chore(deps): bump zizmorcore/zizmor-action from 0.4.1 to 0.5.0 in /.github/workflows

[dependabot]

Bumps zizmorcore/zizmor-action from 0.4.1 to 0.5.0.

Release notes

Sourced from zizmorcore/zizmor-action's releases.

v0.5.0

What's Changed

• Expose output-file as an output when advanced-security: true by @​unlobito in zizmorcore/zizmor-action#87

New Contributors

• @​unlobito made their first contribution in zizmorcore/zizmor-action#87

Full Changelog: zizmorcore/zizmor-action@v0.4.1...v0.5.0

Commits

• 0dce257 chore(deps): bump peter-evans/create-pull-request (#88)
• fb94974 Expose output-file as an output when advanced-security: true (#87)
• 867562a chore(deps): bump the github-actions group with 2 updates (#85)
• 7462f07 Bump pins in README (#84)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Benchmark Test Results

Benchmark results from the latest changes vs base branch

make .tool/task
make[1]: Entering directory '/home/runner/work/stereoscope/stereoscope'
make[1]: Leaving directory '/home/runner/work/stereoscope/stereoscope'
.tool/task show-benchstat
?   	github.com/anchore/stereoscope	[no test files]
?   	github.com/anchore/stereoscope/examples	[no test files]
PASS
ok  	github.com/anchore/stereoscope/internal	0.003s
?   	github.com/anchore/stereoscope/internal/bus	[no test files]
PASS
ok  	github.com/anchore/stereoscope/internal/containerd	0.007s
PASS
ok  	github.com/anchore/stereoscope/internal/docker	0.004s
?   	github.com/anchore/stereoscope/internal/log	[no test files]
PASS
ok  	github.com/anchore/stereoscope/internal/podman	0.005s
?   	github.com/anchore/stereoscope/pkg/event	[no test files]
?   	github.com/anchore/stereoscope/pkg/event/parsers	[no test files]
goos: linux
goarch: amd64
pkg: github.com/anchore/stereoscope/pkg/file
cpu: AMD EPYC 7763 64-Core Processor                
BenchmarkTarIndex-4   	   35577	     33599 ns/op	    5703 B/op	      93 allocs/op
BenchmarkTarIndex-4   	   35349	     33860 ns/op	    5702 B/op	      93 allocs/op
BenchmarkTarIndex-4   	   35398	     33999 ns/op	    5702 B/op	      93 allocs/op
BenchmarkTarIndex-4   	   35470	     33973 ns/op	    5703 B/op	      93 allocs/op
BenchmarkTarIndex-4   	   35100	     33935 ns/op	    5701 B/op	      93 allocs/op
BenchmarkTarIndex-4   	   35302	     34410 ns/op	    5701 B/op	      93 allocs/op
BenchmarkTarIndex-4   	   35322	     33691 ns/op	    5700 B/op	      93 allocs/op
PASS
ok  	github.com/anchore/stereoscope/pkg/file	10.815s
PASS
ok  	github.com/anchore/stereoscope/pkg/filetree	0.005s
?   	github.com/anchore/stereoscope/pkg/filetree/filenode	[no test files]
PASS
ok  	github.com/anchore/stereoscope/pkg/image	0.005s
PASS
ok  	github.com/anchore/stereoscope/pkg/image/containerd	0.008s
PASS
ok  	github.com/anchore/stereoscope/pkg/image/docker	0.005s
PASS
ok  	github.com/anchore/stereoscope/pkg/image/oci	0.005s
PASS
ok  	github.com/anchore/stereoscope/pkg/image/oci/credhelpers	0.005s
?   	github.com/anchore/stereoscope/pkg/image/podman	[no test files]
PASS
ok  	github.com/anchore/stereoscope/pkg/image/sif	0.004s
?   	github.com/anchore/stereoscope/pkg/imagetest	[no test files]
PASS
ok  	github.com/anchore/stereoscope/pkg/tree	0.003s
PASS
ok  	github.com/anchore/stereoscope/pkg/tree/node	0.003s
goos: linux
goarch: amd64
pkg: github.com/anchore/stereoscope/test/integration
cpu: AMD EPYC 7763 64-Core Processor                
BenchmarkSimpleImage_GetImage/docker-archive-4 	    1069	   1135050 ns/op	  279271 B/op	    2361 allocs/op
BenchmarkSimpleImage_GetImage/docker-archive-4 	    1030	   1131293 ns/op	  279272 B/op	    2361 allocs/op
BenchmarkSimpleImage_GetImage/docker-archive-4 	    1046	   1132074 ns/op	  279055 B/op	    2361 allocs/op
BenchmarkSimpleImage_GetImage/docker-archive-4 	    1042	   1139379 ns/op	  279030 B/op	    2361 allocs/op
BenchmarkSimpleImage_GetImage/docker-archive-4 	    1071	   1125968 ns/op	  278862 B/op	    2360 allocs/op
BenchmarkSimpleImage_GetImage/docker-archive-4 	    1036	   1331386 ns/op	  278791 B/op	    2360 allocs/op
BenchmarkSimpleImage_GetImage/docker-archive-4 	     916	   1175196 ns/op	  278778 B/op	    2360 allocs/op
--- FAIL: BenchmarkSimpleImage_GetImage/podman
    fixture_image_simple_test.go:175: could not get fixture image: unable to detect input for 'stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7', errs: podman not available: no host address
#0 building with "default" instance using docker driver

#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 345B done
#1 DONE 0.0s

#2 [internal] load .dockerignore
#2 transferring context: 2B done
#2 DONE 0.0s

#3 [internal] load build context
#3 transferring context: 209B done
#3 DONE 0.0s

#4 [1/3] ADD file-1.txt /somefile-1.txt
#4 CACHED

#5 [2/3] ADD file-2.txt /somefile-2.txt
#5 CACHED

#6 [3/3] ADD target /
#6 CACHED

#7 exporting to image
#7 exporting layers done
#7 writing image sha256:190978dc87237a111f3fc706663e7f683a8e2971cafacf6b00f601c14572c509 done
#7 naming to docker.io/library/stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7 done
#7 naming to docker.io/library/stereoscope-fixture-image-simple:latest done
#7 DONE 0.0s
time="2026-02-09T23:32:28Z" level=warning msg="Failed to check deprecations" error="connection error: desc = \"transport: Error while dialing: dial unix /run/containerd/containerd.sock: connect: permission denied\""
ctr: connection error: desc = "transport: Error while dialing: dial unix /run/containerd/containerd.sock: connect: permission denied"
--- FAIL: BenchmarkSimpleImage_GetImage
    image_fixtures.go:193: using existing image tar: 'test-fixtures/cache/stereoscope-fixture-image-simple-04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7.tar' (size: 22528, modified: 2026-02-09 23:31:39.044742333 +0000 UTC, mode: -rw-r--r--)
    image_fixtures.go:241: Build docker image: name="stereoscope-fixture-image-simple" tag="04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7"
    image_fixtures.go:291: saveImage running: docker image save stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7
    image_fixtures.go:286: 
        	Error Trace:	/home/runner/work/stereoscope/stereoscope/pkg/imagetest/image_fixtures.go:286
        	            				/home/runner/work/stereoscope/stereoscope/pkg/imagetest/image_fixtures.go:162
        	            				/home/runner/work/stereoscope/stereoscope/pkg/imagetest/image_fixtures.go:152
        	            				/home/runner/work/stereoscope/stereoscope/pkg/imagetest/image_fixtures.go:33
        	            				/home/runner/work/stereoscope/stereoscope/test/integration/fixture_image_simple_test.go:163
        	            				/opt/hostedtoolcache/go/1.25.6/x64/src/testing/benchmark.go:245
        	            				/opt/hostedtoolcache/go/1.25.6/x64/src/runtime/asm_amd64.s:1693
        	Error:      	Received unexpected error:
        	            	exit status 1
        	Test:       	BenchmarkSimpleImage_GetImage
        	Messages:   	could not import docker image to containerd (shell out)
BenchmarkSimpleImage_FetchSquashedContents/docker-archive-4         	   60862	     19714 ns/op	    2616 B/op	      18 allocs/op
BenchmarkSimpleImage_FetchSquashedContents/docker-archive-4         	   61258	     19623 ns/op	    2616 B/op	      18 allocs/op
BenchmarkSimpleImage_FetchSquashedContents/docker-archive-4         	   60240	     19635 ns/op	    2616 B/op	      18 allocs/op
BenchmarkSimpleImage_FetchSquashedContents/docker-archive-4         	   60842	     19620 ns/op	    2616 B/op	      18 allocs/op
BenchmarkSimpleImage_FetchSquashedContents/docker-archive-4         	   60586	     19619 ns/op	    2616 B/op	      18 allocs/op
BenchmarkSimpleImage_FetchSquashedContents/docker-archive-4         	   60560	     19407 ns/op	    2616 B/op	      18 allocs/op
BenchmarkSimpleImage_FetchSquashedContents/docker-archive-4         	   61378	     19310 ns/op	    2616 B/op	      18 allocs/op
--- FAIL: BenchmarkSimpleImage_FetchSquashedContents
    image_fixtures.go:193: using existing image tar: 'test-fixtures/cache/stereoscope-fixture-image-simple-04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7.tar' (size: 22528, modified: 2026-02-09 23:31:39.044742333 +0000 UTC, mode: -rw-r--r--)
    image_fixtures.go:75: error getting fixture image: 'podman' 'image-simple' with request 'podman:stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7': unable to detect input for 'stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7', errs: podman not available: no host address
FAIL
exit status 1
FAIL	github.com/anchore/stereoscope/test/integration	19.871s
?   	github.com/anchore/stereoscope/test/integration/test-fixtures/registry	[no test files]
FAIL
goos: linux
goarch: amd64
pkg: github.com/anchore/stereoscope/pkg/file
cpu: AMD EPYC 7763 64-Core Processor                
ctr: 
           │ .tmp/benchmark-8539689.txt │
           │           sec/op           │
TarIndex-4                  33.94µ ± 1%

