search

Romanitho / Winget-AutoUpdate

WAU daily updates apps as system and notify connected users. (Allowlist and Blocklist support)
MIT License
1.19k stars 142 forks source link

Bump oxsecurity/megalinter from 8.1.0 to 8.2.0 #766

Closed dependabot[bot] closed 1 day ago

dependabot[bot] commented 1 week ago

Bumps oxsecurity/megalinter from 8.1.0 to 8.2.0.

Release notes

Sourced from oxsecurity/megalinter's releases.

v8.2.0

What's Changed

  • Media

  • Linters enhancements

    • detekt Enable SARIF output + count errors
    • lintr: Support files in subdirectories, fix unit tests
    • phpcs-fixer: Activate APPLY_FIXES
    • Salesforce linters: Add SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins
    • trivy: handle retry if failed to download Java DB is detected
    • tsqllint Re-enabled after .net 8 and security updates

  • Fixes

    • Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered
    • Fix linting errors in GitHub Actions template

  • Reporters

    • UpdatedSourcesReporter will git commit & push fixed files to source branch if APPLY_FIXES is set
    • Fix AzureCommentReporter not adding comments to PR
    • Fix AzureCommentReporter fails when target repo contains spaces

  • Doc

    • Updated documentation with Azure central pipeline use case
    • Update DevSkim documentation to show a valid exclusion config file
    • Note about risky rules and how to fix rule violations with PHP-CS-Fixer

  • CI

    • Also prune volumes before pulling and pushing to docker hub
    • Externalize mirroring from ghcr.io to docker hub in another workflow to avoid memory issues
    • Squash docker images to have less layers and size
    • Comment jobs related to GitHub Worker images, as CodeTotal is not actively maintained
    • Make gitpod workflow not blocking until uv install is fixed
    • Update stale comment
    • Try several times to embed trivy db during Docker build, as a workaround to the random failures
    • Wait 10 secondes instead of 1 before retrying a failing test method, to avoid race conditions

  • Linter versions upgrades (104)

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

  • Core

  • New linters

  • Media

  • Linters enhancements

    • csharpier: Since v0.30, call linter using csharpier, not dotnet-csharpier

  • Fixes

  • Reporters

  • Doc

  • Flavors

  • CI

  • mega-linter-runner

  • Linter versions upgrades (104)

    • phpstan from 2.0.1 to 2.0.2 on 2024-11-17
    • checkov from 3.2.298 to 3.2.300 on 2024-11-17
    • csharpier from 0.29.2 to 0.30.0 on 2024-11-17

[v8.2.0] - 2024-11-17

... (truncated)

Commits
  • d8c95fc Release MegaLinter v8.2.0
  • 56f6332 [automation] Auto-update linters version, help and documentation (#4264)
  • 298458e [automation] Auto-update linters version, help and documentation (#4256)
  • c67933e Bump @​eslint/plugin-kit from 0.2.2 to 0.2.3 in /mega-linter-runner (#4258)
  • a681242 chore(deps): update trufflesecurity/trufflehog docker tag to v3.83.7 (#4259)
  • e98b755 chore(deps): update dependency mgechev/revive to v1.5.1 (#4260)
  • db53e77 chore(deps): update dependency lightning-flow-scanner to v2.36.0 (#4262)
  • 4dd7814 chore(deps): update dependency @​salesforce/cli to v2.66.7 (#4261)
  • 339bca2 [automation] Auto-update linters version, help and documentation (#4252)
  • 44a22a7 chore(deps): update dependency sfdx-hardis to v5.6.2 (#4253)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
github-actions[bot] commented 1 week ago

🦙 MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
⚠️ COPYPASTE jscpd yes 3 1.02s
⚠️ REPOSITORY checkov yes 1 9.79s
⚠️ REPOSITORY devskim yes 10 1.12s
✅ REPOSITORY dustilock yes no 0.0s
✅ REPOSITORY gitleaks yes no 0.53s
✅ REPOSITORY git_diff yes no 0.01s
✅ REPOSITORY grype yes no 8.73s
✅ REPOSITORY kics yes no 1.8s
✅ REPOSITORY secretlint yes no 0.52s
✅ REPOSITORY syft yes no 1.02s
✅ REPOSITORY trivy yes no 11.28s
✅ REPOSITORY trivy-sbom yes no 0.07s
✅ REPOSITORY trufflehog yes no 1.7s

See detailed report in MegaLinter reports _Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff_

_MegaLinter is graciously provided by OX Security_

dependabot[bot] commented 1 day ago

Superseded by #775.