Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency mega-linter-runner to v8 #4387

Merged
merged 1 commit into from
Dec 14, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 12, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
mega-linter-runner 7.13.0 -> 8.3.0 age adoption passing confidence

Release Notes

oxsecurity/megalinter (mega-linter-runner)

v8.3.0

Compare Source

  • Core

    • Display command log (truncated to 250 chars) even when LOG_LEVEL is not DEBUG
    • Allow to replace an ENV var value with the value of another ENV var before calling a PRE_COMMAND (helps for tflint run from GitHub Enterprise)
    • Fix handling of git submodule paths
  • Fixes

    • trivy: retry in case of BLOB_UNKNOWN while downloading vulnerability list
  • Reporters

    • Fix UpdatedSourcesReporter when APPLY_FIXES is list (array)
    • Fix AzureCommentReporter when the repo is not found: fallback using BUILD_REPOSITORY_ID. (+ disable space replacement in repo name with AZURE_COMMENT_REPORTER_REPLACE_WITH_SPACES: false)
  • CI

    • Fix Docker mirroring job for release context
    • Remove max parallel jobs for release linters workflow
  • Linter versions upgrades (13)

v8.2.0

Compare Source

  • Media

  • Linters enhancements

    • detekt Enable SARIF output + count errors
    • lintr: Support files in subdirectories, fix unit tests
    • phpcs: Activate APPLY_FIXES
    • Salesforce linters: Add SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins
    • trivy: handle retry if failed to download Java DB is detected
    • tsqllint Re-enabled after .net 8 and security updates
  • Fixes

    • Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered
    • Fix linting errors in GitHub Actions template
  • Reporters

    • UpdatedSourcesReporter will git commit & push fixed files to source branch if APPLY_FIXES is set
    • Fix AzureCommentReporter not adding comments to PR
    • Fix AzureCommentReporter fails when target repo contains spaces
  • Doc

    • Updated documentation with Azure central pipeline use case
    • Update DevSkim documentation to show a valid exclusion config file
    • Note about risky rules and how to fix rule violations with PHP-CS-Fixer
  • CI

    • Also prune volumes before pulling and pushing to docker hub
    • Externalize mirroring from ghcr.io to docker hub in another workflow to avoid memory issues
    • Squash docker images to have less layers and size
    • Comment jobs related to GitHub Worker images, as CodeTotal is not actively maintained
    • Make gitpod workflow not blocking until uv install is fixed
    • Update stale comment
    • Try several times to embed trivy db during Docker build, as a workaround to the random failures
    • Wait 10 secondes instead of 1 before retrying a failing test method, to avoid race conditions
  • Linter versions upgrades (104)

v8.1.0

Compare Source

  • Core

    • Allow to tag PRE_COMMANDS to run them before loading plugins, by @​nvuillam in #​3944
    • Replace usage of setup.py with a pyproject.toml package install, by @​echoix in #​3893
    • Allow to add custom messages at the end of PR / MR MegaLinter Summary using variable JOB_SUMMARY_ADDITIONAL_MARKDOWN
  • New linters

  • Linters enhancements

    • Trivy
      • Embed vulnerability database in Docker Image for running trivy on internet-free network
      • Retry 5 times after 3 seconds in case of TooManyRequests when downloading vulnerability database
      • If the retries did not succeed, call trivy with --skip-db-update --skip-check-update (not ideal but better than nothing)
    • Bash/Perl: Support shell scripts with no extension and only support perl shebangs at the beginning of a file in #​4076
  • Fixes

    • APPLY_FIXES and for PHP_PHPCSFIXER linter, by @​llaville in #​3963
    • Add debug traces to investigate reporters activation
    • Add more traces for ApiReporter
    • Activate ApiReporter by default
  • Reporters

    • Fix ApiReporter not called in MegaLinter flavors
  • Doc

    • Fix Grafana Home Dashboard to add missing criteria
    • Update PRE_COMMANDS documentation to describe all properties
    • Update Grafana documentation to fix secrets typo
  • CI

    • Free space in release job to avoid no space left on device, by @​nvuillam in #​3914
    • Add pytest-rerunfailures to improve CI control jobs success, by @​AlejandroSuero in #​3993
    • Send GITHUB_TOKEN to trivy-action
    • Workaround to avoid to reach Docker Hub rate limits: Build & push first on ghcr.io, then login to docker hub, then push to docker hub
  • Linter versions upgrades

v8.0.0

Compare Source

Upgrade to v8 Video


Configuration

📅 Schedule: Branch creation - "* 0-3 * * *" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Copy link
Contributor

github-actions bot commented Dec 12, 2024

🦙 MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
✅ API spectral 1 0 1.78s
⚠️ BASH bash-exec 6 1 0.09s
✅ BASH shellcheck 6 0 0.25s
✅ BASH shfmt 6 0 0 0.81s
✅ COPYPASTE jscpd yes no 3.4s
✅ DOCKERFILE hadolint 128 0 22.95s
✅ JSON jsonlint 20 0 0.4s
✅ JSON v8r 22 0 32.76s
⚠️ MARKDOWN markdownlint 266 0 299 26.79s
✅ MARKDOWN markdown-table-formatter 266 0 0 185.95s
⚠️ PYTHON bandit 212 66 3.86s
✅ PYTHON black 212 0 0 5.74s
✅ PYTHON flake8 212 0 2.37s
✅ PYTHON isort 212 0 0 1.4s
✅ PYTHON mypy 212 0 16.73s
✅ PYTHON pylint 212 0 30.5s
✅ PYTHON ruff 212 0 0 0.89s
✅ REPOSITORY checkov yes no 37.19s
✅ REPOSITORY git_diff yes no 0.76s
⚠️ REPOSITORY grype yes 26 16.05s
✅ REPOSITORY secretlint yes no 14.64s
✅ REPOSITORY trivy yes no 21.83s
✅ REPOSITORY trivy-sbom yes no 0.42s
⚠️ REPOSITORY trufflehog yes 1 62.7s
✅ SPELL cspell 713 0 13.91s
⚠️ SPELL lychee 348 8 7.37s
✅ XML xmllint 3 0 0 1.17s
✅ YAML prettier 160 0 0 4.53s
✅ YAML v8r 102 0 222.11s
✅ YAML yamllint 161 0 3.19s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by OX Security

@renovate renovate bot force-pushed the renovate/mega-linter-runner-8.x branch from f899c0e to f7a1d07 Compare December 14, 2024 11:48
@nvuillam nvuillam merged commit 69d1d6f into main Dec 14, 2024
129 checks passed
@nvuillam nvuillam deleted the renovate/mega-linter-runner-8.x branch December 14, 2024 17:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant