bot: bump oxsecurity/megalinter from 9.0.1 to 9.1.0

[dependabot]

Bumps oxsecurity/megalinter from 9.0.1 to 9.1.0.

Release notes

Sourced from oxsecurity/megalinter's releases.

v9.1.0

What's Changed

• New linters

  • Add Robocop linter, by @​bdovaz in oxsecurity/megalinter#6232

• Linters enhancements

  • Python Linting: Added more file type supports for various linters. Full description here

• Doc

  • Add OLLAMA_BASE_URL is MegaLinter config Json schema

• Flavors

  • Custom flavors: Add workflow to automate detection of new MegaLinter versions and generation of new Custom Flavor

• CI

  • Fix v9 release issue + mark hardcoded versions to upgrade at each new major release.

• Linter versions upgrades (22)

  • ansible-lint from 25.9.0 to 25.9.1
  • bicep_linter from 0.37.4 to 0.38.33
  • cfn-lint from 1.39.1 to 1.40.0
  • checkstyle from 11.0.1 to 11.1.0
  • clj-kondo from 2025.09.19 to 2025.09.22
  • golangci-lint from 2.4.0 to 2.5.0
  • hadolint from 2.13.1 to 2.14.0
  • isort from 6.0.1 to 6.1.0
  • kics from 2.1.13 to 2.1.14
  • npm-groovy-lint from 15.2.1 to 15.2.2
  • php-cs-fixer from 3.87.2 to 3.88.2
  • phpstan from 2.1.28 to 2.1.30
  • pylint from 3.3.8 to 3.3.9
  • pyright from 1.1.405 to 1.1.406
  • robocop from 6.7.0 to 6.7.2
  • rubocop from 1.80.2 to 1.81.1
  • ruff-format from 0.13.1 to 0.13.3
  • ruff from 0.13.1 to 0.13.3
  • snakemake from 9.11.4 to 9.11.9
  • terraform-fmt from 1.13.2 to 1.13.3
  • terragrunt from 0.87.2 to 0.88.1
  • trivy from 0.66.0 to 0.67.0

• chore(deps): update alpine/terragrunt docker tag to v1.13.3 by @​renovate[bot] in oxsecurity/megalinter#6201
• chore(deps): update dependency @​salesforce/cli to v2.106.6 by @​renovate[bot] in oxsecurity/megalinter#6199
• chore(deps): update dependency fastapi to v0.117.1 by @​renovate[bot] in oxsecurity/megalinter#6195
• chore(deps): update dependency @​salesforce/plugin-packaging to v2.20.4 by @​renovate[bot] in oxsecurity/megalinter#6198
• chore(deps): update dependency sfdx-hardis to v6.5.2 by @​renovate[bot] in oxsecurity/megalinter#6202

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

• Core

• New linters

• Disabled linters

• Removed linters

• Media

• Linters enhancements

• Fixes

• Reporters

• Doc

• Flavors

• CI

• mega-linter-runner

• Linter versions upgrades (N)

  • checkstyle from 11.1.0 to 12.0.0 on 2025-10-09
  • scalafix from 0.14.3 to 0.14.4 on 2025-10-09
  • xmllint from 21308 to 21309 on 2025-10-09
  • ansible-lint from 25.9.1 to 25.9.2 on 2025-10-12
  • cfn-lint from 1.40.0 to 1.40.1 on 2025-10-12
  • checkstyle from 12.0.0 to 12.0.1 on 2025-10-12
  • trivy-sbom from 0.67.0 to 0.67.2 on 2025-10-12
  • trivy from 0.67.0 to 0.67.2 on 2025-10-12
  • snakemake from 9.11.9 to 9.13.2 on 2025-10-12
  • terragrunt from 0.88.1 to 0.90.0 on 2025-10-12

[v9.1.0] - 2025-10-07

• New linters

... (truncated)

Commits

• 62c799d Release MegaLinter v9.1.0
• 6158659 [automation] Auto-update linters version, help and documentation (#6299)
• 013588a chore(deps): update dependency lightning-flow-scanner to v5.6.2 (#6301)
• ee69172 chore(deps): update dependency isort to v6.1.0 (#6300)
• 49e1637 chore(deps): update dependency eslint-plugin-jsonc to v2.21.0 (#6298)
• 1db8d0f chore(deps): update dependency eslint to v9.37.0 (#6297)
• f26af91 [automation] Auto-update linters version, help and documentation (#6296)
• 9786a83 chore(deps): update dependency cfn-lint to v1.40.0 (#6295)
• 69457fc chore(deps): update dependency azure/bicep to v0.38.33 (#6294)
• 4ae0e6f chore(deps): update dependency npm-groovy-lint to v15.2.2 (#6293)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

✅MegaLinter analysis: Success

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ BASH	bash-exec	1		0	0	0.24s
✅ BASH	shellcheck	1		0	0	0.07s
✅ BASH	shfmt	1	0	0	0	0.02s
✅ COPYPASTE	jscpd	yes		no	no	1.37s
✅ MARKDOWN	markdownlint	2	0	0	0	0.55s
✅ MARKDOWN	markdown-table-formatter	3	0	0	0	0.24s
✅ REPOSITORY	gitleaks	yes		no	no	0.14s
✅ REPOSITORY	git_diff	yes		no	no	0.25s
✅ REPOSITORY	grype	yes		no	no	25.52s
✅ REPOSITORY	syft	yes		no	no	1.02s
✅ REPOSITORY	trivy	yes		no	no	4.95s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.09s
✅ REPOSITORY	trufflehog	yes		no	no	2.17s

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.1.0 --custom-flavor-setup --custom-flavor-linters BASH_EXEC,BASH_SHELLCHECK,BASH_SHFMT,COPYPASTE_JSCPD,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG

[Klintrup]

@dependabot merge

…

On Mon, Oct 13, 2025 at 10:26 AM github-actions[bot] < ***@***.***> wrote: *github-actions[bot]* left a comment (Klintrup/check_smartarray#48) <#48 (comment)> ✅MegaLinter <https://megalinter.io/9.1.0> analysis: Success <https://github.com/Klintrup/check_smartarray/actions/runs/18459657257> Descriptor Linter Files Fixed Errors Warnings Elapsed time ✅ BASH bash-exec <https://megalinter.io/9.1.0/descriptors/bash_bash_exec> 1 0 0 0.24s ✅ BASH shellcheck <https://megalinter.io/9.1.0/descriptors/bash_shellcheck> 1 0 0 0.07s ✅ BASH shfmt <https://megalinter.io/9.1.0/descriptors/bash_shfmt> 1 0 0 0 0.02s ✅ COPYPASTE jscpd <https://megalinter.io/9.1.0/descriptors/copypaste_jscpd> yes no no 1.37s ✅ MARKDOWN markdownlint <https://megalinter.io/9.1.0/descriptors/markdown_markdownlint> 2 0 0 0 0.55s ✅ MARKDOWN markdown-table-formatter <https://megalinter.io/9.1.0/descriptors/markdown_markdown_table_formatter> 3 0 0 0 0.24s ✅ REPOSITORY gitleaks <https://megalinter.io/9.1.0/descriptors/repository_gitleaks> yes no no 0.14s ✅ REPOSITORY git_diff <https://megalinter.io/9.1.0/descriptors/repository_git_diff> yes no no 0.25s ✅ REPOSITORY grype <https://megalinter.io/9.1.0/descriptors/repository_grype> yes no no 25.52s ✅ REPOSITORY syft <https://megalinter.io/9.1.0/descriptors/repository_syft> yes no no 1.02s ✅ REPOSITORY trivy <https://megalinter.io/9.1.0/descriptors/repository_trivy> yes no no 4.95s ✅ REPOSITORY trivy-sbom <https://megalinter.io/9.1.0/descriptors/repository_trivy_sbom> yes no no 0.09s ✅ REPOSITORY trufflehog <https://megalinter.io/9.1.0/descriptors/repository_trufflehog> yes no no 2.17s See detailed reports in MegaLinter artifacts <https://github.com/Klintrup/check_smartarray/actions/runs/18459657257> Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false) - Documentation: Custom Flavors <https://megalinter.io/9.1.0/custom-flavors/> - Command: npx ***@***.*** --custom-flavor-setup --custom-flavor-linters BASH_EXEC,BASH_SHELLCHECK,BASH_SHFMT,COPYPASTE_JSCPD,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG [image: MegaLinter is graciously provided by OX Security] <https://www.ox.security/?ref=megalinter> — Reply to this email directly, view it on GitHub <#48 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AENCFGJG67KOSJC5YYAYD7T3XNO2HAVCNFSM6AAAAACJAPS6YWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTGOJWGM4TENZUGU> . You are receiving this because your review was requested.Message ID: ***@***.***>

[dependabot]

Beginning January 27, 2026, Dependabot will no longer support the @dependabot merge command. Please use GitHub's native pull request controls instead. Please see the changelog announcement for additional details.