:line 124
       at Roslynator.Diagnostics.CodeAnalyzer.AnalyzeProjectAsync(Project project, CancellationToken cancellationToken) in /_/src/Workspaces.Core/Diagnostics/CodeAnalyzer.cs:line 99
       at Roslynator.CommandLine.AnalyzeCommand.ExecuteAsync(ProjectOrSolution projectOrSolution, CancellationToken cancellationToken) in /_/src/CommandLine/Commands/AnalyzeCommand.cs:line 73
       at Roslynator.CommandLine.MSBuildWorkspaceCommand`1.ExecuteAsync(String path, MSBuildWorkspace workspace, CancellationToken cancellationToken) in /_/src/CommandLine/Commands/MSBuildWorkspaceCommand.cs:line 164
       at Roslynator.CommandLine.MSBuildWorkspaceCommand`1.ExecuteAsync(IEnumerable`1 paths, String msbuildPath, IEnumerable`1 properties) in /_/src/CommandLine/Commands/MSBuildWorkspaceCommand.cs:line 89
       at Roslynator.CommandLine.Program.AnalyzeAsync(AnalyzeCommandLineOptions options) in /_/src/CommandLine/Program.cs:line 346
       --- End of inner exception stack trace ---
       at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
       at Roslynator.CommandLine.Program.<>c.<Main>b__0_3(MSBuildCommandLineOptions options) in /_/src/CommandLine/Program.cs:line 175
       at CommandLine.ParserResultExtensions.MapResult[T1,T2,TResult](ParserResult`1 result, Func`2 parsedFunc1, Func`2 parsedFunc2, Func`2 notParsedFunc)
       at Roslynator.CommandLine.Program.Main(String[] args) in /_/src/CommandLine/Program.cs:line 169

❌ [ERROR] src/FhirPseudonymizer.Tests/FhirPseudonymizer.Tests.csproj
    Loading project 'src/FhirPseudonymizer.Tests/FhirPseudonymizer.Tests.csproj'...
    Analyze 'FhirPseudonymizer.Tests'
    System.AggregateException: One or more errors occurred. (Could not load file or assembly 'System.Composition.AttributedModel, Version=9.0.0.9, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'. The system cannot find the file specified.
    )
     ---> System.IO.FileNotFoundException: Could not load file or assembly 'System.Composition.AttributedModel, Version=9.0.0.9, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'. The system cannot find the file specified.
    
    File name: 'System.Composition.AttributedModel, Version=9.0.0.9, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'
       at System.ModuleHandle.ResolveType(QCallModule module, Int32 typeToken, IntPtr* typeInstArgs, Int32 typeInstCount, IntPtr* methodInstArgs, Int32 methodInstCount, ObjectHandleOnStack type)
       at System.ModuleHandle.ResolveTypeHandle(Int32 typeToken, RuntimeTypeHandle[] typeInstantiationContext, RuntimeTypeHandle[] methodInstantiationContext)
       at System.Reflection.RuntimeModule.ResolveType(Int32 metadataToken, Type[] genericTypeArguments, Type[] genericMethodArguments)
       at System.Reflection.CustomAttribute.FilterCustomAttributeRecord(MetadataToken caCtorToken, MetadataImport& scope, RuntimeModule decoratedModule, MetadataToken decoratedToken, RuntimeType attributeFilterType, Boolean mustBeInheritable, ListBuilder`1& derivedAttributes, RuntimeType& attributeType, IRuntimeMethodInfo& ctorWithParameters, Boolean& isVarArg)
       at System.Reflection.CustomAttribute.AddCustomAttributes(ListBuilder`1& attributes, RuntimeModule decoratedModule, Int32 decoratedMetadataToken, RuntimeType attributeFilterType, Boolean mustBeInheritable, ListBuilder`1 derivedAttributes)
       at System.Reflection.CustomAttribute.GetCustomAttributes(RuntimeModule decoratedModule, Int32 decoratedMetadataToken, Int32 pcaCount, RuntimeType attributeFilterType)
       at System.Reflection.CustomAttribute.GetCustomAttributes(RuntimeType type, RuntimeType caType, Boolean inherit)
       at System.Attribute.GetCustomAttributes(MemberInfo element, Type attributeType, Boolean inherit)
       at Roslynator.AnalyzerAssembly.Load(Assembly analyzerAssembly, Boolean loadAnalyzers, Boolean loadFixers, String language) in /_/src/Workspaces.Core/AnalyzerAssembly.cs:line 129
       at Roslynator.AnalyzerLoader.GetAnalyzersAndFixers(Project project, Boolean loadFixers) in /_/src/Workspaces.Core/AnalyzerLoader.cs:line 112
       at Roslynator.AnalyzerLoader.GetAnalyzers(Project project) in /_/src/Workspaces.Core/AnalyzerLoader.cs:line 55
       at Roslynator.Diagnostics.CodeAnalyzer.AnalyzeProjectCoreAsync(Project project, CancellationToken cancellationToken) in /_/src/Workspaces.Core/Diagnostics/CodeAnalyzer.cs:line 124
       at Roslynator.Diagnostics.CodeAnalyzer.AnalyzeProjectAsync(Project project, CancellationToken cancellationToken) in /_/src/Workspaces.Core/Diagnostics/CodeAnalyzer.cs:line 99
       at Roslynator.CommandLine.AnalyzeCommand.ExecuteAsync(ProjectOrSolution projectOrSolution, CancellationToken cancellationToken) in /_/src/CommandLine/Commands/AnalyzeCommand.cs:line 73
       at Roslynator.CommandLine.MSBuildWorkspaceCommand`1.ExecuteAsync(String path, MSBuildWorkspace workspace, CancellationToken cancellationToken) in /_/src/CommandLine/Commands/MSBuildWorkspaceCommand.cs:line 164
       at Roslynator.CommandLine.MSBuildWorkspaceCommand`1.ExecuteAsync(IEnumerable`1 paths, String msbuildPath, IEnumerable`1 properties) in /_/src/CommandLine/Commands/MSBuildWorkspaceCommand.cs:line 89
       at Roslynator.CommandLine.Program.AnalyzeAsync(AnalyzeCommandLineOptions options) in /_/src/CommandLine/Program.cs:line 346
       --- End of inner exception stack trace ---
       at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
       at Roslynator.CommandLine.Program.<>c.<Main>b__0_3(MSBuildCommandLineOptions options) in /_/src/CommandLine/Program.cs:line 175
       at CommandLine.ParserResultExtensions.MapResult[T1,T2,TResult](ParserResult`1 result, Func`2 parsedFunc1, Func`2 parsedFunc2, Func`2 notParsedFunc)
       at Roslynator.CommandLine.Program.Main(String[] args) in /_/src/CommandLine/Program.cs:line 169

❌ [ERROR] src/FhirPseudonymizer/FhirPseudonymizer.csproj
    Loading project 'src/FhirPseudonymizer/FhirPseudonymizer.csproj'...
    Analyze 'FhirPseudonymizer'
    System.AggregateException: One or more errors occurred. (Could not load file or assembly 'System.Composition.AttributedModel, Version=9.0.0.9, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'. The system cannot find the file specified.
    )
     ---> System.IO.FileNotFoundException: Could not load file or assembly 'System.Composition.AttributedModel, Version=9.0.0.9, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'. The system cannot find the file specified.
    
    File name: 'System.Composition.AttributedModel, Version=9.0.0.9, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'
       at System.ModuleHandle.ResolveType(QCallModule module, Int32 typeToken, IntPtr* typeInstArgs, Int32 typeInstCount, IntPtr* methodInstArgs, Int32 methodInstCount, ObjectHandleOnStack type)
       at System.ModuleHandle.ResolveTypeHandle(Int32 typeToken, RuntimeTypeHandle[] typeInstantiationContext, RuntimeTypeHandle[] methodInstantiationContext)
       at System.Reflection.RuntimeModule.ResolveType(Int32 metadataToken, Type[] genericTypeArguments, Type[] genericMethodArguments)
       at System.Reflection.CustomAttribute.FilterCustomAttributeRecord(MetadataToken caCtorToken, MetadataImport& scope, RuntimeModule decoratedModule, MetadataToken decoratedToken, RuntimeType attributeFilterType, Boolean mustBeInheritable, ListBuilder`1& derivedAttributes, RuntimeType& attributeType, IRuntimeMethodInfo& ctorWithParameters, Boolean& isVarArg)
       at System.Reflection.CustomAttribute.AddCustomAttributes(ListBuilder`1& attributes, RuntimeModule decoratedModule, Int32 decoratedMetadataToken, RuntimeType attributeFilterType, Boolean mustBeInheritable, ListBuilder`1 derivedAttributes)
       at System.Reflection.CustomAttribute.GetCustomAttributes(RuntimeModule decoratedModule, Int32 decoratedMetadataToken, Int32 pcaCount, RuntimeType attributeFilterType)
       at System.Reflection.CustomAttribute.GetCustomAttributes(RuntimeType type, RuntimeType caType, Boolean inherit)
       at System.Attribute.GetCustomAttributes(MemberInfo element, Type attributeType, Boolean inherit)
       at Roslynator.AnalyzerAssembly.Load(Assembly analyzerAssembly, Boolean loadAnalyzers, Boolean loadFixers, String language) in /_/src/Workspaces.Core/AnalyzerAssembly.cs:line 129
       at Roslynator.AnalyzerLoader.GetAnalyzersAndFixers(Project project, Boolean loadFixers) in /_/src/Workspaces.Core/AnalyzerLoader.cs:line 112
       at Roslynator.AnalyzerLoader.GetAnalyzers(Project project) in /_/src/Workspaces.Core/AnalyzerLoader.cs:line 55
       at Roslynator.Diagnostics.CodeAnalyzer.AnalyzeProjectCoreAsync(Project project, CancellationToken cancellationToken) in /_/src/Workspaces.Core/Diagnostics/CodeAnalyzer.cs:line 124
       at Roslynator.Diagnostics.CodeAnalyzer.AnalyzeProjectAsync(Project project, CancellationToken cancellationToken) in /_/src/Workspaces.Core/Diagnostics/CodeAnalyzer.cs:line 99
       at Roslynator.CommandLine.AnalyzeCommand.ExecuteAsync(ProjectOrSolution projectOrSolution, CancellationToken cancellationToken) in /_/src/CommandLine/Commands/AnalyzeCommand.cs:line 73
       at Roslynator.CommandLine.MSBuildWorkspaceCommand`1.ExecuteAsync(String path, MSBuildWorkspace workspace, CancellationToken cancellationToken) in /_/src/CommandLine/Commands/MSBuildWorkspaceCommand.cs:line 164
       at Roslynator.CommandLine.MSBuildWorkspaceCommand`1.ExecuteAsync(IEnumerable`1 paths, String msbuildPath, IEnumerable`1 properties) in /_/src/CommandLine/Commands/MSBuildWorkspaceCommand.cs:line 89
       at Roslynator.CommandLine.Program.AnalyzeAsync(AnalyzeCommandLineOptions options) in /_/src/CommandLine/Program.cs:line 346
       --- End of inner exception stack trace ---
       at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
       at Roslynator.CommandLine.Program.<>c.<Main>b__0_3(MSBuildCommandLineOptions options) in /_/src/CommandLine/Program.cs:line 175
       at CommandLine.ParserResultExtensions.MapResult[T1,T2,TResult](ParserResult`1 result, Func`2 parsedFunc1, Func`2 parsedFunc2, Func`2 notParsedFunc)
       at Roslynator.CommandLine.Program.Main(String[] args) in /_/src/CommandLine/Program.cs:line 169

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

  • Documentation: Custom Flavors
  • Command: npx mega-linter-runner@9.1.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,BASH_EXEC,BASH_SHELLCHECK,BASH_SHFMT,CSHARP_CSHARPIER,CSHARP_ROSLYNATOR,DOCKERFILE_HADOLINT,EDITORCONFIG_EDITORCONFIG_CHECKER,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,PROTOBUF_PROTOLINT,REPOSITORY_DUSTILOCK,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_KICS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,XML_XMLLINT,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security

@renovate renovate bot force-pushed the renovate/github-actions branch 4 times, most recently from a2eabe0 to 5fa00bd Compare September 10, 2025 22:31
@renovate renovate bot force-pushed the renovate/github-actions branch 7 times, most recently from f11c032 to 5869dc4 Compare September 30, 2025 21:09
@renovate renovate bot force-pushed the renovate/github-actions branch 5 times, most recently from 64e042a to d4cb736 Compare October 7, 2025 18:39
@renovate renovate bot force-pushed the renovate/github-actions branch from d4cb736 to b2e2589 Compare October 10, 2025 17:45
@renovate renovate bot force-pushed the renovate/github-actions branch 5 times, most recently from b0a2ab7 to 4b940e8 Compare October 23, 2025 22:52
@renovate renovate bot force-pushed the renovate/github-actions branch from 4b940e8 to d58107a Compare October 24, 2025 20:11
@github-actions
Copy link

Trivy image scan report

ghcr.io/miracum/fhir-pseudonymizer:pr-274 (ubuntu 24.04)

3 known vulnerabilities found (CRITICAL: 0 HIGH: 0 MEDIUM: 3 LOW: 0)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
libc6 CVE-2025-8058 MEDIUM 2.39-0ubuntu8.5 2.39-0ubuntu8.6
libssl3t64 CVE-2025-9230 MEDIUM 3.0.13-0ubuntu3.5 3.0.13-0ubuntu3.6
openssl CVE-2025-9230 MEDIUM 3.0.13-0ubuntu3.5 3.0.13-0ubuntu3.6

No Misconfigurations found

opt/fhir-pseudonymizer/FhirPseudonymizer.deps.json

No Vulnerabilities found

No Misconfigurations found

opt/fhir-pseudonymizer/packages.lock.json

No Vulnerabilities found

No Misconfigurations found

usr/share/dotnet/shared/Microsoft.AspNetCore.App/9.0.9/Microsoft.AspNetCore.App.deps.json

1 known vulnerabilities found (CRITICAL: 1 HIGH: 0 MEDIUM: 0 LOW: 0)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
Microsoft.AspNetCore.App.Runtime.linux-x64 CVE-2025-55315 CRITICAL 9.0.9 10.0.0-rc.2.25502.107, 9.0.10, 8.0.21

No Misconfigurations found

usr/share/dotnet/shared/Microsoft.NETCore.App/9.0.9/Microsoft.NETCore.App.deps.json

1 known vulnerabilities found (CRITICAL: 0 HIGH: 0 MEDIUM: 1 LOW: 0)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
Microsoft.NETCore.App.Runtime.linux-x64 CVE-2025-55248 MEDIUM 9.0.9 9.0.10, 8.0.21

No Misconfigurations found

@github-actions
Copy link

Code Coverage

Package Line Rate Branch Rate Health
FhirPseudonymizer 74% 65%
FhirPseudonymizer.Tests 100% 100%
Summary 81% (823 / 1015) 69% (95 / 138)

Minimum allowed line rate is 50%

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants