carson 2.17.0 → 2.17.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/RELEASE.md +10 -0
  3. data/VERSION +1 -1
  4. data/templates/.github/.mega-linter.yml +5 -0
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: beed85a11e303c6c34258e51b20d553ea4becdfcc22c9cc28bb7889621a25eac
4
- data.tar.gz: d59f7bb131cc1f15bc90f4c8bebf1d6a58f361bbfeec960827460a6144bab6bc
3
+ metadata.gz: d65e5e487eef845979a9d198caa500ba17464cd944a19fe0eed72920eabe5c0b
4
+ data.tar.gz: 84cc21d8a7b499e69918410c69c78573a6c6d58b0b83e395ad2d4303bec90f6c
5
5
  SHA512:
6
- metadata.gz: 9c554db7a64b8d9ef314c3e26a2be21623e37972dd12fb39093d3e9a2ae71f19f53c5e8a313a72b89de6eba8bbb8943fde3b5bbcc8f8123d4d051de839afa315
7
- data.tar.gz: 67bd246d6dfcd97efcf521278198fb6040a734115a5f3b5b9b4aef9c72ae4e9598f3e4e9f22470b2846b967d028ee9a1a52e1f4e73835afd2a61530eff375ad3
6
+ metadata.gz: dbc24993812dc8bed85be6493a85386cf8038ef265c842c23bc428779cd215eedb7f8a642cbcddfed04722b26ebdeae57d7609944d2a439fc7322035c458d357
7
+ data.tar.gz: 681e8626a1e3185df143b4a2202d4633bb5d25c58c7f3a74debe6459fed95d49a194edca27d3f09792cbe43a7d7b65199c4e3eca5c846dbe4d887cefa7171464
data/RELEASE.md CHANGED
@@ -5,6 +5,16 @@ Release-note scope rule:
5
5
  - `RELEASE.md` records only version deltas, breaking changes, and migration actions.
6
6
  - Operational usage guides live in `MANUAL.md` and `API.md`.
7
7
 
8
+ ## 2.17.1 — Disable IaC Security Scanners
9
+
10
+ ### What changed
11
+
12
+ - Disabled `REPOSITORY_CHECKOV` and `REPOSITORY_KICS` in the MegaLinter config template. Both are IaC security scanners that flag Carson's own workflow permissions (`issues: write`, `pull-requests: write`) as overly permissive — but MegaLinter needs these to post PR comments. Same false positive in every governed repo.
13
+
14
+ ### No migration required
15
+
16
+ Run `carson refresh` — the updated template propagates automatically.
17
+
8
18
  ## 2.17.0 — MegaLinter Configuration Template
9
19
 
10
20
  ### What changed
data/VERSION CHANGED
@@ -1 +1 @@
1
- 2.17.0
1
+ 2.17.1
data/templates/.github/.mega-linter.yml CHANGED
@@ -13,7 +13,12 @@ VALIDATE_ALL_CODEBASE: false
13
13
  FILTER_REGEX_EXCLUDE: "(vendor/|node_modules/|public/packs|public/assets|tmp/|log/|coverage/)"
14
14
 
15
15
  # Disable linters that are too noisy without per-project configuration.
16
+ # checkov and kics are IaC security scanners — they flag Carson's own
17
+ # workflow permissions (issues: write, pull-requests: write) as overly
18
+ # permissive, but MegaLinter needs these to post PR comments.
16
19
  DISABLE_LINTERS:
17
20
  - SPELL_CSPELL
18
21
  - COPYPASTE_JSCPD
19
22
  - HTML_DJLINT
23
+ - REPOSITORY_CHECKOV
24
+ - REPOSITORY_KICS
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: carson
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.17.0
4
+ version: 2.17.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Hailei Wang