chore(deps): update pre-commit-dependencies
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
adrienverge/yamllint | repository | minor |
v1.26.3 -> v1.32.0
|
compilerla/conventional-pre-commit | repository | minor |
v1.3.0 -> v1.4.0
|
pre-commit/mirrors-eslint | repository | minor |
v8.1.0 -> v8.47.0
|
pre-commit/pre-commit | minor |
3.1.1 -> 3.3.3
|
|
pre-commit/pre-commit-hooks | repository | minor |
v4.2.0 -> v4.4.0
|
zricethezav/gitleaks | repository | minor |
v8.9.0 -> v8.17.0
|
Note: The pre-commit
manager in Renovate is not supported by the pre-commit
maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.
Release Notes
compilerla/conventional-pre-commit (compilerla/conventional-pre-commit)
v1.4.0
What's Changed
- feat: allow underscore in scopes by @bi0ha2ard in https://github.com/compilerla/conventional-pre-commit/pull/22
- Adding some colors to the commit script by @jeeftor in https://github.com/compilerla/conventional-pre-commit/pull/21
New Contributors
- @bi0ha2ard made their first contribution in https://github.com/compilerla/conventional-pre-commit/pull/22
- @jeeftor made their first contribution in https://github.com/compilerla/conventional-pre-commit/pull/21
Full Changelog: https://github.com/compilerla/conventional-pre-commit/compare/v1.3.0...v1.4.0
pre-commit/mirrors-eslint (pre-commit/mirrors-eslint)
v8.47.0
v8.46.0
v8.45.0
v8.44.0
v8.43.0
v8.42.0
v8.41.0
v8.40.0
v8.39.0
v8.38.0
v8.37.0
v8.36.0
v8.35.0
v8.34.0
v8.33.0
v8.32.0
v8.31.0
v8.30.0
v8.29.0
v8.28.0
v8.27.0
v8.26.0
v8.25.0
v8.24.0
v8.23.1
v8.23.0
v8.22.0
v8.21.0
v8.20.0
v8.19.0
v8.18.0
v8.17.0
v8.16.0
v8.15.0
v8.14.0
v8.13.0
v8.12.0
v8.11.0
v8.10.0
v8.9.0
v8.8.0
v8.7.0
v8.6.0
v8.5.0
v8.4.1
v8.4.0
v8.3.0
v8.2.0
pre-commit/pre-commit (pre-commit/pre-commit)
v3.3.3
==================
Fixes
- Work around OS packagers setting
--install-dir
/--bin-dir
in gem settings.- #2905 MR by @jaysoffian.
- #2799 issue by @lmilbaum.
v3.3.2
==================
Fixes
- Work around
r
on windows sometimes double-un-quoting arguments.- #2885 MR by @lorenzwalthert.
- #2870 issue by @lorenzwalthert.
v3.3.1
==================
Fixes
- Work around
git
partial clone bug forautoupdate
on windows.- #2866 MR by @asottile.
- #2865 issue by @adehad.
v3.3.0
==================
Features
- Upgrade ruby-build.
- #2846 MR by @jalessio.
- Use blobless clone for faster autoupdate.
- #2859 MR by @asottile.
- Add
-j
/--jobs
argument toautoupdate
for parallel execution.- #2863 MR by @asottile.
- issue by @gaborbernat.
v3.2.2
==================
Fixes
- Fix support for swift >= 5.8.
- #2836 MR by @edelabar.
- #2835 issue by @kgrobelny-intive.
v3.2.1
==================
Fixes
- Fix
language_version
forlanguage: rust
without globalrustup
.- #2823 issue by @daschuer.
- #2827 MR by @asottile.
v3.2.0
==================
Features
- Allow
pre-commit
,pre-push
, andpre-merge-commit
asstages
.- #2732 issue by @asottile.
- #2808 MR by @asottile.
- Add
pre-rebase
hook support.- #2582 issue by @BrutalSimplicity.
- #2725 MR by @mgaligniana.
Fixes
- Remove bulky cargo cache from
language: rust
installs.- #2820 MR by @asottile.
pre-commit/pre-commit-hooks (pre-commit/pre-commit-hooks)
v4.4.0
: pre-commit-hooks v4.4.0
Features
- forbid-submodules: new hook which outright bans submodules.
- #815 MR by @asottile.
- #707 issue by @ChiefGokhlayeh.
v4.3.0
: pre-commit-hooks v4.3.0
Features
-
check-executables-have-shebangs
: usegit config core.fileMode
to determine if it should querygit
.- #730 MR by @Kurt-von-Laven.
-
name-tests-test
: add--pytest-test-first
test convention.- #779 MR by @asottile.
Fixes
-
check-shebang-scripts-are-executable
: update windows instructions.- #774 MR by @mdeweerd.
- #770 issue by @mdeweerd.
-
check-toml
: use stdlibtomllib
when available.- #771 MR by @DanielNoord.
- #755 issue by @sognetic.
-
check-added-large-files
: don't run on non-filestages
.- #778 MR by @asottile.
- #777 issue by @skyj.
zricethezav/gitleaks (zricethezav/gitleaks)
v8.17.0
What's Changed
- Add
REDACTED
to stopwords forgeneric-api-key
rule by @9999years in https://github.com/gitleaks/gitleaks/pull/1188 - Add detection for Snyk tokens by @wayne-snyk in https://github.com/gitleaks/gitleaks/pull/1190
- Add makefile variable detections by @wayne-snyk in https://github.com/gitleaks/gitleaks/pull/1191
- chore: update deps to fix solaris #1158 by @gaige in https://github.com/gitleaks/gitleaks/pull/1159
- Add junit report format by @maltemorgenstern in https://github.com/gitleaks/gitleaks/pull/920
- Ignore all comits when
.gitleaksignore
fingerprint lacks SHA by @rgmz in https://github.com/gitleaks/gitleaks/pull/1156 - Improved global exclusion list by @sergiomarotco in https://github.com/gitleaks/gitleaks/pull/1193
- Add detection for OpenAI API keys by @Becojo in https://github.com/gitleaks/gitleaks/pull/1148
- Add warning for quoted
--log-opts
values by @rgmz in https://github.com/gitleaks/gitleaks/pull/1160 - Fixed docker run command in README.md by @IanMoroney in https://github.com/gitleaks/gitleaks/pull/1194
- add tags support for csv and sarif formats by @eyalatox in https://github.com/gitleaks/gitleaks/pull/1176
- Update Slack token regexes by @rgmz in https://github.com/gitleaks/gitleaks/pull/1161
New Contributors
- @9999years made their first contribution in https://github.com/gitleaks/gitleaks/pull/1188
- @wayne-snyk made their first contribution in https://github.com/gitleaks/gitleaks/pull/1190
- @gaige made their first contribution in https://github.com/gitleaks/gitleaks/pull/1159
- @IanMoroney made their first contribution in https://github.com/gitleaks/gitleaks/pull/1194
- @eyalatox made their first contribution in https://github.com/gitleaks/gitleaks/pull/1176
- @dvasdekis made their first contribution in https://github.com/gitleaks/gitleaks/pull/1079
Full Changelog: https://github.com/gitleaks/gitleaks/compare/v8.16.4...v8.17.0
v8.16.4
Changelog
-
6f75511
Added option to specify .gitleaksignore path (#1179) @pacorreia -
190ac97
Fix closing file in writeJson and writeSarif (#1187) @alexandear -
6dbb0c5
Simplify tests by using T.TempDir (#1186) @alexandear -
6705461
Fix typos in *.md, comments and logs (#1185) @alexandear -
9869eab
Update README.md -
16f1ec0
Update bug_report.md -
8d80a5a
Adding discord channel to readme -
146f69e
🐛 fix(sarif): update report to pass validator (#1167) @DariuszPorowski
v8.16.3
Changelog
-
51ca0f8
fix(detect): extra secret from group before checking allowlist (#1152) -
81cf308
Fix G307 warning: Deferring unsafe method "Close" on type "*os.File" (#1154) -
bd8b145
fix(detect): avoid panic with verbose flag (#1143) -
839f114
Fix typo (#1142) -
63c3076
No color (#1136) -
56079dc
safer out of bounds (#1135) -
9c6650d
Add Authress access key format: https://authress.io/knowledge-base/docs/authorization/service-clients/secrets-scanning/ (#1131) -
6fa63f4
Update pre-commit address and rev tag in README (#1125) -
9701bf1
Bufix/1100 protect stagged files (#1121) -
db79d81
fix README.md !? (#1123) -
8a31f4a
Improve rule descriptions for Stripe and Facebook access tokens (#1119) -
6b0c303
Add Defined Networking API Tokens (#1096)
Huuuuuge thank you to all the contributors especially @rgmz
@edwardwang888 @wparad @sadikkuzu @RafaelFigueiredo @fgreinacher @jasikpark @sergiomarotco
v8.16.2
Changelog
-
63c3076
No color (#1136) -
56079dc
safer out of bounds (#1135) (Thank you @agmond) -
9c6650d
Add Authress access key format: https://authress.io/knowledge-base/docs/authorization/service-clients/secrets-scanning/ (#1131) -
6fa63f4
Update pre-commit address and rev tag in README (#1125) -
9701bf1
Bufix/1100 protect stagged files (#1121) -
a5b9c24
remove extra default on source option -
db79d81
fix README.md !? (#1123) -
8a31f4a
Improve rule descriptions for Stripe and Facebook access tokens (#1119) -
6b0c303
Add Defined Networking API Tokens (#1096)
Thanks to @americanair for sponsoring this open source project!
