chore(deps): update pre-commit hook zricethezav/gitleaks to v8.23.3

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
zricethezav/gitleaks	repository	minor	v8.21.1 -> v8.23.3

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

zricethezav/gitleaks (zricethezav/gitleaks)

v8.23.3

Compare Source

Changelog

• 3188ad6 Don't exit with error if git repacking is required (#​1711)
• 7fc11bb refactor(config): use non-capture groups for allowlists (#​1735)
• 36c52c6 chore: Enhance curl-auth-user to detect empty usernames or passwords (#​1726)
• 1f323d8 fix(cmd): read log-opts before GitLogCmd (#​1730)

v8.23.2

Compare Source

Changelog

• d88bc09 facebook keyword
• 3fdaefd fix(meraki): restrict keyword case (#​1722)
• f3ae52e feat(generic-api-key): detect base64 (#​1598)
• d6a828a great branch name (#​1721)
• d2ffffe fix(git): remove .git suffix for links (#​1716)
• a43dc0d chore: refine generic-api-key fps + trace logging (#​1720)
• 69ed20e fix(generate): move newline out of char range (#​1719)
• 52b895a newline literal (#​1718)
• 3f4d91f build: support either stdlib or 3rd-party regexp (#​1706)
• 049f5b2 chore(detect): update trace logging (#​1713)
• 7a6183d feat(git): redact passwords from remote URL (#​1709)
• 3c7f3f0 feat(git): include link in report (#​1698)
• 0e3f4f7 chore: reduce generic-api-key fps (#​1707)
• 3ed8567 blorp
• e977850 added new rule for cisco meraki api key (#​1700)
• ad7a4fb feat: general fp tweaks (#​1703)
• b2cf03c chore(generate): use \x60 instead of literal (#​1702)
• a3f623c chore(regex): simplify secretPrefix, suffix (#​1620)
• cc71bb1 update version for pre-commit in README.md (#​1699)

v8.23.1

Compare Source

Changelog

• 7bad9f7 chore(gcp): add firebase example keys to the gcp-api-key allowlists (#​1635)
• 977236c fix: unaligned 64-bit atomic operation panic (#​1696)
• a211b16 force push to master everyday
• 0e5f644 feat(config): disable extended rule (#​1535)
• f320a60 style: prevent globbing and word splitting (#​1543)
• c4526b2 refactor(generic-api-key): remove hard-coded 'magic' (#​1600)
• 748076d chore(generate): add failing test case (#​1690)

v8.23.0

Compare Source

Changelog

• db8e5e6 feat(generate): use multiple allowlists (#​1691)
• 973c794 chore(rules): include fps in reference (#​1471)
• f0d4499 Add comma as operator for GenerateSemiGenericRegex (#​1679)
• ab38a46 refactor: central logger (#​1692)
• b022d1c friendship ended with tines

READ THIS!!! The default gitleaks config now uses [[rules.allowlists]]

### ⚠️ In v8.21.0 `[rules.allowlist]` was replaced with `[[rules.allowlists]]`.
### This change was backwards-compatible: instances of `[rules.allowlist]` still  work.
    #

### You can define multiple allowlists for a rule to reduce false positives.
### A finding will be ignored if _ANY_ `[[rules.allowlists]]` matches.
    [[rules.allowlists]]
    description = "ignore commit A"

### When multiple criteria are defined the default condition is "OR".
### e.g., this can match on |commits| OR |paths| OR |stopwords|.
    condition = "OR"
    commits = [ "commit-A", "commit-B"]
    paths = [
      '''go\.mod''',
      '''go\.sum'''
    ]

### note: stopwords targets the extracted secret, not the entire regex match
### like 'regexes' does. (stopwords introduced in 8.8.0)
    stopwords = [
      '''client''',
      '''endpoint''',
    ]

    [[rules.allowlists]]

### The "AND" condition can be used to make sure all criteria match.
### e.g., this matches if |regexes| AND |paths| are satisfied.
    condition = "AND"

### note: |regexes| defaults to check the _Secret_ in the finding.
### Acceptable values for |regexTarget| are "secret" (default), "match", and "line".
    regexTarget = "match"
    regexes = [ '''(?i)parseur[il]''' ]
    paths = [ '''package-lock\.json''' ]

v8.22.1

Compare Source

Changelog

• b69b515 Entropy trace (#​1659)
• 7357adc build: add 'toolchain' to go.mod (#​1682)
• 4c3da6e refactor(detect): create readUntilSafeBoundary + add tests (#​1676)
• dbe3746 twitter really does suck ass now
• 7edfc6b chore(tests): test cases for generate.go (#​1623)
• efe40ca fix: only use non-empty secret groups (#​1632)
• 7cb5f6f build: upgrade sprig v2->v3 (#​1674)
• 2930537 fix: generate report file even if no findings (#​1673)

v8.22.0

Compare Source

Changelog

• a91c671 replace std library regex engine with go-re2 (#​1669)

---

This bumps the gitleaks binary size from around 8.5MB to 15MB but yields 2-4x speedup. Worth it imo. If you feel strongly against this change feel free to open an issue where we can discuss the tradeoffs in more depth. Credit to @​ahrav

v8.21.4

Compare Source

Changelog

• 906085f Update golang version to 1.23 (#​1672)
• 8a83062 log bytes (#​1670)

v8.21.3

Compare Source

Changelog

• a9e6d8c go mod 1.23
• 2f73a3e Ensure keywords are downcased (#​1633)
• f696605 feat: add settlemint api keys detection (#​1663)
• 0bf13fc feat(dir): better chunking (#​1665)
• 83e99ba feat(report): allow user-defined templates (#​1650)
• e393d29 Add support for GitLab routable tokens (#​1656)
• 263ce82 Add freemius secret key detection (#​1611)
• 3c0e068 fix(kubernetes): only match 'kind: secret' (#​1649)
• f3adda0 feat: use STDOUT when report file not specified (#​1642)
• ed205a5 fix(dir): skip opening file&dir if allowlist matches (#​1653)
• 6018012 fix: increase chunk size 10kb -> 100kb (#​1652)
• 7f77987 feat: detect sentry.io tokens in the new format (#​1640)
• 48a2e0e refactor: pre-commit hooks (#​1627)
• 4e303d0 fix(easypost): only detect tokens of correct length (#​1628)
• c1add1d feat(dir): continue on permission error (#​1621)
• 202106a Add human readable description for curl rules (#​1625)
• 8e94f98 Add option to include Line field in report (#​1616)
• dbb42a7 hm (great comment)
• 2599460 Update README.md
• 8ffb980 nop for stupid build
• 4181ad6 Add new jira api token pattern (#​1601)
• 48ea14b feat: update global & generic allowlist (#​1618)
• 81f0002 fix(vault-service-token): ensure that TPS contains digits (#​1614)
• c11adc9 Generate comprehensive secret samples (#​1484)
• d1d9054 fix(aws): detect token in url (#​1615)
• 5fe58bf fix(rules): entropy, uppercase in samples (#​1593)
• 5c2e813 feat: tweak rules (#​1608)

v8.21.2

Compare Source

Changelog

• 43fae35 feat(rules): create Octopus Deploy api key (#​1602)
• a158e4f fix(aws-access-token): only match if correct length (#​1584)
• b6e0eee fix(config): ignore jquery/swagger w/o version (#​1607)
• 722e7d8 feat: add new GitLab tokens (#​1560)
• 961f2e6 feat(generic-api-key): tune false positives (#​1606)
• e734fcf Create .gitleaks.toml (#​1605)
• 7206d6b feat(curl): tweak tps and fps (#​1603)
• 2db25f1 feat(config): ignore swagger-ui assets (#​1604)
• e97695b feat(generic-api-key): exclude keywords (#​1587)
• 0afb525 feat(okta): bump entropy to 4 (#​1599)
• 2068870 feat: update global allowlist (#​1597)
• 8cf93b9 refactor(allowlist): deduplicate commits & keywords (#​1596)
• 50c2818 feat(config): ignore jquery static assets (#​1595)
• 455ae0a More rule fixes (#​1586)
• 5407c44 chore: log skipped symlinks (#​1591)
• d03d6c4 feat: match left side of identifier (#​1585)
• 851c11a what secrets?
• 8cfa6b2 fix(rules): add entropy (#​1580)
• 9152eaa feat(aws): add entropy & allowlist (#​1582)
• 93acc6e feat(rules): add 1password token (#​1583)
• 83a5724 feat(config): add curl header rule (#​1576)

---

Configuration

📅 Schedule: Branch creation - "on saturday" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.