deps(deps): update ansible/ansible-lint action to v25.4.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
ansible/ansible-lint	action	minor	v25.1.3 -> v25.4.0

---

Release Notes

ansible/ansible-lint (ansible/ansible-lint)

v25.4.0

Compare Source

Bugfixes

• Fix type issue affecting builds (#​4595) @​ssbarnea
• chore(schema): Add Fedora:42 to schema (#​4583) @​andrewrothstein
• Package Latest: Use DNF for Examples (#​4576) @​amayer5125
• chore(schema): add missing ubuntu codenames (#​4572) @​uberjew666

v25.2.1

Compare Source

Bugfixes

• Finish support for data tagging from ansible 2.19 (#​4571) @​ssbarnea

v25.2.0

Compare Source

Enhancements

• Refactor line number identification (#​4564) @​ssbarnea
• Require ansible-core 2.16.11 (#​4569) @​ssbarnea

Bugfixes

• Improve testing and code coverage (#​4561) @​ssbarnea
• Refactor types for future ansible-core compatibility (#​4557) @​ssbarnea
• Isolate ansible internal types to submodule (#​4556) @​ssbarnea
• Add line method to Task class (#​4554) @​ssbarnea
• Move task_to_str to Task class (#​4553) @​ssbarnea
• Add 2025 to WindowsPlatformModel (#​4531) @​rsdoherty

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.033% EPSS Percentile 6th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.073% EPSS Percentile 19th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.203% EPSS Percentile 40th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.123% EPSS Percentile 28th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.090% EPSS Percentile 23rd percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.055% EPSS Percentile 14th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.033% EPSS Percentile 6th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.073% EPSS Percentile 19th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.203% EPSS Percentile 40th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.123% EPSS Percentile 28th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.055% EPSS Percentile 14th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.090% EPSS Percentile 23rd percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.038% EPSS Percentile 8th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.083% EPSS Percentile 22nd percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.203% EPSS Percentile 40th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.123% EPSS Percentile 29th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.090% EPSS Percentile 23rd percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.055% EPSS Percentile 14th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:3c2d380153442abef80c4a7bd144af682eb264b748e1bea93b7d3f76ca7e0d62
vulnerabilities
platform	linux/amd64
size	104 MB
packages	244

📦 Base Image alpine:3

also known as	3.21 3.21.3 latest
digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/[email protected] Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.038% EPSS Percentile 8th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.083% EPSS Percentile 22nd percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.203% EPSS Percentile 40th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.123% EPSS Percentile 29th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

golang.org/x/crypto 0.31.0 (golang) pkg:golang/golang.org/x/[email protected] Affected range <0.35.0 Fixed version 0.35.0 EPSS Score 0.090% EPSS Percentile 23rd percentile Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/golang-jwt/jwt/v5 5.2.1 (golang) pkg:golang/github.com/golang-jwt/[email protected]#v5 Asymmetric Resource Consumption (Amplification) Affected range >=5.0.0-rc.1 <5.2.2 Fixed version 5.2.2 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.055% EPSS Percentile 14th percentile Description Summary Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification) Details See parse.ParseUnverified Impact Excessive memory allocation

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	1 month ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/nginx:latest

📦 Image Reference wayofdev/nginx:latest

digest	sha256:90195a0f6323cc4c0c1763446d313d39d6e257b527a48a43cbcd7cfd9a505dc6
vulnerabilities
platform	linux/amd64
size	26 MB
packages	83

📦 Base Image nginx:1-alpine

also known as	1-alpine3.21 1.27-alpine 1.27-alpine3.21 1.27.5-alpine 1.27.5-alpine3.21 alpine alpine3.21 mainline-alpine mainline-alpine3.21
digest	sha256:62223d644fa234c3a1cc785ee14242ec47a77364226f1c811d2f669f96dc2ac8
vulnerabilities

[github-actions]

Outdated

Recommended fixes for image wayofdev/nginx:latest

Base image is nginx:1-alpine

Name	1.27.5-alpine
Digest	sha256:62223d644fa234c3a1cc785ee14242ec47a77364226f1c811d2f669f96dc2ac8
Vulnerabilities
Pushed	1 week ago
Size	21 MB
Packages	83
Flavor	alpine
Runtime	1.27.5

The base image is also available under the supported tag(s): 1-alpine3.21, 1.27-alpine, 1.27-alpine3.21, 1.27.5-alpine, 1.27.5-alpine3.21, alpine, alpine3.21, mainline-alpine, mainline-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
1-alpine-slim Minor runtime version update Also known as: 1.27.5-alpine-slim 1.27-alpine-slim alpine3.21-slim 1-alpine3.21-slim mainline-alpine-slim 1.27-alpine3.21-slim 1.27.5-alpine3.21-slim mainline-alpine3.21-slim	Benefits: Same OS detected Minor runtime version update Image is smaller by 15 MB Image contains 58 fewer packages Image has same number of vulnerabilities Tag is using slim variant 1-alpine-slim was pulled 215K times last month Image details: Size: 5.4 MB Flavor: alpine Runtime: 1.27.5	1 week ago
1.28-alpine Minor runtime version update Also known as: 1.28.0-alpine stable-alpine 1.28-alpine3.21 stable-alpine3.21 1.28.0-alpine3.21	Benefits: Same OS detected Minor runtime version update Image is smaller by 135 B Tag was pushed more recently Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 21 MB Flavor: alpine Runtime: 1.28.0	4 days ago

[github-actions]

🔍 Vulnerabilities of wayofdev/nginx:latest

📦 Image Reference wayofdev/nginx:latest

digest	sha256:79196656d50812c8ab648241ac7682e14c0747fcb8ef51d342210874bb6bec5e
vulnerabilities
platform	linux/amd64
size	26 MB
packages	83

📦 Base Image nginx:1-alpine

also known as	1-alpine3.21 1.27-alpine 1.27-alpine3.21 1.27.5-alpine 1.27.5-alpine3.21 alpine alpine3.21 mainline-alpine mainline-alpine3.21
digest	sha256:62223d644fa234c3a1cc785ee14242ec47a77364226f1c811d2f669f96dc2ac8
vulnerabilities

[github-actions]

Recommended fixes for image wayofdev/nginx:latest

Base image is nginx:1-alpine

Name	1.27.5-alpine
Digest	sha256:62223d644fa234c3a1cc785ee14242ec47a77364226f1c811d2f669f96dc2ac8
Vulnerabilities
Pushed	1 week ago
Size	21 MB
Packages	83
Flavor	alpine
Runtime	1.27.5

The base image is also available under the supported tag(s): 1-alpine3.21, 1.27-alpine, 1.27-alpine3.21, 1.27.5-alpine, 1.27.5-alpine3.21, alpine, alpine3.21, mainline-alpine, mainline-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
1-alpine-slim Minor runtime version update Also known as: 1.27.5-alpine-slim 1.27-alpine-slim alpine3.21-slim 1-alpine3.21-slim mainline-alpine-slim 1.27-alpine3.21-slim 1.27.5-alpine3.21-slim mainline-alpine3.21-slim	Benefits: Same OS detected Minor runtime version update Image is smaller by 15 MB Image contains 58 fewer packages Image has same number of vulnerabilities Tag is using slim variant 1-alpine-slim was pulled 215K times last month Image details: Size: 5.4 MB Flavor: alpine Runtime: 1.27.5	1 week ago
1.28-alpine Minor runtime version update Also known as: 1.28.0-alpine stable-alpine 1.28-alpine3.21 stable-alpine3.21 1.28.0-alpine3.21	Benefits: Same OS detected Minor runtime version update Image is smaller by 135 B Tag was pushed more recently Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 21 MB Flavor: alpine Runtime: 1.28.0	4 days ago