chore(deps): update dependency typeorm-extension to v3

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
typeorm-extension	2.8.1 → 3.9.0

---

Release Notes

tada5hi/typeorm-extension (typeorm-extension)

v3.9.0

Compare Source

Bug Fixes

• deps: bump the minorandpatch group across 1 directory with 12 updates (#​1284) (f32f812)

Features

• add create database template support for postgres (#​1244) (d4d66d3), closes #​1226
• postgres: allow schema creation for postgres (#​1247) (986ff58)

3.9.0 (2026-02-26)

Features

• enable to hook in on joinRelation (#​1359) (bc949f0)

Bug Fixes

• don't destroy data-source in generateMigration (c824165)

3.8.0 (2026-02-02)

Features

• load faker on-demand so it is not required (#​1351) (7a40ba2)

Bug Fixes

• setting default pagination value if options.maxLimit is set (08dc50e)

3.7.4 (2026-01-30)

Bug Fixes

• allways apply pagination.maxLimit option (01022b2)

3.7.3 (2025-12-10)

Bug Fixes

• allow null type for entityExisting in unique check (3731139)
• preserve data source options in database operations (#​1347) (dc771e1)

3.7.2 (2025-11-25)

Bug Fixes

• deps: bump locter to v2.1.1 (b012542)
• deps: bump yargs to v18.0.0 (6b8e689)
• deps: define faker as peer-dependency (71408c0)

3.6.3 (2024-11-06)

Bug Fixes

• deps: bump locter from 2.1.3 to 2.1.5 (#​1191) (ee4d5d0)
• enhance skipRelation check in validate entity join columns fn (3120433)
• validate entity join columns - respect nullable join columns (ab87659)

3.6.2 (2024-10-08)

Bug Fixes

• consider runSchema- & synchronize-option in checkDatabase fn (b90a127)
• deps: bump locter from 2.1.0 to 2.1.3 (#​1155) (48752e7)

3.6.1 (2024-08-11)

Bug Fixes

• adjust data source cleanup behaviour to jsdoc description (e27f42e)
• schema detection in check-database fn (39dcc92)

v3.8.0

Compare Source

Bug Fixes

• deps: bump the minorandpatch group across 1 directory with 12 updates (#​1284) (f32f812)

Features

• add create database template support for postgres (#​1244) (d4d66d3), closes #​1226
• postgres: allow schema creation for postgres (#​1247) (986ff58)

3.8.0 (2026-02-02)

Features

• load faker on-demand so it is not required (#​1351) (7a40ba2)

Bug Fixes

• setting default pagination value if options.maxLimit is set (08dc50e)

3.7.4 (2026-01-30)

Bug Fixes

• allways apply pagination.maxLimit option (01022b2)

3.7.3 (2025-12-10)

Bug Fixes

• allow null type for entityExisting in unique check (3731139)
• preserve data source options in database operations (#​1347) (dc771e1)

3.7.2 (2025-11-25)

Bug Fixes

• deps: bump locter to v2.1.1 (b012542)
• deps: bump yargs to v18.0.0 (6b8e689)
• deps: define faker as peer-dependency (71408c0)

3.6.3 (2024-11-06)

Bug Fixes

• deps: bump locter from 2.1.3 to 2.1.5 (#​1191) (ee4d5d0)
• enhance skipRelation check in validate entity join columns fn (3120433)
• validate entity join columns - respect nullable join columns (ab87659)

3.6.2 (2024-10-08)

Bug Fixes

• consider runSchema- & synchronize-option in checkDatabase fn (b90a127)
• deps: bump locter from 2.1.0 to 2.1.3 (#​1155) (48752e7)

3.6.1 (2024-08-11)

Bug Fixes

• adjust data source cleanup behaviour to jsdoc description (e27f42e)
• schema detection in check-database fn (39dcc92)

v3.7.4

Compare Source

Bug Fixes

• deps: bump the minorandpatch group across 1 directory with 12 updates (#​1284) (f32f812)

Features

• add create database template support for postgres (#​1244) (d4d66d3), closes #​1226
• postgres: allow schema creation for postgres (#​1247) (986ff58)

3.8.0 (2026-02-02)

Features

• load faker on-demand so it is not required (#​1351) (7a40ba2)

Bug Fixes

• setting default pagination value if options.maxLimit is set (08dc50e)

3.7.4 (2026-01-30)

Bug Fixes

• allways apply pagination.maxLimit option (01022b2)

3.7.3 (2025-12-10)

Bug Fixes

• allow null type for entityExisting in unique check (3731139)
• preserve data source options in database operations (#​1347) (dc771e1)

3.7.2 (2025-11-25)

Bug Fixes

• deps: bump locter to v2.1.1 (b012542)
• deps: bump yargs to v18.0.0 (6b8e689)
• deps: define faker as peer-dependency (71408c0)

3.6.3 (2024-11-06)

Bug Fixes

• deps: bump locter from 2.1.3 to 2.1.5 (#​1191) (ee4d5d0)
• enhance skipRelation check in validate entity join columns fn (3120433)
• validate entity join columns - respect nullable join columns (ab87659)

3.6.2 (2024-10-08)

Bug Fixes

• consider runSchema- & synchronize-option in checkDatabase fn (b90a127)
• deps: bump locter from 2.1.0 to 2.1.3 (#​1155) (48752e7)

3.6.1 (2024-08-11)

Bug Fixes

• adjust data source cleanup behaviour to jsdoc description (e27f42e)
• schema detection in check-database fn (39dcc92)

v3.7.3

Compare Source

Bug Fixes

• deps: bump the minorandpatch group across 1 directory with 12 updates (#​1284) (f32f812)

Features

• add create database template support for postgres (#​1244) (d4d66d3), closes #​1226
• postgres: allow schema creation for postgres (#​1247) (986ff58)

3.7.3 (2025-12-10)

Bug Fixes

• allow null type for entityExisting in unique check (3731139)
• preserve data source options in database operations (#​1347) (dc771e1)

