chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
njre (source)	1.5.0 → 1.5.2
prettier (source)	3.8.0 → 3.8.1

---

Release Notes

nvuillam/njre (njre)

v1.5.2

Compare Source

• Upgrade dependencies
• Fix workflow to use npm Trusted publishers to release (OIDC) - needs npm publish instead of yarn publish, not yarn publish with NODE_AUTH_TOKEN

prettier/prettier (prettier)

v3.8.1

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.95%. Comparing base (df2fe10) to head (3b74162).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #140   +/-   ##
=======================================
  Coverage   89.95%   89.95%           
=======================================
  Files           3        3           
  Lines         229      229           
=======================================
  Hits          206      206           
  Misses         23       23           

Flag	Coverage Δ
unittests	89.95% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
⚠️ ACTION	actionlint	5		3	0	0.1s
✅ COPYPASTE	jscpd	yes		no	no	1.52s
✅ JAVASCRIPT	eslint	10		0	0	1.36s
✅ JSON	jsonlint	7		0	0	0.15s
✅ JSON	npm-package-json-lint	yes		no	no	0.47s
⚠️ JSON	prettier	7		1	0	0.46s
✅ JSON	v8r	7		0	0	12.0s
⚠️ MARKDOWN	markdownlint	5		14	0	0.79s
⚠️ MARKDOWN	markdown-table-formatter	5		1	0	0.24s
✅ REPOSITORY	checkov	yes		no	no	20.21s
✅ REPOSITORY	gitleaks	yes		no	no	0.66s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
❌ REPOSITORY	grype	yes		1	no	36.07s
✅ REPOSITORY	secretlint	yes		no	no	0.96s
✅ REPOSITORY	syft	yes		no	no	1.86s
❌ REPOSITORY	trivy	yes		1	no	11.69s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.45s
✅ REPOSITORY	trufflehog	yes		no	no	3.57s
✅ SPELL	cspell	38		0	0	3.61s
⚠️ SPELL	lychee	23		2	0	2.73s
⚠️ YAML	prettier	9		1	4	0.51s
✅ YAML	v8r	9		0	0	6.94s
✅ YAML	yamllint	9		0	0	0.43s

Detailed Issues

❌ REPOSITORY / grype - 1 error

[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) from=syft
NAME  INSTALLED  FIXED IN  TYPE  VULNERABILITY        SEVERITY  EPSS          RISK   
tar   7.5.2      7.5.3     npm   GHSA-8qq5-rm4j-mr97  High      < 0.1% (0th)  < 0.1
[0036] ERROR discovered vulnerabilities at or above the severity threshold

❌ REPOSITORY / trivy - 1 error

2026-01-22T01:40:47Z	INFO	[vulndb] Need to update DB
2026-01-22T01:40:47Z	INFO	[vulndb] Downloading vulnerability DB...
2026-01-22T01:40:47Z	INFO	[vulndb] Downloading artifact...	repo="mirror.gcr.io/aquasec/trivy-db:2"
6.75 MiB / 83.02 MiB [----->_________________________________________________________] 8.13% ? p/s ?24.86 MiB / 83.02 MiB [------------------>__________________________________________] 29.95% ? p/s ?49.24 MiB / 83.02 MiB [------------------------------------>________________________] 59.32% ? p/s ?72.89 MiB / 83.02 MiB [----------------------------------------->_____] 87.80% 111.00 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [--------------------------------------------->] 100.00% 111.00 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [--------------------------------------------->] 100.00% 111.00 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [--------------------------------------------->] 100.00% 104.94 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [--------------------------------------------->] 100.00% 104.94 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [--------------------------------------------->] 100.00% 104.94 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 98.17 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 98.17 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 98.17 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 91.83 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 91.83 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 91.83 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 85.91 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 85.91 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 85.91 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 80.37 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 80.37 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 80.37 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 75.18 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 75.18 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 75.18 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 70.33 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 70.33 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [---------------------------------------------->] 100.00% 70.33 MiB p/s ETA 0s83.02 MiB / 83.02 MiB [-------------------------------------------------] 100.00% 15.60 MiB p/s 5.5s2026-01-22T01:40:55Z	INFO	[vulndb] Artifact successfully downloaded	repo="mirror.gcr.io/aquasec/trivy-db:2"
2026-01-22T01:40:55Z	INFO	[vuln] Vulnerability scanning is enabled
2026-01-22T01:40:55Z	INFO	[misconfig] Misconfiguration scanning is enabled
2026-01-22T01:40:55Z	INFO	[misconfig] Need to update the checks bundle
2026-01-22T01:40:55Z	INFO	[misconfig] Downloading the checks bundle...
165.46 KiB / 165.46 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2026-01-22T01:40:58Z	INFO	[npm] To collect the license information of packages, "npm install" needs to be performed beforehand	dir="node_modules"
2026-01-22T01:40:58Z	INFO	Suppressing dependencies for development and testing. To display them, try the '--include-dev-deps' flag.
2026-01-22T01:40:58Z	INFO	Number of language-specific files	num=1
2026-01-22T01:40:58Z	INFO	[npm] Detecting vulnerabilities...
2026-01-22T01:40:58Z	INFO	Detected config files	num=0

Report Summary

┌───────────────────┬──────┬─────────────────┬───────────────────┐
│      Target       │ Type │ Vulnerabilities │ Misconfigurations │
├───────────────────┼──────┼─────────────────┼───────────────────┤
│ package-lock.json │ npm  │        2        │         -         │
└───────────────────┴──────┴─────────────────┴───────────────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.68/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE en

(Truncated to 5000 characters out of 6684)

⚠️ ACTION / actionlint - 3 errors

.github/workflows/github-dependents-info.yml:54:9: shellcheck reported issue in this script: SC2086:info:1:15: Double quote to prevent globbing and word splitting [shellcheck]
   |
54 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/github-dependents-info.yml:54:9: shellcheck reported issue in this script: SC2086:info:1:21: Double quote to prevent globbing and word splitting [shellcheck]
   |
54 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/test.yml:78:11: input "file" is not defined in action "codecov/codecov-action@v5". available inputs are "base_sha", "binary", "codecov_yml_path", "commit_parent", "directory", "disable_file_fixes", "disable_safe_directory", "disable_search", "disable_telem", "dry_run", "env_vars", "exclude", "fail_ci_if_error", "files", "flags", "force", "gcov_args", "gcov_executable", "gcov_ignore", "gcov_include", "git_service", "handle_no_reports_found", "job_code", "name", "network_filter", "network_prefix", "os", "override_branch", "override_build", "override_build_url", "override_commit", "override_pr", "plugins", "recurse_submodules", "report_code", "report_type", "root_dir", "run_command", "skip_validation", "slug", "swift_project", "token", "url", "use_legacy_upload_endpoint", "use_oidc", "use_pypi", "verbose", "version", "working-directory" [action]
   |
78 |           file: coverage.lcov
   |           ^~~~~

⚠️ SPELL / lychee - 2 errors

[403] https://www.npmjs.com/package/java-caller | Network error: Forbidden
[403] https://npmjs.org/package/java-caller | Network error: Forbidden
📝 Summary
---------------------
🔍 Total...........68
✅ Successful......19
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded........47
❓ Unknown..........0
🚫 Errors...........2

Errors in README.md
[403] https://npmjs.org/package/java-caller | Network error: Forbidden
[403] https://www.npmjs.com/package/java-caller | Network error: Forbidden

⚠️ MARKDOWN / markdown-table-formatter - 1 error

1 files contain markdown tables to format:
- README.md

⚠️ MARKDOWN / markdownlint - 14 errors

CODE_OF_CONDUCT.md:58:44 error MD034/no-bare-urls Bare URL used [Context: "nicolas.vuillamy@gmail.com"]
CODE_OF_CONDUCT.md:71:14 error MD034/no-bare-urls Bare URL used [Context: "https://www.contributor-covena..."]
CODE_OF_CONDUCT.md:76:1 error MD034/no-bare-urls Bare URL used [Context: "https://www.contributor-covena..."]
README.md:67:13 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:27 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:37 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:47 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:1 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:67:13 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:67:27 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:67:37 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:68:362 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:70:123 error MD060/table-column-style Table column style [Table pipe has extra space to the left for style "compact"]
README.md:74:315 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]

⚠️ JSON / prettier - 1 error

Checking formatting...
[warn] .cspell.json
[warn] .vscode/launch.json
[warn] examples/cli_app/lib/java-caller-config.json
[warn] examples/cli_app/package.json
[warn] examples/module_app/package.json
[warn] renovate.json
[warn] Code style issues found in 6 files. Run Prettier with --write to fix.

⚠️ YAML / prettier - 1 error

Checking formatting...
[warn] .github/workflows/deploy-beta.yml
[warn] .github/workflows/deploy-release.yml
[warn] .github/workflows/test.yml
[warn] Code style issues found in 3 files. Run Prettier with --write to fix.

See detailed reports in MegaLinter artifacts

You could have the same capabilities but better runtime performances if you use a MegaLinter flavor:

• oxsecurity/megalinter/flavors/javascript@v9.3.0 (61 linters)
• oxsecurity/megalinter/flavors/dotnetweb@v9.3.0 (75 linters)

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.3.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,COPYPASTE_JSCPD,JAVASCRIPT_ES,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_CSPELL,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R