carson 2.17.2 → 2.17.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/RELEASE.md +10 -0
  3. data/VERSION +1 -1
  4. data/templates/.github/.mega-linter.yml +3 -3
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2ce95d5142cc99fa43b36a427d81bbef42e679995d5411725cccc8c71e971113
4
- data.tar.gz: 7aa827c334d0af7057507ace09075e3fdb4e3059bc1a64738732a32a413590c0
3
+ metadata.gz: 5bde6debe9c12b4b57b2d595770ee04986088ceddefb0cb207f9949b2f97bc01
4
+ data.tar.gz: 8b12ea1880da432312c1a0052dfb1b8c5fc3f3770ddca8c1b79f91f56fe3b28e
5
5
  SHA512:
6
- metadata.gz: 6980778df5332d35665b5c4dfa974fa635a572f7c99cc5995a97ff85800920caa3546ea155368d12bdb5c147850eb7dcb374068830fb166a6930bcd2bba8905e
7
- data.tar.gz: 0abf3dad0910f1a824af97ca6baacfb63cb2ee4f43c1a0161883b38c8b5c9827a052cb73f7a5fab76281581dcc3c3ec9f35800e27598ce48dfd468e055c416d2
6
+ metadata.gz: fa9ed36d6a2e14a60f42f1f29d54ebf07592996ca2385403070287eb27e9f85d1b7eafce43eb51d0baccb2989b37ec3f17356a37480b8f893b9ae0452975bb3b
7
+ data.tar.gz: '08e05edcad552d42a734b5d095d2fadbf2bee497df1098fa119377a99d8092f99dbdd06ef7e4839cd36254f3b2122429d3be1bc8af45de8872148e824d3d2878'
data/RELEASE.md CHANGED
@@ -5,6 +5,16 @@ Release-note scope rule:
5
5
  - `RELEASE.md` records only version deltas, breaking changes, and migration actions.
6
6
  - Operational usage guides live in `MANUAL.md` and `API.md`.
7
7
 
8
+ ## 2.17.3 — Disable DevSkim
9
+
10
+ ### What changed
11
+
12
+ - Disabled `REPOSITORY_DEVSKIM` in MegaLinter config. DevSkim floods Rails apps with false-positive security warnings (78 warnings on a fresh Rails 8 scaffold).
13
+
14
+ ### No migration required
15
+
16
+ Run `carson refresh` — the updated template propagates automatically.
17
+
8
18
  ## 2.17.2 — Lint Code, Not Prose
9
19
 
10
20
  ### What changed
data/VERSION CHANGED
@@ -1 +1 @@
1
- 2.17.2
1
+ 2.17.3
data/templates/.github/.mega-linter.yml CHANGED
@@ -19,11 +19,11 @@ DISABLE:
19
19
  - SPELL
20
20
 
21
21
  # Disable linters that are too noisy without per-project configuration.
22
- # checkov and kics are IaC security scanners they flag Carson's own
23
- # workflow permissions (issues: write, pull-requests: write) as overly
24
- # permissive, but MegaLinter needs these to post PR comments.
22
+ # checkov/kics flag Carson workflow permissions as overly permissive.
23
+ # devskim floods Rails apps with false-positive security warnings.
25
24
  DISABLE_LINTERS:
26
25
  - COPYPASTE_JSCPD
27
26
  - HTML_DJLINT
28
27
  - REPOSITORY_CHECKOV
28
+ - REPOSITORY_DEVSKIM
29
29
  - REPOSITORY_KICS
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: carson
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.17.2
4
+ version: 2.17.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Hailei Wang