Releases: oxsecurity/megalinter
What's Changed
- New video (Brazilian) MegaLinter: Como Automatizar a Qualidade do Código para Todas Plataformas , by Codando TV
- Fix .NET linters issue: Add --allow-roll-forward to dotnet tool install commands, by @bdovaz in #4619
- GH-4610 : PHP CS Fixer linter version available is not correct since running on PHP 8.4 runtime, by @llaville in #4611
- Allow cspell to work with CLI_LINT_MODE=project
- Downgrade npm-groovy-lint until it's fixed, by @nvuillam in #4628
Linter versions upgrades (31)
- ansible-lint from 25.1.0 to 25.1.1
- black from 24.10.0 to 25.1.0
- cfn-lint from 1.22.7 to 1.23.1
- checkov from 3.2.357 to 3.2.360
- cspell from 8.17.2 to 8.17.3
- dartanalyzer from 3.6.1 to 3.6.2
- devskim from 1.0.51 to 1.0.52
- editorconfig-checker from 3.1.2 to 3.2.0
- gitleaks from 8.23.2 to 8.23.3
- isort from 5.13.2 to 6.0.0
- lightning-flow-scanner from 2.39.0 to 2.43.0
- npm-groovy-lint from 15.0.2 to 15.0.0
- php-cs-fixer from 3.68.0 to 3.68.5
- powershell from 7.4.6 to 7.5.0
- powershell_formatter from 7.4.6 to 7.5.0
- psalm from Psalm.6.0.0@ to Psalm.6.1.0@
- pylint from 3.3.3 to 3.3.4
- pyright from 1.1.392 to 1.1.393
- raku from 2024.10 to 2024.12
- roslynator from to
- rubocop from 1.71.0 to 1.71.1
- ruff-format from 0.9.3 to 0.9.4
- ruff from 0.9.3 to 0.9.4
- sfdx-scanner-apex from 4.8.0 to 4.9.0
- sfdx-scanner-aura from 4.8.0 to 4.9.0
- sfdx-scanner-lwc from 4.8.0 to 4.9.0
- tflint from 0.55.0 to 0.55.1
- trivy-sbom from 0.58.2 to 0.59.0
- trivy from 0.58.2 to 0.59.0
- trufflehog from 3.88.2 to 3.88.4
Full Changelog: v8.4.1...v8.4.2
What's Changed
- Quick fix about PRE_COMMANDS crash (see #4591)
- Linter versions upgrades (2)
- checkstyle from 10.21.1 to 10.21.2 on 2025-01-26
- stylelint from 16.14.0 to 16.14.1 on 2025-01-27
Important: We know that .NET linters still have issues, but first things first, we'll publish another patch later :)
Full Changelog:
What's Changed
- PHP Linters use now the
first official release 1.0.0 to generate SARIF reports, by @llaville in #4357 - Upgrade PHP engine from 8.3 to 8.4 and allow Psalm 5.26 to run on this context (by @llaville)
- Linters can specify in the pre/post commands with a
parameter whether the command is to be executed before/after the execution of the linters themselves (by @bdovaz in #4482) - Bump python version to 3.12.8, by @echoix in #4372
- Update to .NET 9, by @bdovaz in #4488
- Upgrade PHP engine from 8.3 to 8.4, by @llaville in #4524
- PHP Linters use now the
New linters
Disabled linters
- Snakemake has been disabled, because its dependency datrie not maintained, and issue open in snakemake repo since july is still pending
Linters enhancements
- Add prettier for markdown, by Qin Li
- swiftlint Fix swiftlint error where linter is unable to find lintable files. Fixes #440, by @Noraldeno in #4427
- jscpd url fixes, by @alexanderbazhenoff in #4352
- Don't call get_pr_data if GitLeaks linter is not active, by @bdovaz in #4469
- Fix linter disabled reason usage, by @bdovaz in #4466
- Fix up gitpod config and workflow to support uv 0.5.0+ by @echoix in #4373
- Use uv.lock file to build docker images, by @echoix in #4374
- Update Renovate schedules for uv and sfdx-hardis, by @echoix in #4568
- Variabilize version and use renovate for updates for the following linters:
- all GO linters
- all REPOSITORY linters
- arm-ttk
- bash-shfmt
- bicep
- clj-kondo
- cljstyle
- csharpier
- dart
- ktlint
- kubescape
- lychee
- luacheck
- markdown-link-check
- perlcritic
- raku
- tsqllint
Linter versions upgrades (66)
- actionlint from 1.7.6 to 1.7.7
- ansible-lint from 24.12.2 to 25.1.0
- banditto 1.8.2
- bash-exec from 5.2.26 to 5.2.37
- bicep_linter from to 0.33.13
- cfn-lint 1.22.7
- checkov from to 3.2.357
- checkstyle from 10.20.1 to 10.21.1
- clang-format from 17.0.6 to 19.1.4
- clippy 0.1.84
- clj-kondo from 2024.11.14 to 2025.01.16
- cljstyle from 0.15.0 to 0.17.642
- csharpier from 0.30.2 to 0.30.6
- cspell from 8.16.0 to 8.17.2
- devskim from 1.0.44 to 1.0.51
- djlint from 1.36.1 to 1.36.4
- dotnet-format from 8.0.111 to 9.0.102
- editorconfig-checker from 3.0.3 to 3.1.2
- git_diff from 2.45.2 to 2.47.2
- gitleaks from 8.21.2 to 8.23.2
- golangci-lint from 1.62.0 to 1.63.4
- grype from 0.79.5 to 0.87.0
- helm from 3.14.3 to 3.16.3
- ktlint from 1.4.1 to 1.5.0
- lightning-flow-scanner from 2.36.0 to 2.39.0
- lychee from 0.17.0 to 0.18.0
- markdownlint from 0.43.0 to 0.44.0
- mypy from 1.13.0 to 1.14.0
- mypy from 1.14.0 to 1.14.1
- php-cs-fixer from 3.64.0 to 7.4.0
- phpcs from 3.11.1 to 3.11.3
- phplint from 9.5.4 to 9.5.6
- phpstan from 2.0.2 to 2.1.2
- pmd from 7.7.0 to 7.9.0
- powershell from 7.4.2 to 7.4.6
- powershell_formatter from 7.4.2 to 7.4.6
- prettier from 3.3.3 to 3.4.2
- protolint from 0.50.5 to 0.52.0
- psalm from Psalm.5.26.1@ to Psalm.6.0.0@
- pylint from 3.3.1 to 3.3.3
- pyright from 1.1.389 to 1.1.392
- raku from 2020.10 to 2024.10
- revive from 1.5.1 to 1.6.0
- rubocop from 1.68.0 to 1.71.0
- ruff-format from 0.8.6 to 0.9.3
- ruff from 0.8.0 to 0.9.3
- scalafix from 0.13.0 to 0.14.0
- selene from 0.27.1 to 0.28.0
- sfdx-scanner-apex from 4.7.0 to 4.8.0
- sfdx-scanner-aura from 4.7.0 to 4.8.0
- sfdx-scanner-lwc from 4.7.0 to 4.8.0
- snakemake from 8.25.3 to 8.27.1
- sqlfluff from 3.2.5 to 3.3.0
- stylelint from 16.10.0 to 16.14.0
- swiftlint from 0.57.0 to 0.58.2
- syft from 1.17.0 to 1.19.0
- terraform-fmt from 1.10.0 to 1.10.3
- terraform-fmt from 1.9.8 to 1.10.0
- terragrunt from 0.68.14 to 0.69.13
- tflint from 0.54.0 to 0.55.0
- trivy-sbom from 0.57.1 to 0.58.2
- trivy from 0.57.1 to 0.58.2
- trufflehog from 3.84.1 to 3.88.2
- v8r from 4.2.0 to 4.2.1
- vale from 3.9.1 to 3.9.4
- xmllint from 21207 to 21304
New Contributors
- @alexanderbazhenoff made their first contribution in #4352
- @Noraldeno made their first contribution in #4427
Full Changelog: v8.3.0...v8.4.0
What's Changed
- Display command log (truncated to 250 chars) even when LOG_LEVEL is not DEBUG
- Allow to replace an ENV var value with the value of another ENV var before calling a PRE_COMMAND (helps for tflint run from GitHub Enterprise)
- Fix handling of git submodule paths
- trivy: retry in case of BLOB_UNKNOWN while downloading vulnerability list
- Fix UpdatedSourcesReporter when
is list (array) - Fix AzureCommentReporter when the repo is not found: fallback using BUILD_REPOSITORY_ID. (+ disable space replacement in repo name with
- Fix UpdatedSourcesReporter when
- Fix Docker mirroring job for release context
- Remove max parallel jobs for release linters workflow
Linter versions upgrades (13)
- cfn-lint from 1.19.0 to 1.20.0
- checkov from 3.2.298 to 3.2.311
- csharpier from 0.29.2 to 0.30.2
- markdownlint from 0.42.0 to 0.43.0
- phpstan from 2.0.1 to 2.0.2
- ruff from 0.7.4 to 0.8.0
- spectral from 6.14.1 to 6.14.2
- stylua from 0.20.0 to 2.0.0
- syft from 1.16.0 to 1.17.0
- trivy-sbom from 0.57.0 to 0.57.1
- trivy from 0.57.0 to 0.57.1
- trufflehog from 3.83.7 to 3.84.1
- vale from 3.9.0 to 3.9.1
MegaLinter is graciously provided by
Please share the LinkedIn Post
Full Changelog: v8.2.0...v8.3.0
What's Changed
Linters enhancements
- detekt Enable SARIF output + count errors
- lintr: Support files in subdirectories, fix unit tests
- phpcs-fixer: Activate APPLY_FIXES
- Salesforce linters: Add SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins
- trivy: handle retry if
failed to download Java DB
is detected - tsqllint Re-enabled after .net 8 and security updates
- Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered
- Fix linting errors in GitHub Actions template
- UpdatedSourcesReporter will git commit & push fixed files to source branch if APPLY_FIXES is set
- Fix AzureCommentReporter not adding comments to PR
- Fix AzureCommentReporter fails when target repo contains spaces
- Updated documentation with Azure central pipeline use case
- Update DevSkim documentation to show a valid exclusion config file
- Note about
rules and how to fix rule violations with PHP-CS-Fixer
- Also prune volumes before pulling and pushing to docker hub
- Externalize mirroring from to docker hub in another workflow to avoid memory issues
- Squash docker images to have less layers and size
- Comment jobs related to GitHub Worker images, as CodeTotal is not actively maintained
- Make gitpod workflow not blocking until uv install is fixed
- Update stale comment
- Try several times to embed trivy db during Docker build, as a workaround to the random failures
- Wait 10 secondes instead of 1 before retrying a failing test method, to avoid race conditions
Linter versions upgrades (104)
- actionlint from 1.7.3 to 1.7.4
- ansible-lint from 24.9.2 to 24.10.0
- bicep_linter from 0.30.23 to 0.31.92
- cfn-lint from 1.16.1 to 1.19.0
- checkov from 3.2.257 to 3.2.298
- checkstyle from 10.18.2 to 10.20.1
- clippy from 0.1.81 to 0.1.82
- clj-kondo from 2024.09.27 to 2024.11.14
- cspell from 8.15.1 to 8.16.0
- devskim from 1.0.33 to 1.0.44
- djlint from 1.35.2 to 1.36.1
- dotnet-format from 8.0.110 to 8.0.111
- gitleaks from 8.20.1 to 8.21.2
- golangci-lint from 1.61.0 to 1.62.0
- ktlint from 1.3.1 to 1.4.1
- lightning-flow-scanner from 2.34.0 to 2.36.0
- lychee from 0.16.1 to 0.17.0
- mypy from 1.11.2 to 1.13.0
- perlcritic from 1.152 to 1.156
- phpcs from 3.10.3 to 3.11.1
- phplint from 9.5.3 to 9.5.4
- phpstan from 1.12.6 to 2.0.1
- pmd from 7.6.0 to 7.7.0
- pyright from 1.1.384 to 1.1.389
- revive from 1.4.0 to 1.5.1
- roslynator from to
- rubocop from 1.66.1 to 1.68.0
- ruff from 0.6.9 to 0.7.4
- secretlint from 8.4.0 to 9.0.0
- sfdx-scanner-apex from 4.6.0 to 4.7.0
- sfdx-scanner-aura from 4.6.0 to 4.7.0
- sfdx-scanner-lwc from 4.6.0 to 4.7.0
- shfmt from 3.9.0 to 3.10.0
- snakemake from 8.21.0 to 8.25.3
- spectral from 6.13.1 to 6.14.1
- sqlfluff from 3.2.3 to 3.2.5
- syft from 1.14.0 to 1.16.0
- terraform-fmt from 1.9.5 to 1.9.8
- terragrunt from 0.67.5 to 0.68.14
- tflint from 0.53.0 to 0.54.0
- trivy-sbom from 0.56.2 to 0.57.0
- trivy from 0.56.2 to 0.57.0
- trufflehog from 3.82.11 to 3.83.7
- tsqllint from to
- v8r from 4.1.0 to 4.2.0
- vale from 3.7.1 to 3.9.0
New Contributors
- @ideaship made their first contribution in #4126
- @girlpunk made their first contribution in #4129
- @nwiltsie made their first contribution in #4235
- @mihaur made their first contribution in #4104
MegaLinter is graciously provided by
Please share the LinkedIn Post
Full Changelog: v8.1.0...v8.2.0
What's Changed
New linters
- New LUA linter: selene, by @AlejandroSuero in #3978
- New LUA formatter: stylua, by @AlejandroSuero in #3985
Linters enhancements
- Trivy
- Embed vulnerability database in Docker Image for running trivy on internet-free network
- Retry 5 times after 3 seconds in case of TooManyRequests when downloading vulnerability database
- If the retries did not succeed, call trivy with
--skip-db-update --skip-check-update
(not ideal but better than nothing)
- Bash/Perl: Support shell scripts with no extension and only support perl shebangs at the beginning of a file in #4076
- Trivy
- Add debug traces to investigate reporters activation
- Add more traces for ApiReporter
- Activate ApiReporter by default
- Fix ApiReporter not called in MegaLlinter flavors
- Fix Grafana Home Dashboard to add missing criteria
- Update PRE_COMMANDS documentation to describe all properties
- Update Grafana documentation to fix secrets typo
- Free space in release job to avoid no space left on device, by @nvuillam in #3914
- Add
to improve CI control jobs success, by @AlejandroSuero in #3993 - Send GITHUB_TOKEN to trivy-action
- Workaround to avoid to reach Docker Hub rate limits: Build & push first on, then login to docker hub, then push to docker hub
Linter versions upgrades
- actionlint from 1.7.1 to 1.7.3 on 2024-09-29
- ansible-lint from 24.7.0 to 24.9.2 on 2024-09-20
- bandit from 1.7.9 to 1.7.10 on 2024-09-23
- bicep_linter from 0.29.47 to 0.30.23 on 2024-09-24
- black from 24.8.0 to 24.10.0 on 2024-10-07
- cfn-lint from 1.10.3 to 1.16.1 on 2024-10-11
- checkov from 3.2.232 to 3.2.257 on 2024-10-06
- checkstyle from 10.17.0 to 10.18.2 on 2024-09-29
- clippy from 0.1.80 to 0.1.81 on 2024-09-06
- clj-kondo from 2024.08.01 to 2024.09.27 on 2024-09-26
- cpplint from 1.6.1 to 2.0.0 on 2024-10-06
- csharpier from 0.29.0 to 0.29.2 on 2024-09-16
- cspell from 8.14.1 to 8.15.1 on 2024-10-11
- detekt from 1.23.6 to 1.23.7 on 2024-09-08
- djlint from 1.34.1 to 1.35.2 on 2024-08-29
- dotnet-format from 8.0.108 to 8.0.110 on 2024-10-11
- eslint from 8.57.0 to 8.57.1 on 2024-09-16
- gitleaks from 8.18.4 to 8.20.1 on 2024-10-08
- golangci-lint from 1.60.1 to 1.61.0 on 2024-09-09
- kics from 2.1.2 to 2.1.3 on 2024-10-04
- lightning-flow-scanner from 2.33.0 to 2.34.0 on 2024-08-25
- lychee from 0.15.1 to 0.16.1 on 2024-10-07
- markdownlint from 0.41.0 to 0.42.0 on 2024-09-24
- mypy from 1.11.1 to 1.11.2 on 2024-08-25
- npm-groovy-lint from 14.6.0 to 15.0.2 on 2024-08-29
- php-cs-fixer from 3.62.0 to 3.64.0 on 2024-08-31
- phpcs from 3.10.2 to 3.10.3 on 2024-09-20
- phplint from 9.4.1 to 9.5.3 on 2024-10-11
- phpstan from 1.11.11 to 1.12.6 on 2024-10-06
- pmd from 7.4.0 to 7.6.0 on 2024-09-27
- psalm from Psalm.5.25.0@ to Psalm.5.26.1@ on 2024-09-09
- pylint from 3.2.6 to 3.3.1 on 2024-09-24
- pyright from 1.1.376 to 1.1.384 on 2024-10-11
- revive from 1.3.9 to 1.4.0 on 2024-09-23
- roslynator from to on 2024-10-11
- rubocop from 1.65.1 to 1.66.1 on 2024-09-06
- ruff from 0.6.1 to 0.6.9 on 2024-10-04
- scalafix from 0.12.1 to 0.13.0 on 2024-09-27
- secretlint from 8.2.4 to 8.4.0 on 2024-10-06
- sfdx-scanner-apex from 4.4.0 to 4.6.0 on 2024-09-26
- sfdx-scanner-aura from 4.4.0 to 4.6.0 on 2024-09-26
- sfdx-scanner-lwc from 4.4.0 to 4.6.0 on 2024-09-26
- shfmt from 3.8.0 to 3.9.0 on 2024-09-03
- snakemake from 8.18.1 to 8.21.0 on 2024-10-13
- spectral from 6.11.1 to 6.13.1 on 2024-09-21
- sqlfluff from 3.1.0 to 3.2.3 on 2024-10-11
- standard from 17.1.0 to 17.1.2 on 2024-09-13
- stylelint from 16.8.2 to 16.10.0 on 2024-10-11
- swiftlint from 0.56.1 to 0.57.0 on 2024-09-09
- syft from 1.11.0 to 1.14.0 on 2024-10-07
- terraform-fmt from 1.9.4 to 1.9.5 on 2024-08-28
- terragrunt from 0.66.8 to 0.67.5 on 2024-09-16
- terrascan from 1.18.11 to 1.19.9 on 2024-09-21
- trivy-sbom from 0.54.1 to 0.56.2 on 2024-10-11
- trivy from 0.54.1 to 0.56.2 on 2024-10-11
- trufflehog from 3.81.10 to 3.82.8 on 2024-10-13
- v8r from 4.0.1 to 4.1.0 on 2024-08-25
- vale from 3.7.0 to 3.7.1 on 2024-09-26
New Contributors
- @AlejandroSuero made their first contribution in #3978
- @nabondance made their first contribution in #4045
- @tnyeanderson made their first contribution in #4076
MegaLinter is graciously provided by
Full Changelog: v8.0.0...v8.1.0
What's Changed
Run npx mega-linter-runner@latest --upgrade
to upgrade to MegaLinter v8 :)
- Reporters
- New ApiReporter (can be used to build Grafana dashboards), by @nvuillam in #3540
Removed deprecated linters, by @nvuillam in #3854
- CSS_SCSSLINT: Project discontinued and advising to use stylelint
- OPENAPI_SPECTRAL: Replaced by API_SPECTRAL (same linter but more formats handled)
- SQL_SQL_LINT: Project no longer maintained
- Hide to linters by default all environment variables that contain TOKEN, USERNAME or PASSWORD, by @nvuillam in #3881
- Allow to override CLI_LINT_MODE when defined as project, by @nvuillam in #3772
- Allow to use absolute paths for LINTER_RULES_PATH, by @nvuillam in #3775
- Allow to update variables from PRE/POST Commands using
property, by @nvuillam in #3861
Linters enhancements
- terrascan fixed errors and removed redundant code, by @TommyE123 in #3767
- dotnet-format various performance improvements and ability to specify sln or proj paths, by @TommyE123 in #3741
- swiftlint Remove deprecated argument --path
- Salesforce linters: Disable SF CLI auto update warning, by @nvuillam in #3883
- Add images and links to Git, CI/CD & other tools integrations at the beginning of the README, by @nvuillam in #3885
- Create README animated GIF presentation of MegaLinter, by @nvuillam in #3910
- Format mkdocs search index in place, by @echoix in #3890
- Use consistent spelling of 'flavor', by @InputUsername in #3789
- Fix docker warnings, by @nvuillam in #3853
- FromAsCasing: 'as' and 'FROM' keywords' casing do not match
- NoEmptyContinuation: Empty continuation line
- SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data
- Port Beta workflows to use docker/metadata-action, by @echoix in #3860
- AutoUpdate linters: Always create a PR if the job has been started manually, by @nvuillam in #3863
- Add
skip_checkout: true
to default MegaLinter GitHub Action template - Remove path filters in deploy-DEV workflow as it is a required check by @echoix in #3894
- Fix docker warnings, by @nvuillam in #3853
Linter versions upgrades
- ansible-lint from 24.6.1 to 24.7.0
- bicep_linter from 0.28.1 to 0.29.47
- black from 24.4.2 to 24.8.0
- cfn-lint from 1.5.0 to 1.10.3
- checkov from 3.2.174 to 3.2.232
- clippy from 0.1.79 to 0.1.80
- clj-kondo from 2024.05.24 to 2024.08.01
- csharpier from 0.28.2 to 0.29.0
- cspell from 8.10.4 to 8.14.1
- dotnet-format from 8.0.106 to 8.0.108
- flake8 from 7.1.0 to 7.1.1
- golangci-lint from 1.59.1 to 1.60.1
- grype from 0.79.2 to 0.79.5
- jsonlint from 14.0.3 to 16.0.0
- kics from 2.1.1 to 2.1.2
- kubeconform from 0.6.6 to 0.6.7
- lightning-flow-scanner from 2.28.0 to 2.33.0
- mypy from 1.10.1 to 1.11.1
- php-cs-fixer from 3.59.3 to 3.62.0
- phpcs from 3.10.1 to 3.10.2
- phpstan from 1.11.9 to 1.11.11
- pmd from 7.3.0 to 7.4.0
- prettier from 3.3.2 to 3.3.3
- protolint from 0.50.2 to 0.50.5
- pylint from 3.2.5 to 3.2.6
- pyright from 1.1.370 to 1.1.376
- revive from 1.3.7 to 1.3.9
- rstcheck from 6.2.1 to 6.2.4
- rubocop from 1.64.1 to 1.65.1
- ruff from 0.5.1 to 0.6.1
- sfdx-scanner-apex from 4.3.2 to 4.4.0
- sfdx-scanner-aura from 4.3.2 to 4.4.0
- sfdx-scanner-lwc from 4.3.2 to 4.4.0
- snakemake from 8.15.2 to 8.18.1
- stylelint from 16.6.1 to 16.8.2
- swiftlint from 0.55.1 to 0.56.1
- syft from 1.8.0 to 1.11.0
- terraform-fmt from 1.9.0 to 1.9.4
- terragrunt from 0.59.6 to 0.66.8
- tflint from 0.52.0 to 0.53.0
- trivy-sbom from 0.53.0 to 0.54.1
- trivy from 0.53.0 to 0.54.1
- trufflehog from 3.79.0 to 3.81.9
- v8r from 3.1.0 to 4.0.1
- vale from 3.6.0 to 3.7.0
New Contributors
- @InputUsername made their first contribution in #3789
MegaLinter is graciously provided by
Full Changelog: v7.13.0...v8.0.0
What's Changed
New linters
- Add ls-lint, file and folder linter, by @scolladon in #3681
Linters enhancements
- Improve support for single argument in
function, by @TommyE123 in #3589 - ansible-lint Improved activation by checking for
config file, by @TommyE123 in #3697 - DevSkim fixed fatal errors when scanning and ability to override config path, by @TommyE123 in #3673
- GitLeaks add missing schema properties, by @TommyE123 in #3675
- Powershell Error table truncation improvements, by @TommyE123 in #3620
- Powershell added missing schema property
, by @TommyE123 in #3678 - syft use
instead of deprecatedpackages
arg, by @TommyE123 in #3613 - tflint added missing schema property
, by @TommyE123 in #3679 - tflint fixed deprecated argument and other improvements to default
template, by @TommyE123 in #3688 - xmllint added missing schema properties
, by @TommyE123 in #3677 - yamllint fix error/warning count to work with different log output formats, by @TommyE123 in #3612
- Improve support for single argument in
- Bump actions/checkout from 3 to 4, by @KristjanESPERANTO in #2994
- Reduce dependabot PR frequency to weekly by @echoix in #3642
Linter versions upgrades
- ansible-lint from 24.2.3 to 24.6.1
- bandit from 1.7.8 to 1.7.9
- bash-exec from 5.2.21 to 5.2.26
- bicep_linter from 0.27.1 to 0.28.1
- cfn-lint from 0.87.4 to 1.5.0
- checkov from 3.2.122 to 3.2.174
- clang-format from 17.0.5 to 17.0.6
- clippy from 0.1.78 to 0.1.79
- cspell from 8.8.3 to 8.10.4
- editorconfig-checker from 3.0.1 to 3.0.3
- flake8 from 7.0.0 to 7.1.0
- git_diff from 2.43.4 to 2.45.2
- gitleaks from 8.18.2 to 8.18.4
- golangci-lint from 1.59.0 to 1.59.1
- grype from 0.78.0 to 0.79.2
- helm from 3.14.2 to 3.14.3
- jscpd from 4.0.4 to 4.0.5
- kics from 2.0.1 to 2.1.1
- ktlint from 1.2.1 to 1.3.1
- lightning-flow-scanner from 2.26.0 to 2.28.0
- markdown-table-formatter from 1.6.0 to 1.6.1
- mypy from 1.10.0 to 1.10.1
- npm-package-json-lint from 7.1.0 to 8.0.0
- php-cs-fixer from 3.58.1 to 3.59.3
- phplint from 9.3.1 to 9.4.1
- phpstan from 1.11.3 to 1.11.7
- pmd from 7.1.0 to 7.3.0
- prettier from 3.3.0 to 3.3.2
- protolint from 0.49.7 to 0.50.2
- psalm from Psalm.5.24.0@ to Psalm.5.25.0@
- pylint from 3.2.2 to 3.2.5
- pyright from 1.1.365 to 1.1.370
- ruff from 0.4.10 to 0.5.1
- sfdx-scanner-apex from 3.25.0 to 4.3.2
- sfdx-scanner-aura from 3.25.0 to 4.3.2
- sfdx-scanner-lwc from 3.25.0 to 4.3.2
- snakemake from 8.12.0 to 8.15.2
- sqlfluff from 3.0.7 to 3.1.0
- swiftlint from 0.54.0 to 0.55.1
- syft from 1.5.0 to 1.8.0
- terraform-fmt from 1.8.4 to 1.9.0
- terragrunt from 0.58.13 to 0.59.6
- tflint from 0.51.1 to 0.52.0
- trivy-sbom from 0.51.4 to 0.53.0
- trivy from 0.51.4 to 0.53.0
- trufflehog from 3.77.0 to 3.79.0
- v8r from 3.0.0 to 3.1.0
- vale from 3.4.2 to 3.6.0
- xmllint from 21108 to 21207
New Contributors
- @renovate made their first contribution in #3605
- @bobidle made their first contribution in #3631
- @KristjanESPERANTO made their first contribution in #2994
- @scolladon made their first contribution in #3681
MegaLinter is graciously provided by
Please share the release post on LinkedIn
Full Changelog: v7.12.0...v7.13.0
What's Changed
- Add new logs (at debug level) on each linter activation/deactivation
- Clean MegaLinter own CVE exceptions and order the remaining ones with links to related issues
- Upgrade to Java 21 except for npm-groovy-lint that requires Java 17
- Add blog post 5 ways MegaLinter upped our DevSecOps game to the list of English articles by @wesley-dean-flexion in #3596
- Add PHP fixer by @llaville in #3598
was added as replacement forOPENAPI_SPECTRAL
(deprecated), supporting AsyncAPI and OpenAPI by default. Uses Spectral's standard config file name.spectral.yaml
instead of.openapirc.yml
with a default config with rulesets for AsyncAPI and OpenAPI enabled. Fixes #3387- Disable SQL_TSQLLINT until security issues are solved. Related to tsqllint/tsqllint#333
- PHP linters (PHP_PHPCS, PHP_PHPLINT, PHP_PHPSTAN) add support to SARIF report output format with help of
- Php psalm improvement by @llaville in #3541
now supportslist_of_files
mode, and has better error counting- Upgrade
and make it work with cli_lint_mode = project
- Change
lint mode toproject
, by @wandering-tales in #3509 - Disable sql-lint as it is no longer maintained
- Add new entries
in defaultpsalm.xml
configuration file for PHP_PSALM linter. Related to #3538 - fix(pylint): overgeneral-exceptions fully qualified name by @gardar in #3576
- Update
descriptor to supportlist_of_files
and better error counting by @Yann-J in #3575 - Sync PowerShell version in arm.megalinter-descriptor.yml by @echoix in #3586
- Adjust find commands to clean up files in same step by @echoix in #3588
- Upgrade KOTLIN_DETEKT and make it work with cli_lint_mode = project by @nvuillam in #3590
- Change
- Build: take in account disabled linters for workflow auto-update
- Remove useless package-lock.json that was in python tests folder
- Fix SARIF_REPORTER that was wrongly sent to
to format & fix test methods - Build: Write ARG lines at the top of Dockerfiles if they are used by FROM variables
- Remove Github Actions Workflow telemetry to improve performances
- Update Docker image for Gitpod to run on Ubuntu Noble, by @echoix
- Update makefile bootstrap config (gitpod or local) to use uv for package installation, by @echoix
- Use uv to install Python deps for CI by @echoix in #3561
- Use a single find command to delete pycache files by @echoix in #3562
- Sort schema enums by @echoix in #3595
Linter versions upgrades
- actionlint from 1.6.27 to 1.7.1 on 2024-05-28
- ansible-lint from 24.2.2 to 24.2.3 on 2024-05-20
- bicep_linter from 0.26.170 to 0.27.1 on 2024-05-07
- black from 24.4.0 to 24.4.2 on 2024-04-26
- cfn-lint from 0.86.4 to 0.87.4 on 2024-05-28
- checkov from 3.2.74 to 3.2.122 on 2024-05-04
- checkstyle from 10.15.0 to 10.17.0 on 2024-05-27
- clippy from 0.1.77 to 0.1.78 on 2024-05-04
- clj-kondo from 2024.03.13 to 2024.05.24 on 2024-05-25
- csharpier from 0.28.1 to 0.28.2 on 2024-04-26
- cspell from 8.7.0 to 8.8.3 on 2024-05-24
- detekt from 1.23.5 to 1.23.6 on 2024-05-28
- dotnet-format from 8.0.104 to 8.0.106 on 2024-06-01
- editorconfig-checker from 2.7.2 to 3.0.1 on 2024-04-30
- git_diff from 2.43.0 to 2.43.4 on 2024-05-18
- golangci-lint from 1.57.2 to 1.59.0 on 2024-05-27
- grype from 0.77.0 to 0.78.0 on 2024-05-28
- jscpd from 3.5.10 to 4.0.4 on 2024-05-28
- kics from 2.0.0 to 2.0.1 on 2024-05-04
- kubeconform from 0.6.4 to 0.6.6 on 2024-05-12
- lightning-flow-scanner from 2.22.0 to 2.24.0 on 2024-05-20
- luacheck from 1.1.2 to 1.2.0 on 2024-05-25
- lychee from 0.14.3 to 0.15.1 on 2024-05-13
- markdown-link-check from 3.12.1 to 3.12.2 on 2024-05-22
- markdown-table-formatter from 1.5.0 to 1.6.0 on 2024-04-27
- markdownlint from 0.39.0 to 0.41.0 on 2024-05-26
- mypy from 1.9.0 to 1.10.0 on 2024-04-26
- npm-groovy-lint from 14.4.1 to 14.6.0 on 2024-05-12
- phpcs from 3.9.1 to 3.10.1 on 2024-04-23
- phplint from 9.1.2 to 9.3.1 on 2024-05-18
- phpstan from 1.10.67 to 1.11.0 to 1.11.3 on 2024-05-31
- pmd from 6.55.0 to 7.1.0 on 2024-04-28
- powershell from 7.4.1 to 7.4.2 on 2024-04-28
- powershell_formatter from 7.4.1 to 7.4.2 on 2024-04-28
- prettier from 3.2.5 to 3.3.0 on 2024-06-01
- proselint from 0.13.0 to 0.14.0 on 2024-05-24
- protolint from 0.49.6 to 0.49.7 on 2024-05-04
- psalm from Psalm.5.23.1@ to Psalm.5.24.0@ on 2024-05-04
- pylint from 3.1.0 to 3.2.2 on 2024-05-20
- pyright from 1.1.359 to 1.1.365 on 2024-05-31
- roslynator from to on 2024-06-01
- rubocop from 1.63.3 to 1.64.1 on 2024-05-31
- ruff from 0.4.1 to 0.4.7 on 2024-05-31
- scalafix from 0.12.0 to 0.12.1 on 2024-05-04
- secretlint from 8.2.3 to 8.2.4 on 2024-04-29
- sfdx-scanner-apex from 3.23.0 to 3.25.0 on 2024-05-28
- sfdx-scanner-aura from 3.23.0 to 3.25.0 on 2024-05-28
- sfdx-scanner-lwc from 3.23.0 to 3.25.0 on 2024-05-28
- snakefmt from 0.10.1 to 0.10.2 on 2024-05-12
- snakemake from 8.10.8 to 8.12.0 on 2024-05-27
- sqlfluff from 3.0.5 to 3.0.7 on 2024-05-24
- stylelint from 16.4.0 to 16.6.1 on 2024-05-28
- syft from 1.2.0 to 1.5.0 on 2024-05-28
- tekton-lint from 1.0.2 to 1.1.0 on 2024-05-25
- terraform-fmt from 1.8.1 to 1.8.4 on 2024-05-25
- terragrunt from 0.57.5 to 0.58.10 on 2024-05-27
- tflint from 0.50.3 to 0.51.1 on 2024-06-02
- trivy-sbom from 0.50.2 to 0.51.4 on 2024-05-25
- trivy from 0.50.2 to 0.51.4 on 2024-05-25
- trufflehog from 3.73.0 to 3.77.0 on 2024-05-28
- vale from 3.4.0 to 3.4.2 on 2024-05-04
- xmllint from 21107 to 21108 on 2024-05-18
New Contributors
MegaLinter is graciously provided by
Full Changelog: v7.11.0...v7.12.0
What's Changed
Linter versions upgrades
- stylelint from 16.3.1 to 16.4.0
MegaLinter is graciously provided by
Full Changelog: v7.11.0...v7.11.1