chore(deps, cpp): update llvm-vs-code-extensions.vscode-clangd in devcontainer-metadata.json

[philips-software-forest-releaser]

Note

Before merging this PR, please conduct a manual test checking basic functionality of the updated plug-ins. There are limited automated tests for the VS Code Extension updates.

Updates llvm-vs-code-extensions.vscode-clangd from 0.4.0 to 0.6.0

Release notes

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-base:edge ➔ ghcr.io/philips-software/amp-devcontainer-base:pr-1286

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	71.82 MB	71.82 MB	145 B (0%)	🔽
linux/arm64	70.13 MB	70.13 MB	+1.49 kB (+0%)	🔼

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	23		0	0	0.22s
✅ DOCKERFILE	hadolint	3		0	0	0.21s
✅ JSON	npm-package-json-lint	yes		no	no	0.61s
✅ JSON	prettier	21	4	0	0	0.69s
✅ JSON	v8r	21		0	0	11.24s
✅ MARKDOWN	markdownlint	12	0	0	0	1.24s
✅ MARKDOWN	markdown-table-formatter	12	0	0	0	0.33s
✅ REPOSITORY	checkov	yes		no	no	25.83s
✅ REPOSITORY	gitleaks	yes		no	no	1.01s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
⚠️ REPOSITORY	grype	yes		no	1	56.37s
✅ REPOSITORY	secretlint	yes		no	no	2.12s
✅ REPOSITORY	syft	yes		no	no	2.3s
❌ REPOSITORY	trivy	yes		1	1	14.61s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.46s
✅ REPOSITORY	trufflehog	yes		no	no	5.98s
⚠️ SPELL	lychee	83		1	0	37.19s
✅ YAML	prettier	31	0	0	0	1.32s
✅ YAML	v8r	31		0	0	13.42s
✅ YAML	yamllint	31		0	0	1.31s

Detailed Issues

❌ REPOSITORY / trivy - 1 error

warning: Package: idna
Installed Version: 3.11
Vulnerability CVE-2026-45409
Severity: MEDIUM
Fixed Version: 3.15
Link: [CVE-2026-45409](https://avd.aquasec.com/nvd/cve-2026-45409)
    ┌─ .devcontainer/cpp/requirements.txt:187:1
    │
187 │ idna==3.11 \
    │ ^
    │
    = Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
    = This is the same issue as CVE-2024-3651, however the original remediation in 2024 was not a complete fix. Payloads such as `"\u0660" * N` or `"\u30fb" * N + "\u6f22"` utilize the `valid_contexto` function prior to length rejection, and for high values of `N` will take a long time to process.
      
      ### Impact
      A specially crafted argument to the `idna.encode()` function could consume significant resources. This may lead to a denial-of-service.
      
      ### Patches
      Starting in version 3.14, the function rejects long inputs as soon as practicable prior to any further processing to minimize resource consumption. In version 3.15, this approach was extended to lesser used alternate functions (i.e. per-label conversions and codec support).
      
      ### Workarounds
      Domain names cannot exceed 253 characters in length, if this length limit is enforced prior to passing the domain to the `idna.encode()` function it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.

warning: 1 warnings emitted

⚠️ REPOSITORY / grype - 1 warning

warning: A medium vulnerability in python package: idna, version 3.11 was found at: /.devcontainer/cpp/requirements.txt

warning: 1 warnings emitted

⚠️ SPELL / lychee - 1 error

[IGNORED] docker://pandoc/extra:3.9.0.0-ubuntu@sha256:72afa9c8d3300e5f10c9c4330e101725687f2179bffd912fb859c6d2ae85de62 | Unsupported: Error creating request client: builder error for url (docker://pandoc/extra:3.9.0.0-ubuntu@sha256:72afa9c8d3300e5f10c9c4330e101725687f2179bffd912fb859c6d2ae85de62)
[403] https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads | Network error: Forbidden
[IGNORED] https://vscode.dev/redirect?url=vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer | Unsupported: Error creating request client: builder error for url (vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer)
📝 Summary
---------------------
🔍 Total..........126
✅ Successful.....123
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........0
❓ Unknown..........0
🚫 Errors...........1

Errors in .github/TOOL_VERSION_ISSUE_TEMPLATE.md
[403] https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads | Network error: Forbidden

See detailed reports in MegaLinter artifacts

You could have the same capabilities but better runtime performances if you use a MegaLinter flavor:

• oxsecurity/megalinter/flavors/salesforce@v9.4.0 (58 linters)
• oxsecurity/megalinter/flavors/javascript@v9.4.0 (61 linters)

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.4.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,DOCKERFILE_HADOLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-rust:edge ➔ ghcr.io/philips-software/amp-devcontainer-rust:pr-1286

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	468.63 MB	468.63 MB	99 B (0%)	🔽
linux/arm64	419.81 MB	419.81 MB	+96 B (+0%)	🔼

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-cpp:edge ➔ ghcr.io/philips-software/amp-devcontainer-cpp:pr-1286

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	544.95 MB	544.95 MB	+468 B (+0%)	🔼
linux/arm64	524.3 MB	524.3 MB	+2.51 kB (+0%)	🔼

[github-actions]

Test Results

 12 files   - 1   12 suites   - 1   16m 53s ⏱️ - 2m 47s
 32 tests  - 1   32 ✅  - 1  0 💤 ±0  0 ❌ ±0 
136 runs   - 1  136 ✅  - 1  0 💤 ±0  0 ❌ ±0 

Results for commit 37e66a6. ± Comparison against base commit 30a53b3.