Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update oxsecurity/megalinter action to v8.3.0 #84

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 18, 2024

This PR contains the following updates:

Package Type Update Change
oxsecurity/megalinter action minor v8.1.0 -> v8.3.0

Release Notes

oxsecurity/megalinter (oxsecurity/megalinter)

v8.3.0

Compare Source

  • Core

    • Display command log (truncated to 250 chars) even when LOG_LEVEL is not DEBUG
    • Allow to replace an ENV var value with the value of another ENV var before calling a PRE_COMMAND (helps for tflint run from GitHub Enterprise)
    • Fix handling of git submodule paths
  • Fixes

    • trivy: retry in case of BLOB_UNKNOWN while downloading vulnerability list
  • Reporters

    • Fix UpdatedSourcesReporter when APPLY_FIXES is list (array)
    • Fix AzureCommentReporter when the repo is not found: fallback using BUILD_REPOSITORY_ID. (+ disable space replacement in repo name with AZURE_COMMENT_REPORTER_REPLACE_WITH_SPACES: false)
  • CI

    • Fix Docker mirroring job for release context
    • Remove max parallel jobs for release linters workflow
  • Linter versions upgrades (13)

v8.2.0

Compare Source

  • Media

  • Linters enhancements

    • detekt Enable SARIF output + count errors
    • lintr: Support files in subdirectories, fix unit tests
    • phpcs: Activate APPLY_FIXES
    • Salesforce linters: Add SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins
    • trivy: handle retry if failed to download Java DB is detected
    • tsqllint Re-enabled after .net 8 and security updates
  • Fixes

    • Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered
    • Fix linting errors in GitHub Actions template
  • Reporters

    • UpdatedSourcesReporter will git commit & push fixed files to source branch if APPLY_FIXES is set
    • Fix AzureCommentReporter not adding comments to PR
    • Fix AzureCommentReporter fails when target repo contains spaces
  • Doc

    • Updated documentation with Azure central pipeline use case
    • Update DevSkim documentation to show a valid exclusion config file
    • Note about risky rules and how to fix rule violations with PHP-CS-Fixer
  • CI

    • Also prune volumes before pulling and pushing to docker hub
    • Externalize mirroring from ghcr.io to docker hub in another workflow to avoid memory issues
    • Squash docker images to have less layers and size
    • Comment jobs related to GitHub Worker images, as CodeTotal is not actively maintained
    • Make gitpod workflow not blocking until uv install is fixed
    • Update stale comment
    • Try several times to embed trivy db during Docker build, as a workaround to the random failures
    • Wait 10 secondes instead of 1 before retrying a failing test method, to avoid race conditions
  • Linter versions upgrades (104)


Configuration

📅 Schedule: Branch creation - "before 2am" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added auto 🤖 Automated process dependencies 📜 Update/improve dependencies labels Nov 18, 2024
@renovate renovate bot enabled auto-merge (squash) November 18, 2024 01:06
Copy link

github-actions bot commented Nov 18, 2024

🦙 MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
✅ COPYPASTE jscpd yes no 1.12s
✅ JSON jsonlint 5 0 0.14s
⚠️ JSON prettier 5 1 0.32s
✅ JSON v8r 5 0 15.41s
✅ REPOSITORY gitleaks yes no 0.16s
✅ REPOSITORY git_diff yes no 0.0s
✅ REPOSITORY grype yes no 12.29s
✅ REPOSITORY secretlint yes no 0.83s
✅ REPOSITORY trivy yes no 8.92s
✅ REPOSITORY trivy-sbom yes no 0.09s
✅ REPOSITORY trufflehog yes no 2.2s
✅ XML xmllint 1 0 0.0s
⚠️ YAML prettier 9 1 0.48s
✅ YAML v8r 6 0 8.64s
✅ YAML yamllint 9 0 0.44s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by OX Security

@renovate renovate bot force-pushed the renovate/oxsecurity-megalinter-8.x branch from 7d46e96 to 3ba108f Compare November 23, 2024 12:38
@renovate renovate bot changed the title chore(deps): update oxsecurity/megalinter action to v8.2.0 chore(deps): update oxsecurity/megalinter action to v8.3.0 Nov 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auto 🤖 Automated process dependencies 📜 Update/improve dependencies
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants