Skip to content

build(deps): bump oxsecurity/megalinter from 8.8.0 to 9.2.0#150

Merged
Richard Peters (richardapeters) merged 1 commit into
mainfrom
dependabot/github_actions/oxsecurity/megalinter-9.2.0
Jan 5, 2026
Merged

build(deps): bump oxsecurity/megalinter from 8.8.0 to 9.2.0#150
Richard Peters (richardapeters) merged 1 commit into
mainfrom
dependabot/github_actions/oxsecurity/megalinter-9.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Dec 22, 2025

Copy link
Copy Markdown
Contributor

Bumps oxsecurity/megalinter from 8.8.0 to 9.2.0.

Release notes

Sourced from oxsecurity/megalinter's releases.

v9.2.0

What's Changed

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

  • Core

  • New linters

  • Disabled linters

  • Deprecated linters

  • Removed linters

  • Media

  • Linters enhancements

  • Fixes

  • Reporters

    • Handle multiple MegaLinter runs on the same repo using custom value sent in variable MEGALINTER_MULTIRUN_KEY
    • Allow to override url to CI build in Git based reporters using REPORTERS_ACTION_RUN_URL variable
  • Doc

  • Flavors

  • CI

    • Free disk space on GitHub actions runner when releasing a new flavor
  • mega-linter-runner

  • Linter versions upgrades (N)

    • dotnet-format from 9.0.111 to 9.0.112 on 2025-12-01
    • phplint from 9.6.2 to 9.6.3 on 2025-12-01
    • terragrunt from 0.93.10 to 0.93.11 on 2025-12-01
    • ruff-format from 0.14.6 to 0.14.7 on 2025-12-03
    • ruff from 0.14.6 to 0.14.7 on 2025-12-03
    • kics from 2.1.16 to 2.1.17 on 2025-12-03
    • pylint from 4.0.3 to 4.0.4 on 2025-12-04
    • stylelint from 16.26.0 to 16.26.1 on 2025-12-04
    • trufflehog from 3.91.1 to 3.91.2 on 2025-12-04

... (truncated)

Commits
  • 55a59b2 Release MegaLinter v9.2.0
  • c94f8c8 prep release
  • bca0a38 chore(deps): update dependency rubocop-rails to v2.34.2 (#6648)
  • 8d505bf [automation] Auto-update linters version, help and documentation (#6659)
  • a7d0161 Add conversion from Jenkins variables to related Git provider variables (#6658)
  • 663b45a chore(deps): update mstruebing/editorconfig-checker docker tag to v3.6.0 (#6652)
  • 64fbcca chore(deps): update docker/metadata-action action to v5.10.0 (#6651)
  • b2f3c63 Hides regex compilation warning (#6657)
  • 0eac80b chore(deps): update zricethezav/gitleaks docker tag to v8.30.0 (#6653)
  • d1fdceb CI: Optimize standalone linters release perfs (#6656)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 8.8.0 to 9.2.0.
- [Release notes](https://github.com/oxsecurity/megalinter/releases)
- [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md)
- [Commits](oxsecurity/megalinter@e08c2b0...55a59b2)

---
updated-dependencies:
- dependency-name: oxsecurity/megalinter
  dependency-version: 9.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 22, 2025
@dependabot
dependabot Bot requested a review from EkelmansPh as a code owner December 22, 2025 04:20
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 22, 2025
@github-actions

Copy link
Copy Markdown
Contributor

⚠️MegaLinter analysis: Success with warnings

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 7 0 0 0.35s
✅ DOCKERFILE hadolint 1 0 0 0.34s
✅ JSON prettier 6 1 0 0 0.65s
✅ JSON v8r 6 0 0 3.31s
⚠️ MARKDOWN markdownlint 9 1 5 0 0.9s
✅ MARKDOWN markdown-table-formatter 9 1 0 0 0.43s
⚠️ REPOSITORY checkov yes no 1 15.55s
✅ REPOSITORY git_diff yes no no 0.09s
✅ REPOSITORY grype yes no no 28.31s
✅ REPOSITORY secretlint yes no no 1.31s
✅ REPOSITORY syft yes no no 1.24s
✅ REPOSITORY trivy yes no no 4.97s
✅ REPOSITORY trivy-sbom yes no no 0.22s
✅ REPOSITORY trufflehog yes no no 2.22s
⚠️ SPELL lychee 41 10 0 21.4s
✅ YAML prettier 11 0 0 0 0.76s
✅ YAML v8r 11 0 0 5.2s
✅ YAML yamllint 11 0 0 0.53s