           │ .tmp/benchmark-8539689.txt │
           │            B/op            │
TarIndex-4                 5.568Ki ± 0%

           │ .tmp/benchmark-8539689.txt │
           │         allocs/op          │
TarIndex-4                   93.00 ± 0%

pkg: github.com/anchore/stereoscope/test/integration
                                      │ .tmp/benchmark-8539689.txt │
                                      │           sec/op           │
SimpleImage_GetImage/docker-archive-4                 1.135m ± 17%

                                      │ .tmp/benchmark-8539689.txt │
                                      │            B/op            │
SimpleImage_GetImage/docker-archive-4                 272.5Ki ± 0%

                                      │ .tmp/benchmark-8539689.txt │
                                      │         allocs/op          │
SimpleImage_GetImage/docker-archive-4                  2.361k ± 0%

ctr: connection error: desc = "transport: Error while dialing: dial unix /run/containerd/containerd.sock: connect: permission denied"
                                                   │ .tmp/benchmark-8539689.txt │
                                                   │           sec/op           │
SimpleImage_FetchSquashedContents/docker-archive-4                  19.62µ ± 2%

                                                   │ .tmp/benchmark-8539689.txt │
                                                   │            B/op            │
SimpleImage_FetchSquashedContents/docker-archive-4                 2.555Ki ± 0%

                                                   │ .tmp/benchmark-8539689.txt │
                                                   │         allocs/op          │
SimpleImage_FetchSquashedContents/docker-archive-4                   18.00 ± 0%
goos: linux
goarch: amd64
pkg: github.com/anchore/stereoscope/pkg/file
cpu: AMD EPYC 7763 64-Core Processor                
ctr: 
           │ .tmp/benchmark-8539689.txt │
           │           sec/op           │
TarIndex-4                  33.94µ ± 1%

           │ .tmp/benchmark-8539689.txt │
           │            B/op            │
TarIndex-4                 5.568Ki ± 0%

           │ .tmp/benchmark-8539689.txt │
           │         allocs/op          │
TarIndex-4                   93.00 ± 0%

pkg: github.com/anchore/stereoscope/test/integration
                                      │ .tmp/benchmark-8539689.txt │
                                      │           sec/op           │
SimpleImage_GetImage/docker-archive-4                 1.135m ± 17%

                                      │ .tmp/benchmark-8539689.txt │
                                      │            B/op            │
SimpleImage_GetImage/docker-archive-4                 272.5Ki ± 0%

                                      │ .tmp/benchmark-8539689.txt │
                                      │         allocs/op          │
SimpleImage_GetImage/docker-archive-4                  2.361k ± 0%

ctr: connection error: desc = "transport: Error while dialing: dial unix /run/containerd/containerd.sock: connect: permission denied"
                                                   │ .tmp/benchmark-8539689.txt │
                                                   │           sec/op           │
SimpleImage_FetchSquashedContents/docker-archive-4                  19.62µ ± 2%

                                                   │ .tmp/benchmark-8539689.txt │
                                                   │            B/op            │
SimpleImage_FetchSquashedContents/docker-archive-4                 2.555Ki ± 0%

                                                   │ .tmp/benchmark-8539689.txt │
                                                   │         allocs/op          │
SimpleImage_FetchSquashedContents/docker-archive-4                   18.00 ± 0%