main/linux-stable: upgrade to 6.18.3

[github-actions]

    Automated package bump

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
⚠️ ACTION	actionlint	3		1	0	0.25s
✅ BASH	bash-exec	3		0	0	0.01s
✅ BASH	shellcheck	3		0	0	0.11s
✅ BASH	shfmt	3	0	0	0	0.03s
✅ DOCKERFILE	hadolint	1		0	0	0.25s
✅ MARKDOWN	markdownlint	1	0	0	0	0.66s
✅ MARKDOWN	markdown-table-formatter	1	0	0	0	0.28s
✅ PYTHON	bandit	1		0	0	1.04s
✅ PYTHON	black	1	0	0	0	0.58s
✅ PYTHON	flake8	1		0	0	0.57s
✅ PYTHON	isort	1	0	0	0	0.2s
✅ PYTHON	mypy	1		0	0	5.99s
⚠️ PYTHON	pylint	1		3	0	2.17s
⚠️ PYTHON	pyright	1		7	0	1.15s
✅ PYTHON	ruff	1	0	0	0	0.02s
⚠️ REPOSITORY	checkov	yes		4	no	12.74s
⚠️ REPOSITORY	devskim	yes		1	1	1.02s
✅ REPOSITORY	dustilock	yes		no	no	0.01s
✅ REPOSITORY	gitleaks	yes		no	no	1.08s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	26.48s
⚠️ REPOSITORY	kics	yes		7	no	12.77s
✅ REPOSITORY	secretlint	yes		no	no	0.63s
✅ REPOSITORY	syft	yes		no	no	1.12s
✅ REPOSITORY	trivy	yes		no	no	5.71s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.12s
✅ REPOSITORY	trufflehog	yes		no	no	2.26s
✅ YAML	prettier	6	0	0	0	0.7s
✅ YAML	v8r	6		0	0	3.64s
✅ YAML	yamllint	6		0	0	0.44s

Detailed Issues

⚠️ ACTION / actionlint - 1 error

.github/workflows/build.yaml:49:9: shellcheck reported issue in this script: SC2044:warning:3:12: For loops over find output are fragile. Use find -exec or a while read loop [shellcheck]
   |
49 |         run: |
   |         ^~~~

⚠️ REPOSITORY / checkov - 4 errors

dockerfile scan results:

Passed checks: 62, Failed checks: 1, Skipped checks: 0

Check: CKV2_DOCKER_1: "Ensure that sudo isn't used"
	FAILED for resource: /Dockerfile.RUN
	File: /Dockerfile:13-13
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo

		13 | RUN apk add bash alpine-conf alpine-sdk ccache cmake coreutils m4 sudo fish

github_actions scan results:

Passed checks: 77, Failed checks: 3, Skipped checks: 0

Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(build packages)
	File: /.github/workflows/build.yaml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(check package versions for upgrades)
	File: /.github/workflows/check-package-versions.yaml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(MegaLinter)
	File: /.github/workflows/megalinter.yml:26-27

⚠️ REPOSITORY / devskim - 1 error

{"$schema":"https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.6.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"devskim","fullName":"Microsoft DevSkim Command Line Interface","version":"1.0.67+1c44622c1f","informationUri":"https://github.com/microsoft/DevSkim/","rules":[{"id":"DS176209","name":"SuspiciousComment","fullDescription":{"text":"Suspicious comment: A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality"},"help":{"text":"A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality","markdown":"Visit [https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md](https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md) for additional guidance on this issue."},"shortDescription":{"text":"A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality"},"defaultConfiguration":{"level":"note"},"helpUri":"https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md","properties":{"precision":"high","problem.severity":"recommendation","DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"id":"DS137138","name":"InsecureUrl","fullDescription":{"text":"Insecure URL: An HTTP-based URL without TLS was detected."},"help":{"text":"Update to an HTTPS-based URL if possible.","markdown":"Update to an HTTPS-based URL if possible. Visit [https://github.com/Microsoft/DevSkim/blob/main/guidance/DS137138.md](https://github.com/Microsoft/DevSkim/blob/main/guidance/DS137138.md) for additional guidance on this issue."},"shortDescription":{"text":"An HTTP-based URL without TLS was detected."},"helpUri":"https://github.com/Microsoft/DevSkim/blob/main/guidance/DS137138.md","properties":{"precision":"high","problem.severity":"warning","DevSkimSeverity":"Moderate","DevSkimConfidence":"High"},"defaultConfiguration":{"level":"warning"}}]}},"versionControlProvenance":[{"repositoryUri":"https://github.com/atlascloud/aports","revisionId":"HIDDEN_BY_MEGALINTER","branch":"package_bump/main/linux-stable-6.18.3"}],"results":[{"ruleId":"DS137138","message":{"text":"Insecure URL"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"entrypoint.sh"},"region":{"startLine":4,"startColumn":12,"endLine":4,"endColumn":41,"charOffset":58,"charLength":29,"snippet":{"text":"http://dl-cdn.alpinelinux.org","rendered":{"text":"http://dl-cdn.alpinelinux.org","markdown":"`http://dl-cdn.alpinelinux.org`"}},"sourceLanguage":"shellscript"}}}],"fixes":[{"description":{"text":"An HTTP-based URL without TLS was detected."},"artifactChanges":[{"artifactLocation":{"uri":"entrypoint.sh"},"replacements":[{"deletedRegion":{"charOffset":58,"charLength":29},"insertedContent":{"text":"https://dl-cdn.alpinelinux.org"}}]}]}],"properties":{"tags":["ThreatModel.Integration.HTTP"],"DevSkimSeverity":"Moderate","DevSkimConfidence":"High"},"level":"warning"},{"ruleId":"DS176209","level":"note","message":{"text":"Suspicious comment"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":".github/workflows/build.yaml"},"region":{"startLine":17,"startColumn":26,"endLine":17,"endColumn":30,"charOffset":290,"charLength":4,"snippet":{"text":"TODO","rendered":{"text":"TODO","markdown":"`TODO`"}},"sourceLanguage":"yaml"}}}],"properties":{"tags":["Hygiene.Comment.Suspicious"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS176209","level":"note","message":{"text":"Suspicious comment"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"scripts/check_updates.sh"},"region":{"startLine":22,"startColumn":3,"endLine":22,"endColumn":8,"charOffset":714,"charLength":5,"snippet":{"text":"FIXME","rendered":{"text":"FIXME","markdown":"`FIXME`"}},"sourceLanguage":"shellscript"}}}],"properties":{"tags":["Hygiene.Comment.Suspicious"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}}],"columnKind":"utf16CodeUnits"}]}

⚠️ REPOSITORY / kics - 7 errors

MLLLLLM             MLLLLLLLLL   LLLLLLL             KLLLLLLLLLLLLLLLL       LLLLLLLLLLLLLLLLLLLLLLL 
   MMMMMMM           MMMMMMMMMML    MMMMMMMK       LMMMMMMMMMMMMMMMMMMMML   KLMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM         MMMMMMMMML       MMMMMMMK     LMMMMMMMMMMMMMMMMMMMMMML  LMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM      MMMMMMMMMML         MMMMMMMK   LMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM    LMMMMMMMMML           MMMMMMMK  LMMMMMMMMMLLMLLLLLLLLLLLLLL LMMMMMMMLLLLLLLLLLLLLLLLLLLLM 
   MMMMMMM  MMMMMMMMMLM             MMMMMMMK LMMMMMMMM                    LMMMMMML                      
   MMMMMMMLMMMMMMMML                MMMMMMMK MMMMMMML                     LMMMMMMMMLLLLLLLLLLLLLMLL     
   MMMMMMMMMMMMMMMM                 MMMMMMMK MMMMMML                       LMMMMMMMMMMMMMMMMMMMMMMMMML  
   MMMMMMMMMMMMMMMMMM               MMMMMMMK MMMMMMM                         LMMMMMMMMMMMMMMMMMMMMMMMML 
   MMMMMMM KLMMMMMMMMML             MMMMMMMK LMMMMMMM                                          MMMMMMMML
   MMMMMMM    LMMMMMMMMMM           MMMMMMMK LMMMMMMMMLL                                        MMMMMMML
   MMMMMMM      LMMMMMMMMMLL        MMMMMMMK  LMMMMMMMMMMMMMMMMMMMMMMMMML LLLLLLLLLLLLLLLLLLLLMMMMMMMMMM
   MMMMMMM        MMMMMMMMMMML      MMMMMMMK   MMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM          LLMMMMMMMMML    MMMMMMMK     LLMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMML  
   MMMMMMM             MMMMMMMMMML  MMMMMMMK         KLMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMLK    
                                                                                                            
                                                                                                                                                                                                                                                                                                                        


Scanning with Keeping Infrastructure as Code Secure v2.1.16





Apk Add Using Local Cache Path, Severity: INFO, Results: 1
Description: When installing packages, use the '--no-cache' switch to avoid the need to use '--update' and remove '/var/cache/apk/*'
Platform: Dockerfile
CWE: 459
Risk Score: 0.0
Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockerfile-queries/ae9c56a6-3ed1-4ac0-9b54-31267f51151d

	[1]: Dockerfile:13

		012: # hadolint ignore=DL3017,DL3018,DL3019
		013: RUN apk add bash alpine-conf alpine-sdk ccache cmake coreutils m4 sudo fish
		014: # hadolint ignore=DL3017,DL3018,DL3019


Unpinned Actions Full Length Commit SHA, Severity: LOW, Results: 4
Description: Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
Platform: CICD
CWE: 829
Risk Score: 4.1
Learn more about this vulnerability: https://docs.kics.io/latest/queries/cicd-queries/555ab8f9-2001-455e-a077-f2d0f41e2fb9

