build(deps): bump megalinter/megalinter from 5 to 6

[dependabot]

Bumps megalinter/megalinter from 5 to 6.

Release notes

Sourced from megalinter/megalinter's releases.

MegaLinter v6.0.0

• Move Repo to OX Security

  • Github: https://github.com/oxsecurity/megalinter
  • Documentation: https://oxsecurity.github.io/megalinter/
  • OX Security home page: https://www.ox.security/

• Breaking changes: you must run npx mega-linter-runner --upgrade to use MegaLinter v6

• Core architecture

  • New reporter SARIF_REPORTER that aggregates all SARIF output files into a single one
    • Correct SARIF files for known format errors
  • New config variable DISABLE_LINTERS_ERRORS to define a list of linters that will be considered as non blocking
  • Upgrade base docker image to python:3.10.4-alpine3.15
  • Rename default report folder from report to megalinter-reports
  • Display GitHub stars in linters summary table in documentation

• Linters:

  • Add DevSkim security linter by Microsoft
  • Add dustilock to check for dependency confusion attacks with node and python packages
  • Add gitleaks to lint git repository
  • Add goodcheck as regex-based linter
  • Add PMD to lint java files (disabled for now)
  • Add semgrep as regex-based linter with many community rules
  • Add syft to generate SBOM (Software Bill Of Materials)
  • Add trivy security linter
  • Remove dockerfilelint, as it is not maintained anymore and hadolint contains all its rules
  • Remove rstfmt as it is not maintained anymore
  • SARIF management for:
    • bandit
    • checkov
    • checkstyle
    • cfn-lint
    • devskim
    • eslint
    • gitleaks
    • hadolint
    • ktlint
    • npm-groovy-lint
    • psalm
    • semgrep
    • secretlint
    • revive
    • terrascan
    • tflint
    • trivy

• Descriptors:

  • New flavor Security
  • New descriptor repository: contains DevSkip, dustilock, gitleaks, secretlint, semgrep, syft, trivy
  • Remove CREDENTIALS and GIT descriptors

... (truncated)

Changelog

Sourced from megalinter/megalinter's changelog.

[v6.12.0] - 2022-10-16

• Add Makefile linter in go flavor

• Fix invalid Docker container names in .pre-commit-hooks.yaml (#1932)

• Correct removeContainer casing in runner (#1917)

• Fix use of TERRAFORM_KICS_ARGUMENTS (#1947)

• Use -p argument for pyright custom config file path (#1946)

• Fix incorrect link to pytype for pyright (#1967)

• Deduplicate SHOW_ELAPSED_TIME properties to address v8r error (#1962)

• Linter versions upgrades

  • actionlint from 1.6.16 to 1.6.21
  • ansible-lint from 6.7.0 to 6.7.0
  • bicep_linter from 0.10.61 to 0.11.1
  • black from 22.8.0 to 22.10.0
  • cfn-lint from 0.66.0 to 0.67.0
  • clj-kondo from 2022.09.08 to 2022.10.05
  • djlint from 1.18.0 to 1.19.1
  • eslint from 8.24.0 to 8.25.0
  • gitleaks from 8.13.0 to 8.14.1
  • golangci-lint from 1.49.0 to 1.50.0
  • kics from 1.6.1 to 1.6.2
  • mypy from 0.981 to 0.982
  • npm-groovy-lint from 10.1.0 to 11.0.0
  • phpstan from 1.8.6 to 1.8.9
  • puppet-lint from 2.5.2 to 3.0.0
  • pylint from 2.15.3 to 2.15.4
  • scalafix from 0.10.3 to 0.10.4
  • semgrep from 0.115.0 to 0.117.0
  • snakemake from 7.14.2 to 7.16.0
  • stylelint from 14.13.0 to 14.14.0
  • terraform-fmt from 1.3.1 to 1.3.2
  • terragrunt from 0.39.0 to 0.39.1

[v6.11.1] - 2022-10-03

• Remove no-space-check from MegaLinter default .pylintrc file (#1923)

[v6.11.0] - 2022-10-02

• Linters

  • Add bicep linter (#1898)
  • Add quotes to arm-ttk linter command (#1879)
  • Add Makefile linter in java flavor

• Core

  • Improve support for devcontainers by using Python base image
    • Fixed Python version in devcontainer from 3.9 -> 3.10
    • Fix build command on linux (thanks a lot to Edouard Choinière for the investigation and solution !)
  • Azure Comments reporter - Change status when all tests pass (#1915)

... (truncated)

Commits

• e7a797f Merge branch 'main' into v6-branch
• 03302f4 [automation] Auto-update linters version, help and documentation (#2061)
• 17c3c8b [automation] Auto-update linters version, help and documentation (#2060)
• 02ffbe3 Initial Drone CI documentation (#2053)
• a9bec95 [automation] Auto-update linters version, help and documentation (#2059)
• 404fbc8 [automation] Auto-update linters version, help and documentation (#2057)
• 4197772 [automation] Auto-update linters version, help and documentation (#2054)
• b624a7d Build
• 5f067f7 Release MegaLinter v6.14.0
• 9754569 [automation] Auto-update linters version, help and documentation (#2051)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)