[automation] Auto-update linters version, help and documentation

.automation/generated/linter-versions.json

@@ -8,7 +8,7 @@
     "black": "24.4.2",
     "cfn-lint": "0.87.3",
     "checkmake": "0.2.0",
-    "checkov": "3.2.97",
+    "checkov": "3.2.98",
     "checkstyle": "10.16.0",
     "chktex": "1.7.8",
     "clang-format": "17.0.5",
@@ -62,7 +62,7 @@
     "npm-package-json-lint": "7.1.0",
     "perlcritic": "1.152",
     "php": "7.4.26",
-    "phpcs": "3.9.2",
+    "phpcs": "3.10.0",
     "phplint": "9.3.1",
     "phpstan": "1.11.1",
     "pmd": "7.1.0",
@@ -73,7 +73,7 @@
     "protolint": "0.49.7",
     "psalm": "Psalm.5.24.0@",
     "puppet-lint": "4.2.4",
-    "pylint": "3.2.1",
+    "pylint": "3.2.2",
     "pyright": "1.1.363",
     "raku": "2020.10",
     "remark-lint": "14.0.2",
@@ -108,8 +108,8 @@
     "terragrunt": "0.58.7",
     "terrascan": "1.18.11",
     "tflint": "0.51.0",
-    "trivy": "0.51.1",
-    "trivy-sbom": "0.51.1",
+    "trivy": "0.51.2",
+    "trivy-sbom": "0.51.2",
     "trufflehog": "3.76.3",
     "ts-standard": "12.0.2",
     "tsqllint": "1.15.3.0",

CHANGELOG.md

@@ -140,6 +140,11 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
   - [checkov](https://www.checkov.io/) from 3.2.95 to **3.2.97** on 2024-05-20
   - [lightning-flow-scanner](https://github.com/Lightning-Flow-Scanner) from 2.25.0 to **2.24.0** on 2024-05-20
   - [terragrunt](https://terragrunt.gruntwork.io) from 0.58.5 to **0.58.7** on 2024-05-20
+  - [phpcs](https://github.com/PHPCSStandards/PHP_CodeSniffer) from 3.9.2 to **3.10.0** on 2024-05-20
+  - [pylint](https://pylint.readthedocs.io) from 3.2.1 to **3.2.2** on 2024-05-20
+  - [checkov](https://www.checkov.io/) from 3.2.97 to **3.2.98** on 2024-05-20
+  - [trivy-sbom](https://aquasecurity.github.io/trivy/) from 0.51.1 to **0.51.2** on 2024-05-20
+  - [trivy](https://aquasecurity.github.io/trivy/) from 0.51.1 to **0.51.2** on 2024-05-20
 <!-- linter-versions-end -->
 
 ## [v7.11.1] - 2024-04-23

README.md

@@ -23,7 +23,7 @@
 [![MegaLinter](https://github.com/oxsecurity/megalinter/workflows/MegaLinter/badge.svg?branch=main)](https://github.com/oxsecurity/megalinter/actions?query=workflow%3AMegaLinter+branch%3Amain)
 [![codecov](https://codecov.io/gh/oxsecurity/megalinter/branch/main/graph/badge.svg)](https://codecov.io/gh/oxsecurity/megalinter)
 <!-- gh-dependents-info-used-by-start -->
-[![Generated by github-dependents-info](https://img.shields.io/static/v1?label=Used%20by&message=2484&color=informational&logo=slickpic)](https://github.com/oxsecurity/megalinter/blob/main/./docs/used-by-stats.md)<!-- gh-dependents-info-used-by-end -->
+[![Generated by github-dependents-info](https://img.shields.io/static/v1?label=Used%20by&message=2483&color=informational&logo=slickpic)](https://github.com/oxsecurity/megalinter/blob/main/./docs/used-by-stats.md)<!-- gh-dependents-info-used-by-end -->
 [![Secured with Trivy](https://img.shields.io/badge/Trivy-secured-green?logo=docker)](https://github.com/aquasecurity/trivy)
 [![GitHub contributors](https://img.shields.io/github/contributors/oxsecurity/megalinter.svg)](https://github.com/oxsecurity/megalinter/graphs/contributors/)
 [![GitHub Sponsors](https://img.shields.io/github/sponsors/nvuillam)](https://github.com/sponsors/nvuillam)

docs/descriptors/kubernetes_kubescape.md

@@ -125,7 +125,7 @@ Available Commands:
   completion  Generate autocompletion script
   config      Handle cached configurations
   delete      Delete configurations in Kubescape SaaS version
-  download    Download framework,artifacts,attack-tracks,controls-inputs,exceptions,control
+  download    Download controls-inputs,exceptions,control,framework,artifacts,attack-tracks
   fix         Fix misconfiguration in files
   help        Help about any command
   list        List frameworks/controls will list the supported frameworks and controls

docs/descriptors/markdown_markdown_link_check.md

@@ -89,7 +89,7 @@ markdown-link-check -c .markdown-link-check.json myfile.md
 ### Help content
 
 ```shell
-(node:1760) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
+(node:1716) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
 (Use `node --trace-deprecation ...` to show where the warning was created)
 Usage: markdown-link-check [options] [filenamesOrUrls...]
 

docs/descriptors/php_phpcs.md

@@ -9,7 +9,7 @@ description: How to use phpcs (configure, ignore files, ignore errors, help & ve
 
 ## phpcs documentation
 
-- Version in MegaLinter: **3.9.2**
+- Version in MegaLinter: **3.10.0**
 - Visit [Official Web Site](https://github.com/PHPCSStandards/PHP_CodeSniffer#readme){target=_blank}
 - See [How to configure phpcs rules](https://github.com/PHPCSStandards/PHP_CodeSniffer/wiki/Advanced-Usage#using-a-default-configuration-file){target=_blank}
   - If custom `phpcs.xml` config file isn't found, [phpcs.xml](https://github.com/oxsecurity/megalinter/tree/main/TEMPLATES/phpcs.xml){target=_blank} will be used
@@ -96,71 +96,141 @@ phpcs --standard=phpcs.xml mydir/ myfile.php
 
 ```shell
 
-Usage: phpcs [-nwlsaepqvi] [-d key[=value]] [--colors] [--no-colors]
-  [--cache[=<cacheFile>]] [--no-cache] [--tab-width=<tabWidth>]
-  [--report=<report>] [--report-file=<reportFile>] [--report-<report>=<reportFile>]
-  [--report-width=<reportWidth>] [--basepath=<basepath>] [--bootstrap=<bootstrap>]
-  [--severity=<severity>] [--error-severity=<severity>] [--warning-severity=<severity>]
-  [--runtime-set key value] [--config-set key value] [--config-delete key] [--config-show]
-  [--standard=<standard>] [--sniffs=<sniffs>] [--exclude=<sniffs>]
-  [--encoding=<encoding>] [--parallel=<processes>] [--generator=<generator>]
-  [--extensions=<extensions>] [--ignore=<patterns>] [--ignore-annotations]
-  [--stdin-path=<stdinPath>] [--file-list=<fileList>] [--filter=<filter>] <file> - ...
-
- -     Check STDIN instead of local files and directories
- -n    Do not print warnings (shortcut for --warning-severity=0)
- -w    Print both warnings and errors (this is the default)
- -l    Local directory only, no recursion
- -s    Show error codes in all reports
- -a    Run interactively
- -e    Explain a standard by showing the sniffs it includes
- -p    Show progress of the run
- -q    Quiet mode; disables progress and verbose output
- -m    Stop error messages from being recorded
-       (saves a lot of memory, but stops many reports from being used)
- -v    Print processed files
- -vv   Print ruleset and token output
- -vvv  Print sniff processing information
- -i    Show a list of installed coding standards
- -d    Set the [key] php.ini value to [value] or [true] if value is omitted
-
- --help                Print this help message
- --version             Print version information
- --colors              Use colors in output
- --no-colors           Do not use colors in output (this is the default)
- --cache               Cache results between runs
- --no-cache            Do not cache results between runs (this is the default)
- --ignore-annotations  Ignore all phpcs: annotations in code comments
-
- <cacheFile>    Use a specific file for caching (uses a temporary file by default)
- <basepath>     A path to strip from the front of file paths inside reports
- <bootstrap>    A comma separated list of files to run before processing begins
- <encoding>     The encoding of the files being checked (default is utf-8)
- <extensions>   A comma separated list of file extensions to check
-                The type of the file can be specified using: ext/type
-                e.g., module/php,es/js
- <file>         One or more files and/or directories to check
- <fileList>     A file containing a list of files and/or directories to check (one per line)
- <filter>       Use either the "GitModified" or "GitStaged" filter,
-                or specify the path to a custom filter class
- <generator>    Use either the "HTML", "Markdown" or "Text" generator
-                (forces documentation generation instead of checking)
- <patterns>     A comma separated list of patterns to ignore files and directories
- <processes>    How many files should be checked simultaneously (default is 1)
- <report>       Print either the "full", "xml", "checkstyle", "csv"
-                "json", "junit", "emacs", "source", "summary", "diff"
-                "svnblame", "gitblame", "hgblame", "notifysend" or "performance",
-                report or specify the path to a custom report class
-                (the "full" report is printed by default)
- <reportFile>   Write the report to the specified file path
- <reportWidth>  How many columns wide screen reports should be printed
-                or set to "auto" to use current screen width, where supported
- <severity>     The minimum severity required to display an error or warning
- <sniffs>       A comma separated list of sniff codes to include or exclude from checking
-                (all sniffs must be part of the specified standard)
- <standard>     The name or path of the coding standard to use
- <stdinPath>    If processing STDIN, the file path that STDIN will be processed as
- <tabWidth>     The number of spaces each tab represents
+
+Usage:
+  phpcs [options] <file|directory>
+
+Scan targets:
+  <file|directory>               One or more files and/or directories to check,
+                                 space separated.
+  -                              Check STDIN instead of local files and
+                                 directories.
+  --stdin-path=<stdinPath>       If processing STDIN, the file path that STDIN
+                                 will be processed as.
+  --file-list=<fileList>         Check the files and/or directories which are
+                                 defined in the file to which the path is
+                                 provided (one per line).
+  --filter=<filter>              Check based on a predefined file filter. Use
+                                 either the "GitModified" or "GitStaged" filter,
+                                 or specify the path to a custom filter class.
+  --ignore=<patterns>            Ignore files based on a comma-separated list of
+                                 patterns matching files and/or directories.
+  --extensions=<extensions>      Check files with the specified file extensions
+                                 (comma-separated list). Defaults to
+                                 php,inc/php,js,css.
+                                 The type of the file can be specified using:
+                                 ext/type; e.g. module/php,es/js.
+  -l                             Check local directory only, no recursion.
+
+Rule Selection Options:
+  --standard=<standard>          The name of, or the path to, the coding
+                                 standard to use. Can be a comma-separated list
+                                 specifying multiple standards. If no standard
+                                 is specified, PHP_CodeSniffer will look for a
+                                 [.]phpcs.xml[.dist] custom ruleset file in the
+                                 current directory and those above it.
+  --sniffs=<sniffs>              A comma-separated list of sniff codes to limit
+                                 the scan to. All sniffs must be part of the
+                                 standard in use.
+  --exclude=<sniffs>             A comma-separated list of sniff codes to
+                                 exclude from the scan. All sniffs must be part
+                                 of the standard in use.
+
+  -i                             Show a list of installed coding standards.
+  -e                             Explain a standard by showing the names of all
+                                 the sniffs it includes.
+  --generator=<generator>        Show documentation for a standard. Use either
+                                 the "HTML", "Markdown" or "Text" generator.
+
+Run Options:
+  -a                             Run in interactive mode, pausing after each
+                                 file.
+  --bootstrap=<bootstrap>        Run the specified file(s) before processing
+                                 begins. A list of files can be provided,
+                                 separated by commas.
+  --cache[=<cacheFile>]          Cache results between runs. Optionally,
+                                 <cacheFile> can be provided to use a specific
