github-actions[bot]
commented
1 year ago 🦙 MegaLinter status: ✅ SUCCESS
| Descriptor | Linter | Files | Fixed | Errors | Elapsed time |
|---|---|---|---|---|---|
| ✅ ACTION | actionlint | 5 | 0 | 0.13s | |
| ✅ EDITORCONFIG | editorconfig-checker | 6 | 0 | 0.03s | |
| ✅ REPOSITORY | checkov | yes | no | 13.49s | |
| ✅ REPOSITORY | dustilock | yes | no | 0.09s | |
| ✅ REPOSITORY | gitleaks | yes | no | 0.26s | |
| ✅ REPOSITORY | git_diff | yes | no | 0.01s | |
| ✅ REPOSITORY | secretlint | yes | no | 0.95s | |
| ✅ REPOSITORY | syft | yes | no | 0.46s | |
| ✅ REPOSITORY | trivy | yes | no | 7.54s | |
| ✅ YAML | prettier | 6 | 0 | 0.7s | |
| ✅ YAML | v8r | 6 | 0 | 4.95s | |
| ✅ YAML | yamllint | 6 | 0 | 0.32s |
See detailed report in MegaLinter reports
_Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff_
_MegaLinter is graciously provided by 
_
miracum-bot
This PR contains the following updates:
v3.2.0->v3.5.0755da8c->8f4b7f8v3.0.1->v3.0.2v3.1.1->v3.1.20.8.0->0.9.2c56af95->1104d475739616->507c2f28c0edbc->4b4e9c3v2.1.37->v2.2.9959cbb7->04df126v0.12.3->v0.13.11v2.3.1->v2.5.0v2.1.2->v2.1.3v6.19.0->v6.22.1v1.4.0->v1.5.0⚠ Dependency Lookup Warnings ⚠
Warnings were logged while processing this repo. Please check the logs for more information.
Release Notes
actions/checkout
### [`v3.5.0`](https://togithub.com/actions/checkout/releases/tag/v3.5.0) [Compare Source](https://togithub.com/actions/checkout/compare/v3.4.0...v3.5.0) ##### What's Changed - Add new public key for known_hosts by [@cdb](https://togithub.com/cdb) in [https://github.com/actions/checkout/pull/1237](https://togithub.com/actions/checkout/pull/1237) ##### New Contributors - [@cdb](https://togithub.com/cdb) made their first contribution in [https://github.com/actions/checkout/pull/1237](https://togithub.com/actions/checkout/pull/1237) **Full Changelog**: https://github.com/actions/checkout/compare/v3.4.0...v3.5.0 ### [`v3.4.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v340) [Compare Source](https://togithub.com/actions/checkout/compare/v3.3.0...v3.4.0) - [Upgrade codeql actions to v2](https://togithub.com/actions/checkout/pull/1209) - [Upgrade dependencies](https://togithub.com/actions/checkout/pull/1210) - [Upgrade @actions/io](https://togithub.com/actions/checkout/pull/1225) ### [`v3.3.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v330) [Compare Source](https://togithub.com/actions/checkout/compare/v3.2.0...v3.3.0) - [Implement branch list using callbacks from exec function](https://togithub.com/actions/checkout/pull/1045) - [Add in explicit reference to private checkout options](https://togithub.com/actions/checkout/pull/1050) - [Fix comment typos (that got added in #770)](https://togithub.com/actions/checkout/pull/1057)actions/download-artifact
### [`v3.0.2`](https://togithub.com/actions/download-artifact/releases/tag/v3.0.2) [Compare Source](https://togithub.com/actions/download-artifact/compare/v3.0.1...v3.0.2) - Bump `@actions/artifact` to v1.1.1 - [https://github.com/actions/download-artifact/pull/195](https://togithub.com/actions/download-artifact/pull/195) - Fixed a bug in Node16 where if an HTTP download finished too quickly (<1ms, e.g. when it's mocked) we attempt to delete a temp file that has not been created yet [actions/toolkit#1278](hhttps://togithub.com/actions/toolkit/pull/1278)actions/upload-artifact
### [`v3.1.2`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.2) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v3.1.1...v3.1.2) - Update all `@actions/*` NPM packages to their latest versions- [#374](https://togithub.com/actions/upload-artifact/issues/374) - Update all dev dependencies to their most recent versions - [#375](https://togithub.com/actions/upload-artifact/issues/375)aquasecurity/trivy-action
### [`v0.9.2`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.9.2) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.9.1...0.9.2) ##### What's Changed - chore(deps): bump trivy to v0.38.1 by [@DmitriyLewen](https://togithub.com/DmitriyLewen) in [https://github.com/aquasecurity/trivy-action/pull/215](https://togithub.com/aquasecurity/trivy-action/pull/215) - Rename security-checks to scanners by [@sadovnikov](https://togithub.com/sadovnikov) in [https://github.com/aquasecurity/trivy-action/pull/211](https://togithub.com/aquasecurity/trivy-action/pull/211) ##### New Contributors - [@DmitriyLewen](https://togithub.com/DmitriyLewen) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/215](https://togithub.com/aquasecurity/trivy-action/pull/215) - [@sadovnikov](https://togithub.com/sadovnikov) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/211](https://togithub.com/aquasecurity/trivy-action/pull/211) **Full Changelog**: https://github.com/aquasecurity/trivy-action/compare/0.9.1...0.9.2 ### [`v0.9.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.9.1) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.9.0...0.9.1) ##### What's Changed - :arrow_up: bump trivy action by [@flaxel](https://togithub.com/flaxel) in [https://github.com/aquasecurity/trivy-action/pull/203](https://togithub.com/aquasecurity/trivy-action/pull/203) ##### New Contributors - [@flaxel](https://togithub.com/flaxel) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/203](https://togithub.com/aquasecurity/trivy-action/pull/203) **Full Changelog**: https://github.com/aquasecurity/trivy-action/compare/0.9.0...0.9.1 ### [`v0.9.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.9.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.8.0...0.9.0) ##### What's Changed - fix(sarif): Add option to limit severities for sarif ([#192](https://togithub.com/aquasecurity/trivy-action/issues/192)) by [@AndreyLevchenko](https://togithub.com/AndreyLevchenko) in [https://github.com/aquasecurity/trivy-action/pull/198](https://togithub.com/aquasecurity/trivy-action/pull/198) - docs: add trivy-config to table by [@omarsilva1](https://togithub.com/omarsilva1) in [https://github.com/aquasecurity/trivy-action/pull/195](https://togithub.com/aquasecurity/trivy-action/pull/195) - Update README.md by [@mcantu](https://togithub.com/mcantu) in [https://github.com/aquasecurity/trivy-action/pull/186](https://togithub.com/aquasecurity/trivy-action/pull/186) - feat(trivy): Bump Trivy to v0.37.1 by [@simar7](https://togithub.com/simar7) in [https://github.com/aquasecurity/trivy-action/pull/199](https://togithub.com/aquasecurity/trivy-action/pull/199) ##### New Contributors - [@AndreyLevchenko](https://togithub.com/AndreyLevchenko) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/198](https://togithub.com/aquasecurity/trivy-action/pull/198) - [@omarsilva1](https://togithub.com/omarsilva1) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/195](https://togithub.com/aquasecurity/trivy-action/pull/195) - [@mcantu](https://togithub.com/mcantu) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/186](https://togithub.com/aquasecurity/trivy-action/pull/186) **Full Changelog**: https://github.com/aquasecurity/trivy-action/compare/0.8.0...0.9.0github/codeql-action
### [`v2.2.9`](https://togithub.com/github/codeql-action/compare/v2.2.8...v2.2.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.8...v2.2.9) ### [`v2.2.8`](https://togithub.com/github/codeql-action/compare/v2.2.7...v2.2.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.7...v2.2.8) ### [`v2.2.7`](https://togithub.com/github/codeql-action/compare/v2.2.6...v2.2.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.6...v2.2.7) ### [`v2.2.6`](https://togithub.com/github/codeql-action/compare/v2.2.5...v2.2.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.5...v2.2.6) ### [`v2.2.5`](https://togithub.com/github/codeql-action/compare/v2.2.4...v2.2.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.4...v2.2.5) ### [`v2.2.4`](https://togithub.com/github/codeql-action/compare/v2.2.3...v2.2.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.3...v2.2.4) ### [`v2.2.3`](https://togithub.com/github/codeql-action/compare/v2.2.2...v2.2.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.2...v2.2.3) ### [`v2.2.2`](https://togithub.com/github/codeql-action/compare/v2.2.1...v2.2.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.1...v2.2.2) ### [`v2.2.1`](https://togithub.com/github/codeql-action/compare/v2.2.0...v2.2.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.0...v2.2.1) ### [`v2.2.0`](https://togithub.com/github/codeql-action/compare/v2.1.39...v2.2.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.39...v2.2.0) ### [`v2.1.39`](https://togithub.com/github/codeql-action/compare/v2.1.38...v2.1.39) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.38...v2.1.39) ### [`v2.1.38`](https://togithub.com/github/codeql-action/compare/v2.1.37...v2.1.38) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.1.37...v2.1.38)iter8-tools/iter8
### [`v0.13.11`](https://togithub.com/iter8-tools/iter8/releases/tag/v0.13.11): Version 0.13.11 of Iter8 [Compare Source](https://togithub.com/iter8-tools/iter8/compare/v0.13.10...v0.13.11) #### What’s Changed - [#1422](https://togithub.com/iter8-tools/iter8/issues/1422): Increase test reliability ### [`v0.13.10`](https://togithub.com/iter8-tools/iter8/releases/tag/v0.13.10): Version 0.13.10 of Iter8 [Compare Source](https://togithub.com/iter8-tools/iter8/compare/v0.13.9...v0.13.10) #### What’s Changed - [#1409](https://togithub.com/iter8-tools/iter8/issues/1409): Multiple endpoints ### [`v0.13.9`](https://togithub.com/iter8-tools/iter8/releases/tag/v0.13.9): Version 0.13.9 of Iter8 [Compare Source](https://togithub.com/iter8-tools/iter8/compare/v0.13.8...v0.13.9) #### What’s Changed - [#1413](https://togithub.com/iter8-tools/iter8/issues/1413): add warmup option ### [`v0.13.8`](https://togithub.com/iter8-tools/iter8/releases/tag/v0.13.8): Version 0.13.8 of Iter8 [Compare Source](https://togithub.com/iter8-tools/iter8/compare/v0.13.7...v0.13.8) #### What’s Changed - [#1411](https://togithub.com/iter8-tools/iter8/issues/1411): handle connection errors, allow-initial-errors ### [`v0.13.7`](https://togithub.com/iter8-tools/iter8/releases/tag/v0.13.7): Version 0.13.7 of Iter8 [Compare Source](https://togithub.com/iter8-tools/iter8/compare/v0.13.6...v0.13.7) #### What’s Changed - [#1408](https://togithub.com/iter8-tools/iter8/issues/1408): Correctly handle NaN - [#1404](https://togithub.com/iter8-tools/iter8/issues/1404): Bump golang.org/x/net from 0.5.0 to 0.7.0 ### [`v0.13.6`](https://togithub.com/iter8-tools/iter8/releases/tag/v0.13.6): Version 0.13.6 of Iter8 [Compare Source](https://togithub.com/iter8-tools/iter8/compare/v0.13.5...v0.13.6) #### What’s Changed - [#1400](https://togithub.com/iter8-tools/iter8/issues/1400): Bump github.com/containerd/containerd from 1.6.15 to 1.6.18 - [#1401](https://togithub.com/iter8-tools/iter8/issues/1401): fix istio-prom template - [#1397](https://togithub.com/iter8-tools/iter8/issues/1397): update workflow action versions - [#1396](https://togithub.com/iter8-tools/iter8/issues/1396): Bump helm.sh/helm/v3 from 3.9.4 to 3.11.1 ### [`v0.13.5`](https://togithub.com/iter8-tools/iter8/releases/tag/v0.13.5): Version 0.13.5 of Iter8 [Compare Source](https://togithub.com/iter8-tools/iter8/compare/v0.13.4...v0.13.5) #### What’s Changed - [#1395](https://togithub.com/iter8-tools/iter8/issues/1395): Remove AutoX label from AutoX trigger resources. Use version label instead. - [#1393](https://togithub.com/iter8-tools/iter8/issues/1393): Bug fix ### [`v0.13.4`](https://togithub.com/iter8-tools/iter8/releases/tag/v0.13.4): Version 0.13.4 of Iter8 [Compare Source](https://togithub.com/iter8-tools/iter8/compare/v0.13.3...v0.13.4) #### What’s Changed - [#1392](https://togithub.com/iter8-tools/iter8/issues/1392): add loop information to reports - [#1391](https://togithub.com/iter8-tools/iter8/issues/1391): fix informers ### [`v0.13.3`](https://togithub.com/iter8-tools/iter8/releases/tag/v0.13.3): Version 0.13.3 of Iter8 [Compare Source](https://togithub.com/iter8-tools/iter8/compare/v0.13.2...v0.13.3) #### What’s Changed - [#1390](https://togithub.com/iter8-tools/iter8/issues/1390): update Dockerfile.dev ### [`v0.13.2`](https://togithub.com/iter8-tools/iter8/releases/tag/v0.13.2): Version 0.13.2 of Iter8 [Compare Source](https://togithub.com/iter8-tools/iter8/compare/v0.13.1...v0.13.2) #### What’s Changed - [#1389](https://togithub.com/iter8-tools/iter8/issues/1389): make dockerfile single stage; add platforms ### [`v0.13.1`](https://togithub.com/iter8-tools/iter8/releases/tag/v0.13.1): Version 0.13.1 of Iter8 [Compare Source](https://togithub.com/iter8-tools/iter8/compare/v0.13.0...v0.13.1) #### What’s Changed - [#1384](https://togithub.com/iter8-tools/iter8/issues/1384): Remove local ### [`v0.13.0`](https://togithub.com/iter8-tools/iter8/releases/tag/v0.13.0): Version 0.13.0 of Iter8 [Compare Source](https://togithub.com/iter8-tools/iter8/compare/v0.12.6...v0.13.0) #### What’s Changed - [#1383](https://togithub.com/iter8-tools/iter8/issues/1383): modify handler to check readiness simplifying promotion ### [`v0.12.6`](https://togithub.com/iter8-tools/iter8/releases/tag/v0.12.6): Version 0.12.6 of Iter8 [Compare Source](https://togithub.com/iter8-tools/iter8/compare/v0.12.5...v0.12.6) #### What’s Changed - [#1387](https://togithub.com/iter8-tools/iter8/issues/1387): AutoX feature - [#1388](https://togithub.com/iter8-tools/iter8/issues/1388): Bump github.com/containerd/containerd from 1.6.6 to 1.6.12 ### [`v0.12.5`](https://togithub.com/iter8-tools/iter8/releases/tag/v0.12.5): Version 0.12.5 of Iter8 [Compare Source](https://togithub.com/iter8-tools/iter8/compare/v0.12.4...v0.12.5) #### What’s Changed - [#1385](https://togithub.com/iter8-tools/iter8/issues/1385): Bump helm and fix (bump ghz) - [#1386](https://togithub.com/iter8-tools/iter8/issues/1386): Fix test badge ### [`v0.12.4`](https://togithub.com/iter8-tools/iter8/releases/tag/v0.12.4): Version 0.12.4 of Iter8 [Compare Source](https://togithub.com/iter8-tools/iter8/compare/v0.12.3...v0.12.4) #### What’s Changed - [#1379](https://togithub.com/iter8-tools/iter8/issues/1379): Fixing post-release tests that use GHAmarocchino/sticky-pull-request-comment
### [`v2.5.0`](https://togithub.com/marocchino/sticky-pull-request-comment/releases/tag/v2.5.0) [Compare Source](https://togithub.com/marocchino/sticky-pull-request-comment/compare/v2.4.0...v2.5.0) - Update deps - Add `only_update` option. - Add `owner` option. ### [`v2.4.0`](https://togithub.com/marocchino/sticky-pull-request-comment/releases/tag/v2.4.0) [Compare Source](https://togithub.com/marocchino/sticky-pull-request-comment/compare/v2.3.1...v2.4.0) - Update deps - Add `only_create` option.ossf/scorecard-action
### [`v2.1.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1111](https://togithub.com/ossf/scorecard-action/pull/1111) ##### Bug Fixes - Invalid SARIF files from a bug in scorecard - [#1076](https://togithub.com/ossf/scorecard-action/issues/1076), [#1094](https://togithub.com/ossf/scorecard-action/issues/1094) - Vulnerabilities check crashes if a vulnerable dependency is found via OSVScanner - [#1092](https://togithub.com/ossf/scorecard-action/issues/1092) - Scorecard action not reporting binary artifacts in the repo - [#1116](https://togithub.com/ossf/scorecard-action/issues/1116) **Full Scorecard Changelog**: https://github.com/ossf/scorecard/compare/v4.10.2...v4.10.5 **Full Changelog**: https://github.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3oxsecurity/megalinter
### [`v6.22.1`](https://togithub.com/oxsecurity/megalinter/blob/HEAD/CHANGELOG.md#v6221---2023-04-02) [Compare Source](https://togithub.com/oxsecurity/megalinter/compare/v6.22.0...v6.22.1) - Core - Changed vars in AzureCommentReporter to reflects official Azure DevOps naming convention + fallback to keep backward compatibility, see [#2509](https://togithub.com/oxsecurity/megalinter/issues/2509) - Update AzureCommentReport to have only one MegaLinter thread instead of a new one for each run of MegaLinter - Documentation - Updated usage scenario for Azure DevOps, see [#2509](https://togithub.com/oxsecurity/megalinter/issues/2509) - Linter versions upgrades - [checkov](https://www.checkov.io/) from 2.3.141 to **2.3.145** - [phpstan](https://phpstan.org/) from 1.10.9 to **1.10.10** - [rstfmt](https://togithub.com/dzhu/rstfmt) from 0.0.12 to **0.0.13** ### [`v6.22.0`](https://togithub.com/oxsecurity/megalinter/blob/HEAD/CHANGELOG.md#v6220---2023-04-01) [Compare Source](https://togithub.com/oxsecurity/megalinter/compare/v6.21.0...v6.22.0) - New linters - Add [**ruff**](https://togithub.com/charliermarsh/ruff), by [@lars-reimann](https://togithub.com/lars-reimann) in [#2458](https://togithub.com/oxsecurity/megalinter/pull/2458) - Linter enhancements & fixes - Pin markdown-link-check to 3.10.3 until [tcort/markdown-link-check#246](https://togithub.com/tcort/markdown-link-check/issues/246) is fixed, by [@Kurt-von-Laven](https://togithub.com/Kurt-von-Laven) ([#2498](https://togithub.com/oxsecurity/megalinter/issues/2498)). - Core - Fix MegaLinter doc version & url displayed in logs, by [@nvuillam](https://togithub.com/nvuillam) in [#2485](https://togithub.com/oxsecurity/megalinter/pull/2485) - Use [megalinter-bot](https://togithub.com/megalinter-bot) to create apply fixes commits, by [@lars-reimann](https://togithub.com/lars-reimann), [@nvuillam](https://togithub.com/nvuillam) and [@megalinter-bot](https://togithub.com/megalinter-bot) :) - If you are an existing user of MegaLinter, you must update your github actions workflows to add the following parameters to **stefanzweifel/git-auto-commit-action@v4** : ```yaml commit_user_name: megalinter-bot commit_user_email: nicolas.vuillamy@ox.security ``` - You can also use any github username and email you like :) - Documentation - Close parentheses in ci_light flavour doc by [@moverperfect](https://togithub.com/moverperfect) in [#2494](https://togithub.com/oxsecurity/megalinter/pull/2494) - Linter versions upgrades - [black](https://black.readthedocs.io/en/stable/) from 23.1.0 to **23.3.0** - [cfn-lint](https://togithub.com/aws-cloudformation/cfn-lint) from 0.75.1 to **0.76.1** - [checkov](https://www.checkov.io/) from 2.3.120 to **2.3.141** - [eslint](https://eslint.org) from 8.36.0 to **8.37.0** - [kics](https://www.kics.io) from 1.6.12 to **1.6.13** - [markdown-link-check](https://togithub.com/tcort/markdown-link-check) from 3.11.0 to **3.10.3** - [phpstan](https://phpstan.org/) from 1.10.8 to **1.10.9** - [psalm](https://psalm.dev) from Psalm.5.8.0@ to **Psalm.5.9.0@** - [pyright](https://togithub.com/Microsoft/pyright) from 1.1.300 to **1.1.301** - [ruff](https://togithub.com/charliermarsh/ruff) from 0.0.255 to **0.0.260** - [semgrep](https://semgrep.dev/) from 1.15.0 to **1.16.0** - [sfdx-scanner-apex](https://forcedotcom.github.io/sfdx-scanner/) from 3.10.0 to **3.11.0** - [sfdx-scanner-aura](https://forcedotcom.github.io/sfdx-scanner/) from 3.10.0 to **3.11.0** - [sfdx-scanner-lwc](https://forcedotcom.github.io/sfdx-scanner/) from 3.10.0 to **3.11.0** - [stylelint](https://stylelint.io) from 15.3.0 to **15.4.0** - [swiftlint](https://togithub.com/realm/SwiftLint) from 0.50.3 to **0.51.0** - [syft](https://togithub.com/anchore/syft) from 0.75.0 to **0.76.0** - [terraform-fmt](https://www.terraform.io/docs/cli/commands/fmt.html) from 1.4.2 to **1.4.4** - [trivy](https://aquasecurity.github.io/trivy/) from 0.38.3 to **0.39.0** ### [`v6.21.0`](https://togithub.com/oxsecurity/megalinter/blob/HEAD/CHANGELOG.md#v6210---2023-03-26) [Compare Source](https://togithub.com/oxsecurity/megalinter/compare/v6.20.1...v6.21.0) - New linters - Add [**helm lint**](https://helm.sh/docs/helm/helm_lint/), by [@ThomasSanson](https://togithub.com/ThomasSanson) in [#2386](https://togithub.com/oxsecurity/megalinter/pull/2386) - Medias - Video: [Code quality - Ep01 - MegaLinter, one linter to rule them all](https://www.youtube.com/watch?v=NauVD4z-cMA), by [@devpro](https://togithub.com/devpro) - Video: [DevSecOps Webinar using MegaLinter](https://www.youtube.com/watch?v=hk950RUwIUA), by [5.15 Technologies](https://www.515tech.com/) - Video: (FR) [Coding Tech - L'importance de la CI/CD dans le développement de logiciels](https://www.youtube.com/watch?v=raCDpsP9O78), by [@GridexX](https://togithub.com/GridexX) from [R2DevOps](https://r2devops.io/) - Article: (FR) [MegaLinter, votre meilleur ami pour un code de qualité](https://www.neosoft.fr/nos-publications/blog-tech/mega-linter-votre-meilleur-ami-pour-un-code-de-qualite/?utm_source=twitter\&utm_medium=organic\&utm_campaign=article-mega-linter), by [@ThomasSanson](https://togithub.com/ThomasSanson) - Linter enhancements & fixes - [phpcs](https://megalinter.io/latest/descriptors/php_phpcs/): Add regex in descriptor to be able to extract the number of found errors, by [@nvuillam](https://togithub.com/nvuillam) in [#2453](https://togithub.com/oxsecurity/megalinter/pull/2453) - Replace babel-eslint with [@babel/eslint-parser](https://togithub.com/babel/eslint-parser), by [@bdovaz](https://togithub.com/bdovaz) in [#2445](https://togithub.com/oxsecurity/megalinter/pull/2445) - Use docker image to install phpstan, by [@nvuillam](https://togithub.com/nvuillam) in [#2469](https://togithub.com/oxsecurity/megalinter/pull/2469) - Avoid cspell error on readonly workspaces, by [@nvuillam](https://togithub.com/nvuillam) in [#2474](https://togithub.com/oxsecurity/megalinter/pull/2474) - Allow bandit to use pyproject.toml, by [@nvuillam](https://togithub.com/nvuillam) in [#2475](https://togithub.com/oxsecurity/megalinter/pull/2475) - Bring back stylelint-config-sass-guidelines package, by [@nvuillam](https://togithub.com/nvuillam) in [#2477](https://togithub.com/oxsecurity/megalinter/pull/2477) - Display only errors in markdown-link-check logs for better readability, by [@nvuillam](https://togithub.com/nvuillam) in [#2479](https://togithub.com/oxsecurity/megalinter/pull/2479) - Core - Run CI linter jobs only on Pull requests to avoid doubling jobs - Documentation - mega-linter-runner: doc fix for env list of values, see [#2448](https://togithub.com/oxsecurity/megalinter/issues/2448), by [@DariuszPorowski](https://togithub.com/DariuszPorowski) in [#2449](https://togithub.com/oxsecurity/megalinter/pull/2449) - Linter versions upgrades - [ansible-lint](https://ansible-lint.readthedocs.io/) from 6.14.1 to **6.14.3** - [bandit](https://bandit.readthedocs.io/en/latest/) from 1.7.4 to **1.7.5** - [cfn-lint](https://togithub.com/aws-cloudformation/cfn-lint) from 0.74.1 to **0.75.1** - [checkov](https://www.checkov.io/) from 2.3.70 to **2.3.120** - [checkstyle](https://checkstyle.sourceforge.io) from 10.8.0 to **10.9.3** - [clippy](https://togithub.com/rust-lang/rust-clippy) from 0.1.67 to **0.1.68** - [clj-kondo](https://togithub.com/borkdude/clj-kondo) from 2023.02.17 to **2023.03.17** - [cspell](https://togithub.com/streetsidesoftware/cspell/tree/master/packages/cspell) from 6.28.0 to **6.31.1** - [dotnet-format](https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-format) from 6.0.406 to **6.0.407** - [eslint-plugin-jsonc](https://ota-meshi.github.io/eslint-plugin-jsonc/) from 2.6.0 to **2.7.0** - [eslint](https://eslint.org) from 8.35.0 to **8.36.0** - [gitleaks](https://togithub.com/zricethezav/gitleaks) from 8.16.0 to **8.16.1** - [jscpd](https://togithub.com/kucherenko/jscpd/tree/master/packages/jscpd) from 3.5.3 to **3.5.4** - [jsonlint](https://togithub.com/prantlf/jsonlint) from 14.0.1 to **14.0.2** - [kics](https://www.kics.io) from 1.6.11 to **1.6.12** - [markdown-link-check](https://togithub.com/tcort/markdown-link-check) from 3.10.3 to **3.11.0** - [phpstan](https://phpstan.org/) from 1.10.5 to **1.10.8** - [prettier](https://prettier.io/) from 2.8.4 to **2.8.7** - [psalm](https://psalm.dev) from Psalm.5.7.7@ to **Psalm.5.8.0@** - [pylint](https://pylint.pycqa.org) from 2.16.4 to **2.17.1** - [pyright](https://togithub.com/Microsoft/pyright) from 1.1.296 to **1.1.300** - [revive](https://revive.run/) from 1.2.5 to **1.3.1** - [rstcheck](https://togithub.com/myint/rstcheck) from 6.1.1 to **6.1.2** - [rubocop](https://rubocop.org/) from 1.48.0 to **1.48.1** - [semgrep](https://semgrep.dev/) from 1.14.0 to **1.15.0** - [snakefmt](https://togithub.com/snakemake/snakefmt) from 0.8.1 to **0.8.3** - [snakemake](https://snakemake.readthedocs.io/en/stable/) from 7.24.0 to **7.25.0** - [sqlfluff](https://www.sqlfluff.com/) from 1.4.5 to **2.0.2** - [stylelint](https://stylelint.io) from 15.2.0 to **15.3.0** - [syft](https://togithub.com/anchore/syft) from 0.74.0 to **0.75.0** - [terraform-fmt](https://www.terraform.io/docs/cli/commands/fmt.html) from 1.3.9 to **1.4.2** - [terragrunt](https://terragrunt.gruntwork.io) from 0.44.4 to **0.45.0** - [trivy](https://aquasecurity.github.io/trivy/) from 0.38.1 to **0.38.3** - [v8r](https://togithub.com/chris48s/v8r) from 0.14.0 to **1.0.0** - [yamllint](https://yamllint.readthedocs.io/) from 1.29.0 to **1.30.0** ### [`v6.20.1`](https://togithub.com/oxsecurity/megalinter/blob/HEAD/CHANGELOG.md#v6201---2023-03-07) [Compare Source](https://togithub.com/oxsecurity/megalinter/compare/v6.20.0...v6.20.1) - Fixes - Fix [issue with running on Mac m1 no longer working](https://togithub.com/oxsecurity/megalinter/issues/2427), by [@nvuillam](https://togithub.com/nvuillam) in [#2430](https://togithub.com/oxsecurity/megalinter/pull/2430) - Fix [Container images errors when pulling](https://togithub.com/oxsecurity/megalinter/issues/2348), by [@echoix](https://togithub.com/echoix) in [#2435](https://togithub.com/oxsecurity/megalinter/pull/2435) - Fix [Pre npm install not resolving](https://togithub.com/oxsecurity/megalinter/issues/2428), by [@echoix](https://togithub.com/echoix) in [#2435](https://togithub.com/oxsecurity/megalinter/pull/2435) - Add build date in Beta docker images, by [@nvuillam](https://togithub.com/nvuillam) - Correct misleading error message in **GitlabCommentReporter.py**, see [#2420](https://togithub.com/oxsecurity/megalinter/issues/2420) - Fix **GitlabCommentReporter** wrong variables names, check [#2423](https://togithub.com/oxsecurity/megalinter/issues/2423) - Core - Improve config test, by [@bdovaz](https://togithub.com/bdovaz) in [#2426](https://togithub.com/oxsecurity/megalinter/pull/2426) - Doc - Add article [Level up your Unity Packages with CI/CD](https://medium.com/@RunningMattress/level-up-your-unity-packages-with-ci-cd-9498d2791211), by [@RunningMattress](https://togithub.com/RunningMattress) in [#2436](https://togithub.com/oxsecurity/megalinter/pull/2436) - Correct minor docs error by [@moverperfect](https://togithub.com/moverperfect) in [#2440](https://togithub.com/oxsecurity/megalinter/pull/2440) - Linter versions upgrades - [ansible-lint](https://ansible-lint.readthedocs.io/) from 6.14.0 to **6.14.1** - [bicep_linter](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/linter) from 0.14.85 to **0.15.31** - [cfn-lint](https://togithub.com/aws-cloudformation/cfn-lint) from 0.74.0 to **0.74.1** - [checkov](https://www.checkov.io/) from 2.3.59 to **2.3.70** - [csharpier](https://csharpier.com/) from 0.22.1 to **0.23.0** - [jsonlint](https://togithub.com/prantlf/jsonlint) from 13.0.1 to **14.0.1** - [mypy](https://mypy.readthedocs.io/en/stable/) from 1.0.1 to **1.1.1** - [phpstan](https://phpstan.org/) from 1.10.3 to **1.10.5** on 2023-03-07 - [protolint](https://togithub.com/yoheimuta/protolint) from 0.43.0 to **0.43.1** - [puppet-lint](http://puppet-lint.com/) from 3.2.0 to **3.3.0** - [pylint](https://pylint.pycqa.org) from 2.16.3 to **2.16.4** - [rubocop](https://rubocop.org/) from 1.47.0 to **1.48.0** - [stylelint](https://stylelint.io) from 14.16.1 to **15.2.0** ### [`v6.20.0`](https://togithub.com/oxsecurity/megalinter/blob/HEAD/CHANGELOG.md#v6200---2023-03-05) [Compare Source](https://togithub.com/oxsecurity/megalinter/compare/v6.19.0...v6.20.0) - Core - Upgrade base docker image from python:3.10.4-alpine3.16 to python:3.11.1-alpine3.17 - Build: remove folder contents before generating Dockerfile files for each linter in generate_linter_dockerfiles(), by [@bdovaz](https://togithub.com/bdovaz) in [#2294](https://togithub.com/oxsecurity/megalinter/pull/2294) - Build: remove folder contents before generating test classes for each linter in generate_linter_test_classes(), by [@bdovaz](https://togithub.com/bdovaz) in [#2294](https://togithub.com/oxsecurity/megalinter/pull/2294) - Build: automatically update the linter list used in the matrix of several of the workflows, by [@bdovaz](https://togithub.com/bdovaz) in [#2294](https://togithub.com/oxsecurity/megalinter/pull/2294) - Test: create a testing architecture for format/autofix linters, by [@bdovaz](https://togithub.com/bdovaz) in [#2294](https://togithub.com/oxsecurity/megalinter/pull/2294) - Test: create or adapt input files for format/autofix tests, by [@bdovaz](https://togithub.com/bdovaz) in [#2294](https://togithub.com/oxsecurity/megalinter/pull/2294) - Test: created specific test folders for linters that need them because they cannot share them, by [@bdovaz](https://togithub.com/bdovaz) in [#2294](https://togithub.com/oxsecurity/megalinter/pull/2294) - Added rubocop-rake RubyGem for linting Rake files with RuboCop - Fixes - Correctly generate class names and test class files for each linter when the linter descriptor defines the attribute "name", by [@bdovaz](https://togithub.com/bdovaz) in [#2294](https://togithub.com/oxsecurity/megalinter/pull/2294) - Removed the default **powershell** templates TEMPLATES/.powershell-formatter.psd1 and TEMPLATES/.powershell-psscriptanalyzer.psd1. Having these templates caused all rules to be ignored as the settings are not incremental but absolute, by [@bdovaz](https://togithub.com/bdovaz) in [#2294](https://togithub.com/oxsecurity/megalinter/pull/2294) - Added **cli_lint_fix_arg_name** parameter to **dotnet format** descriptor as without it, autofix does not work, by [@bdovaz](https://togithub.com/bdovaz) in [#2294](https://togithub.com/oxsecurity/megalinter/pull/2294) - Created **BicepLinter** class to add **DOTNET_SYSTEM_GLOBALIZATION_INVARIANT** environment variable to avoid problems with ICU packages, by [@bdovaz](https://togithub.com/bdovaz) in [#2294](https://togithub.com/oxsecurity/megalinter/pull/2294) - Modified **npm-groovy-lint** descriptor to add **--failon** parameter to only fail with error and not info which is the default value, by [@bdovaz](https://togithub.com/bdovaz) in [#2294](https://togithub.com/oxsecurity/megalinter/pull/2294) - Added **cli_lint_fix_arg_name** parameter to **powershell formatter** descriptor as without it, autofix does not work, by [@bdovaz](https://togithub.com/bdovaz) in [#2294](https://togithub.com/oxsecurity/megalinter/pull/2294) - Created **ProtolintLinter** class to fix the problem that returns exit code 1 when it encounters a problem to correct even though it corrects it correctly, by [@bdovaz](https://togithub.com/bdovaz) in [#2294](https://togithub.com/oxsecurity/megalinter/pull/2294) - Concatenate **--output** parameter correctly to **xmllint** linter, by [@bdovaz](https://togithub.com/bdovaz) in [#2294](https://togithub.com/oxsecurity/megalinter/pull/2294) - Modified the .pre-commit-hooks.yaml for megalinter-full so the containername argument is correctly split between two lines, by [@drbothen](https://togithub.com/drbothen) [#2411](https://togithub.com/oxsecurity/megalinter/pull/2411) - Avoid [jscpd](https://megalinter.io/v6/descriptors/copypaste_jscpd/) default config to detect copy pastes in image files - Move utilstest to megalinter folder to avoid import issues - Replace deprecated spectral package, by [@bdovaz](https://togithub.com/bdovaz) in by [@bdovaz](https://togithub.com/bdovaz) in [#2340](https://togithub.com/oxsecurity/megalinter/pull/2340) - Generate correct urls for packages with fixed versions, by [@bdovaz](https://togithub.com/bdovaz) in [#2339](https://togithub.com/oxsecurity/megalinter/pull/2339) - Documentation - Change **swiftlint** example that did not correctly reflect the **--fix** parameter, by [@bdovaz](https://togithub.com/bdovaz) in [#2294](https://togithub.com/oxsecurity/megalinter/pull/2294) - Change in TSX **eslint** descriptor the urls as they were not correct, by [@bdovaz](https://togithub.com/bdovaz) in [#2294](https://togithub.com/oxsecurity/megalinter/pull/2294) - Change in TYPESCRIPT **eslint** descriptor the urls as they were not correct, by [@bdovaz](https://togithub.com/bdovaz) on [#2294](https://togithub.com/oxsecurity/megalinter/pull/2294) - Use mkdocs-glightbox to allow to click on images and display them in full screen - CI - Use docker/build-push-action to build docker images and akhilerm/tag-push-action to release by retagging and pushing beta images instead of rebuilding them - Authenticate to GitHub API during docker build to avoid reaching limits - Remove apk go package install in images where possible to decrease image sizes, by [@echoix](https://togithub.com/echoix) in [#2318](https://togithub.com/oxsecurity/megalinter/pull/2318) - Create a slash PR bot to run `./build.sh` command manually on PRs, by [@echoix](https://togithub.com/echoix) in [#2353](https://togithub.com/oxsecurity/megalinter/pull/2353) and [#2381](https://togithub.com/oxsecurity/megalinter/pull/2381) - Limit parallel execution of large job matrix in the workflows with max-parallel in order to keep runners available for other jobs, by [@echoix](https://togithub.com/echoix) in [#2397](https://togithub.com/oxsecurity/megalinter/pull/2397) - Linter versions upgrades - [ansible-lint](https://ansible-lint.readthedocs.io/) from 6.12.1 to **6.14.0** - [bash-exec](https://tiswww.case.edu/php/chet/bash/bashtop.html) from 5.1.16 to **5.2.15** - [bicep_linter](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/linter) from 0.14.46 to **0.14.85** - [cfn-lint](https://togithub.com/aws-cloudformation/cfn-lint) from 0.72.10 to **0.74.0** - [checkmake](https://togithub.com/mrtazz/checkmake) from 0.2.1 to **0.2.0** - [checkov](https://www.checkov.io/) from 2.1.244 to **2.3.18** - [checkstyle](https://checkstyle.sourceforge.io) from 10.7.0 to **10.8.0** - [clj-kondo](https://togithub.com/borkdude/clj-kondo) from 2023.01.20 to **2023.02.17** - [cspell](https://togithub.com/streetsidesoftware/cspell/tree/master/packages/cspell) from 6.21.0 to **6.28.0** - [djlint](https://djlint.com/) from 1.19.13 to **1.19.16** - [dotnet-format](https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-format) from 6.0.405 to **6.0.406** - [dustilock](https://togithub.com/Checkmarx/dustilock) from 0.0.0 to **1.2.0** - [editorconfig-checker](https://editorconfig-checker.github.io/) from 2.4.0 to **2.7.0** - [eslint](https://eslint.org) from 8.33.0 to **8.35.0** - [git_diff](https://git-scm.com) from 2.36.4 to **2.38.4** - [gitleaks](https://togithub.com/zricethezav/gitleaks) from 8.15.3 to **8.16.0** - [golangci-lint](https://golangci-lint.run/) from 1.51.0 to **1.51.2** - [jscpd](https://togithub.com/kucherenko/jscpd/tree/master/packages/jscpd) from 3.3.26 to **3.5.3** - [jsonlint](https://togithub.com/prantlf/jsonlint) from 11.7.0 to **13.0.1** - [kics](https://www.kics.io) from 1.6.9 to **1.6.11** - [mypy](https://mypy.readthedocs.io/en/stable/) from 0.991 to **1.0.1** - [perlcritic](https://metacpan.org/pod/Perl::Critic) from 1.148 to **1.150** - [phpcs](https://togithub.com/squizlabs/PHP_CodeSniffer) from 3.7.1 to **3.7.2** - [phpstan](https://phpstan.org/) from 1.9.14 to **1.10.3** - [powershell_formatter](https://togithub.com/PowerShell/PSScriptAnalyzer) from 7.3.2 to **7.3.3** - [powershell](https://togithub.com/PowerShell/PSScriptAnalyzer) from 7.3.2 to **7.3.3** - [prettier](https://prettier.io/) from 2.8.3 to **2.8.4** - [protolint](https://togithub.com/yoheimuta/protolint) from 0.42.2 to **0.43.0** - [psalm](https://psalm.dev) from Psalm.5.6.0@ to **Psalm.5.7.7@** - [puppet-lint](http://puppet-lint.com/) from 3.0.1 to **3.2.0** - [pylint](https://pylint.pycqa.org) from 2.16.1 to **2.16.3** - [pyright](https://togithub.com/Microsoft/pyright) from 1.1.270 to **1.1.296** - [rubocop](https://rubocop.org/) from 1.44.1 to **1.47.0** - [secretlint](https://togithub.com/secretlint/secretlint) from 6.2.0 to **6.2.3** - [semgrep](https://semgrep.dev/) from 1.9.0 to **1.14.0** - [sfdx-scanner-apex](https://forcedotcom.github.io/sfdx-scanner/) from 3.8.0 to **3.10.0** - [sfdx-scanner-aura](https://forcedotcom.github.io/sfdx-scanner/) from 3.8.0 to **3.10.0** - [sfdx-scanner-lwc](https://forcedotcom.github.io/sfdx-scanner/) from 3.8.0 to **3.10.0** - [snakemake](https://snakemake.readthedocs.io/en/stable/) from 7.21.0 to **7.24.0** - [spectral](https://meta.stoplight.io/docs/spectral/README.md) from 5.9.2 to **6.6.0** - [syft](https://togithub.com/anchore/syft) from 0.70.0 to **0.74.0** - [terraform-fmt](https://www.terraform.io/docs/cli/commands/fmt.html) from 1.3.7 to **1.3.9** - [terragrunt](https://terragrunt.gruntwork.io) from 0.43.2 to **0.44.4** - [terrascan](https://www.accurics.com/products/terrascan/) from 1.16.0 to **1.18.0** - [tflint](https://togithub.com/terraform-linters/tflint) from 0.44.1 to **0.45.0** - [trivy](https://aquasecurity.github.io/trivy/) from 0.35.0 to **0.38.1** - [xmllint](http://xmlsoft.org/xmllint.html) from 20914 to **21003**slsa-framework/slsa-github-generator
### [`v1.5.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v150) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.4.0...v1.5.0) #### Summary of changes ##### Go builder ##### New Features - A new [`upload-tag-name`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs) input was added to allow users to specify the tag name for the release when `upload-assets` is set to `true`. - The environment variables included in provenance output were changed to include only those variables that are specified by the user in the [slsa-goreleaser.yml configuration file](https://togithub.com/slsa-framework/slsa-github-generator/tree/v1.5.0/internal/builders/go#configuration-file) in order to improve reproducibility. See [#822](https://togithub.com/slsa-framework/slsa-github-generator/issues/822) for more information and background. ##### Generic generator ##### New Features - A new boolean [`continue-on-error`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs) input was added which, when set to `true`, prevents the workflow from failing when a step fails. If set to true, the result of the reusable workflow will be return in the [`outcome`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-outputs) output. - A new [`upload-tag-name`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs) input was added to allow users to specify the tag name for the release when `upload-assets` is set to `true`. ##### Container generator ##### New Features - A new boolean [`continue-on-error`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs) input was added which, when set to `true`, prevents the workflow from failing when a step fails. If set to true, the result of the reusable workflow will be return in the [`outcome`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-outputs) output. - A new [`repository-username`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs) secret input was added to allow users to pass their repository username that is stored in a [Github Actions encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets). This secret input should only be used for high-entropy registry username values such as AWS Access Key. - Support was added for authenticating with [Google Artifact Registry](https://cloud.google.com/artifact-registry) and [Google Container Registry](https://cloud.google.com/container-registry) using [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation). Users can use this new feature by using the [`gcp-workload-identity-provider` and `gcp-service-account` inputs](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs) #### Changelog since v1.4.0Configuration
📅 Schedule: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.