chore(deps): update dependency semgrep to v1.153.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
semgrep (changelog)	1.152.0 → 1.153.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

semgrep/semgrep (semgrep)

v1.153.0

Compare Source

### Added

• Semgrep core is now optimized with flambda (flambda)
• Scala: Support for for-yield (LANG-193)

### Fixed

• Scala: Fixed a parsing bug where subsequent calls in an implicit block would not
  be considered at the same scope, e.g.

  def f (a: t) =
    foo()
    bar()
  ``` (lang-194)
  

1.152.0 - 2026-02-17

### Added

• Hooks (for both Claude Code and Cursor) now pull custom rules from the registry (custom-rules-hooks)

• Turned on DNS rebinding protection for the MCP server (dns-check)

• Environment variables can now be passed to third-party package managers invoked as part of --allow-local-builds dependency resolution via the environment variable SEMGREP_LOCAL_BUILD_ENV, which accepts a JSON object with string keys and string values. (SC-3163)

• Memory management policies

  A memory policy defines how OCaml's garbage collector should be configured for
  a scan. There are two initial policies: "aggressive", the current behaviour,
  which trades longer scan times for lower memory use, and "balanced", which
  finds a middle ground between reclaiming heap memory in short order while
  limiting how often the garbage collector runs. The policy can be configured
  via the --x-mem-policy CLI flag for the pro engine; this flag is unused in
  the OSS engine. (engine-2055)

• Added experimental support for the OpenFGA authorization language. Thanks to Alex Useche (@​hex0punk) for the contribution! (gh-11347)

• Allows case insensitive string comparisons using lower() and upper() like this:

  - metavariable-comparison:
      metavariable: $VALUE
      comparison: upper(str($VALUE)) == "SEMGREP"
  

  (gh-11502)

• Blocking findings that are outputted in the CI output are now labelled as such. (#​4394)

### Changed

• pro: There should be fewer FNs when the max number of fields to track per object
  is reached. (code-9224)
• Remove legacy combined symbol analysis computation and upload in favor of per-subproject symbol analysis (sc-3153)

### Fixed

• pro: Improved accuracy of taint tracking through assignments, this will help
  reduce FPs in some cases. (code-9220)
• When receiving a 429 or 5xx from the Semgrep app, the CLI will wait for a
  longer period of time before retrying the request, to spread out requests
  during periods of app instability. (engine-2550)

1.151.0 - 2026-02-04

Added

• Added progress indicators for symbol analysis calculation and upload during CI scans (sc-3103)

Fixed

• bumped glom to at least version 23.3, which includes a fix to a SyntaxWarning
  warning log. (gh-11460)
• Semgrep no longer prints info log lines from semgrep-core RPC calls when --trace is passed and --debug isn't (loglines)
• Fixed the README not appearing in built wheels. (wheelreadme)

1.150.0 - 2026-01-29

Added

• Connecting to the Semgrep MCP server via streamableHttp now requires OAuth. (saf-2453)

Changed

• Migrated from pipenv to uv for ./cli package management (uv)

Fixed

• pro: Improved virtual method resolution in Scala (code-9213)
• Improved performance for supply chain scans by reducing pre-computation when printing the scan status. This results in slightly less information being displayed in the case that there are no rules to run. (gh-5436)
• Supply Chain Analysis: fixed version range matching for NPM packages with versions containing a prerelease identifier such as -alpha in 1.2.3-alpha. (sc-3001)

1.149.0 - 2026-01-21

Added

• Added a warning in --debug mode when a user runs a parallel scan with a larger
  value for -j/--jobs than the number of CPUs we detect the host has made
  available to Semgrep. Additionally, a suggested starting value for -j/--jobs
  is reported to give the user a place to start tuning their scan. (saf-2474)
• Upload symbol analysis on a per-subproject basis during supply chain scans. (sc-3038)

Changed

• The MCP server no longer supports SSE transport. (saf-2462)

Fixed

• pro: Improved virtual method resolution in Java (code-9210)
• pro: Improved virtual method resolution in Scala (code-9212)
• Improve performance of scan planning, a part of the Python CLI, by reducing
  the cost of re-hashing Target objects. Performance should improve on
  large repo scans proportionally to the number of files in the repo. (gh-5407)
• semgrep ci no longer applies autofixes to disk, even when the "Suggest autofixes" toggle in the app is enabled. (saf-2446)

1.148.0 - 2026-01-14

Added

• Performance: subproject discovery in Supply Chain scans is no longer
  significantly slowed down by the presence of Git-untracked files
  resulting in faster diff scans in such cases. (sc-subproject-speedup)

Fixed

• pro: Improved virtual method resolution in Java (code-9174)
• pro: Improved handling of parse errors during inter-file analysis. Now, these
  errors should be adequately reported back to users and in the JSON output. (code-9216)
• Dataflow now accounts for Python for/else and while/else loops. (gh-8405)
• Fix rare "bad file descriptor" when performing Git operations on Windows (saf-2358)

1.147.0 - 2026-01-07

Added

• Gradle lockfiles of the form gradle*.lockfile are now supported. Previously, only lockfiles named exactly gradle.lockfile were supported. (SC-2999)
• semgrep login now supports a --force flag, which ignores existing tokens and starts a new login session. The MCP setup workflow has been updated to use --force too. (saf-2392)

Fixed

• Deduplication should now pick the exact same findings across scans. Previously,
  findings were always equivalent, but not guaranteed to be exactly the same
  (e.g. metavariable bindings could differ). Depending on the rule and target code,
  this could cause findings' fingerprints to change from one scan to another, thus
  leading to finding flakiness and "cycling" in Semgrep App. Note that when
  upgrading to this Semgrep version, you may see different (but equivalent) findings
  wrt your current Semgrep version in the first scan, one more time. However, in
  subsequent scans/upgrades, this problem should go away or at least be greatly
  reduced. (saf-2304)

1.146.0 - 2025-12-17

Added

• Added support for Cursor post-code-generation hooks via new record-file-edit and stop-cli-scan semgrep mcp flags (cursor-hooks)
• Added skipped_paths field to CI scan results to report files that failed to scan due to errors (timeout, OOM, etc.), preventing the app from incorrectly marking findings in those files as fixed (gh-5122)
• Symbol analysis, if enabled, now runs for Supply Chain only scans when calling semgrep ci. (sc-2927)

Changed

• Semgrep's Docker image base has been bumped from Alpine Linux 3.22 to 3.23 (docker-version)
• bumped the mcp python-sdk from 1.16.0 to 1.23.3 (mcp-version)
• pro: [experimental] enabling and disabling transitive reachability
  analysis in semgrep ci regardless of app settings is now possible with
  --x-enable-transitive-reachability (or --x-tr)
  and --x-disable-transitive-reachability. (tr-flags)

Fixed

• The PHP AST now distinguishes between if statements with no else clause and those with an explicit but empty else {}. (gh-11330)
• git-lfs objects are now excluded from baseline scans, as they are usually binary files, or simply too large to scan. (saf-2020)
• Fix a OCaml stdlib bug that would cause nondeterministic UnixErrors on Windows under the multicore runtime due to a race condition in the socketpair implementation (saf-2316)
• Fixed an issue that in rare cases could lead timeouts to be mishandled. This typically manifested only through slightly different warning messages, but it is possible that more serious consequences could have occasionally resulted. (saf-2368)
• Fixed symbol analysis incorrectly analyzing all files instead of only the relevant language files per ecosystem. (sc-3020)

1.145.2 - 2025-12-12

No significant changes.

1.145.1 - 2025-12-11

No significant changes.

1.145.0 - 2025-12-04

Added

• Added optional user-prompting for classifying findings as true/false positives via MCP Elicitation in the MCP server (behind SEMGREP_FINDINGS_ELICITATION_ENABLED, off by default). (elicitation)
• Added hook to inject secure-by-default library recommendations into Claude Code Agent context. (secure-defaults-hook)

Changed

• Symbol analysis upload now runs before scan completion to ensure it is available during initial scan postprocessing. (sc-2933)

Fixed

• Fix issue that could lead to validation failures for certain well-formed rules, such as those with emoji in their messages. (incid-293)
• The correct range for let ... in expressions in OCaml is now reported. Previously, the location of the let was omitted. This is mainly relevant for autofix. (ocaml-let)
• Debug log lines concerning telemetry collection that are only relevant inside
  Semgrep's managed scanning environment are not emitted if a scan runs outside
  that environment. (saf-2321)
• pro: in 1.144.0 interfile scans no longer default to -j 1; instead, the number of available CPUs on the system was used to inform how many jobs should be spawned. This caused a change in timeouts due to how time is measured for certain parts of the pro engine. This change has now been reverted (saf-default-jobs)

1.144.1 - 2025-12-04

Fixed

• Fix issue that could lead to validation failures for certain well-formed rules, such as those with emoji in their messages. (incid-293)
• pro: in 1.144.0 interfile scans no longer default to -j 1; instead, the number of available CPUs on the system was used to inform how many jobs should be spawned. This caused a change in timeouts due to how time is measured for certain parts of the pro engine. This change has now been reverted (saf-default-jobs)

1.144.0 - 2025-11-19

Fixed

• pro: interfile scans no longer default to -j 1; instead, the number of
  available CPUs on the system is polled as part of a heuristic to determine how
  many threads should be spawned. (gh-4952)
• Semgrep will no longer rarely crash when --trace is passed. (incid-280)

1.143.3 - 2025-11-25

No significant changes.

1.143.2 - 2025-11-25

Fixed

• Fix issue that could lead to validation failures for certain well-formed rules, such as those with emoji in their messages. (incid-293)

1.143.1 - 2025-11-14

Fixed

• Semgrep will no longer rarely crash when --trace is passed. (incid-280)

1.143.0 - 2025-11-12

Added

• Dataflow will now understand empty block expressions as having unit value in
  more instances. (code-9141)
• Parallel scans will now use shared-memory parallelism using multicore OCaml
  domains, rather than the legacy fork-join approach. Users can opt into the
  legacy method with the --x-parmap CLI flag, and this deprecates the --x-eio
  flag (since it is now the default behaviour). (saf-2271)
• Add -k/ --hook flag to enable Semgrep scans via Claude Code Agent post-tool hooks (saf-2279)

Fixed

• When running semgrep scan or semgrep ci, the progress bar now always ends at 100%. (SAF-2079)
• Pro: fixed various bugs relating to Scala match expression handling in dataflow
  analysis (e.g., some branches being misordered, especially when matching
  multiple variables against non-integer literal patterns). (code-9144)
• Semgrep will now emit better error messages when exceptions are raised at the beginning or end of scan (exit-message)
• Enabled taint tracking into Goroutines, by treating them as regular Go function calls. (gh-11207)
• Fixed missing Rust type alias translation. We can now
  accurately match the () type in a type declaration. (gh-11283)
• fixed MCP semgrep_findings tool to accept single issue_type parameter and corrected identity string role parsing (saf-2282)

1.142.0 - 2025-10-30

Added

• Pro: improved taint handling of match expressions in Scala. In examples like

  val x = taint match {
      case Some(t) => t
      case None => return "example"
  }

  dataflow should now track taint from taint to x. (code-9085)
• pro: scala: http4s-specific support for case $M -> ... :? ... +& test +& ... => ... patterns. (code-9131)

Fixed

• Supply Chain subproject resolution table is now shown even when no subprojects were successfully resolved (SC-2492)
• UV lockfiles that include editable and local dependencies without versions are now parsed correctly. The unversioned dependencies will be ignored. (SC-2888)
• Failures in parsing UV lockfiles are now correctly reported as "Failed" rather than "Unsupported" (SC-2895)
• build.gradle.kts files now resolve correctly when --allow-local-builds is passed. (SC-2899)
• Rule parsing in 1.139.0 was switched to happen solely in semgrep-core. This caused some users to exit with code 7, so this change has been reverted. (saf-2265)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

⚠️ PYTHON / bandit - 81 errors

124:4
123	    )
124	    assert os.path.isdir(config.get(request_id, "DEFAULT_WORKSPACE")), (
125	        "DEFAULT_WORKSPACE "
126	        + config.get(request_id, "DEFAULT_WORKSPACE")
127	        + " is not a valid folder"
128	    )
129	

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:172:4
171	    tmp_report_folder = tempfile.gettempdir() + os.path.sep + str(uuid.uuid4())
172	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
173	    linter_name = linter.linter_name

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:238:4
237	    tmp_report_folder = tempfile.gettempdir() + os.path.sep + str(uuid.uuid4())
238	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
239	    if os.path.isfile(workspace + os.path.sep + "no_test_failure"):

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:487:4
486	    )
487	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
488	    expected_file_name = ""

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:587:4
586	        workspace += os.path.sep + "bad"
587	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
588	    # Call linter

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:676:4
675	        workspace = workspace + os.path.sep + "fix"
676	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
677	

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:782:12
781	            ]
782	            assert (len(list(diffs))) > 0, f"No changes in the {file} file"
783	

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./server/server.py:81:42
80	    if item.fileUploadId:
81	        uploaded_file_path = os.path.join("/tmp/server-files", item.fileUploadId)
82	        if not os.path.isdir(uploaded_file_path):

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./server/server.py:103:38
102	    file_upload_id = "FILE_" + str(uuid1())
103	    uploaded_file_path = os.path.join("/tmp/server-files", file_upload_id)
104	    os.makedirs(uploaded_file_path)

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./server/server_worker.py:98:34
97	        temp_dir = self.create_temp_dir()
98	        upload_dir = os.path.join("/tmp/server-files", file_upload_id)
99	        if os.path.exists(upload_dir):

--------------------------------------------------

Code scanned:
	Total lines of code: 17877
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 48
		Medium: 24
		High: 9
	Total issues (by confidence):
		Undefined: 0
		Low: 16
		Medium: 18
		High: 47
Files skipped (0):

(Truncated to last 5714 characters out of 55563)

⚠️ BASH / bash-exec - 1 error

Results of bash-exec linter (version 5.3.3)
See documentation on https://megalinter.io/beta/descriptors/bash_bash_exec/
-----------------------------------------------

✅ [SUCCESS] .automation/build_schemas_doc.sh
✅ [SUCCESS] .automation/format-tables.sh
✅ [SUCCESS] .vscode/testlinter.sh
✅ [SUCCESS] build.sh
✅ [SUCCESS] entrypoint.sh
❌ [ERROR] sh/megalinter_exec
    Error: File:[sh/megalinter_exec] is not executable

⚠️ REPOSITORY / grype - 62 errors

GHSA-78xj-cgh5-2h22  Low       0.8% (72nd)    0.2    
braces                         3.0.2      3.0.3     npm     GHSA-grv7-fg5c-xmjg  High      0.2% (44th)    0.2    
ansi-regex                     3.0.0      3.0.1     npm     GHSA-93q8-gq69-wqmw  High      0.2% (43rd)    0.2    
http-cache-semantics           4.1.0      4.1.1     npm     GHSA-rc47-6667-2j5j  High      0.2% (41st)    0.1    
@octokit/plugin-paginate-rest  2.17.0     9.2.2     npm     GHSA-h5c3-5r3r-rr8q  Medium    0.2% (45th)    0.1    
tar                            6.0.1      6.1.2     npm     GHSA-r628-mhmh-qjhw  High      0.1% (35th)    0.1    
@octokit/request-error         2.1.0      5.1.1     npm     GHSA-xx4v-prfh-6cgc  Medium    0.2% (43rd)    0.1    
@octokit/request               5.6.2      8.4.1     npm     GHSA-rmvr-2pp2-xj38  Medium    0.2% (36th)    < 0.1  
requests                       2.24.0     2.32.4    python  GHSA-9hjg-9r4m-mvj7  Medium    0.1% (35th)    < 0.1  
micromatch                     4.0.4      4.0.8     npm     GHSA-952p-6rrq-rcjv  Medium    0.1% (31st)    < 0.1  
cross-spawn                    7.0.3      7.0.5     npm     GHSA-3xgq-45jj-v275  High      < 0.1% (20th)  < 0.1  
minimatch                      3.0.4      3.1.3     npm     GHSA-3ppc-4f35-3m26  High      < 0.1% (16th)  < 0.1  
minimatch                      3.1.2      3.1.3     npm     GHSA-3ppc-4f35-3m26  High      < 0.1% (16th)  < 0.1  
minimatch                      5.1.6      5.1.7     npm     GHSA-3ppc-4f35-3m26  High      < 0.1% (16th)  < 0.1  
minimatch                      7.4.6      7.4.7     npm     GHSA-3ppc-4f35-3m26  High      < 0.1% (16th)  < 0.1  
minimatch                      9.0.5      9.0.6     npm     GHSA-3ppc-4f35-3m26  High      < 0.1% (16th)  < 0.1  
minimatch                      10.2.1     10.2.3    npm     GHSA-7r86-cg39-jmmj  High      < 0.1% (14th)  < 0.1  
minimatch                      10.2.2     10.2.3    npm     GHSA-7r86-cg39-jmmj  High      < 0.1% (14th)  < 0.1  
minimatch                      3.0.4      3.1.3     npm     GHSA-7r86-cg39-jmmj  High      < 0.1% (14th)  < 0.1  
minimatch                      3.1.2      3.1.3     npm     GHSA-7r86-cg39-jmmj  High      < 0.1% (14th)  < 0.1  
minimatch                      5.1.6      5.1.8     npm     GHSA-7r86-cg39-jmmj  High      < 0.1% (14th)  < 0.1  
minimatch                      7.4.6      7.4.8     npm     GHSA-7r86-cg39-jmmj  High      < 0.1% (14th)  < 0.1  
minimatch                      9.0.5      9.0.7     npm     GHSA-7r86-cg39-jmmj  High      < 0.1% (14th)  < 0.1  
debug                          4.2.0      4.3.1     npm     GHSA-gxpj-cx7g-858c  Low       < 0.1% (26th)  < 0.1  
minimatch                      10.2.1     10.2.3    npm     GHSA-23c5-xmqv-rm74  High      < 0.1% (11th)  < 0.1  
minimatch                      10.2.2     10.2.3    npm     GHSA-23c5-xmqv-rm74  High      < 0.1% (11th)  < 0.1  
minimatch                      3.0.4      3.1.4     npm     GHSA-23c5-xmqv-rm74  High      < 0.1% (11th)  < 0.1  
minimatch                      3.1.2      3.1.4     npm     GHSA-23c5-xmqv-rm74  High      < 0.1% (11th)  < 0.1  
minimatch                      5.1.6      5.1.8     npm     GHSA-23c5-xmqv-rm74  High      < 0.1% (11th)  < 0.1  
minimatch                      7.4.6      7.4.8     npm     GHSA-23c5-xmqv-rm74  High      < 0.1% (11th)  < 0.1  
minimatch                      9.0.5      9.0.7     npm     GHSA-23c5-xmqv-rm74  High      < 0.1% (11th)  < 0.1  
requests                       2.24.0     2.32.0    python  GHSA-9wx4-h78v-vm56  Medium    < 0.1% (13th)  < 0.1  
tmp                            0.0.33     0.2.4     npm     GHSA-52f5-9888-hmc6  Low       < 0.1% (22nd)  < 0.1  
tar                            6.0.1      6.1.7     npm     GHSA-9r2w-394v-53qc  High      < 0.1% (6th)   < 0.1  
lodash                         4.17.21    4.17.23   npm     GHSA-xxjr-mmjv-4gpg  Medium    < 0.1% (6th)   < 0.1  
lodash-es                      4.17.21    4.17.23   npm     GHSA-xxjr-mmjv-4gpg  Medium    < 0.1% (6th)   < 0.1  
word-wrap                      1.2.3      1.2.4     npm     GHSA-j8xg-fqg3-53r7  Medium    < 0.1% (7th)   < 0.1  
tar                            6.0.1      6.1.9     npm     GHSA-qq89-hq3f-393p  High      < 0.1% (3rd)   < 0.1  
js-yaml                        3.14.0     3.14.2    npm     GHSA-mh29-5h37-fv8m  Medium    < 0.1% (4th)   < 0.1  
tar                            6.0.1      7.5.7     npm     GHSA-34x7-hfp2-rc4v  High      < 0.1% (1st)   < 0.1  
tar                            6.1.11     7.5.7     npm     GHSA-34x7-hfp2-rc4v  High      < 0.1% (1st)   < 0.1  
tar                            6.0.1      7.5.8     npm     GHSA-83g3-92jg-28cx  High      < 0.1% (1st)   < 0.1  
tar                            6.1.11     7.5.8     npm     GHSA-83g3-92jg-28cx  High      < 0.1% (1st)   < 0.1  
brace-expansion                1.1.11     1.1.12    npm     GHSA-v6h2-p8h4-qcjw  Low       < 0.1% (7th)   < 0.1  
diff                           5.2.0      5.2.2     npm     GHSA-73rr-hh4g-fpgx  Low       < 0.1% (4th)   < 0.1  
diff                           7.0.0      8.0.3     npm     GHSA-73rr-hh4g-fpgx  Low       < 0.1% (4th)   < 0.1  
tar                            6.0.1      7.5.4     npm     GHSA-r6q2-hw4h-h46w  High      < 0.1% (0th)   < 0.1  
tar                            6.1.11     7.5.4     npm     GHSA-r6q2-hw4h-h46w  High      < 0.1% (0th)   < 0.1  
tar                            6.0.1      7.5.3     npm     GHSA-8qq5-rm4j-mr97  High      < 0.1% (0th)   < 0.1  
tar                            6.1.11     7.5.3     npm     GHSA-8qq5-rm4j-mr97  High      < 0.1% (0th)   < 0.1
[0071] ERROR discovered vulnerabilities at or above the severity threshold

(Truncated to last 5714 characters out of 7399)

⚠️ SPELL / lychee - 29 errors

rbidden
[403] https://cppcheck.sourceforge.io/ | Network error: Forbidden
[403] https://stackoverflow.com/a/73711302 | Network error: Forbidden
[403] https://cppcheck.sourceforge.io/manual.html#configuration | Network error: Forbidden
[403] https://cppcheck.sourceforge.io/ | Network error: Forbidden
[403] https://cppcheck.sourceforge.io/manual.html#configuration | Network error: Forbidden
[403] https://htmlhint.com/integrations/task-runner/ | Error (cached)
[403] https://pmd.sourceforge.io/pmd-6.55.0/pmd_userdocs_tools_ci.html | Error (cached)
[403] https://htmlhint.com/docs/user-guide/list-rules | Network error: Forbidden
[403] https://htmlhint.com/ | Network error: Forbidden
[404] https://htmlhint.com/_astro/htmlhint.DIRCoA_t_Z1czEXa.webp | Network error: Not Found
[403] https://htmlhint.com/configuration/ | Network error: Forbidden
[403] https://stackoverflow.com/a/73711302 | Error (cached)
[403] https://www.npmjs.com/package/markdown-table-formatter | Network error: Forbidden
[404] https://docs.rubocop.org/rubocop/integration_with_other_tools.html#mega-linter-integration | Error (cached)
[404] https://docs.rubocop.org/rubocop/configuration.html#disabling-cops-within-source-code | Network error: Not Found
[403] https://docutils.sourceforge.io/docs/ref/rst/directives.html#raw-data-pass-through | Network error: Forbidden
[404] https://docs.rubocop.org/rubocop/configuration.html | Network error: Not Found
[404] https://docs.rubocop.org/rubocop/cops.html | Network error: Not Found
[404] https://github.com/mongodb/kingfisher/tree/main/data/rules | Network error: Not Found
[TIMEOUT] https://generated.at/ | Timeout
[TIMEOUT] https://www.neosoft.fr/nos-publications/blog-tech/mega-linter-votre-meilleur-ami-pour-un-code-de-qualite/?utm_source=twitter&utm_medium=organic&utm_campaign=article-mega-linter | Timeout
[TIMEOUT] https://generated.at/ | Timeout
📝 Summary
---------------------
🔍 Total.........2431
✅ Successful....1927
⏳ Timeouts.........3
🔀 Redirected.......0
👻 Excluded.......472
❓ Unknown..........0
🚫 Errors..........29

Errors in megalinter/descriptors/markdown.megalinter-descriptor.yml
[403] https://www.npmjs.com/package/markdown-table-formatter | Network error: Forbidden

Errors in megalinter/descriptors/bicep.megalinter-descriptor.yml
[403] https://stackoverflow.com/a/73711302 | Network error: Forbidden

Errors in megalinter/descriptors/ruby.megalinter-descriptor.yml
[404] https://docs.rubocop.org/rubocop/configuration.html | Network error: Not Found
[404] https://docs.rubocop.org/rubocop/integration_with_other_tools.html#mega-linter-integration | Error (cached)
[404] https://docs.rubocop.org/rubocop/configuration.html#disabling-cops-within-source-code | Network error: Not Found
[404] https://docs.rubocop.org/rubocop/cops.html | Network error: Not Found

Errors in megalinter/descriptors/rst.megalinter-descriptor.yml
[403] https://docutils.sourceforge.io/docs/ref/rst/directives.html#raw-data-pass-through | Network error: Forbidden

Errors in mega-linter-runner/generators/mega-linter-custom-flavor/templates/check-new-megalinter-version.yml
[404] https://github.com/$ | Network error: Not Found

Errors in megalinter/descriptors/arm.megalinter-descriptor.yml
[403] https://stackoverflow.com/a/73711302 | Network error: Forbidden

Errors in megalinter/descriptors/powershell.megalinter-descriptor.yml
[403] https://stackoverflow.com/a/73711302 | Error (cached)

Errors in megalinter/descriptors/repository.megalinter-descriptor.yml
[404] https://github.com/mongodb/kingfisher/tree/main/data/rules | Network error: Not Found

Errors in mega-linter-runner/README.md
[403] https://npmjs.org/package/mega-linter-runner | Network error: Forbidden

Errors in README.md
[403] https://cloudtuned.hashnode.dev/ | Network error: Forbidden
[403] https://htmlhint.com/integrations/task-runner/ | Network error: Forbidden
[403] https://cloudtuned.hashnode.dev/introducing-megalinter-streamlining-code-quality-checks-across-multiple-languages | Network error: Forbidden
[TIMEOUT] https://generated.at/ | Timeout
[403] https://pmd.sourceforge.io/pmd-6.55.0/pmd_userdocs_tools_ci.html | Network error: Forbidden
[403] https://npmjs.org/package/mega-linter-runner | Network error: Forbidden
[404] https://docs.rubocop.org/rubocop/integration_with_other_tools.html#mega-linter-integration | Network error: Not Found
[TIMEOUT] https://www.neosoft.fr/nos-publications/blog-tech/mega-linter-votre-meilleur-ami-pour-un-code-de-qualite/?utm_source=twitter&utm_medium=organic&utm_campaign=article-mega-linter | Timeout

Errors in megalinter/descriptors/cpp.megalinter-descriptor.yml
[403] https://cppcheck.sourceforge.io/ | Network error: Forbidden
[403] https://cppcheck.sourceforge.io/manual.html#configuration | Network error: Forbidden

Errors in megalinter/descriptors/clojure.megalinter-descriptor.yml
[403] https://stackoverflow.com/a/73711302 | Network error: Forbidden

Errors in megalinter/descriptors/c.megalinter-descriptor.yml
[403] https://cppcheck.sourceforge.io/manual.html#configuration | Network error: Forbidden
[403] https://cppcheck.sourceforge.io/ | Network error: Forbidden

Errors in megalinter/descriptors/html.megalinter-descriptor.yml
[404] https://htmlhint.com/_astro/htmlhint.DIRCoA_t_Z1czEXa.webp | Network error: Not Found
[403] https://htmlhint.com/configuration/ | Network error: Forbidden
[403] https://htmlhint.com/docs/user-guide/list-rules | Network error: Forbidden
[403] https://htmlhint.com/ | Network error: Forbidden
[403] https://htmlhint.com/integrations/task-runner/ | Error (cached)

Errors in megalinter/descriptors/java.megalinter-descriptor.yml
[403] https://pmd.sourceforge.io/pmd-6.55.0/pmd_userdocs_tools_ci.html | Error (cached)

(Truncated to last 5714 characters out of 6733)

⚠️ MARKDOWN / markdownlint - 334 errors

ngle-h1 Multiple top-level headings in the same document [Context: "IDE Configuration Reporter"]
docs/reporters/ConsoleReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Console Reporter"]
docs/reporters/EmailReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "E-mail Reporter"]
docs/reporters/FileIoReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "File.io Reporter"]
docs/reporters/GitHubCommentReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "GitHub Comment Reporter"]
docs/reporters/GitHubCommentReporter.md:27:196 error MD056/table-column-count Table column count [Expected: 4; Actual: 3; Too few cells, row will be missing data]
docs/reporters/GitHubCommentReporter.md:27:46 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:27:174 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:27:196 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:28:179 error MD056/table-column-count Table column count [Expected: 4; Actual: 3; Too few cells, row will be missing data]
docs/reporters/GitHubCommentReporter.md:28:46 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:28:160 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:28:179 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:29:159 error MD056/table-column-count Table column count [Expected: 4; Actual: 3; Too few cells, row will be missing data]
docs/reporters/GitHubCommentReporter.md:29:48 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:29:143 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:29:159 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:30:171 error MD056/table-column-count Table column count [Expected: 4; Actual: 3; Too few cells, row will be missing data]
docs/reporters/GitHubCommentReporter.md:30:46 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:30:152 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:30:171 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubStatusReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "GitHub Status Reporter"]
docs/reporters/GitlabCommentReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Gitlab Comment Reporter"]
docs/reporters/JsonReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "JSON Reporter"]
docs/reporters/MarkdownSummaryReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Markdown Summary Reporter"]
docs/reporters/SarifReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "SARIF Reporter (beta)"]
docs/reporters/TapReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "TAP Reporter"]
docs/reporters/TextReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Text Reporter"]
docs/reporters/UpdatedSourcesReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Updated Sources Reporter"]
docs/special-thanks.md:9 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Special thanks"]
docs/special-thanks.md:23:3 error MD045/no-alt-text Images should have alternate text (alt text)
docs/sponsor.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Sponsoring"]
docs/supported-linters.md:9 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Supported Linters"]
mega-linter-runner/generators/mega-linter-custom-flavor/templates/README.md:63 error MD024/no-duplicate-heading Multiple headings with the same content [Context: "How to use the custom flavor"]
mega-linter-runner/README.md:27:274 error MD051/link-fragments Link fragments should be valid [Context: "[**apply formatting and auto-fixes**](#apply-fixes)"]
mega-linter-runner/README.md:27:217 error MD051/link-fragments Link fragments should be valid [Context: "[**reports in several formats**](#reports)"]
README.md:190:127 error MD051/link-fragments Link fragments should be valid [Context: "[many additional features](#mega-linter-vs-super-linter)"]
README.md:1769:3 error MD045/no-alt-text Images should have alternate text (alt text)

(Truncated to last 5714 characters out of 43819)

⚠️ YAML / prettier - 6 errors

codecov.yml 2ms (unchanged)
mega-linter-runner/.eslintrc.yml 5ms (unchanged)
mega-linter-runner/.mega-linter.yml 19ms (unchanged)
mega-linter-runner/generators/mega-linter-custom-flavor/templates/action.yml 7ms (unchanged)
mega-linter-runner/generators/mega-linter-custom-flavor/templates/check-new-megalinter-version.yml 53ms (unchanged)
mega-linter-runner/generators/mega-linter-custom-flavor/templates/megalinter-custom-flavor-builder.yml 16ms (unchanged)
[error] mega-linter-runner/generators/mega-linter-custom-flavor/templates/megalinter-custom-flavor.yml: SyntaxError: Implicit map keys need to be followed by map values (6:1)
[error]   4 | label: <%= CUSTOM_FLAVOR_LABEL %>
[error]   5 | linters:
[error] > 6 | <%= CUSTOM_FLAVOR_LINTERS %>
[error]     | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[error]   7 |
mega-linter-runner/generators/mega-linter/templates/.drone.yml 2ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/.gitlab-ci.yml 6ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/azure-pipelines.yml 3ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/bitbucket-pipelines.yml 3ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/concourse-task.yml 4ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/mega-linter.yml 22ms (unchanged)
megalinter/descriptors/action.megalinter-descriptor.yml 5ms (unchanged)
megalinter/descriptors/ansible.megalinter-descriptor.yml 18ms (unchanged)
megalinter/descriptors/api.megalinter-descriptor.yml 13ms (unchanged)
megalinter/descriptors/arm.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/bash.megalinter-descriptor.yml 26ms (unchanged)
megalinter/descriptors/bicep.megalinter-descriptor.yml 7ms (unchanged)
megalinter/descriptors/c.megalinter-descriptor.yml 14ms (unchanged)
megalinter/descriptors/clojure.megalinter-descriptor.yml 23ms (unchanged)
megalinter/descriptors/cloudformation.megalinter-descriptor.yml 5ms (unchanged)
megalinter/descriptors/coffee.megalinter-descriptor.yml 3ms (unchanged)
megalinter/descriptors/copypaste.megalinter-descriptor.yml 4ms (unchanged)
megalinter/descriptors/cpp.megalinter-descriptor.yml 16ms (unchanged)
megalinter/descriptors/csharp.megalinter-descriptor.yml 23ms (unchanged)
megalinter/descriptors/css.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/dart.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/dockerfile.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/editorconfig.megalinter-descriptor.yml 3ms (unchanged)
megalinter/descriptors/env.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/gherkin.megalinter-descriptor.yml 2ms (unchanged)
megalinter/descriptors/go.megalinter-descriptor.yml 9ms (unchanged)
megalinter/descriptors/graphql.megalinter-descriptor.yml 3ms (unchanged)
megalinter/descriptors/groovy.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/html.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/java.megalinter-descriptor.yml 13ms (unchanged)
megalinter/descriptors/javascript.megalinter-descriptor.yml 23ms (unchanged)
megalinter/descriptors/json.megalinter-descriptor.yml 32ms (unchanged)
megalinter/descriptors/jsx.megalinter-descriptor.yml 15ms (unchanged)
megalinter/descriptors/kotlin.megalinter-descriptor.yml 15ms (unchanged)
megalinter/descriptors/kubernetes.megalinter-descriptor.yml 14ms (unchanged)
megalinter/descriptors/latex.megalinter-descriptor.yml 3ms (unchanged)
megalinter/descriptors/lua.megalinter-descriptor.yml 26ms (unchanged)
megalinter/descriptors/makefile.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/markdown.megalinter-descriptor.yml 48ms (unchanged)
megalinter/descriptors/perl.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/php.megalinter-descriptor.yml 59ms (unchanged)
megalinter/descriptors/powershell.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/protobuf.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/puppet.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/python.megalinter-descriptor.yml 76ms (unchanged)
megalinter/descriptors/r.megalinter-descriptor.yml 10ms (unchanged)
megalinter/descriptors/raku.megalinter-descriptor.yml 4ms (unchanged)
megalinter/descriptors/repository.megalinter-descriptor.yml 93ms (unchanged)
megalinter/descriptors/robotframework.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/rst.megalinter-descriptor.yml 18ms (unchanged)
megalinter/descriptors/ruby.megalinter-descriptor.yml 14ms (unchanged)
megalinter/descriptors/rust.megalinter-descriptor.yml 12ms (unchanged)
megalinter/descriptors/salesforce.megalinter-descriptor.yml 92ms (unchanged)
megalinter/descriptors/scala.megalinter-descriptor.yml 7ms (unchanged)
megalinter/descriptors/snakemake.megalinter-descriptor.yml 13ms (unchanged)
megalinter/descriptors/spell.megalinter-descriptor.yml 15ms (unchanged)
megalinter/descriptors/sql.megalinter-descriptor.yml 12ms (unchanged)
megalinter/descriptors/swift.megalinter-descriptor.yml 4ms (unchanged)
megalinter/descriptors/tekton.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/terraform.megalinter-descriptor.yml 18ms (unchanged)
megalinter/descriptors/tsx.megalinter-descriptor.yml 14ms (unchanged)
megalinter/descriptors/typescript.megalinter-descriptor.yml 29ms (unchanged)
megalinter/descriptors/vbdotnet.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/xml.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/yaml.megalinter-descriptor.yml 17ms (unchanged)
server/docker-compose-dev.yml 3ms (unchanged)
server/docker-compose.yml 8ms (unchanged)
trivy-secret.yaml 1ms (unchanged)

(Truncated to last 5714 characters out of 11507)

⚠️ YAML / yamllint - 31 errors

mega-linter-runner/.eslintrc.yml
  11:9      warning  too few spaces inside empty braces  (braces)

mega-linter-runner/generators/mega-linter-custom-flavor/templates/megalinter-custom-flavor.yml
  7:1       error    syntax error: could not find expected ':' (syntax)

megalinter/descriptors/copypaste.megalinter-descriptor.yml
  18:301    warning  line too long (313 > 300 characters)  (line-length)

megalinter/descriptors/javascript.megalinter-descriptor.yml
  234:301   warning  line too long (307 > 300 characters)  (line-length)

megalinter/descriptors/markdown.megalinter-descriptor.yml
  74:301    warning  line too long (366 > 300 characters)  (line-length)

megalinter/descriptors/perl.megalinter-descriptor.yml
  26:301    warning  line too long (310 > 300 characters)  (line-length)

megalinter/descriptors/php.megalinter-descriptor.yml
  149:301   warning  line too long (389 > 300 characters)  (line-length)
  163:301   warning  line too long (302 > 300 characters)  (line-length)

megalinter/descriptors/repository.megalinter-descriptor.yml
  155:301   warning  line too long (408 > 300 characters)  (line-length)
  268:301   warning  line too long (306 > 300 characters)  (line-length)
  273:301   warning  line too long (321 > 300 characters)  (line-length)
  450:301   warning  line too long (338 > 300 characters)  (line-length)
  518:301   warning  line too long (306 > 300 characters)  (line-length)
  568:301   warning  line too long (316 > 300 characters)  (line-length)
  818:301   warning  line too long (1263 > 300 characters)  (line-length)
  883:301   warning  line too long (879 > 300 characters)  (line-length)
  897:301   warning  line too long (358 > 300 characters)  (line-length)
  953:301   warning  line too long (346 > 300 characters)  (line-length)
  960:301   warning  line too long (307 > 300 characters)  (line-length)

megalinter/descriptors/salesforce.megalinter-descriptor.yml
  51:301    warning  line too long (359 > 300 characters)  (line-length)
  295:301   warning  line too long (359 > 300 characters)  (line-length)

megalinter/descriptors/spell.megalinter-descriptor.yml
  149:301   warning  line too long (315 > 300 characters)  (line-length)

megalinter/descriptors/sql.megalinter-descriptor.yml
  64:301    warning  line too long (319 > 300 characters)  (line-length)

megalinter/descriptors/terraform.megalinter-descriptor.yml
  27:301    warning  line too long (330 > 300 characters)  (line-length)
  86:301    warning  line too long (391 > 300 characters)  (line-length)
  142:301   warning  line too long (346 > 300 characters)  (line-length)
  199:301   warning  line too long (328 > 300 characters)  (line-length)

megalinter/descriptors/typescript.megalinter-descriptor.yml
  225:301   warning  line too long (314 > 300 characters)  (line-length)

mkdocs.yml
  8:301     warning  line too long (552 > 300 characters)  (line-length)
  66:5      warning  wrong indentation: expected 6 but found 4  (indentation)
  78:5      warning  wrong indentation: expected 6 but found 4  (indentation)

✅ Linters with no issues

black, checkov, cspell, flake8, git_diff, hadolint, isort, jscpd, jsonlint, markdown-table-formatter, mypy, npm-groovy-lint, pylint, ruff, secretlint, shellcheck, shfmt, spectral, syft, trivy, trivy-sbom, trufflehog, v8r, v8r, xmllint

See detailed reports in MegaLinter artifacts

Show us your support by starring ⭐ the repository