chore(deps): bump the gha group across 1 directory with 2 updates #652

dependabot · 2024-12-09T06:57:05Z

Bumps the gha group with 2 updates in the / directory: aquasecurity/trivy-action and trufflesecurity/trufflehog.

Updates aquasecurity/trivy-action from 0.28.0 to 0.29.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.29.0

What's Changed

feat: Allow skipping setup by @rvesse in aquasecurity/trivy-action#414

Fix oras command not found in "Update Trivy Cache" action by @Tiryoh in aquasecurity/trivy-action#413

Update README.md by @simar7 in aquasecurity/trivy-action#420

feat: add token for setup-trivy by @DmitriyLewen in aquasecurity/trivy-action#421

fix: bump setup-trivy and add new contrib directory path info by @DmitriyLewen in aquasecurity/trivy-action#424

docs: remove ignore-unfixed from IaC scan example by @nikpivkin in aquasecurity/trivy-action#429

chore(deps): Bump trivy to v0.57.1 by @simar7 in aquasecurity/trivy-action#434

New Contributors

@rvesse made their first contribution in aquasecurity/trivy-action#414

@Tiryoh made their first contribution in aquasecurity/trivy-action#413

Full Changelog: aquasecurity/trivy-action@0.28.0...0.29.0

Commits

18f2510 chore(deps): Bump trivy to v0.57.1 (#434)
93941ce docs: remove ignore-unfixed from IaC scan example (#429)
d2a392a fix: bump setup-trivy and add new contrib directory path info (#424)
ee89346 feat: add token for setup-trivy (#421)
cf990b1 Update README.md (#420)
bff40be docs: Fix oras command not found (#413)
fc1500a feat: Allow skipping setup (#414)
See full diff in compare view

Updates trufflesecurity/trufflehog from 3.83.7 to 3.85.0

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.85.0

What's Changed

fixed issue#3701 by @kashifkhan0771 in trufflesecurity/trufflehog#3711

Fix/saucelabs detector by @kashifkhan0771 in trufflesecurity/trufflehog#3696

fixed scalr detector integration test by @kashifkhan0771 in trufflesecurity/trufflehog#3707

Replace --debug and --trace with a fine-grained --log-level flag by @rgmz in trufflesecurity/trufflehog#3703

fixed and updated satismeterwritekey detector by @kashifkhan0771 in trufflesecurity/trufflehog#3693

Improved cloudflarecakey detector by @kashifkhan0771 in trufflesecurity/trufflehog#3688

[chore] - add pkg level doc by @ahrav in trufflesecurity/trufflehog#3684

Add Flexport detector by @0x1 in trufflesecurity/trufflehog#3633

Added how to scan a local git repo by @za in trufflesecurity/trufflehog#3593

[chore] - manually upgrade Github dep by @ahrav in trufflesecurity/trufflehog#3699

[chore] - fix typo by @ahrav in trufflesecurity/trufflehog#3683

[refactor] - detectorKeywordMatcher initialization by @ahrav in trufflesecurity/trufflehog#3687

fix(deps): update module github.com/aymanbagabas/go-osc52 to v2 by @renovate in trufflesecurity/trufflehog#3715

Add additional canary ID by @dustin-decker in trufflesecurity/trufflehog#3720

fix(deps): update module github.com/getsentry/sentry-go to v0.30.0 by @renovate in trufflesecurity/trufflehog#3725

chore(deps): update dependency go to v1.23.4 by @renovate in trufflesecurity/trufflehog#3726

feat(typeform): add v2 detector for new key formats by @ggmolly in trufflesecurity/trufflehog#3660

fix(deps): update module golang.org/x/sync to v0.10.0 by @renovate in trufflesecurity/trufflehog#3730

fix(deps): update module golang.org/x/text to v0.21.0 by @renovate in trufflesecurity/trufflehog#3731

Add analysis info for GCP creds by @bill-rich in trufflesecurity/trufflehog#3727

updated twilio detector by @kashifkhan0771 in trufflesecurity/trufflehog#3734

New Contributors

@za made their first contribution in trufflesecurity/trufflehog#3593

@ggmolly made their first contribution in trufflesecurity/trufflehog#3660

Full Changelog: trufflesecurity/trufflehog@v3.84.2...v3.85.0

v3.84.2

What's Changed

fix(deps): update module github.com/stretchr/testify to v1.10.0 by @renovate in trufflesecurity/trufflehog#3659

Fix multiple package error in tests by @rgmz in trufflesecurity/trufflehog#3661

[scan-9] Update enumeration logic by @0x1 in trufflesecurity/trufflehog#3626

Add Scan method to SourceManager to scan a single SourceUnit by @mcastorina in trufflesecurity/trufflehog#3650

fix(deps): update module github.com/couchbase/gocb/v2 to v2.9.3 by @renovate in trufflesecurity/trufflehog#3682

chore(deps): update jaxxstorm/action-install-gh-release action to v1.14.0 by @renovate in trufflesecurity/trufflehog#3672

[feat] - S3 metrics by @ahrav in trufflesecurity/trufflehog#3577

fixed api flash detector by @kashifkhan0771 in trufflesecurity/trufflehog#3666

Added pattern unit tests for detectors starting with the letters n through o by @nabeelalam in trufflesecurity/trufflehog#3685

fix(deps): update module github.com/jedib0t/go-pretty/v6 to v6.6.3 by @renovate in trufflesecurity/trufflehog#3690

Updated/fixed the function names of pattern tests for detectors n through o by @nabeelalam in trufflesecurity/trufflehog#3691

fix(deps): update module github.com/wasilibs/go-re2 to v1.8.0 by @renovate in trufflesecurity/trufflehog#3695

Added pattern unit tests for detectors starting with the letters p through q by @nabeelalam in trufflesecurity/trufflehog#3710

Full Changelog: trufflesecurity/trufflehog@v3.84.1...v3.84.2

v3.84.1

... (truncated)

Commits

710d09b updated twilio detector (#3734)
4cd055f Add analysis info for GCP creds (#3727)
00d4619 fix(deps): update module golang.org/x/text to v0.21.0 (#3731)
ccac6c2 fix(deps): update module golang.org/x/sync to v0.10.0 (#3730)
2e5a7e6 feat(typeform): add v2 detector for new key formats (#3660)
2169808 chore(deps): update dependency go to v1.23.4 (#3726)
f944716 fix(deps): update module github.com/getsentry/sentry-go to v0.30.0 (#3725)
596d5f0 Add additional canary ID (#3720)
42f01f0 fix(deps): update module github.com/aymanbagabas/go-osc52 to v2 (#3715)
22032f7 [refactor] - detectorKeywordMatcher initialization (#3687)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the gha group with 2 updates in the / directory: [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) and [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog). Updates `aquasecurity/trivy-action` from 0.28.0 to 0.29.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.28.0...0.29.0) Updates `trufflesecurity/trufflehog` from 3.83.7 to 3.85.0 - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Changelog](https://github.com/trufflesecurity/trufflehog/blob/main/.goreleaser.yml) - [Commits](trufflesecurity/trufflehog@v3.83.7...v3.85.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gha - dependency-name: trufflesecurity/trufflehog dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gha ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Dec 9, 2024

dependabot bot mentioned this pull request Dec 9, 2024

chore(deps): bump the gha group with 2 updates #649

Closed

06kellyjac approved these changes Dec 9, 2024

View reviewed changes

06kellyjac merged commit d726d4a into master Dec 9, 2024
6 checks passed

06kellyjac deleted the dependabot/github_actions/gha-70dcf18a0c branch December 9, 2024 16:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the gha group across 1 directory with 2 updates #652

chore(deps): bump the gha group across 1 directory with 2 updates #652

dependabot bot commented on behalf of github Dec 9, 2024

chore(deps): bump the gha group across 1 directory with 2 updates #652

chore(deps): bump the gha group across 1 directory with 2 updates #652

Conversation

dependabot bot commented on behalf of github Dec 9, 2024

v0.29.0

What's Changed

New Contributors

v3.85.0

What's Changed

New Contributors

v3.84.2

What's Changed

v3.84.1