Bump oxsecurity/megalinter from 7 to 8 #13

dependabot · 2025-01-24T12:12:19Z

Bumps oxsecurity/megalinter from 7 to 8.

Release notes

Sourced from oxsecurity/megalinter's releases.

v8.0.0

What's Changed

Run npx mega-linter-runner@latest --upgrade to upgrade to MegaLinter v8 :)

Reporters

New ApiReporter (can be used to build Grafana dashboards), by @nvuillam in oxsecurity/megalinter#3540

Removed deprecated linters, by @nvuillam in oxsecurity/megalinter#3854

CSS_SCSSLINT: Project discontinued and advising to use stylelint

OPENAPI_SPECTRAL: Replaced by API_SPECTRAL (same linter but more formats handled)

SQL_SQL_LINT: Project no longer maintained

Core

Hide to linters by default all environment variables that contain TOKEN, USERNAME or PASSWORD, by @nvuillam in oxsecurity/megalinter#3881

Allow to override CLI_LINT_MODE when defined as project, by @nvuillam in oxsecurity/megalinter#3772

Allow to use absolute paths for LINTER_RULES_PATH, by @nvuillam in oxsecurity/megalinter#3775

Allow to update variables from PRE/POST Commands using output_variables property, by @nvuillam in oxsecurity/megalinter#3861

Media

MegaLinter: un linter pour les gouverner tous (FR), by Guillaume Arnaud from WeScale

MegaLinter, by Stéphane Robert, from 3DS OutScale

30 Seconds to Setup MegaLinter: Your Go-To Tool for Automated Code Quality, by Peng Cao |

Linters enhancements

bandit Call bandit with quiet mode to generate less logs, by @nvuillam in oxsecurity/megalinter#3892

grype Count number of errors returned by Grype, by @nvuillam in oxsecurity/megalinter#3906

yamllint Fix yamllint default format to avoid special characters or GitHub sections in text logs, by @nvuillam in oxsecurity/megalinter#3898

Fixes

terrascan fixed errors and removed redundant code, by @TommyE123 in oxsecurity/megalinter#3767

dotnet-format various performance improvements and ability to specify sln or proj paths, by @TommyE123 in oxsecurity/megalinter#3741

swiftlint Remove deprecated argument --path

Salesforce linters: Disable SF CLI auto update warning, by @nvuillam in oxsecurity/megalinter#3883

Doc

Add images and links to Git, CI/CD & other tools integrations at the beginning of the README, by @nvuillam in oxsecurity/megalinter#3885

Create README animated GIF presentation of MegaLinter, by @nvuillam in oxsecurity/megalinter#3910

Format mkdocs search index in place, by @echoix in oxsecurity/megalinter#3890

Use consistent spelling of 'flavor', by @InputUsername in oxsecurity/megalinter#3789

CI

Fix docker warnings, by @nvuillam in oxsecurity/megalinter#3853

FromAsCasing: 'as' and 'FROM' keywords' casing do not match

NoEmptyContinuation: Empty continuation line

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data

Port Beta workflows to use docker/metadata-action, by @echoix in oxsecurity/megalinter#3860

AutoUpdate linters: Always create a PR if the job has been started manually, by @nvuillam in oxsecurity/megalinter#3863

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

[v8.2.0] - 2024-11-17

Media

10 MegaLinter Tips and Tricks Unlock its Full Potential by Wes Dean

MegaLinter Performance Tuning for Maximum Efficiency by Wes Dean

Linters enhancements

detekt Enable SARIF output + count errors

lintr: Support files in subdirectories, fix unit tests

phpcs: Activate APPLY_FIXES

Salesforce linters: Add SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins

trivy: handle retry if failed to download Java DB is detected

tsqllint Re-enabled after .net 8 and security updates

Fixes

Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered

Fix linting errors in GitHub Actions template

Reporters

UpdatedSourcesReporter will git commit & push fixed files to source branch if APPLY_FIXES is set

Fix AzureCommentReporter not adding comments to PR

Fix AzureCommentReporter fails when target repo contains spaces

Doc

Updated documentation with Azure central pipeline use case

Update DevSkim documentation to show a valid exclusion config file

Note about risky rules and how to fix rule violations with PHP-CS-Fixer

CI

Also prune volumes before pulling and pushing to docker hub

Externalize mirroring from ghcr.io to docker hub in another workflow to avoid memory issues

Squash docker images to have less layers and size

Comment jobs related to GitHub Worker images, as CodeTotal is not actively maintained

Make gitpod workflow not blocking until uv install is fixed

Update stale comment

Try several times to embed trivy db during Docker build, as a workaround to the random failures

Wait 10 secondes instead of 1 before retrying a failing test method, to avoid race conditions

Linter versions upgrades (104)

actionlint from 1.7.3 to 1.7.4

ansible-lint from 24.9.2 to 24.10.0

bicep_linter from 0.30.23 to 0.31.92

cfn-lint from 1.16.1 to 1.19.0

checkov from 3.2.257 to 3.2.298

checkstyle from 10.18.2 to 10.20.1

clippy from 0.1.81 to 0.1.82

clj-kondo from 2024.09.27 to 2024.11.14

cspell from 8.15.1 to 8.16.0

devskim from 1.0.33 to 1.0.44

djlint from 1.35.2 to 1.36.1

... (truncated)

Commits

1fc052d Release MegaLinter v8.3.0
e8a20cd [automation] Auto-update linters version, help and documentation (#4304)
9824f37 Fix Docker mirroring job for release context (#4303)
9cb4ec7 [automation] Auto-update linters version, help and documentation (#4299)
010c8bd chore(deps): update dependency sfdx-hardis to v5.7.1 (#4302)
1a219e1 chore(deps): update trufflesecurity/trufflehog docker tag to v3.84.1 (#4301)
09ab582 Env variable replacement for PRE_COMMIT + command in log (#4298)
e33c1c7 retry in case of BLOB_UNKNOWN while downloading vulnerability list (#4300)
7f790c0 [automation] Auto-update linters version, help and documentation (#4297)
797a3d1 [automation] Auto-update linters version, help and documentation (#4296)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 7 to 8. - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](oxsecurity/megalinter@v7...v8) --- updated-dependencies: - dependency-name: oxsecurity/megalinter dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2025-01-24T12:14:52Z

🦙 MegaLinter status: ❌ ERROR

Descriptor	Linter	Files	Errors	Elapsed time
✅ ACTION	actionlint	1	0	0.01s
✅ COPYPASTE	jscpd	yes	no	1.19s
✅ EDITORCONFIG	editorconfig-checker	1	0	0.01s
✅ REPOSITORY	checkov	yes	no	17.61s
✅ REPOSITORY	devskim	yes	no	1.39s
✅ REPOSITORY	dustilock	yes	no	0.0s
✅ REPOSITORY	gitleaks	yes	no	0.12s
✅ REPOSITORY	git_diff	yes	no	0.0s
✅ REPOSITORY	grype	yes	no	12.57s
❌ REPOSITORY	kics	yes	2	1.68s
✅ REPOSITORY	secretlint	yes	no	0.83s
✅ REPOSITORY	syft	yes	no	2.25s
✅ REPOSITORY	trivy	yes	no	7.71s
✅ REPOSITORY	trivy-sbom	yes	no	0.11s
✅ REPOSITORY	trufflehog	yes	no	3.65s
✅ SPELL	cspell	2	0	2.74s
✅ SPELL	lychee	1	0	0.03s
✅ YAML	prettier	1	0	0.65s
✅ YAML	v8r	1	0	3.16s
✅ YAML	yamllint	1	0	3.6s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by

dependabot bot added the dependencies label Jan 24, 2025

dependabot bot requested a review from ElBe-Plaq as a code owner January 24, 2025 12:12

dependabot bot assigned ElBe-Plaq Jan 24, 2025

pull-request-size bot added the size/XS label Jan 24, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Bump oxsecurity/megalinter from 7 to 8 #13

Bump oxsecurity/megalinter from 7 to 8 #13

Uh oh!

dependabot bot commented on behalf of github Jan 24, 2025

Uh oh!

github-actions bot commented Jan 24, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Bump oxsecurity/megalinter from 7 to 8 #13

Are you sure you want to change the base?

Bump oxsecurity/megalinter from 7 to 8 #13

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 24, 2025

v8.0.0

What's Changed

[v8.2.0] - 2024-11-17

Uh oh!

github-actions bot commented Jan 24, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🦙 MegaLinter status: ❌ ERROR

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

github-actions bot commented Jan 24, 2025 •

edited

Loading