feat(github-action)!: Update oxsecurity/megalinter action to v8.3.0

[chii-bot]

This PR contains the following updates:

Package	Type	Update	Change
oxsecurity/megalinter	action	major	v6.3.0 -> v8.3.0

---

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

---

Release Notes

oxsecurity/megalinter

v8.3.0

Compare Source

• Core

  • Display command log (truncated to 250 chars) even when LOG_LEVEL is not DEBUG
  • Allow to replace an ENV var value with the value of another ENV var before calling a PRE_COMMAND (helps for tflint run from GitHub Enterprise)
  • Fix handling of git submodule paths

• Fixes

  • trivy: retry in case of BLOB_UNKNOWN while downloading vulnerability list

• Reporters

  • Fix UpdatedSourcesReporter when APPLY_FIXES is list (array)
  • Fix AzureCommentReporter when the repo is not found: fallback using BUILD_REPOSITORY_ID. (+ disable space replacement in repo name with AZURE_COMMENT_REPORTER_REPLACE_WITH_SPACES: false)

• CI

  • Fix Docker mirroring job for release context
  • Remove max parallel jobs for release linters workflow

• Linter versions upgrades (13)

  • cfn-lint from 1.19.0 to 1.20.0
  • checkov from 3.2.298 to 3.2.311
  • csharpier from 0.29.2 to 0.30.2
  • markdownlint from 0.42.0 to 0.43.0
  • phpstan from 2.0.1 to 2.0.2
  • ruff from 0.7.4 to 0.8.0
  • spectral from 6.14.1 to 6.14.2
  • stylua from 0.20.0 to 2.0.0
  • syft from 1.16.0 to 1.17.0
  • trivy-sbom from 0.57.0 to 0.57.1
  • trivy from 0.57.0 to 0.57.1
  • trufflehog from 3.83.7 to 3.84.1
  • vale from 3.9.0 to 3.9.1

v8.2.0

Compare Source

• Media

  • 10 MegaLinter Tips and Tricks Unlock its Full Potential by Wes Dean
  • MegaLinter Performance Tuning for Maximum Efficiency by Wes Dean

• Linters enhancements

  • detekt Enable SARIF output + count errors
  • lintr: Support files in subdirectories, fix unit tests
  • phpcs: Activate APPLY_FIXES
  • Salesforce linters: Add SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins
  • trivy: handle retry if failed to download Java DB is detected
  • tsqllint Re-enabled after .net 8 and security updates

• Fixes

  • Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered
  • Fix linting errors in GitHub Actions template

• Reporters

  • UpdatedSourcesReporter will git commit & push fixed files to source branch if APPLY_FIXES is set
  • Fix AzureCommentReporter not adding comments to PR
  • Fix AzureCommentReporter fails when target repo contains spaces

• Doc

  • Updated documentation with Azure central pipeline use case
  • Update DevSkim documentation to show a valid exclusion config file
  • Note about risky rules and how to fix rule violations with PHP-CS-Fixer

• CI

  • Also prune volumes before pulling and pushing to docker hub
  • Externalize mirroring from ghcr.io to docker hub in another workflow to avoid memory issues
  • Squash docker images to have less layers and size
  • Comment jobs related to GitHub Worker images, as CodeTotal is not actively maintained
  • Make gitpod workflow not blocking until uv install is fixed
  • Update stale comment
  • Try several times to embed trivy db during Docker build, as a workaround to the random failures
  • Wait 10 secondes instead of 1 before retrying a failing test method, to avoid race conditions

• Linter versions upgrades (104)

  • actionlint from 1.7.3 to 1.7.4
  • ansible-lint from 24.9.2 to 24.10.0
  • bicep_linter from 0.30.23 to 0.31.92
  • cfn-lint from 1.16.1 to 1.19.0
  • checkov from 3.2.257 to 3.2.298
  • checkstyle from 10.18.2 to 10.20.1
  • clippy from 0.1.81 to 0.1.82
  • clj-kondo from 2024.09.27 to 2024.11.14
  • cspell from 8.15.1 to 8.16.0
  • devskim from 1.0.33 to 1.0.44
  • djlint from 1.35.2 to 1.36.1
  • dotnet-format from 8.0.110 to 8.0.111
  • gitleaks from 8.20.1 to 8.21.2
  • golangci-lint from 1.61.0 to 1.62.0
  • ktlint from 1.3.1 to 1.4.1
  • lightning-flow-scanner from 2.34.0 to 2.36.0
  • lychee from 0.16.1 to 0.17.0
  • mypy from 1.11.2 to 1.13.0
  • perlcritic from 1.152 to 1.156
  • phpcs from 3.10.3 to 3.11.1
  • phplint from 9.5.3 to 9.5.4
  • phpstan from 1.12.6 to 2.0.1
  • pmd from 7.6.0 to 7.7.0
  • pyright from 1.1.384 to 1.1.389
  • revive from 1.4.0 to 1.5.1
  • roslynator from 0.9.1.0 to 0.9.3.0
  • rubocop from 1.66.1 to 1.68.0
  • ruff from 0.6.9 to 0.7.4
  • secretlint from 8.4.0 to 9.0.0
  • sfdx-scanner-apex from 4.6.0 to 4.7.0
  • sfdx-scanner-aura from 4.6.0 to 4.7.0
  • sfdx-scanner-lwc from 4.6.0 to 4.7.0
  • shfmt from 3.9.0 to 3.10.0
  • snakemake from 8.21.0 to 8.25.3
  • spectral from 6.13.1 to 6.14.1
  • sqlfluff from 3.2.3 to 3.2.5
  • syft from 1.14.0 to 1.16.0
  • terraform-fmt from 1.9.5 to 1.9.8
  • terragrunt from 0.67.5 to 0.68.14
  • tflint from 0.53.0 to 0.54.0
  • trivy-sbom from 0.56.2 to 0.57.0
  • trivy from 0.56.2 to 0.57.0
  • trufflehog from 3.82.11 to 3.83.7
  • tsqllint from 1.15.3.0 to 1.16.0.0
  • v8r from 4.1.0 to 4.2.0
  • vale from 3.7.1 to 3.9.0

v8.1.0

Compare Source

• Core

  • Allow to tag PRE_COMMANDS to run them before loading plugins, by @​nvuillam in #​3944
  • Replace usage of setup.py with a pyproject.toml package install, by @​echoix in #​3893
  • Allow to add custom messages at the end of PR / MR MegaLinter Summary using variable JOB_SUMMARY_ADDITIONAL_MARKDOWN

• New linters

  • New LUA linter: selene, by @​AlejandroSuero in #​3978
  • New LUA formatter: stylua, by @​AlejandroSuero in #​3985

• Linters enhancements

  • Trivy
    • Embed vulnerability database in Docker Image for running trivy on internet-free network
    • Retry 5 times after 3 seconds in case of TooManyRequests when downloading vulnerability database
    • If the retries did not succeed, call trivy with --skip-db-update --skip-check-update (not ideal but better than nothing)
  • Bash/Perl: Support shell scripts with no extension and only support perl shebangs at the beginning of a file in #​4076

• Fixes

  • APPLY_FIXES and for PHP_PHPCSFIXER linter, by @​llaville in #​3963
  • Add debug traces to investigate reporters activation
  • Add more traces for ApiReporter
  • Activate ApiReporter by default

• Reporters

  • Fix ApiReporter not called in MegaLinter flavors

• Doc

  • Fix Grafana Home Dashboard to add missing criteria
  • Update PRE_COMMANDS documentation to describe all properties
  • Update Grafana documentation to fix secrets typo

• CI

  • Free space in release job to avoid no space left on device, by @​nvuillam in #​3914
  • Add pytest-rerunfailures to improve CI control jobs success, by @​AlejandroSuero in #​3993
  • Send GITHUB_TOKEN to trivy-action
  • Workaround to avoid to reach Docker Hub rate limits: Build & push first on ghcr.io, then login to docker hub, then push to docker hub

• Linter versions upgrades

  • actionlint from 1.7.1 to 1.7.3
  • ansible-lint from 24.7.0 to 24.9.2
  • bandit from 1.7.9 to 1.7.10
  • bicep_linter from 0.29.47 to 0.30.23
  • black from 24.8.0 to 24.10.0
  • cfn-lint from 1.10.3 to 1.16.1
  • checkov from 3.2.232 to 3.2.257
  • checkstyle from 10.17.0 to 10.18.2
  • clippy from 0.1.80 to 0.1.81
  • clj-kondo from 2024.08.01 to 2024.09.27
  • cpplint from 1.6.1 to 2.0.0
  • csharpier from 0.29.0 to 0.29.2
  • cspell from 8.14.1 to 8.15.1
  • detekt from 1.23.6 to 1.23.7
  • djlint from 1.34.1 to 1.35.2
  • dotnet-format from 8.0.108 to 8.0.110
  • eslint from 8.57.0 to 8.57.1
  • gitleaks from 8.18.4 to 8.20.1
  • golangci-lint from 1.60.1 to 1.61.0
  • kics from 2.1.2 to 2.1.3
  • lightning-flow-scanner from 2.33.0 to 2.34.0
  • lychee from 0.15.1 to 0.16.1
  • markdownlint from 0.41.0 to 0.42.0
  • mypy from 1.11.1 to 1.11.2
  • npm-groovy-lint from 14.6.0 to 15.0.2
  • php-cs-fixer from 3.62.0 to 3.64.0
  • phpcs from 3.10.2 to 3.10.3
  • phplint from 9.4.1 to 9.5.3
  • phpstan from 1.11.11 to 1.12.6
  • pmd from 7.4.0 to 7.6.0
  • psalm from Psalm.5.25.0@​ to Psalm.5.26.1@​
  • pylint from 3.2.6 to 3.3.1
  • pyright from 1.1.376 to 1.1.384
  • revive from 1.3.9 to 1.4.0
  • roslynator from 0.8.9.0 to 0.9.1.0
  • rubocop from 1.65.1 to 1.66.1
  • ruff from 0.6.1 to 0.6.9
  • scalafix from 0.12.1 to 0.13.0
  • secretlint from 8.2.4 to 8.4.0
  • sfdx-scanner-apex from 4.4.0 to 4.6.0
  • sfdx-scanner-aura from 4.4.0 to 4.6.0
  • sfdx-scanner-lwc from 4.4.0 to 4.6.0
  • shfmt from 3.8.0 to 3.9.0
  • snakemake from 8.18.1 to 8.21.0
  • spectral from 6.11.1 to 6.13.1
  • sqlfluff from 3.1.0 to 3.2.3
  • standard from 17.1.0 to 17.1.2
  • stylelint from 16.8.2 to 16.10.0
  • swiftlint from 0.56.1 to 0.57.0
  • syft from 1.11.0 to 1.14.0
  • terraform-fmt from 1.9.4 to 1.9.5
  • terragrunt from 0.66.8 to 0.67.5
  • terrascan from 1.18.11 to 1.19.9
  • trivy-sbom from 0.54.1 to 0.56.2
  • trivy from 0.54.1 to 0.56.2
  • trufflehog from 3.81.10 to 3.82.8
  • v8r from 4.0.1 to 4.1.0
  • vale from 3.7.0 to 3.7.1

v8.0.0

Compare Source

• Reporters
  • New ApiReporter (can be used to build Grafana dashboards), by @​nvuillam in #​3540

• Removed deprecated linters, by @​nvuillam in #​3854

  • CSS_SCSSLINT: Project discontinued and advising to use stylelint
  • OPENAPI_SPECTRAL: Replaced by API_SPECTRAL (same linter but more formats handled)
  • SQL_SQL_LINT: Project no longer maintained

• Core

  • Hide to linters by default all environment variables that contain TOKEN, USERNAME or PASSWORD, by @​nvuillam in #​3881
  • Allow to override CLI_LINT_MODE when defined as project, by @​nvuillam in #​3772
  • Allow to use absolute paths for LINTER_RULES_PATH, by @​nvuillam in #​3775
  • Allow to update variables from PRE/POST Commands using output_variables property, by @​nvuillam in #​3861

• Media

  • MegaLinter: un linter pour les gouverner tous (FR), by Guillaume Arnaud from WeScale
  • MegaLinter, by Stéphane Robert, from 3DS OutScale
  • 30 Seconds to Setup MegaLinter: Your Go-To Tool for Automated Code Quality, by Peng Cao |

• Linters enhancements

  • bandit Call bandit with quiet mode to generate less logs, by @​nvuillam in #​3892
  • grype Count number of errors returned by Grype, by @​nvuillam in #​3906
  • yamllint Fix yamllint default format to avoid special characters or GitHub sections in text logs, by @​nvuillam in #​3898

• Fixes

  • terrascan fixed errors and removed redundant code, by @​TommyE123 in #​3767
  • dotnet-format various performance improvements and ability to specify sln or proj paths, by @​TommyE123 in #​3741
  • swiftlint Remove deprecated argument --path
  • Salesforce linters: Disable SF CLI auto update warning, by @​nvuillam in #​3883

• Doc

  • Add images and links to Git, CI/CD & other tools integrations at the beginning of the README, by @​nvuillam in #​3885
  • Create README animated GIF presentation of MegaLinter, by @​nvuillam in #​3910
  • Format mkdocs search index in place, by @​echoix in #​3890
  • Use consistent spelling of 'flavor', by @​InputUsername in #​3789

• CI

  • Fix docker warnings, by @​nvuillam in #​3853
    • FromAsCasing: 'as' and 'FROM' keywords' casing do not match
    • NoEmptyContinuation: Empty continuation line
    • SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data
  • Port Beta workflows to use docker/metadata-action, by @​echoix in #​3860
  • AutoUpdate linters: Always create a PR if the job has been started manually, by @​nvuillam in #​3863
  • Add skip_checkout: true to default MegaLinter GitHub Action template
  • Remove path filters in deploy-DEV workflow as it is a required check by @​echoix in #​3894

• mega-linter-runner

  • Add new rules to upgrade to MegaLinter v8, by @​nvuillam in #​3896
  • Replace glob-promise by glob library, by @​nvuillam in #​3902
    • Minimum NodeJs version is now 20.x

• Linter versions upgrades

  • ansible-lint from 24.6.1 to 24.7.0
  • bicep_linter from 0.28.1 to 0.29.47
  • black from 24.4.2 to 24.8.0
  • cfn-lint from 1.5.0 to 1.10.3
  • checkov from 3.2.174 to 3.2.232
  • clippy from 0.1.79 to 0.1.80
  • clj-kondo from 2024.05.24 to 2024.08.01
  • csharpier from 0.28.2 to 0.29.0
  • cspell from 8.10.4 to 8.14.1
  • dotnet-format from 8.0.106 to 8.0.108
  • flake8 from 7.1.0 to 7.1.1
  • golangci-lint from 1.59.1 to 1.60.1
  • grype from 0.79.2 to 0.79.5
  • jsonlint from 14.0.3 to 16.0.0
  • kics from 2.1.1 to 2.1.2
  • kubeconform from 0.6.6 to 0.6.7
  • lightning-flow-scanner from 2.28.0 to 2.33.0
  • mypy from 1.10.1 to 1.11.1
  • php-cs-fixer from 3.59.3 to 3.62.0
  • phpcs from 3.10.1 to 3.10.2
  • phpstan from 1.11.9 to 1.11.11
  • pmd from 7.3.0 to 7.4.0
  • prettier from 3.3.2 to 3.3.3
  • protolint from 0.50.2 to 0.50.5
  • pylint from 3.2.5 to 3.2.6
  • pyright from 1.1.370 to 1.1.376
  • revive from 1.3.7 to 1.3.9
  • rstcheck from 6.2.1 to 6.2.4
  • rubocop from 1.64.1 to 1.65.1
  • ruff from 0.5.1 to 0.6.1
  • sfdx-scanner-apex from 4.3.2 to 4.4.0
  • sfdx-scanner-aura from 4.3.2 to 4.4.0
  • sfdx-scanner-lwc from 4.3.2 to 4.4.0
  • snakemake from 8.15.2 to 8.18.1
  • stylelint from 16.6.1 to 16.8.2
  • swiftlint from 0.55.1 to 0.56.1
  • syft from 1.8.0 to 1.11.0
  • terraform-fmt from 1.9.0 to 1.9.4
  • terragrunt from 0.59.6 to 0.66.8
  • tflint from 0.52.0 to 0.53.0
  • trivy-sbom from 0.53.0 to 0.54.1
  • trivy from 0.53.0 to 0.54.1
  • trufflehog from 3.79.0 to 3.81.9
  • v8r from 3.1.0 to 4.0.1
  • vale from 3.6.0 to 3.7.0

v7.13.0

Compare Source

• New linters

  • Add ls-lint, file and folder linter, by @​scolladon in #​3681

• Core

  • Handle renovate version comments in build script, by @​echoix in #​3617 , #​3627 , #​3643 , #​3699 , #​3700
  • Update base image to python:3.12.4-alpine3.20
  • Use dotnet8-sdk available in the main repository, by @​TommyE123 in #​3696

• Media

  • Introducing MegaLinter: Streamlining Code Quality Checks Across Multiple Languages, by Cloud Tuned
  • Infrastructure as Code GitHub Codespace Template, by Luke Murray
  • Video: How to: Secrets scanning, by Hackitect's playground

• Linters enhancements

  • Add SARIF support (v2) for all PHP linters by @​llaville in #​3745 , #​3729
  • Add python package Pygments to rst-lint venv, by @​bobidle in #​3631
  • CSharpier added ability to override config filename and path, by @​TommyE123 in #​3664
  • xmllint added support for xsd files, by @​TommyE123 in #​3665

