Merge remote-tracking branch 'origin/main' into alpha

Author: nvuillam

.automation/generated/linter-helps.json

@@ -1,14 +1,14 @@
 {
     "actionlint": "1.7.0",
-    "ansible-lint": "24.2.3",
+    "ansible-lint": "24.5.0",
     "arm-ttk": "0.0.0",
     "bandit": "1.7.8",
     "bash-exec": "5.2.21",
     "bicep_linter": "0.27.1",
     "black": "24.4.2",
-    "cfn-lint": "0.87.2",
+    "cfn-lint": "0.87.3",
     "checkmake": "0.2.0",
-    "checkov": "3.2.90",
+    "checkov": "3.2.95",
     "checkstyle": "10.16.0",
     "chktex": "1.7.8",
     "clang-format": "17.0.5",
@@ -25,14 +25,14 @@
     "djlint": "1.34.1",
     "dockerfilelint": "1.8.0",
     "dotenv-linter": "3.3.0",
-    "dotnet-format": "8.0.104",
+    "dotnet-format": "8.0.105",
     "dustilock": "1.2.0",
     "editorconfig-checker": "3.0.1",
     "eslint": "8.57.0",
     "eslint-plugin-jsonc": "2.15.1",
     "flake8": "7.0.0",
     "gherkin-lint": "0.0.0",
-    "git_diff": "2.43.0",
+    "git_diff": "2.43.4",
     "gitleaks": "8.18.2",
     "golangci-lint": "1.58.1",
     "goodcheck": "3.1.0",
@@ -49,10 +49,10 @@
     "kubeconform": "0.6.6",
     "kubescape": "2.9.0",
     "kubeval": "0.16.1",
-    "lightning-flow-scanner": "2.24.0",
+    "lightning-flow-scanner": "2.25.0",
     "lintr": "0.0.0",
     "luacheck": "1.1.2",
-    "lychee": "0.15.0",
+    "lychee": "0.15.1",
     "markdown-link-check": "3.12.1",
     "markdown-table-formatter": "1.6.0",
     "markdownlint": "0.40.0",
@@ -63,8 +63,8 @@
     "perlcritic": "1.152",
     "php": "7.4.26",
     "phpcs": "3.9.2",
-    "phplint": "9.2.0",
-    "phpstan": "1.10.67",
+    "phplint": "9.3.1",
+    "phpstan": "1.11.1",
     "pmd": "7.1.0",
     "powershell": "7.4.2",
     "powershell_formatter": "7.4.2",
@@ -73,8 +73,8 @@
     "protolint": "0.49.7",
     "psalm": "Psalm.5.24.0@",
     "puppet-lint": "4.2.4",
-    "pylint": "3.1.0",
-    "pyright": "1.1.362",
+    "pylint": "3.2.1",
+    "pyright": "1.1.363",
     "raku": "2020.10",
     "remark-lint": "14.0.2",
     "revive": "1.3.7",
@@ -95,7 +95,7 @@
     "shellcheck": "0.10.0",
     "shfmt": "3.8.0",
     "snakefmt": "0.10.2",
-    "snakemake": "8.11.4",
+    "snakemake": "8.11.6",
     "spectral": "6.11.1",
     "sql-lint": "1.0.0",
     "sqlfluff": "3.0.6",
@@ -105,16 +105,16 @@
     "syft": "1.4.1",
     "tekton-lint": "1.0.2",
     "terraform-fmt": "1.8.3",
-    "terragrunt": "0.58.3",
+    "terragrunt": "0.58.5",
     "terrascan": "1.18.11",
     "tflint": "0.51.0",
     "trivy": "0.51.1",
     "trivy-sbom": "0.51.1",
-    "trufflehog": "3.75.1",
+    "trufflehog": "3.76.3",
     "ts-standard": "12.0.2",
     "tsqllint": "1.15.3.0",
     "v8r": "3.0.0",
     "vale": "3.4.2",
-    "xmllint": "21107",
+    "xmllint": "21108",
     "yamllint": "1.35.1"
 }

.automation/generated/linter-versions.json

@@ -240,6 +240,7 @@
         "Cres",
         "Csrf",
         "C\u00e9dric",
+        "codesniffer",
         "DARTANALYZER",
         "DEVSKIM",
         "DIRC",

.cspell.json

@@ -18,6 +18,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
 - Linters
   - `API_SPECTRAL` was added as replacement for `OPENAPI_SPECTRAL` (deprecated), supporting AsyncAPI and OpenAPI by default. Uses Spectral's standard config file name `.spectral.yaml` instead of `.openapirc.yml` with a default config with rulesets for AsyncAPI and OpenAPI enabled. Fixes [#3387](https://github.com/oxsecurity/megalinter/issues/3387)
   - Disable SQL_TSQLLINT until security issues are solved. Related to <https://github.com/tsqllint/tsqllint/issues/333>
+  - PHP linters (PHP_PHPCS, PHP_PHPLINT, PHP_PHPSTAN) add support to SARIF report output format with help of <https://github.com/llaville/sarif-php-sdk>
 
 - Reporters
   - New ApiReporter (can be used to build Grafana dashboards)
@@ -101,24 +102,41 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
   - [sqlfluff](https://www.sqlfluff.com/) from 3.0.5 to **3.0.6** on 2024-05-06
   - [bicep_linter](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/linter) from 0.26.170 to **0.27.1** on 2024-05-07
   - [checkov](https://www.checkov.io/) from 3.2.82 to **3.2.84** on 2024-05-07
-  - [actionlint](https://rhysd.github.io/actionlint/) from 1.6.27 to **1.7.0** on 2024-05-11
-  - [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) from 0.87.1 to **0.87.2** on 2024-05-11
-  - [roslynator](https://github.com/dotnet/Roslynator) from 0.8.7.0 to **0.8.8.0** on 2024-05-11
-  - [golangci-lint](https://golangci-lint.run/) from 1.58.0 to **1.58.1** on 2024-05-11
-  - [npm-groovy-lint](https://nvuillam.github.io/npm-groovy-lint/) from 14.5.0 to **14.6.0** on 2024-05-11
-  - [kubeconform](https://github.com/yannh/kubeconform) from 0.6.4 to **0.6.6** on 2024-05-11
-  - [pyright](https://github.com/Microsoft/pyright) from 1.1.361 to **1.1.362** on 2024-05-11
-  - [ruff](https://github.com/astral-sh/ruff) from 0.4.3 to **0.4.4** on 2024-05-11
-  - [checkov](https://www.checkov.io/) from 3.2.84 to **3.2.90** on 2024-05-11
-  - [grype](https://github.com/anchore/grype) from 0.77.3 to **0.77.4** on 2024-05-11
-  - [syft](https://github.com/anchore/syft) from 1.3.0 to **1.4.1** on 2024-05-11
-  - [rubocop](https://rubocop.org/) from 1.63.4 to **1.63.5** on 2024-05-11
-  - [lightning-flow-scanner](https://github.com/Lightning-Flow-Scanner) from 2.23.0 to **2.24.0** on 2024-05-11
-  - [snakemake](https://snakemake.readthedocs.io/en/stable/) from 8.11.3 to **8.11.4** on 2024-05-11
-  - [snakefmt](https://github.com/snakemake/snakefmt) from 0.10.1 to **0.10.2** on 2024-05-11
-  - [cspell](https://github.com/streetsidesoftware/cspell/tree/master/packages/cspell) from 8.8.0 to **8.8.1** on 2024-05-11
-  - [terraform-fmt](https://developer.hashicorp.com/terraform/cli/commands/fmt) from 1.8.2 to **1.8.3** on 2024-05-11
-  - [terragrunt](https://terragrunt.gruntwork.io) from 0.58.2 to **0.58.3** on 2024-05-11
+  - [actionlint](https://rhysd.github.io/actionlint/) from 1.6.27 to **1.7.0** on 2024-05-12
+  - [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) from 0.87.1 to **0.87.2** on 2024-05-12
+  - [roslynator](https://github.com/dotnet/Roslynator) from 0.8.7.0 to **0.8.8.0** on 2024-05-12
+  - [golangci-lint](https://golangci-lint.run/) from 1.58.0 to **1.58.1** on 2024-05-12
+  - [npm-groovy-lint](https://nvuillam.github.io/npm-groovy-lint/) from 14.5.0 to **14.6.0** on 2024-05-12
+  - [kubeconform](https://github.com/yannh/kubeconform) from 0.6.4 to **0.6.6** on 2024-05-12
+  - [pyright](https://github.com/Microsoft/pyright) from 1.1.361 to **1.1.362** on 2024-05-12
+  - [ruff](https://github.com/astral-sh/ruff) from 0.4.3 to **0.4.4** on 2024-05-12
+  - [checkov](https://www.checkov.io/) from 3.2.84 to **3.2.91** on 2024-05-12
+  - [grype](https://github.com/anchore/grype) from 0.77.3 to **0.77.4** on 2024-05-12
+  - [syft](https://github.com/anchore/syft) from 1.3.0 to **1.4.1** on 2024-05-12
+  - [rubocop](https://rubocop.org/) from 1.63.4 to **1.63.5** on 2024-05-12
+  - [lightning-flow-scanner](https://github.com/Lightning-Flow-Scanner) from 2.23.0 to **2.24.0** on 2024-05-12
+  - [snakemake](https://snakemake.readthedocs.io/en/stable/) from 8.11.3 to **8.11.4** on 2024-05-12
+  - [snakefmt](https://github.com/snakemake/snakefmt) from 0.10.1 to **0.10.2** on 2024-05-12
+  - [cspell](https://github.com/streetsidesoftware/cspell/tree/master/packages/cspell) from 8.8.0 to **8.8.1** on 2024-05-12
+  - [terraform-fmt](https://developer.hashicorp.com/terraform/cli/commands/fmt) from 1.8.2 to **1.8.3** on 2024-05-12
+  - [terragrunt](https://terragrunt.gruntwork.io) from 0.58.2 to **0.58.4** on 2024-05-12
+  - [phpstan](https://phpstan.org/) from 1.10.67 to **1.11.0** on 2024-05-13
+  - [pylint](https://pylint.readthedocs.io) from 3.1.0 to **3.1.1** on 2024-05-13
+  - [lychee](https://lychee.cli.rs) from 0.15.0 to **0.15.1** on 2024-05-13
+  - [ansible-lint](https://ansible-lint.readthedocs.io/) from 24.2.3 to **24.5.0** on 2024-05-18
+  - [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) from 0.87.2 to **0.87.3** on 2024-05-18
+  - [dotnet-format](https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-format) from 8.0.104 to **8.0.105** on 2024-05-18
+  - [phplint](https://github.com/overtrue/phplint) from 9.2.0 to **9.3.1** on 2024-05-18
+  - [phpstan](https://phpstan.org/) from 1.11.0 to **1.11.1** on 2024-05-18
+  - [pylint](https://pylint.readthedocs.io) from 3.1.1 to **3.2.1** on 2024-05-18
+  - [pyright](https://github.com/Microsoft/pyright) from 1.1.362 to **1.1.363** on 2024-05-18
+  - [checkov](https://www.checkov.io/) from 3.2.91 to **3.2.95** on 2024-05-18
+  - [git_diff](https://git-scm.com) from 2.43.0 to **2.43.4** on 2024-05-18
+  - [trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.75.1 to **3.76.3** on 2024-05-18
+  - [lightning-flow-scanner](https://github.com/Lightning-Flow-Scanner) from 2.24.0 to **2.25.0** on 2024-05-18
+  - [snakemake](https://snakemake.readthedocs.io/en/stable/) from 8.11.4 to **8.11.6** on 2024-05-18
+  - [terragrunt](https://terragrunt.gruntwork.io) from 0.58.4 to **0.58.5** on 2024-05-18
+  - [xmllint](https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home) from 21107 to **21108** on 2024-05-18
 <!-- linter-versions-end -->
 
 ## [v7.11.1] - 2024-04-23

CHANGELOG.md

@@ -35,7 +35,6 @@ RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest
 
 FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform
 FROM ghcr.io/assignuser/chktex-alpine:latest as chktex
-FROM ghcr.io/phpstan/phpstan:latest-php8.3 as phpstan
 FROM yoheimuta/protolint:latest as protolint
 FROM golang:alpine as dustilock
 RUN GOBIN=/usr/bin go install github.com/checkmarx/[email protected]
@@ -112,6 +111,7 @@ RUN apk add --no-cache \
                 php83-curl \
                 php83-dom \
                 php83-opcache \
+                php83-openssl \
                 php83-common \
                 php83-simplexml \
                 dpkg \
@@ -178,7 +178,7 @@ ENV PATH="/root/.cargo/bin:${PATH}"
 
 #PIPVENV__START
 RUN PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir --upgrade pip virtualenv \
-    && mkdir -p "/venvs/ansible-lint" && cd "/venvs/ansible-lint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir ansible-lint && deactivate && cd ./../.. \
+    && mkdir -p "/venvs/ansible-lint" && cd "/venvs/ansible-lint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir ansible-lint=='24.2.3' && deactivate && cd ./../.. \
     && mkdir -p "/venvs/cpplint" && cd "/venvs/cpplint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir cpplint && deactivate && cd ./../.. \
     && mkdir -p "/venvs/cfn-lint" && cd "/venvs/cfn-lint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir cfn-lint && deactivate && cd ./../.. \
     && mkdir -p "/venvs/djlint" && cd "/venvs/djlint" && virtualenv . && source bin/activate && PYTHONDONTWRITEBYTECODE=1 pip3 install --no-cache-dir djlint && deactivate && cd ./../.. \
@@ -311,6 +311,7 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \
 #############################################################################################
 
 #COPY__START
+COPY --from=composer/composer:2-bin /composer /usr/bin/composer
 COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint
 # shellcheck is a dependency for actionlint
 
@@ -323,7 +324,6 @@ COPY --link --from=editorconfig-checker /usr/bin/ec /usr/bin/editorconfig-checke
 COPY --link --from=revive /usr/bin/revive /usr/bin/revive
 COPY --link --from=kubeconform /kubeconform /usr/bin/
 COPY --link --from=chktex /usr/bin/chktex /usr/bin/
-COPY --link --from=phpstan /composer/vendor/phpstan/phpstan/phpstan.phar /usr/bin/phpstan
 COPY --link --from=protolint /usr/local/bin/protolint /usr/bin/
 COPY --link --from=dustilock /usr/bin/dustilock /usr/bin/dustilock
 COPY --link --from=gitleaks /usr/bin/gitleaks /usr/bin/
@@ -467,6 +467,8 @@ RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GI
     && rm phive.phar.asc \
     && update-alternatives --install /usr/bin/php php /usr/bin/php83 110
 
+# Managed with COPY --from=composer/composer:2-bin /composer /usr/bin/composer
+ENV PATH="/root/.composer/vendor/bin:${PATH}"
 
 # POWERSHELL installation
 RUN curl -L https://github.com/PowerShell/PowerShell/releases/download/v7.4.2/powershell-7.4.2-linux-musl-x64.tar.gz -o /tmp/powershell.tar.gz \
@@ -630,12 +632,11 @@ RUN wget --quiet https://github.com/pmd/pmd/releases/download/pmd_releases%2F${P
 
 
 # phpcs installation
-RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && phive --no-progress install phpcs -g --trust-gpg-keys 31C7E470E2138192,95DE904AB800754A11D80B605E6DDE998AB73B8E
+RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && composer global require squizlabs/php_codesniffer bartlett/sarif-php-sdk
 
 
 # phpstan installation
-# Managed with COPY --link --from=phpstan /composer/vendor/phpstan/phpstan/phpstan.phar /usr/bin/phpstan
-RUN chmod +x /usr/bin/phpstan
+RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && composer global require phpstan/phpstan bartlett/sarif-php-sdk
 
 # psalm installation
 RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && phive --no-progress install psalm -g --trust-gpg-keys 8A03EA3B385DBAA1,12CE0F1D262429A5
@@ -726,7 +727,7 @@ RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh |
 #     && rm -rf /root/.npm/_cacache
 
 # lightning-flow-scanner installation
-    && echo y|sf plugins install lightning-flow-scanner \
+    && echo y|sf plugins install lightning-flow-scanner@2.24.0 \
     && npm cache clean --force || true \
     && rm -rf /root/.npm/_cacache \