What's Changed

• New linters

  • Add Robocop linter, by @bdovaz in #6232

• Linters enhancements

  • Python Linting: Added more file type supports for various linters. Full description here

• Doc

  • Add OLLAMA_BASE_URL is MegaLinter config Json schema

• Flavors

  • Custom flavors: Add workflow to automate detection of new MegaLinter versions and generation of new Custom Flavor

• CI

  • Fix v9 release issue + mark hardcoded versions to upgrade at each new major release.

• Linter versions upgrades (22)

  • ansible-lint from 25.9.0 to 25.9.1
  • bicep_linter from 0.37.4 to 0.38.33
  • cfn-lint from 1.39.1 to 1.40.0
  • checkstyle from 11.0.1 to 11.1.0
  • clj-kondo from 2025.09.19 to 2025.09.22
  • golangci-lint from 2.4.0 to 2.5.0
  • hadolint from 2.13.1 to 2.14.0
  • isort from 6.0.1 to 6.1.0
  • kics from 2.1.13 to 2.1.14
  • npm-groovy-lint from 15.2.1 to 15.2.2
  • php-cs-fixer from 3.87.2 to 3.88.2
  • phpstan from 2.1.28 to 2.1.30
  • pylint from 3.3.8 to 3.3.9
  • pyright from 1.1.405 to 1.1.406
  • robocop from 6.7.0 to 6.7.2
  • rubocop from 1.80.2 to 1.81.1
  • ruff-format from 0.13.1 to 0.13.3
  • ruff from 0.13.1 to 0.13.3
  • snakemake from 9.11.4 to 9.11.9
  • terraform-fmt from 1.13.2 to 1.13.3
  • terragrunt from 0.87.2 to 0.88.1
  • trivy from 0.66.0 to 0.67.0

What's Changed

• Fix v9 release issue

Full Changelog: https://github.com/oxsecurity/megalinter/compare/v9.0.0..v9.0.1

What's Changed

• Core

  • Create your own Megalinter Custom Flavors to dramatically improve your performances
    • See documentation for usage
    • Use npx mega-linter-runner@beta --custom-flavor-setup to initialize repo
    • Suggest new flavors in reporters with a mega-linter-runner including the list of linters
  • New LLM Advisor: call external LLMs to get hints to solve linter errors, available in:
    • Console Reporter
    • Text Reporter
    • Git platforms PR/MR comments Reporter
  • Use ghcr.io docker images by default because of rate limits on docker.io
  • Use uv to create the venv folder for pip-installed linters
  • Add copilot instructions for GitHub Copilot
  • Update base image to python:3.13-alpine3.21 (also embeds go 1.24)

• Disabled linters

  • puppet-lint: Disabled Until fix is provided for puppetlabs/puppet-lint#251
  • checkov: Disabled until fix is provided for bridgecrewio/checkov#7263

• Removed linters

  • markdown-link-check has been removed because lychee can be used instead, and has much better performances

• Linters enhancements

  • PHP-CS-Fixer is able to run on PHP 8.4 without error (change default configuration) by @llaville
  • cspell: Filter output lines that do not contain found issues
  • hadolint: Extend DOCKERFILE_HADOLINT_FILE_NAMES_REGEX to include the purpose.Dockerfile convention eg service.Dockerfile.
  • sqlfluff: Handle fixing of issues

• Fixes

  • When linter is docker based, force --platform=linux/amd64 so it works when running locally on Mac
  • Added checking of *.pyi and *.ipynb files to the ruff and ruff-format linters

• Reporters

  • New default display for Pull Request comments, with expandable sections containing the first 1000 lines of the output log. Former display remains available by defining REPORTERS_MARKDOWN_SUMMARY_TYPE=table
  • Markdown summary reporter:
    • Write a file for Github integration if GITHUB_STEP_SUMMARY is set
    • Truncate less linter output lines
  • Text reporter: Change the output file names to put the linter name first, then the status
  • Enhance display of markdown summary

• Doc

  • Update documentation in all megalinter descriptor files to improve accuracy and consistency
  • Fix incorrect information in linters documentation and descriptors
  • Remove dead links
  • Add linter description (linter_text) in all linter descriptor, to generate a more exhaustive documentation.
  • Update contributing guide to explain how to manage python dependencies in the codebase

• Flavors

  • Do not suggest flavors that have more linters than the current one

• CI

  • Update default MegaLinter CI/CD workflows to disable LLM_ADVISOR in case of bot pull requests

• mega-linter-runner

  • Add all CI/CD providers in the --install command
  • Use ghcr.io docker images by default
  • New parameter --container-engine allowing to use podman as runner
  • mega-linter-runner --upgrade: Handle upgrade of github actions to their latest version
  • mega-linter-runner --upgrade: Upgrades MegaLinter actions and images to v9

• Linter versions upgrades (68)

  • ansible-lint from 25.5.0 to 25.9.0
  • bandit from 1.8.3 to 1.8.6
  • bicep_linter from 0.36.1 to 0.37.4
  • black from 25.1.0 to 25.9.0
  • cfn-lint from 1.36.0 to 1.39.1
  • checkstyle from 10.25.0 to 11.0.1
  • clang-format from 19.1.4 to 20.1.8
  • clippy from 0.1.87 to 0.1.90
  • clj-kondo from 2025.06.05 to 2025.09.19
  • csharpier from 1.0.2 to 1.1.2
  • cspell from 9.1.1 to 9.2.1
  • dartanalyzer from 3.8.1 to 3.8.3
  • devskim from 1.0.59 to 1.0.67
  • dotnet-format from 9.0.106 to 9.0.110
  • editorconfig-checker from 3.3.0 to 3.4.0
  • flake8 from 7.2.0 to 7.3.0
  • git_diff from 2.47.2 to 2.49.1
  • gitleaks from 8.27.2 to 8.28.0
  • golangci-lint from 2.1.6 to 2.4.0
  • grype from 0.94.0 to 0.100.0
  • hadolint from 2.12.0 to 2.13.1
  • helm from 3.16.3 to 3.18.4
  • htmlhint from 1.5.1 to 1.7.1
  • kics from 2.1.10 to 2.1.13
  • ktlint from 1.6.0 to 1.7.1
  • kubescape from 3.0.34 to 3.0.41
  • lightning-flow-scanner from 3.23.0 to 3.29.0
  • mypy from 1.16.0 to 1.18.2
  • npm-groovy-lint from 15.2.0 to 15.2.1
  • npm-package-json-lint from 8.0.0 to 9.0.0
  • php-cs-fixer from 3.75.0 to 3.87.2
  • phpcs from 3.13.1 to 4.0.0
  • phpstan from 2.1.17 to 2.1.28
  • pmd from 7.14.0 to 7.17.0
  • powershell from 7.5.1 to 7.5.3
  • powershell_formatter from 7.5.1 to 7.5.3
  • prettier from 3.5.3 to 3.6.2
  • protolint from 0.55.6 to 0.56.4
  • psalm from Psalm.6.12.0@ to Psalm.6.13.1@
  • pylint from 3.3.7 to 3.3.8
  • pyright from 1.1.402 to 1.1.405
  • revive from 1.10.0 to 1.12.0
  • roslynator from 0.10.1.0 to 0.10.2.0
  • rubocop from 1.76.1 to 1.80.2
  • ruff-format from 0.11.13 to 0.13.1
  • ruff from 0.11.13 to 0.13.1
  • secretlint from 10.1.0 to 11.2.4
  • selene from 0.28.0 to 0.29.0
  • shellcheck from 0.10.0 to 0.11.0
  • shfmt from 3.11.0 to 3.12.0
  • snakefmt from 0.11.0 to 0.11.2
  • snakemake from 9.5.1 to 9.11.4
  • sqlfluff from 3.4.1 to 3.4.2
  • stylelint from 16.20.0 to 16.24.0
  • swiftlint from 0.59.1 to 0.61.0
  • syft from 1.27.1 to 1.33.0
  • terraform-fmt from 1.12.2 to 1.13.2
  • terragrunt from 0.81.6 to 0.87.2
  • tflint from 0.58.0 to 0.59.1
  • trivy-sbom from 0.63.0 to 0.66.0
  • trivy from 0.63.0 to 0.66.0
  • trufflehog from 3.89.1 to 3.90.8
  • v8r from 5.0.0 to 5.1.0
  • vale from 3.11.2 to 3.12.0
  • xmllint from 21304 to 21308

What's Changed

• Core

  • Retrieve SARIF errors and warnings correctly, by @bdovaz in #4837

• Linters enhancements

  • More config file name checks for ansible-lint activation, by @nvuillam in #5590

• Fixes

  • Fix crash when the markdown table summary is empty, by @nvuillam in #5363
  • Downgrade click to make rstcheck work again, by @nvuillam in #5387

• Doc

  • Display hash as plain text in markdown, by @johndutchover in #5420

• Flavors

  • Add Gherkin descriptor in java flavor, by @nvuillam in #5592

• CI

  • Fix rust setup & disable codecov-cli, by @nvuillam in #5579

• Linter versions upgrades (50)

  • ansible-lint from 25.4.0 to 25.5.0
  • bicep_linter from 0.35.1 to 0.36.1
  • cfn-lint from 1.34.2 to 1.36.0
  • checkstyle from 10.23.1 to 10.25.0
  • clippy from 0.1.86 to 0.1.87
  • clj-kondo from 2025.04.07 to 2025.06.05
  • csharpier from 1.0.1 to 1.0.2
  • cspell from 8.19.4 to 9.1.1
  • dartanalyzer from 3.7.3 to 3.8.1
  • devskim from 1.0.56 to 1.0.59
  • dotnet-format from 9.0.105 to 9.0.106
  • editorconfig-checker from 3.2.1 to 3.3.0
  • gitleaks from 8.25.1 to 8.27.2
  • golangci-lint from 2.1.5 to 2.1.6
  • grype from 0.91.2 to 0.94.0
  • htmlhint from 1.1.4 to 1.5.1
  • kics from 2.1.7 to 2.1.10
  • ktlint from 1.5.0 to 1.6.0
  • kubeconform from 0.6.7 to 0.7.0
  • lightning-flow-scanner from 3.8.0 to 3.23.0
  • ls-lint from 2.3.0 to 2.3.1
  • markdownlint from 0.44.0 to 0.45.0
  • mypy from 1.15.0 to 1.16.0
  • npm-groovy-lint from 15.1.0 to 15.2.0
  • phpcs from 3.12.2 to 3.13.1
  • phpstan from 2.1.14 to 2.1.17
  • pmd from 7.13.0 to 7.14.0
  • protolint from 0.54.1 to 0.55.6
  • psalm from Psalm.6.10.2@ to Psalm.6.12.0@
  • pylint from 3.3.6 to 3.3.7
  • pyright from 1.1.400 to 1.1.402
  • revive from 1.9.0 to 1.10.0
  • rstcheck from 6.2.4 to 6.2.5
  • rubocop from 1.75.4 to 1.76.1
  • ruff from 0.11.8 to 0.11.13
  • ruff-format from 0.11.8 to 0.11.13
  • scalafix from 0.14.2 to 0.14.3
  • secretlint from 9.3.2 to 10.1.0
  • semgrep from 3.12 to 3.13
  • sfdx-scanner-apex from 4.11.0 to 4.12.0
  • sfdx-scanner-aura from 4.11.0 to 4.12.0
  • sfdx-scanner-lwc from 4.11.0 to 4.12.0
  • snakemake from 8.27.1 to 9.5.1
  • sqlfluff from 3.4.0 to 3.4.1
  • stylelint from 16.19.1 to 16.20.0
  • syft from 1.23.1 to 1.27.1
  • terraform-fmt from 1.11.4 to 1.12.2
  • terragrunt from 0.78.0 to 0.81.6
  • tflint from 0.57.0 to 0.58.0
  • trivy from 0.62.0 to 0.63.0
  • trivy-sbom from 0.62.0 to 0.63.0
  • trufflehog from 3.88.27 to 3.89.1
  • v8r from 4.4.0 to 5.0.0

New Contributors

• @johndutchover made their first contribution in #5420

Full Changelog: v8.7.0...v8.8.0

What's Changed

• Core

  • Replace pychalk (not maintained for 7 years) by termcolor, by @nvuillam in #5316
  • Update make scripts so they also work on Windows, by @nvuillam in #5316
  • Align number columns of markdown tables in reports, by @nvuillam in #4835

• Linters enhancements

  • Add new CSharpier supported file extensions, by @bdovaz in #5292

• Fixes

  • Exclude from sanitization the regular expressions that have awful performances, by @nvuillam in #5308
  • New variable SKIP_LINTER_OUTPUT_SANITIZATION to skip sanitization to improve performances if you are on a private repository with secured access, by @nvuillam in #5308

• Linter versions upgrades (27)

  • ansible-lint from 25.2.1 to 25.4.0
  • bicep_linter from 0.34.44 to 0.35.1
  • cfn-lint from 1.34.1 to 1.34.2
  • checkov from 3.2.404 to 3.2.413
  • checkstyle from 10.23.0 to 10.23.1
  • csharpier from 0.30.6 to 1.0.1
  • cspell from 8.19.2 to 8.19.4
  • gitleaks from 8.24.3 to 8.25.1
  • golangci-lint from 1.64.8 to 2.1.5
  • lightning-flow-scanner from 3.4.0 to 3.8.0
  • phpstan from 2.1.12 to 2.1.14
  • pmd from 7.12.0 to 7.13.0
  • powershell from 7.5.0 to 7.5.1
  • protolint from 0.53.0 to 0.54.1
  • psalm from 6.10.1 to 6.10.2
  • rubocop from 1.75.3 to 1.75.4
  • ruff from 0.11.6 to 0.11.8
  • ruff-format from 0.11.6 to 0.11.8
  • secretlint from 9.3.1 to 9.3.2
  • stylelint from 16.19.0 to 16.19.1
  • terragrunt from 0.77.22 to 0.78.0
  • tflint from 0.56.0 to 0.57.0
  • trivy from 0.61.1 to 0.62.0
  • trivy-sbom from 0.61.1 to 0.62.0
  • v8r from 4.3.0 to 4.4.0
  • yamllint from 1.37.0 to 1.37.1

Full Changelog: v8.6.0...v8.7.0

What's Changed

• Core

  • New config property ENABLE_ERRORS_LINTERS. If set, only the listed linters will be considered as blocking

• New linters

  • Add cppcheck linter, by @bdovaz in #5224

• Media

  • Integrating MegaLinter to Automate Linting Across Multiple Codebases. A Technical Description, by Thorsten Foltz

• Linters enhancements

  • editorconfig_checker Changes default EditorConfig-Checker config filename by @llaville in #5061
  • TruffleHog: Ignore .git by default if not already done using --exclude-paths option

• Fixes

  • Sanitize all linter outputs by default, by @nvuillam in #5266

• Doc

  • Add j2lint to plugins, by @wesley-dean in #5151
  • Add fmlint (frontmatter linter) to plugins list by @wesley-dean in #5257
  • Remove trailing spaces by @parkerbxyz in #5185

• CI

  • Initial Renovate automerge configuration, by @echoix in #5057
  • Set update schedule for checkov updates, by @echoix in #5064
  • Always upgrade packages from base image for updated security fixes, by @echoix in #5152
  • build-command: Unshallow pull or full pull before committing changes, by @echoix in #5201

• Linter versions upgrades (50)

  • ansible-lint from 25.1.3 to 25.2.1
  • bicep_linter from 0.34.1 to 0.34.44
  • cfn-lint from 1.32.0 to 1.34.1
  • checkov from 3.2.390 to 3.2.404
  • checkstyle from 10.21.4 to 10.23.0
  • clippy from 0.1.85 to 0.1.86
  • clj-kondo from 2025.02.20 to 2025.04.07
  • cpplint from 2.0.0 to 2.0.2
  • cspell from 8.17.5 to 8.19.2
  • dartanalyzer from 3.7.2 to 3.7.3
  • devskim from 1.0.52 to 1.0.56
  • dotnet-format from 9.0.104 to 9.0.105
  • flake8 from 7.1.2 to 7.2.0
  • gitleaks from 8.24.2 to 8.24.3
  • grype from 0.90.0 to 0.91.2
  • kics from 2.1.6 to 2.1.7
  • kubescape from 3.0.32 to 3.0.34
  • lightning-flow-scanner from 3.2.0 to 3.4.0
  • ls-lint from 2.2.3 to 2.3.0
  • phplint from 9.5.6 to 9.6.2
  • php-cs-fixer from 3.73.1 to 3.75.0
  • phpcs from 3.12.0 to 3.12.2
  • phpstan from 2.1.8 to 2.1.12
  • pmd from 7.11.0 to 7.12.0
  • psalm from Psalm.6.9.4@ to Psalm.6.10.1@
  • pyright from 1.1.397 to 1.1.400
  • revive from 1.7.0 to 1.9.0
  • rubocop from 1.74.0 to 1.75.3
  • ruff from 0.11.2 to 0.11.6
  • ruff-format from 0.11.2 to 0.11.6
  • secretlint from 9.2.0 to 9.3.1
  • sfdx-scanner-apex from 4.10.0 to 4.11.0
  • sfdx-scanner-aura from 4.10.0 to 4.11.0
  • sfdx-scanner-lwc from 4.10.0 to 4.11.0
  • spectral from 6.14.3 to 6.15.0
  • sqlfluff from 3.3.1 to 3.4.0
  • stylelint from 16.16.0 to 16.19.0
  • swiftlint from 0.58.2 to 0.59.1
  • syft from 1.21.0 to 1.23.1
  • terraform-fmt from 1.11.2 to 1.11.4
  • terragrunt from 0.76.6 to 0.77.22
  • tflint from 0.55.1 to 0.56.0
  • trivy from 0.60.0 to 0.61.1
  • trivy-sbom from 0.60.0 to 0.61.1
  • trufflehog from 3.88.18 to 3.88.25
  • v8r from 4.2.1 to 4.3.0
  • vale from 3.9.4 to 3.11.2
  • yamllint from 1.36.2 to 1.37.0

Full Changelog: v8.5.0...v8.6.0

What's Changed

• Core

  • Addition of warnings to reporters and logic changes to surface warnings even when there are no errors. Addition of cli_lint_warning_count / cli_lint_warning_regex variables to the JSON schema. #4476, by @bdovaz in #4556

• Linters enhancements

  • kubescape Remove downgraded_version from kubescape, by @bdovaz in #4712
  • npm-groovy-lint: Undowngrade npm-groovy-lint as there is a new release with issue fixed by @nvuillam in #4834
  • syft: Add SBOM file by default in report folder + remove useless debug statement
  • trivy-sbom: Add SBOM file by default in report folder + remove useless debug statement

• Fixes

  • Use npm to install pyright
  • Undowngrade npm-groovy-lint as there is a new release with issue fix
  • jscpd: remove forced --exitCode 1 to fix #4631
  • Use --with-all-dependencies to install phpcs-fixer, by @nvuillam in #4672
  • Remove Composer config PHP 8.3 compatibily platform for PSALM 6.0, by @llaville in #4930
  • Fix lychee upgrade issue (lycheeignore upgrade), by @wesley-dean in #4964

• Doc

  • Remove reference to R2DevOps jobs as it has been discontinued (see #4678)
  • Improve contributing doc by adding reference to source .venv/Scripts/activate on Windows
  • Better apk package url, by @bdovaz in #4707
  • Better package version docs, by @bdovaz in #4721
  • Correct default SARIF_REPORTER_FILE_NAME, by @yxtay in #4783
  • Use github private email for megalinter-bot, by @yxtay in #4786
  • Update plugins.md to add raw link to JSON schema, by @wesley-dean in #4932

• Flavors

  • Add syft in all flavors

• CI

  • Update .devcontainer configuration, by @bdovaz in #4843
  • Configure Renovate for gem, cargo, pip and npm dependencies, by @bdovaz in #4673
  • Configure Renovate for composer dependencies, by @bdovaz in #4916
  • Use packagist data source, by @bdovaz in #4922
  • Bring back codecov, by @nvuillam in #4836

• Plugins

  • Add docker-compose-linter (dclint) to plugins list, by @wesley-dean in #4962
  • Add repolinter to the list of plugins, by @wesley-dean in #4972

• Linter versions upgrades (55)

  • ansible-lint from 25.1.1 to 25.1.3
  • bandit from 1.8.2 to 1.8.3
  • bicep_linter from 0.33.13 to 0.34.1
  • cfn-lint from 1.22.7 to 1.32.0
  • checkov from 3.2.360 to 3.2.390
  • checkstyle from 10.21.2 to 10.21.4
  • clippy from 0.1.84 to 0.1.85
  • clj-kondo from 2025.01.16 to 2025.02.20
  • cspell from 8.17.3 to 8.17.5
  • dartanalyzer from 3.6.2 to 3.7.2
  • detekt from 1.23.7 to 1.23.8
  • dotnet-format from 9.0.102 to 9.0.104
  • editorconfig-checker from 3.2.0 to 3.2.1
  • flake8 from 7.1.1 to 7.1.2
  • gitleaks from 8.23.3 to 8.24.2
  • golangci-lint from 1.63.4 to 1.64.8
  • grype from 0.87.0 to 0.90.0
  • isort from 6.0.0 to 6.0.1
  • kics from 2.1.3 to 2.1.6
  • kubescape from 2.9.0 to 3.0.32
  • lightning-flow-scanner from 2.43.0 to 3.2.0
  • mypy from 1.14.1 to 1.15.0
  • npm-groovy-lint from 15.0.0 to 15.1.0
  • php-cs-fixer from 3.68.5 to 3.73.1
  • phpcs from 3.11.3 to 3.12.0
  • phpstan from 2.1.2 to 2.1.8
  • pmd from 7.9.0 to 7.11.0
  • prettier from 3.4.2 to 3.5.3
  • protolint from 0.52.0 to 0.53.0
  • psalm from Psalm.6.1.0@ to Psalm.6.9.4@
  • puppet-lint from 4.2.4 to 4.3.0
  • pylint from 3.3.4 to 3.3.6
  • pyright from 1.1.393 to 1.1.397
  • revive from 1.6.0 to 1.7.0
  • roslynator from 0.10.0.0 to 0.10.1.0
  • rubocop from 1.71.0 to 1.74.0
  • ruff-format from 0.9.4 to 0.11.2
  • ruff from 0.9.4 to 0.11.2
  • scalafix from 0.14.0 to 0.14.2
  • secretlint from 9.0.0 to 9.2.0
  • sfdx-scanner-apex from 4.9.0 to 4.10.0
  • sfdx-scanner-aura from 4.9.0 to 4.10.0
  • sfdx-scanner-lwc from 4.9.0 to 4.10.0
  • shfmt from 3.10.0 to 3.11.0
  • snakefmt from 0.10.2 to 0.11.0
  • spectral from 6.14.2 to 6.14.3
  • sqlfluff from 3.3.0 to 3.3.1
  • stylelint from 16.14.1 to 16.16.0
  • syft from 1.19.0 to 1.21.0
  • terraform-fmt from 1.10.3 to 1.11.2
  • terragrunt from 0.71.1 to 0.76.6
  • trivy-sbom from 0.59.0 to 0.60.0
  • trivy from 0.59.0 to 0.60.0
  • trufflehog from 3.88.4 to 3.88.14
  • yamllint from 1.35.1 to 1.36.2

New Contributors

• @yxtay made their first contribution in #4783

Full Changelog: v8.4.2...v8.5.0

What's Changed

• Media

  • New video (Brazilian) MegaLinter: Como Automatizar a Qualidade do Código para Todas Plataformas , by Codando TV

• Fixes

  • Fix .NET linters issue: Add --allow-roll-forward to dotnet tool install commands, by @bdovaz in #4619
  • GH-4610 : PHP CS Fixer linter version available is not correct since running on PHP 8.4 runtime, by @llaville in #4611
  • Allow cspell to work with CLI_LINT_MODE=project
  • Downgrade npm-groovy-lint until it's fixed, by @nvuillam in #4628

• Linter versions upgrades (31)

  • ansible-lint from 25.1.0 to 25.1.1
  • black from 24.10.0 to 25.1.0
  • cfn-lint from 1.22.7 to 1.23.1
  • checkov from 3.2.357 to 3.2.360
  • cspell from 8.17.2 to 8.17.3
  • dartanalyzer from 3.6.1 to 3.6.2
  • devskim from 1.0.51 to 1.0.52
  • editorconfig-checker from 3.1.2 to 3.2.0
  • gitleaks from 8.23.2 to 8.23.3
  • isort from 5.13.2 to 6.0.0
  • lightning-flow-scanner from 2.39.0 to 2.43.0
  • npm-groovy-lint from 15.0.2 to 15.0.0
  • php-cs-fixer from 3.68.0 to 3.68.5
  • powershell from 7.4.6 to 7.5.0
  • powershell_formatter from 7.4.6 to 7.5.0
  • psalm from Psalm.6.0.0@ to Psalm.6.1.0@
  • pylint from 3.3.3 to 3.3.4
  • pyright from 1.1.392 to 1.1.393
  • raku from 2024.10 to 2024.12
  • roslynator from 0.9.3.0 to 0.10.0.0
  • rubocop from 1.71.0 to 1.71.1
  • ruff-format from 0.9.3 to 0.9.4
  • ruff from 0.9.3 to 0.9.4
  • sfdx-scanner-apex from 4.8.0 to 4.9.0
  • sfdx-scanner-aura from 4.8.0 to 4.9.0
  • sfdx-scanner-lwc from 4.8.0 to 4.9.0
  • tflint from 0.55.0 to 0.55.1
  • trivy-sbom from 0.58.2 to 0.59.0
  • trivy from 0.58.2 to 0.59.0
  • trufflehog from 3.88.2 to 3.88.4

Full Changelog: v8.4.1...v8.4.2

What's Changed

• Quick fix about PRE_COMMANDS crash (see #4591)
• Linter versions upgrades (2)
  • checkstyle from 10.21.1 to 10.21.2 on 2025-01-26
  • stylelint from 16.14.0 to 16.14.1 on 2025-01-27

Important: We know that .NET linters still have issues, but first things first, we'll publish another patch later :)

Full Changelog:
v8.4.0...v8.4.1

What's Changed

• Core

  • PHP Linters use now the bartlett/sarif-php-converters first official release 1.0.0 to generate SARIF reports, by @llaville in #4357
  • Upgrade PHP engine from 8.3 to 8.4 and allow Psalm 5.26 to run on this context (by @llaville)
  • Linters can specify in the pre/post commands with a run_before_linters / run_after_linters parameter whether the command is to be executed before/after the execution of the linters themselves (by @bdovaz in #4482)
  • Bump python version to 3.12.8, by @echoix in #4372
  • Update to .NET 9, by @bdovaz in #4488
  • Upgrade PHP engine from 8.3 to 8.4, by @llaville in #4524

• New linters

  • Reactivate clj-style (Clojure formatter) since its bug is fixed, by @nvuillam in #4369
  • New python formatter: PYTHON_RUFF_FORMAT, by @nvuillam in #4329

• Disabled linters

  • Snakemake has been disabled, because its dependency datrie not maintained, and issue open in snakemake repo since july is still pending

• Linters enhancements

  • Add support to phpstan/extension-installer Composer plugin for automatic installation of PHPStan extensions, by @llaville in #4337
    • Learn more about context on GH-4328
  • Allow Terrascan to lint in file lint mode, by @bdovaz in #4498
  • Add sarif output to golangci-lint, by @bdovaz in #4557

• Plugins

  • Add prettier for markdown, by Qin Li

• Fixes

  • swiftlint Fix swiftlint error where linter is unable to find lintable files. Fixes #440, by @Noraldeno in #4427
  • jscpd url fixes, by @alexanderbazhenoff in #4352
  • Don't call get_pr_data if GitLeaks linter is not active, by @bdovaz in #4469
  • Fix linter disabled reason usage, by @bdovaz in #4466

• Doc

  • Add contributing docs on venv, by @bdovaz in #4479
  • Add disabled linter badge, by @bdovaz in #4477
  • Add AzureCommentReporter instructions, by @bdovaz in #4480

• CI

  • Fix up gitpod config and workflow to support uv 0.5.0+ by @echoix in #4373
  • Use uv.lock file to build docker images, by @echoix in #4374
  • Update Renovate schedules for uv and sfdx-hardis, by @echoix in #4568
  • Variabilize version and use renovate for updates for the following linters:
    • all GO linters
    • all REPOSITORY linters
    • arm-ttk
    • bash-shfmt
    • bicep
    • clj-kondo
    • cljstyle
    • csharpier
    • dart
    • ktlint
    • kubescape
    • lychee
    • luacheck
    • markdown-link-check
    • perlcritic
    • raku
    • tsqllint

• Linter versions upgrades (66)

  • actionlint from 1.7.6 to 1.7.7
  • ansible-lint from 24.12.2 to 25.1.0
  • banditto 1.8.2
  • bash-exec from 5.2.26 to 5.2.37
  • bicep_linter from to 0.33.13
  • cfn-lint 1.22.7
  • checkov from to 3.2.357
  • checkstyle from 10.20.1 to 10.21.1
  • clang-format from 17.0.6 to 19.1.4
  • clippy 0.1.84
  • clj-kondo from 2024.11.14 to 2025.01.16
  • cljstyle from 0.15.0 to 0.17.642
  • csharpier from 0.30.2 to 0.30.6
  • cspell from 8.16.0 to 8.17.2
  • devskim from 1.0.44 to 1.0.51
  • djlint from 1.36.1 to 1.36.4
  • dotnet-format from 8.0.111 to 9.0.102
  • editorconfig-checker from 3.0.3 to 3.1.2
  • git_diff from 2.45.2 to 2.47.2
  • gitleaks from 8.21.2 to 8.23.2
  • golangci-lint from 1.62.0 to 1.63.4
  • grype from 0.79.5 to 0.87.0
  • helm from 3.14.3 to 3.16.3
  • ktlint from 1.4.1 to 1.5.0
  • lightning-flow-scanner from 2.36.0 to 2.39.0
  • lychee from 0.17.0 to 0.18.0
  • markdownlint from 0.43.0 to 0.44.0
  • mypy from 1.13.0 to 1.14.0
  • mypy from 1.14.0 to 1.14.1
  • php-cs-fixer from 3.64.0 to 7.4.0
  • phpcs from 3.11.1 to 3.11.3
  • phplint from 9.5.4 to 9.5.6
  • phpstan from 2.0.2 to 2.1.2
  • pmd from 7.7.0 to 7.9.0
  • powershell from 7.4.2 to 7.4.6
  • powershell_formatter from 7.4.2 to 7.4.6
  • prettier from 3.3.3 to 3.4.2
  • protolint from 0.50.5 to 0.52.0
  • psalm from Psalm.5.26.1@ to Psalm.6.0.0@
  • pylint from 3.3.1 to 3.3.3
  • pyright from 1.1.389 to 1.1.392
  • raku from 2020.10 to 2024.10
  • revive from 1.5.1 to 1.6.0
  • rubocop from 1.68.0 to 1.71.0
  • ruff-format from 0.8.6 to 0.9.3
  • ruff from 0.8.0 to 0.9.3
  • scalafix from 0.13.0 to 0.14.0
  • selene from 0.27.1 to 0.28.0
  • sfdx-scanner-apex from 4.7.0 to 4.8.0
  • sfdx-scanner-aura from 4.7.0 to 4.8.0
  • sfdx-scanner-lwc from 4.7.0 to 4.8.0
  • snakemake from 8.25.3 to 8.27.1
  • sqlfluff from 3.2.5 to 3.3.0
  • stylelint from 16.10.0 to 16.14.0
  • swiftlint from 0.57.0 to 0.58.2
  • syft from 1.17.0 to 1.19.0
  • terraform-fmt from 1.10.0 to 1.10.3
  • terraform-fmt from 1.9.8 to 1.10.0
  • terragrunt from 0.68.14 to 0.69.13
  • tflint from 0.54.0 to 0.55.0
  • trivy-sbom from 0.57.1 to 0.58.2
  • trivy from 0.57.1 to 0.58.2
  • trufflehog from 3.84.1 to 3.88.2
  • v8r from 4.2.0 to 4.2.1
  • vale from 3.9.1 to 3.9.4
  • xmllint from 21207 to 21304

New Contributors

• @alexanderbazhenoff made their first contribution in #4352
• @Noraldeno made their first contribution in #4427

Full Changelog: v8.3.0...v8.4.0