chore(deps): update dependency zricethezav/gitleaks to v8.18.0

This MR contains the following updates:

Package	Update	Change
zricethezav/gitleaks	minor	v8.9.0 -> v8.18.0

---

Release Notes

zricethezav/gitleaks (zricethezav/gitleaks)

v8.18.0

Compare Source

What's Changed

• Fix inconsistent generated values in config by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1200
• feat: add JFrog API and Identity keys by @​baruchiro in https://github.com/gitleaks/gitleaks/pull/1233
• Add entropy check to plaid client/secret ID rules by @​mortenson in https://github.com/gitleaks/gitleaks/pull/1213
• Update config template logic by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1201
• Include entropy in Plaid rule file by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1252
• refactor: fix #​722 properly by @​L11R in https://github.com/gitleaks/gitleaks/pull/1250

New Contributors

• @​baruchiro made their first contribution in https://github.com/gitleaks/gitleaks/pull/1233
• @​mortenson made their first contribution in https://github.com/gitleaks/gitleaks/pull/1213
• @​L11R made their first contribution in https://github.com/gitleaks/gitleaks/pull/1250

Full Changelog: https://github.com/gitleaks/gitleaks/compare/v8.17.0...v8.18.0

v8.17.0

Compare Source

What's Changed

• Add REDACTED to stopwords for generic-api-key rule by @​9999years in https://github.com/gitleaks/gitleaks/pull/1188
• Add detection for Snyk tokens by @​wayne-snyk in https://github.com/gitleaks/gitleaks/pull/1190
• Add makefile variable detections by @​wayne-snyk in https://github.com/gitleaks/gitleaks/pull/1191
• chore: update deps to fix solaris #​1158 by @​gaige in https://github.com/gitleaks/gitleaks/pull/1159
• Add junit report format by @​maltemorgenstern in https://github.com/gitleaks/gitleaks/pull/920
• Ignore all comits when .gitleaksignore fingerprint lacks SHA by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1156
• Improved global exclusion list by @​sergiomarotco in https://github.com/gitleaks/gitleaks/pull/1193
• Add detection for OpenAI API keys by @​Becojo in https://github.com/gitleaks/gitleaks/pull/1148
• Add warning for quoted --log-opts values by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1160
• Fixed docker run command in README.md by @​IanMoroney in https://github.com/gitleaks/gitleaks/pull/1194
• add tags support for csv and sarif formats by @​eyalatox in https://github.com/gitleaks/gitleaks/pull/1176
• Update Slack token regexes by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1161

New Contributors

• @​9999years made their first contribution in https://github.com/gitleaks/gitleaks/pull/1188
• @​wayne-snyk made their first contribution in https://github.com/gitleaks/gitleaks/pull/1190
• @​gaige made their first contribution in https://github.com/gitleaks/gitleaks/pull/1159
• @​IanMoroney made their first contribution in https://github.com/gitleaks/gitleaks/pull/1194
• @​eyalatox made their first contribution in https://github.com/gitleaks/gitleaks/pull/1176
• @​dvasdekis made their first contribution in https://github.com/gitleaks/gitleaks/pull/1079

Full Changelog: https://github.com/gitleaks/gitleaks/compare/v8.16.4...v8.17.0

v8.16.4

Compare Source

Changelog

• 6f75511 Added option to specify .gitleaksignore path (#​1179) @​pacorreia
• 190ac97 Fix closing file in writeJson and writeSarif (#​1187) @​alexandear
• 6dbb0c5 Simplify tests by using T.TempDir (#​1186) @​alexandear
• 6705461 Fix typos in *.md, comments and logs (#​1185) @​alexandear
• 9869eab Update README.md
• 16f1ec0 Update bug_report.md
• 8d80a5a Adding discord channel to readme
• 146f69e 🐛 fix(sarif): update report to pass validator (#​1167) @​DariuszPorowski

v8.16.3

Compare Source

Changelog

• 51ca0f8 fix(detect): extra secret from group before checking allowlist (#​1152)
• 81cf308 Fix G307 warning: Deferring unsafe method "Close" on type "*os.File" (#​1154)
• bd8b145 fix(detect): avoid panic with verbose flag (#​1143)
• 839f114 Fix typo (#​1142)
• 63c3076 No color (#​1136)
• 56079dc safer out of bounds (#​1135)
• 9c6650d Add Authress access key format: https://authress.io/knowledge-base/docs/authorization/service-clients/secrets-scanning/ (#​1131)
• 6fa63f4 Update pre-commit address and rev tag in README (#​1125)
• 9701bf1 Bufix/1100 protect stagged files (#​1121)
• db79d81 fix README.md !? (#​1123)
• 8a31f4a Improve rule descriptions for Stripe and Facebook access tokens (#​1119)
• 6b0c303 Add Defined Networking API Tokens (#​1096)

Huuuuuge thank you to all the contributors especially @​rgmz

@​edwardwang888 @​wparad @​sadikkuzu @​RafaelFigueiredo @​fgreinacher @​jasikpark @​sergiomarotco

v8.16.2

Compare Source

Changelog

• 63c3076 No color (#​1136)
• 56079dc safer out of bounds (#​1135) (Thank you @​agmond)
• 9c6650d Add Authress access key format: https://authress.io/knowledge-base/docs/authorization/service-clients/secrets-scanning/ (#​1131)
• 6fa63f4 Update pre-commit address and rev tag in README (#​1125)
• 9701bf1 Bufix/1100 protect stagged files (#​1121)
• a5b9c24 remove extra default on source option
• db79d81 fix README.md !? (#​1123)
• 8a31f4a Improve rule descriptions for Stripe and Facebook access tokens (#​1119)
• 6b0c303 Add Defined Networking API Tokens (#​1096)

Thanks to @​americanair for sponsoring this open source project!

Thanks to all the contributors this release: @​fgreinacher @​wparad @​RafaelFigueiredo @​sergiomarotco @​jasikpark

v8.16.1

Compare Source

Changelog

• 1fb3a77 Update gitleaks.toml (#​1116)
• 11c2ad0 Add gradle.lockfile to allowlist (#​1112)
• e55d397 Update pre-commit rev tag in README (#​1108)
• 2dd9946 Add pnpm-lock.yaml and Database.refactorlo (#​1109)

v8.16.0

Compare Source

Changelog

• 4b5e8e1 Feat/allowlist regex target (#​1107)

Allowlist Regex Targets

Let's use the generic rule to demonstrate the new regexTarget allowlist option

[[rules]]
description = "Generic API Key"
id = "generic-api-key"
regex = '''(?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9a-z\-_.=]{10,150})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
secretGroup = 1
entropy = 3.5
keywords = [
    "key","api","token","secret","client","passwd","password","auth","access",
]

example.txt will be our target and contain a single line with a fake secret:

var discord_client_secret = '8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ'

Running gitleaks on this file using the generic rule will return one finding:

gitleaks detect --source=example.txt --no-git -v --config=example.toml

    ○
    │╲
    │ ○
    ○ ░
    ░    gitleaks

Finding:     discord_client_secret = '8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ'
Secret:      8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ
RuleID:      generic-api-key
Entropy:     4.413910
File:        example.txt
Line:        1
Fingerprint: example.txt:generic-api-key:1

We can add a allowlist regexes entry to include part of the secret. This will cause gitleaks to ignore the finding above. Note that by default gitleaks uses the Secret to compare against allowlist regexes.

Adding the following allowlist to the generic rule will cause gitleaks to ignore the finding:

[rules.allowlist]
regexes = ["vV"]

But now say you don't want to use Secret to compare against your allowlist regexes. Well, now you can use regexTarget and set the value as either line or match to compare against the line or regex match:

[rules.allowlist]
regexTarget = "match"
regexes = ["discord"]

and

[rules.allowlist]
regexTarget = "line"
regexes = ["var"]

will both result in the finding being ignored because discord is found in the generic rule regex match and var is in the line where the finding was found.

In addition to rule allowlists, you can set regexTarget in the global allowlist:

[allowlist]
regexTarget = "line"
regexes = ["var"]

Thanks @​bplaxco for the review

v8.15.4

Compare Source

Changelog

• 343e693 ignore package-lock.json (#​1076)
• 0060ab6 Fix typos in README.md and CONTRIBUTING.md (#​1090)
• 0259088 fix: ignore baseline if path was not relative in source (#​1101)
• 088f8b8 Fix H in GitHub and update pre-commit rev tag in README (#​1087)

Shouts outs to @​sandyydk @​raffis @​lawndoc @​sadikkuzu

v8.15.3

Compare Source

Changelog

• afdccad Add missing GitLab token patterns (#​1077)
• e002920 Fix rule for private keys (#​1072)

v8.15.2

Compare Source

Changelog

• d805fb9 remove color formatting when #​1042 is encountered (#​1050)
• 391d4d7 Update README.md
• f774932 adding jwt tokens with padding format "=" (#​1031)

v8.15.1

Compare Source

Changelog

• 7f229fa include default newline pairs when calculating location (#​1038)
• d0733f9 Add rule for fine-grained GitHub PAT (#​1026)

v8.15.0

Compare Source

Changelog

• 6ef704f Add scanning from a pipe with --pipe (#​1012)
• 6d801ed Add support for following symlinks (#​1010)
• e15ab0d fix bug in readme (#​1011)

Thanks @​RickyGrassmuck @​sergiomarotco

--pipe

Try --pipe with anything...

git log -p | gitleaks detect --pipe

--follow-symlinks

gitleaks --source . --no-git --follow-symlinks 

v8.14.1

Compare Source

Changelog

• c39e764 define log-opts, odd that this wasn't failing before... (#​1009)

v8.14.0

Compare Source

Changelog

• c0caab0 add --max-target-megabytes : maximum size for a file/blob to be scanned (#​1003)
• 2678a54 Add detection rules for DigitalOcean tokens (#​1002)
• eb2bfe5 Exclude dacpac refactorlogs (#​990)
• 55d1da1 Output number of commits at info-level. (#​991)
• 177e9f4 Detect Slack Workflow Webhook URLs (#​989)
• e93d8cb Upgrade go version to 1.19 (#​987)
• db43f9a Minor cleanup to error handling and logging (#​985)

Thanks to @​roma8389 @​michenriksen @​JoostVoskuil @​alexgit2k @​Becojo @​nnnkkk7 @​mojotx @​weineran 💪🏻

v8.13.0

Compare Source

Changelog

• 7dbfe8d Adding quiet mode to silence banner (#​852)
• fc98cbf Issue #​980: Add support for Telegram Bot API Token (#​981)
• 3f0293d add rule for microsoft teams webhooks (#​970)
• 4f6ee2b Add baseline (#​975)
• 6202053 Add pre-commit autoupdate command to README.md (#​978)
• c8681e4 refactor: more precise rule for private keys (#​930)

Thanks to @​maltemorgenstern @​b4bay @​durkinza @​akashchandwani @​very-doge-wow @​gawansch 👍🏻

v8.12.0

Compare Source

Changelog

• b934591 update gitleaksignore
• 8622c39 add fingerprint to output
• 96eed6a Pretty output (#​973)
• 7d9dd26 Update version in readme file (#​972)

If this change causes outrage I can always add a --legacy-output option.

v8.11.2

Compare Source

Changelog

• e47867d ignore empty files (#​965)

v8.11.1

Compare Source

Changelog

• adf512e Add grafana tokens rules (#​959)
• e35cb67 add prefect and readme rules (#​961)

v8.11.0

Compare Source

Changelog

• b6b7cfb bump gitdiff, add git.Err state, better log messages (#​954)

v8.10.3

Compare Source

Changelog

• 1b3f10c Feat/add fingerprint no git (#​952)

v8.10.2

Compare Source

Changelog

• 6748a89 safe file checking (#​946)

v8.10.1

Compare Source

Changelog

• b8f236c Changed fingerprint to explicit concatenation of commit, file, rule-id, and start line (#​944)

v8.10.0

Compare Source

Changelog

• 3bace4c Feat/ignore finding (#​938) (see https://github.com/zricethezav/gitleaks#gitleaksignore)
• e890a8e add jwt rule (#​943)
• 31a8e9d gitleaks allow docs (#​941)
• b1853bd Add new rules for vault tokens (#​919)
• cd52267 Feature/add sidekiq rules (#​933)

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.