	[1]: .github/workflows/check-package-versions.yaml:13

		012:     steps:
		013:       - uses: arduino/setup-task@v2
		014:         with:


	[2]: .github/workflows/megalinter.yml:45

		044:         # More info at https://megalinter.io/flavors/
		045:         uses: oxsecurity/megalinter@v9
		046:         env:


	[3]: .github/workflows/megalinter.yml:72

		071:         if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_n
		072:         uses: peter-evans/create-pull-request@v8
		073:         with:


	[4]: .github/workflows/megalinter.yml:90

		089:         if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.
		090:         uses: stefanzweifel/git-auto-commit-action@v6
		091:         with:


Healthcheck Instruction Missing, Severity: LOW, Results: 1
Description: Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
Platform: Dockerfile
CWE: 710
Risk Score: 3.6
Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockerfile-queries/b03a748a-542d-44f4-bb86-9199ab4fd2d5

	[1]: Dockerfile:4

		003: # some dependencies are only in edge, should build for stable releases later too
		004: FROM alpine:edge
		005: 


Unpinned Package Version in Apk Add, Severity: MEDIUM, Results: 1
Description: Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
Platform: Dockerfile
CWE: 1357
Risk Score: 5.7
Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockerfile-queries/d3499f6d-1651-41bb-a9a7-de925fea487b

	[1]: Dockerfile:13

		012: # hadolint ignore=DL3017,DL3018,DL3019
		013: RUN apk add bash alpine-conf alpine-sdk ccache cmake coreutils m4 sudo fish
		014: # hadolint ignore=DL3017,DL3018,DL3019



Results Summary:
CRITICAL: 0
HIGH: 0
MEDIUM: 1
LOW: 5
INFO: 1
TOTAL: 7

A new version 'v2.1.18' of KICS is available, please consider updating

⚠️ PYTHON / pylint - 3 errors

************* Module /action/lib/.automation/.pylintrc
/action/lib/.automation/.pylintrc:1:0: E0015: Unrecognized option found: suggestion-mode (unrecognized-option)
************* Module utils
checkers/utils.py:3:0: E0401: Unable to import 'requests' (import-error)
checkers/utils.py:6:0: E0401: Unable to import 'packaging' (import-error)

⚠️ PYTHON / pyright - 7 errors

checkers/utils.py
  checkers/utils.py:24:14 - error: Cannot access attribute "get" for class "str"
    Attribute "get" is unknown (reportAttributeAccessIssue)
  checkers/utils.py:24:30 - error: Argument of type "Literal['name']" cannot be assigned to parameter "key" of type "SupportsIndex | slice[Any, Any, Any]" in function "__getitem__"
    Type "Literal['name']" is not assignable to type "SupportsIndex | slice[Any, Any, Any]"
      "Literal['name']" is incompatible with protocol "SupportsIndex"
        "__index__" is not present
      "Literal['name']" is not assignable to "slice[Any, Any, Any]" (reportArgumentType)
  checkers/utils.py:26:38 - error: Argument of type "Literal['name']" cannot be assigned to parameter "key" of type "SupportsIndex | slice[Any, Any, Any]" in function "__getitem__"
    Type "Literal['name']" is not assignable to type "SupportsIndex | slice[Any, Any, Any]"
      "Literal['name']" is incompatible with protocol "SupportsIndex"
        "__index__" is not present
      "Literal['name']" is not assignable to "slice[Any, Any, Any]" (reportArgumentType)
  checkers/utils.py:31:37 - error: Argument of type "Literal['name']" cannot be assigned to parameter "key" of type "SupportsIndex | slice[Any, Any, Any]" in function "__getitem__"
    Type "Literal['name']" is not assignable to type "SupportsIndex | slice[Any, Any, Any]"
      "Literal['name']" is incompatible with protocol "SupportsIndex"
        "__index__" is not present
      "Literal['name']" is not assignable to "slice[Any, Any, Any]" (reportArgumentType)
  checkers/utils.py:34:30 - error: Argument of type "Literal['name']" cannot be assigned to parameter "key" of type "SupportsIndex | slice[Any, Any, Any]" in function "__getitem__"
    Type "Literal['name']" is not assignable to type "SupportsIndex | slice[Any, Any, Any]"
      "Literal['name']" is incompatible with protocol "SupportsIndex"
        "__index__" is not present
      "Literal['name']" is not assignable to "slice[Any, Any, Any]" (reportArgumentType)
  checkers/utils.py:39:12 - error: Type "Version" is not assignable to return type "str"
    "Version" is not assignable to "str" (reportReturnType)
  checkers/utils.py:72:12 - error: Type "Version" is not assignable to return type "str"
    "Version" is not assignable to "str" (reportReturnType)
7 errors, 0 warnings, 0 informations

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.2.0 --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,BASH_EXEC,BASH_SHELLCHECK,BASH_SHFMT,DOCKERFILE_HADOLINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_DEVSKIM,REPOSITORY_DUSTILOCK,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_KICS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R