chore(deps-dev): bump megalinter docker tag to v7

[renovate-bot]

MegaLinter recently added support for arrays to *_CLI_EXECUTABLE in v7.0.0. Leverage this feature to run the version of ESLint installed in our project via Yarn in lieu of the version of ESLint in the MegaLinter Docker image via npm. This avoids many complications that arise from ESLint being unable to access Yarn dependencies and allows us to stop running ESLint in project mode as a workaround. Reorder pre-commit hooks so that Yarn hooks precede MegaLinter hooks since yarn install must now be run before MegaLinter so that ESLint can run.

Disable newly added linter ts-standard since we use Prettier, which is incompatible with StandardJS.

Apply new Prettier v3 formatting.

Configure newly added link checker Lychee to ignore email addresses to prevent false positives on GitHub Actions, which contain @ symbols. Increase network request retry limit from the default of 3 to 4 to avoid false positives.

This PR contains the following updates:

Package	Type	Update	Change
MegaLinter	devDependencies	major	v6.22.2 -> v7.2.1

---

Release Notes

oxsecurity/megalinter (MegaLinter)

v7.2.1

Compare Source

• Fixes

  • Fix TAP reporter (3 real dots instead if 3 dots character)
  • Call trufflehog with --only-verified to avoid false positives in .git/config

• Linter versions upgrades

  • cfn-lint from 0.78.2 to 0.79.2
  • checkov from 2.3.340 to 2.3.343
  • pylint from 2.17.4 to 2.17.5
  • rubocop from 1.54.2 to 1.55.0
  • snakemake from 7.30.2 to 7.31.0
  • spectral from 6.8.0 to 6.10.0
  • sqlfluff from 2.1.3 to 2.1.4
  • trufflehog from 3.44.0 to 3.45.1

v7.2.0

Compare Source

• New linters

  • Add Lychee - links and email addresses checker, by @​DariuszPorowski in #​2673
  • Add grype security linter
  • Add trufflehog security linter

• New flavor dotnetweb: dotnet flavor linters + Javascript & Typescript linters

• Media

  • 8 Tools to Scan Node.js Applications for Security Vulnerability, by Chandan Kumar{target=_blank} on GeekFlare.com
  • Shift Left Just Become Easier (Black Hat Arsenal Session)

• Core

  • MegaLinter Server for CodeTotal
  • Improvements to Gitpod workspace and addition of Makefile for automation, by @​ThomasSanson in #​2737

• Fixes

  • Handle reporter crashes without making all ML crash
  • Devskim: Remove default --ignore-globs argument
  • mypy: Use /tmp as cache folder by default with ENV MYPY_CACHE_DIR=/tmp in Dockerfile
  • Fix hadolint to use its default configuration file properly, by @​KihyeokK in #​2763
  • Remove linters not in flavor before calling reporters
  • Undowngrade devskim, by @​nvuillam in #​2748
  • Add ts-standard linter for ts standard, by @​janderssonse in #​2746
  • Remove additional --update for apk in Dockerfile by @​PeterDaveHello in #​2619
  • Fix V8R config arg usage (#​2756), by @​bdovaz in #​2819

• Reporters

  • New Redis reporter (beta)

• CI

  • Clean docker build cache to avoid no space left on device during Build Dev job

• Linter versions upgrades

  • actionlint from 1.6.24 to 1.6.25
  • ansible-lint from 6.16.2 to 6.17.2
  • bicep_linter from 0.17.1 to 0.19.5
  • black from 23.3.0 to 23.7.0
  • cfn-lint from 0.77.10 to 0.78.2
  • checkov from 2.3.285 to 2.3.340
  • checkstyle from 10.12.0 to 10.12.1
  • clippy from 0.1.70 to 0.1.71
  • clj-kondo from 2023.05.26 to 2023.07.13
  • csharpier from 0.24.2 to 0.25.0
  • cspell from 6.31.1 to 6.31.2
  • devskim from 0.7.104 to 1.0.11
  • djlint from 1.30.2 to 1.32.1
  • dotnet-format from 6.0.408 to 6.0.412
  • eslint-plugin-jsonc from 2.8.0 to 2.9.0
  • eslint from 8.42.0 to 8.45.0
  • gitleaks from 8.16.4 to 8.17.0
  • golangci-lint from 1.53.2 to 1.53.3
  • grype from 0.63.1 to 0.63.1
  • kics from 1.7.1 to 1.7.4
  • ktlint from 0.49.1 to 0.50.0
  • kubeconform from 0.6.2 to 2.3.6
  • markdownlint from 0.34.0 to 0.35.0
  • mypy from 1.3.0 to 1.4.1
  • npm-package-json-lint from 6.4.0 to 7.0.0
  • phpstan from 1.10.18 to 1.10.26
  • powershell from 7.3.4 to 7.3.6
  • powershell_formatter from 7.3.4 to 7.3.6
  • prettier from 2.8.8 to 3.0.0
  • protolint from 0.44.0 to 0.45.0
  • psalm from Psalm.5.12.0@​ to Psalm.5.13.1@​
  • pyright from 1.1.313 to 1.1.318
  • rubocop from 1.52.0 to 1.54.2
  • ruff from 0.0.272 to 0.0.280
  • secretlint from 6.2.3 to 7.0.3
  • semgrep from 1.26.0 to 1.33.2
  • sfdx-scanner-apex from 3.13.0 to 3.14.0
  • sfdx-scanner-aura from 3.13.0 to 3.14.0
  • sfdx-scanner-lwc from 3.13.0 to 3.14.0
  • shfmt from 3.6.0 to 3.7.0
  • snakemake from 7.26.0 to 7.30.2
  • sqlfluff from 2.1.1 to 2.1.3
  • stylelint from 15.10.0 to 15.10.0
  • swiftlint from 0.52.2 to 0.52.4
  • syft from 0.83.0 to 0.85.0
  • terraform-fmt from 1.4.6 to 1.5.3
  • terragrunt from 0.46.3 to 0.48.4
  • tflint from 0.46.1 to 0.47.0
  • trivy from 0.42.1 to 0.43.1
  • vale from 2.27.0 to 2.28.1

v7.1.0

Compare Source

• Core

  • Upgrade base image to python:3.11.4-alpine3.17, by @​nvuillam in #​2738

• Linter enhancements & fixes

  • cljstyle: Remove default value for configuration file name, by @​nvuillam in #​2717
  • golangci-lint : Add autofix capability using --fix argument, by @​seaneagan in #​2700

• Linter versions upgrades

  • cfn-lint from 0.77.5 to 0.77.7
  • checkov from 2.3.267 to 2.3.285
  • clippy from 0.1.69 to 0.1.70
  • clj-kondo from 2023.05.18 to 2023.05.26
  • djlint from 1.30.0 to 1.30.2
  • eslint from 8.41.0 to 8.42.0
  • gitleaks from 8.16.3 to 8.16.4
  • golangci-lint from 1.52.2 to 1.53.2
  • kubeconform from 0.6.1 to 0.6.2
  • kubescape from 2.3.4 to 2.3.5
  • luacheck from 1.1.0 to 1.1.1
  • markdownlint from 0.33.0 to 0.34.0
  • phpstan from 1.10.15 to 1.10.18
  • pyright from 1.1.311 to 1.1.313
  • rubocop from 1.51.0 to 1.52.0
  • ruff from 0.0.270 to 0.0.272
  • scalafix from 0.10.4 to 0.11.0
  • semgrep from 1.24.0 to 1.26.0
  • sfdx-scanner-apex from 3.12.0 to 3.13.0
  • sfdx-scanner-aura from 3.12.0 to 3.13.0
  • sfdx-scanner-lwc from 3.12.0 to 3.13.0
  • stylelint from 15.6.2 to 15.7.0
  • syft from 0.82.0 to 0.83.0
  • terragrunt from 0.45.17 to 0.46.3
  • trivy from 0.41.0 to 0.42.1

v7.0.4

Compare Source

• Core

  • Allow to define linterkey_UNSECURED_ENV_VARIABLES for specific linters to make them visible when necessary (ex: GITHUB_TOKEN for TERRAFORM_TFLINT)

• Documentation

  • Add note to terraform_tflint about TERRAFORM_TFLINT_UNSECURED_ENV_VARIABLES by @​ruzickap in #​2706

• Linter versions upgrades

  • checkov from 2.3.261 to 2.3.267
  • djlint from 1.29.0 to 1.30.0
  • pyright from 1.1.310 to 1.1.311
  • semgrep from 1.23.0 to 1.24.0
  • standard from 17.0.0 to 17.1.0
  • terragrunt from 0.45.16 to 0.45.17

v7.0.3

Compare Source

• Linter enhancements & fixes

  • New variable TERRAFORM_TFLINT_SECURED_ENV with default value true. Set to false to allow tflint --init to access your env vars.

• Core

  • Secure PRE_COMMANDS and POST_COMMANDS by default
  • Can be disabled with secured_env: false in the command definition
  • Manage v6 retrocompatibility with FILTER_REGEX_INCLUDE and FILTER_REGEX_EXCLUDE expression

• Linter versions upgrades

  • checkstyle from 10.11.0 to 10.12.0
  • kubescape from 2.3.3 to 2.3.4
  • checkov from 2.3.259 to 2.3.261

v7.0.2

Compare Source

• Quick Fix mega-linter-runner --upgrade (Warning: bug with npm, not publish yet in mega-linter-runner)
  • Dead link to configuration.md
  • Regex issue with megalinter-reports

v7.0.1

Compare Source

v7.0.0

Compare Source

To upgrade to MegaLinter v7, run npx mega-linter-runner@latest --upgrade , comment here if you have any issue :)

• MAJOR Updates

  • SECURED_ENV_VARIABLES & core scoped configuration by @​nvuillam in #​2601
    • New configuration variables SECURED_ENV_VARIABLES and SECURED_ENV_VARIABLES_DEFAULT to hide your environment sensitive variables to the linters called by MegaLinter
    • Read documentation to enhance security using MegaLinter
  • Use relative file paths to call linters by @​nvuillam in #​1877
    • This can be a breaking change for customizations, post an issue if you see a problem !

• New linters

  • Add linter cljstyle, Clojure formatter, by @​practicalli-john in #​2115
  • Add kubescape, kubernetes linter, by @​muandane in #​2531
  • Add Vale, a powerful enforcer of writing style, by @​wesley-dean-flexion in #​2406

• Removed linters

  • KUBERNETES_KUBEVAL: Not maintained anymore (kubeconform recommended by the authors)
  • REPOSITORY_GOODCHECK: Not open-source anymore
  • SPELL_MISSPELL: Not maintained anymore (last commit in 2018)
  • TERRAFORM_CHECKOV: Replaced by REPOSITORY_CHECKOV
  • TERRAFORM_KICS: Replaced by REPOSITORY_KICS

• Medias

  • Article: Use the Workflows JSON schema in your IDE, by Google Cloud
  • Video: Ortelius Architecture Meeting, with a review of MegaLinter, by Steve Taylor from Ortelius
  • Web site: my-devops-lab.com

• Linter enhancements & fixes

  • cspell
    • Fix corrective .cspell.json file generated from cspell output by @​nvuillam in #​2562
  • eslint
    • Ensure ESLint actually runs in project mode (#​1572) by @​Kurt-von-Laven in #​2455
  • jscpd
    • Prevent jscpd to create output folder if the repo is not writable by @​nvuillam in #​2556
  • Gitleaks
    • Add support to scan PR commits only on PRs when VALIDATE_ALL_CODEBASE is set to false, by @​DariuszPorowski #​2504
  • KICS
    • Move KICS to REPOSITORY descriptor, so it can analyze all types of files, not terraform only, by @​nvuillam in #​2689
    • KICS can now output SARIF
    • The new version can have performance issues: customize of disable REPOSITORY_KICS if necessary
  • KubeConform
    • Simplify kubeconform install & get version by @​nvuillam in #​2629
  • PHPLint
    • Upgrade PHPLint to v9 by @​bdovaz in #​2638
  • sqlfluff
    • Remove old options from SQLFluff config file by @​tunetheweb in #​2560
  • v8r
    • Allow use of configuration files with v8r by @​bdovaz in #​1982

• Core

  • Upgrade base Docker image to python:3.11.3-alpine3.17 by @​nvuillam in #​2537
  • Allow simultaneous regex filtering at descriptor and linter levels by @​nvuillam & @​seaneagan in #​2669
  • Allow MEGALINTER_CONFIG to contain a full path to a MegaLinter config file by @​nvuillam in #​2649
  • Fix issue preventing plugins to work with flavors by @​nvuillam in #​2532
  • Fix crash in case of unreachable symlinks by @​nvuillam in #​2538
  • mega-linter-runner: Use --platform also for docker run by @​nvuillam , @​Kurt-Von-Laven & @​cam-barts in #​2690
  • Replace deprecated distutils.copy_tree by shutil.copytree

• Reporters

  • SARIF_REPORTER
    • Add option to skip def_ws prefix in sarif reports by @​janderssonse in #​2383
    • update schema to pass official SARIF validator by @​DariuszPorowski in #​2645
  • CONFIG_REPORTER
    • Add support for idea plugins auto-install by @​waterfoul in #​2553
  • CONSOLE_REPORTER
    • Updated cases in console/log output to use ⚠ Warning Sign (U+26A0) instead of ◬ White Up-Pointing Triangle with Dot (U+25EC), by @​Doommius
  • GITLAB_COMMENT_REPORTER
    • Enhancement & fixes for GitlabCommentReporter by @​nvuillam in #​2564
      • New var GITLAB_COMMENT_REPORTER_OVERWRITE_COMMENT to allow to disable the overwrite of existing MegaLinter comment in case of new run
      • In case of overwrite activated (by default), fetch all Merge Request comments, not the first 20.
      • Display a different message in log when a Merge Request comment is created or updated.
  • AZURE_COMMENT_REPORTER
    • Downgrade Azure DevOps pipy package to avoid crash by @​nvuillam in #​2576

• Documentation

  • Improve documentation pages split by @​nvuillam in #​2688
    • Now Installation and Configuration menus have their own child menus
  • Doc about how to use fine grained PAT by @​nvuillam in #​2662
  • Fixed incorrect link in Azure to Gitlab reporters pages. by @​Doommius in #​2613
  • Added bitbucket job template + Fix icon in console logs by @​Doommius in #​2617
  • Exclude licenses pages from online search results by @​nvuillam in #​2665
  • Improve HTML tables display by @​nvuillam in #​2670
  • Remove ASCII characters from linters helps displayed in MegaLinter documentation

• Internal CI

  • Upgrade GitHub Actions to change automated comments and increase timeout by @​nvuillam in #​2536
  • Use Github Permissions instead of PAT by @​nvuillam in #​2652
  • Update GitHub Actions workflows environments by @​nvuillam in #​2657
  • Automate External Plugins table generation using .automation/plugins.yml file by @​nvuillam in #​2667
  • Fix MegaLinter build issue by @​nvuillam in #​2539
  • Fix for trivy-action (new naming for input) by @​DariuszPorowski in #​2541
  • Fix /build slash command to checkout the correct PR branch by @​echoix in #​2542
  • Fix local run of python test cases by @​nvuillam in #​2565
  • Fix mkdocs documentation generation by downgrading mkdocs-glightbox to 0.3.2 by @​nvuillam in #​2582
  • Do not push to docker from dev PRs by @​nvuillam in #​2639
  • Update stale workflow: remove trigger on comments and explicit permissions by @​echoix in #​2641
  • Decouple updating docker pull stats from building docs by @​echoix in #​2677
  • Review MegaLinter's own cspell word list for outdated exclusions by @​echoix in #​2676
  • Run stale workflow only on schedule, by @​echoix in #​2641
  • Add explicit permissions to stale workflow, by @​echoix in #​2641

• Linter versions upgrades

  • actionlint from 1.6.23 to 1.6.24
  • ansible-lint from 6.14.4 to 6.16.2
  • bicep_linter from 0.15.31 to 0.17.1
  • cfn-lint from 0.76.1 to 0.77.5
  • checkov from 2.3.149 to 2.3.259
  • checkstyle from 10.9.3 to 10.11.0
  • clippy from 0.1.68 to 0.1.69
  • clj-kondo from 2023.03.17 to 2023.05.18
  • csharpier from 0.23.0 to 0.24.2
  • djlint from 1.19.16 to 1.29.0
  • dotnet-format from 6.0.407 to 6.0.408
  • eslint-plugin-jsonc from 2.7.0 to 2.8.0
  • eslint from 8.37.0 to 8.41.0
  • git_diff from 2.38.4 to 2.38.5
  • gitleaks from 8.16.1 to 8.16.3
  • jscpd from 3.5.4 to 3.5.9
  • jsonlint from 14.0.2 to 14.0.3
  • kics from 1.6.13 to 1.7.1
  • ktlint from 0.48.2 to 0.49.1
  • kubeconform from 0.5.0 to 0.6.1
  • kubescape from 2.3.1 to 2.3.3
  • markdown-link-check from 3.10.3 to 3.11.2
  • mypy from 1.1.1 to 1.3.0
  • phplint from 5.5 to 9.0.4
  • phpstan from 1.10.10 to 1.10.15
  • pmd from 6.48.0 to 6.55.0
  • powershell from 7.3.3 to 7.3.4
  • powershell_formatter from 7.3.3 to 7.3.4
  • prettier from 2.8.7 to 2.8.8
  • protolint from 0.43.1 to 0.44.0
  • psalm from Psalm.5.9.0@​ to Psalm.5.12.0@​
  • puppet-lint from 3.3.0 to 4.0.0
  • pylint from 2.17.2 to 2.17.4
  • pyright from 1.1.301 to 1.1.310
  • revive from 1.3.1 to 1.3.2
  • rubocop from 1.49.0 to 1.51.0
  • ruff from 0.0.260 to 0.0.270
  • semgrep from 1.16.0 to 1.23.0
  • sfdx-scanner-apex from 3.11.0 to 3.12.0
  • sfdx-scanner-aura from 3.11.0 to 3.12.0
  • sfdx-scanner-lwc from 3.11.0 to 3.12.0
  • snakefmt from 0.8.3 to 0.8.4
  • snakemake from 7.25.0 to 7.26.0
  • spectral from 6.6.0 to 6.8.0
  • sqlfluff from 2.0.2 to 2.1.1
  • stylelint from 15.4.0 to 15.6.2
  • swiftlint from 0.51.0 to 0.52.2
  • syft from 0.76.0 to 0.82.0
  • terraform-fmt from 1.4.4 to 1.4.6
  • terragrunt from 0.45.0 to 0.45.11
  • terrascan from 1.18.0 to 1.18.1
  • tflint from 0.45.0 to 0.46.1
  • trivy from 0.39.0 to 0.41.0
  • v8r from 1.0.0 to 2.0.0
  • vale from 2.24.0 to 2.27.0
  • xmllint from 21003 to 21004
  • yamllint from 1.30.0 to 1.32.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.