chore(deps): update pre-commit-dependencies
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
adrienverge/yamllint | repository | minor |
v1.26.3 -> v1.29.0
|
compilerla/conventional-pre-commit | repository | minor |
v1.3.0 -> v1.4.0
|
zricethezav/gitleaks | repository | minor |
v8.9.0 -> v8.16.0
|
Note: The pre-commit
manager in Renovate is not supported by the pre-commit
maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.
Release Notes
compilerla/conventional-pre-commit
v1.4.0
What's Changed
- feat: allow underscore in scopes by @bi0ha2ard in https://github.com/compilerla/conventional-pre-commit/pull/22
- Adding some colors to the commit script by @jeeftor in https://github.com/compilerla/conventional-pre-commit/pull/21
New Contributors
- @bi0ha2ard made their first contribution in https://github.com/compilerla/conventional-pre-commit/pull/22
- @jeeftor made their first contribution in https://github.com/compilerla/conventional-pre-commit/pull/21
Full Changelog: https://github.com/compilerla/conventional-pre-commit/compare/v1.3.0...v1.4.0
zricethezav/gitleaks
v8.16.0
Changelog
Allowlist Regex Targets
Let's use the generic rule to demonstrate the new regexTarget
allowlist option
[[rules]]
description = "Generic API Key"
id = "generic-api-key"
regex = '''(?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9a-z\-_.=]{10,150})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
secretGroup = 1
entropy = 3.5
keywords = [
"key","api","token","secret","client","passwd","password","auth","access",
]
example.txt
will be our target and contain a single line with a fake secret:
var discord_client_secret = '8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ'
Running gitleaks on this file using the generic rule will return one finding:
gitleaks detect --source=example.txt --no-git -v --config=example.toml
○
│╲
│ ○
○ ░
░ gitleaks
Finding: discord_client_secret = '8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ'
Secret: 8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ
RuleID: generic-api-key
Entropy: 4.413910
File: example.txt
Line: 1
Fingerprint: example.txt:generic-api-key:1
We can add a allowlist regexes
entry to include part of the secret. This will cause gitleaks to ignore the finding above.
Note that by default gitleaks uses the Secret to compare against allowlist regexes.
Adding the following allowlist to the generic rule will cause gitleaks to ignore the finding:
[rules.allowlist]
regexes = ["vV"]
But now say you don't want to use Secret
to compare against your allowlist regexes. Well, now you can use regexTarget
and set the value as either line
or match
to compare against the line or regex match:
[rules.allowlist]
regexTarget = "match"
regexes = ["discord"]
and
[rules.allowlist]
regexTarget = "line"
regexes = ["var"]
will both result in the finding being ignored because discord
is found in the generic rule regex match and var
is in the line where the finding was found.
In addition to rule allowlists, you can set regexTarget
in the global allowlist:
[allowlist]
regexTarget = "line"
regexes = ["var"]
Thanks @bplaxco for the review
v8.15.4
Changelog
-
343e693
ignore package-lock.json (#1076) -
0060ab6
Fix typos in README.md and CONTRIBUTING.md (#1090) -
0259088
fix: ignore baseline if path was not relative in source (#1101) -
088f8b8
Fix H in GitHub and update pre-commit rev tag in README (#1087)
Shouts outs to @sandyydk @raffis @lawndoc @sadikkuzu
v8.15.3
Changelog
v8.15.2
Changelog
-
d805fb9
remove color formatting when #1042 is encountered (#1050) -
391d4d7
Update README.md -
f774932
adding jwt tokens with padding format "=" (#1031)
v8.15.1
Changelog
-
7f229fa
include default newline pairs when calculating location (#1038) -
d0733f9
Add rule for fine-grained GitHub PAT (#1026)
v8.15.0
Changelog
-
6ef704f
Add scanning from a pipe with --pipe (#1012) -
6d801ed
Add support for following symlinks (#1010) -
e15ab0d
fix bug in readme (#1011)
Thanks @RickyGrassmuck @sergiomarotco
--pipe
Try --pipe
with anything...
git log -p | gitleaks detect --pipe
--follow-symlinks
gitleaks --source . --no-git --follow-symlinks
v8.14.1
Changelog
v8.14.0
Changelog
-
c0caab0
add --max-target-megabytes : maximum size for a file/blob to be scanned (#1003) -
2678a54
Add detection rules for DigitalOcean tokens (#1002) -
eb2bfe5
Exclude dacpac refactorlogs (#990) -
55d1da1
Output number of commits at info-level. (#991) -
177e9f4
Detect Slack Workflow Webhook URLs (#989) -
e93d8cb
Upgrade go version to 1.19 (#987) -
db43f9a
Minor cleanup to error handling and logging (#985)
Thanks to @roma8389 @michenriksen @JoostVoskuil @alexgit2k @Becojo @nnnkkk7 @mojotx @weineran
v8.13.0
Changelog
-
7dbfe8d
Adding quiet mode to silence banner (#852) -
fc98cbf
Issue #980: Add support for Telegram Bot API Token (#981) -
3f0293d
add rule for microsoft teams webhooks (#970) -
4f6ee2b
Add baseline (#975) -
6202053
Add pre-commit autoupdate command to README.md (#978) -
c8681e4
refactor: more precise rule for private keys (#930)
Thanks to @maltemorgenstern @b4bay @durkinza @akashchandwani @very-doge-wow @gawansch
v8.12.0
Changelog
-
b934591
update gitleaksignore -
8622c39
add fingerprint to output -
96eed6a
Pretty output (#973) -
7d9dd26
Update version in readme file (#972)
If this change causes outrage I can always add a --legacy-output
option.
v8.11.2
Changelog
v8.11.1
Changelog
v8.11.0
Changelog
v8.10.3
Changelog
v8.10.2
Changelog
v8.10.1
Changelog
-
b8f236c
Changed fingerprint to explicit concatenation ofcommit
,file
,rule-id
, andstart line
(#944)
v8.10.0
Changelog
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.