Update oxsecurity/megalinter-javascript Docker tag to v7.13.0

[renovate-bot]

This PR contains the following updates:

Package	Update	Change
oxsecurity/megalinter-javascript (source)	minor	v7.3.0 -> v7.13.0

---

Release Notes

oxsecurity/megalinter (oxsecurity/megalinter-javascript)

v7.13.0

Compare Source

• New linters

  • Add ls-lint, file and folder linter, by @​scolladon in #​3681

• Core

  • Handle renovate version comments in build script, by @​echoix in #​3617 , #​3627 , #​3643 , #​3699 , #​3700
  • Update base image to python:3.12.4-alpine3.20
  • Use dotnet8-sdk available in the main repository, by @​TommyE123 in #​3696

• Media

  • Introducing MegaLinter: Streamlining Code Quality Checks Across Multiple Languages, by Cloud Tuned
  • Infrastructure as Code GitHub Codespace Template, by Luke Murray
  • Video: How to: Secrets scanning, by Hackitect's playground

• Linters enhancements

  • Add SARIF support (v2) for all PHP linters by @​llaville in #​3745 , #​3729
  • Add python package Pygments to rst-lint venv, by @​bobidle in #​3631
  • CSharpier added ability to override config filename and path, by @​TommyE123 in #​3664
  • xmllint added support for xsd files, by @​TommyE123 in #​3665

• Fixes

  • Improve support for single argument in get_list_args function, by @​TommyE123 in #​3589
  • ansible-lint Improved activation by checking for .ansible-lint config file, by @​TommyE123 in #​3697
  • DevSkim fixed fatal errors when scanning and ability to override config path, by @​TommyE123 in #​3673
  • GitLeaks add missing schema properties, by @​TommyE123 in #​3675
  • Powershell Error table truncation improvements, by @​TommyE123 in #​3620
  • Powershell added missing schema property POWERSHELL_POWERSHELL_FORMATTER_OUTPUT_ENCODING, by @​TommyE123 in #​3678
  • syft use scan instead of deprecated packages arg, by @​TommyE123 in #​3613
  • tflint added missing schema property TERRAFORM_TFLINT_SECURED_ENV, by @​TommyE123 in #​3679
  • tflint fixed deprecated argument and other improvements to default .tflint.hcl template, by @​TommyE123 in #​3688
  • xmllint added missing schema properties XML_XMLLINT_AUTOFORMAT and XML_XMLLINT_INDENT, by @​TommyE123 in #​3677
  • yamllint fix error/warning count to work with different log output formats, by @​TommyE123 in #​3612

• Doc

  • Update documentation icons by @​nvuillam in #​3625

• Flavors

  • Add gherkin-lint in c_cpp flavor, by @​nvuillam in #​3698

• CI

  • Bump actions/checkout from 3 to 4, by @​KristjanESPERANTO in #​2994
  • Reduce dependabot PR frequency to weekly by @​echoix in #​3642

• Linter versions upgrades

  • ansible-lint from 24.2.3 to 24.6.1
  • bandit from 1.7.8 to 1.7.9
  • bash-exec from 5.2.21 to 5.2.26
  • bicep_linter from 0.27.1 to 0.28.1
  • cfn-lint from 0.87.4 to 1.5.0
  • checkov from 3.2.122 to 3.2.174
  • clang-format from 17.0.5 to 17.0.6
  • clippy from 0.1.78 to 0.1.79
  • cspell from 8.8.3 to 8.10.4
  • editorconfig-checker from 3.0.1 to 3.0.3
  • flake8 from 7.0.0 to 7.1.0
  • git_diff from 2.43.4 to 2.45.2
  • gitleaks from 8.18.2 to 8.18.4
  • golangci-lint from 1.59.0 to 1.59.1
  • grype from 0.78.0 to 0.79.2
  • helm from 3.14.2 to 3.14.3
  • jscpd from 4.0.4 to 4.0.5
  • kics from 2.0.1 to 2.1.1
  • ktlint from 1.2.1 to 1.3.1
  • lightning-flow-scanner from 2.26.0 to 2.28.0
  • markdown-table-formatter from 1.6.0 to 1.6.1
  • mypy from 1.10.0 to 1.10.1
  • npm-package-json-lint from 7.1.0 to 8.0.0
  • php-cs-fixer from 3.58.1 to 3.59.3
  • phplint from 9.3.1 to 9.4.1
  • phpstan from 1.11.3 to 1.11.7
  • pmd from 7.1.0 to 7.3.0
  • prettier from 3.3.0 to 3.3.2
  • protolint from 0.49.7 to 0.50.2
  • psalm from Psalm.5.24.0@​ to Psalm.5.25.0@​
  • pylint from 3.2.2 to 3.2.5
  • pyright from 1.1.365 to 1.1.370
  • ruff from 0.4.10 to 0.5.1
  • sfdx-scanner-apex from 3.25.0 to 4.3.2
  • sfdx-scanner-aura from 3.25.0 to 4.3.2
  • sfdx-scanner-lwc from 3.25.0 to 4.3.2
  • snakemake from 8.12.0 to 8.15.2
  • sqlfluff from 3.0.7 to 3.1.0
  • swiftlint from 0.54.0 to 0.55.1
  • syft from 1.5.0 to 1.8.0
  • terraform-fmt from 1.8.4 to 1.9.0
  • terragrunt from 0.58.13 to 0.59.6
  • tflint from 0.51.1 to 0.52.0
  • trivy-sbom from 0.51.4 to 0.53.0
  • trivy from 0.51.4 to 0.53.0
  • trufflehog from 3.77.0 to 3.79.0
  • v8r from 3.0.0 to 3.1.0
  • vale from 3.4.2 to 3.6.0
  • xmllint from 21108 to 21207

v7.12.0

Compare Source

• Core

  • Add new logs (at debug level) on each linter activation/deactivation
  • Clean MegaLinter own CVE exceptions and order the remaining ones with links to related issues
  • Upgrade to Java 21 except for npm-groovy-lint that requires Java 17

• Media

  • Add blog post 5 ways MegaLinter upped our DevSecOps game to the list of English articles by @​wesley-dean-flexion in #​3596

• Linters

  • Add PHP fixer by @​llaville in #​3598
  • API_SPECTRAL was added as replacement for OPENAPI_SPECTRAL (deprecated), supporting AsyncAPI and OpenAPI by default. Uses Spectral's standard config file name .spectral.yaml instead of .openapirc.yml with a default config with rulesets for AsyncAPI and OpenAPI enabled. Fixes #​3387
  • Disable SQL_TSQLLINT until security issues are solved. Related to tsqllint/tsqllint#333
  • PHP linters (PHP_PHPCS, PHP_PHPLINT, PHP_PHPSTAN) add support to SARIF report output format with help of https://github.com/llaville/sarif-php-sdk
  • Php psalm improvement by @​llaville in #​3541
  • KOTLIN_KTLINT now supports list_of_files mode, and has better error counting
  • Upgrade KOTLIN_DETEKT and make it work with cli_lint_mode = project

• Reporters

• Fixes

  • Change golangci-lint lint mode to project, by @​wandering-tales in #​3509
  • Disable sql-lint as it is no longer maintained
  • Add new entries findUnusedCode and findUnusedBaselineEntry in default psalm.xml configuration file for PHP_PSALM linter. Related to #​3538
  • fix(pylint): overgeneral-exceptions fully qualified name by @​gardar in #​3576
  • Update ktlint descriptor to support list_of_files and better error counting by @​Yann-J in #​3575
  • Sync PowerShell version in arm.megalinter-descriptor.yml by @​echoix in #​3586
  • Adjust find commands to clean up files in same step by @​echoix in #​3588
  • Upgrade KOTLIN_DETEKT and make it work with cli_lint_mode = project by @​nvuillam in #​3590

• Doc

  • Handle disabled_reason property in descriptors
  • Sort enums in json schema, by @​echoix in #​3595

• Flavors

• CI

  • Build: take in account disabled linters for workflow auto-update
  • Remove useless package-lock.json that was in python tests folder
  • Fix SARIF_REPORTER that was wrongly sent to true to format & fix test methods
  • Build: Write ARG lines at the top of Dockerfiles if they are used by FROM variables
  • Remove Github Actions Workflow telemetry to improve performances
  • Update Docker image for Gitpod to run on Ubuntu Noble, by @​echoix
  • Update makefile bootstrap config (gitpod or local) to use uv for package installation, by @​echoix
  • Use uv to install Python deps for CI by @​echoix in #​3561
  • Use a single find command to delete pycache files by @​echoix in #​3562
  • Sort schema enums by @​echoix in #​3595

• Linter versions upgrades

  • actionlint from 1.6.27 to 1.7.1
  • ansible-lint from 24.2.2 to 24.2.3
  • bicep_linter from 0.26.170 to 0.27.1
  • black from 24.4.0 to 24.4.2
  • cfn-lint from 0.86.4 to 0.87.4
  • checkov from 3.2.74 to 3.2.122
  • checkstyle from 10.15.0 to 10.17.0
  • clippy from 0.1.77 to 0.1.78
  • clj-kondo from 2024.03.13 to 2024.05.24
  • csharpier from 0.28.1 to 0.28.2
  • cspell from 8.7.0 to 8.8.3
  • detekt from 1.23.5 to 1.23.6
  • dotnet-format from 8.0.104 to 8.0.106
  • editorconfig-checker from 2.7.2 to 3.0.1
  • git_diff from 2.43.0 to 2.43.4
  • golangci-lint from 1.57.2 to 1.59.0
  • grype from 0.77.0 to 0.78.0
  • jscpd from 3.5.10 to 4.0.4
  • kics from 2.0.0 to 2.0.1
  • kubeconform from 0.6.4 to 0.6.6
  • lightning-flow-scanner from 2.22.0 to 2.24.0
  • luacheck from 1.1.2 to 1.2.0
  • lychee from 0.14.3 to 0.15.1
  • markdown-link-check from 3.12.1 to 3.12.2
  • markdown-table-formatter from 1.5.0 to 1.6.0
  • markdownlint from 0.39.0 to 0.41.0
  • mypy from 1.9.0 to 1.10.0
  • npm-groovy-lint from 14.4.1 to 14.6.0
  • phpcs from 3.9.1 to 3.10.1
  • phplint from 9.1.2 to 9.3.1
  • phpstan from 1.10.67 to 1.11.0 to 1.11.3
  • pmd from 6.55.0 to 7.1.0
  • powershell from 7.4.1 to 7.4.2
  • powershell_formatter from 7.4.1 to 7.4.2
  • prettier from 3.2.5 to 3.3.0
  • proselint from 0.13.0 to 0.14.0
  • protolint from 0.49.6 to 0.49.7
  • psalm from Psalm.5.23.1@​ to Psalm.5.24.0@​
  • pylint from 3.1.0 to 3.2.2
  • pyright from 1.1.359 to 1.1.365
  • roslynator from 0.8.6.0 to 0.8.9.0
  • rubocop from 1.63.3 to 1.64.1
  • ruff from 0.4.1 to 0.4.7
  • scalafix from 0.12.0 to 0.12.1
  • secretlint from 8.2.3 to 8.2.4
  • sfdx-scanner-apex from 3.23.0 to 3.25.0
  • sfdx-scanner-aura from 3.23.0 to 3.25.0
  • sfdx-scanner-lwc from 3.23.0 to 3.25.0
  • snakefmt from 0.10.1 to 0.10.2
  • snakemake from 8.10.8 to 8.12.0
  • sqlfluff from 3.0.5 to 3.0.7
  • stylelint from 16.4.0 to 16.6.1
  • syft from 1.2.0 to 1.5.0
  • tekton-lint from 1.0.2 to 1.1.0
  • terraform-fmt from 1.8.1 to 1.8.4
  • terragrunt from 0.57.5 to 0.58.10
  • tflint from 0.50.3 to 0.51.1
  • trivy-sbom from 0.50.2 to 0.51.4
  • trivy from 0.50.2 to 0.51.4
  • trufflehog from 3.73.0 to 3.77.0
  • vale from 3.4.0 to 3.4.2
  • xmllint from 21107 to 21108

v7.11.1

Compare Source

• Fixes

  • Implement fallback in case git diff does not work with merge-base

• Linter versions upgrades

  • stylelint from 16.3.1 to 16.4.0

v7.11.0

Compare Source

• Core

  • Allow to override the number of parallel cores used, with variable PARALLEL_PROCESS_NUMBER, by @​nvuillam in #​3428
  • Upgrade base python image from 3.12.2-alpine3.19 to 3.12.3-alpine3.19
  • Upgrade PHP 8.1 to 8.3 by @​llaville in #​3464
  • Add descriptor pre / post commands, by @​bdovaz in #​3468
  • Allow merge lists with EXTENDS, by @​bdovaz in #​3469

• Media

• New linters

  • Add Kotlin detekt linter, by @​enciyo in #​3408

• Reporters

  • Add ruff sarif support, by @​Skitionek in #​3486

• Fixes

  • Fix listing of modified files, by @​vkucera in #​3472. Fixes #​2125.
  • Fix conflict between prettier and yamllint about spaces, by @​apeyrat in #​3426
  • Ensure trufflehog does not auto-update itself, by @​wandering-tales in #​3430
  • Salesforce linters: use sf + default Flow Scanner rules, by @​nvuillam in #​3435
  • Disable JSON_ESLINT_PLUGIN_JSONC until ota-meshi/eslint-plugin-jsonc#328 is fixed
  • Upgrade tar in mega-linter-runner
  • secretlint: remove default .secretlintignore that was never used but .gitignore is used instead. Fixes #​3328
  • Add jpeg, xlsx to .gitleaks.toml, by @​rasa in #​3434
  • Fix Json Schema, by @​nvuillam in #​3470
  • Remove TEMPLATES/.secretlintignore, by @​pjungermann in #​3476

• Doc

  • Update R2DevOps logo, by @​nvuillam in #​3436
  • Update Roslynator repo url and logo, by @​TommyE123 in #​3444
  • Fix clang-format documentation links to point to the correct version. Fixes #​3452, by @​daltonv in #​3453
  • Add copy to clipboard button in code block (documentation), by @​nikkii86 in #​3491

• Flavors

  • Add C & C++ linters in Python flavor by @​nvuillam in #​3456

• CI

  • Make SPELL_LYCHEE non blocking for internal CI jobs
  • Remove old unused automerge workflows by @​echoix in #​3432
  • Add consistent python3/python handling at build.sh, by @​pjungermann in #​3475

• Linter versions upgrades

  • ansible-lint from 24.2.0 to 24.2.2
  • bicep_linter from 0.25.53 to 0.26.170
  • black from 24.2.0 to 24.4.0
  • cfn-lint from 0.86.0 to 0.86.4
  • checkov from 3.2.34 to 3.2.74
  • checkstyle from 10.14.0 to 10.15.0
  • clippy from 0.1.76 to 0.1.77
  • clj-kondo from 2024.03.05 to 2024.03.13
  • csharpier from 0.27.3 to 0.28.1
  • cspell from 8.6.0 to 8.7.0
  • devskim from 1.0.32 to 1.0.33
  • dotnet-format from 8.0.102 to 8.0.104
  • eslint-plugin-jsonc from 2.13.0 to 2.15.1
  • golangci-lint from 1.56.2 to 1.57.2
  • grype from 0.74.7 to 0.77.0
  • kics from 1.7.13 to 2.0.0
  • lightning-flow-scanner from 2.18.0 to 2.22.0
  • markdown-link-check from 3.11.2 to 3.12.1
  • npm-groovy-lint from 14.2.3 to 14.4.1
  • phpcs from 3.9.0 to 3.9.1
  • phpstan from 1.10.60 to 1.10.67
  • protolint from 0.48.0 to 0.49.6
  • psalm from Psalm.5.23.0@​ to Psalm.5.23.1@​
  • pyright from 1.1.353 to 1.1.359
  • roslynator from 0.8.3.0 to 0.8.6.0
  • rstcheck from 6.2.0 to 6.2.1
  • rubocop from 1.62.0 to 1.63.3
  • ruff from 0.3.2 to 0.4.1
  • secretlint from 8.1.2 to 8.2.3
  • sfdx-scanner-apex from 3.21.0 to 3.23.0
  • sfdx-scanner-aura from 3.21.0 to 3.23.0
  • sfdx-scanner-lwc from 3.21.0 to 3.23.0
  • snakefmt from 0.10.0 to 0.10.1
  • snakemake from 8.5.5 to 8.10.8
  • spectral from 6.11.0 to 6.11.1
  • sqlfluff from 2.3.5 to 3.0.5
  • stylelint from 16.2.1 to 16.3.1
  • syft from 1.0.1 to 1.2.0
  • tekton-lint from 1.0.0 to 1.0.2
  • terraform-fmt from 1.7.4 to 1.8.1
  • terragrunt from 0.55.13 to 0.57.5
  • trivy-sbom from 0.49.1 to 0.50.2
  • trivy from 0.49.1 to 0.50.2
  • trufflehog from 3.69.0 to 3.73.0
  • vale from 3.2.2 to 3.4.0

v7.10.0

Compare Source

• Core

  • Update dotnet linters to .NET 8, by @​bdovaz in #​3182

• Media

  • How to use MegaLinter with Jenkins, by Darin Pope / Cloudbees

• Fixes

  • Trivy: use misconfig instead of the deprecated config scanner, updating the default arguments, by @​pjungermann in #​3376
  • Update calls to sfdx-scanner to output a CSV file for Aura & LWC, by @​nvuillam in #​3398
  • Kics: fixed error count in the summary table, by @​TommyE123 in #​3402
  • Fix issue with EXTENDS using private repository by sending GITHUB_TOKEN as HTTP auth header, by @​nvuillam in #​3404
  • Fix SPELL_VALE_CONFIG_FILE not working (handle the override of linter CONFIG_FILE if the linter is activated only if some files are found), by @​nvuillam in #​3409

• CI

  • Enable dependabot updates for devcontainer and other Docker directories, by @​echoix in #​3390

• Doc

  • Removed obsolete warning for semgrep as the issue has been fixed, by @​Jayllyz in #​3374
  • docs: fix docs in TrivySbomLinter.py, by @​pjungermann in https://togithub.com/oxsecurity/megalinter/pull/3377S

• Linter versions upgrades

  • actionlint from 1.6.26 to 1.6.27
  • bandit from 1.7.7 to 1.7.8
  • bicep_linter from 0.25.3 to 0.25.53
  • black from 24.1.1 to 24.2.0
  • cfn-lint from 0.85.1 to 0.86.0
  • checkov from 3.2.20 to 3.2.21
  • checkstyle from 10.13.0 to 10.14.0
  • clj-kondo from 2023.12.15 to 2024.03.05
  • csharpier from 0.27.2 to 0.27.3
  • cspell from 8.3.2 to 8.6.0
  • devskim from 1.0.28 to 1.0.32
  • dotnet-format from 7.0.115 to 8.0.102
  • eslint from 8.56.0 to 8.57.0
  • golangci-lint from 1.56.1 to 1.56.2
  • grype from 0.74.5 to 0.74.7
  • helm from 3.13.2 to 3.14.2
  • kics from 1.7.12 to 1.7.13
  • ktlint from 1.1.1 to 1.2.1
  • lightning-flow-scanner from 2.16.0 to 2.18.0
  • mypy from 1.8.0 to 1.9.0
  • npm-groovy-lint from 14.2.1 to 14.2.3
  • phpcs from 3.8.1 to 3.9.0
  • phpstan from 1.10.57 to 1.10.60
  • powershell from 7.4.0 to 7.4.1
  • powershell_formatter from 7.4.0 to 7.4.1
  • protolint from 0.47.5 to 0.48.0
  • psalm from Psalm.5.21.1@​ to Psalm.5.23.0@​
  • pylint from 3.0.3 to 3.1.0
  • pyright from 1.1.350 to 1.1.353
  • rubocop from 1.60.2 to 1.62.0
  • ruff from 0.2.1 to 0.3.2
  • scalafix from 0.11.1 to 0.12.0
  • secretlint from 8.1.1 to 8.1.2
  • shellcheck from 0.9.0 to 0.10.0
  • snakemake from 8.4.8 to 8.5.5
  • syft from 0.104.0 to 1.0.1
  • terraform-fmt from 1.7.3 to 1.7.4
  • terragrunt from 0.55.1 to 0.55.13
  • trufflehog from 3.67.5 to 3.69.0
  • vale from 3.0.5 to 3.2.2
  • xmllint from 21106 to 21107
  • yamllint from 1.34.0 to 1.35.1

v7.9.0

Compare Source

• Core

  • Upgrade actions/checkout and stefanzweifel/git-auto-commit-action in generator template workflow, by @​Jayllyz in #​3327
  • Upgrade base python image to python:3.12.2-alpine3.19

• Fixes

  • Format powershell linter output into terminal-wide table, and count errors, by @​efrecon in #​3318
  • Allow active_only_if_file_found to work in specified subdirectory (_DIRECTORY), fixes #​2873, by @​TimothyEarley in #​3323
  • Activate CI servers reporters only if we find a related default env variable, by @​nvuillam in #​3321

• Doc

  • Update copyright year to 2024, by @​Jayllyz in #​3339

• CI

  • Free more disk space before docker build
  • Upgrade peter-evans/create-pull-request from v5 to v6 in GitHub Actions workflows

• Linter versions upgrades

  • ansible-lint from 6.22.2 to 24.2.0
  • bandit from 1.7.6 to 1.7.7
  • bicep_linter from 0.24.24 to 0.25.3
  • black from 23.12.1 to 24.1.1
  • cfn-lint from 0.84.0 to 0.85.1
  • checkov from 3.1.67 to 3.2.20
  • checkstyle from 10.12.7 to 10.13.0
  • clippy from 0.1.75 to 0.1.76
  • csharpier from 0.27.0 to 0.27.2
  • eslint-plugin-jsonc from 2.12.2 to 2.13.0
  • gitleaks from 8.18.1 to 8.18.2
  • golangci-lint from 1.55.2 to 1.56.1
  • grype from 0.63.1 to 0.74.5
  • lychee from 0.14.1 to 0.14.3
  • markdownlint from 0.38.0 to 0.39.0
  • npm-groovy-lint from 14.2.0 to 14.2.1
  • phplint from 9.1.0 to 9.1.2
  • phpstan from 1.10.56 to 1.10.57
  • prettier from 3.2.4 to 3.2.5
  • psalm from Psalm.5.20.0@​ to Psalm.5.21.1@​
  • puppet-lint from 4.2.3 to 4.2.4
  • pyright from 1.1.347 to 1.1.350
  • revive from 1.3.6 to 1.3.7
  • roslynator from 0.8.2.0 to 0.8.3.0
  • rubocop from 1.60.1 to 1.60.2
  • ruff from 0.1.14 to 0.2.1
  • secretlint from 8.1.0 to 8.1.1
  • sfdx-scanner-apex from 3.20.0 to 3.21.0
  • sfdx-scanner-aura from 3.20.0 to 3.21.0
  • sfdx-scanner-lwc from 3.20.0 to 3.21.0
  • shfmt from 3.7.0 to 3.8.0
  • snakefmt from 0.9.0 to 0.10.0
  • snakemake from 8.2.3 to 8.4.8
  • stylelint from 16.2.0 to 16.2.1
  • syft from 0.101.1 to 0.104.0
  • terraform-fmt from 1.7.0 to 1.7.3
  • terragrunt from 0.54.20 to 0.55.1
  • tflint from 0.50.1 to 0.50.3
  • trivy-sbom from 0.48.3 to 0.49.1
  • trivy from 0.48.3 to 0.49.1
  • trufflehog from 3.63.10 to 3.67.5
  • v8r from 2.1.0 to 3.0.0
  • yamllint from 1.33.0 to 1.34.0

v7.8.0

Compare Source

• Reporters

  • New reporter MARKDOWN_SUMMARY_REPORTER, allows saving MegaLinter results summary as a markdown file. This file can be further utilised to add comments on the pull request (PR) from Jenkins and other continuous integration (CI) tools by @​saishivarcr in #​3250
  • New reporter BITBUCKET_COMMENT_REPORTER allowing to post MegaLinter results as comments on Bitbucket pull requests by @​saishivarcr in #​3256

• Core

  • mega-linter-runner: Remove container by default, except of no-remove-container option is sent by @​nvuillam in #​3203
  • Upgrade base image from python:3.11.6-alpine3.18 to python:3.11.7-alpine3.18, by @​echoix in #​3212
  • Upgrade to python 3.12.0 by @​nvuillam in #​3006
  • Upgrade actions/upload-artifact@v3 to actions/upload-artifact@v4 in default workflows by @​nvuillam in #​3225
  • mega-linter-runner: Improve check if running as script or module, by @​echoix in #​3233

• Media

  • (FR) MegaLinter presentation at DevCon 20 / Programmez Magazine, by Nicolas Vuillamy

<iframe width="560" height="315" src="https://www.youtube.com/embed/SlKurrIsUls" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

• Fixes

  • tekton-lint is now published as @​ibm/tekton-lint, by @​echoix in #​3210
  • PHP PHIVE: Use keys.openpgp.org and fingerprint for phive key verification, by @​echoix in #​3230
  • Undowngrade sass linters, by @​echoix in #​3260
  • Upgrade lychee default configuration to handle breaking change between 0.13.0 and 0.14.0
  • Hadolint: support both Containerfile and Dockerfile by @​sanmai-NL in #​3217

• Doc

  • Upgrade url to PHP CodeSniffer, as now the original repo is not maintained anymore by @​nvuillam in #​3201

• CI

  • Use docker/metadata-action for deploy-DEV.yml workflow, by @​echoix in #​3193

• Linter versions upgrades

  • ansible-lint from 6.22.1 to 6.22.2
  • bash-exec from 5.2.15 to 5.2.21
  • bicep_linter from 0.23.1 to 0.24.24 on 2023-12-14
  • black from 23.11.0 to 23.12.1 on 2023-12-23
  • cfn-lint from 0.83.4 to 0.84.0
  • checkov from 3.1.27 to 3.1.67
  • checkstyle from 10.12.6 to 10.12.7
  • clippy from 0.1.74 to 0.1.75 on 2023-12-28
  • clj-kondo from 2023.10.20 to 2023.12.15 on 2023-12-15
  • csharpier from 0.26.4 to 0.27.0
  • cspell from 8.1.3 to 8.3.2
  • devskim from 1.0.23 to 1.0.28
  • djlint from 1.34.0 to 1.34.1 on 2023-12-22
  • dotnet-format from 7.0.114 to 7.0.115
  • eslint-plugin-jsonc from 2.10.0 to 2.12.2
  • eslint from 8.55.0 to 8.56.0 on 2023-12-16
  • flake8 from 6.1.0 to 7.0.0
  • git_diff from 2.40.1 to 2.43.0
  • helm from 3.11.3 to 3.13.2
  • isort from 5.13.0 to 5.13.2 on 2023-12-13
  • kics from 1.7.11 to 1.7.12 on 2023-12-22
  • ktlint from 1.0.1 to 1.1.1
  • lychee from 0.13.0 to 0.14.1
  • mypy from 1.7.1 to 1.8.0 on 2023-12-22
  • npm-groovy-lint from 13.0.2 to 14.2.0
  • phpcs from 3.8.0 to 3.8.1
  • phplint from 9.0.6 to 9.1.0 on 2023-12-17
  • phpstan from 1.10.48 to 1.10.56
  • prettier from 3.1.0 to 3.2.4
  • protolint from 0.46.3 to 0.47.5
  • psalm from Psalm.5.17.0@​ to Psalm.5.20.0@​
  • pylint from 3.0.2 to 3.0.3 on 2023-12-13
  • pyright from 1.1.339 to 1.1.347
  • revive from 1.3.4 to 1.3.6
  • roslynator from 0.8.1.0 to 0.8.2.0
  • rubocop from 1.58.0 to 1.60.1
  • ruff from 0.1.7 to 0.1.14 on 2023-12-13
  • secretlint from 8.0.0 to 8.1.0 on 2023-12-28
  • sfdx-scanner-apex from 3.19.0 to 3.20.0
  • sfdx-scanner-aura from 3.19.0 to 3.20.0
  • sfdx-scanner-lwc from 3.19.0 to 3.20.0
  • snakefmt from 0.8.5 to 0.9.0
  • snakemake from 7.32.4 to 8.2.3
  • stylelint from 15.11.0 to 16.2.0
  • syft from 0.98.0 to 0.101.1 on 2023-12-22
  • tekton-lint from 0.6.0 to 1.0.0
  • terraform-fmt from 1.6.5 to 1.7.0
  • terragrunt from 0.54.0 to 0.54.20
  • terrascan from 1.18.3 to 1.18.8 on 2023-12-16
  • terrascan from 1.18.8 to 1.18.11 on 2023-12-30
  • tflint from 0.49.0 to 0.50.0 on 2023-12-30
  • tflint from 0.50.0 to 0.50.1
  • trivy-sbom from 0.48.0 to 0.48.1 on 2023-12-18
  • trivy-sbom from 0.48.1 to 0.48.2
  • trivy-sbom from 0.48.2 to 0.48.3
  • trivy from 0.48.0 to 0.48.1 on 2023-12-18
  • trivy from 0.48.1 to 0.48.2
  • trivy from 0.48.2 to 0.48.3
  • trufflehog from 3.63.2 to 3.63.3 on 2023-12-14
  • trufflehog from 3.63.3 to 3.63.4 on 2023-12-15
  • trufflehog from 3.63.4 to 3.63.6 on 2023-12-22
  • trufflehog from 3.63.6 to 3.63.7 on 2023-12-23
  • trufflehog from 3.63.7 to 3.63.9
  • trufflehog from 3.63.9 to 3.63.10
  • vale from 2.30.0 to 3.0.5

v7.7.0

Compare Source

• Core

  • Update base java apk package to openjdk 17 by @​nvuillam in #​3160
  • Update dotnet linters to .NET 7 by @​bdovaz in #​2402

• Media

  • Try using MegaLinter (article in japanese) by Takashi Minayaga

• New linters

  • Add clang-format c & cpp formatting linter including "apply fix" support
  • Add Roslynator C# linter by @​bdovaz in #​3155

• Fixes

  • Call jscpd with --gitignore to ignore copy-pastes in files matching .gitignore
  • cpplint: Dynamically add the list of extensions from list of files in --extensions parameter
  • Fix mkdocs generation + CI control job by @​nvuillam in #​3135
  • Add semgrep ruleset to validation schema by @​wesley-dean-flexion in #​3164
  • Downgrade stylelint to avoid crash with not v16 compliant dependencies
  • Fix count of yaml-lint errors
  • Remove openssl reinstall, as base image has updated version from alpine 3.18.5 by @​echoix in #​3181

• CI

  • Add arguments to make use of pytest-xdist, by @​echoix

• Linter versions upgrades

  • ansible-lint from 6.22.0 to 6.22.1
  • bandit from 1.7.5 to 1.7.6
  • cfn-lint from 0.83.3 to 0.83.4
  • checkov from 3.0.39 to 3.1.25
  • checkstyle from 10.12.5 to 10.12.6
  • csharpier from 0.26.2 to 0.26.4
  • cspell from 8.0.0 to 8.1.3
  • dotnet-format from 6.0.417 to 7.0.114
  • eslint from 8.54.0 to 8.55.0
  • gitleaks from 8.18.0 to 8.18.1
  • isort from 5.12.0 to 5.13.0
  • lightning-flow-scanner from 2.15.0 to 2.16.0
  • luacheck from 1.1.1 to 1.1.2
  • markdown-table-formatter from 1.4.0 to 1.5.0
  • markdownlint from 0.37.0 to 0.38.0
  • mypy from 1.7.0 to 1.7.1
  • npm-groovy-lint from 12.1.0 to 13.0.2
  • phpcs from 3.7.2 to 3.8.0
  • phplint from 9.0.4 to 9.0.6
  • phpstan from 1.10.42 to 1.10.48
  • psalm from Psalm.5.15.0@​ to Psalm.5.17.0@​
  • puppet-lint from 4.2.1 to 4.2.3
  • pyright from 1.1.336 to 1.1.339
  • roslynator from 0.8.0.0 to 0.8.1.0
  • rubocop from 1.57.2 to 1.58.0
  • ruff from 0.1.6 to 0.1.7
  • secretlint from 7.1.0 to 8.0.0
  • semgrep from 1.50.0 to 1.52.0
  • sfdx-scanner-apex from 3.18.0 to 3.19.0
  • sfdx-scanner-aura from 3.18.0 to 3.19.0
  • sfdx-scanner-lwc from 3.18.0 to 3.19.0
  • syft from 0.97.1 to 0.98.0
  • terraform-fmt from 1.6.4 to 1.6.5
  • terragrunt from 0.53.4 to 0.54.0
  • trivy from 0.47.0 to 0.48.0
  • trufflehog from 3.63.0 to 3.63.2
  • vale from 2.29.7 to 2.30.0

v7.6.0

Compare Source

• Major enhancements

  • New flavor c_cpp: New flavor for pure C/C++ projects, by @​daltonv in #​3067
  • New flavor formatters: Contains only formatter linters, by @​nvuillam in #​3071
  • Add Salesforce Lightning Flow Scanner, by @​nvuillam in #​3092

• Core

  • Allow to use value any to always activate a linter who as a _DIRECTORY variable. Example: KUBERNETES_DIRECTORY: any, by @​nvuillam in #​3058
  • Update base Docker image to python:3.11.6-alpine3.18

• Fixes

  • Fix issue Gitleaks --no-git does not work anymore, #​2945, in #​3112
  • Fix way to install powershell on Alpine linux image
  • Fix issue with VS Code devcontainer not building #​3114
  • Fix Default Workflow to handle latest ActionLint rules, by @​nvuillam in #​3130
  • Write checkov SARIF report results_sarif.sarif in REPORT_FOLDER, by @​gmeligio in #​3121
  • Updated lintr config template to use linters_with_defaults() (formerly with_defaults())
  • Fix csharp installation dependencies, by @​nvuillam in #​3075
  • Fix powershell installation by @​nvuillam in #​3126

• Doc

  • Update lintr links to their current locations, by @​echoix in #​3122
  • Update Pylint links to their current locations, by @​echoix in #​3116
  • Add R2DevOps way to setup MegaLinter on Gitlab, by @​nvuillam in #​3129

• CI

  • Upgrade pymdown-extensions and markdown, by @​BryanQuigley in #​3053
  • Use docker/metadata-action for some internal CI, by @​echoix in [#​3110](https://togithub.c

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

Summary by CodeRabbit

• Chores
  • Updated the linting service to use the latest oxsecurity/megalinter-javascript image (v7.13.0) for improved linting capabilities.

[coderabbitai]

Walkthrough

The docker-compose.yml file has been updated to enhance the lint service by upgrading the oxsecurity/megalinter-javascript image from version v7.3.0 to v7.13.0. This update may bring in new features, improvements, and bug fixes for the linter.

Changes

Files	Change Summary
docker-compose.yml	Updated the oxsecurity/megalinter-javascript image version for the lint service from v7.3.0 to v7.13.0.

Poem

With a hop and a skip, a linter we tweak,
To a version that's shiny, fresh from the peak. 🐰✨
From v7.3.0 we rise and we glow,
Now v7.13.0 is the way we flow.
Code now aligned, smooth as can be,
For bugs and woes, soon you'll be free. 🐇🌟

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 0b7a3ac and 96f18a3.

Files selected for processing (1)

• docker-compose.yml (1 hunks)

Files skipped from review due to trivial changes (1)

• docker-compose.yml