oxsecurity
diff --git a/‎.automation/build.py
Lines changed: 17 additions & 13 deletions b/‎.automation/build.py
Lines changed: 17 additions & 13 deletions
diff --git a/‎.automation/generated/linter-helps.json
Lines changed: 161 additions & 89 deletions b/‎.automation/generated/linter-helps.json
Lines changed: 161 additions & 89 deletions
diff --git a/‎.automation/generated/linter-versions.json
Lines changed: 23 additions & 23 deletions b/‎.automation/generated/linter-versions.json
Lines changed: 23 additions & 23 deletions
diff --git a/‎.github/linters/.pylintrc
Lines changed: 1 addition & 1 deletion b/‎.github/linters/.pylintrc
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/build-command.yml
Lines changed: 2 additions & 1 deletion b/‎.github/workflows/build-command.yml
Lines changed: 2 additions & 1 deletion
diff --git a/‎CHANGELOG.md
Lines changed: 37 additions & 0 deletions b/‎CHANGELOG.md
Lines changed: 37 additions & 0 deletions
diff --git a/‎Dockerfile
Lines changed: 13 additions & 20 deletions b/‎Dockerfile
Lines changed: 13 additions & 20 deletions
@@ -522,16 +522,17 @@ def build_dockerfile(
             + '    && echo "Changing owner of node_modules files…" \\\n'
             + '    && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \\\n'
             + '    && echo "Removing extra node_module files…" \\\n'
-            + "    && rm -rf /root/.npm/_cacache \\\n"
-            + '    && find . -name "*.d.ts" -delete \\\n'
-            + '    && find . -name "*.map" -delete \\\n'
-            + '    && find . -name "*.npmignore" -delete \\\n'
-            + '    && find . -name "*.travis.yml" -delete \\\n'
-            + '    && find . -name "CHANGELOG.md" -delete \\\n'
-            + '    && find . -name "README.md" -delete \\\n'
-            + '    && find . -name ".package-lock.json" -delete \\\n'
-            + '    && find . -name "package-lock.json" -delete \\\n'
-            + '    && find . -name "README.md" -delete\n'
+            + '    && find . \\( -not -path "/proc" \\)'
+            + ' -and \\( -type f'
+            + ' \\( -iname "*.d.ts"'
+            + ' -o -iname "*.map"'
+            + ' -o -iname "*.npmignore"'
+            + ' -o -iname "*.travis.yml"'
+            + ' -o -iname "CHANGELOG.md"'
+            + ' -o -iname "README.md"'
+            + ' -o -iname ".package-lock.json"'
+            + ' -o -iname "package-lock.json"'
+            + ' \\) -o -type d -name /root/.npm/_cacache \\) -delete \n'
             + "WORKDIR /\n"
         )
     replace_in_file(dockerfile, "#NPM__START", "#NPM__END", npm_install_command)
@@ -543,7 +544,8 @@ def build_dockerfile(
             + " PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir --upgrade \\\n          '"
             + "' \\\n          '".join(list(dict.fromkeys(pip_packages)))
             + "' && \\\n"
-            + 'find . | grep -E "(/__pycache__$|\\.pyc$|\\.pyo$)" | xargs rm -rf && \\\n'
+            + r"find . \( -type f \( -iname \*.pyc -o -iname \*.pyo \) -o -type d -iname __pycache__ \) -delete"
+            + " \\\n    && "
             + "rm -rf /root/.cache"
         )
     replace_in_file(dockerfile, "#PIP__START", "#PIP__END", pip_install_command)
@@ -569,8 +571,10 @@ def build_dockerfile(
             env_path_command += f":/venvs/{pip_linter}/bin"
         pipenv_install_command = pipenv_install_command[:-2]  # remove last \
         pipenv_install_command += (
-            ' \\\n    && find . | grep -E "(/__pycache__$|\\.pyc$|\\.pyo$)" | xargs rm -rf '
-            + "&& rm -rf /root/.cache\n"
+            " \\\n    && "
+            + r"find /venvs \( -type f \( -iname \*.pyc -o -iname \*.pyo \) -o -type d -iname __pycache__ \) -delete"
+            + " \\\n    && "
+            + "rm -rf /root/.cache\n"
             + env_path_command
         )
     else:
 
@@ -1,24 +1,24 @@
 {
     "actionlint": "1.7.0",
-    "ansible-lint": "24.5.0",
+    "ansible-lint": "24.2.3",
     "arm-ttk": "0.0.0",
     "bandit": "1.7.8",
     "bash-exec": "5.2.21",
     "bicep_linter": "0.27.1",
     "black": "24.4.2",
     "cfn-lint": "0.87.3",
     "checkmake": "0.2.0",
-    "checkov": "3.2.95",
+    "checkov": "3.2.107",
     "checkstyle": "10.16.0",
     "chktex": "1.7.8",
     "clang-format": "17.0.5",
     "clippy": "0.1.78",
-    "clj-kondo": "2024.03.13",
+    "clj-kondo": "2024.05.24",
     "cljstyle": "0.15.0",
     "coffeelint": "5.2.11",
     "cpplint": "1.6.1",
     "csharpier": "0.28.2",
-    "cspell": "8.8.1",
+    "cspell": "8.8.3",
     "dartanalyzer": "0.0.0",
     "detekt": "1.23.5",
     "devskim": "1.0.33",
@@ -34,7 +34,7 @@
     "gherkin-lint": "0.0.0",
     "git_diff": "2.43.4",
     "gitleaks": "8.18.2",
-    "golangci-lint": "1.58.1",
+    "golangci-lint": "1.58.2",
     "goodcheck": "3.1.0",
     "graphql-schema-linter": "3.0.1",
     "grype": "0.77.4",
@@ -49,41 +49,41 @@
     "kubeconform": "0.6.6",
     "kubescape": "2.9.0",
     "kubeval": "0.16.1",
-    "lightning-flow-scanner": "2.25.0",
+    "lightning-flow-scanner": "2.26.0",
     "lintr": "0.0.0",
-    "luacheck": "1.1.2",
+    "luacheck": "1.2.0",
     "lychee": "0.15.1",
-    "markdown-link-check": "3.12.1",
+    "markdown-link-check": "3.12.2",
     "markdown-table-formatter": "1.6.0",
-    "markdownlint": "0.40.0",
+    "markdownlint": "0.41.0",
     "misspell": "0.3.4",
     "mypy": "1.10.0",
     "npm-groovy-lint": "14.6.0",
     "npm-package-json-lint": "7.1.0",
     "perlcritic": "1.152",
     "php": "7.4.26",
-    "phpcs": "3.9.2",
+    "phpcs": "3.10.1",
     "phplint": "9.3.1",
-    "phpstan": "1.11.1",
+    "phpstan": "1.11.2",
     "pmd": "7.1.0",
     "powershell": "7.4.2",
     "powershell_formatter": "7.4.2",
     "prettier": "3.2.5",
-    "proselint": "0.13.0",
+    "proselint": "0.14.0",
     "protolint": "0.49.7",
     "psalm": "Psalm.5.24.0@",
     "puppet-lint": "4.2.4",
-    "pylint": "3.2.1",
-    "pyright": "1.1.363",
+    "pylint": "3.2.2",
+    "pyright": "1.1.364",
     "raku": "2020.10",
     "remark-lint": "14.0.2",
     "revive": "1.3.7",
     "roslynator": "0.8.8.0",
     "rst-lint": "1.4.0",
     "rstcheck": "6.2.1",
     "rstfmt": "0.0.14",
-    "rubocop": "1.63.5",
-    "ruff": "0.4.4",
+    "rubocop": "1.64.0",
+    "ruff": "0.4.5",
     "scalafix": "0.12.1",
     "scss-lint": "0.60.0",
     "secretlint": "8.2.4",
@@ -98,18 +98,18 @@
     "snakemake": "8.11.6",
     "spectral": "6.11.1",
     "sql-lint": "1.0.0",
-    "sqlfluff": "3.0.6",
+    "sqlfluff": "3.0.7",
     "standard": "17.1.0",
-    "stylelint": "16.5.0",
+    "stylelint": "16.6.0",
     "swiftlint": "0.54.0",
     "syft": "1.4.1",
-    "tekton-lint": "1.0.2",
-    "terraform-fmt": "1.8.3",
-    "terragrunt": "0.58.5",
+    "tekton-lint": "1.1.0",
+    "terraform-fmt": "1.8.4",
+    "terragrunt": "0.58.9",
     "terrascan": "1.18.11",
     "tflint": "0.51.0",
-    "trivy": "0.51.1",
-    "trivy-sbom": "0.51.1",
+    "trivy": "0.51.4",
+    "trivy-sbom": "0.51.4",
     "trufflehog": "3.76.3",
     "ts-standard": "12.0.2",
     "tsqllint": "1.15.3.0",
 
