chore(deps): bump the minor group in /.containifyci with 2 updates

[dependabot]

Bumps the minor group in /.containifyci with 2 updates: github.com/containifyci/engine-ci/client and github.com/containifyci/engine-ci/protos2.

Updates github.com/containifyci/engine-ci/client from 0.17.0 to 0.17.1

Commits

• 3747139 chore(deps): bump the minor group across 1 directory with 2 updates (#219)
• 3f1844e chore(deps): bump github.com/hashicorp/go-plugin (#220)
• 8aadd82 chore(deps): bump the minor group in /.containifyci with 2 updates (#216)
• e7ccc3a chore(deps): bump google.golang.org/protobuf (#215)
• ccb8a38 chore(deps): bump google.golang.org/protobuf (#214)
• 610aea7 chore(deps): bump the minor group in /.containifyci with 2 updates (#213)
• a667712 fix(cache): restore GOMODCACHE usage in golang container builds (#212)
• 539022f fix(golang): resolve intermediate container platform build issue (#211)
• 9ed4705 feat(maintainability): Phase 2-3 implementation - Core infrastructure and Pyt...
• 5e59885 chore(deps): bump the minor group in /.containifyci with 2 updates (#192)
• Additional commits viewable in compare view

Updates github.com/containifyci/engine-ci/protos2 from 0.14.0 to 0.15.0

Release notes

Sourced from github.com/containifyci/engine-ci/protos2's releases.

v0.15.0

What's Changed

• chore(deps): bump the minor group across 1 directory with 2 updates by @​dependabot in containifyci/engine-ci#124
• chore(deps): bump the minor group across 1 directory with 3 updates by @​dependabot in containifyci/engine-ci#125
• chore(deps): bump the minor group across 1 directory with 6 updates by @​dependabot in containifyci/engine-ci#126
• feat(go): add golangci-lint custom-gcl support by @​fr12k in containifyci/engine-ci#128

Full Changelog: containifyci/engine-ci@v0...v0.15.0

Commits

• 6314deb chore(go): remove ssh+git setup fo golangci-lint (#130)
• f4fe652 fix(go): ensure coverage directory exists (#129)
• f20b608 feat(go): add golangci-lint custom-gcl support (#128)
• e0f16ec chore(deps): bump the minor group across 1 directory with 6 updates (#126)
• 488e64f chore(deps): bump the minor group across 1 directory with 3 updates (#125)
• 9c5e144 chore(deps): bump the minor group across 1 directory with 2 updates (#124)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Container Security Risks

Trivy found possible vulnerabilities in your container image. Please update your container to use the latest image version & all the application dependencies (such as nodejs, go, jvm etc…).

Metadata:

• OS Version: 3.22.1
• Image ID: sha256:d77e6e5308aa48bbc6735b5029ddec2bdcba44fc891d9a69a558521050061da3
• Docker Image: containifyci/containifyci-java:b11181d4109454da644dfb622e67b930b2051cb5

Vulnerabilities:

app/containifyci-java

Class: lang-pkgs
Type: gobinary

CVE ID: CVE-2025-6032

• Severity: HIGH
• PkgName: github.com/containers/podman/v5
• PkgID: github.com/containers/podman/v5@v5.4.2
• Installed Version: v5.4.2
• Fixed Version: 5.5.2
• Published Date: 2025-06-24

CVE ID: CVE-2025-22874

• Severity: HIGH
• PkgName: stdlib
• PkgID: stdlib@v1.24.2
• Installed Version: v1.24.2
• Fixed Version: 1.24.4
• Published Date: 2025-06-11

CVE ID: CVE-2025-47907

• Severity: HIGH
• PkgName: stdlib
• PkgID: stdlib@v1.24.2
• Installed Version: v1.24.2
• Fixed Version: 1.23.12, 1.24.6
• Published Date: 2025-08-07

[dunebot]

Note

DuneBot can't Merge this Pull Request because not all configured validations are satisfied.

Failed Validation Results

• Config: dependabot_terraform Branch:dependabot/go_modules Reason:age Message:Pull request age is less than required (47h57m0s) for Merge

---

❓ Got questions?
Check out DuneBot's Docs
For further assistance reach out to #ask-platform.

---

You can trigger DuneBot reprocessing by closing and reopen the Pull Request.

This PR comment was generated by DuneBot

[dunebot]

Note

DuneBot can't Merge this Pull Request because not all configured validations are satisfied.

Failed Validation Results

• Config: dependabot_terraform Branch:dependabot/go_modules Reason:age Message:Pull request age is less than required (43h44m0s) for Merge

---

❓ Got questions?
Check out DuneBot's Docs
For further assistance reach out to #ask-platform.

---

You can trigger DuneBot reprocessing by closing and reopen the Pull Request.

This PR comment was generated by DuneBot

[dunebot]

Note

This Pull Request is not mergeable by DuneBot.

Details

DuneBot Logs in DataDog

Post "https://api.github.com/repos/containifyci/engine-java/pulls/37/reviews": oauth2: "bad_refresh_token" "The refresh token passed is incorrect or expired." "https://docs.github.com/apps/managing-oauth-apps/troubleshooting-oauth-app-access-token-request-errors/#bad-verification-code"

goroutine 3640152 [running]:
github.com/containifyci/dunebot/pkg/github.ErrorHandler.NewNotMergableError({{0x1f4?, 0xc0002a1900?, 0x2f2b120?}}, {0x1f5e328, 0xc000ea96b0}, {0x1f42520, 0xc0044f4c30})
	/go/pkg/github.com/containifyci/dunebot@v0.0.3/pkg/github/error.go:103 +0x7f
github.com/containifyci/dunebot/pkg/github.NewNotMergableError({0x1f5e328, 0xc000ea96b0}, {0x1f42520, 0xc0044f4c30})
	/go/pkg/github.com/containifyci/dunebot@v0.0.3/pkg/github/error.go:97 +0x45
github.com/containifyci/dunebot/pkg/github.GithubClient.ApprovePullRequest({0xc000dfb888, {0x1f5ea60, 0xc0001f5030}, {{0x0, 0x0}, {0x1ca13e5, 0xe}, {0x1c9512a, 0x5}, {0xc0062efba0, ...}, ...}, ...}, ...)
	/go/pkg/github.com/containifyci/dunebot@v0.0.3/pkg/github/client.go:312 +0x17e
github.com/containifyci/dunebot/pkg/review.(*reviewer).PullRequestReview(0xc000f49d40, {0x1f5e328, 0xc000ea96b0}, {0xc000901a40?, 0xc000953508?, 0xc0005ec840?, 0xc000e74680?})
	/go/pkg/github.com/containifyci/dunebot@v0.0.3/pkg/review/review.go:201 +0x1325
github.com/containifyci/temporal-worker/pkg/workflows/github.PullRequestReviewActivities.PullRequestReviewActivity({{{{0xc000056038, 0x9}, {0x0, 0x0}, 0x0}, {{0xc000058077, 0x13}, {0xc00005409a, 0x17}, {0x0, ...}, ...}, ...}, ...}, ...)
	/usr/src/pkg/workflows/github/pull_request.go:75 +0x1cc
reflect.Value.call({0x196b380?, 0xc000627b00?, 0x20?}, {0x1c94568, 0x4}, {0xc000ea96e0, 0x2, 0xc000ea96e0?})
	/usr/local/go/src/reflect/value.go:581 +0xca6
reflect.Value.Call({0x196b380?, 0xc000627b00?, 0x782c6ee3dff8?}, {0xc000ea96e0?, 0x782c28340498?, 0x782c6f0bb5b8?})
	/usr/local/go/src/reflect/value.go:365 +0xb9
go.temporal.io/sdk/internal.executeFunction({0x196b380, 0xc000627b00}, {0xc00029e9c0, 0x2, 0x193ee60?})
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_worker.go:2004 +0x26b
go.temporal.io/sdk/internal.executeFunctionWithContext({0x1f5e328, 0xc000ea96b0}, {0x196b380, 0xc000627b00}, {0xc003effd80, 0x1, 0x1})
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_worker.go:1988 +0x1ae
go.temporal.io/sdk/internal.(*activityEnvironmentInterceptor).ExecuteActivity(0xc0005ec7c0, {0x1f5e3d0?, 0xc00026ae00?}, 0xc00097eb28)
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_activity.go:367 +0x67
go.temporal.io/sdk/internal.(*activityExecutor).ExecuteWithActualArgs(0xc0002f9920, {0x1f5e3d0, 0xc00026ae00}, {0xc003effd80, 0x1, 0x1})
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_worker.go:919 +0x148
go.temporal.io/sdk/internal.(*activityExecutor).Execute(0xc0002f9920, {0x1f5e3d0, 0xc00026ae00}, 0xc0005a2940)
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_worker.go:905 +0x139
go.temporal.io/sdk/internal.(*activityTaskHandlerImpl).Execute(0xc0000f7340, {0x1c9cb4f, 0xb}, 0xc0008c0410)
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_task_handlers.go:2207 +0x904
go.temporal.io/sdk/internal.(*activityTaskPoller).ProcessTask(0xc000262d10, {0x1958ae0, 0xc000a77470})
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_task_pollers.go:1066 +0x283
go.temporal.io/sdk/internal.(*baseWorker).processTaskAsync.func1()
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_worker_base.go:446 +0x12f
created by go.temporal.io/sdk/internal.(*baseWorker).processTaskAsync in goroutine 54
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_worker_base.go:425 +0x90

---

❓ Got questions?
Check out DuneBot's Docs
For further assistance reach out to #ask-platform.

---

You can trigger DuneBot reprocessing by closing and reopen the Pull Request.

This PR comment was generated by DuneBot

[dunebot]

Note

DuneBot can't Merge this Pull Request because not all configured validations are satisfied.

Failed Validation Results

• Config: dependabot_terraform Branch:dependabot/go_modules Reason:age Message:Pull request age is less than required (19h43m0s) for Merge

---

❓ Got questions?
Check out DuneBot's Docs
For further assistance reach out to #ask-platform.

---

You can trigger DuneBot reprocessing by closing and reopen the Pull Request.

This PR comment was generated by DuneBot

[dunebot]

Note

This Pull Request is not mergeable by DuneBot.

Details

DuneBot Logs in DataDog

Post "https://api.github.com/repos/containifyci/engine-java/pulls/37/reviews": oauth2: "bad_refresh_token" "The refresh token passed is incorrect or expired." "https://docs.github.com/apps/managing-oauth-apps/troubleshooting-oauth-app-access-token-request-errors/#bad-verification-code"

goroutine 3660007 [running]:
github.com/containifyci/dunebot/pkg/github.ErrorHandler.NewNotMergableError({{0x1f4?, 0xc0002a1900?, 0x2f2b120?}}, {0x1f5e328, 0xc0005aa2d0}, {0x1f42520, 0xc003d33860})
	/go/pkg/github.com/containifyci/dunebot@v0.0.3/pkg/github/error.go:103 +0x7f
github.com/containifyci/dunebot/pkg/github.NewNotMergableError({0x1f5e328, 0xc0005aa2d0}, {0x1f42520, 0xc003d33860})
	/go/pkg/github.com/containifyci/dunebot@v0.0.3/pkg/github/error.go:97 +0x45
github.com/containifyci/dunebot/pkg/github.GithubClient.ApprovePullRequest({0xc000dfa388, {0x1f5ea60, 0xc00026ae70}, {{0x0, 0x0}, {0x1ca13e5, 0xe}, {0x1c9512a, 0x5}, {0xc000f32c80, ...}, ...}, ...}, ...)
	/go/pkg/github.com/containifyci/dunebot@v0.0.3/pkg/github/client.go:312 +0x17e
github.com/containifyci/dunebot/pkg/review.(*reviewer).PullRequestReview(0xc000f49860, {0x1f5e328, 0xc0005aa2d0}, {0xc00380fdc0?, 0xc000b87508?, 0xc00086d8c0?, 0xc000323280?})
	/go/pkg/github.com/containifyci/dunebot@v0.0.3/pkg/review/review.go:201 +0x1325
github.com/containifyci/temporal-worker/pkg/workflows/github.PullRequestReviewActivities.PullRequestReviewActivity({{{{0xc000056038, 0x9}, {0x0, 0x0}, 0x0}, {{0xc000058077, 0x13}, {0xc00005409a, 0x17}, {0x0, ...}, ...}, ...}, ...}, ...)
	/usr/src/pkg/workflows/github/pull_request.go:75 +0x1cc
reflect.Value.call({0x196b380?, 0xc000627b00?, 0x20?}, {0x1c94568, 0x4}, {0xc0005aa300, 0x2, 0xc0005aa300?})
	/usr/local/go/src/reflect/value.go:581 +0xca6
reflect.Value.Call({0x196b380?, 0xc000627b00?, 0x782c28423368?}, {0xc0005aa300?, 0x782c284207a8?, 0x782c6f0bb5b8?})
	/usr/local/go/src/reflect/value.go:365 +0xb9
go.temporal.io/sdk/internal.executeFunction({0x196b380, 0xc000627b00}, {0xc0002710a0, 0x2, 0x193ee60?})
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_worker.go:2004 +0x26b
go.temporal.io/sdk/internal.executeFunctionWithContext({0x1f5e328, 0xc0005aa2d0}, {0x196b380, 0xc000627b00}, {0xc0005eb330, 0x1, 0x1})
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_worker.go:1988 +0x1ae
go.temporal.io/sdk/internal.(*activityEnvironmentInterceptor).ExecuteActivity(0xc00086d840, {0x1f5e3d0?, 0xc000260f50?}, 0xc000851470)
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_activity.go:367 +0x67
go.temporal.io/sdk/internal.(*activityExecutor).ExecuteWithActualArgs(0xc0002f9920, {0x1f5e3d0, 0xc000260f50}, {0xc0005eb330, 0x1, 0x1})
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_worker.go:919 +0x148
go.temporal.io/sdk/internal.(*activityExecutor).Execute(0xc0002f9920, {0x1f5e3d0, 0xc000260f50}, 0xc0005a2c40)
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_worker.go:905 +0x139
go.temporal.io/sdk/internal.(*activityTaskHandlerImpl).Execute(0xc0000f7340, {0x1c9cb4f, 0xb}, 0xc0002f7d40)
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_task_handlers.go:2207 +0x904
go.temporal.io/sdk/internal.(*activityTaskPoller).ProcessTask(0xc000262d10, {0x1958ae0, 0xc0005e5d50})
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_task_pollers.go:1066 +0x283
go.temporal.io/sdk/internal.(*baseWorker).processTaskAsync.func1()
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_worker_base.go:446 +0x12f
created by go.temporal.io/sdk/internal.(*baseWorker).processTaskAsync in goroutine 54
	/go/pkg/go.temporal.io/sdk@v1.31.0/internal/internal_worker_base.go:425 +0x90

---

❓ Got questions?
Check out DuneBot's Docs
For further assistance reach out to #ask-platform.

---

You can trigger DuneBot reprocessing by closing and reopen the Pull Request.

This PR comment was generated by DuneBot