Bump Gitleaks to 8.20.1
What does this MR do and why?
Resolves mostly Bump gitleaks version and update lefthook.yml (#495414 - closed) and removes the related, but apparently unused {files}
filter from our Lefthook configuration.
- All Gitleaks changes
- Follow-up to Bump gitleaks to latest patch version (!125215 - merged), 93e30925 & ebbd63b8
Somewhat breaking change here :-/
As gitleaks git --pre-commit --staged
is a new command here that replaces gitleaks detect
, Lefthook will fail for users who've not asdf install
ed after pulling this change.
Normally, gdk update
does that automaticaly, so we're merely risking an inconvenience here.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Local test to confirm PAT detection:
$ echo "glpat-abcdefghij0123456789" > README.md ; git commit --all
╭───────────────────────────────────────╮
│ 🥊 lefthook v1.7.15 hook: pre-commit │
… secrets-detection ❯
… Finding: REDACTED
… Fingerprint: README.md:gitlab-pat:119
… WRN leaks found: 1
How to set up and validate locally
- Checkout this branch
asdf install
- Run a local test as the one above.
Edited by Katrin Leinweber