chore(deps): update pre-commit hook mongodb/kingfisher to v1.98.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
mongodb/kingfisher	repository	minor	v1.97.0 → v1.98.0

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

mongodb/kingfisher (mongodb/kingfisher)

v1.98.0

Compare Source

• Bounded disk usage for large multi-repo scans (e.g. --include-contributors --repo-artifacts against orgs with thousands of repos): cloning, artifact fetching, and scanning now run concurrently through bounded channels, and each cloned repo is removed from the temp directory as soon as its scan completes. On-disk footprint stays roughly O(num_jobs) regardless of total repo count instead of growing without bound. --keep-clones and --git-clone-dir opt out of the per-repo cleanup as before.
• Parallelized --repo-artifacts fetching with buffer_unordered(num_jobs) so issue/PR/wiki API calls run concurrently and stream into the scan loop, replacing the previous per-repo serial loop that delayed the start of scanning by hours on large fan-outs.
• Streamed --format json output as compact one-envelope-per-line so concatenated per-repo emits from the parallel scan path produce valid JSONL that kingfisher view can load. Pipe through jq . for pretty-printed output.
• Fixed a panic in the lexer when a string literal ends in a trailing backslash ('... \); the escape handling now clamps past-EOF so extract_literal_values returns instead of slicing out of bounds.
• Added first-class Postman scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports.
• Fixed #​359: added kingfisher.github.9 to detect the new ~520-character stateless GitHub App installation token format (ghs_<APP_ID>_<JWT>). The legacy 36-character ghs_ rule (kingfisher.github.5) is retained for older / GHES-issued tokens that are still in circulation.
• Added provider endpoint overrides for validation and revocation via global --endpoint PROVIDER=URL and --endpoint-config FILE, with built-in support for self-hosted GitHub, GitLab, Gitea, Jira, Confluence, and Artifactory instances.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.