mirror of
https://github.com/matter-labs/vault-auth-tee.git
synced 2025-07-20 23:33:56 +02:00
114 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
renovate[bot]
|
6ac992c8a4
|
fix(deps): update module golang.org/x/crypto to v0.17.0 [security] (#27)
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | golang.org/x/crypto | `v0.16.0` -> `v0.17.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-48795](https://togithub.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8) ### Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it. ### Mitigations To mitigate this protocol vulnerability, OpenSSH suggested a so-called "strict kex" which alters the SSH handshake to ensure a Man-in-the-Middle attacker cannot introduce unauthenticated messages as well as convey sequence number manipulation across handshakes. **Warning: To take effect, both the client and server must support this countermeasure.** As a stop-gap measure, peers may also (temporarily) disable the affected algorithms and use unaffected alternatives like AES-GCM instead until patches are available. ### Details The SSH specifications of ChaCha20-Poly1305 (chacha20-poly1305@​openssh.com) and Encrypt-then-MAC (*-etm@openssh.com MACs) are vulnerable against an arbitrary prefix truncation attack (a.k.a. Terrapin attack). This allows for an extension negotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the first message after SSH_MSG_NEWKEYS, downgrading security, and disabling attack countermeasures in some versions of OpenSSH. When targeting Encrypt-then-MAC, this attack requires the use of a CBC cipher to be practically exploitable due to the internal workings of the cipher mode. Additionally, this novel attack technique can be used to exploit previously unexploitable implementation flaws in a Man-in-the-Middle scenario. The attack works by an attacker injecting an arbitrary number of SSH_MSG_IGNORE messages during the initial key exchange and consequently removing the same number of messages just after the initial key exchange has concluded. This is possible due to missing authentication of the excess SSH_MSG_IGNORE messages and the fact that the implicit sequence numbers used within the SSH protocol are only checked after the initial key exchange. In the case of ChaCha20-Poly1305, the attack is guaranteed to work on every connection as this cipher does not maintain an internal state other than the message's sequence number. In the case of Encrypt-Then-MAC, practical exploitation requires the use of a CBC cipher; while theoretical integrity is broken for all ciphers when using this mode, message processing will fail at the application layer for CTR and stream ciphers. For more details see [https://terrapin-attack.com](https://terrapin-attack.com). ### Impact This attack targets the specification of ChaCha20-Poly1305 (chacha20-poly1305@​openssh.com) and Encrypt-then-MAC (*-etm@openssh.com), which are widely adopted by well-known SSH implementations and can be considered de-facto standard. These algorithms can be practically exploited; however, in the case of Encrypt-Then-MAC, we additionally require the use of a CBC cipher. As a consequence, this attack works against all well-behaving SSH implementations supporting either of those algorithms and can be used to downgrade (but not fully strip) connection security in case SSH extension negotiation (RFC8308) is supported. The attack may also enable attackers to exploit certain implementation flaws in a man-in-the-middle (MitM) scenario. --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy45My4xIiwidXBkYXRlZEluVmVyIjoiMzcuMTAzLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
744fe75acd
|
chore(deps): update actions/setup-go action to v5 (#23)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-go](https://togithub.com/actions/setup-go) | action | major | `v4` -> `v5` | --- ### Release Notes <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5`](https://togithub.com/actions/setup-go/compare/v4...v5) [Compare Source](https://togithub.com/actions/setup-go/compare/v4...v5) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44Ny4yIiwidXBkYXRlZEluVmVyIjoiMzcuODcuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
6e86de1fcb
|
fix(deps): update module github.com/hashicorp/go-hclog to v1.6.2 (#21)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/hashicorp/go-hclog](https://togithub.com/hashicorp/go-hclog) | require | minor | `v1.5.0` -> `v1.6.2` | --- ### Release Notes <details> <summary>hashicorp/go-hclog (github.com/hashicorp/go-hclog)</summary> ### [`v1.6.2`](https://togithub.com/hashicorp/go-hclog/releases/tag/v1.6.2): Fix level syncing [Compare Source](https://togithub.com/hashicorp/go-hclog/compare/v1.6.1...v1.6.2) #### What's Changed - Conside if the level is to be used separately from if the levels should be calculated by [@​evanphx](https://togithub.com/evanphx) in [https://github.com/hashicorp/go-hclog/pull/137](https://togithub.com/hashicorp/go-hclog/pull/137) **Full Changelog**: https://github.com/hashicorp/go-hclog/compare/v1.6.1...v1.6.2 ### [`v1.6.1`](https://togithub.com/hashicorp/go-hclog/releases/tag/v1.6.1): Fix forcing color [Compare Source](https://togithub.com/hashicorp/go-hclog/compare/v1.6.0...v1.6.1) #### What's Changed - Fix colors not being forced on correctly. by [@​evanphx](https://togithub.com/evanphx) in [https://github.com/hashicorp/go-hclog/pull/136](https://togithub.com/hashicorp/go-hclog/pull/136) **Full Changelog**: https://github.com/hashicorp/go-hclog/compare/v1.6.0...v1.6.1 ### [`v1.6.0`](https://togithub.com/hashicorp/go-hclog/releases/tag/v1.6.0): New level inheritance mode [Compare Source](https://togithub.com/hashicorp/go-hclog/compare/v1.5.0...v1.6.0) This release adds the ability to have sub-loggers arrange themselves into a tree and sync the level changes downward in the tree. #### What's Changed - SEC-090: Automated trusted workflow pinning (2023-04-03) by [@​hashicorp-tsccr](https://togithub.com/hashicorp-tsccr) in [https://github.com/hashicorp/go-hclog/pull/128](https://togithub.com/hashicorp/go-hclog/pull/128) - Docs: InferLevelsWithTimestamp relies on InferLevels being true by [@​peteski22](https://togithub.com/peteski22) in [https://github.com/hashicorp/go-hclog/pull/135](https://togithub.com/hashicorp/go-hclog/pull/135) - Implement the ability to more logically share level hierarchies by [@​evanphx](https://togithub.com/evanphx) in [https://github.com/hashicorp/go-hclog/pull/134](https://togithub.com/hashicorp/go-hclog/pull/134) #### New Contributors - [@​hashicorp-tsccr](https://togithub.com/hashicorp-tsccr) made their first contribution in [https://github.com/hashicorp/go-hclog/pull/128](https://togithub.com/hashicorp/go-hclog/pull/128) - [@​peteski22](https://togithub.com/peteski22) made their first contribution in [https://github.com/hashicorp/go-hclog/pull/135](https://togithub.com/hashicorp/go-hclog/pull/135) **Full Changelog**: https://github.com/hashicorp/go-hclog/compare/v1.5.0...v1.6.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44MS4zIiwidXBkYXRlZEluVmVyIjoiMzcuODcuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
72e1787855
|
chore(deps): update trufflesecurity/trufflehog action to v3.63.4 (#25)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) | action | patch | `v3.63.3` -> `v3.63.4` | --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.63.4`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.4) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.3...v3.63.4) #### What's Changed - Bump github.com/docker/docker from 24.0.0+incompatible to 24.0.7+incompatible by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/trufflesecurity/trufflehog/pull/2213](https://togithub.com/trufflesecurity/trufflehog/pull/2213) - Fix emoji in README by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2217](https://togithub.com/trufflesecurity/trufflehog/pull/2217) - Upgrade sevenzip to v1.4.5 by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2215](https://togithub.com/trufflesecurity/trufflehog/pull/2215) - Encode '%' when generating Git URLs by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2214](https://togithub.com/trufflesecurity/trufflehog/pull/2214) - Fix GitParse trimming whitespace from filename by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2201](https://togithub.com/trufflesecurity/trufflehog/pull/2201) - \[fixup] - Avoid reading decompressed data into memory by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2196](https://togithub.com/trufflesecurity/trufflehog/pull/2196) - Update GitLab v1 verification to check for valid JSON response by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2218](https://togithub.com/trufflesecurity/trufflehog/pull/2218) - Check for SourceUnit support dynamically in the SourceManager by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2205](https://togithub.com/trufflesecurity/trufflehog/pull/2205) - Fix GitHub source showing 0 members by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2202](https://togithub.com/trufflesecurity/trufflehog/pull/2202) - Don't run 'test' workflow in forks by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2221](https://togithub.com/trufflesecurity/trufflehog/pull/2221) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.63.3...v3.63.4 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy45My4xIiwidXBkYXRlZEluVmVyIjoiMzcuOTMuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
89641f1b9e
|
chore(deps): update trufflesecurity/trufflehog action to v3.63.3 (#24)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) | action | patch | `v3.63.2` -> `v3.63.3` | --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.63.3`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.3) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.2...v3.63.3) #### What's Changed - Use forked sevenzip by [@​bill-rich](https://togithub.com/bill-rich) in [https://github.com/trufflesecurity/trufflehog/pull/2180](https://togithub.com/trufflesecurity/trufflehog/pull/2180) - fixing how to rotate URL by [@​dylanTruffle](https://togithub.com/dylanTruffle) in [https://github.com/trufflesecurity/trufflehog/pull/2183](https://togithub.com/trufflesecurity/trufflehog/pull/2183) - \[fixup] - Skip trying to determine MIME type for directories by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2178](https://togithub.com/trufflesecurity/trufflehog/pull/2178) - \[feat] - Remove go-git dependency by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2174](https://togithub.com/trufflesecurity/trufflehog/pull/2174) - remove unnecessary Git cmd check by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2175](https://togithub.com/trufflesecurity/trufflehog/pull/2175) - \[chore] - use https for verification endpoints by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2185](https://togithub.com/trufflesecurity/trufflehog/pull/2185) - allow targets for the source manager by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2182](https://togithub.com/trufflesecurity/trufflehog/pull/2182) - Deprecate some detectors by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2186](https://togithub.com/trufflesecurity/trufflehog/pull/2186) - \[chore] - update regex by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2184](https://togithub.com/trufflesecurity/trufflehog/pull/2184) - \[chore] - Compile regex once by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2176](https://togithub.com/trufflesecurity/trufflehog/pull/2176) - Remove Java archives from ignored extensions by [@​rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2188](https://togithub.com/trufflesecurity/trufflehog/pull/2188) - \[chore] - Refactor common code into a separate function by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2179](https://togithub.com/trufflesecurity/trufflehog/pull/2179) - \[feat] - add metrics for gitlab by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2190](https://togithub.com/trufflesecurity/trufflehog/pull/2190) - \[bug] - move logic to main Chunks method by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2194](https://togithub.com/trufflesecurity/trufflehog/pull/2194) - \[fixup] - skip files in the archive handler by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2195](https://togithub.com/trufflesecurity/trufflehog/pull/2195) - Check private keys concurrently by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2139](https://togithub.com/trufflesecurity/trufflehog/pull/2139) - Propagate TruffleHog context to handlers by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2191](https://togithub.com/trufflesecurity/trufflehog/pull/2191) - \[bug] - close file after reading by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2203](https://togithub.com/trufflesecurity/trufflehog/pull/2203) - Use bad json in slackwebhooks by [@​rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2193](https://togithub.com/trufflesecurity/trufflehog/pull/2193) - Add disk buffer tempfile cleanup by [@​codevbus](https://togithub.com/codevbus) in [https://github.com/trufflesecurity/trufflehog/pull/2130](https://togithub.com/trufflesecurity/trufflehog/pull/2130) - \[chore] Remove omitempty tags on JobProgressMetrics and UnitMetrics by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2204](https://togithub.com/trufflesecurity/trufflehog/pull/2204) - Fix azurestorage detector by [@​0x1](https://togithub.com/0x1) in [https://github.com/trufflesecurity/trufflehog/pull/2207](https://togithub.com/trufflesecurity/trufflehog/pull/2207) - fix and refactor browserstack detector by [@​0x1](https://togithub.com/0x1) in [https://github.com/trufflesecurity/trufflehog/pull/2208](https://togithub.com/trufflesecurity/trufflehog/pull/2208) - \[chore] Remove unnecessary string conversion in tefter detector by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2209](https://togithub.com/trufflesecurity/trufflehog/pull/2209) - Update metabase verification to check for a valid JSON response by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2210](https://togithub.com/trufflesecurity/trufflehog/pull/2210) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.63.2...v3.63.3 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44Ny4yIiwidXBkYXRlZEluVmVyIjoiMzcuODcuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
83b9ee1ca5
|
chore(deps): update trufflesecurity/trufflehog action to v3.63.2 (#22)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) | action | patch | `v3.63.1` -> `v3.63.2` | --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.63.2`](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.1...v3.63.2) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.1...v3.63.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44MS4zIiwidXBkYXRlZEluVmVyIjoiMzcuODEuMyIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
955ae2a72a
|
fix(deps): update module golang.org/x/crypto to v0.16.0 (#19)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | golang.org/x/crypto | require | minor | `v0.15.0` -> `v0.16.0` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
133ba8bd0a
|
chore(deps): update trufflesecurity/trufflehog action to v3.63.1 (#18)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) | action | patch | `v3.63.0` -> `v3.63.1` | --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.63.1`](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.0...v3.63.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.0...v3.63.1) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
c89d9d1e03
|
chore(deps): update trufflesecurity/trufflehog action to v3.63.0 (#17)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) | action | minor | `v3.62.1` -> `v3.63.0` | --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.63.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.62.1...v3.63.0) #### Changelog - [`39a603d`]( |
||
|
renovate[bot]
|
791f250fc0
|
fix(deps): update module golang.org/x/crypto to v0.15.0 (#13)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | golang.org/x/crypto | require | minor | `v0.14.0` -> `v0.15.0` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40Ni4wIiwidXBkYXRlZEluVmVyIjoiMzcuNDYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
Harald Hoyer
|
c4efb10c59
|
ci: remove nix workflow (#16)
Signed-off-by: Harald Hoyer <harald@matterlabs.dev> |
||
|
Harald Hoyer
|
f29a1f4831
|
ci: add go license checker (#15)
Signed-off-by: Harald Hoyer <harald@matterlabs.dev> |
||
|
renovate[bot]
|
26dfa5668f
|
chore(deps): update trufflesecurity/trufflehog action to v3.62.1 (#12)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) | action | minor | `v3.60.4` -> `v3.62.1` | --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.62.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.62.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.62.0...v3.62.1) #### What's Changed - update kingpin import by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2053](https://togithub.com/trufflesecurity/trufflehog/pull/2053) - Re-add detector version by [@​rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2060](https://togithub.com/trufflesecurity/trufflehog/pull/2060) - Detector-Competition-Fix: Fix currencycloud.com API key by [@​lc](https://togithub.com/lc) in [https://github.com/trufflesecurity/trufflehog/pull/1917](https://togithub.com/trufflesecurity/trufflehog/pull/1917) - Detector-Competition-Fix: Fix Bitcoin Average detector by [@​lc](https://togithub.com/lc) in [https://github.com/trufflesecurity/trufflehog/pull/1929](https://togithub.com/trufflesecurity/trufflehog/pull/1929) - Detector-Competition-Fix: Update formio regex to match Jwt token by [@​fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/1935](https://togithub.com/trufflesecurity/trufflehog/pull/1935) - Detector-Competition-Fix: Fix SalesBlink Detection & Verification by [@​lc](https://togithub.com/lc) in [https://github.com/trufflesecurity/trufflehog/pull/1950](https://togithub.com/trufflesecurity/trufflehog/pull/1950) - Support multiple custom detectors by [@​rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2064](https://togithub.com/trufflesecurity/trufflehog/pull/2064) - \[chore] Fix SourceManager flaky test by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2059](https://togithub.com/trufflesecurity/trufflehog/pull/2059) - Centralize logic for checking archive extraction tools by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2063](https://togithub.com/trufflesecurity/trufflehog/pull/2063) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.62.0...v3.62.1 ### [`v3.62.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.62.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.61.0...v3.62.0) #### What's Changed - Update module github.com/aws/aws-sdk-go to v1.46.6 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2013](https://togithub.com/trufflesecurity/trufflehog/pull/2013) - Update module github.com/bradleyfalzon/ghinstallation/v2 to v2.8.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2014](https://togithub.com/trufflesecurity/trufflehog/pull/2014) - Update module github.com/charmbracelet/lipgloss to v0.9.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2015](https://togithub.com/trufflesecurity/trufflehog/pull/2015) - Update module github.com/go-logr/logr to v1.3.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2025](https://togithub.com/trufflesecurity/trufflehog/pull/2025) - Update module github.com/getsentry/sentry-go to v0.25.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2022](https://togithub.com/trufflesecurity/trufflehog/pull/2022) - Update module github.com/google/go-containerregistry to v0.16.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2026](https://togithub.com/trufflesecurity/trufflehog/pull/2026) - Update module github.com/google/uuid to v1.4.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2027](https://togithub.com/trufflesecurity/trufflehog/pull/2027) - Update module github.com/hashicorp/golang-lru to v0.6.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2028](https://togithub.com/trufflesecurity/trufflehog/pull/2028) - Update module github.com/rabbitmq/amqp091-go to v1.9.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2030](https://togithub.com/trufflesecurity/trufflehog/pull/2030) - Detector-Competition-Feat: Added LemonSqueezy API token detector by [@​fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/2017](https://togithub.com/trufflesecurity/trufflehog/pull/2017) - Update module github.com/prometheus/client_golang to v1.17.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2029](https://togithub.com/trufflesecurity/trufflehog/pull/2029) - Detector-Competition-Feat: Added Budibase API token detector by [@​fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/2016](https://togithub.com/trufflesecurity/trufflehog/pull/2016) - Update github.com/bodgit/sevenzip to v1.4.3 by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2039](https://togithub.com/trufflesecurity/trufflehog/pull/2039) - Update module go.uber.org/mock to v0.3.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2038](https://togithub.com/trufflesecurity/trufflehog/pull/2038) - Update module github.com/xanzy/go-gitlab to v0.93.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2031](https://togithub.com/trufflesecurity/trufflehog/pull/2031) - Update module github.com/snowflakedb/gosnowflake to v1.6.25 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2042](https://togithub.com/trufflesecurity/trufflehog/pull/2042) - Update module github.com/launchdarkly/go-server-sdk/v6 to v6.1.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2043](https://togithub.com/trufflesecurity/trufflehog/pull/2043) - Update module go.uber.org/zap to v1.26.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2044](https://togithub.com/trufflesecurity/trufflehog/pull/2044) - Update module google.golang.org/api to v0.148.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2045](https://togithub.com/trufflesecurity/trufflehog/pull/2045) - Developed Deno Deploy Detector by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2040](https://togithub.com/trufflesecurity/trufflehog/pull/2040) - Detector-Competition-Feat: Added Stripo API token detector by [@​fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/2018](https://togithub.com/trufflesecurity/trufflehog/pull/2018) - fix(deps): update module sigs.k8s.io/yaml to v1.4.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2047](https://togithub.com/trufflesecurity/trufflehog/pull/2047) - Detector-Competition-Feat: Added Reply.io API token detector by [@​fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/2019](https://togithub.com/trufflesecurity/trufflehog/pull/2019) - fix(deps): update module github.com/go-git/go-git/v5 to v5.10.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2023](https://togithub.com/trufflesecurity/trufflehog/pull/2023) - adding 'token' keyword to regex for github_old by [@​ankushgoel27](https://togithub.com/ankushgoel27) in [https://github.com/trufflesecurity/trufflehog/pull/2037](https://togithub.com/trufflesecurity/trufflehog/pull/2037) - Remove verify flag from Aho-Corasick core by [@​rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2010](https://togithub.com/trufflesecurity/trufflehog/pull/2010) - Add TravisCI source by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/1877](https://togithub.com/trufflesecurity/trufflehog/pull/1877) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.61.0...v3.62.0 ### [`v3.61.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.61.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.60.4...v3.61.0) #### What's Changed - Detector-Competition-Fix: Fix/Remove Happi Detection & Verification by [@​lc](https://togithub.com/lc) in [https://github.com/trufflesecurity/trufflehog/pull/2003](https://togithub.com/trufflesecurity/trufflehog/pull/2003) - Detector-Competition-Fix: Fix/Remove Flowdock detector by [@​lc](https://togithub.com/lc) in [https://github.com/trufflesecurity/trufflehog/pull/2004](https://togithub.com/trufflesecurity/trufflehog/pull/2004) - Add temp directory management by [@​codevbus](https://togithub.com/codevbus) in [https://github.com/trufflesecurity/trufflehog/pull/1878](https://togithub.com/trufflesecurity/trufflehog/pull/1878) - Fix binary handling by [@​bill-rich](https://togithub.com/bill-rich) in [https://github.com/trufflesecurity/trufflehog/pull/1999](https://togithub.com/trufflesecurity/trufflehog/pull/1999) - Detector-Competition-Fix: Fix SurveyBot Verification by [@​lc](https://togithub.com/lc) in [https://github.com/trufflesecurity/trufflehog/pull/1948](https://togithub.com/trufflesecurity/trufflehog/pull/1948) - Detector-Competition-Feat: Added BetterStack API token detector by [@​fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/1987](https://togithub.com/trufflesecurity/trufflehog/pull/1987) - Detector-Competition-Feat: Added ZeroTier API token detector by [@​fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/1988](https://togithub.com/trufflesecurity/trufflehog/pull/1988) - Detector-Competition-Feat: Added AppOptics API token detector by [@​fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/1989](https://togithub.com/trufflesecurity/trufflehog/pull/1989) - Detector-Competition-Feat: Add Metabase Session Secret Detector by [@​fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/1902](https://togithub.com/trufflesecurity/trufflehog/pull/1902) - Add Coinbase Wallet-as-a-Service detector by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/1895](https://togithub.com/trufflesecurity/trufflehog/pull/1895) - Chore(deps): Bump google.golang.org/grpc from 1.56.2 to 1.56.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/trufflesecurity/trufflehog/pull/2009](https://togithub.com/trufflesecurity/trufflehog/pull/2009) - Update module github.com/TheZeroSlave/zapsentry to v1.19.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2012](https://togithub.com/trufflesecurity/trufflehog/pull/2012) - Update module cloud.google.com/go/secretmanager to v1.11.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2011](https://togithub.com/trufflesecurity/trufflehog/pull/2011) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.60.4...v3.61.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMS41IiwidXBkYXRlZEluVmVyIjoiMzcuMzEuNSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
c2411a45a7
|
feat: initial commit
Signed-off-by: Harald Hoyer <harald@matterlabs.dev> |
