Update all dependencies

This MR contains the following updates:

Package	Type	Update	Change
sigstore/cosign	ironbank-github	minor	v2.0.2 -> v2.1.1
trufflesecurity/trufflehog	ironbank-github	minor	v3.40.0 -> v3.45.1

---

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the logs for more information.

---

Release Notes

sigstore/cosign

v2.1.1

Compare Source

Bug Fixes

• wait for the workers become available again to continue the execution (#​3084)
• fix help text when in a container (#​3082)

Documentation

• update changelog (#​3080)

• DNM: Add CHANGELOG for v2.1.0 (#​3068)

• Carlos Tadeu Panato Junior

• priyawadhwa

v2.1.0

Compare Source

Breaking Change: The predicate is now a required flag in the attest commands, set via the --type flag.

Enhancements

• Verify sigs and attestations in parallel (#​3066)
• Deep inspect attestations when filtering download (#​3031)
• refactor bundle validation code, add support for DSSE rekor type (#​3016)
• Allow overriding remote options (#​3049)
• feat: adds no cert found on sig exit code (#​3038)
• Make predicate a required flag in attest commands (#​3033)
• Added support for attaching Time stamp authority Response in attach command (#​3001)
• Add sign --sign-container-identity CLI (#​2984)
• Feature: Allow cosign to sign digests before they are uploaded. (#​2959)
• accepts attachment-tag-prefix for cosign copy (#​3014)
• Feature: adds '--allow-insecure-registry' for cosign load (#​3000)
• download attestation: support --platform flag (#​2980)
• Cleanup: Add Digest to the SignedEntity interface. (#​2960)
• verify command: support keyless verification using only a provided certificate chain with non-fulcio roots (#​2845)
• verify: use workers to limit the paralellism when verifying images with --max-workers flag (#​3069)

Bug Fixes

• Fix pkg/cosign/errors (#​3050)
• fix: update doc to refer to github-actions oidc provider (#​3040)
• fix: prefer GitHub OIDC provider if enabled (#​3044)
• Fix --sig-only in cosign copy (#​3074)

Documentation

• Fix links to sigstore/docs in markdown files (#​3064)
• Update release readme (#​2942)

Thank you to our contributors!

• Bob Callaway
• Carlos Tadeu Panato Junior
• Chok Yip Lau
• Chris Burns
• Dmitry Savintsev
• Enyinna Ochulor
• Hayden B
• Hector Fernandez
• Jakub Hrozek
• Jason Hall
• Jon Johnson
• Luiz Carvalho
• Matt Moore
• Mritunjay Kumar Sharma
• Mukuls77
• Ramkumar Chinchani
• Sascha Grunert
• Yolanda Robla Mota
• priyawadhwa

trufflesecurity/trufflehog

v3.45.1

Compare Source

What's Changed

• [chore] - optimize chunker by @​ahrav in https://github.com/trufflesecurity/trufflehog/pull/1535
• Add commitsScanned metrics by @​bill-rich in https://github.com/trufflesecurity/trufflehog/pull/1533
• Make Ahocorasick matching case insensitive by @​zricethezav in https://github.com/trufflesecurity/trufflehog/pull/1547
• Fix data race in context wrapper library by @​mcastorina in https://github.com/trufflesecurity/trufflehog/pull/1546
• Update gitparse logic by @​rgmz in https://github.com/trufflesecurity/trufflehog/pull/1486

Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.45.0...v3.45.1

v3.45.0

Compare Source

What's Changed

• [chore] - Update loop to switch. by @​ahrav in https://github.com/trufflesecurity/trufflehog/pull/1487
• Rewrite SourceUnitEnumerator to use UnitReporter instead of a channel by @​mcastorina in https://github.com/trufflesecurity/trufflehog/pull/1485
• Define SourceUnit chunking interface by @​mcastorina in https://github.com/trufflesecurity/trufflehog/pull/1484
• fix twilio verification side effect by @​brandonjyan in https://github.com/trufflesecurity/trufflehog/pull/1494
• Fix URI detector false positives when the redacted password has been URL encoded by @​trufflesteeeve in https://github.com/trufflesecurity/trufflehog/pull/1489
• add envoy api key scanner by @​brandonjyan in https://github.com/trufflesecurity/trufflehog/pull/1482
• add couchbase scanner to defaults by @​brandonjyan in https://github.com/trufflesecurity/trufflehog/pull/1497
• tweak jdbc redaction by @​rosecodym in https://github.com/trufflesecurity/trufflehog/pull/1490
• add launch_darkly keyword to launchdarkly scanner by @​brandonjyan in https://github.com/trufflesecurity/trufflehog/pull/1495
• [chore] - update detector template file by @​ahrav in https://github.com/trufflesecurity/trufflehog/pull/1500
• add thog enterprise detector for web keys by @​zubairk14 in https://github.com/trufflesecurity/trufflehog/pull/1448
• use Go 1.20 for all github workflows by @​rosecodym in https://github.com/trufflesecurity/trufflehog/pull/1508
• unify JDBC detector ping logic by @​rosecodym in https://github.com/trufflesecurity/trufflehog/pull/1506
• add dockerhub scanner by @​brandonjyan in https://github.com/trufflesecurity/trufflehog/pull/1496
• JDBC indeterminacy by @​rosecodym in https://github.com/trufflesecurity/trufflehog/pull/1507
• [chore] Remove parent setting / getting in Context wrapper by @​mcastorina in https://github.com/trufflesecurity/trufflehog/pull/1516
• Revert "[chore] Remove parent setting / getting in Context wrapper (#… by @​mcastorina in https://github.com/trufflesecurity/trufflehog/pull/1519
• Bump github.com/googleapis/gax-go/v2 from 2.11.0 to 2.12.0 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1501
• Bump google.golang.org/api from 0.130.0 to 0.131.0 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1502
• Bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1523
• capture JSON error in AWS detector by @​rosecodym in https://github.com/trufflesecurity/trufflehog/pull/1509
• Decrease frequency of dependabot alerts to monthly by @​zricethezav in https://github.com/trufflesecurity/trufflehog/pull/1524
• Support indeterminacy in alchemy and update detector docs by @​rosecodym in https://github.com/trufflesecurity/trufflehog/pull/1510
• [chore] Remove parent manipulation in context package by @​mcastorina in https://github.com/trufflesecurity/trufflehog/pull/1525
• Implement SourceManager basics by @​mcastorina in https://github.com/trufflesecurity/trufflehog/pull/1515
• Correctly route pprof endpoint by @​mcastorina in https://github.com/trufflesecurity/trufflehog/pull/1527
• [chore] - Remove password info from log by @​ahrav in https://github.com/trufflesecurity/trufflehog/pull/1528
• continue scanning on detector / decoder panic by @​dustin-decker in https://github.com/trufflesecurity/trufflehog/pull/863
• Add match boundary to okta regular expressions by @​mcastorina in https://github.com/trufflesecurity/trufflehog/pull/1531
• Replace aho-corasick library by @​zricethezav in https://github.com/trufflesecurity/trufflehog/pull/1538

New Contributors

• @​brandonjyan made their first contribution in https://github.com/trufflesecurity/trufflehog/pull/1494

Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.44.0...v3.45.0

v3.44.0

Compare Source

What's Changed

• fix typo by @​zricethezav in https://github.com/trufflesecurity/trufflehog/pull/1452
• Remove additional apk clean up in Dockerfile by @​PeterDaveHello in https://github.com/trufflesecurity/trufflehog/pull/1440
• Remove the Image4 detector by @​rgmz in https://github.com/trufflesecurity/trufflehog/pull/1461
• tighten up Shortcut API detector by @​zubairk14 in https://github.com/trufflesecurity/trufflehog/pull/1438
• additional similarity check for base64 and plain by @​zricethezav in https://github.com/trufflesecurity/trufflehog/pull/1462
• Add new verification error message field by @​rosecodym in https://github.com/trufflesecurity/trufflehog/pull/1463
• Bump golang.org/x/crypto from 0.10.0 to 0.11.0 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1473
• Bump github.com/jlaffaye/ftp from 0.1.0 to 0.2.0 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1471
• Bump github.com/TheZeroSlave/zapsentry from 1.15.0 to 1.17.0 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1470
• remove old detector by @​zricethezav in https://github.com/trufflesecurity/trufflehog/pull/1474
• Bump google.golang.org/api from 0.129.0 to 0.130.0 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1472
• Define SourceUnit enumeration interface by @​mcastorina in https://github.com/trufflesecurity/trufflehog/pull/1428
• Update tests for forks so we don't fail on everything by @​zricethezav in https://github.com/trufflesecurity/trufflehog/pull/1475
• scan GitHub MR and issue comments by @​zubairk14 in https://github.com/trufflesecurity/trufflehog/pull/1435
• Report indeterminacy in AWS verifier by @​rosecodym in https://github.com/trufflesecurity/trufflehog/pull/1480
• do not report AWS 403s as indeterminate by @​rosecodym in https://github.com/trufflesecurity/trufflehog/pull/1481
• Dedupe results by @​zricethezav in https://github.com/trufflesecurity/trufflehog/pull/1479
• Include the line number GitHub & Gitlab links by @​rgmz in https://github.com/trufflesecurity/trufflehog/pull/1466

New Contributors

• @​PeterDaveHello made their first contribution in https://github.com/trufflesecurity/trufflehog/pull/1440
• @​rgmz made their first contribution in https://github.com/trufflesecurity/trufflehog/pull/1461
• @​rosecodym made their first contribution in https://github.com/trufflesecurity/trufflehog/pull/1463

Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.43.0...v3.44.0

v3.43.0

Compare Source

What's Changed

• Introduce trufflehog:ignore tag feature by @​zricethezav in https://github.com/trufflesecurity/trufflehog/pull/1433
• remove HEAD from git diff command, rename unstaged to staged by @​zricethezav in https://github.com/trufflesecurity/trufflehog/pull/1439
• Bump github.com/envoyproxy/protoc-gen-validate from 1.0.1 to 1.0.2 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1445
• Bump cloud.google.com/go/secretmanager from 1.11.0 to 1.11.1 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1443
• Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1444
• Add missing keywords for sqlserver by @​zricethezav in https://github.com/trufflesecurity/trufflehog/pull/1449
• Bump google.golang.org/api from 0.128.0 to 0.129.0 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1441
• Bump cloud.google.com/go/storage from 1.30.1 to 1.31.0 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1442

Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.42.0...v3.43.0

v3.42.0

Compare Source

What's Changed

• Exit with non-zero exit code on chunk source error by @​nyanshak in https://github.com/trufflesecurity/trufflehog/pull/1286
• Fix docker source to return any chunk errors by @​mcastorina in https://github.com/trufflesecurity/trufflehog/pull/1429
• Add Couchbase Detector by @​zubairk14 in https://github.com/trufflesecurity/trufflehog/pull/1385
• Bump github.com/xanzy/go-gitlab from 0.85.0 to 0.86.0 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1425
• Use url redaction in git by @​trufflesteeeve in https://github.com/trufflesecurity/trufflehog/pull/1399
• Fix stripPassword by @​zricethezav in https://github.com/trufflesecurity/trufflehog/pull/1430
• Don't return on okta credential failed verification by @​mcastorina in https://github.com/trufflesecurity/trufflehog/pull/1432
• verify response body with expected keywords by @​zubairk14 in https://github.com/trufflesecurity/trufflehog/pull/1419
• added opsgenie detector by @​roxanne-tampus in https://github.com/trufflesecurity/trufflehog/pull/650

Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.41.1...v3.42.0

v3.41.1

Compare Source

What's Changed

• Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1415
• Implement SourceUnitUnmarshaller for all sources by @​mcastorina in https://github.com/trufflesecurity/trufflehog/pull/1416
• Ensure results are collected correctly when verification is off, and … by @​dustin-decker in https://github.com/trufflesecurity/trufflehog/pull/1420
• prevent www from being a key to prevent fp by @​zubairk14 in https://github.com/trufflesecurity/trufflehog/pull/1418
• Bump github.com/go-ldap/ldap/v3 from 3.4.4 to 3.4.5 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1422
• Bump go.mongodb.org/mongo-driver from 1.11.6 to 1.12.0 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1423
• Bump golang.org/x/sync from 0.2.0 to 0.3.0 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1426
• Update Slack webhook error text for verification by @​atkinchris in https://github.com/trufflesecurity/trufflehog/pull/1427
• Bump cloud.google.com/go/storage from 1.29.0 to 1.30.1 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1424

New Contributors

• @​atkinchris made their first contribution in https://github.com/trufflesecurity/trufflehog/pull/1427

Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.41.0...v3.41.1

v3.41.0

Compare Source

What's Changed

• Make trace error message so newlines aren't escaped by @​bill-rich in https://github.com/trufflesecurity/trufflehog/pull/1396
• Add Validator interface and example by @​bill-rich in https://github.com/trufflesecurity/trufflehog/pull/1397
• Setup SourceUnit interface by @​mcastorina in https://github.com/trufflesecurity/trufflehog/pull/1393
• Bump github.com/getsentry/sentry-go from 0.21.0 to 0.22.0 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1404
• Bump golang.org/x/oauth2 from 0.8.0 to 0.9.0 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1407
• update discord invite link to one that doesn't expire by @​zricethezav in https://github.com/trufflesecurity/trufflehog/pull/1410
• Custom detector name by @​zricethezav in https://github.com/trufflesecurity/trufflehog/pull/1400
• Bump github.com/googleapis/gax-go/v2 from 2.10.0 to 2.11.0 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1406
• Bump google.golang.org/api from 0.125.0 to 0.128.0 by @​dependabot in https://github.com/trufflesecurity/trufflehog/pull/1408
• add new key pat for mailgun detector by @​zubairk14 in https://github.com/trufflesecurity/trufflehog/pull/1375
• remove gorilla mux by @​dillonstreator in https://github.com/trufflesecurity/trufflehog/pull/1411
• fix spelling errors by @​dillonstreator in https://github.com/trufflesecurity/trufflehog/pull/1413
• 🎉 Add Docker image scanning 🎉 by @​dustin-decker in https://github.com/trufflesecurity/trufflehog/pull/1412

New Contributors

• @​dillonstreator made their first contribution in https://github.com/trufflesecurity/trufflehog/pull/1411

Full Changelog: https://github.com/trufflesecurity/trufflehog/compare/v3.40.0...v3.41.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.