Detailed Issues

⚠️ REPOSITORY / checkov - 1 warning
warning: Ensure that a user for the container has been created
   ┌─ Dockerfile.flex:1:1
   │  
 1 │ ╭ FROM ghcr.io/philips-software/amp-devcontainer-cpp:v6.0.2@sha256:36afaaa5ba4bc4e9bb471012db9733c26a210e315ddb33600f73bb9532b02a25 AS builder
 2 │ │ 
 3 │ │ HEALTHCHECK NONE
 4 │ │ 
   · │
29 │ │ ENTRYPOINT ["/flex/postmaster.flex"]
30 │ │ CMD ["--help"]
   │ ╰──────────────^
   │  
   = Ensure that a user for the container has been created
   = Ensure that a user for the container has been created

warning: 1 warnings emitted
⚠️ SPELL / lychee - 10 errors
[ERROR] https://confluence.atlas.philips.com/display/GITHUB/Contribution+Models | Network error: error sending request for url (https://confluence.atlas.philips.com/display/GITHUB/Contribution+Models) Maybe a certificate error?
[404] https://philips-software.github.io/amp-embedded-infra-lib/embedded_infrastructure_library/7.0.0/Echo.html | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/security | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/releases/latest | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/actions/workflows/linting-formatting.yml/badge.svg | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/actions | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/workflows/Continuous%20Integration/badge.svg | Network error: Not Found
[403] https://share.philips.com/sites/SWCoE/Lists/List%20of%20Business%20Categories/DispForm.aspx?ID=52 | Network error: Forbidden
[403] https://share.philips.com/sites/SWCoE/Lists/List%20of%20Business%20Categories/AllItems.aspx | Network error: Forbidden
[404] https://github.com/philips-internal/amp-postmaster/actions/workflows/linting-formatting.yml | Network error: Not Found
📝 Summary
---------------------
🔍 Total...........73
✅ Successful......63
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........0
❓ Unknown..........0
🚫 Errors..........10

Errors in README.md
[404] https://philips-software.github.io/amp-embedded-infra-lib/embedded_infrastructure_library/7.0.0/Echo.html | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/actions/workflows/linting-formatting.yml/badge.svg | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/actions/workflows/linting-formatting.yml | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/actions | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/workflows/Continuous%20Integration/badge.svg | Network error: Not Found

Errors in .github/philips-repo.yaml
[403] https://share.philips.com/sites/SWCoE/Lists/List%20of%20Business%20Categories/DispForm.aspx?ID=52 | Network error: Forbidden
[403] https://share.philips.com/sites/SWCoE/Lists/List%20of%20Business%20Categories/AllItems.aspx | Network error: Forbidden

Errors in .github/SECURITY.md
[404] https://github.com/philips-internal/amp-postmaster/releases/latest | Network error: Not Found
[404] https://github.com/philips-internal/amp-postmaster/security | Network error: Not Found

Errors in CONTRIBUTING.md
[ERROR] https://confluence.atlas.philips.com/display/GITHUB/Contribution+Models | Network error: error sending request for url (https://confluence.atlas.philips.com/display/GITHUB/Contribution+Models) Maybe a certificate error?
⚠️ MARKDOWN / markdownlint - 5 errors
CHANGELOG.md:28 MD024/no-duplicate-heading Multiple headings with the same content [Context: "Features"]
CHANGELOG.md:35 MD024/no-duplicate-heading Multiple headings with the same content [Context: "Bug Fixes"]
LICENSE.md:1 MD041/first-line-heading/first-line-h1 First line in a file should be a top-level heading [Context: "The MIT License (MIT) Copyrigh..."]
LICENSE.md:3:401 MD013/line-length Line length [Expected: 400; Actual: 432]
LICENSE.md:7:401 MD013/line-length Line length [Expected: 400; Actual: 460]

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

  • Documentation: Custom Flavors
  • Command: npx mega-linter-runner@9.2.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,DOCKERFILE_HADOLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security

@richardapeters
Richard Peters (richardapeters) merged commit 28ca2eb into main Jan 5, 2026
7 checks passed
@richardapeters
Richard Peters (richardapeters) deleted the dependabot/github_actions/oxsecurity/megalinter-9.2.0 branch January 5, 2026 08:12
@github-actions

github-actions Bot commented Jan 5, 2026

Copy link
Copy Markdown
Contributor

🎉 Hooray! The changes in this pull request went live with the release of v0.4.0 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant