Skip to content

chore(deps): update secretlint monorepo to v13#7761

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/major-13-secretlint-monorepo
Open

chore(deps): update secretlint monorepo to v13#7761
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/major-13-secretlint-monorepo

Conversation

@renovate

@renovate renovate Bot commented May 9, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@secretlint/secretlint-formatter-sarif (source) 11.7.113.0.2 age confidence
@secretlint/secretlint-rule-preset-recommend (source) 11.7.113.0.2 age confidence
secretlint (source) 11.7.113.0.2 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

secretlint/secretlint (@​secretlint/secretlint-formatter-sarif)

v13.0.2

What's Changed

📝 v13.0.1 published as v13.0.2

Bug Fixes
  • Fix secp256k1 private key detection to avoid false positives by @​azu in #​1564
CI
Dependency Updates
Other Changes
  • Reorganize CLI options and update glob syntax documentation by @​azu in #​1540

Full Changelog: secretlint/secretlint@v13.0.0...v13.0.2

v13.0.0

Compare Source

Highlights

v13 changes how files are discovered on disk and adds three credential detection rules.

.gitignore is respected by default

Nested .gitignore files now apply to file discovery with ripgrep semantics: rules from each directory cascade into its subtree, and a negation rule in a deeper file can flip an earlier verdict.

Files excluded by any .gitignore on the path are no longer scanned. Repositories that previously relied on Secretlint scanning ignored files (such as dist/ or generated artefacts) will see fewer files in the output. .secretlintignore is unchanged and continues to apply alongside .gitignore.

To restore the v12 behaviour:

secretlint --no-gitignore "**/*"

If a file is matched by a .gitignore rule but still appears in Secretlint's output, please open an issue at https://github.com/secretlint/secretlint/issues.

Glob-shaped paths that exist on disk are treated literally

--no-glob and "globs by default" both existed in v12. What changed in v13 is the fallback for inputs that contain glob metacharacters but resolve to a real file or directory.

In v12, an input like src/(group)/page.tsx was always parsed as a glob, so SvelteKit / Next.js routes whose names contain (), [], {}, or ? required --no-glob. v13 runs a single stat per glob-shaped input: if it exists, the input is treated literally; otherwise it stays a glob.

Pattern On disk v12 default v13 default
src/(group)/page.tsx exists parsed as glob, no match matched literally
src/(missing)/page.tsx absent parsed as glob parsed as glob
src/[a-z]ormal.tsx normal.tsx exists matched via glob matched via glob

Pass --no-glob to skip the probe and force literal interpretation.

New and promoted rules

Added to preset-recommend:

Rule Detects
@secretlint/secretlint-rule-tailscale Tailscale API keys (new package)
@secretlint/secretlint-rule-stripe Stripe API keys (new package)
@secretlint/secretlint-rule-cloudflare Cloudflare API tokens (promoted from preset-canary)

What's Changed

Breaking Changes
Features
CI
Dependency Updates
Other Changes

Full Changelog: secretlint/secretlint@v12.3.1...v13.0.0

v12.3.1

Compare Source

What's Changed
CI
  • Pin QEMU binfmt image version in Docker release workflow by @​azu in #​1523

Full Changelog: secretlint/secretlint@v12.3.0...v12.3.1

v12.3.0

Compare Source

What's Changed
Features
CI
Dependency Updates

Full Changelog: secretlint/secretlint@v12.2.0...v12.3.0

v12.2.0

Compare Source

What's Changed
Features
Documentation
New Contributors

Full Changelog: secretlint/secretlint@v12.1.0...v12.2.0

v12.1.0

Compare Source

What's Changed
Features
  • Add per-pattern allows configuration for secretlint-rule-pattern by @​azu in #​1504

Full Changelog: secretlint/secretlint@v12.0.1...v12.1.0

v12.0.1

Compare Source

What's Changed
Documentation
  • Add macOS SecureClipboard application to documentation by @​azu in #​1500
Refactoring
  • Bump minimum Node.js version requirement to 22 by @​azu in #​1502
  • secretelint v12 requires Node.js 22+
CI

Full Changelog: secretlint/secretlint@v12.0.0...v12.0.1

v12.0.0

Compare Source

What's Changed
New rules added to recommend

Secretlint v12.0.0 includes the following new rules in the @​secretlint/secretlint-rule-preset-recommend preset:

Breaking Changes
  • Require Node.js 22+
  • Remove CommonJS build output and dual-package support by @​azu in #​1495
  • feat(preset-recommend)!: sync canary rules into recommend preset by @​azu in #​1498
Refactoring
CI
Dependency Updates
Other Changes

Full Changelog: secretlint/secretlint@v11.7.1...v12.0.0


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label May 9, 2026
@renovate renovate Bot added the dependencies Pull requests that update a dependency file label May 9, 2026
@github-actions

github-actions Bot commented May 9, 2026

Copy link
Copy Markdown
Contributor

⚠️MegaLinter analysis: Success with warnings

⚠️ PYTHON / bandit - 137 errors
---------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: ./megalinter/utils_sarif.py:156:61
155	                        rule["id"] = (
156	                            rule["id"] + "_DUPLICATE_" + str(random.randint(1, 99999))
157	                        )

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:124:4
123	    )
124	    assert os.path.isdir(config.get(request_id, "DEFAULT_WORKSPACE")), (
125	        "DEFAULT_WORKSPACE "
126	        + config.get(request_id, "DEFAULT_WORKSPACE")
127	        + " is not a valid folder"
128	    )
129	

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:172:4
171	    tmp_report_folder = tempfile.gettempdir() + os.path.sep + str(uuid.uuid4())
172	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
173	    linter_name = linter.linter_name

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:238:4
237	    tmp_report_folder = tempfile.gettempdir() + os.path.sep + str(uuid.uuid4())
238	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
239	    if os.path.isfile(workspace + os.path.sep + "no_test_failure"):

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:487:4
486	    )
487	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
488	    expected_file_name = ""

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:587:4
586	        workspace += os.path.sep + "bad"
587	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
588	    # Call linter

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:681:4
680	        workspace = workspace + os.path.sep + "fix"
681	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
682	

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:787:12
786	            ]
787	            assert (len(list(diffs))) > 0, f"No changes in the {file} file"
788	

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./server/server.py:81:42
80	    if item.fileUploadId:
81	        uploaded_file_path = os.path.join("/tmp/server-files", item.fileUploadId)
82	        if not os.path.isdir(uploaded_file_path):

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./server/server.py:103:38
102	    file_upload_id = "FILE_" + str(uuid1())
103	    uploaded_file_path = os.path.join("/tmp/server-files", file_upload_id)
104	    os.makedirs(uploaded_file_path)

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./server/server_worker.py:98:34
97	        temp_dir = self.create_temp_dir()
98	        upload_dir = os.path.join("/tmp/server-files", file_upload_id)
99	        if os.path.exists(upload_dir):

--------------------------------------------------

Code scanned:
	Total lines of code: 19606
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 104
		Medium: 24
		High: 9
	Total issues (by confidence):
		Undefined: 0
		Low: 16
		Medium: 20
		High: 101
Files skipped (0):

(Truncated to last 6666 characters out of 92334)
⚠️ BASH / bash-exec - 1 error
Results of bash-exec linter (version 5.3.9)
See documentation on https://megalinter.io/beta/descriptors/bash_bash_exec/
-----------------------------------------------

✅ [SUCCESS] .automation/build_schemas_doc.sh
✅ [SUCCESS] .automation/format-tables.sh
✅ [SUCCESS] .vscode/testlinter.sh
✅ [SUCCESS] build.sh
✅ [SUCCESS] entrypoint.sh
❌ [ERROR] sh/megalinter_exec.sh
    Error: File:[sh/megalinter_exec.sh] is not executable

✅ [SUCCESS] sh/setup-runtime-user.sh
⚠️ SPELL / lychee - 62 errors
r/descriptors/latex.megalinter-descriptor.yml
[TIMEOUT] https://www.nongnu.org/chktex (at 26:17) | Request timed out
[TIMEOUT] https://www.nongnu.org/chktex/ (at 29:23) | Request timed out
[TIMEOUT] https://www.nongnu.org/chktex/ (at 31:38) | Request timed out

