Bump project-ncl/shared-github-actions/.github/workflows/validate-gh-action.yml from 0.0.16 to 0.0.18 by dependabot[bot] · Pull Request #328 · project-ncl/reqour

dependabot · 2026-05-13T00:47:54Z

Bumps project-ncl/shared-github-actions/.github/workflows/validate-gh-action.yml from 0.0.16 to 0.0.18.

Release notes

Sourced from project-ncl/shared-github-actions/.github/workflows/validate-gh-action.yml's releases.

v0.0.18

What's Changed

🐛 Fixes / 🚀 Enhancements

Add jboss_parent overrides for snapshots by @rnc in project-ncl/shared-github-actions#35

Fix releaseProfiles name by @rnc in project-ncl/shared-github-actions#37

Pass as arguments to release plugin by @rnc in project-ncl/shared-github-actions#38

[NCL-9648] Implement NPM build action by @patrikk0123 in project-ncl/shared-github-actions#40

[NCL-9648] NPM CI and generic Mend CI by @patrikk0123 in project-ncl/shared-github-actions#41

Fetch tags regardless of fetch-depth by @rnc in project-ncl/shared-github-actions#39

Add release workflow for shared repo by @rnc in project-ncl/shared-github-actions#36

Rename release job. Use workflow_call for jib by @rnc in project-ncl/shared-github-actions#42

👒 Project Dependencies

Update project-ncl/shared-github-actions requirement to 429a1085131890ddf95456ac2a7a8b0866dd78ad by @dependabot[bot] in project-ncl/shared-github-actions#29

Full Changelog: project-ncl/shared-github-actions@v0.0.17...v0.0.18

Commits

153b977 Merge pull request #29 from project-ncl/dependabot/github_actions/project-ncl...
5c44905 Merge pull request #42 from rnc/BR1
99a3c3d Rename release job. Use workflow_call for jib
d96b556 Merge pull request #36 from rnc/BR1
401ca54 Merge pull request #39 from rnc/BR3
fb9557c Add release workflow for shared repo
06a3e68 Update project-ncl/shared-github-actions requirement to 429a1085131890ddf9545...
429a108 NCL-9648 Make Mend CI more generic
89cdc79 NCL-9648 Implement NPM CI workflow
8ba48d2 NCL-9648 Implement NPM build action
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

…action.yml Bumps [project-ncl/shared-github-actions/.github/workflows/validate-gh-action.yml](https://github.com/project-ncl/shared-github-actions) from 0.0.16 to 0.0.18. - [Release notes](https://github.com/project-ncl/shared-github-actions/releases) - [Commits](project-ncl/shared-github-actions@ef31e53...153b977) --- updated-dependencies: - dependency-name: project-ncl/shared-github-actions/.github/workflows/validate-gh-action.yml dependency-version: 0.0.18 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-05-13T01:01:34Z

Mend Scan Results

Status: ⚠️ Findings detected

⚠️ SCA findings detected

SCA scan output

plexus-utils-3.6.1.jar [1 HIGH]
		|-- maven-release-manager-3.3.0.jar
			|-- plexus-sec-dispatcher-2.0.jar
				|-- plexus-utils-3.6.1.jar [1 HIGH]
			|-- plexus-utils-3.6.1.jar [1 HIGH]
		|-- maven-settings-builder-3.9.12.jar
			|-- plexus-utils-3.6.1.jar [1 HIGH]
		|-- maven-settings-3.9.12.jar
			|-- plexus-utils-3.6.1.jar [1 HIGH]
		|-- plexus-utils-3.6.1.jar [1 HIGH]
|-- reqour-core-3.5.1-SNAPSHOT.jar
	|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
		|-- netty-codec-4.1.132.Final.jar [1 HIGH]
		|-- netty-handler-4.1.132.Final.jar
			|-- netty-codec-4.1.132.Final.jar [1 HIGH]
	|-- quarkus-hibernate-validator-3.34.6.jar
		|-- quarkus-vertx-http-3.34.6.jar [1 HIGH]
	|-- quarkus-rest-jackson-3.34.6.jar
		|-- quarkus-rest-3.34.6.jar
			|-- quarkus-vertx-http-3.34.6.jar [1 HIGH]
	|-- quarkus-logging-kafka-3.0.4.jar
		|-- kafka-log4j-appender-3.9.2.jar
			|-- slf4j-reload4j-1.7.36.jar
				|-- reload4j-1.2.19.jar [1 MEDIUM]
	|-- bifrost-upload-client-3.3.0.jar
		|-- httpclient5-5.6.jar [1 HIGH]
	|-- pnc-common-3.5.0-jakarta.jar
		|-- jsoup-1.22.2.jar
			|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
reqour-core-3.5.1-SNAPSHOT.jar
|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
	|-- netty-codec-4.1.132.Final.jar [1 HIGH]
	|-- netty-handler-4.1.132.Final.jar
		|-- netty-codec-4.1.132.Final.jar [1 HIGH]
|-- quarkus-logging-json-3.5.0.jar
	|-- quarkus-jackson-3.34.6.jar
		|-- vertx-core-4.5.26.jar
			|-- netty-codec-http2-4.1.132.Final.jar [1 HIGH]
				|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]
			|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
			|-- netty-handler-proxy-4.1.132.Final.jar [1 HIGH]
				|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
				|-- netty-codec-socks-4.1.132.Final.jar
					|-- netty-codec-4.1.132.Final.jar [1 HIGH]
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]
			|-- netty-resolver-dns-4.1.132.Final.jar
				|-- netty-codec-dns-4.1.132.Final.jar [1 HIGH]
					|-- netty-codec-4.1.132.Final.jar [1 HIGH]
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]
|-- quarkus-hibernate-validator-3.34.6.jar
	|-- quarkus-vertx-http-3.34.6.jar [1 HIGH]
|-- quarkus-oidc-client-3.34.6.jar
	|-- quarkus-vertx-3.34.6.jar
		|-- netty-codec-haproxy-4.1.132.Final.jar
			|-- netty-codec-4.1.132.Final.jar [1 HIGH]
		|-- quarkus-netty-3.34.6.jar
			|-- netty-codec-http2-4.1.132.Final.jar [1 HIGH]
			|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
			|-- netty-codec-4.1.132.Final.jar [1 HIGH]
|-- quarkus-rest-jackson-3.34.6.jar
	|-- quarkus-rest-3.34.6.jar
		|-- quarkus-vertx-http-3.34.6.jar [1 HIGH]
|-- quarkus-logging-kafka-3.0.4.jar
	|-- kafka-log4j-appender-3.9.2.jar
		|-- slf4j-reload4j-1.7.36.jar
			|-- reload4j-1.2.19.jar [1 MEDIUM]
|-- bifrost-upload-client-3.3.0.jar
	|-- httpclient5-5.6.jar [1 HIGH]
|-- pnc-common-3.5.0-jakarta.jar
	|-- jsoup-1.22.2.jar
		|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
reqour-rest-3.5.1-SNAPSHOT.jar
|-- quarkus-elytron-security-ldap-3.34.6.jar
	|-- quarkus-elytron-security-3.34.6.jar
		|-- quarkus-vertx-http-3.34.6.jar [1 HIGH]
|-- quarkus-oidc-3.34.6.jar
	|-- quarkus-vertx-http-3.34.6.jar [1 HIGH]
	|-- quarkus-vertx-3.34.6.jar
		|-- netty-codec-haproxy-4.1.132.Final.jar
			|-- netty-codec-4.1.132.Final.jar [1 HIGH]
		|-- quarkus-netty-3.34.6.jar
			|-- netty-codec-http2-4.1.132.Final.jar [1 HIGH]
			|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
			|-- netty-codec-4.1.132.Final.jar [1 HIGH]
|-- quarkus-opentelemetry-3.34.6.jar
	|-- quarkus-grpc-common-3.34.6.jar
		|-- vertx-grpc-4.5.26.jar
			|-- grpc-netty-1.79.0.jar
				|-- netty-codec-http2-4.1.132.Final.jar [1 HIGH]
				|-- netty-handler-proxy-4.1.132.Final.jar [1 HIGH]
	|-- smallrye-common-vertx-context-2.17.0.jar
		|-- vertx-core-4.5.26.jar
			|-- netty-codec-http2-4.1.132.Final.jar [1 HIGH]
				|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]
			|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
			|-- netty-handler-proxy-4.1.132.Final.jar [1 HIGH]
				|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
				|-- netty-codec-socks-4.1.132.Final.jar
					|-- netty-codec-4.1.132.Final.jar [1 HIGH]
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]
			|-- netty-resolver-dns-4.1.132.Final.jar
				|-- netty-codec-dns-4.1.132.Final.jar [1 HIGH]
					|-- netty-codec-4.1.132.Final.jar [1 HIGH]
				|-- netty-codec-4.1.132.Final.jar [1 HIGH]
|-- quarkus-rest-jackson-3.34.6.jar
	|-- quarkus-rest-3.34.6.jar
		|-- quarkus-vertx-http-3.34.6.jar [1 HIGH]
|-- quarkus-smallrye-health-3.34.6.jar
	|-- quarkus-vertx-http-3.34.6.jar [1 HIGH]
|-- quarkus-smallrye-openapi-3.34.6.jar
	|-- quarkus-swagger-ui-3.34.6.jar
		|-- quarkus-vertx-http-3.34.6.jar [1 HIGH]
	|-- quarkus-vertx-http-3.34.6.jar [1 HIGH]
|-- reqour-core-3.5.1-SNAPSHOT.jar
	|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]
		|-- netty-codec-4.1.132.Final.jar [1 HIGH]
		|-- netty-handler-4.1.132.Final.jar
			|-- netty-codec-4.1.132.Final.jar [1 HIGH]
	|-- quarkus-hibernate-validator-3.34.6.jar
		|-- quarkus-vertx-http-3.34.6.jar [1 HIGH]
	|-- quarkus-logging-kafka-3.0.4.jar
		|-- kafka-log4j-appender-3.9.2.jar
			|-- slf4j-reload4j-1.7.36.jar
				|-- reload4j-1.2.19.jar [1 MEDIUM]
	|-- bifrost-upload-client-3.3.0.jar
		|-- httpclient5-5.6.jar [1 HIGH]
	|-- pnc-common-3.5.0-jakarta.jar
		|-- jsoup-1.22.2.jar
			|-- netty-codec-http-4.1.132.Final.jar [2 HIGH, 4 MEDIUM]


No Policy violations were detected

Project 'reqour' was updated, for more information, visit the Mend platform: https://ibmets.whitesourcesoftware.com/app/orgs/Enterprise%20Applications/applications/summary?project=f431aad9-9460-46b3-b3eb-677bf83ee360
Or the Core UI: https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!project;token=422537de190243159a22de2ea487cb28df2e499972f34f1481f455b690290cb7

Mend AI scan succeeded.

Support Token: 1629176a3d9bf45dd82fed02b6ed5c72c1778634038256

SAST scan output

*no findings*

Full logs and artifacts

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 13, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump project-ncl/shared-github-actions/.github/workflows/validate-gh-action.yml from 0.0.16 to 0.0.18#328

Bump project-ncl/shared-github-actions/.github/workflows/validate-gh-action.yml from 0.0.16 to 0.0.18#328
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/project-ncl/shared-github-actions/dot-github/workflows/validate-gh-action.yml-0.0.18

dependabot Bot commented on behalf of github May 13, 2026

Uh oh!

github-actions Bot commented May 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 13, 2026

v0.0.18

What's Changed

🐛 Fixes / 🚀 Enhancements

👒 Project Dependencies

Uh oh!

github-actions Bot commented May 13, 2026

Mend Scan Results

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants