chore(deps): update pre-commit-dependencies

This MR contains the following updates:

Package	Type	Update	Change
adrienverge/yamllint	repository	minor	v1.30.0 -> v1.35.1
compilerla/conventional-pre-commit	repository	minor	v2.1.1 -> v2.4.0
pre-commit/pre-commit		minor	2.15.0 -> 2.21.0
pre-commit/pre-commit-hooks	repository	minor	v4.4.0 -> v4.6.0
zricethezav/gitleaks	repository	minor	v8.16.2 -> v8.18.2

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

adrienverge/yamllint

v1.35.1

Compare Source

v1.35.0

Compare Source

v1.34.0

Compare Source

v1.33.0

Compare Source

v1.32.0

Compare Source

v1.31.0

Compare Source

compilerla/conventional-pre-commit

v2.4.0

Compare Source

A long-requested change, conventional-pre-commit now accepts git commit --fixup-style commit messages by default.

For the original behavior of enforcing pure Conventional Commits formatting, pass the --strict flag:

- repo: https://github.com/compilerla/conventional-pre-commit
  rev: <git sha or tag>
  hooks:
    - id: conventional-pre-commit
      stages: [commit-msg]
      args: [--strict]

What's Changed

• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/57
• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/58
• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/59
• feat: introduce "strict" mode by @​vitaly-fanaskov-r in https://github.com/compilerla/conventional-pre-commit/pull/61

New Contributors

• @​vitaly-fanaskov-r made their first contribution in https://github.com/compilerla/conventional-pre-commit/pull/61

Full Changelog: https://github.com/compilerla/conventional-pre-commit/compare/v2.3.0...v2.4.0

PyPI: https://pypi.org/project/conventional-pre-commit/2.4.0/

v2.3.0

Compare Source

What's Changed

• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/53
• Added support for non optional scope by @​gpatsiaouras in https://github.com/compilerla/conventional-pre-commit/pull/54

New Contributors

• @​gpatsiaouras made their first contribution in https://github.com/compilerla/conventional-pre-commit/pull/54

Full Changelog: https://github.com/compilerla/conventional-pre-commit/compare/v2.2.0...v2.3.0

PyPI: https://pypi.org/project/conventional-pre-commit/2.3.0/

v2.2.0

Compare Source

What's Changed

• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/40
• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/42
• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/43
• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/44
• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/45
• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/46
• chore(pre-commit): autoupdate hooks by @​pre-commit-ci in https://github.com/compilerla/conventional-pre-commit/pull/48
• Refactor: use pyproject.toml for project metadata, requirements, build settings by @​thekaveman in https://github.com/compilerla/conventional-pre-commit/pull/50
• Feat: assume UTF-8 encoding for commit messages by @​thekaveman and @​Nagico in https://github.com/compilerla/conventional-pre-commit/pull/51
• Chore: version bump and release steps by @​thekaveman in https://github.com/compilerla/conventional-pre-commit/pull/52

Full Changelog: https://github.com/compilerla/conventional-pre-commit/compare/v2.1.1...v2.2.0

PyPI: https://pypi.org/project/conventional-pre-commit/2.2.0/

pre-commit/pre-commit

v2.21.0

Compare Source

===================

Features

• Require new-enough virtualenv to prevent 3.10 breakage
  • #​2467 MR by @​asottile.
• Respect aliases with SKIP for environment install.
  • #​2480 MR by @​kmARC.
  • #​2478 issue by @​kmARC.
• Allow pre-commit run --files against unmerged paths.
  • #​2484 MR by @​asottile.
• Also apply regex warnings to repo: local hooks.
  • #​2524 MR by @​chrisRedwine.
  • #​2521 issue by @​asottile.
• rust is now a "first class" language -- supporting language_version and installation when not present.
  • #​2534 MR by @​Holzhaus.
• r now uses more-reliable binary installation.
  • #​2460 MR by @​lorenzwalthert.
• GIT_ALLOW_MROTOCOL is now passed through for git operations.
  • #​2555 MR by @​asottile.
• GIT_ASKPASS is now passed through for git operations.
  • #​2564 MR by @​mattp-.
• Remove toml dependency by using cargo add directly.
  • #​2568 MR by @​m-rsha.
• Support dotnet hooks which have dotted prefixes.
  • #​2641 MR by @​rkm.
  • #​2629 issue by @​rkm.

