From 03e00f34d0288217431cf2195cc7546b971fd9f7 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 5 Dec 2024 17:02:21 -0800
Subject: [PATCH] chore(deps): update oxsecurity/megalinter action to v8.3.0
(#264)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[oxsecurity/megalinter](https://redirect.github.com/oxsecurity/megalinter)
| action | minor | `v8.1.0` -> `v8.3.0` |
---
### Release Notes
oxsecurity/megalinter (oxsecurity/megalinter)
###
[`v8.3.0`](https://redirect.github.com/oxsecurity/megalinter/blob/HEAD/CHANGELOG.md#v830---2024-11-23)
[Compare
Source](https://redirect.github.com/oxsecurity/megalinter/compare/v8.2.0...v8.3.0)
- Core
- Display command log (truncated to 250 chars) even when LOG_LEVEL is
not DEBUG
- Allow to replace an ENV var value with the value of another ENV var
before calling a PRE_COMMAND (helps for tflint run from GitHub
Enterprise)
- Fix handling of git submodule paths
- Fixes
- [trivy](https://megalinter.io/latest/descriptors/repository_trivy/):
retry in case of BLOB_UNKNOWN while downloading vulnerability list
- Reporters
- Fix UpdatedSourcesReporter when `APPLY_FIXES` is list (array)
- Fix AzureCommentReporter when the repo is not found: fallback using
BUILD_REPOSITORY_ID. (+ disable space replacement in repo name with
`AZURE_COMMENT_REPORTER_REPLACE_WITH_SPACES: false`)
- CI
- Fix Docker mirroring job for release context
- Remove max parallel jobs for release linters workflow
- Linter versions upgrades (13)
- [cfn-lint](https://redirect.github.com/aws-cloudformation/cfn-lint)
from 1.19.0 to **1.20.0**
- [checkov](https://www.checkov.io/) from 3.2.298 to **3.2.311**
- [csharpier](https://csharpier.com/) from 0.29.2 to **0.30.2**
- [markdownlint](https://redirect.github.com/DavidAnson/markdownlint)
from 0.42.0 to **0.43.0**
- [phpstan](https://phpstan.org/) from 2.0.1 to **2.0.2**
- [ruff](https://redirect.github.com/astral-sh/ruff) from 0.7.4 to
**0.8.0**
-
[spectral](https://docs.stoplight.io/docs/spectral/674b27b261c3c-overview)
from 6.14.1 to **6.14.2**
- [stylua](https://redirect.github.com/JohnnyMorganz/StyLua) from 0.20.0
to **2.0.0**
- [syft](https://redirect.github.com/anchore/syft) from 1.16.0 to
**1.17.0**
- [trivy-sbom](https://aquasecurity.github.io/trivy/) from 0.57.0 to
**0.57.1**
- [trivy](https://aquasecurity.github.io/trivy/) from 0.57.0 to
**0.57.1**
- [trufflehog](https://redirect.github.com/trufflesecurity/trufflehog)
from 3.83.7 to **3.84.1**
- [vale](https://vale.sh/) from 3.9.0 to **3.9.1**
###
[`v8.2.0`](https://redirect.github.com/oxsecurity/megalinter/blob/HEAD/CHANGELOG.md#v820---2024-11-17)
[Compare
Source](https://redirect.github.com/oxsecurity/megalinter/compare/v8.1.0...v8.2.0)
- Media
- [10 MegaLinter Tips and Tricks Unlock its Full
Potential](https://flexion.us/blog/megalinter-tips-and-tricks/) by [Wes
Dean](https://redirect.github.com/wesley-dean)
- [MegaLinter Performance Tuning for Maximum
Efficiency](https://flexion.us/blog/megalinter-performance-tuning/) by
[Wes Dean](https://redirect.github.com/wesley-dean)
- Linters enhancements
- [detekt](https://megalinter.io/latest/descriptors/kotlin_detekt/)
Enable SARIF output + count errors
- [lintr](https://megalinter.io/latest/descriptors/r_lintr/): Support
files in subdirectories, fix unit tests
- [phpcs](https://megalinter.io/latest/descriptors/php_phpcs/): Activate
APPLY_FIXES
- [Salesforce
linters](https://megalinter.io/latest/descriptors/salesforce/): Add
SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins
- [trivy](https://megalinter.io/latest/descriptors/repository_trivy/):
handle retry if `failed to download Java DB` is detected
- [tsqllint](https://redirect.github.com/tsqllint/tsqllint) Re-enabled
after .net 8 and security updates
- Fixes
- Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered
- Fix linting errors in GitHub Actions template
- Reporters
-
[UpdatedSourcesReporter](https://megalinter.io/latest/reporters/UpdatedSourcesReporter/)
will git commit & push fixed files to source branch if APPLY_FIXES is
set
- Fix AzureCommentReporter not adding comments to PR
- Fix AzureCommentReporter fails when target repo contains spaces
- Doc
- Updated documentation with Azure central pipeline use case
- Update DevSkim documentation to show a valid exclusion config file
- Note about `risky` rules and how to fix rule violations with
PHP-CS-Fixer
- CI
- Also prune volumes before pulling and pushing to docker hub
- Externalize mirroring from ghcr.io to docker hub in another workflow
to avoid memory issues
- Squash docker images to have less layers and size
- Comment jobs related to GitHub Worker images, as CodeTotal is not
actively maintained
- Make gitpod workflow not blocking until uv install is fixed
- Update stale comment
