deps(docker): bump the docker group across 1 directory with 6 updates by dependabot[bot] · Pull Request #7566 · super-linter/super-linter

dependabot · 2026-02-26T13:33:33Z

Bumps the docker group with 6 updates in the / directory:

Package	From	To
alpine/terragrunt	`1.14.4`	`1.14.5`
golangci/golangci-lint	`v2.9.0`	`v2.10.1`
goreleaser/goreleaser	`v2.13.3`	`v2.14.1`
hashicorp/terraform	`1.14.5`	`1.14.6`
rhysd/actionlint	`1.7.10`	`1.7.11`
dart	`3.11.0-sdk`	`3.11.1-sdk`

Updates alpine/terragrunt from 1.14.4 to 1.14.5

Updates golangci/golangci-lint from v2.9.0 to v2.10.1

Updates goreleaser/goreleaser from v2.13.3 to v2.14.1

Updates hashicorp/terraform from 1.14.5 to 1.14.6

Updates rhysd/actionlint from 1.7.10 to 1.7.11

Updates dart from 3.11.0-sdk to 3.11.1-sdk

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the docker group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | alpine/terragrunt | `1.14.4` | `1.14.5` | | golangci/golangci-lint | `v2.9.0` | `v2.10.1` | | goreleaser/goreleaser | `v2.13.3` | `v2.14.1` | | hashicorp/terraform | `1.14.5` | `1.14.6` | | rhysd/actionlint | `1.7.10` | `1.7.11` | | dart | `3.11.0-sdk` | `3.11.1-sdk` | Updates `alpine/terragrunt` from 1.14.4 to 1.14.5 Updates `golangci/golangci-lint` from v2.9.0 to v2.10.1 Updates `goreleaser/goreleaser` from v2.13.3 to v2.14.1 Updates `hashicorp/terraform` from 1.14.5 to 1.14.6 Updates `rhysd/actionlint` from 1.7.10 to 1.7.11 Updates `dart` from 3.11.0-sdk to 3.11.1-sdk --- updated-dependencies: - dependency-name: alpine/terragrunt dependency-version: 1.14.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docker - dependency-name: golangci/golangci-lint dependency-version: v2.10.1 dependency-type: direct:production dependency-group: docker - dependency-name: goreleaser/goreleaser dependency-version: v2.14.1 dependency-type: direct:production dependency-group: docker - dependency-name: hashicorp/terraform dependency-version: 1.14.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docker - dependency-name: rhysd/actionlint dependency-version: 1.7.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docker - dependency-name: dart dependency-version: 3.11.1-sdk dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docker ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-02-26T13:44:18Z

Super-linter summary

Language	Validation result
BIOME_FORMAT	Pass ✅
BIOME_LINT	Pass ✅
CHECKOV	Pass ✅
DOCKERFILE_HADOLINT	Pass ✅
EDITORCONFIG	Pass ✅
GITLEAKS	Pass ✅
GIT_COMMITLINT	Pass ✅
GIT_MERGE_CONFLICT_MARKERS	Pass ✅
JSCPD	Pass ✅
PRE_COMMIT	Pass ✅
SPELL_CODESPELL	Pass ✅
TRIVY	Fail ❌

Super-linter detected linting errors

For more information, see the
GitHub Actions workflow run

Powered by Super-linter

TRIVY

trivy filesystem --config /github/workspace/.github/linters/trivy.yaml /github/workspace

Report Summary

┌─────────────────────────────────────┬────────────┬─────────────────┬───────────────────┬─────────┐
│               Target                │    Type    │ Vulnerabilities │ Misconfigurations │ Secrets │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ dependencies/Gemfile.lock           │  bundler   │        2        │         -         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ dependencies/composer/composer.lock │  composer  │        0        │         -         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ dependencies/package-lock.json      │    npm     │       14        │         -         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ dev-dependencies/package-lock.json  │    npm     │        2        │         -         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ Dockerfile                          │ dockerfile │        -        │         0         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ dev-dependencies/Dockerfile         │ dockerfile │        -        │         0         │    -    │
├─────────────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ test/linters/trivy/good/Dockerfile  │ dockerfile │        -        │         0         │    -    │
└─────────────────────────────────────┴────────────┴─────────────────┴───────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


dependencies/Gemfile.lock (bundler)
===================================
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │         Fixed Version          │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────────────────────┼───────────────────────────────────────────────────────────┤
│ rack    │ CVE-2026-22860 │ HIGH     │ fixed  │ 3.2.4             │ ~> 2.2.22, ~> 3.1.20, >= 3.2.5 │ rubygem-rack: Rack Directory Traversal via Rack:Directory │
│         │                │          │        │                   │                                │ https://avd.aquasec.com/nvd/cve-2026-22860                │
│         ├────────────────┼──────────┤        │                   │                                ├───────────────────────────────────────────────────────────┤
│         │ CVE-2026-25500 │ MEDIUM   │        │                   │                                │ rubygem-rack: Rack stored XSS in Rack::Directory          │
│         │                │          │        │                   │                                │ https://avd.aquasec.com/nvd/cve-2026-25500                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────────────────────┴───────────────────────────────────────────────────────────┘

dependencies/package-lock.json (npm)
====================================
Total: 14 (UNKNOWN: 0, LOW: 1, MEDIUM: 2, HIGH: 10, CRITICAL: 1)

┌─────────────────┬─────────────────────┬──────────┬────────┬───────────────────┬─────────────────────────────────────────────────────────┬──────────────────────────────────────────────────────────────┐
│     Library     │    Vulnerability    │ Severity │ Status │ Installed Version │                      Fixed Version                      │                            Title                             │
├─────────────────┼─────────────────────┼──────────┼────────┼───────────────────┼─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ ajv             │ CVE-2025-69873      │ MEDIUM   │ fixed  │ 6.12.6            │ 8.18.0, 6.14.0                                          │ ajv: ReDoS via $data reference                               │
│                 │                     │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2025-69873                   │
│                 │                     │          │        ├───────────────────┤                                                         │                                                              │
│                 │                     │          │        │ 8.17.1            │                                                         │                                                              │
│                 │                     │          │        │                   │                                                         │                                                              │
├─────────────────┼─────────────────────┼──────────┤        ├───────────────────┼─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ fast-xml-parser │ CVE-2026-25896      │ CRITICAL │        │ 5.3.4             │ 5.3.5                                                   │ fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) │
│                 │                     │          │        │                   │                                                         │ due to improper DOCTYPE entity handling                      │
│                 │                     │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-25896                   │
│                 ├─────────────────────┼──────────┤        │                   ├─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2026-26278      │ HIGH     │        │                   │ 5.3.6                                                   │ fast-xml-parser: fast-xml-parser: Denial of Service via      │
│                 │                     │          │        │                   │                                                         │ unlimited XML entity expansion                               │
│                 │                     │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-26278                   │
├─────────────────┼─────────────────────┼──────────┤        ├───────────────────┼─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ hono            │ GHSA-gq3j-xvxp-8hrf │ LOW      │        │ 4.11.7            │ 4.11.10                                                 │ Hono added timing comparison hardening in basicAuth and      │
│                 │                     │          │        │                   │                                                         │ bearerAuth                                                   │
│                 │                     │          │        │                   │                                                         │ https://github.com/advisories/GHSA-gq3j-xvxp-8hrf            │
├─────────────────┼─────────────────────┼──────────┤        ├───────────────────┼─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ minimatch       │ CVE-2026-26996      │ HIGH     │        │ 10.0.1            │ 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 │ minimatch: minimatch: Denial of Service via specially        │
│                 │                     │          │        │                   │                                                         │ crafted glob patterns                                        │
│                 │                     │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-26996                   │
│                 │                     │          │        ├───────────────────┤                                                         │                                                              │
│                 │                     │          │        │ 10.1.1            │                                                         │                                                              │
│                 │                     │          │        │                   │                                                         │                                                              │
│                 │                     │          │        │                   │                                                         │                                                              │
│                 │                     │          │        ├───────────────────┤                                                         │                                                              │
│                 │                     │          │        │ 10.1.2            │                                                         │                                                              │
│                 │                     │          │        │                   │                                                         │                                                              │
│                 │                     │          │        │                   │                                                         │                                                              │
│                 │                     │          │        ├───────────────────┤                                                         │                                                              │
│                 │                     │          │        │ 3.1.2             │                                                         │                                                              │
│                 │                     │          │        │                   │                                                         │                                                              │
│                 │                     │          │        │                   │                                                         │                                                              │
│                 │                     │          │        ├───────────────────┤                                                         │                                                              │
│                 │                     │          │        │ 5.1.6             │                                                         │                                                              │
│                 │                     │          │        │                   │                                                         │                                                              │
│                 │                     │          │        │                   │                                                         │                                                              │
│                 │                     │          │        ├───────────────────┤                                                         │                                                              │
│                 │                     │          │        │ 8.0.4             │                                                         │                                                              │
│                 │                     │          │        │                   │                                                         │                                                              │
│                 │                     │          │        │                   │                                                         │                                                              │
│                 │                     │          │        ├───────────────────┤                                                         │                                                              │
│                 │                     │          │        │ 9.0.5             │                                                         │                                                              │
│                 │                     │          │        │                   │                                                         │                                                              │
│                 │                     │          │        │                   │                                                         │                                                              │
├─────────────────┼─────────────────────┤          │        ├───────────────────┼─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ rollup          │ CVE-2026-27606      │          │        │ 2.79.2            │ 2.80.0, 3.30.0, 4.59.0                                  │ rollup: Rollup: Remote Code Execution via Path Traversal     │
│                 │                     │          │        │                   │                                                         │ Vulnerability                                                │
│                 │                     │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-27606                   │
├─────────────────┼─────────────────────┤          │        ├───────────────────┼─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ tar             │ CVE-2026-26960      │          │        │ 7.5.7             │ 7.5.8                                                   │ tar: node-tar: node-tar: Arbitrary file read/write via       │
│                 │                     │          │        │                   │                                                         │ malicious archive hardlink creation                          │
│                 │                     │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-26960                   │
└─────────────────┴─────────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────────────────────────────────┴──────────────────────────────────────────────────────────────┘

dev-dependencies/package-lock.json (npm)
========================================
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 2, CRITICAL: 0)

┌───────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────────────────────────────────────────────┬───────────────────────────────────────────────────────┐
│  Library  │ Vulnerability  │ Severity │ Status │ Installed Version │                      Fixed Version                      │                         Title                         │
├───────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────────────────────────────────────────────┼───────────────────────────────────────────────────────┤
│ minimatch │ CVE-2026-26996 │ HIGH     │ fixed  │ 3.1.2             │ 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 │ minimatch: minimatch: Denial of Service via specially │
│           │                │          │        │                   │                                                         │ crafted glob patterns                                 │
│           │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-26996            │
│           │                │          │        ├───────────────────┤                                                         │                                                       │
│           │                │          │        │ 5.1.6             │                                                         │                                                       │
│           │                │          │        │                   │                                                         │                                                       │
│           │                │          │        │                   │                                                         │                                                       │
└───────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────────────────────────────────┴───────────────────────────────────────────────────────┘

dependabot Bot added dependencies Pull requests that update a dependency file docker Pull requests that update Docker code labels Feb 26, 2026

dependabot Bot requested review from Hanse00, ferrarimarco and zkoppert as code owners February 26, 2026 13:33

dependabot Bot added dependencies Pull requests that update a dependency file docker Pull requests that update Docker code labels Feb 26, 2026

github-actions Bot enabled auto-merge February 26, 2026 13:33

ferrarimarco linked an issue Feb 27, 2026 that may be closed by this pull request

Go 1.26 support #7563

Closed

1 task

ferrarimarco disabled auto-merge February 27, 2026 08:29

ferrarimarco merged commit 0f9cf19 into main Feb 27, 2026
213 of 230 checks passed

ferrarimarco deleted the dependabot/docker/docker-a83f61557a branch February 27, 2026 08:29

ferrarimarco added this to the v8.6.0 milestone Feb 27, 2026

github-actions Bot mentioned this pull request Mar 9, 2026

chore(main): release 8.6.0 #7512

Merged

marcusmai-telia mentioned this pull request Mar 16, 2026

ngg846/update upstream 260316 telia-actions/super-linter#6

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps(docker): bump the docker group across 1 directory with 6 updates#7566

deps(docker): bump the docker group across 1 directory with 6 updates#7566
ferrarimarco merged 1 commit intomainfrom
dependabot/docker/docker-a83f61557a

dependabot Bot commented on behalf of github Feb 26, 2026

Uh oh!

github-actions Bot commented Feb 26, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Feb 26, 2026

Uh oh!

github-actions Bot commented Feb 26, 2026

Super-linter summary

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant