chore(deps): update pre-commit hook gitleaks/gitleaks to v8.21.2 #265
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
| datasource | package | from | to | | ----------- | ----------------- | ------- | ------- | | github-tags | gitleaks/gitleaks | v8.18.0 | v8.21.2 |
JoeHCQ1
approved these changes
Nov 19, 2024
This was referenced Dec 9, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v8.18.0->v8.21.2Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Note: The
pre-commitmanager in Renovate is not supported by thepre-commitmaintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.Release Notes
gitleaks/gitleaks (gitleaks/gitleaks)
v8.21.2Compare Source
Changelog
43fae35feat(rules): create Octopus Deploy api key (#1602)a158e4ffix(aws-access-token): only match if correct length (#1584)b6e0eeefix(config): ignore jquery/swagger w/o version (#1607)722e7d8feat: add new GitLab tokens (#1560)961f2e6feat(generic-api-key): tune false positives (#1606)e734fcfCreate .gitleaks.toml (#1605)7206d6bfeat(curl): tweak tps and fps (#1603)2db25f1feat(config): ignore swagger-ui assets (#1604)e97695bfeat(generic-api-key): exclude keywords (#1587)0afb525feat(okta): bump entropy to 4 (#1599)2068870feat: update global allowlist (#1597)8cf93b9refactor(allowlist): deduplicate commits & keywords (#1596)50c2818feat(config): ignore jquery static assets (#1595)455ae0aMore rule fixes (#1586)5407c44chore: log skipped symlinks (#1591)d03d6c4feat: match left side of identifier (#1585)851c11awhat secrets?8cfa6b2fix(rules): add entropy (#1580)9152eaafeat(aws): add entropy & allowlist (#1582)93acc6efeat(rules): add 1password token (#1583)83a5724feat(config): add curl header rule (#1576)v8.21.1Compare Source
Changelog
cf5334ffeat: add curl basic auth rule (#1575)d07b394Update spelling in README.md (#1574)5c03fa4refactor(allowlist): use iota for condition (#1569)12034a7refactor(config): temporarily switch to [rules.allowlist] (#1573)v8.21.0Compare Source
Changelog
aabe381Define multiple allowlists per rule (#1496)8ea6085build: upgrade gitleaks/go-gitdiff to v0.9.1 (#1559)be9d0f8Fix rule extension (#1556)9988e52Update base config allowlist (#1555)8fb39bafeat(azure): detect Azure AD client secrets (#1199)14c924dchore: match gitleaks.toml anywhere (#1553)respect @rgmz @9999years
v8.20.1Compare Source
Changelog
b2fbaebfeat(config): add placeholder regexes to global allowlist (#1547)00bb821feat: add PrivateAI rule (#1548)445abe3Bump golang verion used in docker build to match version specified in go.mod (#1551)1a2f656feat: add cohere rule (#1549)82d737dfeat(generate): generate global (#1546)f6e5499Feat/nuget config password rule (#1540)v8.20.0Compare Source
Changelog
bf8a49fMake private key check less greedy and include fifth dash (#1440)9c354f5print tags if they exist2278a2aDecode Base64 (#1488)c5b15c9refactor(config): keyword map (#1538)a971a32fix: use regexTarget for extend config (#1536)a0f2f46feat: bump go to 1.22 (#1537)4e8d7d3fix: handle pre-commit and staged (#1533)f8dcd83Bugfix/1352 incorrect report multiple lines (#1501)Huge huge thanks to @bplaxco for supporting b64 decoding, @recreator66 for bug fixes, and to @rgmz for his continued support of the project in the form of PRs and reviews. Thanks you!
New Feature: Decoding
Sometimes secrets are encoded in a way that can make them difficult to find
with just regex. Now you can tell gitleaks to automatically find and decode
encoded text. The flag
--max-decode-depthenables this feature (the defaultvalue "0" means the feature is disabled by default).
Recursive decoding is supported since decoded text can also contain encoded
text. The flag
--max-decode-depthsets the recursion limit. Recursion stopswhen there are no new segments of encoded text to decode, so setting a really
high max depth doesn't mean it will make that many passes. It will only make as
many as it needs to decode the text. Overall, decoding only minimally increases
scan times.
The findings for encoded text differ from normal findings in the following
ways:
include that as well
decoded:<encoding>anddecode-depth:<depth>Currently supported encodings:
base64(both standard and base64url)v8.19.3Compare Source
Changelog
ed19c4efix(config): extend allowlist & handle extend when validating (#1524)989ef19refactor(kubernetes-secret): tweak variable chars (#1520)191eb43Revert "remove validate config test temporarily" (#1529)78f7d3ffeat: create fly.io rule (#1528)7098f6dfix: to many false-positive for gltf files, add gltf suffix to allowlist (#1527)97dbe1eAdd support in .gitleaksignore file comment strings (#1425) (#1502)9e06824Restrict Etsy keywords (#1491)db78260feat(github): add entropy to rule (#1489)df126a7feat(gcp): update api key rule (#1481)75dd70efix(hashicorp): ignore common fps (#1498)8510d39fix(square): make prefix case sensitive (#1469)3698060refactor(kubernetes-secret): collapse rules and update regex (#1462)v8.19.2Compare Source
Changelog
128cd22fix(rule): comment out errant validation case (#1509)1a6d2b0remove validate config test temporarily0874ebcUpdate README.mdv8.19.1Compare Source
Changelog
9463ffafix flag access (#1506)v8.19.0Compare Source
Changelog
44ad62eDeprecatedetectandprotect. Addgit,dir,stdin(#1504) HEY THIS IS AN IMPORTANT CHANGE. If it breaks some stuff... sorry, I'll fix it asap, just open an issue and make sure to ping me. The change is meant to be backwards compatible.e93a7c0Update Harness rules to add _ and - in the account ID part. (#1503)4e43d11chore: fix gl workflow error (#1487)bd81872Make config generation utils public (#1480)3be7faaUpdate Hashicorp Vault token pattern (#1483)1aae66dfeat(config): update rule validation (#1466)6dfcf5eUpdate .gitleaksignoref361c5efix(detect): handle EOF with bytes (#1472)8a1ca9eAdded poetry.lock to default allowlist paths (#1474)525c4b4refactor(sarif): remove |name| and change |shortDescription| (#1473)c0fda43Use rule id for config validation error (#1463)d3c4b90Use first non-empty group ifsecretGroupisn't set (#1459)b4009bfchore: remove unnecessary capture groups (#1460)80bd177Return non-0 exit code fromDetectGit(#1461)0334ec1add gradle verification-metadata.xml to global allowlist (#1446)c1345e1feat(openshift): add user token (#1449)7697b3e(feat): Adding secret detection rule for Kubernetes secrets (#1454)26f3469add version to defaultbc979deAdd go.work and go.work.sum to global allowlist (#1353)b899915Add harness PAT and SAT rules (#1406)4c5195bUpdate README.mdv8.18.4Compare Source
Changelog
02808f4Limit hashicorp-tf-password to .tf/.hcl files (#1420)07e1c30rm printdb63fc1reduce telegram... todo url and xml for later9a4538ccoderabbit.ai <3fe94ef9Add NewRelic insert key detection (#1417)bb4424dImproved Telegram bot token rule regex and added more test cases (#1404)575e923Add intra42 client secret (#1408)Shout out to @coderabbit for their sponsorship!
v8.18.3Compare Source
Changelog
39947b0extend FB access token discovery (#1407)79cac73tests: scalingo validation consistent test (#1359)247f423add real (test) standard and restricted keys (#1375)821b232Add Cloudflare API and Origin CA keys (#1374)57ac4b3Update "contributing guidelines" link (#1390)db69e82add update token from square (#1370)4b54328feat: facebook secret, access token, and page access token rules (#1372)979f213update mailchimp with new tokens (#1376)59c0cc7Append ordered rules when extending (#1304)6c52f87fix: age rule id with dashes (#1349)247a5e7patching golang.org/x/text for CVE-2021-38561 and CVE-2022-32149 (#1342)8d23afdUse latest base images. (#1334)v8.18.2Compare Source
Changelog
ac4b514removed gitleaks user from Dockerfile (#1313)76c9e31Remove IAM identifiers for non-credential resources in the aws-access-token rule (#1307)afe046bUpdate stripe rule to not alert on publishable keys (#1320)8b8920d--max-target-megabytes flag now supported for --no-git flag as well (#1330)a59289cadd pre-commit hook gitleaks-system (#1225)870194bfix errors when using protect and an external git diff tool (#1318)179c607rename filesystem to directory (#1317)8de8938Enhance Secret Descriptions (#1300)ca7aa14Small refactordetectandsources(#1297)01e60c8chore(config): refactor to go generate; simplify configRules init (#1295)54f5f04forgot symlinks221d5c4pretty apparent 'protect' and 'detect' should be merged into one command (#1294)128b50fstyle: sort the stopwords (#1289)v8.18.1Compare Source
Changelog
dab7d02dont crash on 100gb files pls (#1292)e63b657remove secretgroup from default config (#1288)20fcf50feat: Hashicorp Terraform fields for password (#1237)b496677perf: avoid allocations with(*regexp.Regexp).MatchString(#1283)a3ab4e8refactor: more explicit rules (#1280)bd9a25abugfix: reduce false positives for stripe tokens by using word boundaries in regex (#1278)6d0d8b5add Infracost API rule (#1273)2959fc0refactor: simplify test asserts (#1271)d37b38fUpdate Makefile14b1ca9refactor: change detect tests to t.Fatal instead of log.Fatal (#1270)d9f86d6feat(rules): Add detection for Scalingo API Token (#1262)ed34259feat(jwt): detect base64-encoded tokens (#1256)0d5e46ffeat: add --ignore-gitleaks-allow cmd flag (#1260)a82ac29switch out libs (#1259)0b84afafix: no-color option should also affect zerolog output (#1242)8976539Fixed lineEnd indexing if the match is the whole line (#1223)30c6117feat: Add optional redaction value, default 100 (#1229)e9135cffix(jwt): longer segment lengths (#1214)f65f915Added yarn.lock file to default allowlist paths (#1258)abfd0f3Update README.md18283bbfeat(rules): make case insensitivity optional (#1215)9fb36b2feat(rules): detect Hugging Face access tokens (#1204)db4bc0fResolve #1170 - Enable selection of a single rule (#1183)3cbcda2Update authress.go to include alternate form account dash (-) (#1224)46c6272refactor: remove unnecessary removing temp files in tests (#1255)963a697refactor: use os.ReadFile instead of os.Open + io.ReadAll (#1254)163ec21fix(sumologic): improve patterns (#1218)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.