feat(github-action): update oxsecurity/megalinter action to v8.4.1

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
oxsecurity/megalinter	action	minor	v8.1.0 -> v8.4.1

---

Release Notes

oxsecurity/megalinter (oxsecurity/megalinter)

v8.4.1

Compare Source

• Quick fix about PRE_COMMANDS crash (see #​4591)

• Linter versions upgrades (2)

  • checkstyle from 10.21.1 to 10.21.2 on 2025-01-26
  • stylelint from 16.14.0 to 16.14.1 on 2025-01-27

v8.4.0

Compare Source

• Core

  • PHP Linters use now the bartlett/sarif-php-converters first official release 1.0.0 to generate SARIF reports, by @​llaville in #​4357
  • Upgrade PHP engine from 8.3 to 8.4 and allow Psalm 5.26 to run on this context (by @​llaville)
  • Linters can specify in the pre/post commands with a run_before_linters / run_after_linters parameter whether the command is to be executed before/after the execution of the linters themselves (by @​bdovaz in #​4482)
  • Bump python version to 3.12.8, by @​echoix in #​4372
  • Update to .NET 9, by @​bdovaz in #​4488
  • Upgrade PHP engine from 8.3 to 8.4, by @​llaville in #​4524

• New linters

  • Reactivate clj-style (Clojure formatter) since its bug is fixed, by @​nvuillam in #​4369
  • New python formatter: PYTHON_RUFF_FORMAT, by @​nvuillam in #​4329

• Disabled linters

  • Snakemake has been disabled, because its dependency datrie not maintained, and issue open in snakemake repo since july is still pending

• Linters enhancements

  • Add support to phpstan/extension-installer Composer plugin for automatic installation of PHPStan extensions, by @​llaville in #​4337
    • Learn more about context on GH-4328
  • Allow Terrascan to lint in file lint mode, by @​bdovaz in #​4498
  • Add sarif output to golangci-lint, by @​bdovaz in #​4557

• Plugins

  • Add prettier for markdown, by Qin Li

• Fixes

  • swiftlint Fix swiftlint error where linter is unable to find lintable files. Fixes #​440, by @​Noraldeno in #​4427
  • jscpd url fixes, by @​alexanderbazhenoff in #​4352
  • Don't call get_pr_data if GitLeaks linter is not active, by @​bdovaz in #​4469
  • Fix linter disabled reason usage, by @​bdovaz in #​4466

• Doc

  • Add contributing docs on venv, by @​bdovaz in #​4479
  • Add disabled linter badge, by @​bdovaz in #​4477
  • Add AzureCommentReporter instructions, by @​bdovaz in #​4480

• CI

  • Fix up gitpod config and workflow to support uv 0.5.0+ by @​echoix in #​4373
  • Use uv.lock file to build docker images, by @​echoix in #​4374
  • Update Renovate schedules for uv and sfdx-hardis, by @​echoix in #​4568
  • Variabilize version and use renovate for updates for the following linters:
    • all GO linters
    • all REPOSITORY linters
    • arm-ttk
    • bash-shfmt
    • bicep
    • clj-kondo
    • cljstyle
    • csharpier
    • dart
    • ktlint
    • kubescape
    • lychee
    • luacheck
    • markdown-link-check
    • perlcritic
    • raku
    • tsqllint

• Linter versions upgrades (66)

  • actionlint from 1.7.6 to 1.7.7
  • ansible-lint from 24.12.2 to 25.1.0
  • banditto 1.8.2
  • bash-exec from 5.2.26 to 5.2.37
  • bicep_linter from to 0.33.13
  • cfn-lint 1.22.7
  • checkov from to 3.2.357
  • checkstyle from 10.20.1 to 10.21.1
  • clang-format from 17.0.6 to 19.1.4
  • clippy 0.1.84
  • clj-kondo from 2024.11.14 to 2025.01.16
  • cljstyle from 0.15.0 to 0.17.642
  • csharpier from 0.30.2 to 0.30.6
  • cspell from 8.16.0 to 8.17.2
  • devskim from 1.0.44 to 1.0.51
  • djlint from 1.36.1 to 1.36.4
  • dotnet-format from 8.0.111 to 9.0.102
  • editorconfig-checker from 3.0.3 to 3.1.2
  • git_diff from 2.45.2 to 2.47.2
  • gitleaks from 8.21.2 to 8.23.2
  • golangci-lint from 1.62.0 to 1.63.4
  • grype from 0.79.5 to 0.87.0
  • helm from 3.14.3 to 3.16.3
  • ktlint from 1.4.1 to 1.5.0
  • lightning-flow-scanner from 2.36.0 to 2.39.0
  • lychee from 0.17.0 to 0.18.0
  • markdownlint from 0.43.0 to 0.44.0
  • mypy from 1.13.0 to 1.14.0
  • mypy from 1.14.0 to 1.14.1
  • php-cs-fixer from 3.64.0 to 7.4.0
  • phpcs from 3.11.1 to 3.11.3
  • phplint from 9.5.4 to 9.5.6
  • phpstan from 2.0.2 to 2.1.2
  • pmd from 7.7.0 to 7.9.0
  • powershell from 7.4.2 to 7.4.6
  • powershell_formatter from 7.4.2 to 7.4.6
  • prettier from 3.3.3 to 3.4.2
  • protolint from 0.50.5 to 0.52.0
  • psalm from Psalm.5.26.1@​ to Psalm.6.0.0@​
  • pylint from 3.3.1 to 3.3.3
  • pyright from 1.1.389 to 1.1.392
  • raku from 2020.10 to 2024.10
  • revive from 1.5.1 to 1.6.0
  • rubocop from 1.68.0 to 1.71.0
  • ruff-format from 0.8.6 to 0.9.3
  • ruff from 0.8.0 to 0.9.3
  • scalafix from 0.13.0 to 0.14.0
  • selene from 0.27.1 to 0.28.0
  • sfdx-scanner-apex from 4.7.0 to 4.8.0
  • sfdx-scanner-aura from 4.7.0 to 4.8.0
  • sfdx-scanner-lwc from 4.7.0 to 4.8.0
  • snakemake from 8.25.3 to 8.27.1
  • sqlfluff from 3.2.5 to 3.3.0
  • stylelint from 16.10.0 to 16.14.0
  • swiftlint from 0.57.0 to 0.58.2
  • syft from 1.17.0 to 1.19.0
  • terraform-fmt from 1.10.0 to 1.10.3
  • terraform-fmt from 1.9.8 to 1.10.0
  • terragrunt from 0.68.14 to 0.69.13
  • tflint from 0.54.0 to 0.55.0
  • trivy-sbom from 0.57.1 to 0.58.2
  • trivy from 0.57.1 to 0.58.2
  • trufflehog from 3.84.1 to 3.88.2
  • v8r from 4.2.0 to 4.2.1
  • vale from 3.9.1 to 3.9.4
  • xmllint from 21207 to 21304

v8.3.0

Compare Source

• Core

  • Display command log (truncated to 250 chars) even when LOG_LEVEL is not DEBUG
  • Allow to replace an ENV var value with the value of another ENV var before calling a PRE_COMMAND (helps for tflint run from GitHub Enterprise)
  • Fix handling of git submodule paths

• Fixes

  • trivy: retry in case of BLOB_UNKNOWN while downloading vulnerability list

• Reporters

  • Fix UpdatedSourcesReporter when APPLY_FIXES is list (array)
  • Fix AzureCommentReporter when the repo is not found: fallback using BUILD_REPOSITORY_ID. (+ disable space replacement in repo name with AZURE_COMMENT_REPORTER_REPLACE_WITH_SPACES: false)

• CI

  • Fix Docker mirroring job for release context
  • Remove max parallel jobs for release linters workflow

• Linter versions upgrades (13)

  • cfn-lint from 1.19.0 to 1.20.0
  • checkov from 3.2.298 to 3.2.311
  • csharpier from 0.29.2 to 0.30.2
  • markdownlint from 0.42.0 to 0.43.0
  • phpstan from 2.0.1 to 2.0.2
  • ruff from 0.7.4 to 0.8.0
  • spectral from 6.14.1 to 6.14.2
  • stylua from 0.20.0 to 2.0.0
  • syft from 1.16.0 to 1.17.0
  • trivy-sbom from 0.57.0 to 0.57.1
  • trivy from 0.57.0 to 0.57.1
  • trufflehog from 3.83.7 to 3.84.1
  • vale from 3.9.0 to 3.9.1

v8.2.0

Compare Source

• Media

  • 10 MegaLinter Tips and Tricks Unlock its Full Potential by Wes Dean
  • MegaLinter Performance Tuning for Maximum Efficiency by Wes Dean

• Linters enhancements

  • detekt Enable SARIF output + count errors
  • lintr: Support files in subdirectories, fix unit tests
  • phpcs: Activate APPLY_FIXES
  • Salesforce linters: Add SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins
  • trivy: handle retry if failed to download Java DB is detected
  • tsqllint Re-enabled after .net 8 and security updates

• Fixes

  • Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered
  • Fix linting errors in GitHub Actions template

• Reporters

  • UpdatedSourcesReporter will git commit & push fixed files to source branch if APPLY_FIXES is set
  • Fix AzureCommentReporter not adding comments to PR
  • Fix AzureCommentReporter fails when target repo contains spaces

• Doc

  • Updated documentation with Azure central pipeline use case
  • Update DevSkim documentation to show a valid exclusion config file
  • Note about risky rules and how to fix rule violations with PHP-CS-Fixer

• CI

  • Also prune volumes before pulling and pushing to docker hub
  • Externalize mirroring from ghcr.io to docker hub in another workflow to avoid memory issues
  • Squash docker images to have less layers and size
  • Comment jobs related to GitHub Worker images, as CodeTotal is not actively maintained
  • Make gitpod workflow not blocking until uv install is fixed
  • Update stale comment
  • Try several times to embed trivy db during Docker build, as a workaround to the random failures
  • Wait 10 secondes instead of 1 before retrying a failing test method, to avoid race conditions

• Linter versions upgrades (104)

  • actionlint from 1.7.3 to 1.7.4
  • ansible-lint from 24.9.2 to 24.10.0
  • bicep_linter from 0.30.23 to 0.31.92
  • cfn-lint from 1.16.1 to 1.19.0
  • checkov from 3.2.257 to 3.2.298
  • checkstyle from 10.18.2 to 10.20.1
  • clippy from 0.1.81 to 0.1.82
  • clj-kondo from 2024.09.27 to 2024.11.14
  • cspell from 8.15.1 to 8.16.0
  • devskim from 1.0.33 to 1.0.44
  • djlint from 1.35.2 to 1.36.1
  • dotnet-format from 8.0.110 to 8.0.111
  • gitleaks from 8.20.1 to 8.21.2
  • golangci-lint from 1.61.0 to 1.62.0
  • ktlint from 1.3.1 to 1.4.1
  • lightning-flow-scanner from 2.34.0 to 2.36.0
  • lychee from 0.16.1 to 0.17.0
  • mypy from 1.11.2 to 1.13.0
  • perlcritic from 1.152 to 1.156
  • phpcs from 3.10.3 to 3.11.1
  • phplint from 9.5.3 to 9.5.4
  • phpstan from 1.12.6 to 2.0.1
  • pmd from 7.6.0 to 7.7.0
  • pyright from 1.1.384 to 1.1.389
  • revive from 1.4.0 to 1.5.1
  • roslynator from 0.9.1.0 to 0.9.3.0
  • rubocop from 1.66.1 to 1.68.0
  • ruff from 0.6.9 to 0.7.4
  • secretlint from 8.4.0 to 9.0.0
  • sfdx-scanner-apex from 4.6.0 to 4.7.0
  • sfdx-scanner-aura from 4.6.0 to 4.7.0
  • sfdx-scanner-lwc from 4.6.0 to 4.7.0
  • shfmt from 3.9.0 to 3.10.0
  • snakemake from 8.21.0 to 8.25.3
  • spectral from 6.13.1 to 6.14.1
  • sqlfluff from 3.2.3 to 3.2.5
  • syft from 1.14.0 to 1.16.0
  • terraform-fmt from 1.9.5 to 1.9.8
  • terragrunt from 0.67.5 to 0.68.14
  • tflint from 0.53.0 to 0.54.0
  • trivy-sbom from 0.56.2 to 0.57.0
  • trivy from 0.56.2 to 0.57.0
  • trufflehog from 3.82.11 to 3.83.7
  • tsqllint from 1.15.3.0 to 1.16.0.0
  • v8r from 4.1.0 to 4.2.0
  • vale from 3.7.1 to 3.9.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ ACTION	actionlint	1		0	0.0s
✅ COPYPASTE	jscpd	yes		no	1.07s
✅ REPOSITORY	git_diff	yes		no	0.02s
✅ REPOSITORY	secretlint	yes		no	1.88s
✅ YAML	prettier	1		0	0.52s
✅ YAML	yamllint	1		0	0.34s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff