Skip to content

deps(deps): update davidanson/markdownlint-cli2-action action to v20 #86

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 18, 2025
Merged

deps(deps): update davidanson/markdownlint-cli2-action action to v20 #86

merged 1 commit into from
May 18, 2025

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 15, 2025

This PR contains the following updates:

Package Type Update Change
DavidAnson/markdownlint-cli2-action action major v19.1.0 -> v20.0.0

Release Notes

DavidAnson/markdownlint-cli2-action (DavidAnson/markdownlint-cli2-action)

v20.0.0: Update markdownlint version (markdownlint-cli2 v0.18.1, markdownlint v0.38.0).

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot enabled auto-merge (squash) May 15, 2025 07:19
@renovate renovate bot requested a review from lotyp as a code owner May 15, 2025 07:19
@github-actions github-actions bot added the type: maintenance For maintenance, refactor and testing (perf, chore, style, revert, refactor, test, build, ci) label May 15, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 15, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:8124f5e2ddf9a4985ca653c7bd4bb0132eef4316aaf2975181a5f6a9d0f14ced
vulnerabilitiescritical: 1 high: 4 medium: 0 low: 0
platformlinux/amd64
size104 MB
packages248
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.3
  • latest
digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 1 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/[email protected]

critical : CVE--2025--22871

Affected range<1.23.8
Fixed version1.23.8
EPSS Score0.016%
EPSS Percentile2nd percentile
Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.050%
EPSS Percentile16th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.108%
EPSS Percentile30th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.200%
EPSS Percentile43rd percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.123%
EPSS Percentile33rd percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 15, 2025
edited
Loading

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.21.3
Digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed3 months ago
Size3.6 MB
Packages19
OS3.21.3
The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 15, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:8124f5e2ddf9a4985ca653c7bd4bb0132eef4316aaf2975181a5f6a9d0f14ced
vulnerabilitiescritical: 1 high: 4 medium: 0 low: 0
platformlinux/amd64
size104 MB
packages248
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.3
  • latest
digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 1 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/[email protected]

critical : CVE--2025--22871

Affected range<1.23.8
Fixed version1.23.8
EPSS Score0.016%
EPSS Percentile2nd percentile
Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.050%
EPSS Percentile16th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.108%
EPSS Percentile30th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.200%
EPSS Percentile43rd percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.123%
EPSS Percentile33rd percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 15, 2025
edited
Loading

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.21.3
Digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed3 months ago
Size3.6 MB
Packages19
OS3.21.3
The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

@renovate renovate bot force-pushed the renovate/davidanson-markdownlint-cli2-action-20.x branch from a292eb4 to a3af87f Compare May 18, 2025 18:09
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 18, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:8124f5e2ddf9a4985ca653c7bd4bb0132eef4316aaf2975181a5f6a9d0f14ced
vulnerabilitiescritical: 1 high: 4 medium: 0 low: 0
platformlinux/amd64
size104 MB
packages248
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.3
  • latest
digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 1 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/[email protected]

critical : CVE--2025--22871

Affected range<1.23.8
Fixed version1.23.8
EPSS Score0.018%
EPSS Percentile3rd percentile
Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.054%
EPSS Percentile17th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.108%
EPSS Percentile30th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.200%
EPSS Percentile43rd percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.127%
EPSS Percentile33rd percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 18, 2025
edited
Loading

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.21.3
Digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed3 months ago
Size3.6 MB
Packages19
OS3.21.3
The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

@github-actions GitHub Actions
Copy link
Contributor

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:8124f5e2ddf9a4985ca653c7bd4bb0132eef4316aaf2975181a5f6a9d0f14ced
vulnerabilitiescritical: 1 high: 4 medium: 0 low: 0
platformlinux/amd64
size104 MB
packages248
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.3
  • latest
digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 1 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/[email protected]

critical : CVE--2025--22871

Affected range<1.23.8
Fixed version1.23.8
EPSS Score0.018%
EPSS Percentile3rd percentile
Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.054%
EPSS Percentile17th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.108%
EPSS Percentile30th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.200%
EPSS Percentile43rd percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.127%
EPSS Percentile33rd percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

@github-actions GitHub Actions
Copy link
Contributor

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.21.3
Digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed3 months ago
Size3.6 MB
Packages19
OS3.21.3
The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

@way-finder-bot way-finder-bot self-requested a review May 18, 2025 18:10
@way-finder-bot way-finder-bot self-assigned this May 18, 2025
@renovate renovate bot merged commit b3d5b64 into master May 18, 2025
8 of 9 checks passed
@renovate renovate bot deleted the renovate/davidanson-markdownlint-cli2-action-20.x branch May 18, 2025 18:10
@lotyp lotyp mentioned this pull request May 18, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@way-finder-bot way-finder-bot way-finder-bot approved these changes

@lotyp lotyp Awaiting requested review from lotyp lotyp is a code owner

Assignees

@way-finder-bot way-finder-bot

Labels
type: maintenance For maintenance, refactor and testing (perf, chore, style, revert, refactor, test, build, ci)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@way-finder-bot