chore(deps): bump trufflesecurity/trufflehog from 3.95.6 to 3.95.7#57
chore(deps): bump trufflesecurity/trufflehog from 3.95.6 to 3.95.7#57dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.95.6 to 3.95.7. - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](trufflesecurity/trufflehog@v3.95.6...v3.95.7) --- updated-dependencies: - dependency-name: trufflesecurity/trufflehog dependency-version: 3.95.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
|
Codex review: needs maintainer review before merge. Reviewed July 2, 2026, 2:05 AM ET / 06:05 UTC. Summary Reproducibility: not applicable. this is a dependency maintenance PR, not a bug report with runtime reproduction steps. The relevant verification is source review, upstream tag presence, and GitHub workflow checks on the PR head. Review metrics: 1 noteworthy metric.
Root-cause cluster Members:
Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything. