Use Azure DevOps Services REST API by bdovaz · Pull Request #7151 · oxsecurity/megalinter

bdovaz · 2026-02-15T07:12:45Z

Related #4894

The Python package has been practically abandoned: https://pypi.org/project/azure-devops/#history

The latest version is from 2023: https://pypi.org/project/azure-devops/7.1.0b4/
The last commit is from May 2025: https://github.com/microsoft/azure-devops-python-api/commits/dev/

So I removed that dependency and used the REST API directly: https://learn.microsoft.com/en-us/rest/api/azure/devops/?view=azure-devops-rest-7.2

We currently use 6 endpoints that have been very easy to refactor and maintain in the future.

At the moment, I am using the current stable version (7.2 it's preview): 7.1

Note

Medium Risk
Changes the integration path for posting Azure PR comments (auth, endpoint URLs, and response parsing), which could break reporting in Azure environments if any REST contract/permissions differ; dependency bumps are otherwise routine.

Overview
Switches AzureCommentReporter from the unmaintained azure-devops Python SDK to direct Azure DevOps REST calls (API 7.1) using requests, including manual Basic auth header construction and JSON response handling.

Removes azure-devops (and transitive msrest/OAuth deps) from project/dev dependencies and lockfile, updates docs/examples accordingly, and bumps related tool/dependency versions (langchain-core, robotframework-robocop) plus adds a new Trivy ignore entry (CVE-2026-25639).

^{Written by Cursor Bugbot for commit f8a960b. This will update automatically on new commits. Configure here.}

github-actions · 2026-02-15T07:32:46Z

✅⚠️MegaLinter analysis: Success with warnings

⚠️ PYTHON / bandit - 82 errors

rt os.path.isdir(config.get(request_id, "DEFAULT_WORKSPACE")), (
118	        "DEFAULT_WORKSPACE "
119	        + config.get(request_id, "DEFAULT_WORKSPACE")
120	        + " is not a valid folder"
121	    )
122	

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.3/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:165:4
164	    tmp_report_folder = tempfile.gettempdir() + os.path.sep + str(uuid.uuid4())
165	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
166	    linter_name = linter.linter_name

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.3/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:231:4
230	    tmp_report_folder = tempfile.gettempdir() + os.path.sep + str(uuid.uuid4())
231	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
232	    if os.path.isfile(workspace + os.path.sep + "no_test_failure"):

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.3/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:466:4
465	    )
466	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
467	    expected_file_name = ""

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.3/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:566:4
565	        workspace += os.path.sep + "bad"
566	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
567	    # Call linter

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.3/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:670:4
669	    tmp_report_folder = tempfile.gettempdir() + os.path.sep + str(uuid.uuid4())
670	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
671	

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.3/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:768:12
767	            ]
768	            assert (len(list(diffs))) > 0, f"No changes in the {file} file"
769	

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.3/plugins/b108_hardcoded_tmp_directory.html
   Location: ./server/server.py:81:42
80	    if item.fileUploadId:
81	        uploaded_file_path = os.path.join("/tmp/server-files", item.fileUploadId)
82	        if not os.path.isdir(uploaded_file_path):

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.3/plugins/b108_hardcoded_tmp_directory.html
   Location: ./server/server.py:103:38
102	    file_upload_id = "FILE_" + str(uuid1())
103	    uploaded_file_path = os.path.join("/tmp/server-files", file_upload_id)
104	    os.makedirs(uploaded_file_path)

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.3/plugins/b108_hardcoded_tmp_directory.html
   Location: ./server/server_worker.py:98:34
97	        temp_dir = self.create_temp_dir()
98	        upload_dir = os.path.join("/tmp/server-files", file_upload_id)
99	        if os.path.exists(upload_dir):

--------------------------------------------------

Code scanned:
	Total lines of code: 17840
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 49
		Medium: 24
		High: 9
	Total issues (by confidence):
		Undefined: 0
		Low: 16
		Medium: 18
		High: 48
Files skipped (0):

(Truncated to last 5714 characters out of 56237)

⚠️ BASH / bash-exec - 1 error

Results of bash-exec linter (version 5.3.3)
See documentation on https://megalinter.io/beta/descriptors/bash_bash_exec/
-----------------------------------------------

✅ [SUCCESS] .automation/build_schemas_doc.sh
✅ [SUCCESS] .automation/format-tables.sh
✅ [SUCCESS] .vscode/testlinter.sh
✅ [SUCCESS] build.sh
✅ [SUCCESS] entrypoint.sh
❌ [ERROR] sh/megalinter_exec
    Error: File:[sh/megalinter_exec] is not executable

⚠️ REPOSITORY / grype - 41 errors

[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) from=syft
NAME                           INSTALLED  FIXED IN  TYPE    VULNERABILITY        SEVERITY  EPSS           RISK   
ejs                            3.1.6      3.1.7     npm     GHSA-phwq-j96m-2c2q  Critical  93.5% (99th)   87.9   
ip                             1.1.5                npm     GHSA-2p57-rm9w-gvfp  High      88.0% (99th)   68.7   
tar                            6.0.1      6.1.1     npm     GHSA-3jfq-g458-7qm9  High      85.0% (99th)   66.7   
requests                       2.24.0     2.31.0    python  GHSA-j8r2-6x86-q33q  Medium    6.1% (90th)    3.4    
minimist                       1.2.5      1.2.6     npm     GHSA-xvch-5gv4-984h  Critical  0.9% (74th)    0.8    
ejs                            3.1.6      3.1.10    npm     GHSA-ghr5-ch3p-vcr6  Medium    1.3% (79th)    0.7    
node-fetch                     2.6.6      2.6.7     npm     GHSA-r683-j2x4-v87g  High      0.6% (70th)    0.5    
tar                            6.0.1      6.1.9     npm     GHSA-5955-9wpr-37jh  High      0.6% (69th)    0.5    
semver                         7.3.5      7.5.2     npm     GHSA-c2qf-rxjj-qqgw  High      0.6% (68th)    0.4    
minimatch                      3.0.4      3.0.5     npm     GHSA-f8q6-p94x-37v3  High      0.5% (63rd)    0.3    
@octokit/request               5.6.2      8.4.1     npm     GHSA-rmvr-2pp2-xj38  Medium    0.6% (67th)    0.3    
tar                            6.0.1      6.2.1     npm     GHSA-f5x3-32g6-xq36  Medium    0.5% (64th)    0.3    
tar                            6.1.11     6.2.1     npm     GHSA-f5x3-32g6-xq36  Medium    0.5% (64th)    0.3    
braces                         3.0.2      3.0.3     npm     GHSA-grv7-fg5c-xmjg  High      0.2% (44th)    0.2    
ip                             1.1.5      1.1.9     npm     GHSA-78xj-cgh5-2h22  Low       0.5% (67th)    0.2    
ansi-regex                     3.0.0      3.0.1     npm     GHSA-93q8-gq69-wqmw  High      0.2% (43rd)    0.2    
tar                            6.0.1      6.1.2     npm     GHSA-r628-mhmh-qjhw  High      0.2% (39th)    0.1    
http-cache-semantics           4.1.0      4.1.1     npm     GHSA-rc47-6667-2j5j  High      0.2% (38th)    0.1    
@octokit/plugin-paginate-rest  2.17.0     9.2.2     npm     GHSA-h5c3-5r3r-rr8q  Medium    0.2% (45th)    0.1    
@octokit/request-error         2.1.0      5.1.1     npm     GHSA-xx4v-prfh-6cgc  Medium    0.2% (43rd)    0.1    
micromatch                     4.0.4      4.0.8     npm     GHSA-952p-6rrq-rcjv  Medium    0.1% (32nd)    < 0.1  
requests                       2.24.0     2.32.4    python  GHSA-9hjg-9r4m-mvj7  Medium    0.1% (28th)    < 0.1  
cross-spawn                    7.0.3      7.0.5     npm     GHSA-3xgq-45jj-v275  High      < 0.1% (21st)  < 0.1  
lodash                         4.17.21    4.17.23   npm     GHSA-xxjr-mmjv-4gpg  Medium    < 0.1% (18th)  < 0.1  
lodash-es                      4.17.21    4.17.23   npm     GHSA-xxjr-mmjv-4gpg  Medium    < 0.1% (18th)  < 0.1  
debug                          4.2.0      4.3.1     npm     GHSA-gxpj-cx7g-858c  Low       < 0.1% (26th)  < 0.1  
requests                       2.24.0     2.32.0    python  GHSA-9wx4-h78v-vm56  Medium    < 0.1% (13th)  < 0.1  
tmp                            0.0.33     0.2.4     npm     GHSA-52f5-9888-hmc6  Low       < 0.1% (22nd)  < 0.1  
tar                            6.0.1      6.1.7     npm     GHSA-9r2w-394v-53qc  High      < 0.1% (6th)   < 0.1  
tar                            6.0.1      7.5.7     npm     GHSA-34x7-hfp2-rc4v  High      < 0.1% (6th)   < 0.1  
tar                            6.1.11     7.5.7     npm     GHSA-34x7-hfp2-rc4v  High      < 0.1% (6th)   < 0.1  
diff                           5.2.0      5.2.2     npm     GHSA-73rr-hh4g-fpgx  Low       < 0.1% (17th)  < 0.1  
diff                           7.0.0      8.0.3     npm     GHSA-73rr-hh4g-fpgx  Low       < 0.1% (17th)  < 0.1  
word-wrap                      1.2.3      1.2.4     npm     GHSA-j8xg-fqg3-53r7  Medium    < 0.1% (7th)   < 0.1  
tar                            6.0.1      6.1.9     npm     GHSA-qq89-hq3f-393p  High      < 0.1% (3rd)   < 0.1  
tar                            6.0.1      7.5.4     npm     GHSA-r6q2-hw4h-h46w  High      < 0.1% (2nd)   < 0.1  
tar                            6.1.11     7.5.4     npm     GHSA-r6q2-hw4h-h46w  High      < 0.1% (2nd)   < 0.1  
js-yaml                        3.14.0     3.14.2    npm     GHSA-mh29-5h37-fv8m  Medium    < 0.1% (4th)   < 0.1  
tar                            6.0.1      7.5.3     npm     GHSA-8qq5-rm4j-mr97  High      < 0.1% (0th)   < 0.1  
tar                            6.1.11     7.5.3     npm     GHSA-8qq5-rm4j-mr97  High      < 0.1% (0th)   < 0.1  
brace-expansion                1.1.11     1.1.12    npm     GHSA-v6h2-p8h4-qcjw  Low       < 0.1% (4th)   < 0.1
[0071] ERROR discovered vulnerabilities at or above the severity threshold

⚠️ SPELL / lychee - 23 errors

[WARN ] WARNING: `--exclude-mail` is deprecated and will soon be removed; E-Mail is no longer checked by default. Use `--include-mail` to enable E-Mail checking.
[ERROR] https://www.contributor-covenant.org/faq | Network error: error sending request for url (https://www.contributor-covenant.org/faq)
[403] https://cloudtuned.hashnode.dev/ | Network error: Forbidden
[403] https://htmlhint.com/integrations/task-runner/ | Network error: Forbidden
[403] https://npmjs.org/package/mega-linter-runner | Network error: Forbidden
[403] https://cloudtuned.hashnode.dev/introducing-megalinter-streamlining-code-quality-checks-across-multiple-languages | Network error: Forbidden
[403] https://npmjs.org/package/mega-linter-runner | Error (cached)
[403] https://pmd.sourceforge.io/pmd-6.55.0/pmd_userdocs_tools_ci.html | Network error: Forbidden
[403] https://stackoverflow.com/a/73711302 | Network error: Forbidden
[403] https://cppcheck.sourceforge.io/manual.html#configuration | Network error: Forbidden
[403] https://cppcheck.sourceforge.io/ | Network error: Forbidden
[403] https://stackoverflow.com/a/73711302 | Network error: Forbidden
[403] https://stackoverflow.com/a/73711302 | Network error: Forbidden
[403] https://cppcheck.sourceforge.io/ | Network error: Forbidden
[403] https://cppcheck.sourceforge.io/manual.html#configuration | Network error: Forbidden
[403] https://pmd.sourceforge.io/pmd-6.55.0/pmd_userdocs_tools_ci.html | Error (cached)
[403] https://htmlhint.com/integrations/task-runner/ | Error (cached)
[403] https://htmlhint.com/configuration/ | Network error: Forbidden
[403] https://htmlhint.com/ | Network error: Forbidden
[403] https://stackoverflow.com/a/73711302 | Error (cached)
[403] https://htmlhint.com/docs/user-guide/list-rules | Network error: Forbidden
[404] https://htmlhint.com/_astro/htmlhint.DIRCoA_t_Z1czEXa.webp | Network error: Not Found
[403] https://www.npmjs.com/package/markdown-table-formatter | Network error: Forbidden
[403] https://docutils.sourceforge.io/docs/ref/rst/directives.html#raw-data-pass-through | Network error: Forbidden
[TIMEOUT] https://generated.at/ | Timeout
[TIMEOUT] https://generated.at/ | Timeout
📝 Summary
---------------------
🔍 Total.........2430
✅ Successful....1933
⏳ Timeouts.........2
🔀 Redirected.......0
👻 Excluded.......472
❓ Unknown..........0
🚫 Errors..........23

Errors in README.md
[TIMEOUT] https://generated.at/ | Timeout
[403] https://npmjs.org/package/mega-linter-runner | Network error: Forbidden
[403] https://pmd.sourceforge.io/pmd-6.55.0/pmd_userdocs_tools_ci.html | Network error: Forbidden
[403] https://cloudtuned.hashnode.dev/ | Network error: Forbidden
[403] https://cloudtuned.hashnode.dev/introducing-megalinter-streamlining-code-quality-checks-across-multiple-languages | Network error: Forbidden
[403] https://htmlhint.com/integrations/task-runner/ | Network error: Forbidden

Errors in mega-linter-runner/README.md
[403] https://npmjs.org/package/mega-linter-runner | Error (cached)

Errors in CODE_OF_CONDUCT.md
[ERROR] https://www.contributor-covenant.org/faq | Network error: error sending request for url (https://www.contributor-covenant.org/faq)

Errors in megalinter/descriptors/html.megalinter-descriptor.yml
[403] https://htmlhint.com/integrations/task-runner/ | Error (cached)
[403] https://htmlhint.com/configuration/ | Network error: Forbidden
[403] https://htmlhint.com/ | Network error: Forbidden
[404] https://htmlhint.com/_astro/htmlhint.DIRCoA_t_Z1czEXa.webp | Network error: Not Found
[403] https://htmlhint.com/docs/user-guide/list-rules | Network error: Forbidden

Errors in megalinter/descriptors/clojure.megalinter-descriptor.yml
[403] https://stackoverflow.com/a/73711302 | Network error: Forbidden

Errors in megalinter/descriptors/c.megalinter-descriptor.yml
[403] https://cppcheck.sourceforge.io/manual.html#configuration | Network error: Forbidden
[403] https://cppcheck.sourceforge.io/ | Network error: Forbidden

Errors in megalinter/descriptors/java.megalinter-descriptor.yml
[403] https://pmd.sourceforge.io/pmd-6.55.0/pmd_userdocs_tools_ci.html | Error (cached)

Errors in megalinter/descriptors/rst.megalinter-descriptor.yml
[403] https://docutils.sourceforge.io/docs/ref/rst/directives.html#raw-data-pass-through | Network error: Forbidden

Errors in megalinter/descriptors/arm.megalinter-descriptor.yml
[403] https://stackoverflow.com/a/73711302 | Network error: Forbidden

Errors in megalinter/descriptors/cpp.megalinter-descriptor.yml
[403] https://cppcheck.sourceforge.io/manual.html#configuration | Network error: Forbidden
[403] https://cppcheck.sourceforge.io/ | Network error: Forbidden

Errors in megalinter/descriptors/powershell.megalinter-descriptor.yml
[403] https://stackoverflow.com/a/73711302 | Error (cached)

Errors in megalinter/descriptors/markdown.megalinter-descriptor.yml
[403] https://www.npmjs.com/package/markdown-table-formatter | Network error: Forbidden

Errors in megalinter/descriptors/bicep.megalinter-descriptor.yml
[403] https://stackoverflow.com/a/73711302 | Network error: Forbidden

⚠️ MARKDOWN / markdownlint - 335 errors

ngle-h1 Multiple top-level headings in the same document [Context: "IDE Configuration Reporter"]
docs/reporters/ConsoleReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Console Reporter"]
docs/reporters/EmailReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "E-mail Reporter"]
docs/reporters/FileIoReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "File.io Reporter"]
docs/reporters/GitHubCommentReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "GitHub Comment Reporter"]
docs/reporters/GitHubCommentReporter.md:27:196 error MD056/table-column-count Table column count [Expected: 4; Actual: 3; Too few cells, row will be missing data]
docs/reporters/GitHubCommentReporter.md:27:46 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:27:174 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:27:196 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:28:179 error MD056/table-column-count Table column count [Expected: 4; Actual: 3; Too few cells, row will be missing data]
docs/reporters/GitHubCommentReporter.md:28:46 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:28:160 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:28:179 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:29:159 error MD056/table-column-count Table column count [Expected: 4; Actual: 3; Too few cells, row will be missing data]
docs/reporters/GitHubCommentReporter.md:29:48 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:29:143 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:29:159 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:30:171 error MD056/table-column-count Table column count [Expected: 4; Actual: 3; Too few cells, row will be missing data]
docs/reporters/GitHubCommentReporter.md:30:46 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:30:152 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:30:171 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubStatusReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "GitHub Status Reporter"]
docs/reporters/GitlabCommentReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Gitlab Comment Reporter"]
docs/reporters/JsonReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "JSON Reporter"]
docs/reporters/MarkdownSummaryReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Markdown Summary Reporter"]
docs/reporters/SarifReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "SARIF Reporter (beta)"]
docs/reporters/TapReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "TAP Reporter"]
docs/reporters/TextReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Text Reporter"]
docs/reporters/UpdatedSourcesReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Updated Sources Reporter"]
docs/special-thanks.md:9 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Special thanks"]
docs/special-thanks.md:23:3 error MD045/no-alt-text Images should have alternate text (alt text)
docs/sponsor.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Sponsoring"]
docs/supported-linters.md:9 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Supported Linters"]
mega-linter-runner/generators/mega-linter-custom-flavor/templates/README.md:63 error MD024/no-duplicate-heading Multiple headings with the same content [Context: "How to use the custom flavor"]
mega-linter-runner/README.md:27:274 error MD051/link-fragments Link fragments should be valid [Context: "[**apply formatting and auto-fixes**](#apply-fixes)"]
mega-linter-runner/README.md:27:217 error MD051/link-fragments Link fragments should be valid [Context: "[**reports in several formats**](#reports)"]
README.md:190:127 error MD051/link-fragments Link fragments should be valid [Context: "[many additional features](#mega-linter-vs-super-linter)"]
README.md:1768:3 error MD045/no-alt-text Images should have alternate text (alt text)

(Truncated to last 5714 characters out of 43922)

⚠️ YAML / prettier - 6 errors

ged)
codecov.yml 1ms (unchanged)
mega-linter-runner/.eslintrc.yml 5ms (unchanged)
mega-linter-runner/.mega-linter.yml 14ms (unchanged)
mega-linter-runner/generators/mega-linter-custom-flavor/templates/action.yml 12ms (unchanged)
mega-linter-runner/generators/mega-linter-custom-flavor/templates/check-new-megalinter-version.yml 10ms (unchanged)
mega-linter-runner/generators/mega-linter-custom-flavor/templates/megalinter-custom-flavor-builder.yml 23ms (unchanged)
[error] mega-linter-runner/generators/mega-linter-custom-flavor/templates/megalinter-custom-flavor.yml: SyntaxError: Implicit map keys need to be followed by map values (6:1)
[error]   4 | label: <%= CUSTOM_FLAVOR_LABEL %>
[error]   5 | linters:
[error] > 6 | <%= CUSTOM_FLAVOR_LINTERS %>
[error]     | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[error]   7 |
mega-linter-runner/generators/mega-linter/templates/.drone.yml 3ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/.gitlab-ci.yml 7ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/azure-pipelines.yml 4ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/bitbucket-pipelines.yml 4ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/concourse-task.yml 5ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/mega-linter.yml 12ms (unchanged)
megalinter/descriptors/action.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/ansible.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/api.megalinter-descriptor.yml 17ms (unchanged)
megalinter/descriptors/arm.megalinter-descriptor.yml 23ms (unchanged)
megalinter/descriptors/bash.megalinter-descriptor.yml 34ms (unchanged)
megalinter/descriptors/bicep.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/c.megalinter-descriptor.yml 10ms (unchanged)
megalinter/descriptors/clojure.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/cloudformation.megalinter-descriptor.yml 7ms (unchanged)
megalinter/descriptors/coffee.megalinter-descriptor.yml 3ms (unchanged)
megalinter/descriptors/copypaste.megalinter-descriptor.yml 5ms (unchanged)
megalinter/descriptors/cpp.megalinter-descriptor.yml 17ms (unchanged)
megalinter/descriptors/csharp.megalinter-descriptor.yml 16ms (unchanged)
megalinter/descriptors/css.megalinter-descriptor.yml 7ms (unchanged)
megalinter/descriptors/dart.megalinter-descriptor.yml 9ms (unchanged)
megalinter/descriptors/dockerfile.megalinter-descriptor.yml 9ms (unchanged)
megalinter/descriptors/editorconfig.megalinter-descriptor.yml 2ms (unchanged)
megalinter/descriptors/env.megalinter-descriptor.yml 2ms (unchanged)
megalinter/descriptors/gherkin.megalinter-descriptor.yml 2ms (unchanged)
megalinter/descriptors/go.megalinter-descriptor.yml 9ms (unchanged)
megalinter/descriptors/graphql.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/groovy.megalinter-descriptor.yml 4ms (unchanged)
megalinter/descriptors/html.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/java.megalinter-descriptor.yml 7ms (unchanged)
megalinter/descriptors/javascript.megalinter-descriptor.yml 22ms (unchanged)
megalinter/descriptors/json.megalinter-descriptor.yml 36ms (unchanged)
megalinter/descriptors/jsx.megalinter-descriptor.yml 7ms (unchanged)
megalinter/descriptors/kotlin.megalinter-descriptor.yml 5ms (unchanged)
megalinter/descriptors/kubernetes.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/latex.megalinter-descriptor.yml 4ms (unchanged)
megalinter/descriptors/lua.megalinter-descriptor.yml 19ms (unchanged)
megalinter/descriptors/makefile.megalinter-descriptor.yml 5ms (unchanged)
megalinter/descriptors/markdown.megalinter-descriptor.yml 20ms (unchanged)
megalinter/descriptors/perl.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/php.megalinter-descriptor.yml 26ms (unchanged)
megalinter/descriptors/powershell.megalinter-descriptor.yml 12ms (unchanged)
megalinter/descriptors/protobuf.megalinter-descriptor.yml 5ms (unchanged)
megalinter/descriptors/puppet.megalinter-descriptor.yml 9ms (unchanged)
megalinter/descriptors/python.megalinter-descriptor.yml 69ms (unchanged)
megalinter/descriptors/r.megalinter-descriptor.yml 7ms (unchanged)
megalinter/descriptors/raku.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/repository.megalinter-descriptor.yml 67ms (unchanged)
megalinter/descriptors/robotframework.megalinter-descriptor.yml 12ms (unchanged)
megalinter/descriptors/rst.megalinter-descriptor.yml 12ms (unchanged)
megalinter/descriptors/ruby.megalinter-descriptor.yml 7ms (unchanged)
megalinter/descriptors/rust.megalinter-descriptor.yml 4ms (unchanged)
megalinter/descriptors/salesforce.megalinter-descriptor.yml 42ms (unchanged)
megalinter/descriptors/scala.megalinter-descriptor.yml 10ms (unchanged)
megalinter/descriptors/snakemake.megalinter-descriptor.yml 22ms (unchanged)
megalinter/descriptors/spell.megalinter-descriptor.yml 31ms (unchanged)
megalinter/descriptors/sql.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/swift.megalinter-descriptor.yml 5ms (unchanged)
megalinter/descriptors/tekton.megalinter-descriptor.yml 2ms (unchanged)
megalinter/descriptors/terraform.megalinter-descriptor.yml 19ms (unchanged)
megalinter/descriptors/tsx.megalinter-descriptor.yml 14ms (unchanged)
megalinter/descriptors/typescript.megalinter-descriptor.yml 31ms (unchanged)
megalinter/descriptors/vbdotnet.megalinter-descriptor.yml 7ms (unchanged)
megalinter/descriptors/xml.megalinter-descriptor.yml 5ms (unchanged)
megalinter/descriptors/yaml.megalinter-descriptor.yml 16ms (unchanged)
server/docker-compose-dev.yml 3ms (unchanged)
server/docker-compose.yml 5ms (unchanged)
trivy-secret.yaml 2ms (unchanged)

(Truncated to last 5714 characters out of 11498)

⚠️ YAML / yamllint - 30 errors

mega-linter-runner/.eslintrc.yml
  11:9      warning  too few spaces inside empty braces  (braces)

mega-linter-runner/generators/mega-linter-custom-flavor/templates/megalinter-custom-flavor.yml
  7:1       error    syntax error: could not find expected ':' (syntax)

megalinter/descriptors/copypaste.megalinter-descriptor.yml
  18:301    warning  line too long (313 > 300 characters)  (line-length)

megalinter/descriptors/javascript.megalinter-descriptor.yml
  234:301   warning  line too long (307 > 300 characters)  (line-length)

megalinter/descriptors/markdown.megalinter-descriptor.yml
  74:301    warning  line too long (366 > 300 characters)  (line-length)

megalinter/descriptors/perl.megalinter-descriptor.yml
  26:301    warning  line too long (310 > 300 characters)  (line-length)

megalinter/descriptors/php.megalinter-descriptor.yml
  149:301   warning  line too long (389 > 300 characters)  (line-length)
  163:301   warning  line too long (302 > 300 characters)  (line-length)

megalinter/descriptors/repository.megalinter-descriptor.yml
  155:301   warning  line too long (408 > 300 characters)  (line-length)
  268:301   warning  line too long (306 > 300 characters)  (line-length)
  273:301   warning  line too long (321 > 300 characters)  (line-length)
  450:301   warning  line too long (338 > 300 characters)  (line-length)
  518:301   warning  line too long (306 > 300 characters)  (line-length)
  568:301   warning  line too long (316 > 300 characters)  (line-length)
  818:301   warning  line too long (1263 > 300 characters)  (line-length)
  883:301   warning  line too long (879 > 300 characters)  (line-length)
  897:301   warning  line too long (358 > 300 characters)  (line-length)
  953:301   warning  line too long (346 > 300 characters)  (line-length)
  960:301   warning  line too long (307 > 300 characters)  (line-length)

megalinter/descriptors/salesforce.megalinter-descriptor.yml
  51:301    warning  line too long (359 > 300 characters)  (line-length)
  295:301   warning  line too long (359 > 300 characters)  (line-length)

megalinter/descriptors/sql.megalinter-descriptor.yml
  64:301    warning  line too long (319 > 300 characters)  (line-length)

megalinter/descriptors/terraform.megalinter-descriptor.yml
  27:301    warning  line too long (330 > 300 characters)  (line-length)
  86:301    warning  line too long (391 > 300 characters)  (line-length)
  142:301   warning  line too long (346 > 300 characters)  (line-length)
  199:301   warning  line too long (328 > 300 characters)  (line-length)

megalinter/descriptors/typescript.megalinter-descriptor.yml
  225:301   warning  line too long (314 > 300 characters)  (line-length)

mkdocs.yml
  8:301     warning  line too long (552 > 300 characters)  (line-length)
  66:5      warning  wrong indentation: expected 6 but found 4  (indentation)
  78:5      warning  wrong indentation: expected 6 but found 4  (indentation)

✅ Linters with no issues

black, checkov, cspell, flake8, git_diff, hadolint, isort, jscpd, jsonlint, markdown-table-formatter, mypy, npm-groovy-lint, pylint, ruff, secretlint, shellcheck, shfmt, spectral, syft, trivy, trivy-sbom, trufflehog, v8r, v8r, xmllint

See detailed reports in MegaLinter artifacts

Show us your support by starring ⭐ the repository

megalinter/reporters/AzureCommentReporter.py

echoix

I think bugbot's suggestions are correct if they are right, otherwise I'm supporting you with this, it is way better than without it, as nothing would work

bdovaz · 2026-02-15T15:09:33Z

I think bugbot's suggestions are correct if they are right, otherwise I'm supporting you with this, it is way better than without it, as nothing would work

Cursor suggestions fixed

megalinter/reporters/AzureCommentReporter.py

cursor

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

megalinter/reporters/AzureCommentReporter.py

MegaLinter v9.3.0 and earlier crash on startup with Python 3.13 due to AzureCommentReporter importing azure.devops which requires pkg_resources (removed from stdlib). The fix is merged in oxsecurity/megalinter#7151 but not yet released. Using :beta (tracks main branch) as a temporary workaround until v9.4.0.

pkg_resources (part of setuptools) is not included in Python 3.13 by default but is unconditionally imported by the azure-devops SDK used in AzureCommentReporter.py. This causes MegaLinter to crash at startup. Add a post-build step that layers 'pip install setuptools' on top of the built image. This is simpler and more reliable than waiting for upstream MegaLinter to publish a new image with the fix from oxsecurity/megalinter#7151 (merged 2026-02-16). Will remove this patch once a new MegaLinter release ships the fix.

pkg_resources (part of setuptools) is not included in Python 3.13 by default but is unconditionally imported by the azure-devops SDK used in AzureCommentReporter.py. This causes MegaLinter to crash at startup. Add a post-build step that layers 'pip install setuptools' on top of the built image. This is simpler and more reliable than waiting for upstream MegaLinter to publish a new image with the fix from oxsecurity/megalinter#7151 (merged 2026-02-16). Will remove this patch step once a new MegaLinter release ships the fix.

Update azure-devops to latest version

ff6faa5

bdovaz had a problem deploying to dev February 15, 2026 07:12 — with GitHub Actions Failure

bdovaz temporarily deployed to dev February 15, 2026 07:12 — with GitHub Actions Inactive

wip

4ded21b

bdovaz temporarily deployed to dev February 15, 2026 11:14 — with GitHub Actions Inactive

bdovaz had a problem deploying to dev February 15, 2026 11:14 — with GitHub Actions Failure

bdovaz temporarily deployed to dev February 15, 2026 11:14 — with GitHub Actions Inactive

bdovaz changed the title ~~Update azure-devops to latest version~~ Use Azure DevOps Services REST API Feb 15, 2026

bdovaz marked this pull request as ready for review February 15, 2026 11:25

bdovaz requested review from Kurt-von-Laven, echoix and nvuillam as code owners February 15, 2026 11:25

cursor bot reviewed Feb 15, 2026

View reviewed changes

megalinter/reporters/AzureCommentReporter.py Show resolved Hide resolved

megalinter/reporters/AzureCommentReporter.py Outdated Show resolved Hide resolved

echoix approved these changes Feb 15, 2026

View reviewed changes

wip

19c51c5

bdovaz temporarily deployed to dev February 15, 2026 14:46 — with GitHub Actions Inactive

bdovaz had a problem deploying to dev February 15, 2026 14:46 — with GitHub Actions Failure

bdovaz temporarily deployed to dev February 15, 2026 14:46 — with GitHub Actions Inactive

bdovaz had a problem deploying to dev February 15, 2026 14:46 — with GitHub Actions Failure

bdovaz enabled auto-merge (squash) February 15, 2026 15:09

Upgrade langchain-core and cryptography

e8fc414

nvuillam temporarily deployed to dev February 15, 2026 19:50 — with GitHub Actions Inactive

[MegaLinter] Apply linters fixes

d2be36b

nvuillam temporarily deployed to dev February 15, 2026 19:57 — with GitHub Actions Inactive

bdovaz temporarily deployed to dev February 15, 2026 21:28 — with GitHub Actions Inactive

cursor bot reviewed Feb 15, 2026

View reviewed changes

megalinter/reporters/AzureCommentReporter.py Show resolved Hide resolved

fix cursor issue

bab6610

bdovaz temporarily deployed to dev February 15, 2026 21:53 — with GitHub Actions Inactive

cursor bot reviewed Feb 15, 2026

View reviewed changes

megalinter/reporters/AzureCommentReporter.py Show resolved Hide resolved

fix cursor issue

6d9524d

bdovaz temporarily deployed to dev February 15, 2026 22:14 — with GitHub Actions Inactive

trvy

6d53f59

nvuillam temporarily deployed to dev February 15, 2026 22:58 — with GitHub Actions Inactive

Upgrade robocop

f8a960b

nvuillam temporarily deployed to dev February 16, 2026 06:31 — with GitHub Actions Inactive

nvuillam disabled auto-merge February 16, 2026 07:09

nvuillam merged commit ee44d4c into main Feb 16, 2026
137 checks passed

nvuillam deleted the update-azure-devops branch February 16, 2026 07:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Use Azure DevOps Services REST API#7151

Use Azure DevOps Services REST API#7151
nvuillam merged 10 commits intomainfrom
update-azure-devops

bdovaz commented Feb 15, 2026 •

edited by cursor bot

Loading

Uh oh!

github-actions bot commented Feb 15, 2026 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

echoix left a comment

Uh oh!

bdovaz commented Feb 15, 2026

Uh oh!

Uh oh!

cursor bot left a comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Uh oh!

Conversation

bdovaz commented Feb 15, 2026 • edited by cursor bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Feb 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅⚠️MegaLinter analysis: Success with warnings

✅ Linters with no issues

Uh oh!

Uh oh!

Uh oh!

echoix left a comment

Choose a reason for hiding this comment

Uh oh!

bdovaz commented Feb 15, 2026

Uh oh!

Uh oh!

cursor bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

bdovaz commented Feb 15, 2026 •

edited by cursor bot

Loading

github-actions bot commented Feb 15, 2026 •

edited

Loading