Bump oxsecurity/megalinter from 6 to 7 #67

dependabot · 2023-07-26T16:47:16Z

Bumps oxsecurity/megalinter from 6 to 7.

Release notes

Sourced from oxsecurity/megalinter's releases.

MegaLinter v6.22.2

What's Changed

Fixes

Fix failure of AzureCommentReporter when there is no pull request found in ENV vars, by @nvuillam in oxsecurity/megalinter#2515

Fix HTML comment appearing in Azure Pull Request mail notifications, by @nvuillam in oxsecurity/megalinter#2521

Linter versions upgrades

ansible-lint from 6.14.3 to 6.14.4

checkov from 2.3.145 to 2.3.149

pylint from 2.17.1 to 2.17.2

rubocop from 1.48.1 to 1.49.0

MegaLinter is graciously provided by

Full Changelog: oxsecurity/megalinter@v6.22.1...v6.22.2

MegaLinter v6.22.1

What's Changed

Core

Changed vars in AzureCommentReporter to reflects official Azure DevOps naming convention + fallback to keep backward compatibility, see #2509, by @DariuszPorowski in oxsecurity/megalinter#2510

Update AzureCommentReporter to have only one MegaLinter thread instead of a new one for each run of MegaLinter, by @nvuillam in oxsecurity/megalinter#2512

Fix build issue by retrying curl if failed by @nvuillam in oxsecurity/megalinter#2507

Documentation

Updated usage scenario for Azure DevOps, see #2509, by @DariuszPorowski in oxsecurity/megalinter#2510

Linter versions upgrades

checkov from 2.3.141 to 2.3.145

phpstan from 1.10.9 to 1.10.10

rstfmt from 0.0.12 to 0.0.13

MegaLinter is graciously provided by

Full Changelog: oxsecurity/megalinter@v6.22.0...v6.22.1

MegaLinter v6.22.0

What's Changed

New linters

Add ruff, by @lars-reimann in oxsecurity/megalinter#2458

Linter enhancements & fixes

Pin markdown-link-check to 3.10.3 until tcort/markdown-link-check#246 is fixed, by @Kurt-von-Laven (#2498).

Core

Fix MegaLinter doc version & url displayed in logs, by @nvuillam in oxsecurity/megalinter#2485

Use megalinter-bot to create apply fixes commits, by @lars-reimann, @nvuillam and @megalinter-bot :)

If you are an existing user of MegaLinter, you must update your github actions workflows to add the following parameters to stefanzweifel/git-auto-commit-action@v4 :

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

[v7.0.2] - 2023-05-27

Quick Fix mega-linter-runner --upgrade (Warning: bug with npm, not publish yet in mega-linter-runner)

Dead link to configuration.md

Regex issue with megalinter-reports

[v7.0.0] - 2023-05-27

To upgrade to MegaLinter v7, run npx mega-linter-runner@latest --upgrade , comment here if you have any issue :)

MAJOR Updates

SECURED_ENV_VARIABLES & core scoped configuration by @nvuillam in oxsecurity/megalinter#2601

New configuration variables SECURED_ENV_VARIABLES and SECURED_ENV_VARIABLES_DEFAULT to hide your environment sensitive variables to the linters called by MegaLinter

Read documentation to enhance security using MegaLinter

Use relative file paths to call linters by @nvuillam in oxsecurity/megalinter#1877

This can be a breaking change for customizations, post an issue if you see a problem !

New linters

Add linter cljstyle, Clojure formatter, by @practicalli-john in oxsecurity/megalinter#2115

Add kubescape, kubernetes linter, by @muandane in oxsecurity/megalinter#2531

Add Vale, a powerful enforcer of writing style, by @wesley-dean-flexion in oxsecurity/megalinter#2406

Removed linters

KUBERNETES_KUBEVAL: Not maintained anymore (kubeconform recommended by the authors)

REPOSITORY_GOODCHECK: Not open-source anymore

SPELL_MISSPELL: Not maintained anymore (last commit in 2018)

TERRAFORM_CHECKOV: Replaced by REPOSITORY_CHECKOV

TERRAFORM_KICS: Replaced by REPOSITORY_KICS

Medias

Article: Use the Workflows JSON schema in your IDE, by Google Cloud

Video: Ortelius Architecture Meeting, with a review of MegaLinter, by Steve Taylor from Ortelius

Web site: my-devops-lab.com

Linter enhancements & fixes

cspell

Fix corrective .cspell.json file generated from cspell output by @nvuillam in oxsecurity/megalinter#2562

eslint

Ensure ESLint actually runs in project mode (#1572) by @Kurt-von-Laven in oxsecurity/megalinter#2455

jscpd

Prevent jscpd to create output folder if the repo is not writable by @nvuillam in oxsecurity/megalinter#2556

Gitleaks

Add support to scan PR commits only on PRs when VALIDATE_ALL_CODEBASE is set to false, by @DariuszPorowski #2504

KICS

Move KICS to REPOSITORY descriptor, so it can analyze all types of files, not terraform only, by @nvuillam in oxsecurity/megalinter#2689

KICS can now output SARIF

The new version can have performance issues: customize of disable REPOSITORY_KICS if necessary

KubeConform

Simplify kubeconform install & get version by @nvuillam in oxsecurity/megalinter#2629

PHPLint

... (truncated)

Commits

c72cdea Release MegaLinter v7.2.0
e7eae31 [automation] Auto-update linters version, help and documentation (#2830)
c3d606a [automation] Auto-update linters version, help and documentation (#2828)
6ebb1fa Reactivate trivy to deploy beta (#2827)
2e6f07c Stealth: Snippet Languages & Snippet Extensions (#2825)
36ee5a9 [automation] Auto-update linters version, help and documentation (#2826)
e28d4f5 Tmp disable trivy for dev job
b652947 Clean docker build cache to avoid no space left on device during Build Dev jo...
aa02cb8 Fix V8R config arg usage (#2756) (#2819)
bd884e7 [automation] Auto-update linters version, help and documentation (#2817)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

* made a docker image * ignore yarn * get rid of .yarn from commit * lock changed * docker compose * azure devops ci Co-authored-by: Thomas McDonald <mcdonald.thomas1284@gmail.com>

Run CI jobs on PRs for dev

confusion Co-authored-by: Ada <>

Co-authored-by: Ada <>

…20)

autogenerating validator list

…of the button is #9CFFAA

https://community.creditcoin.org/t/testnet-staking-dashboard-gone/751 https://gluwa.slack.com/archives/C02H93W9LLT/p1688020056679919

Remove staging dashboard URL, see

for more information, see https://pre-commit.ci

validate-locales job has been removed in 7db5e48 and we can't depend on it

Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.0.4 to 5.1.6. - [Release notes](https://github.com/Microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.0.4...v5.1.6) --- updated-dependencies: - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [framer-motion](https://github.com/framer/motion) from 10.12.16 to 10.12.18. - [Changelog](https://github.com/framer/motion/blob/main/CHANGELOG.md) - [Commits](framer/motion@v10.12.16...v10.12.18) --- updated-dependencies: - dependency-name: framer-motion dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [vite-bundle-visualizer](https://github.com/KusStar/vite-bundle-visualizer) from 0.7.0 to 0.8.0. - [Commits](KusStar/vite-bundle-visualizer@v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: vite-bundle-visualizer dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [vite-plugin-checker](https://github.com/fi3ework/vite-plugin-checker) from 0.6.0 to 0.6.1. - [Release notes](https://github.com/fi3ework/vite-plugin-checker/releases) - [Changelog](https://github.com/fi3ework/vite-plugin-checker/blob/main/CHANGELOG.md) - [Commits](https://github.com/fi3ework/vite-plugin-checker/compare/vite-plugin-checker@0.6.0...vite-plugin-checker@0.6.1) --- updated-dependencies: - dependency-name: vite-plugin-checker dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@substrate/connect](https://github.com/paritytech/substrate-connect) from 0.7.26 to 0.7.30. - [Changelog](https://github.com/paritytech/substrate-connect/blob/main/DEPLOY-RELEASE.md) - [Commits](https://github.com/paritytech/substrate-connect/commits) --- updated-dependencies: - dependency-name: "@substrate/connect" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@polkadot/util](https://github.com/polkadot-js/common/tree/HEAD/packages/util) from 12.2.1 to 12.3.2. - [Release notes](https://github.com/polkadot-js/common/releases) - [Changelog](https://github.com/polkadot-js/common/blob/master/CHANGELOG.md) - [Commits](https://github.com/polkadot-js/common/commits/v12.3.2/packages/util) --- updated-dependencies: - dependency-name: "@polkadot/util" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [i18next-browser-languagedetector](https://github.com/i18next/i18next-browser-languageDetector) from 7.0.2 to 7.1.0. - [Changelog](https://github.com/i18next/i18next-browser-languageDetector/blob/master/CHANGELOG.md) - [Commits](i18next/i18next-browser-languageDetector@v7.0.2...v7.1.0) --- updated-dependencies: - dependency-name: i18next-browser-languagedetector dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@polkadot/react-identicon](https://github.com/polkadot-js/ui/tree/HEAD/packages/react-identicon) from 3.4.1 to 3.5.1. - [Release notes](https://github.com/polkadot-js/ui/releases) - [Changelog](https://github.com/polkadot-js/ui/blob/master/CHANGELOG.md) - [Commits](https://github.com/polkadot-js/ui/commits/v3.5.1/packages/react-identicon) --- updated-dependencies: - dependency-name: "@polkadot/react-identicon" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

with this rule enabled we get /home/runner/work/creditcoin-staking-dashboard/creditcoin-staking-dashboard/src/library/Headers/Connected.tsx Error: 54:23 error Curly braces are unnecessary here react/jsx-curly-brace-presence Error: 69:23 error Curly braces are unnecessary here react/jsx-curly-brace-presence and can't finish the build

Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 6 to 7. - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](oxsecurity/megalinter@v6...v7) --- updated-dependencies: - dependency-name: oxsecurity/megalinter dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

AdaJane and others added 30 commits June 7, 2023 11:21

Feature/ci

5b7acab

* made a docker image * ignore yarn * get rid of .yarn from commit * lock changed * docker compose * azure devops ci Co-authored-by: Thomas McDonald <mcdonald.thomas1284@gmail.com>

Point Creditcoin Test to updated subscan domain

a19ebb0

Run CI jobs on PRs for dev

a79bd3b

Don't automatically close PRs as stale

def6030

Fix height of the Recent Payouts widget

27a816b

Merge pull request #10 from gluwa/test_on_dev

0b962c0

Run CI jobs on PRs for dev

Distinguish era 0 from era data unsynced

3de08fb

Make isPlaceholder mandatory

0605245

Remove broken subscan button from overview page

d2aabdb

Remove unused import

09d0d49

Hide the "Mainnet" entry from the networks list to prevent tester (#12)

a1ea1ed

confusion Co-authored-by: Ada <>

Set TestNet as default

0484f95

Change text color on buttons from white to black (#14)

c15ecd0

Remove default filter excludes; Add community entry for Gluwa (#15)

aace4f7

Make linter happy (#16)

507f67f

Remove Active Pools from Overview page (#17)

6bc914a

Co-authored-by: Ada <>

Remove exclusion filters for validator selection methods (#18)

43257f0

Updated colors for Test and Dev networks (#19)

a2467b4

Fix: Adjust fontSize, some colors / change the font-family, some svg (#…

076f5e7

…20)

Fix: Add paddingBottom to Balance section in Overview

267b1b0

Fix incosistent filter behavior in validator list; Fix duplicates when

6b2b844

autogenerating validator list

Fix support email in Gluwa Validator Identity

5202b11

[SS-170] Adjust margins on Nominate pages

5e6e7a9

[SS-172] Change the title font-size on the Details page

ff150b2

[SS-169] The color of text should be black with the background color …

c59d720

…of the button is #9CFFAA

Remove Add Parachain Validator button

9c9555b

Remove controller account deprecation warning

10049b9

Remove references to pools, ledger, and polkadot vault

356fe8b

Resolve CSUB-581; Rebased on CSUB-580; Remove Locale Validation from CI'

7db5e48

[SS-164] Remove h4 color setting

21a9d85

Ada Anderson and others added 27 commits June 28, 2023 09:13

Update branding per marketing

2680f6f

prod build

ed3c350

Delete OldDockerfile

e131749

Remove staging dashboard URL, see

1e9e470

https://community.creditcoin.org/t/testnet-staking-dashboard-gone/751 https://gluwa.slack.com/archives/C02H93W9LLT/p1688020056679919

Merge pull request #36 from gluwa/update_url_in_readme

221e64d

Remove staging dashboard URL, see

Create codeql.yml

6690de5

Remove Dependabot auto-merge CI job

1211c3c

Enable Pre-commit CI

22aad19

[pre-commit.ci] auto fixes from pre-commit.com hooks

ffbe419

for more information, see https://pre-commit.ci

Use telemetry.creditcoin.network instead of polkadot.io

55b1e82

Enable YAML check with Pre-commit CI

4ff4c29

Update CI config b/c of invalid job definition

1aa9984

validate-locales job has been removed in 7db5e48 and we can't depend on it

Reduce the frequency of Dependabot and don't jump to major versions

c48df7c

Enable MegaLinter

0a3260e

Apply eslint --fix to files outside src/

a999cdb

Comment out unused variable. Disabled in c643b25

d19f483

Apply eslint --fix

08ed84d

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 26, 2023

AdaJane force-pushed the dev branch from 566d246 to 3bbc451 Compare August 30, 2023 22:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump oxsecurity/megalinter from 6 to 7 #67

Bump oxsecurity/megalinter from 6 to 7 #67

dependabot bot commented on behalf of github Jul 26, 2023

Bump oxsecurity/megalinter from 6 to 7 #67

Are you sure you want to change the base?

Bump oxsecurity/megalinter from 6 to 7 #67

Conversation

dependabot bot commented on behalf of github Jul 26, 2023

MegaLinter v6.22.2

What's Changed

MegaLinter v6.22.1

What's Changed

MegaLinter v6.22.0

What's Changed

[v7.0.2] - 2023-05-27

[v7.0.0] - 2023-05-27