Skip to content

re-enable flow scanner #6262

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 18 commits into
base: main
Choose a base branch
from
Draft

re-enable flow scanner #6262

wants to merge 18 commits into from

Conversation

RubenHalman
Copy link

@RubenHalman RubenHalman commented Oct 2, 2025
edited
Loading

Hi @nvuillam and @llaville ,

First off, I'd really love the opportunity to contribute to MegaLinter, but its turning out to be a bit of a challenge for me!
After deprecating parts of the Lightning Flow Scanner Org and unpublishing the original sfdx version on NPM, I have continued to deliver v5.6, a more secure version. Id love to integrate this more robust version in Mega Linter, as the functionality remains the same. Thank you for your consideration and support.

cursor[bot]

This comment was marked as outdated.

Sign in to view

@echoix
Copy link
Collaborator

echoix commented Oct 2, 2025
edited
Loading

You mention above that you worked on publishing v5.8 (up from some v4.3x something), but I only see 5.1.0 in a repo, and 5.2.0 in another.
The organization seemed to have changed, and it’s the first release (at least since a while) from a new author. Not seeing the v5.0.0 published, and not seeing the notices that show how and why the repo isn’t archived anymore, I can’t do anything but be cautious and want to understand a bit more. (You seem to be part of the history for a couple years, unless rebases have been made, so I don’t think it’s a repo hijacking, but still want to check)

echoix
echoix reviewed Oct 2, 2025
View reviewed changes
Copy link
Collaborator

@echoix echoix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple things, and you might know more on the nature of the changes needed. Most of the work only needs to be done in the descriptor file, the rest is generated from there

RubenHalman
RubenHalman commented Oct 2, 2025
View reviewed changes
cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

@RubenHalman
Copy link
Author

RubenHalman commented Oct 4, 2025
edited
Loading

@nvuillam Hi Nicolas, I hope all is well. I'd really appreciate your consideration of the RCE vulnerability and reeanabling

cursor[bot]

This comment was marked as outdated.

Sign in to view

@RubenHalman RubenHalman requested a review from echoix October 5, 2025 01:29
@RubenHalman RubenHalman mentioned this pull request Oct 6, 2025
Open
@RubenHalman RubenHalman marked this pull request as draft October 6, 2025 14:00
@RubenHalman
Copy link
Author

@echoix Thank you so much for your prompt reply and support. I would like to clarify:

Version 5.2 was the latest on NPM before being unpublished due to an RCE vulnerability, as explained in the core package. The original Lightning Flow Scanner SFDX repo has been relocated, previous references still work and functionality for MegaLinter remains unaffected. The NPM package is now patched, and it turns out we do not need to rescope, and a new version 5.6 is available at www.npmjs.com/package/lightning-flow-scanner.

In short:

  • Lightning Flow Scanner can be re enabled with v5.6.2
  • The Microsoft marketplace name has changed, and related documentation has been updated.

Based on your feedback, I tried to keep the current naming intact and decided to only update the version numbers and documentation. Could you advise on the steps needed to proceed re enabling LFS?

@RubenHalman RubenHalman marked this pull request as ready for review October 6, 2025 14:43
@RubenHalman RubenHalman marked this pull request as draft October 10, 2025 16:50
RubenHalman
RubenHalman commented Oct 11, 2025
View reviewed changes
.automation/generated/linter-versions.json
"kubescape": "3.0.41",
"kubeval": "0.16.1",
"lightning-flow-scanner": "3.29.0",
"lightning-flow-scanner-cli": "3.29.0",
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

revert

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@nvuillam nvuillam Awaiting requested review from nvuillam nvuillam is a code owner

@bdovaz bdovaz Awaiting requested review from bdovaz bdovaz is a code owner

@Kurt-von-Laven Kurt-von-Laven Awaiting requested review from Kurt-von-Laven Kurt-von-Laven is a code owner

@echoix echoix Awaiting requested review from echoix echoix is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RubenHalman @echoix