Fix CICD pipeline & upgrade glightbox & disable lightning flow scanner (#6053)

* [automation] Auto-update linters version, help and documentation

* [MegaLinter] Apply linters fixes

* Upgrade glightbox

Related to blueswen/mkdocs-glightbox#56

* trvy

* Disable lightning flow scanner

* Adds CVE-2025-55163 to .trivyignore

Adds CVE-2025-55163 to the .trivyignore file to exclude it from vulnerability scanning results.

---------

Co-authored-by: nvuillam <[email protected]>

Author: nvuillam

.automation/generated/linter-helps.json

@@ -9,7 +9,7 @@
     "cfn-lint": "1.39.0",
     "checkmake": "0.2.0",
     "checkov": "3.2.413",
-    "checkstyle": "11.0.0",
+    "checkstyle": "11.0.1",
     "chktex": "1.7.8",
     "clang-format": "19.1.4",
     "clippy": "0.1.89",
@@ -38,8 +38,8 @@
     "golangci-lint": "2.4.0",
     "goodcheck": "3.1.0",
     "graphql-schema-linter": "3.0.1",
-    "grype": "0.99.0",
-    "hadolint": "2.12.0",
+    "grype": "0.99.1",
+    "hadolint": "2.13.1",
     "helm": "3.16.3",
     "htmlhint": "1.6.3",
     "isort": "6.0.1",
@@ -114,13 +114,13 @@
     "terragrunt": "0.82.3",
     "terrascan": "1.19.9",
     "tflint": "0.58.1",
-    "trivy": "0.65.0",
-    "trivy-sbom": "0.65.0",
+    "trivy": "0.66.0",
+    "trivy-sbom": "0.66.0",
     "trufflehog": "3.90.5",
     "ts-standard": "12.0.2",
     "tsqllint": "1.16.0.0",
     "v8r": "5.1.0",
-    "vale": "3.11.2",
+    "vale": "3.12.0",
     "xmllint": "21304",
     "yamllint": "1.37.1"
 }

.automation/generated/linter-versions.json

@@ -97,7 +97,6 @@
   "salesforce_sfdx_scanner_apex",
   "salesforce_sfdx_scanner_aura",
   "salesforce_sfdx_scanner_lwc",
-  "salesforce_lightning_flow_scanner",
   "scala_scalafix",
   "snakemake_lint",
   "snakemake_snakefmt",

.automation/generated/linters_matrix.json

@@ -14,7 +14,7 @@ markdown==3.8.2
 mdx_truly_sane_lists==1.3
 mike==2.1.3
 mkdocs==1.6.1
-mkdocs-glightbox==0.3.2
+mkdocs-glightbox==0.5.0
 mkdocs-material==9.6.18
 multiprocessing_logging==0.3.4
 pygithub==2.7.0

.config/python/dev/requirements.txt

@@ -72,6 +72,7 @@ GHSA-xpw8-rcwv-8f8p
 # sfdx-scanner
 # https://avd.aquasec.com/nvd/cve-2025-48734 Not dangerous in MegaLinter context, and sfdx-scanner will be soon replaced by code-analyzer plugin
 CVE-2025-48734
+CVE-2025-55163
 
 # octokit
 CVE-2025-25288
@@ -134,6 +135,10 @@ CVE-2025-53547
 CVE-2025-22868
 # Not applicable in MegaLinter context as it is not used as server
 CVE-2025-7783
+# https://avd.aquasec.com/nvd/cve-2025-8959: go-getter Arbitrary File Read. Not applicable in MegaLinter context
+CVE-2025-8959
+# https://avd.aquasec.com/nvd/cve-2025-9288 : sha.js: Missing type checks leading to hash rewind and passing on crafte. Harmless in MegaLinter because Salesforce linters do not connect to Salesforce orgs
+CVE-2025-9288
 # Dockerfile
 DS001
 DS002

.trivyignore

@@ -241,6 +241,12 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
   - [grype](https://github.com/anchore/grype) from 0.98.0 to **0.99.0** on 2025-08-28
   - [secretlint](https://github.com/secretlint/secretlint) from 10.2.2 to **11.2.0** on 2025-08-28
   - [syft](https://github.com/anchore/syft) from 1.31.0 to **1.32.0** on 2025-08-28
+  - [hadolint](https://github.com/hadolint/hadolint) from 2.12.0 to **2.13.1** on 2025-09-03
+  - [checkstyle](https://checkstyle.org/) from 11.0.0 to **11.0.1** on 2025-09-03
+  - [grype](https://github.com/anchore/grype) from 0.99.0 to **0.99.1** on 2025-09-03
+  - [trivy-sbom](https://aquasecurity.github.io/trivy/) from 0.65.0 to **0.66.0** on 2025-09-03
+  - [trivy](https://aquasecurity.github.io/trivy/) from 0.65.0 to **0.66.0** on 2025-09-03
+  - [vale](https://vale.sh/) from 3.11.2 to **3.12.0** on 2025-09-03
 <!-- linter-versions-end -->
 
 ## [v8.8.0] - 2024-06-15

CHANGELOG.md

@@ -338,8 +338,6 @@ ARG GEM_RUBOCOP_RAKE_VERSION=0.7.1
 ARG GEM_RUBOCOP_RSPEC_VERSION=3.6.0
 # renovate: datasource=npm depName=@salesforce/sfdx-scanner
 ARG SALESFORCE_SFDX_SCANNER_VERSION=4.12.0
-# renovate: datasource=npm depName=lightning-flow-scanner
-ARG LIGHTNING_FLOW_SCANNER_VERSION=3.29.0
 # renovate: datasource=pypi depName=snakemake
 ARG PIP_SNAKEMAKE_VERSION=9.9.0
 # renovate: datasource=pypi depName=snakefmt
@@ -1119,11 +1117,6 @@ RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOS
 #     && (npm cache clean --force || true) \
 #     && rm -rf /root/.npm/_cacache
 #
-# lightning-flow-scanner installation
-    && echo y|sf plugins install lightning-flow-scanner@${LIGHTNING_FLOW_SCANNER_VERSION} \
-    && (npm cache clean --force || true) \
-    && rm -rf /root/.npm/_cacache \
-#
 # scalafix installation
     && ./coursier install scalafix --quiet --install-dir /usr/bin && rm -rf /root/.cache \
 #

Dockerfile

@@ -23,7 +23,7 @@
 [![MegaLinter](https://github.com/oxsecurity/megalinter/workflows/MegaLinter/badge.svg?branch=main)](https://github.com/oxsecurity/megalinter/actions?query=workflow%3AMegaLinter+branch%3Amain)
 [![codecov](https://codecov.io/gh/oxsecurity/megalinter/branch/main/graph/badge.svg)](https://codecov.io/gh/oxsecurity/megalinter)
 <!-- gh-dependents-info-used-by-start -->
-[![Generated by github-dependents-info](https://img.shields.io/static/v1?label=Used%20by&message=2655&color=informational&logo=slickpic)](https://github.com/oxsecurity/megalinter/blob/main/./docs/used-by-stats.md)<!-- gh-dependents-info-used-by-end -->
+[![Generated by github-dependents-info](https://img.shields.io/static/v1?label=Used%20by&message=2659&color=informational&logo=slickpic)](https://github.com/oxsecurity/megalinter/blob/main/./docs/used-by-stats.md)<!-- gh-dependents-info-used-by-end -->
 [![Secured with Trivy](https://img.shields.io/badge/Trivy-secured-green?logo=docker)](https://github.com/aquasecurity/trivy)
 [![GitHub contributors](https://img.shields.io/github/contributors/oxsecurity/megalinter.svg)](https://github.com/oxsecurity/megalinter/graphs/contributors/)
 [![GitHub Sponsors](https://img.shields.io/github/sponsors/nvuillam)](https://github.com/sponsors/nvuillam)