How to bump versions on included tooling #3281
-
General question: if I find that a version of a tool included in the current Megalinter release and I don't see a PR or an issue to have it updated, what can I do? A specific example would be KICS which in the 7.7.0 Megalinter release is pinned to KICS 1.7.11; three weeks ago (i.e., after the 7.7.0 release), KICS 1.7.12 was released. Seeing no issues or PRs relating to bumping that version, I was thinking about submitting one myself. I noticed that the generated markdown, YAML, etc. show 1.7.11 and that suggests to me that the version pin is found somewhere else. The Dockerfile under All of that said, my hope is to discuss the general case of, "there's a new version of a thing included in Megalinter, so how do I help Megalinter move to that new version?" |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Make a PR in the files in this directory, everything is generated from here: https://github.com/oxsecurity/megalinter/blob/main/megalinter/descriptors Here it would be: https://github.com/oxsecurity/megalinter/blob/main/megalinter/descriptors/repository.megalinter-descriptor.yml Usually everything is updated in the main branch, released as beta tag in between releases. We have jobs that run each day for this, when one tool doesn't break the others (that the biggest part of the job, making everything work together). I see that the installation method is through a Docker image. Maybe check that the source image is actually still published with new releases? |
Beta Was this translation helpful? Give feedback.
Make a PR in the files in this directory, everything is generated from here: https://github.com/oxsecurity/megalinter/blob/main/megalinter/descriptors
Here it would be: https://github.com/oxsecurity/megalinter/blob/main/megalinter/descriptors/repository.megalinter-descriptor.yml
Usually everything is updated in the main branch, released as beta tag in between releases. We have jobs that run each day for this, when one tool doesn't break the others (that the biggest part of the job, making everything work together).
I see that the installation method is through a Docker image. Maybe check that the source image is actually still published with new releases?