ci(deps): bump the github-actions group with 3 updates

[dependabot]

Bumps the github-actions group with 3 updates: EnricoMi/publish-unit-test-result-action, philips-software/amp-devcontainer and anchore/sbom-action.

Updates EnricoMi/publish-unit-test-result-action from 2.22.0 to 2.23.0

Release notes

Sourced from EnricoMi/publish-unit-test-result-action's releases.

v2.23.0

Adds the following improvements:

• Lock composite actions' versions by SHA EnricoMi/publish-unit-test-result-action#719
• Upgrading Python dependencies EnricoMi/publish-unit-test-result-action#721, EnricoMi/publish-unit-test-result-action#727
• Upgrade GitHub actions EnricoMi/publish-unit-test-result-action#720, EnricoMi/publish-unit-test-result-action#728

Full Changelog: EnricoMi/publish-unit-test-result-action@v2.22.0...v2.23.0

Commits

• c950f6f Releasing v2.23.0
• 013b82b Upgrade direct dependencies (#727)
• 08eaa63 Upgrade setup-python in misc actions (#728)
• ee9b6e2 Extend dependabot config (#722)
• 42756a1 Upgrading Python dependencies (#721)
• 13d372a Fix comment
• 4f082d0 Upgrade GitHub actions (#720)
• 8608181 Lock composite actions' versions by SHA (#719)
• See full diff in compare view

Updates philips-software/amp-devcontainer from 6.8.0 to 6.8.2

Release notes

Sourced from philips-software/amp-devcontainer's releases.

v6.8.2

6.8.2 (2026-02-24)

📋 Summary

[!IMPORTANT]
Release v6.8.1 has been yanked. The automated release process failed due to a missing permission setting in the GitHub Actions Workflow

Release v6.8.2 is made as a patch release to trigger automatic updates for repositories that use Dependabot. Release v6.8.1 tags and images will be removed from the registry.

The release includes an update to Conan and GCC 14 in amp-devcontainer-cpp. Several VS Code Extensions have been updated to their latest version.

🔖 Packages

Container	Full identifier
amp-devcontainer-base	ghcr.io/philips-software/amp-devcontainer-base:v6.8.2@sha256:4d445c28451c8f94dfa7d550f47f15de8d2193b9dffb6ee114f9055f157d7d53
amp-devcontainer-cpp	ghcr.io/philips-software/amp-devcontainer-cpp:v6.8.2@sha256:8d6d0b49bef9b1f572793dee8dcc05edcbe4f44f108f075640dda284ff3e2d4e
amp-devcontainer-rust	ghcr.io/philips-software/amp-devcontainer-rust:v6.8.2@sha256:068758b17ecff0032a64eb5a3efcb1570fcf814e6991bbdb940826d6f5eb0b95

Bug Fixes

• Add required permission to release workflow (#1163) (6041313) (by @​rjaegers)
• Update apt.llvm.org gpg key checksum (#1162) (117adbc) (by @​rjaegers)

Chores

• deps: Bump conan from 2.24.0 to 2.25.2 in amp-devcontainer-cpp (#1139) (9e104c6) (#1149) (d938b08) (by @​dependabot)
• deps, base: Update g++-14 (#1156) (db4e403) (by @​dependabot)
• deps, cpp: Update alexkrechik.cucumberautocomplete, ms-vscode.cpptools in devcontainer.json (#1154) (248dd41)
• deps, cpp: Update github.vscode-pull-request-github, ms-vscode.cmake-tools, ms-vscode.cpptools in devcontainer.json (#1145) (ea8d44c)
• deps, cpp: Update ms-vscode.cmake-tools, ms-vscode.cpptools in devcontainer-metadata.json (#1144) (84f3450)
• deps, cpp: Update ms-vscode.cmake-tools, sonarsource.sonarlint-vscode in devcontainer-metadata.json (#1159) (fb963d1)
• deps, cpp: Update ms-vscode.cmake-tools, sonarsource.sonarlint-vscode in devcontainer.json (#1160) (fd8449d)
• deps, cpp: Update ms-vscode.cpptools in devcontainer-metadata.json (#1152) (6a57e1b)
• deps, rust: Update github.vscode-pull-request-github in devcontainer.json (#1146) (02d75f0)
• deps, rust: Update rust-lang.rust-analyzer in devcontainer-metadata.json (#1153) (22ef006)
• deps, rust: Update rust-lang.rust-analyzer in devcontainer.json (#1155) (bfe1bc2)
• deps, rust: Update sonarsource.sonarlint-vscode in devcontainer.json (#1161) (5ad6b8c)

Changelog

Sourced from philips-software/amp-devcontainer's changelog.

CHANGELOG

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

6.8.2 (2026-02-24)

Bug Fixes

• Add required permission to release workflow (#1163) (6041313)

6.8.1 (2026-02-23)

Bug Fixes

• Update apt.llvm.org gpg key checksum (#1162) (117adbc)
• Update apt.llvm.org gpg key snapshot (117adbc)

Chores

• deps, base: Update g++-14 (#1156) (db4e403)
• deps, cpp: Update alexkrechik.cucumberautocomplete, ms-vscode.cpptools in devcontainer.json (#1154) (248dd41)
• deps, cpp: Update github.vscode-pull-request-github, ms-vscode.cmake-tools, ms-vscode.cpptools in devcontainer.json (#1145) (ea8d44c)
• deps, cpp: Update ms-vscode.cmake-tools, ms-vscode.cpptools in devcontainer-metadata.json (#1144) (84f3450)
• deps, cpp: Update ms-vscode.cmake-tools, sonarsource.sonarlint-vscode in devcontainer-metadata.json (#1159) (fb963d1)
• deps, cpp: Update ms-vscode.cmake-tools, sonarsource.sonarlint-vscode in devcontainer.json (#1160) (fd8449d)
• deps, cpp: Update ms-vscode.cpptools in devcontainer-metadata.json (#1152) (6a57e1b)
• deps, rust: Update github.vscode-pull-request-github in devcontainer.json (#1146) (02d75f0)
• deps, rust: Update rust-lang.rust-analyzer in devcontainer-metadata.json (#1153) (22ef006)
• deps, rust: Update rust-lang.rust-analyzer in devcontainer.json (#1155) (bfe1bc2)
• deps, rust: Update sonarsource.sonarlint-vscode in devcontainer.json (#1161) (5ad6b8c)
• deps: Bump conan from 2.24.0 to 2.25.1 in /.devcontainer (#1139) (9e104c6)
• deps: Bump conan from 2.25.1 to 2.25.2 in /.devcontainer (#1149) (d938b08)

6.8.0 (2026-02-05)

Features

• Update LLVM/Clang to version 20 (#1125) (20dddd7)

Chores

• deps: Update CPM to version 0.42.1 (#1126) (fea1e09)

... (truncated)

Commits

• bb4d772 chore(main): release 6.8.2 (#1164)
• 6041313 fix: add required permission to release workflow (#1163)
• 78e6999 chore(main): release 6.8.1 (#1142)
• fd8449d chore(deps, cpp): update ms-vscode.cmake-tools, sonarsource.sonarlint-vscode ...
• 5ad6b8c chore(deps, rust): update sonarsource.sonarlint-vscode in devcontainer.json (...
• fb963d1 chore(deps, cpp): update ms-vscode.cmake-tools, sonarsource.sonarlint-vscode ...
• f5ca44f ci(deps): bump the github-actions group with 3 updates (#1158)
• 1fb0a09 test(deps): bump the npm group with 3 updates (#1157)
• 117adbc fix: update apt.llvm.org gpg key checksum (#1162)
• bfe1bc2 chore(deps, rust): update rust-lang.rust-analyzer in devcontainer.json (#1155)
• Additional commits viewable in compare view

Updates anchore/sbom-action from 0.22.2 to 0.23.0

Release notes

Sourced from anchore/sbom-action's releases.

v0.23.0

• switch to single-file dist build with sub-action flags and update dependencies (#595) [@​kzantow]
• switch to esbuild (#590) [@​willmurphyscode]
• update Syft to v1.42.1 (#599) [@anchore-actions-token-generator[bot]]

Commits

• 17ae174 chore(deps/test): move to es modules, node:test, single dist file (#595)
• 6d473d3 chore(deps): update Syft to v1.42.1 (#599)
• 60619e7 fix tests and bump fast-xml-parser (#598)
• e2bd58a chore(deps-dev): bump the dev-dependencies group with 3 updates (#592)
• d032d7d ci(syft auto update): npm ci, not npm install (#597)
• 2d09430 fix(dev): switch to esbuild (#590)
• 74c5ce9 chore(deps): update Syft to v1.42.0 (#589)
• 77fae5a chore(deps-dev): bump the dev-dependencies group with 4 updates (#583)
• debc3ee chore(deps): bump npm-check-updates in the non-major group (#584)
• fff8762 chore(deps): bump zizmorcore/zizmor-action from 0.4.1 to 0.5.0 (#588)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-base:edge ➔ ghcr.io/philips-software/amp-devcontainer-base:pr-1178

