chore(deps): bump peter-evans/create-pull-request from 7.0.8 to 7.0.11

[dependabot]

Bumps peter-evans/create-pull-request from 7.0.8 to 7.0.11.

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v7.0.11

What's Changed

• fix: restrict remote prune to self-hosted runners by @​peter-evans in peter-evans/create-pull-request#4250

Full Changelog: peter-evans/create-pull-request@v7.0.10...v7.0.11

Create Pull Request v7.0.10

⚙️ Fixes an issue where updating a pull request failed when targeting a forked repository with the same owner as its parent.

What's Changed

• build(deps): bump the github-actions group with 2 updates by @​dependabot[bot] in peter-evans/create-pull-request#4235
• build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group by @​dependabot[bot] in peter-evans/create-pull-request#4240
• fix: provider list pulls fallback for multi fork same owner by @​peter-evans in peter-evans/create-pull-request#4245

New Contributors

• @​obnyis made their first contribution in peter-evans/create-pull-request#4064

Full Changelog: peter-evans/create-pull-request@v7.0.9...v7.0.10

Create Pull Request v7.0.9

⚙️ Fixes an incompatibility with the recently released actions/checkout@v6.

What's Changed

• ~70 dependency updates by @​dependabot
• docs: fix workaround description about ready_for_review by @​ybiquitous in peter-evans/create-pull-request#3939
• Docs: add-paths default behavior by @​joeflack4 in peter-evans/create-pull-request#3928
• docs: update to create-github-app-token v2 by @​Goooler in peter-evans/create-pull-request#4063
• Fix compatibility with actions/checkout@v6 by @​ericsciple in peter-evans/create-pull-request#4230

New Contributors

• @​joeflack4 made their first contribution in peter-evans/create-pull-request#3928
• @​Goooler made their first contribution in peter-evans/create-pull-request#4063
• @​ericsciple made their first contribution in peter-evans/create-pull-request#4230

Full Changelog: peter-evans/create-pull-request@v7.0.8...v7.0.9

Commits

• 22a9089 fix: restrict remote prune to self-hosted runners (#4250)
• d4f3be6 fix: provider list pulls fallback for multi fork same owner (#4245)
• bc8a47f build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group (#4240)
• a67ef28 build(deps): bump the github-actions group with 2 updates (#4235)
• 84ae59a fix: compatibility with actions/checkout@v6 (#4230)
• b4733b9 build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#4222)
• 0edc001 build(deps-dev): bump the npm group with 2 updates (#4201)
• 430aea0 build(deps): bump the github-actions group with 3 updates (#4200)
• 46cdba7 build(deps-dev): bump the npm group with 3 updates (#4185)
• b937339 build(deps): bump the github-actions group with 2 updates (#4184)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	1		0	0	0.26s
❌ COPYPASTE	jscpd	yes		13	no	4.21s
✅ EDITORCONFIG	editorconfig-checker	1		0	0	0.24s
❌ REPOSITORY	devskim	yes		1	1	1.98s
✅ REPOSITORY	dustilock	yes		no	no	0.02s
❌ REPOSITORY	gitleaks	yes		2	no	4.39s
✅ REPOSITORY	git_diff	yes		no	no	1.26s
✅ REPOSITORY	grype	yes		no	no	26.56s
❌ REPOSITORY	kics	yes		18	no	13.06s
✅ REPOSITORY	secretlint	yes		no	no	5.28s
✅ REPOSITORY	syft	yes		no	no	1.31s
✅ REPOSITORY	trivy	yes		no	no	5.92s
✅ REPOSITORY	trivy-sbom	yes		no	no	1.09s
✅ REPOSITORY	trufflehog	yes		no	no	2.49s
✅ SPELL	cspell	2		0	0	3.49s
✅ SPELL	lychee	1		0	0	0.32s
✅ YAML	prettier	1	0	0	0	1.6s
✅ YAML	v8r	1		0	0	3.72s
✅ YAML	yamllint	1		0	0	0.52s

Detailed Issues

❌ REPOSITORY / devskim - 1 error

{"$schema":"https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.6.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"devskim","fullName":"Microsoft DevSkim Command Line Interface","version":"1.0.67+1c44622c1f","informationUri":"https://github.com/microsoft/DevSkim/","rules":[{"id":"DS176209","name":"SuspiciousComment","fullDescription":{"text":"Suspicious comment: A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality"},"help":{"text":"A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality","markdown":"Visit [https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md](https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md) for additional guidance on this issue."},"shortDescription":{"text":"A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality"},"defaultConfiguration":{"level":"note"},"helpUri":"https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md","properties":{"precision":"high","problem.severity":"recommendation","DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"id":"DS137138","name":"InsecureUrl","fullDescription":{"text":"Insecure URL: An HTTP-based URL without TLS was detected."},"help":{"text":"Update to an HTTPS-based URL if possible.","markdown":"Update to an HTTPS-based URL if possible. Visit [https://github.com/Microsoft/DevSkim/blob/main/guidance/DS137138.md](https://github.com/Microsoft/DevSkim/blob/main/guidance/DS137138.md) for additional guidance on this issue."},"shortDescription":{"text":"An HTTP-based URL without TLS was detected."},"helpUri":"https://github.com/Microsoft/DevSkim/blob/main/guidance/DS137138.md","properties":{"precision":"high","problem.severity":"warning","DevSkimSeverity":"Moderate","DevSkimConfidence":"High"},"defaultConfiguration":{"level":"warning"}}]}},"versionControlProvenance":[{"repositoryUri":"https://github.com/ulises-jeremias/dotfiles","revisionId":"HIDDEN_BY_MEGALINTER","branch":"(no branch)"}],"results":[{"ruleId":"DS137138","message":{"text":"Insecure URL"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":".github/ISSUE_TEMPLATE/bug-report.yml"},"region":{"startLine":43,"startColumn":48,"endLine":43,"endColumn":64,"charOffset":1298,"charLength":16,"snippet":{"text":"http://sscce.org","rendered":{"text":"http://sscce.org","markdown":"`http://sscce.org`"}},"sourceLanguage":"yaml"}}}],"fixes":[{"description":{"text":"An HTTP-based URL without TLS was detected."},"artifactChanges":[{"artifactLocation":{"uri":".github/ISSUE_TEMPLATE/bug-report.yml"},"replacements":[{"deletedRegion":{"charOffset":1298,"charLength":16},"insertedContent":{"text":"https://sscce.org"}}]}]}],"properties":{"tags":["ThreatModel.Integration.HTTP"],"DevSkimSeverity":"Moderate","DevSkimConfidence":"High"},"level":"warning"},{"ruleId":"DS176209","level":"note","message":{"text":"Suspicious comment"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":".github/workflows/todo.yml"},"region":{"startLine":25,"startColumn":14,"endLine":25,"endColumn":18,"charOffset":294,"charLength":4,"snippet":{"text":"TODO","rendered":{"text":"TODO","markdown":"`TODO`"}},"sourceLanguage":"yaml"}}}],"properties":{"tags":["Hygiene.Comment.Suspicious"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS176209","level":"note","message":{"text":"Suspicious comment"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":".github/workflows/todo.yml"},"region":{"startLine":13,"startColumn":10,"endLine":13,"endColumn":14,"charOffset":115,"charLength":4,"snippet":{"text":"TODO","rendered":{"text":"TODO","markdown":"`TODO`"}},"sourceLanguage":"yaml"}}}],"properties":{"tags":["Hygiene.Comment.Suspicious"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}}],"columnKind":"utf16CodeUnits"}]}

❌ REPOSITORY / gitleaks - 2 errors

○
    │╲
    │ ○
    ○ ░
    ░    gitleaks

Finding:     api_key = "REDACTED"
Secret:      REDACTED
RuleID:      generic-api-key
Entropy:     3.632049
File:        root/dot_local/bin/executable_dots-weather
Line:        12
Commit:      HIDDEN_BY_MEGALINTERAuthor:      ulises-jeremias
Email:       [email protected]
Date:        2023-12-11T05:28:50Z
Fingerprint: 8c52c074405209379d58d5617e483867b5dfcc13:root/dot_local/bin/executable_dots-weather:generic-api-key:12
Link:        https://github.com/ulises-jeremias/dotfiles/blob/8c52c074405209379d58d5617e483867b5dfcc13/root/dot_local/bin/executable_dots-weather#L12

Finding:     api_key = "REDACTED"
Secret:      REDACTED
RuleID:      generic-api-key
Entropy:     3.632049
File:        polybar/scripts/weather.py
Line:        12
Commit:      HIDDEN_BY_MEGALINTERAuthor:      ulises-jeremias
Email:       [email protected]
Date:        2019-11-03T00:15:20Z
Fingerprint: abdfa1f34cdbc6dcbb670453edafbaa4f5dfd0cf:polybar/scripts/weather.py:generic-api-key:12
Link:        https://github.com/ulises-jeremias/dotfiles/blob/abdfa1f34cdbc6dcbb670453edafbaa4f5dfd0cf/polybar/scripts/weather.py#L12

11:10AM INF 1243 commits scanned.
11:10AM INF scanned ~4130296 bytes (4.13 MB) in 4.34s
11:10AM WRN leaks found: 2

❌ COPYPASTE / jscpd - 13 errors

Clone found (json):
 - home/dot_config/waybar/configs/default/config-top.json [62:13 - 142:15] (80 lines, 414 tokens)
   home/dot_config/waybar/configs/vertical-left/config.json [82:11 - 162:22]

Clone found (json):
 - home/dot_config/waybar/configs/default/config-top.json [160:11 - 176:12] (16 lines, 101 tokens)
   home/dot_config/waybar/configs/vertical-left/config.json [298:5 - 314:20]

Clone found (json):
 - home/dot_config/waybar/configs/default/config-top.json [240:3 - 257:21] (17 lines, 96 tokens)
   home/dot_config/waybar/configs/vertical-left/config.json [382:3 - 399:9]

Clone found (json):
 - home/dot_config/waybar/configs/default/config-top.json [309:20 - 331:7] (22 lines, 125 tokens)
   home/dot_config/waybar/configs/vertical-left/config.json [447:12 - 469:7]

Clone found (json):
 - home/dot_config/waybar/configs/default/config-bottom.json [25:4 - 123:2] (98 lines, 613 tokens)
   home/dot_config/waybar/configs/vertical-left/config.json [164:5 - 263:2]

Clone found (json):
 - home/dot_config/waybar/configs/default/config-bottom.json [193:7 - 218:7] (25 lines, 161 tokens)
   home/dot_config/waybar/configs/vertical-left/config.json [511:5 - 536:7]

Clone found (scss):
 - home/dot_config/eww/dashboard/eww.scss [98:9 - 129:57] (31 lines, 150 tokens)
   home/dot_config/eww/powermenu/eww.scss [30:6 - 61:31]

Clone found (bash):
 - lib/easy-options/example.sh [1:1 - 34:5] (33 lines, 93 tokens)
   home/dot_local/lib/dots/easy-options/executable_example.sh [1:1 - 34:5]

Clone found (bash):
 - lib/easy-options/easyoptions.sh [1:1 - 71:6] (70 lines, 210 tokens)
   home/dot_local/lib/dots/easy-options/easyoptions.sh [1:1 - 71:46]

Clone found (bash):
 - lib/easy-options/easyoptions.sh [75:3 - 106:24] (31 lines, 284 tokens)
   home/dot_local/lib/dots/easy-options/easyoptions.sh [79:3 - 110:69]

Clone found (bash):
 - lib/easy-options/easyoptions.sh [106:3 - 175:3] (69 lines, 562 tokens)
   home/dot_local/lib/dots/easy-options/easyoptions.sh [120:3 - 189:4]

Clone found (bash):
 - lib/easy-options/easyoptions.sh [176:9 - 218:2] (42 lines, 340 tokens)
   home/dot_local/lib/dots/easy-options/easyoptions.sh [190:9 - 232:2]

Clone found (markdown):
 - CONTRIBUTING.md [235:1 - 240:9] (5 lines, 110 tokens)
   docs/Development-Standards.md [171:1 - 176:9]

┌──────────┬────────────────┬─────────────┬──────────────┬──────────────┬──────────────────┬───────────────────┐
│ Format   │ Files analyzed │ Total lines │ Total tokens │ Clones found │ Duplicated lines │ Duplicated tokens │
├──────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ bash     │ 58             │ 3428        │ 14928        │ 5            │ 245 (7.15%)      │ 1489 (9.97%)      │
├──────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ json     │ 6              │ 1301        │ 7164         │ 6            │ 258 (19.83%)     │ 1510 (21.08%)     │
├──────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ scss     │ 2              │ 524         │ 2439         │ 1            │ 31 (5.92%)       │ 150 (6.15%)       │
├──────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ ini      │ 2              │ 22          │ 86           │ 0            │ 0 (0%)           │ 0 (0%)            │
├──────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ markdown │ 46             │ 7868        │ 50322        │ 1            │ 5 (0.06%)        │ 110 (0.22%)       │
├──────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ markup   │ 1              │ 12          │ 102          │ 0            │ 0 (0%)           │ 0 (0%)            │
├──────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ url      │ 1              │ 1           │ 10           │ 0            │ 0 (0%)           │ 0 (0%)            │
├──────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ yaml     │ 4              │ 144         │ 941          │ 0            │ 0 (0%)           │ 0 (0%)            │
├──────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ Total:   │ 120            │ 13300       │ 75992        │ 13           │ 539 (4.05%)      │ 3259 (4.29%)      │
└──────────┴────────────────┴─────────────┴──────────────┴──────────────┴──────────────────┴───────────────────┘
Found 13 clones.
HTML report saved to megalinter-reports/copy-paste/html/
ERROR: jscpd found too many duplicates (4.05%) over threshold (0%)
Error: ERROR: jscpd found too many duplicates (4.05%) over threshold (0%)
    at ThresholdReporter.report (/node-deps/node_modules/@jscpd/finder/dist/index.js:612:13)
    at /node-deps/node_modules/@jscpd/finder/dist/index.js:110:18
    at Array.forEach (<anonymous>)
    at /node-deps/node_modules/@jscpd/finder/dist/index.js:109:22
    at async /node-deps/node_modules/jscpd/dist/jscpd.js:351:5

❌ REPOSITORY / kics - 18 errors

MLLLLLM             MLLLLLLLLL   LLLLLLL             KLLLLLLLLLLLLLLLL       LLLLLLLLLLLLLLLLLLLLLLL 
   MMMMMMM           MMMMMMMMMML    MMMMMMMK       LMMMMMMMMMMMMMMMMMMMML   KLMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM         MMMMMMMMML       MMMMMMMK     LMMMMMMMMMMMMMMMMMMMMMML  LMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM      MMMMMMMMMML         MMMMMMMK   LMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM    LMMMMMMMMML           MMMMMMMK  LMMMMMMMMMLLMLLLLLLLLLLLLLL LMMMMMMMLLLLLLLLLLLLLLLLLLLLM 
   MMMMMMM  MMMMMMMMMLM             MMMMMMMK LMMMMMMMM                    LMMMMMML                      
   MMMMMMMLMMMMMMMML                MMMMMMMK MMMMMMML                     LMMMMMMMMLLLLLLLLLLLLLMLL     
   MMMMMMMMMMMMMMMM                 MMMMMMMK MMMMMML                       LMMMMMMMMMMMMMMMMMMMMMMMMML  
   MMMMMMMMMMMMMMMMMM               MMMMMMMK MMMMMMM                         LMMMMMMMMMMMMMMMMMMMMMMMML 
   MMMMMMM KLMMMMMMMMML             MMMMMMMK LMMMMMMM                                          MMMMMMMML
   MMMMMMM    LMMMMMMMMMM           MMMMMMMK LMMMMMMMMLL                                        MMMMMMML
   MMMMMMM      LMMMMMMMMMLL        MMMMMMMK  LMMMMMMMMMMMMMMMMMMMMMMMMML LLLLLLLLLLLLLLLLLLLLMMMMMMMMMM
   MMMMMMM        MMMMMMMMMMML      MMMMMMMK   MMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM          LLMMMMMMMMML    MMMMMMMK     LLMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMML  
   MMMMMMM             MMMMMMMMMML  MMMMMMMK         KLMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMLK    
                                                                                                            
                                                                                                                                                                                                                                                                                                                        


Scanning with Keeping Infrastructure as Code Secure v2.1.14





Unpinned Actions Full Length Commit SHA, Severity: LOW, Results: 11
Description: Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
Platform: CICD
CWE: 829
Learn more about this vulnerability: https://docs.kics.io/latest/queries/cicd-queries/555ab8f9-2001-455e-a077-f2d0f41e2fb9

	[1]: .github/workflows/security-scan.yml:36

		035:       - name: Run Trivy vulnerability scanner
		036:         uses: aquasecurity/[email protected]
		037:         env:


	[2]: .github/workflows/aur-publish.yml:26

		025:       - name: Publish AUR package
		026:         uses: ulises-jeremias/github-actions-aur-publish@v1
		027:         with:


	[3]: .github/workflows/docs.yml:53

		052:       - name: Sync Wiki to Docs
		053:         uses: newrelic/[email protected]
		054:         with:


	[4]: .github/workflows/docs.yml:96

		095:       - name: Deploy to gh-pages
		096:         uses: peaceiris/[email protected]
		097:         with:


	[5]: .github/workflows/todo.yml:26

		025:       - name: TODO to Issue
		026:         uses: alstr/todo-to-issue-action@v5
		027:         id: todo


	[6]: .github/workflows/mega-linter.yml:67

		066:         # More info at https://megalinter.io/latest/flavors/
		067:         uses: oxsecurity/[email protected]
		068: 


	[7]: .github/workflows/mega-linter.yml:117

		116:       - name: Create Pull Request with applied fixes
		117:         uses: peter-evans/[email protected]
		118:         id: cpr


	[8]: .github/workflows/security-scan.yml:49

		048:       - name: Upload Trivy scan results to GitHub Security tab
		049:         uses: github/codeql-action/upload-sarif@v4
		050:         with:


	[9]: .github/workflows/aur-dev-publish.yml:29

		028:       - name: Publish AUR package
		029:         uses: ulises-jeremias/github-actions-aur-publish@v1
		030:         with:


	[10]: .github/workflows/docs.yml:38

		037:       - name: Sync docs to wiki
		038:         uses: newrelic/[email protected]
		039:         with:


	[11]: .github/workflows/mega-linter.yml:173

		172:       - name: Commit and push applied linter fixes
		173:         uses: stefanzweifel/[email protected]
		174:         if: >-


Shared Host Network Namespace, Severity: MEDIUM, Results: 1
Description: Container should not share the host network namespace
Platform: DockerCompose
CWE: 668
Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockercompose-queries/071a71ff-f868-47a4-ac0b-3c59e4ab5443

	[1]: playground/compose.yml:12

		011:       - WINDOW_MANAGER
		012:     network_mode: host
		013:     cap_add:


Security Opt Not Set, Severity: MEDIUM, Results: 1
Description: Attribute 'security_opt' should be defined.
Platform: DockerCompose
CWE: 693
Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockercompose-queries/610e266e-6c12-4bca-9925-1ed0cd29742b

	[1]: playground/compose.yml:2

		001: services:
		002:   vagrant:
		003:     image: vagrantlibvirt/vagrant-libvirt:edge


Healthcheck Not Set, Severity: MEDIUM, Results: 1
Description: Check containers periodically to see if they are running properly.
Platform: DockerCompose
CWE: 703
Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockercompose-queries/698ed579-b239-4f8f-a388-baa4bcb13ef8

	[1]: playground/compose.yml:2

		001: services:
		002:   vagrant:
		003:     image: vagrantlibvirt/vagrant-libvirt:edge


Container Capabilities Unrestricted, Severity: MEDIUM, Results: 2
Description: Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.
Platform: DockerCompose
CWE: 400
Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockercompose-queries/ce76b7d0-9e77-464d-b86f-c5c48e03e22d

	[1]: playground/compose.yml:13

		012:     network_mode: host
		013:     cap_add:
		014:       - NET_ADMIN


	[2]: playground/compose.yml:2

		001: services:
		002:   vagrant:
		003:     image: vagrantlibvirt/vagrant-libvirt:edge


Volume Has Sensitive Host Directory, Severity: HIGH, Results: 1
Description: Container has sensitive host directory mounted as a volume
Platform: DockerCompose
CWE: 668
Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockercompose-queries/1c1325ff-831d-43a1-973e-839ae57dfcc0

	[1]: playground/compose.yml:5

		004:     volumes:
		005:       - /var/run/libvirt:/var/run/libvirt
		006:       - ~/.vagrant.d:/.vagrant.d


Privileged Containers Enabled, Severity: HIGH, Results: 1
Description: Privileged containers should be used with extreme caution, they have all of the capabilities that the linux kernel offers for docker.
Platform: DockerCompose
CWE: 250
Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockercompose-queries/ae5b6871-7f45-42e0-bb4c-ab300c4d2026

	[1]: playground/compose.yml:15

		014:       - NET_ADMIN
		015:     privileged: true
		016: 



Results Summary:
CRITICAL: 0
HIGH: 2
MEDIUM: 5
LOW: 11
INFO: 0
TOTAL: 18

A new version 'v2.1.17' of KICS is available, please consider updating

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff