Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update MegaLinter #288

Merged
merged 8 commits into from
Jul 26, 2022
Merged

Update MegaLinter #288

merged 8 commits into from
Jul 26, 2022

Conversation

josecelano
Copy link
Member

@josecelano josecelano commented Jul 25, 2022
edited
Loading

Update MegaLinter to v6.

@socket-security
Copy link

Socket Security Report

📜 New install scripts detected

A dependency change in this PR is introducing new install scripts to your install step.

Package Script field Location
core-js-pure@3.24.0 (added) postinstall package.json via eslint-plugin-github@4.3.7, eslint-plugin-jsx-a11y@6.6.1, aria-query@4.2.2, @babel/runtime-corejs3@7.18.9
Socket.dev scan summary
Issue Status
Did you mean? ✅ no new possible package typos
Install scripts ⚠️ 1 new install script detected
Telemetry ✅ no new telemetry
Troll package ✅ no new troll packages
Malware ✅ no new malware
Native code ✅ no new native modules

Powered by socket.dev

@josecelano josecelano linked an issue Jul 25, 2022 that may be closed by this pull request
Update MegaLinter from v5 to v6 #287
Closed
@josecelano
Copy link
Member Author

There are some new linters that report errors. And some already-used linters report new errors.

@josecelano
Copy link
Member Author

josecelano commented Jul 25, 2022
edited
Loading

Errors:

Regarding gitleaks errors, there is no way to disable it for a block or a single line. I will disable it since we are using secretlint too.

@josecelano
Copy link
Member Author

For the vulnerabilities detected in the uir-js package, I have opened a new issue.

@josecelano
fix: [nautilus-cyberneering#287] add issue comment write permission t…
5b9a099 
…o megalinter workflow

So that it can create a PR comment with the summary report.
@josecelano
fix: [nautilus-cyberneering#287] disable megalinter tool Trivy
c33816e 
It shows some vulnerabilities we cannot fix immediately.
There is a transitive vulneravility.
I have created an issue:

nautilus-cyberneering#293
@josecelano josecelano marked this pull request as ready for review July 26, 2022 09:21
@josecelano josecelano requested review from da2ce7 and a team as code owners July 26, 2022 09:21
@josecelano josecelano changed the base branch from main to develop July 26, 2022 09:24
@josecelano josecelano merged commit aaadf3d into nautilus-cyberneering:develop Jul 26, 2022
@josecelano josecelano deleted the issue-287-update-megalinter branch July 26, 2022 09:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@da2ce7 da2ce7 Awaiting requested review from da2ce7 da2ce7 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update MegaLinter from v5 to v6
1 participant
@josecelano