fix(deps): update dependency short-uuid to v6

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
short-uuid	5.2.0 → 6.0.3

---

Release Notes

oculus42/short-uuid (short-uuid)

v6.0.3

Compare Source

Changed

• Fixed TypeScript definitions

v6.0.2

Compare Source

Changed

• Fixed README.md to correctly represent require and import

v6.0.0

Compare Source

• TypeScript re-write

MAJOR CHANGES

• 🛑 Removes the uuid library as a dependency.
• 🛑 Removes the uuid method on the default export (previously imported from uuid/v4).
• 🛑 Removes the new method in favor of existing generate.
• 🛑 Removes createTranslator as default export.
• 🛑 The default generate method assumes crypto.randomUUID is available and may error prior to Node 18.
• ⚠️ Node 18 and lower may require passing a uuid generator to the translator.
• Uses crypto.randomUUID by default.
• Accepts alternative UUID generators such as uuidv7

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ COPYPASTE	jscpd	yes		no	no	3.7s
✅ EDITORCONFIG	editorconfig-checker	2		0	0	0.01s
✅ JSON	jsonlint	1		0	0	0.4s
✅ JSON	npm-package-json-lint	yes		no	no	0.53s
⚠️ JSON	prettier	1	0	1	0	0.3s
✅ JSON	v8r	1		0	0	4.87s
❌ REPOSITORY	checkov	yes		5	no	24.11s
❌ REPOSITORY	devskim	yes		45	no	161.67s
✅ REPOSITORY	dustilock	yes		no	no	0.86s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
❌ REPOSITORY	grype	yes		67	no	56.56s
❌ REPOSITORY	kics	yes		56	no	4.66s
❌ REPOSITORY	kingfisher	yes		1	no	4.63s
❌ REPOSITORY	secretlint	yes		1	no	1.07s
✅ REPOSITORY	syft	yes		no	no	5.47s
⚠️ REPOSITORY	trivy	yes		1	no	14.33s
✅ REPOSITORY	trivy-sbom	yes		no	no	3.59s
✅ REPOSITORY	trufflehog	yes		no	no	3.73s
✅ SPELL	cspell	3		0	0	3.7s
❌ SPELL	lychee	2		1	0	0.74s
✅ YAML	prettier	1	0	0	0	0.39s
✅ YAML	v8r	1		0	0	1.55s
❌ YAML	yamllint	1		4	0	5.04s

Detailed Issues

❌ REPOSITORY / checkov - 5 errors

dockerfile scan results:

Passed checks: 77, Failed checks: 1, Skipped checks: 0

Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
	FAILED for resource: /Dockerfile.
	File: /Dockerfile:1-47
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created

		1  | ARG NODE_VERSION=lts-slim
		2  | 
		3  | FROM node:${NODE_VERSION} AS dependencies
		4  | 
		5  | WORKDIR /app
		6  | 
		7  | ENV PNPM_HOME="/pnpm"
		8  | ENV PATH="$PNPM_HOME:$PATH"
		9  | 
		10 | RUN --mount=type=cache,id=pnpm-store,target=/pnpm/store \
		11 |     --mount=type=bind,source=package.json,target=/app/package.json \
		12 |     --mount=type=bind,source=pnpm-lock.yaml,target=/app/pnpm-lock.yaml \
		13 |     corepack enable && \
		14 |     pnpm install --frozen-lockfile --strict-peer-dependencies
		15 | 
		16 | FROM dependencies AS builder
		17 | 
		18 | COPY --chown=node:node src/ /app/src
		19 | 
		20 | RUN --mount=type=bind,source=package.json,target=/app/package.json \
		21 |     --mount=type=bind,source=nest-cli.json,target=/app/nest-cli.json \
		22 |     --mount=type=bind,source=tsconfig.json,target=/app/tsconfig.json \
		23 |     --mount=type=bind,source=tsconfig.build.json,target=/app/tsconfig.build.json \
		24 |     pnpm build
		25 | 
		26 | FROM builder AS pruner
		27 | 
		28 | RUN --mount=type=cache,id=pnpm-store,target=/pnpm/store \
		29 |     --mount=type=bind,source=package.json,target=/app/package.json \
		30 |     --mount=type=bind,source=pnpm-lock.yaml,target=/app/pnpm-lock.yaml \
		31 |     pnpm prune --prod --ignore-scripts
		32 | 
		33 | FROM gcr.io/distroless/nodejs22-debian12:nonroot
		34 | 
		35 | WORKDIR /app
		36 | 
		37 | ENV PORT=3000
		38 | 
		39 | COPY --chown=nonroot:nonroot --from=pruner /app/node_modules ./node_modules
		40 | COPY --chown=nonroot:nonroot --from=builder /app/dist .
		41 | COPY --chown=nonroot:nonroot CHANGELOG.md LICENSE package.json /app/
		42 | 
		43 | EXPOSE ${PORT}
		44 | 
		45 | HEALTHCHECK --interval=30s --timeout=2s --start-period=10s --retries=2 CMD [ "/nodejs/bin/node", "bin/health-checker.js" ]
		46 | 
		47 | CMD ["main.js"]
github_actions scan results:

Passed checks: 212, Failed checks: 4, Skipped checks: 0

Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(CI)
	File: /.github/workflows/ci.yml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Release)
	File: /.github/workflows/release.yml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(CodeQL)
	File: /.github/workflows/codeql-analysis.yml:27-28
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Publish)
	File: /.github/workflows/publish.yml:11-12

❌ REPOSITORY / devskim - 45 errors

eee9c9fefee9a77bc79f12af1eecef9f9c3e79fa94fe7ef0e9c393a7e06c9a7c6af6e9ee3322efb3fbbb34fa8393e30734c8673bf77768203b34ba83877bc2e69f3edc3bf9f464efe4deeeeedee9fd03e2c4fbcf9e7e7a7c7aef806688a8754f84e6d32727bb4ff6ee3fdd3d79f894d8f0e0de8393a79f125d4e9eecdfdf2366b827b87dfa74ef805e7e7272efe9e9b3e3939367bbf788140ff630ea9353c2f444a09d9e1c936c1e3f7d4a442372ec7e7a40b376ef606fe71ef1170df9290fe1c1fe931d921ae2937bfb27bb9f9eee7cba73eff8c9e9fec983079f9e9e3e7970ffe4d13eb7fbf4d993a70f9fdc7b704ca3be7ff0ecc1dec983273b4f7677770f8e1fdebf77ff0981032f3d3878ba7342f4dcdd39bef7e993a7bb249e9f3e7d422cbefbe9318defdea7cf78100f48ad7c7a7af0ec64e7c983e3672433243aa7c77b3407f76970273ba7a78feea3d9b383bd27c4fcc7f4ff9d27c46544a307079f3ea119d9bdf7e401491d8ff560e7c1dee983277bbbc446f79e3e3938b97ff0e0fec1930734ddc4243468e1a583fbfbc7c7a7d4d3eefde39dfdd3839367fbbb4f1ed20c1e3c39d83b38dd3d7df8681fcd3e7db6f78438617f77fff4f8094d1d29076284d31312d59d7bbbc4c34cb983837d12d09387bbcf200e3411245aa459ee3d7d76ffe4d3873bc77b4439347bb2b3f780e4f3e421217eb2f7ece983e3270fee51934f1f1089779e3eb92fb811390f4e49d68f1f7e4af2\"","markdown":"`\"1f8b0800000000000400edbd07601c499625262f6dca7b7f4af54ad7e074a10880601324d8904010ecc188cde692ec1d69472329ab2a81ca6556655d661640cced9dbcf7de7befbdf7de7befbdf7ba3b9d4e27f7dfff3f5c6664016cf6ce4adac99e2180aac81f3f7e7c1f3f227676f6eeef3f7df0e4deb3ddfb4fee3f7d7a707ab0bbb7f7f4e1bdbde307a7270f3e3dd8f9f4d1ee6f9cececdcdb3978f0706f677fe7e1fefecebdfbf74e4f77f69f3d7c72bcff6cf7f4f8f4e4e19347f7b8d9c1ee83e3d307bb274f8f9f3e3c7876bcbbf3e9c3677b27fba73bf79e3c3cd87ff850a09ddc7ffaecf8e0fec3a7fbbb9f3e39dd39387978efe0e4d3ddbdfdfbc7270fee3d7c72c0d076a9a34f1f3c797afaf0c1b3d3bdbdbd9d9ddda727f7ef3dd83b3d7ef6f0d367a727cf1eeda1d9def1c9a79f3e79b6ffe9eea727f7768e9fed3f397d7af0f0d3e3e37b0feedf3fbeff644fa0ed9d9cdcdb23fcf61fec1cd3581fecef3ffd7467e7e1fde307f78f3fdd3939b8c7b8ed3ed939a5913ed8db7b72fce0de93277b7bbb4f9eecef3f38397eba77fa908874fc688fdb3d7d787cf2ecc92e11e1e9331acabd277bc7f7ee3fdbd9bff78046f1f4e1b3270ceede936707f79e3d78f0f4e1c393d383e3fdfbfbf73edd7ff6e9d3d3bdfddd7bbb4f08456976f2e4fede937b4f77ef9d1e3fbc77eff4c1e9dece8393873b0f3ffdf478f7ded383e31369f6f4d9bd87bb4ff61f3cfdf494fe77fff4e9c33d1af683dde39dd34fef1d9cee1d73339aa5ddddfd87f79eed1d3ca1a97878faece993d393270f3f3da1160ff7efeded3ffa14cdf6f6ee1f9cde3bb9b7ffe4e1d3ddbd4f4f1fee9c3cb8fff0c9938784cea7279fde13faee3f7bb0bbf3e0ded3e327cfee3ffd74efc9a734d8dd9d83bd67fb07f74ef7778e8fef337defef12dc7bc44df71f3ebc47487ffaf4d9cea74f771eeedd7b76effece1e61c7b8dddfdfdf3b797aff00f0ee3f20b2eede7ff6708fa6f93ecde1139a63a1db7d747472b0f7e9d3834fefdf279e20f4f63f059f3c78b6777aefe9fda7d2ece1ceb3074f4f4e1eec3cf9f4defea7fbc7a734cb44fb7b279fee3fdd7b70b0fbe9a33d46eee1c1a7a7c7f7eeed9f7cfae0607fefd9a73455f74ff70e9eed3fbc7ffaecd3fb270702eee9c9fefee9a77bc79f12af1eecef9f9c3e79fa94fe7ef0e9c393a7e06c9a7c6af6e9ee3322efb3fbbb34fa8393e30734c8673bf77768203b34ba83877bc2e69f3edc3bf9f464efe4deeeeedee9fd03e2c4fbcf9e7e7a7c7aef806688a8754f84e6d32727bb4ff6ee3fdd3d79f894d8f0e0de8393a79f125d4e9eecdfdf2366b827b87dfa74ef805e7e7272efe9e9b3e3939367bbf788140ff630ea9353c2f444a09d9e1c936c1e3f7d4a442372ec7e7a40b376ef606fe71ef1170df9290fe1c1fe931d921ae2937bfb27bb9f9eee7cba73eff8c9e9fec983079f9e9e3e7970ffe4d13eb7fbf4d993a70f9fdc7b704ca3be7ff0ecc1dec983273b4f7677770f8e1fdebf77ff0981032f3d3878ba7342f4dcdd39bef7e993a7bb249e9f3e7d422cbefbe9318defdea7cf78100f48ad7c7a7af0ec64e7c983e3672433243aa7c77b3407f76970273ba7a78feea3d9b383bd27c4fcc7f4ff9d27c46544a307079f3ea119d9bdf7e401491d8ff560e7c1dee983277bbbc446f79e3e3938b97ff0e0fec1930734ddc4243468e1a583fbfbc7c7a7d4d3eefde39dfdd3839367fbbb4f1ed20c1e3c39d83b38dd3d7df8681fcd3e7db6f78438617f77fff4f8094d1d29076284d31312d59d7bbbc4c34cb983837d12d09387bbcf200e3411245aa459ee3d7d76ffe4d3873bc77b4439347bb2b3f780e4f3e421217eb2f7ece983e3270fee51934f1f1089779e3eb92fb811390f4e49d68f1f7e4af2\"`"}},"sourceLanguage":"json"}}}],"properties":{"tags":["Implementation.Privacy.Token"],"DevSkimSeverity":"Important","DevSkimConfidence":"Medium"}}],"columnKind":"utf16CodeUnits"}]}

(Truncated to last 4000 characters out of 313712)

❌ REPOSITORY / grype - 67 errors

(7th)   < 0.1  
minimatch             9.0.5      9.0.7     npm   GHSA-23c5-xmqv-rm74  High      < 0.1% (7th)   < 0.1  
glob                  10.4.5     10.5.0    npm   GHSA-5j98-mcp5-4vw2  High      < 0.1% (7th)   < 0.1  
js-yaml               3.14.1     3.14.2    npm   GHSA-mh29-5h37-fv8m  Medium    < 0.1% (9th)   < 0.1  
js-yaml               4.1.0      4.1.1     npm   GHSA-mh29-5h37-fv8m  Medium    < 0.1% (9th)   < 0.1  
lodash                4.17.21    4.17.23   npm   GHSA-xxjr-mmjv-4gpg  Medium    < 0.1% (8th)   < 0.1  
lodash-es             4.17.21    4.17.23   npm   GHSA-xxjr-mmjv-4gpg  Medium    < 0.1% (8th)   < 0.1  
qs                    6.14.0     6.14.2    npm   GHSA-w7fw-mjwx-w883  Low       < 0.1% (15th)  < 0.1  
multer                2.0.2      2.1.0     npm   GHSA-v52c-386h-88mc  High      < 0.1% (5th)   < 0.1  
multer                2.0.2      2.1.0     npm   GHSA-xf7r-hgr6-v32p  High      < 0.1% (5th)   < 0.1  
undici                6.14.1     6.24.0    npm   GHSA-vrm6-8vpv-qv8q  High      < 0.1% (5th)   < 0.1  
undici                6.23.0     6.24.0    npm   GHSA-vrm6-8vpv-qv8q  High      < 0.1% (5th)   < 0.1  
undici                7.22.0     7.24.0    npm   GHSA-vrm6-8vpv-qv8q  High      < 0.1% (5th)   < 0.1  
lodash                4.17.21    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    < 0.1% (7th)   < 0.1  
lodash                4.17.23    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    < 0.1% (7th)   < 0.1  
lodash-es             4.17.21    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    < 0.1% (7th)   < 0.1  
undici                6.14.1     6.21.2    npm   GHSA-cxrh-j4jr-qwg3  Low       < 0.1% (14th)  < 0.1  
picomatch             2.3.1      2.3.2     npm   GHSA-c2c7-rcm5-vvqj  High      < 0.1% (5th)   < 0.1  
picomatch             4.0.1      4.0.4     npm   GHSA-c2c7-rcm5-vvqj  High      < 0.1% (5th)   < 0.1  
brace-expansion       1.1.11     1.1.13    npm   GHSA-f886-m6hf-6m8v  Medium    < 0.1% (6th)   < 0.1  
brace-expansion       2.0.1      2.0.3     npm   GHSA-f886-m6hf-6m8v  Medium    < 0.1% (6th)   < 0.1  
brace-expansion       5.0.4      5.0.5     npm   GHSA-f886-m6hf-6m8v  Medium    < 0.1% (6th)   < 0.1  
undici                6.14.1     6.23.0    npm   GHSA-g9mf-h72j-4rw9  Medium    < 0.1% (5th)   < 0.1  
undici                7.22.0     7.24.0    npm   GHSA-phc3-fgpg-7m6h  Medium    < 0.1% (5th)   < 0.1  
undici                6.14.1     6.24.0    npm   GHSA-2mjp-6q6p-2qxm  Medium    < 0.1% (4th)   < 0.1  
undici                6.23.0     6.24.0    npm   GHSA-2mjp-6q6p-2qxm  Medium    < 0.1% (4th)   < 0.1  
undici                7.22.0     7.24.0    npm   GHSA-2mjp-6q6p-2qxm  Medium    < 0.1% (4th)   < 0.1  
serialize-javascript  6.0.1      7.0.5     npm   GHSA-qj8w-gfj5-8c6v  Medium    < 0.1% (4th)   < 0.1  
ajv                   8.12.0     8.18.0    npm   GHSA-2g4f-4pwh-qvx6  Medium    < 0.1% (3rd)   < 0.1  
jws                   3.2.2      3.2.3     npm   GHSA-869p-cjfg-cm3x  High      < 0.1% (1st)   < 0.1  
@nestjs/core          10.4.22    11.1.18   npm   GHSA-36xv-jgw5-4q75  Medium    < 0.1% (1st)   < 0.1  
diff                  4.0.2      4.0.4     npm   GHSA-73rr-hh4g-fpgx  Low       < 0.1% (5th)   < 0.1  
undici                6.14.1     6.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    < 0.1% (1st)   < 0.1  
undici                6.23.0     6.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    < 0.1% (1st)   < 0.1  
undici                7.22.0     7.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    < 0.1% (1st)   < 0.1  
webpack               5.97.1     5.104.0   npm   GHSA-38r7-794h-5758  Low       < 0.1% (1st)   < 0.1  
webpack               5.97.1     5.104.1   npm   GHSA-8fgc-7cc6-rx7x  Low       < 0.1% (1st)   < 0.1  
serialize-javascript  6.0.1      7.0.3     npm   GHSA-5c6j-r48x-rmvq  High      N/A            N/A    
follow-redirects      1.15.9     1.16.0    npm   GHSA-r4q5-vmmm-2653  Medium    N/A            N/A
[0056] ERROR discovered vulnerabilities at or above the severity threshold

(Truncated to last 4000 characters out of 7219)

❌ REPOSITORY / kics - 56 errors

/var/lib/apt/lists/*;
		005: 


	[3]: .devcontainer/Dockerfile:4

		003: # [Optional] Uncomment this section to install additional OS packages.
		004: RUN apt-get update && export DEBIAN_FRONTEND=noninteractive     && apt-get -y install --no-install-recommends silversearcher-ag httpie     && apt-get clean -y && rm -rf /var/lib/apt/lists/*;
		005: 


	[4]: .devcontainer/Dockerfile:4

		003: # [Optional] Uncomment this section to install additional OS packages.
		004: RUN apt-get update && export DEBIAN_FRONTEND=noninteractive     && apt-get -y install --no-install-recommends silversearcher-ag httpie     && apt-get clean -y && rm -rf /var/lib/apt/lists/*;
		005: 


	[5]: .devcontainer/Dockerfile:4

		003: # [Optional] Uncomment this section to install additional OS packages.
		004: RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
		005:     && apt-get -y install --no-install-recommends silversearcher-ag httpie \


Passwords And Secrets - Password in URL, Severity: HIGH, Results: 3
Description: Query to find passwords and secrets in infrastructure code.
Platform: Common
CWE: 798
Risk Score: 7.8
Learn more about this vulnerability: https://docs.kics.io/latest/queries/common-queries/a88baa34-e2ad-44ea-ad6f-8cac87bc7c71

	[1]: .github/workflows/ci.yml:95

		094:           SECRET: <SECRET-MASKED-ON-PURPOSE>
		095:           DATABASE_URL: <SECRET-MASKED-ON-PURPOSE>:${{ job.services.postgres.ports['5432'] }}/sharper
		096:           NODE_ENV: production


	[2]: .devcontainer/docker-compose.yml:24

		023:     environment:
		024:       - DATABASE_URL=<SECRET-MASKED-ON-PURPOSE>:5432/postgres
		025: 


	[3]: .github/workflows/ci.yml:89

		088:         env:
		089:           DATABASE_URL: <SECRET-MASKED-ON-PURPOSE>:${{ job.services.postgres.ports['5432'] }}/sharper
		090:       - name: Run the server 🚀


Passwords And Secrets - Generic Secret, Severity: HIGH, Results: 2
Description: Query to find passwords and secrets in infrastructure code.
Platform: Common
CWE: 798
Risk Score: 7.8
Learn more about this vulnerability: https://docs.kics.io/latest/queries/common-queries/a88baa34-e2ad-44ea-ad6f-8cac87bc7c71

	[1]: .github/workflows/ci.yml:94

		093:           PORT: 3000
		094:           SECRET: <SECRET-MASKED-ON-PURPOSE>
		095:           DATABASE_URL: <SECRET-MASKED-ON-PURPOSE>:${{ job.services.postgres.ports['5432'] }}/sharper


	[2]: .github/workflows/ci.yml:33

		032:         env:
		033:           SECRET: <SECRET-MASKED-ON-PURPOSE>
		034:       - name: Report test results 📝


Passwords And Secrets - Generic Password, Severity: HIGH, Results: 2
Description: Query to find passwords and secrets in infrastructure code.
Platform: Common
CWE: 798
Risk Score: 7.8
Learn more about this vulnerability: https://docs.kics.io/latest/queries/common-queries/a88baa34-e2ad-44ea-ad6f-8cac87bc7c71

	[1]: .devcontainer/docker-compose.yml:32

		031:     environment:
		032:       POSTGRES_PASSWORD: <SECRET-MASKED-ON-PURPOSE>
		033:       POSTGRES_USER: postgres


	[2]: .github/workflows/ci.yml:63

		062:           POSTGRES_USER: armband
		063:           POSTGRES_PASSWORD: <SECRET-MASKED-ON-PURPOSE>
		064:           POSTGRES_DB: sharper


Missing User Instruction, Severity: HIGH, Results: 2
Description: Always set a user in the runtime stage of your Dockerfile. Without it, the container defaults to root, even if earlier build stages define a user.
Platform: Dockerfile
CWE: 250
Risk Score: 7.7
Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockerfile-queries/fd54f200-402c-4333-a5a4-36ef6709af2f

	[1]: Dockerfile:33

		032: 
		033: FROM gcr.io/distroless/nodejs22-debian12:nonroot
		034: 


	[2]: .devcontainer/Dockerfile:1

		001: FROM mcr.microsoft.com/devcontainers/javascript-node:1-18-bullseye
		002: 
		003: # [Optional] Uncomment this section to install additional OS packages.



Results Summary:
CRITICAL: 0
HIGH: 9
MEDIUM: 21
LOW: 24
INFO: 2
TOTAL: 56

A new version 'v2.1.20' of KICS is available, please consider updating

(Truncated to last 4000 characters out of 17401)

❌ REPOSITORY / kingfisher - 1 error

New Kingfisher release 1.99.0 available
 INFO kingfisher: Launching with 8 concurrent scan jobs. Use --num-jobs to override.
 INFO kingfisher::rule_loader: Loaded 453 rules
 INFO kingfisher::scanner::runner: Starting secret validation phase...
POSTGRES URL WITH HARDCODED PASSWORD => [KINGFISHER.POSTGRES.1]
 |Finding.......: [REDACTED:6c51c30f]
 |Fingerprint...: 2034115162828868254
 |Confidence....: medium
 |Entropy.......: 3.87
 |Validation....: Inactive Credential
 |__Response....: Postgres connection failed.
 |Language......: YAML
 |Line Num......: 24
 |Path..........: ./.devcontainer/docker-compose.yml


