Update oxsecurity/megalinter-documentation Docker tag to v8

[renovate]

This PR contains the following updates:

Package	Update	Change
oxsecurity/megalinter-documentation (source)	major	v7.3.0 -> v8.4.1

---

Release Notes

oxsecurity/megalinter (oxsecurity/megalinter-documentation)

v8.4.1

Compare Source

• Quick fix about PRE_COMMANDS crash (see #​4591)

• Linter versions upgrades (2)

  • checkstyle from 10.21.1 to 10.21.2 on 2025-01-26
  • stylelint from 16.14.0 to 16.14.1 on 2025-01-27

v8.4.0

Compare Source

• Core

  • PHP Linters use now the bartlett/sarif-php-converters first official release 1.0.0 to generate SARIF reports, by @​llaville in #​4357
  • Upgrade PHP engine from 8.3 to 8.4 and allow Psalm 5.26 to run on this context (by @​llaville)
  • Linters can specify in the pre/post commands with a run_before_linters / run_after_linters parameter whether the command is to be executed before/after the execution of the linters themselves (by @​bdovaz in #​4482)
  • Bump python version to 3.12.8, by @​echoix in #​4372
  • Update to .NET 9, by @​bdovaz in #​4488
  • Upgrade PHP engine from 8.3 to 8.4, by @​llaville in #​4524

• New linters

  • Reactivate clj-style (Clojure formatter) since its bug is fixed, by @​nvuillam in #​4369
  • New python formatter: PYTHON_RUFF_FORMAT, by @​nvuillam in #​4329

• Disabled linters

  • Snakemake has been disabled, because its dependency datrie not maintained, and issue open in snakemake repo since july is still pending

• Linters enhancements

  • Add support to phpstan/extension-installer Composer plugin for automatic installation of PHPStan extensions, by @​llaville in #​4337
    • Learn more about context on GH-4328
  • Allow Terrascan to lint in file lint mode, by @​bdovaz in #​4498
  • Add sarif output to golangci-lint, by @​bdovaz in #​4557

• Plugins

  • Add prettier for markdown, by Qin Li

• Fixes

  • swiftlint Fix swiftlint error where linter is unable to find lintable files. Fixes #​440, by @​Noraldeno in #​4427
  • jscpd url fixes, by @​alexanderbazhenoff in #​4352
  • Don't call get_pr_data if GitLeaks linter is not active, by @​bdovaz in #​4469
  • Fix linter disabled reason usage, by @​bdovaz in #​4466

• Doc

  • Add contributing docs on venv, by @​bdovaz in #​4479
  • Add disabled linter badge, by @​bdovaz in #​4477
  • Add AzureCommentReporter instructions, by @​bdovaz in #​4480

• CI

  • Fix up gitpod config and workflow to support uv 0.5.0+ by @​echoix in #​4373
  • Use uv.lock file to build docker images, by @​echoix in #​4374
  • Update Renovate schedules for uv and sfdx-hardis, by @​echoix in #​4568
  • Variabilize version and use renovate for updates for the following linters:
    • all GO linters
    • all REPOSITORY linters
    • arm-ttk
    • bash-shfmt
    • bicep
    • clj-kondo
    • cljstyle
    • csharpier
    • dart
    • ktlint
    • kubescape
    • lychee
    • luacheck
    • markdown-link-check
    • perlcritic
    • raku
    • tsqllint

• Linter versions upgrades (66)

  • actionlint from 1.7.6 to 1.7.7
  • ansible-lint from 24.12.2 to 25.1.0
  • banditto 1.8.2
  • bash-exec from 5.2.26 to 5.2.37
  • bicep_linter from to 0.33.13
  • cfn-lint 1.22.7
  • checkov from to 3.2.357
  • checkstyle from 10.20.1 to 10.21.1
  • clang-format from 17.0.6 to 19.1.4
  • clippy 0.1.84
  • clj-kondo from 2024.11.14 to 2025.01.16
  • cljstyle from 0.15.0 to 0.17.642
  • csharpier from 0.30.2 to 0.30.6
  • cspell from 8.16.0 to 8.17.2
  • devskim from 1.0.44 to 1.0.51
  • djlint from 1.36.1 to 1.36.4
  • dotnet-format from 8.0.111 to 9.0.102
  • editorconfig-checker from 3.0.3 to 3.1.2
  • git_diff from 2.45.2 to 2.47.2
  • gitleaks from 8.21.2 to 8.23.2
  • golangci-lint from 1.62.0 to 1.63.4
  • grype from 0.79.5 to 0.87.0
  • helm from 3.14.3 to 3.16.3
  • ktlint from 1.4.1 to 1.5.0
  • lightning-flow-scanner from 2.36.0 to 2.39.0
  • lychee from 0.17.0 to 0.18.0
  • markdownlint from 0.43.0 to 0.44.0
  • mypy from 1.13.0 to 1.14.0
  • mypy from 1.14.0 to 1.14.1
  • php-cs-fixer from 3.64.0 to 7.4.0
  • phpcs from 3.11.1 to 3.11.3
  • phplint from 9.5.4 to 9.5.6
  • phpstan from 2.0.2 to 2.1.2
  • pmd from 7.7.0 to 7.9.0
  • powershell from 7.4.2 to 7.4.6
  • powershell_formatter from 7.4.2 to 7.4.6
  • prettier from 3.3.3 to 3.4.2
  • protolint from 0.50.5 to 0.52.0
  • psalm from Psalm.5.26.1@​ to Psalm.6.0.0@​
  • pylint from 3.3.1 to 3.3.3
  • pyright from 1.1.389 to 1.1.392
  • raku from 2020.10 to 2024.10
  • revive from 1.5.1 to 1.6.0
  • rubocop from 1.68.0 to 1.71.0
  • ruff-format from 0.8.6 to 0.9.3
  • ruff from 0.8.0 to 0.9.3
  • scalafix from 0.13.0 to 0.14.0
  • selene from 0.27.1 to 0.28.0
  • sfdx-scanner-apex from 4.7.0 to 4.8.0
  • sfdx-scanner-aura from 4.7.0 to 4.8.0
  • sfdx-scanner-lwc from 4.7.0 to 4.8.0
  • snakemake from 8.25.3 to 8.27.1
  • sqlfluff from 3.2.5 to 3.3.0
  • stylelint from 16.10.0 to 16.14.0
  • swiftlint from 0.57.0 to 0.58.2
  • syft from 1.17.0 to 1.19.0
  • terraform-fmt from 1.10.0 to 1.10.3
  • terraform-fmt from 1.9.8 to 1.10.0
  • terragrunt from 0.68.14 to 0.69.13
  • tflint from 0.54.0 to 0.55.0
  • trivy-sbom from 0.57.1 to 0.58.2
  • trivy from 0.57.1 to 0.58.2
  • trufflehog from 3.84.1 to 3.88.2
  • v8r from 4.2.0 to 4.2.1
  • vale from 3.9.1 to 3.9.4
  • xmllint from 21207 to 21304

v8.3.0

Compare Source

• Core

  • Display command log (truncated to 250 chars) even when LOG_LEVEL is not DEBUG
  • Allow to replace an ENV var value with the value of another ENV var before calling a PRE_COMMAND (helps for tflint run from GitHub Enterprise)
  • Fix handling of git submodule paths

• Fixes

  • trivy: retry in case of BLOB_UNKNOWN while downloading vulnerability list

• Reporters

  • Fix UpdatedSourcesReporter when APPLY_FIXES is list (array)
  • Fix AzureCommentReporter when the repo is not found: fallback using BUILD_REPOSITORY_ID. (+ disable space replacement in repo name with AZURE_COMMENT_REPORTER_REPLACE_WITH_SPACES: false)

• CI

  • Fix Docker mirroring job for release context
  • Remove max parallel jobs for release linters workflow

• Linter versions upgrades (13)

  • cfn-lint from 1.19.0 to 1.20.0
  • checkov from 3.2.298 to 3.2.311
  • csharpier from 0.29.2 to 0.30.2
  • markdownlint from 0.42.0 to 0.43.0
  • phpstan from 2.0.1 to 2.0.2
  • ruff from 0.7.4 to 0.8.0
  • spectral from 6.14.1 to 6.14.2
  • stylua from 0.20.0 to 2.0.0
  • syft from 1.16.0 to 1.17.0
  • trivy-sbom from 0.57.0 to 0.57.1
  • trivy from 0.57.0 to 0.57.1
  • trufflehog from 3.83.7 to 3.84.1
  • vale from 3.9.0 to 3.9.1

v8.2.0

Compare Source

• Media

  • 10 MegaLinter Tips and Tricks Unlock its Full Potential by Wes Dean
  • MegaLinter Performance Tuning for Maximum Efficiency by Wes Dean

• Linters enhancements

  • detekt Enable SARIF output + count errors
  • lintr: Support files in subdirectories, fix unit tests
  • phpcs: Activate APPLY_FIXES
  • Salesforce linters: Add SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins
  • trivy: handle retry if failed to download Java DB is detected
  • tsqllint Re-enabled after .net 8 and security updates

• Fixes

  • Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered
  • Fix linting errors in GitHub Actions template

• Reporters

  • UpdatedSourcesReporter will git commit & push fixed files to source branch if APPLY_FIXES is set
  • Fix AzureCommentReporter not adding comments to PR
  • Fix AzureCommentReporter fails when target repo contains spaces

• Doc

  • Updated documentation with Azure central pipeline use case
  • Update DevSkim documentation to show a valid exclusion config file
  • Note about risky rules and how to fix rule violations with PHP-CS-Fixer

• CI

  • Also prune volumes before pulling and pushing to docker hub
  • Externalize mirroring from ghcr.io to docker hub in another workflow to avoid memory issues
  • Squash docker images to have less layers and size
  • Comment jobs related to GitHub Worker images, as CodeTotal is not actively maintained
  • Make gitpod workflow not blocking until uv install is fixed
  • Update stale comment
  • Try several times to embed trivy db during Docker build, as a workaround to the random failures
  • Wait 10 secondes instead of 1 before retrying a failing test method, to avoid race conditions

• Linter versions upgrades (104)

  • actionlint from 1.7.3 to 1.7.4
  • ansible-lint from 24.9.2 to 24.10.0
  • bicep_linter from 0.30.23 to 0.31.92
  • cfn-lint from 1.16.1 to 1.19.0
  • checkov from 3.2.257 to 3.2.298
  • checkstyle from 10.18.2 to 10.20.1
  • clippy from 0.1.81 to 0.1.82
  • clj-kondo from 2024.09.27 to 2024.11.14
  • cspell from 8.15.1 to 8.16.0
  • devskim from 1.0.33 to 1.0.44
  • djlint from 1.35.2 to 1.36.1
  • dotnet-format from 8.0.110 to 8.0.111
  • gitleaks from 8.20.1 to 8.21.2
  • golangci-lint from 1.61.0 to 1.62.0
  • ktlint from 1.3.1 to 1.4.1
  • lightning-flow-scanner from 2.34.0 to 2.36.0
  • lychee from 0.16.1 to 0.17.0
  • mypy from 1.11.2 to 1.13.0
  • perlcritic from 1.152 to 1.156
  • phpcs from 3.10.3 to 3.11.1
  • phplint from 9.5.3 to 9.5.4
  • phpstan from 1.12.6 to 2.0.1
  • pmd from 7.6.0 to 7.7.0
  • pyright from 1.1.384 to 1.1.389
  • revive from 1.4.0 to 1.5.1
  • roslynator from 0.9.1.0 to 0.9.3.0
  • rubocop from 1.66.1 to 1.68.0
  • ruff from 0.6.9 to 0.7.4
  • secretlint from 8.4.0 to 9.0.0
  • sfdx-scanner-apex from 4.6.0 to 4.7.0
  • sfdx-scanner-aura from 4.6.0 to 4.7.0
  • sfdx-scanner-lwc from 4.6.0 to 4.7.0
  • shfmt from 3.9.0 to 3.10.0
  • snakemake from 8.21.0 to 8.25.3
  • spectral from 6.13.1 to 6.14.1
  • sqlfluff from 3.2.3 to 3.2.5
  • syft from 1.14.0 to 1.16.0
  • terraform-fmt from 1.9.5 to 1.9.8
  • terragrunt from 0.67.5 to 0.68.14
  • tflint from 0.53.0 to 0.54.0
  • trivy-sbom from 0.56.2 to 0.57.0
  • trivy from 0.56.2 to 0.57.0
  • trufflehog from 3.82.11 to 3.83.7
  • tsqllint from 1.15.3.0 to 1.16.0.0
  • v8r from 4.1.0 to 4.2.0
  • vale from 3.7.1 to 3.9.0

v8.1.0

Compare Source

• Core

  • Allow to tag PRE_COMMANDS to run them before loading plugins, by @​nvuillam in #​3944
  • Replace usage of setup.py with a pyproject.toml package install, by @​echoix in #​3893
  • Allow to add custom messages at the end of PR / MR MegaLinter Summary using variable JOB_SUMMARY_ADDITIONAL_MARKDOWN

• New linters

  • New LUA linter: selene, by @​AlejandroSuero in #​3978
  • New LUA formatter: stylua, by @​AlejandroSuero in #​3985

• Linters enhancements

  • Trivy
    • Embed vulnerability database in Docker Image for running trivy on internet-free network
    • Retry 5 times after 3 seconds in case of TooManyRequests when downloading vulnerability database
    • If the retries did not succeed, call trivy with --skip-db-update --skip-check-update (not ideal but better than nothing)
  • Bash/Perl: Support shell scripts with no extension and only support perl shebangs at the beginning of a file in #​4076

• Fixes

  • APPLY_FIXES and for PHP_PHPCSFIXER linter, by @​llaville in #​3963
  • Add debug traces to investigate reporters activation
  • Add more traces for ApiReporter
  • Activate ApiReporter by default

• Reporters

  • Fix ApiReporter not called in MegaLinter flavors

• Doc

  • Fix Grafana Home Dashboard to add missing criteria
  • Update PRE_COMMANDS documentation to describe all properties
  • Update Grafana documentation to fix secrets typo

• CI

  • Free space in release job to avoid no space left on device, by @​nvuillam in #​3914
  • Add pytest-rerunfailures to improve CI control jobs success, by @​AlejandroSuero in #​3993
  • Send GITHUB_TOKEN to trivy-action
  • Workaround to avoid to reach Docker Hub rate limits: Build & push first on ghcr.io, then login to docker hub, then push to docker hub

• Linter versions upgrades

  • actionlint from 1.7.1 to 1.7.3
  • ansible-lint from 24.7.0 to 24.9.2
  • bandit from 1.7.9 to 1.7.10
  • bicep_linter from 0.29.47 to 0.30.23
  • black from 24.8.0 to 24.10.0
  • cfn-lint from 1.10.3 to 1.16.1
  • checkov from 3.2.232 to 3.2.257
  • checkstyle from 10.17.0 to 10.18.2
  • clippy from 0.1.80 to 0.1.81
  • clj-kondo from 2024.08.01 to 2024.09.27
  • cpplint from 1.6.1 to 2.0.0
  • csharpier from 0.29.0 to 0.29.2
  • cspell from 8.14.1 to 8.15.1
  • detekt from 1.23.6 to 1.23.7
  • djlint from 1.34.1 to 1.35.2
  • dotnet-format from 8.0.108 to 8.0.110
  • eslint from 8.57.0 to 8.57.1
  • gitleaks from 8.18.4 to 8.20.1
  • golangci-lint from 1.60.1 to 1.61.0
  • kics from 2.1.2 to 2.1.3
  • lightning-flow-scanner from 2.33.0 to 2.34.0
  • lychee from 0.15.1 to 0.16.1
  • markdownlint from 0.41.0 to 0.42.0
  • mypy from 1.11.1 to 1.11.2
  • npm-groovy-lint from 14.6.0 to 15.0.2
  • php-cs-fixer from 3.62.0 to 3.64.0
  • phpcs from 3.10.2 to 3.10.3
  • phplint from 9.4.1 to 9.5.3
  • phpstan from 1.11.11 to 1.12.6
  • pmd from 7.4.0 to 7.6.0
  • psalm from Psalm.5.25.0@​ to Psalm.5.26.1@​
  • pylint from 3.2.6 to 3.3.1
  • pyright from 1.1.376 to 1.1.384
  • revive from 1.3.9 to 1.4.0
  • roslynator from 0.8.9.0 to 0.9.1.0
  • rubocop from 1.65.1 to 1.66.1
  • ruff from 0.6.1 to 0.6.9
  • scalafix from 0.12.1 to 0.13.0
  • secretlint from 8.2.4 to 8.4.0
  • sfdx-scanner-apex from 4.4.0 to 4.6.0
  • sfdx-scanner-aura from 4.4.0 to 4.6.0
  • sfdx-scanner-lwc from 4.4.0 to 4.6.0
  • shfmt from 3.8.0 to 3.9.0
  • snakemake from 8.18.1 to 8.21.0
  • spectral from 6.11.1 to 6.13.1
  • sqlfluff from 3.1.0 to 3.2.3
  • standard from 17.1.0 to 17.1.2
  • stylelint from 16.8.2 to 16.10.0
  • swiftlint from 0.56.1 to 0.57.0
  • syft from 1.11.0 to 1.14.0
  • terraform-fmt from 1.9.4 to 1.9.5
  • terragrunt from 0.66.8 to 0.67.5
  • terrascan from 1.18.11 to 1.19.9
  • trivy-sbom from 0.54.1 to 0.56.2
  • trivy from 0.54.1 to 0.56.2
  • trufflehog from 3.81.10 to 3.82.8
  • v8r from 4.0.1 to 4.1.0
  • vale from 3.7.0 to 3.7.1

