Bump oxsecurity/megalinter from 8 to 9

[dependabot]

Bumps oxsecurity/megalinter from 8 to 9.

Release notes

Sourced from oxsecurity/megalinter's releases.

v9.0.0

What's Changed

• Core

  • Create your own Megalinter Custom Flavors to dramatically improve your performances
    • See documentation for usage
    • Use npx mega-linter-runner@beta --custom-flavor-setup to initialize repo
    • Suggest new flavors in reporters with a mega-linter-runner including the list of linters
  • New LLM Advisor: call external LLMs to get hints to solve linter errors, available in:
    • Console Reporter
    • Text Reporter
    • Git platforms PR/MR comments Reporter
  • Use ghcr.io docker images by default because of rate limits on docker.io
  • Use uv to create the venv folder for pip-installed linters
  • Add copilot instructions for GitHub Copilot
  • Update base image to python:3.13-alpine3.21 (also embeds go 1.24)

• Disabled linters

  • puppet-lint: Disabled Until fix is provided for puppetlabs/puppet-lint#251
  • checkov: Disabled until fix is provided for bridgecrewio/checkov#7263

• Removed linters

  • markdown-link-check has been removed because lychee can be used instead, and has much better performances

• Linters enhancements

  • PHP-CS-Fixer is able to run on PHP 8.4 without error (change default configuration) by @​llaville
  • cspell: Filter output lines that do not contain found issues
  • hadolint: Extend DOCKERFILE_HADOLINT_FILE_NAMES_REGEX to include the purpose.Dockerfile convention eg service.Dockerfile.
  • sqlfluff: Handle fixing of issues

• Fixes

  • When linter is docker based, force --platform=linux/amd64 so it works when running locally on Mac
  • Added checking of *.pyi and *.ipynb files to the ruff and ruff-format linters

• Reporters

  • New default display for Pull Request comments, with expandable sections containing the first 1000 lines of the output log. Former display remains available by defining REPORTERS_MARKDOWN_SUMMARY_TYPE=table
  • Markdown summary reporter:
    • Write a file for Github integration if GITHUB_STEP_SUMMARY is set
    • Truncate less linter output lines
  • Text reporter: Change the output file names to put the linter name first, then the status
  • Enhance display of markdown summary

• Doc

  • Update documentation in all megalinter descriptor files to improve accuracy and consistency
  • Fix incorrect information in linters documentation and descriptors
  • Remove dead links
  • Add linter description (linter_text) in all linter descriptor, to generate a more exhaustive documentation.
  • Update contributing guide to explain how to manage python dependencies in the codebase

• Flavors

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

[v8.4.1] - 2025-01-28

• Quick fix about PRE_COMMANDS crash (see oxsecurity/megalinter#4591)

• Linter versions upgrades (2)

  • checkstyle from 10.21.1 to 10.21.2
  • stylelint from 16.14.0 to 16.14.1

[v8.4.0] - 2025-01-26

• Core

  • PHP Linters use now the bartlett/sarif-php-converters first official release 1.0.0 to generate SARIF reports, by @​llaville in oxsecurity/megalinter#4357
  • Upgrade PHP engine from 8.3 to 8.4 and allow Psalm 5.26 to run on this context (by @​llaville)
  • Linters can specify in the pre/post commands with a run_before_linters / run_after_linters parameter whether the command is to be executed before/after the execution of the linters themselves (by @​bdovaz in #4482)
  • Bump python version to 3.12.8, by @​echoix in oxsecurity/megalinter#4372
  • Update to .NET 9, by @​bdovaz in oxsecurity/megalinter#4488
  • Upgrade PHP engine from 8.3 to 8.4, by @​llaville in oxsecurity/megalinter#4524

• New linters

  • Reactivate clj-style (Clojure formatter) since its bug is fixed, by @​nvuillam in oxsecurity/megalinter#4369
  • New python formatter: PYTHON_RUFF_FORMAT, by @​nvuillam in oxsecurity/megalinter#4329

• Disabled linters

  • Snakemake has been disabled, because its dependency datrie not maintained, and issue open in snakemake repo since july is still pending

• Linters enhancements

  • Add support to phpstan/extension-installer Composer plugin for automatic installation of PHPStan extensions, by @​llaville in oxsecurity/megalinter#4337
    • Learn more about context on GH-4328
  • Allow Terrascan to lint in file lint mode, by @​bdovaz in oxsecurity/megalinter#4498
  • Add sarif output to golangci-lint, by @​bdovaz in oxsecurity/megalinter#4557

• Plugins

  • Add prettier for markdown, by Qin Li

• Fixes

  • swiftlint Fix swiftlint error where linter is unable to find lintable files. Fixes #440, by @​Noraldeno in oxsecurity/megalinter#4427
  • jscpd url fixes, by @​alexanderbazhenoff in oxsecurity/megalinter#4352
  • Don't call get_pr_data if GitLeaks linter is not active, by @​bdovaz in oxsecurity/megalinter#4469
  • Fix linter disabled reason usage, by @​bdovaz in oxsecurity/megalinter#4466

• Doc

  • Add contributing docs on venv, by @​bdovaz in oxsecurity/megalinter#4479
  • Add disabled linter badge, by @​bdovaz in oxsecurity/megalinter#4477
  • Add AzureCommentReporter instructions, by @​bdovaz in oxsecurity/megalinter#4480

• CI

  • Fix up gitpod config and workflow to support uv 0.5.0+ by @​echoix in #4373
  • Use uv.lock file to build docker images, by @​echoix in oxsecurity/megalinter#4374
  • Update Renovate schedules for uv and sfdx-hardis, by @​echoix in oxsecurity/megalinter#4568
  • Variabilize version and use renovate for updates for the following linters:

... (truncated)

Commits

• 0dcbedd Release MegaLinter v9.0.1
• 9f48fcd Fix v9 release issue (#6197)
• 139ebb5 chore(deps): update dependency uvicorn to v0.36.0 (#6189)
• b23f125 [automation] Auto-update linters version, help and documentation (#6194)
• 0214a3a Update README with v9 announcement (#6193)
• e552e5c chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0....
• ecfbd88 chore(deps): update dependency sfdx-hardis to v6.5.1 (#6188)
• 60af444 chore(deps): update dependency mega-linter-runner to v9 (#6191)
• ff177bf Release MegaLinter v9.0.0
• a6b6815 release changelog
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

✅MegaLinter analysis: Success

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

[github-actions]

Test results

  4 files    4 suites   40s ⏱️
 25 tests  25 ✅ 0 💤 0 ❌
100 runs  100 ✅ 0 💤 0 ❌

Results for commit ec9761d.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.62%. Comparing base (72ce8cd) to head (ec9761d).

Additional details and impacted files

@@           Coverage Diff           @@
##           master      #11   +/-   ##
=======================================
  Coverage   77.62%   77.62%           
=======================================
  Files          10       10           
  Lines        1260     1260           
=======================================
  Hits          978      978           
  Misses        282      282           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[johannaengland]

Replaced by #12

[johannaengland]

@dependabot ignore this dependency

[dependabot]

OK, I won't notify you about oxsecurity/megalinter again, unless you re-open this PR.