chore(deps): update pre-commit hook mongodb/kingfisher to v1.85.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
mongodb/kingfisher	repository	minor	v1.84.0 → v1.85.0

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

mongodb/kingfisher (mongodb/kingfisher)

v1.85.0

Compare Source

• Report viewer: added --view-report-port and --view-report-address to kingfisher scan --view-report, and --address to kingfisher view, so the embedded report server can bind to 0.0.0.0 and be reached from the host when running in Docker. Use --view-report-address 0.0.0.0 with -p 7890:7890 (or --view-report-port 7891 with -p 7891:7891) to view the HTML report at http://localhost:7890 from your host.
• Updated kingfisher scan to accept Git repository URLs as positional targets (for example kingfisher scan github.com/org/repo or kingfisher scan https://gitlab.com/group/project.git) without requiring --git-url.
• Deprecated --git-url while preserving backward compatibility; using the flag now emits a migration warning to prefer positional URL targets.
• Updated README/integration/usage/install/demo examples and CLI tests to use positional Git URL scanning syntax.
• Jira scanning: added kingfisher scan jira --include-comments and --include-changelog to scan per-issue comments and changelog entries, with paginated Jira comment fetching and ADF text normalization preserved for issue/comment content.
• Added --turbo mode: sets --commit-metadata=false, --no-base64, disables language detection, and disables tree-sitter parsing...for maximum scan speed. Findings will omit Git commit context (author, date, commit hash) and will not include Base64-decoded secrets.
• SQLite database scanning: kingfisher now detects and extracts SQLite files (.db, .sqlite, .sqlite3, etc.), dumping each table as SQL text with named columns so secrets stored in database rows are scannable. Extraction is enabled by default and can be disabled with --no-extract-archives.
• Python bytecode (.pyc) scanning: extracts string constants from compiled Python (.pyc, .pyo) files via marshal parsing so secrets embedded in bytecode are scannable. Extraction is enabled by default and can be disabled with --no-extract-archives.
• Performance: pipelined ODB enumeration — scanning now begins while blob OIDs are still being discovered, overlapping I/O with pattern matching.
• Performance: skip blobs smaller than 20 bytes during enumeration (too small to contain any secret).
• Performance: preserve pack-ascending blob order in the metadata path for better I/O locality when Rayon splits work.
• Performance: defer Git committer metadata materialization until commits actually introduce scannable blobs, reducing unnecessary string/time parsing work.
• Performance: push --exclude filtering into Git tree traversal so excluded paths/subtrees are pruned before blob-introduction bookkeeping.
• Performance: make Git repository object indexing single-pass (removed the extra ODB scan in RepositoryIndex::new).

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.