v8.0.0

Compare Source

• Reporters
  • New ApiReporter (can be used to build Grafana dashboards), by @​nvuillam in #​3540

• Removed deprecated linters, by @​nvuillam in #​3854

  • CSS_SCSSLINT: Project discontinued and advising to use stylelint
  • OPENAPI_SPECTRAL: Replaced by API_SPECTRAL (same linter but more formats handled)
  • SQL_SQL_LINT: Project no longer maintained

• Core

  • Hide to linters by default all environment variables that contain TOKEN, USERNAME or PASSWORD, by @​nvuillam in #​3881
  • Allow to override CLI_LINT_MODE when defined as project, by @​nvuillam in #​3772
  • Allow to use absolute paths for LINTER_RULES_PATH, by @​nvuillam in #​3775
  • Allow to update variables from PRE/POST Commands using output_variables property, by @​nvuillam in #​3861

• Media

  • MegaLinter: un linter pour les gouverner tous (FR), by Guillaume Arnaud from WeScale
  • MegaLinter, by Stéphane Robert, from 3DS OutScale
  • 30 Seconds to Setup MegaLinter: Your Go-To Tool for Automated Code Quality, by Peng Cao |

• Linters enhancements

  • bandit Call bandit with quiet mode to generate less logs, by @​nvuillam in #​3892
  • grype Count number of errors returned by Grype, by @​nvuillam in #​3906
  • yamllint Fix yamllint default format to avoid special characters or GitHub sections in text logs, by @​nvuillam in #​3898

• Fixes

  • terrascan fixed errors and removed redundant code, by @​TommyE123 in #​3767
  • dotnet-format various performance improvements and ability to specify sln or proj paths, by @​TommyE123 in #​3741
  • swiftlint Remove deprecated argument --path
  • Salesforce linters: Disable SF CLI auto update warning, by @​nvuillam in #​3883

• Doc

  • Add images and links to Git, CI/CD & other tools integrations at the beginning of the README, by @​nvuillam in #​3885
  • Create README animated GIF presentation of MegaLinter, by @​nvuillam in #​3910
  • Format mkdocs search index in place, by @​echoix in #​3890
  • Use consistent spelling of 'flavor', by @​InputUsername in #​3789

• CI

  • Fix docker warnings, by @​nvuillam in #​3853
    • FromAsCasing: 'as' and 'FROM' keywords' casing do not match
    • NoEmptyContinuation: Empty continuation line
    • SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data
  • Port Beta workflows to use docker/metadata-action, by @​echoix in #​3860
  • AutoUpdate linters: Always create a PR if the job has been started manually, by @​nvuillam in #​3863
  • Add skip_checkout: true to default MegaLinter GitHub Action template
  • Remove path filters in deploy-DEV workflow as it is a required check by @​echoix in #​3894

• mega-linter-runner

  • Add new rules to upgrade to MegaLinter v8, by @​nvuillam in #​3896
  • Replace glob-promise by glob library, by @​nvuillam in #​3902
    • Minimum NodeJs version is now 20.x

• Linter versions upgrades

  • ansible-lint from 24.6.1 to 24.7.0
  • bicep_linter from 0.28.1 to 0.29.47
  • black from 24.4.2 to 24.8.0
  • cfn-lint from 1.5.0 to 1.10.3
  • checkov from 3.2.174 to 3.2.232
  • clippy from 0.1.79 to 0.1.80
  • clj-kondo from 2024.05.24 to 2024.08.01
  • csharpier from 0.28.2 to 0.29.0
  • cspell from 8.10.4 to 8.14.1
  • dotnet-format from 8.0.106 to 8.0.108
  • flake8 from 7.1.0 to 7.1.1
  • golangci-lint from 1.59.1 to 1.60.1
  • grype from 0.79.2 to 0.79.5
  • jsonlint from 14.0.3 to 16.0.0
  • kics from 2.1.1 to 2.1.2
  • kubeconform from 0.6.6 to 0.6.7
  • lightning-flow-scanner from 2.28.0 to 2.33.0
  • mypy from 1.10.1 to 1.11.1
  • php-cs-fixer from 3.59.3 to 3.62.0
  • phpcs from 3.10.1 to 3.10.2
  • phpstan from 1.11.9 to 1.11.11
  • pmd from 7.3.0 to 7.4.0
  • prettier from 3.3.2 to 3.3.3
  • protolint from 0.50.2 to 0.50.5
  • pylint from 3.2.5 to 3.2.6
  • pyright from 1.1.370 to 1.1.376
  • revive from 1.3.7 to 1.3.9
  • rstcheck from 6.2.1 to 6.2.4
  • rubocop from 1.64.1 to 1.65.1
  • ruff from 0.5.1 to 0.6.1
  • sfdx-scanner-apex from 4.3.2 to 4.4.0
  • sfdx-scanner-aura from 4.3.2 to 4.4.0
  • sfdx-scanner-lwc from 4.3.2 to 4.4.0
  • snakemake from 8.15.2 to 8.18.1
  • stylelint from 16.6.1 to 16.8.2
  • swiftlint from 0.55.1 to 0.56.1
  • syft from 1.8.0 to 1.11.0
  • terraform-fmt from 1.9.0 to 1.9.4
  • terragrunt from 0.59.6 to 0.66.8
  • tflint from 0.52.0 to 0.53.0
  • trivy-sbom from 0.53.0 to 0.54.1
  • trivy from 0.53.0 to 0.54.1
  • trufflehog from 3.79.0 to 3.81.9
  • v8r from 3.1.0 to 4.0.1
  • vale from 3.6.0 to 3.7.0

v7.13.0

Compare Source

• New linters

  • Add ls-lint, file and folder linter, by @​scolladon in #​3681

• Core

  • Handle renovate version comments in build script, by @​echoix in #​3617 , #​3627 , #​3643 , #​3699 , #​3700
  • Update base image to python:3.12.4-alpine3.20
  • Use dotnet8-sdk available in the main repository, by @​TommyE123 in #​3696

• Media

  • Introducing MegaLinter: Streamlining Code Quality Checks Across Multiple Languages, by Cloud Tuned
  • Infrastructure as Code GitHub Codespace Template, by Luke Murray
  • Video: How to: Secrets scanning, by Hackitect's playground

• Linters enhancements

  • Add SARIF support (v2) for all PHP linters by @​llaville in #​3745 , #​3729
  • Add python package Pygments to rst-lint venv, by @​bobidle in #​3631
  • CSharpier added ability to override config filename and path, by @​TommyE123 in #​3664
  • xmllint added support for xsd files, by @​TommyE123 in #​3665

• Fixes

  • Improve support for single argument in get_list_args function, by @​TommyE123 in #​3589
  • ansible-lint Improved activation by checking for .ansible-lint config file, by @​TommyE123 in #​3697
  • DevSkim fixed fatal errors when scanning and ability to override config path, by @​TommyE123 in #​3673
  • GitLeaks add missing schema properties, by @​TommyE123 in #​3675
  • Powershell Error table truncation improvements, by @​TommyE123 in #​3620
  • Powershell added missing schema property POWERSHELL_POWERSHELL_FORMATTER_OUTPUT_ENCODING, by @​TommyE123 in #​3678
  • syft use scan instead of deprecated packages arg, by @​TommyE123 in #​3613
  • tflint added missing schema property TERRAFORM_TFLINT_SECURED_ENV, by @​TommyE123 in #​3679
  • tflint fixed deprecated argument and other improvements to default .tflint.hcl template, by @​TommyE123 in #​3688
  • xmllint added missing schema properties XML_XMLLINT_AUTOFORMAT and XML_XMLLINT_INDENT, by @​TommyE123 in #​3677
  • yamllint fix error/warning count to work with different log output formats, by @​TommyE123 in #​3612

• Doc

  • Update documentation icons by @​nvuillam in #​3625

• Flavors

  • Add gherkin-lint in c_cpp flavor, by @​nvuillam in #​3698

• CI

  • Bump actions/checkout from 3 to 4, by @​KristjanESPERANTO in #​2994
  • Reduce dependabot PR frequency to weekly by @​echoix in #​3642

• Linter versions upgrades

  • ansible-lint from 24.2.3 to 24.6.1
  • bandit from 1.7.8 to 1.7.9
  • bash-exec from 5.2.21 to 5.2.26
  • bicep_linter from 0.27.1 to 0.28.1
  • cfn-lint from 0.87.4 to 1.5.0
  • checkov from 3.2.122 to 3.2.174
  • clang-format from 17.0.5 to 17.0.6
  • clippy from 0.1.78 to 0.1.79
  • cspell from 8.8.3 to 8.10.4
  • editorconfig-checker from 3.0.1 to 3.0.3
  • flake8 from 7.0.0 to 7.1.0
  • git_diff from 2.43.4 to 2.45.2
  • gitleaks from 8.18.2 to 8.18.4
  • golangci-lint from 1.59.0 to 1.59.1
  • grype from 0.78.0 to 0.79.2
  • helm from 3.14.2 to 3.14.3
  • jscpd from 4.0.4 to 4.0.5
  • kics from 2.0.1 to 2.1.1
  • ktlint from 1.2.1 to 1.3.1
  • lightning-flow-scanner from 2.26.0 to 2.28.0
  • markdown-table-formatter from 1.6.0 to 1.6.1
  • mypy from 1.10.0 to 1.10.1
  • npm-package-json-lint from 7.1.0 to 8.0.0
  • php-cs-fixer from 3.58.1 to 3.59.3
  • phplint from 9.3.1 to 9.4.1
  • phpstan from 1.11.3 to 1.11.7
  • pmd from 7.1.0 to 7.3.0
  • prettier from 3.3.0 to 3.3.2
  • protolint from 0.49.7 to 0.50.2
  • psalm from Psalm.5.24.0@​ to Psalm.5.25.0@​
  • pylint from 3.2.2 to 3.2.5
  • pyright from 1.1.365 to 1.1.370
  • ruff from 0.4.10 to 0.5.1
  • sfdx-scanner-apex from 3.25.0 to 4.3.2
  • sfdx-scanner-aura from 3.25.0 to 4.3.2
  • sfdx-scanner-lwc from 3.25.0 to 4.3.2
  • snakemake from 8.12.0 to 8.15.2
  • sqlfluff from 3.0.7 to 3.1.0
  • swiftlint from 0.54.0 to 0.55.1
  • syft from 1.5.0 to 1.8.0
  • terraform-fmt from 1.8.4 to 1.9.0
  • terragrunt from 0.58.13 to 0.59.6
  • tflint from 0.51.1 to 0.52.0
  • trivy-sbom from 0.51.4 to 0.53.0
  • trivy from 0.51.4 to 0.53.0
  • trufflehog from 3.77.0 to 3.79.0
  • v8r from 3.0.0 to 3.1.0
  • vale from 3.4.2 to 3.6.0
  • xmllint from 21108 to 21207

v7.12.0

Compare Source

• Core

  • Add new logs (at debug level) on each linter activation/deactivation
  • Clean MegaLinter own CVE exceptions and order the remaining ones with links to related issues
  • Upgrade to Java 21 except for npm-groovy-lint that requires Java 17

• Media

  • Add blog post 5 ways MegaLinter upped our DevSecOps game to the list of English articles by @​wesley-dean-flexion in #​3596

• Linters

  • Add PHP fixer by @​llaville in #​3598
  • API_SPECTRAL was added as replacement for OPENAPI_SPECTRAL (deprecated), supporting AsyncAPI and OpenAPI by default. Uses Spectral's standard config file name .spectral.yaml instead of .openapirc.yml with a default config with rulesets for AsyncAPI and OpenAPI enabled. Fixes #​3387
  • Disable SQL_TSQLLINT until security issues are solved. Related to tsqllint/tsqllint#333
  • PHP linters (PHP_PHPCS, PHP_PHPLINT, PHP_PHPSTAN) add support to SARIF report output format with help of https://github.com/llaville/sarif-php-sdk
  • Php psalm improvement by @​llaville in #​3541
  • KOTLIN_KTLINT now supports list_of_files mode, and has better error counting
  • Upgrade KOTLIN_DETEKT and make it work with cli_lint_mode = project

• Reporters

• Fixes

  • Change golangci-lint lint mode to project, by @​wandering-tales in #​3509
  • Disable sql-lint as it is no longer maintained
  • Add new entries findUnusedCode and findUnusedBaselineEntry in default psalm.xml configuration file for PHP_PSALM linter. Related to #​3538
  • fix(pylint): overgeneral-exceptions fully qualified name by @​gardar in #​3576
  • Update ktlint descriptor to support list_of_files and better error counting by @​Yann-J in #​3575
  • Sync PowerShell version in arm.megalinter-descriptor.yml by @​echoix in #​3586
  • Adjust find commands to clean up files in same step by @​echoix in #​3588
  • Upgrade KOTLIN_DETEKT and make it work with cli_lint_mode = project by @​nvuillam in #​3590

• Doc

  • Handle disabled_reason property in descriptors
  • Sort enums in json schema, by @​echoix in #​3595

• Flavors

• CI

  • Build: take in account disabled linters for workflow auto-update
  • Remove useless package-lock.json that was in python tests folder
  • Fix SARIF_REPORTER that was wrongly sent to true to format & fix test methods
  • Build: Write ARG lines at the top of Dockerfiles if they are used by FROM variables
  • Remove Github Actions Workflow telemetry to improve performances
  • Update Docker image for Gitpod to run on Ubuntu Noble, by @​echoix
  • Update makefile bootstrap config (gitpod or local) to use uv for package installation, by @​echoix
  • Use uv to install Python deps for CI by @​echoix in #​3561
  • Use a single find command to delete pycache files by @​echoix in #​3562
  • Sort schema enums by @​echoix in #​3595

• Linter versions upgrades

  • actionlint from 1.6.27 to 1.7.1
  • ansible-lint from 24.2.2 to 24.2.3
  • bicep_linter from 0.26.170 to 0.27.1
  • black from 24.4.0 to 24.4.2
  • cfn-lint from 0.86.4 to 0.87.4
  • checkov from 3.2.74 to 3.2.122
  • checkstyle from 10.15.0 to 10.17.0
  • clippy from 0.1.77 to 0.1.78
  • clj-kondo from 2024.03.13 to 2024.05.24
  • csharpier from 0.28.1 to 0.28.2
  • cspell from 8.7.0 to 8.8.3
  • detekt from 1.23.5 to 1.23.6
  • dotnet-format from 8.0.104 to 8.0.106
  • editorconfig-checker from 2.7.2 to 3.0.1
  • git_diff from 2.43.0 to 2.43.4
  • golangci-lint from 1.57.2 to 1.59.0
  • grype from 0.77.0 to 0.78.0
  • jscpd from 3.5.10 to 4.0.4
  • kics from 2.0.0 to 2.0.1
  • kubeconform from 0.6.4 to 0.6.6
  • lightning-flow-scanner from 2.22.0 to 2.24.0
  • luacheck from 1.1.2 to 1.2.0
  • lychee from 0.14.3 to 0.15.1
  • markdown-link-check from 3.12.1 to 3.12.2
  • markdown-table-formatter from 1.5.0 to 1.6.0
  • markdownlint from 0.39.0 to 0.41.0
  • mypy from 1.9.0 to 1.10.0
  • npm-groovy-lint from 14.4.1 to 14.6.0
  • phpcs from 3.9.1 to 3.10.1
  • phplint from 9.1.2 to 9.3.1
  • phpstan from 1.10.67 to 1.11.0 to 1.11.3
  • pmd from 6.55.0 to 7.1.0
  • powershell from 7.4.1 to 7.4.2
  • powershell_formatter from 7.4.1 to 7.4.2
  • prettier from 3.2.5 to 3.3.0
  • [proselint](https://redirect.gi

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request updates the oxsecurity/megalinter-documentation Docker image from version v7.3.0 to v8.1.0 in the docker-compose.yml file. This is a major version update that includes several new features, enhancements, and fixes.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change	Details	Files
Update oxsecurity/megalinter-documentation Docker image to v8.1.0	Upgrade oxsecurity/megalinter-documentation from v7.3.0 to v8.1.0 This major version update includes new features, linter updates, and various improvements	docker-compose.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, renovate[bot]!). We assume it knows what it's doing!

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.