Skip to content

chore(deps): bump the npm_and_yarn group across 3 directories with 7 updates#8409

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dot-automation/test/repository_grype/bad/npm_and_yarn-11e8e8d94e
Open

chore(deps): bump the npm_and_yarn group across 3 directories with 7 updates#8409
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dot-automation/test/repository_grype/bad/npm_and_yarn-11e8e8d94e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 12, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 4 updates in the /.automation/test/repository_grype/bad directory: @sigstore/verify, ip-address, sigstore and tar.
Bumps the npm_and_yarn group with 2 updates in the /.automation/test/repository_osv_scanner/bad directory: minimist and lodash.
Bumps the npm_and_yarn group with 5 updates in the /.automation/test/repository_syft/good/good directory:

Package From To
@sigstore/verify 3.1.0 3.1.1
ip-address 10.1.0 10.2.0
sigstore 4.1.0 4.1.1
simple-git 3.33.0 3.36.0
tar 7.5.13 7.5.20

Updates @sigstore/verify from 3.1.0 to 3.1.1

Release notes

Sourced from @​sigstore/verify's releases.

@​sigstore/verify@​3.1.1

Patch Changes

  • 7845532: Verification of OID certificate extensions
  • f074710: Require inclusion promise in Rekor entry when used as timestamp source
  • Updated dependencies [b5aa4f1]
    • @​sigstore/core@​3.2.1
Commits

Updates ip-address from 10.1.0 to 10.2.0

Commits
  • 80fccaa 10.2.0
  • abaeb4d Type Address4.addressMinusSuffix as non-nilable (closes #143)
  • 2878c29 Preserve subnet prefix through Address6.to4() (closes #123) (#203)
  • 586666e Reject trailing junk in Address6.fromURL (closes #158) (#202)
  • 80bc76e Validate static factories instead of silently overflowing (#201)
  • 98927be Clarify isValid() accepts CIDRs with host bits set (#81)
  • a0eb073 Fix getScope() and broaden getType() classification (closes #122) (#200)
  • ec52105 Add networkForm() for CIDR network-address strings (#199)
  • a9443a7 Add isMapped4() predicate for IPv4-mapped IPv6 addresses (closes #62) (#198)
  • f01d742 Add address-property predicates (private, ULA, loopback, link-local, etc.) (#...
  • Additional commits viewable in compare view

Updates sigstore from 4.1.0 to 4.1.1

Release notes

Sourced from sigstore's releases.

sigstore@4.1.1

Patch Changes

  • 7845532: Verification of OID certificate extensions
  • f074710: Require inclusion promise in Rekor entry when used as timestamp source
  • Updated dependencies [b5aa4f1]
  • Updated dependencies [7845532]
  • Updated dependencies [f074710]
    • @​sigstore/core@​3.2.1
    • @​sigstore/verify@​3.1.1
Commits

Updates tar from 7.5.13 to 7.5.20

Commits

Updates minimist from 1.2.0 to 1.2.6

Changelog

Sourced from minimist's changelog.

v1.2.6 - 2022-03-21

Commits

  • test from prototype pollution PR bc8ecee
  • isConstructorOrProto adapted from PR c2b9819
  • security notice for additional prototype pollution issue ef88b93

v1.2.5 - 2020-03-12

v1.2.4 - 2020-03-11

Commits

  • security notice 4cf1354
  • additional test for constructor prototype pollution 1043d21

v1.2.3 - 2020-03-10

Commits

  • more failing proto pollution tests 13c01a5
  • even more aggressive checks for protocol pollution 38a4d1c

v1.2.2 - 2020-03-10

Commits

v1.2.1 - 2020-03-10

Merged

Commits

Commits

Updates lodash from 4.17.11 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

  • Add security notice for _.template in threat model and API docs (#6099)
  • Document lower > upper behavior in _.random (#6115)
  • Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

Commits
  • cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
  • 75535f5 chore: prune stale advisory refs (#6170)
  • 62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
  • 59be2de release(minor): bump to 4.18.0 (#6161)
  • af63457 fix: broken tests for _.template 879aaa9
  • 1073a76 fix: linting issues
  • 879aaa9 fix: validate imports keys in _.template
  • fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
  • 18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
  • b819080 ci: add dist sync validation workflow (#6137)
  • Additional commits viewable in compare view

Updates @sigstore/verify from 3.1.0 to 3.1.1

Release notes

Sourced from @​sigstore/verify's releases.

@​sigstore/verify@​3.1.1

Patch Changes

  • 7845532: Verification of OID certificate extensions
  • f074710: Require inclusion promise in Rekor entry when used as timestamp source
  • Updated dependencies [b5aa4f1]
    • @​sigstore/core@​3.2.1
Commits

Updates ip-address from 10.1.0 to 10.2.0

Commits
  • 80fccaa 10.2.0
  • abaeb4d Type Address4.addressMinusSuffix as non-nilable (closes #143)
  • 2878c29 Preserve subnet prefix through Address6.to4() (closes #123) (#203)
  • 586666e Reject trailing junk in Address6.fromURL (closes #158) (#202)
  • 80bc76e Validate static factories instead of silently overflowing (#201)
  • 98927be Clarify isValid() accepts CIDRs with host bits set (#81)
  • a0eb073 Fix getScope() and broaden getType() classification (closes #122) (#200)
  • ec52105 Add networkForm() for CIDR network-address strings (#199)
  • a9443a7 Add isMapped4() predicate for IPv4-mapped IPv6 addresses (closes #62) (#198)
  • f01d742 Add address-property predicates (private, ULA, loopback, link-local, etc.) (#...
  • Additional commits viewable in compare view

Updates sigstore from 4.1.0 to 4.1.1

Release notes

Sourced from sigstore's releases.

sigstore@4.1.1

Patch Changes

  • 7845532: Verification of OID certificate extensions
  • f074710: Require inclusion promise in Rekor entry when used as timestamp source
  • Updated dependencies [b5aa4f1]
  • Updated dependencies [7845532]
  • Updated dependencies [f074710]
    • @​sigstore/core@​3.2.1
    • @​sigstore/verify@​3.1.1
Commits

Updates simple-git from 3.33.0 to 3.36.0

Release notes

Sourced from simple-git's releases.

simple-git@3.36.0

Minor Changes

  • 89a2294: Extend known exploitable configuration keys and per-task environment variables.

    Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

    Thanks to @​zebbern for identifying the need to block core.fsmonitor. Thanks to @​kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

  • 1ad57e8: Remove conflicting node:buffer import
  • Updated dependencies [89a2294]
  • Updated dependencies [675570a]
    • @​simple-git/argv-parser@​1.1.0
    • @​simple-git/args-pathspec@​1.0.3

simple-git@3.35.2

Patch Changes

  • 0cf9d8c: Improvements for mono-repo publishing pipeline
  • Updated dependencies [0cf9d8c]
    • @​simple-git/args-pathspec@​1.0.2
    • @​simple-git/argv-parser@​1.0.3

simple-git@3.35.1

Patch Changes

  • 0de400e: Update monorepo version handling during publish
  • Updated dependencies [0de400e]
    • @​simple-git/argv-parser@​1.0.2
Changelog

Sourced from simple-git's changelog.

3.36.0

Minor Changes

  • 89a2294: Extend known exploitable configuration keys and per-task environment variables.

    Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

    Thanks to @​zebbern for identifying the need to block core.fsmonitor. Thanks to @​kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

  • 1ad57e8: Remove conflicting node:buffer import
  • Updated dependencies [89a2294]
  • Updated dependencies [675570a]
    • @​simple-git/argv-parser@​1.1.0
    • @​simple-git/args-pathspec@​1.0.3

3.35.2

Patch Changes

  • 0cf9d8c: Improvements for mono-repo publishing pipeline
  • Updated dependencies [0cf9d8c]
    • @​simple-git/args-pathspec@​1.0.2
    • @​simple-git/argv-parser@​1.0.3

3.35.1

Patch Changes

  • 0de400e: Update monorepo version handling during publish
  • Updated dependencies [0de400e]
    • @​simple-git/argv-parser@​1.0.2

3.35.0

Minor Changes

  • 3d8708b: Updating publish config

Patch Changes

  • Updated dependencies [3d8708b]
    • @​simple-git/args-pathspec@​1.0.1
    • @​simple-git/argv-parser@​1.0.1

3.34.0

... (truncated)

Commits
  • 7dc1a53 Version Packages
  • 76f5376 Merge pull request #1061 from Vinzent03/fix/buffer-import
  • 89a2294 Environment Parsing (#1156)
  • 1b91b76 fix: remove explicit node:buffer import
  • e390685 Version Packages
  • 3c9e4b8 Pin version of @​simple-git/args-pathspec
  • 94ee21f Export pathspec types through simple-git for backward compatibility
  • 6d7cb51 Version Packages
  • 0de400e Switch to semver from workspace revisions
  • 2264722 Version Packages
  • Additional commits viewable in compare view

Updates tar from 7.5.13 to 7.5.20

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

…updates

Bumps the npm_and_yarn group with 4 updates in the /.automation/test/repository_grype/bad directory: [@sigstore/verify](https://github.com/sigstore/sigstore-js), [ip-address](https://github.com/beaugunderson/ip-address), [sigstore](https://github.com/sigstore/sigstore-js) and [tar](https://github.com/isaacs/node-tar).
Bumps the npm_and_yarn group with 2 updates in the /.automation/test/repository_osv_scanner/bad directory: [minimist](https://github.com/minimistjs/minimist) and [lodash](https://github.com/lodash/lodash).
Bumps the npm_and_yarn group with 5 updates in the /.automation/test/repository_syft/good/good directory:

| Package | From | To |
| --- | --- | --- |
| [@sigstore/verify](https://github.com/sigstore/sigstore-js) | `3.1.0` | `3.1.1` |
| [ip-address](https://github.com/beaugunderson/ip-address) | `10.1.0` | `10.2.0` |
| [sigstore](https://github.com/sigstore/sigstore-js) | `4.1.0` | `4.1.1` |
| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.33.0` | `3.36.0` |
| [tar](https://github.com/isaacs/node-tar) | `7.5.13` | `7.5.20` |



Updates `@sigstore/verify` from 3.1.0 to 3.1.1
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...@sigstore/verify@3.1.1)

Updates `ip-address` from 10.1.0 to 10.2.0
- [Commits](beaugunderson/ip-address@v10.1.0...v10.2.0)

Updates `sigstore` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@4.1.0...sigstore@4.1.1)

Updates `tar` from 7.5.13 to 7.5.20
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.13...v7.5.20)

Updates `minimist` from 1.2.0 to 1.2.6
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.0...v1.2.6)

Updates `lodash` from 4.17.11 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.11...4.18.1)

Updates `@sigstore/verify` from 3.1.0 to 3.1.1
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...@sigstore/verify@3.1.1)

Updates `ip-address` from 10.1.0 to 10.2.0
- [Commits](beaugunderson/ip-address@v10.1.0...v10.2.0)

Updates `sigstore` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@4.1.0...sigstore@4.1.1)

Updates `simple-git` from 3.33.0 to 3.36.0
- [Release notes](https://github.com/steveukx/git-js/releases)
- [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md)
- [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git)

Updates `tar` from 7.5.13 to 7.5.20
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.13...v7.5.20)

---
updated-dependencies:
- dependency-name: "@sigstore/verify"
  dependency-version: 3.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ip-address
  dependency-version: 10.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sigstore
  dependency-version: 4.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.5.20
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimist
  dependency-version: 1.2.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@sigstore/verify"
  dependency-version: 3.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ip-address
  dependency-version: 10.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sigstore
  dependency-version: 4.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: simple-git
  dependency-version: 3.36.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.5.20
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 12, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 12, 2026
@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

⚠️MegaLinter analysis: Success with warnings

⚠️ PYTHON / bandit - 135 errors
---------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_calls.html#b311-random
   Location: ./megalinter/utils_sarif.py:156:61
155	                        rule["id"] = (
156	                            rule["id"] + "_DUPLICATE_" + str(random.randint(1, 99999))
157	                        )

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:124:4
123	    )
124	    assert os.path.isdir(config.get(request_id, "DEFAULT_WORKSPACE")), (
125	        "DEFAULT_WORKSPACE "
126	        + config.get(request_id, "DEFAULT_WORKSPACE")
127	        + " is not a valid folder"
128	    )
129	

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:172:4
171	    tmp_report_folder = tempfile.gettempdir() + os.path.sep + str(uuid.uuid4())
172	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
173	    linter_name = linter.linter_name

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:246:4
245	    tmp_report_folder = tempfile.gettempdir() + os.path.sep + str(uuid.uuid4())
246	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
247	    if os.path.isfile(workspace + os.path.sep + "no_test_failure"):

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:501:4
500	    )
501	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
502	    expected_file_name = ""

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:601:4
600	        workspace += os.path.sep + "bad"
601	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
602	    # Call linter

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:695:4
694	        workspace = workspace + os.path.sep + "fix"
695	    assert os.path.isdir(workspace), f"Test folder {workspace} is not existing"
696	

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   CWE: CWE-703 (https://cwe.mitre.org/data/definitions/703.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b101_assert_used.html
   Location: ./megalinter/utilstest.py:801:12
800	            ]
801	            assert (len(list(diffs))) > 0, f"No changes in the {file} file"
802	

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./server/server.py:81:42
80	    if item.fileUploadId:
81	        uploaded_file_path = os.path.join("/tmp/server-files", item.fileUploadId)
82	        if not os.path.isdir(uploaded_file_path):

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./server/server.py:103:38
102	    file_upload_id = "FILE_" + str(uuid1())
103	    uploaded_file_path = os.path.join("/tmp/server-files", file_upload_id)
104	    os.makedirs(uploaded_file_path)

--------------------------------------------------
>> Issue: [B108:hardcoded_tmp_directory] Probable insecure usage of temp file/directory.
   Severity: Medium   Confidence: Medium
   CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b108_hardcoded_tmp_directory.html
   Location: ./server/server_worker.py:98:34
97	        temp_dir = self.create_temp_dir()
98	        upload_dir = os.path.join("/tmp/server-files", file_upload_id)
99	        if os.path.exists(upload_dir):

--------------------------------------------------

Code scanned:
	Total lines of code: 19942
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 104
		Medium: 22
		High: 9
	Total issues (by confidence):
		Undefined: 0
		Low: 14
		Medium: 20
		High: 101
Files skipped (0):

