chore(deps): update dependency semgrep to v1.128.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
semgrep	1.116.0 -> 1.128.1

---

Release Notes

returntocorp/semgrep (semgrep)

v1.128.1

No significant changes.

v1.128.0

Added

• HTTP{,S}_PROXY=... now accepts URIs without a scheme (e.g HTTP_PROXY=domain.com:port) (saf-2082)

Fixed

• Java: Deprecated class $A partial class pattern, in favor of

  class $A { ... }
  ``` (safe-2104)
  

v1.127.1

Fixed

• Fixed an issue where Semgrep would segfault if --trace was passed and the
  number of jobs was greater than 1

v1.127.0

Compare Source

Fixed

• pro: typescript: Prevent stack overflows and out-of-memory issues when reading
  TS configs. (code-8678)

v1.126.0

Compare Source

Fixed

• Missing version constraints in yarn.lock descriptors no longer raise parsing errors (sc-2293)

v1.125.0

Added

• Dependency resolution errors that result from local builds are now reported in the scan log by default. (SC-2442)
• Adds reporting of SSC subproject dependency resolution to the output when using --json. (SC-2458)
• Semgrep's JSON output now will always include some basic profiling data (WIP). (code-8529)
• C# Dependency Parsing can now handle dependencies with "Project" & "CentralTransitive" transitivities. (sc-2376)

Fixed

• Fixed an issue present since v1.117.0 that led .semgrepignore excludes to be applied to Secrets product scans. Now, Semgrep will once again scan files that have been excluded from Code and SSC scans for possible leaked secrets. (SAF-2067)
• Added support for npm aliasing in package-lock.json, fixing a bug where packages would rarely be misidentified. (SC-2387)
• Fixed scenario where case statements with ellipsis did not match patterns correctly. (gh-10086)
• Nosemgrep ignore comments no longer require exactly one space before, allowing for more commenting styles. (gh-11041)
• Fixed bug where Javascript autofix breaks syntax for if statements by consuming parentheses. (gh-9522)
• Fix: the Semgrep findings returned by the Semgrep language server (LSP)
  are now sorted correctly based on their location within files.
  This benefits all the Semgrep IDE extensions (VSCode, IntelliJ). (ide-findings-order)
• fixed an issue where semgrep ci logs in GitLab would return an incorrect URL
  with the wrong &ref=... argument. (saf-959)

v1.124.1

Fixed

• Fixed an issue present since v1.117.0 that led .semgrepignore excludes to be applied to Secrets product scans. Now, Semgrep will once again scan files that have been excluded from Code and SSC scans for possible leaked secrets. (SAF-2067)

v1.124.0

Compare Source

Added

• Parallelizes rule validation to improve performance when scanning with many rule files. (SAF-2061)
• Semgrep should now respect ALL_PROXY, HTTP_PROXY, HTTPS_PROXY,
  NO_PROXY, PROXY_USERNAME and PROXY_PASSWORD for all networking (including
  that done via the OCaml components). Moreover, the environment variable
  OCAML_EXTRA_CA_CERTS should now allow additional CA certs to be used for
  network operations done by OCaml components. (code-8157)

Fixed

• Stop attempting to parse build.gradle.kts files as build.gradle. (SC-2209)
• Taint rules using the experimental feature labels, and specifying sinks
  with a requires: of the form not A, could produce findings with an empty
  list of traces, potentially causing a crash. We now recognize the issue and
  prevent the crash from happening. (code-8531)
• Fixed inconsistency where the empty Python fstring f"" was not matched by the pattern "...". (gh-10047)
• Fixed bug where dev depenencies (and their dependencies, and so on) were incorrectly marked as "transitivity: unknown" when parsing package-lock.json projects, specifically v3 lockfiles. (gh-4003)
• Fixed scenario where a multiplication expression of ints was not considered an int. This will help with metavariable-type. Concretely, "2 * groups" was not considered an int, where groups is an int. Additionally adds type inference for mod, floor division, and pow. (gh-9855)
• pro: python: Fixed a regression that could (in rare cases) cause naming to take a
  disproportionate amount of time significantly slowing down scans. (saf-1978)

v1.123.0

Compare Source

Fixed

• Fixed bug where supply chain reachability rules which match multiple dependencies could produce reachable findings on transitive dependencies even when the actually used direct dependency was not vulnerable. (SC-2088)
• Fixed documentation to reflect that, for --metrics="auto", pseudoanonymous metrics are sent when the user is logged in. (gh-11028)

v1.122.0

Compare Source

Added

• Adds support for the UV package manager in Supply Chain scans. (SC-1900)

Fixed

• pro: Fixed inter-file naming bug affecting Go's struct-methods that could result
  in false negatives.

