chore: bump the github-actions-dependencies group across 2 directories with 3 updates

Bumps the github-actions-dependencies group with 2 updates in the / directory:
- [github/codeql-action](https://github.com/github/codeql-action)
- [tj-actions/changed-files](https://github.com/tj-actions/changed-files)
Bumps the github-actions-dependencies group with 1 update in the /actions/get-matrix-outputs directory:
- [actions/download-artifact](https://github.com/actions/download-artifact)

Updates `github/codeql-action` from 4.32.4 to 4.32.6
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)

Updates `tj-actions/changed-files` from 47.0.4 to 47.0.5
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)

Updates `actions/download-artifact` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/actions/download-artifact/releases)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-dependencies
- dependency-name: tj-actions/changed-files
  dependency-version: 47.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-dependencies
- dependency-name: actions/download-artifact
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Emilien Escalle <emilien.escalle@escemi.com>

Author: dependabot[bot]

.devcontainer/devcontainer.json

@@ -1,10 +1,16 @@
 {
-  "name": "Alpine",
-  "image": "mcr.microsoft.com/devcontainers/base:alpine-3.21",
+  "name": "ci-github-common",
+  "image": "mcr.microsoft.com/devcontainers/base:debian",
   "features": {
-    "ghcr.io/devcontainers/features/docker-in-docker:2": {},
-    "ghcr.io/devcontainers/features/github-cli:1": {},
-    "ghcr.io/devcontainers-extra/features/act:1": {}
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {
+      "moby": false
+    },
+    "ghcr.io/devcontainers/features/github-cli:1": {
+      "extensions": "nektos/gh-act"
+    }
+  },
+  "remoteEnv": {
+    "GITHUB_TOKEN": "${localEnv:GITHUB_TOKEN}"
   },
   "customizations": {
     "vscode": {
@@ -15,7 +21,10 @@
         "github.copilot-chat",
         "ms-vscode.makefile-tools",
         "esbenp.prettier-vscode"
-      ]
+      ],
+      "settings": {
+        "terminal.integrated.defaultProfile.linux": "zsh"
+      }
     }
   }
 }

.github/workflows/linter.yml

@@ -129,11 +129,11 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
+      - uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
         with:
           languages: ${{ matrix.language }}
 
-      - uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
+      - uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
         with:
           category: "/language:${{matrix.language}}"
 
@@ -151,7 +151,7 @@ jobs:
           persist-credentials: false
 
       - id: changed-files
-        uses: tj-actions/changed-files@7dee1b0c1557f278e5c7dc244927139d78c0e22a # v47.0.4
+        uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47.0.5
         if: ${{ inputs.lint-all == false }}
         with:
           files: |

Makefile

@@ -17,6 +17,26 @@ lint-fix: ## Execute linting and fix
 		-e FIX_SHELL_SHFMT=true \
 	)
 
+npm-audit-fix: ## Execute npm audit fix
+	@set -uo pipefail; \
+	overall_status=0; \
+	packages="$$(find actions -type f -name package.json -not -path '*/node_modules/*' -print | sort)"; \
+	echo "Running npm audit fix for package.json files under actions/ ..."; \
+	for pkg in $$packages; do \
+		pkg_dir="$$(dirname "$$pkg")"; \
+		echo "---"; \
+		npm install --prefix "$$pkg_dir"; \
+		echo "npm audit fix in $$pkg_dir"; \
+		if ! npm --prefix "$$pkg_dir" audit fix; then \
+			overall_status=1; \
+		fi; \
+	done; \
+	exit $$overall_status
+
+ci: ## Execute CI tasks
+	$(MAKE) npm-audit-fix
+	$(MAKE) lint-fix
+
 define run_linter
 	DEFAULT_WORKSPACE="$(CURDIR)"; \
 	LINTER_IMAGE="linter:latest"; \

actions/get-matrix-outputs/action.yml

@@ -41,7 +41,7 @@ runs:
           const artifactPath = path.join(process.env.RUNNER_TEMP, artifactName);
           core.setOutput('artifact-path', artifactPath);
 
-    - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+    - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
       with:
         path: ${{ steps.prepare-download.outputs.artifact-path }}
         pattern: ${{ steps.prepare-download.outputs.artifact-name }}-*