Update pre-commit hook zricethezav/gitleaks to v8.23.3

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
zricethezav/gitleaks	repository	minor	v8.21.2 -> v8.23.3

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

zricethezav/gitleaks (zricethezav/gitleaks)

v8.23.3

Compare Source

Changelog

• 3188ad6 Don't exit with error if git repacking is required (#​1711)
• 7fc11bb refactor(config): use non-capture groups for allowlists (#​1735)
• 36c52c6 chore: Enhance curl-auth-user to detect empty usernames or passwords (#​1726)
• 1f323d8 fix(cmd): read log-opts before GitLogCmd (#​1730)

v8.23.2

Compare Source

Changelog

• d88bc09 facebook keyword
• 3fdaefd fix(meraki): restrict keyword case (#​1722)
• f3ae52e feat(generic-api-key): detect base64 (#​1598)
• d6a828a great branch name (#​1721)
• d2ffffe fix(git): remove .git suffix for links (#​1716)
• a43dc0d chore: refine generic-api-key fps + trace logging (#​1720)
• 69ed20e fix(generate): move newline out of char range (#​1719)
• 52b895a newline literal (#​1718)
• 3f4d91f build: support either stdlib or 3rd-party regexp (#​1706)
• 049f5b2 chore(detect): update trace logging (#​1713)
• 7a6183d feat(git): redact passwords from remote URL (#​1709)
• 3c7f3f0 feat(git): include link in report (#​1698)
• 0e3f4f7 chore: reduce generic-api-key fps (#​1707)
• 3ed8567 blorp
• e977850 added new rule for cisco meraki api key (#​1700)
• ad7a4fb feat: general fp tweaks (#​1703)
• b2cf03c chore(generate): use \x60 instead of literal (#​1702)
• a3f623c chore(regex): simplify secretPrefix, suffix (#​1620)
• cc71bb1 update version for pre-commit in README.md (#​1699)

v8.23.1

Compare Source

Changelog

• 7bad9f7 chore(gcp): add firebase example keys to the gcp-api-key allowlists (#​1635)
• 977236c fix: unaligned 64-bit atomic operation panic (#​1696)
• a211b16 force push to master everyday
• 0e5f644 feat(config): disable extended rule (#​1535)
• f320a60 style: prevent globbing and word splitting (#​1543)
• c4526b2 refactor(generic-api-key): remove hard-coded 'magic' (#​1600)
• 748076d chore(generate): add failing test case (#​1690)

v8.23.0

Compare Source

Changelog

• db8e5e6 feat(generate): use multiple allowlists (#​1691)
• 973c794 chore(rules): include fps in reference (#​1471)
• f0d4499 Add comma as operator for GenerateSemiGenericRegex (#​1679)
• ab38a46 refactor: central logger (#​1692)
• b022d1c friendship ended with tines

READ THIS!!! The default gitleaks config now uses [[rules.allowlists]]

### ⚠️ In v8.21.0 `[rules.allowlist]` was replaced with `[[rules.allowlists]]`.
### This change was backwards-compatible: instances of `[rules.allowlist]` still  work.
    #

### You can define multiple allowlists for a rule to reduce false positives.
### A finding will be ignored if _ANY_ `[[rules.allowlists]]` matches.
    [[rules.allowlists]]
    description = "ignore commit A"

### When multiple criteria are defined the default condition is "OR".
### e.g., this can match on |commits| OR |paths| OR |stopwords|.
    condition = "OR"
    commits = [ "commit-A", "commit-B"]
    paths = [
      '''go\.mod''',
      '''go\.sum'''
    ]

### note: stopwords targets the extracted secret, not the entire regex match
### like 'regexes' does. (stopwords introduced in 8.8.0)
    stopwords = [
      '''client''',
      '''endpoint''',
    ]

    [[rules.allowlists]]

### The "AND" condition can be used to make sure all criteria match.
### e.g., this matches if |regexes| AND |paths| are satisfied.
    condition = "AND"

### note: |regexes| defaults to check the _Secret_ in the finding.
### Acceptable values for |regexTarget| are "secret" (default), "match", and "line".
    regexTarget = "match"
    regexes = [ '''(?i)parseur[il]''' ]
    paths = [ '''package-lock\.json''' ]

v8.22.1

Compare Source

Changelog

• b69b515 Entropy trace (#​1659)
• 7357adc build: add 'toolchain' to go.mod (#​1682)
• 4c3da6e refactor(detect): create readUntilSafeBoundary + add tests (#​1676)
• dbe3746 twitter really does suck ass now
• 7edfc6b chore(tests): test cases for generate.go (#​1623)
• efe40ca fix: only use non-empty secret groups (#​1632)
• 7cb5f6f build: upgrade sprig v2->v3 (#​1674)
• 2930537 fix: generate report file even if no findings (#​1673)

v8.22.0

Compare Source

Changelog

• a91c671 replace std library regex engine with go-re2 (#​1669)

---

This bumps the gitleaks binary size from around 8.5MB to 15MB but yields 2-4x speedup. Worth it imo. If you feel strongly against this change feel free to open an issue where we can discuss the tradeoffs in more depth. Credit to @​ahrav

v8.21.4

Compare Source

Changelog

• 906085f Update golang version to 1.23 (#​1672)
• 8a83062 log bytes (#​1670)

v8.21.3

Compare Source

Changelog

• a9e6d8c go mod 1.23
• 2f73a3e Ensure keywords are downcased (#​1633)
• f696605 feat: add settlemint api keys detection (#​1663)
• 0bf13fc feat(dir): better chunking (#​1665)
• 83e99ba feat(report): allow user-defined templates (#​1650)
• e393d29 Add support for GitLab routable tokens (#​1656)
• 263ce82 Add freemius secret key detection (#​1611)
• 3c0e068 fix(kubernetes): only match 'kind: secret' (#​1649)
• f3adda0 feat: use STDOUT when report file not specified (#​1642)
• ed205a5 fix(dir): skip opening file&dir if allowlist matches (#​1653)
• 6018012 fix: increase chunk size 10kb -> 100kb (#​1652)
• 7f77987 feat: detect sentry.io tokens in the new format (#​1640)
• 48a2e0e refactor: pre-commit hooks (#​1627)
• 4e303d0 fix(easypost): only detect tokens of correct length (#​1628)
• c1add1d feat(dir): continue on permission error (#​1621)
• 202106a Add human readable description for curl rules (#​1625)
• 8e94f98 Add option to include Line field in report (#​1616)
• dbb42a7 hm (great comment)
• 2599460 Update README.md
• 8ffb980 nop for stupid build
• 4181ad6 Add new jira api token pattern (#​1601)
• 48ea14b feat: update global & generic allowlist (#​1618)
• 81f0002 fix(vault-service-token): ensure that TPS contains digits (#​1614)
• c11adc9 Generate comprehensive secret samples (#​1484)
• d1d9054 fix(aws): detect token in url (#​1615)
• 5fe58bf fix(rules): entropy, uppercase in samples (#​1593)
• 5c2e813 feat: tweak rules (#​1608)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sourcery-ai]

Reviewer's Guide by Sourcery

This PR updates the zricethezav/gitleaks pre-commit hook from v8.21.2 to v8.23.0.

Flow diagram showing the pre-commit hook update

flowchart LR
    subgraph Before[Before Update]
        A[Pre-commit Hook] --> B[Gitleaks v8.21.2]
    end
    subgraph After[After Update]
        C[Pre-commit Hook] --> D[Gitleaks v8.23.0]
    end
    Before --> |Update| After
    style Before fill:#f5f5f5,stroke:#333,stroke-width:2px
    style After fill:#f5f5f5,stroke:#333,stroke-width:2px

Loading

File-Level Changes

Change	Details	Files
Updated the zricethezav/gitleaks pre-commit hook to v8.23.0	Changed the rev value in the zricethezav/gitleaks repository configuration from v8.21.2 to v8.23.0.	.pre-commit-config.yaml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, renovate[bot]!). We assume it knows what it's doing!

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud