Bump trufflesecurity/trufflehog from 3.84.1 to 3.84.2

[dependabot]

Bumps trufflesecurity/trufflehog from 3.84.1 to 3.84.2.

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.84.2

What's Changed

• fix(deps): update module github.com/stretchr/testify to v1.10.0 by @​renovate in trufflesecurity/trufflehog#3659
• Fix multiple package error in tests by @​rgmz in trufflesecurity/trufflehog#3661
• [scan-9] Update enumeration logic by @​0x1 in trufflesecurity/trufflehog#3626
• Add Scan method to SourceManager to scan a single SourceUnit by @​mcastorina in trufflesecurity/trufflehog#3650
• fix(deps): update module github.com/couchbase/gocb/v2 to v2.9.3 by @​renovate in trufflesecurity/trufflehog#3682
• chore(deps): update jaxxstorm/action-install-gh-release action to v1.14.0 by @​renovate in trufflesecurity/trufflehog#3672
• [feat] - S3 metrics by @​ahrav in trufflesecurity/trufflehog#3577
• fixed api flash detector by @​kashifkhan0771 in trufflesecurity/trufflehog#3666
• Added pattern unit tests for detectors starting with the letters n through o by @​nabeelalam in trufflesecurity/trufflehog#3685
• fix(deps): update module github.com/jedib0t/go-pretty/v6 to v6.6.3 by @​renovate in trufflesecurity/trufflehog#3690
• Updated/fixed the function names of pattern tests for detectors n through o by @​nabeelalam in trufflesecurity/trufflehog#3691
• fix(deps): update module github.com/wasilibs/go-re2 to v1.8.0 by @​renovate in trufflesecurity/trufflehog#3695
• Added pattern unit tests for detectors starting with the letters p through q by @​nabeelalam in trufflesecurity/trufflehog#3710

Full Changelog: trufflesecurity/trufflehog@v3.84.1...v3.84.2

Commits

• 35943b4 added and updated pattern tests for detectors starting from p to q (#3710)
• 31b4dc2 fix(deps): update module github.com/wasilibs/go-re2 to v1.8.0 (#3695)
• fe6773e updated the function names of new pattern tests for detetors n through o (#3691)
• fe2613a fix(deps): update module github.com/jedib0t/go-pretty/v6 to v6.6.3 (#3690)
• 2b918be Added pattern unit tests for detectors starting with the letters n through o ...
• a16e5ab fixed api flash detector (#3666)
• 7b3d98d [feat] - S3 metrics (#3577)
• 33879e4 chore(deps): update jaxxstorm/action-install-gh-release action to v1.14.0 (#3...
• 06ef49a fix(deps): update module github.com/couchbase/gocb/v2 to v2.9.3 (#3682)
• 1e5aac4 Add Scan method to SourceManager to scan a single SourceUnit (#3650)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 1 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 5f9dce7.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

.github/workflows/trufflehog.yml

Package	Version	License	Issue Type
trufflesecurity/trufflehog	35943b41905eb1195f021955da17c233ed555e24	AGPL-3.0	Incompatible License

Allowed Licenses: Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, MPL-2.0, MIT

OpenSSF Scorecard

Package	Version	Score	Details
actions/trufflesecurity/trufflehog	35943b41905eb1195f021955da17c233ed555e24	🟢 7.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Binary-Artifacts 🟢 9 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits

Scanned Files

• .github/workflows/trufflehog.yml