chore(deps): update pre-commit hook astral-sh/ruff-pre-commit (v0.14.6 → v0.14.7) (#385)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.github/workflows/build-testing-image.yml

@@ -49,7 +49,7 @@ jobs:
 
       - name: Extract metadata
         id: meta
-        uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
         with:
           images: ghcr.io/${{ github.repository_owner }}/actions
           tags: |

.pre-commit-config.yaml

@@ -14,7 +14,7 @@ repos:
         types: [markdown, python, yaml]
         files: ^(docs/.*|README\.md|CONTRIBUTING\.md|CHANGELOG\.md|.*\.py|.*\.ya?ml)$
   - repo: https://github.com/astral-sh/uv-pre-commit
-    rev: 0.9.11
+    rev: 0.9.13
     hooks:
       - id: uv-lock
       - id: uv-sync
@@ -55,7 +55,7 @@ repos:
       - id: yamllint
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.14.6
+    rev: v0.14.7
     hooks:
       # Run the linter with auto-fix
       - id: ruff-check
@@ -96,6 +96,6 @@ repos:
           - '--quiet'
 
   - repo: https://github.com/gitleaks/gitleaks
-    rev: v8.29.1
+    rev: v8.30.0
     hooks:
       - id: gitleaks

ansible-lint-fix/action.yml

@@ -77,7 +77,7 @@ runs:
       if: steps.check-files.outputs.files_found == 'true'
       uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
       with:
-        python-version: '3.11'
+        python-version: '3.14'
         cache: 'pip'
 
     - name: Install ansible-lint

biome-lint/action.yml

@@ -183,7 +183,7 @@ runs:
     - name: Setup Node.js
       uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
       with:
-        node-version: '22'
+        node-version: '24'
 
     - name: Enable Corepack
       shell: sh

eslint-lint/action.yml

@@ -290,7 +290,7 @@ runs:
     - name: Setup Node.js
       uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
       with:
-        node-version: '22'
+        node-version: '24'
 
     - name: Enable Corepack
       shell: sh

npm-publish/action.yml

@@ -123,7 +123,7 @@ runs:
     - name: Setup Node.js
       uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
       with:
-        node-version: '22'
+        node-version: '24'
 
     - name: Enable Corepack
       shell: sh

php-tests/action.yml

@@ -319,7 +319,7 @@ runs:
 
     - name: Setup PHP
       id: setup-php
-      uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # 2.35.5
+      uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0
       with:
         php-version: ${{ steps.detect-php-version.outputs.detected-version }}
         extensions: ${{ inputs.extensions }}

pr-lint/action.yml

@@ -74,6 +74,29 @@ runs:
 
         if [ -f package.json ]; then
           printf '%s\n' "found=true" >> "$GITHUB_OUTPUT"
+
+          # Check if packageManager field is set (for corepack)
+          if command -v jq >/dev/null 2>&1; then
+            has_package_manager=$(jq -r '.packageManager // empty' package.json 2>/dev/null || printf '')
+            if [ -n "$has_package_manager" ]; then
+              printf '%s\n' "has-package-manager=true" >> "$GITHUB_OUTPUT"
+              printf 'Found packageManager field: %s\n' "$has_package_manager"
+            else
+              printf '%s\n' "has-package-manager=false" >> "$GITHUB_OUTPUT"
+            fi
+          else
+            # Fallback: check with grep if jq not available
+            # Use robust pattern to verify non-empty value
+            if grep -q '"packageManager"[[:space:]]*:[[:space:]]*"[^"]\+"' package.json 2>/dev/null; then
+              printf '%s\n' "has-package-manager=true" >> "$GITHUB_OUTPUT"
+              printf '%s\n' "Found packageManager field in package.json"
+            else
+              printf '%s\n' "has-package-manager=false" >> "$GITHUB_OUTPUT"
+            fi
+          fi
+        else
+          # Explicitly set has-package-manager to false when package.json doesn't exist
+          printf '%s\n' "has-package-manager=false" >> "$GITHUB_OUTPUT"
         fi
 
     - name: Detect Package Manager
@@ -101,28 +124,33 @@ runs:
       if: steps.detect-node.outputs.found == 'true'
       uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
       with:
-        node-version: '22'
+        node-version: '24'
 
     - name: Enable Corepack
-      if: steps.detect-node.outputs.found == 'true'
+      if: steps.detect-node.outputs.found == 'true' && steps.detect-node.outputs.has-package-manager == 'true'
       shell: sh
       run: |
         set -eu
         corepack enable
+        printf '%s\n' "Corepack enabled - package manager will be installed automatically from package.json"
 
-    - name: Install Package Manager
-      if: steps.detect-node.outputs.found == 'true'
+    - name: Install Package Manager (Fallback)
+      if: steps.detect-node.outputs.found == 'true' && steps.detect-node.outputs.has-package-manager == 'false'
       shell: sh
       env:
         PACKAGE_MANAGER: ${{ steps.detect-pm.outputs.package-manager }}
       run: |
         set -eu
 
+        printf 'No packageManager field found, using detected package manager: %s\n' "$PACKAGE_MANAGER"
+
         case "$PACKAGE_MANAGER" in
           pnpm)
+            corepack enable
             corepack prepare pnpm@latest --activate
             ;;
           yarn)
+            corepack enable
             corepack prepare yarn@stable --activate
             ;;
           bun|npm)
@@ -161,9 +189,14 @@ runs:
             pnpm install --frozen-lockfile
             ;;
           "yarn")
-            if [ -f ".yarnrc.yml" ]; then
+            # Detect Yarn version by checking actual version output
+            # Yarn 2+ (Berry) uses --immutable, Yarn 1.x (Classic) uses --frozen-lockfile
+            yarn_version=$(yarn --version 2>/dev/null || printf '1.0.0')
+            if printf '%s' "$yarn_version" | grep -q '^[2-9]'; then
+              # Yarn 2+ (Berry) - use --immutable
               yarn install --immutable
             else
+              # Yarn 1.x (Classic) - use --frozen-lockfile
               yarn install --frozen-lockfile
             fi
             ;;
@@ -306,7 +339,7 @@ runs:
 
     - name: Setup PHP
       if: steps.detect-php.outputs.found == 'true'
-      uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # 2.35.5
+      uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0
       with:
         php-version: ${{ steps.php-version.outputs.detected-version }}
         tools: composer
@@ -323,7 +356,7 @@ runs:
         set -eu
 
         matcher_path=$(printf '%s' "$RUNNER_TOOL_CACHE/php.json" | tr -d '\n\r')
-        echo "::add-matcher::$matcher_path"
+        printf '%s\n' "::add-matcher::$matcher_path"
 
     - name: Install PHP dependencies
       if: steps.detect-php.outputs.found == 'true'
@@ -603,7 +636,7 @@ runs:
     - name: MegaLinter
       # You can override MegaLinter flavor used to have faster performances
       # More info at https://megalinter.io/latest/flavors/
-      uses: oxsecurity/megalinter/flavors/cupcake@62c799d895af9bcbca5eacfebca29d527f125a57 # v9.1.0
+      uses: oxsecurity/megalinter/flavors/cupcake@55a59b24a441e0e1943080d4a512d827710d4a9d # v9.2.0
       id: ml
 
       # All available variables are described in documentation
@@ -653,8 +686,8 @@ runs:
     - name: Export Apply Fixes Variables
       shell: sh
       run: |
-        echo "APPLY_FIXES_EVENT=pull_request" >> "$GITHUB_ENV"
-        echo "APPLY_FIXES_MODE=commit" >> "$GITHUB_ENV"
+        printf '%s\n' "APPLY_FIXES_EVENT=pull_request" >> "$GITHUB_ENV"
+        printf '%s\n' "APPLY_FIXES_MODE=commit" >> "$GITHUB_ENV"
 
     # Upload MegaLinter artifacts
     - name: Archive production artifacts
@@ -747,24 +780,24 @@ runs:
           branch_ref=$(git for-each-ref --format='%(refname:short)' --points-at=HEAD 'refs/remotes/origin/*' | head -1 | sed 's|^origin/||')
 
           if [ -z "$branch_ref" ]; then
-            echo "::error::Could not determine branch name from git refs"
+            printf '%s\n' "::error::Could not determine branch name from git refs"
             exit 1
           fi
 
           # Validate branch reference to prevent command injection
           if ! git check-ref-format --branch "$branch_ref"; then
-            echo "::error::Invalid branch reference format: $branch_ref"
+            printf '%s\n' "::error::Invalid branch reference format: $branch_ref"
             exit 1
           fi
 
-          echo "Checking out branch: $branch_ref"
+          printf 'Checking out branch: %s\n' "$branch_ref"
           git checkout "$branch_ref"
 
           # Export for next step
-          echo "VALIDATED_BRANCH=$branch_ref" >> "$GITHUB_ENV"
+          printf '%s\n' "VALIDATED_BRANCH=$branch_ref" >> "$GITHUB_ENV"
         else
-          echo "Repository is on branch: $current_branch"
-          echo "VALIDATED_BRANCH=$current_branch" >> "$GITHUB_ENV"
+          printf 'Repository is on branch: %s\n' "$current_branch"
+          printf '%s\n' "VALIDATED_BRANCH=$current_branch" >> "$GITHUB_ENV"
         fi
 
     - name: Commit and push applied linter fixes

prettier-lint/action.yml

@@ -276,7 +276,7 @@ runs:
     - name: Setup Node.js
       uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
       with:
-        node-version: '22'
+        node-version: '24'
 
     - name: Enable Corepack
       shell: sh