Merge remote-tracking branch 'origin/main' into github-unique-marker

oxsecurity · Dec 10, 2023 · 18304d7 · 18304d7
2 parents e442858 + dd1f87d
commit 18304d7
Show file tree

Hide file tree

Showing 198 changed files with 1,534 additions and 1,385 deletions.
diff --git a/.automation/generated/linter-helps.json b/.automation/generated/linter-helps.json
diff --git a/.automation/generated/linter-licenses.json b/.automation/generated/linter-licenses.json
@@ -9,6 +9,7 @@
     "checkmake": "MIT",
     "checkov": "Apache-2.0",
     "checkstyle": "LGPL-2.1",
+    "clang-format": "Other",
     "clippy": "Other",
     "clj-kondo": "EPL-1.0",
     "cljstyle": "EPL-1.0",

diff --git a/.automation/generated/linter-versions.json b/.automation/generated/linter-versions.json
@@ -2,13 +2,13 @@
     "actionlint": "1.6.26",
     "ansible-lint": "6.22.1",
     "arm-ttk": "0.0.0",
-    "bandit": "1.7.5",
+    "bandit": "1.7.6",
     "bash-exec": "5.2.15",
     "bicep_linter": "0.23.1",
     "black": "23.11.0",
     "cfn-lint": "0.83.4",
     "checkmake": "0.2.0",
-    "checkov": "3.1.27",
+    "checkov": "3.1.28",
     "checkstyle": "10.12.6",
     "chktex": "1.7.8",
     "clang-format": "16.0.6",
@@ -40,7 +40,7 @@
     "hadolint": "2.12.0",
     "helm": "3.11.3",
     "htmlhint": "1.1.4",
-    "isort": "5.12.0",
+    "isort": "5.13.0",
     "jscpd": "3.5.10",
     "jsonlint": "14.0.3",
     "kics": "1.7.11",
@@ -50,24 +50,24 @@
     "kubeval": "0.16.1",
     "lightning-flow-scanner": "2.16.0",
     "lintr": "0.0.0",
-    "luacheck": "1.1.1",
+    "luacheck": "1.1.2",
     "lychee": "0.13.0",
     "markdown-link-check": "3.11.2",
     "markdown-table-formatter": "1.5.0",
-    "markdownlint": "0.37.0",
+    "markdownlint": "0.38.0",
     "misspell": "0.3.4",
     "mypy": "1.7.1",
     "npm-groovy-lint": "13.0.2",
     "npm-package-json-lint": "7.1.0",
     "perlcritic": "1.152",
     "php": "7.4.26",
-    "phpcs": "3.7.2",
+    "phpcs": "3.8.0",
     "phplint": "9.0.6",
-    "phpstan": "1.10.47",
+    "phpstan": "1.10.48",
     "pmd": "6.55.0",
     "powershell": "7.4.0",
     "powershell_formatter": "7.4.0",
-    "prettier": "3.1.0",
+    "prettier": "3.1.1",
     "proselint": "0.13.0",
     "protolint": "0.46.3",
     "psalm": "Psalm.5.17.0@",
@@ -104,7 +104,7 @@
     "syft": "0.98.0",
     "tekton-lint": "0.6.0",
     "terraform-fmt": "1.6.5",
-    "terragrunt": "0.53.8",
+    "terragrunt": "0.54.0",
     "terrascan": "1.18.3",
     "tflint": "0.49.0",
     "trivy": "0.48.0",

diff --git a/.automation/test/yaml/yml_bad_2.yml b/.automation/test/yaml/yml_bad_2.yml
@@ -0,0 +1,17 @@
+#####################
+#####################
+## Heres some vars ##
+#####################
+#####################
+
+############
+# Env Vars #
+############
+env:
+  browser: here: there : again "yep"
+  es6: 0
+  jest: yes
+
+Here: there 'is' something going on
+
+something: "For 'Nothing'" 123
diff --git a/.github/workflows/automerge-dependabot.yml b/.github/workflows/automerge-dependabot.yml
@@ -47,7 +47,7 @@ jobs:
 
       - name: merge
         if: steps.wait-for-build.outputs.conclusion == 'success' || steps.wait-for-build.outputs.conclusion == 'skipped' && steps.wait-for-ci.outputs.conclusion == 'success'
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           script: |
             github.pulls.createReview({

diff --git a/.github/workflows/build-command.yml b/.github/workflows/build-command.yml
@@ -63,7 +63,7 @@ jobs:
           repository: ${{ github.event.inputs.checkout-repository }}
           ref: ${{ github.event.inputs.checkout-ref }}
       - name: Setup Python
-        uses: actions/setup-python@v4.7.1
+        uses: actions/setup-python@v5
         with:
           # Version range or exact version of Python or PyPy to use, using SemVer's version range syntax. Reads from .python-version if unset.
           python-version-file: '.python-version' # Read python version from a file .python-version

diff --git a/.github/workflows/build-deploy-docs.yml b/.github/workflows/build-deploy-docs.yml
@@ -26,7 +26,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - uses: actions/setup-python@v4.5.0
+      - uses: actions/setup-python@v5
         with:
           python-version: 3.12.0
       - run: pip install --upgrade -r .config/python/dev/requirements.txt

diff --git a/.github/workflows/deploy-RELEASE.yml b/.github/workflows/deploy-RELEASE.yml
@@ -152,7 +152,7 @@ jobs:
           echo "curr tag ${{ steps.version.outputs.ctag }}"
           echo "prev ver ${{ steps.version.outputs.pversion }}"
           echo "curr ver ${{ steps.version.outputs.cversion }}"
-      - uses: actions/setup-python@v4.5.0
+      - uses: actions/setup-python@v5
         with:
           python-version: 3.12.0
       - run: pip install --upgrade -r .config/python/dev/requirements.txt

diff --git a/.github/workflows/gitpod.yml b/.github/workflows/gitpod.yml
@@ -21,7 +21,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version-file: '.python-version' # Read python version from a file .python-version
 

diff --git a/.github/workflows/slash-command-dispatch.yml b/.github/workflows/slash-command-dispatch.yml
@@ -19,7 +19,7 @@ jobs:
         env:
           EVENT_CONTEXT: ${{ toJson(github.event) }}
         run: echo "$EVENT_CONTEXT"
-      - uses: actions/github-script@v6
+      - uses: actions/github-script@v7
         id: get-pr
         with:
           script: |

diff --git a/.github/workflows/test-mkdocs.yml b/.github/workflows/test-mkdocs.yml
@@ -18,7 +18,7 @@ jobs:
     permissions: read-all
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-python@v4.5.0
+      - uses: actions/setup-python@v5
         with:
           python-version: 3.12.0
       - run: pip install --upgrade -r .config/python/dev/requirements.txt

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,94 +12,85 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
   - Update base java apk package to openjdk 17 by @nvuillam in https://github.com/oxsecurity/megalinter/pull/3160
   - Update dotnet linters to .NET 7 by @bdovaz in https://github.com/oxsecurity/megalinter/pull/2402
 
+- Media
+
+- New linters
+
+- Fixes
+
+- Doc
+  - Upgrade url to [PHP CodeSniffer](https://github.com/PHPCSStandards/PHP_CodeSniffer), as now the original repo is not maintained anymore.
+
+- CI
+
+- Linter versions upgrades
+  - [prettier](https://prettier.io/) from 3.1.0 to **3.1.1** on 2023-12-10
+  - [checkov](https://www.checkov.io/) from 3.1.27 to **3.1.28** on 2023-12-10
+<!-- linter-versions-end -->
+
+## [v7.7.0] - 2023-12-09
+
+- Core
+  - Update base java apk package to openjdk 17 by @nvuillam in <https://github.com/oxsecurity/megalinter/pull/3160>
+  - Update dotnet linters to .NET 7 by @bdovaz in <https://github.com/oxsecurity/megalinter/pull/2402>
+
 - Media
   - [Try using MegaLinter (article in japanese)](https://future-architect.github.io/articles/20231129a/?s=03) by [Takashi Minayaga](https://future-architect.github.io/authors/%E5%AE%AE%E6%B0%B8%E5%B4%87%E5%8F%B2)
 
 - New linters
   - Add [clang-format](https://releases.llvm.org/16.0.0/tools/clang/docs/ClangFormat.html) c & cpp formatting linter including "apply fix" support
-  - Add [Roslynator](https://github.com/dotnet/roslynator) C# linter by @bdovaz in https://github.com/oxsecurity/megalinter/pull/3155
+  - Add [Roslynator](https://github.com/dotnet/roslynator) C# linter by @bdovaz in <https://github.com/oxsecurity/megalinter/pull/3155>
 
 - Fixes
   - Call jscpd with `--gitignore` to ignore copy-pastes in files matching `.gitignore`
   - cpplint: Dynamically add the list of extensions from list of files in --extensions parameter
-  - Fix mkdocs generation + CI control job by @nvuillam in https://github.com/oxsecurity/megalinter/pull/3135
-  - Add semgrep ruleset to validation schema by @wesley-dean-flexion in https://github.com/oxsecurity/megalinter/pull/3164
+  - Fix mkdocs generation + CI control job by @nvuillam in <https://github.com/oxsecurity/megalinter/pull/3135>
+  - Add semgrep ruleset to validation schema by @wesley-dean-flexion in <https://github.com/oxsecurity/megalinter/pull/3164>
   - Downgrade stylelint to avoid crash with not v16 compliant dependencies
+  - Fix count of yaml-lint errors
+  - Remove openssl reinstall, as base image has updated version from alpine 3.18.5 by @echoix in <https://github.com/oxsecurity/megalinter/pull/3181>
 
 - CI
   - Add arguments to make use of pytest-xdist, by @echoix
 
 - Linter versions upgrades
-  - [checkov](https://www.checkov.io/) from 3.0.39 to **3.0.40** on 2023-11-19
-  - [phpstan](https://phpstan.org/) from 1.10.42 to **1.10.43** on 2023-11-19
-  - [npm-groovy-lint](https://nvuillam.github.io/npm-groovy-lint/) from 12.1.0 to **12.1.1** on 2023-11-19
-  - [checkov](https://www.checkov.io/) from 3.0.40 to **3.1.4** on 2023-11-21
-  - [gitleaks](https://github.com/gitleaks/gitleaks) from 8.18.0 to **8.18.1** on 2023-11-21
-  - [trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.63.0 to **3.63.1** on 2023-11-21
-  - [terragrunt](https://terragrunt.gruntwork.io) from 0.53.4 to **0.53.5** on 2023-11-21
-  - [checkov](https://www.checkov.io/) from 3.1.4 to **3.1.7** on 2023-11-21
-  - [phpstan](https://phpstan.org/) from 1.10.43 to **1.10.44** on 2023-11-21
-  - [puppet-lint](http://puppet-lint.com/) from 4.2.1 to **4.2.2** on 2023-11-21
-  - [checkov](https://www.checkov.io/) from 3.1.7 to **3.1.9** on 2023-11-21
-  - [trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.63.1 to **3.63.2** on 2023-11-21
-  - [psalm](https://psalm.dev) from Psalm.5.15.0@ to **Psalm.5.16.0@** on 2023-11-22
-  - [puppet-lint](http://puppet-lint.com/) from 4.2.2 to **4.2.3** on 2023-11-22
-  - [pyright](https://github.com/Microsoft/pyright) from 1.1.336 to **1.1.337** on 2023-11-22
-  - [csharpier](https://csharpier.com/) from 0.26.2 to **0.26.3** on 2023-11-23
-  - [npm-groovy-lint](https://nvuillam.github.io/npm-groovy-lint/) from 12.1.1 to **12.1.2** on 2023-11-23
-  - [mypy](https://mypy.readthedocs.io/en/stable/) from 1.7.0 to **1.7.1** on 2023-11-23
-  - [checkov](https://www.checkov.io/) from 3.1.9 to **3.1.10** on 2023-11-23
-  - [terragrunt](https://terragrunt.gruntwork.io) from 0.53.5 to **0.53.6** on 2023-11-23
-  - [checkov](https://www.checkov.io/) from 3.1.10 to **3.1.11** on 2023-11-24
-  - [lightning-flow-scanner](https://github.com/Lightning-Flow-Scanner) from 2.15.0 to **2.16.0** on 2023-11-24
-  - [markdown-table-formatter](https://www.npmjs.com/package/markdown-table-formatter) from 1.4.0 to **1.5.0** on 2023-11-25
-  - [npm-groovy-lint](https://nvuillam.github.io/npm-groovy-lint/) from 12.1.2 to **12.2.0** on 2023-11-26
-  - [checkov](https://www.checkov.io/) from 3.1.11 to **3.1.14** on 2023-11-26
-  - [npm-groovy-lint](https://nvuillam.github.io/npm-groovy-lint/) from 12.2.0 to **13.0.0** on 2023-11-26
-  - [checkov](https://www.checkov.io/) from 3.1.14 to **3.1.15** on 2023-11-26
-  - [secretlint](https://github.com/secretlint/secretlint) from 7.1.0 to **7.2.0** on 2023-11-27
-  - [phpstan](https://phpstan.org/) from 1.10.44 to **1.10.45** on 2023-11-27
-  - [checkov](https://www.checkov.io/) from 3.1.15 to **3.1.17** on 2023-11-27
-  - [phpstan](https://phpstan.org/) from 1.10.45 to **1.10.46** on 2023-11-28
-  - [checkov](https://www.checkov.io/) from 3.1.17 to **3.1.18** on 2023-11-28
-  - [terragrunt](https://terragrunt.gruntwork.io) from 0.53.6 to **0.53.7** on 2023-11-28
-  - [terragrunt](https://terragrunt.gruntwork.io) from 0.53.7 to **0.53.8** on 2023-11-29
-  - [pyright](https://github.com/Microsoft/pyright) from 1.1.337 to **1.1.338** on 2023-11-29
-  - [checkov](https://www.checkov.io/) from 3.1.18 to **3.1.19** on 2023-11-29
-  - [secretlint](https://github.com/secretlint/secretlint) from 7.2.0 to **8.0.0** on 2023-11-29
-  - [ansible-lint](https://ansible-lint.readthedocs.io/) from 6.22.0 to **6.22.1** on 2023-11-29
-  - [semgrep](https://semgrep.dev/) from 1.50.0 to **1.51.0** on 2023-11-29
-  - [syft](https://github.com/anchore/syft) from 0.97.1 to **0.98.0** on 2023-11-29
-  - [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) from 0.83.3 to **0.83.4** on 2023-12-04
-  - [csharpier](https://csharpier.com/) from 0.26.3 to **0.26.4** on 2023-12-04
-  - [dotnet-format](https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-format) from 6.0.417 to **7.0.114** on 2023-12-04
-  - [roslynator](https://github.com/JosefPihrt/Roslynator) from 0.8.0.0 to **0.8.1.0** on 2023-12-04
-  - [eslint](https://eslint.org) from 8.54.0 to **8.55.0** on 2023-12-04
-  - [phplint](https://github.com/overtrue/phplint) from 9.0.4 to **9.0.6** on 2023-12-04
-  - [phpstan](https://phpstan.org/) from 1.10.46 to **1.10.47** on 2023-12-04
-  - [psalm](https://psalm.dev) from Psalm.5.16.0@ to **Psalm.5.17.0@** on 2023-12-04
-  - [ruff](https://github.com/astral-sh/ruff) from 0.1.6 to **0.1.7** on 2023-12-04
-  - [checkov](https://www.checkov.io/) from 3.1.19 to **3.1.21** on 2023-12-04
-  - [rubocop](https://rubocop.org/) from 1.57.2 to **1.58.0** on 2023-12-04
-  - [cspell](https://github.com/streetsidesoftware/cspell/tree/master/packages/cspell) from 8.0.0 to **8.1.2** on 2023-12-04
-  - [terraform-fmt](https://developer.hashicorp.com/terraform/cli/commands/fmt) from 1.6.4 to **1.6.5** on 2023-12-04
-  - [checkov](https://www.checkov.io/) from 3.1.21 to **3.1.23** on 2023-12-05
-  - [trivy-sbom](https://aquasecurity.github.io/trivy/) from 0.47.0 to **0.48.0** on 2023-12-05
-  - [trivy](https://aquasecurity.github.io/trivy/) from 0.47.0 to **0.48.0** on 2023-12-05
-  - [sfdx-scanner-apex](https://forcedotcom.github.io/sfdx-scanner/) from 3.18.0 to **3.19.0** on 2023-12-05
-  - [sfdx-scanner-aura](https://forcedotcom.github.io/sfdx-scanner/) from 3.18.0 to **3.19.0** on 2023-12-05
-  - [sfdx-scanner-lwc](https://forcedotcom.github.io/sfdx-scanner/) from 3.18.0 to **3.19.0** on 2023-12-05
-  - [checkov](https://www.checkov.io/) from 3.1.23 to **3.1.24** on 2023-12-05
-  - [semgrep](https://semgrep.dev/) from 1.51.0 to **1.52.0** on 2023-12-05
-  - [npm-groovy-lint](https://nvuillam.github.io/npm-groovy-lint/) from 13.0.0 to **13.0.1** on 2023-12-06
-  - [pyright](https://github.com/Microsoft/pyright) from 1.1.338 to **1.1.339** on 2023-12-06
-  - [checkov](https://www.checkov.io/) from 3.1.24 to **3.1.25** on 2023-12-06
-  - [vale](https://vale.sh/) from 2.29.7 to **2.30.0** on 2023-12-06
-  - [npm-groovy-lint](https://nvuillam.github.io/npm-groovy-lint/) from 13.0.1 to **13.0.2** on 2023-12-07
-  - [checkstyle](https://checkstyle.sourceforge.io) from 10.12.5 to **10.12.6** on 2023-12-07
-  - [checkov](https://www.checkov.io/) from 3.1.25 to **3.1.27** on 2023-12-07
-  - [cspell](https://github.com/streetsidesoftware/cspell/tree/master/packages/cspell) from 8.1.2 to **8.1.3** on 2023-12-07
-<!-- linter-versions-end -->
+  - [ansible-lint](https://ansible-lint.readthedocs.io/) from 6.22.0 to **6.22.1**
+  - [bandit](https://bandit.readthedocs.io/en/latest/) from 1.7.5 to **1.7.6**
+  - [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) from 0.83.3 to **0.83.4**
+  - [checkov](https://www.checkov.io/) from 3.0.39 to **3.1.25**
+  - [checkstyle](https://checkstyle.sourceforge.io) from 10.12.5 to **10.12.6**
+  - [csharpier](https://csharpier.com/) from 0.26.2 to **0.26.4**
+  - [cspell](https://github.com/streetsidesoftware/cspell/tree/master/packages/cspell) from 8.0.0 to **8.1.3**
+  - [dotnet-format](https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-format) from 6.0.417 to **7.0.114**
+  - [eslint](https://eslint.org) from 8.54.0 to **8.55.0**
+  - [gitleaks](https://github.com/gitleaks/gitleaks) from 8.18.0 to **8.18.1**
+  - [isort](https://pycqa.github.io/isort/) from 5.12.0 to **5.13.0**
+  - [lightning-flow-scanner](https://github.com/Lightning-Flow-Scanner) from 2.15.0 to **2.16.0**
+  - [luacheck](https://luacheck.readthedocs.io) from 1.1.1 to **1.1.2**
+  - [markdown-table-formatter](https://www.npmjs.com/package/markdown-table-formatter) from 1.4.0 to **1.5.0**
+  - [markdownlint](https://github.com/DavidAnson/markdownlint) from 0.37.0 to **0.38.0**
+  - [mypy](https://mypy.readthedocs.io/en/stable/) from 1.7.0 to **1.7.1**
+  - [npm-groovy-lint](https://nvuillam.github.io/npm-groovy-lint/) from 12.1.0 to **13.0.2**
+  - [phpcs](https://github.com/squizlabs/PHP_CodeSniffer) from 3.7.2 to **3.8.0**
+  - [phplint](https://github.com/overtrue/phplint) from 9.0.4 to **9.0.6**
+  - [phpstan](https://phpstan.org/) from 1.10.42 to **1.10.48**
+  - [psalm](https://psalm.dev) from Psalm.5.15.0@ to **Psalm.5.17.0@**
+  - [puppet-lint](http://puppet-lint.com/) from 4.2.1 to **4.2.3**
+  - [pyright](https://github.com/Microsoft/pyright) from 1.1.336 to **1.1.339**
+  - [roslynator](https://github.com/JosefPihrt/Roslynator) from 0.8.0.0 to **0.8.1.0**
+  - [rubocop](https://rubocop.org/) from 1.57.2 to **1.58.0**
+  - [ruff](https://github.com/astral-sh/ruff) from 0.1.6 to **0.1.7**
+  - [secretlint](https://github.com/secretlint/secretlint) from 7.1.0 to **8.0.0**
+  - [semgrep](https://semgrep.dev/) from 1.50.0 to **1.52.0**
+  - [sfdx-scanner-apex](https://forcedotcom.github.io/sfdx-scanner/) from 3.18.0 to **3.19.0**
+  - [sfdx-scanner-aura](https://forcedotcom.github.io/sfdx-scanner/) from 3.18.0 to **3.19.0**
+  - [sfdx-scanner-lwc](https://forcedotcom.github.io/sfdx-scanner/) from 3.18.0 to **3.19.0**
+  - [syft](https://github.com/anchore/syft) from 0.97.1 to **0.98.0**
+  - [terraform-fmt](https://developer.hashicorp.com/terraform/cli/commands/fmt) from 1.6.4 to **1.6.5**
+  - [terragrunt](https://terragrunt.gruntwork.io) from 0.53.4 to **0.54.0**
+  - [trivy](https://aquasecurity.github.io/trivy/) from 0.47.0 to **0.48.0**
+  - [trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.63.0 to **3.63.2**
+  - [vale](https://vale.sh/) from 2.29.7 to **2.30.0**
 
 ## [v7.6.0] - 2023-11-19
 

diff --git a/Dockerfile b/Dockerfile
@@ -88,7 +88,6 @@ RUN apk add --no-cache \
                 make \
                 musl-dev \
                 openssh \
-                openssl \
                 docker \
                 openrc \
                 icu-libs \
@@ -117,6 +116,7 @@ RUN apk add --no-cache \
                 gcompat \
                 libc6-compat \
                 libstdc++ \
+                openssl \
                 readline-dev \
                 g++ \
                 libc-dev \
@@ -210,7 +210,7 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 @coffeelint/cli \
                 jscpd \
                 [email protected] \
-                stylelint-config-standard \
+                stylelint-config-standard@34.0.0 \
                 stylelint-config-sass-guidelines \
                 stylelint-scss \
                 gherkin-lint \
@@ -625,7 +625,7 @@ RUN wget --quiet https://github.com/pmd/pmd/releases/download/pmd_releases%2F${P
 
 
 # phpcs installation
-RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && phive --no-progress install phpcs -g --trust-gpg-keys 31C7E470E2138192
+RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && phive --no-progress install phpcs -g --trust-gpg-keys 31C7E470E2138192,95DE904AB800754A11D80B605E6DDE998AB73B8E
 
 
 # phpstan installation