Merge branch 'main' into Terraform_missing_property

.automation/generated/linter-versions.json

@@ -1,14 +1,14 @@
 {
     "actionlint": "1.7.1",
-    "ansible-lint": "24.6.0",
+    "ansible-lint": "24.6.1",
     "arm-ttk": "0.0.0",
     "bandit": "1.7.9",
     "bash-exec": "5.2.21",
     "bicep_linter": "0.28.1",
     "black": "24.4.2",
-    "cfn-lint": "0.87.7",
+    "cfn-lint": "1.3.3",
     "checkmake": "0.2.0",
-    "checkov": "3.2.137",
+    "checkov": "3.2.141",
     "checkstyle": "10.17.0",
     "chktex": "1.7.8",
     "clang-format": "17.0.5",
@@ -18,7 +18,7 @@
     "coffeelint": "5.2.11",
     "cpplint": "1.6.1",
     "csharpier": "0.28.2",
-    "cspell": "8.8.4",
+    "cspell": "8.9.1",
     "dartanalyzer": "0.0.0",
     "detekt": "1.23.6",
     "devskim": "1.0.33",
@@ -37,7 +37,7 @@
     "golangci-lint": "1.59.1",
     "goodcheck": "3.1.0",
     "graphql-schema-linter": "3.0.1",
-    "grype": "0.79.0",
+    "grype": "0.79.1",
     "hadolint": "2.12.0",
     "helm": "3.14.2",
     "htmlhint": "1.1.4",
@@ -65,17 +65,17 @@
     "php-cs-fixer": "3.59.3",
     "phpcs": "3.10.1",
     "phplint": "9.3.1",
-    "phpstan": "1.11.4",
+    "phpstan": "1.11.5",
     "pmd": "7.2.0",
     "powershell": "7.4.2",
     "powershell_formatter": "7.4.2",
     "prettier": "3.3.2",
     "proselint": "0.14.0",
     "protolint": "0.49.8",
-    "psalm": "Psalm.5.24.0@",
+    "psalm": "Psalm.5.25.0@",
     "puppet-lint": "4.2.4",
     "pylint": "3.2.3",
-    "pyright": "1.1.367",
+    "pyright": "1.1.368",
     "raku": "2020.10",
     "remark-lint": "14.0.2",
     "revive": "1.3.7",
@@ -84,7 +84,7 @@
     "rstcheck": "6.2.1",
     "rstfmt": "0.0.14",
     "rubocop": "1.64.1",
-    "ruff": "0.4.9",
+    "ruff": "0.4.10",
     "scalafix": "0.12.1",
     "scss-lint": "0.60.0",
     "secretlint": "8.2.4",
@@ -111,11 +111,11 @@
     "tflint": "0.51.1",
     "trivy": "0.52.2",
     "trivy-sbom": "0.52.2",
-    "trufflehog": "3.78.1",
+    "trufflehog": "3.78.2",
     "ts-standard": "12.0.2",
     "tsqllint": "1.15.3.0",
     "v8r": "3.1.0",
-    "vale": "3.5.0",
+    "vale": "3.6.0",
     "xmllint": "21108",
     "yamllint": "1.35.1"
 }

.automation/test/cloudformation/cloudformation_good_1.json

@@ -11,11 +11,11 @@
             "Name": "example.com",
             "VPCs": [
                {
-                  "VPCId": "vpc-abcd1234",
+                  "VPCId": "vpc-01234567890abcdef",
                   "VPCRegion": "ap-northeast-1"
                },
                {
-                  "VPCId": "vpc-efgh5678",
+                  "VPCId": "vpc-01234567890abcdef",
                   "VPCRegion": "us-west-2"
                }
             ],

.automation/test/cloudformation/cloudformation_good_2.yaml

@@ -9,10 +9,10 @@ Resources:
       Name: 'example.com'
       VPCs:
         -
-          VPCId: 'vpc-abcd1234'
+          VPCId: 'vpc-01234567890abcdef'
           VPCRegion: 'ap-northeast-1'
         -
-          VPCId: 'vpc-efgh5678'
+          VPCId: 'vpc-01234567890abcdef'
           VPCRegion: 'us-west-2'
       HostedZoneTags:
         -

.automation/test/xml/bad/xsd_bad_1.xsd

@@ -0,0 +1,17 @@
+<?xml version="1.0"?
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
+         targetNamespace=     "https://www.w3schools.com"
+        xmlns="https://www.w3schools.com"
+          elementFormDefault="qualified">
+<xs:element name="specification">
+  <xs:complexType>
+    <xs:sequence>
+       <xs:element name="type" type="xs:string"/>
+      <xs:element name="model" type="xs:string"/>
+      <xs:element
+      name="screenSizeInch" type="xs:string"/>
+
+    </xs:sequence>
+  </xs:complexType>
+ </xs:element>
+    </xs:schema>

.automation/test/xml/fix/xsd_fix_1.xsd

@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
+         targetNamespace=     "https://www.w3schools.com"
+        xmlns="https://www.w3schools.com"
+          elementFormDefault="qualified">
+<xs:element name="specification">
+  <xs:complexType>
+    <xs:sequence>
+       <xs:element name="type" type="xs:string"/>
+      <xs:element name="model" type="xs:string"/>
+         <xs:element
+      name="screenSizeInch" type="xs:string"/>
+    </xs:sequence>
+   </xs:complexType>
+ </xs:element>
+    </xs:schema>

.automation/test/xml/good/xsd_good_1.xsd

@@ -0,0 +1,15 @@
+<?xml version="1.0"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    targetNamespace="https://www.w3schools.com"
+    xmlns="https://www.w3schools.com"
+    elementFormDefault="qualified">
+    <xs:element name="specification">
+        <xs:complexType>
+            <xs:sequence>
+                <xs:element name="type" type="xs:string" />
+                <xs:element name="model" type="xs:string" />
+                <xs:element name="screenSizeInch" type="xs:string" />
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>

.trivyignore

@@ -6,22 +6,17 @@ CVE-2024-0057
 CVE-2018-8292
 CVE-2019-0820
 
-# gitleaks
-# Solved in next gitleaks release: https://github.com/gitleaks/gitleaks/pull/1342
-CVE-2021-38561
-CVE-2022-32149
-
 # Go stdlib (all go based linters)
-CVE-2023-45283
-CVE-2023-45287
 CVE-2023-45288
 CVE-2024-24788
-
+CVE-2024-24790
+u
 # Kubescape
-# https://github.com/oxsecurity/megalinter/issues/3519
+# https://github.com/oxsecrity/megalinter/issues/3519
 GHSA-9763-4f94-gfch
 GHSA-m425-mq94-257g
 CVE-2023-39325
+CVE-2023-45283
 CVE-2023-49569
 CVE-2023-49568
 
@@ -44,6 +39,7 @@ CVE-2022-33980
 CVE-2022-42889
 CVE-2022-1471
 CVE-2022-25857
+CVE-2024-37890
 CVE-2024-4068
 
 # terrascan

CHANGELOG.md

@@ -10,12 +10,14 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
 
 - Core
   - Handle renovate version comments in build script
+  - Update base image to python:3.12.4-alpine3.20
 
 - Media
 
 - Linters
   - Add python package Pygments to rst-lint venv
   - [CSharpier](https://csharpier.com) added ability to override config filename and path
+  - [xmllint](https://gnome.pages.gitlab.gnome.org/libxml2/xmllint.html) added support for `xsd` files
 
 - Reporters
 
@@ -24,6 +26,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
   - [Powershell](https://github.com/PowerShell/PSScriptAnalyzer#readme) Error table truncation improvements
   - [yamllint](https://github.com/adrienverge/yamllint) fix error/warning count to work with different log output formats
   - Improve support for single argument in `get_list_args` function
+  - [Powershell](https://github.com/PowerShell/PSScriptAnalyzer#readme) added missing schema property `POWERSHELL_POWERSHELL_FORMATTER_OUTPUT_ENCODING`
   - [tflint](https://github.com/terraform-linters/tflint) added missing schema property `TERRAFORM_TFLINT_SECURED_ENV`
 
 - Doc
@@ -88,6 +91,17 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
   - [terragrunt](https://terragrunt.gruntwork.io) from 0.58.14 to **0.59.3** on 2024-06-16
   - [php-cs-fixer](https://cs.symfony.com/) from 3.59.1 to **3.59.3** on 2024-06-17
   - [checkov](https://www.checkov.io/) from 3.2.136 to **3.2.137** on 2024-06-17
+  - [ansible-lint](https://ansible-lint.readthedocs.io/) from 24.6.0 to **24.6.1** on 2024-06-21
+  - [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) from 0.87.7 to **1.3.3** on 2024-06-21
+  - [phpstan](https://phpstan.org/) from 1.11.4 to **1.11.5** on 2024-06-21
+  - [psalm](https://psalm.dev) from Psalm.5.24.0@ to **Psalm.5.25.0@** on 2024-06-21
+  - [pyright](https://github.com/Microsoft/pyright) from 1.1.367 to **1.1.368** on 2024-06-21
+  - [ruff](https://github.com/astral-sh/ruff) from 0.4.9 to **0.4.10** on 2024-06-21
+  - [checkov](https://www.checkov.io/) from 3.2.137 to **3.2.141** on 2024-06-21
+  - [grype](https://github.com/anchore/grype) from 0.79.0 to **0.79.1** on 2024-06-21
+  - [trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.78.1 to **3.78.2** on 2024-06-21
+  - [cspell](https://github.com/streetsidesoftware/cspell/tree/master/packages/cspell) from 8.8.4 to **8.9.1** on 2024-06-21
+  - [vale](https://vale.sh/) from 3.5.0 to **3.6.0** on 2024-06-21
 <!-- linter-versions-end -->
 
 ## [v7.12.0] - 2024-06-02

Dockerfile

@@ -62,7 +62,7 @@ FROM alpine/terragrunt:latest as terragrunt
 ##################
 # Get base image #
 ##################
-FROM python:3.12.4-alpine3.19
+FROM python:3.12.4-alpine3.20
 
 #############################################################################################
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
@@ -195,7 +195,7 @@ ENV PATH="/root/.cargo/bin:${PATH}"
 RUN PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir --upgrade pip virtualenv \
     && mkdir -p "/venvs/ansible-lint" && cd "/venvs/ansible-lint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir ansible-lint && deactivate && cd ./../.. \
     && mkdir -p "/venvs/cpplint" && cd "/venvs/cpplint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir cpplint && deactivate && cd ./../.. \
-    && mkdir -p "/venvs/cfn-lint" && cd "/venvs/cfn-lint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir cfn-lint && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/cfn-lint" && cd "/venvs/cfn-lint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir cfn-lint[sarif] && deactivate && cd ./../.. \
     && mkdir -p "/venvs/djlint" && cd "/venvs/djlint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir djlint && deactivate && cd ./../.. \
     && mkdir -p "/venvs/pylint" && cd "/venvs/pylint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir pylint typing-extensions && deactivate && cd ./../.. \
     && mkdir -p "/venvs/black" && cd "/venvs/black" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir black && deactivate && cd ./../.. \
@@ -644,7 +644,7 @@ RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GI
 
 
 # phpstan installation
-RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && composer global require phpstan/phpstan bartlett/sarif-php-sdk
+RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && composer global require phpstan/phpstan:1.11.4 bartlett/sarif-php-sdk
 
 # psalm installation
 RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && phive --no-progress install psalm -g --trust-gpg-keys 8A03EA3B385DBAA1,12CE0F1D262429A5

README.md

@@ -23,7 +23,7 @@
 [![MegaLinter](https://github.com/oxsecurity/megalinter/workflows/MegaLinter/badge.svg?branch=main)](https://github.com/oxsecurity/megalinter/actions?query=workflow%3AMegaLinter+branch%3Amain)
 [![codecov](https://codecov.io/gh/oxsecurity/megalinter/branch/main/graph/badge.svg)](https://codecov.io/gh/oxsecurity/megalinter)
 <!-- gh-dependents-info-used-by-start -->
-[![Generated by github-dependents-info](https://img.shields.io/static/v1?label=Used%20by&message=2503&color=informational&logo=slickpic)](https://github.com/oxsecurity/megalinter/blob/main/./docs/used-by-stats.md)<!-- gh-dependents-info-used-by-end -->
+[![Generated by github-dependents-info](https://img.shields.io/static/v1?label=Used%20by&message=2509&color=informational&logo=slickpic)](https://github.com/oxsecurity/megalinter/blob/main/./docs/used-by-stats.md)<!-- gh-dependents-info-used-by-end -->
 [![Secured with Trivy](https://img.shields.io/badge/Trivy-secured-green?logo=docker)](https://github.com/aquasecurity/trivy)
 [![GitHub contributors](https://img.shields.io/github/contributors/oxsecurity/megalinter.svg)](https://github.com/oxsecurity/megalinter/graphs/contributors/)
 [![GitHub Sponsors](https://img.shields.io/github/sponsors/nvuillam)](https://github.com/sponsors/nvuillam)