- Try several times to embed trivy db during Docker build, as a
workaround to the random failures
- Wait 10 secondes instead of 1 before retrying a failing test method,
to avoid race conditions
- Linter versions upgrades (104)
- [actionlint](https://rhysd.github.io/actionlint/) from 1.7.3 to
**1.7.4**
- [ansible-lint](https://ansible-lint.readthedocs.io/) from 24.9.2 to
**24.10.0**
-
[bicep_linter](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/linter)
from 0.30.23 to **0.31.92**
- [cfn-lint](https://redirect.github.com/aws-cloudformation/cfn-lint)
from 1.16.1 to **1.19.0**
- [checkov](https://www.checkov.io/) from 3.2.257 to **3.2.298**
- [checkstyle](https://checkstyle.org/) from 10.18.2 to **10.20.1**
- [clippy](https://redirect.github.com/rust-lang/rust-clippy) from
0.1.81 to **0.1.82**
- [clj-kondo](https://redirect.github.com/borkdude/clj-kondo) from
2024.09.27 to **2024.11.14**
-
[cspell](https://redirect.github.com/streetsidesoftware/cspell/tree/master/packages/cspell)
from 8.15.1 to **8.16.0**
- [devskim](https://redirect.github.com/microsoft/DevSkim) from 1.0.33
to **1.0.44**
- [djlint](https://djlint.com/) from 1.35.2 to **1.36.1**
-
[dotnet-format](https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-format)
from 8.0.110 to **8.0.111**
- [gitleaks](https://redirect.github.com/gitleaks/gitleaks) from 8.20.1
to **8.21.2**
- [golangci-lint](https://golangci-lint.run/) from 1.61.0 to **1.62.0**
- [ktlint](https://ktlint.github.io) from 1.3.1 to **1.4.1**
-
[lightning-flow-scanner](https://redirect.github.com/Lightning-Flow-Scanner)
from 2.34.0 to **2.36.0**
- [lychee](https://lychee.cli.rs) from 0.16.1 to **0.17.0**
- [mypy](https://mypy.readthedocs.io/en/stable/) from 1.11.2 to
**1.13.0**
- [perlcritic](https://metacpan.org/pod/Perl::Critic) from 1.152 to
**1.156**
- [phpcs](https://redirect.github.com/PHPCSStandards/PHP_CodeSniffer)
from 3.10.3 to **3.11.1**
- [phplint](https://redirect.github.com/overtrue/phplint) from 9.5.3 to
**9.5.4**
- [phpstan](https://phpstan.org/) from 1.12.6 to **2.0.1**
- [pmd](https://pmd.github.io/) from 7.6.0 to **7.7.0**
- [pyright](https://redirect.github.com/Microsoft/pyright) from 1.1.384
to **1.1.389**
- [revive](https://revive.run/) from 1.4.0 to **1.5.1**
- [roslynator](https://redirect.github.com/dotnet/Roslynator) from
0.9.1.0 to **0.9.3.0**
- [rubocop](https://rubocop.org/) from 1.66.1 to **1.68.0**
- [ruff](https://redirect.github.com/astral-sh/ruff) from 0.6.9 to
**0.7.4**
- [secretlint](https://redirect.github.com/secretlint/secretlint) from
8.4.0 to **9.0.0**
- [sfdx-scanner-apex](https://forcedotcom.github.io/sfdx-scanner/) from
4.6.0 to **4.7.0**
- [sfdx-scanner-aura](https://forcedotcom.github.io/sfdx-scanner/) from
4.6.0 to **4.7.0**
- [sfdx-scanner-lwc](https://forcedotcom.github.io/sfdx-scanner/) from
4.6.0 to **4.7.0**
- [shfmt](https://redirect.github.com/mvdan/sh) from 3.9.0 to **3.10.0**
- [snakemake](https://snakemake.readthedocs.io/en/stable/) from 8.21.0
to **8.25.3**
-
[spectral](https://docs.stoplight.io/docs/spectral/674b27b261c3c-overview)
from 6.13.1 to **6.14.1**
- [sqlfluff](https://www.sqlfluff.com/) from 3.2.3 to **3.2.5**
- [syft](https://redirect.github.com/anchore/syft) from 1.14.0 to
**1.16.0**
-
[terraform-fmt](https://developer.hashicorp.com/terraform/cli/commands/fmt)
from 1.9.5 to **1.9.8**
- [terragrunt](https://terragrunt.gruntwork.io) from 0.67.5 to
**0.68.14**
- [tflint](https://redirect.github.com/terraform-linters/tflint) from
0.53.0 to **0.54.0**
- [trivy-sbom](https://aquasecurity.github.io/trivy/) from 0.56.2 to
**0.57.0**
- [trivy](https://aquasecurity.github.io/trivy/) from 0.56.2 to
**0.57.0**
- [trufflehog](https://redirect.github.com/trufflesecurity/trufflehog)
from 3.82.11 to **3.83.7**
- [tsqllint](https://redirect.github.com/tsqllint/tsqllint) from
1.15.3.0 to **1.16.0.0**
- [v8r](https://redirect.github.com/chris48s/v8r) from 4.1.0 to
**4.2.0**
- [vale](https://vale.sh/) from 3.7.1 to **3.9.0**
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
â™» **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/quiltdata/nf-quilt).
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Dr. Ernie Prabhakar
---
.github/workflows/mega-linter.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
index be248a1b..017f182d 100644
--- a/.github/workflows/mega-linter.yml
+++ b/.github/workflows/mega-linter.yml
@@ -39,7 +39,7 @@ jobs:
id: ml
# You can override MegaLinter flavor used to have faster performances
# More info at https://megalinter.github.io/flavors/
- uses: oxsecurity/megalinter/flavors/dotnet@v8.1.0
+ uses: oxsecurity/megalinter/flavors/dotnet@v8.3.0
env:
# All available variables are described in documentation
# https://megalinter.github.io/configuration/