Bump oxsecurity/megalinter from 7.4.0 to 7.5.0

[dependabot]

Bumps oxsecurity/megalinter from 7.4.0 to 7.5.0.

Release notes

Sourced from oxsecurity/megalinter's releases.

v7.5.0

What's Changed

• Core

  • mega-linter-runner: Convert to ES6 and upgrade npm dependencies. Node 18 minimum version is now required. by @​nvuillam in oxsecurity/megalinter#2976
  • Allow to define COMPILER_ONLY virtual package as cargo dependency in descriptors to embed rust compiler in the Dockerfile
  • Optimize @generated marker scanning (#2654) by @​sanmai-NL in oxsecurity/megalinter#2654

• Media

  • Achieve Code Consistency: MegaLinter Integration in Azure DevOps, by Don Koning on Microsoft Tech Community

• Fixes

  • build.py: Remove exclusivity between pip, gem & cargo packages
  • Salesforce linters: Switch sfdx-cli to @​salesforce/cli
  • Fixed issue with actionlint throwing an error on if statements in the generated workflow file
  • Added default .devskim.json to mitigate errors introduced when no config exists (closes #3017) by @​andrewvaughan in oxsecurity/megalinter#3024
  • Fix: Removed curly-brackets from if (closes #3025) by @​andrewvaughan in oxsecurity/megalinter#3029

• Doc

  • Display list of articles from newest to oldest
  • Fix incorrect environment variable in djlint docs by @​adhil0 in oxsecurity/megalinter#2993
  • Improve lychee documentation to add an example of .lycheeignore by @​nvuillam in oxsecurity/megalinter#3003

• CI

  • Add the other maintainers globally to the CODEOWNERS file (#3008)
  • Free disk space earlier in the process to avoid failure during docker build
  • Set flavors-stats.json as a generated file in .gitattributes (#3023)
  • Update and fix our ChatOps automations to only run on pull request comments, by @​echoix in #3034
  • Use App::cpm to install perlcritic faster, and clean .perl-cpm cache, by @​echoix in #3036
  • Add failure message in ChatOps build-command and Slash dispatcher, by @​echoix in #3037
  • TEMPLATES/mega-linter.yml: DRY the ifs by @​rasa in oxsecurity/megalinter#2957

• Linter versions upgrades

  • ansible-lint from 6.20.0 6.21.1
  • bicep_linter from 0.21.1 to 0.22.6
  • black from 23.9.1 to 23.10.1
  • cfn-lint from 0.80.2 to 0.83.0
  • checkov from 2.4.48 to 3.0.12
  • checkstyle from 10.12.3 to 10.12.4
  • clippy from 0.1.72 to 0.1.73
  • clj-kondo from 2023.09.07 to 2023.10.20
  • cspell from 7.3.6 to 7.3.8
  • devskim from 1.0.22 to 1.0.23
  • dotnet-format from 6.0.414 to 6.0.416
  • editorconfig-checker from 2.7.1 to 2.7.2
  • eslint-plugin-jsonc from 2.9.0 to 2.10.0
  • eslint from 8.49.0 to 8.52.0
  • golangci-lint from 1.54.2 to 1.55.1
  • kics from 1.7.8 to 1.7.10
  • ktlint from 1.0.0 to 1.0.1

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

• Linter versions upgrades
  • protolint from 0.46.2 to 0.46.3 on 2023-10-29
  • checkov from 3.0.12 to 3.0.13 on 2023-10-30

[v7.5.0] - 2023-10-29

• Core

  • mega-linter-runner: Convert to ES6 and upgrade npm dependencies. Node 18 minimum version is now required.
  • Allow to define COMPILER_ONLY virtual package as cargo dependency in descriptors to embed rust compiler in the Dockerfile
  • Optimize @generated marker scanning (#2654)

• Media

  • Achieve Code Consistency: MegaLinter Integration in Azure DevOps, by Don Koning on Microsoft Tech Community

• Fixes

  • build.py: Remove exclusivity between pip, gem & cargo packages
  • Salesforce linters: Switch sfdx-cli to @​salesforce/cli
  • Fixed issue with actionlint throwing an error on if statements in the generated workflow file
  • Added default .devskim.json to mitigate errors introduced when no config exists

• Doc

  • Display list of articles from newest to oldest
  • Fix incorrect environment variable in djlint docs
  • Improve lychee documentation to add an example of .lycheeignore

• CI

  • Add the other maintainers globally to the CODEOWNERS file (#3008)
  • Free disk space earlier in the process to avoid failure during docker build
  • Set flavors-stats.json as a generated file in .gitattributes (#3023)
  • Update and fix our ChatOps automations to only run on pull request comments, by @​echoix in #3034
  • Use App::cpm to install perlcritic faster, and clean .perl-cpm cache, by @​echoix in #3036
  • Add failure message in ChatOps build-command and Slash dispatcher, by @​echoix in #3037

• Linter versions upgrades

  • ansible-lint from 6.20.0 6.21.1
  • bicep_linter from 0.21.1 to 0.22.6
  • black from 23.9.1 to 23.10.1
  • cfn-lint from 0.80.2 to 0.83.0
  • checkov from 2.4.48 to 3.0.12

... (truncated)

Commits

• b48455a Release MegaLinter v7.5.0
• a803249 changelog
• d382ac4 [automation] Auto-update linters version, help and documentation (#3048)
• 4b1a686 Fix mega-linter-runner --install (#3047)
• e583566 [automation] Auto-update linters version, help and documentation (#3045)
• e9f1f56 [automation] Auto-update linters version, help and documentation (#3043)
• b522647 [automation] Auto-update linters version, help and documentation (#3042)
• e78d1c2 [automation] Auto-update linters version, help and documentation (#3040)
• ee201af Use App::cpm to install perlcritic faster, and clean .perl-cpm cache (#3036)
• 8fa7597 Add failure message in ChatOps build-command and Slash dispatcher (#3037)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ ACTION	actionlint	1		0	0.02s
✅ COPYPASTE	jscpd	yes		no	1.28s
✅ EDITORCONFIG	editorconfig-checker	1		0	0.03s
✅ REPOSITORY	checkov	yes		no	11.33s
✅ REPOSITORY	gitleaks	yes		no	0.45s
✅ REPOSITORY	git_diff	yes		no	0.02s
✅ REPOSITORY	grype	yes		no	10.79s
✅ REPOSITORY	kics	yes		no	34.65s
✅ REPOSITORY	secretlint	yes		no	0.62s
✅ REPOSITORY	trivy	yes		no	8.21s
✅ REPOSITORY	trivy-sbom	yes		no	1.46s
✅ REPOSITORY	trufflehog	yes		no	3.73s
✅ SPELL	cspell	2		0	1.81s
✅ YAML	prettier	1		0	0.56s
✅ YAML	v8r	1		0	2.09s
✅ YAML	yamllint	1		0	0.27s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by

[github-actions]

Overview

Image reference	mauwii/ubuntu-act:22.04-main	/home/runner/work/act-docker-images/act-docker-images/linux/amd64/ubuntu-act-jammy.tar
- digest	3defc9660d1a	a9653b764d4a
- provenance	509f135	https://github.com/mauwii/act-docker-images/blob/ac71887bb555e251442189477bec8ea6a1181769/linux/ubuntu/Dockerfile/commit/ac71887bb555e251442189477bec8ea6a1181769
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	2.0 GB	2.0 GB
- packages	3823	3823
Base Image	buildpack-deps:22.04 also known as: • jammy	buildpack-deps:22.04 also known as: • jammy
- vulnerabilities

Labels (4 changes)

• ± 4 changed
• 7 unchanged

-org.opencontainers.image.authors=mauwii
+org.opencontainers.image.authors=mauwii, dependabot[bot]
-org.opencontainers.image.created=2023-10-28T03:15:24Z
+org.opencontainers.image.created=2023-10-30T15:48:37Z
 org.opencontainers.image.description=This Image is made to be used with Nektos/act to run your GH-Workflows locally
 org.opencontainers.image.documentation=https://github.com/mauwii/act-docker-images
 org.opencontainers.image.ref.name=ubuntu
-org.opencontainers.image.revision=509f135aea635826b3622320f0738ed8d50a8d83
+org.opencontainers.image.revision=ac71887bb555e251442189477bec8ea6a1181769
-org.opencontainers.image.source=https://github.com/mauwii/act-docker-images/blob/509f135aea635826b3622320f0738ed8d50a8d83/linux/ubuntu/Dockerfile
+org.opencontainers.image.source=https://github.com/mauwii/act-docker-images/blob/ac71887bb555e251442189477bec8ea6a1181769/linux/ubuntu/Dockerfile
 org.opencontainers.image.title=ubuntu-act-jammy
 org.opencontainers.image.url=https://hub.docker.com/r/mauwii/ubuntu-act
 org.opencontainers.image.vendor=mauwii
 org.opencontainers.image.version=22.04

[dependabot]

Superseded by #89.