Skip to content

Releases: oxsecurity/megalinter

v8.3.0

23 Nov 10:42
Compare
Choose a tag to compare

What's Changed

  • Core

    • Display command log (truncated to 250 chars) even when LOG_LEVEL is not DEBUG
    • Allow to replace an ENV var value with the value of another ENV var before calling a PRE_COMMAND (helps for tflint run from GitHub Enterprise)
    • Fix handling of git submodule paths
  • Fixes

    • trivy: retry in case of BLOB_UNKNOWN while downloading vulnerability list
  • Reporters

    • Fix UpdatedSourcesReporter when APPLY_FIXES is list (array)
    • Fix AzureCommentReporter when the repo is not found: fallback using BUILD_REPOSITORY_ID. (+ disable space replacement in repo name with AZURE_COMMENT_REPORTER_REPLACE_WITH_SPACES: false)
  • CI

    • Fix Docker mirroring job for release context
    • Remove max parallel jobs for release linters workflow
  • Linter versions upgrades (13)

MegaLinter is graciously provided by OX Security

Please share the LinkedIn Post

Full Changelog: v8.2.0...v8.3.0

v8.2.0

17 Nov 13:34
Compare
Choose a tag to compare

What's Changed

  • Media

  • Linters enhancements

    • detekt Enable SARIF output + count errors
    • lintr: Support files in subdirectories, fix unit tests
    • phpcs-fixer: Activate APPLY_FIXES
    • Salesforce linters: Add SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins
    • trivy: handle retry if failed to download Java DB is detected
    • tsqllint Re-enabled after .net 8 and security updates
  • Fixes

    • Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered
    • Fix linting errors in GitHub Actions template
  • Reporters

    • UpdatedSourcesReporter will git commit & push fixed files to source branch if APPLY_FIXES is set
    • Fix AzureCommentReporter not adding comments to PR
    • Fix AzureCommentReporter fails when target repo contains spaces
  • Doc

    • Updated documentation with Azure central pipeline use case
    • Update DevSkim documentation to show a valid exclusion config file
    • Note about risky rules and how to fix rule violations with PHP-CS-Fixer
  • CI

    • Also prune volumes before pulling and pushing to docker hub
    • Externalize mirroring from ghcr.io to docker hub in another workflow to avoid memory issues
    • Squash docker images to have less layers and size
    • Comment jobs related to GitHub Worker images, as CodeTotal is not actively maintained
    • Make gitpod workflow not blocking until uv install is fixed
    • Update stale comment
    • Try several times to embed trivy db during Docker build, as a workaround to the random failures
    • Wait 10 secondes instead of 1 before retrying a failing test method, to avoid race conditions
  • Linter versions upgrades (104)

New Contributors

MegaLinter is graciously provided by OX Security

Please share the LinkedIn Post

Full Changelog: v8.1.0...v8.2.0

v8.1.0

13 Oct 10:57
Compare
Choose a tag to compare

What's Changed

  • Core

    • Allow to tag PRE_COMMANDS to run them before loading plugins, by @nvuillam in #3944
    • Replace usage of setup.py with a pyproject.toml package install, by @echoix in #3893
    • Allow to add custom messages at the end of PR / MR MegaLinter Summary using variable JOB_SUMMARY_ADDITIONAL_MARKDOWN
  • New linters

  • Linters enhancements

    • Trivy
      • Embed vulnerability database in Docker Image for running trivy on internet-free network
      • Retry 5 times after 3 seconds in case of TooManyRequests when downloading vulnerability database
      • If the retries did not succeed, call trivy with --skip-db-update --skip-check-update (not ideal but better than nothing)
    • Bash/Perl: Support shell scripts with no extension and only support perl shebangs at the beginning of a file in #4076
  • Fixes

    • Add debug traces to investigate reporters activation
    • Add more traces for ApiReporter
    • Activate ApiReporter by default
  • Reporters

    • Fix ApiReporter not called in MegaLlinter flavors
  • Doc

    • Fix Grafana Home Dashboard to add missing criteria
    • Update PRE_COMMANDS documentation to describe all properties
    • Update Grafana documentation to fix secrets typo
  • CI

    • Free space in release job to avoid no space left on device, by @nvuillam in #3914
    • Add pytest-rerunfailures to improve CI control jobs success, by @AlejandroSuero in #3993
    • Send GITHUB_TOKEN to trivy-action
    • Workaround to avoid to reach Docker Hub rate limits: Build & push first on ghcr.io, then login to docker hub, then push to docker hub
  • Linter versions upgrades

    • actionlint from 1.7.1 to 1.7.3 on 2024-09-29
    • ansible-lint from 24.7.0 to 24.9.2 on 2024-09-20
    • bandit from 1.7.9 to 1.7.10 on 2024-09-23
    • bicep_linter from 0.29.47 to 0.30.23 on 2024-09-24
    • black from 24.8.0 to 24.10.0 on 2024-10-07
    • cfn-lint from 1.10.3 to 1.16.1 on 2024-10-11
    • checkov from 3.2.232 to 3.2.257 on 2024-10-06
    • checkstyle from 10.17.0 to 10.18.2 on 2024-09-29
    • clippy from 0.1.80 to 0.1.81 on 2024-09-06
    • clj-kondo from 2024.08.01 to 2024.09.27 on 2024-09-26
    • cpplint from 1.6.1 to 2.0.0 on 2024-10-06
    • csharpier from 0.29.0 to 0.29.2 on 2024-09-16
    • cspell from 8.14.1 to 8.15.1 on 2024-10-11
    • detekt from 1.23.6 to 1.23.7 on 2024-09-08
    • djlint from 1.34.1 to 1.35.2 on 2024-08-29
    • dotnet-format from 8.0.108 to 8.0.110 on 2024-10-11
    • eslint from 8.57.0 to 8.57.1 on 2024-09-16
    • gitleaks from 8.18.4 to 8.20.1 on 2024-10-08
    • golangci-lint from 1.60.1 to 1.61.0 on 2024-09-09
    • kics from 2.1.2 to 2.1.3 on 2024-10-04
    • lightning-flow-scanner from 2.33.0 to 2.34.0 on 2024-08-25
    • lychee from 0.15.1 to 0.16.1 on 2024-10-07
    • markdownlint from 0.41.0 to 0.42.0 on 2024-09-24
    • mypy from 1.11.1 to 1.11.2 on 2024-08-25
    • npm-groovy-lint from 14.6.0 to 15.0.2 on 2024-08-29
    • php-cs-fixer from 3.62.0 to 3.64.0 on 2024-08-31
    • phpcs from 3.10.2 to 3.10.3 on 2024-09-20
    • phplint from 9.4.1 to 9.5.3 on 2024-10-11
    • phpstan from 1.11.11 to 1.12.6 on 2024-10-06
    • pmd from 7.4.0 to 7.6.0 on 2024-09-27
    • psalm from Psalm.5.25.0@ to Psalm.5.26.1@ on 2024-09-09
    • pylint from 3.2.6 to 3.3.1 on 2024-09-24
    • pyright from 1.1.376 to 1.1.384 on 2024-10-11
    • revive from 1.3.9 to 1.4.0 on 2024-09-23
    • roslynator from 0.8.9.0 to 0.9.1.0 on 2024-10-11
    • rubocop from 1.65.1 to 1.66.1 on 2024-09-06
    • ruff from 0.6.1 to 0.6.9 on 2024-10-04
    • scalafix from 0.12.1 to 0.13.0 on 2024-09-27
    • secretlint from 8.2.4 to 8.4.0 on 2024-10-06
    • sfdx-scanner-apex from 4.4.0 to 4.6.0 on 2024-09-26
    • sfdx-scanner-aura from 4.4.0 to 4.6.0 on 2024-09-26
    • sfdx-scanner-lwc from 4.4.0 to 4.6.0 on 2024-09-26
    • shfmt from 3.8.0 to 3.9.0 on 2024-09-03
    • snakemake from 8.18.1 to 8.21.0 on 2024-10-13
    • spectral from 6.11.1 to 6.13.1 on 2024-09-21
    • sqlfluff from 3.1.0 to 3.2.3 on 2024-10-11
    • standard from 17.1.0 to 17.1.2 on 2024-09-13
    • stylelint from 16.8.2 to 16.10.0 on 2024-10-11
    • swiftlint from 0.56.1 to 0.57.0 on 2024-09-09
    • syft from 1.11.0 to 1.14.0 on 2024-10-07
    • terraform-fmt from 1.9.4 to 1.9.5 on 2024-08-28
    • terragrunt from 0.66.8 to 0.67.5 on 2024-09-16
    • terrascan from 1.18.11 to 1.19.9 on 2024-09-21
    • trivy-sbom from 0.54.1 to 0.56.2 on 2024-10-11
    • trivy from 0.54.1 to 0.56.2 on 2024-10-11
    • trufflehog from 3.81.10 to 3.82.8 on 2024-10-13
    • v8r from 4.0.1 to 4.1.0 on 2024-08-25
    • vale from 3.7.0 to 3.7.1 on 2024-09-26

New Contributors

MegaLinter is graciously provided by OX Security

LinkedIn Release Post

Full Changelog: v8.0.0...v8.1.0

v8.0.0

19 Aug 21:31
Compare
Choose a tag to compare

What's Changed

Run npx mega-linter-runner@latest --upgrade to upgrade to MegaLinter v8 :)

Upgrade to v8 Video

New Contributors

MegaLinter is graciously provided by OX Security

Full Changelog: v7.13.0...v8.0.0

v7.13.0

06 Jul 20:23
Compare
Choose a tag to compare

What's Changed

New Contributors

MegaLinter is graciously provided by OX Security

Please share the release post on LinkedIn

Full Changelog: v7.12.0...v7.13.0

v7.12.0

02 Jun 14:57
Compare
Choose a tag to compare

What's Changed

  • Core

    • Add new logs (at debug level) on each linter activation/deactivation
    • Clean MegaLinter own CVE exceptions and order the remaining ones with links to related issues
    • Upgrade to Java 21 except for npm-groovy-lint that requires Java 17
  • Media

  • Linters

    • Add PHP fixer by @llaville in #3598
    • API_SPECTRAL was added as replacement for OPENAPI_SPECTRAL (deprecated), supporting AsyncAPI and OpenAPI by default. Uses Spectral's standard config file name .spectral.yaml instead of .openapirc.yml with a default config with rulesets for AsyncAPI and OpenAPI enabled. Fixes #3387
    • Disable SQL_TSQLLINT until security issues are solved. Related to tsqllint/tsqllint#333
    • PHP linters (PHP_PHPCS, PHP_PHPLINT, PHP_PHPSTAN) add support to SARIF report output format with help of https://github.com/llaville/sarif-php-sdk
    • Php psalm improvement by @llaville in #3541
    • KOTLIN_KTLINT now supports list_of_files mode, and has better error counting
    • Upgrade KOTLIN_DETEKT and make it work with cli_lint_mode = project
  • Fixes

    • Change golangci-lint lint mode to project, by @wandering-tales in #3509
    • Disable sql-lint as it is no longer maintained
    • Add new entries findUnusedCode and findUnusedBaselineEntry in default psalm.xml configuration file for PHP_PSALM linter. Related to #3538
    • fix(pylint): overgeneral-exceptions fully qualified name by @gardar in #3576
    • Update ktlint descriptor to support list_of_files and better error counting by @Yann-J in #3575
    • Sync PowerShell version in arm.megalinter-descriptor.yml by @echoix in #3586
    • Adjust find commands to clean up files in same step by @echoix in #3588
    • Upgrade KOTLIN_DETEKT and make it work with cli_lint_mode = project by @nvuillam in #3590
  • Doc

    • Handle disabled_reason property in descriptors
    • Sort enums in json schema, by @echoix in #3595
  • CI

    • Build: take in account disabled linters for workflow auto-update
    • Remove useless package-lock.json that was in python tests folder
    • Fix SARIF_REPORTER that was wrongly sent to true to format & fix test methods
    • Build: Write ARG lines at the top of Dockerfiles if they are used by FROM variables
    • Remove Github Actions Workflow telemetry to improve performances
    • Update Docker image for Gitpod to run on Ubuntu Noble, by @echoix
    • Update makefile bootstrap config (gitpod or local) to use uv for package installation, by @echoix
    • Use uv to install Python deps for CI by @echoix in #3561
    • Use a single find command to delete pycache files by @echoix in #3562
    • Sort schema enums by @echoix in #3595
  • Linter versions upgrades

New Contributors

MegaLinter is graciously provided by OX Security

Full Changelog: v7.11.0...v7.12.0

v7.11.1

23 Apr 20:11
Compare
Choose a tag to compare

What's Changed

  • Fixes

    • Implement fallback in case git diff does not work with merge-base, by @nvuillam in #3503
  • Linter versions upgrades

MegaLinter is graciously provided by OX Security

Full Changelog: v7.11.0...v7.11.1

v7.11.0

23 Apr 10:14
Compare
Choose a tag to compare

What's Changed

New Contributors

MegaLinter is graciously provided by OX Security

Full Changelog: v7.10.0...v7.11.0

v7.10.0

10 Mar 20:24
Compare
Choose a tag to compare

What's Changed

New Contributors

MegaLinter is graciously provided by OX Security

Full Changelog: v7.9.0...v7.10.0

v7.9.0

11 Feb 21:46
Compare
Choose a tag to compare

What's Changed

New Contributors

MegaLinter is graciously provided by OX Security

Full Changelog: v7.8.0...v7.9.0