Releases: oxsecurity/megalinter
Releases · oxsecurity/megalinter
v8.8.0
What's Changed
-
Core
-
Linters enhancements
-
Fixes
-
Doc
- Display hash as plain text in markdown, by @johndutchover in #5420
-
Flavors
-
CI
-
Linter versions upgrades (50)
- ansible-lint from 25.4.0 to 25.5.0
- bicep_linter from 0.35.1 to 0.36.1
- cfn-lint from 1.34.2 to 1.36.0
- checkstyle from 10.23.1 to 10.25.0
- clippy from 0.1.86 to 0.1.87
- clj-kondo from 2025.04.07 to 2025.06.05
- csharpier from 1.0.1 to 1.0.2
- cspell from 8.19.4 to 9.1.1
- dartanalyzer from 3.7.3 to 3.8.1
- devskim from 1.0.56 to 1.0.59
- dotnet-format from 9.0.105 to 9.0.106
- editorconfig-checker from 3.2.1 to 3.3.0
- gitleaks from 8.25.1 to 8.27.2
- golangci-lint from 2.1.5 to 2.1.6
- grype from 0.91.2 to 0.94.0
- htmlhint from 1.1.4 to 1.5.1
- kics from 2.1.7 to 2.1.10
- ktlint from 1.5.0 to 1.6.0
- kubeconform from 0.6.7 to 0.7.0
- lightning-flow-scanner from 3.8.0 to 3.23.0
- ls-lint from 2.3.0 to 2.3.1
- markdownlint from 0.44.0 to 0.45.0
- mypy from 1.15.0 to 1.16.0
- npm-groovy-lint from 15.1.0 to 15.2.0
- phpcs from 3.12.2 to 3.13.1
- phpstan from 2.1.14 to 2.1.17
- pmd from 7.13.0 to 7.14.0
- protolint from 0.54.1 to 0.55.6
- psalm from Psalm.6.10.2@ to Psalm.6.12.0@
- pylint from 3.3.6 to 3.3.7
- pyright from 1.1.400 to 1.1.402
- revive from 1.9.0 to 1.10.0
- rstcheck from 6.2.4 to 6.2.5
- rubocop from 1.75.4 to 1.76.1
- ruff from 0.11.8 to 0.11.13
- ruff-format from 0.11.8 to 0.11.13
- scalafix from 0.14.2 to 0.14.3
- secretlint from 9.3.2 to 10.1.0
- semgrep from 3.12 to 3.13
- sfdx-scanner-apex from 4.11.0 to 4.12.0
- sfdx-scanner-aura from 4.11.0 to 4.12.0
- sfdx-scanner-lwc from 4.11.0 to 4.12.0
- snakemake from 8.27.1 to 9.5.1
- sqlfluff from 3.4.0 to 3.4.1
- stylelint from 16.19.1 to 16.20.0
- syft from 1.23.1 to 1.27.1
- terraform-fmt from 1.11.4 to 1.12.2
- terragrunt from 0.78.0 to 0.81.6
- tflint from 0.57.0 to 0.58.0
- trivy from 0.62.0 to 0.63.0
- trivy-sbom from 0.62.0 to 0.63.0
- trufflehog from 3.88.27 to 3.89.1
- v8r from 4.4.0 to 5.0.0
New Contributors
- @johndutchover made their first contribution in #5420
Full Changelog: v8.7.0...v8.8.0
Contributors
bdovaz, johndutchover, and nvuillam
Assets 2
v8.7.0
What's Changed
-
Core
-
Linters enhancements
-
Fixes
-
Linter versions upgrades (27)
- ansible-lint from 25.2.1 to 25.4.0
- bicep_linter from 0.34.44 to 0.35.1
- cfn-lint from 1.34.1 to 1.34.2
- checkov from 3.2.404 to 3.2.413
- checkstyle from 10.23.0 to 10.23.1
- csharpier from 0.30.6 to 1.0.1
- cspell from 8.19.2 to 8.19.4
- gitleaks from 8.24.3 to 8.25.1
- golangci-lint from 1.64.8 to 2.1.5
- lightning-flow-scanner from 3.4.0 to 3.8.0
- phpstan from 2.1.12 to 2.1.14
- pmd from 7.12.0 to 7.13.0
- powershell from 7.5.0 to 7.5.1
- protolint from 0.53.0 to 0.54.1
- psalm from 6.10.1 to 6.10.2
- rubocop from 1.75.3 to 1.75.4
- ruff from 0.11.6 to 0.11.8
- ruff-format from 0.11.6 to 0.11.8
- secretlint from 9.3.1 to 9.3.2
- stylelint from 16.19.0 to 16.19.1
- terragrunt from 0.77.22 to 0.78.0
- tflint from 0.56.0 to 0.57.0
- trivy from 0.61.1 to 0.62.0
- trivy-sbom from 0.61.1 to 0.62.0
- v8r from 4.3.0 to 4.4.0
- yamllint from 1.37.0 to 1.37.1
Full Changelog: v8.6.0...v8.7.0
Contributors
bdovaz and nvuillam
Assets 2
v8.6.0
What's Changed
-
Core
- New config property ENABLE_ERRORS_LINTERS. If set, only the listed linters will be considered as blocking
-
New linters
-
Media
-
Linters enhancements
- editorconfig_checker Changes default EditorConfig-Checker config filename by @llaville in #5061
- TruffleHog: Ignore .git by default if not already done using --exclude-paths option
-
Fixes
-
Doc
- Add j2lint to plugins, by @wesley-dean in #5151
- Add fmlint (frontmatter linter) to plugins list by @wesley-dean in #5257
- Remove trailing spaces by @parkerbxyz in #5185
-
CI
- Initial Renovate automerge configuration, by @echoix in #5057
- Set update schedule for checkov updates, by @echoix in #5064
- Always upgrade packages from base image for updated security fixes, by @echoix in #5152
- build-command: Unshallow pull or full pull before committing changes, by @echoix in #5201
-
Linter versions upgrades (50)
- ansible-lint from 25.1.3 to 25.2.1
- bicep_linter from 0.34.1 to 0.34.44
- cfn-lint from 1.32.0 to 1.34.1
- checkov from 3.2.390 to 3.2.404
- checkstyle from 10.21.4 to 10.23.0
- clippy from 0.1.85 to 0.1.86
- clj-kondo from 2025.02.20 to 2025.04.07
- cpplint from 2.0.0 to 2.0.2
- cspell from 8.17.5 to 8.19.2
- dartanalyzer from 3.7.2 to 3.7.3
- devskim from 1.0.52 to 1.0.56
- dotnet-format from 9.0.104 to 9.0.105
- flake8 from 7.1.2 to 7.2.0
- gitleaks from 8.24.2 to 8.24.3
- grype from 0.90.0 to 0.91.2
- kics from 2.1.6 to 2.1.7
- kubescape from 3.0.32 to 3.0.34
- lightning-flow-scanner from 3.2.0 to 3.4.0
- ls-lint from 2.2.3 to 2.3.0
- phplint from 9.5.6 to 9.6.2
- php-cs-fixer from 3.73.1 to 3.75.0
- phpcs from 3.12.0 to 3.12.2
- phpstan from 2.1.8 to 2.1.12
- pmd from 7.11.0 to 7.12.0
- psalm from Psalm.6.9.4@ to Psalm.6.10.1@
- pyright from 1.1.397 to 1.1.400
- revive from 1.7.0 to 1.9.0
- rubocop from 1.74.0 to 1.75.3
- ruff from 0.11.2 to 0.11.6
- ruff-format from 0.11.2 to 0.11.6
- secretlint from 9.2.0 to 9.3.1
- sfdx-scanner-apex from 4.10.0 to 4.11.0
- sfdx-scanner-aura from 4.10.0 to 4.11.0
- sfdx-scanner-lwc from 4.10.0 to 4.11.0
- spectral from 6.14.3 to 6.15.0
- sqlfluff from 3.3.1 to 3.4.0
- stylelint from 16.16.0 to 16.19.0
- swiftlint from 0.58.2 to 0.59.1
- syft from 1.21.0 to 1.23.1
- terraform-fmt from 1.11.2 to 1.11.4
- terragrunt from 0.76.6 to 0.77.22
- tflint from 0.55.1 to 0.56.0
- trivy from 0.60.0 to 0.61.1
- trivy-sbom from 0.60.0 to 0.61.1
- trufflehog from 3.88.18 to 3.88.25
- v8r from 4.2.1 to 4.3.0
- vale from 3.9.4 to 3.11.2
- yamllint from 1.36.2 to 1.37.0
Full Changelog: v8.5.0...v8.6.0
Contributors
llaville, bdovaz, and 4 other contributors
Assets 2
v8.5.0
What's Changed
-
Core
-
Linters enhancements
- kubescape Remove downgraded_version from kubescape, by @bdovaz in #4712
- npm-groovy-lint: Undowngrade npm-groovy-lint as there is a new release with issue fixed by @nvuillam in #4834
- syft: Add SBOM file by default in report folder + remove useless debug statement
- trivy-sbom: Add SBOM file by default in report folder + remove useless debug statement
-
Fixes
- Use npm to install pyright
- Undowngrade npm-groovy-lint as there is a new release with issue fix
- jscpd: remove forced
--exitCode 1to fix #4631 - Use --with-all-dependencies to install phpcs-fixer, by @nvuillam in #4672
- Remove Composer config PHP 8.3 compatibily platform for PSALM 6.0, by @llaville in #4930
- Fix lychee upgrade issue (lycheeignore upgrade), by @wesley-dean in #4964
-
Doc
- Remove reference to R2DevOps jobs as it has been discontinued (see #4678)
- Improve contributing doc by adding reference to
source .venv/Scripts/activateon Windows - Better apk package url, by @bdovaz in #4707
- Better package version docs, by @bdovaz in #4721
- Correct default SARIF_REPORTER_FILE_NAME, by @yxtay in #4783
- Use github private email for megalinter-bot, by @yxtay in #4786
- Update plugins.md to add raw link to JSON schema, by @wesley-dean in #4932
-
Flavors
- Add syft in all flavors
-
CI
-
Plugins
- Add docker-compose-linter (dclint) to plugins list, by @wesley-dean in #4962
- Add repolinter to the list of plugins, by @wesley-dean in #4972
-
Linter versions upgrades (55)
- ansible-lint from 25.1.1 to 25.1.3
- bandit from 1.8.2 to 1.8.3
- bicep_linter from 0.33.13 to 0.34.1
- cfn-lint from 1.22.7 to 1.32.0
- checkov from 3.2.360 to 3.2.390
- checkstyle from 10.21.2 to 10.21.4
- clippy from 0.1.84 to 0.1.85
- clj-kondo from 2025.01.16 to 2025.02.20
- cspell from 8.17.3 to 8.17.5
- dartanalyzer from 3.6.2 to 3.7.2
- detekt from 1.23.7 to 1.23.8
- dotnet-format from 9.0.102 to 9.0.104
- editorconfig-checker from 3.2.0 to 3.2.1
- flake8 from 7.1.1 to 7.1.2
- gitleaks from 8.23.3 to 8.24.2
- golangci-lint from 1.63.4 to 1.64.8
- grype from 0.87.0 to 0.90.0
- isort from 6.0.0 to 6.0.1
- kics from 2.1.3 to 2.1.6
- kubescape from 2.9.0 to 3.0.32
- lightning-flow-scanner from 2.43.0 to 3.2.0
- mypy from 1.14.1 to 1.15.0
- npm-groovy-lint from 15.0.0 to 15.1.0
- php-cs-fixer from 3.68.5 to 3.73.1
- phpcs from 3.11.3 to 3.12.0
- phpstan from 2.1.2 to 2.1.8
- pmd from 7.9.0 to 7.11.0
- prettier from 3.4.2 to 3.5.3
- protolint from 0.52.0 to 0.53.0
- psalm from Psalm.6.1.0@ to Psalm.6.9.4@
- puppet-lint from 4.2.4 to 4.3.0
- pylint from 3.3.4 to 3.3.6
- pyright from 1.1.393 to 1.1.397
- revive from 1.6.0 to 1.7.0
- roslynator from 0.10.0.0 to 0.10.1.0
- rubocop from 1.71.0 to 1.74.0
- ruff-format from 0.9.4 to 0.11.2
- ruff from 0.9.4 to 0.11.2
- scalafix from 0.14.0 to 0.14.2
- secretlint from 9.0.0 to 9.2.0
- sfdx-scanner-apex from 4.9.0 to 4.10.0
- sfdx-scanner-aura from 4.9.0 to 4.10.0
- sfdx-scanner-lwc from 4.9.0 to 4.10.0
- shfmt from 3.10.0 to 3.11.0
- snakefmt from 0.10.2 to 0.11.0
- spectral from 6.14.2 to 6.14.3
- sqlfluff from 3.3.0 to 3.3.1
- stylelint from 16.14.1 to 16.16.0
- syft from 1.19.0 to 1.21.0
- terraform-fmt from 1.10.3 to 1.11.2
- terragrunt from 0.71.1 to 0.76.6
- trivy-sbom from 0.59.0 to 0.60.0
- trivy from 0.59.0 to 0.60.0
- trufflehog from 3.88.4 to 3.88.14
- yamllint from 1.35.1 to 1.36.2
New Contributors
Full Changelog: v8.4.2...v8.5.0
Contributors
llaville, bdovaz, and 3 other contributors
Assets 2
v8.4.2
What's Changed
-
Media
- New video (Brazilian) MegaLinter: Como Automatizar a Qualidade do Código para Todas Plataformas , by Codando TV
-
Fixes
- Fix .NET linters issue: Add --allow-roll-forward to dotnet tool install commands, by @bdovaz in #4619
- GH-4610 : PHP CS Fixer linter version available is not correct since running on PHP 8.4 runtime, by @llaville in #4611
- Allow cspell to work with CLI_LINT_MODE=project
- Downgrade npm-groovy-lint until it's fixed, by @nvuillam in #4628
-
Linter versions upgrades (31)
- ansible-lint from 25.1.0 to 25.1.1
- black from 24.10.0 to 25.1.0
- cfn-lint from 1.22.7 to 1.23.1
- checkov from 3.2.357 to 3.2.360
- cspell from 8.17.2 to 8.17.3
- dartanalyzer from 3.6.1 to 3.6.2
- devskim from 1.0.51 to 1.0.52
- editorconfig-checker from 3.1.2 to 3.2.0
- gitleaks from 8.23.2 to 8.23.3
- isort from 5.13.2 to 6.0.0
- lightning-flow-scanner from 2.39.0 to 2.43.0
- npm-groovy-lint from 15.0.2 to 15.0.0
- php-cs-fixer from 3.68.0 to 3.68.5
- powershell from 7.4.6 to 7.5.0
- powershell_formatter from 7.4.6 to 7.5.0
- psalm from Psalm.6.0.0@ to Psalm.6.1.0@
- pylint from 3.3.3 to 3.3.4
- pyright from 1.1.392 to 1.1.393
- raku from 2024.10 to 2024.12
- roslynator from 0.9.3.0 to 0.10.0.0
- rubocop from 1.71.0 to 1.71.1
- ruff-format from 0.9.3 to 0.9.4
- ruff from 0.9.3 to 0.9.4
- sfdx-scanner-apex from 4.8.0 to 4.9.0
- sfdx-scanner-aura from 4.8.0 to 4.9.0
- sfdx-scanner-lwc from 4.8.0 to 4.9.0
- tflint from 0.55.0 to 0.55.1
- trivy-sbom from 0.58.2 to 0.59.0
- trivy from 0.58.2 to 0.59.0
- trufflehog from 3.88.2 to 3.88.4
Full Changelog: v8.4.1...v8.4.2
Contributors
llaville, bdovaz, and nvuillam
Assets 2
v8.4.1
What's Changed
- Quick fix about PRE_COMMANDS crash (see #4591)
- Linter versions upgrades (2)
- checkstyle from 10.21.1 to 10.21.2 on 2025-01-26
- stylelint from 16.14.0 to 16.14.1 on 2025-01-27
Important: We know that .NET linters still have issues, but first things first, we'll publish another patch later :)
Full Changelog:
v8.4.0...v8.4.1
v8.4.0
What's Changed
-
Core
- PHP Linters use now the
bartlett/sarif-php-convertersfirst official release 1.0.0 to generate SARIF reports, by @llaville in #4357 - Upgrade PHP engine from 8.3 to 8.4 and allow Psalm 5.26 to run on this context (by @llaville)
- Linters can specify in the pre/post commands with a
run_before_linters/run_after_lintersparameter whether the command is to be executed before/after the execution of the linters themselves (by @bdovaz in #4482) - Bump python version to 3.12.8, by @echoix in #4372
- Update to .NET 9, by @bdovaz in #4488
- Upgrade PHP engine from 8.3 to 8.4, by @llaville in #4524
- PHP Linters use now the
-
New linters
-
Disabled linters
- Snakemake has been disabled, because its dependency datrie not maintained, and issue open in snakemake repo since july is still pending
-
Linters enhancements
-
Plugins
- Add prettier for markdown, by Qin Li
-
Fixes
- swiftlint Fix swiftlint error where linter is unable to find lintable files. Fixes #440, by @Noraldeno in #4427
- jscpd url fixes, by @alexanderbazhenoff in #4352
- Don't call get_pr_data if GitLeaks linter is not active, by @bdovaz in #4469
- Fix linter disabled reason usage, by @bdovaz in #4466
-
Doc
-
CI
- Fix up gitpod config and workflow to support uv 0.5.0+ by @echoix in #4373
- Use uv.lock file to build docker images, by @echoix in #4374
- Update Renovate schedules for uv and sfdx-hardis, by @echoix in #4568
- Variabilize version and use renovate for updates for the following linters:
- all GO linters
- all REPOSITORY linters
- arm-ttk
- bash-shfmt
- bicep
- clj-kondo
- cljstyle
- csharpier
- dart
- ktlint
- kubescape
- lychee
- luacheck
- markdown-link-check
- perlcritic
- raku
- tsqllint
-
Linter versions upgrades (66)
- actionlint from 1.7.6 to 1.7.7
- ansible-lint from 24.12.2 to 25.1.0
- banditto 1.8.2
- bash-exec from 5.2.26 to 5.2.37
- bicep_linter from to 0.33.13
- cfn-lint 1.22.7
- checkov from to 3.2.357
- checkstyle from 10.20.1 to 10.21.1
- clang-format from 17.0.6 to 19.1.4
- clippy 0.1.84
- clj-kondo from 2024.11.14 to 2025.01.16
- cljstyle from 0.15.0 to 0.17.642
- csharpier from 0.30.2 to 0.30.6
- cspell from 8.16.0 to 8.17.2
- devskim from 1.0.44 to 1.0.51
- djlint from 1.36.1 to 1.36.4
- dotnet-format from 8.0.111 to 9.0.102
- editorconfig-checker from 3.0.3 to 3.1.2
- git_diff from 2.45.2 to 2.47.2
- gitleaks from 8.21.2 to 8.23.2
- golangci-lint from 1.62.0 to 1.63.4
- grype from 0.79.5 to 0.87.0
- helm from 3.14.3 to 3.16.3
- ktlint from 1.4.1 to 1.5.0
- lightning-flow-scanner from 2.36.0 to 2.39.0
- lychee from 0.17.0 to 0.18.0
- markdownlint from 0.43.0 to 0.44.0
- mypy from 1.13.0 to 1.14.0
- mypy from 1.14.0 to 1.14.1
- php-cs-fixer from 3.64.0 to 7.4.0
- phpcs from 3.11.1 to 3.11.3
- phplint from 9.5.4 to 9.5.6
- phpstan from 2.0.2 to 2.1.2
- pmd from 7.7.0 to 7.9.0
- powershell from 7.4.2 to 7.4.6
- powershell_formatter from 7.4.2 to 7.4.6
- prettier from 3.3.3 to 3.4.2
- protolint from 0.50.5 to 0.52.0
- psalm from Psalm.5.26.1@ to Psalm.6.0.0@
- pylint from 3.3.1 to 3.3.3
- pyright from 1.1.389 to 1.1.392
- raku from 2020.10 to 2024.10
- revive from 1.5.1 to 1.6.0
- rubocop from 1.68.0 to 1.71.0
- ruff-format from 0.8.6 to 0.9.3
- ruff from 0.8.0 to 0.9.3
- scalafix from 0.13.0 to 0.14.0
- selene from 0.27.1 to 0.28.0
- sfdx-scanner-apex from 4.7.0 to 4.8.0
- sfdx-scanner-aura from 4.7.0 to 4.8.0
- sfdx-scanner-lwc from 4.7.0 to 4.8.0
- snakemake from 8.25.3 to 8.27.1
- sqlfluff from 3.2.5 to 3.3.0
- stylelint from 16.10.0 to 16.14.0
- swiftlint from 0.57.0 to 0.58.2
- syft from 1.17.0 to 1.19.0
- terraform-fmt from 1.10.0 to 1.10.3
- terraform-fmt from 1.9.8 to 1.10.0
- terragrunt from 0.68.14 to 0.69.13
- tflint from 0.54.0 to 0.55.0
- trivy-sbom from 0.57.1 to 0.58.2
- trivy from 0.57.1 to 0.58.2
- trufflehog from 3.84.1 to 3.88.2
- v8r from 4.2.0 to 4.2.1
- vale from 3.9.1 to 3.9.4
- xmllint from 21207 to 21304
New Contributors
- @alexanderbazhenoff made their first contribution in #4352
- @Noraldeno made their first contribution in #4427
Full Changelog: v8.3.0...v8.4.0
Contributors
llaville, bdovaz, and 4 other contributors
Assets 2
v8.3.0
What's Changed
-
Core
- Display command log (truncated to 250 chars) even when LOG_LEVEL is not DEBUG
- Allow to replace an ENV var value with the value of another ENV var before calling a PRE_COMMAND (helps for tflint run from GitHub Enterprise)
- Fix handling of git submodule paths
-
Fixes
- trivy: retry in case of BLOB_UNKNOWN while downloading vulnerability list
-
Reporters
- Fix UpdatedSourcesReporter when
APPLY_FIXESis list (array) - Fix AzureCommentReporter when the repo is not found: fallback using BUILD_REPOSITORY_ID. (+ disable space replacement in repo name with
AZURE_COMMENT_REPORTER_REPLACE_WITH_SPACES: false)
- Fix UpdatedSourcesReporter when
-
CI
- Fix Docker mirroring job for release context
- Remove max parallel jobs for release linters workflow
-
Linter versions upgrades (13)
- cfn-lint from 1.19.0 to 1.20.0
- checkov from 3.2.298 to 3.2.311
- csharpier from 0.29.2 to 0.30.2
- markdownlint from 0.42.0 to 0.43.0
- phpstan from 2.0.1 to 2.0.2
- ruff from 0.7.4 to 0.8.0
- spectral from 6.14.1 to 6.14.2
- stylua from 0.20.0 to 2.0.0
- syft from 1.16.0 to 1.17.0
- trivy-sbom from 0.57.0 to 0.57.1
- trivy from 0.57.0 to 0.57.1
- trufflehog from 3.83.7 to 3.84.1
- vale from 3.9.0 to 3.9.1
MegaLinter is graciously provided by
Please share the LinkedIn Post
Full Changelog: v8.2.0...v8.3.0
v8.2.0
What's Changed
-
Media
-
Linters enhancements
- detekt Enable SARIF output + count errors
- lintr: Support files in subdirectories, fix unit tests
- phpcs-fixer: Activate APPLY_FIXES
- Salesforce linters: Add SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins
- trivy: handle retry if
failed to download Java DBis detected - tsqllint Re-enabled after .net 8 and security updates
-
Fixes
- Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered
- Fix linting errors in GitHub Actions template
-
Reporters
- UpdatedSourcesReporter will git commit & push fixed files to source branch if APPLY_FIXES is set
- Fix AzureCommentReporter not adding comments to PR
- Fix AzureCommentReporter fails when target repo contains spaces
-
Doc
- Updated documentation with Azure central pipeline use case
- Update DevSkim documentation to show a valid exclusion config file
- Note about
riskyrules and how to fix rule violations with PHP-CS-Fixer
-
CI
- Also prune volumes before pulling and pushing to docker hub
- Externalize mirroring from ghcr.io to docker hub in another workflow to avoid memory issues
- Squash docker images to have less layers and size
- Comment jobs related to GitHub Worker images, as CodeTotal is not actively maintained
- Make gitpod workflow not blocking until uv install is fixed
- Update stale comment
- Try several times to embed trivy db during Docker build, as a workaround to the random failures
- Wait 10 secondes instead of 1 before retrying a failing test method, to avoid race conditions
-
Linter versions upgrades (104)
- actionlint from 1.7.3 to 1.7.4
- ansible-lint from 24.9.2 to 24.10.0
- bicep_linter from 0.30.23 to 0.31.92
- cfn-lint from 1.16.1 to 1.19.0
- checkov from 3.2.257 to 3.2.298
- checkstyle from 10.18.2 to 10.20.1
- clippy from 0.1.81 to 0.1.82
- clj-kondo from 2024.09.27 to 2024.11.14
- cspell from 8.15.1 to 8.16.0
- devskim from 1.0.33 to 1.0.44
- djlint from 1.35.2 to 1.36.1
- dotnet-format from 8.0.110 to 8.0.111
- gitleaks from 8.20.1 to 8.21.2
- golangci-lint from 1.61.0 to 1.62.0
- ktlint from 1.3.1 to 1.4.1
- lightning-flow-scanner from 2.34.0 to 2.36.0
- lychee from 0.16.1 to 0.17.0
- mypy from 1.11.2 to 1.13.0
- perlcritic from 1.152 to 1.156
- phpcs from 3.10.3 to 3.11.1
- phplint from 9.5.3 to 9.5.4
- phpstan from 1.12.6 to 2.0.1
- pmd from 7.6.0 to 7.7.0
- pyright from 1.1.384 to 1.1.389
- revive from 1.4.0 to 1.5.1
- roslynator from 0.9.1.0 to 0.9.3.0
- rubocop from 1.66.1 to 1.68.0
- ruff from 0.6.9 to 0.7.4
- secretlint from 8.4.0 to 9.0.0
- sfdx-scanner-apex from 4.6.0 to 4.7.0
- sfdx-scanner-aura from 4.6.0 to 4.7.0
- sfdx-scanner-lwc from 4.6.0 to 4.7.0
- shfmt from 3.9.0 to 3.10.0
- snakemake from 8.21.0 to 8.25.3
- spectral from 6.13.1 to 6.14.1
- sqlfluff from 3.2.3 to 3.2.5
- syft from 1.14.0 to 1.16.0
- terraform-fmt from 1.9.5 to 1.9.8
- terragrunt from 0.67.5 to 0.68.14
- tflint from 0.53.0 to 0.54.0
- trivy-sbom from 0.56.2 to 0.57.0
- trivy from 0.56.2 to 0.57.0
- trufflehog from 3.82.11 to 3.83.7
- tsqllint from 1.15.3.0 to 1.16.0.0
- v8r from 4.1.0 to 4.2.0
- vale from 3.7.1 to 3.9.0
New Contributors
- @ideaship made their first contribution in #4126
- @girlpunk made their first contribution in #4129
- @nwiltsie made their first contribution in #4235
- @mihaur made their first contribution in #4104
MegaLinter is graciously provided by
Please share the LinkedIn Post
Full Changelog: v8.1.0...v8.2.0
Contributors
girlpunk, nwiltsie, and 2 other contributors
Assets 2
v8.1.0
What's Changed
-
Core
-
New linters
- New LUA linter: selene, by @AlejandroSuero in #3978
- New LUA formatter: stylua, by @AlejandroSuero in #3985
-
Linters enhancements
- Trivy
- Embed vulnerability database in Docker Image for running trivy on internet-free network
- Retry 5 times after 3 seconds in case of TooManyRequests when downloading vulnerability database
- If the retries did not succeed, call trivy with
--skip-db-update --skip-check-update(not ideal but better than nothing)
- Bash/Perl: Support shell scripts with no extension and only support perl shebangs at the beginning of a file in #4076
- Trivy
-
Fixes
- Add debug traces to investigate reporters activation
- Add more traces for ApiReporter
- Activate ApiReporter by default
-
Reporters
- Fix ApiReporter not called in MegaLlinter flavors
-
Doc
- Fix Grafana Home Dashboard to add missing criteria
- Update PRE_COMMANDS documentation to describe all properties
- Update Grafana documentation to fix secrets typo
-
CI
- Free space in release job to avoid no space left on device, by @nvuillam in #3914
- Add
pytest-rerunfailuresto improve CI control jobs success, by @AlejandroSuero in #3993 - Send GITHUB_TOKEN to trivy-action
- Workaround to avoid to reach Docker Hub rate limits: Build & push first on ghcr.io, then login to docker hub, then push to docker hub
-
