Bump oxsecurity/megalinter from 8.1.0 to 8.2.0

[dependabot]

Bumps oxsecurity/megalinter from 8.1.0 to 8.2.0.

Release notes

Sourced from oxsecurity/megalinter's releases.

v8.2.0

What's Changed

• Media

  • 10 MegaLinter Tips and Tricks Unlock its Full Potential by Wes Dean
  • MegaLinter Performance Tuning for Maximum Efficiency by Wes Dean

• Linters enhancements

  • detekt Enable SARIF output + count errors
  • lintr: Support files in subdirectories, fix unit tests
  • phpcs-fixer: Activate APPLY_FIXES
  • Salesforce linters: Add SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins
  • trivy: handle retry if failed to download Java DB is detected
  • tsqllint Re-enabled after .net 8 and security updates

• Fixes

  • Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered
  • Fix linting errors in GitHub Actions template

• Reporters

  • UpdatedSourcesReporter will git commit & push fixed files to source branch if APPLY_FIXES is set
  • Fix AzureCommentReporter not adding comments to PR
  • Fix AzureCommentReporter fails when target repo contains spaces

• Doc

  • Updated documentation with Azure central pipeline use case
  • Update DevSkim documentation to show a valid exclusion config file
  • Note about risky rules and how to fix rule violations with PHP-CS-Fixer

• CI

  • Also prune volumes before pulling and pushing to docker hub
  • Externalize mirroring from ghcr.io to docker hub in another workflow to avoid memory issues
  • Squash docker images to have less layers and size
  • Comment jobs related to GitHub Worker images, as CodeTotal is not actively maintained
  • Make gitpod workflow not blocking until uv install is fixed
  • Update stale comment
  • Try several times to embed trivy db during Docker build, as a workaround to the random failures
  • Wait 10 secondes instead of 1 before retrying a failing test method, to avoid race conditions

• Linter versions upgrades (104)

  • actionlint from 1.7.3 to 1.7.4
  • ansible-lint from 24.9.2 to 24.10.0
  • bicep_linter from 0.30.23 to 0.31.92
  • cfn-lint from 1.16.1 to 1.19.0
  • checkov from 3.2.257 to 3.2.298
  • checkstyle from 10.18.2 to 10.20.1
  • clippy from 0.1.81 to 0.1.82
  • clj-kondo from 2024.09.27 to 2024.11.14
  • cspell from 8.15.1 to 8.16.0
  • devskim from 1.0.33 to 1.0.44

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

[v8.2.0] - 2024-11-17

• Media

  • 10 MegaLinter Tips and Tricks Unlock its Full Potential by Wes Dean
  • MegaLinter Performance Tuning for Maximum Efficiency by Wes Dean

• Linters enhancements

  • detekt Enable SARIF output + count errors
  • lintr: Support files in subdirectories, fix unit tests
  • phpcs: Activate APPLY_FIXES
  • Salesforce linters: Add SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins
  • trivy: handle retry if failed to download Java DB is detected
  • tsqllint Re-enabled after .net 8 and security updates

• Fixes

  • Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered
  • Fix linting errors in GitHub Actions template

• Reporters

  • UpdatedSourcesReporter will git commit & push fixed files to source branch if APPLY_FIXES is set
  • Fix AzureCommentReporter not adding comments to PR
  • Fix AzureCommentReporter fails when target repo contains spaces

• Doc

  • Updated documentation with Azure central pipeline use case
  • Update DevSkim documentation to show a valid exclusion config file
  • Note about risky rules and how to fix rule violations with PHP-CS-Fixer

• CI

  • Also prune volumes before pulling and pushing to docker hub
  • Externalize mirroring from ghcr.io to docker hub in another workflow to avoid memory issues
  • Squash docker images to have less layers and size
  • Comment jobs related to GitHub Worker images, as CodeTotal is not actively maintained
  • Make gitpod workflow not blocking until uv install is fixed
  • Update stale comment
  • Try several times to embed trivy db during Docker build, as a workaround to the random failures
  • Wait 10 secondes instead of 1 before retrying a failing test method, to avoid race conditions

• Linter versions upgrades (104)

  • actionlint from 1.7.3 to 1.7.4
  • ansible-lint from 24.9.2 to 24.10.0
  • bicep_linter from 0.30.23 to 0.31.92
  • cfn-lint from 1.16.1 to 1.19.0
  • checkov from 3.2.257 to 3.2.298
  • checkstyle from 10.18.2 to 10.20.1
  • clippy from 0.1.81 to 0.1.82
  • clj-kondo from 2024.09.27 to 2024.11.14
  • cspell from 8.15.1 to 8.16.0
  • devskim from 1.0.33 to 1.0.44
  • djlint from 1.35.2 to 1.36.1

... (truncated)

Commits

• d8c95fc Release MegaLinter v8.2.0
• 56f6332 [automation] Auto-update linters version, help and documentation (#4264)
• 298458e [automation] Auto-update linters version, help and documentation (#4256)
• c67933e Bump @​eslint/plugin-kit from 0.2.2 to 0.2.3 in /mega-linter-runner (#4258)
• a681242 chore(deps): update trufflesecurity/trufflehog docker tag to v3.83.7 (#4259)
• e98b755 chore(deps): update dependency mgechev/revive to v1.5.1 (#4260)
• db53e77 chore(deps): update dependency lightning-flow-scanner to v2.36.0 (#4262)
• 4dd7814 chore(deps): update dependency @​salesforce/cli to v2.66.7 (#4261)
• 339bca2 [automation] Auto-update linters version, help and documentation (#4252)
• 44a22a7 chore(deps): update dependency sfdx-hardis to v5.6.2 (#4253)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ HTML	djlint	2		0	0.82s
✅ HTML	htmlhint	2		0	0.23s
✅ MARKDOWN	markdownlint	4	0	0	0.45s
✅ MARKDOWN	markdown-link-check	4		0	3.28s
✅ MARKDOWN	markdown-table-formatter	4	0	0	0.17s
✅ PYTHON	black	18	0	0	1.19s
✅ PYTHON	flake8	18		0	0.5s
✅ PYTHON	isort	18	0	0	0.31s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by

[dependabot]

Superseded by #405.