oxsecurity · echoix · Dec 11, 2025 · Dec 10, 2025 · Dec 10, 2025
@@ -1,11 +1,11 @@
 {
     "actionlint": "1.7.9",
-    "ansible-lint": "25.11.1",
+    "ansible-lint": "25.12.0",
     "arm-ttk": "0.0.0",
     "bandit": "1.9.2",
     "bash-exec": "5.2.37",
     "bicep_linter": "0.39.26",
-    "black": "25.11.0",
+    "black": "25.12.0",
     "cfn-lint": "1.41.0",
     "checkmake": "0.2.0",
     "checkov": "3.2.495",
@@ -39,10 +39,10 @@
     "gherkin-lint": "0.0.0",
     "git_diff": "2.49.1",
     "gitleaks": "8.30.0",
-    "golangci-lint": "2.6.2",
+    "golangci-lint": "2.7.1",
     "goodcheck": "3.1.0",
     "graphql-schema-linter": "3.0.1",
-    "grype": "0.104.1",
+    "grype": "0.104.2",
     "hadolint": "2.14.0",
     "helm": "3.18.4",
     "htmlhint": "1.7.1",
@@ -63,16 +63,16 @@
     "markdown-table-formatter": "1.6.1",
     "markdownlint": "0.45.0",
     "misspell": "0.3.4",
-    "mypy": "1.18.2",
+    "mypy": "1.19.0",
     "npm-groovy-lint": "15.2.2",
     "npm-package-json-lint": "9.0.0",
     "perlcritic": "1.156",
     "php": "7.4.26",
-    "php-cs-fixer": "3.90.0",
+    "php-cs-fixer": "3.91.2",
     "phpcs": "4.0.1",
     "phplint": "9.6.3",
     "phpstan": "2.1.32",
-    "pmd": "7.18.0",
+    "pmd": "7.19.0",
     "powershell": "7.5.4",
     "powershell_formatter": "7.5.4",
     "prettier": "3.6.2",
@@ -91,8 +91,8 @@
     "rstcheck": "6.2.5",
     "rstfmt": "0.0.14",
     "rubocop": "1.81.7",
-    "ruff": "0.14.7",
-    "ruff-format": "0.14.7",
+    "ruff": "0.14.8",
+    "ruff-format": "0.14.8",
     "scalafix": "0.14.4",
     "scss-lint": "0.60.0",
     "secretlint": "11.2.5",
@@ -113,7 +113,7 @@
     "stylelint": "16.26.1",
     "stylua": "2.0.0",
     "swiftlint": "0.62.2",
-    "syft": "1.38.0",
+    "syft": "1.38.2",
     "tekton-lint": "1.1.0",
     "terraform-fmt": "1.14.0",
     "terragrunt": "0.93.11",

@@ -46,6 +46,16 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
   - [pylint](https://pylint.readthedocs.io) from 4.0.3 to **4.0.4** on 2025-12-04
   - [stylelint](https://stylelint.io) from 16.26.0 to **16.26.1** on 2025-12-04
   - [trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.91.1 to **3.91.2** on 2025-12-04
+  - [ansible-lint](https://ansible-lint.readthedocs.io/) from 25.11.1 to **25.12.0** on 2025-12-10
+  - [golangci-lint](https://golangci-lint.run/) from 2.6.2 to **2.7.1** on 2025-12-10
+  - [pmd](https://pmd.github.io/) from 7.18.0 to **7.19.0** on 2025-12-10
+  - [php-cs-fixer](https://cs.symfony.com/) from 3.90.0 to **3.91.2** on 2025-12-10
+  - [black](https://black.readthedocs.io/en/stable/) from 25.11.0 to **25.12.0** on 2025-12-10
+  - [mypy](https://mypy.readthedocs.io/en/stable/) from 1.18.2 to **1.19.0** on 2025-12-10
+  - [ruff-format](https://github.com/astral-sh/ruff) from 0.14.7 to **0.14.8** on 2025-12-10
+  - [ruff](https://github.com/astral-sh/ruff) from 0.14.7 to **0.14.8** on 2025-12-10
+  - [grype](https://github.com/anchore/grype) from 0.104.1 to **0.104.2** on 2025-12-10
+  - [syft](https://github.com/anchore/syft) from 1.38.0 to **1.38.2** on 2025-12-10
 <!-- linter-versions-end -->
 
 ## [v9.2.0] - 2025-11-29

@@ -30,7 +30,7 @@ Ansible-lint helps teams maintain consistent, secure, and well-structured Ansibl
 
 ## ansible-lint documentation
 
-- Version in MegaLinter: **25.11.1**
+- Version in MegaLinter: **25.12.0**
 - Visit [Official Web Site](https://ansible-lint.readthedocs.io/){target=_blank}
 - See [How to configure ansible-lint rules](https://ansible-lint.readthedocs.io/configuring/#configuration-file){target=_blank}
   - If custom `.ansible-lint` config file isn't found, [.ansible-lint](https://github.com/oxsecurity/megalinter/tree/main/TEMPLATES/.ansible-lint){target=_blank} will be used
@@ -195,8 +195,8 @@ ANSIBLE_LINT_NODEPS: Avoids installing content dependencies and avoids performin
 - Dockerfile commands :
 ```dockerfile
 # renovate: datasource=pypi depName=ansible-lint
-ARG PIP_ANSIBLE_LINT_VERSION=25.11.1
+ARG PIP_ANSIBLE_LINT_VERSION=25.12.0
 ```
 
 - PIP packages (Python):
-  - [ansible-lint==25.11.1](https://pypi.org/project/ansible-lint/25.11.1)
+  - [ansible-lint==25.12.0](https://pypi.org/project/ansible-lint/25.12.0)
@@ -55,7 +55,7 @@ Golangci-lint is the industry standard for Go code quality and is used by thousa
 
 ## golangci-lint documentation
 
-- Version in MegaLinter: **2.6.2**
+- Version in MegaLinter: **2.7.1**
 - Visit [Official Web Site](https://golangci-lint.run/){target=_blank}
 - See [How to configure golangci-lint rules](https://golangci-lint.run/usage/configuration/#config-file){target=_blank}
   - If custom `.golangci.yml` config file isn't found, [.golangci.yml](https://github.com/oxsecurity/megalinter/tree/main/TEMPLATES/.golangci.yml){target=_blank} will be used
@@ -172,7 +172,7 @@ Use "golangci-lint [command] --help" for more information about a command.
 - Dockerfile commands :
 ```dockerfile
 # renovate: datasource=github-tags depName=golangci/golangci-lint
-ARG GO_GOLANGCI_LINT_VERSION=2.6.2
+ARG GO_GOLANGCI_LINT_VERSION=2.7.1
 RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s "v${GO_GOLANGCI_LINT_VERSION}" \
     && golangci-lint --version
 

@@ -21,7 +21,7 @@ description: How to use pmd (configure, ignore files, ignore errors, help & vers
 
 ## pmd documentation
 
-- Version in MegaLinter: **7.18.0**
+- Version in MegaLinter: **7.19.0**
 - Visit [Official Web Site](https://pmd.github.io/){target=_blank}
 - See [How to configure pmd rules](https://docs.pmd-code.org/pmd-doc-6.55.0/pmd_userdocs_configuring_rules.html){target=_blank}
   - If custom `java-pmd-ruleset.xml` config file isn't found, [java-pmd-ruleset.xml](https://github.com/oxsecurity/megalinter/tree/main/TEMPLATES/java-pmd-ruleset.xml){target=_blank} will be used
@@ -120,7 +120,7 @@ ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
 ENV PATH="$JAVA_HOME/bin:${PATH}"
 # Linter install
 # renovate: datasource=github-tags depName=pmd/pmd extractVersion=^pmd_releases/(?<version>.*)$
-ARG PMD_VERSION=7.18.0
+ARG PMD_VERSION=7.19.0
 
 RUN wget --quiet https://github.com/pmd/pmd/releases/download/pmd_releases%2F${PMD_VERSION}/pmd-dist-${PMD_VERSION}-bin.zip && \
     unzip pmd-dist-${PMD_VERSION}-bin.zip || echo "Error unzipping" && \

@@ -25,7 +25,7 @@ description: How to use php-cs-fixer (configure, ignore files, ignore errors, he
 
 ## php-cs-fixer documentation
 
-- Version in MegaLinter: **3.90.0**
+- Version in MegaLinter: **3.91.2**
 - Visit [Official Web Site](https://cs.symfony.com/){target=_blank}
 - See [How to configure php-cs-fixer rules](https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/blob/master/doc/config.rst){target=_blank}
   - If custom `.php-cs-fixer.dist.php` config file isn't found, [.php-cs-fixer.dist.php](https://github.com/oxsecurity/megalinter/tree/main/TEMPLATES/.php-cs-fixer.dist.php){target=_blank} will be used
@@ -110,9 +110,6 @@ php-cs-fixer check --config .php-cs-fixer.php
 ### Help content
 
 ```shell
-Unable to determine minimum PHP version supported by your project from composer.json: Failed to read file "composer.json".
-If you need help while solving warnings, ask at https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/discussions/, we will help you!
-
 Description:
   List commands
 
@@ -162,7 +159,7 @@ COPY --from=composer/composer:2-bin /composer /usr/bin/composer
 ENV PATH="/root/.composer/vendor/bin:${PATH}"
 # Linter install
 # renovate: datasource=packagist depName=friendsofphp/php-cs-fixer
-ARG PHP_FRIENDSOFPHP_PHP_CS_FIXER_VERSION=v3.90.0
+ARG PHP_FRIENDSOFPHP_PHP_CS_FIXER_VERSION=v3.91.2
 RUN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && composer global require friendsofphp/php-cs-fixer:${PHP_FRIENDSOFPHP_PHP_CS_FIXER_VERSION} --with-all-dependencies
 
 ```

@@ -50,7 +50,7 @@ Black is successfully used by many projects, small and big, and has become the d
 
 ## black documentation
 
-- Version in MegaLinter: **25.11.0**
+- Version in MegaLinter: **25.12.0**
 - Visit [Official Web Site](https://black.readthedocs.io/en/stable/){target=_blank}
 - See [How to configure black rules](https://black.readthedocs.io/en/stable/usage_and_configuration/the_basics.html#configuration-format){target=_blank}
   - If custom `pyproject.toml` config file isn't found, [pyproject.toml](https://github.com/oxsecurity/megalinter/tree/main/TEMPLATES/pyproject.toml){target=_blank} will be used
@@ -179,7 +179,7 @@ Options:
                                   expected to make it into the stable style
                                   Black's next major release. Implies
                                   --preview.
-  --enable-unstable-feature [string_processing|hug_parens_with_braces_and_square_brackets|wrap_long_dict_values_in_parens|multiline_string_handling|always_one_newline_after_import|fix_fmt_skip_in_one_liners|standardize_type_comments|wrap_comprehension_in|remove_parens_around_except_types|normalize_cr_newlines|fix_module_docstring_detection|fix_type_expansion_split]
+  --enable-unstable-feature [string_processing|hug_parens_with_braces_and_square_brackets|wrap_long_dict_values_in_parens|multiline_string_handling|always_one_newline_after_import|fix_fmt_skip_in_one_liners|standardize_type_comments|wrap_comprehension_in|remove_parens_around_except_types|normalize_cr_newlines|fix_module_docstring_detection|fix_type_expansion_split|remove_parens_from_assignment_lhs]
                                   Enable specific features included in the
                                   `--unstable` style. Requires `--preview`. No
                                   compatibility guarantees are provided on the

@@ -30,7 +30,7 @@ description: How to use mypy (configure, ignore files, ignore errors, help & ver
 
 ## mypy documentation
 
-- Version in MegaLinter: **1.18.2**
+- Version in MegaLinter: **1.19.0**
 - Visit [Official Web Site](https://mypy.readthedocs.io/en/stable/){target=_blank}
 - See [How to configure mypy rules](https://mypy.readthedocs.io/en/stable/config_file.html){target=_blank}
   - If custom `.mypy.ini` config file isn't found, [.mypy.ini](https://github.com/oxsecurity/megalinter/tree/main/TEMPLATES/.mypy.ini){target=_blank} will be used
@@ -135,7 +135,7 @@ command line flags. For more details, see:
 - https://mypy.readthedocs.io/en/stable/config_file.html
 
 options:
-  --enable-incomplete-feature {InlineTypedDict,PreciseTupleTypes}
+  --enable-incomplete-feature {InlineTypedDict,PreciseTupleTypes,TypeForm}
                             Enable support of incomplete/experimental features
                             for early preview
 
@@ -174,10 +174,6 @@ Import discovery:
   --no-silence-site-packages
                             Do not silence errors in PEP 561 compliant
                             installed packages
-  --junit-format {global,per_file}
-                            If --junit-xml is set, specifies format. global:
-                            single test with all errors; per_file: one test
-                            entry per file with failures
 
 Platform configuration:
   Type check code assuming it will be run under certain runtime conditions.
@@ -240,8 +236,7 @@ Untyped definitions and calls:
 None and Optional handling:
   Adjust how values of type 'None' are handled. For more context on how mypy
   handles values of type 'None', see:
-  https://mypy.readthedocs.io/en/stable/kinds_of_types.html#optional-types-
-  and-the-none-type
+  https://mypy.readthedocs.io/en/stable/kinds_of_types.html#optional-types-and-the-none-type
 
   --implicit-optional       Assume arguments with default values of None are
                             Optional (inverse: --no-implicit-optional)
@@ -336,7 +331,7 @@ Incremental mode:
   Adjust how mypy incrementally type checks and caches modules. Mypy caches
   type information about modules into a cache to let you speed up future
   invocations of mypy. Also see mypy's daemon mode:
-  mypy.readthedocs.io/en/stable/mypy_daemon.html#mypy-daemon
+  https://mypy.readthedocs.io/en/stable/mypy_daemon.html#mypy-daemon
 
   --no-incremental          Disable module cache (inverse: --incremental)
   --cache-dir DIR           Store module cache info in the given folder in
@@ -345,8 +340,7 @@ Incremental mode:
                             --no-sqlite-cache)
   --cache-fine-grained      Include fine-grained dependency information in the
                             cache for the mypy daemon
-  --fixed-format-cache      Use experimental fast and compact fixed format
-                            cache
+  --fixed-format-cache      Use new fast and compact fixed format cache
   --skip-version-check      Allow using cache written by older mypy version
   --skip-cache-mtime-checks
                             Skip cache internal consistency checks based on
@@ -385,7 +379,13 @@ Report generation:
   --xslt-txt-report DIR
 
 Miscellaneous:
-  --junit-xml JUNIT_XML     Write junit.xml to the given file
+  --junit-xml JUNIT_XML_OUTPUT_FILE
+                            Write a JUnit XML test result document with type
+                            checking results to the given file
+  --junit-format {global,per_file}
+                            If --junit-xml is set, specifies format. global
+                            (default): single test with all errors; per_file:
+                            one test entry per file with failures
   --find-occurrences CLASS.MEMBER
                             Print out all usages of a class member
                             (experimental)
@@ -398,7 +398,7 @@ Miscellaneous:
 
 Running code:
   Specify the code you want to type check. For more details, see
-  mypy.readthedocs.io/en/stable/running_mypy.html#running-mypy
+  https://mypy.readthedocs.io/en/stable/running_mypy.html#running-mypy
 
   --explicit-package-bases  Use current directory and MYPYPATH to determine
                             module names of files passed (inverse: --no-
@@ -427,9 +427,9 @@ Environment variables:
 - Dockerfile commands :
 ```dockerfile
 # renovate: datasource=pypi depName=mypy
-ARG PIP_MYPY_VERSION=1.18.2
+ARG PIP_MYPY_VERSION=1.19.0
 ENV MYPY_CACHE_DIR=/tmp
 ```
 
 - PIP packages (Python):
-  - [mypy==1.18.2](https://pypi.org/project/mypy/1.18.2)
+  - [mypy==1.19.0](https://pypi.org/project/mypy/1.19.0)
@@ -20,7 +20,7 @@ description: How to use ruff (configure, ignore files, ignore errors, help & ver
 
 ## ruff documentation
 
-- Version in MegaLinter: **0.14.7**
+- Version in MegaLinter: **0.14.8**
 - Visit [Official Web Site](https://github.com/astral-sh/ruff#readme){target=_blank}
 - See [How to configure ruff rules](https://docs.astral.sh/ruff/configuration/){target=_blank}
   - If custom `.ruff.toml` config file isn't found, [.ruff.toml](https://github.com/oxsecurity/megalinter/tree/main/TEMPLATES/.ruff.toml){target=_blank} will be used
@@ -143,8 +143,8 @@ For help with a specific command, see: `ruff help <command>`.
 - Dockerfile commands :
 ```dockerfile
 # renovate: datasource=pypi depName=ruff
-ARG PIP_RUFF_VERSION=0.14.7
+ARG PIP_RUFF_VERSION=0.14.8
 ```
 
 - PIP packages (Python):
-  - [ruff==0.14.7](https://pypi.org/project/ruff/0.14.7)
+  - [ruff==0.14.8](https://pypi.org/project/ruff/0.14.8)
@@ -19,7 +19,7 @@ description: How to use ruff-format (configure, ignore files, ignore errors, hel
 
 ## ruff-format documentation
 
-- Version in MegaLinter: **0.14.7**
+- Version in MegaLinter: **0.14.8**
 - Visit [Official Web Site](https://github.com/astral-sh/ruff#readme){target=_blank}
 - See [How to configure ruff-format rules](https://docs.astral.sh/ruff/configuration/){target=_blank}
   - If custom `.ruff.toml` config file isn't found, [.ruff.toml](https://github.com/oxsecurity/megalinter/tree/main/TEMPLATES/.ruff.toml){target=_blank} will be used
@@ -142,8 +142,8 @@ For help with a specific command, see: `ruff help <command>`.
 - Dockerfile commands :
 ```dockerfile
 # renovate: datasource=pypi depName=ruff
-ARG PIP_RUFF_VERSION=0.14.7
+ARG PIP_RUFF_VERSION=0.14.8
 ```
 
 - PIP packages (Python):
-  - [ruff==0.14.7](https://pypi.org/project/ruff/0.14.7)
+  - [ruff==0.14.8](https://pypi.org/project/ruff/0.14.8)
@@ -30,7 +30,7 @@ description: How to use grype (configure, ignore files, ignore errors, help & ve
 
 ## grype documentation
 
-- Version in MegaLinter: **0.104.1**
+- Version in MegaLinter: **0.104.2**
 - Visit [Official Web Site](https://github.com/anchore/grype#readme){target=_blank}
 - See [How to configure grype rules](https://github.com/anchore/grype#configuration){target=_blank}
   - If custom `.grype.yaml` config file isn't found, [.grype.yaml](https://github.com/oxsecurity/megalinter/tree/main/TEMPLATES/.grype.yaml){target=_blank} will be used

@@ -121,7 +121,7 @@ Note
 
 Options
   --init             setup config file. Create .secretlintrc.json file from your package.json
-  --format           [String] formatter name. Default: "stylish". Available Formatter: checkstyle, compact, jslint-xml, junit, pretty-error, stylish, tap, unix, json, mask-result, table
+  --format           [String] formatter name. Default: "stylish". Available Formatter: checkstyle, compact, github, jslint-xml, junit, pretty-error, stylish, tap, unix, json, mask-result, table
   --output           [path:String] output file path that is written of reported result.
   --no-color         disable ANSI-color of output.
   --no-terminalLink  disable terminalLink of output.

@@ -29,7 +29,7 @@ description: How to use syft (configure, ignore files, ignore errors, help & ver
 
 ## syft documentation
 
-- Version in MegaLinter: **1.38.0**
+- Version in MegaLinter: **1.38.2**
 - Visit [Official Web Site](https://github.com/anchore/syft#readme){target=_blank}
 
 [![syft - GitHub](https://gh-card.dev/repos/anchore/syft.svg?fullname=)](https://github.com/anchore/syft){target=_blank}