chore(deps): update pre-commit hook gitleaks/gitleaks to v8.27.0 #484

Merged

group_2759636_bot_1c34751f7eccad09e089ac15ee7bd902 merged 1 commits from renovate/gitleaks-gitleaks-8.x into main 2025-06-01 17:15:04 +00:00

Conversation 2 Commits 1 Files Changed 1

+1 -1

group_2759636_bot_1c34751f7eccad09e089ac15ee7bd902 commented 2025-06-01 16:54:05 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

This MR contains the following updates:

Package	Type	Update	Change
gitleaks/gitleaks	repository	minor	v8.26.0 -> v8.27.0

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

gitleaks/gitleaks (gitleaks/gitleaks)

v8.27.0

Compare Source

Changelog

• 782f310 Archive support (#​1872)
• 489d13c Update README.md
• d29ee55 Reduce aws-access-token false positives (#​1876)
• 611db65 Set pass_filenames to false for Docker hook (#​1850)
• 0589ae0 unicode decoding (#​1854)
• 82f7e32 Diagnostics (#​1856)
• f97a9ee chore: include decoder in debug log (#​1853)

Got another @​bplaxco release. Cheers!

Archive Scanning

Sometimes secrets are packaged within archive files like zip files or tarballs,
making them difficult to discover. Now you can tell gitleaks to automatically
extract and scan the contents of archives. The flag --max-archive-depth
enables this feature for both dir and git scan types. The default value of
"0" means this feature is disabled by default.

Recursive scanning is supported since archives can also contain other archives.
The --max-archive-depth flag sets the recursion limit. Recursion stops when
there are no new archives to extract, so setting a very high max depth just
sets the potential to go that deep. It will only go as deep as it needs to.

The findings for secrets located within an archive will include the path to the
file inside the archive. Inner paths are separated with !.

Example finding (shortened for brevity):

Finding:     DB_PASSWORD=8ae31cacf141669ddfb5da
...
File:        testdata/archives/nested.tar.gz!archives/files.tar!files/.env.prod
Line:        4
Commit:      6e6ee6596d337bb656496425fb98644eb62b4a82
...
Fingerprint: 6e6ee6596d337bb656496425fb98644eb62b4a82:testdata/archives/nested.tar.gz!archives/files.tar!files/.env.prod:generic-api-key:4
Link:        https://github.com/leaktk/gitleaks/blob/6e6ee6596d337bb656496425fb98644eb62b4a82/testdata/archives/nested.tar.gz

This means a secret was detected on line 4 of files/.env.prod. which is in
archives/files.tar which is in testdata/archives/nested.tar.gz.

Currently supported formats:

The compression
and archive
formats supported by mholt's archives package
are supported.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.

This MR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [gitleaks/gitleaks](https://github.com/gitleaks/gitleaks) | repository | minor | `v8.26.0` -> `v8.27.0` | Note: The `pre-commit` manager in Renovate is not supported by the `pre-commit` maintainers or community. Please do not report any problems there, instead [create a Discussion in the Renovate repository](https://github.com/renovatebot/renovate/discussions/new) if you have any questions. --- ### Release Notes <details> <summary>gitleaks/gitleaks (gitleaks/gitleaks)</summary> ### [`v8.27.0`](https://github.com/gitleaks/gitleaks/releases/tag/v8.27.0) [Compare Source](https://github.com/gitleaks/gitleaks/compare/v8.26.0...v8.27.0) #### Changelog - [`782f310`](https://github.com/gitleaks/gitleaks/commit/782f310) Archive support ([#&#8203;1872](https://github.com/gitleaks/gitleaks/issues/1872)) - [`489d13c`](https://github.com/gitleaks/gitleaks/commit/489d13c) Update README.md - [`d29ee55`](https://github.com/gitleaks/gitleaks/commit/d29ee55) Reduce aws-access-token false positives ([#&#8203;1876](https://github.com/gitleaks/gitleaks/issues/1876)) - [`611db65`](https://github.com/gitleaks/gitleaks/commit/611db65) Set `pass_filenames` to `false` for Docker hook ([#&#8203;1850](https://github.com/gitleaks/gitleaks/issues/1850)) - [`0589ae0`](https://github.com/gitleaks/gitleaks/commit/0589ae0) unicode decoding ([#&#8203;1854](https://github.com/gitleaks/gitleaks/issues/1854)) - [`82f7e32`](https://github.com/gitleaks/gitleaks/commit/82f7e32) Diagnostics ([#&#8203;1856](https://github.com/gitleaks/gitleaks/issues/1856)) - [`f97a9ee`](https://github.com/gitleaks/gitleaks/commit/f97a9ee) chore: include decoder in debug log ([#&#8203;1853](https://github.com/gitleaks/gitleaks/issues/1853)) Got another [@&#8203;bplaxco](https://github.com/bplaxco) release. Cheers! ##### Archive Scanning Sometimes secrets are packaged within archive files like zip files or tarballs, making them difficult to discover. Now you can tell gitleaks to automatically extract and scan the contents of archives. The flag `--max-archive-depth` enables this feature for both `dir` and `git` scan types. The default value of "0" means this feature is disabled by default. Recursive scanning is supported since archives can also contain other archives. The `--max-archive-depth` flag sets the recursion limit. Recursion stops when there are no new archives to extract, so setting a very high max depth just sets the potential to go that deep. It will only go as deep as it needs to. The findings for secrets located within an archive will include the path to the file inside the archive. Inner paths are separated with `!`. Example finding (shortened for brevity): Finding: DB_PASSWORD=8ae31cacf141669ddfb5da ... File: testdata/archives/nested.tar.gz!archives/files.tar!files/.env.prod Line: 4 Commit: 6e6ee6596d337bb656496425fb98644eb62b4a82 ... Fingerprint: 6e6ee6596d337bb656496425fb98644eb62b4a82:testdata/archives/nested.tar.gz!archives/files.tar!files/.env.prod:generic-api-key:4 Link: https://github.com/leaktk/gitleaks/blob/6e6ee6596d337bb656496425fb98644eb62b4a82/testdata/archives/nested.tar.gz This means a secret was detected on line 4 of `files/.env.prod.` which is in `archives/files.tar` which is in `testdata/archives/nested.tar.gz`. Currently supported formats: The [compression](https://github.com/mholt/archives?tab=readme-ov-file#supported-compression-formats) and [archive](https://github.com/mholt/archives?tab=readme-ov-file#supported-archive-formats) formats supported by mholt's [archives package](https://github.com/mholt/archives) are supported. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4zNy4xIiwidXBkYXRlZEluVmVyIjoiNDAuMzcuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

group_2759636_bot_1c34751f7eccad09e089ac15ee7bd902 commented 2025-06-01 16:54:10 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

mentioned in issue #4

mentioned in issue #4

argoyle (Migrated from gitlab.com) scheduled this pull request to auto merge when all checks succeed 2025-06-01 17:08:58 +00:00

argoyle commented 2025-06-01 17:10:37 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 1.04%. Comparing base (097e127) to head (2886835).

Additional details and impacted files

@@          Coverage Diff          @@
##            main    #480   +/-   ##
=====================================
  Coverage   1.04%   1.04%           
=====================================
  Files         39      39           
  Lines       1905    1905           
=====================================
  Hits          20      20           
  Misses      1885    1885           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

## [Codecov](https://app.codecov.io/gl/unboundsoftware/schemas/pull/480?dropdown=coverage&src=pr&el=h1&utm_medium=referral&utm_source=gitlab&utm_content=comment&utm_campaign=pr+comments&utm_term=unboundsoftware) Report All modified and coverable lines are covered by tests :white_check_mark: > Project coverage is 1.04%. Comparing base [(`097e127`)](https://app.codecov.io/gl/unboundsoftware/schemas/commit/097e1274db04ad5dd4a9eb34a9f522c23d31b093?dropdown=coverage&el=desc&utm_medium=referral&utm_source=gitlab&utm_content=comment&utm_campaign=pr+comments&utm_term=unboundsoftware) to head [(`2886835`)](https://app.codecov.io/gl/unboundsoftware/schemas/commit/2886835d18ad17b744d8fb27f2e918e4f77fbf7a?dropdown=coverage&el=desc&utm_medium=referral&utm_source=gitlab&utm_content=comment&utm_campaign=pr+comments&utm_term=unboundsoftware). <details><summary>Additional details and impacted files</summary> ```diff @@ Coverage Diff @@ ## main #480 +/- ## ===================================== Coverage 1.04% 1.04% ===================================== Files 39 39 Lines 1905 1905 ===================================== Hits 20 20 Misses 1885 1885 ``` </details> [:umbrella: View full report in Codecov by Sentry](https://app.codecov.io/gl/unboundsoftware/schemas/pull/480?dropdown=coverage&src=pr&el=continue&utm_medium=referral&utm_source=gitlab&utm_content=comment&utm_campaign=pr+comments&utm_term=unboundsoftware). :loudspeaker: Have feedback on the report? [Share it here](https://gitlab.com/codecov-open-source/codecov-user-feedback/-/issues/4). <details><summary> :rocket: New features to boost your workflow: </summary> - :snowflake: [Test Analytics](https://docs.codecov.com/docs/test-analytics): Detect flaky tests, report on failures, and find test suite problems. </details>

argoyle (Migrated from gitlab.com) merged commit into main 2025-06-01 17:15:05 +00:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

dependencies

Pull requests that update a dependency file

docker

go

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

acctest (Shiny Acctest) argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) releaser (Unbound Releaser) renovate (Renovate Bot)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: unboundsoftware/schemas#484