@@ -461,4 +461,4 @@ valid-metaclass-classmethod-first-arg=mcs
 
 # Exceptions that will emit a warning when being caught. Defaults to
 # "Exception"
-overgeneral-exceptions=Exception
+overgeneral-exceptions=builtins.Exception
@@ -69,7 +69,8 @@ jobs:
           python-version-file: '.python-version' # Read python version from a file .python-version
           # Used to specify a package manager for caching in the default directory. Supported values: pip, pipenv, poetry.
           cache: pip # optional
-      - run: pip install -r .config/python/dev/requirements.txt
+      - run: python -m pip install uv
+      - run: uv pip install --system -r .config/python/dev/requirements.txt
       - name: Create comment starting build.sh
         uses: peter-evans/create-or-update-comment@v4
         with:
 
@@ -19,6 +19,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
   - `API_SPECTRAL` was added as replacement for `OPENAPI_SPECTRAL` (deprecated), supporting AsyncAPI and OpenAPI by default. Uses Spectral's standard config file name `.spectral.yaml` instead of `.openapirc.yml` with a default config with rulesets for AsyncAPI and OpenAPI enabled. Fixes [#3387](https://github.com/oxsecurity/megalinter/issues/3387)
   - Disable SQL_TSQLLINT until security issues are solved. Related to <https://github.com/tsqllint/tsqllint/issues/333>
   - PHP linters (PHP_PHPCS, PHP_PHPLINT, PHP_PHPSTAN) add support to SARIF report output format with help of <https://github.com/llaville/sarif-php-sdk>
+  - `KOTLIN_KTLINT` now supports `list_of_files` mode, and has better error counting
 
 - Reporters
   - New ApiReporter (can be used to build Grafana dashboards)
@@ -137,6 +138,42 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
   - [snakemake](https://snakemake.readthedocs.io/en/stable/) from 8.11.4 to **8.11.6** on 2024-05-18
   - [terragrunt](https://terragrunt.gruntwork.io) from 0.58.4 to **0.58.5** on 2024-05-18
   - [xmllint](https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home) from 21107 to **21108** on 2024-05-18
+  - [ansible-lint](https://ansible-lint.readthedocs.io/) from 24.5.0 to **24.2.3** on 2024-05-20
+  - [golangci-lint](https://golangci-lint.run/) from 1.58.1 to **1.58.2** on 2024-05-20
+  - [checkov](https://www.checkov.io/) from 3.2.95 to **3.2.97** on 2024-05-20
+  - [lightning-flow-scanner](https://github.com/Lightning-Flow-Scanner) from 2.25.0 to **2.24.0** on 2024-05-20
+  - [terragrunt](https://terragrunt.gruntwork.io) from 0.58.5 to **0.58.7** on 2024-05-20
+  - [phpcs](https://github.com/PHPCSStandards/PHP_CodeSniffer) from 3.9.2 to **3.10.0** on 2024-05-20
+  - [pylint](https://pylint.readthedocs.io) from 3.2.1 to **3.2.2** on 2024-05-20
+  - [checkov](https://www.checkov.io/) from 3.2.97 to **3.2.98** on 2024-05-20
+  - [trivy-sbom](https://aquasecurity.github.io/trivy/) from 0.51.1 to **0.51.2** on 2024-05-20
+  - [trivy](https://aquasecurity.github.io/trivy/) from 0.51.1 to **0.51.2** on 2024-05-20
+  - [checkov](https://www.checkov.io/) from 3.2.98 to **3.2.99** on 2024-05-21
+  - [checkov](https://www.checkov.io/) from 3.2.99 to **3.2.100** on 2024-05-21
+  - [clj-kondo](https://github.com/borkdude/clj-kondo) from 2024.03.13 to **2024.05.22** on 2024-05-22
+  - [markdown-link-check](https://github.com/tcort/markdown-link-check) from 3.12.1 to **3.12.2** on 2024-05-22
+  - [phpcs](https://github.com/PHPCSStandards/PHP_CodeSniffer) from 3.10.0 to **3.10.1** on 2024-05-22
+  - [pyright](https://github.com/Microsoft/pyright) from 1.1.363 to **1.1.364** on 2024-05-22
+  - [checkov](https://www.checkov.io/) from 3.2.100 to **3.2.105** on 2024-05-22
+  - [cspell](https://github.com/streetsidesoftware/cspell/tree/master/packages/cspell) from 8.8.1 to **8.8.2** on 2024-05-22
+  - [ruff](https://github.com/astral-sh/ruff) from 0.4.4 to **0.4.5** on 2024-05-24
+  - [checkov](https://www.checkov.io/) from 3.2.105 to **3.2.106** on 2024-05-24
+  - [rubocop](https://rubocop.org/) from 1.63.5 to **1.64.0** on 2024-05-24
+  - [lightning-flow-scanner](https://github.com/Lightning-Flow-Scanner) from 2.24.0 to **2.26.0** on 2024-05-24
+  - [cspell](https://github.com/streetsidesoftware/cspell/tree/master/packages/cspell) from 8.8.2 to **8.8.3** on 2024-05-24
+  - [proselint](https://github.com/amperser/proselint) from 0.13.0 to **0.14.0** on 2024-05-24
+  - [sqlfluff](https://www.sqlfluff.com/) from 3.0.6 to **3.0.7** on 2024-05-24
+  - [clj-kondo](https://github.com/borkdude/clj-kondo) from 2024.05.22 to **2024.05.24** on 2024-05-25
+  - [stylelint](https://stylelint.io) from 16.5.0 to **16.6.0** on 2024-05-25
+  - [luacheck](https://luacheck.readthedocs.io) from 1.1.2 to **1.2.0** on 2024-05-25
+  - [phpstan](https://phpstan.org/) from 1.11.1 to **1.11.2** on 2024-05-25
+  - [checkov](https://www.checkov.io/) from 3.2.106 to **3.2.107** on 2024-05-25
+  - [trivy-sbom](https://aquasecurity.github.io/trivy/) from 0.51.2 to **0.51.4** on 2024-05-25
+  - [trivy](https://aquasecurity.github.io/trivy/) from 0.51.2 to **0.51.4** on 2024-05-25
+  - [tekton-lint](https://github.com/IBM/tekton-lint) from 1.0.2 to **1.1.0** on 2024-05-25
+  - [terraform-fmt](https://developer.hashicorp.com/terraform/cli/commands/fmt) from 1.8.3 to **1.8.4** on 2024-05-25
+  - [terragrunt](https://terragrunt.gruntwork.io) from 0.58.7 to **0.58.9** on 2024-05-25
+  - [markdownlint](https://github.com/DavidAnson/markdownlint) from 0.40.0 to **0.41.0** on 2024-05-26
 <!-- linter-versions-end -->
 
 ## [v7.11.1] - 2024-04-23
 
@@ -200,7 +200,8 @@ RUN PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir --upgrade pip virtuale
     && mkdir -p "/venvs/proselint" && cd "/venvs/proselint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir proselint && deactivate && cd ./../.. \
     && mkdir -p "/venvs/sqlfluff" && cd "/venvs/sqlfluff" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir sqlfluff && deactivate && cd ./../.. \
     && mkdir -p "/venvs/yamllint" && cd "/venvs/yamllint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir yamllint && deactivate && cd ./../..  \
-    && find . | grep -E "(/__pycache__$|\.pyc$|\.pyo$)" | xargs rm -rf && rm -rf /root/.cache
+    && find /venvs \( -type f \( -iname \*.pyc -o -iname \*.pyo \) -o -type d -iname __pycache__ \) -delete \
+    && rm -rf /root/.cache
 ENV PATH="${PATH}":/venvs/ansible-lint/bin:/venvs/cpplint/bin:/venvs/cfn-lint/bin:/venvs/djlint/bin:/venvs/pylint/bin:/venvs/black/bin:/venvs/flake8/bin:/venvs/isort/bin:/venvs/bandit/bin:/venvs/mypy/bin:/venvs/pyright/bin:/venvs/ruff/bin:/venvs/checkov/bin:/venvs/semgrep/bin:/venvs/rst-lint/bin:/venvs/rstcheck/bin:/venvs/rstfmt/bin:/venvs/snakemake/bin:/venvs/snakefmt/bin:/venvs/proselint/bin:/venvs/sqlfluff/bin:/venvs/yamllint/bin
 #PIPVENV__END
 
@@ -267,16 +268,7 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
     && echo "Changing owner of node_modules files…" \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
     && echo "Removing extra node_module files…" \
-    && rm -rf /root/.npm/_cacache \
-    && find . -name "*.d.ts" -delete \
-    && find . -name "*.map" -delete \
-    && find . -name "*.npmignore" -delete \
-    && find . -name "*.travis.yml" -delete \
-    && find . -name "CHANGELOG.md" -delete \
-    && find . -name "README.md" -delete \
-    && find . -name ".package-lock.json" -delete \
-    && find . -name "package-lock.json" -delete \
-    && find . -name "README.md" -delete
+    && find . \( -not -path "/proc" \) -and \( -type f \( -iname "*.d.ts" -o -iname "*.map" -o -iname "*.npmignore" -o -iname "*.travis.yml" -o -iname "CHANGELOG.md" -o -iname "README.md" -o -iname ".package-lock.json" -o -iname "package-lock.json" \) -o -type d -name /root/.npm/_cacache \) -delete 
 WORKDIR /
 
 #NPM__END
@@ -344,7 +336,7 @@ COPY --link --from=terragrunt /bin/terraform /usr/bin/
 #OTHER__START
 RUN rc-update add docker boot && rc-service docker start || true \
 # ARM installation
-    && curl -L https://github.com/PowerShell/PowerShell/releases/download/v7.4.1/powershell-7.4.1-linux-musl-x64.tar.gz -o /tmp/powershell.tar.gz \
+    && curl -L https://github.com/PowerShell/PowerShell/releases/download/v7.4.2/powershell-7.4.2-linux-musl-x64.tar.gz -o /tmp/powershell.tar.gz \
     && mkdir -p /opt/microsoft/powershell/7 \
     && tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7 \
     && chmod +x /opt/microsoft/powershell/7/pwsh \
@@ -471,18 +463,19 @@ RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GI
 ENV PATH="/root/.composer/vendor/bin:${PATH}"
 
 # POWERSHELL installation
-RUN curl -L https://github.com/PowerShell/PowerShell/releases/download/v7.4.2/powershell-7.4.2-linux-musl-x64.tar.gz -o /tmp/powershell.tar.gz \
-    && mkdir -p /opt/microsoft/powershell/7 \
-    && tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7 \
-    && chmod +x /opt/microsoft/powershell/7/pwsh \
-    && ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh \
+# Next line commented because already managed by another linter
+# RUN curl -L https://github.com/PowerShell/PowerShell/releases/download/v7.4.2/powershell-7.4.2-linux-musl-x64.tar.gz -o /tmp/powershell.tar.gz \
+#     && mkdir -p /opt/microsoft/powershell/7 \
+#     && tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7 \
+#     && chmod +x /opt/microsoft/powershell/7/pwsh \
+#     && ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh
 
 # SALESFORCE installation
 # Next line commented because already managed by another linter
 # ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
 # Next line commented because already managed by another linter
 # ENV PATH="$JAVA_HOME/bin:${PATH}"
-    && sf plugins install @salesforce/plugin-packaging \
+RUN sf plugins install @salesforce/plugin-packaging \
     && echo y|sf plugins install sfdx-hardis \
     && npm cache clean --force || true \
     && rm -rf /root/.npm/_cacache \
@@ -727,7 +720,7 @@ RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh |
 #     && rm -rf /root/.npm/_cacache
 
 # lightning-flow-scanner installation
-    && echo y|sf plugins install lightning-flow-scanner@2.24.0 \
+    && echo y|sf plugins install lightning-flow-scanner \
     && npm cache clean --force || true \
     && rm -rf /root/.npm/_cacache \
 
@@ -761,7 +754,7 @@ COPY megalinter /megalinter
 RUN PYTHONDONTWRITEBYTECODE=1 python /megalinter/setup.py install \
     && PYTHONDONTWRITEBYTECODE=1 python /megalinter/setup.py clean --all \
     && rm -rf /var/cache/apk/* \
-    && find . | grep -E "(/__pycache__$|\.pyc$|\.pyo$)" | xargs rm -rf
+    && find . \( -type f \( -iname \*.pyc -o -iname \*.pyo \) -o -type d -iname __pycache__ \) -delete
 
 #######################################
 # Copy scripts and rules to container #