chore(deps): update github-actions (major)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/cache	action	major	v4.3.0 -> v5.0.1
actions/checkout	action	major	v5.0.1 -> v6.0.1
actions/download-artifact	action	major	v6.0.0 -> v7.0.0
actions/upload-artifact	action	major	v5.0.0 -> v6.0.0
peter-evans/create-pull-request	action	major	v7.0.11 -> v8.0.0

---

Release Notes

actions/cache (actions/cache)

v5.0.1

Compare Source

v5.0.0

Compare Source

actions/checkout (actions/checkout)

v6.0.1

Compare Source

v6.0.0

Compare Source

actions/download-artifact (actions/download-artifact)

v7.0.0

Compare Source

v7 - What's new

[!IMPORTANT]
actions/download-artifact@​v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in #​440
• Download Artifact Node24 support by @​salmanmkc in #​415
• fix: update @​actions/artifact to fix Node.js 24 punycode deprecation by @​salmanmkc in #​451
• prepare release v7.0.0 for Node.js 24 support by @​salmanmkc in #​452

New Contributors

• @​patrikpolyak made their first contribution in #​440
• @​salmanmkc made their first contribution in #​415

Full Changelog: actions/download-artifact@v6.0.0...v7.0.0

actions/upload-artifact (actions/upload-artifact)

v6.0.0

Compare Source

peter-evans/create-pull-request (peter-evans/create-pull-request)

v8.0.0: Create Pull Request v8.0.0

Compare Source

What's new in v8

• Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

• chore: Update checkout action version to v6 by @​yonas in #​4258
• Update actions/checkout references to @​v6 in docs by @​Copilot in #​4259
• feat: v8 by @​peter-evans in #​4260

New Contributors

• @​yonas made their first contribution in #​4258
• @​Copilot made their first contribution in #​4259

Full Changelog: peter-evans/create-pull-request@v7.0.11...v8.0.0

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	14		0	0	0.27s
✅ BASH	bash-exec	7		0	0	0.04s
✅ BASH	shellcheck	4		0	0	0.16s
⚠️ BASH	shfmt	7		1	0	0.01s
✅ CSHARP	csharpier	3		0	0	2.11s
⚠️ CSHARP	roslynator	1		1	0	12.75s
✅ CSS	stylelint	1		0	0	2.13s
✅ DOCKERFILE	hadolint	5		0	0	0.18s
✅ EDITORCONFIG	editorconfig-checker	435		0	0	2.46s
✅ ENV	dotenv-linter	1		0	0	0.01s
⚠️ GROOVY	npm-groovy-lint	8		0	20	25.0s
✅ HTML	djlint	2		0	0	1.79s
✅ HTML	htmlhint	2		0	0	0.33s
⚠️ JAVA	checkstyle	64		0	90	9.37s
✅ JSON	jsonlint	53		0	0	0.67s
✅ JSON	prettier	53		0	0	5.22s
✅ JSON	v8r	53		0	0	35.42s
⚠️ MARKDOWN	markdownlint	23		273	0	2.4s
✅ PYTHON	bandit	1		0	0	2.72s
✅ PYTHON	black	1		0	0	1.85s
✅ PYTHON	flake8	1		0	0	1.03s
✅ PYTHON	isort	1		0	0	0.47s
✅ PYTHON	mypy	1		0	0	12.6s
✅ PYTHON	ruff	1		0	0	0.05s
✅ REPOSITORY	checkov	yes		no	no	48.06s
✅ REPOSITORY	gitleaks	yes		no	no	5.76s
✅ REPOSITORY	git_diff	yes		no	no	0.32s
⚠️ REPOSITORY	kics	yes		no	119	60.92s
✅ REPOSITORY	secretlint	yes		no	no	3.34s
✅ REPOSITORY	syft	yes		no	no	17.25s
⚠️ REPOSITORY	trivy	yes		19	no	22.77s
✅ REPOSITORY	trivy-sbom	yes		no	no	6.08s
✅ REPOSITORY	trufflehog	yes		no	no	8.82s
✅ XML	xmllint	4		0	0	1.53s
✅ YAML	prettier	118		0	0	3.72s

Detailed Issues

⚠️ JAVA / checkstyle - 90 warnings

warning: First sentence of Javadoc is missing an ending period.

warning: First sentence of Javadoc is missing an ending period.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Line is longer than 100 characters (found 103).

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: First sentence of Javadoc is missing an ending period.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Line is longer than 100 characters (found 107).

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: First sentence of Javadoc is missing an ending period.

warning: Line is longer than 100 characters (found 115).

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Line is longer than 100 characters (found 220).

warning: Line is longer than 100 characters (found 104).

warning: Line is longer than 100 characters (found 117).

warning: Line is longer than 100 characters (found 154).

warning: Line is longer than 100 characters (found 111).

warning: Line is longer than 100 characters (found 128).

warning: Line is longer than 100 characters (found 142).

warning: Missing a Javadoc comment.

warning: Line is longer than 100 characters (found 104).

warning: Line is longer than 100 characters (found 132).

warning: Line is longer than 100 characters (found 141).

warning: 90 warnings emitted

⚠️ REPOSITORY / kics - 119 warnings

warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
   ┌─ src/notify/tests/e2e/docker-compose.yaml:56:1
   │
56 │   maildev:
   │ ^^^^^^^^^^
   │
   = Container Capabilities Unrestricted
   = Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.

warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
    ┌─ docker-compose/docker-compose.staging.yaml:142:1
    │
142 │   fhir-db:
    │ ^^^^^^^^^^
    │
    = Container Capabilities Unrestricted
    = Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.

warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
   ┌─ src/list/frontend/tests/e2e/docker-compose.yaml:59:1
   │
59 │   keycloak:
   │ ^^^^^^^^^^^
   │
   = Container Capabilities Unrestricted
   = Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.

warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
  ┌─ src/list/frontend/deploy/docker-compose.dev.yml:4:1
  │
4 │   fhir:
  │ ^^^^^^^
  │
  = Container Capabilities Unrestricted
  = Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.

warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
   ┌─ src/list/frontend/deploy/docker-compose.dev.yml:38:1
   │
38 │   keycloak:
   │ ^^^^^^^^^^^
   │
   = Container Capabilities Unrestricted
   = Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.

warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
   ┌─ src/query/tests/e2e/docker-compose.yaml:28:1
   │
28 │   tester:
   │ ^^^^^^^^^
   │
   = Container Capabilities Unrestricted
   = Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.

warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
   ┌─ src/notify/tests/e2e/docker-compose.yaml:26:1
   │
26 │   jobstore-db:
   │ ^^^^^^^^^^^^^^
   │
   = Container Capabilities Unrestricted
   = Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.

warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
   ┌─ src/notify/tests/e2e/docker-compose.yaml:33:1
   │
33 │   tester:
   │ ^^^^^^^^^
   │
   = Container Capabilities Unrestricted
   = Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.

warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
    ┌─ docker-compose/docker-compose.staging.yaml:211:1
    │
211 │   notify:
    │ ^^^^^^^^^
    │
    = Container Capabilities Unrestricted
    = Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.

warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
   ┌─ src/list/frontend/tests/e2e/docker-compose.yaml:72:1
   │
72 │   jaeger:
   │ ^^^^^^^^^
   │
   = Container Capabilities Unrestricted
   = Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.

warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
  ┌─ src/notify/tests/e2e/docker-compose.yaml:4:1
  │
4 │   notify:
  │ ^^^^^^^^^
  │
  = Container Capabilities Unrestricted
  = Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.

warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
    ┌─ docker-compose/docker-compose.staging.yaml:230:1
    │
230 │   list:
    │ ^^^^^^^
    │
    = Container Capabilities Unrestricted
    = Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.

warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
   ┌─ src/list/frontend/deploy/docker-compose.dev.yml:53:1
   │
53 │   fhir-pseudonymizer:
   │ ^^^^^^^^^^^^^^^^^^^^^
   │
   = Container Capabilities Unrestricted
   = Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.


(Truncated to 5714 characters out of 37150)

⚠️ MARKDOWN / markdownlint - 273 errors

CHANGELOG.md:5 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:9:121 MD013/line-length Line length [Expected: 120; Actual: 232]
CHANGELOG.md:10:121 MD013/line-length Line length [Expected: 120; Actual: 220]
CHANGELOG.md:13 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:24 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:25 MD024/no-duplicate-heading Multiple headings with the same content [Context: "Bug Fixes"]
CHANGELOG.md:30 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:31 MD024/no-duplicate-heading Multiple headings with the same content [Context: "Miscellaneous Chores"]
CHANGELOG.md:45 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:52 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:53 MD024/no-duplicate-heading Multiple headings with the same content [Context: "Bug Fixes"]
CHANGELOG.md:56:121 MD013/line-length Line length [Expected: 120; Actual: 220]
CHANGELOG.md:59 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:60 MD024/no-duplicate-heading Multiple headings with the same content [Context: "Miscellaneous Chores"]
CHANGELOG.md:66:121 MD013/line-length Line length [Expected: 120; Actual: 241]
CHANGELOG.md:73 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:74 MD024/no-duplicate-heading Multiple headings with the same content [Context: "Bug Fixes"]
CHANGELOG.md:81:121 MD013/line-length Line length [Expected: 120; Actual: 220]
CHANGELOG.md:86 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:91 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:92 MD024/no-duplicate-heading Multiple headings with the same content [Context: "Miscellaneous Chores"]
CHANGELOG.md:105:121 MD013/line-length Line length [Expected: 120; Actual: 229]
CHANGELOG.md:106:121 MD013/line-length Line length [Expected: 120; Actual: 228]
CHANGELOG.md:109:121 MD013/line-length Line length [Expected: 120; Actual: 237]
CHANGELOG.md:122 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:125:121 MD013/line-length Line length [Expected: 120; Actual: 224]
CHANGELOG.md:127 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:128 MD024/no-duplicate-heading Multiple headings with the same content [Context: "Bug Fixes"]
CHANGELOG.md:132 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:133 MD024/no-duplicate-heading Multiple headings with the same content [Context: "Miscellaneous Chores"]
CHANGELOG.md:139 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:140 MD024/no-duplicate-heading Multiple headings with the same content [Context: "Features"]
CHANGELOG.md:144 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:145 MD024/no-duplicate-heading Multiple headings with the same content [Context: "Miscellaneous Chores"]
CHANGELOG.md:151 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:152 MD024/no-duplicate-heading Multiple headings with the same content [Context: "Bug Fixes"]
CHANGELOG.md:158 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:159 MD024/no-duplicate-heading Multiple headings with the same content [Context: "Features"]
CHANGELOG.md:163 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:164 MD024/no-duplicate-heading Multiple headings with the same content [Context: "Bug Fixes"]
CHANGELOG.md:167:121 MD013/line-length Line length [Expected: 120; Actual: 219]
CHANGELOG.md:168:121 MD013/line-length Line length [Expected: 120; Actual: 221]
CHANGELOG.md:169:121 MD013/line-length Line length [Expected: 120; Actual: 228]
CHANGELOG.md:170:121 MD013/line-length Line length [Expected: 120; Actual: 220]
CHANGELOG.md:171:121 MD013/line-length Line length [Expected: 120; Actual: 232]
CHANGELOG.md:177:121 MD013/line-length Line length [Expected: 120; Actual: 233]
CHANGELOG.md:180 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:181 MD024/no-duplicate-heading Multiple headings with the same content [Context: "Documentation"]
CHANGELOG.md:185 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2]
CHANGELOG.md:186 MD024/no-duplicate-heading Multiple headings with the same content [Context: "Miscellaneous Chores"]
CHANGELOG.md:207:121 MD013/line-length Line length [Expected: 120; Actual: 228]
CHANGELOG.md:209:121 MD013/line-length Line length [Expected: 120; Actual: 230]
CHANGELOG.md:211:121 MD013/line-length Line length [Expected: 120; Actual: 232]
CHANGELOG.md:212:121 MD013/line-length Line length [Expected: 120; Actual: 232]
CHANGELOG.md:213:121 MD013/line-length Line length [Expected: 120; Actual: 234]
CHANGELOG.md:215:121 MD013/line-length Line length [Expected: 120; Actual: 237]
CHANGELOG.md:216:121 MD013/line-length Line length [Expected: 120; Actual: 237]
CHANGELOG.md:217:121 MD013/line-length Line length [Expected: 120; Actual: 237]
CHANGELOG.md:218:121 MD013/line-length Line length [Expected: 120; Actual: 239]
CHANGELOG.md:219:121 MD013/line-length Line length [Expected: 120; Actual: 239]
CHANGELOG.md:220:121 MD013/line-length Line length [Expected: 12

(Truncated to 5714 characters out of 26039)

⚠️ GROOVY / npm-groovy-lint - 20 warnings

note: Class should be marked with one of @GrailsCompileStatic, @CompileStatic or @CompileDynamic
 = Check that classes are explicitely annotated with either @GrailsCompileStatic, @CompileStatic or @CompileDynamic

note: Class should be marked with one of @GrailsCompileStatic, @CompileStatic or @CompileDynamic
 = Check that classes are explicitely annotated with either @GrailsCompileStatic, @CompileStatic or @CompileDynamic

note: The String 'spring-boot-loader' can be wrapped in single quotes instead of double quotes
   ┌─ src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:71:24
   │
71 │             intoLayer("spring-boot-loader") {
   │                        ^^^^^^^^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The String 'org/springframework/boot/loader/**' can be wrapped in single quotes instead of double quotes
   ┌─ src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:72:26
   │
72 │                 include("org/springframework/boot/loader/**")
   │                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The String 'application' can be wrapped in single quotes instead of double quotes
   ┌─ src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:74:24
   │
74 │             intoLayer("application")
   │                        ^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The String 'module-dependencies' can be wrapped in single quotes instead of double quotes
   ┌─ src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:77:24
   │
77 │             intoLayer("module-dependencies") {
   │                        ^^^^^^^^^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The String 'org.miracum:*:*' can be wrapped in single quotes instead of double quotes
   ┌─ src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:78:26
   │
78 │                 include("org.miracum:*:*")
   │                          ^^^^^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The String 'dependencies' can be wrapped in single quotes instead of double quotes
   ┌─ src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:80:24
   │
80 │             intoLayer("dependencies")
   │                        ^^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The String 'dependencies' can be wrapped in single quotes instead of double quotes
   ┌─ src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:82:25
   │
82 │         layerOrder = [ "dependencies", "spring-boot-loader", "module-dependencies", "application" ]
   │                         ^^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The String 'spring-boot-loader' can be wrapped in single quotes instead of double quotes
   ┌─ src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:82:41
   │
82 │         layerOrder = [ "dependencies", "spring-boot-loader", "module-dependencies", "application" ]
   │                                         ^^^^^^^^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The String 'module-dependencies' can be wrapped in single quotes instead of double quotes
   ┌─ src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:82:63
   │
82 │         layerOrder = [ "dependencies", "spring-boot-loader", "module-dependencies", "application" ]
   │                                                               ^^^^^^^^^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The String 'application' can be wrapped in single quotes instead of double quotes
   ┌─ src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:82:86
   │
82 │         layerOrder = [ "dependencies", "spring-boot-loader", "module-dependencies", "application" ]
   │                                                                                      ^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: Class should be marked with one of @GrailsCompileStatic, @CompileStatic or @CompileDynamic
 = Check that classes are explicitely annotated with ei

(Truncated to 5714 characters out of 7255)

⚠️ CSHARP / roslynator - 1 error

Results of roslynator linter (version 0.11.0.0)
See documentation on https://megalinter.io/9.2.0/descriptors/csharp_roslynator/
-----------------------------------------------

❌ [ERROR] tests/chaos/tester/tester.csproj
    Loading project 'tests/chaos/tester/tester.csproj'...
    Analyze 'tester'
    System.AggregateException: One or more errors occurred. (Could not load file or assembly 'System.Composition.AttributedModel, Version=9.0.0.9, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'. The system cannot find the file specified.
    )
     ---> System.IO.FileNotFoundException: Could not load file or assembly 'System.Composition.AttributedModel, Version=9.0.0.9, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'. The system cannot find the file specified.
    
    File name: 'System.Composition.AttributedModel, Version=9.0.0.9, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'
       at System.ModuleHandle.ResolveType(QCallModule module, Int32 typeToken, IntPtr* typeInstArgs, Int32 typeInstCount, IntPtr* methodInstArgs, Int32 methodInstCount, ObjectHandleOnStack type)
       at System.ModuleHandle.ResolveTypeHandle(Int32 typeToken, RuntimeTypeHandle[] typeInstantiationContext, RuntimeTypeHandle[] methodInstantiationContext)
       at System.Reflection.RuntimeModule.ResolveType(Int32 metadataToken, Type[] genericTypeArguments, Type[] genericMethodArguments)
       at System.Reflection.CustomAttribute.FilterCustomAttributeRecord(MetadataToken caCtorToken, MetadataImport& scope, RuntimeModule decoratedModule, MetadataToken decoratedToken, RuntimeType attributeFilterType, Boolean mustBeInheritable, ListBuilder`1& derivedAttributes, RuntimeType& attributeType, IRuntimeMethodInfo& ctorWithParameters, Boolean& isVarArg)
       at System.Reflection.CustomAttribute.AddCustomAttributes(ListBuilder`1& attributes, RuntimeModule decoratedModule, Int32 decoratedMetadataToken, RuntimeType attributeFilterType, Boolean mustBeInheritable, ListBuilder`1 derivedAttributes)
       at System.Reflection.CustomAttribute.GetCustomAttributes(RuntimeModule decoratedModule, Int32 decoratedMetadataToken, Int32 pcaCount, RuntimeType attributeFilterType)
       at System.Reflection.CustomAttribute.GetCustomAttributes(RuntimeType type, RuntimeType caType, Boolean inherit)
       at System.Attribute.GetCustomAttributes(MemberInfo element, Type attributeType, Boolean inherit)
       at Roslynator.AnalyzerAssembly.Load(Assembly analyzerAssembly, Boolean loadAnalyzers, Boolean loadFixers, String language) in /_/src/Workspaces.Core/AnalyzerAssembly.cs:line 129
       at Roslynator.AnalyzerLoader.GetAnalyzersAndFixers(Project project, Boolean loadFixers) in /_/src/Workspaces.Core/AnalyzerLoader.cs:line 112
       at Roslynator.AnalyzerLoader.GetAnalyzers(Project project) in /_/src/Workspaces.Core/AnalyzerLoader.cs:line 55
       at Roslynator.Diagnostics.CodeAnalyzer.AnalyzeProjectCoreAsync(Project project, CancellationToken cancellationToken) in /_/src/Workspaces.Core/Diagnostics/CodeAnalyzer.cs:line 124
       at Roslynator.Diagnostics.CodeAnalyzer.AnalyzeProjectAsync(Project project, CancellationToken cancellationToken) in /_/src/Workspaces.Core/Diagnostics/CodeAnalyzer.cs:line 99
       at Roslynator.CommandLine.AnalyzeCommand.ExecuteAsync(ProjectOrSolution projectOrSolution, CancellationToken cancellationToken) in /_/src/CommandLine/Commands/AnalyzeCommand.cs:line 73
       at Roslynator.CommandLine.MSBuildWorkspaceCommand`1.ExecuteAsync(String path, MSBuildWorkspace workspace, CancellationToken cancellationToken) in /_/src/CommandLine/Commands/MSBuildWorkspaceCommand.cs:line 164
       at Roslynator.CommandLine.MSBuildWorkspaceCommand`1.ExecuteAsync(IEnumerable`1 paths, String msbuildPath, IEnumerable`1 properties) in /_/src/CommandLine/Commands/MSBuildWorkspaceCommand.cs:line 89
       at Roslynator.CommandLine.Program.AnalyzeAsync(AnalyzeCommandLineOptions options) in /_/src/CommandLine/Program.cs:line 346
       --- End of inner exception stack trace ---
       at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
       at Roslynator.CommandLine.Program.<>c.<Main>b__0_3(MSBuildCommandLineOptions options) in /_/src/CommandLine/Program.cs:line 175
       at CommandLine.ParserResultExtensions.MapResult[T1,T2,TResult](ParserResult`1 result, Func`2 parsedFunc1, Func`2 parsedFunc2, Func`2 notParsedFunc)
       at Roslynator.CommandLine.Program.Main(String[] args) in /_/src/CommandLine/Program.cs:line 169

⚠️ BASH / shfmt - 1 error

diff src/gradlew.orig src/gradlew
--- src/gradlew.orig
+++ src/gradlew
@@ -71,15 +71,15 @@
 
 # Need this for daisy-chained symlinks.
 while
-	APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
-	[ -h "$app_path" ]
+  APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
+  [ -h "$app_path" ]
 do
-	ls=$(ls -ld "$app_path")
-	link=${ls#*' -> '}
-	case $link in         #(
-	/*) app_path=$link ;; #(
-	*) app_path=$APP_HOME$link ;;
-	esac
+  ls=$(ls -ld "$app_path")
+  link=${ls#*' -> '}
+  case $link in         #(
+  /*) app_path=$link ;; #(
+  *) app_path=$APP_HOME$link ;;
+  esac
 done
 
 # This is normally unused
@@ -92,14 +92,14 @@
 MAX_FD=maximum
 
 warn() {
-	echo "$*"
+  echo "$*"
 } >&2
 
 die() {
-	echo
-	echo "$*"
-	echo
-	exit 1
+  echo
+  echo "$*"
+  echo
+  exit 1
 } >&2
 
 # OS specific support (must be 'true' or 'false').
@@ -116,47 +116,47 @@
 
 # Determine the Java command to use to start the JVM.
 if [ -n "$JAVA_HOME" ]; then
-	if [ -x "$JAVA_HOME/jre/sh/java" ]; then
-		# IBM's JDK on AIX uses strange locations for the executables
-		JAVACMD=$JAVA_HOME/jre/sh/java
-	else
-		JAVACMD=$JAVA_HOME/bin/java
-	fi
-	if [ ! -x "$JAVACMD" ]; then
-		die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
-
-Please set the JAVA_HOME variable in your environment to match the
-location of your Java installation."
-	fi
+  if [ -x "$JAVA_HOME/jre/sh/java" ]; then
+    # IBM's JDK on AIX uses strange locations for the executables
+    JAVACMD=$JAVA_HOME/jre/sh/java
+  else
+    JAVACMD=$JAVA_HOME/bin/java
+  fi
+  if [ ! -x "$JAVACMD" ]; then
+    die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+  fi
 else
-	JAVACMD=java
-	if ! command -v java >/dev/null 2>&1; then
-		die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-
-Please set the JAVA_HOME variable in your environment to match the
-location of your Java installation."
-	fi
+  JAVACMD=java
+  if ! command -v java >/dev/null 2>&1; then
+    die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+  fi
 fi
 
 # Increase the maximum file descriptors if we can.
 if ! "$cygwin" && ! "$darwin" && ! "$nonstop"; then
-	case $MAX_FD in #(
-	max*)
-		# In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
-		# shellcheck disable=SC2039,SC3045
-		MAX_FD=$(ulimit -H -n) ||
-			warn "Could not query maximum file descriptor limit"
-		;;
-	esac
-	case $MAX_FD in #(
-	'' | soft) : ;; #(
-	*)
-		# In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
-		# shellcheck disable=SC2039,SC3045
-		ulimit -n "$MAX_FD" ||
-			warn "Could not set maximum file descriptor limit to $MAX_FD"
-		;;
-	esac
+  case $MAX_FD in #(
+  max*)
+    # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+    # shellcheck disable=SC2039,SC3045
+    MAX_FD=$(ulimit -H -n) ||
+      warn "Could not query maximum file descriptor limit"
+    ;;
+  esac
+  case $MAX_FD in #(
+  '' | soft) : ;; #(
+  *)
+    # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+    # shellcheck disable=SC2039,SC3045
+    ulimit -n "$MAX_FD" ||
+      warn "Could not set maximum file descriptor limit to $MAX_FD"
+    ;;
+  esac
 fi
 
 # Collect all arguments for the java command, stacking in reverse order:
@@ -169,34 +169,34 @@
 
 # For Cygwin or MSYS, switch paths to Windows format before running java
 if "$cygwin" || "$msys"; then
-	APP_HOME=$(cygpath --path --mixed "$APP_HOME")
-
-	JAVACMD=$(cygpath --unix "$JAVACMD")
-
-	# Now convert the arguments - kludge to limit ourselves to /bin/sh
-	for arg; do
-		if
-			case $arg in #(
-			-*) false ;; # don't mess with options #(
-			/?*)
-				t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
-				[ -e "$t" ]
-				;; #(
-			*) false ;;
-			esac
-		then
-			arg=$(cygpath --path --ignore --mixed "$arg")
-		fi
-		# Roll the args list around exactly as many times as the number of
-		# args, so each arg winds up back in the position where it started, but
-		# possibly modified.
-		#
-		# NB: a `for` loop captures its iteration list before it begins, so
-		# changing the positional parameters here affects neither the number of
-		# iterations, nor the values presented in `arg`.
-		shift              # remove old arg
-		set -- "$@" "$arg" # push replacement arg
-	done
+  APP_HOME=$(cygpath --path --mixed "$APP_HOME")
+
+  JAVACMD=$(cygpath --unix "$JAVACMD")
+
+  # Now convert the arguments - kludge to limit ourselves to /bin/sh
+  for arg; do
+    if
+      case $arg in #(
+      -*) false ;; # don't mess with options #(
+      /?*)
+        t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
+        [ -e "$t" ]
+        ;; #(
+      *) false ;;
+      esac
+    then
+      arg=$(cygpath --path --ignore --mixed "$arg")
+    fi
+    # Roll the args list around exactly as many times as the number of
+    # args, so each arg winds up back in the position where it started, but
+    # possibly modified.
+    #
+    # NB: a `for` loop captures its iteration list before it begins, so
+    # changing the positional parameters here affects neither the number of
+    # iterations, nor the values presented in `arg`.
+    shift              # remove old arg
+    set -- "$@" "$arg" # push replacement arg
+  done
 fi
 
 # Add default JVM options here. You can also use JAV

(Truncated to 5714 characters out of 6627)

⚠️ REPOSITORY / trivy - 19 errors

error: Package: urllib3
Installed Version: 2.5.0
Vulnerability CVE-2025-66418
Severity: HIGH
Fixed Version: 2.6.0
Link: [CVE-2025-66418](https://avd.aquasec.com/nvd/cve-2025-66418)
    ┌─ docs/requirements.txt:318:1
    │
318 │ urllib3==2.5.0 \
    │ ^
    │
    = urllib3 is a user-friendly HTTP client library for Python. Starting in ...
    = urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.

error: Package: urllib3
Installed Version: 2.5.0
Vulnerability CVE-2025-66471
Severity: HIGH
Fixed Version: 2.6.0
Link: [CVE-2025-66471](https://avd.aquasec.com/nvd/cve-2025-66471)
    ┌─ docs/requirements.txt:318:1
    │
318 │ urllib3==2.5.0 \
    │ ^
    │
    = urllib3 is a user-friendly HTTP client library for Python. Starting in ...
    = urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.

error: Package: form-data
Installed Version: 2.3.3
Vulnerability CVE-2025-7783
Severity: CRITICAL
Fixed Version: 2.5.4, 3.0.4, 4.0.4
Link: [CVE-2025-7783](https://avd.aquasec.com/nvd/cve-2025-7783)
    ┌─ src/list/frontend/tests/e2e/package-lock.json:922:1
    │  
922 │ ╭     "node_modules/form-data": {
923 │ │       "version": "2.3.3",
924 │ │       "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz",
925 │ │       "integrity": "sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==",
    · │
935 │ │       }
936 │ │     },
    │ ╰^
    │  
    = form-data: Unsafe random function in form-data
    = Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.
      
      This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

error: Package: braces
Installed Version: 2.3.2
Vulnerability CVE-2024-4068
Severity: HIGH
Fixed Version: 3.0.3
Link: [CVE-2024-4068](https://avd.aquasec.com/nvd/cve-2024-4068)
      ┌─ src/list/package-lock.json:20539:1
      │  
20539 │ ╭     "node_modules/jscodeshift/node_modules/braces": {
20540 │ │       "version": "2.3.2",
20541 │ │       "license": "MIT",
20542 │ │       "optional": true,
      · │
20557 │ │       }
20558 │ │     },
      │ ╰^
      │  
      = braces: fails to limit the number of characters it can handle
      = The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

error: Package: cross-spawn
Installed Version: 6.0.5
Vulnerability CVE-2024-21538
Severity: HIGH
Fixed Version: 7.0.5, 6.0.6
Link: [CVE-2024-21538](https://avd.aquasec.com/nvd/cve-2024-21538)
      ┌─ src/list/package-lock.json:13811:1
      │  
13811 │ ╭     "node_modules/execa/node_modules/cross-spawn": {
13812 │ │       "version": "6.0.5",
13813 │ │       "devOptional": true,
13814 │ │       "license": "MIT",
      · │
13824 │ │       }
13825 │ │     },
      │ ╰^
      │  
      = cross-spawn: regular expression denial of service
      = Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

error: Package: cross-spawn
Installed Version: 7.0.3
Vulnerability CVE-2024-21538
Severity: HIGH
Fixed Version: 7.0.5, 6.0.6
Link: [CVE-2024-21538](https://avd.aquasec.com/nvd/cve-2024-21538)
      ┌─ src/list/package-lock.json:11420:1
      │  
11420 │ ╭     "node_modules/cross-spawn": {
11421 │ │       "version": "7.0.3",
11422 │ │       "devOptional": true,
11423 │ │       "license": "MIT",
      · │
11431 │ │       }
11432 │ │     },
      │ ╰^
      │  
      = cross-spawn: regular expression denial of service
      = Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

error: Package: jws
Installed Version: 3.2.2
Vulnerability CVE-2025-65945
Severity: HIGH
Fi

(Truncated to 5714 characters out of 15865)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx [email protected] --custom-flavor-setup --custom-flavor-linters PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_RUFF,ACTION_ACTIONLINT,BASH_EXEC,BASH_SHELLCHECK,BASH_SHFMT,CSHARP_CSHARPIER,CSHARP_ROSLYNATOR,CSS_STYLELINT,DOCKERFILE_HADOLINT,EDITORCONFIG_EDITORCONFIG_CHECKER,ENV_DOTENV_LINTER,GROOVY_NPM_GROOVY_LINT,HTML_DJLINT,HTML_HTMLHINT,JAVA_CHECKSTYLE,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_KICS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,XML_XMLLINT,YAML_PRETTIER