chore(deps): update oxsecurity/megalinter action to v8.3.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
oxsecurity/megalinter	action	minor	v8.0.0 -> v8.3.0

---

Release Notes

oxsecurity/megalinter (oxsecurity/megalinter)

v8.3.0

Compare Source

• Core

  • Display command log (truncated to 250 chars) even when LOG_LEVEL is not DEBUG
  • Allow to replace an ENV var value with the value of another ENV var before calling a PRE_COMMAND (helps for tflint run from GitHub Enterprise)
  • Fix handling of git submodule paths

• Fixes

  • trivy: retry in case of BLOB_UNKNOWN while downloading vulnerability list

• Reporters

  • Fix UpdatedSourcesReporter when APPLY_FIXES is list (array)
  • Fix AzureCommentReporter when the repo is not found: fallback using BUILD_REPOSITORY_ID. (+ disable space replacement in repo name with AZURE_COMMENT_REPORTER_REPLACE_WITH_SPACES: false)

• CI

  • Fix Docker mirroring job for release context
  • Remove max parallel jobs for release linters workflow

• Linter versions upgrades (13)

  • cfn-lint from 1.19.0 to 1.20.0
  • checkov from 3.2.298 to 3.2.311
  • csharpier from 0.29.2 to 0.30.2
  • markdownlint from 0.42.0 to 0.43.0
  • phpstan from 2.0.1 to 2.0.2
  • ruff from 0.7.4 to 0.8.0
  • spectral from 6.14.1 to 6.14.2
  • stylua from 0.20.0 to 2.0.0
  • syft from 1.16.0 to 1.17.0
  • trivy-sbom from 0.57.0 to 0.57.1
  • trivy from 0.57.0 to 0.57.1
  • trufflehog from 3.83.7 to 3.84.1
  • vale from 3.9.0 to 3.9.1

v8.2.0

Compare Source

• Media

  • 10 MegaLinter Tips and Tricks Unlock its Full Potential by Wes Dean
  • MegaLinter Performance Tuning for Maximum Efficiency by Wes Dean

• Linters enhancements

  • detekt Enable SARIF output + count errors
  • lintr: Support files in subdirectories, fix unit tests
  • phpcs: Activate APPLY_FIXES
  • Salesforce linters: Add SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins
  • trivy: handle retry if failed to download Java DB is detected
  • tsqllint Re-enabled after .net 8 and security updates

• Fixes

  • Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered
  • Fix linting errors in GitHub Actions template

• Reporters

  • UpdatedSourcesReporter will git commit & push fixed files to source branch if APPLY_FIXES is set
  • Fix AzureCommentReporter not adding comments to PR
  • Fix AzureCommentReporter fails when target repo contains spaces

• Doc

  • Updated documentation with Azure central pipeline use case
  • Update DevSkim documentation to show a valid exclusion config file
  • Note about risky rules and how to fix rule violations with PHP-CS-Fixer

• CI

  • Also prune volumes before pulling and pushing to docker hub
  • Externalize mirroring from ghcr.io to docker hub in another workflow to avoid memory issues
  • Squash docker images to have less layers and size
  • Comment jobs related to GitHub Worker images, as CodeTotal is not actively maintained
  • Make gitpod workflow not blocking until uv install is fixed
  • Update stale comment
  • Try several times to embed trivy db during Docker build, as a workaround to the random failures
  • Wait 10 secondes instead of 1 before retrying a failing test method, to avoid race conditions

• Linter versions upgrades (104)

  • actionlint from 1.7.3 to 1.7.4
  • ansible-lint from 24.9.2 to 24.10.0
  • bicep_linter from 0.30.23 to 0.31.92
  • cfn-lint from 1.16.1 to 1.19.0
  • checkov from 3.2.257 to 3.2.298
  • checkstyle from 10.18.2 to 10.20.1
  • clippy from 0.1.81 to 0.1.82
  • clj-kondo from 2024.09.27 to 2024.11.14
  • cspell from 8.15.1 to 8.16.0
  • devskim from 1.0.33 to 1.0.44
  • djlint from 1.35.2 to 1.36.1
  • dotnet-format from 8.0.110 to 8.0.111
  • gitleaks from 8.20.1 to 8.21.2
  • golangci-lint from 1.61.0 to 1.62.0
  • ktlint from 1.3.1 to 1.4.1
  • lightning-flow-scanner from 2.34.0 to 2.36.0
  • lychee from 0.16.1 to 0.17.0
  • mypy from 1.11.2 to 1.13.0
  • perlcritic from 1.152 to 1.156
  • phpcs from 3.10.3 to 3.11.1
  • phplint from 9.5.3 to 9.5.4
  • phpstan from 1.12.6 to 2.0.1
  • pmd from 7.6.0 to 7.7.0
  • pyright from 1.1.384 to 1.1.389
  • revive from 1.4.0 to 1.5.1
  • roslynator from 0.9.1.0 to 0.9.3.0
  • rubocop from 1.66.1 to 1.68.0
  • ruff from 0.6.9 to 0.7.4
  • secretlint from 8.4.0 to 9.0.0
  • sfdx-scanner-apex from 4.6.0 to 4.7.0
  • sfdx-scanner-aura from 4.6.0 to 4.7.0
  • sfdx-scanner-lwc from 4.6.0 to 4.7.0
  • shfmt from 3.9.0 to 3.10.0
  • snakemake from 8.21.0 to 8.25.3
  • spectral from 6.13.1 to 6.14.1
  • sqlfluff from 3.2.3 to 3.2.5
  • syft from 1.14.0 to 1.16.0
  • terraform-fmt from 1.9.5 to 1.9.8
  • terragrunt from 0.67.5 to 0.68.14
  • tflint from 0.53.0 to 0.54.0
  • trivy-sbom from 0.56.2 to 0.57.0
  • trivy from 0.56.2 to 0.57.0
  • trufflehog from 3.82.11 to 3.83.7
  • tsqllint from 1.15.3.0 to 1.16.0.0
  • v8r from 4.1.0 to 4.2.0
  • vale from 3.7.1 to 3.9.0

v8.1.0

Compare Source

• Core

  • Allow to tag PRE_COMMANDS to run them before loading plugins, by @​nvuillam in #​3944
  • Replace usage of setup.py with a pyproject.toml package install, by @​echoix in #​3893
  • Allow to add custom messages at the end of PR / MR MegaLinter Summary using variable JOB_SUMMARY_ADDITIONAL_MARKDOWN

• New linters

  • New LUA linter: selene, by @​AlejandroSuero in #​3978
  • New LUA formatter: stylua, by @​AlejandroSuero in #​3985

• Linters enhancements

  • Trivy
    • Embed vulnerability database in Docker Image for running trivy on internet-free network
    • Retry 5 times after 3 seconds in case of TooManyRequests when downloading vulnerability database
    • If the retries did not succeed, call trivy with --skip-db-update --skip-check-update (not ideal but better than nothing)
  • Bash/Perl: Support shell scripts with no extension and only support perl shebangs at the beginning of a file in #​4076

• Fixes

  • APPLY_FIXES and for PHP_PHPCSFIXER linter, by @​llaville in #​3963
  • Add debug traces to investigate reporters activation
  • Add more traces for ApiReporter
  • Activate ApiReporter by default

• Reporters

  • Fix ApiReporter not called in MegaLinter flavors

• Doc

  • Fix Grafana Home Dashboard to add missing criteria
  • Update PRE_COMMANDS documentation to describe all properties
  • Update Grafana documentation to fix secrets typo

• CI

  • Free space in release job to avoid no space left on device, by @​nvuillam in #​3914
  • Add pytest-rerunfailures to improve CI control jobs success, by @​AlejandroSuero in #​3993
  • Send GITHUB_TOKEN to trivy-action
  • Workaround to avoid to reach Docker Hub rate limits: Build & push first on ghcr.io, then login to docker hub, then push to docker hub

• Linter versions upgrades

  • actionlint from 1.7.1 to 1.7.3
  • ansible-lint from 24.7.0 to 24.9.2
  • bandit from 1.7.9 to 1.7.10
  • bicep_linter from 0.29.47 to 0.30.23
  • black from 24.8.0 to 24.10.0
  • cfn-lint from 1.10.3 to 1.16.1
  • checkov from 3.2.232 to 3.2.257
  • checkstyle from 10.17.0 to 10.18.2
  • clippy from 0.1.80 to 0.1.81
  • clj-kondo from 2024.08.01 to 2024.09.27
  • cpplint from 1.6.1 to 2.0.0
  • csharpier from 0.29.0 to 0.29.2
  • cspell from 8.14.1 to 8.15.1
  • detekt from 1.23.6 to 1.23.7
  • djlint from 1.34.1 to 1.35.2
  • dotnet-format from 8.0.108 to 8.0.110
  • eslint from 8.57.0 to 8.57.1
  • gitleaks from 8.18.4 to 8.20.1
  • golangci-lint from 1.60.1 to 1.61.0
  • kics from 2.1.2 to 2.1.3
  • lightning-flow-scanner from 2.33.0 to 2.34.0
  • lychee from 0.15.1 to 0.16.1
  • markdownlint from 0.41.0 to 0.42.0
  • mypy from 1.11.1 to 1.11.2
  • npm-groovy-lint from 14.6.0 to 15.0.2
  • php-cs-fixer from 3.62.0 to 3.64.0
  • phpcs from 3.10.2 to 3.10.3
  • phplint from 9.4.1 to 9.5.3
  • phpstan from 1.11.11 to 1.12.6
  • pmd from 7.4.0 to 7.6.0
  • psalm from Psalm.5.25.0@​ to Psalm.5.26.1@​
  • pylint from 3.2.6 to 3.3.1
  • pyright from 1.1.376 to 1.1.384
  • revive from 1.3.9 to 1.4.0
  • roslynator from 0.8.9.0 to 0.9.1.0
  • rubocop from 1.65.1 to 1.66.1
  • ruff from 0.6.1 to 0.6.9
  • scalafix from 0.12.1 to 0.13.0
  • secretlint from 8.2.4 to 8.4.0
  • sfdx-scanner-apex from 4.4.0 to 4.6.0
  • sfdx-scanner-aura from 4.4.0 to 4.6.0
  • sfdx-scanner-lwc from 4.4.0 to 4.6.0
  • shfmt from 3.8.0 to 3.9.0
  • snakemake from 8.18.1 to 8.21.0
  • spectral from 6.11.1 to 6.13.1
  • sqlfluff from 3.1.0 to 3.2.3
  • standard from 17.1.0 to 17.1.2
  • stylelint from 16.8.2 to 16.10.0
  • swiftlint from 0.56.1 to 0.57.0
  • syft from 1.11.0 to 1.14.0
  • terraform-fmt from 1.9.4 to 1.9.5
  • terragrunt from 0.66.8 to 0.67.5
  • terrascan from 1.18.11 to 1.19.9
  • trivy-sbom from 0.54.1 to 0.56.2
  • trivy from 0.54.1 to 0.56.2
  • trufflehog from 3.81.10 to 3.82.8
  • v8r from 4.0.1 to 4.1.0
  • vale from 3.7.0 to 3.7.1

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.