codacy
diff --git a/‎.github/workflows/auto-merge-dependabot-dependency-updates.yaml‎
Lines changed: 33 additions & 0 deletions b/‎.github/workflows/auto-merge-dependabot-dependency-updates.yaml‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎.github/workflows/dependabot_auto_approve.yml‎
Lines changed: 0 additions & 23 deletions b/‎.github/workflows/dependabot_auto_approve.yml‎
Lines changed: 0 additions & 23 deletions
diff --git a/‎.github/workflows/dependabot_auto_merge.yml‎
Lines changed: 0 additions & 24 deletions b/‎.github/workflows/dependabot_auto_merge.yml‎
Lines changed: 0 additions & 24 deletions
diff --git a/‎docs/multiple-tests/pattern-vulnerability-high/results.xml‎
Lines changed: 2 additions & 2 deletions b/‎docs/multiple-tests/pattern-vulnerability-high/results.xml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/multiple-tests/pattern-vulnerability-medium/results.xml‎
Lines changed: 6 additions & 0 deletions b/‎docs/multiple-tests/pattern-vulnerability-medium/results.xml‎
Lines changed: 6 additions & 0 deletions
@@ -0,0 +1,33 @@
+# Automatically merge (using squash) dependency update PRs, opened by Dependabot, under the following conditions:
+#
+#   - PR was opened by dependabot[bot].
+#   - Dependency update is a minor or patch update. This is determined based on Dependabot's metadata.
+#   - Configured required checks pass.
+#
+# PRs are approved and merged by user codacybeta (https://github.com/orgs/codacy/people/codacybeta), using its
+# AUTO_MERGE_TOKEN.
+name: Auto-merge Dependabot dependency updates
+
+on:
+  pull_request:
+
+jobs:
+  auto-merge:
+    name: Auto-merge Dependabot dependency updates
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Get Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.AUTO_MERGE_TOKEN }}
+      - name: Approve PR and set it to auto-merge
+        if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
+        run: |
+          gh pr review --approve ${{ github.event.pull_request.number }}
+          gh pr merge --squash --auto ${{ github.event.pull_request.number }}
+        env:
+          GH_TOKEN: ${{ secrets.AUTO_MERGE_TOKEN }}
@@ -100,7 +100,7 @@
         <error
             source="vulnerability_high"
             line="14"
-            message="Insecure dependency npm/[email protected] (CVE-2025-58754: axios: Axios DoS via lack of data size check) (update to 1.12.0)"
+            message="Insecure dependency npm/[email protected] (CVE-2025-58754: axios: Axios DoS via lack of data size check) (update to 0.30.2)"
             severity="high"
         />
     </file>
@@ -121,7 +121,7 @@
         <error
             source="vulnerability_high"
             line="5"
-            message="Insecure dependency npm/[email protected] (CVE-2025-58754: axios: Axios DoS via lack of data size check) (update to 1.12.0)"
+            message="Insecure dependency npm/[email protected] (CVE-2025-58754: axios: Axios DoS via lack of data size check) (update to 0.30.2)"
             severity="high"
         />
     </file>
 
@@ -122,6 +122,12 @@
             message="Insecure dependency golang/[email protected] (CVE-2025-4673: net/http: Sensitive headers not cleared on cross-origin redirect in net/http) (update to 1.23.10)"
             severity="warning"
         />
+        <error
+            source="vulnerability_medium"
+            line="3"
+            message="Insecure dependency golang/[email protected] (CVE-2025-47906: os/exec: Unexpected paths returned from LookPath in os/exec) (update to 1.23.12)"
+            severity="warning"
+        />
     </file>
 
     <file name="gradle/gradle.lockfile">