Restrict Golang Keyword Detection #675
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…er is optional. Specific for assignment and declaration in golang
Closed
lorenzodb1
approved these changes
Mar 31, 2023
murtaza-swati
pushed a commit
to travis-ci/detect-secrets
that referenced
this pull request
Nov 25, 2024
* update core bits to convert files to local filesystem * update test assertions to be os local path * add type cast * Improve `DiscordBotTokenDetector` and its tests. (Yelp#628) Fixes Yelp#627. * Drop py36 support (Yelp#672) * Drop py36 support * Update contributing doc to remove instance of py36 * Remove custom logic for py36.0 * Run CI Daily (Yelp#674) * Run ci daily at 730am * Update action syntax * Update to once a month * Add String Implementation - StatisticsAggregator (Yelp#678) * Add string output for statistics due to not implementation error * Add return type annotations * Empty commit * Do not add duplicate lines for yaml transformer (Yelp#679) * The colon equal sign regex should contain both colon and equal. Neither is optional. Specific for assignment and declaration in golang (Yelp#675) * Add test cases for ipv4 adresses * Add a plguin for public ip passing the tests * Update documentation for new feature : IPPublic plguin * Bump requests from 2.26.0 to 2.31.0 Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.26.0...v2.31.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Bump certifi from 2021.10.8 to 2023.7.22 Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.10.8 to 2023.7.22. - [Commits](certifi/python-certifi@2021.10.08...2023.07.22) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Catch index error when checking dollar prefix As shown by the test, we want to return False for the empty string when checking if it is prefixed with a dollar. * Better error if plugin file in baseline not found Fixes: Yelp#718 * Dropped support for Python 3.7, added support for Python 3.10, upgraded dependencies and updated project info * Updated CI with currently supported python versions * Bump filelock from 3.0.12 to 3.13.1 Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.0.12 to 3.13.1. - [Release notes](https://github.com/tox-dev/py-filelock/releases) - [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst) - [Commits](tox-dev/filelock@v3.0.12...3.13.1) --- updated-dependencies: - dependency-name: filelock dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump urllib3 from 1.26.9 to 2.1.0 Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.9 to 2.1.0. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.9...2.1.0) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump pyflakes from 1.6.0 to 3.1.0 Bumps [pyflakes](https://github.com/PyCQA/pyflakes) from 1.6.0 to 3.1.0. - [Changelog](https://github.com/PyCQA/pyflakes/blob/main/NEWS.rst) - [Commits](PyCQA/pyflakes@1.6.0...3.1.0) --- updated-dependencies: - dependency-name: pyflakes dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump importlib-metadata from 4.8.1 to 6.8.0 Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 4.8.1 to 6.8.0. - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst) - [Commits](python/importlib_metadata@v4.8.1...v6.8.0) --- updated-dependencies: - dependency-name: importlib-metadata dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump typing-extensions from 3.10.0.2 to 4.3.0 Bumps [typing-extensions](https://github.com/python/typing_extensions) from 3.10.0.2 to 4.3.0. - [Release notes](https://github.com/python/typing_extensions/releases) - [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md) - [Commits](python/typing_extensions@3.10.0.2...4.3.0) --- updated-dependencies: - dependency-name: typing-extensions dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Upgrade dependencies * Bump zipp from 3.6.0 to 3.17.0 Bumps [zipp](https://github.com/jaraco/zipp) from 3.6.0 to 3.17.0. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](jaraco/zipp@v3.6.0...v3.17.0) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump importlib-metadata from 6.6.0 to 6.8.0 Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 6.6.0 to 6.8.0. - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst) - [Commits](python/importlib_metadata@v6.6.0...v6.8.0) --- updated-dependencies: - dependency-name: importlib-metadata dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump idna from 3.3 to 3.4 Bumps [idna](https://github.com/kjd/idna) from 3.3 to 3.4. - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v3.3...v3.4) --- updated-dependencies: - dependency-name: idna dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Added support for py311 * Remove importlib-metadata from requirements-dev.txt * Use a newer version of coverage that knows how to properly report coverage metrics for python 3.11 * Fix double quoted strings * Fix python code style * Bump pyahocorasick from 1.4.4 to 2.0.0 Bumps [pyahocorasick](https://github.com/WojciechMula/pyahocorasick) from 1.4.4 to 2.0.0. - [Release notes](https://github.com/WojciechMula/pyahocorasick/releases) - [Changelog](https://github.com/WojciechMula/pyahocorasick/blob/master/CHANGELOG.rst) - [Commits](WojciechMula/pyahocorasick@1.4.4...2.0.0) --- updated-dependencies: - dependency-name: pyahocorasick dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump pluggy from 0.13.1 to 1.3.0 Bumps [pluggy](https://github.com/pytest-dev/pluggy) from 0.13.1 to 1.3.0. - [Changelog](https://github.com/pytest-dev/pluggy/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pluggy@0.13.1...1.3.0) --- updated-dependencies: - dependency-name: pluggy dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump cfgv from 3.2.0 to 3.4.0 Bumps [cfgv](https://github.com/asottile/cfgv) from 3.2.0 to 3.4.0. - [Commits](asottile/cfgv@v3.2.0...v3.4.0) --- updated-dependencies: - dependency-name: cfgv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Update test case to unflag invalid ipv4 * Update regex to pass updated test * Revert import order changes * Bump certifi from 2023.7.22 to 2023.11.17 Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.7.22 to 2023.11.17. - [Commits](certifi/python-certifi@2023.07.22...2023.11.17) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump types-requests from 2.28.9 to 2.31.0.10 Bumps [types-requests](https://github.com/python/typeshed) from 2.28.9 to 2.31.0.10. - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-requests dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump identify from 2.3.0 to 2.5.32 Bumps [identify](https://github.com/pre-commit/identify) from 2.3.0 to 2.5.32. - [Commits](pre-commit/identify@v2.3.0...v2.5.32) --- updated-dependencies: - dependency-name: identify dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Reword audit prompt message for clarity The old audit prompt message was confusing in the case of a false positive. This new wording suits both genuine findings and false positives. Fixes Yelp#734 * Update docs and tests for new prompt wording. * Adjust test case to return false for invalid ipv4 * Adjust regex to pass new test * Bump nodeenv from 1.6.0 to 1.8.0 Bumps [nodeenv](https://github.com/ekalinin/nodeenv) from 1.6.0 to 1.8.0. - [Release notes](https://github.com/ekalinin/nodeenv/releases) - [Changelog](https://github.com/ekalinin/nodeenv/blob/master/CHANGES) - [Commits](ekalinin/nodeenv@1.6.0...1.8.0) --- updated-dependencies: - dependency-name: nodeenv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump responses from 0.16.0 to 0.24.1 Bumps [responses](https://github.com/getsentry/responses) from 0.16.0 to 0.24.1. - [Release notes](https://github.com/getsentry/responses/releases) - [Changelog](https://github.com/getsentry/responses/blob/master/CHANGES) - [Commits](getsentry/responses@0.16.0...0.24.1) --- updated-dependencies: - dependency-name: responses dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump pre-commit from 2.17.0 to 3.5.0 Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 2.17.0 to 3.5.0. - [Release notes](https://github.com/pre-commit/pre-commit/releases) - [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md) - [Commits](pre-commit/pre-commit@v2.17.0...v3.5.0) --- updated-dependencies: - dependency-name: pre-commit dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump unidiff from 0.7.4 to 0.7.5 Bumps [unidiff](https://github.com/matiasb/python-unidiff) from 0.7.4 to 0.7.5. - [Release notes](https://github.com/matiasb/python-unidiff/releases) - [Changelog](https://github.com/matiasb/python-unidiff/blob/master/HISTORY) - [Commits](matiasb/python-unidiff@v0.7.4...v0.7.5) --- updated-dependencies: - dependency-name: unidiff dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Update prompt wording per request from @lorenzodb1 * Bump backports-entry-points-selectable from 1.1.1 to 1.2.0 Bumps [backports-entry-points-selectable](https://github.com/jaraco/backports.entry_points_selectable) from 1.1.1 to 1.2.0. - [Release notes](https://github.com/jaraco/backports.entry_points_selectable/releases) - [Changelog](https://github.com/jaraco/backports.entry_points_selectable/blob/main/NEWS.rst) - [Commits](jaraco/backports.entry_points_selectable@v1.1.1...v1.2.0) --- updated-dependencies: - dependency-name: backports-entry-points-selectable dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump charset-normalizer from 2.0.7 to 3.3.2 Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer) from 2.0.7 to 3.3.2. - [Release notes](https://github.com/Ousret/charset_normalizer/releases) - [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md) - [Upgrade guide](https://github.com/Ousret/charset_normalizer/blob/master/UPGRADE.md) - [Commits](jawah/charset_normalizer@2.0.7...3.3.2) --- updated-dependencies: - dependency-name: charset-normalizer dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump backports-entry-points-selectable from 1.2.0 to 1.3.0 Bumps [backports-entry-points-selectable](https://github.com/jaraco/backports.entry_points_selectable) from 1.2.0 to 1.3.0. - [Release notes](https://github.com/jaraco/backports.entry_points_selectable/releases) - [Changelog](https://github.com/jaraco/backports.entry_points_selectable/blob/main/NEWS.rst) - [Commits](jaraco/backports.entry_points_selectable@v1.2.0...v1.3.0) --- updated-dependencies: - dependency-name: backports-entry-points-selectable dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump pyparsing from 2.4.7 to 3.1.1 Bumps [pyparsing](https://github.com/pyparsing/pyparsing) from 2.4.7 to 3.1.1. - [Release notes](https://github.com/pyparsing/pyparsing/releases) - [Changelog](https://github.com/pyparsing/pyparsing/blob/master/CHANGES) - [Commits](pyparsing/pyparsing@pyparsing_2.4.7...3.1.1) --- updated-dependencies: - dependency-name: pyparsing dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump pyyaml from 6.0 to 6.0.1 Bumps [pyyaml](https://github.com/yaml/pyyaml) from 6.0 to 6.0.1. - [Changelog](https://github.com/yaml/pyyaml/blob/main/CHANGES) - [Commits](yaml/pyyaml@6.0...6.0.1) --- updated-dependencies: - dependency-name: pyyaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump iniconfig from 1.1.1 to 2.0.0 Bumps [iniconfig](https://github.com/pytest-dev/iniconfig) from 1.1.1 to 2.0.0. - [Release notes](https://github.com/pytest-dev/iniconfig/releases) - [Changelog](https://github.com/pytest-dev/iniconfig/blob/main/CHANGELOG) - [Commits](pytest-dev/iniconfig@v1.1.1...v2.0.0) --- updated-dependencies: - dependency-name: iniconfig dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump mypy-extensions from 0.4.3 to 1.0.0 Bumps [mypy-extensions](https://github.com/python/mypy_extensions) from 0.4.3 to 1.0.0. - [Commits](python/mypy_extensions@0.4.3...1.0.0) --- updated-dependencies: - dependency-name: mypy-extensions dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump virtualenv from 20.24.6 to 20.24.7 Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.24.6 to 20.24.7. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/20.24.7/docs/changelog.rst) - [Commits](pypa/virtualenv@20.24.6...20.24.7) --- updated-dependencies: - dependency-name: virtualenv dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump platformdirs from 3.10.0 to 4.0.0 Bumps [platformdirs](https://github.com/platformdirs/platformdirs) from 3.10.0 to 4.0.0. - [Release notes](https://github.com/platformdirs/platformdirs/releases) - [Changelog](https://github.com/platformdirs/platformdirs/blob/main/CHANGES.rst) - [Commits](tox-dev/platformdirs@3.10.0...4.0.0) --- updated-dependencies: - dependency-name: platformdirs dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump typed-ast from 1.5.4 to 1.5.5 Bumps [typed-ast](https://github.com/python/typed_ast) from 1.5.4 to 1.5.5. - [Changelog](https://github.com/python/typed_ast/blob/master/release_process.md) - [Commits](python/typed_ast@1.5.4...1.5.5) --- updated-dependencies: - dependency-name: typed-ast dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump packaging from 21.3 to 23.2 Bumps [packaging](https://github.com/pypa/packaging) from 21.3 to 23.2. - [Release notes](https://github.com/pypa/packaging/releases) - [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst) - [Commits](pypa/packaging@21.3...23.2) --- updated-dependencies: - dependency-name: packaging dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump pycodestyle from 2.11.0 to 2.11.1 Bumps [pycodestyle](https://github.com/PyCQA/pycodestyle) from 2.11.0 to 2.11.1. - [Release notes](https://github.com/PyCQA/pycodestyle/releases) - [Changelog](https://github.com/PyCQA/pycodestyle/blob/main/CHANGES.txt) - [Commits](PyCQA/pycodestyle@2.11.0...2.11.1) --- updated-dependencies: - dependency-name: pycodestyle dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump tox from 3.24.4 to 4.11.4 Bumps [tox](https://github.com/tox-dev/tox) from 3.24.4 to 4.11.4. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@3.24.4...4.11.4) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump virtualenv from 20.24.7 to 20.25.0 Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.24.7 to 20.25.0. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.24.7...20.25.0) --- updated-dependencies: - dependency-name: virtualenv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump idna from 3.4 to 3.6 Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.6. - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v3.4...v3.6) --- updated-dependencies: - dependency-name: idna dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump platformdirs from 4.0.0 to 4.1.0 Bumps [platformdirs](https://github.com/platformdirs/platformdirs) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/platformdirs/platformdirs/releases) - [Changelog](https://github.com/platformdirs/platformdirs/blob/main/CHANGES.rst) - [Commits](tox-dev/platformdirs@4.0.0...4.1.0) --- updated-dependencies: - dependency-name: platformdirs dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump typing-extensions from 4.3.0 to 4.9.0 Bumps [typing-extensions](https://github.com/python/typing_extensions) from 4.3.0 to 4.9.0. - [Release notes](https://github.com/python/typing_extensions/releases) - [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md) - [Commits](python/typing_extensions@4.3.0...4.9.0) --- updated-dependencies: - dependency-name: typing-extensions dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump identify from 2.5.32 to 2.5.33 Bumps [identify](https://github.com/pre-commit/identify) from 2.5.32 to 2.5.33. - [Commits](pre-commit/identify@v2.5.32...v2.5.33) --- updated-dependencies: - dependency-name: identify dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump attrs from 21.4.0 to 23.1.0 Bumps [attrs](https://github.com/python-attrs/attrs) from 21.4.0 to 23.1.0. - [Release notes](https://github.com/python-attrs/attrs/releases) - [Changelog](https://github.com/python-attrs/attrs/blob/main/CHANGELOG.md) - [Commits](python-attrs/attrs@21.4.0...23.1.0) --- updated-dependencies: - dependency-name: attrs dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump types-pyyaml from 6.0.11 to 6.0.12.12 Bumps [types-pyyaml](https://github.com/python/typeshed) from 6.0.11 to 6.0.12.12. - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-pyyaml dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump distlib from 0.3.7 to 0.3.8 Bumps [distlib](https://github.com/pypa/distlib) from 0.3.7 to 0.3.8. - [Release notes](https://github.com/pypa/distlib/releases) - [Changelog](https://github.com/pypa/distlib/blob/master/CHANGES.rst) - [Commits](pypa/distlib@0.3.7...0.3.8) --- updated-dependencies: - dependency-name: distlib dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump coverage from 7.3.2 to 7.3.3 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.3.2 to 7.3.3. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@7.3.2...7.3.3) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump coverage from 7.3.3 to 7.4.0 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.3.3 to 7.4.0. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@7.3.3...7.4.0) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump attrs from 23.1.0 to 23.2.0 Bumps [attrs](https://github.com/sponsors/hynek) from 23.1.0 to 23.2.0. - [Commits](https://github.com/sponsors/hynek/commits) --- updated-dependencies: - dependency-name: attrs dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * introducing GitLab token detector analogous to GitHubTokenDetector as described on: https://docs.gitlab.com/ee/security/token_overview.html#gitlab-tokens tokens are typically of the form: `glpat-[\alnum]{20}`, ie. ~20 char token 'suffix' with a set of prefixes * Bump types-requests from 2.31.0.10 to 2.31.0.20240106 Bumps [types-requests](https://github.com/python/typeshed) from 2.31.0.10 to 2.31.0.20240106. - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-requests dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump flake8 from 3.5.0 to 7.0.0 Bumps [flake8](https://github.com/pycqa/flake8) from 3.5.0 to 7.0.0. - [Commits](PyCQA/flake8@3.5.0...7.0.0) --- updated-dependencies: - dependency-name: flake8 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * GitLab token detector, differentiating token types * Add detection of other AWS access key id prefixes * Update comment to be access keys and not specifically AKIA * Bump idna from 3.6 to 3.7 Bumps [idna](https://github.com/kjd/idna) from 3.6 to 3.7. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v3.6...v3.7) --- updated-dependencies: - dependency-name: idna dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> * YelpGH-768: Plugin to detect Telegram bot tokens * Added support for Python 3.12 * Fixed pre-commit check failures * Upgraded pyflakes to 3.2.0 * Removed support for Python 3.8 * Bump identify from 2.5.33 to 2.5.36 Bumps [identify](https://github.com/pre-commit/identify) from 2.5.33 to 2.5.36. - [Commits](pre-commit/identify@v2.5.33...v2.5.36) --- updated-dependencies: - dependency-name: identify dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump responses from 0.24.1 to 0.25.0 Bumps [responses](https://github.com/getsentry/responses) from 0.24.1 to 0.25.0. - [Release notes](https://github.com/getsentry/responses/releases) - [Changelog](https://github.com/getsentry/responses/blob/master/CHANGES) - [Commits](getsentry/responses@0.24.1...0.25.0) --- updated-dependencies: - dependency-name: responses dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump tox from 4.11.4 to 4.15.0 Bumps [tox](https://github.com/tox-dev/tox) from 4.11.4 to 4.15.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.11.4...4.15.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump platformdirs from 4.1.0 to 4.2.1 Bumps [platformdirs](https://github.com/platformdirs/platformdirs) from 4.1.0 to 4.2.1. - [Release notes](https://github.com/platformdirs/platformdirs/releases) - [Changelog](https://github.com/platformdirs/platformdirs/blob/main/CHANGES.rst) - [Commits](tox-dev/platformdirs@4.1.0...4.2.1) --- updated-dependencies: - dependency-name: platformdirs dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump typing-extensions from 4.9.0 to 4.11.0 Bumps [typing-extensions](https://github.com/python/typing_extensions) from 4.9.0 to 4.11.0. - [Release notes](https://github.com/python/typing_extensions/releases) - [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md) - [Commits](python/typing_extensions@4.9.0...4.11.0) --- updated-dependencies: - dependency-name: typing-extensions dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump pyahocorasick from 2.0.0 to 2.1.0 Bumps [pyahocorasick](https://github.com/WojciechMula/pyahocorasick) from 2.0.0 to 2.1.0. - [Release notes](https://github.com/WojciechMula/pyahocorasick/releases) - [Changelog](https://github.com/WojciechMula/pyahocorasick/blob/master/CHANGELOG.rst) - [Commits](WojciechMula/pyahocorasick@2.0.0...2.1.0) --- updated-dependencies: - dependency-name: pyahocorasick dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Plugin for PyPI api tokens * Bump virtualenv from 20.25.0 to 20.26.1 Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.25.0 to 20.26.1. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.25.0...20.26.1) --- updated-dependencies: - dependency-name: virtualenv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump pyparsing from 3.1.1 to 3.1.2 Bumps [pyparsing](https://github.com/pyparsing/pyparsing) from 3.1.1 to 3.1.2. - [Release notes](https://github.com/pyparsing/pyparsing/releases) - [Changelog](https://github.com/pyparsing/pyparsing/blob/master/CHANGES) - [Commits](pyparsing/pyparsing@3.1.1...pyparsing_3.1.2) --- updated-dependencies: - dependency-name: pyparsing dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Add regex to detect test.pypi.org tokens * New plugin for OpenAI tokens * Update README for OpenAIDetector * Fix pre-commit * Bump pluggy from 1.3.0 to 1.5.0 Bumps [pluggy](https://github.com/pytest-dev/pluggy) from 1.3.0 to 1.5.0. - [Changelog](https://github.com/pytest-dev/pluggy/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pluggy@1.3.0...1.5.0) --- updated-dependencies: - dependency-name: pluggy dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump zipp from 3.17.0 to 3.18.1 Bumps [zipp](https://github.com/jaraco/zipp) from 3.17.0 to 3.18.1. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](jaraco/zipp@v3.17.0...v3.18.1) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Changelog for v1.5.0 release * Updated baseline file * Fixed version in baseline file * Revert "Fixed version in baseline file" This reverts commit 16e3452. * Revert "Updated baseline file" This reverts commit e11ed89. * Revert "Changelog for v1.5.0 release" This reverts commit eaee543. * Bump packaging from 23.2 to 24.0 Bumps [packaging](https://github.com/pypa/packaging) from 23.2 to 24.0. - [Release notes](https://github.com/pypa/packaging/releases) - [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst) - [Commits](pypa/packaging@23.2...24.0) --- updated-dependencies: - dependency-name: packaging dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump coverage from 7.4.0 to 7.5.1 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.4.0 to 7.5.1. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@7.4.0...7.5.1) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Update changelog v1.5.0 release (Yelp#829) * Update changelog for v1.5.0 release * Update date * Bump version: 1.4.0 → 1.5.0 * Bump filelock from 3.13.1 to 3.14.0 Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.13.1 to 3.14.0. - [Release notes](https://github.com/tox-dev/py-filelock/releases) - [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst) - [Commits](tox-dev/filelock@3.13.1...3.14.0) --- updated-dependencies: - dependency-name: filelock dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump certifi from 2023.11.17 to 2024.2.2 Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.11.17 to 2024.2.2. - [Commits](certifi/python-certifi@2023.11.17...2024.02.02) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump urllib3 from 2.1.0 to 2.2.1 Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.1.0 to 2.2.1. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.1.0...2.2.1) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump platformdirs from 4.2.1 to 4.2.2 Bumps [platformdirs](https://github.com/platformdirs/platformdirs) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/platformdirs/platformdirs/releases) - [Changelog](https://github.com/platformdirs/platformdirs/blob/main/CHANGES.rst) - [Commits](tox-dev/platformdirs@4.2.1...4.2.2) --- updated-dependencies: - dependency-name: platformdirs dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Bump zipp from 3.18.1 to 3.19.2 Bumps [zipp](https://github.com/jaraco/zipp) from 3.18.1 to 3.19.2. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](jaraco/zipp@v3.18.1...v3.19.2) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump requests from 2.31.0 to 2.32.3 Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.3. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.31.0...v2.32.3) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump coverage from 7.5.1 to 7.5.3 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.5.1 to 7.5.3. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@7.5.1...7.5.3) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump typing-extensions from 4.11.0 to 4.12.2 Bumps [typing-extensions](https://github.com/python/typing_extensions) from 4.11.0 to 4.12.2. - [Release notes](https://github.com/python/typing_extensions/releases) - [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md) - [Commits](python/typing_extensions@4.11.0...4.12.2) --- updated-dependencies: - dependency-name: typing-extensions dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump nodeenv from 1.8.0 to 1.9.1 Bumps [nodeenv](https://github.com/ekalinin/nodeenv) from 1.8.0 to 1.9.1. - [Release notes](https://github.com/ekalinin/nodeenv/releases) - [Changelog](https://github.com/ekalinin/nodeenv/blob/master/CHANGES) - [Commits](ekalinin/nodeenv@1.8.0...1.9.1) --- updated-dependencies: - dependency-name: nodeenv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump urllib3 from 2.2.1 to 2.2.2 Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.1 to 2.2.2. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.2.1...2.2.2) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> * Bump packaging from 24.0 to 24.1 Bumps [packaging](https://github.com/pypa/packaging) from 24.0 to 24.1. - [Release notes](https://github.com/pypa/packaging/releases) - [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst) - [Commits](pypa/packaging@24.0...24.1) --- updated-dependencies: - dependency-name: packaging dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump responses from 0.25.0 to 0.25.3 Bumps [responses](https://github.com/getsentry/responses) from 0.25.0 to 0.25.3. - [Release notes](https://github.com/getsentry/responses/releases) - [Changelog](https://github.com/getsentry/responses/blob/master/CHANGES) - [Commits](getsentry/responses@0.25.0...0.25.3) --- updated-dependencies: - dependency-name: responses dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump certifi from 2024.2.2 to 2024.7.4 Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.2.2 to 2024.7.4. - [Commits](certifi/python-certifi@2024.02.02...2024.07.04) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> * Bump virtualenv from 20.26.1 to 20.26.3 Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.26.1 to 20.26.3. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.26.1...20.26.3) --- updated-dependencies: - dependency-name: virtualenv dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix(telegram_bot_token): Regex must match just bot tokens * test(telegram_bot_token): AWS ARN should not match * fix(telegram_bot_token): `bot` should not be in the token `bot` is only used while verifying the token, as per https://core.telegram.org/bots/api#authorizing-your-bot * fix(test): something with `^bot` should not match * fix: format trailing comma * fix(ip_public): Exclude IPv4 Link Local * Bump pre-commit from 3.5.0 to 4.0.1 Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 3.5.0 to 4.0.1. - [Release notes](https://github.com/pre-commit/pre-commit/releases) - [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md) - [Commits](pre-commit/pre-commit@v3.5.0...v4.0.1) --- updated-dependencies: - dependency-name: pre-commit dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: eddiez9 <eddie@eddiez.me> Co-authored-by: Nuztalgia <nuztalgia@gmail.com> Co-authored-by: John-Paul Dakran <dakranj@yelp.com> Co-authored-by: Jingchao Zhong <perry.zjc@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sindri Guðmundsson <sindrigudmundsson@gmail.com> Co-authored-by: Marc Abramowitz <abramowi@adobe.com> Co-authored-by: Lorenzo De Bernardini <lorenzodebernardini@yelp.com> Co-authored-by: Jingchao Zhong <92573736+perryzjc@users.noreply.github.com> Co-authored-by: Daniel Popescu <danielpops@gmail.com> Co-authored-by: Brendan Jurd <direvus@gmail.com> Co-authored-by: Brendan Jurd <brendan.jurd@novasystems.com> Co-authored-by: Kirill Wedenin <kirill.wedenin@codecentric.de> Co-authored-by: Mike DiDomizio <mikedidomizio@gmail.com> Co-authored-by: Chandra Prakash <chandra.pr.158@gmail.com> Co-authored-by: lorenzodb1 <lorenzodb1@hotmail.it> Co-authored-by: Chandra Prakash <chandrapr@yelp.com> Co-authored-by: John-Paul Dakran <dakranj@gmail.com> Co-authored-by: Pepe Fagoaga <jfagoagas@gmail.com> Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What kind of change does this PR introduce?
Bug Fix
What is the current behavior?
Issue was brought up that there are false positives for the goland keyword detector. This is verified since the regex that should be tracked - FOLLOWED_BY_COLON_EQUAL_SIGNS_REGEX - tracks
:=?assignment. Where the equal sign is optional. Therefore we detectkey: secret.What is the new behavior (if this is a feature change)?
The equal sign cannot be optional in golang. The
:=operator is used for assignment and declaration. This is what we are trying to track - not the possibility of:.Does this PR introduce a breaking change?
No