mirror of
https://github.com/matter-labs/vault-auth-tee.git
synced 2025-07-21 15:53:55 +02:00
115 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Harald Hoyer
|
a8898ff52b
|
chore(deps): update
Signed-off-by: Harald Hoyer <harald@matterlabs.dev> |
||
|
Harald Hoyer
|
594e238b2b
|
ci: pin nixci version to the 23.11 release (#65) | ||
|
Harald Hoyer
|
2c48af066f
|
ci: pin nixci version to the 23.11 release
Signed-off-by: Harald Hoyer <harald@matterlabs.dev> |
||
|
Harald Hoyer
|
b0d7bc1e2a
|
chore(deps): update trufflesecurity/trufflehog action to v3.73.0 (#61)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) | action | minor | `v3.71.2` -> `v3.73.0` | --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.73.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.73.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.72.0...v3.73.0) #### What's Changed - \[chore] - upgrade launchdarkly dep by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2650](https://togithub.com/trufflesecurity/trufflehog/pull/2650) - fix(deps): update module github.com/aws/aws-sdk-go to v1.51.14 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2659](https://togithub.com/trufflesecurity/trufflehog/pull/2659) - fix(deps): update module github.com/launchdarkly/go-server-sdk/v7 to v7.3.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2660](https://togithub.com/trufflesecurity/trufflehog/pull/2660) - fix(deps): update module github.com/google/go-github/v57 to v61 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2652](https://togithub.com/trufflesecurity/trufflehog/pull/2652) - \[chore] - update go-github dep manually by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2664](https://togithub.com/trufflesecurity/trufflehog/pull/2664) - chore: fix some typos by [@​redismongo](https://togithub.com/redismongo) in [https://github.com/trufflesecurity/trufflehog/pull/2666](https://togithub.com/trufflesecurity/trufflehog/pull/2666) - fix(deps): update module golang.org/x/oauth2 to v0.19.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2670](https://togithub.com/trufflesecurity/trufflehog/pull/2670) - \[bug] - Add ASCII validation check for base64 decoding by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2671](https://togithub.com/trufflesecurity/trufflehog/pull/2671) - Handle inactive Slack account tokens by [@​rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2668](https://togithub.com/trufflesecurity/trufflehog/pull/2668) - fix(deps): update module golang.org/x/net to v0.24.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2662](https://togithub.com/trufflesecurity/trufflehog/pull/2662) - fix(deps): update module github.com/thezeroslave/zapsentry to v1.23.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2667](https://togithub.com/trufflesecurity/trufflehog/pull/2667) - fix(deps): update module github.com/wasilibs/go-re2 to v1.5.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2681](https://togithub.com/trufflesecurity/trufflehog/pull/2681) - fix(deps): update golang.org/x/exp digest to [`c0f41cb`]( |
||
|
renovate[bot]
|
a07a2250fc
|
chore(deps): update trufflesecurity/trufflehog action to v3.73.0 | ||
|
Harald Hoyer
|
059a2cba53
|
chore(deps): update trufflesecurity/trufflehog action to v3.71.2 (#59)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) | action | patch | `v3.71.1` -> `v3.71.2` | --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.71.2`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.71.2) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.71.1...v3.71.2) #### What's Changed - Link to GitHub contribution guide in CONTRIBUTING by [@​rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2632](https://togithub.com/trufflesecurity/trufflehog/pull/2632) - Fixing nitro check by [@​dylanTruffle](https://togithub.com/dylanTruffle) in [https://github.com/trufflesecurity/trufflehog/pull/2631](https://togithub.com/trufflesecurity/trufflehog/pull/2631) - fix(deps): update module google.golang.org/api to v0.172.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2634](https://togithub.com/trufflesecurity/trufflehog/pull/2634) - make postman source public by [@​zricethezav](https://togithub.com/zricethezav) in [https://github.com/trufflesecurity/trufflehog/pull/2635](https://togithub.com/trufflesecurity/trufflehog/pull/2635) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.71.1...v3.71.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> |
||
|
renovate[bot]
|
d9d67a1d9d
|
chore(deps): update trufflesecurity/trufflehog action to v3.71.2 | ||
|
Harald Hoyer
|
aa72f9bbba
|
fix(flake): follow the inputs of nixsgx (#57)
preventing any cache mismatches |
||
|
Harald Hoyer
|
3d01d4315e
|
fix(flake): follow the inputs of nixsgx
preventing any cache mismatches Signed-off-by: Harald Hoyer <harald@matterlabs.dev> |
||
|
Harald Hoyer
|
a0cd161195
|
chore(deps): update trufflesecurity/trufflehog action to v3.71.1 (#54)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) | action | minor | `v3.69.0` -> `v3.71.1` | --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.71.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.71.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.71.0...v3.71.1) #### What's Changed - Fix GitHub panic and test errors by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2608](https://togithub.com/trufflesecurity/trufflehog/pull/2608) - fix(deps): update module github.com/xanzy/go-gitlab to v0.101.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2617](https://togithub.com/trufflesecurity/trufflehog/pull/2617) - fix(deps): update module github.com/aws/aws-sdk-go to v1.51.6 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2615](https://togithub.com/trufflesecurity/trufflehog/pull/2615) - fix(deps): update module github.com/aws/aws-sdk-go to v1.51.7 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2623](https://togithub.com/trufflesecurity/trufflehog/pull/2623) - Fix additional GitHub test errors by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2614](https://togithub.com/trufflesecurity/trufflehog/pull/2614) - \[chore] - upgrade dep by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2618](https://togithub.com/trufflesecurity/trufflehog/pull/2618) - fix(deps): update golang.org/x/exp digest to [`a685a6e`]( |
||
|
renovate[bot]
|
9a9ca2fe29
|
chore(deps): update trufflesecurity/trufflehog action to v3.71.1 | ||
|
Harald Hoyer
|
cbf341f65c
|
docs: lower warning in README.md (#53)
downgrade from `not production ready` to `use at your own risc` |
||
|
Harald Hoyer
|
db00c91030
|
docs: lower warning in README.md
downgrade from `not production ready` to `use at your own risc` Signed-off-by: Harald Hoyer <harald@matterlabs.dev> |
||
|
Harald Hoyer
|
d98bb9a17d
|
fix: use postFixup phase for sha256 (#55)
Stripping the plugin binary in the fixup phase of course changes the hash. |
||
|
Harald Hoyer
|
398a95314d
|
fix: use postFixup phase for sha256
Stripping the plugin binary in the fixup phase of course changes the hash. Signed-off-by: Harald Hoyer <harald@matterlabs.dev> |
||
|
Harald Hoyer
|
aec55a2ef1
|
all: use errors.New() which has no param instead of fmt.Errorf() (#47)
use errors.New() which has no param instead of fmt.Errorf() |
||
|
yzb@example.cn
|
f62d3e0d0f
|
all: use errors.New() which has no param instead of fmt.Errorf() | ||
|
Harald Hoyer
|
f0ea96f2e4
|
chore(deps): update cachix/install-nix-action action to v26 (#50)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [cachix/install-nix-action](https://togithub.com/cachix/install-nix-action) | action | major | `v25` -> `v26` | --- ### Release Notes <details> <summary>cachix/install-nix-action (cachix/install-nix-action)</summary> ### [`v26`](https://togithub.com/cachix/install-nix-action/releases/tag/v26) [Compare Source](https://togithub.com/cachix/install-nix-action/compare/v25...v26) Bump to Nix 2.20.5 to address CVE-2024-27297 / GHSA-2ffj-w4mj-pg37. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMzAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjIzMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> |
||
|
renovate[bot]
|
05874beee4
|
chore(deps): update cachix/install-nix-action action to v26 | ||
|
Harald Hoyer
|
c9e4f6d9db
|
chore(deps): update trufflesecurity/trufflehog action to v3.69.0 (#49)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) | action | minor | `v3.68.5` -> `v3.69.0` | --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.69.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.69.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.68.5...v3.69.0) #### What's Changed - add version to extra data + moving existing versioned detectors into subdirectory format by [@​0x1](https://togithub.com/0x1) in [https://github.com/trufflesecurity/trufflehog/pull/2471](https://togithub.com/trufflesecurity/trufflehog/pull/2471) - fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v7 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2499](https://togithub.com/trufflesecurity/trufflehog/pull/2499) - fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2535](https://togithub.com/trufflesecurity/trufflehog/pull/2535) - fix(deps): update module github.com/charmbracelet/lipgloss to v0.10.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2542](https://togithub.com/trufflesecurity/trufflehog/pull/2542) - fix(deps): update module github.com/aws/aws-sdk-go to v1.50.34 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2541](https://togithub.com/trufflesecurity/trufflehog/pull/2541) - fix(deps): update module golang.org/x/crypto to v0.21.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2544](https://togithub.com/trufflesecurity/trufflehog/pull/2544) - fix(deps): update module github.com/xanzy/go-gitlab to v0.99.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2543](https://togithub.com/trufflesecurity/trufflehog/pull/2543) - fix(deps): update module golang.org/x/oauth2 to v0.18.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2546](https://togithub.com/trufflesecurity/trufflehog/pull/2546) - fix(deps): update module google.golang.org/api to v0.169.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2547](https://togithub.com/trufflesecurity/trufflehog/pull/2547) - Canary verification by [@​joeleonjr](https://togithub.com/joeleonjr) in [https://github.com/trufflesecurity/trufflehog/pull/2531](https://togithub.com/trufflesecurity/trufflehog/pull/2531) - fix(deps): update testcontainers-go monorepo to v0.29.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2549](https://togithub.com/trufflesecurity/trufflehog/pull/2549) - fix(deps): update module google.golang.org/protobuf to v1.33.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2548](https://togithub.com/trufflesecurity/trufflehog/pull/2548) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.68.5...v3.69.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMzAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjIzMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> |
||
|
renovate[bot]
|
1cb528c45a
|
chore(deps): update trufflesecurity/trufflehog action to v3.69.0 | ||
|
Harald Hoyer
|
4723b8302d
|
ci: only login to docker on push events (#48) | ||
|
Harald Hoyer
|
3348b20cbd
|
ci: only login to docker on push events
Signed-off-by: Harald Hoyer <harald@matterlabs.dev> |
||
|
Harald Hoyer
|
ee1781ffc7
|
chore(deps): update trufflesecurity/trufflehog action to v3.68.5 (#44)
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog)
| action | patch | `v3.68.2` -> `v3.68.5` |
---
### Release Notes
<details>
<summary>trufflesecurity/trufflehog
(trufflesecurity/trufflehog)</summary>
###
[`v3.68.5`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.68.5)
[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.68.4...v3.68.5)
#### What's Changed
- Create basic escaped unicode decoder by
[@​rgmz](https://togithub.com/rgmz) in
[https://github.com/trufflesecurity/trufflehog/pull/2456](https://togithub.com/trufflesecurity/trufflehog/pull/2456)
- fix(deps): update module github.com/aws/aws-sdk-go to v1.50.30 by
[@​renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2529](https://togithub.com/trufflesecurity/trufflehog/pull/2529)
- fix(deps): update module github.com/felixge/fgprof to v0.9.4 by
[@​renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2532](https://togithub.com/trufflesecurity/trufflehog/pull/2532)
- fix(deps): update module cloud.google.com/go/storage to v1.39.0 by
[@​renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2533](https://togithub.com/trufflesecurity/trufflehog/pull/2533)
- fix(deps): update module github.com/stretchr/testify to v1.9.0 by
[@​renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2534](https://togithub.com/trufflesecurity/trufflehog/pull/2534)
- Add naive S3 ignorelist by
[@​rosecodym](https://togithub.com/rosecodym) in
[https://github.com/trufflesecurity/trufflehog/pull/2536](https://togithub.com/trufflesecurity/trufflehog/pull/2536)
- Redact secret in git command output by
[@​rosecodym](https://togithub.com/rosecodym) in
[https://github.com/trufflesecurity/trufflehog/pull/2539](https://togithub.com/trufflesecurity/trufflehog/pull/2539)
- Fix timeout param, DB is not needed for ping command by
[@​dustin-decker](https://togithub.com/dustin-decker) in
[https://github.com/trufflesecurity/trufflehog/pull/2540](https://togithub.com/trufflesecurity/trufflehog/pull/2540)
**Full Changelog**:
https://github.com/trufflesecurity/trufflehog/compare/v3.68.4...v3.68.5
###
[`v3.68.4`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.68.4)
[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.68.3...v3.68.4)
#### What's Changed
- Improve Gitlab default URL handling by
[@​trufflesteeeve](https://togithub.com/trufflesteeeve) in
[https://github.com/trufflesecurity/trufflehog/pull/2491](https://togithub.com/trufflesecurity/trufflehog/pull/2491)
- fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 by
[@​renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2513](https://togithub.com/trufflesecurity/trufflehog/pull/2513)
- fix(deps): update module github.com/aws/aws-sdk-go to v1.50.28 by
[@​renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2520](https://togithub.com/trufflesecurity/trufflehog/pull/2520)
- fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.2 by
[@​renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2521](https://togithub.com/trufflesecurity/trufflehog/pull/2521)
- fix(deps): update module github.com/prometheus/client_golang to
v1.19.0 by [@​renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2522](https://togithub.com/trufflesecurity/trufflehog/pull/2522)
- fix(deps): update module golang.org/x/crypto to v0.20.0 by
[@​renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2523](https://togithub.com/trufflesecurity/trufflehog/pull/2523)
- Remove one filter word by
[@​dustin-decker](https://togithub.com/dustin-decker) in
[https://github.com/trufflesecurity/trufflehog/pull/2525](https://togithub.com/trufflesecurity/trufflehog/pull/2525)
- Fix minor typo by [@​jamesgol](https://togithub.com/jamesgol) in
[https://github.com/trufflesecurity/trufflehog/pull/2527](https://togithub.com/trufflesecurity/trufflehog/pull/2527)
- Ignore canary IDs in notifications by
[@​dxa4481](https://togithub.com/dxa4481) in
[https://github.com/trufflesecurity/trufflehog/pull/2526](https://togithub.com/trufflesecurity/trufflehog/pull/2526)
- \[feat] - Make the client configurable by
[@​ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2528](https://togithub.com/trufflesecurity/trufflehog/pull/2528)
#### New Contributors
- [@​jamesgol](https://togithub.com/jamesgol) made their first
contribution in
[https://github.com/trufflesecurity/trufflehog/pull/2527](https://togithub.com/trufflesecurity/trufflehog/pull/2527)
**Full Changelog**:
https://github.com/trufflesecurity/trufflehog/compare/v3.68.3...v3.68.4
###
[`v3.68.3`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.68.3)
[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.68.2...v3.68.3)
#### What's Changed
- fix(deps): update module github.com/google/go-github/v57 to v59 by
[@​renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2464](https://togithub.com/trufflesecurity/trufflehog/pull/2464)
- fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 by
[@​renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2455](https://togithub.com/trufflesecurity/trufflehog/pull/2455)
- fix(deps): update golang.org/x/exp digest to
[`814bf88`](
|
||
|
renovate[bot]
|
554eab4a60
|
chore(deps): update trufflesecurity/trufflehog action to v3.68.5 | ||
|
Harald Hoyer
|
324cabdde4
|
chore(deps): update trufflesecurity/trufflehog action to v3.68.2 (#41)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) | action | patch | `v3.68.0` -> `v3.68.2` | --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.68.2`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.68.2) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.68.1...v3.68.2) #### What's Changed - fix prefix check when returning early by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2503](https://togithub.com/trufflesecurity/trufflehog/pull/2503) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.68.1...v3.68.2 ### [`v3.68.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.68.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.68.0...v3.68.1) #### What's Changed - Tell git to ignore directory ownership (fixes [#​2495](https://togithub.com/trufflesecurity/trufflehog/issues/2495)) by [@​marksteward](https://togithub.com/marksteward) in [https://github.com/trufflesecurity/trufflehog/pull/2496](https://togithub.com/trufflesecurity/trufflehog/pull/2496) - Gitlab scan targets by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2470](https://togithub.com/trufflesecurity/trufflehog/pull/2470) - Clean up some detectors by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2501](https://togithub.com/trufflesecurity/trufflehog/pull/2501) #### New Contributors - [@​marksteward](https://togithub.com/marksteward) made their first contribution in [https://github.com/trufflesecurity/trufflehog/pull/2496](https://togithub.com/trufflesecurity/trufflehog/pull/2496) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.68.0...v3.68.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMDAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjIwMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> |
||
|
renovate[bot]
|
7ea1767e7f
|
chore(deps): update trufflesecurity/trufflehog action to v3.68.2 | ||
|
Harald Hoyer
|
347530ae65
|
fix: enable clearing the sgx_mrsigner and sgx_mrenclave field (#43)
Add the ability to clear the `sgx_mrsigner` and `sgx_mrenclave` field. Otherwise we cannot switch from `sgx_mrenclave` to `sgx_mrsigner` based authentication. |
||
|
Harald Hoyer
|
94c86df4d5
|
fix: enable clearing the sgx_mrsigner and sgx_mrenclave field
Add the ability to clear the `sgx_mrsigner` and `sgx_mrenclave` field. Otherwise we cannot switch from `sgx_mrenclave` to `sgx_mrsigner` based authentication. Signed-off-by: Harald Hoyer <harald@matterlabs.dev> |
||
|
Harald Hoyer
|
0f9a672c99
|
chore: add nix subpackage with shasum of plugin (#40) | ||
|
Harald Hoyer
|
6fb44c0183
|
chore: add nix subpackage with shasum of plugin
Signed-off-by: Harald Hoyer <harald@matterlabs.dev> |
||
|
Harald Hoyer
|
cef9c48359
|
chore(deps): update trufflesecurity/trufflehog action to v3.68.0 (#39)
chore(deps): update trufflesecurity/trufflehog action to v3.68.0 |
||
|
renovate[bot]
|
5c779e1b58
|
chore(deps): update trufflesecurity/trufflehog action to v3.68.0 | ||
|
Harald Hoyer
|
b7d0a483b5
|
chore: use snowfall lib for nix flake (#38) | ||
|
Harald Hoyer
|
a43f83d834
|
chore: use snowfall lib for nix flake
Signed-off-by: Harald Hoyer <harald@matterlabs.dev> |
||
|
Harald Hoyer
|
1cd15d46d0
|
chore(deps): update trufflesecurity/trufflehog action to v3.67.6 (#37)
chore(deps): update trufflesecurity/trufflehog action to v3.67.6 |
||
|
renovate[bot]
|
b93bd6540c
|
chore(deps): update trufflesecurity/trufflehog action to v3.67.6 | ||
|
Harald Hoyer
|
beeb93ed62
|
feat: build the container image with nix (#36) | ||
|
Harald Hoyer
|
4fabbf8f3f
|
feat: build the container image with nix
Signed-off-by: Harald Hoyer <harald@matterlabs.dev> |
||
|
Harald Hoyer
|
b0653b4246
|
fix(deps): update module github.com/hashicorp/vault/api to v1.12.0 (#31)
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [github.com/hashicorp/vault/api](https://togithub.com/hashicorp/vault) | `v1.11.0` -> `v1.12.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>hashicorp/vault (github.com/hashicorp/vault/api)</summary> ### [`v1.12.0`](https://togithub.com/hashicorp/vault/releases/tag/v1.12.0) [Compare Source](https://togithub.com/hashicorp/vault/compare/v1.11.0...v1.12.0) ##### 1.12.0 ##### October 13, 2022 CHANGES: - api: Exclusively use `GET /sys/plugins/catalog` endpoint for listing plugins, and add `details` field to list responses. \[[GH-17347](https://togithub.com/hashicorp/vault/pull/17347)] - auth: `GET /sys/auth/:name` endpoint now returns an additional `deprecation_status` field in the response data for builtins. \[[GH-16849](https://togithub.com/hashicorp/vault/pull/16849)] - auth: `GET /sys/auth` endpoint now returns an additional `deprecation_status` field in the response data for builtins. \[[GH-16849](https://togithub.com/hashicorp/vault/pull/16849)] - auth: `POST /sys/auth/:type` endpoint response contains a warning for `Deprecated` auth methods. \[[GH-17058](https://togithub.com/hashicorp/vault/pull/17058)] - auth: `auth enable` returns an error and `POST /sys/auth/:type` endpoint reports an error for `Pending Removal` auth methods. \[[GH-17005](https://togithub.com/hashicorp/vault/pull/17005)] - core/entities: Fixed stranding of aliases upon entity merge, and require explicit selection of which aliases should be kept when some must be deleted \[[GH-16539](https://togithub.com/hashicorp/vault/pull/16539)] - core: Bump Go version to 1.19.2. - core: Validate input parameters for vault operator init command. Vault 1.12 CLI version is needed to run operator init now. \[[GH-16379](https://togithub.com/hashicorp/vault/pull/16379)] - identity: a request to `/identity/group` that includes `member_group_ids` that contains a cycle will now be responded to with a 400 rather than 500 \[[GH-15912](https://togithub.com/hashicorp/vault/pull/15912)] - licensing (enterprise): Terminated licenses will no longer result in shutdown. Instead, upgrades will not be allowed if the license termination time is before the build date of the binary. - plugins: Add plugin version to auth register, list, and mount table \[[GH-16856](https://togithub.com/hashicorp/vault/pull/16856)] - plugins: `GET /sys/plugins/catalog/:type/:name` endpoint contains deprecation status for builtin plugins. \[[GH-17077](https://togithub.com/hashicorp/vault/pull/17077)] - plugins: `GET /sys/plugins/catalog/:type/:name` endpoint now returns an additional `version` field in the response data. \[[GH-16688](https://togithub.com/hashicorp/vault/pull/16688)] - plugins: `GET /sys/plugins/catalog/` endpoint contains deprecation status in `detailed` list. \[[GH-17077](https://togithub.com/hashicorp/vault/pull/17077)] - plugins: `GET /sys/plugins/catalog` endpoint now returns an additional `detailed` field in the response data with a list of additional plugin metadata. \[[GH-16688](https://togithub.com/hashicorp/vault/pull/16688)] - plugins: `plugin info` displays deprecation status for builtin plugins. \[[GH-17077](https://togithub.com/hashicorp/vault/pull/17077)] - plugins: `plugin list` now accepts a `-detailed` flag, which display deprecation status and version info. \[[GH-17077](https://togithub.com/hashicorp/vault/pull/17077)] - secrets/azure: Removed deprecated AAD graph API support from the secrets engine. \[[GH-17180](https://togithub.com/hashicorp/vault/pull/17180)] - secrets: All database-specific (standalone DB) secrets engines are now marked `Pending Removal`. \[[GH-17038](https://togithub.com/hashicorp/vault/pull/17038)] - secrets: `GET /sys/mounts/:name` endpoint now returns an additional `deprecation_status` field in the response data for builtins. \[[GH-16849](https://togithub.com/hashicorp/vault/pull/16849)] - secrets: `GET /sys/mounts` endpoint now returns an additional `deprecation_status` field in the response data for builtins. \[[GH-16849](https://togithub.com/hashicorp/vault/pull/16849)] - secrets: `POST /sys/mounts/:type` endpoint response contains a warning for `Deprecated` secrets engines. \[[GH-17058](https://togithub.com/hashicorp/vault/pull/17058)] - secrets: `secrets enable` returns an error and `POST /sys/mount/:type` endpoint reports an error for `Pending Removal` secrets engines. \[[GH-17005](https://togithub.com/hashicorp/vault/pull/17005)] FEATURES: - **GCP Cloud KMS support for managed keys**: Managed keys now support using GCP Cloud KMS keys - **LDAP Secrets Engine**: Adds the `ldap` secrets engine with service account check-out functionality for all supported schemas. \[[GH-17152](https://togithub.com/hashicorp/vault/pull/17152)] - **OCSP Responder**: PKI mounts now have an OCSP responder that implements a subset of RFC6960, answering single serial number OCSP requests for a specific cluster's revoked certificates in a mount. \[[GH-16723](https://togithub.com/hashicorp/vault/pull/16723)] - **Redis DB Engine**: Adding the new Redis database engine that supports the generation of static and dynamic user roles and root credential rotation on a stand alone Redis server. \[[GH-17070](https://togithub.com/hashicorp/vault/pull/17070)] - **Redis ElastiCache DB Plugin**: Added Redis ElastiCache as a built-in plugin. \[[GH-17075](https://togithub.com/hashicorp/vault/pull/17075)] - **Secrets/auth plugin multiplexing**: manage multiple plugin configurations with a single plugin process \[[GH-14946](https://togithub.com/hashicorp/vault/pull/14946)] - **Transform Key Import (BYOK)**: The transform secrets engine now supports importing keys for tokenization and FPE transformations - HCP (enterprise): Adding foundational support for self-managed vault nodes to securely communicate with [HashiCorp Cloud Platform](https://cloud.hashicorp.com) as an opt-in feature - ui: UI support for Okta Number Challenge. \[[GH-15998](https://togithub.com/hashicorp/vault/pull/15998)] IMPROVEMENTS: - :core/managed-keys (enterprise): Allow operators to specify PSS signatures and/or hash algorithm for the test/sign api - activity (enterprise): Added new clients unit tests to test accuracy of estimates - agent/auto-auth: Add `exit_on_err` which when set to true, will cause Agent to exit if any errors are encountered during authentication. \[[GH-17091](https://togithub.com/hashicorp/vault/pull/17091)] - agent: Added `disable_idle_connections` configuration to disable leaving idle connections open in auto-auth, caching and templating. \[[GH-15986](https://togithub.com/hashicorp/vault/pull/15986)] - agent: Added `disable_keep_alives` configuration to disable keep alives in auto-auth, caching and templating. \[[GH-16479](https://togithub.com/hashicorp/vault/pull/16479)] - agent: JWT auto auth now supports a `remove_jwt_after_reading` config option which defaults to true. \[[GH-11969](https://togithub.com/hashicorp/vault/pull/11969)] - agent: Send notifications to systemd on start and stop. \[[GH-9802](https://togithub.com/hashicorp/vault/pull/9802)] - api/mfa: Add namespace path to the MFA read/list endpoint \[[GH-16911](https://togithub.com/hashicorp/vault/pull/16911)] - api: Add a sentinel error for missing KV secrets \[[GH-16699](https://togithub.com/hashicorp/vault/pull/16699)] - auth/alicloud: Enables AliCloud roles to be compatible with Vault's role based quotas. \[[GH-17251](https://togithub.com/hashicorp/vault/pull/17251)] - auth/approle: SecretIDs can now be generated with an per-request specified TTL and num_uses. When either the ttl and num_uses fields are not specified, the role's configuration is used. \[[GH-14474](https://togithub.com/hashicorp/vault/pull/14474)] - auth/aws: PKCS7 signatures will now use SHA256 by default in prep for Go 1.18 \[[GH-16455](https://togithub.com/hashicorp/vault/pull/16455)] - auth/azure: Enables Azure roles to be compatible with Vault's role based quotas. \[[GH-17194](https://togithub.com/hashicorp/vault/pull/17194)] - auth/cert: Add metadata to identity-alias \[[GH-14751](https://togithub.com/hashicorp/vault/pull/14751)] - auth/cert: Operators can now specify a CRL distribution point URL, in which case the cert auth engine will fetch and use the CRL from that location rather than needing to push CRLs directly to auth/cert. \[[GH-17136](https://togithub.com/hashicorp/vault/pull/17136)] - auth/cf: Enables CF roles to be compatible with Vault's role based quotas. \[[GH-17196](https://togithub.com/hashicorp/vault/pull/17196)] - auth/gcp: Add support for GCE regional instance groups \[[GH-16435](https://togithub.com/hashicorp/vault/pull/16435)] - auth/gcp: Updates dependencies: `google.golang.org/api@v0.83.0`, `github.com/hashicorp/go-gcp-common@v0.8.0`. \[[GH-17160](https://togithub.com/hashicorp/vault/pull/17160)] - auth/jwt: Adds support for Microsoft US Gov L4 to the Azure provider for groups fetching. \[[GH-16525](https://togithub.com/hashicorp/vault/pull/16525)] - auth/jwt: Improves detection of Windows Subsystem for Linux (WSL) for CLI-based logins. \[[GH-16525](https://togithub.com/hashicorp/vault/pull/16525)] - auth/kerberos: add `add_group_aliases` config to include LDAP groups in Vault group aliases \[[GH-16890](https://togithub.com/hashicorp/vault/pull/16890)] - auth/kerberos: add `remove_instance_name` parameter to the login CLI and the Kerberos config in Vault. This removes any instance names found in the keytab service principal name. \[[GH-16594](https://togithub.com/hashicorp/vault/pull/16594)] - auth/kubernetes: Role resolution for K8S Auth \[[GH-156](https://togithub.com/hashicorp/vault-plugin-auth-kubernetes/pull/156)] \[[GH-17161](https://togithub.com/hashicorp/vault/pull/17161)] - auth/oci: Add support for role resolution. \[[GH-17212](https://togithub.com/hashicorp/vault/pull/17212)] - auth/oidc: Adds support for group membership parsing when using SecureAuth as an OIDC provider. \[[GH-16274](https://togithub.com/hashicorp/vault/pull/16274)] - cli: CLI commands will print a warning if flags will be ignored because they are passed after positional arguments. \[[GH-16441](https://togithub.com/hashicorp/vault/pull/16441)] - cli: `auth` and `secrets` list `-detailed` commands now show Deprecation Status for builtin plugins. \[[GH-16849](https://togithub.com/hashicorp/vault/pull/16849)] - cli: `vault plugin list` now has a `details` field in JSON format, and version and type information in table format. \[[GH-17347](https://togithub.com/hashicorp/vault/pull/17347)] - command/audit: Improve missing type error message \[[GH-16409](https://togithub.com/hashicorp/vault/pull/16409)] - command/server: add `-dev-tls` and `-dev-tls-cert-dir` subcommands to create a Vault dev server with generated certificates and private key. \[[GH-16421](https://togithub.com/hashicorp/vault/pull/16421)] - command: Fix shell completion for KV v2 mounts \[[GH-16553](https://togithub.com/hashicorp/vault/pull/16553)] - core (enterprise): Add HTTP PATCH support for namespaces with an associated `namespace patch` CLI command - core (enterprise): Add check to `vault server` command to ensure configured storage backend is supported. - core (enterprise): Add custom metadata support for namespaces - core/activity: generate hyperloglogs containing clientIds for each month during precomputation \[[GH-16146](https://togithub.com/hashicorp/vault/pull/16146)] - core/activity: refactor activity log api to reuse partial api functions in activity endpoint when current month is specified \[[GH-16162](https://togithub.com/hashicorp/vault/pull/16162)] - core/activity: use monthly hyperloglogs to calculate new clients approximation for current month \[[GH-16184](https://togithub.com/hashicorp/vault/pull/16184)] - core/quotas (enterprise): Added ability to add path suffixes for lease-count resource quotas - core/quotas (enterprise): Added ability to add role information for lease-count resource quotas, to limit login requests on auth mounts made using that role - core/quotas: Added ability to add path suffixes for rate-limit resource quotas \[[GH-15989](https://togithub.com/hashicorp/vault/pull/15989)] - core/quotas: Added ability to add role information for rate-limit resource quotas, to limit login requests on auth mounts made using that role \[[GH-16115](https://togithub.com/hashicorp/vault/pull/16115)] - core: Activity log goroutine management improvements to allow tests to be more deterministic. \[[GH-17028](https://togithub.com/hashicorp/vault/pull/17028)] - core: Add `sys/loggers` and `sys/loggers/:name` endpoints to provide ability to modify logging verbosity \[[GH-16111](https://togithub.com/hashicorp/vault/pull/16111)] - core: Handle and log deprecated builtin mounts. Introduces `VAULT_ALLOW_PENDING_REMOVAL_MOUNTS` to override shutdown and error when attempting to mount `Pending Removal` builtin plugins. \[[GH-17005](https://togithub.com/hashicorp/vault/pull/17005)] - core: Limit activity log client count usage by namespaces \[[GH-16000](https://togithub.com/hashicorp/vault/pull/16000)] - core: Upgrade github.com/hashicorp/raft \[[GH-16609](https://togithub.com/hashicorp/vault/pull/16609)] - core: remove gox \[[GH-16353](https://togithub.com/hashicorp/vault/pull/16353)] - docs: Clarify the behaviour of local mounts in the context of DR replication \[[GH-16218](https://togithub.com/hashicorp/vault/pull/16218)] - identity/oidc: Adds support for detailed listing of clients and providers. \[[GH-16567](https://togithub.com/hashicorp/vault/pull/16567)] - identity/oidc: Adds the `client_secret_post` token endpoint authentication method. \[[GH-16598](https://togithub.com/hashicorp/vault/pull/16598)] - identity/oidc: allows filtering the list providers response by an allowed_client_id \[[GH-16181](https://togithub.com/hashicorp/vault/pull/16181)] - identity: Prevent possibility of data races on entity creation. \[[GH-16487](https://togithub.com/hashicorp/vault/pull/16487)] - physical/postgresql: pass context to queries to propagate timeouts and cancellations on requests. \[[GH-15866](https://togithub.com/hashicorp/vault/pull/15866)] - plugins/multiplexing: Added multiplexing support to database plugins if run as external plugins \[[GH-16995](https://togithub.com/hashicorp/vault/pull/16995)] - plugins: Add Deprecation Status method to builtinregistry. \[[GH-16846](https://togithub.com/hashicorp/vault/pull/16846)] - plugins: Added environment variable flag to opt-out specific plugins from multiplexing \[[GH-16972](https://togithub.com/hashicorp/vault/pull/16972)] - plugins: Adding version to plugin GRPC interface \[[GH-17088](https://togithub.com/hashicorp/vault/pull/17088)] - plugins: Plugin catalog supports registering and managing plugins with semantic version information. \[[GH-16688](https://togithub.com/hashicorp/vault/pull/16688)] - replication (enterprise): Fix race in merkle sync that can prevent streaming by returning key value matching provided hash if found in log shipper buffer. - secret/nomad: allow reading CA and client auth certificate from /nomad/config/access \[[GH-15809](https://togithub.com/hashicorp/vault/pull/15809)] - secret/pki: Add RSA PSS signature support for issuing certificates, signing CRLs \[[GH-16519](https://togithub.com/hashicorp/vault/pull/16519)] - secret/pki: Add signature_bits to sign-intermediate, sign-verbatim endpoints \[[GH-16124](https://togithub.com/hashicorp/vault/pull/16124)] - secret/pki: Allow issuing certificates with non-domain, non-email Common Names from roles, sign-verbatim, and as issuers (`cn_validations`). \[[GH-15996](https://togithub.com/hashicorp/vault/pull/15996)] - secret/pki: Allow specifying SKID for cross-signed issuance from older Vault versions. \[[GH-16494](https://togithub.com/hashicorp/vault/pull/16494)] - secret/transit: Allow importing [`Ed25519`](https://togithub.com/hashicorp/vault/commit/Ed25519) keys from [PKCS#8](https://togithub.com/PKCS/vault/issues/8) with inner RFC 5915 ECPrivateKey blobs (NSS-wrapped keys). \[[GH-15742](https://togithub.com/hashicorp/vault/pull/15742)] - secrets/ad: set config default length only if password_policy is missing \[[GH-16140](https://togithub.com/hashicorp/vault/pull/16140)] - secrets/azure: Adds option to permanently delete AzureAD objects created by Vault. \[[GH-17045](https://togithub.com/hashicorp/vault/pull/17045)] - secrets/database/hana: Add ability to customize dynamic usernames \[[GH-16631](https://togithub.com/hashicorp/vault/pull/16631)] - secrets/database/snowflake: Add multiplexing support \[[GH-17159](https://togithub.com/hashicorp/vault/pull/17159)] - secrets/gcp: Updates dependencies: `google.golang.org/api@v0.83.0`, `github.com/hashicorp/go-gcp-common@v0.8.0`. \[[GH-17174](https://togithub.com/hashicorp/vault/pull/17174)] - secrets/gcpkms: Update dependencies: google.golang.org/api@v0.83.0. \[[GH-17199](https://togithub.com/hashicorp/vault/pull/17199)] - secrets/kubernetes: upgrade to v0.2.0 \[[GH-17164](https://togithub.com/hashicorp/vault/pull/17164)] - secrets/pki/tidy: Add another pair of metrics counting certificates not deleted by the tidy operation. \[[GH-16702](https://togithub.com/hashicorp/vault/pull/16702)] - secrets/pki: Add a new flag to issue/sign APIs which can filter out root CAs from the returned ca_chain field \[[GH-16935](https://togithub.com/hashicorp/vault/pull/16935)] - secrets/pki: Add a warning to any successful response when the requested TTL is overwritten by MaxTTL \[[GH-17073](https://togithub.com/hashicorp/vault/pull/17073)] - secrets/pki: Add ability to cancel tidy operations, control tidy resource usage. \[[GH-16958](https://togithub.com/hashicorp/vault/pull/16958)] - secrets/pki: Add ability to periodically rebuild CRL before expiry \[[GH-16762](https://togithub.com/hashicorp/vault/pull/16762)] - secrets/pki: Add ability to periodically run tidy operations to remove expired certificates. \[[GH-16900](https://togithub.com/hashicorp/vault/pull/16900)] - secrets/pki: Add support for per-issuer Authority Information Access (AIA) URLs \[[GH-16563](https://togithub.com/hashicorp/vault/pull/16563)] - secrets/pki: Add support to specify signature bits when generating CSRs through intermediate/generate apis \[[GH-17388](https://togithub.com/hashicorp/vault/pull/17388)] - secrets/pki: Added gauge metrics "secrets.pki.total_revoked_certificates_stored" and "secrets.pki.total_certificates_stored" to track the number of certificates in storage. \[[GH-16676](https://togithub.com/hashicorp/vault/pull/16676)] - secrets/pki: Allow revocation of certificates with explicitly provided certificate (bring your own certificate / BYOC). \[[GH-16564](https://togithub.com/hashicorp/vault/pull/16564)] - secrets/pki: Allow revocation via proving possession of certificate's private key \[[GH-16566](https://togithub.com/hashicorp/vault/pull/16566)] - secrets/pki: Allow tidy to associate revoked certs with their issuers for OCSP performance \[[GH-16871](https://togithub.com/hashicorp/vault/pull/16871)] - secrets/pki: Honor If-Modified-Since header on CA, CRL fetch; requires passthrough_request_headers modification on the mount point. \[[GH-16249](https://togithub.com/hashicorp/vault/pull/16249)] - secrets/pki: Improve stability of association of revoked cert with its parent issuer; when an issuer loses crl-signing usage, do not place certs on default issuer's CRL. \[[GH-16874](https://togithub.com/hashicorp/vault/pull/16874)] - secrets/pki: Support generating delta CRLs for up-to-date CRLs when auto-building is enabled. \[[GH-16773](https://togithub.com/hashicorp/vault/pull/16773)] - secrets/ssh: Add allowed_domains_template to allow templating of allowed_domains. \[[GH-16056](https://togithub.com/hashicorp/vault/pull/16056)] - secrets/ssh: Allow additional text along with a template definition in defaultExtension value fields. \[[GH-16018](https://togithub.com/hashicorp/vault/pull/16018)] - secrets/ssh: Allow the use of Identity templates in the `default_user` field \[[GH-16351](https://togithub.com/hashicorp/vault/pull/16351)] - secrets/transit: Add a dedicated HMAC key type, which can be used with key import. \[[GH-16668](https://togithub.com/hashicorp/vault/pull/16668)] - secrets/transit: Added a parameter to encrypt/decrypt batch operations to allow the caller to override the HTTP response code in case of partial user-input failures. \[[GH-17118](https://togithub.com/hashicorp/vault/pull/17118)] - secrets/transit: Allow configuring the possible salt lengths for RSA PSS signatures. \[[GH-16549](https://togithub.com/hashicorp/vault/pull/16549)] - ssh: Addition of an endpoint `ssh/issue/:role` to allow the creation of signed key pairs \[[GH-15561](https://togithub.com/hashicorp/vault/pull/15561)] - storage/cassandra: tuning parameters for clustered environments `connection_timeout`, `initial_connection_timeout`, `simple_retry_policy_retries`. \[[GH-10467](https://togithub.com/hashicorp/vault/pull/10467)] - storage/gcs: Add documentation explaining how to configure the gcs backend using environment variables instead of options in the configuration stanza \[[GH-14455](https://togithub.com/hashicorp/vault/pull/14455)] - ui: Changed the tokenBoundCidrs tooltip content to clarify that comma separated values are not accepted in this field. \[[GH-15852](https://togithub.com/hashicorp/vault/pull/15852)] - ui: Prevents requests to /sys/internal/ui/resultant-acl endpoint when unauthenticated \[[GH-17139](https://togithub.com/hashicorp/vault/pull/17139)] - ui: Removed deprecated version of core-js 2.6.11 \[[GH-15898](https://togithub.com/hashicorp/vault/pull/15898)] - ui: Renamed labels under Tools for wrap, lookup, rewrap and unwrap with description. \[[GH-16489](https://togithub.com/hashicorp/vault/pull/16489)] - ui: Replaces non-inclusive terms \[[GH-17116](https://togithub.com/hashicorp/vault/pull/17116)] - ui: redirect_to param forwards from auth route when authenticated \[[GH-16821](https://togithub.com/hashicorp/vault/pull/16821)] - website/docs: API generate-recovery-token documentation. \[[GH-16213](https://togithub.com/hashicorp/vault/pull/16213)] - website/docs: Add documentation around the expensiveness of making lots of lease count quotas in a short period \[[GH-16950](https://togithub.com/hashicorp/vault/pull/16950)] - website/docs: Removes mentions of unauthenticated from internal ui resultant-acl doc \[[GH-17139](https://togithub.com/hashicorp/vault/pull/17139)] - website/docs: Update replication docs to mention Integrated Storage \[[GH-16063](https://togithub.com/hashicorp/vault/pull/16063)] - website/docs: changed to echo for all string examples instead of (<<<) here-string. \[[GH-9081](https://togithub.com/hashicorp/vault/pull/9081)] BUG FIXES: - agent/template: Fix parsing error for the exec stanza \[[GH-16231](https://togithub.com/hashicorp/vault/pull/16231)] - agent: Agent will now respect `max_retries` retry configuration even when caching is set. \[[GH-16970](https://togithub.com/hashicorp/vault/pull/16970)] - agent: Update consul-template for pkiCert bug fixes \[[GH-16087](https://togithub.com/hashicorp/vault/pull/16087)] - api/sys/internal/specs/openapi: support a new "dynamic" query parameter to generate generic mountpaths \[[GH-15835](https://togithub.com/hashicorp/vault/pull/15835)] - api: Fixed erroneous warnings of unrecognized parameters when unwrapping data. \[[GH-16794](https://togithub.com/hashicorp/vault/pull/16794)] - api: Fixed issue with internal/ui/mounts and internal/ui/mounts/(?P<path>.+) endpoints where it was not properly handling /auth/ \[[GH-15552](https://togithub.com/hashicorp/vault/pull/15552)] - api: properly handle switching to/from unix domain socket when changing client address \[[GH-11904](https://togithub.com/hashicorp/vault/pull/11904)] - auth/cert: Vault does not initially load the CRLs in cert auth unless the read/write CRL endpoint is hit. \[[GH-17138](https://togithub.com/hashicorp/vault/pull/17138)] - auth/kerberos: Maintain headers set by the client \[[GH-16636](https://togithub.com/hashicorp/vault/pull/16636)] - auth/kubernetes: Restore support for JWT signature algorithm ES384 \[[GH-160](https://togithub.com/hashicorp/vault-plugin-auth-kubernetes/pull/160)] \[[GH-17161](https://togithub.com/hashicorp/vault/pull/17161)] - auth/token: Fix ignored parameter warnings for valid parameters on token create \[[GH-16938](https://togithub.com/hashicorp/vault/pull/16938)] - command/debug: fix bug where monitor was not honoring configured duration \[[GH-16834](https://togithub.com/hashicorp/vault/pull/16834)] - core (enterprise): Fix bug where wrapping token lookup does not work within namespaces. \[[GH-15583](https://togithub.com/hashicorp/vault/pull/15583)] - core (enterprise): Fix creation of duplicate entities via alias metadata changes on local auth mounts. - core/auth: Return a 403 instead of a 500 for a malformed SSCT \[[GH-16112](https://togithub.com/hashicorp/vault/pull/16112)] - core/identity: Replicate member_entity_ids and policies in identity/group across nodes identically \[[GH-16088](https://togithub.com/hashicorp/vault/pull/16088)] - core/license (enterprise): Always remove stored license and allow unseal to complete when license cleanup fails - core/managed-keys (enterprise): fix panic when having `cache_disable` true - core/quotas (enterprise): Fixed issue with improper counting of leases if lease count quota created after leases - core/quotas: Added globbing functionality on the end of path suffix quota paths \[[GH-16386](https://togithub.com/hashicorp/vault/pull/16386)] - core/quotas: Fix goroutine leak caused by the seal process not fully cleaning up Rate Limit Quotas. \[[GH-17281](https://togithub.com/hashicorp/vault/pull/17281)] - core/replication (enterprise): Don't flush merkle tree pages to disk after losing active duty - core/seal: Fix possible keyring truncation when using the file backend. \[[GH-15946](https://togithub.com/hashicorp/vault/pull/15946)] - core: Fix panic when the plugin catalog returns neither a plugin nor an error. \[[GH-17204](https://togithub.com/hashicorp/vault/pull/17204)] - core: Fixes parsing boolean values for ha_storage backends in config \[[GH-15900](https://togithub.com/hashicorp/vault/pull/15900)] - core: Increase the allowed concurrent gRPC streams over the cluster port. \[[GH-16327](https://togithub.com/hashicorp/vault/pull/16327)] - core: Prevent two or more DR failovers from invalidating SSCT tokens generated on the previous primaries. \[[GH-16956](https://togithub.com/hashicorp/vault/pull/16956)] - database: Invalidate queue should cancel context first to avoid deadlock \[[GH-15933](https://togithub.com/hashicorp/vault/pull/15933)] - debug: Fix panic when capturing debug bundle on Windows \[[GH-14399](https://togithub.com/hashicorp/vault/pull/14399)] - debug: Remove extra empty lines from vault.log when debug command is run \[[GH-16714](https://togithub.com/hashicorp/vault/pull/16714)] - identity (enterprise): Fix a data race when creating an entity for a local alias. - identity/oidc: Adds `claims_supported` to discovery document. \[[GH-16992](https://togithub.com/hashicorp/vault/pull/16992)] - identity/oidc: Change the `state` parameter of the Authorization Endpoint to optional. \[[GH-16599](https://togithub.com/hashicorp/vault/pull/16599)] - identity/oidc: Detect invalid `redirect_uri` values sooner in validation of the Authorization Endpoint. \[[GH-16601](https://togithub.com/hashicorp/vault/pull/16601)] - identity/oidc: Fixes validation of the `request` and `request_uri` parameters. \[[GH-16600](https://togithub.com/hashicorp/vault/pull/16600)] - openapi: Fixed issue where information about /auth/token endpoints was not present with explicit policy permissions \[[GH-15552](https://togithub.com/hashicorp/vault/pull/15552)] - plugin/multiplexing: Fix panic when id doesn't exist in connection map \[[GH-16094](https://togithub.com/hashicorp/vault/pull/16094)] - plugin/secrets/auth: Fix a bug with aliased backends such as aws-ec2 or generic \[[GH-16673](https://togithub.com/hashicorp/vault/pull/16673)] - plugins: Corrected the path to check permissions on when the registered plugin name does not match the plugin binary's filename. \[[GH-17340](https://togithub.com/hashicorp/vault/pull/17340)] - quotas/lease-count: Fix lease-count quotas on mounts not properly being enforced when the lease generating request is a read \[[GH-15735](https://togithub.com/hashicorp/vault/pull/15735)] - replication (enterprise): Fix data race in SaveCheckpoint() - replication (enterprise): Fix data race in saveCheckpoint. - replication (enterprise): Fix possible data race during merkle diff/sync - secret/pki: Do not fail validation with a legacy key_bits default value and key_type=any when signing CSRs \[[GH-16246](https://togithub.com/hashicorp/vault/pull/16246)] - secrets/database: Fix a bug where the secret engine would queue up a lot of WAL deletes during startup. \[[GH-16686](https://togithub.com/hashicorp/vault/pull/16686)] - secrets/gcp: Fixes duplicate static account key creation from performance secondary clusters. \[[GH-16534](https://togithub.com/hashicorp/vault/pull/16534)] - secrets/kv: Fix `kv get` issue preventing the ability to read a secret when providing a leading slash \[[GH-16443](https://togithub.com/hashicorp/vault/pull/16443)] - secrets/pki: Allow import of issuers without CRLSign KeyUsage; prohibit setting crl-signing usage on such issuers \[[GH-16865](https://togithub.com/hashicorp/vault/pull/16865)] - secrets/pki: Do not ignore provided signature bits value when signing intermediate and leaf certificates with a managed key \[[GH-17328](https://togithub.com/hashicorp/vault/pull/17328)] - secrets/pki: Do not read revoked certificates from backend when CRL is disabled \[[GH-17385](https://togithub.com/hashicorp/vault/pull/17385)] - secrets/pki: Fix migration to properly handle mounts that contain only keys, no certificates \[[GH-16813](https://togithub.com/hashicorp/vault/pull/16813)] - secrets/pki: Ignore EC PARAMETER PEM blocks during issuer import (/config/ca, /issuers/import/\*, and /intermediate/set-signed) \[[GH-16721](https://togithub.com/hashicorp/vault/pull/16721)] - secrets/pki: LIST issuers endpoint is now unauthenticated. \[[GH-16830](https://togithub.com/hashicorp/vault/pull/16830)] - secrets/transform (enterprise): Fix an issue loading tokenization transform configuration after a specific sequence of reconfigurations. - secrets/transform (enterprise): Fix persistence problem with tokenization store credentials. - storage/raft (enterprise): Fix some storage-modifying RPCs used by perf standbys that weren't returning the resulting WAL state. - storage/raft (enterprise): Prevent unauthenticated voter status change with rejoin \[[GH-16324](https://togithub.com/hashicorp/vault/pull/16324)] - storage/raft: Fix retry_join initialization failure \[[GH-16550](https://togithub.com/hashicorp/vault/pull/16550)] - storage/raft: Nodes no longer get demoted to nonvoter if we don't know their version due to missing heartbeats. \[[GH-17019](https://togithub.com/hashicorp/vault/pull/17019)] - ui/keymgmt: Sets the defaultValue for type when creating a key. \[[GH-17407](https://togithub.com/hashicorp/vault/pull/17407)] - ui: Fix OIDC callback to accept namespace flag in different formats \[[GH-16886](https://togithub.com/hashicorp/vault/pull/16886)] - ui: Fix info tooltip submitting form \[[GH-16659](https://togithub.com/hashicorp/vault/pull/16659)] - ui: Fix issue logging in with JWT auth method \[[GH-16466](https://togithub.com/hashicorp/vault/pull/16466)] - ui: Fix lease force revoke action \[[GH-16930](https://togithub.com/hashicorp/vault/pull/16930)] - ui: Fix naming of permitted_dns_domains form parameter on CA creation (root generation and sign intermediate). \[[GH-16739](https://togithub.com/hashicorp/vault/pull/16739)] - ui: Fixed bug where red spellcheck underline appears in sensitive/secret kv values when it should not appear \[[GH-15681](https://togithub.com/hashicorp/vault/pull/15681)] - ui: Fixes secret version and status menu links transitioning to auth screen \[[GH-16983](https://togithub.com/hashicorp/vault/pull/16983)] - ui: OIDC login type uses localStorage instead of sessionStorage \[[GH-16170](https://togithub.com/hashicorp/vault/pull/16170)] - vault: Fix a bug where duplicate policies could be added to an identity group. \[[GH-15638](https://togithub.com/hashicorp/vault/pull/15638)] </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMzUuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> |
||
|
renovate[bot]
|
70ccadba0d
|
fix(deps): update module github.com/hashicorp/vault/api to v1.12.0 | ||
|
Harald Hoyer
|
b315f69d24
|
fix(deps): update module golang.org/x/crypto to v0.19.0 (#30)
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | golang.org/x/crypto | `v0.18.0` -> `v0.19.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMjEuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> |
||
|
renovate[bot]
|
4f2a43c429
|
fix(deps): update module golang.org/x/crypto to v0.19.0 | ||
|
Harald Hoyer
|
ba015d1a16
|
chore(deps): update trufflesecurity/trufflehog action to v3.67.5 (#29)
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) | action | minor | `v3.63.5` -> `v3.67.5` | --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.67.5`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.5) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.4...v3.67.5) #### What's Changed - Fix handling of GitHub ratelimit information by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2041](https://togithub.com/trufflesecurity/trufflehog/pull/2041) - Set GHA workdir by [@​zricethezav](https://togithub.com/zricethezav) in [https://github.com/trufflesecurity/trufflehog/pull/2393](https://togithub.com/trufflesecurity/trufflehog/pull/2393) - Allow CLI version pinning in GHA ([#​2397](https://togithub.com/trufflesecurity/trufflehog/issues/2397)) by [@​skeweredlogic](https://togithub.com/skeweredlogic) in [https://github.com/trufflesecurity/trufflehog/pull/2398](https://togithub.com/trufflesecurity/trufflehog/pull/2398) - \[bug] - prevent concurrent map writes by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2399](https://togithub.com/trufflesecurity/trufflehog/pull/2399) - Allow multiple domains for Forager by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2400](https://togithub.com/trufflesecurity/trufflehog/pull/2400) - Update GitParse to handle quoted binary filenames by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2391](https://togithub.com/trufflesecurity/trufflehog/pull/2391) - \[feat] - buffered file writer metrics by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2395](https://togithub.com/trufflesecurity/trufflehog/pull/2395) #### New Contributors - [@​skeweredlogic](https://togithub.com/skeweredlogic) made their first contribution in [https://github.com/trufflesecurity/trufflehog/pull/2398](https://togithub.com/trufflesecurity/trufflehog/pull/2398) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.67.4...v3.67.5 ### [`v3.67.4`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.4) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.3...v3.67.4) #### What's Changed - \[feat] - use diff chan by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2387](https://togithub.com/trufflesecurity/trufflehog/pull/2387) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.67.3...v3.67.4 ### [`v3.67.3`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.3) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.2...v3.67.3) #### What's Changed - Disable GitHub wiki scanning by default by [@​rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2386](https://togithub.com/trufflesecurity/trufflehog/pull/2386) - Fix binary file hanging bug in git sources by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2388](https://togithub.com/trufflesecurity/trufflehog/pull/2388) - tightening opsgenie detection and verification by [@​dylanTruffle](https://togithub.com/dylanTruffle) in [https://github.com/trufflesecurity/trufflehog/pull/2389](https://togithub.com/trufflesecurity/trufflehog/pull/2389) - Make `SkipFile` case-insensitive by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2383](https://togithub.com/trufflesecurity/trufflehog/pull/2383) - \[not-fixup] - Reduce memory consumption for Buffered File Writer by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2377](https://togithub.com/trufflesecurity/trufflehog/pull/2377) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.67.2...v3.67.3 ### [`v3.67.2`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.2) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/3.67.1...v3.67.2) #### What's Changed - \[bug] - unhashable map key by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2374](https://togithub.com/trufflesecurity/trufflehog/pull/2374) - custom detector docs improvement by [@​dxa4481](https://togithub.com/dxa4481) in [https://github.com/trufflesecurity/trufflehog/pull/2376](https://togithub.com/trufflesecurity/trufflehog/pull/2376) - \[fixup] - correctly use the buffered file writer by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2373](https://togithub.com/trufflesecurity/trufflehog/pull/2373) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.67.1...v3.67.2 ### [`v3.67.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/3.67.1...3.67.1) #### What's Changed - \[chore] Cleanup GitLab source errors by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2345](https://togithub.com/trufflesecurity/trufflehog/pull/2345) - \[feat] - concurently scan the filesystem source by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2364](https://togithub.com/trufflesecurity/trufflehog/pull/2364) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/3.67.1...v3.67.1 ### [`v3.67.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.0...3.67.1) ##### What's Changed - \[chore] Cleanup GitLab source errors by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2345](https://togithub.com/trufflesecurity/trufflehog/pull/2345) - \[feat] - concurently scan the filesystem source by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2364](https://togithub.com/trufflesecurity/trufflehog/pull/2364) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/3.67.1...v3.67.1 ### [`v3.67.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.3...v3.67.0) #### What's Changed - Make AzureDevopsPersonalAccessToken verification more robust by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2359](https://togithub.com/trufflesecurity/trufflehog/pull/2359) - Polite Verification by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2356](https://togithub.com/trufflesecurity/trufflehog/pull/2356) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.66.3...v3.67.0 ### [`v3.66.3`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.3) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.2...v3.66.3) #### What's Changed - Allow for configuring the buffered file writer by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2319](https://togithub.com/trufflesecurity/trufflehog/pull/2319) - added flyio protos by [@​lonmarsDev](https://togithub.com/lonmarsDev) in [https://github.com/trufflesecurity/trufflehog/pull/2357](https://togithub.com/trufflesecurity/trufflehog/pull/2357) - Scan GitHub wikis by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2233](https://togithub.com/trufflesecurity/trufflehog/pull/2233) - \[chore] Add filesystem integration test by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2358](https://togithub.com/trufflesecurity/trufflehog/pull/2358) - update azure test files to check rawV2 by [@​roxanne-tampus](https://togithub.com/roxanne-tampus) in [https://github.com/trufflesecurity/trufflehog/pull/2353](https://togithub.com/trufflesecurity/trufflehog/pull/2353) - \[bug] fix script change by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2360](https://togithub.com/trufflesecurity/trufflehog/pull/2360) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.66.2...v3.66.3 ### [`v3.66.2`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.2) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.1...v3.66.2) #### What's Changed - Update the template detector by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2342](https://togithub.com/trufflesecurity/trufflehog/pull/2342) - Detectors Updates 1 for Tristate Verification by [@​0x1](https://togithub.com/0x1) in [https://github.com/trufflesecurity/trufflehog/pull/2187](https://togithub.com/trufflesecurity/trufflehog/pull/2187) - Fix filesystem enumeration ignore paths bug by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2355](https://togithub.com/trufflesecurity/trufflehog/pull/2355) - \[feat] - tmp file diffs by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2306](https://togithub.com/trufflesecurity/trufflehog/pull/2306) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.66.1...v3.66.2 ### [`v3.66.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.0...v3.66.1) #### What's Changed - Azure function key is throwing FPs by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2352](https://togithub.com/trufflesecurity/trufflehog/pull/2352) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.66.0...v3.66.1 ### [`v3.66.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.65.0...v3.66.0) #### What's Changed - \[chore] - make sure to close connections after testing by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2343](https://togithub.com/trufflesecurity/trufflehog/pull/2343) - Prevent print or logging in detectors by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2341](https://togithub.com/trufflesecurity/trufflehog/pull/2341) - Add the new MaxMind license key format by [@​faktas2](https://togithub.com/faktas2) in [https://github.com/trufflesecurity/trufflehog/pull/2181](https://togithub.com/trufflesecurity/trufflehog/pull/2181) - updates to plain and json printing to include verification error by [@​0x1](https://togithub.com/0x1) in [https://github.com/trufflesecurity/trufflehog/pull/2335](https://togithub.com/trufflesecurity/trufflehog/pull/2335) - added azurefunctionkey detector by [@​roxanne-tampus](https://togithub.com/roxanne-tampus) in [https://github.com/trufflesecurity/trufflehog/pull/2337](https://togithub.com/trufflesecurity/trufflehog/pull/2337) - added azuresearchadminkey detector by [@​roxanne-tampus](https://togithub.com/roxanne-tampus) in [https://github.com/trufflesecurity/trufflehog/pull/2348](https://togithub.com/trufflesecurity/trufflehog/pull/2348) - added azuresearchquerykey detector by [@​roxanne-tampus](https://togithub.com/roxanne-tampus) in [https://github.com/trufflesecurity/trufflehog/pull/2349](https://togithub.com/trufflesecurity/trufflehog/pull/2349) - Improve fp ignore logic by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2351](https://togithub.com/trufflesecurity/trufflehog/pull/2351) #### New Contributors - [@​faktas2](https://togithub.com/faktas2) made their first contribution in [https://github.com/trufflesecurity/trufflehog/pull/2181](https://togithub.com/trufflesecurity/trufflehog/pull/2181) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.65.0...v3.66.0 ### [`v3.65.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.65.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.64.0...v3.65.0) #### What's Changed - Walk directories in filesystem source enumeration by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2313](https://togithub.com/trufflesecurity/trufflehog/pull/2313) - added azuredevopspersonalaccesstoken detector by [@​roxanne-tampus](https://togithub.com/roxanne-tampus) in [https://github.com/trufflesecurity/trufflehog/pull/2315](https://togithub.com/trufflesecurity/trufflehog/pull/2315) - updating doppler logic by [@​joeleonjr](https://togithub.com/joeleonjr) in [https://github.com/trufflesecurity/trufflehog/pull/2329](https://togithub.com/trufflesecurity/trufflehog/pull/2329) - add priority semaphore to source manager by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2336](https://togithub.com/trufflesecurity/trufflehog/pull/2336) - Add Google oauth2 token detector by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2274](https://togithub.com/trufflesecurity/trufflehog/pull/2274) - Update DockerHub detector logic by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2266](https://togithub.com/trufflesecurity/trufflehog/pull/2266) - Improve GitHub scan logging by [@​rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2220](https://togithub.com/trufflesecurity/trufflehog/pull/2220) - add tri-state verification to yelp by [@​zubairk14](https://togithub.com/zubairk14) in [https://github.com/trufflesecurity/trufflehog/pull/1736](https://togithub.com/trufflesecurity/trufflehog/pull/1736) - Fix broken test by [@​dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2339](https://togithub.com/trufflesecurity/trufflehog/pull/2339) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.64.0...v3.65.0 ### [`v3.64.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.64.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.11...v3.64.0) #### What's Changed - Add prometheus metrics to measure hook execution time by [@​mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2312](https://togithub.com/trufflesecurity/trufflehog/pull/2312) - updating detector logic for zenscrape by [@​joeleonjr](https://togithub.com/joeleonjr) in [https://github.com/trufflesecurity/trufflehog/pull/2316](https://togithub.com/trufflesecurity/trufflehog/pull/2316) - fix for incorrect AWS account number identification by [@​joeleonjr](https://togithub.com/joeleonjr) in [https://github.com/trufflesecurity/trufflehog/pull/2332](https://togithub.com/trufflesecurity/trufflehog/pull/2332) - Narrow Postgres detector to only look for URIs by [@​rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2314](https://togithub.com/trufflesecurity/trufflehog/pull/2314) - Update Gitlab repo count in tests by [@​rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2333](https://togithub.com/trufflesecurity/trufflehog/pull/2333) - \[feat] - Replace regexp pkg w/ go-re2 in detectors by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2324](https://togithub.com/trufflesecurity/trufflehog/pull/2324) **Full Changelog**: https://github.com/trufflesecurity/trufflehog/compare/v3.63.11...v3.64.0 ### [`v3.63.11`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.11) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.10...v3.63.11) #### What's Changed - \[fixup] - save 8 bytes per chunk by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2310](https://togithub.com/trufflesecurity/trufflehog/pull/2310) - fix(deps): update module github.com/hashicorp/golang-lru to v2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2054](https://togithub.com/trufflesecurity/trufflehog/pull/2054) - \[chore] - Update Chunk struct comment by [@​ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2317](https://togithub.com/trufflesecurity/trufflehog/pull/2317) - fix(deps): update golang.org/x/exp digest to [`1b97071`]( |
||
|
renovate[bot]
|
ebd82588eb
|
chore(deps): update trufflesecurity/trufflehog action to v3.67.5 | ||
|
Harald Hoyer
|
1123c5a32a
|
feat: get current unix time for verification with NTS (#35)
otherwise it could have been faked from the host. |
||
|
Harald Hoyer
|
f9409fa871
|
feat: get current unix time for verification with NTS
otherwise it could have been faked from the host. Signed-off-by: Harald Hoyer <harald@matterlabs.dev> |
||
|
Harald Hoyer
|
049add9d2c
|
feat: restructure project and fix vault/sdk version (#33) | ||
|
Harald Hoyer
|
5ff9123086
|
chore: flake update
Signed-off-by: Harald Hoyer <harald@matterlabs.dev> |
||
|
renovate[bot]
|
d55f035d34
|
feat: restructure project and fix vault/sdk version
Signed-off-by: Harald Hoyer <harald@matterlabs.dev> |
