Bump docker/build-push-action from 6.11.0 to 6.12.0 (#2762)

Bumps
[docker/build-push-action](https://github.com/docker/build-push-action)
from 6.11.0 to 6.12.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/build-push-action/releases">docker/build-push-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.12.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.49.0 to 0.51.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1300">docker/build-push-action#1300</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v6.11.0...v6.12.0">https://github.com/docker/build-push-action/compare/v6.11.0...v6.12.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="67a2d409c0"><code>67a2d40</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1300">#1300</a>
from docker/dependabot/npm_and_yarn/docker/actions-t...</li>
<li><a
href="0b1b1c9c43"><code>0b1b1c9</code></a>
chore: update generated content</li>
<li><a
href="b6a7c2c4ee"><code>b6a7c2c</code></a>
chore(deps): Bump <code>@​docker/actions-toolkit</code> from 0.49.0 to
0.51.0</li>
<li><a
href="31ca4e5d51"><code>31ca4e5</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1296">#1296</a>
from crazy-max/bake-v6</li>
<li><a
href="e613db9d5a"><code>e613db9</code></a>
update bake-action to v6</li>
<li>See full diff in <a
href="b32b51a8ed...67a2d409c0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/build-push-action&package-manager=github_actions&previous-version=6.11.0&new-version=6.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/scripts/check_duplicates.py

@@ -1,51 +0,0 @@
-import sys
-
-
-def find_duplicate_keys(file_path):
-    """
-    Finds duplicate keys in a properties file and returns their occurrences.
-
-    This function reads a properties file, identifies any keys that occur more than
-    once, and returns a dictionary with these keys and the line numbers of their occurrences.
-
-    Parameters:
-    file_path (str): The path to the properties file to be checked.
-
-    Returns:
-    dict: A dictionary where each key is a duplicated key in the file, and the value is a list
-          of line numbers where the key occurs.
-    """
-    with open(file_path, "r", encoding="utf-8") as file:
-        lines = file.readlines()
-
-    keys = {}
-    duplicates = {}
-
-    for line_number, line in enumerate(lines, start=1):
-        line = line.strip()
-        if line and not line.startswith("#") and "=" in line:
-            key = line.split("=", 1)[0].strip()
-            if key in keys:
-                # If the key already exists, add the current line number
-                duplicates.setdefault(key, []).append(line_number)
-                # Also add the first instance of the key if not already done
-                if keys[key] not in duplicates[key]:
-                    duplicates[key].insert(0, keys[key])
-            else:
-                # Store the line number of the first instance of the key
-                keys[key] = line_number
-
-    return duplicates
-
-
-if __name__ == "__main__":
-    failed = False
-    for ar in sys.argv[1:]:
-        duplicates = find_duplicate_keys(ar)
-        if duplicates:
-            for key, lines in duplicates.items():
-                lines_str = ", ".join(map(str, lines))
-                print(f"{key} duplicated in {ar} on lines {lines_str}")
-                failed = True
-    if failed:
-        sys.exit(1)

.github/scripts/check_tabulator.py

@@ -1,85 +0,0 @@
-"""check_tabulator.py"""
-
-import argparse
-import sys
-
-
-def check_tabs(file_path):
-    """
-    Checks for tabs in the specified file.
-
-    Args:
-        file_path (str): The path to the file to be checked.
-
-    Returns:
-        bool: True if tabs are found, False otherwise.
-    """
-    with open(file_path, "r", encoding="utf-8") as file:
-        content = file.read()
-
-    if "\t" in content:
-        print(f"Tab found in {file_path}")
-        return True
-    return False
-
-
-def replace_tabs_with_spaces(file_path, replace_with="  "):
-    """
-    Replaces tabs with a specified number of spaces in the file.
-
-    Args:
-        file_path (str): The path to the file where tabs will be replaced.
-        replace_with (str): The character(s) to replace tabs with. Defaults to two spaces.
-    """
-    with open(file_path, "r", encoding="utf-8") as file:
-        content = file.read()
-
-    updated_content = content.replace("\t", replace_with)
-
-    with open(file_path, "w", encoding="utf-8") as file:
-        file.write(updated_content)
-
-
-def main():
-    """
-    Main function to replace tabs with spaces in the provided files.
-    The replacement character and files to check are taken from command line arguments.
-    """
-    # Create ArgumentParser instance
-    parser = argparse.ArgumentParser(
-        description="Replace tabs in files with specified characters."
-    )
-
-    # Define optional argument `--replace_with`
-    parser.add_argument(
-        "--replace_with",
-        default="  ",
-        help="Character(s) to replace tabs with. Default is two spaces.",
-    )
-
-    # Define argument for file paths
-    parser.add_argument("files", metavar="FILE", nargs="+", help="Files to process.")
-
-    # Parse arguments
-    args = parser.parse_args()
-
-    # Extract replacement characters and files from the parsed arguments
-    replace_with = args.replace_with
-    files_checked = args.files
-
-    error = False
-
-    for file_path in files_checked:
-        if check_tabs(file_path):
-            replace_tabs_with_spaces(file_path, replace_with)
-            error = True
-
-    if error:
-        print("Error: Originally found tabs in HTML files, now replaced.")
-        sys.exit(1)
-
-    sys.exit(0)
-
-
-if __name__ == "__main__":
-    main()

.github/workflows/PR-Demo-Comment.yml

@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -81,7 +81,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -119,7 +119,7 @@ jobs:
           password: ${{ secrets.DOCKER_HUB_API }}
 
       - name: Build and push PR-specific image
-        uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0
+        uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0
         with:
           context: .
           file: ./Dockerfile

.github/workflows/PR-Demo-cleanup.yml

@@ -21,7 +21,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/auto-labeler.yml

@@ -13,7 +13,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/build.yml

@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -77,7 +77,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/check_properties.yml

@@ -18,7 +18,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/dependency-review.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/licenses-update.yml

@@ -18,7 +18,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/manage-label.yml

@@ -15,7 +15,7 @@ jobs:
       issues: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/multiOSReleases.yml

@@ -16,7 +16,7 @@ jobs:
       versionMac: ${{ steps.versionNumberMac.outputs.versionNumberMac }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -51,7 +51,7 @@ jobs:
             file_suffix: ""
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -101,7 +101,7 @@ jobs:
             file_suffix: ""
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -139,7 +139,7 @@ jobs:
       contents: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -210,7 +210,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -271,7 +271,7 @@ jobs:
       contents: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/pre_commit.yml

@@ -2,23 +2,41 @@ name: Pre-commit
 
 on:
   workflow_dispatch:
+  schedule:
+    - cron: "0 0 * * 1"
 
 permissions:
   contents: read
 
 jobs:
   pre-commit:
-    if: ${{ github.event.pull_request.user.login != 'dependabot[bot]' }}
     runs-on: ubuntu-latest
     permissions:
       contents: write
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
+      - name: Generate GitHub App Token
+        id: generate-token
+        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
+        with:
+          app-id: ${{ secrets.GH_APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+
+      - name: Get GitHub App User ID
+        id: get-user-id
+        run: echo "user-id=$(gh api "/users/${{ steps.generate-token.outputs.app-slug }}[bot]" --jq .id)" >> $GITHUB_OUTPUT
+        env:
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+      - id: committer
+        run: |
+          echo "string=${{ steps.generate-token.outputs.app-slug }}[bot] <${{ steps.get-user-id.outputs.user-id }}+${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com>"  >> "$GITHUB_OUTPUT"
+
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
@@ -35,25 +53,25 @@ jobs:
         continue-on-error: true
       - name: Set up git config
         run: |
-          git config --global user.name "github-actions[bot]"
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+          git config --global user.name ${{ steps.generate-token.outputs.app-slug }}[bot]
+          git config --global user.email "${{ steps.get-user-id.outputs.user-id }}+${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com"
       - name: git add
         run: |
           git add .
-          git diff --staged --quiet || git commit -m ":file_folder: pre-commit
-          > Made via .github/workflows/pre_commit.yml" || echo "pre-commit: no changes"
+          git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV
       - name: Create Pull Request
+        if: env.CHANGES_DETECTED == 'true'
         uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          commit-message: "ci: 🤖 format everything with pre-commit"
-          committer: GitHub Action <action@github.com>
-          author: GitHub Action <action@github.com>
+          token: ${{ steps.generate-token.outputs.token }}
+          commit-message: ":file_folder: pre-commit"
+          committer: ${{ steps.committer.outputs.string }}
+          author: ${{ steps.committer.outputs.string }}
           signoff: true
           branch: pre-commit
-          title: "🤖 format everything with pre-commit by <github-actions[bot]>"
+          title: "🤖 format everything with pre-commit by <${{ steps.generate-token.outputs.app-slug }}>"
           body: |
-            Auto-generated by [create-pull-request][1]
+            Auto-generated by [create-pull-request][1] with **${{ steps.generate-token.outputs.app-slug }}**
 
             [1]: https://github.com/peter-evans/create-pull-request
           draft: false

.github/workflows/push-docker.yml

@@ -18,7 +18,7 @@ jobs:
       id-token: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -89,7 +89,7 @@ jobs:
 
       - name: Build and push main Dockerfile
         id: build-push-regular
-        uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0
+        uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0
         with:
           builder: ${{ steps.buildx.outputs.name }}
           context: .
@@ -134,7 +134,7 @@ jobs:
 
       - name: Build and push Dockerfile-ultra-lite
         id: build-push-lite
-        uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0
+        uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0
         if: github.ref != 'refs/heads/main'
         with:
           context: .
@@ -165,7 +165,7 @@ jobs:
 
       - name: Build and push main Dockerfile fat
         id: build-push-fat
-        uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0
+        uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0
         if: github.ref != 'refs/heads/main'
         with:
           builder: ${{ steps.buildx.outputs.name }}

.github/workflows/releaseArtifacts.yml

@@ -23,7 +23,7 @@ jobs:
       version: ${{ steps.versionNumber.outputs.versionNumber }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -83,7 +83,7 @@ jobs:
             file_suffix: ""
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -161,7 +161,7 @@ jobs:
             file_suffix: ""
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/scorecards.yml

@@ -34,7 +34,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/stale.yml

@@ -16,7 +16,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/swagger.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/sync_files.yml

@@ -21,7 +21,7 @@ jobs:
       committer: ${{ steps.committer.outputs.committer }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -54,7 +54,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.github/workflows/testdriver.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -46,7 +46,7 @@ jobs:
           password: ${{ secrets.DOCKER_HUB_API }}
 
       - name: Build and push test image
-        uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0
+        uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0
         with:
           context: .
           file: ./Dockerfile
@@ -105,7 +105,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
@@ -134,7 +134,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 

.pre-commit-config.yaml

@@ -6,10 +6,10 @@ repos:
         args:
           - --fix
           - --line-length=127
-        files: ^((.github/scripts|scripts)/.+)?[^/]+\.py$
+        files: ^((\.github/scripts|scripts)/.+)?[^/]+\.py$
         exclude: (split_photos.py)
       - id: ruff-format
-        files: ^((.github/scripts|scripts)/.+)?[^/]+\.py$
+        files: ^((\.github/scripts|scripts)/.+)?[^/]+\.py$
         exclude: (split_photos.py)
   - repo: https://github.com/codespell-project/codespell
     rev: v2.3.0
@@ -19,7 +19,7 @@ repos:
           - --ignore-words-list=
           - --skip="./.*,*.csv,*.json,*.ambr"
           - --quiet-level=2
-        files: \.(properties|html|css|js|py|md)$
+        files: \.(html|css|js|py|md)$
         exclude: (.vscode|.devcontainer|src/main/resources|Dockerfile|.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js)
   - repo: https://github.com/gitleaks/gitleaks
     rev: v8.22.0
@@ -35,23 +35,7 @@ repos:
     hooks:
       - id: end-of-file-fixer
         files: ^.*(\.js|\.java|\.py|\.yml)$
-        exclude: ^(.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js$)
+        exclude: ^(.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js|\.github/workflows/.*$)
       - id: trailing-whitespace
         files: ^.*(\.js|\.java|\.py|\.yml)$
-        exclude: ^(.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js$)
-
-  - repo: local
-    hooks:
-      - id: check-duplicate-properties-keys
-        name: Check Duplicate Properties Keys
-        entry: python .github/scripts/check_duplicates.py
-        language: python
-        files: ^(src)/.+\.properties$
-      - id: check-html-tabs
-        name: Check HTML for tabs
-        description: Ensures HTML/CSS/JS files do not contain tab characters
-        # args: ["--replace_with=  "]
-        entry: python .github/scripts/check_tabulator.py
-        language: python
-        exclude: ^(.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js$)
-        files: ^.*(\.html|\.css|\.js)$
+        exclude: ^(.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js|\.github/workflows/.*$)

build.gradle

@@ -19,7 +19,7 @@ ext {
     logbackVersion = "1.5.7"
     imageioVersion = "3.12.0"
     lombokVersion = "1.18.36"
-    bouncycastleVersion = "1.79"
+    bouncycastleVersion = "1.80"
     springSecuritySamlVersion = "6.4.2"
     openSamlVersion = "4.3.2"
 }
@@ -291,7 +291,7 @@ dependencies {
     }
 
     //security updates
-    implementation "org.springframework:spring-webmvc:6.2.1"
+    implementation "org.springframework:spring-webmvc:6.2.2"
 
     implementation("io.github.pixee:java-security-toolkit:1.2.1")
 
@@ -314,7 +314,7 @@ dependencies {
         implementation "org.springframework.boot:spring-boot-starter-oauth2-client:$springBootVersion"
 
         implementation "org.springframework.session:spring-session-core:$springBootVersion"
-        implementation "org.springframework:spring-jdbc:6.2.1"
+        implementation "org.springframework:spring-jdbc:6.2.2"
 
         implementation 'com.unboundid.product.scim2:scim2-sdk-client:2.3.5'
         // Don't upgrade h2database

scripts/counter_translation.py

@@ -75,7 +75,7 @@ def write_readme(progress_list: list[tuple[str, int]]) -> None:
                         f"![{value}%](https://geps.dev/progress/{value})",
                     )
 
-    with open("README.md", "w", encoding="utf-8") as file:
+    with open("README.md", "w", encoding="utf-8", newline="\n") as file:
         file.writelines(content)
 
 
@@ -196,7 +196,7 @@ def compare_files(
             )
         )
     ignore_translation = convert_to_multiline(sort_ignore_translation)
-    with open(ignore_translation_file, "w", encoding="utf-8") as file:
+    with open(ignore_translation_file, "w", encoding="utf-8", newline="\n") as file:
         file.write(tomlkit.dumps(ignore_translation))
 
     unique_data = list(set(result_list))