Releases: oxsecurity/megalinter
Releases · oxsecurity/megalinter
MegaLinter v6.8.0
-
Run MegaLinter pre-commit hooks serially (#1826).
-
Replace deprecated StandardJS VS Code extension with the newer official version
-
When SARIF_REPORTER is active, use sarif-fmt to convert SARIF into text for console and text reporters (#1822).
-
Count checkstyle errors (#1820)
-
Linter versions upgrades
- black from 22.6.0 to 22.8.0
- cfn-lint from 0.63.0 to 0.63.2
- checkov from 2.1.160 to 2.1.183
- checkstyle from 10.3.2 to 10.3.3
- djlint from 1.12.0 to 1.12.1
- kics from 1.5.14 to 1.5.15
- phpstan from 1.8.2 to 1.8.4
- rubocop from 1.35.1 to 1.36.0
- snakemake from 7.13.0 to 7.14.0
- syft from 0.54.0 to 0.55.0
- terragrunt from 0.38.8 to 0.38.9
MegaLinter is graciously provided by
MegaLinter v6.7.1
- Fix Azure Comments reporter: Use BuildId to build artifacts url
- Fix actionlint install command
MegaLinter is graciously provided by
MegaLinter v6.7.0
-
Linters
- Add PMD java linter
-
Azure Pipelines integration enhancements
- Update installation instructions
- Console reporter: manage collapsible groups for easier display & navigation in job logs (requires CI=true and TF_BUILD=true sent as env variables)
- Azure comments reporter (see documentation)
-
Performances improvements
- When running linters in parallel, run in the same process only the linters from same descriptor and that can update the same sources (to avoid concurrency). Other linters can be run independently.
- Define
linter_speedof linter descriptors (default 3). Can be from 1 (super slow) to 5 (super fast). This is used to optimize the processing order of linters.
-
Fixes
- Fix: Properly match
files_sub_directoryas a prefix instead of partial string matching (#1765) - Match regex without
workspaceandsub_directory - Remove config variables that are not applicable to linters analyzing all files or all other linters files
- Fix: Properly match
-
Linter versions upgrades
- cfn-lint from 0.62.0 to 0.63.0
- checkov from 2.1.139 to 2.1.160
- cspell from 6.8.0 to 6.8.1
- djlint from 1.11.0 to 1.12.0
- eslint from 8.22.0 to 8.23.0
- gitleaks from 8.11.0 to 8.11.2
- golangci-lint from 1.48.0 to 1.49.0
- luacheck from 0.26.1 to 1.0.0
- pylint from 2.14.5 to 2.15.0
- rubocop from 1.35.0 to 1.35.1
- secretlint from 5.2.3 to 5.2.4
- snakemake from 7.12.1 to 7.13.0
- terraform-fmt from 1.2.7 to 1.2.8
- terragrunt from 0.38.7 to 0.38.8
- tflint from 0.35.0 to 0.39.3
MegaLinter is graciously provided by
MegaLinter v6.6.0
-
Fix flavors suggestions to ignore linters not relevant for such flavor (#1746)
-
Update pre-commit hooks from v5 to v6 (#1755).
-
Fix version in URL in logs produced by reporters
-
Add Makefile linter within python flavor (#1760)
-
Set DEFAULT_WORKSPACE as git safe directory per default #1766
-
Improve documentation for TAP_REPORTER
-
Linter versions upgrades
- actionlint from 1.6.15 to 1.6.16
- cfn-lint from 0.61.5 to 0.62.0
- checkov from 2.1.127 to 2.1.139
- cpplint from 1.6.0 to 1.6.1
- cspell from 6.6.1 to 6.8.0
- djlint from 1.9.5 to 1.11.0
- eslint-plugin-jsonc from 2.3.1 to 2.4.0
- gitleaks from 8.10.3 to 8.11.0
- kics from 1.5.13 to 1.5.14
- ktlint from 0.46.1 to 0.47.0
- markdownlint from 0.32.1 to 0.32.2
- sfdx-scanner-apex from 2.13.7 to 2.13.8
- sfdx-scanner-aura from 2.13.7 to 2.13.8
- sfdx-scanner-lwc from 2.13.7 to 2.13.8
- sqlfluff from 1.2.1 to 1.3.0
- stylelint from 14.10.0 to 14.11.0
- syft from 0.53.4 to 0.54.0
MegaLinter v6.5.0
-
npm-groovy-lint: Use Cli lint mode
list_of_filesfor much better performances -
Disable proselint by default if .proselintrc file is not found
-
Linter versions upgrades
- checkov from 2.1.121 to 2.1.127
- eslint from 8.21.0 to 8.22.0
- gitleaks from 8.10.2 to 8.10.3
- npm-groovy-lint from 9.5.0 to 10.1.0
- rstcheck from 6.0.0 to 6.1.0
MegaLinter v6.4.0
-
Add REPOSITORY_CHECKOV in all flavors
-
New config variables
- MEGALINTER_FILES_TO_LINT: Comma-separated list of files to analyze. Using this variable will bypass other file listing methods (#808)
- SKIP_CLI_LINT_MODES: Comma-separated list of cli_lint_modes. To use if you want to skip linters with some CLI lint modes (ex:
file,project). Available values:file,cli_lint_mode,project.
-
mega-linter-runner:
- Allow
MEGALINTER_FILES_TO_LINTto be sent as positional arguments - New argument
--filesonlythat sendsSKIP_CLI_LINT_MODES=project - Example:
mega-linter-runner --flavor python --release beta --filesonly megalinter/config.py megalinter/flavor_factory.py megalinter/MegaLinter.py
- Allow
-
Fixes
-
Linter versions upgrades
- cfn-lint from 0.61.4 to 0.61.5
- checkov from 2.1.100 to 2.1.121
- clippy from 0.1.62 to 0.1.63
- cspell from 6.5.0 to 6.6.1
- gitleaks from 8.9.0 to 8.10.2
- powershell from 7.2.5 to 7.2.6
- protolint from 0.38.3 to 0.39.0
- rubocop from 1.33.0 to 1.35.0
- snakemake from 7.12.0 to 7.12.1
- stylelint from 14.9.1 to 14.10.0
- terraform-fmt from 1.2.6 to 1.2.7
- terragrunt from 0.38.6 to 0.38.7
MegaLinter v6.3.0
-
Linters
- Add REPOSITORY_CHECKOV to benefit from all checks and not only terraform ones. TERRAFORM_CHECKOV will be deprecated in a next major version
- Add djlint (HTML_DJLINT) to lint HTML files (html, django, jinja, nunjucks, handlebars, golang, angular)
- Upgrade jsonlint to use maintained package @prantlf/jsonlint]([https://www.npmjs.com/package/@prantlf/jsonlint) + use cli_lint_mode
list_of_filesto improve performances
-
Core
- Support for automatic removal of Docker container when linting is finished
- Fix SARIF when endColumn is 0 (#1702)
- Use dynamic REPORT_FOLDER value for output files for SALESFORCE and COPYPASTE descriptors
- Fix collapsible sections in Gitlab console logs
- Manage ignore files (like
.secretlintignoreor.eslintignore)- Define ignore argument for client in descriptors
- Define ignore file name in descriptors (overridable with _IGNORE_FILE_NAME at runtime)
- Update documentation generation to take in account this new configuration
-
Linter versions upgrades
MegaLinter v6.2.1
-
Fix blocking bug in MegaLinter v6.2.0 core (#1684 and #1685)
-
Linter versions upgrades
- checkstyle from 10.3.1 to 10.3.2 on 2022-08-01
- flake8 from 5.0.0 to 5.0.1 on 2022-08-01
- checkov from 2.1.82 to 2.1.83 on 2022-08-01
MegaLinter v6.2.0
WARNING: Contains a bug in core MegaLinter if you use REPOSITORY_SEMGREP. Please directly upgrade to v6.2.1
-
Core
- Fix mega-linter-runner --install template (#1662)
- Use
REPORT_OUTPUT_FOLDER: noneto not generate report files - Add info in doc about CLI_LINT_MODE and about how to ignore files when cli_lint_mode is
project - Fix bug that disables generation of
megalinter.logfile in most cases - Fixes about JSON Schema (#1621)
- Remove redundant line separator after generated table (#1650)
- Avoid flavor suggestion message when only REPOSITORY linters are not found
-
Linters
-
Linter versions upgrades
- cfn-lint from 0.61.3 to 0.61.4 on 2022-07-30
- checkov from 2.1.60 to 2.1.61 on 2022-07-19
- checkov from 2.1.61 to 2.1.63 on 2022-07-20
- checkov from 2.1.63 to 2.1.65 on 2022-07-21
- checkov from 2.1.65 to 2.1.67 on 2022-07-21
- checkov from 2.1.67 to 2.1.68 on 2022-07-23
- checkov from 2.1.68 to 2.1.69 on 2022-07-24
- checkov from 2.1.69 to 2.1.70 on 2022-07-24
- checkov from 2.1.70 to 2.1.74 on 2022-07-25
- checkov from 2.1.74 to 2.1.82 on 2022-07-30
- cspell from 6.3.0 to 6.4.0 on 2022-07-19
- cspell from 6.4.0 to 6.4.1 on 2022-07-24
- cspell from 6.4.1 to 6.5.0 on 2022-07-30
- flake8 from 4.0.1 to 5.0.0 on 2022-07-31
- gitleaks from 8.8.12 to 8.9.0 on 2022-07-30
- golangci-lint from 1.47.0 to 1.47.1 on 2022-07-19
- golangci-lint from 1.47.1 to 1.47.2 on 2022-07-21
- jscpd from 3.4.5 to 3.3.26 on 2022-07-19
- markdown-table-formatter from 1.3.0 to 1.4.0 on 2022-07-25
- markdownlint from 0.32.0 to 0.32.1 on 2022-07-25
- mypy from 0.961 to 0.971 on 2022-07-19
- phpstan from 1.8.1 to 1.8.2 on 2022-07-20
- rubocop from 1.31.2 to 1.32.0 on 2022-07-21
- sfdx-scanner-apex from 2.13.5 to 2.13.6 on 2022-07-21
- sfdx-scanner-apex from 2.13.6 to 2.13.7 on 2022-07-30
- sfdx-scanner-aura from 2.13.5 to 2.13.6 on 2022-07-21
- sfdx-scanner-aura from 2.13.6 to 2.13.7 on 2022-07-30
- sfdx-scanner-lwc from 2.13.5 to 2.13.6 on 2022-07-21
- sfdx-scanner-lwc from 2.13.6 to 2.13.7 on 2022-07-30
- snakemake from 7.8.5 to 7.9.0 on 2022-07-19
- snakemake from 7.9.0 to 7.12.0 on 2022-07-30
- syft from 0.51.0 to 0.52.0 on 2022-07-22
- terraform-fmt from 1.2.5 to 1.2.6 on 2022-07-30
- terragrunt from 0.38.5 to 0.38.6 on 2022-07-24
Note: if you are still using MegaLinter v5, run npx mega-linter-runner@latest --upgrade to upgrade to MegaLinter v6
MegaLinter v6.1.0
Run npx mega-linter-runner@latest --upgrade to upgrade to MegaLinter v6
-
Improve console logs by using collapsible sections in GitHub Actions and Gitlab CI (disable by defining
CONSOLE_REPORTER_SECTIONS: false) -
Define
CLEAR_REPORT_FOLDER=trueto empty report folder at the beginning of each run (#1502) -
Improve SARIF output
- Replace CI paths in logs
- Add missing required properties so SARIF is valid
- Add MegaLinter information in SARIF linter runs
- Allow to select linters to activate SARIF for, using SARIF_REPORTER_LINTERS
- Fix issue when a linter is used in multiple SARIF lint results
-
Linter versions upgrades
- cfn-lint from 0.61.2 to 0.61.3 on 2022-07-19
- checkov from 2.1.57 to 2.1.59 on 2022-07-18
- checkov from 2.1.59 to 2.1.60 on 2022-07-19
- cspell from 6.2.3 to 6.3.0 on 2022-07-18
- eslint from 8.19.0 to 8.20.0 on 2022-07-17
- golangci-lint from 1.46.2 to 1.47.0 on 2022-07-19
- jscpd from 3.3.26 to 3.4.5 on 2022-07-19
- markdownlint from 0.31.1 to 0.32.0 on 2022-07-17
- pylint from 2.14.4 to 2.14.5 on 2022-07-18