carson 2.17.1 → 2.17.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/RELEASE.md +21 -0
- data/VERSION +1 -1
- data/templates/.github/.mega-linter.yml +9 -4
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5bde6debe9c12b4b57b2d595770ee04986088ceddefb0cb207f9949b2f97bc01
|
|
4
|
+
data.tar.gz: 8b12ea1880da432312c1a0052dfb1b8c5fc3f3770ddca8c1b79f91f56fe3b28e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fa9ed36d6a2e14a60f42f1f29d54ebf07592996ca2385403070287eb27e9f85d1b7eafce43eb51d0baccb2989b37ec3f17356a37480b8f893b9ae0452975bb3b
|
|
7
|
+
data.tar.gz: '08e05edcad552d42a734b5d095d2fadbf2bee497df1098fa119377a99d8092f99dbdd06ef7e4839cd36254f3b2122429d3be1bc8af45de8872148e824d3d2878'
|
data/RELEASE.md
CHANGED
|
@@ -5,6 +5,27 @@ Release-note scope rule:
|
|
|
5
5
|
- `RELEASE.md` records only version deltas, breaking changes, and migration actions.
|
|
6
6
|
- Operational usage guides live in `MANUAL.md` and `API.md`.
|
|
7
7
|
|
|
8
|
+
## 2.17.3 — Disable DevSkim
|
|
9
|
+
|
|
10
|
+
### What changed
|
|
11
|
+
|
|
12
|
+
- Disabled `REPOSITORY_DEVSKIM` in MegaLinter config. DevSkim floods Rails apps with false-positive security warnings (78 warnings on a fresh Rails 8 scaffold).
|
|
13
|
+
|
|
14
|
+
### No migration required
|
|
15
|
+
|
|
16
|
+
Run `carson refresh` — the updated template propagates automatically.
|
|
17
|
+
|
|
18
|
+
## 2.17.2 — Lint Code, Not Prose
|
|
19
|
+
|
|
20
|
+
### What changed
|
|
21
|
+
|
|
22
|
+
- Disabled entire `MARKDOWN`, `RST`, and `SPELL` descriptors in MegaLinter config. Carson governs code quality — prose linting is out of scope and creates noise on documentation-heavy repos.
|
|
23
|
+
- Removed now-redundant `SPELL_CSPELL` from `DISABLE_LINTERS` (covered by the descriptor-level `SPELL` disable).
|
|
24
|
+
|
|
25
|
+
### No migration required
|
|
26
|
+
|
|
27
|
+
Run `carson refresh` — the updated template propagates automatically.
|
|
28
|
+
|
|
8
29
|
## 2.17.1 — Disable IaC Security Scanners
|
|
9
30
|
|
|
10
31
|
### What changed
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
2.17.
|
|
1
|
+
2.17.3
|
|
@@ -12,13 +12,18 @@ VALIDATE_ALL_CODEBASE: false
|
|
|
12
12
|
# Exclude vendored, generated, and dependency directories.
|
|
13
13
|
FILTER_REGEX_EXCLUDE: "(vendor/|node_modules/|public/packs|public/assets|tmp/|log/|coverage/)"
|
|
14
14
|
|
|
15
|
+
# Lint code, not prose. Disable documentation-oriented descriptors.
|
|
16
|
+
DISABLE:
|
|
17
|
+
- MARKDOWN
|
|
18
|
+
- RST
|
|
19
|
+
- SPELL
|
|
20
|
+
|
|
15
21
|
# Disable linters that are too noisy without per-project configuration.
|
|
16
|
-
# checkov
|
|
17
|
-
#
|
|
18
|
-
# permissive, but MegaLinter needs these to post PR comments.
|
|
22
|
+
# checkov/kics flag Carson workflow permissions as overly permissive.
|
|
23
|
+
# devskim floods Rails apps with false-positive security warnings.
|
|
19
24
|
DISABLE_LINTERS:
|
|
20
|
-
- SPELL_CSPELL
|
|
21
25
|
- COPYPASTE_JSCPD
|
|
22
26
|
- HTML_DJLINT
|
|
23
27
|
- REPOSITORY_CHECKOV
|
|
28
|
+
- REPOSITORY_DEVSKIM
|
|
24
29
|
- REPOSITORY_KICS
|