chore(deps): update pre-commit hook zricethezav/gitleaks to v8.21.1
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| zricethezav/gitleaks | repository | minor |
v8.18.4 -> v8.21.1
|
Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.
Release Notes
zricethezav/gitleaks (zricethezav/gitleaks)
v8.21.1
Changelog
-
cf5334ffeat: add curl basic auth rule (#1575) -
d07b394Update spelling in README.md (#1574) -
5c03fa4refactor(allowlist): use iota for condition (#1569) -
12034a7refactor(config): temporarily switch to [rules.allowlist] (#1573)
v8.21.0
Changelog
-
aabe381Define multiple allowlists per rule (#1496) -
8ea6085build: upgrade gitleaks/go-gitdiff to v0.9.1 (#1559) -
be9d0f8Fix rule extension (#1556) -
9988e52Update base config allowlist (#1555) -
8fb39bafeat(azure): detect Azure AD client secrets (#1199) -
14c924dchore: match gitleaks.toml anywhere (#1553)
respect @rgmz @9999years
- https://github.com/gitleaks/gitleaks/issues/1333
- https://github.com/gitleaks/gitleaks/pull/1559
- https://github.com/gitleaks/gitleaks/issues/1570#issuecomment-2413947146
v8.20.1
Changelog
-
b2fbaebfeat(config): add placeholder regexes to global allowlist (#1547) -
00bb821feat: add PrivateAI rule (#1548) -
445abe3Bump golang verion used in docker build to match version specified in go.mod (#1551) -
1a2f656feat: add cohere rule (#1549) -
82d737dfeat(generate): generate global (#1546) -
f6e5499Feat/nuget config password rule (#1540)
v8.20.0
Changelog
-
bf8a49fMake private key check less greedy and include fifth dash (#1440) -
9c354f5print tags if they exist -
2278a2aDecode Base64 (#1488) -
c5b15c9refactor(config): keyword map (#1538) -
a971a32fix: use regexTarget for extend config (#1536) -
a0f2f46feat: bump go to 1.22 (#1537) -
4e8d7d3fix: handle pre-commit and staged (#1533) -
f8dcd83Bugfix/1352 incorrect report multiple lines (#1501)
Huge huge thanks to @bplaxco for supporting b64 decoding, @recreator66 for bug fixes, and to @rgmz for his continued support of the project in the form of MRs and reviews. Thanks you!
New Feature: Decoding
Sometimes secrets are encoded in a way that can make them difficult to find
with just regex. Now you can tell gitleaks to automatically find and decode
encoded text. The flag --max-decode-depth enables this feature (the default
value "0" means the feature is disabled by default).
Recursive decoding is supported since decoded text can also contain encoded
text. The flag --max-decode-depth sets the recursion limit. Recursion stops
when there are no new segments of encoded text to decode, so setting a really
high max depth doesn't mean it will make that many passes. It will only make as
many as it needs to decode the text. Overall, decoding only minimally increases
scan times.
The findings for encoded text differ from normal findings in the following ways:
- The location points the bounds of the encoded text
- If the rule matches outside the encoded text, the bounds are adjusted to include that as well
- The match and secret contain the decoded value
- Two tags are added
decoded:<encoding>anddecode-depth:<depth>
Currently supported encodings:
-
base64(both standard and base64url)
v8.19.3
Changelog
-
ed19c4efix(config): extend allowlist & handle extend when validating (#1524) -
989ef19refactor(kubernetes-secret): tweak variable chars (#1520) -
191eb43Revert "remove validate config test temporarily" (#1529) -
78f7d3ffeat: create fly.io rule (#1528) -
7098f6dfix: to many false-positive for gltf files, add gltf suffix to allowlist (#1527) -
97dbe1eAdd support in .gitleaksignore file comment strings (#1425) (#1502) -
9e06824Restrict Etsy keywords (#1491) -
db78260feat(github): add entropy to rule (#1489) -
df126a7feat(gcp): update api key rule (#1481) -
75dd70efix(hashicorp): ignore common fps (#1498) -
8510d39fix(square): make prefix case sensitive (#1469) -
3698060refactor(kubernetes-secret): collapse rules and update regex (#1462)
v8.19.2
Changelog
-
128cd22fix(rule): comment out errant validation case (#1509) -
1a6d2b0remove validate config test temporarily -
0874ebcUpdate README.md
v8.19.1
Changelog
v8.19.0
Changelog
-
44ad62eDeprecatedetectandprotect. Addgit,dir,stdin(#1504) HEY THIS IS AN IMPORTANT CHANGE. If it breaks some stuff... sorry, I'll fix it asap, just open an issue and make sure to ping me. The change is meant to be backwards compatible. -
e93a7c0Update Harness rules to add _ and - in the account ID part. (#1503) -
4e43d11chore: fix gl workflow error (#1487) -
bd81872Make config generation utils public (#1480) -
3be7faaUpdate Hashicorp Vault token pattern (#1483) -
1aae66dfeat(config): update rule validation (#1466) -
6dfcf5eUpdate .gitleaksignore -
f361c5efix(detect): handle EOF with bytes (#1472) -
8a1ca9eAdded poetry.lock to default allowlist paths (#1474) -
525c4b4refactor(sarif): remove |name| and change |shortDescription| (#1473) -
c0fda43Use rule id for config validation error (#1463) -
d3c4b90Use first non-empty group ifsecretGroupisn't set (#1459) -
b4009bfchore: remove unnecessary capture groups (#1460) -
80bd177Return non-0 exit code fromDetectGit(#1461) -
0334ec1add gradle verification-metadata.xml to global allowlist (#1446) -
c1345e1feat(openshift): add user token (#1449) -
7697b3e(feat): Adding secret detection rule for Kubernetes secrets (#1454) -
26f3469add version to default -
bc979deAdd go.work and go.work.sum to global allowlist (#1353) -
b899915Add harness PAT and SAT rules (#1406) -
4c5195bUpdate README.md
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.