Merge branch 'main' into fixes/symlinks

.automation/build.py

@@ -473,9 +473,13 @@ def build_dockerfile(
             + "RUN npm --no-cache install --ignore-scripts --omit=dev \\\n                "
             + " \\\n                ".join(list(dict.fromkeys(npm_packages)))
             + "  && \\\n"
-            + "       npm audit fix --audit-level=critical || true \\\n"
+            #    + '       echo "Fixing audit issues with npm..." \\\n'
+            #    + "    && npm audit fix --audit-level=critical || true \\\n" # Deactivated for now
+            + '    echo "Cleaning npm cache..." \\\n'
             + "    && npm cache clean --force || true \\\n"
+            + '    && echo "Changing owner of node_modules files..." \\\n'
             + '    && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \\\n'
+            + '    && echo "Removing extra node_module files..." \\\n'
             + "    && rm -rf /root/.npm/_cacache \\\n"
             + '    && find . -name "*.d.ts" -delete \\\n'
             + '    && find . -name "*.map" -delete \\\n'

.github/workflows/deploy-ALPHA-flavors.yml

@@ -130,7 +130,7 @@ jobs:
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true
-          security-checks: vuln
+          scanners: vuln
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
           timeout: 10m0s

.github/workflows/deploy-BETA-flavors.yml

@@ -44,7 +44,7 @@ jobs:
     name: Deploy Docker Image - BETA - Flavors
     # Set the agent to run on
     runs-on: ${{ matrix.os }}
-    environment: 
+    environment:
       name: beta-flavors
     strategy:
       fail-fast: false
@@ -140,7 +140,7 @@ jobs:
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true
-          security-checks: vuln
+          scanners: vuln
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
           timeout: 10m0s

.github/workflows/deploy-BETA-linters.yml

@@ -41,7 +41,7 @@ jobs:
 
   prepare:
     name: Prepare matrix
-    runs-on: ubuntu-latest  
+    runs-on: ubuntu-latest
     steps:
 
     - name: Build unique image name for beta
@@ -50,10 +50,10 @@ jobs:
 
     - name: Prepare result is ${{ env.UNIQUE_DOCKER_IMAGE_NAME }}
       shell: bash
-      run: echo ${{ env.UNIQUE_DOCKER_IMAGE_NAME }}  
+      run: echo ${{ env.UNIQUE_DOCKER_IMAGE_NAME }}
 
     outputs:
-      unique_docker_image_name: "${{ env.UNIQUE_DOCKER_IMAGE_NAME }}"  
+      unique_docker_image_name: "${{ env.UNIQUE_DOCKER_IMAGE_NAME }}"
 
   build:
     needs: prepare
@@ -264,7 +264,7 @@ jobs:
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true
-          security-checks: vuln
+          scanners: vuln
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
           timeout: 10m0s

.github/workflows/deploy-BETA.yml

@@ -45,7 +45,7 @@ jobs:
     runs-on: ubuntu-latest
     # Only run this on the main repo
     if: github.repository == 'oxsecurity/megalinter' && !contains(github.event.head_commit.message, 'skip deploy')
-    environment: 
+    environment:
       name: beta
     ##################
     # Load all steps #
@@ -139,7 +139,7 @@ jobs:
 #          format: 'table'
 #          exit-code: '1'
 #          ignore-unfixed: true
-#          security-checks: vuln
+#          scanners: vuln
 #          vuln-type: 'os,library'
 #          severity: 'CRITICAL,HIGH'
 #          timeout: 10m0s

.github/workflows/deploy-DEV-linters.yml

@@ -230,7 +230,7 @@ jobs:
 
           TEST_KEYWORDS_TO_USE_UPPER="${{ matrix.linter }}"
           TEST_KEYWORDS_TO_USE="${TEST_KEYWORDS_TO_USE_UPPER,,}"
-          
+
           docker run -e TEST_CASE_RUN=true -e OUTPUT_FORMAT=text -e OUTPUT_FOLDER=${{ github.sha }} -e OUTPUT_DETAIL=detailed -e GITHUB_SHA=${{ github.sha }} -e GITHUB_REPOSITORY=${GITHUB_REPOSITORY} -e GITHUB_BRANCH=${GITHUB_BRANCH} -e PAT="${{ secrets.PAT }}" -e TEST_KEYWORDS="${TEST_KEYWORDS_TO_USE}" -e MEGALINTER_VOLUME_ROOT="${GITHUB_WORKSPACE}" -v "/var/run/docker.sock:/var/run/docker.sock:rw" -v ${GITHUB_WORKSPACE}:/tmp/lint oxsecurity/megalinter-only-${{ matrix.linter }}:${{ needs.prepare.outputs.tag }}
         timeout-minutes: 30
 
@@ -244,7 +244,7 @@ jobs:
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true
-          security-checks: vuln
+          scanners: vuln
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
           timeout: 10m0s

.github/workflows/deploy-DEV.yml

@@ -269,7 +269,7 @@ jobs:
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true
-          security-checks: vuln
+          scanners: vuln
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
           timeout: 15m0s

.github/workflows/deploy-RELEASE-flavors.yml

@@ -34,7 +34,7 @@ jobs:
     name: Deploy Docker Image - RELEASE - Flavors
     # Set the agent to run on
     runs-on: ${{ matrix.os }}
-    environment: 
+    environment:
       name: latest-flavors
     strategy:
       fail-fast: false
@@ -120,7 +120,7 @@ jobs:
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true
-          security-checks: vuln
+          scanners: vuln
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
           timeout: 10m0s

.github/workflows/deploy-RELEASE-linters.yml

@@ -238,7 +238,7 @@ jobs:
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true
-          security-checks: vuln
+          scanners: vuln
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
           timeout: 10m0s

.trivyignore

@@ -157,6 +157,7 @@ CVE-2022-42889
 CVE-2022-43680
 CVE-2022-46175
 CVE-2023-0286
+CVE-2023-29017
 DS001
 DS002
 DS003

Dockerfile

@@ -241,9 +241,11 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 prettyjson \
                 @typescript-eslint/eslint-plugin \
                 @typescript-eslint/parser  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

flavors/ci_light/Dockerfile

@@ -115,9 +115,11 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 secretlint \
                 @secretlint/secretlint-rule-preset-recommend \
                 @secretlint/secretlint-formatter-sarif  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

flavors/cupcake/Dockerfile

@@ -201,9 +201,11 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 prettyjson \
                 @typescript-eslint/eslint-plugin \
                 @typescript-eslint/parser  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

flavors/documentation/Dockerfile

@@ -146,9 +146,11 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 cspell \
                 sql-lint \
                 tekton-lint  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

flavors/dotnet/Dockerfile

@@ -166,9 +166,11 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 cspell \
                 sql-lint \
                 tekton-lint  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

flavors/go/Dockerfile

@@ -153,9 +153,11 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 cspell \
                 sql-lint \
                 tekton-lint  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

flavors/java/Dockerfile

@@ -146,9 +146,11 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 cspell \
                 sql-lint \
                 tekton-lint  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

flavors/javascript/Dockerfile

@@ -166,9 +166,11 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 prettyjson \
                 @typescript-eslint/eslint-plugin \
                 @typescript-eslint/parser  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

flavors/php/Dockerfile

@@ -158,9 +158,11 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 cspell \
                 sql-lint \
                 tekton-lint  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

flavors/python/Dockerfile

@@ -157,9 +157,11 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 cspell \
                 sql-lint \
                 tekton-lint  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

flavors/ruby/Dockerfile

@@ -145,9 +145,11 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 cspell \
                 sql-lint \
                 tekton-lint  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

flavors/rust/Dockerfile

@@ -145,9 +145,11 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 cspell \
                 sql-lint \
                 tekton-lint  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

flavors/salesforce/Dockerfile

@@ -148,9 +148,11 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 cspell \
                 sql-lint \
                 tekton-lint  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

flavors/security/Dockerfile

@@ -115,9 +115,11 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 secretlint \
                 @secretlint/secretlint-rule-preset-recommend \
                 @secretlint/secretlint-formatter-sarif  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

flavors/swift/Dockerfile

@@ -147,9 +147,11 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 cspell \
                 sql-lint \
                 tekton-lint  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

flavors/terraform/Dockerfile

@@ -151,9 +151,11 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 cspell \
                 sql-lint \
                 tekton-lint  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

linters/coffee_coffeelint/Dockerfile

@@ -87,9 +87,11 @@ ENV NODE_OPTIONS="--max-old-space-size=8192" \
 WORKDIR /node-deps
 RUN npm --no-cache install --ignore-scripts --omit=dev \
                 @coffeelint/cli  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

linters/copypaste_jscpd/Dockerfile

@@ -88,9 +88,11 @@ ENV NODE_OPTIONS="--max-old-space-size=8192" \
 WORKDIR /node-deps
 RUN npm --no-cache install --ignore-scripts --omit=dev \
                 jscpd  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \

linters/css_stylelint/Dockerfile

@@ -90,9 +90,11 @@ RUN npm --no-cache install --ignore-scripts --omit=dev \
                 stylelint-config-standard \
                 stylelint-config-sass-guidelines \
                 stylelint-scss  && \
-       npm audit fix --audit-level=critical || true \
+    echo "Cleaning npm cache..." \
     && npm cache clean --force || true \
+    && echo "Changing owner of node_modules files..." \
     && chown -R "$(id -u)":"$(id -g)" node_modules # fix for https://github.com/npm/cli/issues/5900 \
+    && echo "Removing extra node_module files..." \
     && rm -rf /root/.npm/_cacache \
     && find . -name "*.d.ts" -delete \
     && find . -name "*.map" -delete \