• Fixes

  • Improve support for single argument in get_list_args function, by @​TommyE123 in #​3589
  • ansible-lint Improved activation by checking for .ansible-lint config file, by @​TommyE123 in #​3697
  • DevSkim fixed fatal errors when scanning and ability to override config path, by @​TommyE123 in #​3673
  • GitLeaks add missing schema properties, by @​TommyE123 in #​3675
  • Powershell Error table truncation improvements, by @​TommyE123 in #​3620
  • Powershell added missing schema property POWERSHELL_POWERSHELL_FORMATTER_OUTPUT_ENCODING, by @​TommyE123 in #​3678
  • syft use scan instead of deprecated packages arg, by @​TommyE123 in #​3613
  • tflint added missing schema property TERRAFORM_TFLINT_SECURED_ENV, by @​TommyE123 in #​3679
  • tflint fixed deprecated argument and other improvements to default .tflint.hcl template, by @​TommyE123 in #​3688
  • xmllint added missing schema properties XML_XMLLINT_AUTOFORMAT and XML_XMLLINT_INDENT, by @​TommyE123 in #​3677
  • yamllint fix error/warning count to work with different log output formats, by @​TommyE123 in #​3612

• Doc

  • Update documentation icons by @​nvuillam in #​3625

• Flavors

  • Add gherkin-lint in c_cpp flavor, by @​nvuillam in #​3698

• CI

  • Bump actions/checkout from 3 to 4, by @​KristjanESPERANTO in #​2994
  • Reduce dependabot PR frequency to weekly by @​echoix in #​3642

• Linter versions upgrades

  • ansible-lint from 24.2.3 to 24.6.1
  • bandit from 1.7.8 to 1.7.9
  • bash-exec from 5.2.21 to 5.2.26
  • bicep_linter from 0.27.1 to 0.28.1
  • cfn-lint from 0.87.4 to 1.5.0
  • checkov from 3.2.122 to 3.2.174
  • clang-format from 17.0.5 to 17.0.6
  • clippy from 0.1.78 to 0.1.79
  • cspell from 8.8.3 to 8.10.4
  • editorconfig-checker from 3.0.1 to 3.0.3
  • flake8 from 7.0.0 to 7.1.0
  • git_diff from 2.43.4 to 2.45.2
  • gitleaks from 8.18.2 to 8.18.4
  • golangci-lint from 1.59.0 to 1.59.1
  • grype from 0.78.0 to 0.79.2
  • helm from 3.14.2 to 3.14.3
  • jscpd from 4.0.4 to 4.0.5
  • kics from 2.0.1 to 2.1.1
  • ktlint from 1.2.1 to 1.3.1
  • lightning-flow-scanner from 2.26.0 to 2.28.0
  • markdown-table-formatter from 1.6.0 to 1.6.1
  • mypy from 1.10.0 to 1.10.1
  • npm-package-json-lint from 7.1.0 to 8.0.0
  • php-cs-fixer from 3.58.1 to 3.59.3
  • phplint from 9.3.1 to 9.4.1
  • phpstan from 1.11.3 to 1.11.7
  • pmd from 7.1.0 to 7.3.0
  • prettier from 3.3.0 to 3.3.2
  • protolint from 0.49.7 to 0.50.2
  • psalm from Psalm.5.24.0@​ to Psalm.5.25.0@​
  • pylint from 3.2.2 to 3.2.5
  • pyright from 1.1.365 to 1.1.370
  • ruff from 0.4.10 to 0.5.1
  • sfdx-scanner-apex from 3.25.0 to 4.3.2
  • sfdx-scanner-aura from 3.25.0 to 4.3.2
  • sfdx-scanner-lwc from 3.25.0 to 4.3.2
  • snakemake from 8.12.0 to 8.15.2
  • sqlfluff from 3.0.7 to 3.1.0
  • swiftlint from 0.54.0 to 0.55.1
  • syft from 1.5.0 to 1.8.0
  • terraform-fmt from 1.8.4 to 1.9.0
  • terragrunt from 0.58.13 to 0.59.6
  • tflint from 0.51.1 to 0.52.0
  • trivy-sbom from 0.51.4 to 0.53.0
  • trivy from 0.51.4 to 0.53.0
  • trufflehog from 3.77.0 to 3.79.0
  • v8r from 3.0.0 to 3.1.0
  • vale from 3.4.2 to 3.6.0
  • xmllint from 21108 to 21207

v7.12.0

Compare Source

• Core

  • Add new logs (at debug level) on each linter activation/deactivation
  • Clean MegaLinter own CVE exceptions and order the remaining ones with links to related issues
  • Upgrade to Java 21 except for npm-groovy-lint that requires Java 17

• Media

  • Add blog post 5 ways MegaLinter upped our DevSecOps game to the list of English articles by @​wesley-dean-flexion in #​3596

• Linters

  • Add PHP fixer by @​llaville in #​3598
  • API_SPECTRAL was added as replacement for OPENAPI_SPECTRAL (deprecated), supporting AsyncAPI and OpenAPI by default. Uses Spectral's standard config file name .spectral.yaml instead of .openapirc.yml with a default config with rulesets for AsyncAPI and OpenAPI enabled. Fixes #​3387
  • Disable SQL_TSQLLINT until security issues are solved. Related to tsqllint/tsqllint#​333
  • PHP linters (PHP_PHPCS, PHP_PHPLINT, PHP_PHPSTAN) add support to SARIF report output format with help of https://github.com/llaville/sarif-php-sdk
  • Php psalm improvement by @​llaville in #​3541
  • KOTLIN_KTLINT now supports list_of_files mode, and has better error counting
  • Upgrade KOTLIN_DETEKT and make it work with cli_lint_mode = project

• Fixes

  • Change golangci-lint lint mode to project, by @​wandering-tales in #​3509
  • Disable sql-lint as it is no longer maintained
  • Add new entries findUnusedCode and findUnusedBaselineEntry in default psalm.xml configuration file for PHP_PSALM linter. Related to #​3538
  • fix(pylint): overgeneral-exceptions fully qualified name by @​gardar in #​3576
  • Update ktlint descriptor to support list_of_files and better error counting by @​Yann-J in #​3575
  • Sync PowerShell version in arm.megalinter-descriptor.yml by @​echoix in #​3586
  • Adjust find commands to clean up files in same step by @​echoix in #​3588
  • Upgrade KOTLIN_DETEKT and make it work with cli_lint_mode = project by @​nvuillam in #​3590

• Doc

  • Handle disabled_reason property in descriptors
  • Sort enums in json schema, by @​echoix in #​3595

• Flavors

• CI

  • Build: take in account disabled linters for workflow auto-update
  • Remove useless package-lock.json that was in python tests folder
  • Fix SARIF_REPORTER that was wrongly sent to true to format & fix test methods
  • Build: Write ARG lines at the top of Dockerfiles if they are used by FROM variables
  • Remove Github Actions Workflow telemetry to improve performances
  • Update Docker image for Gitpod to run on Ubuntu Noble, by @​echoix
  • Update makefile bootstrap config (gitpod or local) to use uv for package installation, by @​echoix
  • Use uv to install Python deps for CI by @​echoix in #​3561
  • Use a single find command to delete pycache files by @​echoix in #​3562
  • Sort schema enums by @​echoix in #​3595

• Linter versions upgrades

  • actionlint from 1.6.27 to 1.7.1
  • ansible-lint from 24.2.2 to 24.2.3
  • bicep_linter from 0.26.170 to 0.27.1
  • black from 24.4.0 to 24.4.2
  • cfn-lint from 0.86.4 to 0.87.4
  • checkov from 3.2.74 to 3.2.122
  • checkstyle from 10.15.0 to 10.17.0
  • clippy from 0.1.77 to 0.1.78
  • clj-kondo from 2024.03.13 to 2024.05.24
  • csharpier from 0.28.1 to 0.28.2
  • cspell from 8.7.0 to 8.8.3
  • detekt from 1.23.5 to 1.23.6
  • dotnet-format from 8.0.104 to 8.0.106
  • editorconfig-checker from 2.7.2 to 3.0.1
  • git_diff from 2.43.0 to 2.43.4
  • golangci-lint from 1.57.2 to 1.59.0
  • grype from 0.77.0 to 0.78.0
  • jscpd from 3.5.10 to 4.0.4
  • kics from 2.0.0 to 2.0.1
  • kubeconform from 0.6.4 to 0.6.6
  • lightning-flow-scanner from 2.22.0 to 2.24.0
  • luacheck from 1.1.2 to 1.2.0
  • lychee from 0.14.3 to 0.15.1
  • markdown-link-check from 3.12.1 to 3.12.2
  • markdown-table-formatter from 1.5.0 to 1.6.0
  • markdownlint from 0.39.0 to 0.41.0
  • mypy from 1.9.0 to 1.10.0
  • npm-groovy-lint from 14.4.1 to 14.6.0
  • phpcs from 3.9.1 to 3.10.1
  • phplint from 9.1.2 to 9.3.1
  • phpstan from 1.10.67 to 1.11.0 to 1.11.3
  • pmd from 6.55.0 to 7.1.0
  • powershell from 7.4.1 to 7.4.2
  • powershell_formatter from 7.4.1 to 7.4.2
  • prettier from 3.2.5 to 3.3.0
  • proselint from 0.13.0 to 0.14.0
  • protolint from 0.49.6 to 0.49.7
  • psalm from Psalm.5.23.1@​ to Psalm.5.24.0@​
  • pylint from 3.1.0 to 3.2.2
  • pyright from 1.1.359 to 1.1.365
  • roslynator from 0.8.6.0 to 0.8.9.0
  • rubocop from 1.63.3 to 1.64.1
  • ruff from 0.4.1 to 0.4.7
  • scalafix from 0.12.0 to 0.12.1
  • secretlint from 8.2.3 to 8.2.4
  • sfdx-scanner-apex from 3.23.0 to 3.25.0
  • sfdx-scanner-aura from 3.23.0 to 3.25.0
  • sfdx-scanner-lwc from 3.23.0 to 3.25.0
  • snakefmt from 0.10.1 to 0.10.2
  • snakemake from 8.10.8 to 8.12.0
  • sqlfluff from 3.0.5 to 3.0.7
  • stylelint from 16.4.0 to 16.6.1
  • syft from 1.2.0 to 1.5.0
  • tekton-lint from 1.0.2 to 1.1.0
  • terraform-fmt from 1.8.1 to 1.8.4
  • terragrunt from 0.57.5 to 0.58.10
  • tflint from 0.50.3 to 0.51.1
  • trivy-sbom from 0.50.2 to 0.51.4
  • trivy from 0.50.2 to 0.51.4
  • trufflehog from 3.73.0 to 3.77.0
  • vale from 3.4.0 to 3.4.2
  • xmllint from 21107 to 21108

v7.11.1

Compare Source

• Fixes

  • Implement fallback in case git diff does not work with merge-base

• Linter versions upgrades

  • stylelint from 16.3.1 to 16.4.0

v7.11.0

Compare Source

• Core

  • Allow to override the number of parallel cores used, with variable PARALLEL_PROCESS_NUMBER, by @​nvuillam in #​3428
  • Upgrade base python image from 3.12.2-alpine3.19 to 3.12.3-alpine3.19
  • Upgrade PHP 8.1 to 8.3 by @​llaville in #​3464
  • Add descriptor pre / post commands, by @​bdovaz in #​3468
  • Allow merge lists with EXTENDS, by @​bdovaz in #​3469

• Media

• New linters

  • Add Kotlin detekt linter, by @​enciyo in #​3408

• Reporters

  • Add ruff sarif support, by @​Skitionek in #​3486

• Fixes

  • Fix listing of modified files, by @​vkucera in #​3472. Fixes #​2125.
  • Fix conflict between prettier and yamllint about spaces, by @​apeyrat in #​3426
  • Ensure trufflehog does not auto-update itself, by @​wandering-tales in #​3430
  • Salesforce linters: use sf + default Flow Scanner rules, by @​nvuillam in #​3435
  • Disable JSON_ESLINT_PLUGIN_JSONC until ota-meshi/eslint-plugin-jsonc#​328 is fixed
  • Upgrade tar in mega-linter-runner
  • secretlint: remove default .secretlintignore that was never used but .gitignore is used instead. Fixes #​3328
  • Add jpeg, xlsx to .gitleaks.toml, by @​rasa in #​3434
  • Fix Json Schema, by @​nvuillam in #​3470
  • Remove TEMPLATES/.secretlintignore, by @​pjungermann in #​3476

• Doc

  • Update R2DevOps logo, by @​nvuillam in #​3436
  • Update Roslynator repo url and logo, by @​TommyE123 in #​3444
  • Fix clang-format documentation links to point to the correct version. Fixes #​3452, by @​daltonv in #​3453
  • Add copy to clipboard button in code block (documentation), by @​nikkii86 in #​3491

• Flavors

  • Add C & C++ linters in Python flavor by @​nvuillam in #​3456

• CI

  • Make SPELL_LYCHEE non blocking for internal CI jobs
  • Remove old unused automerge workflows by @​echoix in #​3432
  • Add consistent python3/python handling at build.sh, by @​pjungermann in #​3475

• Linter versions upgrades

  • ansible-lint from 24.2.0 to 24.2.2
  • bicep_linter from 0.25.53 to 0.26.170
  • black from 24.2.0 to 24.4.0
  • cfn-lint from 0.86.0 to 0.86.4
  • checkov from 3.2.34 to 3.2.74
  • checkstyle from 10.14.0 to 10.15.0
  • clippy from 0.1.76 to 0.1.77
  • clj-kondo from 2024.03.05 to 2024.03.13
  • csharpier from 0.27.3 to 0.28.1
  • cspell from 8.6.0 to 8.7.0
  • devskim from 1.0.32 to 1.0.33
  • dotnet-format from 8.0.102 to 8.0.104
  • eslint-plugin-jsonc from 2.13.0 to 2.15.1
  • golangci-lint from 1.56.2 to 1.57.2
  • grype from 0.74.7 to 0.77.0
  • kics from 1.7.13 to 2.0.0
  • lightning-flow-scanner from 2.18.0 to 2.22.0
  • markdown-link-check from 3.11.2 to 3.12.1
  • npm-groovy-lint from 14.2.3 to 14.4.1
  • phpcs from 3.9.0 to 3.9.1
  • phpstan from 1.10.60 to 1.10.67
  • protolint from 0.48.0 to 0.49.6
  • psalm from Psalm.5.23.0@​ to Psalm.5.23.1@​
  • pyright from 1.1.353 to 1.1.359
  • roslynator from 0.8.3.0 to 0.8.6.0
  • rstcheck from 6.2.0 to 6.2.1
  • rubocop from 1.62.0 to 1.63.3
  • ruff from 0.3.2 to 0.4.1
  • secretlint from 8.1.2 to 8.2.3
  • sfdx-scanner-apex from 3.21.0 to 3.23.0
  • sfdx-scanner-aura from 3.21.0 to 3.23.0
  • sfdx-scanner-lwc from 3.21.0 to 3.23.0
  • snakefmt from 0.10.0 to 0.10.1
  • snakemake from 8.5.5 to 8.10.8
  • spectral from 6.11.0 to 6.11.1
  • sqlfluff from 2.3.5 to 3.0.5
  • stylelint from 16.2.1 to 16.3.1
  • syft from 1.0.1 to 1.2.0
  • tekton-lint from 1.0.0 to 1.0.2
  • terraform-fmt from 1.7.4 to 1.8.1
  • terragrunt from 0.55.13 to 0.57.5
  • trivy-sbom from 0.49.1 to 0.50.2
  • trivy from 0.49.1 to 0.50.2
  • trufflehog from 3.69.0 to 3.73.0
  • vale from 3.2.2 to 3.4.0

v7.10.0

Compare Source

• Core

  • Update dotnet linters to .NET 8, by @​bdovaz in #​3182

• Media

  • How to use MegaLinter with Jenkins, by Darin Pope / Cloudbees

• Fixes

  • Trivy: use misconfig instead of the deprecated config scanner, updating the default arguments, by @​pjungermann in #​3376
  • Update calls to sfdx-scanner to output a CSV file for Aura & LWC, by @​nvuillam in #​3398
  • Kics: fixed error count in the summary table, by @​TommyE123 in #​3402
  • Fix issue with EXTENDS using private repository by sending GITHUB_TOKEN as HTTP auth header, by @​nvuillam in #​3404
  • Fix SPELL_VALE_CONFIG_FILE not working (handle the override of linter CONFIG_FILE if the linter is activated only if some files are found), by @​nvuillam in #​3409

• CI

  • Enable dependabot updates for devcontainer and other Docker directories, by @​echoix in #​3390

• Doc

  • Removed obsolete warning for semgrep as the issue has been fixed, by @​Jayllyz in #​3374
  • docs: fix docs in TrivySbomLinter.py, by @​pjungermann in https://togithub.com/oxsecurity/megalinter/pull/3377S

• Linter versions upgrades

  • actionlint from 1.6.26 to 1.6.27
  • bandit from 1.7.7 to 1.7.8
  • bicep_linter from 0.25.3 to 0.25.53
  • black f

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by Renovate Bot.

[chii-bot]

🦙 MegaLinter status: ❌ ERROR

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
❌ ACTION	actionlint	1		1	0.01s
❌ COPYPASTE	jscpd	yes		5	1.25s
✅ REPOSITORY	git_diff	yes		no	0.04s
✅ REPOSITORY	secretlint	yes		no	1.74s
✅ YAML	prettier	1		0	0.37s
✅ YAML	yamllint	1		0	0.38s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by