Bump actions/upload-artifact from 6.0.0 to 7.0.1

[dependabot]

Bumps actions/upload-artifact from 6.0.0 to 7.0.1.

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

• Update the readme with direct upload details by @​danwkennedy in actions/upload-artifact#795
• Readme: bump all the example versions to v7 by @​danwkennedy in actions/upload-artifact#796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in actions/upload-artifact#754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in actions/upload-artifact#762
• Support direct file uploads by @​danwkennedy in actions/upload-artifact#764

New Contributors

• @​Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

• 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
• 634250c Include changes in typespec/ts-http-runtime 0.3.5
• e454baa Readme: bump all the example versions to v7 (#796)
• 74fad66 Update the readme with direct upload details (#795)
• bbbca2d Support direct file uploads (#764)
• 589182c Upgrade the module to ESM and bump dependencies (#762)
• 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
• 02a8460 Add proxy integration test
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	3		0	0	0.06s
❌ COPYPASTE	jscpd	yes		3	no	2.11s
✅ CSS	stylelint	1		0	0	3.69s
✅ HTML	htmlhint	4		0	0	0.22s
✅ JAVASCRIPT	standard	1		0	0	1.19s
✅ JSON	jsonlint	1		0	0	0.1s
✅ JSON	v8r	1		0	0	2.72s
⚠️ MARKDOWN	markdownlint	18		11	0	0.77s
✅ MARKDOWN	markdown-table-formatter	18		0	0	0.22s
❌ REPOSITORY	checkov	yes		1	no	22.6s
❌ REPOSITORY	devskim	yes		1	no	2.15s
✅ REPOSITORY	dustilock	yes		no	no	0.01s
✅ REPOSITORY	gitleaks	yes		no	no	0.23s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
❌ REPOSITORY	grype	yes		35	no	44.29s
❌ REPOSITORY	kics	yes		5	no	2.5s
❌ REPOSITORY	secretlint	yes		1	no	1.38s
✅ REPOSITORY	syft	yes		no	no	1.44s
❌ REPOSITORY	trivy	yes		1	no	11.49s
✅ REPOSITORY	trivy-sbom	yes		no	no	2.11s
✅ REPOSITORY	trufflehog	yes		no	no	5.23s
❌ SPELL	lychee	38		5	0	23.46s
✅ YAML	v8r	15		0	0	7.32s
❌ YAML	yamllint	15		2	0	0.55s

Detailed Issues

❌ REPOSITORY / checkov - 1 error

secrets scan results:

Passed checks: 0, Failed checks: 1, Skipped checks: 0

Check: CKV_SECRET_4: "Basic Auth Credentials"
	FAILED for resource: HIDDEN_BY_MEGALINTER	File: /test/dummy/config/database.yml:80-81
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-4

		80 | #   DATABASE_URL="postgres://myuser:m**********@localhost/somedatabase"

github_actions scan results:

Passed checks: 83, Failed checks: 0, Skipped checks: 0

❌ REPOSITORY / devskim - 1 error

{"$schema":"https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.6.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"devskim","fullName":"Microsoft DevSkim Command Line Interface","version":"1.0.67+1c44622c1f","informationUri":"https://github.com/microsoft/DevSkim/","rules":[{"id":"DS176209","name":"SuspiciousComment","fullDescription":{"text":"Suspicious comment: A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality"},"help":{"text":"A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality","markdown":"Visit [https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md](https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md) for additional guidance on this issue."},"shortDescription":{"text":"A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality"},"defaultConfiguration":{"level":"note"},"helpUri":"https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md","properties":{"precision":"high","problem.severity":"recommendation","DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"id":"DS162092","name":"DoNotLeaveDebugCodeInProduction","fullDescription":{"text":"Do not leave debug code in production: Accessing localhost could indicate debug code, or could hinder scaling."},"help":{"text":"Accessing localhost could indicate debug code, or could hinder scaling.","markdown":"Visit [https://github.com/Microsoft/DevSkim/blob/main/guidance/DS162092.md](https://github.com/Microsoft/DevSkim/blob/main/guidance/DS162092.md) for additional guidance on this issue."},"shortDescription":{"text":"Accessing localhost could indicate debug code, or could hinder scaling."},"defaultConfiguration":{"level":"note"},"helpUri":"https://github.com/Microsoft/DevSkim/blob/main/guidance/DS162092.md","properties":{"precision":"high","problem.severity":"recommendation","DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}}]}},"versionControlProvenance":[{"repositoryUri":"https://github.com/HealthDataInsight/structured_store","revisionId":"HIDDEN_BY_MEGALINTER","branch":"(no branch)"}],"results":[{"ruleId":"DS162092","level":"note","message":{"text":"Do not leave debug code in production"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"test/dummy/config/database.yml"},"region":{"startLine":69,"startColumn":8,"endLine":69,"endColumn":17,"charOffset":2208,"charLength":9,"snippet":{"text":"localhost","rendered":{"text":"localhost","markdown":"`localhost`"}},"sourceLanguage":"yaml"}}}],"properties":{"tags":["Hygiene.Network.AccessingLocalhost"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS162092","level":"note","message":{"text":"Do not leave debug code in production"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"test/dummy/config/database.yml"},"region":{"startLine":28,"startColumn":8,"endLine":28,"endColumn":17,"charOffset":798,"charLength":9,"snippet":{"text":"localhost","rendered":{"text":"localhost","markdown":"`localhost`"}},"sourceLanguage":"yaml"}}}],"properties":{"tags":["Hygiene.Network.AccessingLocalhost"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS176209","level":"note","message":{"text":"Suspicious comment"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"lib/structured_store/schema_inspector.rb"},"region":{"startLine":49,"startColumn":12,"endLine":49,"endColumn":16,"charOffset":1346,"charLength":4,"snippet":{"text":"TODO","rendered":{"text":"TODO","markdown":"`TODO`"}},"sourceLanguage":"ruby"}}}],"properties":{"tags":["Hygiene.Comment.Suspicious"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS162092","level":"note","message":{"text":"Do not leave debug code in production"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":".github/workflows/ci.yml"},"region":{"startLine":51,"startColumn":47,"endLine":51,"endColumn":56,"charOffset":1

(Truncated to 4000 characters out of 4290)

❌ REPOSITORY / grype - 35 errors

[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) from=syft
NAME           INSTALLED                   FIXED IN  TYPE  VULNERABILITY        SEVERITY  EPSS           RISK   
rack           3.2.3                       3.2.5     gem   GHSA-mxw3-3hh2-x2mh  High      0.1% (27th)    < 0.1  
rack           3.2.3                       3.2.6     gem   GHSA-g2pf-xv49-m2h5  Medium    0.1% (28th)    < 0.1  
rack           3.2.3                       3.2.6     gem   GHSA-8vqr-qjwx-82mw  High      < 0.1% (17th)  < 0.1  
rack           3.2.3                       3.2.6     gem   GHSA-v6x5-cg8r-vv6x  High      < 0.1% (17th)  < 0.1  
rack           3.2.3                       3.2.6     gem   GHSA-h2jq-g4cq-5ppq  High      < 0.1% (12th)  < 0.1  
addressable    2.8.7                       2.9.0     gem   GHSA-h27x-rffw-24p4  High      < 0.1% (12th)  < 0.1  
rack-session   2.1.1                       2.1.2     gem   GHSA-33qg-7wpp-89cq  Critical  < 0.1% (8th)   < 0.1  
rack           3.2.3                       3.2.6     gem   GHSA-v569-hp3g-36wr  Medium    < 0.1% (15th)  < 0.1  
rack           3.2.3                       3.2.6     gem   GHSA-x8cg-fq8g-mxfx  Medium    < 0.1% (15th)  < 0.1  
activestorage  7.2.3                       7.2.3.1   gem   GHSA-9xrj-h377-fr87  High      < 0.1% (9th)   < 0.1  
rack           3.2.3                       3.2.6     gem   GHSA-rx22-g9mx-qrhv  Medium    < 0.1% (15th)  < 0.1  
rack           3.2.3                       3.2.6     gem   GHSA-qv7j-4883-hwh7  Medium    < 0.1% (12th)  < 0.1  
json           2.18.0                      2.19.2    gem   GHSA-3m6g-2423-7cp3  High      < 0.1% (7th)   < 0.1  
rack           3.2.3                       3.2.6     gem   GHSA-q4qf-9j86-f5mh  Medium    < 0.1% (11th)  < 0.1  
rack           3.2.3                       3.2.6     gem   GHSA-7mqq-6cf9-v2qp  Medium    < 0.1% (10th)  < 0.1  
rack           3.2.3                       3.2.6     gem   GHSA-q2ww-5357-x388  Medium    < 0.1% (10th)  < 0.1  
rack           3.2.3                       3.2.6     gem   GHSA-qfgr-crr9-7r49  Medium    < 0.1% (10th)  < 0.1  
activestorage  7.2.3                       7.2.3.1   gem   GHSA-73f9-jhhh-hr5m  Medium    < 0.1% (7th)   < 0.1  
activestorage  7.2.3                       7.2.3.1   gem   GHSA-p9fm-f462-ggrg  Low       < 0.1% (15th)  < 0.1  
rack           3.2.3                       3.2.6     gem   GHSA-vgpv-f759-9wx3  Low       < 0.1% (11th)  < 0.1  
activestorage  7.2.3                       7.2.3.1   gem   GHSA-r46p-8f7g-vvvg  Medium    < 0.1% (5th)   < 0.1  
activesupport  7.2.3                       7.2.3.1   gem   GHSA-2j26-frm8-cmj9  Medium    < 0.1% (5th)   < 0.1  
activesupport  7.2.3                       7.2.3.1   gem   GHSA-cg4j-q9v8-6v38  Medium    < 0.1% (4th)   < 0.1  
rack           3.2.3                       3.2.5     gem   GHSA-whrj-4476-wvmp  Medium    < 0.1% (5th)   < 0.1  
activestorage  7.2.3                       7.2.3.1   gem   GHSA-qcfx-2mfw-w4cg  Medium    < 0.1% (2nd)   < 0.1  
activesupport  7.2.3                       7.2.3.1   gem   GHSA-89vf-4333-qx8v  Medium    < 0.1% (2nd)   < 0.1  
actionview     7.2.3                       7.2.3.1   gem   GHSA-v55j-83pf-r9cq  Low       < 0.1% (6th)   < 0.1  
nokogiri       1.18.10-aarch64-linux-gnu   1.19.1    gem   GHSA-wx95-c6cv-8532  Medium    N/A            N/A    
nokogiri       1.18.10-aarch64-linux-musl  1.19.1    gem   GHSA-wx95-c6cv-8532  Medium    N/A            N/A    
nokogiri       1.18.10-arm-linux-gnu       1.19.1    gem   GHSA-wx95-c6cv-8532  Medium    N/A            N/A    
nokogiri       1.18.10-arm-linux-musl      1.19.1    gem   GHSA-wx95-c6cv-8532  Medium    N/A            N/A    
nokogiri       1.18.10-arm64-darwin        1.19.1    gem   GHSA-wx95-c6cv-8532  Medium    N/A            N/A    
nokogiri       1.18.10-x86_64-darwin       1.19.1    gem   GHSA-wx95-c6cv-8532  Medium    N/A            N/A    
nokogiri     

(Truncated to 4000 characters out of 4283)

❌ COPYPASTE / jscpd - 3 errors

Clone found (ruby):
 - test/dummy/test/ref_resolvers/blank_ref_resolver_test.rb [32:13 - 48:13] (16 lines, 99 tokens)
   test/dummy/test/ref_resolvers/definitions_resolver_test.rb [23:13 - 39:14]

Clone found (ruby):
 - test/dummy/test/models/example_record_test.rb [115:2 - 136:35] (21 lines, 178 tokens)
   test/dummy/test/models/example_record_test.rb [72:2 - 93:52]

Clone found (ruby):
 - test/dummy/test/models/example_record_test.rb [139:5 - 155:4] (16 lines, 133 tokens)
   test/dummy/test/models/example_record_test.rb [98:5 - 115:5]

┌────────────┬────────────────┬─────────────┬──────────────┬──────────────┬──────────────────┬───────────────────┐
│ Format     │ Files analyzed │ Total lines │ Total tokens │ Clones found │ Duplicated lines │ Duplicated tokens │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ javascript │ 1              │ 25          │ 50           │ 0            │ 0 (0%)           │ 0 (0%)            │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ ruby       │ 72             │ 3846        │ 23689        │ 3            │ 53 (1.38%)       │ 410 (1.73%)       │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ Total:     │ 73             │ 3871        │ 23739        │ 3            │ 53 (1.37%)       │ 410 (1.73%)       │
└────────────┴────────────────┴─────────────┴──────────────┴──────────────┴──────────────────┴───────────────────┘
Found 3 clones.
HTML report saved to megalinter-reports/copy-paste/html/
ERROR: jscpd found too many duplicates (1.37%) over threshold (0%)
Error: ERROR: jscpd found too many duplicates (1.37%) over threshold (0%)
    at ThresholdReporter.report (/node-deps/node_modules/@jscpd/finder/dist/index.js:612:13)
    at /node-deps/node_modules/@jscpd/finder/dist/index.js:110:18
    at Array.forEach (<anonymous>)
    at /node-deps/node_modules/@jscpd/finder/dist/index.js:109:22
    at async /node-deps/node_modules/jscpd/dist/jscpd.js:351:5

❌ REPOSITORY / kics - 5 errors

MLLLLLM             MLLLLLLLLL   LLLLLLL             KLLLLLLLLLLLLLLLL       LLLLLLLLLLLLLLLLLLLLLLL 
   MMMMMMM           MMMMMMMMMML    MMMMMMMK       LMMMMMMMMMMMMMMMMMMMML   KLMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM         MMMMMMMMML       MMMMMMMK     LMMMMMMMMMMMMMMMMMMMMMML  LMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM      MMMMMMMMMML         MMMMMMMK   LMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM    LMMMMMMMMML           MMMMMMMK  LMMMMMMMMMLLMLLLLLLLLLLLLLL LMMMMMMMLLLLLLLLLLLLLLLLLLLLM 
   MMMMMMM  MMMMMMMMMLM             MMMMMMMK LMMMMMMMM                    LMMMMMML                      
   MMMMMMMLMMMMMMMML                MMMMMMMK MMMMMMML                     LMMMMMMMMLLLLLLLLLLLLLMLL     
   MMMMMMMMMMMMMMMM                 MMMMMMMK MMMMMML                       LMMMMMMMMMMMMMMMMMMMMMMMMML  
   MMMMMMMMMMMMMMMMMM               MMMMMMMK MMMMMMM                         LMMMMMMMMMMMMMMMMMMMMMMMML 
   MMMMMMM KLMMMMMMMMML             MMMMMMMK LMMMMMMM                                          MMMMMMMML
   MMMMMMM    LMMMMMMMMMM           MMMMMMMK LMMMMMMMMLL                                        MMMMMMML
   MMMMMMM      LMMMMMMMMMLL        MMMMMMMK  LMMMMMMMMMMMMMMMMMMMMMMMMML LLLLLLLLLLLLLLLLLLLLMMMMMMMMMM
   MMMMMMM        MMMMMMMMMMML      MMMMMMMK   MMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM          LLMMMMMMMMML    MMMMMMMK     LLMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMML  
   MMMMMMM             MMMMMMMMMML  MMMMMMMK         KLMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMLK    
                                                                                                            
                                                                                                                                                                                                                                                                                                                        


Scanning with Keeping Infrastructure as Code Secure v2.1.18





Unpinned Actions Full Length Commit SHA, Severity: LOW, Results: 3
Description: Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
Platform: CICD
CWE: 829
Risk Score: 4.1
Learn more about this vulnerability: https://docs.kics.io/latest/queries/cicd-queries/555ab8f9-2001-455e-a077-f2d0f41e2fb9

	[1]: .github/workflows/mega-linter.yml:45

		044:         # More info at https://megalinter.io/flavors/
		045:         uses: oxsecurity/megalinter@v9.3.0
		046:         env:


	[2]: .github/workflows/ci.yml:25

		024:       - name: Set up Ruby
		025:         uses: ruby/setup-ruby@v1.288.0
		026:         with:


	[3]: .github/workflows/ci.yml:63

		062:       - name: Set up Ruby
		063:         uses: ruby/setup-ruby@v1.288.0
		064:         with:


Passwords And Secrets - Password in URL, Severity: HIGH, Results: 1
Description: Query to find passwords and secrets in infrastructure code.
Platform: Common
CWE: 798
Risk Score: 7.8
Learn more about this vulnerability: https://docs.kics.io/latest/queries/common-queries/a88baa34-e2ad-44ea-ad6f-8cac87bc7c71

	[1]: .github/workflows/ci.yml:51

		050:       CI: true
		051:       DATABASE_URL: <SECRET-MASKED-ON-PURPOSE>:5432/rails_test"
		052:       RAILS_ENV: test


Passwords And Secrets - Generic Password, Severity: HIGH, Results: 1
Description: Query to find passwords and secrets in infrastructure code.
Platform: Common
CWE: 798
Risk Score: 7.8
Learn more about this vulnerability: https://docs.kics.io/latest/queries/common-queries/a88baa34-e2ad-44ea-ad6f-8cac87bc7c71

	[1]: .github/workflows/ci.yml:41

		040:           POST

(Truncated to 4000 characters out of 4252)

❌ SPELL / lychee - 5 errors

[IGNORED] redis://localhost:6379/0 | Unsupported: Error creating request client: builder error for url (redis://localhost:6379/0)
[IGNORED] postgres://rails:password@localhost:5432/rails_test | Unsupported: Error creating request client: builder error for url (postgres://localhost:5432/rails_test)
[404] https://megalinter.io/flavors/ | Network error: Not Found
[404] https://megalinter.io/configuration/ | Network error: Not Found
[404] https://megalinter.io/configuration/ | Network error: Not Found
[ERROR] file://docs/way_of_working/CODE_OF_CONDUCT.md | Cannot find file
[IGNORED] postgres://myuser:mypass@localhost/somedatabase | Unsupported: Error creating request client: builder error for url (postgres://localhost/somedatabase)
[ERROR] https://gds-way.cloudapps.digital/standards/architecture-decisions.html | Network error: error sending request for url (https://gds-way.cloudapps.digital/standards/architecture-decisions.html) Maybe a certificate error?
📝 Summary
---------------------
🔍 Total..........152
✅ Successful.....143
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........1
❓ Unknown..........0
🚫 Errors...........5

Errors in docs/way_of_working/decision-records.md
[ERROR] https://gds-way.cloudapps.digital/standards/architecture-decisions.html | Network error: error sending request for url (https://gds-way.cloudapps.digital/standards/architecture-decisions.html) Maybe a certificate error?

Errors in docs/way_of_working/code-of-conduct.md
[ERROR] file://docs/way_of_working/CODE_OF_CONDUCT.md | Cannot find file

Errors in .github/workflows/mega-linter.yml
[404] https://megalinter.io/configuration/ | Network error: Not Found
[404] https://megalinter.io/flavors/ | Network error: Not Found

Errors in .mega-linter.yml
[404] https://megalinter.io/configuration/ | Network error: Not Found

❌ REPOSITORY / secretlint - 1 error

test/dummy/config/database.yml
  80:18  error  [PostgreSQLConnection] found PostgreSQL connection string: ************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string

✖ 1 problem (1 error, 0 warnings, 0 infos)

❌ REPOSITORY / trivy - 1 error

2026-04-13T17:38:13Z	INFO	[vulndb] Need to update DB
2026-04-13T17:38:13Z	INFO	[vulndb] Downloading vulnerability DB...
2026-04-13T17:38:13Z	INFO	[vulndb] Downloading artifact...	repo="mirror.gcr.io/aquasec/trivy-db:2"
31.91 MiB / 89.87 MiB [--------------------->_______________________________________] 35.50% ? p/s ?59.25 MiB / 89.87 MiB [---------------------------------------->____________________] 65.93% ? p/s ?88.42 MiB / 89.87 MiB [------------------------------------------------------------>] 98.39% ? p/s ?89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 96.47 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 96.47 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 96.47 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 90.24 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 90.24 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 90.24 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 84.42 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 84.42 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 84.42 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 78.97 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 78.97 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 78.97 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 73.88 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 73.88 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 73.88 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 69.11 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 69.11 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 69.11 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 64.65 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 64.65 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 64.65 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 60.48 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 60.48 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 60.48 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 56.58 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 56.58 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [---------------------------------------------->] 100.00% 56.58 MiB p/s ETA 0s89.87 MiB / 89.87 MiB [-------------------------------------------------] 100.00% 15.31 MiB p/s 6.1s2026-04-13T17:38:20Z	INFO	[vulndb] Artifact successfully downloaded	repo="mirror.gcr.io/aquasec/trivy-db:2"
2026-04-13T17:38:20Z	INFO	[vuln] Vulnerability scanning is enabled
2026-04-13T17:38:20Z	INFO	[misconfig] Misconfiguration scanning is enabled
2026-04-13T17:38:20Z	INFO	[misconfig] Need to update the checks bundle
2026-04-13T17:38:20Z	INFO	[misconfig] Downloading the checks bundle...
165.46 KiB / 165.46 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2026-04-13T17:38:24Z	INFO	Number of language-specific files	num=1
2026-04-13T17:38:24Z	INFO	[bundler] Detecting vulnerabilities...
2026-04-13T17:38:24Z	INFO	Detected config files	num=0
2026

(Truncated to 4000 characters out of 27895)

❌ YAML / yamllint - 2 errors

.github/workflows/mega-linter.yml
  53:7      warning  comment not indented like content  (comments-indentation)

test/dummy/config/database.yml
  62:1      error    syntax error: could not find expected ':' (syntax)

⚠️ MARKDOWN / markdownlint - 11 errors

.github/ISSUE_TEMPLATE/job-story.md:8 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Job Story"]
.github/pull_request_template.md:1 error MD041/first-line-heading/first-line-h1 First line in a file should be a top-level heading [Context: "## What?"]
.github/pull_request_template.md:29 error MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"]
CHANGELOG.md:18 error MD024/no-duplicate-heading Multiple headings with the same content [Context: "Fixed"]
CHANGELOG.md:24 error MD024/no-duplicate-heading Multiple headings with the same content [Context: "Fixed"]
CHANGELOG.md:36 error MD024/no-duplicate-heading Multiple headings with the same content [Context: "Fixed"]
CHANGELOG.md:42 error MD024/no-duplicate-heading Multiple headings with the same content [Context: "Added"]
CHANGELOG.md:57 error MD024/no-duplicate-heading Multiple headings with the same content [Context: "Added"]
docs/way_of_working/code-linting/index.md:25:288 error MD059/descriptive-link-text Link text should be descriptive [Context: "[here]"]
docs/way_of_working/pull-request-template-and-guidelines.md:7:401 error MD013/line-length Line length [Expected: 400; Actual: 497]
README.md:7:401 error MD013/line-length Line length [Expected: 400; Actual: 451]

See detailed reports in MegaLinter artifacts

You could have the same capabilities but better runtime performances if you use a MegaLinter flavor:

• oxsecurity/megalinter/flavors/cupcake@v9.3.0 (90 linters)

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.3.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,COPYPASTE_JSCPD,CSS_STYLELINT,HTML_HTMLHINT,JAVASCRIPT_STANDARD,JSON_JSONLINT,JSON_V8R,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_DEVSKIM,REPOSITORY_DUSTILOCK,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_KICS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_YAMLLINT,YAML_V8R