Thanks to all the contributors this release: @fgreinacher @wparad @RafaelFigueiredo @sergiomarotco @jasikpark
v8.16.1
Changelog
-
1fb3a77
Update gitleaks.toml (#1116) -
11c2ad0
Add gradle.lockfile to allowlist (#1112) -
e55d397
Update pre-commit rev tag in README (#1108) -
2dd9946
Add pnpm-lock.yaml and Database.refactorlo (#1109)
v8.16.0
Changelog
Allowlist Regex Targets
Let's use the generic rule to demonstrate the new regexTarget
allowlist option
[[rules]]
description = "Generic API Key"
id = "generic-api-key"
regex = '''(?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9a-z\-_.=]{10,150})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
secretGroup = 1
entropy = 3.5
keywords = [
"key","api","token","secret","client","passwd","password","auth","access",
]
example.txt
will be our target and contain a single line with a fake secret:
var discord_client_secret = '8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ'
Running gitleaks on this file using the generic rule will return one finding:
gitleaks detect --source=example.txt --no-git -v --config=example.toml
○
│╲
│ ○
○ ░
░ gitleaks
Finding: discord_client_secret = '8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ'
Secret: 8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ
RuleID: generic-api-key
Entropy: 4.413910
File: example.txt
Line: 1
Fingerprint: example.txt:generic-api-key:1
We can add a allowlist regexes
entry to include part of the secret. This will cause gitleaks to ignore the finding above.
Note that by default gitleaks uses the Secret to compare against allowlist regexes.
Adding the following allowlist to the generic rule will cause gitleaks to ignore the finding:
[rules.allowlist]
regexes = ["vV"]
But now say you don't want to use Secret
to compare against your allowlist regexes. Well, now you can use regexTarget
and set the value as either line
or match
to compare against the line or regex match:
[rules.allowlist]
regexTarget = "match"
regexes = ["discord"]
and
[rules.allowlist]
regexTarget = "line"
regexes = ["var"]
will both result in the finding being ignored because discord
is found in the generic rule regex match and var
is in the line where the finding was found.
In addition to rule allowlists, you can set regexTarget
in the global allowlist:
[allowlist]
regexTarget = "line"
regexes = ["var"]
Thanks @bplaxco for the review
v8.15.4
Changelog
-
343e693
ignore package-lock.json (#1076) -
0060ab6
Fix typos in README.md and CONTRIBUTING.md (#1090) -
0259088
fix: ignore baseline if path was not relative in source (#1101) -
088f8b8
Fix H in GitHub and update pre-commit rev tag in README (#1087)
Shouts outs to @sandyydk @raffis @lawndoc @sadikkuzu
v8.15.3
Changelog
v8.15.2
Changelog
-
d805fb9
remove color formatting when #1042 is encountered (#1050) -
391d4d7
Update README.md -
f774932
adding jwt tokens with padding format "=" (#1031)
v8.15.1
Changelog
-
7f229fa
include default newline pairs when calculating location (#1038) -
d0733f9
Add rule for fine-grained GitHub PAT (#1026)
v8.15.0
Changelog
-
6ef704f
Add scanning from a pipe with --pipe (#1012) -
6d801ed
Add support for following symlinks (#1010) -
e15ab0d
fix bug in readme (#1011)
Thanks @RickyGrassmuck @sergiomarotco
--pipe
Try --pipe
with anything...
git log -p | gitleaks detect --pipe
--follow-symlinks
gitleaks --source . --no-git --follow-symlinks
v8.14.1
Changelog
v8.14.0
Changelog
-
c0caab0
add --max-target-megabytes : maximum size for a file/blob to be scanned (#1003) -
2678a54
Add detection rules for DigitalOcean tokens (#1002) -
eb2bfe5
Exclude dacpac refactorlogs (#990) -
55d1da1
Output number of commits at info-level. (#991) -
177e9f4
Detect Slack Workflow Webhook URLs (#989) -
e93d8cb
Upgrade go version to 1.19 (#987) -
db43f9a
Minor cleanup to error handling and logging (#985)
Thanks to @roma8389 @michenriksen @JoostVoskuil @alexgit2k @Becojo @nnnkkk7 @mojotx @weineran
v8.13.0
Changelog
-
7dbfe8d
Adding quiet mode to silence banner (#852) -
fc98cbf
Issue #980: Add support for Telegram Bot API Token (#981) -
3f0293d
add rule for microsoft teams webhooks (#970) -
4f6ee2b
Add baseline (#975) -
6202053
Add pre-commit autoupdate command to README.md (#978) -
c8681e4
refactor: more precise rule for private keys (#930)
Thanks to @maltemorgenstern @b4bay @durkinza @akashchandwani @very-doge-wow @gawansch
v8.12.0
Changelog
-
b934591
update gitleaksignore -
8622c39
add fingerprint to output -
96eed6a
Pretty output (#973) -
7d9dd26
Update version in readme file (#972)
If this change causes outrage I can always add a --legacy-output
option.
v8.11.2
Changelog
v8.11.1
Changelog
v8.11.0
Changelog
v8.10.3
Changelog
v8.10.2
Changelog
v8.10.1
Changelog
-
b8f236c
Changed fingerprint to explicit concatenation ofcommit
,file
,rule-id
, andstart line
(#944)
v8.10.0
Changelog
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.