ci(github-actions): bump docker/setup-qemu-action from 3.7.0 to 4.0.0

[dependabot]

Bumps docker/setup-qemu-action from 3.7.0 to 4.0.0.

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.0.0

• Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @​crazy-max in docker/setup-qemu-action#245
• Switch to ESM and update config/test wiring by @​crazy-max in docker/setup-qemu-action#241
• Bump @​actions/core from 1.11.1 to 3.0.0 in docker/setup-qemu-action#244
• Bump @​docker/actions-toolkit from 0.67.0 to 0.77.0 in docker/setup-qemu-action#243
• Bump @​isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/setup-qemu-action#240
• Bump js-yaml from 3.14.1 to 3.14.2 in docker/setup-qemu-action#231
• Bump lodash from 4.17.21 to 4.17.23 in docker/setup-qemu-action#238

Full Changelog: docker/setup-qemu-action@v3.7.0...v4.0.0

Commits

• ce36039 Merge pull request #245 from crazy-max/node24
• 6386344 node 24 as default runtime
• 1ea3db7 Merge pull request #243 from docker/dependabot/npm_and_yarn/docker/actions-to...
• b56a002 chore: update generated content
• c43f02d build(deps): bump @​docker/actions-toolkit from 0.67.0 to 0.77.0
• ce10c58 Merge pull request #244 from docker/dependabot/npm_and_yarn/actions/core-3.0.0
• 429fc9d chore: update generated content
• 060e5f8 build(deps): bump @​actions/core from 1.11.1 to 3.0.0
• 44be13e Merge pull request #231 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
• 1897438 chore: update generated content
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	1		0	0	0.03s
✅ COPYPASTE	jscpd	yes		no	no	1.51s
✅ EDITORCONFIG	editorconfig-checker	1		0	0	0.01s
⚠️ REPOSITORY	checkov	yes		no	1	25.08s
✅ REPOSITORY	gitleaks	yes		no	no	0.53s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	43.47s
⚠️ REPOSITORY	kics	yes		no	1	5.44s
✅ REPOSITORY	secretlint	yes		no	no	1.64s
✅ REPOSITORY	semgrep	yes		no	no	28.03s
✅ REPOSITORY	syft	yes		no	no	2.49s
✅ REPOSITORY	trivy	yes		no	no	12.76s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.24s
✅ REPOSITORY	trufflehog	yes		no	no	4.72s
✅ SPELL	lychee	1		0	0	0.12s
✅ YAML	prettier	1	0	0	0	0.45s
✅ YAML	v8r	1		0	0	3.0s
✅ YAML	yamllint	1		0	0	0.42s

Detailed Issues

⚠️ REPOSITORY / checkov - 1 warning

error: Ensure the base image uses a non latest version tag
  ┌─ Dockerfile:9:1
  │
9 │ FROM ${BASE_IMAGE} AS base
  │ ^^^^^^^^^^^^^^^^^^^^^^^^^^
  │
  = Ensure the base image uses a non latest version tag
  = Ensure the base image uses a non latest version tag

error: Ensure that sudo isn't used
   ┌─ Dockerfile:40:1
   │  
40 │ ╭ RUN useradd --create-home libraries && usermod --lock libraries && \
41 │ │     # Warning: the created user has root permissions inside the container
42 │ │     # Warning: you still need to start the ssh process with `sudo service ssh start`
43 │ │     if ! id -u ubuntu; then useradd --create-home --shell /bin/bash --groups sudo ubuntu; fi
   │ ╰────────────────────────────────────────────────────────────────────────────────────────────^
   │  
   = Ensure that sudo isn't used
   = Ensure that sudo isn't used

error: Ensure that sudo isn't used
   ┌─ Dockerfile:56:1
   │  
56 │ ╭ RUN apt-get update && \
57 │ │     apt-get install --yes --no-install-recommends \
58 │ │     # minimal
59 │ │     bash \
   · │
75 │ │     git \
76 │ │     && rm -rf /var/lib/apt/lists/*
   │ ╰──────────────────────────────────^
   │  
   = Ensure that sudo isn't used
   = Ensure that sudo isn't used

warning: Ensure that a user for the container has been created
    ┌─ Dockerfile:1:1
    │  
  1 │ ╭ # hadolint global ignore=DL3008
  2 │ │ # kics-scan disable=fd54f200-402c-4333-a5a4-36ef6709af2f,965a08d7-ef86-4f14-8792-4a3b2098937e
  3 │ │ # checkov:skip=CKV_DOCKER_3
  4 │ │ ARG BASE_IMAGE=public.ecr.aws/ubuntu/ubuntu:24.04@sha256:b1940c8ecf8ff591053cc5db0303fb882f9fafec50f26892a870bcbe1b30d25a
    · │
111 │ │ 
112 │ │ HEALTHCHECK CMD ["uv", "pip", "list"]
    │ ╰─────────────────────────────────────^
    │  
    = Ensure that a user for the container has been created
    = Ensure that a user for the container has been created

warning: 1 warnings emitted
error: 3 errors emitted

⚠️ REPOSITORY / kics - 1 warning

warning: RUN instruction uv venv "/databricks/python3" --seed &&     uv pip install --no-cache-dir --requirements requirements.txt pyspark=="4.0.0" &&     uv pip uninstall pyspark &&     uv pip list does not use package pinning form
   ┌─ Dockerfile:94:1
   │
94 │ FROM base AS build
   │ ^^^^^^^^^^^^^^^^^^
   │
   = Unpinned Package Version in Pip Install
   = Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes

warning: 1 warnings emitted

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

Show us your support by starring ⭐ the repository