From 0ff0192a230c2d768ae3a70add91a643f9b59b72 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jun 2026 17:13:18 +0000 Subject: [PATCH 1/2] chore: bump oxsecurity/megalinter from 9.5.0 to 9.6.0 Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 9.5.0 to 9.6.0. - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](https://github.com/oxsecurity/megalinter/compare/v9.5.0...v9.6.0) --- updated-dependencies: - dependency-name: oxsecurity/megalinter dependency-version: 9.6.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/lint-megalinter.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-megalinter.yaml b/.github/workflows/lint-megalinter.yaml index 158dd6c73262..8e0f595b2b72 100644 --- a/.github/workflows/lint-megalinter.yaml +++ b/.github/workflows/lint-megalinter.yaml @@ -55,7 +55,7 @@ jobs: # You can override MegaLinter flavor used to have faster performances # More info at https://megalinter.io/flavors/ - uses: oxsecurity/megalinter@v9.5.0 + uses: oxsecurity/megalinter@v9.6.0 id: ml From 9b7bc417fd2e8e7193478dacc82f10b29bc1fb0a Mon Sep 17 00:00:00 2001 From: prql-bot <107324867+prql-bot@users.noreply.github.com> Date: Mon, 29 Jun 2026 17:22:52 +0000 Subject: [PATCH 2/2] ci: disable REPOSITORY_BETTERLEAKS in megalinter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit megalinter 9.6.0 enables the new REPOSITORY_BETTERLEAKS linter (gitleaks successor) by default. It re-flags the deliberately-hardcoded codecov token in .github/workflows/tests.yaml — the same false positive that REPOSITORY_GITLEAKS and REPOSITORY_KINGFISHER are already disabled for. Co-Authored-By: Claude --- .mega-linter.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.mega-linter.yaml b/.mega-linter.yaml index cda97d02795c..7beda1d12521 100644 --- a/.mega-linter.yaml +++ b/.mega-linter.yaml @@ -18,6 +18,7 @@ DISABLE_LINTERS: - JSON_V8R # Failing for vscode-style syntax (comments). - REPOSITORY_GITLEAKS # False positive on codecov token, which according to codecov is fine to have hardcoded - REPOSITORY_KINGFISHER # Same false positives as TRUFFLEHOG/GITLEAKS: .git/config token, codecov token, and localhost test DB URI + - REPOSITORY_BETTERLEAKS # New in megalinter 9.6.0 (gitleaks successor, enabled by default). Same codecov token false positive as GITLEAKS. - REPOSITORY_OSV_SCANNER # Blocking unrelated PRs. We already have dependabot. - ACTION_ZIZMOR # Needs GITHUB_TOKEN to query the GH API; blocks unrelated PRs on transient API failures. DISABLE_ERRORS_LINTERS: