build(deps): bump trufflesecurity/trufflehog from 3.95.6 to 3.95.7#35
build(deps): bump trufflesecurity/trufflehog from 3.95.6 to 3.95.7#35dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.95.6 to 3.95.7. - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](trufflesecurity/trufflehog@v3.95.6...v3.95.7) --- updated-dependencies: - dependency-name: trufflesecurity/trufflehog dependency-version: 3.95.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
|
Codex review: needs maintainer review before merge. Reviewed July 7, 2026, 1:31 PM ET / 17:31 UTC. Summary Reproducibility: not applicable. This is a dependency update PR, and the review checked the workflow diff, current main, and PR check rollup rather than reproducing a product bug. Review metrics: 2 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Risk before merge
Maintainer options:
Next step before merge
Security Review detailsBest possible solution: Merge the clean Dependabot patch if maintainers are comfortable taking TruffleHog v3.95.7; otherwise let Dependabot recreate or advance the GitHub Actions bump. Do we have a high-confidence way to reproduce the issue? Not applicable. This is a dependency update PR, and the review checked the workflow diff, current main, and PR check rollup rather than reproducing a product bug. Is this the best way to solve the issue? Yes. A one-line version bump in the existing secret-scan workflow is the narrowest maintainable path for this patch update. AGENTS.md: not found in the target repository. Codex review notes: model internal, reasoning high; reviewed against b5c480e0492b. Label changesLabel justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
|
Superseded by #37. |
Bumps trufflesecurity/trufflehog from 3.95.6 to 3.95.7.
Release notes
Sourced from trufflesecurity/trufflehog's releases.
Commits
f446421[INS-407] Fixed AWS detector producing non deterministic output (#4836)885fa2d[INS-197] Add redhatpyxis api key detector (#4995)c09d726[INS-497] Add Pganalyze Read Key Detector (#4993)c1a1d6aExposeSecretPartsin the JSON output (#5073)39a1435Add scan_all_installations option for multi-org GitHub App scanning (#4775)8b85dcdBump shared renovate-config to v1.0.3 (#5044)2e4db5fSkip reverification results during deduplication (#5069)4945fa3huggingface: add bucket scanning (#5017)3d196c8[INS-406] Braintrust detector (#4826)6f52203fix: add git worktree support in PrepareRepo (#4690)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)