vault-auth-tee

mirror of https://github.com/matter-labs/vault-auth-tee.git synced 2025-07-21 15:53:55 +02:00

Author	SHA1	Message	Date
Harald Hoyer	94c86df4d5	fix: enable clearing the `sgx_mrsigner` and `sgx_mrenclave` field Add the ability to clear the `sgx_mrsigner` and `sgx_mrenclave` field. Otherwise we cannot switch from `sgx_mrenclave` to `sgx_mrsigner` based authentication. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-27 11:58:55 +01:00
Harald Hoyer	0f9a672c99	chore: add nix subpackage with shasum of plugin (#40 )	2024-02-22 10:11:29 +01:00
Harald Hoyer	6fb44c0183	chore: add nix subpackage with shasum of plugin Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-22 09:57:39 +01:00
Harald Hoyer	cef9c48359	chore(deps): update trufflesecurity/trufflehog action to v3.68.0 (#39 ) chore(deps): update trufflesecurity/trufflehog action to v3.68.0	2024-02-21 22:49:23 +01:00
renovate[bot]	5c779e1b58	chore(deps): update trufflesecurity/trufflehog action to v3.68.0	2024-02-21 18:08:31 +00:00
Harald Hoyer	b7d0a483b5	chore: use snowfall lib for nix flake (#38 )	2024-02-15 18:25:32 +01:00
Harald Hoyer	a43f83d834	chore: use snowfall lib for nix flake Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-15 11:08:13 +01:00
Harald Hoyer	1cd15d46d0	chore(deps): update trufflesecurity/trufflehog action to v3.67.6 (#37 ) chore(deps): update trufflesecurity/trufflehog action to v3.67.6	2024-02-13 18:14:15 +01:00
renovate[bot]	b93bd6540c	chore(deps): update trufflesecurity/trufflehog action to v3.67.6	2024-02-13 16:41:46 +00:00
Harald Hoyer	beeb93ed62	feat: build the container image with nix (#36 )	2024-02-13 14:24:43 +01:00
Harald Hoyer	4fabbf8f3f	feat: build the container image with nix Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-13 13:21:23 +01:00
Harald Hoyer	b0653b4246	fix(deps): update module github.com/hashicorp/vault/api to v1.12.0 (#31 ) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Change \| Age \| Adoption \| Passing \| Confidence \| \|---\|---\|---\|---\|---\|---\| \| [github.com/hashicorp/vault/api](https://togithub.com/hashicorp/vault) \| `v1.11.0` -> `v1.12.0` \| [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fhashicorp%2fvault%2fapi/v1.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fhashicorp%2fvault%2fapi/v1.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fhashicorp%2fvault%2fapi/v1.11.0/v1.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fhashicorp%2fvault%2fapi/v1.11.0/v1.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| --- ### Release Notes <details> <summary>hashicorp/vault (github.com/hashicorp/vault/api)</summary> ### [`v1.12.0`](https://togithub.com/hashicorp/vault/releases/tag/v1.12.0) [Compare Source](https://togithub.com/hashicorp/vault/compare/v1.11.0...v1.12.0) ##### 1.12.0 ##### October 13, 2022 CHANGES: - api: Exclusively use `GET /sys/plugins/catalog` endpoint for listing plugins, and add `details` field to list responses. \[[GH-17347](https://togithub.com/hashicorp/vault/pull/17347)] - auth: `GET /sys/auth/:name` endpoint now returns an additional `deprecation_status` field in the response data for builtins. \[[GH-16849](https://togithub.com/hashicorp/vault/pull/16849)] - auth: `GET /sys/auth` endpoint now returns an additional `deprecation_status` field in the response data for builtins. \[[GH-16849](https://togithub.com/hashicorp/vault/pull/16849)] - auth: `POST /sys/auth/:type` endpoint response contains a warning for `Deprecated` auth methods. \[[GH-17058](https://togithub.com/hashicorp/vault/pull/17058)] - auth: `auth enable` returns an error and `POST /sys/auth/:type` endpoint reports an error for `Pending Removal` auth methods. \[[GH-17005](https://togithub.com/hashicorp/vault/pull/17005)] - core/entities: Fixed stranding of aliases upon entity merge, and require explicit selection of which aliases should be kept when some must be deleted \[[GH-16539](https://togithub.com/hashicorp/vault/pull/16539)] - core: Bump Go version to 1.19.2. - core: Validate input parameters for vault operator init command. Vault 1.12 CLI version is needed to run operator init now. \[[GH-16379](https://togithub.com/hashicorp/vault/pull/16379)] - identity: a request to `/identity/group` that includes `member_group_ids` that contains a cycle will now be responded to with a 400 rather than 500 \[[GH-15912](https://togithub.com/hashicorp/vault/pull/15912)] - licensing (enterprise): Terminated licenses will no longer result in shutdown. Instead, upgrades will not be allowed if the license termination time is before the build date of the binary. - plugins: Add plugin version to auth register, list, and mount table \[[GH-16856](https://togithub.com/hashicorp/vault/pull/16856)] - plugins: `GET /sys/plugins/catalog/:type/:name` endpoint contains deprecation status for builtin plugins. \[[GH-17077](https://togithub.com/hashicorp/vault/pull/17077)] - plugins: `GET /sys/plugins/catalog/:type/:name` endpoint now returns an additional `version` field in the response data. \[[GH-16688](https://togithub.com/hashicorp/vault/pull/16688)] - plugins: `GET /sys/plugins/catalog/` endpoint contains deprecation status in `detailed` list. \[[GH-17077](https://togithub.com/hashicorp/vault/pull/17077)] - plugins: `GET /sys/plugins/catalog` endpoint now returns an additional `detailed` field in the response data with a list of additional plugin metadata. \[[GH-16688](https://togithub.com/hashicorp/vault/pull/16688)] - plugins: `plugin info` displays deprecation status for builtin plugins. \[[GH-17077](https://togithub.com/hashicorp/vault/pull/17077)] - plugins: `plugin list` now accepts a `-detailed` flag, which display deprecation status and version info. \[[GH-17077](https://togithub.com/hashicorp/vault/pull/17077)] - secrets/azure: Removed deprecated AAD graph API support from the secrets engine. \[[GH-17180](https://togithub.com/hashicorp/vault/pull/17180)] - secrets: All database-specific (standalone DB) secrets engines are now marked `Pending Removal`. \[[GH-17038](https://togithub.com/hashicorp/vault/pull/17038)] - secrets: `GET /sys/mounts/:name` endpoint now returns an additional `deprecation_status` field in the response data for builtins. \[[GH-16849](https://togithub.com/hashicorp/vault/pull/16849)] - secrets: `GET /sys/mounts` endpoint now returns an additional `deprecation_status` field in the response data for builtins. \[[GH-16849](https://togithub.com/hashicorp/vault/pull/16849)] - secrets: `POST /sys/mounts/:type` endpoint response contains a warning for `Deprecated` secrets engines. \[[GH-17058](https://togithub.com/hashicorp/vault/pull/17058)] - secrets: `secrets enable` returns an error and `POST /sys/mount/:type` endpoint reports an error for `Pending Removal` secrets engines. \[[GH-17005](https://togithub.com/hashicorp/vault/pull/17005)] FEATURES: - GCP Cloud KMS support for managed keys: Managed keys now support using GCP Cloud KMS keys - LDAP Secrets Engine: Adds the `ldap` secrets engine with service account check-out functionality for all supported schemas. \[[GH-17152](https://togithub.com/hashicorp/vault/pull/17152)] - OCSP Responder: PKI mounts now have an OCSP responder that implements a subset of RFC6960, answering single serial number OCSP requests for a specific cluster's revoked certificates in a mount. \[[GH-16723](https://togithub.com/hashicorp/vault/pull/16723)] - Redis DB Engine: Adding the new Redis database engine that supports the generation of static and dynamic user roles and root credential rotation on a stand alone Redis server. \[[GH-17070](https://togithub.com/hashicorp/vault/pull/17070)] - Redis ElastiCache DB Plugin: Added Redis ElastiCache as a built-in plugin. \[[GH-17075](https://togithub.com/hashicorp/vault/pull/17075)] - Secrets/auth plugin multiplexing: manage multiple plugin configurations with a single plugin process \[[GH-14946](https://togithub.com/hashicorp/vault/pull/14946)] - Transform Key Import (BYOK): The transform secrets engine now supports importing keys for tokenization and FPE transformations - HCP (enterprise): Adding foundational support for self-managed vault nodes to securely communicate with [HashiCorp Cloud Platform](https://cloud.hashicorp.com) as an opt-in feature - ui: UI support for Okta Number Challenge. \[[GH-15998](https://togithub.com/hashicorp/vault/pull/15998)] IMPROVEMENTS: - :core/managed-keys (enterprise): Allow operators to specify PSS signatures and/or hash algorithm for the test/sign api - activity (enterprise): Added new clients unit tests to test accuracy of estimates - agent/auto-auth: Add `exit_on_err` which when set to true, will cause Agent to exit if any errors are encountered during authentication. \[[GH-17091](https://togithub.com/hashicorp/vault/pull/17091)] - agent: Added `disable_idle_connections` configuration to disable leaving idle connections open in auto-auth, caching and templating. \[[GH-15986](https://togithub.com/hashicorp/vault/pull/15986)] - agent: Added `disable_keep_alives` configuration to disable keep alives in auto-auth, caching and templating. \[[GH-16479](https://togithub.com/hashicorp/vault/pull/16479)] - agent: JWT auto auth now supports a `remove_jwt_after_reading` config option which defaults to true. \[[GH-11969](https://togithub.com/hashicorp/vault/pull/11969)] - agent: Send notifications to systemd on start and stop. \[[GH-9802](https://togithub.com/hashicorp/vault/pull/9802)] - api/mfa: Add namespace path to the MFA read/list endpoint \[[GH-16911](https://togithub.com/hashicorp/vault/pull/16911)] - api: Add a sentinel error for missing KV secrets \[[GH-16699](https://togithub.com/hashicorp/vault/pull/16699)] - auth/alicloud: Enables AliCloud roles to be compatible with Vault's role based quotas. \[[GH-17251](https://togithub.com/hashicorp/vault/pull/17251)] - auth/approle: SecretIDs can now be generated with an per-request specified TTL and num_uses. When either the ttl and num_uses fields are not specified, the role's configuration is used. \[[GH-14474](https://togithub.com/hashicorp/vault/pull/14474)] - auth/aws: PKCS7 signatures will now use SHA256 by default in prep for Go 1.18 \[[GH-16455](https://togithub.com/hashicorp/vault/pull/16455)] - auth/azure: Enables Azure roles to be compatible with Vault's role based quotas. \[[GH-17194](https://togithub.com/hashicorp/vault/pull/17194)] - auth/cert: Add metadata to identity-alias \[[GH-14751](https://togithub.com/hashicorp/vault/pull/14751)] - auth/cert: Operators can now specify a CRL distribution point URL, in which case the cert auth engine will fetch and use the CRL from that location rather than needing to push CRLs directly to auth/cert. \[[GH-17136](https://togithub.com/hashicorp/vault/pull/17136)] - auth/cf: Enables CF roles to be compatible with Vault's role based quotas. \[[GH-17196](https://togithub.com/hashicorp/vault/pull/17196)] - auth/gcp: Add support for GCE regional instance groups \[[GH-16435](https://togithub.com/hashicorp/vault/pull/16435)] - auth/gcp: Updates dependencies: `google.golang.org/api@v0.83.0`, `github.com/hashicorp/go-gcp-common@v0.8.0`. \[[GH-17160](https://togithub.com/hashicorp/vault/pull/17160)] - auth/jwt: Adds support for Microsoft US Gov L4 to the Azure provider for groups fetching. \[[GH-16525](https://togithub.com/hashicorp/vault/pull/16525)] - auth/jwt: Improves detection of Windows Subsystem for Linux (WSL) for CLI-based logins. \[[GH-16525](https://togithub.com/hashicorp/vault/pull/16525)] - auth/kerberos: add `add_group_aliases` config to include LDAP groups in Vault group aliases \[[GH-16890](https://togithub.com/hashicorp/vault/pull/16890)] - auth/kerberos: add `remove_instance_name` parameter to the login CLI and the Kerberos config in Vault. This removes any instance names found in the keytab service principal name. \[[GH-16594](https://togithub.com/hashicorp/vault/pull/16594)] - auth/kubernetes: Role resolution for K8S Auth \[[GH-156](https://togithub.com/hashicorp/vault-plugin-auth-kubernetes/pull/156)] \[[GH-17161](https://togithub.com/hashicorp/vault/pull/17161)] - auth/oci: Add support for role resolution. \[[GH-17212](https://togithub.com/hashicorp/vault/pull/17212)] - auth/oidc: Adds support for group membership parsing when using SecureAuth as an OIDC provider. \[[GH-16274](https://togithub.com/hashicorp/vault/pull/16274)] - cli: CLI commands will print a warning if flags will be ignored because they are passed after positional arguments. \[[GH-16441](https://togithub.com/hashicorp/vault/pull/16441)] - cli: `auth` and `secrets` list `-detailed` commands now show Deprecation Status for builtin plugins. \[[GH-16849](https://togithub.com/hashicorp/vault/pull/16849)] - cli: `vault plugin list` now has a `details` field in JSON format, and version and type information in table format. \[[GH-17347](https://togithub.com/hashicorp/vault/pull/17347)] - command/audit: Improve missing type error message \[[GH-16409](https://togithub.com/hashicorp/vault/pull/16409)] - command/server: add `-dev-tls` and `-dev-tls-cert-dir` subcommands to create a Vault dev server with generated certificates and private key. \[[GH-16421](https://togithub.com/hashicorp/vault/pull/16421)] - command: Fix shell completion for KV v2 mounts \[[GH-16553](https://togithub.com/hashicorp/vault/pull/16553)] - core (enterprise): Add HTTP PATCH support for namespaces with an associated `namespace patch` CLI command - core (enterprise): Add check to `vault server` command to ensure configured storage backend is supported. - core (enterprise): Add custom metadata support for namespaces - core/activity: generate hyperloglogs containing clientIds for each month during precomputation \[[GH-16146](https://togithub.com/hashicorp/vault/pull/16146)] - core/activity: refactor activity log api to reuse partial api functions in activity endpoint when current month is specified \[[GH-16162](https://togithub.com/hashicorp/vault/pull/16162)] - core/activity: use monthly hyperloglogs to calculate new clients approximation for current month \[[GH-16184](https://togithub.com/hashicorp/vault/pull/16184)] - core/quotas (enterprise): Added ability to add path suffixes for lease-count resource quotas - core/quotas (enterprise): Added ability to add role information for lease-count resource quotas, to limit login requests on auth mounts made using that role - core/quotas: Added ability to add path suffixes for rate-limit resource quotas \[[GH-15989](https://togithub.com/hashicorp/vault/pull/15989)] - core/quotas: Added ability to add role information for rate-limit resource quotas, to limit login requests on auth mounts made using that role \[[GH-16115](https://togithub.com/hashicorp/vault/pull/16115)] - core: Activity log goroutine management improvements to allow tests to be more deterministic. \[[GH-17028](https://togithub.com/hashicorp/vault/pull/17028)] - core: Add `sys/loggers` and `sys/loggers/:name` endpoints to provide ability to modify logging verbosity \[[GH-16111](https://togithub.com/hashicorp/vault/pull/16111)] - core: Handle and log deprecated builtin mounts. Introduces `VAULT_ALLOW_PENDING_REMOVAL_MOUNTS` to override shutdown and error when attempting to mount `Pending Removal` builtin plugins. \[[GH-17005](https://togithub.com/hashicorp/vault/pull/17005)] - core: Limit activity log client count usage by namespaces \[[GH-16000](https://togithub.com/hashicorp/vault/pull/16000)] - core: Upgrade github.com/hashicorp/raft \[[GH-16609](https://togithub.com/hashicorp/vault/pull/16609)] - core: remove gox \[[GH-16353](https://togithub.com/hashicorp/vault/pull/16353)] - docs: Clarify the behaviour of local mounts in the context of DR replication \[[GH-16218](https://togithub.com/hashicorp/vault/pull/16218)] - identity/oidc: Adds support for detailed listing of clients and providers. \[[GH-16567](https://togithub.com/hashicorp/vault/pull/16567)] - identity/oidc: Adds the `client_secret_post` token endpoint authentication method. \[[GH-16598](https://togithub.com/hashicorp/vault/pull/16598)] - identity/oidc: allows filtering the list providers response by an allowed_client_id \[[GH-16181](https://togithub.com/hashicorp/vault/pull/16181)] - identity: Prevent possibility of data races on entity creation. \[[GH-16487](https://togithub.com/hashicorp/vault/pull/16487)] - physical/postgresql: pass context to queries to propagate timeouts and cancellations on requests. \[[GH-15866](https://togithub.com/hashicorp/vault/pull/15866)] - plugins/multiplexing: Added multiplexing support to database plugins if run as external plugins \[[GH-16995](https://togithub.com/hashicorp/vault/pull/16995)] - plugins: Add Deprecation Status method to builtinregistry. \[[GH-16846](https://togithub.com/hashicorp/vault/pull/16846)] - plugins: Added environment variable flag to opt-out specific plugins from multiplexing \[[GH-16972](https://togithub.com/hashicorp/vault/pull/16972)] - plugins: Adding version to plugin GRPC interface \[[GH-17088](https://togithub.com/hashicorp/vault/pull/17088)] - plugins: Plugin catalog supports registering and managing plugins with semantic version information. \[[GH-16688](https://togithub.com/hashicorp/vault/pull/16688)] - replication (enterprise): Fix race in merkle sync that can prevent streaming by returning key value matching provided hash if found in log shipper buffer. - secret/nomad: allow reading CA and client auth certificate from /nomad/config/access \[[GH-15809](https://togithub.com/hashicorp/vault/pull/15809)] - secret/pki: Add RSA PSS signature support for issuing certificates, signing CRLs \[[GH-16519](https://togithub.com/hashicorp/vault/pull/16519)] - secret/pki: Add signature_bits to sign-intermediate, sign-verbatim endpoints \[[GH-16124](https://togithub.com/hashicorp/vault/pull/16124)] - secret/pki: Allow issuing certificates with non-domain, non-email Common Names from roles, sign-verbatim, and as issuers (`cn_validations`). \[[GH-15996](https://togithub.com/hashicorp/vault/pull/15996)] - secret/pki: Allow specifying SKID for cross-signed issuance from older Vault versions. \[[GH-16494](https://togithub.com/hashicorp/vault/pull/16494)] - secret/transit: Allow importing [`Ed25519`](https://togithub.com/hashicorp/vault/commit/Ed25519) keys from [PKCS#8](https://togithub.com/PKCS/vault/issues/8) with inner RFC 5915 ECPrivateKey blobs (NSS-wrapped keys). \[[GH-15742](https://togithub.com/hashicorp/vault/pull/15742)] - secrets/ad: set config default length only if password_policy is missing \[[GH-16140](https://togithub.com/hashicorp/vault/pull/16140)] - secrets/azure: Adds option to permanently delete AzureAD objects created by Vault. \[[GH-17045](https://togithub.com/hashicorp/vault/pull/17045)] - secrets/database/hana: Add ability to customize dynamic usernames \[[GH-16631](https://togithub.com/hashicorp/vault/pull/16631)] - secrets/database/snowflake: Add multiplexing support \[[GH-17159](https://togithub.com/hashicorp/vault/pull/17159)] - secrets/gcp: Updates dependencies: `google.golang.org/api@v0.83.0`, `github.com/hashicorp/go-gcp-common@v0.8.0`. \[[GH-17174](https://togithub.com/hashicorp/vault/pull/17174)] - secrets/gcpkms: Update dependencies: google.golang.org/api@v0.83.0. \[[GH-17199](https://togithub.com/hashicorp/vault/pull/17199)] - secrets/kubernetes: upgrade to v0.2.0 \[[GH-17164](https://togithub.com/hashicorp/vault/pull/17164)] - secrets/pki/tidy: Add another pair of metrics counting certificates not deleted by the tidy operation. \[[GH-16702](https://togithub.com/hashicorp/vault/pull/16702)] - secrets/pki: Add a new flag to issue/sign APIs which can filter out root CAs from the returned ca_chain field \[[GH-16935](https://togithub.com/hashicorp/vault/pull/16935)] - secrets/pki: Add a warning to any successful response when the requested TTL is overwritten by MaxTTL \[[GH-17073](https://togithub.com/hashicorp/vault/pull/17073)] - secrets/pki: Add ability to cancel tidy operations, control tidy resource usage. \[[GH-16958](https://togithub.com/hashicorp/vault/pull/16958)] - secrets/pki: Add ability to periodically rebuild CRL before expiry \[[GH-16762](https://togithub.com/hashicorp/vault/pull/16762)] - secrets/pki: Add ability to periodically run tidy operations to remove expired certificates. \[[GH-16900](https://togithub.com/hashicorp/vault/pull/16900)] - secrets/pki: Add support for per-issuer Authority Information Access (AIA) URLs \[[GH-16563](https://togithub.com/hashicorp/vault/pull/16563)] - secrets/pki: Add support to specify signature bits when generating CSRs through intermediate/generate apis \[[GH-17388](https://togithub.com/hashicorp/vault/pull/17388)] - secrets/pki: Added gauge metrics "secrets.pki.total_revoked_certificates_stored" and "secrets.pki.total_certificates_stored" to track the number of certificates in storage. \[[GH-16676](https://togithub.com/hashicorp/vault/pull/16676)] - secrets/pki: Allow revocation of certificates with explicitly provided certificate (bring your own certificate / BYOC). \[[GH-16564](https://togithub.com/hashicorp/vault/pull/16564)] - secrets/pki: Allow revocation via proving possession of certificate's private key \[[GH-16566](https://togithub.com/hashicorp/vault/pull/16566)] - secrets/pki: Allow tidy to associate revoked certs with their issuers for OCSP performance \[[GH-16871](https://togithub.com/hashicorp/vault/pull/16871)] - secrets/pki: Honor If-Modified-Since header on CA, CRL fetch; requires passthrough_request_headers modification on the mount point. \[[GH-16249](https://togithub.com/hashicorp/vault/pull/16249)] - secrets/pki: Improve stability of association of revoked cert with its parent issuer; when an issuer loses crl-signing usage, do not place certs on default issuer's CRL. \[[GH-16874](https://togithub.com/hashicorp/vault/pull/16874)] - secrets/pki: Support generating delta CRLs for up-to-date CRLs when auto-building is enabled. \[[GH-16773](https://togithub.com/hashicorp/vault/pull/16773)] - secrets/ssh: Add allowed_domains_template to allow templating of allowed_domains. \[[GH-16056](https://togithub.com/hashicorp/vault/pull/16056)] - secrets/ssh: Allow additional text along with a template definition in defaultExtension value fields. \[[GH-16018](https://togithub.com/hashicorp/vault/pull/16018)] - secrets/ssh: Allow the use of Identity templates in the `default_user` field \[[GH-16351](https://togithub.com/hashicorp/vault/pull/16351)] - secrets/transit: Add a dedicated HMAC key type, which can be used with key import. \[[GH-16668](https://togithub.com/hashicorp/vault/pull/16668)] - secrets/transit: Added a parameter to encrypt/decrypt batch operations to allow the caller to override the HTTP response code in case of partial user-input failures. \[[GH-17118](https://togithub.com/hashicorp/vault/pull/17118)] - secrets/transit: Allow configuring the possible salt lengths for RSA PSS signatures. \[[GH-16549](https://togithub.com/hashicorp/vault/pull/16549)] - ssh: Addition of an endpoint `ssh/issue/:role` to allow the creation of signed key pairs \[[GH-15561](https://togithub.com/hashicorp/vault/pull/15561)] - storage/cassandra: tuning parameters for clustered environments `connection_timeout`, `initial_connection_timeout`, `simple_retry_policy_retries`. \[[GH-10467](https://togithub.com/hashicorp/vault/pull/10467)] - storage/gcs: Add documentation explaining how to configure the gcs backend using environment variables instead of options in the configuration stanza \[[GH-14455](https://togithub.com/hashicorp/vault/pull/14455)] - ui: Changed the tokenBoundCidrs tooltip content to clarify that comma separated values are not accepted in this field. \[[GH-15852](https://togithub.com/hashicorp/vault/pull/15852)] - ui: Prevents requests to /sys/internal/ui/resultant-acl endpoint when unauthenticated \[[GH-17139](https://togithub.com/hashicorp/vault/pull/17139)] - ui: Removed deprecated version of core-js 2.6.11 \[[GH-15898](https://togithub.com/hashicorp/vault/pull/15898)] - ui: Renamed labels under Tools for wrap, lookup, rewrap and unwrap with description. \[[GH-16489](https://togithub.com/hashicorp/vault/pull/16489)] - ui: Replaces non-inclusive terms \[[GH-17116](https://togithub.com/hashicorp/vault/pull/17116)] - ui: redirect_to param forwards from auth route when authenticated \[[GH-16821](https://togithub.com/hashicorp/vault/pull/16821)] - website/docs: API generate-recovery-token documentation. \[[GH-16213](https://togithub.com/hashicorp/vault/pull/16213)] - website/docs: Add documentation around the expensiveness of making lots of lease count quotas in a short period \[[GH-16950](https://togithub.com/hashicorp/vault/pull/16950)] - website/docs: Removes mentions of unauthenticated from internal ui resultant-acl doc \[[GH-17139](https://togithub.com/hashicorp/vault/pull/17139)] - website/docs: Update replication docs to mention Integrated Storage \[[GH-16063](https://togithub.com/hashicorp/vault/pull/16063)] - website/docs: changed to echo for all string examples instead of (<<<) here-string. \[[GH-9081](https://togithub.com/hashicorp/vault/pull/9081)] BUG FIXES: - agent/template: Fix parsing error for the exec stanza \[[GH-16231](https://togithub.com/hashicorp/vault/pull/16231)] - agent: Agent will now respect `max_retries` retry configuration even when caching is set. \[[GH-16970](https://togithub.com/hashicorp/vault/pull/16970)] - agent: Update consul-template for pkiCert bug fixes \[[GH-16087](https://togithub.com/hashicorp/vault/pull/16087)] - api/sys/internal/specs/openapi: support a new "dynamic" query parameter to generate generic mountpaths \[[GH-15835](https://togithub.com/hashicorp/vault/pull/15835)] - api: Fixed erroneous warnings of unrecognized parameters when unwrapping data. \[[GH-16794](https://togithub.com/hashicorp/vault/pull/16794)] - api: Fixed issue with internal/ui/mounts and internal/ui/mounts/(?P<path>.+) endpoints where it was not properly handling /auth/ \[[GH-15552](https://togithub.com/hashicorp/vault/pull/15552)] - api: properly handle switching to/from unix domain socket when changing client address \[[GH-11904](https://togithub.com/hashicorp/vault/pull/11904)] - auth/cert: Vault does not initially load the CRLs in cert auth unless the read/write CRL endpoint is hit. \[[GH-17138](https://togithub.com/hashicorp/vault/pull/17138)] - auth/kerberos: Maintain headers set by the client \[[GH-16636](https://togithub.com/hashicorp/vault/pull/16636)] - auth/kubernetes: Restore support for JWT signature algorithm ES384 \[[GH-160](https://togithub.com/hashicorp/vault-plugin-auth-kubernetes/pull/160)] \[[GH-17161](https://togithub.com/hashicorp/vault/pull/17161)] - auth/token: Fix ignored parameter warnings for valid parameters on token create \[[GH-16938](https://togithub.com/hashicorp/vault/pull/16938)] - command/debug: fix bug where monitor was not honoring configured duration \[[GH-16834](https://togithub.com/hashicorp/vault/pull/16834)] - core (enterprise): Fix bug where wrapping token lookup does not work within namespaces. \[[GH-15583](https://togithub.com/hashicorp/vault/pull/15583)] - core (enterprise): Fix creation of duplicate entities via alias metadata changes on local auth mounts. - core/auth: Return a 403 instead of a 500 for a malformed SSCT \[[GH-16112](https://togithub.com/hashicorp/vault/pull/16112)] - core/identity: Replicate member_entity_ids and policies in identity/group across nodes identically \[[GH-16088](https://togithub.com/hashicorp/vault/pull/16088)] - core/license (enterprise): Always remove stored license and allow unseal to complete when license cleanup fails - core/managed-keys (enterprise): fix panic when having `cache_disable` true - core/quotas (enterprise): Fixed issue with improper counting of leases if lease count quota created after leases - core/quotas: Added globbing functionality on the end of path suffix quota paths \[[GH-16386](https://togithub.com/hashicorp/vault/pull/16386)] - core/quotas: Fix goroutine leak caused by the seal process not fully cleaning up Rate Limit Quotas. \[[GH-17281](https://togithub.com/hashicorp/vault/pull/17281)] - core/replication (enterprise): Don't flush merkle tree pages to disk after losing active duty - core/seal: Fix possible keyring truncation when using the file backend. \[[GH-15946](https://togithub.com/hashicorp/vault/pull/15946)] - core: Fix panic when the plugin catalog returns neither a plugin nor an error. \[[GH-17204](https://togithub.com/hashicorp/vault/pull/17204)] - core: Fixes parsing boolean values for ha_storage backends in config \[[GH-15900](https://togithub.com/hashicorp/vault/pull/15900)] - core: Increase the allowed concurrent gRPC streams over the cluster port. \[[GH-16327](https://togithub.com/hashicorp/vault/pull/16327)] - core: Prevent two or more DR failovers from invalidating SSCT tokens generated on the previous primaries. \[[GH-16956](https://togithub.com/hashicorp/vault/pull/16956)] - database: Invalidate queue should cancel context first to avoid deadlock \[[GH-15933](https://togithub.com/hashicorp/vault/pull/15933)] - debug: Fix panic when capturing debug bundle on Windows \[[GH-14399](https://togithub.com/hashicorp/vault/pull/14399)] - debug: Remove extra empty lines from vault.log when debug command is run \[[GH-16714](https://togithub.com/hashicorp/vault/pull/16714)] - identity (enterprise): Fix a data race when creating an entity for a local alias. - identity/oidc: Adds `claims_supported` to discovery document. \[[GH-16992](https://togithub.com/hashicorp/vault/pull/16992)] - identity/oidc: Change the `state` parameter of the Authorization Endpoint to optional. \[[GH-16599](https://togithub.com/hashicorp/vault/pull/16599)] - identity/oidc: Detect invalid `redirect_uri` values sooner in validation of the Authorization Endpoint. \[[GH-16601](https://togithub.com/hashicorp/vault/pull/16601)] - identity/oidc: Fixes validation of the `request` and `request_uri` parameters. \[[GH-16600](https://togithub.com/hashicorp/vault/pull/16600)] - openapi: Fixed issue where information about /auth/token endpoints was not present with explicit policy permissions \[[GH-15552](https://togithub.com/hashicorp/vault/pull/15552)] - plugin/multiplexing: Fix panic when id doesn't exist in connection map \[[GH-16094](https://togithub.com/hashicorp/vault/pull/16094)] - plugin/secrets/auth: Fix a bug with aliased backends such as aws-ec2 or generic \[[GH-16673](https://togithub.com/hashicorp/vault/pull/16673)] - plugins: Corrected the path to check permissions on when the registered plugin name does not match the plugin binary's filename. \[[GH-17340](https://togithub.com/hashicorp/vault/pull/17340)] - quotas/lease-count: Fix lease-count quotas on mounts not properly being enforced when the lease generating request is a read \[[GH-15735](https://togithub.com/hashicorp/vault/pull/15735)] - replication (enterprise): Fix data race in SaveCheckpoint() - replication (enterprise): Fix data race in saveCheckpoint. - replication (enterprise): Fix possible data race during merkle diff/sync - secret/pki: Do not fail validation with a legacy key_bits default value and key_type=any when signing CSRs \[[GH-16246](https://togithub.com/hashicorp/vault/pull/16246)] - secrets/database: Fix a bug where the secret engine would queue up a lot of WAL deletes during startup. \[[GH-16686](https://togithub.com/hashicorp/vault/pull/16686)] - secrets/gcp: Fixes duplicate static account key creation from performance secondary clusters. \[[GH-16534](https://togithub.com/hashicorp/vault/pull/16534)] - secrets/kv: Fix `kv get` issue preventing the ability to read a secret when providing a leading slash \[[GH-16443](https://togithub.com/hashicorp/vault/pull/16443)] - secrets/pki: Allow import of issuers without CRLSign KeyUsage; prohibit setting crl-signing usage on such issuers \[[GH-16865](https://togithub.com/hashicorp/vault/pull/16865)] - secrets/pki: Do not ignore provided signature bits value when signing intermediate and leaf certificates with a managed key \[[GH-17328](https://togithub.com/hashicorp/vault/pull/17328)] - secrets/pki: Do not read revoked certificates from backend when CRL is disabled \[[GH-17385](https://togithub.com/hashicorp/vault/pull/17385)] - secrets/pki: Fix migration to properly handle mounts that contain only keys, no certificates \[[GH-16813](https://togithub.com/hashicorp/vault/pull/16813)] - secrets/pki: Ignore EC PARAMETER PEM blocks during issuer import (/config/ca, /issuers/import/\, and /intermediate/set-signed) \[[GH-16721](https://togithub.com/hashicorp/vault/pull/16721)] - secrets/pki: LIST issuers endpoint is now unauthenticated. \[[GH-16830](https://togithub.com/hashicorp/vault/pull/16830)] - secrets/transform (enterprise): Fix an issue loading tokenization transform configuration after a specific sequence of reconfigurations. - secrets/transform (enterprise): Fix persistence problem with tokenization store credentials. - storage/raft (enterprise): Fix some storage-modifying RPCs used by perf standbys that weren't returning the resulting WAL state. - storage/raft (enterprise): Prevent unauthenticated voter status change with rejoin \[[GH-16324](https://togithub.com/hashicorp/vault/pull/16324)] - storage/raft: Fix retry_join initialization failure \[[GH-16550](https://togithub.com/hashicorp/vault/pull/16550)] - storage/raft: Nodes no longer get demoted to nonvoter if we don't know their version due to missing heartbeats. \[[GH-17019](https://togithub.com/hashicorp/vault/pull/17019)] - ui/keymgmt: Sets the defaultValue for type when creating a key. \[[GH-17407](https://togithub.com/hashicorp/vault/pull/17407)] - ui: Fix OIDC callback to accept namespace flag in different formats \[[GH-16886](https://togithub.com/hashicorp/vault/pull/16886)] - ui: Fix info tooltip submitting form \[[GH-16659](https://togithub.com/hashicorp/vault/pull/16659)] - ui: Fix issue logging in with JWT auth method \[[GH-16466](https://togithub.com/hashicorp/vault/pull/16466)] - ui: Fix lease force revoke action \[[GH-16930](https://togithub.com/hashicorp/vault/pull/16930)] - ui: Fix naming of permitted_dns_domains form parameter on CA creation (root generation and sign intermediate). \[[GH-16739](https://togithub.com/hashicorp/vault/pull/16739)] - ui: Fixed bug where red spellcheck underline appears in sensitive/secret kv values when it should not appear \[[GH-15681](https://togithub.com/hashicorp/vault/pull/15681)] - ui: Fixes secret version and status menu links transitioning to auth screen \[[GH-16983](https://togithub.com/hashicorp/vault/pull/16983)] - ui: OIDC login type uses localStorage instead of sessionStorage \[[GH-16170](https://togithub.com/hashicorp/vault/pull/16170)] - vault: Fix a bug where duplicate policies could be added to an identity group. \[[GH-15638](https://togithub.com/hashicorp/vault/pull/15638)] </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore*: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMzUuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->	2024-02-13 13:07:31 +01:00
renovate[bot]	70ccadba0d	fix(deps): update module github.com/hashicorp/vault/api to v1.12.0	2024-02-13 12:04:10 +00:00
Harald Hoyer	b315f69d24	fix(deps): update module golang.org/x/crypto to v0.19.0 (#30 ) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Change \| Age \| Adoption \| Passing \| Confidence \| \|---\|---\|---\|---\|---\|---\| \| golang.org/x/crypto \| `v0.18.0` -> `v0.19.0` \| [![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fcrypto/v0.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fcrypto/v0.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fcrypto/v0.18.0/v0.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fcrypto/v0.18.0/v0.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMjEuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->	2024-02-13 13:01:57 +01:00
renovate[bot]	4f2a43c429	fix(deps): update module golang.org/x/crypto to v0.19.0	2024-02-13 10:03:04 +00:00
Harald Hoyer	ba015d1a16	chore(deps): update trufflesecurity/trufflehog action to v3.67.5 (#29 ) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) \| action \| minor \| `v3.63.5` -> `v3.67.5` \| --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.67.5`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.5) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.4...v3.67.5) #### What's Changed - Fix handling of GitHub ratelimit information by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2041](https://togithub.com/trufflesecurity/trufflehog/pull/2041) - Set GHA workdir by [@zricethezav](https://togithub.com/zricethezav) in [https://github.com/trufflesecurity/trufflehog/pull/2393](https://togithub.com/trufflesecurity/trufflehog/pull/2393) - Allow CLI version pinning in GHA ([#2397](https://togithub.com/trufflesecurity/trufflehog/issues/2397)) by [@skeweredlogic](https://togithub.com/skeweredlogic) in [https://github.com/trufflesecurity/trufflehog/pull/2398](https://togithub.com/trufflesecurity/trufflehog/pull/2398) - \[bug] - prevent concurrent map writes by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2399](https://togithub.com/trufflesecurity/trufflehog/pull/2399) - Allow multiple domains for Forager by [@dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2400](https://togithub.com/trufflesecurity/trufflehog/pull/2400) - Update GitParse to handle quoted binary filenames by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2391](https://togithub.com/trufflesecurity/trufflehog/pull/2391) - \[feat] - buffered file writer metrics by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2395](https://togithub.com/trufflesecurity/trufflehog/pull/2395) #### New Contributors - [@skeweredlogic](https://togithub.com/skeweredlogic) made their first contribution in [https://github.com/trufflesecurity/trufflehog/pull/2398](https://togithub.com/trufflesecurity/trufflehog/pull/2398) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.67.4...v3.67.5 ### [`v3.67.4`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.4) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.3...v3.67.4) #### What's Changed - \[feat] - use diff chan by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2387](https://togithub.com/trufflesecurity/trufflehog/pull/2387) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.67.3...v3.67.4 ### [`v3.67.3`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.3) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.2...v3.67.3) #### What's Changed - Disable GitHub wiki scanning by default by [@rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2386](https://togithub.com/trufflesecurity/trufflehog/pull/2386) - Fix binary file hanging bug in git sources by [@mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2388](https://togithub.com/trufflesecurity/trufflehog/pull/2388) - tightening opsgenie detection and verification by [@dylanTruffle](https://togithub.com/dylanTruffle) in [https://github.com/trufflesecurity/trufflehog/pull/2389](https://togithub.com/trufflesecurity/trufflehog/pull/2389) - Make `SkipFile` case-insensitive by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2383](https://togithub.com/trufflesecurity/trufflehog/pull/2383) - \[not-fixup] - Reduce memory consumption for Buffered File Writer by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2377](https://togithub.com/trufflesecurity/trufflehog/pull/2377) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.67.2...v3.67.3 ### [`v3.67.2`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.2) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/3.67.1...v3.67.2) #### What's Changed - \[bug] - unhashable map key by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2374](https://togithub.com/trufflesecurity/trufflehog/pull/2374) - custom detector docs improvement by [@dxa4481](https://togithub.com/dxa4481) in [https://github.com/trufflesecurity/trufflehog/pull/2376](https://togithub.com/trufflesecurity/trufflehog/pull/2376) - \[fixup] - correctly use the buffered file writer by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2373](https://togithub.com/trufflesecurity/trufflehog/pull/2373) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.67.1...v3.67.2 ### [`v3.67.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/3.67.1...3.67.1) #### What's Changed - \[chore] Cleanup GitLab source errors by [@mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2345](https://togithub.com/trufflesecurity/trufflehog/pull/2345) - \[feat] - concurently scan the filesystem source by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2364](https://togithub.com/trufflesecurity/trufflehog/pull/2364) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/3.67.1...v3.67.1 ### [`v3.67.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.0...3.67.1) ##### What's Changed - \[chore] Cleanup GitLab source errors by [@mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2345](https://togithub.com/trufflesecurity/trufflehog/pull/2345) - \[feat] - concurently scan the filesystem source by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2364](https://togithub.com/trufflesecurity/trufflehog/pull/2364) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/3.67.1...v3.67.1 ### [`v3.67.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.3...v3.67.0) #### What's Changed - Make AzureDevopsPersonalAccessToken verification more robust by [@dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2359](https://togithub.com/trufflesecurity/trufflehog/pull/2359) - Polite Verification by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2356](https://togithub.com/trufflesecurity/trufflehog/pull/2356) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.66.3...v3.67.0 ### [`v3.66.3`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.3) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.2...v3.66.3) #### What's Changed - Allow for configuring the buffered file writer by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2319](https://togithub.com/trufflesecurity/trufflehog/pull/2319) - added flyio protos by [@lonmarsDev](https://togithub.com/lonmarsDev) in [https://github.com/trufflesecurity/trufflehog/pull/2357](https://togithub.com/trufflesecurity/trufflehog/pull/2357) - Scan GitHub wikis by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2233](https://togithub.com/trufflesecurity/trufflehog/pull/2233) - \[chore] Add filesystem integration test by [@mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2358](https://togithub.com/trufflesecurity/trufflehog/pull/2358) - update azure test files to check rawV2 by [@roxanne-tampus](https://togithub.com/roxanne-tampus) in [https://github.com/trufflesecurity/trufflehog/pull/2353](https://togithub.com/trufflesecurity/trufflehog/pull/2353) - \[bug] fix script change by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2360](https://togithub.com/trufflesecurity/trufflehog/pull/2360) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.66.2...v3.66.3 ### [`v3.66.2`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.2) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.1...v3.66.2) #### What's Changed - Update the template detector by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2342](https://togithub.com/trufflesecurity/trufflehog/pull/2342) - Detectors Updates 1 for Tristate Verification by [@0x1](https://togithub.com/0x1) in [https://github.com/trufflesecurity/trufflehog/pull/2187](https://togithub.com/trufflesecurity/trufflehog/pull/2187) - Fix filesystem enumeration ignore paths bug by [@mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2355](https://togithub.com/trufflesecurity/trufflehog/pull/2355) - \[feat] - tmp file diffs by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2306](https://togithub.com/trufflesecurity/trufflehog/pull/2306) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.66.1...v3.66.2 ### [`v3.66.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.0...v3.66.1) #### What's Changed - Azure function key is throwing FPs by [@dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2352](https://togithub.com/trufflesecurity/trufflehog/pull/2352) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.66.0...v3.66.1 ### [`v3.66.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.65.0...v3.66.0) #### What's Changed - \[chore] - make sure to close connections after testing by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2343](https://togithub.com/trufflesecurity/trufflehog/pull/2343) - Prevent print or logging in detectors by [@dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2341](https://togithub.com/trufflesecurity/trufflehog/pull/2341) - Add the new MaxMind license key format by [@faktas2](https://togithub.com/faktas2) in [https://github.com/trufflesecurity/trufflehog/pull/2181](https://togithub.com/trufflesecurity/trufflehog/pull/2181) - updates to plain and json printing to include verification error by [@0x1](https://togithub.com/0x1) in [https://github.com/trufflesecurity/trufflehog/pull/2335](https://togithub.com/trufflesecurity/trufflehog/pull/2335) - added azurefunctionkey detector by [@roxanne-tampus](https://togithub.com/roxanne-tampus) in [https://github.com/trufflesecurity/trufflehog/pull/2337](https://togithub.com/trufflesecurity/trufflehog/pull/2337) - added azuresearchadminkey detector by [@roxanne-tampus](https://togithub.com/roxanne-tampus) in [https://github.com/trufflesecurity/trufflehog/pull/2348](https://togithub.com/trufflesecurity/trufflehog/pull/2348) - added azuresearchquerykey detector by [@roxanne-tampus](https://togithub.com/roxanne-tampus) in [https://github.com/trufflesecurity/trufflehog/pull/2349](https://togithub.com/trufflesecurity/trufflehog/pull/2349) - Improve fp ignore logic by [@dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2351](https://togithub.com/trufflesecurity/trufflehog/pull/2351) #### New Contributors - [@faktas2](https://togithub.com/faktas2) made their first contribution in [https://github.com/trufflesecurity/trufflehog/pull/2181](https://togithub.com/trufflesecurity/trufflehog/pull/2181) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.65.0...v3.66.0 ### [`v3.65.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.65.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.64.0...v3.65.0) #### What's Changed - Walk directories in filesystem source enumeration by [@mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2313](https://togithub.com/trufflesecurity/trufflehog/pull/2313) - added azuredevopspersonalaccesstoken detector by [@roxanne-tampus](https://togithub.com/roxanne-tampus) in [https://github.com/trufflesecurity/trufflehog/pull/2315](https://togithub.com/trufflesecurity/trufflehog/pull/2315) - updating doppler logic by [@joeleonjr](https://togithub.com/joeleonjr) in [https://github.com/trufflesecurity/trufflehog/pull/2329](https://togithub.com/trufflesecurity/trufflehog/pull/2329) - add priority semaphore to source manager by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2336](https://togithub.com/trufflesecurity/trufflehog/pull/2336) - Add Google oauth2 token detector by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2274](https://togithub.com/trufflesecurity/trufflehog/pull/2274) - Update DockerHub detector logic by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2266](https://togithub.com/trufflesecurity/trufflehog/pull/2266) - Improve GitHub scan logging by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2220](https://togithub.com/trufflesecurity/trufflehog/pull/2220) - add tri-state verification to yelp by [@zubairk14](https://togithub.com/zubairk14) in [https://github.com/trufflesecurity/trufflehog/pull/1736](https://togithub.com/trufflesecurity/trufflehog/pull/1736) - Fix broken test by [@dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2339](https://togithub.com/trufflesecurity/trufflehog/pull/2339) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.64.0...v3.65.0 ### [`v3.64.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.64.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.11...v3.64.0) #### What's Changed - Add prometheus metrics to measure hook execution time by [@mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2312](https://togithub.com/trufflesecurity/trufflehog/pull/2312) - updating detector logic for zenscrape by [@joeleonjr](https://togithub.com/joeleonjr) in [https://github.com/trufflesecurity/trufflehog/pull/2316](https://togithub.com/trufflesecurity/trufflehog/pull/2316) - fix for incorrect AWS account number identification by [@joeleonjr](https://togithub.com/joeleonjr) in [https://github.com/trufflesecurity/trufflehog/pull/2332](https://togithub.com/trufflesecurity/trufflehog/pull/2332) - Narrow Postgres detector to only look for URIs by [@rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2314](https://togithub.com/trufflesecurity/trufflehog/pull/2314) - Update Gitlab repo count in tests by [@rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2333](https://togithub.com/trufflesecurity/trufflehog/pull/2333) - \[feat] - Replace regexp pkg w/ go-re2 in detectors by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2324](https://togithub.com/trufflesecurity/trufflehog/pull/2324) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.63.11...v3.64.0 ### [`v3.63.11`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.11) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.10...v3.63.11) #### What's Changed - \[fixup] - save 8 bytes per chunk by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2310](https://togithub.com/trufflesecurity/trufflehog/pull/2310) - fix(deps): update module github.com/hashicorp/golang-lru to v2 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2054](https://togithub.com/trufflesecurity/trufflehog/pull/2054) - \[chore] - Update Chunk struct comment by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2317](https://togithub.com/trufflesecurity/trufflehog/pull/2317) - fix(deps): update golang.org/x/exp digest to [`1b97071`](`1b97071`) by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2318](https://togithub.com/trufflesecurity/trufflehog/pull/2318) - fix(deps): update module github.com/couchbase/gocb/v2 to v2.7.1 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2320](https://togithub.com/trufflesecurity/trufflehog/pull/2320) - fix(deps): update module github.com/envoyproxy/protoc-gen-validate to v1.0.4 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2322](https://togithub.com/trufflesecurity/trufflehog/pull/2322) - fix(deps): update module github.com/aws/aws-sdk-go to v1.50.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2325](https://togithub.com/trufflesecurity/trufflehog/pull/2325) - \[chore] - reduce test time by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2321](https://togithub.com/trufflesecurity/trufflehog/pull/2321) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.63.10...v3.63.11 ### [`v3.63.10`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.10) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.9...v3.63.10) #### What's Changed - added azure protos by [@roxanne-tampus](https://togithub.com/roxanne-tampus) in [https://github.com/trufflesecurity/trufflehog/pull/2304](https://togithub.com/trufflesecurity/trufflehog/pull/2304) - \[fixup ] - Allow ssh cloning with AWS Code Commit by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2307](https://togithub.com/trufflesecurity/trufflehog/pull/2307) - Assume unauthenticated github scans have public visibility by [@mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2308](https://togithub.com/trufflesecurity/trufflehog/pull/2308) - \[chore] - Add regex and keyword for api_org tokens by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2240](https://togithub.com/trufflesecurity/trufflehog/pull/2240) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.63.9...v3.63.10 ### [`v3.63.9`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.9) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.8...v3.63.9) #### What's Changed - \[chore] - update docs for pre-commit by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2280](https://togithub.com/trufflesecurity/trufflehog/pull/2280) - Ignore common false positives for Parseur Detector by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2229](https://togithub.com/trufflesecurity/trufflehog/pull/2229) - Ignore common Signable false positives by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2230](https://togithub.com/trufflesecurity/trufflehog/pull/2230) - fix(deps): update golang.org/x/exp digest to [`be819d1`](`be819d1`) by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2281](https://togithub.com/trufflesecurity/trufflehog/pull/2281) - \[chore] - update test by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2283](https://togithub.com/trufflesecurity/trufflehog/pull/2283) - adding postgres detector by [@dylanTruffle](https://togithub.com/dylanTruffle) in [https://github.com/trufflesecurity/trufflehog/pull/2108](https://togithub.com/trufflesecurity/trufflehog/pull/2108) - fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.2.1 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2282](https://togithub.com/trufflesecurity/trufflehog/pull/2282) - fix(deps): update golang.org/x/exp digest to [`0dcbfd6`](`0dcbfd6`) by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2284](https://togithub.com/trufflesecurity/trufflehog/pull/2284) - fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.3 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2285](https://togithub.com/trufflesecurity/trufflehog/pull/2285) - Extend memory cache by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2275](https://togithub.com/trufflesecurity/trufflehog/pull/2275) - fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.19 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2286](https://togithub.com/trufflesecurity/trufflehog/pull/2286) - chore(deps): update alpine docker tag to v3.19 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2287](https://togithub.com/trufflesecurity/trufflehog/pull/2287) - chore(deps): update sigstore/cosign-installer action to v3.3.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2290](https://togithub.com/trufflesecurity/trufflehog/pull/2290) - fix(deps): update module cloud.google.com/go/storage to v1.36.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2291](https://togithub.com/trufflesecurity/trufflehog/pull/2291) - fix(deps): update module github.com/aws/aws-sdk-go to v1.49.18 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2292](https://togithub.com/trufflesecurity/trufflehog/pull/2292) - feat(installation): Implement checksum signature verification by [@hibare](https://togithub.com/hibare) in [https://github.com/trufflesecurity/trufflehog/pull/2157](https://togithub.com/trufflesecurity/trufflehog/pull/2157) - fix(deps): update module github.com/aws/aws-sdk-go to v1.49.19 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2294](https://togithub.com/trufflesecurity/trufflehog/pull/2294) - fix(deps): update module github.com/bradleyfalzon/ghinstallation/v2 to v2.9.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2295](https://togithub.com/trufflesecurity/trufflehog/pull/2295) - \[chore] - small updates by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2288](https://togithub.com/trufflesecurity/trufflehog/pull/2288) - \[feat] - Allow for the use of include/exclude path files for filesystem scans by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2297](https://togithub.com/trufflesecurity/trufflehog/pull/2297) - Individuate archive tests by [@rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2293](https://togithub.com/trufflesecurity/trufflehog/pull/2293) - \[feat] - Provide CLI flag to only use custom verifiers by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2299](https://togithub.com/trufflesecurity/trufflehog/pull/2299) - Disable postgres detector because it it too sensitive by [@dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2303](https://togithub.com/trufflesecurity/trufflehog/pull/2303) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.63.8...v3.63.9 ### [`v3.63.8`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.8) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.7...v3.63.8) #### What's Changed - Fix commit message single quote escaping on GitHub Action by [@0x2b3bfa0](https://togithub.com/0x2b3bfa0) in [https://github.com/trufflesecurity/trufflehog/pull/2259](https://togithub.com/trufflesecurity/trufflehog/pull/2259) - fix(deps): update module github.com/go-git/go-git/v5 to v5.11.0 \[security] by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2263](https://togithub.com/trufflesecurity/trufflehog/pull/2263) - Fix non-ASCII whitespace on GitHub Action by [@0x2b3bfa0](https://togithub.com/0x2b3bfa0) in [https://github.com/trufflesecurity/trufflehog/pull/2270](https://togithub.com/trufflesecurity/trufflehog/pull/2270) - Update GitParse logic to handle edge case. by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2206](https://togithub.com/trufflesecurity/trufflehog/pull/2206) - \[chore] Add test to check all versioned detectors are non-zero by [@mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2272](https://togithub.com/trufflesecurity/trufflehog/pull/2272) - Update stripe detector regex by [@NikhilPanwar](https://togithub.com/NikhilPanwar) in [https://github.com/trufflesecurity/trufflehog/pull/2261](https://togithub.com/trufflesecurity/trufflehog/pull/2261) - Update to Sourcegraph Access token format by [@shivasurya](https://togithub.com/shivasurya) in [https://github.com/trufflesecurity/trufflehog/pull/2254](https://togithub.com/trufflesecurity/trufflehog/pull/2254) - Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/trufflesecurity/trufflehog/pull/2278](https://togithub.com/trufflesecurity/trufflehog/pull/2278) - Bump github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/trufflesecurity/trufflehog/pull/2279](https://togithub.com/trufflesecurity/trufflehog/pull/2279) - Wrap temp deletion err by [@rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2277](https://togithub.com/trufflesecurity/trufflehog/pull/2277) - 1833 Fix syslog udp by [@df3rry](https://togithub.com/df3rry) in [https://github.com/trufflesecurity/trufflehog/pull/1835](https://togithub.com/trufflesecurity/trufflehog/pull/1835) #### New Contributors - [@0x2b3bfa0](https://togithub.com/0x2b3bfa0) made their first contribution in [https://github.com/trufflesecurity/trufflehog/pull/2259](https://togithub.com/trufflesecurity/trufflehog/pull/2259) - [@NikhilPanwar](https://togithub.com/NikhilPanwar) made their first contribution in [https://github.com/trufflesecurity/trufflehog/pull/2261](https://togithub.com/trufflesecurity/trufflehog/pull/2261) - [@df3rry](https://togithub.com/df3rry) made their first contribution in [https://github.com/trufflesecurity/trufflehog/pull/1835](https://togithub.com/trufflesecurity/trufflehog/pull/1835) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.63.7...v3.63.8 ### [`v3.63.7`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.7) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.6...v3.63.7) #### What's Changed - Add skip archive support by [@dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2257](https://togithub.com/trufflesecurity/trufflehog/pull/2257) - Skip all binaries by [@bill-rich](https://togithub.com/bill-rich) in [https://github.com/trufflesecurity/trufflehog/pull/2256](https://togithub.com/trufflesecurity/trufflehog/pull/2256) - Add handlerOpts back by [@bill-rich](https://togithub.com/bill-rich) in [https://github.com/trufflesecurity/trufflehog/pull/2258](https://togithub.com/trufflesecurity/trufflehog/pull/2258) - Use directory iterator instead of walkdir by [@dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2260](https://togithub.com/trufflesecurity/trufflehog/pull/2260) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.63.6...v3.63.7 ### [`v3.63.6`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.6) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.5...v3.63.6) #### What's Changed - Adds basic if/else check if pid slice is empty by [@codevbus](https://togithub.com/codevbus) in [https://github.com/trufflesecurity/trufflehog/pull/2244](https://togithub.com/trufflesecurity/trufflehog/pull/2244) - \[fixup] - move cleanup to run by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2245](https://togithub.com/trufflesecurity/trufflehog/pull/2245) - shallow cloning + GitHub Action by [@joeleonjr](https://togithub.com/joeleonjr) in [https://github.com/trufflesecurity/trufflehog/pull/2138](https://togithub.com/trufflesecurity/trufflehog/pull/2138) - Update GitHub extradata by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2219](https://togithub.com/trufflesecurity/trufflehog/pull/2219) - Avoid extraneous authentication attempts when verifying Snowflake by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2057](https://togithub.com/trufflesecurity/trufflehog/pull/2057) - Add missing import by [@dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2246](https://togithub.com/trufflesecurity/trufflehog/pull/2246) - \[bug] - Bug archive handler memory leak by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2247](https://togithub.com/trufflesecurity/trufflehog/pull/2247) - \[chore] - use snake_case for naming by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2238](https://togithub.com/trufflesecurity/trufflehog/pull/2238) - \[chore] - add additional binary extensions to skip by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2235](https://togithub.com/trufflesecurity/trufflehog/pull/2235) - \[chore] - lower logging level by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2249](https://togithub.com/trufflesecurity/trufflehog/pull/2249) - \[bug] - Fix Context Timeout-Induced Goroutine Leak in readInChunks by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2251](https://togithub.com/trufflesecurity/trufflehog/pull/2251) - Dedupe some source log keys by [@rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2250](https://togithub.com/trufflesecurity/trufflehog/pull/2250) - \[fixup] - Refactor to Pass Reader for Binary Diffs and Archived Data; Optimize /tmp Directory Cleanup by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2253](https://togithub.com/trufflesecurity/trufflehog/pull/2253) - Use walkdir for tmp cleanup by [@dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2255](https://togithub.com/trufflesecurity/trufflehog/pull/2255) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.63.5...v3.63.6 </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->	2024-02-13 11:01:28 +01:00
renovate[bot]	ebd82588eb	chore(deps): update trufflesecurity/trufflehog action to v3.67.5	2024-02-13 09:58:14 +00:00
Harald Hoyer	1123c5a32a	feat: get current unix time for verification with NTS (#35 ) otherwise it could have been faked from the host.	2024-02-13 10:57:47 +01:00
Harald Hoyer	f9409fa871	feat: get current unix time for verification with NTS otherwise it could have been faked from the host. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-13 10:26:45 +01:00
Harald Hoyer	049add9d2c	feat: restructure project and fix vault/sdk version (#33 )	2024-02-13 09:32:24 +01:00
Harald Hoyer	5ff9123086	chore: flake update Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-12 17:12:27 +01:00
renovate[bot]	d55f035d34	feat: restructure project and fix vault/sdk version Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-02-12 17:12:24 +01:00
renovate[bot]	518b1bc8d4	chore(deps): update trufflesecurity/trufflehog action to v3.63.5 (#28 ) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) \| action \| patch \| `v3.63.4` -> `v3.63.5` \| --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.63.5`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.5) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.4...v3.63.5) #### What's Changed - \[chore] Prevent panic when ChunkError has a nil Unit by [@mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2227](https://togithub.com/trufflesecurity/trufflehog/pull/2227) - \[feat] - Make skipping binaries configurable by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2226](https://togithub.com/trufflesecurity/trufflehog/pull/2226) - \[chore] Add skip_binaries field to AzureRepos proto message by [@mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2232](https://togithub.com/trufflesecurity/trufflehog/pull/2232) - Don't run detector tests on forks by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2234](https://togithub.com/trufflesecurity/trufflehog/pull/2234) - Update Freshworks verification to check for valid JSON response by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2212](https://togithub.com/trufflesecurity/trufflehog/pull/2212) - Enhance HuggingFace extra data by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2222](https://togithub.com/trufflesecurity/trufflehog/pull/2222) - Convert Shortcut detector to tri-state verification by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2211](https://togithub.com/trufflesecurity/trufflehog/pull/2211) - add secretID to chunk by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2242](https://togithub.com/trufflesecurity/trufflehog/pull/2242) - fix(deps): update module golang.org/x/crypto to v0.17.0 \[security] by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2243](https://togithub.com/trufflesecurity/trufflehog/pull/2243) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.63.4...v3.63.5 </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy45My4xIiwidXBkYXRlZEluVmVyIjoiMzcuOTMuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-12-21 20:10:50 +01:00
renovate[bot]	6ac992c8a4	fix(deps): update module golang.org/x/crypto to v0.17.0 [security] (#27 ) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Change \| Age \| Adoption \| Passing \| Confidence \| \|---\|---\|---\|---\|---\|---\| \| golang.org/x/crypto \| `v0.16.0` -> `v0.17.0` \| [![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fcrypto/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fcrypto/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fcrypto/v0.16.0/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fcrypto/v0.16.0/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| ### GitHub Vulnerability Alerts #### [CVE-2023-48795](https://togithub.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8) ### Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it. ### Mitigations To mitigate this protocol vulnerability, OpenSSH suggested a so-called "strict kex" which alters the SSH handshake to ensure a Man-in-the-Middle attacker cannot introduce unauthenticated messages as well as convey sequence number manipulation across handshakes. Warning: To take effect, both the client and server must support this countermeasure. As a stop-gap measure, peers may also (temporarily) disable the affected algorithms and use unaffected alternatives like AES-GCM instead until patches are available. ### Details The SSH specifications of ChaCha20-Poly1305 (chacha20-poly1305@openssh.com) and Encrypt-then-MAC (-etm@openssh.com MACs) are vulnerable against an arbitrary prefix truncation attack (a.k.a. Terrapin attack). This allows for an extension negotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the first message after SSH_MSG_NEWKEYS, downgrading security, and disabling attack countermeasures in some versions of OpenSSH. When targeting Encrypt-then-MAC, this attack requires the use of a CBC cipher to be practically exploitable due to the internal workings of the cipher mode. Additionally, this novel attack technique can be used to exploit previously unexploitable implementation flaws in a Man-in-the-Middle scenario. The attack works by an attacker injecting an arbitrary number of SSH_MSG_IGNORE messages during the initial key exchange and consequently removing the same number of messages just after the initial key exchange has concluded. This is possible due to missing authentication of the excess SSH_MSG_IGNORE messages and the fact that the implicit sequence numbers used within the SSH protocol are only checked after the initial key exchange. In the case of ChaCha20-Poly1305, the attack is guaranteed to work on every connection as this cipher does not maintain an internal state other than the message's sequence number. In the case of Encrypt-Then-MAC, practical exploitation requires the use of a CBC cipher; while theoretical integrity is broken for all ciphers when using this mode, message processing will fail at the application layer for CTR and stream ciphers. For more details see [https://terrapin-attack.com](https://terrapin-attack.com). ### Impact This attack targets the specification of ChaCha20-Poly1305 (chacha20-poly1305@openssh.com) and Encrypt-then-MAC (-etm@openssh.com), which are widely adopted by well-known SSH implementations and can be considered de-facto standard. These algorithms can be practically exploited; however, in the case of Encrypt-Then-MAC, we additionally require the use of a CBC cipher. As a consequence, this attack works against all well-behaving SSH implementations supporting either of those algorithms and can be used to downgrade (but not fully strip) connection security in case SSH extension negotiation (RFC8308) is supported. The attack may also enable attackers to exploit certain implementation flaws in a man-in-the-middle (MitM) scenario. --- ### Configuration 📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy45My4xIiwidXBkYXRlZEluVmVyIjoiMzcuMTAzLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-12-21 19:59:18 +01:00
renovate[bot]	744fe75acd	chore(deps): update actions/setup-go action to v5 (#23 ) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [actions/setup-go](https://togithub.com/actions/setup-go) \| action \| major \| `v4` -> `v5` \| --- ### Release Notes <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5`](https://togithub.com/actions/setup-go/compare/v4...v5) [Compare Source](https://togithub.com/actions/setup-go/compare/v4...v5) </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44Ny4yIiwidXBkYXRlZEluVmVyIjoiMzcuODcuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-12-21 19:54:09 +01:00
renovate[bot]	6e86de1fcb	fix(deps): update module github.com/hashicorp/go-hclog to v1.6.2 (#21 ) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [github.com/hashicorp/go-hclog](https://togithub.com/hashicorp/go-hclog) \| require \| minor \| `v1.5.0` -> `v1.6.2` \| --- ### Release Notes <details> <summary>hashicorp/go-hclog (github.com/hashicorp/go-hclog)</summary> ### [`v1.6.2`](https://togithub.com/hashicorp/go-hclog/releases/tag/v1.6.2): Fix level syncing [Compare Source](https://togithub.com/hashicorp/go-hclog/compare/v1.6.1...v1.6.2) #### What's Changed - Conside if the level is to be used separately from if the levels should be calculated by [@evanphx](https://togithub.com/evanphx) in [https://github.com/hashicorp/go-hclog/pull/137](https://togithub.com/hashicorp/go-hclog/pull/137) Full Changelog: https://github.com/hashicorp/go-hclog/compare/v1.6.1...v1.6.2 ### [`v1.6.1`](https://togithub.com/hashicorp/go-hclog/releases/tag/v1.6.1): Fix forcing color [Compare Source](https://togithub.com/hashicorp/go-hclog/compare/v1.6.0...v1.6.1) #### What's Changed - Fix colors not being forced on correctly. by [@evanphx](https://togithub.com/evanphx) in [https://github.com/hashicorp/go-hclog/pull/136](https://togithub.com/hashicorp/go-hclog/pull/136) Full Changelog: https://github.com/hashicorp/go-hclog/compare/v1.6.0...v1.6.1 ### [`v1.6.0`](https://togithub.com/hashicorp/go-hclog/releases/tag/v1.6.0): New level inheritance mode [Compare Source](https://togithub.com/hashicorp/go-hclog/compare/v1.5.0...v1.6.0) This release adds the ability to have sub-loggers arrange themselves into a tree and sync the level changes downward in the tree. #### What's Changed - SEC-090: Automated trusted workflow pinning (2023-04-03) by [@hashicorp-tsccr](https://togithub.com/hashicorp-tsccr) in [https://github.com/hashicorp/go-hclog/pull/128](https://togithub.com/hashicorp/go-hclog/pull/128) - Docs: InferLevelsWithTimestamp relies on InferLevels being true by [@peteski22](https://togithub.com/peteski22) in [https://github.com/hashicorp/go-hclog/pull/135](https://togithub.com/hashicorp/go-hclog/pull/135) - Implement the ability to more logically share level hierarchies by [@evanphx](https://togithub.com/evanphx) in [https://github.com/hashicorp/go-hclog/pull/134](https://togithub.com/hashicorp/go-hclog/pull/134) #### New Contributors - [@hashicorp-tsccr](https://togithub.com/hashicorp-tsccr) made their first contribution in [https://github.com/hashicorp/go-hclog/pull/128](https://togithub.com/hashicorp/go-hclog/pull/128) - [@peteski22](https://togithub.com/peteski22) made their first contribution in [https://github.com/hashicorp/go-hclog/pull/135](https://togithub.com/hashicorp/go-hclog/pull/135) Full Changelog: https://github.com/hashicorp/go-hclog/compare/v1.5.0...v1.6.0 </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44MS4zIiwidXBkYXRlZEluVmVyIjoiMzcuODcuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-12-21 16:33:18 +01:00
renovate[bot]	72e1787855	chore(deps): update trufflesecurity/trufflehog action to v3.63.4 (#25 ) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) \| action \| patch \| `v3.63.3` -> `v3.63.4` \| --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.63.4`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.4) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.3...v3.63.4) #### What's Changed - Bump github.com/docker/docker from 24.0.0+incompatible to 24.0.7+incompatible by [@dependabot](https://togithub.com/dependabot) in [https://github.com/trufflesecurity/trufflehog/pull/2213](https://togithub.com/trufflesecurity/trufflehog/pull/2213) - Fix emoji in README by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2217](https://togithub.com/trufflesecurity/trufflehog/pull/2217) - Upgrade sevenzip to v1.4.5 by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2215](https://togithub.com/trufflesecurity/trufflehog/pull/2215) - Encode '%' when generating Git URLs by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2214](https://togithub.com/trufflesecurity/trufflehog/pull/2214) - Fix GitParse trimming whitespace from filename by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2201](https://togithub.com/trufflesecurity/trufflehog/pull/2201) - \[fixup] - Avoid reading decompressed data into memory by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2196](https://togithub.com/trufflesecurity/trufflehog/pull/2196) - Update GitLab v1 verification to check for valid JSON response by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2218](https://togithub.com/trufflesecurity/trufflehog/pull/2218) - Check for SourceUnit support dynamically in the SourceManager by [@mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2205](https://togithub.com/trufflesecurity/trufflehog/pull/2205) - Fix GitHub source showing 0 members by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2202](https://togithub.com/trufflesecurity/trufflehog/pull/2202) - Don't run 'test' workflow in forks by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2221](https://togithub.com/trufflesecurity/trufflehog/pull/2221) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.63.3...v3.63.4 </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy45My4xIiwidXBkYXRlZEluVmVyIjoiMzcuOTMuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-12-15 19:18:34 +01:00
renovate[bot]	89641f1b9e	chore(deps): update trufflesecurity/trufflehog action to v3.63.3 (#24 ) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) \| action \| patch \| `v3.63.2` -> `v3.63.3` \| --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.63.3`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.3) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.2...v3.63.3) #### What's Changed - Use forked sevenzip by [@bill-rich](https://togithub.com/bill-rich) in [https://github.com/trufflesecurity/trufflehog/pull/2180](https://togithub.com/trufflesecurity/trufflehog/pull/2180) - fixing how to rotate URL by [@dylanTruffle](https://togithub.com/dylanTruffle) in [https://github.com/trufflesecurity/trufflehog/pull/2183](https://togithub.com/trufflesecurity/trufflehog/pull/2183) - \[fixup] - Skip trying to determine MIME type for directories by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2178](https://togithub.com/trufflesecurity/trufflehog/pull/2178) - \[feat] - Remove go-git dependency by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2174](https://togithub.com/trufflesecurity/trufflehog/pull/2174) - remove unnecessary Git cmd check by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2175](https://togithub.com/trufflesecurity/trufflehog/pull/2175) - \[chore] - use https for verification endpoints by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2185](https://togithub.com/trufflesecurity/trufflehog/pull/2185) - allow targets for the source manager by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2182](https://togithub.com/trufflesecurity/trufflehog/pull/2182) - Deprecate some detectors by [@dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2186](https://togithub.com/trufflesecurity/trufflehog/pull/2186) - \[chore] - update regex by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2184](https://togithub.com/trufflesecurity/trufflehog/pull/2184) - \[chore] - Compile regex once by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2176](https://togithub.com/trufflesecurity/trufflehog/pull/2176) - Remove Java archives from ignored extensions by [@rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2188](https://togithub.com/trufflesecurity/trufflehog/pull/2188) - \[chore] - Refactor common code into a separate function by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2179](https://togithub.com/trufflesecurity/trufflehog/pull/2179) - \[feat] - add metrics for gitlab by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2190](https://togithub.com/trufflesecurity/trufflehog/pull/2190) - \[bug] - move logic to main Chunks method by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2194](https://togithub.com/trufflesecurity/trufflehog/pull/2194) - \[fixup] - skip files in the archive handler by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2195](https://togithub.com/trufflesecurity/trufflehog/pull/2195) - Check private keys concurrently by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2139](https://togithub.com/trufflesecurity/trufflehog/pull/2139) - Propagate TruffleHog context to handlers by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2191](https://togithub.com/trufflesecurity/trufflehog/pull/2191) - \[bug] - close file after reading by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2203](https://togithub.com/trufflesecurity/trufflehog/pull/2203) - Use bad json in slackwebhooks by [@rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2193](https://togithub.com/trufflesecurity/trufflehog/pull/2193) - Add disk buffer tempfile cleanup by [@codevbus](https://togithub.com/codevbus) in [https://github.com/trufflesecurity/trufflehog/pull/2130](https://togithub.com/trufflesecurity/trufflehog/pull/2130) - \[chore] Remove omitempty tags on JobProgressMetrics and UnitMetrics by [@mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2204](https://togithub.com/trufflesecurity/trufflehog/pull/2204) - Fix azurestorage detector by [@0x1](https://togithub.com/0x1) in [https://github.com/trufflesecurity/trufflehog/pull/2207](https://togithub.com/trufflesecurity/trufflehog/pull/2207) - fix and refactor browserstack detector by [@0x1](https://togithub.com/0x1) in [https://github.com/trufflesecurity/trufflehog/pull/2208](https://togithub.com/trufflesecurity/trufflehog/pull/2208) - \[chore] Remove unnecessary string conversion in tefter detector by [@mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2209](https://togithub.com/trufflesecurity/trufflehog/pull/2209) - Update metabase verification to check for a valid JSON response by [@mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2210](https://togithub.com/trufflesecurity/trufflehog/pull/2210) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.63.2...v3.63.3 </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44Ny4yIiwidXBkYXRlZEluVmVyIjoiMzcuODcuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-12-14 14:20:29 +01:00
renovate[bot]	83b9ee1ca5	chore(deps): update trufflesecurity/trufflehog action to v3.63.2 (#22 ) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) \| action \| patch \| `v3.63.1` -> `v3.63.2` \| --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.63.2`](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.1...v3.63.2) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.1...v3.63.2) </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44MS4zIiwidXBkYXRlZEluVmVyIjoiMzcuODEuMyIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-12-06 15:05:22 +01:00
renovate[bot]	955ae2a72a	fix(deps): update module golang.org/x/crypto to v0.16.0 (#19 ) [![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| golang.org/x/crypto \| require \| minor \| `v0.15.0` -> `v0.16.0` \| --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-11-28 04:44:33 +01:00
renovate[bot]	133ba8bd0a	chore(deps): update trufflesecurity/trufflehog action to v3.63.1 (#18 ) [![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) \| action \| patch \| `v3.63.0` -> `v3.63.1` \| --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.63.1`](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.0...v3.63.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.0...v3.63.1) </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-11-20 20:44:50 +01:00
renovate[bot]	c89d9d1e03	chore(deps): update trufflesecurity/trufflehog action to v3.63.0 (#17 ) [![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) \| action \| minor \| `v3.62.1` -> `v3.63.0` \| --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.63.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.62.1...v3.63.0) #### Changelog - [`39a603d`](`39a603d2`) \[chore] Add JSON tags to job metrics ([#2114](https://togithub.com/trufflesecurity/trufflehog/issues/2114)) - [`d334b30`](`d334b307`) move all Git setup into Init method ([#2105](https://togithub.com/trufflesecurity/trufflehog/issues/2105)) - [`fd33198`](`fd33198a`) add proto fields for Git ([#2104](https://togithub.com/trufflesecurity/trufflehog/issues/2104)) - [`b2042e4`](`b2042e4e`) extract AWS account number from ID without verification ([#2091](https://togithub.com/trufflesecurity/trufflehog/issues/2091)) - [`737d6b7`](`737d6b76`) Adding Sumo Logic how to rotate ([#2103](https://togithub.com/trufflesecurity/trufflehog/issues/2103)) - [`76a0468`](`76a04685`) update protos so we can use the git source for CI ([#2102](https://togithub.com/trufflesecurity/trufflehog/issues/2102)) - [`d066a3f`](`d066a3fa`) Detector-Competition-Feat: Added Replicate API token detector ([#2021](https://togithub.com/trufflesecurity/trufflehog/issues/2021)) - [`bcde785`](`bcde7856`) Detector-Competition-Feat: Added Ngrok API token detector ([#2024](https://togithub.com/trufflesecurity/trufflehog/issues/2024)) - [`1b93c05`](`1b93c054`) Competition-Detector-New:added v2 version for fullstory ([#2067](https://togithub.com/trufflesecurity/trufflehog/issues/2067)) - [`8e3f6e9`](`8e3f6e98`) Add support for user:pass@host to postgres JDBC detector ([#2089](https://togithub.com/trufflesecurity/trufflehog/issues/2089)) - [`1094190`](`1094190f`) Detector-Competition-Feat: Add Overloop detector ([#2080](https://togithub.com/trufflesecurity/trufflehog/issues/2080)) - [`da59b72`](`da59b727`) Detector-Competition-Feat: Added Request.Finance API token detector ([#2020](https://togithub.com/trufflesecurity/trufflehog/issues/2020)) - [`703e158`](`703e1586`) Detector-Competition-New : created grafana service account detector ([#1960](https://togithub.com/trufflesecurity/trufflehog/issues/1960)) - [`b2d541e`](`b2d541e0`) Detector-Competition-Fix: fixed zulipchat detector ([#1990](https://togithub.com/trufflesecurity/trufflehog/issues/1990)) - [`6259b17`](`6259b179`) Grafana ([#2096](https://togithub.com/trufflesecurity/trufflehog/issues/2096)) - [`aabfec4`](`aabfec4c`) Competition-Detector-New: added eventbrite detector ([#2072](https://togithub.com/trufflesecurity/trufflehog/issues/2072)) - [`1371512`](`1371512f`) logz.io detector ([#2076](https://togithub.com/trufflesecurity/trufflehog/issues/2076)) - [`06b5fc2`](`06b5fc25`) Coda Detector ([#2075](https://togithub.com/trufflesecurity/trufflehog/issues/2075)) - [`50a3a82`](`50a3a82c`) fix ([#2094](https://togithub.com/trufflesecurity/trufflehog/issues/2094)) - [`de8889b`](`de8889b4`) Detector-Competition-Fix: Fix LiveAgent Detector & Verifier ([#2001](https://togithub.com/trufflesecurity/trufflehog/issues/2001)) - [`0b90265`](`0b902658`) pulling short lived AWS keys into their own thing, fixes [#1224](https://togithub.com/trufflesecurity/trufflehog/issues/1224) ([#2088](https://togithub.com/trufflesecurity/trufflehog/issues/2088)) - [`7a15633`](`7a156330`) Support multiple detectors per match ([#2065](https://togithub.com/trufflesecurity/trufflehog/issues/2065)) - [`600903f`](`600903f3`) \[chore] Speedup IsKnownFalsePositive using sets ([#2090](https://togithub.com/trufflesecurity/trufflehog/issues/2090)) - [`3b9ecaa`](`3b9ecaa7`) Detector-Competition-Fix: Fix ScraperSite (deprecated) ([#2074](https://togithub.com/trufflesecurity/trufflehog/issues/2074)) - [`41e9cc5`](`41e9cc59`) Detector-Competition-Fix: Fix PassBase (acquired, deprecated) ([#2079](https://togithub.com/trufflesecurity/trufflehog/issues/2079)) - [`b95ed3b`](`b95ed3b4`) Detector-Competition-New - Created Grafana Cloud API Key detector ([#1959](https://togithub.com/trufflesecurity/trufflehog/issues/1959)) - [`9e52e3e`](`9e52e3e8`) Detector-Competition-Fix: Fix/Deprecate Prospect.io ([#2081](https://togithub.com/trufflesecurity/trufflehog/issues/2081)) - [`a1d74cd`](`a1d74cd8`) added resource type mapping to extraData in AWS ([#2087](https://togithub.com/trufflesecurity/trufflehog/issues/2087)) - [`b5cc6c1`](`b5cc6c19`) Detector-Competition-Fix: Fix FakeJSON (deprecated) ([#2073](https://togithub.com/trufflesecurity/trufflehog/issues/2073)) - [`ab89689`](`ab896890`) fixed helpscout detector regex and verifier ([#2056](https://togithub.com/trufflesecurity/trufflehog/issues/2056)) - [`965a274`](`965a274d`) Detector-Competition-Fix: fixed regex for databricks domain and fixed tests ([#1965](https://togithub.com/trufflesecurity/trufflehog/issues/1965)) - [`b6469f2`](`b6469f23`) modified regex ([#2033](https://togithub.com/trufflesecurity/trufflehog/issues/2033)) - [`4106ce7`](`4106ce7b`) Detector-Competition-Feat: Adding Azure Container Registry Password Detector ([#1958](https://togithub.com/trufflesecurity/trufflehog/issues/1958)) - [`07f6c84`](`07f6c84a`) Detector-Competition-Fix: Fix SentimentInvestor (deprecated) ([#2078](https://togithub.com/trufflesecurity/trufflehog/issues/2078)) - [`9d6bc8c`](`9d6bc8c5`) Refactor git source to support scanning units ([#2083](https://togithub.com/trufflesecurity/trufflehog/issues/2083)) - [`52600a8`](`52600a89`) \[chore] Replace chunks channel with ChunkReporter in git based sources ([#2082](https://togithub.com/trufflesecurity/trufflehog/issues/2082)) - [`d55cb56`](`d55cb56d`) update comment ([#2084](https://togithub.com/trufflesecurity/trufflehog/issues/2084)) - [`7197e4b`](`7197e4b3`) use rawv2 for pubnubpublish ([#2062](https://togithub.com/trufflesecurity/trufflehog/issues/2062)) - [`95e0090`](`95e0090b`) \[chore] - correctly handle input shorter than 512 bytes ([#2077](https://togithub.com/trufflesecurity/trufflehog/issues/2077)) - [`89b6315`](`89b6315e`) \[chore] - add binutils dep to dockerfile ([#2061](https://togithub.com/trufflesecurity/trufflehog/issues/2061)) - [`74a56de`](`74a56de8`) update braintreepayments detector to tri-state verification ([#1834](https://togithub.com/trufflesecurity/trufflehog/issues/1834)) - [`8bac2b1`](`8bac2b15`) Detector-Competition-Feat: Adding Azure Batch keys ([#1956](https://togithub.com/trufflesecurity/trufflehog/issues/1956)) - [`499cb64`](`499cb645`) Detector-Competition-Fix: Fix redis to now support SSL, and look for azure redis connection strings ([#1957](https://togithub.com/trufflesecurity/trufflehog/issues/1957)) - [`a4fd17c`](`a4fd17c9`) Detector-Competition-Fix: Fix AppFollow Detection & Verification ([#1933](https://togithub.com/trufflesecurity/trufflehog/issues/1933)) </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-11-17 19:51:13 +01:00
renovate[bot]	791f250fc0	fix(deps): update module golang.org/x/crypto to v0.15.0 (#13 ) [![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| golang.org/x/crypto \| require \| minor \| `v0.14.0` -> `v0.15.0` \| --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40Ni4wIiwidXBkYXRlZEluVmVyIjoiMzcuNDYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-11-16 16:28:05 +01:00
Harald Hoyer	c4efb10c59	ci: remove nix workflow (#16 ) Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2023-11-16 14:58:49 +01:00
Harald Hoyer	f29a1f4831	ci: add go license checker (#15 ) Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2023-11-10 16:47:56 +01:00
renovate[bot]	26dfa5668f	chore(deps): update trufflesecurity/trufflehog action to v3.62.1 (#12 ) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) \| action \| minor \| `v3.60.4` -> `v3.62.1` \| --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.62.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.62.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.62.0...v3.62.1) #### What's Changed - update kingpin import by [@dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/2053](https://togithub.com/trufflesecurity/trufflehog/pull/2053) - Re-add detector version by [@rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2060](https://togithub.com/trufflesecurity/trufflehog/pull/2060) - Detector-Competition-Fix: Fix currencycloud.com API key by [@lc](https://togithub.com/lc) in [https://github.com/trufflesecurity/trufflehog/pull/1917](https://togithub.com/trufflesecurity/trufflehog/pull/1917) - Detector-Competition-Fix: Fix Bitcoin Average detector by [@lc](https://togithub.com/lc) in [https://github.com/trufflesecurity/trufflehog/pull/1929](https://togithub.com/trufflesecurity/trufflehog/pull/1929) - Detector-Competition-Fix: Update formio regex to match Jwt token by [@fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/1935](https://togithub.com/trufflesecurity/trufflehog/pull/1935) - Detector-Competition-Fix: Fix SalesBlink Detection & Verification by [@lc](https://togithub.com/lc) in [https://github.com/trufflesecurity/trufflehog/pull/1950](https://togithub.com/trufflesecurity/trufflehog/pull/1950) - Support multiple custom detectors by [@rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2064](https://togithub.com/trufflesecurity/trufflehog/pull/2064) - \[chore] Fix SourceManager flaky test by [@mcastorina](https://togithub.com/mcastorina) in [https://github.com/trufflesecurity/trufflehog/pull/2059](https://togithub.com/trufflesecurity/trufflehog/pull/2059) - Centralize logic for checking archive extraction tools by [@ahrav](https://togithub.com/ahrav) in [https://github.com/trufflesecurity/trufflehog/pull/2063](https://togithub.com/trufflesecurity/trufflehog/pull/2063) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.62.0...v3.62.1 ### [`v3.62.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.62.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.61.0...v3.62.0) #### What's Changed - Update module github.com/aws/aws-sdk-go to v1.46.6 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2013](https://togithub.com/trufflesecurity/trufflehog/pull/2013) - Update module github.com/bradleyfalzon/ghinstallation/v2 to v2.8.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2014](https://togithub.com/trufflesecurity/trufflehog/pull/2014) - Update module github.com/charmbracelet/lipgloss to v0.9.1 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2015](https://togithub.com/trufflesecurity/trufflehog/pull/2015) - Update module github.com/go-logr/logr to v1.3.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2025](https://togithub.com/trufflesecurity/trufflehog/pull/2025) - Update module github.com/getsentry/sentry-go to v0.25.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2022](https://togithub.com/trufflesecurity/trufflehog/pull/2022) - Update module github.com/google/go-containerregistry to v0.16.1 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2026](https://togithub.com/trufflesecurity/trufflehog/pull/2026) - Update module github.com/google/uuid to v1.4.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2027](https://togithub.com/trufflesecurity/trufflehog/pull/2027) - Update module github.com/hashicorp/golang-lru to v0.6.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2028](https://togithub.com/trufflesecurity/trufflehog/pull/2028) - Update module github.com/rabbitmq/amqp091-go to v1.9.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2030](https://togithub.com/trufflesecurity/trufflehog/pull/2030) - Detector-Competition-Feat: Added LemonSqueezy API token detector by [@fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/2017](https://togithub.com/trufflesecurity/trufflehog/pull/2017) - Update module github.com/prometheus/client_golang to v1.17.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2029](https://togithub.com/trufflesecurity/trufflehog/pull/2029) - Detector-Competition-Feat: Added Budibase API token detector by [@fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/2016](https://togithub.com/trufflesecurity/trufflehog/pull/2016) - Update github.com/bodgit/sevenzip to v1.4.3 by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2039](https://togithub.com/trufflesecurity/trufflehog/pull/2039) - Update module go.uber.org/mock to v0.3.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2038](https://togithub.com/trufflesecurity/trufflehog/pull/2038) - Update module github.com/xanzy/go-gitlab to v0.93.2 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2031](https://togithub.com/trufflesecurity/trufflehog/pull/2031) - Update module github.com/snowflakedb/gosnowflake to v1.6.25 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2042](https://togithub.com/trufflesecurity/trufflehog/pull/2042) - Update module github.com/launchdarkly/go-server-sdk/v6 to v6.1.1 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2043](https://togithub.com/trufflesecurity/trufflehog/pull/2043) - Update module go.uber.org/zap to v1.26.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2044](https://togithub.com/trufflesecurity/trufflehog/pull/2044) - Update module google.golang.org/api to v0.148.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2045](https://togithub.com/trufflesecurity/trufflehog/pull/2045) - Developed Deno Deploy Detector by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/2040](https://togithub.com/trufflesecurity/trufflehog/pull/2040) - Detector-Competition-Feat: Added Stripo API token detector by [@fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/2018](https://togithub.com/trufflesecurity/trufflehog/pull/2018) - fix(deps): update module sigs.k8s.io/yaml to v1.4.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2047](https://togithub.com/trufflesecurity/trufflehog/pull/2047) - Detector-Competition-Feat: Added Reply.io API token detector by [@fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/2019](https://togithub.com/trufflesecurity/trufflehog/pull/2019) - fix(deps): update module github.com/go-git/go-git/v5 to v5.10.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2023](https://togithub.com/trufflesecurity/trufflehog/pull/2023) - adding 'token' keyword to regex for github_old by [@ankushgoel27](https://togithub.com/ankushgoel27) in [https://github.com/trufflesecurity/trufflehog/pull/2037](https://togithub.com/trufflesecurity/trufflehog/pull/2037) - Remove verify flag from Aho-Corasick core by [@rosecodym](https://togithub.com/rosecodym) in [https://github.com/trufflesecurity/trufflehog/pull/2010](https://togithub.com/trufflesecurity/trufflehog/pull/2010) - Add TravisCI source by [@dustin-decker](https://togithub.com/dustin-decker) in [https://github.com/trufflesecurity/trufflehog/pull/1877](https://togithub.com/trufflesecurity/trufflehog/pull/1877) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.61.0...v3.62.0 ### [`v3.61.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.61.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.60.4...v3.61.0) #### What's Changed - Detector-Competition-Fix: Fix/Remove Happi Detection & Verification by [@lc](https://togithub.com/lc) in [https://github.com/trufflesecurity/trufflehog/pull/2003](https://togithub.com/trufflesecurity/trufflehog/pull/2003) - Detector-Competition-Fix: Fix/Remove Flowdock detector by [@lc](https://togithub.com/lc) in [https://github.com/trufflesecurity/trufflehog/pull/2004](https://togithub.com/trufflesecurity/trufflehog/pull/2004) - Add temp directory management by [@codevbus](https://togithub.com/codevbus) in [https://github.com/trufflesecurity/trufflehog/pull/1878](https://togithub.com/trufflesecurity/trufflehog/pull/1878) - Fix binary handling by [@bill-rich](https://togithub.com/bill-rich) in [https://github.com/trufflesecurity/trufflehog/pull/1999](https://togithub.com/trufflesecurity/trufflehog/pull/1999) - Detector-Competition-Fix: Fix SurveyBot Verification by [@lc](https://togithub.com/lc) in [https://github.com/trufflesecurity/trufflehog/pull/1948](https://togithub.com/trufflesecurity/trufflehog/pull/1948) - Detector-Competition-Feat: Added BetterStack API token detector by [@fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/1987](https://togithub.com/trufflesecurity/trufflehog/pull/1987) - Detector-Competition-Feat: Added ZeroTier API token detector by [@fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/1988](https://togithub.com/trufflesecurity/trufflehog/pull/1988) - Detector-Competition-Feat: Added AppOptics API token detector by [@fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/1989](https://togithub.com/trufflesecurity/trufflehog/pull/1989) - Detector-Competition-Feat: Add Metabase Session Secret Detector by [@fumblehool](https://togithub.com/fumblehool) in [https://github.com/trufflesecurity/trufflehog/pull/1902](https://togithub.com/trufflesecurity/trufflehog/pull/1902) - Add Coinbase Wallet-as-a-Service detector by [@rgmz](https://togithub.com/rgmz) in [https://github.com/trufflesecurity/trufflehog/pull/1895](https://togithub.com/trufflesecurity/trufflehog/pull/1895) - Chore(deps): Bump google.golang.org/grpc from 1.56.2 to 1.56.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/trufflesecurity/trufflehog/pull/2009](https://togithub.com/trufflesecurity/trufflehog/pull/2009) - Update module github.com/TheZeroSlave/zapsentry to v1.19.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2012](https://togithub.com/trufflesecurity/trufflehog/pull/2012) - Update module cloud.google.com/go/secretmanager to v1.11.3 by [@renovate](https://togithub.com/renovate) in [https://github.com/trufflesecurity/trufflehog/pull/2011](https://togithub.com/trufflesecurity/trufflehog/pull/2011) Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.60.4...v3.61.0 </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMS41IiwidXBkYXRlZEluVmVyIjoiMzcuMzEuNSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-11-03 14:24:18 +01:00
Harald Hoyer	c2411a45a7	feat: initial commit Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2023-10-26 14:15:52 +02:00

37 commits