How to bump versions on included tooling

[wesley-dean-flexion]

General question: if I find that a version of a tool included in the current Megalinter release and I don't see a PR or an issue to have it updated, what can I do?

A specific example would be KICS which in the 7.7.0 Megalinter release is pinned to KICS 1.7.11; three weeks ago (i.e., after the 7.7.0 release), KICS 1.7.12 was released. Seeing no issues or PRs relating to bumping that version, I was thinking about submitting one myself. I noticed that the generated markdown, YAML, etc. show 1.7.11 and that suggests to me that the version pin is found somewhere else. The Dockerfile under linters/ only shows that the alpine tag is pinned.

All of that said, my hope is to discuss the general case of, "there's a new version of a thing included in Megalinter, so how do I help Megalinter move to that new version?"

[echoix]

Make a PR in the files in this directory, everything is generated from here: https://github.com/oxsecurity/megalinter/blob/main/megalinter/descriptors

Here it would be: https://github.com/oxsecurity/megalinter/blob/main/megalinter/descriptors/repository.megalinter-descriptor.yml

Usually everything is updated in the main branch, released as beta tag in between releases. We have jobs that run each day for this, when one tool doesn't break the others (that the biggest part of the job, making everything work together).

I see that the installation method is through a Docker image. Maybe check that the source image is actually still published with new releases?

[nvuillam]

I'll release a new version of megalinter probably next week :)
Meanwhile, indeed you can use beta :)