-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(github-release): update pre-commit hook zricethezav/gitleaks to v8.24.0 #108
Open
renovate
wants to merge
1
commit into
main
Choose a base branch
from
renovate/zricethezav-gitleaks-8.x
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+1
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
701f54f
to
f9e17e0
Compare
f9e17e0
to
8217f1e
Compare
8217f1e
to
fc08b07
Compare
fc08b07
to
8f691b3
Compare
8f691b3
to
4490f54
Compare
4490f54
to
4a81b74
Compare
4a81b74
to
4d237ee
Compare
4d237ee
to
eabaac9
Compare
eabaac9
to
4983f30
Compare
4983f30
to
929a24b
Compare
929a24b
to
e93895b
Compare
e93895b
to
fe1b538
Compare
fe1b538
to
8fcaaa9
Compare
8fcaaa9
to
4993b02
Compare
4993b02
to
675cfe4
Compare
…v8.24.0 | datasource | package | from | to | | ----------- | -------------------- | ------- | ------- | | github-tags | zricethezav/gitleaks | v8.18.4 | v8.24.0 |
675cfe4
to
f87b387
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v8.18.4
->v8.24.0
Note: The
pre-commit
manager in Renovate is not supported by thepre-commit
maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.Release Notes
zricethezav/gitleaks (zricethezav/gitleaks)
v8.24.0
Compare Source
Changelog
c2afd56
Make paths and fingerprints platform-agnostic (#1622)818e32f
Add Sonar rule (#1756)3fa5a3a
Minor false positive improvements (#1758)2020e6a
Add support for streaming DetectReader (#1760)9122a2d
chore: Update github.com/wasilibs/go-re2 to v1.9.0 (#1763)398d0c4
docs: describe extended rules take precedence over base rules (#1563)ae26eff
feat(git): disable link generation (#1748)c6424a6
added sourcegraph token rule (#1736)6411402
feat(config): add rule for .p12 files (#1738)d71d95d
add deno.lock to default exclusions (#1740)v8.23.3
Compare Source
Changelog
3188ad6
Don't exit with error if git repacking is required (#1711)7fc11bb
refactor(config): use non-capture groups for allowlists (#1735)36c52c6
chore: Enhancecurl-auth-user
to detect empty usernames or passwords (#1726)1f323d8
fix(cmd): read log-opts before GitLogCmd (#1730)v8.23.2
Compare Source
Changelog
d88bc09
facebook keyword3fdaefd
fix(meraki): restrict keyword case (#1722)f3ae52e
feat(generic-api-key): detect base64 (#1598)d6a828a
great branch name (#1721)d2ffffe
fix(git): remove .git suffix for links (#1716)a43dc0d
chore: refine generic-api-key fps + trace logging (#1720)69ed20e
fix(generate): move newline out of char range (#1719)52b895a
newline literal (#1718)3f4d91f
build: support either stdlib or 3rd-party regexp (#1706)049f5b2
chore(detect): update trace logging (#1713)7a6183d
feat(git): redact passwords from remote URL (#1709)3c7f3f0
feat(git): include link in report (#1698)0e3f4f7
chore: reduce generic-api-key fps (#1707)3ed8567
blorpe977850
added new rule for cisco meraki api key (#1700)ad7a4fb
feat: general fp tweaks (#1703)b2cf03c
chore(generate): use \x60 instead of literal (#1702)a3f623c
chore(regex): simplify secretPrefix, suffix (#1620)cc71bb1
update version for pre-commit in README.md (#1699)v8.23.1
Compare Source
Changelog
7bad9f7
chore(gcp): add firebase example keys to the gcp-api-key allowlists (#1635)977236c
fix: unaligned 64-bit atomic operation panic (#1696)a211b16
force push to master everyday0e5f644
feat(config): disable extended rule (#1535)f320a60
style: prevent globbing and word splitting (#1543)c4526b2
refactor(generic-api-key): remove hard-coded 'magic' (#1600)748076d
chore(generate): add failing test case (#1690)v8.23.0
Compare Source
Changelog
db8e5e6
feat(generate): use multiple allowlists (#1691)973c794
chore(rules): include fps in reference (#1471)f0d4499
Add comma as operator for GenerateSemiGenericRegex (#1679)ab38a46
refactor: central logger (#1692)b022d1c
friendship ended with tinesREAD THIS!!! The default gitleaks config now uses
[[rules.allowlists]]
v8.22.1
Compare Source
Changelog
b69b515
Entropy trace (#1659)7357adc
build: add 'toolchain' to go.mod (#1682)4c3da6e
refactor(detect): create readUntilSafeBoundary + add tests (#1676)dbe3746
twitter really does suck ass now7edfc6b
chore(tests): test cases for generate.go (#1623)efe40ca
fix: only use non-empty secret groups (#1632)7cb5f6f
build: upgrade sprig v2->v3 (#1674)2930537
fix: generate report file even if no findings (#1673)v8.22.0
Compare Source
Changelog
a91c671
replace std library regex engine with go-re2 (#1669)This bumps the gitleaks binary size from around 8.5MB to 15MB but yields 2-4x speedup. Worth it imo. If you feel strongly against this change feel free to open an issue where we can discuss the tradeoffs in more depth. Credit to @ahrav
v8.21.4
Compare Source
Changelog
906085f
Update golang version to 1.23 (#1672)8a83062
log bytes (#1670)v8.21.3
Compare Source
Changelog
a9e6d8c
go mod 1.232f73a3e
Ensure keywords are downcased (#1633)f696605
feat: add settlemint api keys detection (#1663)0bf13fc
feat(dir): better chunking (#1665)83e99ba
feat(report): allow user-defined templates (#1650)e393d29
Add support for GitLab routable tokens (#1656)263ce82
Add freemius secret key detection (#1611)3c0e068
fix(kubernetes): only match 'kind: secret' (#1649)f3adda0
feat: use STDOUT when report file not specified (#1642)ed205a5
fix(dir): skip opening file&dir if allowlist matches (#1653)6018012
fix: increase chunk size 10kb -> 100kb (#1652)7f77987
feat: detect sentry.io tokens in the new format (#1640)48a2e0e
refactor: pre-commit hooks (#1627)4e303d0
fix(easypost): only detect tokens of correct length (#1628)c1add1d
feat(dir): continue on permission error (#1621)202106a
Add human readable description for curl rules (#1625)8e94f98
Add option to includeLine
field in report (#1616)dbb42a7
hm (great comment)2599460
Update README.md8ffb980
nop for stupid build4181ad6
Add new jira api token pattern (#1601)48ea14b
feat: update global & generic allowlist (#1618)81f0002
fix(vault-service-token): ensure that TPS contains digits (#1614)c11adc9
Generate comprehensive secret samples (#1484)d1d9054
fix(aws): detect token in url (#1615)5fe58bf
fix(rules): entropy, uppercase in samples (#1593)5c2e813
feat: tweak rules (#1608)v8.21.2
Compare Source
Changelog
43fae35
feat(rules): create Octopus Deploy api key (#1602)a158e4f
fix(aws-access-token): only match if correct length (#1584)b6e0eee
fix(config): ignore jquery/swagger w/o version (#1607)722e7d8
feat: add new GitLab tokens (#1560)961f2e6
feat(generic-api-key): tune false positives (#1606)e734fcf
Create .gitleaks.toml (#1605)7206d6b
feat(curl): tweak tps and fps (#1603)2db25f1
feat(config): ignore swagger-ui assets (#1604)e97695b
feat(generic-api-key): exclude keywords (#1587)0afb525
feat(okta): bump entropy to 4 (#1599)2068870
feat: update global allowlist (#1597)8cf93b9
refactor(allowlist): deduplicate commits & keywords (#1596)50c2818
feat(config): ignore jquery static assets (#1595)455ae0a
More rule fixes (#1586)5407c44
chore: log skipped symlinks (#1591)d03d6c4
feat: match left side of identifier (#1585)851c11a
what secrets?8cfa6b2
fix(rules): add entropy (#1580)9152eaa
feat(aws): add entropy & allowlist (#1582)93acc6e
feat(rules): add 1password token (#1583)83a5724
feat(config): add curl header rule (#1576)v8.21.1
Compare Source
Changelog
cf5334f
feat: add curl basic auth rule (#1575)d07b394
Update spelling in README.md (#1574)5c03fa4
refactor(allowlist): use iota for condition (#1569)12034a7
refactor(config): temporarily switch to [rules.allowlist] (#1573)v8.21.0
Compare Source
Changelog
aabe381
Define multiple allowlists per rule (#1496)8ea6085
build: upgrade gitleaks/go-gitdiff to v0.9.1 (#1559)be9d0f8
Fix rule extension (#1556)9988e52
Update base config allowlist (#1555)8fb39ba
feat(azure): detect Azure AD client secrets (#1199)14c924d
chore: match gitleaks.toml anywhere (#1553)respect @rgmz @9999years
v8.20.1
Compare Source
Changelog
b2fbaeb
feat(config): add placeholder regexes to global allowlist (#1547)00bb821
feat: add PrivateAI rule (#1548)445abe3
Bump golang verion used in docker build to match version specified in go.mod (#1551)1a2f656
feat: add cohere rule (#1549)82d737d
feat(generate): generate global (#1546)f6e5499
Feat/nuget config password rule (#1540)v8.20.0
Compare Source
Changelog
bf8a49f
Make private key check less greedy and include fifth dash (#1440)9c354f5
print tags if they exist2278a2a
Decode Base64 (#1488)c5b15c9
refactor(config): keyword map (#1538)a971a32
fix: use regexTarget for extend config (#1536)a0f2f46
feat: bump go to 1.22 (#1537)4e8d7d3
fix: handle pre-commit and staged (#1533)f8dcd83
Bugfix/1352 incorrect report multiple lines (#1501)Huge huge thanks to @bplaxco for supporting b64 decoding, @recreator66 for bug fixes, and to @rgmz for his continued support of the project in the form of PRs and reviews. Thanks you!
New Feature: Decoding
Sometimes secrets are encoded in a way that can make them difficult to find
with just regex. Now you can tell gitleaks to automatically find and decode
encoded text. The flag
--max-decode-depth
enables this feature (the defaultvalue "0" means the feature is disabled by default).
Recursive decoding is supported since decoded text can also contain encoded
text. The flag
--max-decode-depth
sets the recursion limit. Recursion stopswhen there are no new segments of encoded text to decode, so setting a really
high max depth doesn't mean it will make that many passes. It will only make as
many as it needs to decode the text. Overall, decoding only minimally increases
scan times.
The findings for encoded text differ from normal findings in the following
ways:
include that as well
decoded:<encoding>
anddecode-depth:<depth>
Currently supported encodings:
base64
(both standard and base64url)v8.19.3
Compare Source
Changelog
ed19c4e
fix(config): extend allowlist & handle extend when validating (#1524)989ef19
refactor(kubernetes-secret): tweak variable chars (#1520)191eb43
Revert "remove validate config test temporarily" (#1529)78f7d3f
feat: create fly.io rule (#1528)7098f6d
fix: to many false-positive for gltf files, add gltf suffix to allowlist (#1527)97dbe1e
Add support in .gitleaksignore file comment strings (#1425) (#1502)9e06824
Restrict Etsy keywords (#1491)db78260
feat(github): add entropy to rule (#1489)df126a7
feat(gcp): update api key rule (#1481)75dd70e
fix(hashicorp): ignore common fps (#1498)8510d39
fix(square): make prefix case sensitive (#1469)3698060
refactor(kubernetes-secret): collapse rules and update regex (#1462)v8.19.2
Compare Source
Changelog
128cd22
fix(rule): comment out errant validation case (#1509)1a6d2b0
remove validate config test temporarily0874ebc
Update README.mdv8.19.1
Compare Source
Changelog
9463ffa
fix flag access (#1506)v8.19.0
Compare Source
Changelog
44ad62e
Deprecatedetect
andprotect
. Addgit
,dir
,stdin
(#1504) HEY THIS IS AN IMPORTANT CHANGE. If it breaks some stuff... sorry, I'll fix it asap, just open an issue and make sure to ping me. The change is meant to be backwards compatible.e93a7c0
Update Harness rules to add _ and - in the account ID part. (#1503)4e43d11
chore: fix gl workflow error (#1487)bd81872
Make config generation utils public (#1480)3be7faa
Update Hashicorp Vault token pattern (#1483)1aae66d
feat(config): update rule validation (#1466)6dfcf5e
Update .gitleaksignoref361c5e
fix(detect): handle EOF with bytes (#1472)8a1ca9e
Added poetry.lock to default allowlist paths (#1474)525c4b4
refactor(sarif): remove |name| and change |shortDescription| (#1473)c0fda43
Use rule id for config validation error (#1463)d3c4b90
Use first non-empty group ifsecretGroup
isn't set (#1459)b4009bf
chore: remove unnecessary capture groups (#1460)80bd177
Return non-0 exit code fromDetectGit
(#1461)0334ec1
add gradle verification-metadata.xml to global allowlist (#1446)c1345e1
feat(openshift): add user token (#1449)7697b3e
(feat): Adding secret detection rule for Kubernetes secrets (#1454)26f3469
add version to defaultbc979de
Add go.work and go.work.sum to global allowlist (#1353)b899915
Add harness PAT and SAT rules (#1406)4c5195b
Update README.mdConfiguration
📅 Schedule: Branch creation - "on saturday" in timezone Europe/Paris, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.