Errors in megalinter/descriptors/markdown.megalinter-descriptor.yml
[404] https://github.com/rvben/rumdl/blob/main/docs/RULES.md (at 234:23) | Rejected status code: 404 Not Found
[403] https://www.npmjs.com/package/markdown-table-formatter (at 177:17) | Rejected status code: 403 Forbidden

Errors in megalinter/descriptors/repository.megalinter-descriptor.yml
[404] https://github.com/mongodb/kingfisher/tree/main/data/rules (at 1288:23) | Rejected status code: 404 Not Found
[404] https://raw.githubusercontent.com/oxsecurity/megalinter/main/docs/assets/icons/linters/betterleaks.png (at 417:26) | Rejected status code: 404 Not Found

Errors in megalinter/descriptors/rst.megalinter-descriptor.yml
[403] https://docutils.sourceforge.io/docs/ref/rst/directives.html#raw-data-pass-through (at 34:38) | Rejected status code: 403 Forbidden

Errors in megalinter/descriptors/salesforce.megalinter-descriptor.yml
[403] https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/get-started.html (at 170:17) | Error (cached)
[403] https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/get-started.html (at 266:17) | Error (cached)
[403] https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/get-started.html (at 364:17) | Error (cached)
[403] https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/get-started.html (at 464:17) | Error (cached)
[403] https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/get-started.html (at 555:17) | Error (cached)
[403] https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/get-started.html (at 72:17) | Rejected status code: 403 Forbidden
[404] https://github.com/Lightning-Flow-Scanner/lightning-flow-scanner-core#rules (at 638:23) | Rejected status code: 404 Not Found

Errors in megalinter/descriptors/terraform.megalinter-descriptor.yml
[404] https://github.com/gruntwork-io/terragrunt/blob/master/docs/assets/img/favicon/ms-icon-310x310.png (at 168:23) | Rejected status code: 404 Not Found | Followed 1 redirect. Redirects: https://github.com/gruntwork-io/terragrunt/blob/master/docs/assets/img/favicon/ms-icon-310x310.png --[302]--> https://github.com/gruntwork-io/terragrunt/blob/main/docs/assets/img/favicon/ms-icon-310x310.png

Errors in megalinter/descriptors/tsx.megalinter-descriptor.yml
[404] https://eslint-react.xyz/docs/getting-started/installation (at 82:37) | Error (cached)
[ERROR] https://eslint.org/docs/latest/use/integrations#source-control (at 85:32) | Error (cached)

Errors in megalinter/descriptors/typescript.megalinter-descriptor.yml
[ERROR] https://eslint.org/docs/latest/use/integrations#source-control (at 95:32) | Error (cached)

Errors in megalinter/descriptors/xml.megalinter-descriptor.yml
[406] https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home (at 38:17) | Rejected status code: 406 Not Acceptable

Errors in README.md
[ERROR] https://eslint.org/docs/latest/use/integrations#source-control (at 1838:3) | Error (cached)
[ERROR] https://eslint.org/docs/latest/use/integrations#source-control (at 1839:3) | Error (cached)
[301] https://future-architect.github.io/authors/%E5%AE%AE%E6%B0%B8%E5%B4%87%E5%8F%B2 (at 1781:104) | Rejected status code: 301 Moved Permanently
[TIMEOUT] https://generated.at/ (at 1147:301) | Request timed out
[403] https://javascript.plainenglish.io/node-js-coding-standard-tools-with-megalinter-on-gitlab-ci-a43b55915811 (at 1764:3) | Rejected status code: 403 Forbidden
[403] https://medium.com/@caodanju/30-seconds-to-setup-megalinter-your-go-to-tool-for-automated-code-quality-and-iac-security-969d90a5a99c (at 1749:3) | Rejected status code: 403 Forbidden
[403] https://medium.com/@RunningMattress (at 1758:255) | Rejected status code: 403 Forbidden
[403] https://medium.com/@RunningMattress/level-up-your-unity-packages-with-ci-cd-9498d2791211 (at 1758:3) | Rejected status code: 403 Forbidden
[403] https://medium.com/@SeasonedDeveloper (at 1745:255) | Rejected status code: 403 Forbidden
[403] https://medium.com/@SeasonedDeveloper/looking-for-the-best-ci-cd-pipeline-linting-tool-try-megalinter-d89c9eba850d (at 1745:3) | Rejected status code: 403 Forbidden
[403] https://medium.com/datamindedbe/integrating-megalinter-to-automate-linting-across-multiple-codebases-a-technical-description-a200bb235b71 (at 1746:3) | Rejected status code: 403 Forbidden
[403] https://nicolas.vuillamy.fr/improve-uniformize-and-secure-your-code-base-with-megalinter-62ebab422c1 (at 1767:3) | Rejected status code: 403 Forbidden
[403] https://nicolas.vuillamy.fr/megalinter-sells-his-soul-and-joins-ox-security-2a91a0027628 (at 1766:3) | Rejected status code: 403 Forbidden
[403] https://nklya.medium.com/ (at 1763:255) | Rejected status code: 403 Forbidden
[403] https://nklya.medium.com/hot-to-linter-basic-things-like-trailing-whitespaces-and-newlines-7b40da8f688d (at 1763:3) | Rejected status code: 403 Forbidden
[403] https://npmjs.org/package/mega-linter-runner (at 1062:1) | Error (cached)
[403] https://npmjs.org/package/mega-linter-runner (at 1063:1) | Error (cached)
[403] https://npmjs.org/package/mega-linter-runner (at 1064:1) | Error (cached)
[403] https://npmjs.org/package/mega-linter-runner (at 21:1) | Rejected status code: 403 Forbidden | Followed 1 redirect. Redirects: https://npmjs.org/package/mega-linter-runner --[301]--> https://www.npmjs.com/package/mega-linter-runner
[403] https://pmd.sourceforge.io/pmd-6.55.0/pmd_userdocs_tools_ci.html (at 1848:3) | Error (cached)
[403] https://techcommunity.microsoft.com/ (at 1753:371) | Rejected status code: 403 Forbidden
[403] https://techcommunity.microsoft.com/t5/azure-devops-blog/achieve-code-consistency-megalinter-integration-in-azure-devops/ba-p/3939448 (at 1753:3) | Rejected status code: 403 Forbidden
[403] https://techcommunity.microsoft.com/t5/user/viewprofilepage/user-id/2039143#profile (at 1753:255) | Rejected status code: 403 Forbidden
[403] https://www.npmjs.com/package/@downatthebottomofthemolehole/megalinter-mcp-server (at 1723:354) | Rejected status code: 403 Forbidden

Hint: Followed 731 redirects. You might want to consider replacing redirecting URLs with the resolved URLs. Use verbose mode (`-v`/`-vv`) to see redirection details.
Hint: Rejected redirectional status codes. This means some redirects were not followed. You might want to increase the limit for `-m`/`--max-redirects`.

(Truncated to last 6666 characters out of 32743)
⚠️ MARKDOWN / markdownlint - 356 errors
uld have alternate text (alt text)
docs/reporters/ApiReporter.md:326:1 error MD045/no-alt-text Images should have alternate text (alt text)
docs/reporters/ApiReporter.md:334:1 error MD045/no-alt-text Images should have alternate text (alt text)
docs/reporters/ApiReporter.md:340:1 error MD045/no-alt-text Images should have alternate text (alt text)
docs/reporters/ApiReporter.md:350:1 error MD045/no-alt-text Images should have alternate text (alt text)
docs/reporters/ApiReporter.md:356:1 error MD045/no-alt-text Images should have alternate text (alt text)
docs/reporters/AzureCommentReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Azure Comment Reporter"]
docs/reporters/BitbucketCommentReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Bitbucket Comment Reporter"]
docs/reporters/ConfigReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "IDE Configuration Reporter"]
docs/reporters/ConsoleReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Console Reporter"]
docs/reporters/EmailReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "E-mail Reporter"]
docs/reporters/FileIoReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "File.io Reporter"]
docs/reporters/GitHubCommentReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "GitHub Comment Reporter"]
docs/reporters/GitHubCommentReporter.md:27:196 error MD056/table-column-count Table column count [Expected: 4; Actual: 3; Too few cells, row will be missing data]
docs/reporters/GitHubCommentReporter.md:27:46 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:27:174 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:27:196 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:28:179 error MD056/table-column-count Table column count [Expected: 4; Actual: 3; Too few cells, row will be missing data]
docs/reporters/GitHubCommentReporter.md:28:46 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:28:160 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:28:179 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:29:159 error MD056/table-column-count Table column count [Expected: 4; Actual: 3; Too few cells, row will be missing data]
docs/reporters/GitHubCommentReporter.md:29:48 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:29:143 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:29:159 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:30:171 error MD056/table-column-count Table column count [Expected: 4; Actual: 3; Too few cells, row will be missing data]
docs/reporters/GitHubCommentReporter.md:30:46 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:30:152 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:30:171 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubStatusReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "GitHub Status Reporter"]
docs/reporters/GitlabCommentReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Gitlab Comment Reporter"]
docs/reporters/JsonReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "JSON Reporter"]
docs/reporters/MarkdownSummaryReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Markdown Summary Reporter"]
docs/reporters/SarifReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "SARIF Reporter (beta)"]
docs/reporters/TapReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "TAP Reporter"]
docs/reporters/TextReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Text Reporter"]
docs/reporters/UpdatedSourcesReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Updated Sources Reporter"]
docs/special-thanks.md:9 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Special thanks"]
docs/special-thanks.md:23:3 error MD045/no-alt-text Images should have alternate text (alt text)
docs/sponsor.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Sponsoring"]
docs/supported-linters.md:9 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Supported Linters"]
mega-linter-runner/generators/mega-linter-custom-flavor/templates/README.md:69 error MD024/no-duplicate-heading Multiple headings with the same content [Context: "How to use the custom flavor"]
mega-linter-runner/README.md:27:274 error MD051/link-fragments Link fragments should be valid [Context: "[**apply formatting and auto-fixes**](#apply-fixes)"]
mega-linter-runner/README.md:27:217 error MD051/link-fragments Link fragments should be valid [Context: "[**reports in several formats**](#reports)"]
README.md:190:127 error MD051/link-fragments Link fragments should be valid [Context: "[many additional features](#mega-linter-vs-super-linter)"]
README.md:1943:3 error MD045/no-alt-text Images should have alternate text (alt text)

(Truncated to last 6666 characters out of 47046)
⚠️ YAML / prettier - 14 errors
s/valestyles/proselint/Spelling.yml 3ms (unchanged)
.github/linters/valestyles/proselint/Typography.yml 3ms (unchanged)
.github/linters/valestyles/proselint/Uncomparables.yml 6ms (unchanged)
.github/linters/valestyles/proselint/Very.yml 4ms (unchanged)
.github/release-drafter.yml 10ms (unchanged)
.grype.yaml 3ms (unchanged)
.mega-linter.yml 12ms (unchanged)
.pre-commit-hooks.yaml 9ms (unchanged)
action.yml 2ms (unchanged)
codecov.yml 1ms (unchanged)
mega-linter-runner/.eslintrc.yml 3ms (unchanged)
mega-linter-runner/.mega-linter.yml 8ms (unchanged)
mega-linter-runner/generators/mega-linter-custom-flavor/templates/action.yml 8ms (unchanged)
mega-linter-runner/generators/mega-linter-custom-flavor/templates/check-new-megalinter-version.yml 20ms (unchanged)
mega-linter-runner/generators/mega-linter-custom-flavor/templates/megalinter-custom-flavor-builder.yml 17ms (unchanged)
[error] mega-linter-runner/generators/mega-linter-custom-flavor/templates/megalinter-custom-flavor.yml: SyntaxError: Implicit map keys need to be followed by map values (6:1)
[error]   4 | label: <%= CUSTOM_FLAVOR_LABEL %>
[error]   5 | linters:
[error] > 6 | <%= CUSTOM_FLAVOR_LINTERS %>
[error]     | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[error]   7 |
mega-linter-runner/generators/mega-linter/templates/.drone.yml 2ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/.gitlab-ci.yml 3ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/azure-pipelines.yml 6ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/bitbucket-pipelines.yml 3ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/concourse-task.yml 2ms (unchanged)
[error] mega-linter-runner/generators/mega-linter/templates/mega-linter.yml: SyntaxError: Implicit map keys need to be followed by map values (67:11)
[error]   65 |           # Only define `secrets.PAT` if you fully understand the trade-off.
[error]   66 |           token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
[error] > 67 |           <%- PERSIST_CREDENTIALS %>
[error]      |           ^^^^^^^^^^^^^^^^^^^^^^^^^^
[error]   68 |
[error]   69 |           # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to
[error]   70 |           # improve performance
megalinter/descriptors/action.megalinter-descriptor.yml 21ms (unchanged)
megalinter/descriptors/ansible.megalinter-descriptor.yml 10ms (unchanged)
megalinter/descriptors/api.megalinter-descriptor.yml 7ms (unchanged)
megalinter/descriptors/arm.megalinter-descriptor.yml 9ms (unchanged)
megalinter/descriptors/bash.megalinter-descriptor.yml 28ms (unchanged)
megalinter/descriptors/bicep.megalinter-descriptor.yml 5ms (unchanged)
megalinter/descriptors/c.megalinter-descriptor.yml 14ms (unchanged)
megalinter/descriptors/clojure.megalinter-descriptor.yml 18ms (unchanged)
megalinter/descriptors/cloudformation.megalinter-descriptor.yml 11ms (unchanged)
megalinter/descriptors/coffee.megalinter-descriptor.yml 4ms (unchanged)
megalinter/descriptors/copypaste.megalinter-descriptor.yml 4ms (unchanged)
megalinter/descriptors/cpp.megalinter-descriptor.yml 15ms (unchanged)
megalinter/descriptors/csharp.megalinter-descriptor.yml 26ms (unchanged)
megalinter/descriptors/css.megalinter-descriptor.yml 12ms (unchanged)
megalinter/descriptors/dart.megalinter-descriptor.yml 10ms (unchanged)
megalinter/descriptors/dockerfile.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/editorconfig.megalinter-descriptor.yml 5ms (unchanged)
megalinter/descriptors/env.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/gherkin.megalinter-descriptor.yml 16ms (unchanged)
megalinter/descriptors/go.megalinter-descriptor.yml 18ms (unchanged)
megalinter/descriptors/graphql.megalinter-descriptor.yml 5ms (unchanged)
megalinter/descriptors/groovy.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/html.megalinter-descriptor.yml 11ms (unchanged)
megalinter/descriptors/java.megalinter-descriptor.yml 10ms (unchanged)
megalinter/descriptors/javascript.megalinter-descriptor.yml 21ms (unchanged)
megalinter/descriptors/json.megalinter-descriptor.yml 19ms (unchanged)
megalinter/descriptors/jsx.megalinter-descriptor.yml 18ms (unchanged)
megalinter/descriptors/kotlin.megalinter-descriptor.yml 15ms (unchanged)
megalinter/descriptors/kubernetes.megalinter-descriptor.yml 11ms (unchanged)
megalinter/descriptors/latex.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/lua.megalinter-descriptor.yml 9ms (unchanged)
megalinter/descriptors/makefile.megalinter-descriptor.yml 3ms (unchanged)
megalinter/descriptors/markdown.megalinter-descriptor.yml 24ms (unchanged)
megalinter/descriptors/perl.megalinter-descriptor.yml 9ms (unchanged)
megalinter/descriptors/php.megalinter-descriptor.yml 26ms (unchanged)
megalinter/descriptors/powershell.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/protobuf.megalinter-descriptor.yml 3ms (unchanged)
megalinter/descriptors/puppet.megalinter-descriptor.yml 5ms (unchanged)
megalinter/descriptors/python.megalinter-descriptor.yml 78ms (unchanged)
megalinter/descriptors/r.megalinter-descriptor.yml 5ms (unchanged)
megalinter/descriptors/raku.megalinter-descriptor.yml 3ms (unchanged)
megalinter/descriptors/repository.megalinter-descriptor.yml 94ms (unchanged)
megalinter/descriptors/robotframework.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/rst.megalinter-descriptor.yml 11ms (unchanged)
megalinter/descriptors/ruby.megalinter-descriptor.yml 17ms (unchanged)
megalinter/descriptors/rust.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/salesforce.megalinter-descriptor.yml 86ms (unchanged)
megalinter/descriptors/scala.megalinter-descriptor.yml 14ms (unchanged)
megalinter/descriptors/snakemake.megalinter-descriptor.yml 11ms (unchanged)
megalinter/descriptors/spell.megalinter-descriptor.yml 33ms (unchanged)
megalinter/descriptors/sql.megalinter-descriptor.yml 16ms (unchanged)
megalinter/descriptors/swift.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/tekton.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/terraform.megalinter-descriptor.yml 20ms (unchanged)
megalinter/descriptors/tsx.megalinter-descriptor.yml 14ms (unchanged)
megalinter/descriptors/typescript.megalinter-descriptor.yml 36ms (unchanged)
megalinter/descriptors/vbdotnet.megalinter-descriptor.yml 15ms (unchanged)
megalinter/descriptors/xml.megalinter-descriptor.yml 11ms (unchanged)
megalinter/descriptors/yaml.megalinter-descriptor.yml 21ms (unchanged)
server/docker-compose-dev.yml 7ms (unchanged)
server/docker-compose.yml 6ms (unchanged)
trivy-secret.yaml 1ms (unchanged)
zizmor.yml 4ms (unchanged)

(Truncated to last 6666 characters out of 12059)
⚠️ YAML / yamllint - 42 errors
.grype.yaml
  5:1       warning  missing document start "---"  (document-start)

mega-linter-runner/.eslintrc.yml
  11:9      warning  too few spaces inside empty braces  (braces)

mega-linter-runner/generators/mega-linter-custom-flavor/templates/megalinter-custom-flavor-builder.yml
  48:15     warning  too few spaces inside empty braces  (braces)

mega-linter-runner/generators/mega-linter-custom-flavor/templates/megalinter-custom-flavor.yml
  7:1       error    syntax error: could not find expected ':' (syntax)

mega-linter-runner/generators/mega-linter/templates/mega-linter.yml
  38:15     warning  too few spaces inside empty braces  (braces)
  69:11     error    syntax error: could not find expected ':' (syntax)

megalinter/descriptors/copypaste.megalinter-descriptor.yml
  18:301    warning  line too long (313 > 300 characters)  (line-length)

megalinter/descriptors/javascript.megalinter-descriptor.yml
  54:301    warning  line too long (475 > 300 characters)  (line-length)
  336:301   warning  line too long (307 > 300 characters)  (line-length)

megalinter/descriptors/jsx.megalinter-descriptor.yml
  30:301    warning  line too long (475 > 300 characters)  (line-length)

megalinter/descriptors/markdown.megalinter-descriptor.yml
  83:301    warning  line too long (366 > 300 characters)  (line-length)

megalinter/descriptors/perl.megalinter-descriptor.yml
  26:301    warning  line too long (310 > 300 characters)  (line-length)

megalinter/descriptors/php.megalinter-descriptor.yml
  183:301   warning  line too long (389 > 300 characters)  (line-length)
  197:301   warning  line too long (302 > 300 characters)  (line-length)

megalinter/descriptors/repository.megalinter-descriptor.yml
  161:301   warning  line too long (408 > 300 characters)  (line-length)
  247:301   warning  line too long (329 > 300 characters)  (line-length)
  279:301   warning  line too long (306 > 300 characters)  (line-length)
  284:301   warning  line too long (321 > 300 characters)  (line-length)
  419:301   warning  line too long (345 > 300 characters)  (line-length)
  584:301   warning  line too long (338 > 300 characters)  (line-length)
  670:301   warning  line too long (306 > 300 characters)  (line-length)
  825:301   warning  line too long (316 > 300 characters)  (line-length)
  1113:301  warning  line too long (1263 > 300 characters)  (line-length)
  1203:301  warning  line too long (879 > 300 characters)  (line-length)
  1217:301  warning  line too long (358 > 300 characters)  (line-length)
  1273:301  warning  line too long (346 > 300 characters)  (line-length)
  1280:301  warning  line too long (307 > 300 characters)  (line-length)

megalinter/descriptors/salesforce.megalinter-descriptor.yml
  52:301    warning  line too long (359 > 300 characters)  (line-length)
  344:301   warning  line too long (359 > 300 characters)  (line-length)

megalinter/descriptors/spell.megalinter-descriptor.yml
  149:301   warning  line too long (315 > 300 characters)  (line-length)

megalinter/descriptors/sql.megalinter-descriptor.yml
  97:301    warning  line too long (319 > 300 characters)  (line-length)

megalinter/descriptors/terraform.megalinter-descriptor.yml
  27:301    warning  line too long (330 > 300 characters)  (line-length)
  86:301    warning  line too long (391 > 300 characters)  (line-length)
  142:301   warning  line too long (346 > 300 characters)  (line-length)
  205:301   warning  line too long (328 > 300 characters)  (line-length)

megalinter/descriptors/tsx.megalinter-descriptor.yml
  30:301    warning  line too long (475 > 300 characters)  (line-length)

megalinter/descriptors/typescript.megalinter-descriptor.yml
  41:301    warning  line too long (475 > 300 characters)  (line-length)
  332:301   warning  line too long (314 > 300 characters)  (line-length)

mkdocs.yml
  8:301     warning  line too long (552 > 300 characters)  (line-length)
  66:5      warning  wrong indentation: expected 6 but found 4  (indentation)
  78:5      warning  wrong indentation: expected 6 but found 4  (indentation)

zizmor.yml
  1:1       warning  missing document start "---"  (document-start)

✅ Linters with no issues

actionlint, betterleaks, black, checkov, cspell, flake8, git_diff, grype, hadolint, isort, jscpd, jsonlint, markdown-table-formatter, mypy, npm-groovy-lint, osv-scanner, pylint, ruff, secretlint, shellcheck, shfmt, syft, trivy, trivy-sbom, trufflehog, v8r, v8r, xmllint, zizmor

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

@renovate renovate Bot force-pushed the renovate/major-13-secretlint-monorepo branch from 5523284 to 3dacfb1 Compare May 9, 2026 23:24
@renovate renovate Bot force-pushed the renovate/major-13-secretlint-monorepo branch from 3dacfb1 to 8273645 Compare May 10, 2026 03:24
@renovate renovate Bot force-pushed the renovate/major-13-secretlint-monorepo branch from 8273645 to fb0ff5d Compare May 10, 2026 09:59
@echoix echoix added the needs_fixing Some manual review or changes need to be done before updating label May 10, 2026
@echoix

echoix commented May 10, 2026

Copy link
Copy Markdown
Collaborator

Adjust tests

@renovate renovate Bot force-pushed the renovate/major-13-secretlint-monorepo branch from fb0ff5d to 164ff3e Compare May 10, 2026 23:08
@nvuillam

Copy link
Copy Markdown
Member

@copilot fix the megalinter / trivy issues

Copilot AI commented May 13, 2026

Copy link
Copy Markdown
Contributor

@copilot fix the megalinter / trivy issues

Fixed in 7e19938. I investigated the failing MegaLinter/Trivy logs and added scoped .trivyignore entries for the reported protobufjs CVEs (CVE-2026-44289/44290/44291/44293), which were causing the DEV linters Trivy failure.

@renovate renovate Bot force-pushed the renovate/major-13-secretlint-monorepo branch from aa6bdd9 to f6477c9 Compare May 24, 2026 20:22
@renovate renovate Bot force-pushed the renovate/major-13-secretlint-monorepo branch from f6477c9 to 245eabb Compare May 26, 2026 06:05
@renovate renovate Bot force-pushed the renovate/major-13-secretlint-monorepo branch from 245eabb to 9c41464 Compare May 27, 2026 06:45
@renovate renovate Bot force-pushed the renovate/major-13-secretlint-monorepo branch from 9c41464 to 5e8ec94 Compare May 27, 2026 15:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file needs_fixing Some manual review or changes need to be done before updating

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants