chore(deps): update pre-commit hook zricethezav/gitleaks to v8.23.0
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
zricethezav/gitleaks | repository | minor |
v8.21.2 -> v8.23.0
|
Note: The pre-commit
manager in Renovate is not supported by the pre-commit
maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.
Release Notes
zricethezav/gitleaks (zricethezav/gitleaks)
v8.23.0
Changelog
-
db8e5e6
feat(generate): use multiple allowlists (#1691) -
973c794
chore(rules): include fps in reference (#1471) -
f0d4499
Add comma as operator for GenerateSemiGenericRegex (#1679) -
ab38a46
refactor: central logger (#1692) -
b022d1c
friendship ended with tines
READ THIS!!! The default gitleaks config now uses [[rules.allowlists]]
### ⚠️ In v8.21.0 `[rules.allowlist]` was replaced with `[[rules.allowlists]]`.
### This change was backwards-compatible: instances of `[rules.allowlist]` still work.
#
### You can define multiple allowlists for a rule to reduce false positives.
### A finding will be ignored if _ANY_ `[[rules.allowlists]]` matches.
[[rules.allowlists]]
description = "ignore commit A"
### When multiple criteria are defined the default condition is "OR".
### e.g., this can match on |commits| OR |paths| OR |stopwords|.
condition = "OR"
commits = [ "commit-A", "commit-B"]
paths = [
'''go\.mod''',
'''go\.sum'''
]
### note: stopwords targets the extracted secret, not the entire regex match
### like 'regexes' does. (stopwords introduced in 8.8.0)
stopwords = [
'''client''',
'''endpoint''',
]
[[rules.allowlists]]
### The "AND" condition can be used to make sure all criteria match.
### e.g., this matches if |regexes| AND |paths| are satisfied.
condition = "AND"
### note: |regexes| defaults to check the _Secret_ in the finding.
### Acceptable values for |regexTarget| are "secret" (default), "match", and "line".
regexTarget = "match"
regexes = [ '''(?i)parseur[il]''' ]
paths = [ '''package-lock\.json''' ]
v8.22.1
Changelog
-
b69b515
Entropy trace (#1659) -
7357adc
build: add 'toolchain' to go.mod (#1682) -
4c3da6e
refactor(detect): create readUntilSafeBoundary + add tests (#1676) -
dbe3746
twitter really does suck ass now -
7edfc6b
chore(tests): test cases for generate.go (#1623) -
efe40ca
fix: only use non-empty secret groups (#1632) -
7cb5f6f
build: upgrade sprig v2->v3 (#1674) -
2930537
fix: generate report file even if no findings (#1673)
v8.22.0
Changelog
This bumps the gitleaks binary size from around 8.5MB to 15MB but yields 2-4x speedup. Worth it imo. If you feel strongly against this change feel free to open an issue where we can discuss the tradeoffs in more depth. Credit to @ahrav
v8.21.4
Changelog
v8.21.3
Changelog
-
a9e6d8c
go mod 1.23 -
2f73a3e
Ensure keywords are downcased (#1633) -
f696605
feat: add settlemint api keys detection (#1663) -
0bf13fc
feat(dir): better chunking (#1665) -
83e99ba
feat(report): allow user-defined templates (#1650) -
e393d29
Add support for GitLab routable tokens (#1656) -
263ce82
Add freemius secret key detection (#1611) -
3c0e068
fix(kubernetes): only match 'kind: secret' (#1649) -
f3adda0
feat: use STDOUT when report file not specified (#1642) -
ed205a5
fix(dir): skip opening file&dir if allowlist matches (#1653) -
6018012
fix: increase chunk size 10kb -> 100kb (#1652) -
7f77987
feat: detect sentry.io tokens in the new format (#1640) -
48a2e0e
refactor: pre-commit hooks (#1627) -
4e303d0
fix(easypost): only detect tokens of correct length (#1628) -
c1add1d
feat(dir): continue on permission error (#1621) -
202106a
Add human readable description for curl rules (#1625) -
8e94f98
Add option to includeLine
field in report (#1616) -
dbb42a7
hm (great comment) -
2599460
Update README.md -
8ffb980
nop for stupid build -
4181ad6
Add new jira api token pattern (#1601) -
48ea14b
feat: update global & generic allowlist (#1618) -
81f0002
fix(vault-service-token): ensure that TPS contains digits (#1614) -
c11adc9
Generate comprehensive secret samples (#1484) -
d1d9054
fix(aws): detect token in url (#1615) -
5fe58bf
fix(rules): entropy, uppercase in samples (#1593) -
5c2e813
feat: tweak rules (#1608)
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.