build(deps): Bump megalinter/megalinter from 5 to 6.0.2

[dependabot]

Bumps megalinter/megalinter from 5 to 6.0.2.

Release notes

Sourced from megalinter/megalinter's releases.

MegaLinter v6.0.2

Internal CI fixes

MegaLinter v6.0.1

• Quick fixes about internal CI & documentation

= https://github.com/oxsecurity/megalinter/releases/tag/v6.0.0

MegaLinter v6.0.0

• Move Repo to OX Security

  • Github: https://github.com/oxsecurity/megalinter
  • Documentation: https://oxsecurity.github.io/megalinter/
  • OX Security home page: https://www.ox.security/

• Breaking changes: you must run npx mega-linter-runner --upgrade to use MegaLinter v6

• Core architecture

  • New reporter SARIF_REPORTER that aggregates all SARIF output files into a single one
    • Correct SARIF files for known format errors
  • New config variable DISABLE_LINTERS_ERRORS to define a list of linters that will be considered as non blocking
  • Upgrade base docker image to python:3.10.4-alpine3.15
  • Rename default report folder from report to megalinter-reports
  • Display GitHub stars in linters summary table in documentation

• Linters:

  • Add DevSkim security linter by Microsoft
  • Add dustilock to check for dependency confusion attacks with node and python packages
  • Add gitleaks to lint git repository
  • Add goodcheck as regex-based linter
  • Add PMD to lint java files (disabled for now)
  • Add semgrep as regex-based linter with many community rules
  • Add syft to generate SBOM (Software Bill Of Materials)
  • Add trivy security linter
  • Remove dockerfilelint, as it is not maintained anymore and hadolint contains all its rules
  • Remove rstfmt as it is not maintained anymore
  • SARIF management for:
    • bandit
    • checkov
    • checkstyle
    • cfn-lint
    • devskim
    • eslint
    • gitleaks
    • hadolint
    • ktlint
    • npm-groovy-lint
    • psalm
    • semgrep
    • secretlint
    • revive

... (truncated)

Changelog

Sourced from megalinter/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with megalinter/megalinter@beta in your GitHub Action mega-linter.yml file, or with megalinter/megalinter:beta docker image

• Linter versions upgrades

[v6.0.0] - 2022-07-10

• Breaking changes: you must run npx mega-linter-runner --upgrade to use MegaLinter v6

• Core architecture

  • New reporter SARIF_REPORTER that aggregates all SARIF output files into a single one
    • Correct SARIF files for known format errors
  • New config variable DISABLE_LINTERS_ERRORS to define a list of linters that will be considered as non blocking
  • Upgrade base docker image to python:3.10.4-alpine3.15
  • Rename default report folder from report to megalinter-reports
  • Display GitHub stars in linters summary table in documentation

• Linters:

  • Add DevSkim security linter by Microsoft
  • Add dustilock to check for dependency confusion attacks with node and python packages
  • Add gitleaks to lint git repository
  • Add goodcheck as regex-based linter
  • Add PMD to lint java files (disabled for now)
  • Add semgrep as regex-based linter with many community rules
  • Add syft to generate SBOM (Software Bill Of Materials)
  • Add trivy security linter
  • Remove dockerfilelint, as it is not maintained anymore and hadolint contains all its rules
  • Remove rstfmt as it is not maintained anymore
  • SARIF management for:
    • bandit
    • checkov
    • checkstyle
    • cfn-lint
    • devskim
    • eslint
    • gitleaks
    • hadolint
    • ktlint
    • npm-groovy-lint
    • psalm
    • semgrep
    • secretlint

... (truncated)

Commits

• 5981826 Release MegaLinter v6.0.2
• 4b49de1 Remove trivy in release process as it crashes
• 76dbebe Fix format table after build
• 7f6e1cb Release MegaLinter v6.0.1
• b5d7496 Fix CI workflows
• eef2ec4 Add SARIF reporter in json schema
• 733119b Fix CI
• 908b383 Release MegaLinter v6.0.0
• 103c1db changelog
• 20b013c [automation] Auto-update linters version, help and documentation (#1590)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The following labels could not be found: github-actions, dependencies.

[dependabot]

Superseded by #11.