ci(deps): Bump trufflesecurity/trufflehog from 3.91.1 to 3.93.3

[dependabot]

Bumps trufflesecurity/trufflehog from 3.91.1 to 3.93.3.

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.93.3

What's Changed

• OpenAI Admin Key Detector by @​amanfcp in trufflesecurity/trufflehog#4689

Full Changelog: trufflesecurity/trufflehog@v3.93.2...v3.93.3

v3.93.2

What's Changed

• Fix pre-receive hook hangs and missing logs by flushing logs on signal and using CommandContext for git commands by @​jordanTunstill in trufflesecurity/trufflehog#4714
• [INS-285] Fix custom detectors line number reporting to match the full regex instead of capture group by @​mustansir14 in trufflesecurity/trufflehog#4697

Full Changelog: trufflesecurity/trufflehog@v3.93.1...v3.93.2

v3.93.1

What's Changed

• Enhance security reporting guidelines in SECURITY.md by @​joeleonjr in trufflesecurity/trufflehog#4725
• Allow logging of caller info by @​rosecodym in trufflesecurity/trufflehog#4731

Full Changelog: trufflesecurity/trufflehog@v3.93.0...v3.93.1

v3.93.0

What's Changed

• Remove ResultWithMetadata.Data by @​rosecodym in trufflesecurity/trufflehog#4659
• Add tests for processResult by @​rosecodym in trufflesecurity/trufflehog#4674
• Switch out default HTTP client use in detectors by @​bradlarsen in trufflesecurity/trufflehog#4670
• [INS-202] Add rate limiting to the Github Analyzer by @​mustansir14 in trufflesecurity/trufflehog#4617
• Fix/issue 4578 path normalization for unix and windows by @​Rusted2361 in trufflesecurity/trufflehog#4614
• Auto-configure TruffleHog for Pre-commit Hooks by @​kashifkhan0771 in trufflesecurity/trufflehog#4666
• Include key info for analyze by @​bill-rich in trufflesecurity/trufflehog#4686
• fix: typos in comments by @​NAM-MAN in trufflesecurity/trufflehog#4676
• Stop using detectableChunk in processResult by @​rosecodym in trufflesecurity/trufflehog#4691
• fix(github): preserve trailing hyphens in repository names by @​PascalThuet in trufflesecurity/trufflehog#4695
• Skip failing Git Engine test by @​mustansir14 in trufflesecurity/trufflehog#4701
• [INS-281] Github Bug fix: UnitErr and UnitOK called for the same repo by @​mustansir14 in trufflesecurity/trufflehog#4681
• [INS-258] Revert includeRepos removal from GitHub source by @​mustansir14 in trufflesecurity/trufflehog#4673
• Re-enable Git Engine Test by @​shahzadhaider1 in trufflesecurity/trufflehog#4715
• Add some false positive tests by @​rosecodym in trufflesecurity/trufflehog#4703
• Unify false positive/overlap tests by @​rosecodym in trufflesecurity/trufflehog#4699
• Unify some false positive logic by @​rosecodym in trufflesecurity/trufflehog#4720
• [INS-249] Updated Gitlab client from v0.129.0 to v1.12.0(latest) by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4655
• [INS-307] Added unspecified(0.0.0.0) check to DetectorHttpClientWithNoLocalAddresses by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4726
• Added Analysis info to tableau detector by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4717
• Remove first-class verification overlap tracker by @​rosecodym in trufflesecurity/trufflehog#4723
• [INS-280] Fix Github "repostories" filter does not respect GHES endpoint by @​mustansir14 in trufflesecurity/trufflehog#4677
• [INS-228] Add ignorePattern configuration support to Postgres and Sqlserver detectors by @​mustansir14 in trufflesecurity/trufflehog#4612

New Contributors

... (truncated)

Commits

• 6961f2b OpenAI Admin Key Detector (#4689)
• 4158734 [INS-285] Fix custom detectors line number reporting to match the full regex ...
• e9734c1 Fix pre-receive hook hangs and missing logs by flushing logs on signal and us...
• 7635b24 Allow logging of caller info (#4731)
• b78fbfd Enhance security reporting guidelines in SECURITY.md (#4725)
• 7f4e37d [INS-228] Add ignorePattern configuration support to Postgres and Sqlserver d...
• daf5bf1 [INS-280] Fix Github "repostories" filter does not respect GHES endpoint (#4677)
• 4d4080b remove tracker type (#4723)
• ddb9583 Added Analysis info to tableau detector (#4717)
• ef3bf34 [INS-307] Added unspecified(0.0.0.0) check to DetectorHttpClientWithNoLocalAd...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[trunk-io]

Merging to main in this repository is managed by Trunk.

• To merge this pull request, check the box to the left or comment /trunk merge below.

[github-actions]

Dependency Review

✅ No vulnerabilities or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/trufflesecurity/trufflehog	3.93.3	🟢 7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Binary-Artifacts 🟢 9 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Vulnerabilities 🟢 8 2 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 10 SAST tool is run on all commits

Scanned Files

• .github/workflows/security.yml

[netlify]

❌ Deploy Preview for heyclaude failed.

Name	Link
🔨 Latest commit	4164467
🔍 Latest deploy log	https://app.netlify.com/projects/heyclaude/deploys/69935c16bdee810008ad980e

[dependabot]

Superseded by #274.