Accepting request 1320279 from devel:tools:scm

OBS-URL: https://build.opensuse.org/request/show/1320279
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gitleaks?expand=0&rev=32

_service

@@ -3,7 +3,7 @@
     <param name="url">https://github.com/zricethezav/gitleaks</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v8.21.1</param>
+    <param name="revision">v8.30.0</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/zricethezav/gitleaks</param>
-              <param name="changesrevision">cf5334fd61d16fb4af1362856ebfb98397c5d4b3</param></service></servicedata>
+              <param name="changesrevision">6eaad039603a4de39fddd1cf5f727391efe9974e</param></service></servicedata>

gitleaks-8.21.1.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8cf32bb9630afc3c26a46d319ff75f50df5895d73e908370ecf5b6cf3bcc9691
-size 807948

gitleaks-8.30.0.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5dea030f159d51d4a8937cad27a1d82f4d7cc0af93be641010512c088fdd9190
+size 1203724

gitleaks.changes

@@ -1,3 +1,375 @@
+-------------------------------------------------------------------
+Thu Nov 27 05:51:48 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 8.30.0:
+  * 0 to 5 - notes on recursive decoding (#1994)
+  * Add new Looker client ID and client secret rules (#1947)
+  * feat: add Airtable Personnal Access Token detection (#1952)
+  * build: upgrade Go & alpine version (#1989)
+
+-------------------------------------------------------------------
+Thu Nov 20 05:48:20 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 8.29.1:
+  * thats a paddlin
+  * feat: document stdout report path (#1990)
+
+-------------------------------------------------------------------
+Wed Nov 05 05:38:57 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 8.29.0:
+  * Add trace log for skipped archive file when not enabled (#1961)
+  * Respect contexts with timeouts (#1948)
+  * Config min version (#1955)
+  * fix(config): validate rules when [extend] is used (#1592)
+  * feat: add Amazon Bedrock API key detection (#1935)
+  * Add GitHub Sponsors section and Discord link
+  * feat: improve regex  to detect Sonar tokens with prefixes
+    (#1931)
+
+-------------------------------------------------------------------
+Thu Jul 24 11:01:37 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 8.28.0:
+  * Changelog
+    - cant count
+    - Composite rules (#1905)
+    - feat: add Anthropic API key detection (#1910)
+    - fix(git): handle port (#1912)
+    - dont prematurely calculate fragment newlines (#1909)
+    - feat(allowlist): promote optimizations (#1908)
+    - Fix: CVEs on go and go crypto (#1868)
+    - feat: add artifactory reference token and api key detection
+      (#1906)
+    - silly
+    - Update gitleaks.yml
+    - add just like that, no leaks
+  * Optimizations
+    - #1909 waits to find newlines until a match. This ends up
+      saving a boat load of time since before we were finding
+      newlines for every fragment regardless if a rule matched or
+      not.
+    - #1908 promoted @rgmz excellent stopword optimization
+  * Composite Rules (Multi-part or required Rules) #1905
+    In v8.28.0 Gitleaks introduced composite rules, which are made
+    up of a single "primary" rule and one or more auxiliary or
+    required rules. To create a composite rule, add a
+    [[rules.required]] table to the primary rule specifying an id
+    and optionally withinLines and/or withinColumns proximity
+    constraints. A fragment is a chunk of content that Gitleaks
+    processes at once (typically a file, part of a file, or git
+    diff), and proximity matching instructs the primary rule to
+    only report a finding if the auxiliary required rules also find
+    matches within the specified area of the fragment.
+    Proximity matching: Using the withinLines and withinColumns
+    fields instructs the primary rule to only report a finding if
+    the auxiliary required rules also find matches within the
+    specified proximity. You can set:
+    - withinLines: N - required findings must be within N lines
+      (vertically)
+    - withinColumns: N - required findings must be within N
+      characters (horizontally)
+    - Both - creates a rectangular search area (both constraints
+      must be satisfied)
+    - Neither - fragment-level matching (required findings can be
+      anywhere in the same fragment)
+
+-------------------------------------------------------------------
+Mon Jun 09 15:29:58 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 8.27.2:
+  * Add experimental allowlist optimizations (#1731)
+  * Detect Notion Public API Keys #1889 (#1890)
+
+-------------------------------------------------------------------
+Sun Jun 08 06:10:39 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 8.27.1:
+  * fix(atlassian): reduce false-positives for v1 pattern (#1892)
+  * Fix log suppresion issue (#1887)
+  * Added Heroku API Key New Version (#1883)
+  * Add Platform Bitbucket (#1886)
+  * Add Platform Gitea (#1884)
+  * prevent default warn message when max-archive-depth not set
+    (#1881)
+  * prevent default warn message when max-archive-depth not set
+
+-------------------------------------------------------------------
+Sun Jun 01 19:05:53 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 8.27.0:
+  * Archive Scanning
+  Sometimes secrets are packaged within archive files like zip
+  files or tarballs, making them difficult to discover. Now you can
+  tell gitleaks to automatically extract and scan the contents of
+  archives. The flag --max-archive-depth enables this feature for
+  both dir and git scan types. The default value of "0" means this
+  feature is disabled by default.
+  Recursive scanning is supported since archives can also contain
+  other archives.  The --max-archive-depth flag sets the recursion
+  limit. Recursion stops when there are no new archives to extract,
+  so setting a very high max depth just sets the potential to go
+  that deep. It will only go as deep as it needs to.
+  The findings for secrets located within an archive will include
+  the path to the file inside the archive. Inner paths are
+  separated with !.  This means a secret was detected on line 4 of
+  files/.env.prod. which is in archives/files.tar which is in
+  testdata/archives/nested.tar.gz.
+  Currently supported formats:
+    The compression and archive formats supported by mholt's
+    archives package are supported.
+  * Changelog
+    - Archive support (#1872)
+    - Update README.md
+    - Reduce aws-access-token false positives (#1876)
+    - Set `pass_filenames` to `false` for Docker hook (#1850)
+    - unicode decoding (#1854)
+    - Diagnostics (#1856)
+    - chore: include decoder in debug log (#1853)
+
+-------------------------------------------------------------------
+Tue May 13 04:29:05 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 8.26.0:
+  Changelog
+  - 78eebac Percent/URL Decoding Support (#1831)
+  - 6f967ca fix(kubernetes): remove slow element from pat (#1848)
+  - 88f56d3 feat: identify slow file (#1479)
+  - 9609928 rm 1password detect test since we test it in cfg gen
+  - 23cb69f feat(rules): Add 1Password secret key detection (#1834)
+  Calling this one @bplaxco's release as he introduced a really
+  clever method for mixed decoding without sacrificing too much
+  performance. As I stated in his PR, I think he's either a wizard
+  or some time traveling AI. Dude is wicked smaht
+  Anyways, Gitleaks now supports the following decoders: hex,
+  percent(url enconding), and b64. It's relatively straight forward
+  to add a new decoder so if you're motivated, community
+  contributions are welcomed!
+  Here's an example:
+  https://github.com/gitleaks/gitleaks/releases/tag/v8.26.0
+
+-------------------------------------------------------------------
+Wed Apr 30 21:18:45 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 8.25.1:
+  * fix(detect): test all allowlists (#1845)
+
+-------------------------------------------------------------------
+Tue Apr 29 17:04:38 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 8.25.0:
+  * feat(config): define multiple global allowlists (#1777)
+  * feat(rules): Add Perplexity AI API key detection (#1825)
+  * feat(gcp): increase rule entropy (#1840)
+  * Adding clickhouse scanner (#1826)
+  * fix(baseline): work with --redact (#1741)
+  * feat(rule): validate & sort rule when generating (#1817)
+
+-------------------------------------------------------------------
+Fri Apr 11 18:22:02 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 8.24.3:
+  * Add support for GitLab Runner Tokens (Routable) (#1820)
+  * bump repo version in pre-commit example (#1815)
+  * Fix currentLine out of bounds error (#1810)
+  * add support for Azure DevOps platform in SCM detection and link
+    (#1807)
+  * Add MaxMind license key rule (#1771)
+  * implement new openai regex pattern (#1780)
+  * A first attempt adding hooks.slack.com/triggers/ (#1792)
+  * feat(generic): tweak false-positives (#1803)
+  * chore: tweak logging and readme for GITLEAKS_CONFIG_TOML
+    feature (#1802)
+  * feat: add option to set config from env var with toml content
+    (#1662)
+
+-------------------------------------------------------------------
+Sat Mar 22 14:13:59 UTC 2025 - opensuse_buildservice@ojkastl.de
+
+- Update to version 8.24.2 (8.24.1 was not released):
+  * Fix platform flag being ignored with gitleaks detect by @rgmz
+    in #1765
+  * Make AddFinding public by @bplaxco in #1767
+  * FIX upgrade x/crypto to 0.31.0 to get rid of CVE-2024-45337 by
+    @cgoessen in #1768
+  * Upgrade rs/zerolog, spf13/cobra, and spf13/viper by @rgmz in
+    #1769
+  * Infer report-format from report-path extension if no value is
+    provided by @rgmz in #1776
+  * generic-api-key: ignore csrf-tokens by @rgmz in #1779
+  * Prevent Yocto/BitBake false positives with generic-api-key rule
+    by @Okeanos in #1783
+  * Fix decoded line allowlist by @zricethezav in #1788
+  * Readme badge revisions by @jessp01 in #1744
+  * feat(regexp): use standard regexp by default, make go-re2
+    opt-in by @twpayne in #1798
+  * gore2 release tags by @zricethezav in #1801
+
+-------------------------------------------------------------------
+Thu Feb 20 08:41:06 UTC 2025 - opensuse_buildservice@ojkastl.de
+
+- Update to version 8.24.0:
+  * Make paths and fingerprints platform-agnostic (#1622)
+  * Add Sonar rule (#1756)
+  * Minor false positive improvements (#1758)
+  * Add support for streaming DetectReader (#1760)
+  * chore: Update github.com/wasilibs/go-re2 to v1.9.0 (#1763)
+  * docs: describe extended rules take precedence over base rules
+    (#1563)
+  * feat(git): disable link generation (#1748)
+  * added sourcegraph token rule (#1736)
+  * feat(config): add rule for .p12 files (#1738)
+  * add deno.lock to default exclusions (#1740)
+
+-------------------------------------------------------------------
+Thu Jan 30 05:54:54 UTC 2025 - opensuse_buildservice@ojkastl.de
+
+- Update to version 8.23.3:
+  * Don't exit with error if git repacking is required (#1711)
+  * refactor(config): use non-capture groups for allowlists (#1735)
+  * chore: Enhance `curl-auth-user` to detect empty usernames or
+    passwords (#1726)
+  * fix(cmd): read log-opts before GitLogCmd (#1730)
+
+-------------------------------------------------------------------
+Sat Jan 25 08:05:24 UTC 2025 - opensuse_buildservice@ojkastl.de
+
+- Update to version 8.23.2:
+  * facebook keyword
+  * fix(meraki): restrict keyword case (#1722)
+  * feat(generic-api-key): detect base64 (#1598)
+  * great branch name (#1721)
+  * fix(git): remove .git suffix for links (#1716)
+  * chore: refine generic-api-key fps + trace logging (#1720)
+  * fix(generate): move newline out of char range (#1719)
+  * newline literal (#1718)
+  * build: support either stdlib or 3rd-party regexp (#1706)
+  * chore(detect): update trace logging (#1713)
+  * feat(git): redact passwords from remote URL (#1709)
+  * feat(git): include link in report (#1698)
+  * chore: reduce generic-api-key fps (#1707)
+  * blorp
+  * added new rule for cisco meraki api key (#1700)
+  * feat: general fp tweaks (#1703)
+  * chore(generate): use \x60 instead of literal (#1702)
+  * chore(regex): simplify secretPrefix, suffix (#1620)
+  * update version for pre-commit in README.md (#1699)
+
+-------------------------------------------------------------------
+Wed Jan 15 13:21:15 UTC 2025 - opensuse_buildservice@ojkastl.de
+
+- Update to version 8.23.1:
+  * chore(gcp): add firebase example keys to the gcp-api-key
+    allowlists (#1635)
+  * fix: unaligned 64-bit atomic operation panic (#1696)
+  * force push to master everyday
+  * feat(config): disable extended rule (#1535)
+  * style: prevent globbing and word splitting (#1543)
+  * refactor(generic-api-key): remove hard-coded 'magic' (#1600)
+  * chore(generate): add failing test case (#1690)
+
+-------------------------------------------------------------------
+Mon Jan 13 15:55:07 UTC 2025 - opensuse_buildservice@ojkastl.de
+
+- Update to version 8.23.0:
+  * feat(generate): use multiple allowlists (#1691)
+  * chore(rules): include fps in reference (#1471)
+  * Add comma as operator for GenerateSemiGenericRegex (#1679)
+  * refactor: central logger (#1692)
+  * friendship ended with tines
+
+-------------------------------------------------------------------
+Tue Dec 31 10:22:01 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 8.22.1:
+  * Entropy trace (#1659)
+  * build: add 'toolchain' to go.mod (#1682)
+  * refactor(detect): create readUntilSafeBoundary + add tests
+    (#1676)
+  * twitter really does suck ass now
+  * chore(tests): test cases for generate.go (#1623)
+  * fix: only use non-empty secret groups (#1632)
+  * build: upgrade sprig v2->v3 (#1674)
+  * fix: generate report file even if no findings (#1673)
+
+-------------------------------------------------------------------
+Sat Dec 21 14:17:25 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 8.22.0:
+  * replace std library regex engine with go-re2 (#1669)
+
+-------------------------------------------------------------------
+Sat Dec 21 14:14:21 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 8.21.4:
+  * Update golang version to 1.23 (#1672)
+  * bump go in dockerfile
+  * log bytes (#1670)
+
+-------------------------------------------------------------------
+Fri Dec 20 06:06:58 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- add completion subpackages
+
+-------------------------------------------------------------------
+Fri Dec 20 05:58:24 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 8.21.3:
+  * go mod 1.23
+  * Ensure keywords are downcased (#1633)
+  * feat: add settlemint api keys detection (#1663)
+  * feat(dir): better chunking (#1665)
+  * feat(report): allow user-defined templates (#1650)
+  * Add support for GitLab routable tokens (#1656)
+  * Add freemius secret key detection (#1611)
+  * fix(kubernetes): only match 'kind: secret' (#1649)
+  * feat: use STDOUT when report file not specified (#1642)
+  * fix(dir): skip opening file&dir if allowlist matches (#1653)
+  * fix: increase chunk size 10kb -> 100kb (#1652)
+  * feat: detect sentry.io tokens in the new format (#1640)
+  * refactor: pre-commit hooks (#1627)
+  * fix(easypost): only detect tokens of correct length (#1628)
+  * feat(dir): continue on permission error (#1621)
+  * Add human readable description for curl rules (#1625)
+  * Add option to include `Line` field in report (#1616)
+  * hm
+  * Update README.md
+  * nop for stupid build
+  * Add new jira api token pattern (#1601)
+  * feat: update global & generic allowlist (#1618)
+  * fix(vault-service-token): ensure that TPS contains digits
+    (#1614)
+  * Generate comprehensive secret samples (#1484)
+  * fix(aws): detect token in url (#1615)
+  * fix(rules): entropy, uppercase in samples (#1593)
+  * feat: tweak rules (#1608)
+
+-------------------------------------------------------------------
+Tue Oct 29 14:00:10 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 8.21.2:
+  * feat(rules): create Octopus Deploy api key (#1602)
+  * fix(aws-access-token): only match if correct length (#1584)
+  * fix(config): ignore jquery/swagger w/o version (#1607)
+  * feat: add new GitLab tokens (#1560)
+  * feat(generic-api-key): tune false positives (#1606)
+  * Create .gitleaks.toml (#1605)
+  * feat(curl): tweak tps and fps (#1603)
+  * feat(config): ignore swagger-ui assets (#1604)
+  * feat(generic-api-key): exclude keywords (#1587)
+  * feat(okta): bump entropy to 4 (#1599)
+  * feat: update global allowlist (#1597)
+  * refactor(allowlist): deduplicate commits & keywords (#1596)
+  * feat(config): ignore jquery static assets (#1595)
+  * More rule fixes (#1586)
+  * chore: log skipped symlinks (#1591)
+  * feat: match left side of identifier (#1585)
+  * what secrets?
+  * fix(rules): add entropy (#1580)
+  * feat(aws): add entropy & allowlist (#1582)
+  * feat(rules): add 1password token (#1583)
+  * feat(config): add curl header rule (#1576)
+
 -------------------------------------------------------------------
 Fri Oct 18 12:19:05 UTC 2024 - opensuse_buildservice@ojkastl.de
 

gitleaks.obsinfo

@@ -1,4 +1,4 @@
 name: gitleaks
-version: 8.21.1
-mtime: 1729210530
-commit: cf5334fd61d16fb4af1362856ebfb98397c5d4b3
+version: 8.30.0
+mtime: 1764174337
+commit: 6eaad039603a4de39fddd1cf5f727391efe9974e

gitleaks.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package gitleaks
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 # Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
@@ -17,40 +17,93 @@
 #
 
 
-%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
-
 Name:           gitleaks
-Version:        8.21.1
+Version:        8.30.0
 Release:        0
 Summary:        Protect and discover secrets using Gitleaks
 License:        MIT
 URL:            https://github.com/gitleaks/gitleaks
 Source:         %{name}-%{version}.tar.gz
 Source1:        vendor.tar.gz
-BuildRequires:  go >= 1.19
+BuildRequires:  bash-completion
+BuildRequires:  fish
+BuildRequires:  go1.25 >= 1.25.4
+BuildRequires:  zsh
 
 %description
 Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like
 passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use,
 all-in-one solution for detecting secrets, past or present, in your code.
 
+%package -n %{name}-bash-completion
+Summary:        Bash Completion for %{name}
+Group:          System/Shells
+Requires:       %{name} = %{version}
+Requires:       bash-completion
+Supplements:    (%{name} and bash-completion)
+BuildArch:      noarch
+
+%description -n %{name}-bash-completion
+Bash command line completion support for %{name}.
+
+%package -n %{name}-fish-completion
+Summary:        Fish Completion for %{name}
+Group:          System/Shells
+Requires:       %{name} = %{version}
+Supplements:    (%{name} and fish)
+BuildArch:      noarch
+
+%description -n %{name}-fish-completion
+Fish command line completion support for %{name}.
+
+%package -n %{name}-zsh-completion
+Summary:        Zsh Completion for %{name}
+Group:          System/Shells
+Requires:       %{name} = %{version}
+Supplements:    (%{name} and zsh)
+BuildArch:      noarch
+
+%description -n %{name}-zsh-completion
+zsh command line completion support for %{name}.
+
 %prep
-%setup -q
-%setup -q -T -D -a 1
+%autosetup -a 1
 
 %build
 go build \
    -mod=vendor \
    -buildmode=pie \
-   -ldflags="-X=github.com/zricethezav/gitleaks/v8/cmd.Version=%{version}"
+   -ldflags="-X=github.com/zricethezav/gitleaks/v8/cmd.Version=%{version}" \
+   -o bin/%{name}
 
 %install
 # Install the binary.
-install -D -m 0755 %{name} "%{buildroot}/%{_bindir}/%{name}"
+install -D -m 0755 bin/%{name} %{buildroot}/%{_bindir}/%{name}
+
+# create the bash completion file
+mkdir -p %{buildroot}%{_datarootdir}/bash-completion/completions/
+%{buildroot}/%{_bindir}/%{name} completion bash > %{buildroot}%{_datarootdir}/bash-completion/completions/%{name}
+
+# create the fish completion file
+mkdir -p %{buildroot}%{_datarootdir}/fish/vendor_completions.d/
+%{buildroot}/%{_bindir}/%{name} completion fish > %{buildroot}%{_datarootdir}/fish/vendor_completions.d/%{name}.fish
+
+# create the zsh completion file
+mkdir -p %{buildroot}%{_datarootdir}/zsh/site-functions/
+%{buildroot}/%{_bindir}/%{name} completion zsh > %{buildroot}%{_datarootdir}/zsh/site-functions/_%{name}
 
 %files
 %doc README.md
 %license LICENSE
 %{_bindir}/%{name}
 
+%files -n %{name}-bash-completion
+%{_datarootdir}/bash-completion/completions/%{name}
+
+%files -n %{name}-fish-completion
+%{_datarootdir}/fish/vendor_completions.d/%{name}.fish
+
+%files -n %{name}-zsh-completion
+%{_datarootdir}/zsh/site-functions/_%{name}
+
 %changelog

vendor.tar.gz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:cab5a1e6825a56ac17672c30f87bd0eb9fa487cda06ea2c59416f76597db5cb3
-size 2969295
+oid sha256:b728bd09ddc97fb5a56cb3423cafbf0d6f90a606b6ae8585645d7c33c62c2c64
+size 5908546