build(deps): Bump dependabot/fetch-metadata from 2.4.0 to 2.5.0 · OpenVoxProject/container-openvoxdb@bffef4f

Triggered via pull request January 6, 2026 13:18

dependabot[bot]

opened #62

dependabot/github_actions/dependabot/fetch-metadata-2.5.0

Status Success

Total duration 1m 43s

Artifacts 1

security_scanning.yml

on: pull_request

setup-matrix

5s

Matrix: Scan CI container

Annotations

2 warnings

Scan CI container (8, 8.11.0-1+ubuntu24.04)

Failed minimum severity level. Found vulnerabilities with level 'medium' or higher

Sensitive data should not be used in the ARG or ENV commands: openvoxdb/Containerfile#L32

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "OPENVOXDB_POSTGRES_PASSWORD") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/

Artifacts

Produced during runtime

Name	Size	Digest
OpenVoxProject~container-openvoxdb~A449B7.dockerbuild	44.6 KB	`sha256:15b8fedea22664b7d6dd9d162c1920d7093c5286751d16e356d4b75251637d00`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): Bump dependabot/fetch-metadata from 2.4.0 to 2.5.0 #110

Summary

build(deps): Bump dependabot/fetch-metadata from 2.4.0 to 2.5.0 #110

Uh oh!

security_scanning.yml

Annotations

Artifacts