chore(deps): bump megalinter/megalinter from 9.3.0 to 9.4.0

[dependabot]

Bumps megalinter/megalinter from 9.3.0 to 9.4.0.

Release notes

Sourced from megalinter/megalinter's releases.

v9.4.0

What's Changed

• Core

  • Improve files browsing performances (2 PRs)
  • Optimize parallel linter processing and improve grouping logic
  • Improve performance of listing .gitignored files by sending excluded directories to git ls-files
  • If there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances
  • Reduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules
  • Cache subprocess environment per linter run and excluded directories per request
  • Optimize parallel linter result update from O(n²) to O(n)
  • Add support in the build of Docker images for linux/arm64 in compatible linters

• New linters

  • Add PYTHON_NBQA_MYPY for type-checking Jupyter notebooks using nbqa + mypy

• Disabled linters

  • LUA_SELENE: Kampfkarren/selene#662

• Linters enhancements

  • Use the official checkmake image by @​bdovaz
  • Spectral: Add sarif support to spectral by @​bdovaz
  • Spectral: Change cli_lint_mode to list_of_files to improve performances

• Fixes

  • Add support for SSH remote origins when building custom flavors (fixes: #6511)
  • Fix issue with plugins ignored when FLAVOR_SUGGESTIONS=false
  • Fix wrong tagging apply_fixes=True when linter has no fix options configured
  • Python mypy: Remove .ipynb from file extensions (mypy doesn't support notebooks directly) - fixes #6904
  • Fix operator precedence bug in pre_post_factory pre/post command logic
  • Fix file handle leak in GitleaksLinter
  • Fix variable name bug in utils.get_git_context_info
  • Minor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter

• Reporters

  • Add a link inviting to star MegaLinter
  • Display in the console reporter the working directory from which the commands are executed by @​bdovaz
  • Update WebHook reporter so it can send more events for a better integration with UI
  • When truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)
  • In case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead
  • Azure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib

• Flavors

  • Custom flavor builder:
    • Add support for SSH remotes
    • Allow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms
    • Build & release custom flavor builder image for linux/arm64

• Doc

  • JSON Schema: Add default values for file extensions and file names variables + improve descriptions

... (truncated)

Changelog

Sourced from megalinter/megalinter's changelog.

[v9.4.0] - 2026-02-28

• Core

  • Improve files browsing performances (2 PRs)
  • Optimize parallel linter processing and improve grouping logic
  • Improve performance of listing .gitignored files by sending excluded directories to git ls-files
  • If there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances
  • Reduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules
  • Cache subprocess environment per linter run and excluded directories per request
  • Optimize parallel linter result update from O(n²) to O(n)
  • Add support in the build of Docker images for linux/arm64 in compatible linters

• New linters

  • Add PYTHON_NBQA_MYPY for type-checking Jupyter notebooks using nbqa + mypy

• Disabled linters

  • LUA_SELENE: Kampfkarren/selene#662

• Linters enhancements

  • Use the official checkmake image by @​bdovaz
  • Spectral: Add sarif support to spectral by @​bdovaz
  • Spectral: Change cli_lint_mode to list_of_files to improve performances

• Fixes

  • Add support for SSH remote origins when building custom flavors (fixes: #6511)
  • Fix issue with plugins ignored when FLAVOR_SUGGESTIONS=false
  • Fix wrong tagging apply_fixes=True when linter has no fix options configured
  • Python mypy: Remove .ipynb from file extensions (mypy doesn't support notebooks directly) - fixes #6904
  • Fix operator precedence bug in pre_post_factory pre/post command logic
  • Fix file handle leak in GitleaksLinter
  • Fix variable name bug in utils.get_git_context_info
  • Minor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter

• Reporters

  • Add a link inviting to star MegaLinter
  • Display in the console reporter the working directory from which the commands are executed by @​bdovaz
  • Update WebHook reporter so it can send more events for a better integration with UI
  • When truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)
  • In case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead
  • Azure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib

• Flavors

  • Custom flavor builder:
    • Add support for SSH remotes
    • Allow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms
    • Build & release custom flavor builder image for linux/arm64

• Doc

  • JSON Schema: Add default values for file extensions and file names variables + improve descriptions
  • Update default secured env variables documentation

... (truncated)

Commits

• 8fbdead Release MegaLinter v9.4.0
• 9f605c4 Fix custom flavor builder workflow (#7306)
• b7dcb60 Update changelog to prepare release (#7304)
• 3077b04 chore(deps): update dependency regex to v2026.2.28 (#7303)
• edba876 [automation] Auto-update linters version, help and documentation (#7299)
• 07fb84d chore(deps): update dependency python-gitlab to v8.1.0 (#7302)
• 4d42e33 chore(deps): update dependency fastapi to v0.134.0 (#7301)
• 649726c chore(deps): update dependency rumdl to v0.1.32 (#7300)
• 768b5a3 chore(deps): update dependency virtualenv to v21.1.0 (#7298)
• 7e73a76 chore(deps): update dependency eslint-plugin-jsonc to v3 (#7260)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	2		0	0	0.06s
⚠️ COPYPASTE	jscpd	yes		22	no	3.13s
⚠️ GO	golangci-lint	yes		1	no	85.22s
✅ GO	revive	yes		no	no	10.24s
✅ MARKDOWN	markdownlint	1		0	0	1.06s
✅ MARKDOWN	markdown-table-formatter	1		0	0	0.61s
✅ REPOSITORY	checkov	yes		no	no	23.47s
✅ REPOSITORY	gitleaks	yes		no	no	0.39s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	64.9s
✅ REPOSITORY	secretlint	yes		no	no	1.04s
✅ REPOSITORY	syft	yes		no	no	6.57s
✅ REPOSITORY	trivy	yes		no	no	16.61s
✅ REPOSITORY	trivy-sbom	yes		no	no	4.42s
✅ REPOSITORY	trufflehog	yes		no	no	4.83s
✅ SPELL	lychee	5		0	0	0.87s
⚠️ YAML	prettier	4		1	2	0.91s
✅ YAML	v8r	4		0	0	5.21s
✅ YAML	yamllint	4		0	0	1.33s

Detailed Issues

⚠️ GO / golangci-lint - 1 error

../../..pkg/mesh/service.go:94:14: unlambda: replace `func(shardID, replicaID uint64) statemachine.IStateMachine {
	return NewMeshStateMachine(shardID, replicaID)
}` with `NewMeshStateMachine` (gocritic)
	createSM := func(shardID, replicaID uint64) statemachine.IStateMachine {
	            ^
../../..pkg/laws/user.go:166:2: QF1003: could use tagged switch on facts.Facts.Distro.Family (staticcheck)
	if facts.Facts.Distro.Family == "alpine" {
	^
2 issues:
* gocritic: 1
* staticcheck: 1

⚠️ COPYPASTE / jscpd - 22 errors

Clone found (go):
 - pkg/mesh/http.go [124:16 - 151:8] (27 lines, 275 tokens)
   pkg/mesh/http.go [86:14 - 113:7]

Clone found (go):
 - pkg/mesh/http.go [201:9 - 216:6] (15 lines, 119 tokens)
   pkg/mesh/http.go [177:10 - 192:7]

Clone found (go):
 - pkg/mesh/http.go [237:2 - 247:7] (10 lines, 90 tokens)
   pkg/mesh/http.go [182:2 - 192:7]

Clone found (go):
 - pkg/mesh/http.go [261:13 - 278:8] (17 lines, 138 tokens)
   pkg/mesh/http.go [230:11 - 192:7]

Clone found (go):
 - pkg/laws/ssh.go [99:3 - 110:2] (11 lines, 131 tokens)
   pkg/laws/ssh.go [70:4 - 82:7]

Clone found (go):
 - pkg/laws/service.go [175:5 - 180:4] (5 lines, 77 tokens)
   pkg/laws/service.go [156:7 - 161:4]

Clone found (go):
 - pkg/laws/pkgrepo.go [65:28 - 74:2] (9 lines, 88 tokens)
   pkg/laws/script.go [73:23 - 82:2]

Clone found (go):
 - pkg/laws/file.go [135:27 - 143:17] (8 lines, 82 tokens)
   pkg/laws/script.go [73:23 - 81:5]

Clone found (go):
 - pkg/laws/file.go [286:2 - 316:8] (30 lines, 378 tokens)
   pkg/laws/file.go [135:2 - 165:23]

Clone found (go):
 - pkg/laws/file.go [318:3 - 324:5] (6 lines, 92 tokens)
   pkg/laws/file.go [172:3 - 178:22]

Clone found (go):
 - pkg/laws/file.go [412:2 - 422:4] (10 lines, 97 tokens)
   pkg/laws/file.go [362:2 - 372:6]

Clone found (go):
 - pkg/laws/file.go [445:3 - 464:7] (19 lines, 222 tokens)
   pkg/laws/file.go [394:3 - 412:3]

Clone found (go):
 - pkg/laws/file.go [472:2 - 510:9] (38 lines, 478 tokens)
   pkg/laws/file.go [135:2 - 324:13]

Clone found (go):
 - pkg/laws/file.go [550:2 - 563:89] (13 lines, 120 tokens)
   pkg/laws/file.go [363:3 - 425:3]

Clone found (go):
 - pkg/laws/file.go [580:5 - 602:7] (22 lines, 259 tokens)
   pkg/laws/file.go [440:5 - 411:2]

Clone found (go):
 - pkg/laws/container.go [90:26 - 99:4] (9 lines, 88 tokens)
   pkg/laws/script.go [73:23 - 82:2]

Clone found (go):
 - cmd/mesh-commands.go [51:38 - 62:6] (11 lines, 113 tokens)
   cmd/mesh-commands.go [23:80 - 34:7]

Clone found (go):
 - cmd/mesh-commands.go [173:17 - 179:22] (6 lines, 81 tokens)
   cmd/mesh-commands.go [124:16 - 130:28]

Clone found (go):
 - cmd/mesh-commands.go [179:22 - 192:14] (13 lines, 82 tokens)
   cmd/mesh-commands.go [130:28 - 143:14]

Clone found (go):
 - cmd/mesh-commands.go [227:17 - 233:23] (6 lines, 81 tokens)
   cmd/mesh-commands.go [124:16 - 130:28]

Clone found (go):
 - cmd/local-lint.go [48:3 - 62:4] (14 lines, 135 tokens)
   cmd/local-pretend.go [48:3 - 62:4]

Clone found (go):
 - cmd/local-apply.go [48:18 - 63:2] (15 lines, 117 tokens)
   cmd/local-pretend.go [49:12 - 63:4]

┌────────┬────────────────┬─────────────┬──────────────┬──────────────┬──────────────────┬───────────────────┐
│ Format │ Files analyzed │ Total lines │ Total tokens │ Clones found │ Duplicated lines │ Duplicated tokens │
├────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ go     │ 32             │ 5800        │ 41700        │ 22           │ 314 (5.41%)      │ 3343 (8.02%)      │
├────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ Total: │ 32             │ 5800        │ 41700        │ 22           │ 314 (5.41%)      │ 3343 (8.02%)      │
└────────┴────────────────┴─────────────┴──────────────┴──────────────┴──────────────────┴───────────────────┘
Found 22 clones.
HTML report saved to megalinter-reports/copy-paste/html/
ERROR: jscpd found too many duplicates (5.41%) over threshold (0%)
Error: ERROR: jscpd found too many duplicates (5.41%) over threshold (0%)
    at ThresholdReporter.report (/node-deps/node_modules/@jscpd/finder/dist/index.js:615:13)
    at /node-deps/node_modules/@jscpd/finder/dist/index.js:109:18
    at Array.forEach (<anonymous>)
    at /node-deps/node_modules/@jscpd/finder/dist/index.js:108:22
    at async /node-deps/node_modules/jscpd/dist/bin/jscpd.js:9:5

⚠️ YAML / prettier - 1 error

Checking formatting...
[warn] .github/workflows/megalinter.yaml
[warn] Code style issues found in the above file. Run Prettier with --write to fix.

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.4.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,COPYPASTE_JSCPD,GO_GOLANGCI_LINT,GO_REVIVE,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository