ci: bump oxsecurity/megalinter from 8.0.0 to 8.1.0

[dependabot[bot]]

Bumps oxsecurity/megalinter from 8.0.0 to 8.1.0.

Release notes

Sourced from oxsecurity/megalinter's releases.

v8.1.0

What's Changed

• Core

  • Allow to tag PRE_COMMANDS to run them before loading plugins, by @​nvuillam in oxsecurity/megalinter#3944
  • Replace usage of setup.py with a pyproject.toml package install, by @​echoix in #3893
  • Allow to add custom messages at the end of PR / MR MegaLinter Summary using variable JOB_SUMMARY_ADDITIONAL_MARKDOWN

• New linters

  • New LUA linter: selene, by @​AlejandroSuero in oxsecurity/megalinter#3978
  • New LUA formatter: stylua, by @​AlejandroSuero in oxsecurity/megalinter#3985

• Linters enhancements

  • Trivy
    • Embed vulnerability database in Docker Image for running trivy on internet-free network
    • Retry 5 times after 3 seconds in case of TooManyRequests when downloading vulnerability database
    • If the retries did not succeed, call trivy with --skip-db-update --skip-check-update (not ideal but better than nothing)
  • Bash/Perl: Support shell scripts with no extension and only support perl shebangs at the beginning of a file in oxsecurity/megalinter#4076

• Fixes

  • Add debug traces to investigate reporters activation
  • Add more traces for ApiReporter
  • Activate ApiReporter by default

• Reporters

  • Fix ApiReporter not called in MegaLlinter flavors

• Doc

  • Fix Grafana Home Dashboard to add missing criteria
  • Update PRE_COMMANDS documentation to describe all properties
  • Update Grafana documentation to fix secrets typo

• CI

  • Free space in release job to avoid no space left on device, by @​nvuillam in oxsecurity/megalinter#3914
  • Add pytest-rerunfailures to improve CI control jobs success, by @​AlejandroSuero in oxsecurity/megalinter#3993
  • Send GITHUB_TOKEN to trivy-action
  • Workaround to avoid to reach Docker Hub rate limits: Build & push first on ghcr.io, then login to docker hub, then push to docker hub

• Linter versions upgrades

  • actionlint from 1.7.1 to 1.7.3 on 2024-09-29
  • ansible-lint from 24.7.0 to 24.9.2 on 2024-09-20
  • bandit from 1.7.9 to 1.7.10 on 2024-09-23
  • bicep_linter from 0.29.47 to 0.30.23 on 2024-09-24
  • black from 24.8.0 to 24.10.0 on 2024-10-07
  • cfn-lint from 1.10.3 to 1.16.1 on 2024-10-11
  • checkov from 3.2.232 to 3.2.257 on 2024-10-06
  • checkstyle from 10.17.0 to 10.18.2 on 2024-09-29
  • clippy from 0.1.80 to 0.1.81 on 2024-09-06
  • clj-kondo from 2024.08.01 to 2024.09.27 on 2024-09-26
  • cpplint from 1.6.1 to 2.0.0 on 2024-10-06

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

[v8.1.0] - 2024-10-13

• Core

  • Allow to tag PRE_COMMANDS to run them before loading plugins, by @​nvuillam in oxsecurity/megalinter#3944
  • Replace usage of setup.py with a pyproject.toml package install, by @​echoix in #3893
  • Allow to add custom messages at the end of PR / MR MegaLinter Summary using variable JOB_SUMMARY_ADDITIONAL_MARKDOWN

• New linters

  • New LUA linter: selene, by @​AlejandroSuero in oxsecurity/megalinter#3978
  • New LUA formatter: stylua, by @​AlejandroSuero in oxsecurity/megalinter#3985

• Linters enhancements

  • Trivy
    • Embed vulnerability database in Docker Image for running trivy on internet-free network
    • Retry 5 times after 3 seconds in case of TooManyRequests when downloading vulnerability database
    • If the retries did not succeed, call trivy with --skip-db-update --skip-check-update (not ideal but better than nothing)
  • Bash/Perl: Support shell scripts with no extension and only support perl shebangs at the beginning of a file in oxsecurity/megalinter#4076

• Fixes

  • Add debug traces to investigate reporters activation
  • Add more traces for ApiReporter
  • Activate ApiReporter by default

• Reporters

  • Fix ApiReporter not called in MegaLinter flavors

• Doc

  • Fix Grafana Home Dashboard to add missing criteria
  • Update PRE_COMMANDS documentation to describe all properties
  • Update Grafana documentation to fix secrets typo

• CI

  • Free space in release job to avoid no space left on device, by @​nvuillam in oxsecurity/megalinter#3914
  • Add pytest-rerunfailures to improve CI control jobs success, by @​AlejandroSuero in oxsecurity/megalinter#3993
  • Send GITHUB_TOKEN to trivy-action
  • Workaround to avoid to reach Docker Hub rate limits: Build & push first on ghcr.io, then login to docker hub, then push to docker hub

• Linter versions upgrades

  • actionlint from 1.7.1 to 1.7.3 on 2024-09-29
  • ansible-lint from 24.7.0 to 24.9.2 on 2024-09-20
  • bandit from 1.7.9 to 1.7.10 on 2024-09-23
  • bicep_linter from 0.29.47 to 0.30.23 on 2024-09-24
  • black from 24.8.0 to 24.10.0 on 2024-10-07
  • cfn-lint from 1.10.3 to 1.16.1 on 2024-10-11
  • checkov from 3.2.232 to 3.2.257 on 2024-10-06
  • checkstyle from 10.17.0 to 10.18.2 on 2024-09-29
  • clippy from 0.1.80 to 0.1.81 on 2024-09-06
  • clj-kondo from 2024.08.01 to 2024.09.27 on 2024-09-26
  • cpplint from 1.6.1 to 2.0.0 on 2024-10-06
  • csharpier from 0.29.0 to 0.29.2 on 2024-09-16

... (truncated)

Commits

• b38cdf1 Release MegaLinter v8.1.0
• 34e6e89 chore(deps): update dependency @​salesforce/plugin-packaging to v2.8.12 (#4108)
• af5b600 chore(deps): update dependency @​salesforce/cli to v2.61.8 (#4105)
• ff75bda fix(deps): update dependency mem-fs to v4.1.1 (#4111)
• 3611a99 [automation] Auto-update linters version, help and documentation (#4117)
• 7e0f487 Update renovate configuration, schedule and groups (#4116)
• eca1d16 chore(deps): update dependency sfdx-hardis to v5.1.0 (#4115)
• 40d8b26 chore(deps): update trufflesecurity/trufflehog docker tag to v3.82.8 (#4109)
• be4d2ce chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.4.20 (#4102)
• fdd83ef chore(deps): update dependency psscriptanalyzer to 1.23.0 (#4106)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)