Update all dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
actions/dependency-review-action	action	major	v4 → v5.0.0
actions/download-artifact	action	major	v7 → v8
actions/upload-artifact	action	major	v6 → v7
azure/login	action	major	v2 → v3
ctrf-io/github-test-reporter	action	patch	v1.0.26 → v1.0.28
dawidd6/action-send-mail	action	major	v7 → v17
docker/build-push-action	action	major	v6 → v7
docker/setup-buildx-action	action	major	v3 → v4
docker/setup-qemu-action	action	major	v3 → v4
suzuki-shunsuke/github-action-renovate-config-validator	action	major	v1.1.1 → v2.1.0
trufflesecurity/trufflehog	action	minor	v3.92.4 → v3.95.3

---

Release Notes

actions/dependency-review-action (actions/dependency-review-action)

v5.0.0: 5.0.0

Compare Source

This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.

What's Changed

• Add .github/copilot-instructions.md for Copilot coding agent by @​ahpook in #​1067
• Update Node.js runtime from 20 to 24 by @​scottschreckengaust in #​1084
• Bump spdx-license-ids from 3.0.20 to 3.0.23 by @​mongolyy in #​1091
• docs: bump actions/checkout from v4 to v6 in workflow examples by @​Marukome0743 in #​1077
• fix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by @​tspascoal in #​1076
• Resolve security findings by @​AshelyTC in #​1094
• v5.0.0 release branch by @​ahpook in #​1098

New Contributors

• @​scottschreckengaust made their first contribution in #​1084
• @​mongolyy made their first contribution in #​1091
• @​Marukome0743 made their first contribution in #​1077

Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0

v4.9.0: Dependency Review Action 4.9.0

Compare Source

This feature release contains a couple of notable changes:

• There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
• Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
• There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

• Compare normalized purls to account for encoding quirks by @​juxtin in #​1056
• Make purl comparisons case insensitive by @​juxtin in #​1057
• Feat: Add Patched Version to Vulnerabilities summary by @​felickz in #​1045
• fix: only get scorecard levels if user wants to see the OpenSSF scorecard by @​jantiebot in #​1060
• Bump actions/stale from 10.1.0 to 10.2.0 by @​dependabot[bot] in #​1058
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in #​1021
• Updates for release 4.9.0 by @​ahpook in #​1064

New Contributors

• @​jantiebot made their first contribution in #​1060

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

v4.8.3: 4.8.3

Compare Source

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

• GitHub Actions can't push to our protected main by @​dangoor in #​1017
• Bump actions/stale from 9.1.0 to 10.1.0 by @​dependabot[bot] in #​995
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in #​1003
• Bump actions/setup-node from 4 to 6 by @​dependabot[bot] in #​1005
• Upgrade glob to address a vulnerability by @​brrygrdn in #​1024
• Bump js-yaml by @​dependabot[bot] in #​1020
• Addressing vulnerabilities by @​Ahmed3lmallah in #​1036
• Bump fast-xml-parser from 5.3.3 to 5.3.5 by @​dependabot[bot] in #​1050
• Bump fast-xml-parser from 5.3.5 to 5.3.6 by @​dependabot[bot] in #​1053
• Properly truncate long summaries and catch errors by @​juxtin in #​1052
• Bump spdx-expression-parse from 3.0.1 to 4.0.0 in the spdx-licenses group across 1 directory by @​dependabot[bot] in #​931
• Changes for Release 4.8.3 by @​ahpook in #​1054

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

v4.8.2

Compare Source

Minor fixes:

• Fix PURL parsing for scoped packages (#​1008 from @​danielhardej)
• Fix for large summaries (#​1007 from @​gitulisca)
• README includes a working example for allow-dependencies-licenses (#​1009 from @​danielhardej)

v4.8.1: Dependency Review Action v4.8.1

Compare Source

What's Changed

• (bug) Fix spamming link test in deprecation warning (again) by @​ahpook in #​1000
• Bump version for 4.8.1 release by @​ahpook in #​1001

Full Changelog: actions/dependency-review-action@v4...v4.8.1

v4.8.0

Compare Source

What's Changed

• Make Ruby Code Scannable by @​ljones140 in #​978
• Batch some contributions for release by @​brrygrdn in #​986
  • Make license lists collapsable by @​jasperkamerling
  • feat: add large summary handling with artifact upload by @​MattMencel

New Contributors

• @​ljones140 made their first contribution in #​978
• @​jasperkamerling made their first contribution in #​986
• @​MattMencel made their first contribution in #​986

Full Changelog: actions/dependency-review-action@v4...v4.8.0

v4.7.4

Compare Source

v4.7.3: 4.7.3

Compare Source

What's Changed

• Add explicit permissions to workflow files by @​AshelyTC in #​966
• Claire153/fix spamming mentioned issue by @​claire153 in #​974

Full Changelog: actions/dependency-review-action@v4...v4.7.3

v4.7.2: 4.7.2

Compare Source

What's Changed

• Add Missing Languages to CodeQL Advanced Configuration by @​KyFaSt in #​945
• Deprecate deny lists by @​claire153 in #​958
• Address discrepancy between docs and reality by @​ahpook in #​960

New Contributors

• @​KyFaSt made their first contribution in #​945
• @​claire153 made their first contribution in #​958
• @​ahpook made their first contribution in #​960

Full Changelog: actions/dependency-review-action@v4...v4.7.2

v4.7.1

Compare Source

• Packages added to allow-dependencies-licenses will be allowed even if the package in question has no license information #​889
• License expressions (e.g. Ruby OR GPL-2.0) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g. Ruby)

v4.7.0

Compare Source

• Handle complex license expressions (e.g. MIT AND GPL-2.0) in allow lists (fixes #​809 and probably others)
• Replace OTHER in package licenses with LicenseRef-clearlydefined-OTHER so that parsing passes

v4.6.0

Compare Source

What's Changed

• Updating multiple dependency versions by @​Ahmed3lmallah in #​870
• Grouping minor and patch dependabot updates to lessen the number of PRs by @​Ahmed3lmallah in #​876
• Bump actions/stale from 9.0.0 to 9.1.0 by @​dependabot in #​878
• Bump undici from 5.28.4 to 5.28.5 by @​dependabot in #​877
• DR Action should link to the proxima stamp when appropriate in error messages by @​AshelyTC in #​891
• Allow deny package removal by @​ellenfieldn in #​888
• Fix typos by @​omahs in #​893
• Bump esbuild from 0.19.5 to 0.25.0 by @​dependabot in #​900
• Bump octokit and related dependencies by @​RomanIakovlev in #​904
• Bump @​babel/helpers from 7.23.2 to 7.26.10 by @​dependabot in #​905
• Bump @​octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 by @​dependabot in #​899
• Update transitive dependency spdx-license-ids by @​ailox in #​855
• To not print OpenSSF Scorecard section if no dependencies scanned by @​fabasoad in #​884
• Improve usage of this action in dependency-review.yml by @​fabasoad in #​883
• Clarify comment-summary-in-pr behaviour by @​Pantelis-Santorinios in #​902
• Prepare 4.6.0 Release candidate by @​brrygrdn in #​910

New Contributors

• @​AshelyTC made their first contribution in #​891
• @​ellenfieldn made their first contribution in #​888
• @​omahs made their first contribution in #​893
• @​RomanIakovlev made their first contribution in #​904
• @​ailox made their first contribution in #​855
• @​fabasoad made their first contribution in #​884
• @​Pantelis-Santorinios made their first contribution in #​902
• @​brrygrdn made their first contribution in #​910

Full Changelog: actions/dependency-review-action@v4.5.0...v4.6.0

v4.5.0

Compare Source

What's Changed

• Bump got from 14.4.2 to 14.4.3 by @​dependabot in #​844
• Bump nodemon from 3.1.0 to 3.1.7 by @​dependabot in #​847
• Bump @​vercel/ncc from 0.38.1 to 0.38.3 by @​dependabot in #​849
• Overriding the cross-spawn dependency to use a safe version by @​Ahmed3lmallah in #​850
• fix: add summary comment on failure when warn-only: true by @​ebickle in #​827
• Prepare for 4.5.0 release by @​Ahmed3lmallah in #​851

New Contributors

• @​ebickle made their first contribution in #​827

Full Changelog: actions/dependency-review-action@v4...v4.5.0

v4.4.0

Compare Source

What's Changed

• Fix for merge_group event bug by @​Ahmed3lmallah in #​846

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

v4.3.5

Compare Source

What's Changed

• fix: getRefs function to handle merge_group events by @​louis-bompart in #​766
• Create pull_request_template.md by @​jonjanego in #​794
• Update CONTRIBUTING.md by @​jonjanego in #​793
• Bump @​types/node from 20.11.28 to 20.16.0 by @​dependabot in #​815
• Upgrade transitive micromatch library by @​elireisman in #​829
• Do not list changed dependencies in summary by @​hmaurer in #​828
• Update stale.yaml by @​jonjanego in #​832
• Bump got from 14.4.1 to 14.4.2 by @​dependabot in #​822
• Bump eslint-plugin-jest and ts-jest by @​Ahmed3lmallah in #​840

New Contributors

• @​louis-bompart made their first contribution in #​766
• @​Ahmed3lmallah made their first contribution in #​840

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

v4.3.4

Compare Source

What's Changed

• Include all added dependencies in scorecard entries by @​elireisman in #​783
• Update SPDX Expression Parsing by @​febuiles in #​719
  • This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

v4.3.3: Notes for v4.3.3

Compare Source

What's Changed

• Allow slashes in purl package names by @​juxtin in #​765
• use the v3 version of the deps.dev API by @​josieang in #​741
• PR with suggestions - [Improvement]: Help streamline / simplify dependency review action README by @​am-stead in #​773
• fix show-openssf-scorecard-levels input by @​ramann in #​776
• Updates to the contribution guidelines by @​jonjanego in #​778
• Create issue templates by @​jonjanego in #​777
• Fix the max comment length issue by @​jhutchings1 and @​elireisman in #​767
• Bump project version to 4.3.3 in prep for a release by @​elireisman in #​781

New Contributors

• @​josieang made their first contribution in #​741
• @​am-stead made their first contribution in #​773
• @​ramann made their first contribution in #​776

Full Changelog: actions/dependency-review-action@v4.3.2...v4.3.3

v4.3.2

Compare Source

What's Changed

• Fix package-url parsing for allow-dependencies-licenses by @​juxtin in #​761

Full Changelog: actions/dependency-review-action@v4.3.1...v4.3.2

v4.3.1

Compare Source

What's Changed

This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See #​753.

Full Changelog: actions/dependency-review-action@V4.3.0...v4.3.1

vV4.3.0

Compare Source

v4.3.0

Compare Source

New Features

• The deny-packages option can now be used without a version number to exclude all versions of a package.

What's Changed

• Fix action variable name for scorecard by @​lukehinds in #​735
• Fix extra https:// in summary by @​jhutchings1 in #​748
• Bump typescript from 5.3.3 to 5.4.5 by @​dependabot in #​744
• Bump eslint-plugin-github from 4.10.1 to 4.10.2 by @​dependabot in #​737
• Show denied packages with red X by @​juxtin in #​750
• deny-packages configuration option can deny specified version or all packages by @​febuiles and @​bteng22 in #​733

New Contributors

• @​bteng22 made their first contribution in #​733
• @​lukehinds made their first contribution in #​735

Full Changelog: actions/dependency-review-action@v4.2.5...V4.3.0

v4.2.5: 4.2.5

Compare Source

What's Changed

• Fixed a bug where some configuration options in external files were not being properly picked up -- #​722
• Bump eslint from 8.56.0 to 8.57.0

Full Changelog: actions/dependency-review-action@v4.2.4...v4.2.5

v4.2.4

Compare Source

What's Changed

Fixed a bug in the output of OpenSSF cards for GitHub Actions.

New Contributors

• @​sporkmonger made their first contribution in #​721

Full Changelog: actions/dependency-review-action@v4.2.3...v4.2.4

v4.2.3: 4.2.3

Compare Source

What's Changed

• Set comment as output by @​jsoref in #​698
• Add support for calculating OpenSSF Scorecards by @​jhutchings1 in #​709
• Add outputs for the changes data by @​laughedelic in #​707

New Contributors

• @​jhutchings1 made their first contribution in #​709
• @​laughedelic made their first contribution in #​707

Full Changelog: actions/dependency-review-action@v4.1.3...v4.2.3

v4.1.3: 4.1.3

Compare Source

Fixes a bug in 4.1.2 that would introduce comments in every pull request, regardless of the user's configuration (see #​697).

Full Changelog: actions/dependency-review-action@v4.1.2...v4.1.3

v4.1.2: 4.1.2

Compare Source

What's Changed

• Expose dependency comment content by @​jsoref in #​696

Full Changelog: actions/dependency-review-action@v4.1.1...v4.1.2

v4.1.1: 4.1.1

Compare Source

What's Changed

• Bump undici to fix GHSA-wqq4-5wpv-mx2g
• Bump @​types/node from 20.11.17 to 20.11.19 by @​dependabot in #​693

Full Changelog: actions/dependency-review-action@v4.1.0...v4.1.1

v4.1.0: 4.1.0

Compare Source

What's Changed

• Add warn-only by @​tgrall in #​432

Added a new configuration option (warn-only, boolean) that makes the action always succeed while still displaying found vulnerabilities in the log.

• Create stale.yaml by @​jonjanego in #​671
• Use manual codeql config by @​juxtin in #​678
• Multiple dependency updates (see the changelog below for more information)

New Contributors

• @​jonjanego made their first contribution in #​671
• @​tgrall made their first contribution in #​432

Full Changelog: actions/dependency-review-action@v4...v4.1.0

actions/download-artifact (actions/download-artifact)

v8.0.1

Compare Source

What's Changed

• Support for CJK characters in the artifact name by @​danwkennedy in #​471
• Add a regression test for artifact name + content-type mismatches by @​danwkennedy in #​472

Full Changelog: actions/download-artifact@v8...v8.0.1

v8.0.0

Compare Source

v8 - What's new

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to false.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @​actions/* packages, we've upgraded the package to ESM.

What's Changed

• Don't attempt to un-zip non-zipped downloads by @​danwkennedy in #​460
• Add a setting to specify what to do on hash mismatch and default it to error by @​danwkennedy in #​461

Full Changelog: actions/download-artifact@v7...v8.0.0

v8

Compare Source

actions/upload-artifact (actions/upload-artifact)

v7.0.1

Compare Source

What's Changed

• Update the readme with direct upload details by @​danwkennedy in #​795
• Readme: bump all the example versions to v7 by @​danwkennedy in #​796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in #​797

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

Compare Source

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in #​754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in #​762
• Support direct file uploads by @​danwkennedy in #​764

New Contributors

• @​Link- made their first contribution in #​754

Full Changelog: actions/upload-artifact@v6...v7.0.0

v7

Compare Source

azure/login (azure/login)

v3.0.0: Azure Login Action v3.0.0

Compare Source

What's Changed

• Upgrade nodejs from 20 to 24 and update dependencies by @​YanaXu in Azure#578

Full Changelog: Azure/login@v2.3.0...v3.0.0

v3: Azure Login Action v3

Compare Source

What's Changed

• upgrade nodejs from 20 to 24 and update dependencies by @​YanaXu in Azure#578

Full Changelog: Azure/login@v2.3.0...v3

v2.3.0: Azure Login Action v2.3.0

Compare Source

What's Changed

• Replace the invalid link for the GitHub Action Doc by @​MoChilia in Azure#510
• Bump braces from 3.0.2 to 3.0.3 by @​YanaXu in Azure#511
• Mention "allow-no-subscriptions" in missing subscriptionId error by @​MoChilia in Azure#512
• Log more claims for OIDC login by @​MoChilia in Azure#520
• Use --client-id for user-assigned managed identity authentication in Azure CLI v2.69.0 or later. by @​MoChilia in Azure#514

Full Changelog: Azure/login@v2.2.0...v2.3.0

v2.2.0: Azure Login Action v2.2.0

Compare Source

What's Changed

• Replace az --version with az version by @​MoChilia in Azure#450
• Update documentation for setting audience when environment is set by @​jcantosz in Azure#455
• Fix #​459: Errors when registering cloud profile for AzureStack by @​MoChilia in Azure#466
• Fix typo by @​KronosTheLate in Azure#483
• move pre cleanup to main and add pre-if and post-if by @​YanaXu in Azure#484

New Contributors

• @​jcantosz made their first contribution in Azure#455
• @​KronosTheLate made their first contribution in Azure#483

Full Changelog: Azure/login@v2.1.1...v2.2.0

v2.1.1

Compare Source

What's Changed

• Disable information output in Connect-AzAccount by @​YanaXu in Azure#448

New Contributors

• @​jiasli made their first contribution in Azure#438
• @​isra-fel made their first contribution in Azure#446

Full Changelog: Azure/login@v2.1.0...v2.1.1

v2.1.0: Azure Login Action v2.1.0

Compare Source

What's Changed

• Use @vercel/ncc to compile Azure/login by @​MoChilia in Azure#428

Full Changelog: Azure/login@v2.0.0...v2.1.0

ctrf-io/github-test-reporter (ctrf-io/github-test-reporter)

v1.0.28

Compare Source

What's Changed

• fix: remove ±0 delta indicators from report templates by @​alexshamrai in #​274

Full Changelog: ctrf-io/github-test-reporter@v1.0.27...v1.0.28

v1.0.27

Compare Source

What's Changed

• if prev reports exist show delta summary by @​Ma11hewThomas in #​240
• add delta to github report by @​Ma11hewThomas in #​241
• normalize suite by @​Ma11hewThomas in #​242
• Add commit hash by @​Ma11hewThomas in #​244
• Report added removed tests by @​Ma11hewThomas in #​245
• Upgrade node to 24 by @​alexshamrai in #​257

New Contributors

• @​alexshamrai made their first contribution in #​257

Full Changelog: ctrf-io/github-test-reporter@v1.0.26...v1.0.27

dawidd6/action-send-mail (dawidd6/action-send-mail)

v17

Compare Source

What's Changed

• build(deps): bump nodemailer from 8.0.2 to 8.0.3 by @​dependabot[bot] in #​278
• build(deps): bump nodemailer from 8.0.3 to 8.0.4 by @​dependabot[bot] in #​280
• build(deps): bump nodemailer from 8.0.4 to 8.0.5 by @​dependabot[bot] in #​282
• build(deps): bump brace-expansion from 1.1.12 to 1.1.13 by @​dependabot[bot] in #​283
• build(deps): bump showdown from 1.9.1 to 2.1.0 by @​dependabot[bot] in #​284
• build(deps): bump @​actions/core from 3.0.0 to 3.0.1 by @​dependabot[bot] in #​285
• build(deps): bump @​actions/glob from 0.6.1 to 0.7.0 by @​dependabot[bot] in #​286
• build(deps): bump nodemailer from 8.0.5 to 8.0.6 by @​dependabot[bot] in #​288
• build(deps): bump nodemailer from 8.0.6 to 8.0.7 by @​dependabot[bot] in #​289
• node_modules: update by @​dawidd6 in #​290

Full Changelog: dawidd6/action-send-mail@v16...v17

v16

Compare Source

What's Changed

• Relax from check by @​felfert in #​277

Full Changelog: dawidd6/action-send-mail@v15...v16

v15

Compare Source

What's Changed

• build(deps): bump undici from 6.23.0 to 6.24.1 by @​dependabot[bot] in #​275
• node_modules: update by @​dawidd6 in #​276

Full Changelog: dawidd6/action-send-mail@v14...v15

v14

Compare Source

What's Changed

• Fix 234 by @​felfert in #​271

Full Changelog: dawidd6/action-send-mail@v13...v14

v13

Compare Source

What's Changed

• Upgrade to node24 by @​felfert in #​273

Full Changelog: dawidd6/action-send-mail@v12...v13

v12

Compare Source

Possible Breaking Change

from input now needs to be in one of those forms:

• Plain Simple Name <user@example.com>
• user@example.com

What's Changed

• build(deps): bump minimatch from 3.1.3 to 3.1.5 by @​dependabot[bot] in #​265
• Misc. fixes by @​felfert in #​267
• build(deps): bump nodemailer from 8.0.1 to 8.0.2 by @​dependabot[bot] in #​269
• node_modules: update by @​dawidd6 in #​270

New Contributors

• @​felfert made their first contribution in #​267

Full Changelog: dawidd6/action-send-mail@v11...v12

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

---

This change is 

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/dawidd6/action-send-mail	42942bc2f8fba4e611b459a018967a6a7c78c68c	🟢 4.2	Details Check Score Reason Code-Review 🟢 4 Found 5/11 approved changesets -- score normalized to 4 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 26 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
actions/trufflesecurity/trufflehog	37b77001d0174ebec2fcca2bd83ff83a6d45a3ab	🟢 6.9	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 9 SAST tool detected but not run on all commits

Scanned Files

• .github/workflows/shared-secret-scan.yml