chore(deps): update dependency typescript to v6 by renovate[bot] · Pull Request #1764 · leosuncin/nest-api-example

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ COPYPASTE	jscpd	yes		no	no	3.56s
✅ EDITORCONFIG	editorconfig-checker	2		0	0	0.03s
✅ JSON	jsonlint	1		0	0	0.49s
✅ JSON	npm-package-json-lint	yes		no	no	0.52s
⚠️ JSON	prettier	1	0	1	0	0.47s
✅ JSON	v8r	1		0	0	8.06s
❌ REPOSITORY	checkov	yes		5	no	27.3s
❌ REPOSITORY	devskim	yes		45	no	174.48s
✅ REPOSITORY	dustilock	yes		no	no	0.74s
✅ REPOSITORY	git_diff	yes		no	no	0.02s
❌ REPOSITORY	grype	yes		92	no	67.5s
❌ REPOSITORY	kingfisher	yes		1	no	8.39s
❌ REPOSITORY	osv-scanner	yes		92	no	4.51s
❌ REPOSITORY	secretlint	yes		1	no	1.07s
✅ REPOSITORY	syft	yes		no	no	5.94s
⚠️ REPOSITORY	trivy	yes		1	no	18.78s
✅ REPOSITORY	trivy-sbom	yes		no	no	3.78s
✅ REPOSITORY	trufflehog	yes		no	no	3.96s
✅ SPELL	cspell	3		0	0	2.79s
❌ SPELL	lychee	2		1	0	0.86s
✅ YAML	prettier	1	0	0	0	0.44s
✅ YAML	v8r	1		0	0	1.38s
❌ YAML	yamllint	1		4	0	5.19s

Detailed Issues

❌ REPOSITORY / checkov - 5 errors

dockerfile scan results:

Passed checks: 77, Failed checks: 1, Skipped checks: 0

Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
	FAILED for resource: /Dockerfile.
	File: /Dockerfile:1-47
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created

		1  | ARG NODE_VERSION=lts-slim
		2  | 
		3  | FROM node:${NODE_VERSION} AS dependencies
		4  | 
		5  | WORKDIR /app
		6  | 
		7  | ENV PNPM_HOME="/pnpm"
		8  | ENV PATH="$PNPM_HOME:$PATH"
		9  | 
		10 | RUN --mount=type=cache,id=pnpm-store,target=/pnpm/store \
		11 |     --mount=type=bind,source=package.json,target=/app/package.json \
		12 |     --mount=type=bind,source=pnpm-lock.yaml,target=/app/pnpm-lock.yaml \
		13 |     corepack enable && \
		14 |     pnpm install --frozen-lockfile --strict-peer-dependencies
		15 | 
		16 | FROM dependencies AS builder
		17 | 
		18 | COPY --chown=node:node src/ /app/src
		19 | 
		20 | RUN --mount=type=bind,source=package.json,target=/app/package.json \
		21 |     --mount=type=bind,source=nest-cli.json,target=/app/nest-cli.json \
		22 |     --mount=type=bind,source=tsconfig.json,target=/app/tsconfig.json \
		23 |     --mount=type=bind,source=tsconfig.build.json,target=/app/tsconfig.build.json \
		24 |     pnpm build
		25 | 
		26 | FROM builder AS pruner
		27 | 
		28 | RUN --mount=type=cache,id=pnpm-store,target=/pnpm/store \
		29 |     --mount=type=bind,source=package.json,target=/app/package.json \
		30 |     --mount=type=bind,source=pnpm-lock.yaml,target=/app/pnpm-lock.yaml \
		31 |     pnpm prune --prod --ignore-scripts
		32 | 
		33 | FROM gcr.io/distroless/nodejs22-debian12:nonroot
		34 | 
		35 | WORKDIR /app
		36 | 
		37 | ENV PORT=3000
		38 | 
		39 | COPY --chown=nonroot:nonroot --from=pruner /app/node_modules ./node_modules
		40 | COPY --chown=nonroot:nonroot --from=builder /app/dist .
		41 | COPY --chown=nonroot:nonroot CHANGELOG.md LICENSE package.json /app/
		42 | 
		43 | EXPOSE ${PORT}
		44 | 
		45 | HEALTHCHECK --interval=30s --timeout=2s --start-period=10s --retries=2 CMD [ "/nodejs/bin/node", "bin/health-checker.js" ]
		46 | 
		47 | CMD ["main.js"]
github_actions scan results:

Passed checks: 212, Failed checks: 4, Skipped checks: 0

Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(CodeQL)
	File: /.github/workflows/codeql-analysis.yml:27-28
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Release)
	File: /.github/workflows/release.yml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Publish)
	File: /.github/workflows/publish.yml:11-12
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(CI)
	File: /.github/workflows/ci.yml:0-1

❌ REPOSITORY / devskim - 45 errors

cfae0607fefd9a73455f74ff70e9eed3fbc7ffaecd3fb270702eee9c9fefee9a77bc79f12af1eecef9f9c3e79fa94fe7ef0e9c393a7e06c9a7c6af6e9ee3322efb3fbbb34fa8393e30734c8673bf77768203b34ba83877bc2e69f3edc3bf9f464efe4deeeeedee9fd03e2c4fbcf9e7e7a7c7aef806688a8754f84e6d32727bb4ff6ee3fdd3d79f894d8f0e0de8393a79f125d4e9eecdfdf2366b827b87dfa74ef805e7e7272efe9e9b3e3939367bbf788140ff630ea9353c2f444a09d9e1c936c1e3f7d4a442372ec7e7a40b376ef606fe71ef1170df9290fe1c1fe931d921ae2937bfb27bb9f9eee7cba73eff8c9e9fec983079f9e9e3e7970ffe4d13eb7fbf4d993a70f9fdc7b704ca3be7ff0ecc1dec983273b4f7677770f8e1fdebf77ff0981032f3d3878ba7342f4dcdd39bef7e993a7bb249e9f3e7d422cbefbe9318defdea7cf78100f48ad7c7a7af0ec64e7c983e3672433243aa7c77b3407f76970273ba7a78feea3d9b383bd27c4fcc7f4ff9d27c46544a307079f3ea119d9bdf7e401491d8ff560e7c1dee983277bbbc446f79e3e3938b97ff0e0fec1930734ddc4243468e1a583fbfbc7c7a7d4d3eefde39dfdd3839367fbbb4f1ed20c1e3c39d83b38dd3d7df8681fcd3e7db6f78438617f77fff4f8094d1d29076284d31312d59d7bbbc4c34cb983837d12d09387bbcf200e3411245aa459ee3d7d76ffe4d3873bc77b4439347bb2b3f780e4f3e421217eb2f7ece983e3270fee51934f1f1089779e3eb92fb811390f4e49d68f1f7e4af2\"`"}},"sourceLanguage":"json"}}}],"properties":{"tags":["Implementation.Privacy.Token"],"DevSkimSeverity":"Important","DevSkimConfidence":"Medium"}},{"ruleId":"DS162092","level":"note","message":{"text":"Do not leave debug code in production"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/auth/auth.module.spec.ts"},"region":{"startLine":250,"startColumn":20,"endLine":250,"endColumn":29,"charOffset":8053,"charLength":9,"snippet":{"text":"localhost","rendered":{"text":"localhost","markdown":"`localhost`"}},"sourceLanguage":"typescript"}}}],"properties":{"tags":["Hygiene.Network.AccessingLocalhost"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS126858","level":"error","message":{"text":"Weak/Broken Hash Algorithm"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/auth/providers/pwned-password.provider.spec.ts"},"region":{"startLine":20,"startColumn":22,"endLine":20,"endColumn":26,"charOffset":568,"charLength":4,"snippet":{"text":"sha1","rendered":{"text":"sha1","markdown":"`sha1`"}},"sourceLanguage":"typescript"}}}],"fixes":[{"description":{"text":"A weak or broken hash algorithm was detected."},"artifactChanges":[{"artifactLocation":{"uri":"src/auth/providers/pwned-password.provider.spec.ts"},"replacements":[{"deletedRegion":{"charOffset":568,"charLength":4},"insertedContent":{"text":"sha512"}}]}]},{"description":{"text":"A weak or broken hash algorithm was detected."},"artifactChanges":[{"artifactLocation":{"uri":"src/auth/providers/pwned-password.provider.spec.ts"},"replacements":[{"deletedRegion":{"charOffset":568,"charLength":4},"insertedContent":{"text":"sha256"}}]}]}],"properties":{"tags":["Cryptography.BannedHashAlgorithm"],"DevSkimSeverity":"Critical","DevSkimConfidence":"High"}},{"ruleId":"DS162092","level":"note","message":{"text":"Do not leave debug code in production"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"test/auth.end2end.spec.ts"},"region":{"startLine":188,"startColumn":20,"endLine":188,"endColumn":29,"charOffset":5337,"charLength":9,"snippet":{"text":"localhost","rendered":{"text":"localhost","markdown":"`localhost`"}},"sourceLanguage":"typescript"}}}],"properties":{"tags":["Hygiene.Network.AccessingLocalhost"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS162092","level":"note","message":{"text":"Do not leave debug code in production"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":".devcontainer/docker-compose.yml"},"region":{"startLine":24,"startColumn":50,"endLine":24,"endColumn":59,"charOffset":717,"charLength":9,"snippet":{"text":"localhost","rendered":{"text":"localhost","markdown":"`localhost`"}},"sourceLanguage":"yaml"}}}],"properties":{"tags":["Hygiene.Network.AccessingLocalhost"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}}],"columnKind":"utf16CodeUnits"}]}

(Truncated to last 4000 characters out of 313712)

❌ REPOSITORY / grype - 92 errors

4.17.21    4.17.23   npm   GHSA-xxjr-mmjv-4gpg  Medium    0.3% (23rd)  0.2    
lodash-es             4.17.21    4.17.23   npm   GHSA-xxjr-mmjv-4gpg  Medium    0.3% (23rd)  0.2    
uuid                  9.0.1      11.1.1    npm   GHSA-w5hq-g745-h8pq  Medium    0.3% (22nd)  0.2    
lodash                4.17.21    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    0.3% (21st)  0.2    
lodash                4.17.23    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    0.3% (21st)  0.2    
lodash-es             4.17.21    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    0.3% (21st)  0.2    
qs                    6.14.0     6.14.2    npm   GHSA-w7fw-mjwx-w883  Low       0.5% (37th)  0.2    
diff                  4.0.2      4.0.4     npm   GHSA-73rr-hh4g-fpgx  Low       0.5% (39th)  0.1    
jws                   3.2.2      3.2.3     npm   GHSA-869p-cjfg-cm3x  High      0.2% (9th)   0.1    
qs                    6.14.0     6.15.2    npm   GHSA-q8mj-m7cp-5q26  Medium    0.3% (18th)  0.1    
qs                    6.15.0     6.15.2    npm   GHSA-q8mj-m7cp-5q26  Medium    0.3% (18th)  0.1    
multer                2.0.2      2.2.0     npm   GHSA-3p4h-7m6x-2hcm  Medium    0.3% (19th)  0.1    
@nestjs/core          10.4.22    11.1.18   npm   GHSA-36xv-jgw5-4q75  Medium    0.2% (14th)  0.1    
undici                7.22.0     7.28.0    npm   GHSA-pr7r-676h-xcf6  Medium    0.2% (13th)  0.1    
undici                6.14.1     6.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    0.3% (16th)  0.1    
undici                6.23.0     6.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    0.3% (16th)  0.1    
undici                7.22.0     7.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    0.3% (16th)  0.1    
undici                6.14.1     6.19.2    npm   GHSA-3g92-w8c5-73pq  Low       0.5% (36th)  0.1    
brace-expansion       1.1.11     1.1.12    npm   GHSA-v6h2-p8h4-qcjw  Low       0.4% (35th)  0.1    
brace-expansion       2.0.1      2.0.2     npm   GHSA-v6h2-p8h4-qcjw  Low       0.4% (35th)  0.1    
brace-expansion       5.0.4      5.0.6     npm   GHSA-jxxr-4gwj-5jf2  Medium    0.2% (10th)  0.1    
undici                6.14.1     6.27.0    npm   GHSA-p88m-4jfj-68fv  Medium    0.2% (10th)  0.1    
undici                6.23.0     6.27.0    npm   GHSA-p88m-4jfj-68fv  Medium    0.2% (10th)  0.1    
undici                7.22.0     7.28.0    npm   GHSA-p88m-4jfj-68fv  Medium    0.2% (10th)  0.1    
tmp                   0.0.33     0.2.4     npm   GHSA-52f5-9888-hmc6  Low       0.3% (22nd)  < 0.1  
undici                6.14.1     6.21.2    npm   GHSA-cxrh-j4jr-qwg3  Low       0.3% (16th)  < 0.1  
webpack               5.97.1     5.104.0   npm   GHSA-38r7-794h-5758  Low       0.2% (9th)   < 0.1  
webpack               5.97.1     5.104.1   npm   GHSA-8fgc-7cc6-rx7x  Low       0.2% (9th)   < 0.1  
undici                6.14.1     6.27.0    npm   GHSA-g8m3-5g58-fq7m  Low       0.2% (9th)   < 0.1  
undici                6.23.0     6.27.0    npm   GHSA-g8m3-5g58-fq7m  Low       0.2% (9th)   < 0.1  
undici                7.22.0     7.28.0    npm   GHSA-g8m3-5g58-fq7m  Low       0.2% (9th)   < 0.1  
undici                6.14.1     6.27.0    npm   GHSA-35p6-xmwp-9g52  Low       0.2% (7th)   < 0.1  
undici                6.23.0     6.27.0    npm   GHSA-35p6-xmwp-9g52  Low       0.2% (7th)   < 0.1  
undici                7.22.0     7.28.0    npm   GHSA-35p6-xmwp-9g52  Low       0.2% (7th)   < 0.1  
serialize-javascript  6.0.1      7.0.3     npm   GHSA-5c6j-r48x-rmvq  High      N/A          N/A    
follow-redirects      1.15.9     1.16.0    npm   GHSA-r4q5-vmmm-2653  Medium    N/A          N/A    
js-yaml               3.14.1     4.2.0     npm   GHSA-h67p-54hq-rp68  Medium    N/A          N/A    
js-yaml               4.1.0      4.2.0     npm   GHSA-h67p-54hq-rp68  Medium    N/A          N/A    
@babel/core           7.27.4     7.29.6    npm   GHSA-4x5r-pxfx-6jf8  Low       N/A          N/A
[0067] ERROR discovered vulnerabilities at or above the severity threshold

(Truncated to last 4000 characters out of 9608)

❌ REPOSITORY / kingfisher - 1 error

New Kingfisher release 1.103.0 available
 INFO kingfisher: Launching with 8 concurrent scan jobs. Use --num-jobs to override.
 INFO kingfisher::rule_loader: Loaded 921 rules
 INFO kingfisher::scanner::runner: Starting secret validation phase...
POSTGRES URL WITH HARDCODED PASSWORD => [KINGFISHER.POSTGRES.1]
 |Finding.......: [REDACTED:6057fbd5]
 |Fingerprint...: 2034115162828868254
 |Confidence....: medium
 |Entropy.......: 3.87
 |Validation....: Inactive Credential
 |__Response....: Postgres connection failed.
 |Language......: YAML
 |Line Num......: 24
 |Path..........: ./.devcontainer/docker-compose.yml


==========================================
Scan Summary:
==========================================
 |Findings....................: 1
 |__Successful Validations....: 0
 |__Failed Validations........: 1
 |__Skipped Validations.......: 0
 |Rules Applied...............: 921
 |__Blobs Scanned.............: 225
 |Bytes Scanned...............: 8.19 MiB
 |Scan Duration...............: 127ms 752us 500ns
 |Scan Date...................: 2026-06-20 21:36:54 +00:00
 |Kingfisher Version..........: 1.99.0
 |__Latest Version............: 1.103.0
New Kingfisher release 1.103.0 available

❌ SPELL / lychee - 1 error

📝 Summary
---------------------
🔍 Total............7
🔗 Unique...........4
✅ Successful.......1
⏳ Timeouts.........0
🔀 Redirected.......1
👻 Excluded.........5
❓ Unknown..........0
🚫 Errors...........1
⛔ Unsupported......1

Errors in pnpm-lock.yaml
[403] https://www.npmjs.com/support (at 2286:65) | Rejected status code: 403 Forbidden

