MegaLinter v6.16.0

What's Changed

• New linters

  • Add npm-package-json-lint linter, by @bdovaz (#2150)

• Evolutions

  • Upgrade to alpine 3.16
  • Disable php7 & upgrade php8 to php81
  • Add Makefile linters to documentation flavor
  • PowershellLinter autofix capability, by @bdovaz (#2175)
  • Allow local files with EXTENDS configuration, by @bdovaz (#2151)
  • Add Trivy config file parameters, by @bdovaz (#2154)

• Fixes

  • Change reporter text for better UX, by @ashokm (#2168)
  • Remove workspace prefix from aggregate sarif report, by @janderssonse (#2119)
  • CSpell file name linting does not use (custom) CSpell configuration (#2058)
  • HTML email not rendering correctly (#2120). Set REPORTERS_MARKDOWN_TYPE to simple to avoid external images in PR/MR markdown comments.
  • mega-linter-runner: Fix Value for container-name of type String required, by @AlbanAndrieu ([#2123])(#2123)
  • Use warning emoji in reporters, by @ashokm (#2156)
  • Fix branding to use the correct 'OX Security' name, by @ashokm

• Doc

  • Enclose System.TeamProject in Azure Pipelines, by @ashokm (#2131)
  • Better contributing docs, by @bdovaz (#2162)

• Linter versions upgrades

  • bicep_linter from 0.12.40 to 0.13.1
  • black from 22.10.0 to 22.12.0
  • cfn-lint from 0.72.0 to 0.72.5
  • checkstyle from 10.4 to 10.5.0
  • clippy from 0.1.65 to 0.1.66
  • clj-kondo from 2022.10.14 to 2022.12.10
  • cspell from 6.14.3 to 6.18.0
  • djlint from 1.19.7 to 1.19.9
  • eslint from 8.28.0 to 8.29.0 to 8.30.0
  • git_diff from 2.34.5 to 2.36.3
  • gitleaks from 8.15.0 to 8.15.2
  • isort from 5.10.1 to 5.11.4
  • kics from 1.6.5 to 1.6.6
  • ktlint from 0.47.1 to 0.48.0
  • luacheck from 1.0.0 to 1.1.0
  • perlcritic from 1.140 to 1.146
  • phplint from 3.0 to 5.4
  • phpstan from 1.9.2 to 1.9.4
  • powershell from 7.3.0 to 7.3.1
  • prettier from 2.8.0 to 2.8.1
  • psalm from Psalm.4.x-dev@ to Psalm.dev-master@
  • pylint from 2.15.6 to 2.15.9
  • rubocop from 1.39.0 to 1.41.1
  • semgrep from 0.122.0 to 1.2.1
  • sfdx-scanner-apex from 3.6.2 to 3.7.1
  • sfdx-scanner-aura from 3.6.2 to 3.7.1
  • sfdx-scanner-lwc from 3.6.2 to 3.7.1
  • shellcheck from 0.8.0 to 0.9.0
  • snakefmt from 0.7.0 to 0.8.0
  • snakemake from 7.18.2 to 7.19.1
  • sqlfluff from 1.4.2 to 1.4.5
  • stylelint from 14.15.0 to 14.16.0
  • swiftlint from 0.50.0 to 0.50.3
  • syft from 0.62.1 to 0.64.0
  • terraform-fmt from 1.3.5 to 1.3.6
  • terragrunt from 0.40.2 to 0.42.3
  • terrascan from 1.17.0 to 1.16.0
  • tflint from 0.42.1 to 0.43.0
  • trivy from 0.29.2 to 0.35.0
  • v8r from 0.13.0 to 0.13.1

Contributors

• @bdovaz
• @ashokm
• @janderssonse
• @AlbanAndrieu

Full Changelog: v6.15.0...v6.16.0

MegaLinter is graciously provided by

MegaLinter v6.15.0

What's Changed

• Switch to https://megalinter.io

• Initial Drone CI documentation

• Automatically generate "Used by" markdown documentation with github-dependents-info

• Add Docker container documentation

• Linter versions upgrades

  • bicep_linter from 0.12.1 to 0.12.40
  • cfn-lint from 0.70.1 to 0.72.0
  • coffeelint from 5.2.10 to 5.2.11
  • cspell from 6.14.0 to 6.14.3
  • djlint from 1.19.4 to 1.19.7
  • eslint from 8.27.0 to 8.28.0
  • flake8 from 5.0.4 to 6.0.0
  • hadolint from 2.10.0 to 2.12.0
  • kics from 1.6.3 to 1.6.5
  • mypy from 0.982 to 0.991
  • phpstan from 1.9.1 to 1.9.2
  • powershell from 7.2.7 to 7.3.0
  • prettier from 2.7.1 to 2.8.0
  • protolint from 0.41.0 to 0.42.2
  • psalm from Psalm.5.x-dev@ to Psalm.4.x-dev@
  • pylint from 2.15.5 to 2.15.6
  • rstcheck from 6.1.0 to 6.1.1
  • rubocop from 1.38.0 to 1.39.0
  • semgrep from 0.120.0 to 0.122.0
  • snakefmt from 0.6.1 to 0.7.0
  • snakemake from 7.18.1 to 7.18.2
  • sqlfluff from 1.4.1 to 1.4.2
  • stylelint from 14.14.1 to 14.15.0
  • swiftlint from 0.46.5 to 0.50.0
  • syft from 0.60.3 to 0.62.1
  • terraform-fmt from 1.3.4 to 1.3.5
  • terragrunt from 0.40.0 to 0.40.2
  • terrascan from 1.16.0 to 1.17.0

Contributors

• @NebulaOnion made their first contribution in #2053
• @rasa
• @nvuillam

Full Changelog: v6.14.0...v6.15.0

MegaLinter is graciously provided by

MegaLinter v6.14.0

• Core

  • Replace set-output usage with GITHUB_OUTPUT to handle Github deprecation notice
  • Allow PRE_COMMANDS to be defined within a python venv (#2017)
  • Correct behavior of EXTENDS property in .megalinter.yml config file (#1516)
  • Fix flavor suggestion message in reporters

• New MegaLinter plugin: mustache: Plugin to validate Logstash pipeline definition files using mustache, by Yann Jouanique

• New article: GitHub Actions: sharing your secrets with third-party actions, by José Celano Martín, Constantin Bosse and Stephen Hosom

• Linters

  • Bring back rstfmt RestructuredText formatter
  • Add the SPELL_*_FILE_EXTENSIONS parameter for each SPELL type linter. If set, it will use this value to filter instead of the default behavior which is to parse the files of all other linters executed (#1997).
  • Allow cspell to also analyze file names (new variable SPELL_CSPELL_ANALYZE_FILE_NAMES) (#2009)
  • Fix bicep version regex

• Linter versions upgrades

  • actionlint from 1.6.21 to 1.6.22
  • bicep_linter from 0.11.1 to to 0.12.1
  • cfn-lint from 0.68.1 to 0.70.1
  • checkstyle from 10.3.4 to 10.4
  • clippy from 0.1.64 to 0.1.65
  • cspell from 6.12.0 to 6.14.0
  • djlint from 1.19.2 to 1.19.4
  • eslint-plugin-jsonc from 2.4.0 to 2.5.0
  • eslint from 8.26.0 to 8.27.0
  • kics from 1.6.2 to 1.6.3
  • kubeconform from 0.4.12 to 0.5.0
  • npm-groovy-lint from 11.0.0 to 11.1.1
  • phpstan from 1.8.10 to 1.9.1
  • revive from 0.0.0 to 1.2.4
  • rstfmt from 0.0.10 to 0.0.11
  • rubocop from 1.37.0 to 1.38.0
  • secretlint from 5.2.4 to 5.3.0
  • semgrep from 0.118.0 to 0.120.0
  • sfdx-scanner-apex from 2.13.9 to 3.6.2
  • sfdx-scanner-aura from 2.13.9 to 3.6.2
  • sfdx-scanner-lwc from 2.13.9 to 3.6.2
  • snakemake from 7.16.1 to 7.18.1
  • sqlfluff from 1.3.2 to 1.4.1
  • stylelint from 14.14.0 to 14.14.1
  • syft from 0.59.0 to 0.60.3
  • terraform-fmt from 1.3.3 to 1.3.4
  • terragrunt from 0.39.2 to 0.40.0
  • tflint from 0.41.0 to 0.42.1
  • yamllint from 1.26.3 to 1.26.3

MegaLinter is graciously provided by

MegaLinter v6.13.0

• New cupcake flavor with 78 instead of 108 linters

• Don't add literal double quote character to filenames in mega-linter-runner (#1942).

• Remove default npm-groovy-lint extra arguments (#1872)

• Replace yaml.load by yaml.safe_load for better security

• Linter versions upgrades

  • cfn-lint from 0.67.0 to 0.68.1
  • clj-kondo from 2022.10.05 to 2022.10.14
  • djlint from 1.19.1 to 1.19.2
  • eslint from 8.25.0 to 8.26.0
  • git_diff from 2.34.4 to 2.34.5
  • gitleaks from 8.14.1 to 8.15.0
  • golangci-lint from 1.50.0 to 1.50.1
  • phpstan from 1.8.9 to 1.8.10
  • powershell from 7.2.6 to 7.2.7
  • puppet-lint from 3.0.0 to 3.0.1
  • pylint from 2.15.4 to 2.15.5
  • rubocop from 1.36.0 to 1.37.0
  • semgrep from 0.117.0 to 0.118.0
  • snakemake from 7.16.0 to 7.16.1
  • syft from 0.58.0 to 0.59.0
  • terraform-fmt from 1.3.2 to 1.3.3
  • terragrunt from 0.39.1 to 0.39.2
  • terrascan from 1.15.2 to 1.16.0

MegaLinter is graciously provided by

MegaLinter v6.12.0

• Add Makefile linter in go flavor

• Fix invalid Docker container names in .pre-commit-hooks.yaml (#1932)

• Correct spelling of containername argument to mega-linter-runner (#1570)

• Correct removeContainer casing in runner (#1917)

• Fix use of TERRAFORM_KICS_ARGUMENTS (#1947)

• Use -p argument for pyright custom config file path (#1946)

• Fix incorrect link to pytype for pyright (#1967)

• Deduplicate SHOW_ELAPSED_TIME properties to address v8r error (#1962)

• Add link to article GitOps security topics you must address, by Wiebe de Roos

• Linter versions upgrades

  • actionlint from 1.6.16 to 1.6.21
  • ansible-lint from 6.7.0 to 6.7.0
  • bicep_linter from 0.10.61 to 0.11.1
  • black from 22.8.0 to 22.10.0
  • cfn-lint from 0.66.0 to 0.67.0
  • clj-kondo from 2022.09.08 to 2022.10.05
  • djlint from 1.18.0 to 1.19.1
  • eslint from 8.24.0 to 8.25.0
  • gitleaks from 8.13.0 to 8.14.1
  • golangci-lint from 1.49.0 to 1.50.0
  • kics from 1.6.1 to 1.6.2
  • mypy from 0.981 to 0.982
  • npm-groovy-lint from 10.1.0 to 11.0.0
  • phpstan from 1.8.6 to 1.8.9
  • puppet-lint from 2.5.2 to 3.0.0
  • pylint from 2.15.3 to 2.15.4
  • scalafix from 0.10.3 to 0.10.4
  • semgrep from 0.115.0 to 0.117.0
  • snakemake from 7.14.2 to 7.16.0
  • stylelint from 14.13.0 to 14.14.0
  • terraform-fmt from 1.3.1 to 1.3.2
  • terragrunt from 0.39.0 to 0.39.1

MegaLinter is graciously provided by

MegaLinter v6.11.1

• Remove no-space-check from MegaLinter default .pylintrc file (#1923)

New article: https://nicolas.vuillamy.fr/megalinter-sells-his-soul-and-joins-ox-security-2a91a0027628

MegaLinter is graciously provided by

MegaLinter v6.11.0

• New article: https://nicolas.vuillamy.fr/megalinter-sells-his-soul-and-joins-ox-security-2a91a0027628

• Linters

  • Add bicep linter (#1898)
  • Add quotes to arm-ttk linter command (#1879)
  • Add Makefile linter in java flavor

• Core

  • Improve support for devcontainers by using Python base image
    • Fixed Python version in devcontainer from 3.9 -> 3.10
    • Fix build command on linux (thanks a lot to Edouard Choinière for the investigation and solution !)
  • Azure Comments reporter - Change status when all tests pass (#1915)

• Doc

  • Document the -f argument to mega-linter-runner (#1895)
  • Fix a typo in documentation of bash-exec linter (#1892)

• Linter versions upgrades

  • ansible-lint from 6.6.0 to 6.7.0
  • cfn-lint from 0.65.0 to 0.66.0
  • checkov from 2.1.213 to 2.1.244
  • checkstyle from 10.3.3 to 10.3.4
  • clippy from 0.1.63 to 0.1.64
  • coffeelint from 5.2.9 to 5.2.10
  • cspell from 6.10.0 to 6.12.0
  • djlint from 1.16.0 to 1.18.0
  • eslint from 8.23.1 to 8.24.0
  • gitleaks from 8.12.0 to 8.13.0
  • jsonlint from 11.6.0 to 11.7.0
  • kics from 1.6.0 to 1.6.1
  • markdown-link-check from 3.10.2 to 3.10.3
  • mypy from 0.971 to 0.981
  • phpstan from 1.8.5 to 1.8.6
  • protolint from 0.40.0 to 0.41.0
  • scalafix from 0.10.2 to 0.10.3
  • semgrep from 0.113.0 to 0.115.0
  • snakemake from 7.14.0 to 7.14.2
  • sqlfluff from 1.3.1 to 1.3.2
  • stylelint from 14.12.0 to 14.13.0
  • syft from 0.56.0 to 0.58.0
  • terraform-fmt from 1.2.9 to 1.3.1
  • terragrunt from 0.38.12 to 0.39.0
  • tflint from 0.40.0 to 0.41.0

MegaLinter is graciously provided by

MegaLinter v6.10.0

• Add git-lfs in Docker image to handle large files in git repositories

• MegaLinter Docker images size improvements

  • Remove NPM cache
  • Remove Cargo cache
  • Remove rustup when clippy is not embedded in the image
  • Remove npm packages useless files

• Linter versions upgrades

  • ansible-lint from 6.5.2 to 6.6.0
  • cfn-lint from 0.64.1 to 0.65.0
  • checkov from 2.1.201 to 2.1.213
  • cspell from 6.8.1 to 6.10.0
  • djlint from 1.12.3 to 1.16.0
  • eslint from 8.23.0 to 8.23.1
  • kics from 1.5.15 to 1.6.0
  • pylint from 2.15.2 to 2.15.3
  • scalafix from 0.10.1 to 0.10.2
  • semgrep from 0.112.1 to 0.113.0
  • sfdx-scanner-apex from 2.13.8 to 2.13.9
  • sfdx-scanner-aura from 2.13.8 to 2.13.9
  • sfdx-scanner-lwc from 2.13.8 to 2.13.9
  • stylelint from 14.11.0 to 14.12.0
  • syft from 0.55.0 to 0.56.0
  • terragrunt from 0.38.10 to 0.38.12
  • terragrunt from 0.38.9 to 0.38.10
  • yamllint from 1.27.1 to 1.28.0

MegaLinter v6.9.1

• Linters

  • Add python type checker pyright, by Microsoft
  • New linters with available SARIF output for SARIF Reporter
    • ansible-lint
    • shellcheck thanks to shellcheck-sarif
  • Use list_of_files Cli lint mode for checkstyle, to have unique SARIF output and improve performances
  • Use list_of_files Cli lint mode for golangci-lint and revive, to improve performances
  • Reactivate snakefmt

• Core

  • Improve build performances and docker images sizes (reduce from 117 to 36 layers)
    • Use BUILDKIT
    • Join RUN instructions
    • Optimize core Dockerfile items
    • Clean npm, python and cargo caches
  • Create a venv for each python-based linter to avoid issues with dependencies
  • Fix broken link to documentation when using v6

• Linter versions upgrades

  • ansible-lint from 6.0.2 to 6.5.2
  • cfn-lint from 0.63.2 to 0.64.1
  • checkov from 2.1.183 to 2.1.201
  • clj-kondo from 2022.08.03 to 2022.09.08
  • djlint from 1.12.1 to 1.12.3
  • gitleaks from 8.11.2 to 8.12.0
  • golangci-lint from 1.48.0 to 1.49.0
  • ktlint from 0.47.0 to 0.47.1
  • phpstan from 1.8.4 to 1.8.5
  • protolint from 0.39.0 to 0.40.0
  • pylint from 2.15.0 to 2.15.2
  • semgrep from 0.103.0 to 0.112.1
  • sqlfluff from 1.3.0 to 1.3.1
  • standard from 15.0.1 to 17.0.0
  • terraform-fmt from 1.2.8 to 1.2.9
  • tflint from 0.39.3 to 0.40.0

Note: MegaLinter 6.9.0 release has been cancelled: it was fine but the docker image sizes were not optimized enough.

MegaLinter is graciously provided by

MegaLinter v6.8.0

• Run MegaLinter pre-commit hooks serially (#1826).

• Replace deprecated StandardJS VS Code extension with the newer official version

• When SARIF_REPORTER is active, use sarif-fmt to convert SARIF into text for console and text reporters (#1822).

• Count checkstyle errors (#1820)

• Linter versions upgrades

  • black from 22.6.0 to 22.8.0
  • cfn-lint from 0.63.0 to 0.63.2
  • checkov from 2.1.160 to 2.1.183
  • checkstyle from 10.3.2 to 10.3.3
  • djlint from 1.12.0 to 1.12.1
  • kics from 1.5.14 to 1.5.15
  • phpstan from 1.8.2 to 1.8.4
  • rubocop from 1.35.1 to 1.36.0
  • snakemake from 7.13.0 to 7.14.0
  • syft from 0.54.0 to 0.55.0
  • terragrunt from 0.38.8 to 0.38.9

MegaLinter is graciously provided by