Bump github.com/Open-CMSIS-Pack/cbuild/v2 from 2.12.0 to 2.13.0

[dependabot]

Bumps github.com/Open-CMSIS-Pack/cbuild/v2 from 2.12.0 to 2.13.0.

Release notes

Sourced from github.com/Open-CMSIS-Pack/cbuild/v2's releases.

v2.13.0

What's Changed

• [cbuild] Add --skip-convert flag in Open-CMSIS-Pack/cbuild#498
• [cbuild] Extend rebuild trigger conditions in Open-CMSIS-Pack/cbuild#499
• Check west environment setup in Open-CMSIS-Pack/cbuild#518
• Handle terminal features in Open-CMSIS-Pack/cbuild#526
• Added --active option to list toolchains command in Open-CMSIS-Pack/cbuild#538
• Trigger rebuild on CMSIS_COMPILER_ROOT changed from last build in Open-CMSIS-Pack/cbuild#541
• Fix: Failure when selecting --rebuild and the target set specifies and image in Open-CMSIS-Pack/cbuild#542
• Improve --skip-convert handling in Open-CMSIS-Pack/cbuild#547

Full Changelog: Open-CMSIS-Pack/cbuild@v2.12.0...v2.13.0

Commits

• e01a793 Fixed linter warning (#549)
• eaca090 chore(deps): bump github/codeql-action from 4.32.2 to 4.32.3
• f6fa5b0 Improve --skip-convert handling
• f6c9dbe Update TPIP report
• e339848 chore(deps): bump golang.org/x/term from 0.39.0 to 0.40.0
• 6d8327d chore(deps): bump step-security/harden-runner from 2.14.1 to 2.14.2
• 15c70e6 chore(deps): bump github/codeql-action from 4.32.0 to 4.32.2
• d22118b Fix: Failure when selecting --rebuild and the target set specifies and image ...
• 9a50566 Trigger rebuild on CMSIS_COMPILER_ROOT changed from last build
• a2e4e15 chore(deps): bump github/codeql-action from 4.31.11 to 4.32.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

go.mod

Package	Version	License	Issue Type
github.com/creack/pty	1.1.21	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
gomod/github.com/Open-CMSIS-Pack/cbuild/v2	2.13.0	🟢 8.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Binary-Artifacts 🟢 10 no binaries found in the repo Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 8 SAST tool detected but not run on all commits Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected Contributors 🟢 6 project has 2 contributing companies or organizations -- score normalized to 6 CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10
gomod/github.com/aymanbagabas/go-pty	0.2.2	⚠️ 2.9	Details Check Score Reason Code-Review ⚠️ 0 Found 0/5 approved changesets -- score normalized to 0 Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/creack/pty	1.1.21	Unknown	Unknown
gomod/github.com/u-root/u-root	0.11.0	🟢 7.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 4 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Fuzzing 🟢 10 project is fuzzed Binary-Artifacts 🟢 9 binaries present in source code Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
gomod/golang.org/x/crypto	0.45.0	Unknown	Unknown
gomod/golang.org/x/sys	0.41.0	Unknown	Unknown
gomod/golang.org/x/term	0.40.0	Unknown	Unknown

Scanned Files

• go.mod

[qltysh]

Coverage Impact

⬇️ Merging this pull request will decrease total coverage on main by 4.81%.

🚦 See full report on Qlty Cloud »

🛟 Help

• Diff Coverage: Coverage for added or modified lines of code (excludes deleted files). Learn more.

• Total Coverage: Coverage for the whole repository, calculated as the sum of all File Coverage. Learn more.

• File Coverage: Covered Lines divided by Covered Lines plus Missed Lines. (Excludes non-executable lines including blank lines and comments.)

  • Indirect Changes: Changes to File Coverage for files that were not modified in this PR. Learn more.

[Copilot]

Pull request overview

Updates the Go module dependencies for cbuild2cmake by bumping github.com/Open-CMSIS-Pack/cbuild/v2 to v2.13.0, which pulls in additional indirect dependencies and updates related golang.org/x/* entries.

Changes:

• Bump github.com/Open-CMSIS-Pack/cbuild/v2 from v2.12.0 to v2.13.0.
• Update go.mod Go version directive and refresh indirect requirements.
• Update go.sum with new/updated checksums for the dependency graph.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.

File	Description
go.mod	Bumps cbuild/v2 and updates the Go version + indirect module requirements.
go.sum	Updates checksums to match the new dependency graph after the bump.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.