chore(deps): update pre-commit-dependencies

This MR contains the following updates:

Package	Type	Update	Change
adrienverge/yamllint	repository	minor	v1.30.0 -> v1.35.1
compilerla/conventional-pre-commit	repository	minor	v2.1.1 -> v2.4.0
pre-commit/pre-commit		minor	3.2.2 -> 3.7.0
pre-commit/pre-commit-hooks	repository	minor	v4.4.0 -> v4.6.0
zricethezav/gitleaks	repository	minor	v8.16.2 -> v8.18.2

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

adrienverge/yamllint

v1.35.1

Compare Source

v1.35.0

Compare Source

v1.34.0

Compare Source

v1.33.0

Compare Source

v1.32.0

Compare Source

v1.31.0

Compare Source

compilerla/conventional-pre-commit

v2.4.0

Compare Source

A long-requested change, conventional-pre-commit now accepts git commit --fixup-style commit messages by default.

For the original behavior of enforcing pure Conventional Commits formatting, pass the --strict flag:

- repo: https://github.com/compilerla/conventional-pre-commit
  rev: <git sha or tag>
  hooks:
    - id: conventional-pre-commit
      stages: [commit-msg]
      args: [--strict]

What's Changed

• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/57
• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/58
• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/59
• feat: introduce "strict" mode by @​vitaly-fanaskov-r in https://github.com/compilerla/conventional-pre-commit/pull/61

New Contributors

• @​vitaly-fanaskov-r made their first contribution in https://github.com/compilerla/conventional-pre-commit/pull/61

Full Changelog: https://github.com/compilerla/conventional-pre-commit/compare/v2.3.0...v2.4.0

PyPI: https://pypi.org/project/conventional-pre-commit/2.4.0/

v2.3.0

Compare Source

What's Changed

• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/53
• Added support for non optional scope by @​gpatsiaouras in https://github.com/compilerla/conventional-pre-commit/pull/54

New Contributors

• @​gpatsiaouras made their first contribution in https://github.com/compilerla/conventional-pre-commit/pull/54

Full Changelog: https://github.com/compilerla/conventional-pre-commit/compare/v2.2.0...v2.3.0

PyPI: https://pypi.org/project/conventional-pre-commit/2.3.0/

v2.2.0

Compare Source

What's Changed

• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/40
• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/42
• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/43
• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/44
• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/45
• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/46
• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/48
• Refactor: use pyproject.toml for project metadata, requirements, build settings by @​thekaveman in https://github.com/compilerla/conventional-pre-commit/pull/50
• Feat: assume UTF-8 encoding for commit messages by @​thekaveman and @​Nagico in https://github.com/compilerla/conventional-pre-commit/pull/51
• Chore: version bump and release steps by @​thekaveman in https://github.com/compilerla/conventional-pre-commit/pull/52

Full Changelog: https://github.com/compilerla/conventional-pre-commit/compare/v2.1.1...v2.2.0

PyPI: https://pypi.org/project/conventional-pre-commit/2.2.0/

pre-commit/pre-commit

v3.7.0

Compare Source

==================

Features

• Use a tty for docker and docker_image hooks when --color is specified.
  • #​3122 MR by @​glehmann.

Fixes

• Fix fail_fast for individual hooks stopping when previous hooks had failed.
  • #​3167 issue by @​tp832944.
  • #​3168 MR by @​asottile.

Updating

• The per-hook behaviour of fail_fast was fixed. If you want the pre-3.7.0 behaviour, add fail_fast: true to all hooks before the last fail_fast hook.

v3.6.2

Compare Source

==================

Fixes

• Fix building golang hooks during git commit --all.
  • #​3130 MR by @​asottile.
  • #​2722 issue by @​pestanko and @​matthewhughes934.

v3.6.1

Compare Source

==================

Fixes

• Remove PYTHONEXECUTABLE from environment when running.
  • #​3110 MR by @​untitaker.
• Handle staged-files-only with only a crlf diff.
  • #​3126 MR by @​asottile.
  • issue by @​tyyrok.

v3.6.0

Compare Source

==================

Features

• Check minimum_pre_commit_version first when parsing configs.
  • #​3092 MR by @​asottile.

Fixes

• Fix deprecation warnings for importlib.resources.
  • #​3043 MR by @​asottile.
• Fix deprecation warnings for rmtree.
  • #​3079 MR by @​edgarrmondragon.

Updating

• Drop support for python<3.9.
  • #​3042 MR by @​asottile.
  • #​3093 MR by @​asottile.

v3.5.0

Compare Source

==================

Features

• Improve performance of check-hooks-apply and check-useless-excludes.
  • #​2998 MR by @​mxr.
  • #​2935 issue by @​mxr.

Fixes

• Use time.monotonic() for more accurate hook timing.
  • #​3024 MR by @​adamchainz.

Migrating

• Require npm 6.x+ for language: node hooks.
  • #​2996 MR by @​RoelAdriaans.
  • #​1983 issue by @​henryiii.

v3.4.0

Compare Source

==================

Features

• Add language: haskell.
  • #​2932 by @​alunduil.
• Improve cpu count detection when run under cgroups.
  • #​2979 MR by @​jdb8.
  • #​2978 issue by @​jdb8.

Fixes

• Handle negative exit codes from hooks receiving posix signals.
  • #​2971 MR by @​chriskuehl.
  • #​2970 issue by @​chriskuehl.

v3.3.3

Compare Source

==================

Fixes

• Work around OS packagers setting --install-dir / --bin-dir in gem settings.
  • #​2905 MR by @​jaysoffian.
  • #​2799 issue by @​lmilbaum.

v3.3.2

Compare Source

==================

Fixes

• Work around r on windows sometimes double-un-quoting arguments.
  • #​2885 MR by @​lorenzwalthert.
  • #​2870 issue by @​lorenzwalthert.

v3.3.1

Compare Source

==================

Fixes

• Work around git partial clone bug for autoupdate on windows.
  • #​2866 MR by @​asottile.
  • #​2865 issue by @​adehad.

v3.3.0

Compare Source

==================

Features

• Upgrade ruby-build.
  • #​2846 MR by @​jalessio.
• Use blobless clone for faster autoupdate.
  • #​2859 MR by @​asottile.
• Add -j / --jobs argument to autoupdate for parallel execution.
  • #​2863 MR by @​asottile.
  • issue by @​gaborbernat.

pre-commit/pre-commit-hooks

v4.6.0: pre-commit-hooks v4.6.0

Compare Source

Features

• requirements-txt-fixer: remove duplicate packages.
  • #​1014 MR by @​vhoulbreque-withings.
  • #​960 issue @​csibe17.

Migrating

• fix-encoding-pragma: deprecated -- will be removed in 5.0.0. use pyupgrade or some other tool.
  • #​1033 MR by @​mxr.
  • #​1032 issue by @​mxr.

v4.5.0: pre-commit-hooks v4.5.0

Compare Source

Features

• requirements-txt-fixer: also sort constraints.txt by default.
  • #​857 MR by @​lev-blit.
  • #​830 issue by @​PLPeeters.
• debug-statements: add bpdb debugger.
  • #​942 MR by @​mwip.
  • #​941 issue by @​mwip.

Fixes

• file-contents-sorter: fix sorting an empty file.
  • #​944 MR by @​RoelAdriaans.
  • #​935 issue by @​paduszyk.
• double-quote-string-fixer: don't rewrite inside f-strings in 3.12+.
  • #​973 MR by @​asottile.
  • #​971 issue by @​XuehaiPan.

Migrating

• now requires python >= 3.8.
  • #​926 MR by @​asottile.
  • #​927 MR by @​asottile.

zricethezav/gitleaks

v8.18.2

Compare Source

Changelog

• ac4b514 removed gitleaks user from Dockerfile (#​1313)
• 76c9e31 Remove IAM identifiers for non-credential resources in the aws-access-token rule (#​1307)
• afe046b Update stripe rule to not alert on publishable keys (#​1320)
• 8b8920d --max-target-megabytes flag now supported for --no-git flag as well (#​1330)
• a59289c add pre-commit hook gitleaks-system (#​1225)
• 870194b fix errors when using protect and an external git diff tool (#​1318)
• 179c607 rename filesystem to directory (#​1317)
• 8de8938 Enhance Secret Descriptions (#​1300)
• ca7aa14 Small refactor detect and sources (#​1297)
• 01e60c8 chore(config): refactor to go generate; simplify configRules init (#​1295)
• 54f5f04 forgot symlinks
• 221d5c4 pretty apparent 'protect' and 'detect' should be merged into one command (#​1294)
• 128b50f style: sort the stopwords (#​1289)

v8.18.1

Compare Source

Changelog

• dab7d02 dont crash on 100gb files pls (#​1292)
• e63b657 remove secretgroup from default config (#​1288)
• 20fcf50 feat: Hashicorp Terraform fields for password (#​1237)
• b496677 perf: avoid allocations with (*regexp.Regexp).MatchString (#​1283)
• a3ab4e8 refactor: more explicit rules (#​1280)
• bd9a25a bugfix: reduce false positives for stripe tokens by using word boundaries in regex (#​1278)
• 6d0d8b5 add Infracost API rule (#​1273)
• 2959fc0 refactor: simplify test asserts (#​1271)
• d37b38f Update Makefile
• 14b1ca9 refactor: change detect tests to t.Fatal instead of log.Fatal (#​1270)
• d9f86d6 feat(rules): Add detection for Scalingo API Token (#​1262)
• ed34259 feat(jwt): detect base64-encoded tokens (#​1256)
• 0d5e46f feat: add --ignore-gitleaks-allow cmd flag (#​1260)
• a82ac29 switch out libs (#​1259)
• 0b84afa fix: no-color option should also affect zerolog output (#​1242)
• 8976539 Fixed lineEnd indexing if the match is the whole line (#​1223)
• 30c6117 feat: Add optional redaction value, default 100 (#​1229)
• e9135cf fix(jwt): longer segment lengths (#​1214)
• f65f915 Added yarn.lock file to default allowlist paths (#​1258)
• abfd0f3 Update README.md
• 18283bb feat(rules): make case insensitivity optional (#​1215)
• 9fb36b2 feat(rules): detect Hugging Face access tokens (#​1204)
• db4bc0f Resolve #​1170 - Enable selection of a single rule (#​1183)
• 3cbcda2 Update authress.go to include alternate form account dash (-) (#​1224)
• 46c6272 refactor: remove unnecessary removing temp files in tests (#​1255)
• 963a697 refactor: use os.ReadFile instead of os.Open + io.ReadAll (#​1254)
• 163ec21 fix(sumologic): improve patterns (#​1218)

v8.18.0

Compare Source

What's Changed

• Fix inconsistent generated values in config by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1200
• feat: add JFrog API and Identity keys by @​baruchiro in https://github.com/gitleaks/gitleaks/pull/1233
• Add entropy check to plaid client/secret ID rules by @​mortenson in https://github.com/gitleaks/gitleaks/pull/1213
• Update config template logic by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1201
• Include entropy in Plaid rule file by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1252
• refactor: fix #​722 properly by @​L11R in https://github.com/gitleaks/gitleaks/pull/1250

New Contributors

• @​baruchiro made their first contribution in https://github.com/gitleaks/gitleaks/pull/1233
• @​mortenson made their first contribution in https://github.com/gitleaks/gitleaks/pull/1213
• @​L11R made their first contribution in https://github.com/gitleaks/gitleaks/pull/1250

Full Changelog: https://github.com/gitleaks/gitleaks/compare/v8.17.0...v8.18.0

v8.17.0

Compare Source

What's Changed

• Add REDACTED to stopwords for generic-api-key rule by @​9999years in https://github.com/gitleaks/gitleaks/pull/1188
• Add detection for Snyk tokens by @​wayne-snyk in https://github.com/gitleaks/gitleaks/pull/1190
• Add makefile variable detections by @​wayne-snyk in https://github.com/gitleaks/gitleaks/pull/1191
• chore: update deps to fix solaris #​1158 by @​gaige in https://github.com/gitleaks/gitleaks/pull/1159
• Add junit report format by @​maltemorgenstern in https://github.com/gitleaks/gitleaks/pull/920
• Ignore all comits when .gitleaksignore fingerprint lacks SHA by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1156
• Improved global exclusion list by @​sergiomarotco in https://github.com/gitleaks/gitleaks/pull/1193
• Add detection for OpenAI API keys by @​Becojo in https://github.com/gitleaks/gitleaks/pull/1148
• Add warning for quoted --log-opts values by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1160
• Fixed docker run command in README.md by @​IanMoroney in https://github.com/gitleaks/gitleaks/pull/1194
• add tags support for csv and sarif formats by @​eyalatox in https://github.com/gitleaks/gitleaks/pull/1176
• Update Slack token regexes by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1161

New Contributors

• @​9999years made their first contribution in https://github.com/gitleaks/gitleaks/pull/1188
• @​wayne-snyk made their first contribution in https://github.com/gitleaks/gitleaks/pull/1190
• @​gaige made their first contribution in https://github.com/gitleaks/gitleaks/pull/1159
• @​IanMoroney made their first contribution in https://github.com/gitleaks/gitleaks/pull/1194
• @​eyalatox made their first contribution in https://github.com/gitleaks/gitleaks/pull/1176
• @​dvasdekis made their first contribution in https://github.com/gitleaks/gitleaks/pull/1079

Full Changelog: https://github.com/gitleaks/gitleaks/compare/v8.16.4...v8.17.0

v8.16.4

Compare Source

Changelog

• 6f75511 Added option to specify .gitleaksignore path (#​1179) @​pacorreia
• 190ac97 Fix closing file in writeJson and writeSarif (#​1187) @​alexandear
• 6dbb0c5 Simplify tests by using T.TempDir (#​1186) @​alexandear
• 6705461 Fix typos in *.md, comments and logs (#​1185) @​alexandear
• 9869eab Update README.md
• 16f1ec0 Update bug_report.md
• 8d80a5a Adding discord channel to readme
• 146f69e 🐛 fix(sarif): update report to pass validator (#​1167) @​DariuszPorowski

v8.16.3

Compare Source

Changelog

• 51ca0f8 fix(detect): extra secret from group before checking allowlist (#​1152)
• 81cf308 Fix G307 warning: Deferring unsafe method "Close" on type "*os.File" (#​1154)
• bd8b145 fix(detect): avoid panic with verbose flag (#​1143)
• 839f114 Fix typo (#​1142)
• 63c3076 No color (#​1136)
• 56079dc safer out of bounds (#​1135)
• 9c6650d Add Authress access key format: https://authress.io/knowledge-base/docs/authorization/service-clients/secrets-scanning/ (#​1131)
• 6fa63f4 Update pre-commit address and rev tag in README (#​1125)
• 9701bf1 Bufix/1100 protect stagged files (#​1121)
• db79d81 fix README.md !? (#​1123)
• 8a31f4a Improve rule descriptions for Stripe and Facebook access tokens (#​1119)
• 6b0c303 Add Defined Networking API Tokens (#​1096)

Huuuuuge thank you to all the contributors especially @​rgmz

@​edwardwang888 @​wparad @​sadikkuzu @​RafaelFigueiredo @​fgreinacher @​jasikpark @​sergiomarotco

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.