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	175.16 MB	175.16 MB	123 B (0%)	🔽
linux/arm64	167.63 MB	167.63 MB	+36 B (+0%)	🔼

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	23		0	0	0.67s
✅ DOCKERFILE	hadolint	3		0	0	0.79s
✅ GHERKIN	gherkin-lint	6		0	0	2.62s
✅ JSON	npm-package-json-lint	yes		no	no	0.46s
✅ JSON	prettier	21	4	0	0	0.68s
✅ JSON	v8r	21		0	0	7.32s
✅ MARKDOWN	markdownlint	12	0	0	0	1.1s
✅ MARKDOWN	markdown-table-formatter	12	0	0	0	0.28s
✅ REPOSITORY	checkov	yes		no	no	17.95s
✅ REPOSITORY	gitleaks	yes		no	no	0.61s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	31.33s
✅ REPOSITORY	secretlint	yes		no	no	0.94s
✅ REPOSITORY	syft	yes		no	no	1.97s
✅ REPOSITORY	trivy	yes		no	no	8.28s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.23s
✅ REPOSITORY	trufflehog	yes		no	no	2.2s
⚠️ SPELL	lychee	83		2	0	21.63s
✅ YAML	prettier	31	0	0	0	1.02s
✅ YAML	v8r	31		0	0	8.43s
✅ YAML	yamllint	31		0	0	0.86s

Detailed Issues

⚠️ SPELL / lychee - 2 errors

[IGNORED] docker://pandoc/extra:3.7.0@sha256:a703d335fa237f8fc3303329d87e2555dca5187930da38bfa9010fa4e690933a | Unsupported: Error creating request client: builder error for url (docker://pandoc/extra:3.7.0@sha256:a703d335fa237f8fc3303329d87e2555dca5187930da38bfa9010fa4e690933a)
[ERROR] https://www.sigstore.dev/ | Network error: error sending request for url (https://www.sigstore.dev/) Maybe a certificate error?
[403] https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads | Network error: Forbidden
[IGNORED] https://vscode.dev/redirect?url=vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer | Unsupported: Error creating request client: builder error for url (vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer)
📝 Summary
---------------------
🔍 Total..........126
✅ Successful.....122
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........0
❓ Unknown..........0
🚫 Errors...........2

Errors in .github/TOOL_VERSION_ISSUE_TEMPLATE.md
[403] https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads | Network error: Forbidden

Errors in README.md
[ERROR] https://www.sigstore.dev/ | Network error: error sending request for url (https://www.sigstore.dev/) Maybe a certificate error?

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.3.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,DOCKERFILE_HADOLINT,GHERKIN_GHERKIN_LINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-rust:edge ➔ ghcr.io/philips-software/amp-devcontainer-rust:pr-1178

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	555.58 MB	555.57 MB	217 B (0%)	🔽
linux/arm64	509.75 MB	509.75 MB	+31 B (+0%)	🔼

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-cpp:edge ➔ ghcr.io/philips-software/amp-devcontainer-cpp:pr-1178

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	696.86 MB	696.86 MB	116 B (0%)	🔽
linux/arm64	677.67 MB	677.67 MB	+163 B (+0%)	🔼

[github-actions]

Test Results

 12 files   - 1   12 suites   - 1   17m 59s ⏱️ - 4m 30s
 32 tests  - 1   32 ✅  - 1  0 💤 ±0  0 ❌ ±0 
136 runs   - 1  136 ✅  - 1  0 💤 ±0  0 ❌ ±0 

Results for commit eee4d67. ± Comparison against base commit be2bd22.

[github-actions]

Pull Request Report (#1178)

Static measures

Description	Value
Number of added lines	3
Number of deleted lines	3
Number of changed files	2
Number of commits	1
Number of reviews	1
Number of comments (w/o review comments)	6
Number of reviews that contains a comment to resolve	0
Number of reviews that requested a change from the author	0
Number of reviews that approved the Pull Request	1
Get the total number of participants of a Pull Request	4

Time related measures

Description	Value
PR lead time (from creation to close of PR)	11.1 Hours
Time that was spend on the branch before the PR was created	1 Sec
Time that was spend on the branch before the PR was merged	11.1 Hours
Time to merge after last review	1.3 Hours

Status check related measures

Description	Value
Total runtime for last status check run (Workflow for PR)	1.1 Hours
Total time spend in last status check run on PR	28.5 Min