chore(deps): update pre-commit hook gitleaks/gitleaks to v8.27.0 #7

2025-06-01T16:51:08Z

group_2759636_bot_1c34751f7eccad09e089ac15ee7bd902 commented

2025-06-01 16:51:08 +00:00

(Migrated from gitlab.com)

This MR contains the following updates:

Package	Type	Update	Change
gitleaks/gitleaks	repository	minor	`v8.26.0` -> `v8.27.0`

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

Release Notes

gitleaks/gitleaks (gitleaks/gitleaks)

`v8.27.0`

Compare Source

Changelog

782f310 Archive support (#1872)
489d13c Update README.md
d29ee55 Reduce aws-access-token false positives (#1876)
611db65 Set pass_filenames to false for Docker hook (#1850)
0589ae0 unicode decoding (#1854)
82f7e32 Diagnostics (#1856)
f97a9ee chore: include decoder in debug log (#1853)

Got another @bplaxco release. Cheers!

Archive Scanning

Sometimes secrets are packaged within archive files like zip files or tarballs,
making them difficult to discover. Now you can tell gitleaks to automatically
extract and scan the contents of archives. The flag --max-archive-depth
enables this feature for both dir and git scan types. The default value of
"0" means this feature is disabled by default.

Recursive scanning is supported since archives can also contain other archives.
The --max-archive-depth flag sets the recursion limit. Recursion stops when
there are no new archives to extract, so setting a very high max depth just
sets the potential to go that deep. It will only go as deep as it needs to.

The findings for secrets located within an archive will include the path to the
file inside the archive. Inner paths are separated with !.

Example finding (shortened for brevity):

Finding:     DB_PASSWORD=8ae31cacf141669ddfb5da
...
File:        testdata/archives/nested.tar.gz!archives/files.tar!files/.env.prod
Line:        4
Commit:      6e6ee6596d337bb656496425fb98644eb62b4a82
...
Fingerprint: 6e6ee6596d337bb656496425fb98644eb62b4a82:testdata/archives/nested.tar.gz!archives/files.tar!files/.env.prod:generic-api-key:4
Link:        https://github.com/leaktk/gitleaks/blob/6e6ee6596d337bb656496425fb98644eb62b4a82/testdata/archives/nested.tar.gz

This means a secret was detected on line 4 of files/.env.prod. which is in
archives/files.tar which is in testdata/archives/nested.tar.gz.

Currently supported formats:

The compression
and archive
formats supported by mholt's archives package
are supported.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

This MR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [gitleaks/gitleaks](https://github.com/gitleaks/gitleaks) | repository | minor | `v8.26.0` -> `v8.27.0` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>gitleaks/gitleaks (gitleaks/gitleaks)</summary> ### [`v8.27.0`](https://github.com/gitleaks/gitleaks/releases/tag/v8.27.0) [Compare Source](https://github.com/gitleaks/gitleaks/compare/v8.26.0...v8.27.0) #### Changelog - [`782f310`](https://github.com/gitleaks/gitleaks/commit/782f310) Archive support ([#1872](https://github.com/gitleaks/gitleaks/issues/1872)) - [`489d13c`](https://github.com/gitleaks/gitleaks/commit/489d13c) Update README.md - [`d29ee55`](https://github.com/gitleaks/gitleaks/commit/d29ee55) Reduce aws-access-token false positives ([#1876](https://github.com/gitleaks/gitleaks/issues/1876)) - [`611db65`](https://github.com/gitleaks/gitleaks/commit/611db65) Set `pass_filenames` to `false` for Docker hook ([#1850](https://github.com/gitleaks/gitleaks/issues/1850)) - [`0589ae0`](https://github.com/gitleaks/gitleaks/commit/0589ae0) unicode decoding ([#1854](https://github.com/gitleaks/gitleaks/issues/1854)) - [`82f7e32`](https://github.com/gitleaks/gitleaks/commit/82f7e32) Diagnostics ([#1856](https://github.com/gitleaks/gitleaks/issues/1856)) - [`f97a9ee`](https://github.com/gitleaks/gitleaks/commit/f97a9ee) chore: include decoder in debug log ([#1853](https://github.com/gitleaks/gitleaks/issues/1853)) Got another [@bplaxco](https://github.com/bplaxco) release. Cheers! ##### Archive Scanning Sometimes secrets are packaged within archive files like zip files or tarballs, making them difficult to discover. Now you can tell gitleaks to automatically extract and scan the contents of archives. The flag `--max-archive-depth` enables this feature for both `dir` and `git` scan types. The default value of "0" means this feature is disabled by default. Recursive scanning is supported since archives can also contain other archives. The `--max-archive-depth` flag sets the recursion limit. Recursion stops when there are no new archives to extract, so setting a very high max depth just sets the potential to go that deep. It will only go as deep as it needs to. The findings for secrets located within an archive will include the path to the file inside the archive. Inner paths are separated with `!`. Example finding (shortened for brevity): Finding: DB_PASSWORD=8ae31cacf141669ddfb5da ... File: testdata/archives/nested.tar.gz!archives/files.tar!files/.env.prod Line: 4 Commit: 6e6ee6596d337bb656496425fb98644eb62b4a82 ... Fingerprint: 6e6ee6596d337bb656496425fb98644eb62b4a82:testdata/archives/nested.tar.gz!archives/files.tar!files/.env.prod:generic-api-key:4 Link: https://github.com/leaktk/gitleaks/blob/6e6ee6596d337bb656496425fb98644eb62b4a82/testdata/archives/nested.tar.gz This means a secret was detected on line 4 of `files/.env.prod.` which is in `archives/files.tar` which is in `testdata/archives/nested.tar.gz`. Currently supported formats: The [compression](https://github.com/mholt/archives?tab=readme-ov-file#supported-compression-formats) and [archive](https://github.com/mholt/archives?tab=readme-ov-file#supported-archive-formats) formats supported by mholt's [archives package](https://github.com/mholt/archives) are supported. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

group_2759636_bot_1c34751f7eccad09e089ac15ee7bd902 commented

2025-06-01 16:51:11 +00:00

(Migrated from gitlab.com)

mentioned in issue #1

argoyle commented

2025-06-01 16:57:31 +00:00

(Migrated from gitlab.com)

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 0.00%. Comparing base (f032cab) to head (5a26464).

Additional details and impacted files

@@          Coverage Diff          @@
##            main      #6   +/-   ##
=====================================
  Coverage   0.00%   0.00%           
=====================================
  Files          3       3           
  Lines        108     108           
=====================================
  Misses       108     108

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

## [Codecov](https://app.codecov.io/gl/unboundsoftware:shiny/otelsetup/pull/6?dropdown=coverage&src=pr&el=h1&utm_medium=referral&utm_source=gitlab&utm_content=comment&utm_campaign=pr+comments&utm_term=shiny) Report All modified and coverable lines are covered by tests :white_check_mark: > Project coverage is 0.00%. Comparing base [(`f032cab`)](https://app.codecov.io/gl/unboundsoftware:shiny/otelsetup/commit/f032cab9806f13f08d4d0bd235f18f4b07ccfc92?dropdown=coverage&el=desc&utm_medium=referral&utm_source=gitlab&utm_content=comment&utm_campaign=pr+comments&utm_term=shiny) to head [(`5a26464`)](https://app.codecov.io/gl/unboundsoftware:shiny/otelsetup/commit/5a26464d2a401e553093cd3b36b494b31209408e?dropdown=coverage&el=desc&utm_medium=referral&utm_source=gitlab&utm_content=comment&utm_campaign=pr+comments&utm_term=shiny). <details><summary>Additional details and impacted files</summary> ```diff @@ Coverage Diff @@ ## main #6 +/- ## ===================================== Coverage 0.00% 0.00% ===================================== Files 3 3 Lines 108 108 ===================================== Misses 108 108 ``` </details> [:umbrella: View full report in Codecov by Sentry](https://app.codecov.io/gl/unboundsoftware:shiny/otelsetup/pull/6?dropdown=coverage&src=pr&el=continue&utm_medium=referral&utm_source=gitlab&utm_content=comment&utm_campaign=pr+comments&utm_term=shiny). :loudspeaker: Have feedback on the report? [Share it here](https://gitlab.com/codecov-open-source/codecov-user-feedback/-/issues/4). <details><summary> :rocket: New features to boost your workflow: </summary> - :snowflake: [Test Analytics](https://docs.codecov.com/docs/test-analytics): Detect flaky tests, report on failures, and find test suite problems. </details>

argoyle (Migrated from gitlab.com) merged commit into main

2025-06-01 17:07:48 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: shiny/otelsetup#7