chore(deps): update dependency microsoft/vscode to v1.125.0 [ci-skip]

[renovate]

This PR contains the following updates:

Package	Update	Change
microsoft/vscode	minor	1.124.2 → 1.125.0

---

Release Notes

microsoft/vscode (microsoft/vscode)

v1.125.0

Compare Source

https://code.visualstudio.com/updates/v1_125

---

Configuration

📅 Schedule: (in timezone Europe/London)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[henry-pa-bot]

Super-linter summary

Language	Validation result
BIOME_FORMAT	Fail ❌
BIOME_LINT	Fail ❌
CHECKOV	Fail ❌
GITLEAKS	Pass ✅
GIT_MERGE_CONFLICT_MARKERS	Pass ✅
JSCPD	Fail ❌
PRE_COMMIT	Pass ✅
SPELL_CODESPELL	Pass ✅
TRIVY	Fail ❌
YAML	Fail ❌
YAML_PRETTIER	Fail ❌

Super-linter detected linting errors

For more information, see the GitHub Actions workflow run

Powered by Super-linter

BIOME_FORMAT

Checked 5 files in 20ms. No fixes applied.
Found 5 errors..vscode/extensions.json format ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  × Formatter would have printed the following content:

     1  1 │   {
     2    │ - ··"recommendations":·[
     3    │ - ····"mads-hartmann.bash-ide-vscode",
     4    │ - ····"timonwong.shellcheck",
     5    │ - ····"foxundermoon.shell-format",
     6    │ - ····"editorconfig.editorconfig",
     7    │ - ····"ms-kubernetes-tools.vscode-kubernetes-tools",
     8    │ - ····"tim-koehler.helm-intellisense"
     9    │ - ··]
    10    │ - }
        2 │ + → "recommendations":·[
        3 │ + → → "mads-hartmann.bash-ide-vscode",
        4 │ + → → "timonwong.shellcheck",
        5 │ + → → "foxundermoon.shell-format",
        6 │ + → → "editorconfig.editorconfig",
        7 │ + → → "ms-kubernetes-tools.vscode-kubernetes-tools",
        8 │ + → → "tim-koehler.helm-intellisense"
        9 │ + → ]
       10 │ + }
       11 │ +


.vscode/launch.json format ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  × Formatter would have printed the following content:

     1  1 │   {
     2    │ - ··"version":·"0.2.0",
     3    │ - ··"configurations":·[
     4    │ - ····{
     5    │ - ······"type":·"bashdb",
     6    │ - ······"request":·"launch",
     7    │ - ······"name":·"Bash-Debug·(simplest·configuration)",
     8    │ - ······"program":·"${file}"
     9    │ - ····}
    10    │ - ··]
    11    │ - }
        2 │ + → "version":·"0.2.0",
        3 │ + → "configurations":·[
        4 │ + → → {
        5 │ + → → → "type":·"bashdb",
        6 │ + → → → "request":·"launch",
        7 │ + → → → "name":·"Bash-Debug·(simplest·configuration)",
        8 │ + → → → "program":·"${file}"
        9 │ + → → }
       10 │ + → ]
       11 │ + }
       12 │ +


.vscode/settings.json format ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  × Formatter would have printed the following content:

    1   │ - {
    2   │ - }
      1 │ + {}
      2 │ +


home/dot_hyper.js format ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  × Formatter would have printed the following content:

