chore(deps): bump nixpkgs from d233902 to 2991645

[dependabot]

Bumps nixpkgs from d233902 to 2991645.

Commits

• 2991645 python3Packages.language-tool-python: 3.3.1 -> 3.4.0 (#522777)
• 22bf3cf python3Packages.django-markdownify: 0.9.6 -> 0.9.7 (#522553)
• 5c47564 crush: 0.65.3 -> 0.70.0 (#522691)
• c6d13b9 selene: 0.30.1 -> 0.31.0 (#522598)
• 259675d python3Packages.primp: 1.2.3 -> 1.3.0 (#522536)
• 8787272 sqlint: update deps to fix build failure (#522738)
• a3d609f go-jet: 2.14.1 -> 2.15.0 (#522756)
• c9a31ef dwproton-bin: dwproton-11.0-1 -> dwproton-11.0-2 (#523119)
• 318b0ed python3Packages.cyscale: 0.3.2 -> 0.4.0 (#522651)
• a4745de deezer-desktop: 7.1.190 -> 7.1.200 (#522504)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🔍 Hypatia Security Scan

Findings: 80 issues detected

Severity	Count
🔴 Critical	2
🟠 High	36
🟡 Medium	42

⚠️ Action Required: Critical security issues found!

View findings

[
  {
    "reason": "Issue in quality.yml",
    "type": "missing_workflow",
    "file": "quality.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in security-policy.yml",
    "type": "missing_workflow",
    "file": "security-policy.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "codeql.yml lists `language: javascript-typescript` but the repo has no source files in any CodeQL-scannable language. The analyze job will exit 'no source files' on every run. Switch the matrix to `actions` (which scans workflow files — every repo has those).",
    "type": "codeql_language_matrix_mismatch",
    "file": "codeql.yml",
    "action": "switch_codeql_matrix_to_actions",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Nickel file missing SPDX-License-Identifier header (1 occurrences, CWE-1104)",
    "type": "ncl_missing_spdx",
    "file": "/home/runner/work/asdf-tool-plugins/asdf-tool-plugins/asdf-augmenters/asdf-acceleration-middleware/examples/config.ncl",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "Nickel file missing SPDX-License-Identifier header (1 occurrences, CWE-1104)",
    "type": "ncl_missing_spdx",
    "file": "/home/runner/work/asdf-tool-plugins/asdf-tool-plugins/asdf-acceleration-middleware/examples/config.ncl",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "expect() in hot path (4 occurrences, CWE-754)",
    "type": "expect_in_hot_path",
    "file": "/home/runner/work/asdf-tool-plugins/asdf-tool-plugins/asdf-augmenters/asdf-plugin-configurator/src/commands/sync.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "expect() in hot path (2 occurrences, CWE-754)",
    "type": "expect_in_hot_path",
    "file": "/home/runner/work/asdf-tool-plugins/asdf-tool-plugins/asdf-augmenters/asdf-acceleration-middleware/crates/asdf-config/src/loader.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "expect() in hot path (1 occurrences, CWE-754)",
    "type": "expect_in_hot_path",
    "file": "/home/runner/work/asdf-tool-plugins/asdf-tool-plugins/asdf-augmenters/asdf-acceleration-middleware/crates/asdf-accelerate/src/commands/sync.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "expect() in hot path (1 occurrences, CWE-754)",
    "type": "expect_in_hot_path",
    "file": "/home/runner/work/asdf-tool-plugins/asdf-tool-plugins/asdf-augmenters/asdf-acceleration-middleware/crates/asdf-accelerate/src/commands/install.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence