Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump oxsecurity/megalinter from 8.1.0 to 8.2.0 in the minor-and-patch-action-updates group #774

Merged
merged 1 commit into from
Nov 18, 2024
Merged

build(deps): bump oxsecurity/megalinter from 8.1.0 to 8.2.0 in the minor-and-patch-action-updates group #774

merged 1 commit into from
Nov 18, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 18, 2024

Bumps the minor-and-patch-action-updates group with 1 update: oxsecurity/megalinter.

Updates oxsecurity/megalinter from 8.1.0 to 8.2.0

Release notes

Sourced from oxsecurity/megalinter's releases.

v8.2.0

What's Changed

  • Media

  • Linters enhancements

    • detekt Enable SARIF output + count errors
    • lintr: Support files in subdirectories, fix unit tests
    • phpcs-fixer: Activate APPLY_FIXES
    • Salesforce linters: Add SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins
    • trivy: handle retry if failed to download Java DB is detected
    • tsqllint Re-enabled after .net 8 and security updates

  • Fixes

    • Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered
    • Fix linting errors in GitHub Actions template

  • Reporters

    • UpdatedSourcesReporter will git commit & push fixed files to source branch if APPLY_FIXES is set
    • Fix AzureCommentReporter not adding comments to PR
    • Fix AzureCommentReporter fails when target repo contains spaces

  • Doc

    • Updated documentation with Azure central pipeline use case
    • Update DevSkim documentation to show a valid exclusion config file
    • Note about risky rules and how to fix rule violations with PHP-CS-Fixer

  • CI

    • Also prune volumes before pulling and pushing to docker hub
    • Externalize mirroring from ghcr.io to docker hub in another workflow to avoid memory issues
    • Squash docker images to have less layers and size
    • Comment jobs related to GitHub Worker images, as CodeTotal is not actively maintained
    • Make gitpod workflow not blocking until uv install is fixed
    • Update stale comment
    • Try several times to embed trivy db during Docker build, as a workaround to the random failures
    • Wait 10 secondes instead of 1 before retrying a failing test method, to avoid race conditions

  • Linter versions upgrades (104)

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

  • Core

  • New linters

  • Media

  • Linters enhancements

    • csharpier: Since v0.30, call linter using csharpier, not dotnet-csharpier

  • Fixes

  • Reporters

  • Doc

  • Flavors

  • CI

  • mega-linter-runner

  • Linter versions upgrades (104)

    • phpstan from 2.0.1 to 2.0.2 on 2024-11-17
    • checkov from 3.2.298 to 3.2.300 on 2024-11-17
    • csharpier from 0.29.2 to 0.30.0 on 2024-11-17

[v8.2.0] - 2024-11-17

... (truncated)

Commits
  • d8c95fc Release MegaLinter v8.2.0
  • 56f6332 [automation] Auto-update linters version, help and documentation (#4264)
  • 298458e [automation] Auto-update linters version, help and documentation (#4256)
  • c67933e Bump @​eslint/plugin-kit from 0.2.2 to 0.2.3 in /mega-linter-runner (#4258)
  • a681242 chore(deps): update trufflesecurity/trufflehog docker tag to v3.83.7 (#4259)
  • e98b755 chore(deps): update dependency mgechev/revive to v1.5.1 (#4260)
  • db53e77 chore(deps): update dependency lightning-flow-scanner to v2.36.0 (#4262)
  • 4dd7814 chore(deps): update dependency @​salesforce/cli to v2.66.7 (#4261)
  • 339bca2 [automation] Auto-update linters version, help and documentation (#4252)
  • 44a22a7 chore(deps): update dependency sfdx-hardis to v5.6.2 (#4253)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump oxsecurity/megalinter
fb0eaf4 
Bumps the minor-and-patch-action-updates group with 1 update: [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter).


Updates `oxsecurity/megalinter` from 8.1.0 to 8.2.0
- [Release notes](https://github.com/oxsecurity/megalinter/releases)
- [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md)
- [Commits](oxsecurity/megalinter@b38cdf1...d8c95fc)

---
updated-dependencies:
- dependency-name: oxsecurity/megalinter
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch-action-updates
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner November 18, 2024 01:11
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Nov 18, 2024
@github-actions GitHub Actions
Copy link
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/oxsecurity/megalinter/flavors/c_cpp d8c95fc6f2237031fb9e9322b0f97100168afa6e 🟢 3.9
Details
CheckScoreReason
Code-Review🟢 4Found 8/18 approved changesets -- score normalized to 4
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Dangerous-Workflow⚠️ 0dangerous workflow patterns detected
Fuzzing⚠️ 0project is not fuzzed
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Packaging🟢 10packaging workflow detected
Vulnerabilities⚠️ 022 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0

Scanned Files

  • .github/workflows/linting-formatting.yml

@github-actions GitHub Actions
Copy link
Contributor

🦙 MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
✅ ACTION actionlint 12 0 0.07s
✅ CPP clang-format 994 3 0 6.28s
✅ DOCKERFILE hadolint 2 0 0.13s
✅ JSON jsonlint 9 0 0.25s
✅ JSON prettier 9 0 0 0.61s
⚠️ MARKDOWN markdownlint 6 0 4 1.17s
⚠️ MARKDOWN markdown-link-check 6 1 132.04s
✅ MARKDOWN markdown-table-formatter 6 0 0 0.2s
✅ REPOSITORY checkov yes no 18.92s
✅ REPOSITORY git_diff yes no 0.05s
✅ REPOSITORY grype yes no 9.01s
✅ REPOSITORY ls-lint yes no 0.07s
✅ REPOSITORY secretlint yes no 5.87s
✅ REPOSITORY trivy yes no 25.65s
✅ REPOSITORY trivy-sbom yes no 0.07s
✅ REPOSITORY trufflehog yes no 3.26s
⚠️ SPELL lychee 140 2 4.21s
⚠️ YAML prettier 23 1 1 0.9s
✅ YAML v8r 23 0 9.21s
✅ YAML yamllint 23 0 0.42s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by OX Security

@EkelmansPh EkelmansPh added this pull request to the merge queue Nov 18, 2024
Merged via the queue into main with commit b23fe0a Nov 18, 2024
32 checks passed
@EkelmansPh EkelmansPh deleted the dependabot/github_actions/minor-and-patch-action-updates-7a7a363401 branch November 18, 2024 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@EkelmansPh EkelmansPh EkelmansPh approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@EkelmansPh