search

oxsecurity / megalinter

🦙 MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues in your repository sources with a GitHub Action, other CI tools or locally.
https://megalinter.io
GNU Affero General Public License v3.0
1.8k stars 215 forks source link

[automation] Auto-update linters version, help and documentation #3669

Closed nvuillam closed 1 week ago

nvuillam commented 1 week ago

[automation] Auto-update linters version, help and documentation

github-actions[bot] commented 1 week ago

🦙 MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
✅ API spectral 2 0 3.04s
✅ BASH bash-exec 5 0 0.05s
✅ BASH shellcheck 5 0 0.14s
✅ BASH shfmt 5 0 0 0.61s
✅ COPYPASTE jscpd yes no 4.44s
✅ DOCKERFILE hadolint 130 0 18.59s
✅ JSON jsonlint 18 0 0.21s
✅ JSON v8r 20 0 28.65s
⚠️ MARKDOWN markdownlint 265 0 272 33.69s
✅ MARKDOWN markdown-table-formatter 265 0 0 142.36s
✅ OPENAPI spectral 2 0 3.26s
⚠️ PYTHON bandit 211 64 3.79s
✅ PYTHON black 211 0 0 6.0s
✅ PYTHON flake8 211 0 3.13s
✅ PYTHON isort 211 0 0 1.3s
✅ PYTHON mypy 211 0 19.74s
✅ PYTHON pylint 211 0 17.68s
✅ PYTHON ruff 211 0 0 0.73s
✅ REPOSITORY checkov yes no 44.25s
✅ REPOSITORY git_diff yes no 0.62s
⚠️ REPOSITORY grype yes 1 23.29s
✅ REPOSITORY secretlint yes no 13.25s
✅ REPOSITORY trivy yes no 21.19s
✅ REPOSITORY trivy-sbom yes no 4.16s
⚠️ REPOSITORY trufflehog yes 1 14.02s
✅ SPELL cspell 693 0 26.76s
⚠️ SPELL lychee 346 1 7.72s
✅ XML xmllint 3 0 0 0.6s
✅ YAML prettier 161 0 0 6.11s
✅ YAML v8r 102 0 192.06s
✅ YAML yamllint 162 0 2.27s

See detailed report in MegaLinter reports

_MegaLinter is graciously provided by OX Security_

echoix commented 1 week ago

/build

Command run output Build command workflow started. Installing dependencies Running script ./build.sh Build command workflow completed updating files.

echoix commented 1 week ago

If passes, add the base image change in changelog. I hope it has a fixed golang stdlib version (not yet released on 3.19)

echoix commented 1 week ago

/build

Command run output Build command workflow started. Installing dependencies Running script ./build.sh Build command workflow completed updating files.

echoix commented 1 week ago

Regex for cfn-lint needs to be changed for the major version bump

echoix commented 1 week ago

Regex for cfn-lint needs to be changed for the major version bump

What if we use the --format parsable? Or can we just use sarif? The output is very different

nvuillam commented 1 week ago

@echoix can't we just change the regex ? What is the new value returned ?

echoix commented 1 week ago

Yes you could, but might as well parse one that is meant to be parsable

nvuillam commented 1 week ago

Sorry, very hard to find time these days, i'll check this weekend 🥹

echoix commented 1 week ago

@nvuillam see my branch that I couldn't push when using Gitpod https://github.com/echoix/megalinter/tree/cpr2

There is phpstan that I don't really understand what to really fix. They don't show the results on internal errors since 1.11.5, but what is that error?

The go CVEs are still there

Changed the alpine image

cfn-lint needs to be redone after, I pinned it.