chore(deps): update oxsecurity/megalinter action to v9 #22

renovate · 2025-09-20T13:30:56Z

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

This PR contains the following updates:

Package	Type	Update	Change
oxsecurity/megalinter	action	major	`v7` -> `v9`

Release Notes

oxsecurity/megalinter (oxsecurity/megalinter)

`v9`

Compare Source

Fix v9 release issue

`v8`

Compare Source

Core
- Retrieve SARIF errors and warnings correctly, by @bdovaz in #4837
Linters enhancements
- More config file name checks for ansible-lint activation, by @nvuillam in #5590
Fixes
- Fix crash when the markdown table summary is empty, by @nvuillam in #5363
- Downgrade click to make rstcheck work again, by @nvuillam in #5387
Doc
- Display hash as plain text in markdown, by @johndutchover in #5420
Flavors
- Add Gherkin descriptor in java flavor, by @nvuillam in #5592
CI
- Fix rust setup & disable codecov-cli, by @nvuillam in #5579
Linter versions upgrades (50)
- ansible-lint from 25.4.0 to 25.5.0
- bicep_linter from 0.35.1 to 0.36.1
- cfn-lint from 1.34.2 to 1.36.0
- checkstyle from 10.23.1 to 10.25.0
- clippy from 0.1.86 to 0.1.87
- clj-kondo from 2025.04.07 to 2025.06.05
- csharpier from 1.0.1 to 1.0.2
- cspell from 8.19.4 to 9.1.1
- dartanalyzer from 3.7.3 to 3.8.1
- devskim from 1.0.56 to 1.0.59
- dotnet-format from 9.0.105 to 9.0.106
- editorconfig-checker from 3.2.1 to 3.3.0
- gitleaks from 8.25.1 to 8.27.2
- golangci-lint from 2.1.5 to 2.1.6
- grype from 0.91.2 to 0.94.0
- htmlhint from 1.1.4 to 1.5.1
- kics from 2.1.7 to 2.1.10
- ktlint from 1.5.0 to 1.6.0
- kubeconform from 0.6.7 to 0.7.0
- lightning-flow-scanner from 3.8.0 to 3.23.0
- ls-lint from 2.3.0 to 2.3.1
- markdownlint from 0.44.0 to 0.45.0
- mypy from 1.15.0 to 1.16.0
- npm-groovy-lint from 15.1.0 to 15.2.0
- phpcs from 3.12.2 to 3.13.1
- phpstan from 2.1.14 to 2.1.17
- pmd from 7.13.0 to 7.14.0
- protolint from 0.54.1 to 0.55.6
- psalm from Psalm.6.10.2@ to Psalm.6.12.0@
- pylint from 3.3.6 to 3.3.7
- pyright from 1.1.400 to 1.1.402
- revive from 1.9.0 to 1.10.0
- rstcheck from 6.2.4 to 6.2.5
- rubocop from 1.75.4 to 1.76.1
- ruff from 0.11.8 to 0.11.13
- ruff-format from 0.11.8 to 0.11.13
- scalafix from 0.14.2 to 0.14.3
- secretlint from 9.3.2 to 10.1.0
- semgrep from 3.12 to 3.13
- sfdx-scanner-apex from 4.11.0 to 4.12.0
- sfdx-scanner-aura from 4.11.0 to 4.12.0
- sfdx-scanner-lwc from 4.11.0 to 4.12.0
- snakemake from 8.27.1 to 9.5.1
- sqlfluff from 3.4.0 to 3.4.1
- stylelint from 16.19.1 to 16.20.0
- syft from 1.23.1 to 1.27.1
- terraform-fmt from 1.11.4 to 1.12.2
- terragrunt from 0.78.0 to 0.81.6
- tflint from 0.57.0 to 0.58.0
- trivy from 0.62.0 to 0.63.0
- trivy-sbom from 0.62.0 to 0.63.0
- trufflehog from 3.88.27 to 3.89.1
- v8r from 4.4.0 to 5.0.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2025-09-20T13:32:40Z

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
❌ ACTION	actionlint	3		1	0	0.27s
✅ JAVASCRIPT	prettier	1	1	0	0	0.44s
✅ JSON	jsonlint	8		0	0	0.22s
✅ JSON	npm-package-json-lint	yes		no	no	0.44s
✅ JSON	prettier	8	2	0	0	0.39s
✅ JSON	v8r	8		0	0	7.15s
⚠️ MARKDOWN	markdownlint	9	0	20	0	0.82s
✅ MARKDOWN	markdown-table-formatter	9	0	0	0	0.33s
✅ REPOSITORY	gitleaks	yes		no	no	0.15s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
❌ REPOSITORY	grype	yes		5	no	26.5s
❌ REPOSITORY	secretlint	yes		1	no	0.37s
✅ REPOSITORY	syft	yes		no	no	1.28s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.14s
✅ REPOSITORY	trufflehog	yes		no	no	2.74s
⚠️ SPELL	cspell	27		117	0	6.79s
❌ SPELL	lychee	24		8	0	1.06s
⚠️ SPELL	proselint	9		5	0	7.03s
✅ YAML	prettier	7	3	0	0	0.54s
✅ YAML	yamllint	7		0	0	0.47s

Detailed Issues

❌ ACTION / actionlint - 1 error

.github/workflows/megalinter.yml:101:13: if: condition "${{ success() }} || ${{ failure() }}" is always evaluated to true because extra characters are around ${{ }} [if-cond]
    |
101 |         if: ${{ success() }} || ${{ failure() }}
    |             ^~~

❌ REPOSITORY / grype - 5 errors

[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
NAME            INSTALLED  FIXED IN  TYPE  VULNERABILITY        SEVERITY  EPSS           RISK   
braces          3.0.2      3.0.3     npm   GHSA-grv7-fg5c-xmjg  High      0.2% (45th)    0.2    
cross-spawn     5.1.0      6.0.6     npm   GHSA-3xgq-45jj-v275  High      0.1% (33rd)    < 0.1  
micromatch      4.0.5      4.0.8     npm   GHSA-952p-6rrq-rcjv  Medium    0.1% (32nd)    < 0.1  
@babel/runtime  7.24.1     7.26.10   npm   GHSA-968p-4wvh-cqc8  Medium    < 0.1% (15th)  < 0.1  
tmp             0.0.33     0.2.4     npm   GHSA-52f5-9888-hmc6  Low       < 0.1% (9th)   < 0.1
[0026] ERROR discovered vulnerabilities at or above the severity threshold

❌ SPELL / lychee - 8 errors

[404] https://megalinter.github.io/flavors/ | Network error: Not Found
[404] https://megalinter.github.io/configuration/ | Network error: Not Found
[404] https://api.github.com/repos/$ | Network error: Not Found
[404] https://github.com/$ | Network error: Not Found
[404] https://github.com/openzeppelin/compound-monitoring-v3/workflows | Network error: Not Found
[403] https://faucet.polygon.technology/ | Network error: Forbidden
[404] https://reqbin.com/req/ | Network error: Not Found
[404] https://github.com/openzeppelin/compound-monitoring-v3/actions | Network error: Not Found
📝 Summary
---------------------
🔍 Total...........31
✅ Successful......23
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........0
❓ Unknown..........0
🚫 Errors...........8

Errors in .github/markdown-link-check.json
[404] https://github.com/openzeppelin/compound-monitoring-v3/actions | Network error: Not Found
[404] https://github.com/openzeppelin/compound-monitoring-v3/workflows | Network error: Not Found
[403] https://faucet.polygon.technology/ | Network error: Forbidden
[404] https://reqbin.com/req/ | Network error: Not Found

Errors in .github/workflows/megalinter.yml
[404] https://megalinter.github.io/configuration/ | Network error: Not Found
[404] https://api.github.com/repos/$ | Network error: Not Found
[404] https://github.com/$ | Network error: Not Found
[404] https://megalinter.github.io/flavors/ | Network error: Not Found

❌ REPOSITORY / secretlint - 1 error

TypeError [ERR_PARSE_ARGS_UNKNOWN_OPTION]: Unknown option '--secretlintignores'. To specify a positional argument starting with a '-', place it at the end of the command after '--', as in '-- "--secretlintignores"
    at checkOptionUsage (node:internal/util/parse_args/parse_args:107:13)
    at node:internal/util/parse_args/parse_args:381:9
    at Array.forEach (<anonymous>)
    at parseArgs (node:internal/util/parse_args/parse_args:378:3)
    at file:///node-deps/node_modules/secretlint/module/cli.js:161:33
    at ModuleJob.run (node:internal/modules/esm/module_job:274:25)
    at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:644:26)
    at async file:///node-deps/node_modules/secretlint/bin/secretlint.js:14:26 {
  code: 'ERR_PARSE_ARGS_UNKNOWN_OPTION'
}

⚠️ SPELL / cspell - 117 errors

.gitignore:5:15      - Unknown word (pdflatex)   -- ## Core latex/pdflatex auxiliary files:
	 Suggestions: [plate, palate, pilate, plated, platen]
.gitignore:31:34     - Unknown word (bibtex)     -- Bibliography auxiliary files (bibtex/biblatex/biber):
	 Suggestions: [bite, bible, biter, bites, bitte]
.gitignore:31:41     - Unknown word (biblatex)   -- auxiliary files (bibtex/biblatex/biber):
	 Suggestions: [bible, blate, bibles, biflex, binate]
.gitignore:31:50     - Unknown word (biber)      -- files (bibtex/biblatex/biber):
	 Suggestions: [bier, baber, bider, biker, biter]
.gitignore:40:7      - Unknown word (latexmk)    -- *.fdb_latexmk
	 Suggestions: [latex, latex's, latex2e, latexes, Latex]
.gitignore:41:3      - Unknown word (synctex)    -- *.synctex
	 Suggestions: [synced, synnex, syntax, synched, Synnex]
.gitignore:42:3      - Unknown word (synctex)    -- *.synctex(busy)
	 Suggestions: [synced, synnex, syntax, synched, Synnex]
.gitignore:43:3      - Unknown word (synctex)    -- *.synctex.gz
	 Suggestions: [synced, synnex, syntax, synched, Synnex]
.gitignore:44:3      - Unknown word (synctex)    -- *.synctex.gz(busy)
	 Suggestions: [synced, synnex, syntax, synched, Synnex]
.gitignore:45:3      - Unknown word (pdfsync)    -- *.pdfsync
	 Suggestions: []
.gitignore:48:3      - Unknown word (latexrun)   -- # latexrun
	 Suggestions: [lateran, Lateran, laten, later, latex]
.gitignore:56:3      - Unknown word (achemso)    -- # achemso
	 Suggestions: [aches, ahems, ache's, acheson, Acheson]
.gitignore:59:3      - Unknown word (amsthm)     -- # amsthm
	 Suggestions: [alstom, asthma, Alstom, mash, mast]
.gitignore:62:3      - Unknown word (beamer)     -- # beamer
	 Suggestions: [beaker, beamed, bearer, beater, beaver]
.gitignore:74:3      - Unknown word (cprotect)   -- # cprotect
	 Suggestions: [project, correct, crotch, coronet, curtest]
.gitignore:77:3      - Unknown word (elsarticle) -- # elsarticle (documentclass of Elsevier
	 Suggestions: []
.gitignore:77:15     - Unknown word (documentclass) -- # elsarticle (documentclass of Elsevier journals
	 Suggestions: []
.gitignore:77:32     - Unknown word (Elsevier)      -- elsarticle (documentclass of Elsevier journals)
	 Suggestions: [elzevir, Elzevir, Leerier, elsie, Elsie]
.gitignore:86:3      - Unknown word (feynmf)        -- # feynmf/feynmp
	 Suggestions: [feynman, Feynman, feme, fend, fens]
.gitignore:86:10     - Unknown word (feynmp)        -- # feynmf/feynmp
	 Suggestions: [feynman, Feynman, feme, fend, fens]
.gitignore:93:8      - Unknown word (ledmac)        -- #(r)(e)ledmac/(r)(e)ledpar
	 Suggestions: [leda, leman, lemma, legman, lehman]
.gitignore:93:21     - Unknown word (ledpar)        -- #(r)(e)ledmac/(r)(e)ledpar
	 Suggestions: [lear, leda, lpar, leper, lidar]
.gitignore:102:3     - Unknown word (eledsec)       -- *.eledsec[1-9]
	 Suggestions: [leeds, eldest, elides, eludes, leeds's]
.gitignore:103:3     - Unknown word (eledsec)       -- *.eledsec[1-9]R
	 Suggestions: [leeds, eldest, elides, eludes, leeds's]
.gitignore:104:3     - Unknown word (eledsec)       -- *.eledsec[1-9][0-9]
	 Suggestions: [leeds, eldest, elides, eludes, leeds's]
.gitignore:105:3     - Unknown word (eledsec)       -- *.eledsec[1-9][0-9]R
	 Suggestions: [leeds, eldest, elides, eludes, leeds's]
.gitignore:106:3     - Unknown word (eledsec)       -- *.eledsec[1-9][0-9][0-9]
	 Suggestions: [leeds, eldest, elides, eludes, leeds's]
.gitignore:115:3     - Unknown word (glsdefs)       -- *.glsdefs
	 Suggestions: [glades, glides, glade's, glide's, gliders]
.gitignore:129:3     - Unknown word (gnuplottex)    -- # gnuplottex
	 Suggestions: [gnuplot, unplottext, unplotText, unPlottext, unPlotText]
.gitignore:130:3     - Unknown word (gnuplottex)    -- *-gnuplottex-*
	 Suggestions: [gnuplot, unplottext, unplotText, unPlottext, unPlotText]
.gitignore:132:3     - Unknown word (gregoriotex)   -- # gregoriotex
	 Suggestions: [gregorio, gregorio's]
.gitignore:133:3     - Unknown word (gaux)          -- *.gaux
	 Suggestions: [gaud, gaul, gaur, Gaul, eaux]
.gitignore:134:3     - Unknown word (glog)          -- *.glog
	 Suggestions: [geog, glob, glom, glop, glow]
.gitignore:135:3     - Unknown word (gtex)          -- *.gtex
	 Suggestions: [gte, GTE, tex, Tex, TeX]
.gitignore:137:3     - Unknown word (htlatex)       -- # htlatex
	 Suggestions: [latex, Latex, halted, halter, theater]
.gitignore:145:3     - Unknown word (hyperref)      -- # hyperref
	 Suggestions: [hyper, hyperon, herren, hyperion, hyperons]
.gitignore:148:3     - Unknown word (knitr)         -- # knitr
	 Suggestions: [knit, knits, intr, kier, kite]
.gitignore:150:43    - Unknown word (knitr)         -- next line if you use knitr and want to ignore its
	 Suggestions: [knit, knits, intr, kier, kite]
.gitignore:150:82    - Unknown word (tikz)          -- ignore its generated tikz files
	 Suggestions: [tike, tiki, tizz, taka, take]
.gitignore:151:5     - Unknown word (tikz)          -- # *.tikz
	 Suggestions: [tike, tiki, tizz, taka, take]
.gitignore:152:3     - Unknown word (tikz)          -- *-tikzDictionary
	 Suggestions: [tike, tiki, tizz, taka, take]
.gitignore:157:3     - Unknown word (luatexja)      -- # luatexja-ruby
	 Suggestions: [latex, latex's, latex2e, latexes]
.gitignore:158:3     - Unknown word (ltjruby)       -- *.ltjruby
	 Suggestions: []
.gitignore:160:3     - Unknown word (makeidx)       -- # makeidx
	 Suggestions: [makeindex, MakeIndex, maid, make, maced]
.gitignore:165:3     - Unknown word (minitoc)       -- # minitoc
	 Suggestions: [minio, manioc, minion, manitou, monitor]
.gitignore:178:3     - Unknown word (morewrites)    -- # morewrites
	 Suggestions: [moderates, morganites]
.gitignore:181:3     - Unknown wo

(Truncated to 5714 characters out of 16790)

⚠️ MARKDOWN / markdownlint - 20 errors

chapters/02_code.md:11:401 MD013/line-length Line length [Expected: 400; Actual: 480]
chapters/02_code.md:45:401 MD013/line-length Line length [Expected: 400; Actual: 595]
chapters/03_testing.md:10:401 MD013/line-length Line length [Expected: 400; Actual: 440]
chapters/03_testing.md:27:401 MD013/line-length Line length [Expected: 400; Actual: 472]
chapters/03_testing.md:29:401 MD013/line-length Line length [Expected: 400; Actual: 418]
chapters/03_testing.md:31:401 MD013/line-length Line length [Expected: 400; Actual: 547]
chapters/03_testing.md:35:401 MD013/line-length Line length [Expected: 400; Actual: 426]
chapters/04_auditing.md:5:401 MD013/line-length Line length [Expected: 400; Actual: 805]
chapters/04_auditing.md:9:401 MD013/line-length Line length [Expected: 400; Actual: 927]
chapters/04_auditing.md:13:401 MD013/line-length Line length [Expected: 400; Actual: 486]
chapters/04_auditing.md:19:401 MD013/line-length Line length [Expected: 400; Actual: 410]
chapters/05_deployments.md:27:401 MD013/line-length Line length [Expected: 400; Actual: 512]
chapters/05_deployments.md:31:401 MD013/line-length Line length [Expected: 400; Actual: 406]
chapters/05_deployments.md:33:401 MD013/line-length Line length [Expected: 400; Actual: 417]
chapters/05_deployments.md:37:401 MD013/line-length Line length [Expected: 400; Actual: 514]
chapters/05_deployments.md:38:401 MD013/line-length Line length [Expected: 400; Actual: 414]
chapters/05_deployments.md:43:401 MD013/line-length Line length [Expected: 400; Actual: 579]
README.md:9:401 MD013/line-length Line length [Expected: 400; Actual: 739]
README.md:11:401 MD013/line-length Line length [Expected: 400; Actual: 639]
README.md:13:401 MD013/line-length Line length [Expected: 400; Actual: 511]

⚠️ SPELL / proselint - 5 errors

chapters/01_planning.md:15:65: redundancy.garner Redundancy. Use 'interact' instead of 'interact with each other.'.
chapters/03_testing.md:3:64: garner.phrasal_adjectives.ly No hyphen is necessary in phrasal adjectives with an adverb ending in -ly, unless the -ly adverb is part of a longer phrase
chapters/05_deployments.md:9:42: weasel_words.very Substitute 'damn' every time you're inclined to write 'very'; your editor will delete it and the writing will be just as it should be. Found 4 times elsewhere.
chapters/05_deployments.md:11:255: redundancy.garner Redundancy. Use 'interact' instead of 'interact with each other.'.
chapters/06_operating.md:3:5: leonard.exclamation.30ppm More than 30 ppm of exclamations. Keep them under control.

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

Documentation: Custom Flavors
Command: npx [email protected] --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,JAVASCRIPT_PRETTIER,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_CSPELL,SPELL_PROSELINT,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT

chore(deps): update oxsecurity/megalinter action to v9

9045c5d

github-actions bot added the prod label Sep 20, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): update oxsecurity/megalinter action to v9 #22

chore(deps): update oxsecurity/megalinter action to v9 #22

Uh oh!

renovate bot commented Sep 20, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Sep 20, 2025

Uh oh!

Uh oh!

chore(deps): update oxsecurity/megalinter action to v9 #22

Are you sure you want to change the base?

chore(deps): update oxsecurity/megalinter action to v9 #22

Uh oh!

Conversation

renovate bot commented Sep 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v9

v8

Configuration

Uh oh!

github-actions bot commented Sep 20, 2025

❌MegaLinter analysis: Error

Detailed Issues

Uh oh!

Uh oh!

renovate bot commented Sep 20, 2025 •

edited

Loading

`v9`

`v8`