+                                 file for caching. Otherwise, a temporary file
+                                 is used.
+  --no-cache                     Do not cache results between runs (default).
+  --parallel=<processes>         The number of files to be checked
+                                 simultaneously. Defaults to 1 (no parallel
+                                 processing).
+                                 If enabled, this option only takes effect if
+                                 the PHP PCNTL (Process Control) extension is
+                                 available.
+
+  -d <key[=value]>               Set the [key] php.ini value to [value] or set
+                                 to [true] if value is omitted.
+                                 Note: only php.ini settings which can be
+                                 changed at runtime are supported.
+
+Reporting Options:
+  --report=<report>              Print either the "full", "xml", "checkstyle",
+                                 "csv", "json", "junit", "emacs", "source",
+                                 "summary", "diff", "svnblame", "gitblame",
+                                 "hgblame", "notifysend" or "performance" report
+                                 or specify the path to a custom report class.
+                                 By default, the "full" report is displayed.
+  --report-file=<reportFile>     Write the report to the specified file path.
+  --report-<report>=<reportFile> Write the report specified in <report> to the
+                                 specified file path.
+  --report-width=<reportWidth>   How many columns wide screen reports should be.
+                                 Set to "auto" to use current screen width,
+                                 where supported.
+  --basepath=<basepath>          Strip a path from the front of file paths
+                                 inside reports.
+
+  -w                             Include both warnings and errors (default).
+  -n                             Do not include warnings. Shortcut for
+                                 "--warning-severity=0".
+  --severity=<severity>          The minimum severity required to display an
+                                 error or warning. Defaults to 5.
+  --error-severity=<severity>    The minimum severity required to display an
+                                 error. Defaults to 5.
+  --warning-severity=<severity>  The minimum severity required to display a
+                                 warning. Defaults to 5.
+
+  -s                             Show sniff error codes in all reports.
+  --ignore-annotations           Ignore all "phpcs:..." annotations in code
+                                 comments.
+  --colors                       Use colors in screen output.
+  --no-colors                    Do not use colors in screen output (default).
+  -p                             Show progress of the run.
+  -q                             Quiet mode; disables progress and verbose
+                                 output.
+  -m                             Stop error messages from being recorded. This
+                                 saves a lot of memory but stops many reports
+                                 from being used.
+
+Configuration Options:
+  --encoding=<encoding>          The encoding of the files being checked.
+                                 Defaults to "utf-8".
+  --tab-width=<tabWidth>         The number of spaces each tab represents.
+
+  Default values for a selection of options can be stored in a user-specific
+  CodeSniffer.conf configuration file.
+  This applies to the following options: "default_standard", "report_format",
+  "tab_width", "encoding", "severity", "error_severity", "warning_severity",
+  "show_warnings", "report_width", "show_progress", "quiet", "colors", "cache",
+  "parallel".
+  --config-show                  Show the configuration options which are
+                                 currently stored in the applicable
+                                 CodeSniffer.conf file.
+  --config-set <key> <value>     Save a configuration option to the
+                                 CodeSniffer.conf file.
+  --config-delete <key>          Delete a configuration option from the
+                                 CodeSniffer.conf file.
+  --runtime-set <key> <value>    Set a configuration option to be applied to the
+                                 current scan run only.
+
+Miscellaneous Options:
+  -h, -?, --help                 Print this help message.
+  --version                      Print version information.
+  -v                             Verbose output: Print processed files.
+  -vv                            Verbose output: Print ruleset and token output.
+  -vvv                           Verbose output: Print sniff processing
+                                 information.
 
 ```
 

docs/descriptors/python_pylint.md

@@ -9,7 +9,7 @@ description: How to use pylint (configure, ignore files, ignore errors, help & v
 
 ## pylint documentation
 
-- Version in MegaLinter: **3.2.1**
+- Version in MegaLinter: **3.2.2**
 - Visit [Official Web Site](https://pylint.readthedocs.io){target=_blank}
 - See [How to configure pylint rules](https://pylint.readthedocs.io/en/stable/user_guide/configuration/index.html){target=_blank}
   - If custom `.pylintrc` config file isn't found, [.pylintrc](https://github.com/oxsecurity/megalinter/tree/main/TEMPLATES/.pylintrc){target=_blank} will be used

docs/descriptors/repository_trivy.md

@@ -17,7 +17,7 @@ You can ignore a list of errors by defining a [.trivyignore file](https://aquase
 
 ## trivy documentation
 
-- Version in MegaLinter: **0.51.1**
+- Version in MegaLinter: **0.51.2**
 - Visit [Official Web Site](https://aquasecurity.github.io/trivy/){target=_blank}
 - See [How to configure trivy rules](https://aquasecurity.github.io/trivy/latest/docs/configuration/){target=_blank}
 - See [How to ignore files and directories with trivy](https://aquasecurity.github.io/trivy/latest/docs/configuration/filtering/#by-inline-comments){target=_blank}

docs/descriptors/repository_trivy_sbom.md

@@ -17,7 +17,7 @@ Generates SBOM (Software Bill Of Material) using Trivy
 
 ## trivy-sbom documentation
 
-- Version in MegaLinter: **0.51.1**
+- Version in MegaLinter: **0.51.2**
 - Visit [Official Web Site](https://aquasecurity.github.io/trivy/){target=_blank}
 - See [How to configure trivy-sbom rules](https://aquasecurity.github.io/trivy/latest/docs/configuration/){target=_blank}
 - See [How to ignore files and directories with trivy-sbom](https://aquasecurity.github.io/trivy/latest/docs/configuration/filtering/#by-inline-comments){target=_blank}

docs/descriptors/salesforce_sfdx_scanner_apex.md

@@ -141,7 +141,7 @@ GLOBAL FLAGS
 COMMANDS
   scanner run dfa  scan codebase with all DFA rules
 
-(node:2029) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
+(node:1987) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
 (Use `node --trace-deprecation ...` to show where the warning was created)
 Warning: To use the most up-to-date Code Analyzer features including PMD 7.x, install Code Analyzer v4.x (Beta). To install v4.x (beta), run this command: sf plugins install @salesforce/sfdx-scanner@latest-beta
 Warning: We're continually improving Salesforce Code Analyzer. Tell us what you think! Give feedback at https://research.net/r/SalesforceCA