Fixes

• Properly adjust --commit-msg-filename if run from a sub directory.
  • #​2459 MR by @​asottile.
• Simplify --intent-to-add detection by using git diff.
  • #​2580 MR by @​m-rsha.
• Fix R.exe selection on windows.
  • #​2605 MR by @​lorenzwalthert.
  • #​2599 issue by @​SInginc.
• Skip default nuget source when installing dotnet packages.
  • #​2642 MR by @​rkm.

v2.20.0

Compare Source

===================

Features

• Expose source and object-name (positional args) of prepare-commit-msg hook as MRE_COMMIT_COMIT_MSG_SOURCE and MRE_COMMIT_COMMIT_OBJECT_NAME.
  • #​2407 MR by @​M-Whitaker.
  • #​2406 issue by @​M-Whitaker.

Fixes

• Fix language: ruby installs when --user-install is set in gemrc.
  • #​2394 MR by @​narpfel.
  • #​2393 issue by @​narpfel.
• Adjust pty setup for solaris.
  • #​2390 MR by @​gaige.
  • #​2389 issue by @​gaige.
• Remove unused --config option from gc, sample-config, validate-config, validate-manifest sub-commands.
  • #​2429 MR by @​asottile.

v2.19.0

Compare Source

===================

Features

• Allow multiple outputs from language: dotnet hooks.
  • #​2332 MR by @​WallucePinkham.
• Add more information to healthy() failure.
  • #​2348 MR by @​asottile.
• Upgrade ruby-build.
  • #​2342 MR by @​jalessio.
• Add pre-commit validate-config / pre-commit validate-manifest and deprecate pre-commit-validate-config and pre-commit-validate-manifest.
  • #​2362 MR by @​asottile.

Fixes

• Fix pre-push when pushed ref contains spaces.
  • #​2345 MR by @​wwade.
  • #​2344 issue by @​wwade.

Updating

• Change pre-commit-validate-config / pre-commit-validate-manifest to pre-commit validate-config / pre-commit validate-manifest.
  • #​2362 MR by @​asottile.

v2.18.1

Compare Source

===================

Fixes

• Fix regression for repo: local hooks running python<3.7
  • #​2324 MR by @​asottile.

v2.18.0

Compare Source

===================

Features

• Keep GIT_HTTP_MROXY_AUTHMETHOD in git environ.
  • #​2272 MR by @​VincentBerthier.
  • #​2271 issue by @​VincentBerthier.
• Support both cs and coursier executables for coursier hooks.
  • #​2293 MR by @​Holzhaus.
• Include more information in errors for language_version / additional_dependencies for languages which do not support them.
  • #​2315 MR by @​asottile.
• Have autoupdate preferentially pick tags which look like versions when there are multiple equivalent tags.
  • #​2312 MR by @​mblayman.
  • #​2311 issue by @​mblayman.
• Upgrade ruby-build.
  • #​2319 MR by @​jalessio.
• Add top level default_install_hook_types which will be installed when --hook-types is not specified in pre-commit install.
  • #​2322 MR by @​asottile.

Fixes

• Fix typo in help message for --from-ref and --to-ref.
  • #​2266 MR by @​leetrout.
• Prioritize binary builds for R dependencies.
  • #​2277 MR by @​lorenzwalthert.
• Fix handling of git worktrees.
  • #​2252 MR by @​daschuer.
• Fix handling of $R_HOME for R hooks.
  • #​2301 MR by @​jeff-m-sullivan.
  • #​2300 issue by @​jeff-m-sullivan.
• Fix a rare race condition in change stashing.
  • #​2323 MR by @​asottile.
  • #​2287 issue by @​ian-h-chamberlain.

Updating

• Remove python3.6 support. Note that pre-commit still supports running hooks written in older versions, but pre-commit itself requires python 3.7+.
  • #​2215 MR by @​asottile.
• pre-commit has migrated from the master branch to main.
  • #​2302 MR by @​asottile.

v2.17.0

Compare Source

===================

Features

• add warnings for regexes containing [\\/].
  • #​2151 issue by @​sanjioh.
  • #​2154 MR by @​kuviokelluja.
• upgrade supported ruby versions.
  • #​2205 MR by @​jalessio.
• allow language: conda to use mamba or micromamba via MRE_COMMIT_USE_MAMBA=1 or MRE_COMMIT_USE_MICROMAMBA=1 respectively.
  • #​2204 issue by @​janjagusch.
  • #​2207 MR by @​xhochy.
• display git --version in error report.
  • #​2210 MR by @​asottile.
• add language: lua as a supported language.
  • #​2158 MR by @​mblayman.

Fixes

• temporarily add setuptools to the zipapp.
  • #​2122 issue by @​andreoliwa.
  • a737d5f commit by @​asottile.
• use go install instead of go get for go 1.18+ support.
  • #​2161 MR by @​schmir.
• fix language: r with a local renv and RENV_MROJECT set.
  • #​2170 MR by @​lorenzwalthert.
• forbid overriding entry in language: meta hooks which breaks them.
  • #​2180 issue by @​DanKaplanSES.
  • #​2181 MR by @​asottile.
• always use #!/bin/sh on windows for hook script.
  • #​2182 issue by @​hushigome-visco.
  • #​2187 MR by @​asottile.

v2.16.0

Compare Source

===================

Features

• add warning for regexes containing [\/] or [/\\].
  • #​2053 MR by @​radek-sprta.
  • #​2043 issue by @​asottile.
• move hook template back to bash resolving shebang-portability issues.
  • #​2065 MR by @​asottile.
• add support for fail_fast at the individual hook level.
  • #​2097 MR by @​colens3.
  • #​1143 issue by @​potiuk.
• allow passthrough of GIT_CONFIG_KEY_*, GIT_CONFIG_VALUE_*, and GIT_CONFIG_COUNT.
  • #​2136 MR by @​emzeat.

Fixes

• fix pre-commit autoupdate for core.useBuiltinFSMonitor=true on windows.
  • #​2047 MR by @​asottile.
  • #​2046 issue by @​lcnittl.
• fix temporary file stashing with for submodule.recurse=1.
  • #​2071 MR by @​asottile.
  • #​2063 issue by @​a666.
• ban broken importlib-resources versions.
  • #​2098 MR by @​asottile.
• replace exit(...) with raise SystemExit(...) for portability.
  • #​2103 MR by @​asottile.
  • #​2104 MR by @​asottile.

pre-commit/pre-commit-hooks

v4.6.0: pre-commit-hooks v4.6.0

Compare Source

Features

• requirements-txt-fixer: remove duplicate packages.
  • #​1014 MR by @​vhoulbreque-withings.
  • #​960 issue @​csibe17.

Migrating

• fix-encoding-pragma: deprecated -- will be removed in 5.0.0. use pyupgrade or some other tool.
  • #​1033 MR by @​mxr.
  • #​1032 issue by @​mxr.

v4.5.0: pre-commit-hooks v4.5.0

Compare Source

Features

• requirements-txt-fixer: also sort constraints.txt by default.
  • #​857 MR by @​lev-blit.
  • #​830 issue by @​PLPeeters.
• debug-statements: add bpdb debugger.
  • #​942 MR by @​mwip.
  • #​941 issue by @​mwip.

Fixes

• file-contents-sorter: fix sorting an empty file.
  • #​944 MR by @​RoelAdriaans.
  • #​935 issue by @​paduszyk.
• double-quote-string-fixer: don't rewrite inside f-strings in 3.12+.
  • #​973 MR by @​asottile.
  • #​971 issue by @​XuehaiPan.

Migrating

• now requires python >= 3.8.
  • #​926 MR by @​asottile.
  • #​927 MR by @​asottile.

zricethezav/gitleaks

v8.18.2

Compare Source

Changelog

• ac4b514 removed gitleaks user from Dockerfile (#​1313)
• 76c9e31 Remove IAM identifiers for non-credential resources in the aws-access-token rule (#​1307)
• afe046b Update stripe rule to not alert on publishable keys (#​1320)
• 8b8920d --max-target-megabytes flag now supported for --no-git flag as well (#​1330)
• a59289c add pre-commit hook gitleaks-system (#​1225)
• 870194b fix errors when using protect and an external git diff tool (#​1318)
• 179c607 rename filesystem to directory (#​1317)
• 8de8938 Enhance Secret Descriptions (#​1300)
• ca7aa14 Small refactor detect and sources (#​1297)
• 01e60c8 chore(config): refactor to go generate; simplify configRules init (#​1295)
• 54f5f04 forgot symlinks
• 221d5c4 pretty apparent 'protect' and 'detect' should be merged into one command (#​1294)
• 128b50f style: sort the stopwords (#​1289)

v8.18.1

Compare Source

Changelog

• dab7d02 dont crash on 100gb files pls (#​1292)
• e63b657 remove secretgroup from default config (#​1288)
• 20fcf50 feat: Hashicorp Terraform fields for password (#​1237)
• b496677 perf: avoid allocations with (*regexp.Regexp).MatchString (#​1283)
• a3ab4e8 refactor: more explicit rules (#​1280)
• bd9a25a bugfix: reduce false positives for stripe tokens by using word boundaries in regex (#​1278)
• 6d0d8b5 add Infracost API rule (#​1273)
• 2959fc0 refactor: simplify test asserts (#​1271)
• d37b38f Update Makefile
• 14b1ca9 refactor: change detect tests to t.Fatal instead of log.Fatal (#​1270)
• d9f86d6 feat(rules): Add detection for Scalingo API Token (#​1262)
• ed34259 feat(jwt): detect base64-encoded tokens (#​1256)
• 0d5e46f feat: add --ignore-gitleaks-allow cmd flag (#​1260)
• a82ac29 switch out libs (#​1259)
• 0b84afa fix: no-color option should also affect zerolog output (#​1242)
• 8976539 Fixed lineEnd indexing if the match is the whole line (#​1223)
• 30c6117 feat: Add optional redaction value, default 100 (#​1229)
• e9135cf fix(jwt): longer segment lengths (#​1214)
• f65f915 Added yarn.lock file to default allowlist paths (#​1258)
• abfd0f3 Update README.md
• 18283bb feat(rules): make case insensitivity optional (#​1215)
• 9fb36b2 feat(rules): detect Hugging Face access tokens (#​1204)
• db4bc0f Resolve #​1170 - Enable selection of a single rule (#​1183)
• 3cbcda2 Update authress.go to include alternate form account dash (-) (#​1224)
• 46c6272 refactor: remove unnecessary removing temp files in tests (#​1255)
• 963a697 refactor: use os.ReadFile instead of os.Open + io.ReadAll (#​1254)
• 163ec21 fix(sumologic): improve patterns (#​1218)

v8.18.0

Compare Source

What's Changed

• Fix inconsistent generated values in config by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1200
• feat: add JFrog API and Identity keys by @​baruchiro in https://github.com/gitleaks/gitleaks/pull/1233
• Add entropy check to plaid client/secret ID rules by @​mortenson in https://github.com/gitleaks/gitleaks/pull/1213
• Update config template logic by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1201
• Include entropy in Plaid rule file by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1252
• refactor: fix #​722 properly by @​L11R in https://github.com/gitleaks/gitleaks/pull/1250

New Contributors

• @​baruchiro made their first contribution in https://github.com/gitleaks/gitleaks/pull/1233
• @​mortenson made their first contribution in https://github.com/gitleaks/gitleaks/pull/1213
• @​L11R made their first contribution in https://github.com/gitleaks/gitleaks/pull/1250

Full Changelog: https://github.com/gitleaks/gitleaks/compare/v8.17.0...v8.18.0

v8.17.0

Compare Source

What's Changed

• Add REDACTED to stopwords for generic-api-key rule by @​9999years in https://github.com/gitleaks/gitleaks/pull/1188
• Add detection for Snyk tokens by @​wayne-snyk in https://github.com/gitleaks/gitleaks/pull/1190
• Add makefile variable detections by @​wayne-snyk in https://github.com/gitleaks/gitleaks/pull/1191
• chore: update deps to fix solaris #​1158 by @​gaige in https://github.com/gitleaks/gitleaks/pull/1159
• Add junit report format by @​maltemorgenstern in https://github.com/gitleaks/gitleaks/pull/920
• Ignore all comits when .gitleaksignore fingerprint lacks SHA by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1156
• Improved global exclusion list by @​sergiomarotco in https://github.com/gitleaks/gitleaks/pull/1193
• Add detection for OpenAI API keys by @​Becojo in https://github.com/gitleaks/gitleaks/pull/1148
• Add warning for quoted --log-opts values by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1160
• Fixed docker run command in README.md by @​IanMoroney in https://github.com/gitleaks/gitleaks/pull/1194
• add tags support for csv and sarif formats by @​eyalatox in https://github.com/gitleaks/gitleaks/pull/1176
• Update Slack token regexes by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1161

New Contributors

• @​9999years made their first contribution in https://github.com/gitleaks/gitleaks/pull/1188
• @​wayne-snyk made their first contribution in https://github.com/gitleaks/gitleaks/pull/1190
• @​gaige made their first contribution in https://github.com/gitleaks/gitleaks/pull/1159
• @​IanMoroney made their first contribution in https://github.com/gitleaks/gitleaks/pull/1194
• @​eyalatox made their first contribution in https://github.com/gitleaks/gitleaks/pull/1176
• @​dvasdekis made their first contribution in https://github.com/gitleaks/gitleaks/pull/1079

Full Changelog: https://github.com/gitleaks/gitleaks/compare/v8.16.4...v8.17.0

v8.16.4

Compare Source

Changelog

• 6f75511 Added option to specify .gitleaksignore path (#​1179) @​pacorreia
• 190ac97 Fix closing file in writeJson and writeSarif (#​1187) @​alexandear
• 6dbb0c5 Simplify tests by using T.TempDir (#​1186) @​alexandear
• 6705461 Fix typos in *.md, comments and logs (#​1185) @​alexandear
• 9869eab Update README.md
• 16f1ec0 Update bug_report.md
• 8d80a5a Adding discord channel to readme
• 146f69e 🐛 fix(sarif): update report to pass validator (#​1167) @​DariuszPorowski

v8.16.3

Compare Source

Changelog

• 51ca0f8 fix(detect): extra secret from group before checking allowlist (#​1152)
• 81cf308 Fix G307 warning: Deferring unsafe method "Close" on type "*os.File" (#​1154)
• bd8b145 fix(detect): avoid panic with verbose flag (#​1143)
• 839f114 Fix typo (#​1142)
• 63c3076 No color (#​1136)
• 56079dc safer out of bounds (#​1135)
• 9c6650d Add Authress access key format: https://authress.io/knowledge-base/docs/authorization/service-clients/secrets-scanning/ (#​1131)
• 6fa63f4 Update pre-commit address and rev tag in README (#​1125)
• 9701bf1 Bufix/1100 protect stagged files (#​1121)
• db79d81 fix README.md !? (#​1123)
• 8a31f4a Improve rule descriptions for Stripe and Facebook access tokens (#​1119)
• 6b0c303 Add Defined Networking API Tokens (#​1096)

Huuuuuge thank you to all the contributors especially @​rgmz

@​edwardwang888 @​wparad @​sadikkuzu @​RafaelFigueiredo @​fgreinacher @​jasikpark @​sergiomarotco

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.