Merge branch 'main' into alpha

.automation/generated/linter-versions.json

@@ -6,10 +6,10 @@
     "bash-exec": "5.2.26",
     "bicep_linter": "0.30.23",
     "black": "24.10.0",
-    "cfn-lint": "1.17.2",
+    "cfn-lint": "1.18.3",
     "checkmake": "0.2.0",
-    "checkov": "3.2.268",
-    "checkstyle": "10.18.2",
+    "checkov": "3.2.277",
+    "checkstyle": "10.20.0",
     "chktex": "1.7.8",
     "clang-format": "17.0.6",
     "clippy": "0.1.82",
@@ -18,11 +18,11 @@
     "coffeelint": "5.2.11",
     "cpplint": "2.0.0",
     "csharpier": "0.29.2",
-    "cspell": "8.15.4",
+    "cspell": "8.15.7",
     "dartanalyzer": "0.0.0",
     "detekt": "1.23.7",
     "devskim": "1.0.33",
-    "djlint": "1.35.2",
+    "djlint": "1.35.4",
     "dockerfilelint": "1.8.0",
     "dotenv-linter": "3.3.0",
     "dotnet-format": "8.0.110",
@@ -33,7 +33,7 @@
     "flake8": "7.1.1",
     "gherkin-lint": "0.0.0",
     "git_diff": "2.45.2",
-    "gitleaks": "8.21.1",
+    "gitleaks": "8.21.2",
     "golangci-lint": "1.61.0",
     "goodcheck": "3.1.0",
     "graphql-schema-linter": "3.0.1",
@@ -45,7 +45,7 @@
     "jscpd": "4.0.5",
     "jsonlint": "16.0.0",
     "kics": "2.1.3",
-    "ktlint": "1.3.1",
+    "ktlint": "1.4.0",
     "kubeconform": "0.6.7",
     "kubescape": "2.9.0",
     "kubeval": "0.16.1",
@@ -58,16 +58,16 @@
     "markdown-table-formatter": "1.6.1",
     "markdownlint": "0.42.0",
     "misspell": "0.3.4",
-    "mypy": "1.12.1",
+    "mypy": "1.13.0",
     "npm-groovy-lint": "15.0.2",
     "npm-package-json-lint": "8.0.0",
-    "perlcritic": "1.152",
+    "perlcritic": "1.156",
     "php": "7.4.26",
     "php-cs-fixer": "3.64.0",
     "phpcs": "3.10.3",
-    "phplint": "9.5.3",
+    "phplint": "9.5.4",
     "phpstan": "1.12.7",
-    "pmd": "7.6.0",
+    "pmd": "7.7.0",
     "powershell": "7.4.2",
     "powershell_formatter": "7.4.2",
     "prettier": "3.3.3",
@@ -76,16 +76,16 @@
     "psalm": "Psalm.5.26.1@",
     "puppet-lint": "4.2.4",
     "pylint": "3.3.1",
-    "pyright": "1.1.385",
+    "pyright": "1.1.387",
     "raku": "2020.10",
     "remark-lint": "14.0.2",
     "revive": "1.4.0",
-    "roslynator": "0.9.2.0",
+    "roslynator": "0.9.3.0",
     "rst-lint": "1.4.0",
     "rstcheck": "6.2.4",
     "rstfmt": "0.0.14",
-    "rubocop": "1.67.0",
-    "ruff": "0.7.0",
+    "rubocop": "1.68.0",
+    "ruff": "0.7.2",
     "scalafix": "0.13.0",
     "scss-lint": "0.60.0",
     "secretlint": "9.0.0",
@@ -98,27 +98,27 @@
     "shellcheck": "0.10.0",
     "shfmt": "3.10.0",
     "snakefmt": "0.10.2",
-    "snakemake": "8.23.2",
+    "snakemake": "8.25.1",
     "spectral": "6.13.1",
     "sql-lint": "1.0.0",
-    "sqlfluff": "3.2.4",
+    "sqlfluff": "3.2.5",
     "standard": "17.1.2",
     "stylelint": "16.10.0",
     "stylua": "0.20.0",
     "swiftlint": "0.57.0",
-    "syft": "1.14.1",
+    "syft": "1.15.0",
     "tekton-lint": "1.1.0",
-    "terraform-fmt": "1.9.5",
-    "terragrunt": "0.67.5",
+    "terraform-fmt": "1.9.8",
+    "terragrunt": "0.68.7",
     "terrascan": "1.19.9",
     "tflint": "0.53.0",
-    "trivy": "0.56.2",
-    "trivy-sbom": "0.56.2",
-    "trufflehog": "3.82.11",
+    "trivy": "0.57.0",
+    "trivy-sbom": "0.57.0",
+    "trufflehog": "3.83.2",
     "ts-standard": "12.0.2",
     "tsqllint": "1.15.3.0",
-    "v8r": "4.1.0",
-    "vale": "3.7.1",
+    "v8r": "4.2.0",
+    "vale": "3.8.0",
     "xmllint": "21207",
     "yamllint": "1.35.1"
 }

.automation/test/csharp_roslynator/fix/csharp_fix_project.csproj

@@ -8,11 +8,11 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Roslynator.Analyzers" Version="4.12.8">
+    <PackageReference Include="Roslynator.Analyzers" Version="4.12.9">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="Roslynator.Formatting.Analyzers" Version="4.12.8">
+    <PackageReference Include="Roslynator.Formatting.Analyzers" Version="4.12.9">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>

.github/workflows/deploy-ALPHA.yml

@@ -62,7 +62,7 @@ jobs:
       ########################################################
       # Publish updated version of mega-linter-runner on NPM #
       ########################################################
-      - uses: actions/setup-node@v4.0.4
+      - uses: actions/setup-node@v4.1.0
         with:
           node-version: "20.x"
           registry-url: "https://registry.npmjs.org"

.github/workflows/deploy-BETA.yml

@@ -60,7 +60,7 @@ jobs:
       ########################################################
       # Publish updated version of mega-linter-runner on NPM #
       ########################################################
-      - uses: actions/setup-node@v4.0.4
+      - uses: actions/setup-node@v4.1.0
         with:
           node-version: "20.x"
           registry-url: "https://registry.npmjs.org"

.github/workflows/deploy-DEV.yml

@@ -221,7 +221,7 @@ jobs:
       # Test mega-linter-runner with newly created image
       - name: Setup Node
         if: ${{ steps.docker_build.outcome }} == 'success' && !contains(github.event.head_commit.message, 'quick build')
-        uses: actions/setup-node@v4.0.4
+        uses: actions/setup-node@v4.1.0
         with:
           node-version: "20.x"
       - name: Install NPM dependencies

.github/workflows/deploy-RELEASE.yml

@@ -55,7 +55,7 @@ jobs:
       ########################################################
       # Publish updated version of mega-linter-runner on NPM #
       ########################################################
-      - uses: actions/setup-node@v4.0.4
+      - uses: actions/setup-node@v4.1.0
         with:
           node-version: "20.x"
           registry-url: "https://registry.npmjs.org"

.github/workflows/test-mega-linter-runner.yml

@@ -35,7 +35,7 @@ jobs:
       - name: Checkout Code
         uses: actions/checkout@v4
       - name: Setup Node
-        uses: actions/setup-node@v4.0.4
+        uses: actions/setup-node@v4.1.0
         with:
           node-version: "20.x"
       - name: Install dependencies

.github/workflows/versioning.yml

@@ -30,8 +30,7 @@ jobs:
     runs-on: windows-latest
     environment:
       name: release
-    permissions:
-      contents: write
+    permissions: write-all
     steps:
       #############################
       # Check out the latest code #
@@ -44,5 +43,4 @@ jobs:
       - uses: Actions-R-Us/[email protected]
         with:
           publish_latest_tag: true
-        env:
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+

CHANGELOG.md

@@ -18,9 +18,12 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
 
 - Fixes
   - Trivy: handle retry if `failed to download Java DB` is detected
+  - Salesforce linters: Add SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins
+  - Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered
 
 - Reporters
   - Fix AzureCommentReporter not adding comments to PR on 2024-10-15
+  - Fix AzureCommentReporter fails when target repo contains spaces on 2024-10-23
 
 - Doc
   - Updated documentation with Azure central pipeline use case on 2024-10-16
@@ -65,6 +68,43 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
   - [mypy](https://mypy.readthedocs.io/en/stable/) from 1.12.0 to **1.12.1** on 2024-10-20
   - [shfmt](https://github.com/mvdan/sh) from 3.9.0 to **3.10.0** on 2024-10-20
   - [checkov](https://www.checkov.io/) from 3.2.267 to **3.2.268** on 2024-10-20
+  - [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) from 1.17.2 to **1.18.1** on 2024-10-23
+  - [perlcritic](https://metacpan.org/pod/Perl::Critic) from 1.152 to **1.156** on 2024-10-23
+  - [mypy](https://mypy.readthedocs.io/en/stable/) from 1.12.1 to **1.13.0** on 2024-10-23
+  - [pyright](https://github.com/Microsoft/pyright) from 1.1.385 to **1.1.386** on 2024-10-23
+  - [checkov](https://www.checkov.io/) from 3.2.268 to **3.2.269** on 2024-10-23
+  - [syft](https://github.com/anchore/syft) from 1.14.1 to **1.14.2** on 2024-10-23
+  - [trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.82.11 to **3.82.12** on 2024-10-23
+  - [snakemake](https://snakemake.readthedocs.io/en/stable/) from 8.23.2 to **8.24.1** on 2024-10-23
+  - [v8r](https://github.com/chris48s/v8r) from 4.1.0 to **4.2.0** on 2024-10-24
+  - [ktlint](https://ktlint.github.io) from 1.3.1 to **1.4.0** on 2024-10-24
+  - [ruff](https://github.com/astral-sh/ruff) from 0.7.0 to **0.7.1** on 2024-10-24
+  - [roslynator](https://github.com/dotnet/Roslynator) from 0.9.2.0 to **0.9.3.0** on 2024-10-27
+  - [checkstyle](https://checkstyle.org/) from 10.18.2 to **10.19.0** on 2024-10-27
+  - [trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.82.12 to **3.82.13** on 2024-10-27
+  - [sqlfluff](https://www.sqlfluff.com/) from 3.2.4 to **3.2.5** on 2024-10-27
+  - [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) from 1.18.1 to **1.18.2** on 2024-10-29
+  - [pmd](https://pmd.github.io/) from 7.6.0 to **7.7.0** on 2024-10-29
+  - [checkov](https://www.checkov.io/) from 3.2.269 to **3.2.270** on 2024-10-29
+  - [gitleaks](https://github.com/gitleaks/gitleaks) from 8.21.1 to **8.21.2** on 2024-10-29
+  - [syft](https://github.com/anchore/syft) from 1.14.2 to **1.15.0** on 2024-10-29
+  - [vale](https://vale.sh/) from 3.7.1 to **3.8.0** on 2024-10-29
+  - [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) from 1.18.2 to **1.18.3** on 2024-11-03
+  - [djlint](https://djlint.com/) from 1.35.2 to **1.35.4** on 2024-11-03
+  - [checkstyle](https://checkstyle.org/) from 10.19.0 to **10.20.0** on 2024-11-03
+  - [phplint](https://github.com/overtrue/phplint) from 9.5.3 to **9.5.4** on 2024-11-03
+  - [pyright](https://github.com/Microsoft/pyright) from 1.1.386 to **1.1.387** on 2024-11-03
+  - [ruff](https://github.com/astral-sh/ruff) from 0.7.1 to **0.7.2** on 2024-11-03
+  - [checkov](https://www.checkov.io/) from 3.2.270 to **3.2.276** on 2024-11-03
+  - [trivy-sbom](https://aquasecurity.github.io/trivy/) from 0.56.2 to **0.57.0** on 2024-11-03
+  - [trivy](https://aquasecurity.github.io/trivy/) from 0.56.2 to **0.57.0** on 2024-11-03
+  - [trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.82.13 to **3.83.2** on 2024-11-03
+  - [rubocop](https://rubocop.org/) from 1.67.0 to **1.68.0** on 2024-11-03
+  - [snakemake](https://snakemake.readthedocs.io/en/stable/) from 8.24.1 to **8.25.1** on 2024-11-03
+  - [cspell](https://github.com/streetsidesoftware/cspell/tree/master/packages/cspell) from 8.15.4 to **8.15.7** on 2024-11-03
+  - [terraform-fmt](https://developer.hashicorp.com/terraform/cli/commands/fmt) from 1.9.5 to **1.9.8** on 2024-11-03
+  - [terragrunt](https://terragrunt.gruntwork.io) from 0.67.5 to **0.68.7** on 2024-11-03
+  - [checkov](https://www.checkov.io/) from 3.2.276 to **3.2.277** on 2024-11-03
 <!-- linter-versions-end -->
 
 ## [v8.1.0] - 2024-10-13

Dockerfile

@@ -24,19 +24,19 @@ ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.7-alpine
 # renovate: datasource=docker depName=yoheimuta/protolint
 ARG PROTOBUF_PROTOLINT_VERSION=0.50.5
 # renovate: datasource=docker depName=zricethezav/gitleaks
-ARG REPOSITORY_GITLEAKS_VERSION=v8.21.1
+ARG REPOSITORY_GITLEAKS_VERSION=v8.21.2
 # renovate: datasource=docker depName=checkmarx/kics
 ARG REPOSITORY_KICS_VERSION=v2.1.3-alpine
 # renovate: datasource=docker depName=trufflesecurity/trufflehog 
-ARG REPOSITORY_TRUFFLEHOG_VERSION=3.82.12
+ARG REPOSITORY_TRUFFLEHOG_VERSION=3.83.2
 # renovate: datasource=docker depName=jdkato/vale
-ARG SPELL_VALE_VERSION=v3.7.1
+ARG SPELL_VALE_VERSION=v3.8.0
 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint
 ARG TERRAFORM_TFLINT_VERSION=0.53.0
 # renovate: datasource=docker depName=tenable/terrascan
 ARG TERRAFORM_TERRASCAN_VERSION=1.19.9
 # renovate: datasource=docker depName=alpine/terragrunt
-ARG TERRAFORM_TERRAGRUNT_VERSION=1.9.5
+ARG TERRAFORM_TERRAGRUNT_VERSION=1.9.8
 #ARGTOP__END
 
 #############################################################################################
@@ -78,7 +78,7 @@ FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} AS terragrunt
 ##################
 # Build wheel for megalinter python package
 ##################
-FROM ghcr.io/astral-sh/uv:0.4.23 AS uv
+FROM ghcr.io/astral-sh/uv:0.4.28 AS uv
 FROM python:3.12.7-alpine3.20 AS build-ml-core
 WORKDIR /
 COPY pyproject.toml .
@@ -99,11 +99,11 @@ FROM python:3.12.7-alpine3.20
 #############################################################################################
 #ARG__START
 # renovate: datasource=npm depName=@salesforce/cli
-ARG SALESFORCE_CLI_VERSION=2.62.6
+ARG SALESFORCE_CLI_VERSION=2.63.9
 # renovate: datasource=npm depName=@salesforce/plugin-packaging
 ARG SALESFORCE_PLUGIN_PACKAGING_VERSION=2.8.12
 # renovate: datasource=npm depName=sfdx-hardis
-ARG SFDX_HARDIS_VERSION=5.2.4
+ARG SFDX_HARDIS_VERSION=5.4.0
 ARG ARM_TTK_NAME='master.zip'
 ARG ARM_TTK_URI='https://github.com/Azure/arm-ttk/archive/master.zip'
 ARG ARM_TTK_DIRECTORY='/opt/microsoft'
@@ -112,7 +112,7 @@ ARG BICEP_URI='https://github.com/Azure/bicep/releases/latest/download/bicep-lin
 ARG BICEP_DIR='/usr/local/bin'
 ARG DART_VERSION='2.8.4'
 # renovate: datasource=github-tags depName=pmd/pmd extractVersion=^pmd_releases/(?<version>.*)$
-ARG PMD_VERSION=7.6.0
+ARG PMD_VERSION=7.7.0
 
 # renovate: datasource=github-tags depName=detekt/detekt
 ARG DETEKT_VERSION=1.23.7
@@ -542,7 +542,7 @@ RUN sf plugins install @salesforce/plugin-packaging@${SALESFORCE_PLUGIN_PACKAGIN
     && echo y|sf plugins install sfdx-hardis@${SFDX_HARDIS_VERSION} \
     && npm cache clean --force || true \
     && rm -rf /root/.npm/_cacache
-ENV SF_AUTOUPDATE_DISABLE=true
+ENV SF_AUTOUPDATE_DISABLE=true SF_CLI_DISABLE_AUTOUPDATE=true
 #
 # SCALA installation
 # Next line commented because already managed by another linter

Dockerfile-quick

@@ -14,7 +14,7 @@ FROM $MEGALINTER_BASE_IMAGE as base
 ##################
 # Build wheel for megalinter python package
 ##################
-FROM ghcr.io/astral-sh/uv:0.4.23 AS uv
+FROM ghcr.io/astral-sh/uv:0.4.28 AS uv
 FROM python:3.12.7-alpine3.20 AS build-ml-core
 WORKDIR /
 COPY pyproject.toml .

README.md

@@ -23,7 +23,7 @@
 [![MegaLinter](https://github.com/oxsecurity/megalinter/workflows/MegaLinter/badge.svg?branch=main)](https://github.com/oxsecurity/megalinter/actions?query=workflow%3AMegaLinter+branch%3Amain)
 [![codecov](https://codecov.io/gh/oxsecurity/megalinter/branch/main/graph/badge.svg)](https://codecov.io/gh/oxsecurity/megalinter)
 <!-- gh-dependents-info-used-by-start -->
-[![Generated by github-dependents-info](https://img.shields.io/static/v1?label=Used%20by&message=2719&color=informational&logo=slickpic)](https://github.com/oxsecurity/megalinter/blob/main/./docs/used-by-stats.md)<!-- gh-dependents-info-used-by-end -->
+[![Generated by github-dependents-info](https://img.shields.io/static/v1?label=Used%20by&message=2741&color=informational&logo=slickpic)](https://github.com/oxsecurity/megalinter/blob/main/./docs/used-by-stats.md)<!-- gh-dependents-info-used-by-end -->
 [![Secured with Trivy](https://img.shields.io/badge/Trivy-secured-green?logo=docker)](https://github.com/aquasecurity/trivy)
 [![GitHub contributors](https://img.shields.io/github/contributors/oxsecurity/megalinter.svg)](https://github.com/oxsecurity/megalinter/graphs/contributors/)
 [![GitHub Sponsors](https://img.shields.io/github/sponsors/nvuillam)](https://github.com/sponsors/nvuillam)
@@ -630,7 +630,7 @@ pool:
   vmImage: ubuntu-latest
 
 variables:
-  repoName: $[ split(variables['System.PullRequest.SourceRepositoryURI'], '/')[6] ]
+  repoName: $[ replace(split(variables['System.PullRequest.SourceRepositoryURI'], '/')[6], '%20', ' ') ]
 
 steps:
   # Checkout triggering repo