Secret detection: "Password in URL" across multiple lines?

We recently started seeing a behavior with secret detection that I consider "incorrect". However, I haven't been able to pin it to a particular change. I just noticed that @zrice recently updated the gitleaks dependency and that he changed a few things alongside that version bump.

Example input

OpenAPI 3 YAML file documenting URL and email in the info > contact section like so:

info:
  contact:
    name: Foo Ltd.
    url: https://www.foo.com
    email: info@foo.com

Secret detection result

"Password in URL" reports a violation:

"raw_source_code_extract": "https://www.foo.com\n    email: info@foo.com"

Suspect

The above extract appears to indicate that the regex mode is multiline - which would be odd for scanning URLs.