Linter versions upgrades
- actionlint from 1.7.1 to 1.7.3 on 2024-09-29
- ansible-lint from 24.7.0 to 24.9.2 on 2024-09-20
- bandit from 1.7.9 to 1.7.10 on 2024-09-23
- bicep_linter from 0.29.47 to 0.30.23 on 2024-09-24
- black from 24.8.0 to 24.10.0 on 2024-10-07
- cfn-lint from 1.10.3 to 1.16.1 on 2024-10-11
- checkov from 3.2.232 to 3.2.257 on 2024-10-06
- checkstyle from 10.17.0 to 10.18.2 on 2024-09-29
- clippy from 0.1.80 to 0.1.81 on 2024-09-06
- clj-kondo from 2024.08.01 to 2024.09.27 on 2024-09-26
- cpplint from 1.6.1 to 2.0.0 on 2024-10-06
- csharpier from 0.29.0 to 0.29.2 on 2024-09-16
- cspell from 8.14.1 to 8.15.1 on 2024-10-11
- detekt from 1.23.6 to 1.23.7 on 2024-09-08
- djlint from 1.34.1 to 1.35.2 on 2024-08-29
- dotnet-format from 8.0.108 to 8.0.110 on 2024-10-11
- eslint from 8.57.0 to 8.57.1 on 2024-09-16
- gitleaks from 8.18.4 to 8.20.1 on 2024-10-08
- golangci-lint from 1.60.1 to 1.61.0 on 2024-09-09
- kics from 2.1.2 to 2.1.3 on 2024-10-04
- lightning-flow-scanner from 2.33.0 to 2.34.0 on 2024-08-25
- lychee from 0.15.1 to 0.16.1 on 2024-10-07
- markdownlint from 0.41.0 to 0.42.0 on 2024-09-24
- mypy from 1.11.1 to 1.11.2 on 2024-08-25
- npm-groovy-lint from 14.6.0 to 15.0.2 on 2024-08-29
- php-cs-fixer from 3.62.0 to 3.64.0 on 2024-08-31
- phpcs from 3.10.2 to 3.10.3 on 2024-09-20
- phplint from 9.4.1 to 9.5.3 on 2024-10-11
- phpstan from 1.11.11 to 1.12.6 on 2024-10-06
- pmd from 7.4.0 to 7.6.0 on 2024-09-27
- psalm from Psalm.5.25.0@ to Psalm.5.26.1@ on 2024-09-09
- pylint from 3.2.6 to 3.3.1 on 2024-09-24
- pyright from 1.1.376 to 1.1.384 on 2024-10-11
- revive from 1.3.9 to 1.4.0 on 2024-09-23
- roslynator from 0.8.9.0 to 0.9.1.0 on 2024-10-11
- rubocop from 1.65.1 to 1.66.1 on 2024-09-06
- ruff from 0.6.1 to 0.6.9 on 2024-10-04
- scalafix from 0.12.1 to 0.13.0 on 2024-09-27
- secretlint from 8.2.4 to 8.4.0 on 2024-10-06
- sfdx-scanner-apex from 4.4.0 to 4.6.0 on 2024-09-26
- sfdx-scanner-aura from 4.4.0 to 4.6.0 on 2024-09-26
- sfdx-scanner-lwc from 4.4.0 to 4.6.0 on 2024-09-26
- shfmt from 3.8.0 to 3.9.0 on 2024-09-03
- snakemake from 8.18.1 to 8.21.0 on 2024-10-13
- spectral from 6.11.1 to 6.13.1 on 2024-09-21
- sqlfluff from 3.1.0 to 3.2.3 on 2024-10-11
- standard from 17.1.0 to 17.1.2 on 2024-09-13
- stylelint from 16.8.2 to 16.10.0 on 2024-10-11
- swiftlint from 0.56.1 to 0.57.0 on 2024-09-09
- syft from 1.11.0 to 1.14.0 on 2024-10-07
- terraform-fmt from 1.9.4 to 1.9.5 on 2024-08-28
- terragrunt from 0.66.8 to 0.67.5 on 2024-09-16
- terrascan from 1.18.11 to 1.19.9 on 2024-09-21
- trivy-sbom from 0.54.1 to 0.56.2 on 2024-10-11
- trivy from 0.54.1 to 0.56.2 on 2024-10-11
- trufflehog from 3.81.10 to 3.82.8 on 2024-10-13
- v8r from 4.0.1 to 4.1.0 on 2024-08-25
- vale from 3.7.0 to 3.7.1 on 2024-09-26
New Contributors
- @AlejandroSuero made their first contribution in #3978
- @nabondance made their first contribution in #4045
- @tnyeanderson made their first contribution in #4076
MegaLinter is graciously provided by
Full Changelog: v8.0.0...v8.1.0
Contributors
tnyeanderson, nvuillam, and 3 other contributors