Bump megalinter/megalinter from 7.13.0 to 8.3.0

[dependabot]

Bumps megalinter/megalinter from 7.13.0 to 8.3.0.

Release notes

Sourced from megalinter/megalinter's releases.

v8.3.0

What's Changed

• Core

  • Display command log (truncated to 250 chars) even when LOG_LEVEL is not DEBUG
  • Allow to replace an ENV var value with the value of another ENV var before calling a PRE_COMMAND (helps for tflint run from GitHub Enterprise)
  • Fix handling of git submodule paths

• Fixes

  • trivy: retry in case of BLOB_UNKNOWN while downloading vulnerability list

• Reporters

  • Fix UpdatedSourcesReporter when APPLY_FIXES is list (array)
  • Fix AzureCommentReporter when the repo is not found: fallback using BUILD_REPOSITORY_ID. (+ disable space replacement in repo name with AZURE_COMMENT_REPORTER_REPLACE_WITH_SPACES: false)

• CI

  • Fix Docker mirroring job for release context
  • Remove max parallel jobs for release linters workflow

• Linter versions upgrades (13)

  • cfn-lint from 1.19.0 to 1.20.0
  • checkov from 3.2.298 to 3.2.311
  • csharpier from 0.29.2 to 0.30.2
  • markdownlint from 0.42.0 to 0.43.0
  • phpstan from 2.0.1 to 2.0.2
  • ruff from 0.7.4 to 0.8.0
  • spectral from 6.14.1 to 6.14.2
  • stylua from 0.20.0 to 2.0.0
  • syft from 1.16.0 to 1.17.0
  • trivy-sbom from 0.57.0 to 0.57.1
  • trivy from 0.57.0 to 0.57.1
  • trufflehog from 3.83.7 to 3.84.1
  • vale from 3.9.0 to 3.9.1

MegaLinter is graciously provided by

Please share the LinkedIn Post

Full Changelog: oxsecurity/megalinter@v8.2.0...v8.3.0

v8.2.0

What's Changed

• Media

  • 10 MegaLinter Tips and Tricks Unlock its Full Potential by Wes Dean
  • MegaLinter Performance Tuning for Maximum Efficiency by Wes Dean

• Linters enhancements

  • detekt Enable SARIF output + count errors
  • lintr: Support files in subdirectories, fix unit tests

... (truncated)

Changelog

Sourced from megalinter/megalinter's changelog.

[v8.3.0] - 2024-11-23

• Core

  • Display command log (truncated to 250 chars) even when LOG_LEVEL is not DEBUG
  • Allow to replace an ENV var value with the value of another ENV var before calling a PRE_COMMAND (helps for tflint run from GitHub Enterprise)
  • Fix handling of git submodule paths

• Fixes

  • trivy: retry in case of BLOB_UNKNOWN while downloading vulnerability list

• Reporters

  • Fix UpdatedSourcesReporter when APPLY_FIXES is list (array)
  • Fix AzureCommentReporter when the repo is not found: fallback using BUILD_REPOSITORY_ID. (+ disable space replacement in repo name with AZURE_COMMENT_REPORTER_REPLACE_WITH_SPACES: false)

• CI

  • Fix Docker mirroring job for release context
  • Remove max parallel jobs for release linters workflow

• Linter versions upgrades (13)

  • cfn-lint from 1.19.0 to 1.20.0
  • checkov from 3.2.298 to 3.2.311
  • csharpier from 0.29.2 to 0.30.2
  • markdownlint from 0.42.0 to 0.43.0
  • phpstan from 2.0.1 to 2.0.2
  • ruff from 0.7.4 to 0.8.0
  • spectral from 6.14.1 to 6.14.2
  • stylua from 0.20.0 to 2.0.0
  • syft from 1.16.0 to 1.17.0
  • trivy-sbom from 0.57.0 to 0.57.1
  • trivy from 0.57.0 to 0.57.1
  • trufflehog from 3.83.7 to 3.84.1
  • vale from 3.9.0 to 3.9.1

[v8.2.0] - 2024-11-17

• Media

  • 10 MegaLinter Tips and Tricks Unlock its Full Potential by Wes Dean
  • MegaLinter Performance Tuning for Maximum Efficiency by Wes Dean

• Linters enhancements

  • detekt Enable SARIF output + count errors
  • lintr: Support files in subdirectories, fix unit tests
  • phpcs: Activate APPLY_FIXES
  • Salesforce linters: Add SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins
  • trivy: handle retry if failed to download Java DB is detected
  • tsqllint Re-enabled after .net 8 and security updates

• Fixes

  • Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered
  • Fix linting errors in GitHub Actions template

... (truncated)

Commits

• 1fc052d Release MegaLinter v8.3.0
• e8a20cd [automation] Auto-update linters version, help and documentation (#4304)
• 9824f37 Fix Docker mirroring job for release context (#4303)
• 9cb4ec7 [automation] Auto-update linters version, help and documentation (#4299)
• 010c8bd chore(deps): update dependency sfdx-hardis to v5.7.1 (#4302)
• 1a219e1 chore(deps): update trufflesecurity/trufflehog docker tag to v3.84.1 (#4301)
• 09ab582 Env variable replacement for PRE_COMMIT + command in log (#4298)
• e33c1c7 retry in case of BLOB_UNKNOWN while downloading vulnerability list (#4300)
• 7f790c0 [automation] Auto-update linters version, help and documentation (#4297)
• 797a3d1 [automation] Auto-update linters version, help and documentation (#4296)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The following labels could not be found: github-actions, dependencies.