Terraform turnup automation for the EKS Kubernetes clusters that host GOV.UK. See https://github.com/alphagov/govuk-helm-charts for application config.
MIT License
145
stars
25
forks
source link
Update pre-commit hook Yelp/detect-secrets to v1 #1523
Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.
Release Notes
Yelp/detect-secrets (Yelp/detect-secrets)
### [`v1.5.0`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v150)
[Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v1.4.0...v1.5.0)
##### May 6th, 2024
We apologise for the extreme delay in publishing a new release for our beloved `detect-secrets`. We at Yelp appreciate your continued support and your contributions to this valuable project!
##### :newspaper: News
- We're adding support for Python 3.10, 3.11 and 3.12 and we dropped support for Python 3.6 and 3.7! We hope this won't be too disruptive for you all. Be aware that in a next release, we'll remove support for Python 3.8 too, as it'll reach EOL in October 2024.
##### :mega: Release Highlights
- Added support for OS-agnostic baseline files ([#586])
##### :tada: New Features
- Added a detector for IP addresses ([#692])
- Added a detector for GitLab tokens ([#782])
- Added a detector for Telegram tokens ([#808])
- Added a detector for Pypi and TestPypi tokens ([#819])
- Added a detector for OpenAI tokens ([#823])
##### :sparkles: Usability
- Added filenames in errors thrown when a plugin file specified in the `.secrets.baseline` is not found. ([#719])
- Changed the wording of the audit prompt ([#738])
##### :telescope: Accuracy
- Improved DiscordBotTokenDetector to reduce false negatives ([#628])
- Improved KeywordDetector to reduce false positive for Golang ([#675])
- Improved AWSKeyDetector by adding more access key formats ([#796])
##### :bug: Bugfixes
- Fixed `NotImplementedError` in StatisticsAggregator ([#678])
- Fixed bug in YAMLTransformer related to parsing YAML files with achors and tags ([#679])
- Fixed `IndexError` in `is_prefixed_with_dollar_sign` caused by passing empty strings ([#712])
##### :snake: Miscellaneous
- Dropped support for Python 3.6 ([#672])
- Dropped support for Python 3.7 ([#724])
- Added support for Python 3.10 ([#724])
- Added support for Python 3.11 ([#730])
- Added support for Python 3.12 ([#810])
- Multiple dependency updates
[#586]: https://redirect.github.com/Yelp/detect-secrets/pull/586
[#628]: https://redirect.github.com/Yelp/detect-secrets/pull/628
[#672]: https://redirect.github.com/Yelp/detect-secrets/pull/672
[#675]: https://redirect.github.com/Yelp/detect-secrets/pull/675
[#678]: https://redirect.github.com/Yelp/detect-secrets/pull/678
[#679]: https://redirect.github.com/Yelp/detect-secrets/pull/679
[#692]: https://redirect.github.com/Yelp/detect-secrets/pull/692
[#712]: https://redirect.github.com/Yelp/detect-secrets/pull/712
[#719]: https://redirect.github.com/Yelp/detect-secrets/pull/719
[#724]: https://redirect.github.com/Yelp/detect-secrets/pull/724
[#730]: https://redirect.github.com/Yelp/detect-secrets/pull/730
[#738]: https://redirect.github.com/Yelp/detect-secrets/pull/738
[#782]: https://redirect.github.com/Yelp/detect-secrets/pull/782
[#796]: https://redirect.github.com/Yelp/detect-secrets/pull/796
[#808]: https://redirect.github.com/Yelp/detect-secrets/pull/808
[#810]: https://redirect.github.com/Yelp/detect-secrets/pull/810
[#819]: https://redirect.github.com/Yelp/detect-secrets/pull/819
[#823]: https://redirect.github.com/Yelp/detect-secrets/pull/823
### [`v1.4.0`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v140)
[Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v1.3.0...v1.4.0)
##### October 4th, 2022
##### :newspaper: News
- We're dropping support for Python 3.6 starting v1.5.0! Python 3.6 reached EOL on December 23, 2021 and, therefore, is currently unsupported. We hope this announcement gives you plenty of time to upgrade your project, if needed.
##### :mega: Release Highlights
- Improved filtering by excluding secrets that have already been detected by a regex-based detector ([#612])
##### :tada: New Features
- Added a detector for Discord bot tokens ([#614])
##### :sparkles: Usability
- Improved the audit report to make it easier to parse programmatically ([#619])
##### :telescope: Accuracy
- Improve ArtifactoryDetector plugin to reduce false positives ([#499])
##### :bug: Bugfixes
- Fixed the verify flow in audit report by adding the code snippet of the verified secret ([#620])
- Fixed deploy process to be environment configuration independent ([#625])
##### :snake: Miscellaneous
- Added support for .NET packages.lock.json files in the heuristic filter ([#593])
- Multiple dependency updates
[#499]: https://redirect.github.com/Yelp/detect-secrets/pull/499
[#556]: https://redirect.github.com/Yelp/detect-secrets/pull/556
[#589]: https://redirect.github.com/Yelp/detect-secrets/pull/589
[#593]: https://redirect.github.com/Yelp/detect-secrets/pull/593
[#598]: https://redirect.github.com/Yelp/detect-secrets/pull/598
[#612]: https://redirect.github.com/Yelp/detect-secrets/pull/612
[#614]: https://redirect.github.com/Yelp/detect-secrets/pull/614
[#615]: https://redirect.github.com/Yelp/detect-secrets/pull/615
[#616]: https://redirect.github.com/Yelp/detect-secrets/pull/616
[#619]: https://redirect.github.com/Yelp/detect-secrets/pull/619
[#620]: https://redirect.github.com/Yelp/detect-secrets/pull/620
[#625]: https://redirect.github.com/Yelp/detect-secrets/pull/625
### [`v1.3.0`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v130)
[Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v1.2.0...v1.3.0)
##### July 22nd, 2022
##### :mega: Release Highlights
- Add Windows operating system to Github CI Action ([#528])
- Enable dependabot for automated dependency updates built into GitHub ([#531])
- Improve performance for array slice ([#555])
##### :tada: New Features
- Improve keyword plugin to detect arrow key assignment ([#567])
- Add command line argument for `detect-secrets-hook` to return output as json ([#569])
##### :bug: Bugfixes
- Fix regex matching for `npm` plugin ([#551])
- Fix `audit` crashing when secret is not found on specified line ([#568])
- Fix `# pragma: allowlist nextline secret` secrets not filtered out of result set ([#575])
- Fix `is_verified` flag not stored in `PotentialSecret` ([#578])
##### :snake: Miscellaneous
- Only use ANSI color code in environments that support it ([#523])
- Multiple dependency updates
- Make `is_likely_id_string` heuristic filter more strict to avoid eliminating true positives ([#526])
- Refactor AWS access key regex to minimize false positives ([#571])
- Correct spelling errors in code repository ([#574])
- Add `py.typed` to enable type hints for package consumers ([#579])
[#523]: https://redirect.github.com/Yelp/detect-secrets/pull/523
[#526]: https://redirect.github.com/Yelp/detect-secrets/pull/526
[#528]: https://redirect.github.com/Yelp/detect-secrets/pull/528
[#529]: https://redirect.github.com/Yelp/detect-secrets/pull/529
[#530]: https://redirect.github.com/Yelp/detect-secrets/pull/530
[#531]: https://redirect.github.com/Yelp/detect-secrets/pull/531
[#532]: https://redirect.github.com/Yelp/detect-secrets/pull/532
[#533]: https://redirect.github.com/Yelp/detect-secrets/pull/533
[#535]: https://redirect.github.com/Yelp/detect-secrets/pull/535
[#537]: https://redirect.github.com/Yelp/detect-secrets/pull/537
[#538]: https://redirect.github.com/Yelp/detect-secrets/pull/538
[#542]: https://redirect.github.com/Yelp/detect-secrets/pull/542
[#543]: https://redirect.github.com/Yelp/detect-secrets/pull/543
[#545]: https://redirect.github.com/Yelp/detect-secrets/pull/545
[#546]: https://redirect.github.com/Yelp/detect-secrets/pull/546
[#551]: https://redirect.github.com/Yelp/detect-secrets/pull/551
[#555]: https://redirect.github.com/Yelp/detect-secrets/pull/555
[#567]: https://redirect.github.com/Yelp/detect-secrets/pull/567
[#568]: https://redirect.github.com/Yelp/detect-secrets/pull/568
[#569]: https://redirect.github.com/Yelp/detect-secrets/pull/569
[#571]: https://redirect.github.com/Yelp/detect-secrets/pull/571
[#574]: https://redirect.github.com/Yelp/detect-secrets/pull/574
[#575]: https://redirect.github.com/Yelp/detect-secrets/pull/575
[#576]: https://redirect.github.com/Yelp/detect-secrets/pull/576
[#578]: https://redirect.github.com/Yelp/detect-secrets/pull/578
[#579]: https://redirect.github.com/Yelp/detect-secrets/pull/579
### [`v1.2.0`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v120)
[Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v1.1.0...v1.2.0)
##### February 16th, 2022
##### :mega: Release Highlights
- Continuous integration github action added ([#506])
- Release pipeline github action added ([#513])
##### :tada: New Features
- New GitHub token plugin added ([#465])
- New SendGrid plugin added ([#463])
- More new ignored file extensions
##### :bug: Bugfixes
- Fixes catastrophic backtracking for indirect reference heuristic ([#509])
- Fixes pre-commit hook secret equality checking causing updates to baseline with no real changes - only a timestamp update ([#507])
- Fixes python 3.8 failing to load plugins on windows and macos ([#505])
- Fixes yaml transformer inline dictionary index out of bounds exceptions ([#501])
- Fixes regex for slack url ([#477])
- Fixes `AttributeError: 'PotentialSecret' object has no attribute 'line_number'` by safely falling back to 0 if line_number isn't present. ([#476])([#472])
- Fixes gibberish-detector current version
- Fixes filtering ordering in .secrets.baseline
##### :snake: Miscellaneous
- Updated README due hook failing to interpret filenames with spaces ([#470])
- Add CI github action badge to README
- Development dependency bumps ([#519])
[#463]: https://redirect.github.com/Yelp/detect-secrets/pull/463
[#465]: https://redirect.github.com/Yelp/detect-secrets/pull/465
[#470]: https://redirect.github.com/Yelp/detect-secrets/pull/470
[#472]: https://redirect.github.com/Yelp/detect-secrets/pull/472
[#476]: https://redirect.github.com/Yelp/detect-secrets/pull/476
[#477]: https://redirect.github.com/Yelp/detect-secrets/pull/477
[#501]: https://redirect.github.com/Yelp/detect-secrets/pull/501
[#505]: https://redirect.github.com/Yelp/detect-secrets/pull/505
[#506]: https://redirect.github.com/Yelp/detect-secrets/pull/506
[#507]: https://redirect.github.com/Yelp/detect-secrets/pull/507
[#509]: https://redirect.github.com/Yelp/detect-secrets/pull/509
[#513]: https://redirect.github.com/Yelp/detect-secrets/pull/513
[#519]: https://redirect.github.com/Yelp/detect-secrets/pull/519
### [`v1.1.0`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v110)
[Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v1.0.3...v1.1.0)
##### April 14th, 2021
##### :mega: Release Highlights
- New gibberish filter added ([#416])
- Multiprocessing support, for faster scans! ([#441])
- Support for scanning different directories (rather than the current directory) ([#440])
##### :tada: New Features
- `KeywordDetector` supports whitespace secrets ([#414])
- `KeywordDetector` now supports prefix/suffixed keywords, and accuracy updates
- Adding alphanumerical filter to ensure secrets have at least one letter/number in them ([#428])
- New filter added for ignoring common lock files ([#417])
- More new ignored file extensions
- Adding filter to ignore swagger files
- Added `audit --report` to extract secret values with a baseline
([#387], thanks \[[@pablosantiagolopez](https://redirect.github.com/pablosantiagolopez)], [@syn-4ck])
##### :telescope: Accuracy
- `KeywordDetector` now defaults to requiring quotes around secrets ([#448])
- `KeywordDetector` now searches for more keywords ([#430])
##### :bug: Bugfixes
- Filter caches are cleared when swapping between different `Settings` objects ([#444])
- Upgrading baselines from <0.12 migrates `exclude` to `exclude-files` rather than `exclude-lines`
([#446])
##### :snake: Miscellaneous
- More verbose logging, to help with debugging issues ([#432])
- YAMLTransformer handles binary entries differently
[#387]: https://redirect.github.com/Yelp/detect-secrets/pull/387
[#414]: https://redirect.github.com/Yelp/detect-secrets/pull/414
[#416]: https://redirect.github.com/Yelp/detect-secrets/pull/416
[#417]: https://redirect.github.com/Yelp/detect-secrets/pull/417
[#428]: https://redirect.github.com/Yelp/detect-secrets/pull/428
[#430]: https://redirect.github.com/Yelp/detect-secrets/pull/430
[#432]: https://redirect.github.com/Yelp/detect-secrets/pull/432
[#440]: https://redirect.github.com/Yelp/detect-secrets/pull/440
[#441]: https://redirect.github.com/Yelp/detect-secrets/pull/441
[#444]: https://redirect.github.com/Yelp/detect-secrets/pull/444
[#446]: https://redirect.github.com/Yelp/detect-secrets/pull/446
[#448]: https://redirect.github.com/Yelp/detect-secrets/pull/448
[@syn-4ck]: https://redirect.github.com/syn-4ck
### [`v1.0.3`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v103)
[Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v1.0.2...v1.0.3)
##### February 26th, 2021
##### :bug: Bugfixes
- Fixes `SecretsCollection` subtraction method, to handle non-overlapping files.
- Fixes installation for Windows environments ([#412], thanks [@pablosantiagolopez])
[#412]: https://redirect.github.com/Yelp/detect-secrets/pull/412
[@pablosantiagolopez]: https://redirect.github.com/pablosantiagolopez
### [`v1.0.2`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v102)
[Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v1.0.1...v1.0.2)
##### February 25th, 2021
##### :bug: Bugfixes
- `KeywordDetector` is no longer case-sensitive.
### [`v1.0.1`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v101)
[Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v1.0.0...v1.0.1)
##### February 25th, 2021
##### :bug: Bugfixes
- Fixes recursive loop with installation ([#408], thanks [@cbows])
[#408]: https://redirect.github.com/Yelp/detect-secrets/pull/408
[@cbows]: https://redirect.github.com/cbows
### [`v1.0.0`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v100)
[Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v0.14.4...v1.0.0)
##### February 24th, 2021
##### :mega: Release Highlights
- Added a concept of ["filters"](./docs/filters.md), to weed out false positives
- Introduce the concept of ["transformers"](./docs/design.md#Transformers), to standardize file
parsing across plugins
- Designed an upgrade system for easy migrations of older baseline versions
- Core engine redesigned to support module usage (rather than just interacting with it through
the command line)
- Added a global [`Settings`](./docs/design.md#Settings) object for repeatable, serializable,
configurations
- Introduced dependency injection framework for easy-to-design filters.
##### :boom: Breaking Changes
Honestly, too many to list out. Check out the original pull request
([#355](https://redirect.github.com/Yelp/detect-secrets/pull/355)) for more details. It's safe to assume
that if you interacted with `detect-secrets` as a module (rather than solely a pre-commit hook
or CLI tool), the APIs have changed (for the better).
**However**, with the new upgrade infrastructure in place, the baseline files will auto upgrade
by themselves. Users that have used it solely as a pre-commit hook or CLI tool may need to consult
the ["User Facing Changes"](https://redirect.github.com/Yelp/detect-secrets/pull/355) for flag renaming.
##### :tada: New Features
- Added `NpmDetector` ([#347], thanks [@ninoseki])
- Added `AzureStorageKeyDetector` ([#359], thanks [@DariuszPorowski])
- Added `SquareOauthDetector` ([#398], thanks [@pablosantiagolopez])
- Added `--only-allowlisted` flag to scan for inline ignores
- Added `--list-all-plugins` to show a list of all plugins available to the engine
- Added `--exclude-secrets` flag to ignore secrets that match specific regexes
([#391], thanks [@pablosantiagolopez])
- Added `--slim` flag to generate baselines that minimize git diffs
- Added `--disable-filter` to disable specific filters
- Added `--disable-plugin` to disable specific plugins
- Added support for `# pragma: allowlist nextline secret` to ignore the following line
([#367], thanks [@nickiaconis])
[#347]: https://redirect.github.com/Yelp/detect-secrets/pull/347
[#359]: https://redirect.github.com/Yelp/detect-secrets/pull/359
[#367]: https://redirect.github.com/Yelp/detect-secrets/pull/367
[#391]: https://redirect.github.com/Yelp/detect-secrets/pull/391
[#398]: https://redirect.github.com/Yelp/detect-secrets/pull/398
[@DariuszPorowski]: https://redirect.github.com/DariuszPorowski
[@nickiaconis]: https://redirect.github.com/nickiaconis
[@ninoseki]: https://redirect.github.com/ninoseki
[@pablosantiagolopez]: https://redirect.github.com/pablosantiagolopez
##### :telescope: Accuracy
- AWS Plugin now scans for secret tokens as well ([#397], thanks [@pablosantiagolopez])
[#397]: https://redirect.github.com/Yelp/detect-secrets/pull/397
[@pablosantiagolopez]: https://redirect.github.com/pablosantiagolopez
##### :mortar_board: Walkthrough / Help
- The README now includes examples of common usages, features, and an FAQ section for
the common questions we often receive as GitHub issues.
- So much better [technical documentation](./docs)!
- Type support added
##### :bug: Bugfixes
- Inline allowlisting is respected by regular scans, rather than only pre-commit hook
- `audit` functionality improved on Windows machines
- git operations now handle file paths with spaces
- fix KeywordDetector hanging on very long lines ([#373], thanks [@gpflaum])
[#373]: https://redirect.github.com/Yelp/detect-secrets/pull/373
[@gpflaum]: https://redirect.github.com/gpflaum
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
v0.14.4->v1.5.0Note: The
pre-commitmanager in Renovate is not supported by thepre-commitmaintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.Release Notes
Yelp/detect-secrets (Yelp/detect-secrets)
### [`v1.5.0`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v150) [Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v1.4.0...v1.5.0) ##### May 6th, 2024 We apologise for the extreme delay in publishing a new release for our beloved `detect-secrets`. We at Yelp appreciate your continued support and your contributions to this valuable project! ##### :newspaper: News - We're adding support for Python 3.10, 3.11 and 3.12 and we dropped support for Python 3.6 and 3.7! We hope this won't be too disruptive for you all. Be aware that in a next release, we'll remove support for Python 3.8 too, as it'll reach EOL in October 2024. ##### :mega: Release Highlights - Added support for OS-agnostic baseline files ([#586]) ##### :tada: New Features - Added a detector for IP addresses ([#692]) - Added a detector for GitLab tokens ([#782]) - Added a detector for Telegram tokens ([#808]) - Added a detector for Pypi and TestPypi tokens ([#819]) - Added a detector for OpenAI tokens ([#823]) ##### :sparkles: Usability - Added filenames in errors thrown when a plugin file specified in the `.secrets.baseline` is not found. ([#719]) - Changed the wording of the audit prompt ([#738]) ##### :telescope: Accuracy - Improved DiscordBotTokenDetector to reduce false negatives ([#628]) - Improved KeywordDetector to reduce false positive for Golang ([#675]) - Improved AWSKeyDetector by adding more access key formats ([#796]) ##### :bug: Bugfixes - Fixed `NotImplementedError` in StatisticsAggregator ([#678]) - Fixed bug in YAMLTransformer related to parsing YAML files with achors and tags ([#679]) - Fixed `IndexError` in `is_prefixed_with_dollar_sign` caused by passing empty strings ([#712]) ##### :snake: Miscellaneous - Dropped support for Python 3.6 ([#672]) - Dropped support for Python 3.7 ([#724]) - Added support for Python 3.10 ([#724]) - Added support for Python 3.11 ([#730]) - Added support for Python 3.12 ([#810]) - Multiple dependency updates [#586]: https://redirect.github.com/Yelp/detect-secrets/pull/586 [#628]: https://redirect.github.com/Yelp/detect-secrets/pull/628 [#672]: https://redirect.github.com/Yelp/detect-secrets/pull/672 [#675]: https://redirect.github.com/Yelp/detect-secrets/pull/675 [#678]: https://redirect.github.com/Yelp/detect-secrets/pull/678 [#679]: https://redirect.github.com/Yelp/detect-secrets/pull/679 [#692]: https://redirect.github.com/Yelp/detect-secrets/pull/692 [#712]: https://redirect.github.com/Yelp/detect-secrets/pull/712 [#719]: https://redirect.github.com/Yelp/detect-secrets/pull/719 [#724]: https://redirect.github.com/Yelp/detect-secrets/pull/724 [#730]: https://redirect.github.com/Yelp/detect-secrets/pull/730 [#738]: https://redirect.github.com/Yelp/detect-secrets/pull/738 [#782]: https://redirect.github.com/Yelp/detect-secrets/pull/782 [#796]: https://redirect.github.com/Yelp/detect-secrets/pull/796 [#808]: https://redirect.github.com/Yelp/detect-secrets/pull/808 [#810]: https://redirect.github.com/Yelp/detect-secrets/pull/810 [#819]: https://redirect.github.com/Yelp/detect-secrets/pull/819 [#823]: https://redirect.github.com/Yelp/detect-secrets/pull/823 ### [`v1.4.0`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v140) [Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v1.3.0...v1.4.0) ##### October 4th, 2022 ##### :newspaper: News - We're dropping support for Python 3.6 starting v1.5.0! Python 3.6 reached EOL on December 23, 2021 and, therefore, is currently unsupported. We hope this announcement gives you plenty of time to upgrade your project, if needed. ##### :mega: Release Highlights - Improved filtering by excluding secrets that have already been detected by a regex-based detector ([#612]) ##### :tada: New Features - Added a detector for Discord bot tokens ([#614]) ##### :sparkles: Usability - Improved the audit report to make it easier to parse programmatically ([#619]) ##### :telescope: Accuracy - Improve ArtifactoryDetector plugin to reduce false positives ([#499]) ##### :bug: Bugfixes - Fixed the verify flow in audit report by adding the code snippet of the verified secret ([#620]) - Fixed deploy process to be environment configuration independent ([#625]) ##### :snake: Miscellaneous - Added support for .NET packages.lock.json files in the heuristic filter ([#593]) - Multiple dependency updates [#499]: https://redirect.github.com/Yelp/detect-secrets/pull/499 [#556]: https://redirect.github.com/Yelp/detect-secrets/pull/556 [#589]: https://redirect.github.com/Yelp/detect-secrets/pull/589 [#593]: https://redirect.github.com/Yelp/detect-secrets/pull/593 [#598]: https://redirect.github.com/Yelp/detect-secrets/pull/598 [#612]: https://redirect.github.com/Yelp/detect-secrets/pull/612 [#614]: https://redirect.github.com/Yelp/detect-secrets/pull/614 [#615]: https://redirect.github.com/Yelp/detect-secrets/pull/615 [#616]: https://redirect.github.com/Yelp/detect-secrets/pull/616 [#619]: https://redirect.github.com/Yelp/detect-secrets/pull/619 [#620]: https://redirect.github.com/Yelp/detect-secrets/pull/620 [#625]: https://redirect.github.com/Yelp/detect-secrets/pull/625 ### [`v1.3.0`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v130) [Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v1.2.0...v1.3.0) ##### July 22nd, 2022 ##### :mega: Release Highlights - Add Windows operating system to Github CI Action ([#528]) - Enable dependabot for automated dependency updates built into GitHub ([#531]) - Improve performance for array slice ([#555]) ##### :tada: New Features - Improve keyword plugin to detect arrow key assignment ([#567]) - Add command line argument for `detect-secrets-hook` to return output as json ([#569]) ##### :bug: Bugfixes - Fix regex matching for `npm` plugin ([#551]) - Fix `audit` crashing when secret is not found on specified line ([#568]) - Fix `# pragma: allowlist nextline secret` secrets not filtered out of result set ([#575]) - Fix `is_verified` flag not stored in `PotentialSecret` ([#578]) ##### :snake: Miscellaneous - Only use ANSI color code in environments that support it ([#523]) - Multiple dependency updates - Make `is_likely_id_string` heuristic filter more strict to avoid eliminating true positives ([#526]) - Refactor AWS access key regex to minimize false positives ([#571]) - Correct spelling errors in code repository ([#574]) - Add `py.typed` to enable type hints for package consumers ([#579]) [#523]: https://redirect.github.com/Yelp/detect-secrets/pull/523 [#526]: https://redirect.github.com/Yelp/detect-secrets/pull/526 [#528]: https://redirect.github.com/Yelp/detect-secrets/pull/528 [#529]: https://redirect.github.com/Yelp/detect-secrets/pull/529 [#530]: https://redirect.github.com/Yelp/detect-secrets/pull/530 [#531]: https://redirect.github.com/Yelp/detect-secrets/pull/531 [#532]: https://redirect.github.com/Yelp/detect-secrets/pull/532 [#533]: https://redirect.github.com/Yelp/detect-secrets/pull/533 [#535]: https://redirect.github.com/Yelp/detect-secrets/pull/535 [#537]: https://redirect.github.com/Yelp/detect-secrets/pull/537 [#538]: https://redirect.github.com/Yelp/detect-secrets/pull/538 [#542]: https://redirect.github.com/Yelp/detect-secrets/pull/542 [#543]: https://redirect.github.com/Yelp/detect-secrets/pull/543 [#545]: https://redirect.github.com/Yelp/detect-secrets/pull/545 [#546]: https://redirect.github.com/Yelp/detect-secrets/pull/546 [#551]: https://redirect.github.com/Yelp/detect-secrets/pull/551 [#555]: https://redirect.github.com/Yelp/detect-secrets/pull/555 [#567]: https://redirect.github.com/Yelp/detect-secrets/pull/567 [#568]: https://redirect.github.com/Yelp/detect-secrets/pull/568 [#569]: https://redirect.github.com/Yelp/detect-secrets/pull/569 [#571]: https://redirect.github.com/Yelp/detect-secrets/pull/571 [#574]: https://redirect.github.com/Yelp/detect-secrets/pull/574 [#575]: https://redirect.github.com/Yelp/detect-secrets/pull/575 [#576]: https://redirect.github.com/Yelp/detect-secrets/pull/576 [#578]: https://redirect.github.com/Yelp/detect-secrets/pull/578 [#579]: https://redirect.github.com/Yelp/detect-secrets/pull/579 ### [`v1.2.0`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v120) [Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v1.1.0...v1.2.0) ##### February 16th, 2022 ##### :mega: Release Highlights - Continuous integration github action added ([#506]) - Release pipeline github action added ([#513]) ##### :tada: New Features - New GitHub token plugin added ([#465]) - New SendGrid plugin added ([#463]) - More new ignored file extensions ##### :bug: Bugfixes - Fixes catastrophic backtracking for indirect reference heuristic ([#509]) - Fixes pre-commit hook secret equality checking causing updates to baseline with no real changes - only a timestamp update ([#507]) - Fixes python 3.8 failing to load plugins on windows and macos ([#505]) - Fixes yaml transformer inline dictionary index out of bounds exceptions ([#501]) - Fixes regex for slack url ([#477]) - Fixes `AttributeError: 'PotentialSecret' object has no attribute 'line_number'` by safely falling back to 0 if line_number isn't present. ([#476])([#472]) - Fixes gibberish-detector current version - Fixes filtering ordering in .secrets.baseline ##### :snake: Miscellaneous - Updated README due hook failing to interpret filenames with spaces ([#470]) - Add CI github action badge to README - Development dependency bumps ([#519]) [#463]: https://redirect.github.com/Yelp/detect-secrets/pull/463 [#465]: https://redirect.github.com/Yelp/detect-secrets/pull/465 [#470]: https://redirect.github.com/Yelp/detect-secrets/pull/470 [#472]: https://redirect.github.com/Yelp/detect-secrets/pull/472 [#476]: https://redirect.github.com/Yelp/detect-secrets/pull/476 [#477]: https://redirect.github.com/Yelp/detect-secrets/pull/477 [#501]: https://redirect.github.com/Yelp/detect-secrets/pull/501 [#505]: https://redirect.github.com/Yelp/detect-secrets/pull/505 [#506]: https://redirect.github.com/Yelp/detect-secrets/pull/506 [#507]: https://redirect.github.com/Yelp/detect-secrets/pull/507 [#509]: https://redirect.github.com/Yelp/detect-secrets/pull/509 [#513]: https://redirect.github.com/Yelp/detect-secrets/pull/513 [#519]: https://redirect.github.com/Yelp/detect-secrets/pull/519 ### [`v1.1.0`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v110) [Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v1.0.3...v1.1.0) ##### April 14th, 2021 ##### :mega: Release Highlights - New gibberish filter added ([#416]) - Multiprocessing support, for faster scans! ([#441]) - Support for scanning different directories (rather than the current directory) ([#440]) ##### :tada: New Features - `KeywordDetector` supports whitespace secrets ([#414]) - `KeywordDetector` now supports prefix/suffixed keywords, and accuracy updates - Adding alphanumerical filter to ensure secrets have at least one letter/number in them ([#428]) - New filter added for ignoring common lock files ([#417]) - More new ignored file extensions - Adding filter to ignore swagger files - Added `audit --report` to extract secret values with a baseline ([#387], thanks \[[@pablosantiagolopez](https://redirect.github.com/pablosantiagolopez)], [@syn-4ck]) ##### :telescope: Accuracy - `KeywordDetector` now defaults to requiring quotes around secrets ([#448]) - `KeywordDetector` now searches for more keywords ([#430]) ##### :bug: Bugfixes - Filter caches are cleared when swapping between different `Settings` objects ([#444]) - Upgrading baselines from <0.12 migrates `exclude` to `exclude-files` rather than `exclude-lines` ([#446]) ##### :snake: Miscellaneous - More verbose logging, to help with debugging issues ([#432]) - YAMLTransformer handles binary entries differently [#387]: https://redirect.github.com/Yelp/detect-secrets/pull/387 [#414]: https://redirect.github.com/Yelp/detect-secrets/pull/414 [#416]: https://redirect.github.com/Yelp/detect-secrets/pull/416 [#417]: https://redirect.github.com/Yelp/detect-secrets/pull/417 [#428]: https://redirect.github.com/Yelp/detect-secrets/pull/428 [#430]: https://redirect.github.com/Yelp/detect-secrets/pull/430 [#432]: https://redirect.github.com/Yelp/detect-secrets/pull/432 [#440]: https://redirect.github.com/Yelp/detect-secrets/pull/440 [#441]: https://redirect.github.com/Yelp/detect-secrets/pull/441 [#444]: https://redirect.github.com/Yelp/detect-secrets/pull/444 [#446]: https://redirect.github.com/Yelp/detect-secrets/pull/446 [#448]: https://redirect.github.com/Yelp/detect-secrets/pull/448 [@syn-4ck]: https://redirect.github.com/syn-4ck ### [`v1.0.3`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v103) [Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v1.0.2...v1.0.3) ##### February 26th, 2021 ##### :bug: Bugfixes - Fixes `SecretsCollection` subtraction method, to handle non-overlapping files. - Fixes installation for Windows environments ([#412], thanks [@pablosantiagolopez]) [#412]: https://redirect.github.com/Yelp/detect-secrets/pull/412 [@pablosantiagolopez]: https://redirect.github.com/pablosantiagolopez ### [`v1.0.2`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v102) [Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v1.0.1...v1.0.2) ##### February 25th, 2021 ##### :bug: Bugfixes - `KeywordDetector` is no longer case-sensitive. ### [`v1.0.1`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v101) [Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v1.0.0...v1.0.1) ##### February 25th, 2021 ##### :bug: Bugfixes - Fixes recursive loop with installation ([#408], thanks [@cbows]) [#408]: https://redirect.github.com/Yelp/detect-secrets/pull/408 [@cbows]: https://redirect.github.com/cbows ### [`v1.0.0`](https://redirect.github.com/Yelp/detect-secrets/blob/HEAD/CHANGELOG.md#v100) [Compare Source](https://redirect.github.com/Yelp/detect-secrets/compare/v0.14.4...v1.0.0) ##### February 24th, 2021 ##### :mega: Release Highlights - Added a concept of ["filters"](./docs/filters.md), to weed out false positives - Introduce the concept of ["transformers"](./docs/design.md#Transformers), to standardize file parsing across plugins - Designed an upgrade system for easy migrations of older baseline versions - Core engine redesigned to support module usage (rather than just interacting with it through the command line) - Added a global [`Settings`](./docs/design.md#Settings) object for repeatable, serializable, configurations - Introduced dependency injection framework for easy-to-design filters. ##### :boom: Breaking Changes Honestly, too many to list out. Check out the original pull request ([#355](https://redirect.github.com/Yelp/detect-secrets/pull/355)) for more details. It's safe to assume that if you interacted with `detect-secrets` as a module (rather than solely a pre-commit hook or CLI tool), the APIs have changed (for the better). **However**, with the new upgrade infrastructure in place, the baseline files will auto upgrade by themselves. Users that have used it solely as a pre-commit hook or CLI tool may need to consult the ["User Facing Changes"](https://redirect.github.com/Yelp/detect-secrets/pull/355) for flag renaming. ##### :tada: New Features - Added `NpmDetector` ([#347], thanks [@ninoseki]) - Added `AzureStorageKeyDetector` ([#359], thanks [@DariuszPorowski]) - Added `SquareOauthDetector` ([#398], thanks [@pablosantiagolopez]) - Added `--only-allowlisted` flag to scan for inline ignores - Added `--list-all-plugins` to show a list of all plugins available to the engine - Added `--exclude-secrets` flag to ignore secrets that match specific regexes ([#391], thanks [@pablosantiagolopez]) - Added `--slim` flag to generate baselines that minimize git diffs - Added `--disable-filter` to disable specific filters - Added `--disable-plugin` to disable specific plugins - Added support for `# pragma: allowlist nextline secret` to ignore the following line ([#367], thanks [@nickiaconis]) [#347]: https://redirect.github.com/Yelp/detect-secrets/pull/347 [#359]: https://redirect.github.com/Yelp/detect-secrets/pull/359 [#367]: https://redirect.github.com/Yelp/detect-secrets/pull/367 [#391]: https://redirect.github.com/Yelp/detect-secrets/pull/391 [#398]: https://redirect.github.com/Yelp/detect-secrets/pull/398 [@DariuszPorowski]: https://redirect.github.com/DariuszPorowski [@nickiaconis]: https://redirect.github.com/nickiaconis [@ninoseki]: https://redirect.github.com/ninoseki [@pablosantiagolopez]: https://redirect.github.com/pablosantiagolopez ##### :telescope: Accuracy - AWS Plugin now scans for secret tokens as well ([#397], thanks [@pablosantiagolopez]) [#397]: https://redirect.github.com/Yelp/detect-secrets/pull/397 [@pablosantiagolopez]: https://redirect.github.com/pablosantiagolopez ##### :mortar_board: Walkthrough / Help - The README now includes examples of common usages, features, and an FAQ section for the common questions we often receive as GitHub issues. - So much better [technical documentation](./docs)! - Type support added ##### :bug: Bugfixes - Inline allowlisting is respected by regular scans, rather than only pre-commit hook - `audit` functionality improved on Windows machines - git operations now handle file paths with spaces - fix KeywordDetector hanging on very long lines ([#373], thanks [@gpflaum]) [#373]: https://redirect.github.com/Yelp/detect-secrets/pull/373 [@gpflaum]: https://redirect.github.com/gpflaumThis PR has been generated by Renovate Bot.