==========================================
Scan Summary:
==========================================
 |Findings....................: 1
 |__Successful Validations....: 0
 |__Failed Validations........: 1
 |__Skipped Validations.......: 0
 |Rules Applied...............: 453
 |__Blobs Scanned.............: 289
 |Bytes Scanned...............: 7.90 MiB
 |Scan Duration...............: 234ms 234us 227ns
 |Scan Date...................: 2026-05-07 21:56:04 +00:00
 |Kingfisher Version..........: 1.84.0
 |__Latest Version............: 1.99.0
New Kingfisher release 1.99.0 available

❌ SPELL / lychee - 1 error

[403] https://www.npmjs.com/support | Network error: Forbidden
📝 Summary
---------------------
🔍 Total............4
✅ Successful.......1
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........2
❓ Unknown..........0
🚫 Errors...........1

Errors in pnpm-lock.yaml
[403] https://www.npmjs.com/support | Network error: Forbidden

❌ REPOSITORY / secretlint - 1 error

.devcontainer/docker-compose.yml
  24:21  error  [PostgreSQLConnection] found PostgreSQL connection string: ****************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string

.github/workflows/ci.yml
  89:24  error  [PostgreSQLConnection] found PostgreSQL connection string: *************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string
  95:24  error  [PostgreSQLConnection] found PostgreSQL connection string: *************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string

✖ 3 problems (3 errors, 0 warnings, 0 infos)

❌ YAML / yamllint - 4 errors

pnpm-lock.yaml
  1:1       warning  missing document start "---"  (document-start)
  37:501    error    line too long (545 > 500 characters)  (line-length)
  10158:501 error    line too long (537 > 500 characters)  (line-length)
  10293:501 error    line too long (584 > 500 characters)  (line-length)

⚠️ JSON / prettier - 1 error

[error] Cannot find package 'prettier-plugin-toml' imported from noop.js

⚠️ REPOSITORY / trivy - 1 error

┤        │                   ├─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2024-38372 │ LOW      │        │                   │ 6.19.2                                                  │ Undici vulnerable to data leak when using                    │
│                 │                │          │        │                   │                                                         │ response.arrayBuffer()                                       │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2024-38372                   │
│                 ├────────────────┤          │        │                   ├─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2025-47279 │          │        │                   │ 5.29.0, 6.21.2, 7.5.0                                   │ undici: Undici Memory Leak with Invalid Certificates         │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2025-47279                   │
├─────────────────┼────────────────┼──────────┤        ├───────────────────┼─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ uuid            │ CVE-2026-41907 │ MEDIUM   │        │ 11.1.0            │ 11.1.1, 12.0.1, 13.0.1                                  │ uuid is for the creation of RFC9562 (formerly RFC4122)       │
│                 │                │          │        │                   │                                                         │ UUIDs. Prior to...                                           │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-41907                   │
└─────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────────────────────────────────┴──────────────────────────────────────────────────────────────┘

.devcontainer/Dockerfile (dockerfile)
=====================================
Tests: 27 (SUCCESSES: 25, FAILURES: 2)
Failures: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

See https://avd.aquasec.com/misconfig/ds-0002
────────────────────────────────────────


DS-0026 (LOW): Add HEALTHCHECK instruction in your Dockerfile
════════════════════════════════════════
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.

See https://avd.aquasec.com/misconfig/ds-0026
────────────────────────────────────────



Dockerfile (dockerfile)
=======================
Tests: 27 (SUCCESSES: 26, FAILURES: 1)
Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

See https://avd.aquasec.com/misconfig/ds-0002
────────────────────────────────────────



📣 Notices:
  - Version 0.70.0 of Trivy is now available, current version is 0.69.1

To suppress version checks, run Trivy scans with the --skip-version-check flag

(Truncated to last 4000 characters out of 27792)

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

Show us your support by starring ⭐ the repository

[kodiakhq]

This PR currently has a merge conflict. Please resolve this and then re-add the automerge label.