(Truncated to last 6666 characters out of 91273)
⚠️ BASH / bash-exec - 1 error
Results of bash-exec linter (version 5.3.9)
See documentation on https://megalinter.io/beta/descriptors/bash_bash_exec/
-----------------------------------------------

✅ [SUCCESS] .automation/build_schemas_doc.sh
✅ [SUCCESS] .automation/format-tables.sh
✅ [SUCCESS] .vscode/testlinter.sh
✅ [SUCCESS] build.sh
✅ [SUCCESS] entrypoint.sh
❌ [ERROR] sh/megalinter_exec.sh
    Error: File:[sh/megalinter_exec.sh] is not executable

✅ [SUCCESS] sh/setup-runtime-user.sh
⚠️ SPELL / lychee - 48 errors
tus code: 403 Forbidden
[403] https://cppcheck.sourceforge.io/ (at 39:18) | Rejected status code: 403 Forbidden
[403] https://cppcheck.sourceforge.io/manual.html#configuration (at 42:37) | Rejected status code: 403 Forbidden

Errors in megalinter/descriptors/html.megalinter-descriptor.yml
[404] https://htmlhint.com/_astro/htmlhint.DIRCoA_t_Z1czEXa.webp (at 85:23) | Rejected status code: 404 Not Found
[404] https://htmlhint.com/docs/user-guide/list-rules (at 84:23) | Rejected status code: 404 Not Found

Errors in megalinter/descriptors/java.megalinter-descriptor.yml
[403] https://pmd.sourceforge.io/pmd-6.55.0/pmd_userdocs_tools_ci.html (at 134:32) | Error (cached)

Errors in megalinter/descriptors/jsx.megalinter-descriptor.yml
[404] https://eslint-react.xyz/docs/getting-started/installation (at 82:37) | Rejected status code: 404 Not Found

Errors in megalinter/descriptors/kotlin.megalinter-descriptor.yml
[404] https://pinterest.github.io/ktlint/latest/api/custom-rule-set/ (at 67:15) | Rejected status code: 404 Not Found
[404] https://pinterest.github.io/ktlint/latest/faq/#how-do-i-suppress-errors-for-a-lineblockfile (at 38:38) | Rejected status code: 404 Not Found
[404] https://pinterest.github.io/ktlint/latest/rules/configuration-ktlint/ (at 37:37) | Rejected status code: 404 Not Found

Errors in megalinter/descriptors/kubernetes.megalinter-descriptor.yml
[404] https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/%7B%7B.Group%7D%7D/%7B%7B.ResourceKind%7D%7D_%7B%7B.ResourceAPIVersion%7D%7D.json (at 69:22) | Rejected status code: 404 Not Found

Errors in megalinter/descriptors/latex.megalinter-descriptor.yml
[TIMEOUT] https://www.nongnu.org/chktex (at 26:17) | Request timed out
[TIMEOUT] https://www.nongnu.org/chktex/ (at 29:23) | Request timed out
[TIMEOUT] https://www.nongnu.org/chktex/ (at 31:38) | Request timed out

Errors in megalinter/descriptors/markdown.megalinter-descriptor.yml
[403] https://www.npmjs.com/package/markdown-table-formatter (at 190:17) | Rejected status code: 403 Forbidden

Errors in megalinter/descriptors/repository.megalinter-descriptor.yml
[404] https://raw.githubusercontent.com/oxsecurity/megalinter/main/docs/assets/icons/linters/betterleaks.png (at 448:26) | Rejected status code: 404 Not Found

Errors in megalinter/descriptors/rst.megalinter-descriptor.yml
[403] https://docutils.sourceforge.io/docs/ref/rst/directives.html#raw-data-pass-through (at 34:38) | Rejected status code: 403 Forbidden

Errors in megalinter/descriptors/salesforce.megalinter-descriptor.yml
[403] https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/get-started.html (at 172:17) | Error (cached)
[403] https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/get-started.html (at 270:17) | Error (cached)
[403] https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/get-started.html (at 370:17) | Error (cached)
[403] https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/get-started.html (at 472:17) | Error (cached)
[403] https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/get-started.html (at 565:17) | Error (cached)
[403] https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/get-started.html (at 72:17) | Rejected status code: 403 Forbidden
[404] https://github.com/Lightning-Flow-Scanner/lightning-flow-scanner-core#rules (at 650:23) | Rejected status code: 404 Not Found

Errors in megalinter/descriptors/terraform.megalinter-descriptor.yml
[404] https://github.com/gruntwork-io/terragrunt/blob/master/docs/assets/img/favicon/ms-icon-310x310.png (at 176:23) | Rejected status code: 404 Not Found | Followed 1 redirect. Redirects: https://github.com/gruntwork-io/terragrunt/blob/master/docs/assets/img/favicon/ms-icon-310x310.png --[302]--> https://github.com/gruntwork-io/terragrunt/blob/main/docs/assets/img/favicon/ms-icon-310x310.png

Errors in megalinter/descriptors/tsx.megalinter-descriptor.yml
[404] https://eslint-react.xyz/docs/getting-started/installation (at 82:37) | Error (cached)

Errors in megalinter/descriptors/xml.megalinter-descriptor.yml
[406] https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home (at 38:17) | Rejected status code: 406 Not Acceptable

Errors in README.md
[301] https://future-architect.github.io/authors/%E5%AE%AE%E6%B0%B8%E5%B4%87%E5%8F%B2 (at 1791:104) | Rejected status code: 301 Moved Permanently
[TIMEOUT] https://generated.at/ (at 1147:301) | Request timed out
[404] https://github.com/oxsecurity/megalinter/stargazers (at 1926:3) | Rejected status code: 404 Not Found
[404] https://github.com/oxsecurity/megalinter/stargazers/ (at 22:1) | Rejected status code: 404 Not Found
[403] https://medium.com/@caodanju/30-seconds-to-setup-megalinter-your-go-to-tool-for-automated-code-quality-and-iac-security-969d90a5a99c (at 1759:3) | Rejected status code: 403 Forbidden
[403] https://medium.com/@RunningMattress (at 1768:255) | Rejected status code: 403 Forbidden
[403] https://medium.com/@RunningMattress/level-up-your-unity-packages-with-ci-cd-9498d2791211 (at 1768:3) | Rejected status code: 403 Forbidden
[403] https://medium.com/@SeasonedDeveloper (at 1755:255) | Rejected status code: 403 Forbidden
[403] https://medium.com/@SeasonedDeveloper/looking-for-the-best-ci-cd-pipeline-linting-tool-try-megalinter-d89c9eba850d (at 1755:3) | Rejected status code: 403 Forbidden
[403] https://medium.com/datamindedbe/integrating-megalinter-to-automate-linting-across-multiple-codebases-a-technical-description-a200bb235b71 (at 1756:3) | Rejected status code: 403 Forbidden
[403] https://npmjs.org/package/mega-linter-runner (at 1062:1) | Error (cached)
[403] https://npmjs.org/package/mega-linter-runner (at 1063:1) | Error (cached)
[403] https://npmjs.org/package/mega-linter-runner (at 1064:1) | Error (cached)
[403] https://npmjs.org/package/mega-linter-runner (at 21:1) | Rejected status code: 403 Forbidden | Followed 1 redirect. Redirects: https://npmjs.org/package/mega-linter-runner --[301]--> https://www.npmjs.com/package/mega-linter-runner
[403] https://pmd.sourceforge.io/pmd-6.55.0/pmd_userdocs_tools_ci.html (at 1858:3) | Rejected status code: 403 Forbidden
[403] https://www.npmjs.com/package/@downatthebottomofthemolehole/megalinter-mcp-server (at 1733:354) | Rejected status code: 403 Forbidden

Hint: Followed 739 redirects. You might want to consider replacing redirecting URLs with the resolved URLs. Use verbose mode (`-v`/`-vv`) to see redirection details.
Hint: Rejected redirectional status codes. This means some redirects were not followed. You might want to increase the limit for `-m`/`--max-redirects`.

(Truncated to last 6666 characters out of 30515)
⚠️ MARKDOWN / markdownlint - 362 errors
uld have alternate text (alt text)
docs/reporters/ApiReporter.md:330:1 error MD045/no-alt-text Images should have alternate text (alt text)
docs/reporters/ApiReporter.md:338:1 error MD045/no-alt-text Images should have alternate text (alt text)
docs/reporters/ApiReporter.md:344:1 error MD045/no-alt-text Images should have alternate text (alt text)
docs/reporters/ApiReporter.md:354:1 error MD045/no-alt-text Images should have alternate text (alt text)
docs/reporters/ApiReporter.md:360:1 error MD045/no-alt-text Images should have alternate text (alt text)
docs/reporters/AzureCommentReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Azure Comment Reporter"]
docs/reporters/BitbucketCommentReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Bitbucket Comment Reporter"]
docs/reporters/ConfigReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "IDE Configuration Reporter"]
docs/reporters/ConsoleReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Console Reporter"]
docs/reporters/EmailReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "E-mail Reporter"]
docs/reporters/FileIoReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "File.io Reporter"]
docs/reporters/GitHubCommentReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "GitHub Comment Reporter"]
docs/reporters/GitHubCommentReporter.md:27:196 error MD056/table-column-count Table column count [Expected: 4; Actual: 3; Too few cells, row will be missing data]
docs/reporters/GitHubCommentReporter.md:27:46 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:27:174 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:27:196 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:28:179 error MD056/table-column-count Table column count [Expected: 4; Actual: 3; Too few cells, row will be missing data]
docs/reporters/GitHubCommentReporter.md:28:46 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:28:160 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:28:179 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:29:159 error MD056/table-column-count Table column count [Expected: 4; Actual: 3; Too few cells, row will be missing data]
docs/reporters/GitHubCommentReporter.md:29:48 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:29:143 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:29:159 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:30:171 error MD056/table-column-count Table column count [Expected: 4; Actual: 3; Too few cells, row will be missing data]
docs/reporters/GitHubCommentReporter.md:30:46 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:30:152 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubCommentReporter.md:30:171 error MD060/table-column-style Table column style [Table pipe does not align with header for style "aligned"]
docs/reporters/GitHubStatusReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "GitHub Status Reporter"]
docs/reporters/GitlabCommentReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Gitlab Comment Reporter"]
docs/reporters/JsonReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "JSON Reporter"]
docs/reporters/MarkdownSummaryReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Markdown Summary Reporter"]
docs/reporters/SarifReporter.md:6 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "SARIF Reporter (beta)"]
docs/reporters/TapReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "TAP Reporter"]
docs/reporters/TextReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Text Reporter"]
docs/reporters/UpdatedSourcesReporter.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Updated Sources Reporter"]
docs/special-thanks.md:9 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Special thanks"]
docs/special-thanks.md:23:3 error MD045/no-alt-text Images should have alternate text (alt text)
docs/sponsor.md:5 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Sponsoring"]
docs/supported-linters.md:9 error MD025/single-title/single-h1 Multiple top-level headings in the same document [Context: "Supported Linters"]
mega-linter-runner/generators/mega-linter-custom-flavor/templates/README.md:69 error MD024/no-duplicate-heading Multiple headings with the same content [Context: "How to use the custom flavor"]
mega-linter-runner/README.md:27:274 error MD051/link-fragments Link fragments should be valid [Context: "[**apply formatting and auto-fixes**](#apply-fixes)"]
mega-linter-runner/README.md:27:217 error MD051/link-fragments Link fragments should be valid [Context: "[**reports in several formats**](#reports)"]
README.md:190:127 error MD051/link-fragments Link fragments should be valid [Context: "[many additional features](#mega-linter-vs-super-linter)"]
README.md:1953:3 error MD045/no-alt-text Images should have alternate text (alt text)

(Truncated to last 6666 characters out of 47713)
⚠️ YAML / prettier - 14 errors
styles/proselint/Spelling.yml 3ms (unchanged)
.github/linters/valestyles/proselint/Typography.yml 10ms (unchanged)
.github/linters/valestyles/proselint/Uncomparables.yml 6ms (unchanged)
.github/linters/valestyles/proselint/Very.yml 5ms (unchanged)
.github/release-drafter.yml 10ms (unchanged)
.grype.yaml 2ms (unchanged)
.mega-linter.yml 8ms (unchanged)
.pre-commit-hooks.yaml 4ms (unchanged)
action.yml 2ms (unchanged)
codecov.yml 1ms (unchanged)
mega-linter-runner/.eslintrc.yml 2ms (unchanged)
mega-linter-runner/.mega-linter.yml 3ms (unchanged)
mega-linter-runner/generators/mega-linter-custom-flavor/templates/action.yml 3ms (unchanged)
mega-linter-runner/generators/mega-linter-custom-flavor/templates/check-new-megalinter-version.yml 15ms (unchanged)
mega-linter-runner/generators/mega-linter-custom-flavor/templates/megalinter-custom-flavor-builder.yml 13ms (unchanged)
[error] mega-linter-runner/generators/mega-linter-custom-flavor/templates/megalinter-custom-flavor.yml: SyntaxError: Implicit map keys need to be followed by map values (6:1)
[error]   4 | label: <%= CUSTOM_FLAVOR_LABEL %>
[error]   5 | linters:
[error] > 6 | <%= CUSTOM_FLAVOR_LINTERS %>
[error]     | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[error]   7 |
mega-linter-runner/generators/mega-linter/templates/.drone.yml 3ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/.gitlab-ci.yml 5ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/azure-pipelines.yml 3ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/bitbucket-pipelines.yml 3ms (unchanged)
mega-linter-runner/generators/mega-linter/templates/concourse-task.yml 2ms (unchanged)
[error] mega-linter-runner/generators/mega-linter/templates/mega-linter.yml: SyntaxError: Implicit map keys need to be followed by map values (67:11)
[error]   65 |           # Only define `secrets.PAT` if you fully understand the trade-off.
[error]   66 |           token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
[error] > 67 |           <%- PERSIST_CREDENTIALS %>
[error]      |           ^^^^^^^^^^^^^^^^^^^^^^^^^^
[error]   68 |
[error]   69 |           # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to
[error]   70 |           # improve performance
megalinter/descriptors/action.megalinter-descriptor.yml 16ms (unchanged)
megalinter/descriptors/ansible.megalinter-descriptor.yml 11ms (unchanged)
megalinter/descriptors/api.megalinter-descriptor.yml 15ms (unchanged)
megalinter/descriptors/arm.megalinter-descriptor.yml 10ms (unchanged)
megalinter/descriptors/bash.megalinter-descriptor.yml 34ms (unchanged)
megalinter/descriptors/bicep.megalinter-descriptor.yml 5ms (unchanged)
megalinter/descriptors/c.megalinter-descriptor.yml 14ms (unchanged)
megalinter/descriptors/clojure.megalinter-descriptor.yml 19ms (unchanged)
megalinter/descriptors/cloudformation.megalinter-descriptor.yml 7ms (unchanged)
megalinter/descriptors/coffee.megalinter-descriptor.yml 5ms (unchanged)
megalinter/descriptors/copypaste.megalinter-descriptor.yml 5ms (unchanged)
megalinter/descriptors/cpp.megalinter-descriptor.yml 25ms (unchanged)
megalinter/descriptors/csharp.megalinter-descriptor.yml 12ms (unchanged)
megalinter/descriptors/css.megalinter-descriptor.yml 12ms (unchanged)
megalinter/descriptors/dart.megalinter-descriptor.yml 12ms (unchanged)
megalinter/descriptors/dockerfile.megalinter-descriptor.yml 18ms (unchanged)
megalinter/descriptors/editorconfig.megalinter-descriptor.yml 12ms (unchanged)
megalinter/descriptors/env.megalinter-descriptor.yml 4ms (unchanged)
megalinter/descriptors/gherkin.megalinter-descriptor.yml 4ms (unchanged)
megalinter/descriptors/go.megalinter-descriptor.yml 10ms (unchanged)
megalinter/descriptors/graphql.megalinter-descriptor.yml 4ms (unchanged)
megalinter/descriptors/groovy.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/html.megalinter-descriptor.yml 18ms (unchanged)
megalinter/descriptors/java.megalinter-descriptor.yml 15ms (unchanged)
megalinter/descriptors/javascript.megalinter-descriptor.yml 30ms (unchanged)
megalinter/descriptors/json.megalinter-descriptor.yml 22ms (unchanged)
megalinter/descriptors/jsx.megalinter-descriptor.yml 11ms (unchanged)
megalinter/descriptors/kotlin.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/kubernetes.megalinter-descriptor.yml 19ms (unchanged)
megalinter/descriptors/latex.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/lua.megalinter-descriptor.yml 19ms (unchanged)
megalinter/descriptors/makefile.megalinter-descriptor.yml 7ms (unchanged)
megalinter/descriptors/markdown.megalinter-descriptor.yml 50ms (unchanged)
megalinter/descriptors/perl.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/php.megalinter-descriptor.yml 36ms (unchanged)
megalinter/descriptors/powershell.megalinter-descriptor.yml 14ms (unchanged)
megalinter/descriptors/protobuf.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/puppet.megalinter-descriptor.yml 5ms (unchanged)
megalinter/descriptors/python.megalinter-descriptor.yml 89ms (unchanged)
megalinter/descriptors/r.megalinter-descriptor.yml 7ms (unchanged)
megalinter/descriptors/raku.megalinter-descriptor.yml 3ms (unchanged)
megalinter/descriptors/repository.megalinter-descriptor.yml 188ms (unchanged)
megalinter/descriptors/robotframework.megalinter-descriptor.yml 15ms (unchanged)
megalinter/descriptors/rst.megalinter-descriptor.yml 58ms (unchanged)
megalinter/descriptors/ruby.megalinter-descriptor.yml 18ms (unchanged)
megalinter/descriptors/rust.megalinter-descriptor.yml 6ms (unchanged)
megalinter/descriptors/salesforce.megalinter-descriptor.yml 106ms (unchanged)
megalinter/descriptors/scala.megalinter-descriptor.yml 11ms (unchanged)
megalinter/descriptors/snakemake.megalinter-descriptor.yml 15ms (unchanged)
megalinter/descriptors/spell.megalinter-descriptor.yml 52ms (unchanged)
megalinter/descriptors/sql.megalinter-descriptor.yml 19ms (unchanged)
megalinter/descriptors/swift.megalinter-descriptor.yml 8ms (unchanged)
megalinter/descriptors/tekton.megalinter-descriptor.yml 9ms (unchanged)
megalinter/descriptors/terraform.megalinter-descriptor.yml 30ms (unchanged)
megalinter/descriptors/tsx.megalinter-descriptor.yml 25ms (unchanged)
megalinter/descriptors/typescript.megalinter-descriptor.yml 31ms (unchanged)
megalinter/descriptors/vbdotnet.megalinter-descriptor.yml 15ms (unchanged)
megalinter/descriptors/xml.megalinter-descriptor.yml 12ms (unchanged)
megalinter/descriptors/yaml.megalinter-descriptor.yml 34ms (unchanged)
server/docker-compose-dev.yml 4ms (unchanged)
server/docker-compose.yml 9ms (unchanged)
trivy-secret.yaml 1ms (unchanged)
zizmor.yml 2ms (unchanged)