Hint: Followed 1 redirect. You might want to consider replacing redirecting URLs with the resolved URLs. Use verbose mode (`-v`/`-vv`) to see redirection details.
Hint: You can configure accepted/rejected response codes with `-a` or `--accept`

❌ REPOSITORY / osv-scanner - 92 errors

| https://osv.dev/GHSA-g8m3-5g58-fq7m | 3.7  | npm       | undici               | 6.14.1  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-g9mf-h72j-4rw9 | 5.9  | npm       | undici               | 6.14.1  | 6.23.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-p88m-4jfj-68fv | 5.9  | npm       | undici               | 6.14.1  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-v9p9-hfj2-hcw8 | 7.5  | npm       | undici               | 6.14.1  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vrm6-8vpv-qv8q | 7.5  | npm       | undici               | 6.14.1  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vxpw-j846-p89q | 7.5  | npm       | undici               | 6.14.1  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-2mjp-6q6p-2qxm | 6.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-35p6-xmwp-9g52 | 3.7  | npm       | undici               | 6.23.0  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-4992-7rv2-5pvq | 4.6  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-f269-vfmq-vjvj | 7.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-g8m3-5g58-fq7m | 3.7  | npm       | undici               | 6.23.0  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-p88m-4jfj-68fv | 5.9  | npm       | undici               | 6.23.0  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-v9p9-hfj2-hcw8 | 7.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vrm6-8vpv-qv8q | 7.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vxpw-j846-p89q | 7.5  | npm       | undici               | 6.23.0  | 6.27.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-2mjp-6q6p-2qxm | 6.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-35p6-xmwp-9g52 | 3.7  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-4992-7rv2-5pvq | 4.6  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-f269-vfmq-vjvj | 7.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-g8m3-5g58-fq7m | 3.7  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-p88m-4jfj-68fv | 5.9  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-phc3-fgpg-7m6h | 5.9  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-pr7r-676h-xcf6 | 5.9  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-v9p9-hfj2-hcw8 | 7.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vrm6-8vpv-qv8q | 7.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vxpw-j846-p89q | 7.5  | npm       | undici               | 7.22.0  | 7.28.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-w5hq-g745-h8pq | 7.5  | npm       | uuid                 | 9.0.1   | 11.1.1        | pnpm-lock.yaml |
| https://osv.dev/GHSA-38r7-794h-5758 | 3.7  | npm       | webpack              | 5.97.1  | 5.104.0       | pnpm-lock.yaml |
| https://osv.dev/GHSA-8fgc-7cc6-rx7x | 3.7  | npm       | webpack              | 5.97.1  | 5.104.1       | pnpm-lock.yaml |
| https://osv.dev/GHSA-58qx-3vcg-4xpx | 4.4  | npm       | ws                   | 8.18.1  | 8.20.1        | pnpm-lock.yaml |
| https://osv.dev/GHSA-96hv-2xvq-fx4p | 7.5  | npm       | ws                   | 8.18.1  | 8.21.0        | pnpm-lock.yaml |
+-------------------------------------+------+-----------+----------------------+---------+---------------+----------------+

(Truncated to last 4000 characters out of 12373)

❌ REPOSITORY / secretlint - 1 error

.devcontainer/docker-compose.yml
  24:21  error  [PostgreSQLConnection] found PostgreSQL connection string: ****************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string

.github/workflows/ci.yml
  89:24  error  [PostgreSQLConnection] found PostgreSQL connection string: *************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string
  95:24  error  [PostgreSQLConnection] found PostgreSQL connection string: *************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string

✖ 3 problems (3 errors, 0 warnings, 0 infos)

❌ YAML / yamllint - 4 errors

pnpm-lock.yaml
  1:1       warning  missing document start "---"  (document-start)
  40:501    error    line too long (545 > 500 characters)  (line-length)
  10071:501 error    line too long (537 > 500 characters)  (line-length)
  10206:501 error    line too long (584 > 500 characters)  (line-length)

⚠️ JSON / prettier - 1 error

[error] Cannot find package 'prettier-plugin-toml' imported from noop.js

⚠️ REPOSITORY / trivy - 1 error

│        │                   │ 6.27.0, 7.28.0, 8.5.0                                   │ undici: undici: Weakening of cookie SameSite policy due to   │
│                 │                │          │        │                   │                                                         │ incorrect parsing of...                                      │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-11525                   │
│                 ├────────────────┤          │        │                   │                                                         ├──────────────────────────────────────────────────────────────┤
│                 │ CVE-2026-6733  │          │        │                   │                                                         │ undici: Undici: Response queue poisoning on reused           │
│                 │                │          │        │                   │                                                         │ keep-alive sockets can lead to...                            │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-6733                    │
├─────────────────┼────────────────┼──────────┤        ├───────────────────┼─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ uuid            │ CVE-2026-41907 │ MEDIUM   │        │ 9.0.1             │ 11.1.1, 12.0.1, 13.0.1                                  │ uuid: uuid: Out-of-bounds write vulnerability impacts data   │
│                 │                │          │        │                   │                                                         │ integrity and confidentiality                                │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-41907                   │
└─────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────────────────────────────────┴──────────────────────────────────────────────────────────────┘

.devcontainer/Dockerfile (dockerfile)
=====================================
Tests: 27 (SUCCESSES: 25, FAILURES: 2)
Failures: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

See https://avd.aquasec.com/misconfig/ds-0002
────────────────────────────────────────


DS-0026 (LOW): Add HEALTHCHECK instruction in your Dockerfile
════════════════════════════════════════
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.

See https://avd.aquasec.com/misconfig/ds-0026
────────────────────────────────────────



Dockerfile (dockerfile)
=======================
Tests: 27 (SUCCESSES: 26, FAILURES: 1)
Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

See https://avd.aquasec.com/misconfig/ds-0002
────────────────────────────────────────



📣 Notices:
  - Version 0.71.2 of Trivy is now available, current version is 0.70.0

To suppress version checks, run Trivy scans with the --skip-version-check flag

(Truncated to last 4000 characters out of 34137)

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

Show us your support by starring ⭐ the repository

kodiakhq · 2026-03-23T22:10:23Z

This PR currently has a merge conflict. Please resolve this and then re-add the automerge label.

renovate Bot added the automerge Auto merge PR with Kodiak label Mar 23, 2026

renovate Bot enabled auto-merge (rebase) March 23, 2026 16:35

kodiakhq Bot approved these changes Mar 23, 2026

View reviewed changes

kodiakhq Bot removed the automerge Auto merge PR with Kodiak label Mar 23, 2026

renovate Bot force-pushed the renovate/typescript-6.x branch 3 times, most recently from 3ed041f to dc86514 Compare March 30, 2026 21:39

renovate Bot force-pushed the renovate/typescript-6.x branch 15 times, most recently from bcc5a58 to bae5cfa Compare April 7, 2026 01:01

renovate Bot force-pushed the renovate/typescript-6.x branch 6 times, most recently from 75fc13d to 61dd479 Compare April 11, 2026 00:34

renovate Bot force-pushed the renovate/typescript-6.x branch 7 times, most recently from 5a3a485 to 48361f6 Compare May 5, 2026 05:10

renovate Bot force-pushed the renovate/typescript-6.x branch 3 times, most recently from 0ea74d5 to 1977060 Compare May 7, 2026 21:50

renovate Bot force-pushed the renovate/typescript-6.x branch 19 times, most recently from c26c3a4 to 9be6ab6 Compare June 20, 2026 17:49

chore(deps): update dependency typescript to v6

93335d2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency typescript to v6#1764

chore(deps): update dependency typescript to v6#1764
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/typescript-6.x

renovate Bot commented Mar 23, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Mar 23, 2026 •

edited

Loading

Uh oh!

kodiakhq Bot commented Mar 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate Bot commented Mar 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v6.0.3

v6.0.2

Configuration

Uh oh!

github-actions Bot commented Mar 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

❌MegaLinter analysis: Error

Detailed Issues

Notices

Uh oh!

kodiakhq Bot commented Mar 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate Bot commented Mar 23, 2026 •

edited

Loading

`v6.0.3`

`v6.0.2`

github-actions Bot commented Mar 23, 2026 •

edited

Loading