  Previously, adding a pattern-inside like

  func ($THING $TYPE) $FUNC(...) $R { ... }
  

  to a taint rule could cause some findings to incorrectly stop being reported. (code-7767)

• PRO: Fixed the issue with type matching when a type has a type parameter, e.g., matching the pattern std::vector<$T> with the code std::vector<int> v in C++. (code-8443)

• Make Nuget dependency child parsing case insensitive (sc-2355)

• Fixed bug where direct dev depenencies were not marked as direct when parsing package-lock.json projects. (sc-dev)

v1.121.0

Added

• pro: Improved handling of tsconfig.json in instances where multiple
  typescript "projects" (i.e., separately rooted source directories with their
  own configurations not joined by a single tsconfig.json with project
  references) are being scanned as one project under semgrep. This should result
  in better name/module resolution in TypeScript. (code-7798)
• pro: Improved handling of include, exclude and files properties in
  tsconfig.json. Projects which use more than one tsconfig in a given directory
  which apply to different sets of files under that directory should see
  improvements in name/module resolution. (code-7798-a)
• Improved Supply Chain scan output and logging. (sc-2356)

Changed

• Upgrade the Julia parser to the tree-sitter-julia 0.22.0 (gh-10820)

Fixed

• Fixed CI output so it shows per-product links depending on what product is enabled in a scan. (pr-3776)
• CLI: Fixed a bug where --disable-nosem was not properly causing nosemgrep'd findings
  to be uploaded to the App. (saf-1982)
• Exempt large manifests & lockfiles from being ignored by semgrep's file size filtering.
  This fixes a regression introduced in 1.117.0 (sca-1705). (sc-1705)

v1.120.1

Fixed

• Fix bug introduced in Semgrep 1.120.0 causing interfile analyses to run out of memory due to too many parallel jobs. The default setting had been accidentally set to the number of available CPUs which is often too much in interfile mode. It's now back to -j1 and it can be overridden by the user. (interfile-num-jobs)

v1.120.0

Compare Source

Added

• Added a few new entries in the .semgrepignore default file
  (e.g., _cargo, _opam, .svn) (semgrepignore)
• Add an experimental option --x-semgrepignore-filename to change the name of .semgrepignore files to something else. This can be used to scan a subproject in a separate semgrep invocation as the rest of the containing project. (semgrepignore-filename)

Fixed

• Fixed bug in pro package-lock.json parsing where dependencies with no specified version would cause an exception (SC-2150)
• Fixed the default -j setting so as to take into account the cgroup
  CPU quota on Linux. This will affect Docker and other containerized
  environments that share resources on the same host. Use the new command
  semgrep show resources --experimental to show the default setting. (saf-1950)

v1.119.0

Compare Source

Added

• python: Semgrep will now perform dataflow analysis within and through comprehensions. (saf-1560)
• A new subcommand semgrep show project-root is now provided to display
  the project root path associated with a scan root. This is useful for
  troubleshooting Semgrepignore (v2) issues. (saf-1936)

Fixed

• tainting: Apply taint_assume_safe_numbers and taint_assume_safe_booleans
  earlier when considering to track taint through class fields and function
  parameters. If the field/parameter has a number/Boolean type and the
  corresponding option is set, it will just not be tracked. In some cases this
  can help with performance.

  Also added short/Short to the list of integer types recognized by
  taint_assume_safe_numbers. (code-8345)

• IDE: The Semgrep VS Code Extension will no longer hang on Getting code actions from Semgrep...
  on saving a file, when updating rules. (saf-1954)

v1.118.0

Compare Source

Fixed

• Pro: Failure to parse a package.json file when analysing JavaScript or
  TypeScript is no longer a fatal error. (code-8227)

• taint-mode: Fixed bug in taint "auto-cleaning" where we automatically clean the
  LHS of an assigmnet if the RHS is clean, provided that the LHS is not subject to
  any "side-effects". In some cases, this could cause the taint analysis to timeout.
  Some combinations of rules and repos will see a major perf improvement, in other
  cases it may not be noticeable. (code-8288)

• In a Semgrep rule's metadata section, two fields may provide URLs:

  • source: populated dynamically by the Semgrep registry serving the rule, it's a URL that
    offers information about the rule.
  • source-rule-url: optional string, a URL for the source of inspiration for the rule.

  The SARIF format supports only one URL under the field helpUri.
  Previously, Semgrep populated the SARIF helpUri field only with metadata.source.
  This fix is to use metadata.source if available, otherwise falling back to metadata.source-rule-url.

  Contributed by @​candrews. (gh-10891)

v1.117.0

Compare Source

Added

• Dependency resolution errors that result from local builds are now reported in the scan log by default. (SC-2442)
• Adds reporting of SSC subproject dependency resolution to the output when using --json. (SC-2458)
• Semgrep's JSON output now will always include some basic profiling data (WIP). (code-8529)
• C# Dependency Parsing can now handle dependencies with "Project" & "CentralTransitive" transitivities. (sc-2376)

Fixed

• Fixed an issue present since v1.117.0 that led .semgrepignore excludes to be applied to Secrets product scans. Now, Semgrep will once again scan files that have been excluded from Code and SSC scans for possible leaked secrets. (SAF-2067)
• Added support for npm aliasing in package-lock.json, fixing a bug where packages would rarely be misidentified. (SC-2387)
• Fixed scenario where case statements with ellipsis did not match patterns correctly. (gh-10086)
• Nosemgrep ignore comments no longer require exactly one space before, allowing for more commenting styles. (gh-11041)
• Fixed bug where Javascript autofix breaks syntax for if statements by consuming parentheses. (gh-9522)
• Fix: the Semgrep findings returned by the Semgrep language server (LSP)
  are now sorted correctly based on their location within files.
  This benefits all the Semgrep IDE extensions (VSCode, IntelliJ). (ide-findings-order)
• fixed an issue where semgrep ci logs in GitLab would return an incorrect URL
  with the wrong &ref=... argument. (saf-959)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🦙 MegaLinter status: ⚠️ WARNING

⚠️ PYTHON / bandit - 67 errors

Run started:2025-07-17 17:04:22.937912

Test results:
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: ./.automation/build.py:11:0
10	import shutil
11	import subprocess
12	import sys

--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: ''
   Severity: Low   Confidence: Medium
   CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b105_hardcoded_password_string.html
   Location: ./.automation/build.py:2994:35
2993	                api_github_headers = {"content-type": "application/json"}
2994	                use_github_token = ""
2995	                if "GITHUB_TOKEN" in os.environ:

--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: ' (with GITHUB_TOKEN)'
   Severity: Low   Confidence: Medium
   CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b105_hardcoded_password_string.html
   Location: ./.automation/build.py:2998:39
2997	                    api_github_headers["authorization"] = f"Bearer {github_token}"
2998	                    use_github_token = " (with GITHUB_TOKEN)"
2999	                logging.info(

--------------------------------------------------
>> Issue: [B602:subprocess_popen_with_shell_equals_true] subprocess call with shell=True identified, security issue.
   Severity: High   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b602_subprocess_popen_with_shell_equals_true.html
   Location: ./.automation/build.py:3375:14
3374	        cwd=cwd,
3375	        shell=True,
3376	        executable=None if sys.platform == "win32" else which("bash"),
3377	    )
3378	    stdout = utils.clean_string(process.stdout)
3379	    logging.info(f"Format table results: ({process.returncode})\n" + stdout)
3380	
3381	
3382	def generate_version():
3383	    # npm version
3384	    logging.info("Updating npm package version…")

--------------------------------------------------
>> Issue: [B607:start_process_with_partial_path] Starting a process with a partial executable path
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b607_start_process_with_partial_path.html
   Location: ./.automation/build.py:3386:14
3385	    cwd_to_use = os.getcwd() + "/mega-linter-runner"
3386	    process = subprocess.run(
3387	        [
3388	            "npm",
3389	            "version",
3390	            "--newversion",
3391	            RELEASE_TAG,
3392	            "-no-git-tag-version",
3393	            "--no-commit-hooks",
3394	        ],
3395	        stdout=subprocess.PIPE,
3396	        universal_newlines=True,
3397	        cwd=cwd_to_use,
3398	        shell=True,
3399	    )
3400	    print(process.stdout)

--------------------------------------------------
>> Issue: [B602:subprocess_popen_with_shell_equals_true] subprocess call with shell=True identified, security issue.
   Severity: High   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b602_subprocess_popen_with_shell_equals_true.html
   Location: ./.automation/build.py:3398:14
3397	        cwd=cwd_to_use,
3398	        shell=True,
3399	    )
3400	    print(process.stdout)
3401	    print(process.stderr)
3402	    # Update python project version:
3403	    process = subprocess.run(
3404	        ["hatch", "version", RELEASE_TAG],
3405	        stdout=subprocess.PIPE,
3406	        text=True,
3407	        shell=True,
3408	        check=True,
3409	    )
3410	    # Update changelog
3411	    if UPDATE_CHANGELOG is True:
3412	        changelog_file = f"{REPO_HOME}/CHANGELOG.md"

--------------------------------------------------
>> Issue: [B607:start_process_with_partial_path] Starting a process with a partial executable path
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b607_start_process_with_partial_path.html
   Location: ./.automation/build.py:3403:14
3402	    # Update python project version:
3403	    process = subprocess.run(
3404	        ["hatch", "version", RELEASE_TAG],
3405	        stdout=subprocess.PIPE,
3406	        text=True,
3407	        shell=True,
3408	        check=True,
3409	    )
3410	    # Update changelog

--------------------------------------------------
>> Issue: [B602:subprocess_popen_with_shell_equals_true] subprocess call with shell=True identified, security issue.
   Severity: High   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b602_subprocess_popen_with_shell_equals_true.html
   Location: ./.automation/build.py:3407:14
3406	        text=True,
3407	        shell=True,
3408	        check=True,
3409	    )
3410	    # Update changelog
3411	    if UPDATE_CHANGELOG is True:
3412	        changelog_file = f"{REPO_HOME}/CHANGELOG.md"
3413	        with open(changelog_file, "r", encoding="utf-8") as md_file:
3414	            changelog_content = md_file.read()

--------------------------------------------------
>> Issue: [B605:start_process_with_a_shell] Starting a process with a shell, possible injection detected, security issue.
   Severity: High   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b605_start_process_with_a_shell.html
   Location: ./.automation/build.py:3455:4
3454	    logging.info("Running command: " + " ".join(command))
3455	    os.system(" ".join(command))
3456	

--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: ./megalinter/Linter.py:28:0
27	import shutil
28	import subprocess
29	import sys

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./megalinter/Linter.py:567:24
566	                    with (
567	                        urllib.request.urlopen(remote_config_file) as response,
568	                        open(local_config_file, "wb") as out_file,

--------------------------------------------------
>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
   Severity: Medium   Confidence: High
   CWE: CWE-22 (https://cwe.mitre.org/data/definitions/22.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b310-urllib-urlopen
   Location: ./megalinter/Linter.py:646:24
645	                    with (
646	                        urllib.request.urlopen(remote_ignore_file) as response,
647	                        open(local_ignore_file, "wb") as out_file,

--------------------------------------------------
>> Issue: [B602:subprocess_popen_with_shell_equals_true] subprocess call with shell=

(Truncated to 8000 characters out of 42362)

⚠️ BASH / bash-exec - 1 error

Results of bash-exec linter (version 5.2.37)
See documentation on https://megalinter.io/beta/descriptors/bash_bash_exec/
-----------------------------------------------

✅ [SUCCESS] .automation/build_schemas_doc.sh
✅ [SUCCESS] .automation/format-tables.sh
✅ [SUCCESS] .vscode/testlinter.sh
✅ [SUCCESS] build.sh
✅ [SUCCESS] entrypoint.sh
❌ [ERROR] sh/megalinter_exec
    Error: File:[sh/megalinter_exec] is not executable

⚠️ REPOSITORY / grype - 30 errors

[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
NAME                           INSTALLED  FIXED IN  TYPE    VULNERABILITY        SEVERITY  EPSS           RISK   
ejs                            3.1.6      3.1.7     npm     GHSA-phwq-j96m-2c2q  Critical  93.5% (99th)   87.9   
tar                            6.0.1      6.1.1     npm     GHSA-3jfq-g458-7qm9  High      86.8% (99th)   68.2   
requests                       2.24.0     2.31.0    python  GHSA-j8r2-6x86-q33q  Medium    6.3% (90th)    3.5    
ip                             1.1.5                npm     GHSA-2p57-rm9w-gvfp  High      2.6% (84th)    2.0    
minimist                       1.2.5      1.2.6     npm     GHSA-xvch-5gv4-984h  Critical  1.1% (77th)    1.1    
tar                            6.0.1      6.1.9     npm     GHSA-5955-9wpr-37jh  High      0.9% (75th)    0.7    
ejs                            3.1.6      3.1.10    npm     GHSA-ghr5-ch3p-vcr6  Medium    1.3% (78th)    0.6    
node-fetch                     2.6.6      2.6.7     npm     GHSA-r683-j2x4-v87g  High      0.6% (67th)    0.5    
minimatch                      3.0.4      3.0.5     npm     GHSA-f8q6-p94x-37v3  High      0.4% (61st)    0.3    
semver                         7.3.5      7.5.2     npm     GHSA-c2qf-rxjj-qqgw  High      0.4% (60th)    0.3    
tar                            6.0.1      6.1.2     npm     GHSA-r628-mhmh-qjhw  High      0.2% (43rd)    0.2    
ansi-regex                     3.0.0      3.0.1     npm     GHSA-93q8-gq69-wqmw  High      0.2% (42nd)    0.1    
cross-spawn                    7.0.3      7.0.5     npm     GHSA-3xgq-45jj-v275  High      0.2% (42nd)    0.1    
http-cache-semantics           4.1.0      4.1.1     npm     GHSA-rc47-6667-2j5j  High      0.2% (37th)    0.1    
ip                             1.1.5      1.1.9     npm     GHSA-78xj-cgh5-2h22  Low       0.4% (59th)    0.1    
tar                            6.0.1      6.2.1     npm     GHSA-f5x3-32g6-xq36  Medium    0.2% (42nd)    0.1    
tar                            6.1.11     6.2.1     npm     GHSA-f5x3-32g6-xq36  Medium    0.2% (42nd)    0.1    
braces                         3.0.2      3.0.3     npm     GHSA-grv7-fg5c-xmjg  High      0.1% (35th)    0.1    
@octokit/request-error         2.1.0      5.1.1     npm     GHSA-xx4v-prfh-6cgc  Medium    0.2% (42nd)    0.1    
micromatch                     4.0.4      4.0.8     npm     GHSA-952p-6rrq-rcjv  Medium    0.2% (41st)    < 0.1  
@octokit/request               5.6.2      8.4.1     npm     GHSA-rmvr-2pp2-xj38  Medium    0.2% (40th)    < 0.1  
@octokit/plugin-paginate-rest  2.17.0     9.2.2     npm     GHSA-h5c3-5r3r-rr8q  Medium    < 0.1% (26th)  < 0.1  
debug                          4.2.0      4.3.1     npm     GHSA-gxpj-cx7g-858c  Low       < 0.1% (27th)  < 0.1  
requests                       2.24.0     2.32.0    python  GHSA-9wx4-h78v-vm56  Medium    < 0.1% (13th)  < 0.1  
tar                            6.0.1      6.1.9     npm     GHSA-qq89-hq3f-393p  High      < 0.1% (3rd)   < 0.1  
tar                            6.0.1      6.1.7     npm     GHSA-9r2w-394v-53qc  High      < 0.1% (3rd)   < 0.1  
word-wrap                      1.2.3      1.2.4     npm     GHSA-j8xg-fqg3-53r7  Medium    < 0.1% (5th)   < 0.1  
requests                       2.24.0     2.32.4    python  GHSA-9hjg-9r4m-mvj7  Medium    < 0.1% (4th)   < 0.1  
brace-expansion                1.1.11     1.1.12    npm     GHSA-v6h2-p8h4-qcjw  Low       < 0.1% (3rd)   < 0.1  
brace-expansion                2.0.1      2.0.2     npm     GHSA-v6h2-p8h4-qcjw  Low       < 0.1% (3rd)   < 0.1
[0032] ERROR discovered vulnerabilities at or above the severity threshold

⚠️ SPELL / lychee - 7 errors

[WARN ] WARNING: `--exclude-mail` is deprecated and will soon be removed; E-Mail is no longer checked by default. Use `--include-mail` to enable E-Mail checking.
[403] https://htmlhint.com/integrations/task-runner/ | Network error: Forbidden
[403] https://htmlhint.com/integrations/task-runner/ | Error (cached)
[403] https://htmlhint.com/configuration/ | Network error: Forbidden
[403] https://htmlhint.com/docs/user-guide/list-rules | Network error: Forbidden
[403] https://htmlhint.com/ | Network error: Forbidden
[ERROR] https://docs.pmd-code.org/latest/pmd_rules_apex.html | Network error: error sending request for url (https://docs.pmd-code.org/latest/pmd_rules_apex.html) Maybe a certificate error?
[ERROR] https://docs.pmd-code.org/latest/pmd_userdocs_suppressing_warnings.html | Network error: error sending request for url (https://docs.pmd-code.org/latest/pmd_userdocs_suppressing_warnings.html) Maybe a certificate error?
[TIMEOUT] https://www.gnu.org/software/bash/manual/bash.html | Timeout
[TIMEOUT] https://www.gnu.org/software/bash/ | Timeout
[TIMEOUT] https://www.nongnu.org/chktex | Timeout
[TIMEOUT] https://www.nongnu.org/chktex/ | Timeout
📝 Summary
---------------------
🔍 Total.........2349
✅ Successful....1886
⏳ Timeouts.........4
🔀 Redirected.......0
👻 Excluded.......452
❓ Unknown..........0
🚫 Errors...........7

Errors in megalinter/descriptors/html.megalinter-descriptor.yml
[403] https://htmlhint.com/ | Network error: Forbidden
[403] https://htmlhint.com/integrations/task-runner/ | Error (cached)
[403] https://htmlhint.com/configuration/ | Network error: Forbidden
[403] https://htmlhint.com/docs/user-guide/list-rules | Network error: Forbidden

Errors in megalinter/descriptors/salesforce.megalinter-descriptor.yml
[ERROR] https://docs.pmd-code.org/latest/pmd_userdocs_suppressing_warnings.html | Network error: error sending request for url (https://docs.pmd-code.org/latest/pmd_userdocs_suppressing_warnings.html) Maybe a certificate error?
[ERROR] https://docs.pmd-code.org/latest/pmd_rules_apex.html | Network error: error sending request for url (https://docs.pmd-code.org/latest/pmd_rules_apex.html) Maybe a certificate error?

Errors in megalinter/descriptors/bash.megalinter-descriptor.yml
[TIMEOUT] https://www.gnu.org/software/bash/manual/bash.html | Timeout
[TIMEOUT] https://www.gnu.org/software/bash/ | Timeout

Errors in README.md
[403] https://htmlhint.com/integrations/task-runner/ | Network error: Forbidden

Errors in megalinter/descriptors/latex.megalinter-descriptor.yml
[TIMEOUT] https://www.nongnu.org/chktex/ | Timeout
[TIMEOUT] https://www.nongnu.org/chktex | Timeout

⚠️ MARKDOWN / markdownlint - 307 errors

.github/copilot-instructions.md:9 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"]
.github/copilot-instructions.md:156 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"]
.github/linters/valestyles/proselint/README.md:12:601 MD013/line-length Line length [Expected: 600; Actual: 755]
CHANGELOG.md:1999:87 MD059/descriptive-link-text Link text should be descriptive [Context: "[here]"]
docs/badge.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Badge"]
docs/config-activation.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Activation and deactivation"]
docs/config-apply-fixes.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Apply fixes"]
docs/config-cli-lint-mode.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "CLI lint mode"]
docs/config-file.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: ".mega-linter.yml file"]
docs/config-filtering.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Filter linted files"]
docs/config-linters.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Linter specific variables"]
docs/config-postcommands.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Post-commands"]
docs/config-precommands.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Pre-commands"]
docs/config-variables-security.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Environment variables security"]
docs/config-variables.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Common variables"]
docs/configuration.md:9 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Configuration"]
docs/descriptors/action_actionlint.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "actionlint"]
docs/descriptors/action.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "ACTION"]
docs/descriptors/ansible_ansible_lint.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "ansible-lint"]
docs/descriptors/ansible_ansible_lint.md:8:601 MD013/line-length Line length [Expected: 600; Actual: 795]
docs/descriptors/ansible.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "ANSIBLE"]
docs/descriptors/api_spectral.md:14:601 MD013/line-length Line length [Expected: 600; Actual: 746]
docs/descriptors/api.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "API"]
docs/descriptors/arm_arm_ttk.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "arm-ttk"]
docs/descriptors/arm.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "ARM"]
docs/descriptors/bash_bash_exec.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "bash-exec"]
docs/descriptors/bash_shellcheck.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "shellcheck"]
docs/descriptors/bash_shellcheck.md:8:601 MD013/line-length Line length [Expected: 600; Actual: 785]
docs/descriptors/bash_shfmt.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "shfmt"]
docs/descriptors/bash.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "BASH"]
docs/descriptors/bicep_bicep_linter.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "bicep_linter"]
docs/descriptors/bicep.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "BICEP"]
docs/descriptors/c_clang_format.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "clang-format"]
docs/descriptors/c_clang_format.md:8:601 MD013/line-length Line length [Expected: 600; Actual: 768]
docs/descriptors/c_cppcheck.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "cppcheck"]
docs/descriptors/c_cpplint.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "cpplint"]
docs/descriptors/c.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "C"]
docs/descriptors/clojure_cljstyle.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "cljstyle"]
docs/descriptors/clojure_cljstyle.md:8:601 MD013/line-length Line length [Expected: 600; Actual: 768]
docs/descriptors/clojure.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "CLOJURE"]
docs/descriptors/cloudformation_cfn_lint.md:14:601 MD013/line-length Line length [Expected: 600; Actual: 865]
docs/descriptors/cloudformation.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "CLOUDFORMATION"]
docs/descriptors/coffee_coffeelint.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "coffeelint"]
docs/descriptors/coffee_coffeelint.md:8:601 MD013/line-length Line length [Expected: 600; Actual: 746]
docs/descriptors/coffee.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "COFFEE"]
docs/descriptors/copypaste.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "COPYPASTE"]
docs/descriptors/cpp_clang_format.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "clang-format"]
docs/descriptors/cpp_clang_format.md:8:601 MD013/line-length Line length [Expected: 600; Actual: 768]
docs/descriptors/cpp_cppcheck.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "cppcheck"]
docs/descriptors/cpp_cpplint.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "cpplint"]
docs/descriptors/cpp.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "C++"]
docs/descriptors/csharp_csharpier.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "csharpier"]
docs/descriptors/csharp_csharpier.md:8:601 MD013/line-length Line length [Expected: 600; Actual: 750]
docs/descriptors/csharp_dotnet_format.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "dotnet-format"]
docs/descriptors/csharp_roslynator.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "roslynator"]
docs/descriptors/csharp_roslynator.md:8:601 MD013/line-length Line length [Expected: 600; Actual: 770]
docs/descriptors/csharp.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "C\#"]
docs/descriptors/css_stylelint.md:14:601 MD013/line-length Line length [Expected: 600; Actual: 788]
docs/descriptors/css.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "CSS"]
docs/descriptors/dart_dartanalyzer.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "dartanalyzer"]
docs/descriptors/dart.md:8 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "DART"]
docs/descriptors/dockerfile_hadolint.md:7 MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "hadolint"]
docs/descriptors/dockerfile_hadolint.md:8:601 MD013/line-length Line length [Expected: 600;

(Truncated to 8000 characters out of 38125)

✅ Linters with no issues

black, checkov, cspell, flake8, git_diff, hadolint, isort, jscpd, jsonlint, markdown-table-formatter, mypy, npm-groovy-lint, prettier, pylint, ruff, secretlint, shellcheck, shfmt, spectral, syft, trivy, trivy-sbom, trufflehog, v8r, v8r, xmllint, yamllint

See detailed report in MegaLinter reports

[github-actions]

This pull request has been automatically marked as stale because it has not had recent activity.
It will be closed in 14 days if no further activity occurs.
Thank you for your contributions.

If you think this pull request should stay open, please remove the O: stale 🤖 label or comment on the pull request.