chore(deps): bump trufflesecurity/trufflehog from 3.95.3 to 3.95.5#42
Conversation
Bumps [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.95.3 to 3.95.5. - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](trufflesecurity/trufflehog@v3.95.3...v3.95.5) --- updated-dependencies: - dependency-name: trufflesecurity/trufflehog dependency-version: 3.95.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
|
Codex review: needs maintainer review before merge. Reviewed June 5, 2026, 3:08 PM ET / 19:08 UTC. Summary Reproducibility: not applicable. this is a dependency maintenance PR, not a bug report. Source inspection verifies main still uses the old TruffleHog action tag and Go directive while the PR changes both. Review metrics: 2 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Risk before merge
Maintainer options:
Next step before merge
Security Review detailsBest possible solution: Merge the narrow dependency/toolchain bump if required checks remain green, and handle any digest-pinning or Go-version policy separately. Do we have a high-confidence way to reproduce the issue? Not applicable: this is a dependency maintenance PR, not a bug report. Source inspection verifies main still uses the old TruffleHog action tag and Go directive while the PR changes both. Is this the best way to solve the issue? Yes: updating the existing workflow AGENTS.md: not found in the target repository. Codex review notes: model gpt-5.5, reasoning high; reviewed against 5b2af061b057. Label changesLabel justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
Bumps trufflesecurity/trufflehog from 3.95.3 to 3.95.5.
Release notes
Sourced from trufflesecurity/trufflehog's releases.
... (truncated)
Commits
d411ffffeat(apk): adds some debugging info for APKs and fixes issues parsing obfusca...26eae1f[SCAN-795] HTML decoder: ASPX and entity-encoded HTML support (#4981)6c8f640Added source config flags to sharepoint proto (#4972)9f0b97fUpdate CODEOWNERS: replace 5 slugs with scanning + integrations (#4983)36f6f69Pin GitHub Actions to SHA digests (#4985)52ebebbUpdate Go security dependencies (#4986)ec67ff2Add feature flags for Pinecone, Cloudinary, and GitLab OAuth detectors (#4961)0ec3634Fix line numbers for duplicate secrets within a chunk (#4910)79acbf4Remove over speculation from Corpora CI workflow (#4974)d86254efeat: add host, db and username to ExtraData for database detectors (#4849)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)