(Truncated to last 6666 characters out of 12066)
⚠️ YAML / yamllint - 42 errors
.grype.yaml
  6:1       warning  missing document start "---"  (document-start)

mega-linter-runner/.eslintrc.yml
  11:9      warning  too few spaces inside empty braces  (braces)

mega-linter-runner/generators/mega-linter-custom-flavor/templates/megalinter-custom-flavor-builder.yml
  48:15     warning  too few spaces inside empty braces  (braces)

mega-linter-runner/generators/mega-linter-custom-flavor/templates/megalinter-custom-flavor.yml
  7:1       error    syntax error: could not find expected ':' (syntax)

mega-linter-runner/generators/mega-linter/templates/mega-linter.yml
  38:15     warning  too few spaces inside empty braces  (braces)
  69:11     error    syntax error: could not find expected ':' (syntax)

megalinter/descriptors/copypaste.megalinter-descriptor.yml
  18:301    warning  line too long (313 > 300 characters)  (line-length)

megalinter/descriptors/javascript.megalinter-descriptor.yml
  54:301    warning  line too long (475 > 300 characters)  (line-length)
  348:301   warning  line too long (307 > 300 characters)  (line-length)

megalinter/descriptors/jsx.megalinter-descriptor.yml
  30:301    warning  line too long (475 > 300 characters)  (line-length)

megalinter/descriptors/markdown.megalinter-descriptor.yml
  89:301    warning  line too long (366 > 300 characters)  (line-length)

megalinter/descriptors/perl.megalinter-descriptor.yml
  26:301    warning  line too long (310 > 300 characters)  (line-length)

megalinter/descriptors/php.megalinter-descriptor.yml
  195:301   warning  line too long (389 > 300 characters)  (line-length)
  209:301   warning  line too long (302 > 300 characters)  (line-length)

megalinter/descriptors/repository.megalinter-descriptor.yml
  183:301   warning  line too long (408 > 300 characters)  (line-length)
  273:301   warning  line too long (329 > 300 characters)  (line-length)
  305:301   warning  line too long (306 > 300 characters)  (line-length)
  310:301   warning  line too long (321 > 300 characters)  (line-length)
  450:301   warning  line too long (345 > 300 characters)  (line-length)
  627:301   warning  line too long (338 > 300 characters)  (line-length)
  718:301   warning  line too long (306 > 300 characters)  (line-length)
  881:301   warning  line too long (316 > 300 characters)  (line-length)
  1206:301  warning  line too long (1263 > 300 characters)  (line-length)
  1299:301  warning  line too long (879 > 300 characters)  (line-length)
  1313:301  warning  line too long (358 > 300 characters)  (line-length)
  1375:301  warning  line too long (346 > 300 characters)  (line-length)
  1382:301  warning  line too long (307 > 300 characters)  (line-length)

megalinter/descriptors/salesforce.megalinter-descriptor.yml
  52:301    warning  line too long (359 > 300 characters)  (line-length)
  350:301   warning  line too long (359 > 300 characters)  (line-length)

megalinter/descriptors/spell.megalinter-descriptor.yml
  174:301   warning  line too long (315 > 300 characters)  (line-length)

megalinter/descriptors/sql.megalinter-descriptor.yml
  103:301   warning  line too long (319 > 300 characters)  (line-length)

megalinter/descriptors/terraform.megalinter-descriptor.yml
  27:301    warning  line too long (330 > 300 characters)  (line-length)
  92:301    warning  line too long (391 > 300 characters)  (line-length)
  150:301   warning  line too long (346 > 300 characters)  (line-length)
  216:301   warning  line too long (328 > 300 characters)  (line-length)

megalinter/descriptors/tsx.megalinter-descriptor.yml
  30:301    warning  line too long (475 > 300 characters)  (line-length)

megalinter/descriptors/typescript.megalinter-descriptor.yml
  41:301    warning  line too long (475 > 300 characters)  (line-length)
  338:301   warning  line too long (314 > 300 characters)  (line-length)

mkdocs.yml
  8:301     warning  line too long (552 > 300 characters)  (line-length)
  66:5      warning  wrong indentation: expected 6 but found 4  (indentation)
  78:5      warning  wrong indentation: expected 6 but found 4  (indentation)

zizmor.yml
  1:1       warning  missing document start "---"  (document-start)

✅ Linters with no issues

actionlint, betterleaks, black, checkov, cspell, flake8, git_diff, grype, hadolint, isort, jscpd, jsonlint, markdown-table-formatter, mypy, npm-groovy-lint, osv-scanner, pylint, ruff, secretlint, shellcheck, shfmt, syft, trivy, trivy-sbom, trufflehog, v8r, v8r, xmllint, zizmor

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants