chore(deps): update pre-commit hook gitleaks/gitleaks to v8.26.0

This MR contains the following updates:

Package	Type	Update	Change
gitleaks/gitleaks	repository	minor	v8.23.3 -> v8.26.0

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

gitleaks/gitleaks (gitleaks/gitleaks)

v8.26.0

Compare Source

Changelog

• 78eebac Percent/URL Decoding Support (#​1831)
• 6f967ca fix(kubernetes): remove slow element from pat (#​1848)
• 88f56d3 feat: identify slow file (#​1479)
• 9609928 rm 1password detect test since we test it in cfg gen
• 23cb69f feat(rules): Add 1Password secret key detection (#​1834)

Calling this one @​bplaxco's release as he introduced a really clever method for mixed decoding without sacrificing too much performance. As I stated in his MR, I think he's either a wizard or some time traveling AI. Dude is wicked smaht

Anyways, Gitleaks now supports the following decoders: hex, percent(url enconding), and b64. It's relatively straight forward to add a new decoder so if you're motivated, community contributions are welcomed!

Here's an example:

~/code/gitleaks-org/gitleaks (master) cat decode.txt
text below
aGVsbG8sIHdvcmxkIQ%3D%3D%0A
text above
~/code/gitleaks-org/gitleaks (master) ./gitleaks dir decode.txt --max-decode-depth=2 --log-level=debug

    ○
    │╲
    │ ○
    ○ ░
    ░    gitleaks

4:08PM DBG using stdlib regex engine
4:08PM DBG unable to load gitleaks config from decode.txt/.gitleaks.toml since --source=decode.txt is a file, using default config
4:08PM DBG found .gitleaksignore file: .gitleaksignore
4:08PM DBG segment found: original=[29,38] pos=[29,38]: "%3D%3D%0A" -> "==\n"
4:08PM DBG segment found: original=[11,38] pos=[11,31]: "aGVsbG8sIHdvcmxkIQ==" -> "hello, world!"
4:08PM INF scanned ~50 bytes (50 bytes) in 1.5ms
4:08PM INF no leaks found

v8.25.1

Compare Source

Changelog

• d1c7759 fix(detect): test all allowlists (#​1845)

Big thanks @​rgmz

v8.25.0

Compare Source

Changelog

• 4451b45 feat(config): define multiple global allowlists (#​1777) (cause for the minor bump change)
• 7fb21a4 feat(rules): Add Perplexity AI API key detection (#​1825)
• f6193bc feat(gcp): increase rule entropy (#​1840)
• 9bc7257 Adding clickhouse scanner (#​1826)
• b6cc71a fix(baseline): work with --redact (#​1741)
• cfdeb0d feat(rule): validate & sort rule when generating (#​1817)

v8.24.3

Compare Source

Changelog

• 107a418 Add support for GitLab Runner Tokens (Routable) (#​1820)
• 7fac002 bump repo version in pre-commit example (#​1815)
• 4b54104 Fix currentLine out of bounds error (#​1810)
• af7d5bc add support for Azure DevOps platform in SCM detection and link (#​1807)
• 3e8cd2d Add MaxMind license key rule (#​1771)
• ddcc753 implement new openai regex pattern (#​1780)
• 9708e65 A first attempt adding hooks.slack.com/triggers/ (#​1792)
• 198e410 feat(generic): tweak false-positives (#​1803)
• e273a97 chore: tweak logging and readme for GITLEAKS_CONFIG_TOML feature (#​1802)
• a503b58 feat: add option to set config from env var with toml content (#​1662)

v8.24.2

Compare Source

What's Changed

• Fix platform flag being ignored with gitleaks detect by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1765
• Make AddFinding public by @​bplaxco in https://github.com/gitleaks/gitleaks/pull/1767
• FIX upgrade x/crypto to 0.31.0 to get rid of CVE-2024-45337 by @​cgoessen in https://github.com/gitleaks/gitleaks/pull/1768
• Upgrade rs/zerolog, spf13/cobra, and spf13/viper by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1769
• Infer report-format from report-path extension if no value is provided by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1776
• generic-api-key: ignore csrf-tokens by @​rgmz in https://github.com/gitleaks/gitleaks/pull/1779
• Prevent Yocto/BitBake false positives with generic-api-key rule by @​Okeanos in https://github.com/gitleaks/gitleaks/pull/1783
• Fix decoded line allowlist by @​zricethezav in https://github.com/gitleaks/gitleaks/pull/1788
• Readme badge revisions by @​jessp01 in https://github.com/gitleaks/gitleaks/pull/1744
• feat(regexp): use standard regexp by default, make go-re2 opt-in by @​twpayne in https://github.com/gitleaks/gitleaks/pull/1798
• gore2 release tags by @​zricethezav in https://github.com/gitleaks/gitleaks/pull/1801

New Contributors

• @​cgoessen made their first contribution in https://github.com/gitleaks/gitleaks/pull/1768
• @​Okeanos made their first contribution in https://github.com/gitleaks/gitleaks/pull/1783
• @​jessp01 made their first contribution in https://github.com/gitleaks/gitleaks/pull/1744
• @​twpayne made their first contribution in https://github.com/gitleaks/gitleaks/pull/1798

Full Changelog: https://github.com/gitleaks/gitleaks/compare/v8.24.0...v8.24.2

v8.24.1

Compare Source

v8.24.0

Compare Source

Changelog

• c2afd56 Make paths and fingerprints platform-agnostic (#​1622)
• 818e32f Add Sonar rule (#​1756)
• 3fa5a3a Minor false positive improvements (#​1758)
• 2020e6a Add support for streaming DetectReader (#​1760)
• 9122a2d chore: Update github.com/wasilibs/go-re2 to v1.9.0 (#​1763)
• 398d0c4 docs: describe extended rules take precedence over base rules (#​1563)
• ae26eff feat(git): disable link generation (#​1748)
• c6424a6 added sourcegraph token rule (#​1736)
• 6411402 feat(config): add rule for .p12 files (#​1738)
• d71d95d add deno.lock to default exclusions (#​1740)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻️ Rebasing: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.