3.7.2 (2025-11-25)

Bug Fixes

• deps: bump locter to v2.1.1 (b012542)
• deps: bump yargs to v18.0.0 (6b8e689)
• deps: define faker as peer-dependency (71408c0)

3.6.3 (2024-11-06)

Bug Fixes

• deps: bump locter from 2.1.3 to 2.1.5 (#​1191) (ee4d5d0)
• enhance skipRelation check in validate entity join columns fn (3120433)
• validate entity join columns - respect nullable join columns (ab87659)

3.6.2 (2024-10-08)

Bug Fixes

• consider runSchema- & synchronize-option in checkDatabase fn (b90a127)
• deps: bump locter from 2.1.0 to 2.1.3 (#​1155) (48752e7)

3.6.1 (2024-08-11)

Bug Fixes

• adjust data source cleanup behaviour to jsdoc description (e27f42e)
• schema detection in check-database fn (39dcc92)

v3.7.2

Compare Source

Bug Fixes

• deps: bump the minorandpatch group across 1 directory with 12 updates (#​1284) (f32f812)

Features

• add create database template support for postgres (#​1244) (d4d66d3), closes #​1226
• postgres: allow schema creation for postgres (#​1247) (986ff58)

3.7.3 (2025-12-10)

Bug Fixes

• allow null type for entityExisting in unique check (3731139)
• preserve data source options in database operations (#​1347) (dc771e1)

3.7.2 (2025-11-25)

Bug Fixes

• deps: bump locter to v2.1.1 (b012542)
• deps: bump yargs to v18.0.0 (6b8e689)
• deps: define faker as peer-dependency (71408c0)

3.6.3 (2024-11-06)

Bug Fixes

• deps: bump locter from 2.1.3 to 2.1.5 (#​1191) (ee4d5d0)
• enhance skipRelation check in validate entity join columns fn (3120433)
• validate entity join columns - respect nullable join columns (ab87659)

3.6.2 (2024-10-08)

Bug Fixes

• consider runSchema- & synchronize-option in checkDatabase fn (b90a127)
• deps: bump locter from 2.1.0 to 2.1.3 (#​1155) (48752e7)

3.6.1 (2024-08-11)

Bug Fixes

• adjust data source cleanup behaviour to jsdoc description (e27f42e)
• schema detection in check-database fn (39dcc92)

v3.7.1

Compare Source

Bug Fixes

• isUnique check - use indicies if ownUniques columns are not populated (7f4aed4)

v3.7.0

Compare Source

Bug Fixes

• deps: bump the minorandpatch group across 1 directory with 12 updates (#​1284) (f32f812)

Features

• add create database template support for postgres (#​1244) (d4d66d3), closes #​1226
• postgres: allow schema creation for postgres (#​1247) (986ff58)

3.6.3 (2024-11-06)

Bug Fixes

• deps: bump locter from 2.1.3 to 2.1.5 (#​1191) (ee4d5d0)
• enhance skipRelation check in validate entity join columns fn (3120433)
• validate entity join columns - respect nullable join columns (ab87659)

3.6.2 (2024-10-08)

Bug Fixes

• consider runSchema- & synchronize-option in checkDatabase fn (b90a127)
• deps: bump locter from 2.1.0 to 2.1.3 (#​1155) (48752e7)

3.6.1 (2024-08-11)

Bug Fixes

• adjust data source cleanup behaviour to jsdoc description (e27f42e)
• schema detection in check-database fn (39dcc92)

v3.6.3

Compare Source

Bug Fixes

• deps: bump the minorandpatch group across 1 directory with 12 updates (#​1284) (f32f812)

Features

• add create database template support for postgres (#​1244) (d4d66d3), closes #​1226
• postgres: allow schema creation for postgres (#​1247) (986ff58)

3.6.3 (2024-11-06)

Bug Fixes

• deps: bump locter from 2.1.3 to 2.1.5 (#​1191) (ee4d5d0)
• enhance skipRelation check in validate entity join columns fn (3120433)
• validate entity join columns - respect nullable join columns (ab87659)

3.6.2 (2024-10-08)

Bug Fixes

• consider runSchema- & synchronize-option in checkDatabase fn (b90a127)
• deps: bump locter from 2.1.0 to 2.1.3 (#​1155) (48752e7)

3.6.1 (2024-08-11)

Bug Fixes

• adjust data source cleanup behaviour to jsdoc description (e27f42e)
• schema detection in check-database fn (39dcc92)

v3.6.2

Compare Source

Bug Fixes

• deps: bump the minorandpatch group across 1 directory with 12 updates (#​1284) (f32f812)

Features

• add create database template support for postgres (#​1244) (d4d66d3), closes #​1226
• postgres: allow schema creation for postgres (#​1247) (986ff58)

3.6.3 (2024-11-06)

Bug Fixes

• deps: bump locter from 2.1.3 to 2.1.5 (#​1191) (ee4d5d0)
• enhance skipRelation check in validate entity join columns fn (3120433)
• validate entity join columns - respect nullable join columns (ab87659)

3.6.2 (2024-10-08)

Bug Fixes

• consider runSchema- & synchronize-option in checkDatabase fn (b90a127)
• deps: bump locter from 2.1.0 to 2.1.3 (#​1155) (48752e7)

3.6.1 (2024-08-11)

Bug Fixes

• adjust data source cleanup behaviour to jsdoc description (e27f42e)
• schema detection in check-database fn (39dcc92)

v3.6.1

Compare Source

Bug Fixes

• deps: bump the minorandpatch group across 1 directory with 12 updates (#​1284) (f32f812)

Features

• add create database template support for postgres (#​1244) (d4d66d3), closes #​1226
• postgres: allow schema creation for postgres (#​1247) (986ff58)

3.6.3 (2024-11-06)

Bug Fixes

• deps: bump locter from 2.1.3 to 2.1.5 (#​1191) (ee4d5d0)
• enhance skipRelation check in validate entity join columns fn (3120433)
• validate entity join columns - respect nullable join columns (ab87659)

3.6.2 (2024-10-08)

Bug Fixes

• consider runSchema- & synchronize-option in checkDatabase fn (b90a127)
• deps: bump locter from 2.1.0 to 2.1.3 (#​1155) (48752e7)

3.6.1 (2024-08-11)

Bug Fixes

• adjust data source cleanup behaviour to jsdoc description (e27f42e)
• schema detection in check-database fn (39dcc92)

v3.6.0

Compare Source

Bug Fixes

• deps: bump the minorandpatch group across 1 directory with 12 updates (#​1284) (f32f812)

Features

• add create database template support for postgres (#​1244) (d4d66d3), closes #​1226
• postgres: allow schema creation for postgres (#​1247) (986ff58)

3.6.3 (2024-11-06)

Bug Fixes

• deps: bump locter from 2.1.3 to 2.1.5 (#​1191) (ee4d5d0)
• enhance skipRelation check in validate entity join columns fn (3120433)
• validate entity join columns - respect nullable join columns (ab87659)

3.6.2 (2024-10-08)

Bug Fixes

• consider runSchema- & synchronize-option in checkDatabase fn (b90a127)
• deps: bump locter from 2.1.0 to 2.1.3 (#​1155) (48752e7)

3.6.1 (2024-08-11)

Bug Fixes

• adjust data source cleanup behaviour to jsdoc description (e27f42e)
• schema detection in check-database fn (39dcc92)

v3.5.1

Compare Source

Features

• add experimental entity-{uniqueness,property-names,join-columns} helpers (#​1062) (9ab61cc)

3.5.1 (2024-04-09)

Bug Fixes

• deps: bump locter from 2.0.2 to 2.1.0 (#​957) (34d491f)
• deps: bump reflect-metadata from 0.2.1 to 0.2.2 (#​958) (7e8e885)
• deps: bump smob from 1.4.1 to 1.5.0 (#​961) (d14f79a)
• remove extension in typeorm-extension import in seeder template file (#​954) (4ccb4b6)

Performance Improvements

• opimized seeder-factory save-many fn (#​955) (a4dfce5)

v3.5.0

Compare Source

Features

• add experimental entity-{uniqueness,property-names,join-columns} helpers (#​1062) (9ab61cc)

3.5.1 (2024-04-09)

Bug Fixes

• deps: bump locter from 2.0.2 to 2.1.0 (#​957) (34d491f)
• deps: bump reflect-metadata from 0.2.1 to 0.2.2 (#​958) (7e8e885)
• deps: bump smob from 1.4.1 to 1.5.0 (#​961) (d14f79a)
• remove extension in typeorm-extension import in seeder template file (#​954) (4ccb4b6)

Performance Improvements

• opimized seeder-factory save-many fn (#​955) (a4dfce5)

v3.4.0

Compare Source

Bug Fixes

• deps: bump @​faker-js/faker from 8.3.1 to 8.4.0 (#​859) (7d505d4)
• deps: bump @​faker-js/faker from 8.4.0 to 8.4.1 (#​885) (e9585f6)
• optimized useEnv singleton fn (a7f08d1)

Features

• use envix for environment management (883b9d4)

3.4.1-beta.1 (2024-02-07)

Bug Fixes

• deps: bump @​faker-js/faker from 8.3.1 to 8.4.0 (#​859) (7d505d4)
• don't export bin path (3f9708d)

v3.3.0

Compare Source

Bug Fixes

• deps: bump locter from 1.2.3 to 1.3.0 (#​826) (00cb9c7)
• deps: bump reflect-metadata from 0.1.13 to 0.2.1 (#​825) (1805a49)
• merging data-source options (#​829) (1d0261a), closes #​782 #​779 #​776

Features

• bump version (94e6668)

v3.2.0

Compare Source

Bug Fixes

• deps: bump @​faker-js/faker from 8.2.0 to 8.3.1 (#​782) (fa7a114)
• deps: bump locter from 1.2.2 to 1.2.3 (#​779) (e89daea)

Features

• seeder with non default export (#​776) (e1fe651)

3.1.1 (2023-10-24)

Bug Fixes

• multiple shebangs in cli entrypoint (c227c66)

v3.1.1

Compare Source

Bug Fixes

• deps: bump @​faker-js/faker from 8.2.0 to 8.3.1 (#​782) (fa7a114)
• deps: bump locter from 1.2.2 to 1.2.3 (#​779) (e89daea)

Features

• seeder with non default export (#​776) (e1fe651)

3.1.1 (2023-10-24)

Bug Fixes

• multiple shebangs in cli entrypoint (c227c66)

v3.1.0

Compare Source

Bug Fixes

• deps: bump @​faker-js/faker from 8.2.0 to 8.3.1 (#​782) (fa7a114)
• deps: bump locter from 1.2.2 to 1.2.3 (#​779) (e89daea)

Features

• seeder with non default export (#​776) (e1fe651)

3.1.1 (2023-10-24)

Bug Fixes

• multiple shebangs in cli entrypoint (c227c66)

v3.0.2

Compare Source

Bug Fixes

• deps: bump @​faker-js/faker from 8.0.2 to 8.2.0 (#​734) (f3e5054)
• deps: bump smob from 1.4.0 to 1.4.1 (#​732) (fb71fae)

Features

• async data-source exports (a2cdb9d)

3.0.2 (2023-09-15)

Bug Fixes

• deps: bump locter from 1.2.1 to 1.2.2 (#​687) (3c26fdd)

3.0.1 (2023-07-27)

Bug Fixes

• export seeder entity (4f728fd)
• seeder: ensure SeederExecutor properly sort seed file on fileName (#​642) (a9c4f92)

v3.0.1

Compare Source

Bug Fixes

• deps: bump @​faker-js/faker from 8.0.2 to 8.2.0 (#​734) (f3e5054)
• deps: bump smob from 1.4.0 to 1.4.1 (#​732) (fb71fae)

Features

• async data-source exports (a2cdb9d)

3.0.2 (2023-09-15)

Bug Fixes

• deps: bump locter from 1.2.1 to 1.2.2 (#​687) (3c26fdd)

3.0.1 (2023-07-27)

Bug Fixes

• export seeder entity (4f728fd)
• seeder: ensure SeederExecutor properly sort seed file on fileName (#​642) (a9c4f92)

v3.0.0

Compare Source

Bug Fixes

• deps: bump @​faker-js/faker from 8.0.2 to 8.2.0 (#​734) (f3e5054)
• deps: bump smob from 1.4.0 to 1.4.1 (#​732) (fb71fae)

Features

• async data-source exports (a2cdb9d)

3.0.2 (2023-09-15)

Bug Fixes

• deps: bump locter from 1.2.1 to 1.2.2 (#​687) (3c26fdd)

3.0.1 (2023-07-27)

Bug Fixes

• export seeder entity (4f728fd)
• seeder: ensure SeederExecutor properly sort seed file on fileName (#​642) (a9c4f92)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[ghost]

👇 Click on the image for a new way to code review

Legend

[github-actions]

🦙 MegaLinter status: ❌ ERROR

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
❌ ACTION	actionlint	6		1	0	0.27s
✅ BASH	bash-exec	3		0	0	0.02s
❌ BASH	shellcheck	3		1	0	0.04s
✅ BASH	shfmt	3	0	0	0	0.04s
✅ COPYPASTE	jscpd	yes		no	no	3.82s
❌ DOCKERFILE	hadolint	2		1	0	0.37s
✅ EDITORCONFIG	editorconfig-checker	157		0	0	0.77s
✅ JSON	jsonlint	18		0	0	0.21s
✅ JSON	npm-package-json-lint	yes		no	no	0.69s
✅ JSON	prettier	18	0	0	0	1.68s
❌ JSON	v8r	18		1	0	10.23s
⚠️ MARKDOWN	markdownlint	2	1	73	0	1.57s
❌ MARKDOWN	markdown-link-check	2		5	0	20.1s
✅ MARKDOWN	markdown-table-formatter	2	1	0	0	0.28s
❌ REPOSITORY	checkov	yes		5	no	18.16s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
❌ REPOSITORY	grype	yes		43	no	31.02s
✅ REPOSITORY	secretlint	yes		no	no	0.82s
✅ REPOSITORY	syft	yes		no	no	6.6s
⚠️ REPOSITORY	trivy	yes		1	no	15.77s
✅ REPOSITORY	trivy-sbom	yes		no	no	5.91s
✅ REPOSITORY	trufflehog	yes		no	no	15.85s
✅ SPELL	cspell	159		0	0	5.45s
❌ SPELL	lychee	32		11	0	2.34s
✅ TYPESCRIPT	prettier	108	36	0	0	5.94s
❌ TYPESCRIPT	ts-standard	108	108	1	0	29.74s
✅ YAML	prettier	12	0	0	0	1.99s
✅ YAML	v8r	12		0	0	5.8s
❌ YAML	yamllint	12		21	0	5.77s

See detailed report in MegaLinter reports

[kodiakhq]

This PR currently has a merge conflict. Please resolve this and then re-add the automerge label.

[kodiakhq]

This PR currently has a merge conflict. Please resolve this and then re-add the automerge label.

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ COPYPASTE	jscpd	yes		no	no	3.92s
✅ EDITORCONFIG	editorconfig-checker	2		0	0	0.02s
✅ JSON	jsonlint	1		0	0	0.44s
✅ JSON	npm-package-json-lint	yes		no	no	0.56s
⚠️ JSON	prettier	1	0	1	0	0.39s
✅ JSON	v8r	1		0	0	9.15s
❌ REPOSITORY	checkov	yes		5	no	24.65s
❌ REPOSITORY	devskim	yes		45	no	168.9s
✅ REPOSITORY	dustilock	yes		no	no	1.0s
✅ REPOSITORY	git_diff	yes		no	no	0.03s
❌ REPOSITORY	grype	yes		64	no	56.7s
❌ REPOSITORY	kingfisher	yes		1	no	7.95s
❌ REPOSITORY	osv-scanner	yes		64	no	3.48s
❌ REPOSITORY	secretlint	yes		1	no	1.05s
✅ REPOSITORY	syft	yes		no	no	5.44s
⚠️ REPOSITORY	trivy	yes		1	no	13.87s
✅ REPOSITORY	trivy-sbom	yes		no	no	4.99s
✅ REPOSITORY	trufflehog	yes		no	no	3.97s
✅ SPELL	cspell	3		0	0	2.48s
❌ SPELL	lychee	2		1	0	0.88s
✅ YAML	prettier	1	0	0	0	0.47s
✅ YAML	v8r	1		0	0	1.3s
❌ YAML	yamllint	1		4	0	5.36s

Detailed Issues

❌ REPOSITORY / checkov - 5 errors

dockerfile scan results:

Passed checks: 77, Failed checks: 1, Skipped checks: 0

Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
	FAILED for resource: /Dockerfile.
	File: /Dockerfile:1-47
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created

		1  | ARG NODE_VERSION=lts-slim
		2  | 
		3  | FROM node:${NODE_VERSION} AS dependencies
		4  | 
		5  | WORKDIR /app
		6  | 
		7  | ENV PNPM_HOME="/pnpm"
		8  | ENV PATH="$PNPM_HOME:$PATH"
		9  | 
		10 | RUN --mount=type=cache,id=pnpm-store,target=/pnpm/store \
		11 |     --mount=type=bind,source=package.json,target=/app/package.json \
		12 |     --mount=type=bind,source=pnpm-lock.yaml,target=/app/pnpm-lock.yaml \
		13 |     corepack enable && \
		14 |     pnpm install --frozen-lockfile --strict-peer-dependencies
		15 | 
		16 | FROM dependencies AS builder
		17 | 
		18 | COPY --chown=node:node src/ /app/src
		19 | 
		20 | RUN --mount=type=bind,source=package.json,target=/app/package.json \
		21 |     --mount=type=bind,source=nest-cli.json,target=/app/nest-cli.json \
		22 |     --mount=type=bind,source=tsconfig.json,target=/app/tsconfig.json \
		23 |     --mount=type=bind,source=tsconfig.build.json,target=/app/tsconfig.build.json \
		24 |     pnpm build
		25 | 
		26 | FROM builder AS pruner
		27 | 
		28 | RUN --mount=type=cache,id=pnpm-store,target=/pnpm/store \
		29 |     --mount=type=bind,source=package.json,target=/app/package.json \
		30 |     --mount=type=bind,source=pnpm-lock.yaml,target=/app/pnpm-lock.yaml \
		31 |     pnpm prune --prod --ignore-scripts
		32 | 
		33 | FROM gcr.io/distroless/nodejs22-debian12:nonroot
		34 | 
		35 | WORKDIR /app
		36 | 
		37 | ENV PORT=3000
		38 | 
		39 | COPY --chown=nonroot:nonroot --from=pruner /app/node_modules ./node_modules
		40 | COPY --chown=nonroot:nonroot --from=builder /app/dist .
		41 | COPY --chown=nonroot:nonroot CHANGELOG.md LICENSE package.json /app/
		42 | 
		43 | EXPOSE ${PORT}
		44 | 
		45 | HEALTHCHECK --interval=30s --timeout=2s --start-period=10s --retries=2 CMD [ "/nodejs/bin/node", "bin/health-checker.js" ]
		46 | 
		47 | CMD ["main.js"]
github_actions scan results:

Passed checks: 212, Failed checks: 4, Skipped checks: 0

Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(CI)
	File: /.github/workflows/ci.yml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Release)
	File: /.github/workflows/release.yml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(CodeQL)
	File: /.github/workflows/codeql-analysis.yml:27-28
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Publish)
	File: /.github/workflows/publish.yml:11-12

❌ REPOSITORY / devskim - 45 errors

dddf7d787c4c63d8b9b7f3e4c1dec1c9d3fd07c476a7f7493a04dafef1ce93a7f7ef9dee3d3939b8777c40f3faf484467bbaf774679fa667e78039e9fef1f1c1bdfb44bafdbd7b3498a7c7a727bb274f9ede3b7876fcf0e19383837bfbd2e9c9c9cedefd877b3b9fee1e1f3c79f2e4d307c79f3eb9777fefc18383a73b4f764ef64518ee9feeec1eec3d3da5b9a46ef69e7d7afa941a1decd0ec9edc7bb0b3fbe021e3f6e9eea7f7ef9d7cbab7bb737cbc7f0a7ade3fb87fffd9c3dd67a7c46cbb4f3f954e3ffd94c4fefe83bd4f4976efdf7bb2fb70e7e0d9cef1c1c1ce3ea1797ff7e4e4190fe15312e77b3bc49c24a14f9fec11f10e769eeeec3edbf9f4d9431acaeec99e403bfdf4608726e8dee9934ff7ee11bbdedb2515421cb07f7fefd933424526ebc1fda7fb9f3e2079a676f74e0e9e3d3d7e7af0607feff8c9e92981223e7d28cd0e9e3dbb4703ff941875f75362d387344b0f487e3e7df8e9a70f4e8989a5d9c3fb9f3e257e3d21d2ed136bd3504e774f0e3092e3ddbda7f75466a8d9f1d327a70f8818d46ee753e292fd070f3edda7b6a41e483e65080f8e1feceddd7ff2e0c10308ca83879f3e7b7aef1931d5c393dd07a4609edcd74e9fec11294848f6eeedef3ea16190823b21f21cdfbf7f42b343c2cba2458a91067872f02971d6d3fb3b27c73488fbc70f9e3d7bf0f0945ec1481fa2d9b3e3a7cf1e7ebaf3ec788f7a2065425a6ef721a69e44e3841876873b3dd83f\"","markdown":"`\"1f8b0800000000000400edbd07601c499625262f6dca7b7f4af54ad7e074a10880601324d8904010ecc188cde692ec1d69472329ab2a81ca6556655d661640cced9dbcf7de7befbdf7de7befbdf7ba3b9d4e27f7dfff3f5c6664016cf6ce4adac99e2180aac81f3f7e7c1f3f227676ee9d3cdddbbdffe0dec3a70f4e769feceded1e7cfa60e7e9dea7cf0e76f7770ef6ee3d78b4fb1b27d4ece9a707a74feedfdff9f4e0e4debde393d39d877bfb0f4e4ff74f3ebdf7f0decea74f1eed53b3ddbd93dd877b4ff69eedd2fb7ba7c73ba74f1e9e3edb3d78faf0e9fd7b0f9fec3c7dfae81e9addbbb773f2e9c1c3d3fb4f3fdd7ff6e9a73b4f3f7db8ffe0f8e1bde3a79fdedb3f7d76f08c3bddfd74f7e9c34f9fecdf7fb6b3f3f0e0607fe7f8d37b073bf7f69f3cdb3bde7b78f0e933c16df7e1c183fd8367f7eeedde7fb6bff364f7787767ef09757a4afdef3edc3f79faf0d11e9a3d7bb873efde937b273bd4f7fda74f9e3dfdf4e9eed393fda77b7b0f770f9edd3f7d284378f6f4d9bd83e327bb4f9e7efa8cd0bc7f6f67efe4f860e7e40191e6f4e1eec34fb9d3bd870f1feede27b4ef1def3e79f6e943a2e1098deff4c1fd03a2c1d3e34f4fb9d9bdfdfd83d39d7b07bba74f1fdc7f70fa6cff01357e7072727fef9408f3ecc98e4023b49fedef9e9e3c7c7070ffd993270f4eef3d7db27f7cbaff707f6feff8c1c1831d81b6bfb7fff4c9c3839307c73b07fb9f3edd3bf9f4e4c1fdd34f1f3ea0c938de3939b977fae8019aed1f1f3c3bbd7740bd9e3edb79fae4e4f8746f1f54fb74f7e4e983fda74f1f3041f61f3ca3a11fa3d5de83fd077bf7ef3d7b78f0f0c1d3e37b070ff73fa5577679b2f60f8eef3d3d79f8f074e7d9f1fefefd27bb270ff78f1fec9d1e1c1fef3c78f6f4e4e981e0767cefc1f1a70f3e3dbd474c70f20074bdf7e9c9c37bcf9e3c7d48d81ddf3b79b4bbc3ed4e770085a691887f6f67ffde93bddd4f8f4f890d7677764e4f7776a4d767f7f61e3c3cc0fced3edddd23e2ef1e3fd939bdf760ffd9b3fdd3a73411dcebfd1de2b28707445d9af59d9da70fefed3dd9dd79f6e0c1ce83a7f71e1081f71f7d8a667bf79f12173d387e7a7c707fef539aa5e37b4f77ee1f3f7df0e9d327bbcfee9d1c0bb47b0f9f115bdddf7d787c4c63d8b9b7f3e4c1dec1c9d3fd07c476a7f7493a04dafef1ce93a7f7ef9dee3d3939b8777c40f3faf484467bbaf774679fa667e78039e9fef1f1c1bdfb44bafdbd7b3498a7c7a727bb274f9ede3b7876fcf0e19383837bfbd2e9c9c9cedefd877b3b9fee1e1f3c79f2e4d307c79f3eb9777fefc18383a73b4f764ef64518ee9feeec1eec3d3da5b9a46ef69e7d7afa941a1decd0ec9edc7bb0b3fbe021e3f6e9eea7f7ef9d7cbab7bb737cbc7f0a7ade3fb87fffd9c3dd67a7c46cbb4f3f954e3ffd94c4fefe83bd4f4976efdf7bb2fb70e7e0d9cef1c1c1ce3ea1797ff7e4e4190fe15312e77b3bc49c24a14f9fec11f10e769eeeec3edbf9f4d9431acaeec99e403bfdf4608726e8dee9934ff7ee11bbdedb2515421cb07f7fefd933424526ebc1fda7fb9f3e2079a676f74e0e9e3d3d7e7af0607feff8c9e92981223e7d28cd0e9e3dbb4703ff941875f75362d387344b0f487e3e7df8e9a70f4e8989a5d9c3fb9f3e257e3d21d2ed136bd3504e774f0e3092e3ddbda7f75466a8d9f1d327a70f8818d46ee753e292fd070f3edda7b6a41e483e65080f8e1feceddd7ff2e0c10308ca83879f3e7b7aef1931d5c393dd07a4609edcd74e9fec11294848f6eeedef3ea16190823b21f21cdfbf7f42b343c2cba2458a91067872f02971d6d3fb3b27c73488fbc70f9e3d7bf0f0945ec1481fa2d9b3e3a7cf1e7ebaf3ec788f7a2065425a6ef721a69e44e3841876873b3dd83f\"`"}},"sourceLanguage":"json"}}}],"properties":{"tags":["Implementation.Privacy.Token"],"DevSkimSeverity":"Important","DevSkimConfidence":"Medium"}}],"columnKind":"utf16CodeUnits"}]}

(Truncated to last 4000 characters out of 313712)

❌ REPOSITORY / grype - 64 errors

(7th)   < 0.1  
lodash                4.17.21    4.17.23   npm   GHSA-xxjr-mmjv-4gpg  Medium    < 0.1% (10th)  < 0.1  
lodash-es             4.17.21    4.17.23   npm   GHSA-xxjr-mmjv-4gpg  Medium    < 0.1% (10th)  < 0.1  
minimatch             9.0.5      9.0.7     npm   GHSA-23c5-xmqv-rm74  High      < 0.1% (7th)   < 0.1  
glob                  10.4.5     10.5.0    npm   GHSA-5j98-mcp5-4vw2  High      < 0.1% (7th)   < 0.1  
js-yaml               3.14.1     3.14.2    npm   GHSA-mh29-5h37-fv8m  Medium    < 0.1% (10th)  < 0.1  
js-yaml               4.1.0      4.1.1     npm   GHSA-mh29-5h37-fv8m  Medium    < 0.1% (10th)  < 0.1  
qs                    6.14.0     6.14.2    npm   GHSA-w7fw-mjwx-w883  Low       < 0.1% (15th)  < 0.1  
multer                2.0.2      2.1.0     npm   GHSA-v52c-386h-88mc  High      < 0.1% (5th)   < 0.1  
multer                2.0.2      2.1.0     npm   GHSA-xf7r-hgr6-v32p  High      < 0.1% (5th)   < 0.1  
undici                6.14.1     6.24.0    npm   GHSA-vrm6-8vpv-qv8q  High      < 0.1% (5th)   < 0.1  
undici                6.23.0     6.24.0    npm   GHSA-vrm6-8vpv-qv8q  High      < 0.1% (5th)   < 0.1  
undici                7.22.0     7.24.0    npm   GHSA-vrm6-8vpv-qv8q  High      < 0.1% (5th)   < 0.1  
lodash                4.17.21    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    < 0.1% (7th)   < 0.1  
lodash                4.17.23    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    < 0.1% (7th)   < 0.1  
lodash-es             4.17.21    4.18.0    npm   GHSA-f23m-r3pf-42rh  Medium    < 0.1% (7th)   < 0.1  
undici                6.14.1     6.21.2    npm   GHSA-cxrh-j4jr-qwg3  Low       < 0.1% (14th)  < 0.1  
picomatch             2.3.1      2.3.2     npm   GHSA-c2c7-rcm5-vvqj  High      < 0.1% (5th)   < 0.1  
picomatch             4.0.1      4.0.4     npm   GHSA-c2c7-rcm5-vvqj  High      < 0.1% (5th)   < 0.1  
brace-expansion       1.1.11     1.1.13    npm   GHSA-f886-m6hf-6m8v  Medium    < 0.1% (6th)   < 0.1  
brace-expansion       2.0.1      2.0.3     npm   GHSA-f886-m6hf-6m8v  Medium    < 0.1% (6th)   < 0.1  
brace-expansion       5.0.4      5.0.5     npm   GHSA-f886-m6hf-6m8v  Medium    < 0.1% (6th)   < 0.1  
undici                6.14.1     6.23.0    npm   GHSA-g9mf-h72j-4rw9  Medium    < 0.1% (6th)   < 0.1  
undici                7.22.0     7.24.0    npm   GHSA-phc3-fgpg-7m6h  Medium    < 0.1% (5th)   < 0.1  
undici                6.14.1     6.24.0    npm   GHSA-2mjp-6q6p-2qxm  Medium    < 0.1% (4th)   < 0.1  
undici                6.23.0     6.24.0    npm   GHSA-2mjp-6q6p-2qxm  Medium    < 0.1% (4th)   < 0.1  
undici                7.22.0     7.24.0    npm   GHSA-2mjp-6q6p-2qxm  Medium    < 0.1% (4th)   < 0.1  
serialize-javascript  6.0.1      7.0.5     npm   GHSA-qj8w-gfj5-8c6v  Medium    < 0.1% (5th)   < 0.1  
jws                   3.2.2      3.2.3     npm   GHSA-869p-cjfg-cm3x  High      < 0.1% (1st)   < 0.1  
ajv                   8.12.0     8.18.0    npm   GHSA-2g4f-4pwh-qvx6  Medium    < 0.1% (3rd)   < 0.1  
@nestjs/core          10.4.22    11.1.18   npm   GHSA-36xv-jgw5-4q75  Medium    < 0.1% (2nd)   < 0.1  
diff                  4.0.2      4.0.4     npm   GHSA-73rr-hh4g-fpgx  Low       < 0.1% (5th)   < 0.1  
undici                6.14.1     6.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    < 0.1% (1st)   < 0.1  
undici                6.23.0     6.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    < 0.1% (1st)   < 0.1  
undici                7.22.0     7.24.0    npm   GHSA-4992-7rv2-5pvq  Medium    < 0.1% (1st)   < 0.1  
webpack               5.97.1     5.104.0   npm   GHSA-38r7-794h-5758  Low       < 0.1% (1st)   < 0.1  
webpack               5.97.1     5.104.1   npm   GHSA-8fgc-7cc6-rx7x  Low       < 0.1% (1st)   < 0.1  
serialize-javascript  6.0.1      7.0.3     npm   GHSA-5c6j-r48x-rmvq  High      N/A            N/A    
follow-redirects      1.15.9     1.16.0    npm   GHSA-r4q5-vmmm-2653  Medium    N/A            N/A
[0056] ERROR discovered vulnerabilities at or above the severity threshold

(Truncated to last 4000 characters out of 6910)

❌ REPOSITORY / kingfisher - 1 error

Kingfisher 1.99.0 is up to date
 INFO kingfisher: Launching with 8 concurrent scan jobs. Use --num-jobs to override.
 INFO kingfisher::rule_loader: Loaded 921 rules
 INFO kingfisher::scanner::runner: Starting secret validation phase...
POSTGRES URL WITH HARDCODED PASSWORD => [KINGFISHER.POSTGRES.1]
 |Finding.......: [REDACTED:bbc62958]
 |Fingerprint...: 2034115162828868254
 |Confidence....: medium
 |Entropy.......: 3.87
 |Validation....: Inactive Credential
 |__Response....: Postgres connection failed.
 |Language......: YAML
 |Line Num......: 24
 |Path..........: ./.devcontainer/docker-compose.yml


==========================================
Scan Summary:
==========================================
 |Findings....................: 1
 |__Successful Validations....: 0
 |__Failed Validations........: 1
 |__Skipped Validations.......: 0
 |Rules Applied...............: 921
 |__Blobs Scanned.............: 225
 |Bytes Scanned...............: 7.94 MiB
 |Scan Duration...............: 148ms 99us 81ns
 |Scan Date...................: 2026-05-18 12:06:29 +00:00
 |Kingfisher Version..........: 1.99.0
 |__Latest Version............: 1.99.0

❌ SPELL / lychee - 1 error

📝 Summary
---------------------
🔍 Total............6
🔗 Unique...........4
✅ Successful.......1
⏳ Timeouts.........0
🔀 Redirected.......1
👻 Excluded.........4
❓ Unknown..........0
🚫 Errors...........1
⛔ Unsupported......1

Errors in pnpm-lock.yaml
[403] https://www.npmjs.com/support (at 2288:65) | Rejected status code: 403 Forbidden

Hint: Followed 1 redirect. You might want to consider replacing redirecting URLs with the resolved URLs. Use verbose mode (`-v`/`-vv`) to see redirection details.
Hint: You can configure accepted/rejected response codes with `-a` or `--accept`

❌ REPOSITORY / osv-scanner - 64 errors

| https://osv.dev/GHSA-3v7f-55p6-f55p | 5.3  | npm       | picomatch            | 4.0.1   | 4.0.4         | pnpm-lock.yaml |
| https://osv.dev/GHSA-c2c7-rcm5-vvqj | 7.5  | npm       | picomatch            | 4.0.1   | 4.0.4         | pnpm-lock.yaml |
| https://osv.dev/GHSA-6rw7-vpxm-498p | 6.3  | npm       | qs                   | 6.14.0  | 6.14.1        | pnpm-lock.yaml |
| https://osv.dev/GHSA-w7fw-mjwx-w883 | 3.7  | npm       | qs                   | 6.14.0  | 6.14.2        | pnpm-lock.yaml |
| https://osv.dev/GHSA-5c6j-r48x-rmvq | 8.1  | npm       | serialize-javascript | 6.0.1   | 7.0.3         | pnpm-lock.yaml |
| https://osv.dev/GHSA-76p7-773f-r4q5 | 5.4  | npm       | serialize-javascript | 6.0.1   | 6.0.2         | pnpm-lock.yaml |
| https://osv.dev/GHSA-qj8w-gfj5-8c6v | 5.9  | npm       | serialize-javascript | 6.0.1   | 7.0.5         | pnpm-lock.yaml |
| https://osv.dev/GHSA-52f5-9888-hmc6 | 2.5  | npm       | tmp                  | 0.0.33  | 0.2.4         | pnpm-lock.yaml |
| https://osv.dev/GHSA-2mjp-6q6p-2qxm | 6.5  | npm       | undici               | 6.14.1  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-3g92-w8c5-73pq | 2.0  | npm       | undici               | 6.14.1  | 6.19.2        | pnpm-lock.yaml |
| https://osv.dev/GHSA-4992-7rv2-5pvq | 4.6  | npm       | undici               | 6.14.1  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-c76h-2ccp-4975 | 6.8  | npm       | undici               | 6.14.1  | 6.21.1        | pnpm-lock.yaml |
| https://osv.dev/GHSA-cxrh-j4jr-qwg3 | 3.1  | npm       | undici               | 6.14.1  | 6.21.2        | pnpm-lock.yaml |
| https://osv.dev/GHSA-f269-vfmq-vjvj | 7.5  | npm       | undici               | 6.14.1  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-g9mf-h72j-4rw9 | 5.9  | npm       | undici               | 6.14.1  | 6.23.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-v9p9-hfj2-hcw8 | 7.5  | npm       | undici               | 6.14.1  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vrm6-8vpv-qv8q | 7.5  | npm       | undici               | 6.14.1  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-2mjp-6q6p-2qxm | 6.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-4992-7rv2-5pvq | 4.6  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-f269-vfmq-vjvj | 7.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-v9p9-hfj2-hcw8 | 7.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vrm6-8vpv-qv8q | 7.5  | npm       | undici               | 6.23.0  | 6.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-2mjp-6q6p-2qxm | 6.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-4992-7rv2-5pvq | 4.6  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-f269-vfmq-vjvj | 7.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-phc3-fgpg-7m6h | 5.9  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-v9p9-hfj2-hcw8 | 7.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-vrm6-8vpv-qv8q | 7.5  | npm       | undici               | 7.22.0  | 7.24.0        | pnpm-lock.yaml |
| https://osv.dev/GHSA-w5hq-g745-h8pq | 6.3  | npm       | uuid                 | 11.1.0  | 11.1.1        | pnpm-lock.yaml |
| https://osv.dev/GHSA-38r7-794h-5758 | 3.7  | npm       | webpack              | 5.97.1  | 5.104.0       | pnpm-lock.yaml |
| https://osv.dev/GHSA-8fgc-7cc6-rx7x | 3.7  | npm       | webpack              | 5.97.1  | 5.104.1       | pnpm-lock.yaml |
+-------------------------------------+------+-----------+----------------------+---------+---------------+----------------+

(Truncated to last 4000 characters out of 8871)

❌ REPOSITORY / secretlint - 1 error

.devcontainer/docker-compose.yml
  24:21  error  [PostgreSQLConnection] found PostgreSQL connection string: ****************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string

.github/workflows/ci.yml
  89:24  error  [PostgreSQLConnection] found PostgreSQL connection string: *************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string
  95:24  error  [PostgreSQLConnection] found PostgreSQL connection string: *************************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-database-connection-string

✖ 3 problems (3 errors, 0 warnings, 0 infos)

❌ YAML / yamllint - 4 errors

pnpm-lock.yaml
  1:1       warning  missing document start "---"  (document-start)
  37:501    error    line too long (545 > 500 characters)  (line-length)
  10170:501 error    line too long (537 > 500 characters)  (line-length)
  10305:501 error    line too long (584 > 500 characters)  (line-length)

⚠️ JSON / prettier - 1 error

[error] Cannot find package 'prettier-plugin-toml' imported from noop.js

⚠️ REPOSITORY / trivy - 1 error

│ https://avd.aquasec.com/nvd/cve-2026-22036                   │
│                 ├────────────────┼──────────┤        │                   ├─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2024-38372 │ LOW      │        │                   │ 6.19.2                                                  │ Undici vulnerable to data leak when using                    │
│                 │                │          │        │                   │                                                         │ response.arrayBuffer()                                       │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2024-38372                   │
│                 ├────────────────┤          │        │                   ├─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2025-47279 │          │        │                   │ 5.29.0, 6.21.2, 7.5.0                                   │ undici: Undici Memory Leak with Invalid Certificates         │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2025-47279                   │
├─────────────────┼────────────────┼──────────┤        ├───────────────────┼─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ uuid            │ CVE-2026-41907 │ MEDIUM   │        │ 11.1.0            │ 11.1.1, 12.0.1, 13.0.1                                  │ uuid: uuid: Out-of-bounds write vulnerability impacts data   │
│                 │                │          │        │                   │                                                         │ integrity and confidentiality                                │
│                 │                │          │        │                   │                                                         │ https://avd.aquasec.com/nvd/cve-2026-41907                   │
└─────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────────────────────────────────┴──────────────────────────────────────────────────────────────┘

.devcontainer/Dockerfile (dockerfile)
=====================================
Tests: 27 (SUCCESSES: 25, FAILURES: 2)
Failures: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

See https://avd.aquasec.com/misconfig/ds-0002
────────────────────────────────────────


DS-0026 (LOW): Add HEALTHCHECK instruction in your Dockerfile
════════════════════════════════════════
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.

See https://avd.aquasec.com/misconfig/ds-0026
────────────────────────────────────────



Dockerfile (dockerfile)
=======================
Tests: 27 (SUCCESSES: 26, FAILURES: 1)
Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

See https://avd.aquasec.com/misconfig/ds-0002
────────────────────────────────────────

(Truncated to last 4000 characters out of 27426)

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

Show us your support by starring ⭐ the repository

[kodiakhq]

This PR currently has a merge conflict. Please resolve this and then re-add the automerge label.