Skip to content

chore(deps): update dependency editorconfig-checker to v5.1.9 #471

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate-sh-app wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency editorconfig-checker to v5.1.9 #471

renovate-sh-app wants to merge 1 commit into from

Conversation

@renovate-sh-app
Copy link

@renovate-sh-app renovate-sh-app bot commented Dec 1, 2025

This PR contains the following updates:

Package Change Age Confidence
editorconfig-checker 5.0.1 -> 5.1.9 age confidence

Release Notes

editorconfig-checker/editorconfig-checker.javascript (editorconfig-checker)

v5.1.9

Compare Source

Performance Improvements
  • reduce package size by updating dependencies, from 700Kb to 650Kb + fixes security issues with dependencies (f8f4bba)

v5.1.8

Compare Source

Reverts

v5.1.6 release didn't work because of an issue with the @vercel/ncc compiler: vercel/ncc#1193, for now we revert the changes, so basically v5.1.8 is the same as v5.1.5.
Sorry for the troubles, we also improved our CI, so we should be able to detect this kind of issues in the future.

v5.1.7

Compare Source

Reverts

v5.1.6

Compare Source

Bug Fixes

v5.1.5

Compare Source

Bug Fixes

v5.1.4

Compare Source

Performance Improvements
  • reduce package size by updating dependencies, from ~1Mb to ~700Kb (b1748bc)

v5.1.3

Compare Source

Bug Fixes
  • release: allow downloading binary via proxy again (#​407) (97339d5)

v5.1.2

Compare Source

v5.1.1

Compare Source

v5.1.0

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

Need help?

You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.

@renovate-sh-app
chore(deps): update dependency editorconfig-checker to v5.1.9
eb3663b 
| datasource | package              | from  | to    |
| ---------- | -------------------- | ----- | ----- |
| npm        | editorconfig-checker | 5.0.1 | 5.1.9 |


Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
@github-actions
Copy link

github-actions bot commented Dec 1, 2025

😢 zizmor failed with exit code 14.

Expand for full output 
error[template-injection]: code injection via template expansion
   --> ./.github/workflows/release.yml:121:35
    |
119 |         run: |
    |         --- this run block
120 |           VERSION=$(python -c "import yaml; print(yaml.safe_load(open('galaxy.yml'))['version'])")
121 |           if [ "$VERSION" != "${{ github.event.inputs.version }}" ]; then
    |                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^ may expand into attacker-controllable code
    |
    = note: audit confidence → High
    = note: this finding has an auto-fix

error[template-injection]: code injection via template expansion
   --> ./.github/workflows/release.yml:122:45
    |
119 |         run: |
    |         --- this run block
...
122 |             echo "Error: Input version (${{ github.event.inputs.version }}) doesn't match galaxy.yml version ($VERSION)"
    |                                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^ may expand into attacker-controllable code
    |
    = note: audit confidence → High
    = note: this finding has an auto-fix

error[template-injection]: code injection via template expansion
   --> ./.github/workflows/release.yml:154:101
    |
154 | ...   run: curl --head -s -f -o /dev/null https://galaxy.ansible.com/download/grafana-grafana-${{ github.event.inputs.version }}.ta...
    |       --- this run block                                                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^ may expand into attacker-controllable code
    |
    = note: audit confidence → High
    = note: this finding has an auto-fix

error[unpinned-uses]: unpinned action reference
   --> ./.github/workflows/release.yml:157:9
    |
157 |         uses: softprops/action-gh-release@v1
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ action is not pinned to a hash (required by blanket policy)
    |
    = note: audit confidence → High

87 findings (34 ignored, 49 suppressed, 3 fixable): 0 informational, 0 low, 0 medium, 4 high

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

update-minor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants