chore(deps): update pre-commit hook zricethezav/gitleaks to v8.21.1
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
zricethezav/gitleaks | repository | minor |
v8.18.4 -> v8.21.1
|
Note: The pre-commit
manager in Renovate is not supported by the pre-commit
maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.
Release Notes
zricethezav/gitleaks (zricethezav/gitleaks)
v8.21.1
Changelog
-
cf5334f
feat: add curl basic auth rule (#1575) -
d07b394
Update spelling in README.md (#1574) -
5c03fa4
refactor(allowlist): use iota for condition (#1569) -
12034a7
refactor(config): temporarily switch to [rules.allowlist] (#1573)
v8.21.0
Changelog
-
aabe381
Define multiple allowlists per rule (#1496) -
8ea6085
build: upgrade gitleaks/go-gitdiff to v0.9.1 (#1559) -
be9d0f8
Fix rule extension (#1556) -
9988e52
Update base config allowlist (#1555) -
8fb39ba
feat(azure): detect Azure AD client secrets (#1199) -
14c924d
chore: match gitleaks.toml anywhere (#1553)
respect @rgmz @9999years
- https://github.com/gitleaks/gitleaks/issues/1333
- https://github.com/gitleaks/gitleaks/pull/1559
- https://github.com/gitleaks/gitleaks/issues/1570#issuecomment-2413947146
v8.20.1
Changelog
-
b2fbaeb
feat(config): add placeholder regexes to global allowlist (#1547) -
00bb821
feat: add PrivateAI rule (#1548) -
445abe3
Bump golang verion used in docker build to match version specified in go.mod (#1551) -
1a2f656
feat: add cohere rule (#1549) -
82d737d
feat(generate): generate global (#1546) -
f6e5499
Feat/nuget config password rule (#1540)
v8.20.0
Changelog
-
bf8a49f
Make private key check less greedy and include fifth dash (#1440) -
9c354f5
print tags if they exist -
2278a2a
Decode Base64 (#1488) -
c5b15c9
refactor(config): keyword map (#1538) -
a971a32
fix: use regexTarget for extend config (#1536) -
a0f2f46
feat: bump go to 1.22 (#1537) -
4e8d7d3
fix: handle pre-commit and staged (#1533) -
f8dcd83
Bugfix/1352 incorrect report multiple lines (#1501)
Huge huge thanks to @bplaxco for supporting b64 decoding, @recreator66 for bug fixes, and to @rgmz for his continued support of the project in the form of MRs and reviews. Thanks you!
Decoding
New Feature:Sometimes secrets are encoded in a way that can make them difficult to find
with just regex. Now you can tell gitleaks to automatically find and decode
encoded text. The flag --max-decode-depth
enables this feature (the default
value "0" means the feature is disabled by default).
Recursive decoding is supported since decoded text can also contain encoded
text. The flag --max-decode-depth
sets the recursion limit. Recursion stops
when there are no new segments of encoded text to decode, so setting a really
high max depth doesn't mean it will make that many passes. It will only make as
many as it needs to decode the text. Overall, decoding only minimally increases
scan times.
The findings for encoded text differ from normal findings in the following ways:
- The location points the bounds of the encoded text
- If the rule matches outside the encoded text, the bounds are adjusted to include that as well
- The match and secret contain the decoded value
- Two tags are added
decoded:<encoding>
anddecode-depth:<depth>
Currently supported encodings:
-
base64
(both standard and base64url)
v8.19.3
Changelog
-
ed19c4e
fix(config): extend allowlist & handle extend when validating (#1524) -
989ef19
refactor(kubernetes-secret): tweak variable chars (#1520) -
191eb43
Revert "remove validate config test temporarily" (#1529) -
78f7d3f
feat: create fly.io rule (#1528) -
7098f6d
fix: to many false-positive for gltf files, add gltf suffix to allowlist (#1527) -
97dbe1e
Add support in .gitleaksignore file comment strings (#1425) (#1502) -
9e06824
Restrict Etsy keywords (#1491) -
db78260
feat(github): add entropy to rule (#1489) -
df126a7
feat(gcp): update api key rule (#1481) -
75dd70e
fix(hashicorp): ignore common fps (#1498) -
8510d39
fix(square): make prefix case sensitive (#1469) -
3698060
refactor(kubernetes-secret): collapse rules and update regex (#1462)
v8.19.2
Changelog
-
128cd22
fix(rule): comment out errant validation case (#1509) -
1a6d2b0
remove validate config test temporarily -
0874ebc
Update README.md
v8.19.1
Changelog
v8.19.0
Changelog
-
44ad62e
Deprecatedetect
andprotect
. Addgit
,dir
,stdin
(#1504) HEY THIS IS AN IMPORTANT CHANGE. If it breaks some stuff... sorry, I'll fix it asap, just open an issue and make sure to ping me. The change is meant to be backwards compatible. -
e93a7c0
Update Harness rules to add _ and - in the account ID part. (#1503) -
4e43d11
chore: fix gl workflow error (#1487) -
bd81872
Make config generation utils public (#1480) -
3be7faa
Update Hashicorp Vault token pattern (#1483) -
1aae66d
feat(config): update rule validation (#1466) -
6dfcf5e
Update .gitleaksignore -
f361c5e
fix(detect): handle EOF with bytes (#1472) -
8a1ca9e
Added poetry.lock to default allowlist paths (#1474) -
525c4b4
refactor(sarif): remove |name| and change |shortDescription| (#1473) -
c0fda43
Use rule id for config validation error (#1463) -
d3c4b90
Use first non-empty group ifsecretGroup
isn't set (#1459) -
b4009bf
chore: remove unnecessary capture groups (#1460) -
80bd177
Return non-0 exit code fromDetectGit
(#1461) -
0334ec1
add gradle verification-metadata.xml to global allowlist (#1446) -
c1345e1
feat(openshift): add user token (#1449) -
7697b3e
(feat): Adding secret detection rule for Kubernetes secrets (#1454) -
26f3469
add version to default -
bc979de
Add go.work and go.work.sum to global allowlist (#1353) -
b899915
Add harness PAT and SAT rules (#1406) -
4c5195b
Update README.md
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.