Bump oxsecurity/megalinter from 8.1.0 to 8.3.0 #1047

dependabot · 2024-12-01T19:24:15Z

Bumps oxsecurity/megalinter from 8.1.0 to 8.3.0.

Release notes

Sourced from oxsecurity/megalinter's releases.

v8.3.0

What's Changed

Core

Display command log (truncated to 250 chars) even when LOG_LEVEL is not DEBUG

Allow to replace an ENV var value with the value of another ENV var before calling a PRE_COMMAND (helps for tflint run from GitHub Enterprise)

Fix handling of git submodule paths

Fixes

trivy: retry in case of BLOB_UNKNOWN while downloading vulnerability list

Reporters

Fix UpdatedSourcesReporter when APPLY_FIXES is list (array)

Fix AzureCommentReporter when the repo is not found: fallback using BUILD_REPOSITORY_ID. (+ disable space replacement in repo name with AZURE_COMMENT_REPORTER_REPLACE_WITH_SPACES: false)

CI

Fix Docker mirroring job for release context

Remove max parallel jobs for release linters workflow

Linter versions upgrades (13)

cfn-lint from 1.19.0 to 1.20.0

checkov from 3.2.298 to 3.2.311

csharpier from 0.29.2 to 0.30.2

markdownlint from 0.42.0 to 0.43.0

phpstan from 2.0.1 to 2.0.2

ruff from 0.7.4 to 0.8.0

spectral from 6.14.1 to 6.14.2

stylua from 0.20.0 to 2.0.0

syft from 1.16.0 to 1.17.0

trivy-sbom from 0.57.0 to 0.57.1

trivy from 0.57.0 to 0.57.1

trufflehog from 3.83.7 to 3.84.1

vale from 3.9.0 to 3.9.1

MegaLinter is graciously provided by

Please share the LinkedIn Post

Full Changelog: oxsecurity/megalinter@v8.2.0...v8.3.0

v8.2.0

What's Changed

Media

10 MegaLinter Tips and Tricks Unlock its Full Potential by Wes Dean

MegaLinter Performance Tuning for Maximum Efficiency by Wes Dean

Linters enhancements

detekt Enable SARIF output + count errors

lintr: Support files in subdirectories, fix unit tests

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

Core

New linters

Media

Linters enhancements

Fixes

Reporters

Doc

Flavors

CI

mega-linter-runner

Linter versions upgrades (N)

checkov from 3.2.311 to 3.2.312 on 2024-11-24

terragrunt from 0.68.14 to 0.69.1 on 2024-11-24

php-cs-fixer from 3.64.0 to 3.65.0 on 2024-11-25

checkov from 3.2.312 to 3.2.314 on 2024-11-25

golangci-lint from 1.62.0 to 1.62.2 on 2024-11-25

prettier from 3.3.3 to 3.4.0 on 2024-11-26

swiftlint from 0.57.0 to 0.57.1 on 2024-11-26

prettier from 3.4.0 to 3.4.1 on 2024-11-26

checkov from 3.2.314 to 3.2.317 on 2024-11-26

rubocop from 1.68.0 to 1.69.0 on 2024-11-26

cfn-lint from 1.20.0 to 1.20.1 on 2024-11-27

bandit from 1.7.10 to 1.8.0 on 2024-11-27

cspell from 8.16.0 to 8.16.1 on 2024-11-27

checkov from 3.2.317 to 3.2.320 on 2024-11-27

snakemake from 8.25.3 to 8.25.4 on 2024-11-27

stylelint from 16.10.0 to 16.11.0 on 2024-11-29

djlint from 1.36.1 to 1.36.3 on 2024-11-29

phpstan from 2.0.2 to 2.0.3 on 2024-11-29

ruff from 0.8.0 to 0.8.1 on 2024-11-29

... (truncated)

Commits

1fc052d Release MegaLinter v8.3.0
e8a20cd [automation] Auto-update linters version, help and documentation (#4304)
9824f37 Fix Docker mirroring job for release context (#4303)
9cb4ec7 [automation] Auto-update linters version, help and documentation (#4299)
010c8bd chore(deps): update dependency sfdx-hardis to v5.7.1 (#4302)
1a219e1 chore(deps): update trufflesecurity/trufflehog docker tag to v3.84.1 (#4301)
09ab582 Env variable replacement for PRE_COMMIT + command in log (#4298)
e33c1c7 retry in case of BLOB_UNKNOWN while downloading vulnerability list (#4300)
7f790c0 [automation] Auto-update linters version, help and documentation (#4297)
797a3d1 [automation] Auto-update linters version, help and documentation (#4296)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

github-actions · 2024-12-01T19:26:56Z

🦙 MegaLinter status: ❌ ERROR

Descriptor	Linter	Files	Errors	Elapsed time
✅ ACTION	actionlint	1	0	0.01s
❌ REPOSITORY	gitleaks	yes	2	0.84s
✅ REPOSITORY	trivy	yes	no	18.55s
✅ YAML	prettier	1	0	0.41s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by

connormaglynn · 2024-12-06T08:39:37Z

@dependabot recreate

Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 8.1.0 to 8.3.0. - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](oxsecurity/megalinter@b38cdf1...1fc052d) --- updated-dependencies: - dependency-name: oxsecurity/megalinter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

connormaglynn

🚀 Looks Good To Me!

dependabot bot requested a review from a team as a code owner December 1, 2024 19:24

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 1, 2024

dependabot bot force-pushed the dependabot/github_actions/oxsecurity/megalinter-8.3.0 branch from 7f62ea4 to 479fa4b Compare December 6, 2024 08:40

connormaglynn approved these changes Dec 6, 2024

View reviewed changes

connormaglynn merged commit 4bc0d32 into main Dec 6, 2024
2 of 4 checks passed

connormaglynn deleted the dependabot/github_actions/oxsecurity/megalinter-8.3.0 branch December 6, 2024 09:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump oxsecurity/megalinter from 8.1.0 to 8.3.0 #1047

Bump oxsecurity/megalinter from 8.1.0 to 8.3.0 #1047

dependabot bot commented on behalf of github Dec 1, 2024 •

edited

Loading

github-actions bot commented Dec 1, 2024 •

edited

Loading

connormaglynn commented Dec 6, 2024

connormaglynn left a comment

Bump oxsecurity/megalinter from 8.1.0 to 8.3.0 #1047

Bump oxsecurity/megalinter from 8.1.0 to 8.3.0 #1047

Conversation

dependabot bot commented on behalf of github Dec 1, 2024 • edited Loading

v8.3.0

What's Changed

v8.2.0

What's Changed

Changelog

[Unreleased] (beta, main branch content)

github-actions bot commented Dec 1, 2024 • edited Loading

🦙 MegaLinter status: ❌ ERROR

connormaglynn commented Dec 6, 2024

connormaglynn left a comment

Choose a reason for hiding this comment

dependabot bot commented on behalf of github Dec 1, 2024 •

edited

Loading

github-actions bot commented Dec 1, 2024 •

edited

Loading