close
Skip to content

chore(deps): bump github.com/zricethezav/gitleaks/v8 from 8.18.1 to 8.30.1#1922

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/zricethezav/gitleaks/v8-8.30.1
Open

chore(deps): bump github.com/zricethezav/gitleaks/v8 from 8.18.1 to 8.30.1#1922
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/zricethezav/gitleaks/v8-8.30.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 16, 2026
edited
Loading

Bumps github.com/zricethezav/gitleaks/v8 from 8.18.1 to 8.30.1.

Release notes

Sourced from github.com/zricethezav/gitleaks/v8's releases.

v8.30.0

Changelog

  • 6eaad03 0 to 5 - notes on recursive decoding (#1994)
  • 09242ce Add new Looker client ID and client secret rules (#1947)
  • c98e5e0 feat: add Airtable Personnal Access Token detection (#1952)
  • 4ed0ca4 build: upgrade Go & alpine version (#1989)

v8.29.1

Changelog

  • fb5d707 thats a paddlin
  • 50493db feat: document stdout report path (#1990)

v8.29.0

Changelog

  • ed65b65 Add trace log for skipped archive file when not enabled (#1961)
  • c5ccbb9 Respect contexts with timeouts (#1948)
  • 3821f30 Config min version (#1955)
  • d223718 fix(config): validate rules when [extend] is used (#1592)
  • 87d9629 feat: add Amazon Bedrock API key detection (#1935)
  • 228396b Add GitHub Sponsors section and Discord link
  • a82bc53 feat: improve regex to detect Sonar tokens with prefixes (#1931)

v8.28.0

Changelog

  • 4fb4382 cant count
  • b1c9c7e Composite rules (#1905)
  • 72977e4 feat: add Anthropic API key detection (#1910)
  • 7b02c98 fix(git): handle port (#1912)
  • 2a7bcff dont prematurely calculate fragment newlines (#1909)
  • bd79c3e feat(allowlist): promote optimizations (#1908)
  • 7fb4eda Fix: CVEs on go and go crypto (#1868)
  • a044b81 feat: add artifactory reference token and api key detection (#1906)
  • bf380d4 silly
  • f487f85 Update gitleaks.yml
  • 958f55a add just like that, no leaks

Optimizations

#1909 waits to find newlines until a match. This ends up saving a boat load of time since before we were finding newlines for every fragment regardless if a rule matched or not. #1908 promoted @​rgmz excellent stopword optimization

Composite Rules (Multi-part or required Rules) #1905

In v8.28.0 Gitleaks introduced composite rules, which are made up of a single "primary" rule and one or more auxiliary or required rules. To create a composite rule, add a [[rules.required]] table to the primary rule specifying an id and optionally withinLines and/or withinColumns proximity constraints. A fragment is a chunk of content that Gitleaks processes at once (typically a file, part of a file, or git diff), and proximity matching instructs the primary rule to only report a finding if the auxiliary required rules also find matches within the specified area of the fragment.

Proximity matching: Using the withinLines and withinColumns fields instructs the primary rule to only report a finding if the auxiliary required rules also find matches within the specified proximity. You can set:

  • withinLines: N - required findings must be within N lines (vertically)

... (truncated)

Commits

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
github.com/zricethezav/gitleaks/v8 [< 8.19, > 8.18.1]

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 16, 2026
@dependabot dependabot Bot mentioned this pull request Mar 16, 2026
Closed
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/zricethezav/gitleaks/v8-8.30.1 branch 3 times, most recently from d51d4db to 8ec5f46 Compare March 23, 2026 07:21
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/zricethezav/gitleaks/v8-8.30.1 branch from 8ec5f46 to 88f8cfc Compare March 23, 2026 14:40
@dependabot
chore(deps): bump github.com/zricethezav/gitleaks/v8
d87f004 
Bumps [github.com/zricethezav/gitleaks/v8](https://github.com/zricethezav/gitleaks) from 8.18.1 to 8.30.1.
- [Release notes](https://github.com/zricethezav/gitleaks/releases)
- [Commits](gitleaks/gitleaks@v8.18.1...v8.30.1)

---
updated-dependencies:
- dependency-name: github.com/zricethezav/gitleaks/v8
  dependency-version: 8.30.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/zricethezav/gitleaks/v8-8.30.1 branch from 88f8cfc to d87f004 Compare March 23, 2026 14:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants