chore(deps): update pre-commit-dependencies
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
adrienverge/yamllint | repository | minor |
v1.26.3 -> v1.35.1
|
pre-commit/mirrors-eslint | repository | minor |
v8.1.0 -> v8.56.0
|
pre-commit/pre-commit | minor |
3.5.0 -> 3.7.1
|
|
pre-commit/pre-commit-hooks | repository | minor |
v4.2.0 -> v4.6.0
|
zricethezav/gitleaks | repository | minor |
v8.9.0 -> v8.18.4
|
Note: The pre-commit
manager in Renovate is not supported by the pre-commit
maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.
Release Notes
adrienverge/yamllint (adrienverge/yamllint)
v1.35.1
v1.35.0
v1.34.0
v1.33.0
v1.32.0
v1.31.0
v1.30.0
v1.29.0
v1.28.0
v1.27.1
v1.27.0
pre-commit/mirrors-eslint (pre-commit/mirrors-eslint)
v8.56.0
v8.55.0
v8.54.0
v8.53.0
v8.52.0
v8.51.0
v8.50.0
v8.49.0
v8.48.0
v8.47.0
v8.46.0
v8.45.0
v8.44.0
v8.43.0
v8.42.0
v8.41.0
v8.40.0
v8.39.0
v8.38.0
v8.37.0
v8.36.0
v8.35.0
v8.34.0
v8.33.0
v8.32.0
v8.31.0
v8.30.0
v8.29.0
v8.28.0
v8.27.0
v8.26.0
v8.25.0
v8.24.0
v8.23.1
v8.23.0
v8.22.0
v8.21.0
v8.20.0
v8.19.0
v8.18.0
v8.17.0
v8.16.0
v8.15.0
v8.14.0
v8.13.0
v8.12.0
v8.11.0
v8.10.0
v8.9.0
v8.8.0
v8.7.0
v8.6.0
v8.5.0
v8.4.1
v8.4.0
v8.3.0
v8.2.0
pre-commit/pre-commit (pre-commit/pre-commit)
v3.7.1
==================
Fixes
- Fix
language: rust
default language version check whenrust-toolchain.toml
is present.- issue by @gaborbernat.
- #3201 MR by @asottile.
v3.7.0
==================
Features
- Use a tty for
docker
anddocker_image
hooks when--color
is specified.- #3122 MR by @glehmann.
Fixes
- Fix
fail_fast
for individual hooks stopping when previous hooks had failed.- #3167 issue by @tp832944.
- #3168 MR by @asottile.
Updating
- The per-hook behaviour of
fail_fast
was fixed. If you want the pre-3.7.0 behaviour, addfail_fast: true
to all hooks before the lastfail_fast
hook.
v3.6.2
==================
Fixes
- Fix building golang hooks during
git commit --all
.- #3130 MR by @asottile.
- #2722 issue by @pestanko and @matthewhughes934.
v3.6.1
==================
Fixes
- Remove
PYTHONEXECUTABLE
from environment when running.- #3110 MR by @untitaker.
- Handle staged-files-only with only a crlf diff.
- #3126 MR by @asottile.
- issue by @tyyrok.
v3.6.0
==================
Features
- Check
minimum_pre_commit_version
first when parsing configs.- #3092 MR by @asottile.
Fixes
- Fix deprecation warnings for
importlib.resources
.- #3043 MR by @asottile.
- Fix deprecation warnings for rmtree.
- #3079 MR by @edgarrmondragon.
Updating
- Drop support for python<3.9.
- #3042 MR by @asottile.
- #3093 MR by @asottile.
pre-commit/pre-commit-hooks (pre-commit/pre-commit-hooks)
v4.6.0
: pre-commit-hooks v4.6.0
Features
-
requirements-txt-fixer
: remove duplicate packages.- #1014 MR by @vhoulbreque-withings.
- #960 issue @csibe17.
Migrating
-
fix-encoding-pragma
: deprecated -- will be removed in 5.0.0. use pyupgrade or some other tool.
v4.5.0
: pre-commit-hooks v4.5.0
Features
-
requirements-txt-fixer
: also sortconstraints.txt
by default.- #857 MR by @lev-blit.
- #830 issue by @PLPeeters.
-
debug-statements
: addbpdb
debugger.
Fixes
-
file-contents-sorter
: fix sorting an empty file.- #944 MR by @RoelAdriaans.
- #935 issue by @paduszyk.
-
double-quote-string-fixer
: don't rewrite inside f-strings in 3.12+.- #973 MR by @asottile.
- #971 issue by @XuehaiPan.
Migrating
- now requires python >= 3.8.
- #926 MR by @asottile.
- #927 MR by @asottile.
v4.4.0
: pre-commit-hooks v4.4.0
Features
- forbid-submodules: new hook which outright bans submodules.
- #815 MR by @asottile.
- #707 issue by @ChiefGokhlayeh.
v4.3.0
: pre-commit-hooks v4.3.0
Features
-
check-executables-have-shebangs
: usegit config core.fileMode
to determine if it should querygit
.- #730 MR by @Kurt-von-Laven.
-
name-tests-test
: add--pytest-test-first
test convention.- #779 MR by @asottile.
Fixes
-
check-shebang-scripts-are-executable
: update windows instructions.- #774 MR by @mdeweerd.
- #770 issue by @mdeweerd.
-
check-toml
: use stdlibtomllib
when available.- #771 MR by @DanielNoord.
- #755 issue by @sognetic.
-
check-added-large-files
: don't run on non-filestages
.- #778 MR by @asottile.
- #777 issue by @skyj.
zricethezav/gitleaks (zricethezav/gitleaks)
v8.18.4
Changelog
-
02808f4
Limit hashicorp-tf-password to .tf/.hcl files (#1420) -
07e1c30
rm print -
db63fc1
reduce telegram... todo url and xml for later -
9a4538c
coderabbit.ai <3 -
fe94ef9
Add NewRelic insert key detection (#1417) -
bb4424d
Improved Telegram bot token rule regex and added more test cases (#1404) -
575e923
Add intra42 client secret (#1408)
Shout out to @coderabbit for their sponsorship!
v8.18.3
Changelog
-
39947b0
extend FB access token discovery (#1407) -
79cac73
tests: scalingo validation consistent test (#1359) -
247f423
add real (test) standard and restricted keys (#1375) -
821b232
Add Cloudflare API and Origin CA keys (#1374) -
57ac4b3
Update "contributing guidelines" link (#1390) -
db69e82
add update token from square (#1370) -
4b54328
feat: facebook secret, access token, and page access token rules (#1372) -
979f213
update mailchimp with new tokens (#1376) -
59c0cc7
Append ordered rules when extending (#1304) -
6c52f87
fix: age rule id with dashes (#1349) -
247a5e7
patching golang.org/x/text for CVE-2021-38561 and CVE-2022-32149 (#1342) -
8d23afd
Use latest base images. (#1334)
v8.18.2
Changelog
-
ac4b514
removed gitleaks user from Dockerfile (#1313) -
76c9e31
Remove IAM identifiers for non-credential resources in the aws-access-token rule (#1307) -
afe046b
Update stripe rule to not alert on publishable keys (#1320) -
8b8920d
--max-target-megabytes flag now supported for --no-git flag as well (#1330) -
a59289c
add pre-commit hook gitleaks-system (#1225) -
870194b
fix errors when using protect and an external git diff tool (#1318) -
179c607
rename filesystem to directory (#1317) -
8de8938
Enhance Secret Descriptions (#1300) -
ca7aa14
Small refactordetect
andsources
(#1297) -
01e60c8
chore(config): refactor to go generate; simplify configRules init (#1295) -
54f5f04
forgot symlinks -
221d5c4
pretty apparent 'protect' and 'detect' should be merged into one command (#1294) -
128b50f
style: sort the stopwords (#1289)
v8.18.1
Changelog
-
dab7d02
dont crash on 100gb files pls (#1292) -
e63b657
remove secretgroup from default config (#1288) -
20fcf50
feat: Hashicorp Terraform fields for password (#1237) -
b496677
perf: avoid allocations with(*regexp.Regexp).MatchString
(#1283) -
a3ab4e8
refactor: more explicit rules (#1280) -
bd9a25a
bugfix: reduce false positives for stripe tokens by using word boundaries in regex (#1278) -
6d0d8b5
add Infracost API rule (#1273) -
2959fc0
refactor: simplify test asserts (#1271) -
d37b38f
Update Makefile -
14b1ca9
refactor: change detect tests to t.Fatal instead of log.Fatal (#1270) -
d9f86d6
feat(rules): Add detection for Scalingo API Token (#1262) -
ed34259
feat(jwt): detect base64-encoded tokens (#1256) -
0d5e46f
feat: add --ignore-gitleaks-allow cmd flag (#1260) -
a82ac29
switch out libs (#1259) -
0b84afa
fix: no-color option should also affect zerolog output (#1242) -
8976539
Fixed lineEnd indexing if the match is the whole line (#1223) -
30c6117
feat: Add optional redaction value, default 100 (#1229) -
e9135cf
fix(jwt): longer segment lengths (#1214) -
f65f915
Added yarn.lock file to default allowlist paths (#1258) -
abfd0f3
Update README.md -
18283bb
feat(rules): make case insensitivity optional (#1215) -
9fb36b2
feat(rules): detect Hugging Face access tokens (#1204) -
db4bc0f
Resolve #1170 - Enable selection of a single rule (#1183) -
3cbcda2
Update authress.go to include alternate form account dash (-) (#1224) -
46c6272
refactor: remove unnecessary removing temp files in tests (#1255) -
963a697
refactor: use os.ReadFile instead of os.Open + io.ReadAll (#1254) -
163ec21
fix(sumologic): improve patterns (#1218)
v8.18.0
What's Changed
- Fix inconsistent generated values in config by @rgmz in https://github.com/gitleaks/gitleaks/pull/1200
- feat: add JFrog API and Identity keys by @baruchiro in https://github.com/gitleaks/gitleaks/pull/1233
- Add entropy check to plaid client/secret ID rules by @mortenson in https://github.com/gitleaks/gitleaks/pull/1213
- Update config template logic by @rgmz in https://github.com/gitleaks/gitleaks/pull/1201
- Include entropy in Plaid rule file by @rgmz in https://github.com/gitleaks/gitleaks/pull/1252
- refactor: fix #722 properly by @L11R in https://github.com/gitleaks/gitleaks/pull/1250
New Contributors
- @baruchiro made their first contribution in https://github.com/gitleaks/gitleaks/pull/1233
- @mortenson made their first contribution in https://github.com/gitleaks/gitleaks/pull/1213
- @L11R made their first contribution in https://github.com/gitleaks/gitleaks/pull/1250
Full Changelog: https://github.com/gitleaks/gitleaks/compare/v8.17.0...v8.18.0
v8.17.0
What's Changed
- Add
REDACTED
to stopwords forgeneric-api-key
rule by @9999years in https://github.com/gitleaks/gitleaks/pull/1188 - Add detection for Snyk tokens by @wayne-snyk in https://github.com/gitleaks/gitleaks/pull/1190
- Add makefile variable detections by @wayne-snyk in https://github.com/gitleaks/gitleaks/pull/1191
- chore: update deps to fix solaris #1158 by @gaige in https://github.com/gitleaks/gitleaks/pull/1159
- Add junit report format by @maltemorgenstern in https://github.com/gitleaks/gitleaks/pull/920
- Ignore all comits when
.gitleaksignore
fingerprint lacks SHA by @rgmz in https://github.com/gitleaks/gitleaks/pull/1156 - Improved global exclusion list by @sergiomarotco in https://github.com/gitleaks/gitleaks/pull/1193
- Add detection for OpenAI API keys by @Becojo in https://github.com/gitleaks/gitleaks/pull/1148
- Add warning for quoted
--log-opts
values by @rgmz in https://github.com/gitleaks/gitleaks/pull/1160 - Fixed docker run command in README.md by @IanMoroney in https://github.com/gitleaks/gitleaks/pull/1194
- add tags support for csv and sarif formats by @eyalatox in https://github.com/gitleaks/gitleaks/pull/1176
- Update Slack token regexes by @rgmz in https://github.com/gitleaks/gitleaks/pull/1161
New Contributors
- @9999years made their first contribution in https://github.com/gitleaks/gitleaks/pull/1188
- @wayne-snyk made their first contribution in https://github.com/gitleaks/gitleaks/pull/1190
- @gaige made their first contribution in https://github.com/gitleaks/gitleaks/pull/1159
- @IanMoroney made their first contribution in https://github.com/gitleaks/gitleaks/pull/1194
- @eyalatox made their first contribution in https://github.com/gitleaks/gitleaks/pull/1176
- @dvasdekis made their first contribution in https://github.com/gitleaks/gitleaks/pull/1079
Full Changelog: https://github.com/gitleaks/gitleaks/compare/v8.16.4...v8.17.0
v8.16.4
Changelog
-
6f75511
Added option to specify .gitleaksignore path (#1179) @pacorreia -
190ac97
Fix closing file in writeJson and writeSarif (#1187) @alexandear -
6dbb0c5
Simplify tests by using T.TempDir (#1186) @alexandear -
6705461
Fix typos in *.md, comments and logs (#1185) @alexandear -
9869eab
Update README.md -
16f1ec0
Update bug_report.md -
8d80a5a
Adding discord channel to readme -
146f69e
🐛 fix(sarif): update report to pass validator (#1167) @DariuszPorowski
v8.16.3
Changelog
-
51ca0f8
fix(detect): extra secret from group before checking allowlist (#1152) -
81cf308
Fix G307 warning: Deferring unsafe method "Close" on type "*os.File" (#1154) -
bd8b145
fix(detect): avoid panic with verbose flag (#1143) -
839f114
Fix typo (#1142) -
63c3076
No color (#1136) -
56079dc
safer out of bounds (#1135) -
9c6650d
Add Authress access key format: https://authress.io/knowledge-base/docs/authorization/service-clients/secrets-scanning/ (#1131) -
6fa63f4
Update pre-commit address and rev tag in README (#1125) -
9701bf1
Bufix/1100 protect stagged files (#1121) -
db79d81
fix README.md !? (#1123) -
8a31f4a
Improve rule descriptions for Stripe and Facebook access tokens (#1119) -
6b0c303
Add Defined Networking API Tokens (#1096)
Huuuuuge thank you to all the contributors especially @rgmz
@edwardwang888 @wparad @sadikkuzu @RafaelFigueiredo @fgreinacher @jasikpark @sergiomarotco
v8.16.2
Changelog
-
63c3076
No color (#1136) -
56079dc
safer out of bounds (#1135) (Thank you @agmond) -
9c6650d
Add Authress access key format: https://authress.io/knowledge-base/docs/authorization/service-clients/secrets-scanning/ (#1131) -
6fa63f4
Update pre-commit address and rev tag in README (#1125) -
9701bf1
Bufix/1100 protect stagged files (#1121) -
a5b9c24
remove extra default on source option -
db79d81
fix README.md !? (#1123) -
8a31f4a
Improve rule descriptions for Stripe and Facebook access tokens (#1119) -
6b0c303
Add Defined Networking API Tokens (#1096)
Thanks to @americanair for sponsoring this open source project!
Thanks to all the contributors this release: @fgreinacher @wparad @RafaelFigueiredo @sergiomarotco @jasikpark
v8.16.1
Changelog
-
1fb3a77
Update gitleaks.toml (#1116) -
11c2ad0
Add gradle.lockfile to allowlist (#1112) -
e55d397
Update pre-commit rev tag in README (#1108) -
2dd9946
Add pnpm-lock.yaml and Database.refactorlo (#1109)
v8.16.0
Changelog
Allowlist Regex Targets
Let's use the generic rule to demonstrate the new regexTarget
allowlist option
[[rules]]
description = "Generic API Key"
id = "generic-api-key"
regex = '''(?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9a-z\-_.=]{10,150})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
secretGroup = 1
entropy = 3.5
keywords = [
"key","api","token","secret","client","passwd","password","auth","access",
]
example.txt
will be our target and contain a single line with a fake secret:
var discord_client_secret = '8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ'
Running gitleaks on this file using the generic rule will return one finding:
gitleaks detect --source=example.txt --no-git -v --config=example.toml
○
│╲
│ ○
○ ░
░ gitleaks
Finding: discord_client_secret = '8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ'
Secret: 8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ
RuleID: generic-api-key
Entropy: 4.413910
File: example.txt
Line: 1
Fingerprint: example.txt:generic-api-key:1
We can add a allowlist regexes
entry to include part of the secret. This will cause gitleaks to ignore the finding above.
Note that by default gitleaks uses the Secret to compare against allowlist regexes.
Adding the following allowlist to the generic rule will cause gitleaks to ignore the finding:
[rules.allowlist]
regexes = ["vV"]
But now say you don't want to use Secret
to compare against your allowlist regexes. Well, now you can use regexTarget
and set the value as either line
or match
to compare against the line or regex match:
[rules.allowlist]
regexTarget = "match"
regexes = ["discord"]
and
[rules.allowlist]
regexTarget = "line"
regexes = ["var"]
will both result in the finding being ignored because discord
is found in the generic rule regex match and var
is in the line where the finding was found.
In addition to rule allowlists, you can set regexTarget
in the global allowlist:
[allowlist]
regexTarget = "line"
regexes = ["var"]
Thanks @bplaxco for the review
v8.15.4
Changelog
-
343e693
ignore package-lock.json (#1076) -
0060ab6
Fix typos in README.md and CONTRIBUTING.md (#1090) -
0259088
fix: ignore baseline if path was not relative in source (#1101) -
088f8b8
Fix H in GitHub and update pre-commit rev tag in README (#1087)
Shouts outs to @sandyydk @raffis @lawndoc @sadikkuzu
v8.15.3
Changelog
v8.15.2
Changelog
-
d805fb9
remove color formatting when #1042 is encountered (#1050) -
391d4d7
Update README.md -
f774932
adding jwt tokens with padding format "=" (#1031)
v8.15.1
Changelog
-
7f229fa
include default newline pairs when calculating location (#1038) -
d0733f9
Add rule for fine-grained GitHub PAT (#1026)
v8.15.0
Changelog
-
6ef704f
Add scanning from a pipe with --pipe (#1012) -
6d801ed
Add support for following symlinks (#1010) -
e15ab0d
fix bug in readme (#1011)
Thanks @RickyGrassmuck @sergiomarotco
--pipe
Try --pipe
with anything...
git log -p | gitleaks detect --pipe
--follow-symlinks
gitleaks --source . --no-git --follow-symlinks
v8.14.1
Changelog
v8.14.0
Changelog
-
c0caab0
add --max-target-megabytes : maximum size for a file/blob to be scanned (#1003) -
2678a54
Add detection rules for DigitalOcean tokens (#1002) -
eb2bfe5
Exclude dacpac refactorlogs (#990) -
55d1da1
Output number of commits at info-level. (#991) -
177e9f4
Detect Slack Workflow Webhook URLs (#989) -
e93d8cb
Upgrade go version to 1.19 (#987) -
db43f9a
Minor cleanup to error handling and logging (#985)
Thanks to @roma8389 @michenriksen @JoostVoskuil @alexgit2k @Becojo @nnnkkk7 @mojotx @weineran
v8.13.0
Changelog
-
7dbfe8d
Adding quiet mode to silence banner (#852) -
fc98cbf
Issue #980: Add support for Telegram Bot API Token (#981) -
3f0293d
add rule for microsoft teams webhooks (#970) -
4f6ee2b
Add baseline (#975) -
6202053
Add pre-commit autoupdate command to README.md (#978) -
c8681e4
refactor: more precise rule for private keys (#930)
Thanks to @maltemorgenstern @b4bay @durkinza @akashchandwani @very-doge-wow @gawansch
v8.12.0
Changelog
-
b934591
update gitleaksignore -
8622c39
add fingerprint to output -
96eed6a
Pretty output (#973) -
7d9dd26
Update version in readme file (#972)
If this change causes outrage I can always add a --legacy-output
option.
v8.11.2
Changelog
v8.11.1
Changelog
v8.11.0
Changelog
v8.10.3
Changelog
v8.10.2
Changelog
v8.10.1
Changelog
-
b8f236c
Changed fingerprint to explicit concatenation ofcommit
,file
,rule-id
, andstart line
(#944)
v8.10.0
Changelog
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.