      4   4 │   // See https://hyper.is#cfg for all currently supported options.
      5   5 │   module.exports = {
      6     │ - ····config:·{
      7     │ - ········//·choose·either·`'stable'`·for·receiving·highly·polished,
      8     │ - ········//·or·`'canary'`·for·less·polished·but·more·frequent·updates
      9     │ - ········updateChannel:·'stable',
     10     │ - ········//·default·font·size·in·pixels·for·all·tabs
     11     │ - ········fontSize:·12,
     12     │ - ········//·font·family·with·optional·fallbacks
     13     │ - ········fontFamily:·'FiraMono·Nerd·Font',
     14     │ - ········//·default·font·weight:·'normal'·or·'bold'
     15     │ - ········fontWeight:·'normal',
     16     │ - ········//·font·weight·for·bold·characters:·'normal'·or·'bold'
     17     │ - ········fontWeightBold:·'bold',
     18     │ - ········//·line·height·as·a·relative·unit
     19     │ - ········lineHeight:·1,
     20     │ - ········//·letter·spacing·as·a·relative·unit
     21     │ - ········letterSpacing:·0,
     22     │ - ········//·terminal·cursor·background·color·and·opacity·(hex,·rgb,·hsl,·hsv,·hwb·or·cmyk)
     23     │ - ········cursorColor:·'rgba(248,28,229,0.8)',
     24     │ - ········//·terminal·text·color·under·BLOCK·cursor
     25     │ - ········cursorAccentColor:·'#000',
     26     │ - ········//·`'BEAM'`·for·|,·`'UNDERLINE'`·for·_,·`'BLOCK'`·for·█
     27     │ - ········cursorShape:·'BLOCK',
     28     │ - ········//·set·to·`true`·(without·backticks·and·without·quotes)·for·blinking·cursor
     29     │ - ········cursorBlink:·false,
     30     │ - ········//·color·of·the·text
     31     │ - ········foregroundColor:·'#fff',
     32     │ - ········//·terminal·background·color
     33     │ - ········//·opacity·is·only·supported·on·macOS
     34     │ - ········backgroundColor:·'#000',
     35     │ - ········//·terminal·selection·color
     36     │ - ········selectionColor:·'rgba(248,28,229,0.3)',
     37     │ - ········//·border·color·(window,·tabs)
     38     │ - ········borderColor:·'#333',
     39     │ - ········//·custom·CSS·to·embed·in·the·main·window
     40     │ - ········css:·'',
     41     │ - ········//·custom·CSS·to·embed·in·the·terminal·window
     42     │ - ········termCSS:·'',
     43     │ - ········//·set·custom·startup·directory·(must·be·an·absolute·path)
     44     │ - ········workingDirectory:·'',
     45     │ - ········//·if·you're·using·a·Linux·setup·which·show·native·menus,·set·to·false
     46     │ - ········//·default:·`true`·on·Linux,·`true`·on·Windows,·ignored·on·macOS
     47     │ - ········showHamburgerMenu:·'',
     48     │ - ········//·set·to·`false`·(without·backticks·and·without·quotes)·if·you·want·to·hide·the·minimize,·maximize·and·close·buttons
     49     │ - ········//·additionally,·set·to·`'left'`·if·you·want·them·on·the·left,·like·in·Ubuntu
     50     │ - ········//·default:·`true`·(without·backticks·and·without·quotes)·on·Windows·and·Linux,·ignored·on·macOS
     51     │ - ········showWindowControls:·'',
     52     │ - ········//·custom·padding·(CSS·format,·i.e.:·`top·right·bottom·left`)
     53     │ - ········padding:·'12px·14px',
     54     │ - ········//·the·full·list.·if·you're·going·to·provide·the·full·color·palette,
     55     │ - ········//·including·the·6·x·6·color·cubes·and·the·grayscale·map,·just·provide
     56     │ - ········//·an·array·here·instead·of·a·color·map·object
     57     │ - ········colors:·{
     58     │ - ············black:·'#000000',
     59     │ - ············red:·'#C51E14',
     60     │ - ············green:·'#1DC121',
     61     │ - ············yellow:·'#C7C329',
     62     │ - ············blue:·'#0A2FC4',
     63     │ - ············magenta:·'#C839C5',
     64     │ - ············cyan:·'#20C5C6',
     65     │ - ············white:·'#C7C7C7',
     66     │ - ············lightBlack:·'#686868',
     67     │ - ············lightRed:·'#FD6F6B',
     68     │ - ············lightGreen:·'#67F86F',
     69     │ - ············lightYellow:·'#FFFA72',
     70     │ - ············lightBlue:·'#6A76FB',
     71     │ - ············lightMagenta:·'#FD7CFC',
     72     │ - ············lightCyan:·'#68FDFE',
     73     │ - ············lightWhite:·'#FFFFFF',
     74     │ - ············limeGreen:·'#32CD32',
     75     │ - ············lightCoral:·'#F08080',
     76     │ - ········},
     77     │ - ········//·the·shell·to·run·when·spawning·a·new·session·(i.e.·/usr/local/bin/fish)
     78     │ - ········//·if·left·empty,·your·system's·login·shell·will·be·used·by·default
     79     │ - ········//
     80     │ - ········//·Windows
     81     │ - ········//·-·Make·sure·to·use·a·full·path·if·the·binary·name·doesn't·work
     82     │ - ········//·-·Remove·`--login`·in·shellArgs
     83     │ - ········//
     84     │ - ········//·Windows·Subsystem·for·Linux·(WSL)·-·previously·Bash·on·Windows
     85     │ - ········//·-·Example:·`C:\\Windows\\System32\\wsl.exe`
     86     │ - ········//
     87     │ - ········//·Git-bash·on·Windows
     88     │ - ········//·-·Example:·`C:\\Program·Files\\Git\\bin\\bash.exe`
     89     │ - ········//
     90     │ - ········//·PowerShell·on·Windows
     91     │ - ········//·-·Example:·`C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\powershell.exe`
     92     │ - ········//
     93     │ - ········//·Cygwin
     94     │ - ········//·-·Example:·`C:\\cygwin64\\bin\\bash.exe`
     95     │ - ········shell:·'zsh',
     96     │ - ········//·for·setting·shell·arguments·(i.e.·for·using·interactive·shellArgs:·`['-i']`)
     97     │ - ········//·by·default·`['--login']`·will·be·used
     98     │ - ········shellArgs:·['--login'],
     99     │ - ········//·for·environment·variables
    100     │ - ········env:·{},
    101     │ - ········//·Supported·Options:
    102     │ - ········//··1.·'SOUND'·->·Enables·the·bell·as·a·sound
    103     │ - ········//··2.·false:·turns·off·the·bell
    104     │ - ········bell:·'SOUND',
    105     │ - ········//·An·absolute·file·path·to·a·sound·file·on·the·machine.
    106     │ - ········//·bellSoundURL:·'/path/to/sound/file',
    107     │ - ········//·if·`true`·(without·backticks·and·without·quotes),·selected·text·will·automatically·be·copied·to·the·clipboard
    108     │ - ········copyOnSelect:·false,
    109     │ - ········//·if·`true`·(without·backticks·and·without·quotes),·hyper·will·be·set·as·the·default·protocol·client·for·SSH
    110     │ - ········defaultSSHApp:·true,
    111     │ - ········//·if·`true`·(without·backticks·and·without·quotes),·on·right·click·selected·text·will·be·copied·or·pasted·if·no
    112     │ - ········//·selection·is·present·(`true`·by·default·on·Windows·and·disables·the·context·menu·feature)
    113     │ - ········quickEdit:·false,
    114     │ - ········//·choose·either·`'vertical'`,·if·you·want·the·column·mode·when·Option·key·is·hold·during·selection·(Default)
    115     │ - ········//·or·`'force'`,·if·you·want·to·force·selection·regardless·of·whether·the·terminal·is·in·mouse·events·mode
    116     │ - ········//·(inside·tmux·or·vim·with·mouse·mode·enabled·for·example).
    117     │ - ········macOptionSelectionMode:·'vertical',
    118     │ - ········//·Whether·to·use·the·WebGL·renderer.·Set·it·to·false·to·use·canvas-based
    119     │ - ········//·rendering·(slower,·but·supports·transparent·backgrounds)
    120     │ - ········webGLRenderer:·true,
    121     │ - ········//·keypress·required·for·weblink·activation:·[ctrl|alt|meta|shift]
    122     │ - ········//·todo:·does·not·pick·up·config·changes·automatically,·need·to·restart·terminal·:/
    123     │ - ········webLinksActivationKey:·'',
    124     │ - ········//·if·`false`·(without·backticks·and·without·quotes),·Hyper·will·use·ligatures·provided·by·some·fonts
    125     │ - ········disableLigatures:·true,
    126     │ - ········//·set·to·true·to·disable·auto·updates
    127     │ - ········disableAutoUpdates:·false,
    128     │ - ········//·set·to·true·to·enable·screen·reading·apps·(like·NVDA)·to·read·the·contents·of·the·terminal
    129     │ - ········screenReaderMode:·false,
    130     │ - ········//·set·to·true·to·preserve·working·directory·when·creating·splits·or·tabs
    131     │ - ········preserveCWD:·true,
    132     │ - ········//·for·advanced·config·flags·please·refer·to·https://hyper.is/#cfg
    133     │ - ····},
    134     │ - ····//·a·list·of·plugins·to·fetch·and·install·from·npm
    135     │ - ····//·format:·[@org/]project[#version]
    136     │ - ····//·examples:
    137     │ - ····//···`hyperpower`
    138     │ - ····//···`@company/project`
    139     │ - ····//···`project#1.0.1`
    140     │ - ····plugins:·[],
    141     │ - ····//·in·development,·you·can·create·a·directory·under
    142     │ - ····//·`~/.hyper_plugins/local/`·and·include·it·here
    143     │ - ····//·to·load·it·and·avoid·it·being·`npm·install`ed
    144     │ - ····localPlugins:·[],
    145     │ - ····keymaps:·{
    146     │ - ········//·Example
    147     │ - ········//·'window:devtools':·'cmd+alt+o',
    148     │ - ····},
          6 │ + → config:·{
          7 │ + → → //·choose·either·`'stable'`·for·receiving·highly·polished,
          8 │ + → → //·or·`'canary'`·for·less·polished·but·more·frequent·updates
          9 │ + → → updateChannel:·"stable",
         10 │ + → → //·default·font·size·in·pixels·for·all·tabs
  142 more lines truncated


tests/renovate-bot/local-config.js format ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  × Formatter would have printed the following content:

    1 1 │   module.exports = {
    2   │ - ··platform:·'github',
    3   │ - ··repositories:·['kitos9112/dotfiles'],
    4   │ - ··includeForks:·true,
    5   │ - ··onboarding:·false,
    6   │ - ··requireConfig:·'optional',
    7   │ - ··gitAuthor:·'henry-pa-bot·<166536+henry-bot[bot]@users.noreply.github.com>',
      2 │ + → platform:·"github",
      3 │ + → repositories:·["kitos9112/dotfiles"],
      4 │ + → includeForks:·true,
      5 │ + → onboarding:·false,
      6 │ + → requireConfig:·"optional",
      7 │ + → gitAuthor:·"henry-pa-bot·<166536+henry-bot[bot]@users.noreply.github.com>",
    8 8 │   };
    9 9 │


format ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  × Some errors were emitted while running checks.

BIOME_LINT

Checked 5 files in 24ms. No fixes applied.
Found 1 warning.home/dot_hyper.js:1:1 lint/suspicious/noRedundantUseStrict  FIXABLE  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  ! Redundant use strict directive.

  > 1 │ "use strict";
      │ ^^^^^^^^^^^^^
    2 │ // Future versions of Hyper may add additional config options,
    3 │ // which will not automatically be merged into this file.

  i The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.

  i Safe fix: Remove the redundant use strict directive.

    1 │ "use·strict";
      │ -------------

lint ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  × Some warnings were emitted while running checks.

CHECKOV

dockerfile scan results:

Passed checks: 250, Failed checks: 6, Skipped checks: 0

Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
	FAILED for resource: /tests/ubuntu-24.04/Dockerfile.
	File: /tests/ubuntu-24.04/Dockerfile:1-23
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images

		1  | FROM ubuntu:24.04
		2  |
		3  | ENV GIT_REPO=https://github.com/kitos9112/dotfiles.git
		4  | ENV DEBIAN_FRONTEND=noninteractive
		5  |
		6  | RUN apt-get update && \
		7  |     DEBIAN_FRONTEND=noninteractive apt-get install -y \
		8  |     curl \
		9  |     iproute2 \
		10 |     file \
		11 |     git \
		12 |     sudo
		13 |
		14 | RUN useradd -m -s /bin/sh -d /home/docker-qa docker-qa  && \
		15 |     echo "docker-qa ALL=NOPASSWD: ALL" >> /etc/sudoers
		16 |
		17 | USER docker-qa
		18 |
		19 | COPY --chown=docker-qa:docker-qa ./ /home/docker-qa/.dotfiles
		20 |
		21 | WORKDIR /home/docker-qa
		22 |
		23 | RUN DOTFILES_TEST=true DOTFILES_VERBOSE=true DOTFILES_NO_TTY=true DOTFILES_CHEZMOI_EXCLUDE=scripts .dotfiles/install
Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
	FAILED for resource: /tests/ubuntu-25.10/Dockerfile.
	File: /tests/ubuntu-25.10/Dockerfile:1-23
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images

		1  | FROM ubuntu:25.10
		2  |
		3  | ENV GIT_REPO=https://github.com/kitos9112/dotfiles.git
		4  | ENV DEBIAN_FRONTEND=noninteractive
		5  |
		6  | RUN apt-get update && \
		7  |     DEBIAN_FRONTEND=noninteractive apt-get install -y \
		8  |     curl \
		9  |     file \
		10 |     git \
		11 |     iproute2 \
		12 |     sudo
		13 |
		14 | RUN useradd -m -s /bin/sh -d /home/docker-qa docker-qa  && \
		15 |     echo "docker-qa ALL=NOPASSWD: ALL" >> /etc/sudoers
		16 |
		17 | USER docker-qa
		18 |
		19 | COPY --chown=docker-qa:docker-qa ./ /home/docker-qa/.dotfiles
		20 |
		21 | WORKDIR /home/docker-qa
		22 |
		23 | RUN DOTFILES_TEST=true DOTFILES_VERBOSE=true DOTFILES_NO_TTY=true DOTFILES_CHEZMOI_EXCLUDE=scripts .dotfiles/install
Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
	FAILED for resource: /tests/almalinux-9/Dockerfile.
	File: /tests/almalinux-9/Dockerfile:1-22
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images

		1  | FROM almalinux:9
		2  |
		3  | RUN dnf install -y \
		4  |     curl-minimal \
		5  |     findutils \
		6  |     sed \
		7  |     sudo \
		8  |     util-linux \
		9  |     util-linux-user \
		10 |     which && \
		11 |     dnf clean all
		12 |
		13 | RUN useradd -m -s /bin/sh -d /home/docker-qa docker-qa && \
		14 |     echo "docker-qa ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
		15 |
		16 | USER docker-qa
		17 |
		18 | COPY ./ /home/docker-qa/.dotfiles
		19 |
		20 | WORKDIR /home/docker-qa
		21 |
		22 | RUN DOTFILES_TEST=true DOTFILES_VERBOSE=true DOTFILES_NO_TTY=true DOTFILES_CHEZMOI_EXCLUDE=scripts .dotfiles/install
Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
	FAILED for resource: /tests/almalinux-10/Dockerfile.
	File: /tests/almalinux-10/Dockerfile:1-22
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images

		1  | FROM almalinux:10
		2  |
		3  | RUN dnf install -y \
		4  |     curl-minimal \
		5  |     findutils \
		6  |     sed \
		7  |     sudo \
		8  |     util-linux \
		9  |     util-linux-user \
		10 |     which && \
		11 |     dnf clean all
		12 |
		13 | RUN useradd -m -s /bin/sh -d /home/docker-qa docker-qa && \
		14 |     echo "docker-qa ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
		15 |
		16 | USER docker-qa
		17 |
		18 | COPY ./ /home/docker-qa/.dotfiles
		19 |
		20 | WORKDIR /home/docker-qa
		21 |
		22 | RUN DOTFILES_TEST=true DOTFILES_VERBOSE=true DOTFILES_NO_TTY=true DOTFILES_CHEZMOI_EXCLUDE=scripts .dotfiles/install
Check: CKV2_DOCKER_1: "Ensure that sudo isn't used"
	FAILED for resource: /tests/almalinux-9/Dockerfile.RUN
	File: /tests/almalinux-9/Dockerfile:3-11
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo

		3  | RUN dnf install -y \
		4  |     curl-minimal \
		5  |     findutils \
		6  |     sed \
		7  |     sudo \
		8  |     util-linux \
		9  |     util-linux-user \
		10 |     which && \
		11 |     dnf clean all

Check: CKV2_DOCKER_1: "Ensure that sudo isn't used"
	FAILED for resource: /tests/almalinux-10/Dockerfile.RUN
	File: /tests/almalinux-10/Dockerfile:3-11
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo

		3  | RUN dnf install -y \
		4  |     curl-minimal \
		5  |     findutils \
		6  |     sed \
		7  |     sudo \
		8  |     util-linux \
		9  |     util-linux-user \
		10 |     which && \
		11 |     dnf clean all

github_actions scan results:

Passed checks: 95, Failed checks: 5, Skipped checks: 0

Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
	FAILED for resource: on(Schedule/Push - Renovate)
	File: /.github/workflows/renovate.yaml:7-16

		7  |       dryRun:
		8  |         description: "Dry-Run"
		9  |         default: "true"
		10 |         required: false
		11 |       logLevel:
		12 |         description: "Log-Level"
		13 |         default: "debug"
		14 |         required: false
		15 |   schedule:
		16 |     - cron: "*/10 * * * *"

Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Create GH issues based on TODO comments)
	File: /.github/workflows/todo2github-issues.yaml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(lint YAML and Shell)
	File: /.github/workflows/linters.yaml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Acceptance Tests)
	File: /.github/workflows/acceptance-tests.yaml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Schedule/Push - Renovate)
	File: /.github/workflows/renovate.yaml:0-1

JSCPD

Clone found (markdown):
 - /github/workspace/docs/superpowers/plans/2026-04-30-dotfiles-maintenance-normalization.md [855:1 - 869:10] (14 lines, 71 tokens)
   /github/workspace/docs/superpowers/plans/2026-04-30-dotfiles-maintenance-normalization.md [775:1 - 788:5]

Clone found (markdown):
 - /github/workspace/README.md [49:1 - 66:17] (17 lines, 172 tokens)
   /github/workspace/docs/superpowers/plans/2026-04-30-dotfiles-maintenance-normalization.md [745:1 - 759:4]

Clone found (markdown):
 - /github/workspace/README.md [116:1 - 140:3] (24 lines, 125 tokens)
   /github/workspace/docs/superpowers/plans/2026-04-30-dotfiles-maintenance-normalization.md [767:1 - 788:5]

Clone found (markdown):
 - /github/workspace/docs/superpowers/plans/2026-04-30-dotfiles-maintenance-normalization.md [855:1 - 869:10] (14 lines, 71 tokens)
   /github/workspace/docs/superpowers/plans/2026-04-30-dotfiles-maintenance-normalization.md [775:1 - 788:5]

 855 │ 775 │ {tmp_home}/.local/share" \
 856 │ 776 │ XDG_STATE_HOME="${tmp_home}/.local/state" \
 857 │ 777 │ XDG_CACHE_HOME="${tmp_home}/.cache" \
 858 │ 778 │ DOTFILES_TEST=true \
 859 │ 779 │ chezmoi init --apply --source "$(pwd)" --exclude scripts --no-tty
 860 │ 780 │
 861 │ 781 │ HOME="${tmp_home}" \
 862 │ 782 │ XDG_CONFIG_HOME="${tmp_home}/.config" \
 863 │ 783 │ XDG_DATA_HOME="${tmp_home}/.local/share" \
 864 │ 784 │ XDG_STATE_HOME="${tmp_home}/.local/state" \
 865 │ 785 │ XDG

Clone found (markdown):
 - /github/workspace/README.md [49:1 - 66:17] (17 lines, 172 tokens)
   /github/workspace/docs/superpowers/plans/2026-04-30-dotfiles-maintenance-normalization.md [745:1 - 759:4]

 49 │ 745 │  with `chezmoi`
 50 │ 746 │
 51 │ 747 │ Leveraging off-the-shelf `Chezmoi` capabilities
 52 │ 748 │
 53 │ 749 │ ```bash
 54 │ 750 │ chezmoi init --apply --verbose https://github.com/kitos9112/dotfiles.git
 55 │ 751 │ ```
 56 │ 752 │
 57 │ 753 │ ### Installer controls
 58 │ 754 │
 59 │ 755 │ The root `install` script accepts environment variables for test and recovery
 60 │ 756 │ flows:
 61 │ 757 │
 62 │ 758 │ - `DOTFILES_SOURCE` uses a local source checkout instead of the remote repo.
 63 │ 759 │ - `DOTFILES_REPO` overrides the remote chezmoi repository.
 64 │ 760 │ - `DOTFILES_ONE_SHOT=true` passes `--one-shot` instead of `--apply`.
 65 │ 761 │ - `DOTFILES_CHEZMOI_INCLUDE` and `DOTFILES_CHEZMOI_EXCLUDE` pass include and
 66 │ 762 │   exclude filters to chezmoi.
 67 │ 763 │ - `DOTFILES_NO_TTY=true` passes `--no-tty`.
 68 │ 764 │ - `DOTFILES_VERBOSE=true` passes `--verbose`.
 69 │ 765 │ - `DOTFILES_DEBUG=true` passes `--debug`.
 70 │ 766 │ - `DOTFILES_RETRY_COUNT` and `DOTFILES_RETRY_DELAY` contro

Clone found (markdown):
 - /github/workspace/README.md [116:1 - 140:3] (24 lines, 125 tokens)
   /github/workspace/docs/superpowers/plans/2026-04-30-dotfiles-maintenance-normalization.md [767:1 - 788:5]

 116 │ 767 │ IG_HOME="${tmp_home}/.config" \
 117 │ 768 │ XDG_DATA_HOME="${tmp_home}/.local/share" \
 118 │ 769 │ XDG_STATE_HOME="${tmp_home}/.local/state" \
 119 │ 770 │ XDG_CACHE_HOME="${tmp_home}/.cache" \
 120 │ 771 │ DOTFILES_TEST=true chezmoi init --apply --source "$(pwd)" --exclude scripts --no-tty
 121 │ 772 │ ```
 122 │ 773 │
 123 │ 774 │ To validate hooks locally through `uv`, run:
 124 │ 775 │
 125 │ 776 │ ```bash
 126 │ 777 │ uvx pre-commit run --all-files
 127 │ 778 │ ```
 128 │ 779 │
 129 │ 780 │ To validate the root installer path locally without running mutating scripts:
 130 │ 781 │
 131 │ 782 │ ```bash
 132 │ 783 │ tmp_home="$(mktemp -d)"
 133 │ 784 │ HOME="${tmp_home}" \
 134 │ 785 │ XDG_CONFIG_HOME="${tmp_home}/.config" \
 135 │ 786 │ XDG

Found 3 clones.
Error: ERROR: jscpd found too many duplicates (1.96%) over threshold (0%)
    at ThresholdReporter.report (/node_modules/@jscpd/finder/dist/index.js:615:13)
    at /node_modules/@jscpd/finder/dist/index.js:109:18
    at Array.forEach (<anonymous>)
    at /node_modules/@jscpd/finder/dist/index.js:108:22
    at async /node_modules/jscpd/dist/bin/jscpd.js:9:5ERROR: jscpd found too many duplicates (1.96%) over threshold (0%)

TRIVY

Report Summary

┌───────────────────────────────┬────────────┬─────────────────┬───────────────────┬─────────┐
│            Target             │    Type    │ Vulnerabilities │ Misconfigurations │ Secrets │
├───────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ tests/almalinux-10/Dockerfile │ dockerfile │        -        │         1         │    -    │
├───────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ tests/almalinux-9/Dockerfile  │ dockerfile │        -        │         1         │    -    │
├───────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ tests/ubuntu-24.04/Dockerfile │ dockerfile │        -        │         2         │    -    │
├───────────────────────────────┼────────────┼─────────────────┼───────────────────┼─────────┤
│ tests/ubuntu-25.10/Dockerfile │ dockerfile │        -        │         2         │    -    │
└───────────────────────────────┴────────────┴─────────────────┴───────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


tests/almalinux-10/Dockerfile (dockerfile)
==========================================
Tests: 27 (SUCCESSES: 26, FAILURES: 1)
Failures: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

DS-0026 (LOW): Add HEALTHCHECK instruction in your Dockerfile
════════════════════════════════════════
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.

See https://avd.aquasec.com/misconfig/ds-0026
────────────────────────────────────────



tests/almalinux-9/Dockerfile (dockerfile)
=========================================
Tests: 27 (SUCCESSES: 26, FAILURES: 1)
Failures: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

DS-0026 (LOW): Add HEALTHCHECK instruction in your Dockerfile
════════════════════════════════════════
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.

See https://avd.aquasec.com/misconfig/ds-0026
────────────────────────────────────────



tests/ubuntu-24.04/Dockerfile (dockerfile)
==========================================
Tests: 27 (SUCCESSES: 25, FAILURES: 2)
Failures: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

DS-0026 (LOW): Add HEALTHCHECK instruction in your Dockerfile
════════════════════════════════════════
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.

See https://avd.aquasec.com/misconfig/ds-0026
────────────────────────────────────────


DS-0029 (HIGH): '--no-install-recommends' flag is missed: 'apt-get update &&     DEBIAN_FRONTEND=noninteractive apt-get install -y     curl     iproute2     file     git     sudo'
════════════════════════════════════════
'apt-get' install should use '--no-install-recommends' to minimize image size.

See https://avd.aquasec.com/misconfig/ds-0029
────────────────────────────────────────
 tests/ubuntu-24.04/Dockerfile:6-12
────────────────────────────────────────
   6 ┌ RUN apt-get update && \
   7 │     DEBIAN_FRONTEND=noninteractive apt-get install -y \
   8 │     curl \
   9 │     iproute2 \
  10 │     file \
  11 │     git \
  12 └     sudo
────────────────────────────────────────



tests/ubuntu-25.10/Dockerfile (dockerfile)
==========================================
Tests: 27 (SUCCESSES: 25, FAILURES: 2)
Failures: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

DS-0026 (LOW): Add HEALTHCHECK instruction in your Dockerfile
════════════════════════════════════════
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.

See https://avd.aquasec.com/misconfig/ds-0026
────────────────────────────────────────


DS-0029 (HIGH): '--no-install-recommends' flag is missed: 'apt-get update &&     DEBIAN_FRONTEND=noninteractive apt-get install -y     curl     file     git     iproute2     sudo'
════════════════════════════════════════
'apt-get' install should use '--no-install-recommends' to minimize image size.

See https://avd.aquasec.com/misconfig/ds-0029
────────────────────────────────────────
 tests/ubuntu-25.10/Dockerfile:6-12
────────────────────────────────────────
   6 ┌ RUN apt-get update && \
   7 │     DEBIAN_FRONTEND=noninteractive apt-get install -y \
   8 │     curl \
   9 │     file \
  10 │     git \
  11 │     iproute2 \
  12 └     sudo
────────────────────────────────────────

YAML

/github/workspace/home/.chezmoiexternal.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/home/.chezmoiexternal.yaml:1:3: [error] syntax error: expected the node content, but found '-' (syntax)

YAML_PRETTIER

Checking formatting...
Error occurred when checking code style in the above file.[�[31merror�[39m] home/.chezmoiexternal.yaml: SyntaxError: Document contains trailing content not separated by a ... or --- line (2:1)
[�[31merror�[39m] �[0m �[90m 1 |�[39m {{�[33m-�[39m �[90m/* "chezmoi" is present as work around for https://github.com/twpayne/chezmoi/discussions/1724 */�[39m �[33m-�[39m}}
[�[31merror�[39m] �[31m�[1m>�[22m�[39m�[90m 2 |�[39m {{�[33m-�[39m $cache �[33m:�[39m�[33m=�[39m dict �[32m"chezmoi"�[39m �[33m.�[39mchezmoi �[33m-�[39m}}
[�[31merror�[39m]  �[90m   |�[39m �[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m�[31m�[1m^�[22m�[39m
[�[31merror�[39m]  �[90m 3 |�[39m {{�[33m-�[39m $arch �[33m:�[39m�[33m=�[39m includeTemplate �[32m"map-architectures"�[39m �[33m.�[39m �[33m-�[39m}}
[�[31merror�[39m]  �[90m 4 |�[39m {{�[33m-�[39m $platform �[33m:�[39m�[33m=�[39m includeTemplate �[32m"map-platforms"�[39m �[33m.�[39m �[33m-�[39m}}
[�[31merror�[39m]  �[90m 5 |�[39m {{�[33m-�[39m $vscodeVersion �[33m:�[39m�[33m=�[39m �[32m"1.125.0"�[39m �[33m-�[39m}}�[0m