chore(deps): update github-actions (beta)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/upload-artifact	action	minor	v4.4.3 -> v4.6.0
ghcr.io/miracum/ig-build-tools	container	patch	v2.1.14 -> v2.1.16
github/codeql-action	action	minor	v3.27.0 -> v3.28.9
helm/kind-action	action	minor	v1.10.0 -> v1.12.0
miracum/.github	action	minor	v1.12.7 -> v1.13.1
step-security/harden-runner	action	patch	v2.10.3 -> v2.10.4

---

Release Notes

actions/upload-artifact (actions/upload-artifact)

v4.6.0

Compare Source

What's Changed

• Expose env vars to control concurrency and timeout by @​yacaovsnc in https://github.com/actions/upload-artifact/pull/662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

Compare Source

miracum/ig-build-tools (ghcr.io/miracum/ig-build-tools)

v2.1.16

Compare Source

Miscellaneous Chores

• deps: bumped validator jar version (0ef8775)

v2.1.15

Compare Source

Miscellaneous Chores

• deps: update github-actions (#​203) (167569c)

github/codeql-action (github/codeql-action)

v3.28.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.9 - 07 Feb 2025

• Update default CodeQL bundle version to 2.20.4. #​2753

See the full CHANGELOG.md for more information.

v3.28.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.8 - 29 Jan 2025

• Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #​2744

See the full CHANGELOG.md for more information.

v3.28.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.7 - 29 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.6 - 27 Jan 2025

• Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #​2726

See the full CHANGELOG.md for more information.

v3.28.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.5 - 24 Jan 2025

• Update default CodeQL bundle version to 2.20.3. #​2717

See the full CHANGELOG.md for more information.

v3.28.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.4 - 23 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.3 - 22 Jan 2025

• Update default CodeQL bundle version to 2.20.2. #​2707
• Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #​2710
• Uploading debug artifacts for CodeQL analysis is temporarily disabled. #​2712

See the full CHANGELOG.md for more information.

v3.28.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.2 - 21 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.1 - 10 Jan 2025

• CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #​2677
• Update default CodeQL bundle version to 2.20.1. #​2678

See the full CHANGELOG.md for more information.

v3.28.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.28.0 - 20 Dec 2024

• Bump the minimum CodeQL bundle version to 2.15.5. #​2655
• Don't fail in the unusual case that a file is on the search path. #​2660.

See the full CHANGELOG.md for more information.

v3.27.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.8

Compare Source

v3.27.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.7 - 10 Dec 2024

• We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #​2631
• Update default CodeQL bundle version to 2.20.0. #​2636

See the full CHANGELOG.md for more information.

v3.27.6

Compare Source

v3.27.5

Compare Source

v3.27.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.4 - 14 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.3 - 12 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.2 - 12 Nov 2024

• Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #​2590

See the full CHANGELOG.md for more information.

v3.27.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.1 - 08 Nov 2024

• The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. #​2573
• Update default CodeQL bundle version to 2.19.3. #​2576

See the full CHANGELOG.md for more information.

helm/kind-action (helm/kind-action)

v1.12.0

Compare Source

What's Changed

• update kind to use release v0.26.0 by @​cpanato in https://github.com/helm/kind-action/pull/129
• feat: options to configure local registry by @​tthvo in https://github.com/helm/kind-action/pull/113
• Bump actions/checkout from 4.1.4 to 4.2.2 in the actions group by @​dependabot in https://github.com/helm/kind-action/pull/130

New Contributors

• @​tthvo made their first contribution in https://github.com/helm/kind-action/pull/113

Full Changelog: helm/kind-action@v1.11.0...v1.12.0

v1.11.0

Compare Source

What's Changed

• add wait test by @​cpanato in https://github.com/helm/kind-action/pull/111
• revert wget to use curl again by @​cpanato in https://github.com/helm/kind-action/pull/110
• feat: add custom kubeconfig option as action input by @​jbattiato in https://github.com/helm/kind-action/pull/119
• fix: Use new mirror for downloading kubectl by @​jriedel-ionos in https://github.com/helm/kind-action/pull/127
• update kind to default to release v0.24.0 by @​cpanato in https://github.com/helm/kind-action/pull/122

New Contributors

• @​jbattiato made their first contribution in https://github.com/helm/kind-action/pull/119
• @​jriedel-ionos made their first contribution in https://github.com/helm/kind-action/pull/127

Full Changelog: helm/kind-action@v1.10.0...v1.11.0

miracum/.github (miracum/.github)

v1.13.1

Compare Source

Miscellaneous Chores

• deps: update all non-major dependencies (#​103) (4cc91ea)
• deps: update github-actions (#​101) (5b16dd8)

v1.13.0

Compare Source

Features

• support for app-token based releases (91be41c)

v1.12.12

Compare Source

Miscellaneous Chores

• deps: update oxsecurity/megalinter action to v8.3.0 (#​99) (abfae50)

v1.12.11

Compare Source

Miscellaneous Chores

• deps: update dependency gradle to v8.11.1 (#​97) (d49d346)
• deps: update github-actions (#​98) (ec147b5)

v1.12.10

Compare Source

Miscellaneous Chores

• deps: update oxsecurity/megalinter action to v8.2.0 (#​96) (3a6d6e8)

v1.12.9

Compare Source

Miscellaneous Chores

• deps: default to .net 9 (2dcefea)
• deps: update all non-major dependencies (#​93) (1853981)
• deps: update gcr.io/distroless/python3-debian12:nonroot docker digest to 97c3cd0 (#​92) (d3e9707)
• deps: update github-actions (#​94) (6b11456)

v1.12.8

Compare Source

Miscellaneous Chores

• deps: update github-actions (#​90) (0549971)

step-security/harden-runner (step-security/harden-runner)

v2.10.4

Compare Source

What's Changed

Fixed a potential Harden-Runner post step failure that could occur when printing agent service logs. The fix gracefully handles failures without failing the post step.

Full Changelog: step-security/harden-runner@v2...v2.10.4

---

Configuration

📅 Schedule: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🦙 MegaLinter status: ❌ ERROR

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ ACTION	actionlint	5		0	0.06s
✅ BASH	bash-exec	5		0	0.03s
✅ BASH	shellcheck	5		0	0.1s
⚠️ BASH	shfmt	5		1	0.01s
✅ DOCKERFILE	hadolint	1		0	0.16s
✅ EDITORCONFIG	editorconfig-checker	259		0	1.98s
✅ GROOVY	npm-groovy-lint	2		0	13.41s
✅ JAVA	checkstyle	82		0	9.24s
✅ JSON	jsonlint	89		0	0.3s
✅ JSON	npm-package-json-lint	yes		no	0.8s
✅ JSON	prettier	89		0	0.77s
✅ JSON	v8r	89		0	81.63s
✅ MARKDOWN	markdownlint	8		0	0.84s
✅ REPOSITORY	checkov	yes		no	20.39s
✅ REPOSITORY	gitleaks	yes		no	1.08s
✅ REPOSITORY	git_diff	yes		no	0.05s
✅ REPOSITORY	grype	yes		no	13.12s
❌ REPOSITORY	kics	yes		1	2.96s
✅ REPOSITORY	secretlint	yes		no	1.38s
✅ REPOSITORY	syft	yes		no	2.8s
✅ REPOSITORY	trivy	yes		no	6.65s
✅ REPOSITORY	trivy-sbom	yes		no	0.14s
✅ REPOSITORY	trufflehog	yes		no	5.01s
✅ XML	xmllint	35		0	0.05s
✅ YAML	prettier	16		0	1.13s
✅ YAML	v8r	16		0	21.5s
✅ YAML	yamllint	16		0	1.0s

See detailed report in MegaLinter reports

You could have the same capabilities but better runtime performances if you use a MegaLinter flavor:

• oxsecurity/megalinter/flavors/[email protected] (83 linters)

MegaLinter is graciously provided by

[github-actions]

Code Coverage Report

Overall Project	73.57%	🍏

There is no coverage information present for the Files changed

[github-actions]

Trivy image scan report

ghcr.io/bzkf/obds-to-fhir:pr-223 (debian 12.7)

No Vulnerabilities found

No Misconfigurations found

Java

15 known vulnerabilities found (LOW: 1 CRITICAL: 0 HIGH: 11 MEDIUM: 3)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
ca.uhn.hapi.fhir:org.hl7.fhir.r4	CVE-2024-45294	HIGH	6.3.11	6.3.23
ca.uhn.hapi.fhir:org.hl7.fhir.r4	CVE-2024-51132	HIGH	6.3.11	6.4.0
ca.uhn.hapi.fhir:org.hl7.fhir.r4	CVE-2024-52007	HIGH	6.3.11	6.4.0
ca.uhn.hapi.fhir:org.hl7.fhir.utilities	CVE-2024-45294	HIGH	6.3.11	6.3.23
ca.uhn.hapi.fhir:org.hl7.fhir.utilities	CVE-2024-51132	HIGH	6.3.11	6.4.0
ca.uhn.hapi.fhir:org.hl7.fhir.utilities	CVE-2024-52007	HIGH	6.3.11	6.4.0
ch.qos.logback:logback-core	CVE-2024-12798	MEDIUM	1.5.6	1.5.13, 1.3.15
ch.qos.logback:logback-core	CVE-2024-12801	LOW	1.5.6	1.5.13, 1.3.15
commons-io:commons-io	CVE-2024-47554	HIGH	2.11.0	2.14.0
org.apache.tomcat.embed:tomcat-embed-core	CVE-2024-50379	HIGH	10.1.26	11.0.2, 10.1.34, 9.0.98
org.apache.tomcat.embed:tomcat-embed-core	CVE-2024-56337	HIGH	10.1.26	11.0.2, 10.1.34, 9.0.98
org.springframework:spring-context	CVE-2024-38820	MEDIUM	6.1.11	6.1.14
org.springframework:spring-web	CVE-2024-38809	MEDIUM	6.1.11	5.3.38, 6.0.23, 6.1.12
org.springframework:spring-webmvc	CVE-2024-38816	HIGH	6.1.11	6.1.13
org.springframework:spring-webmvc	CVE-2024-38819	HIGH	6.1.11	6.1.14

No Misconfigurations found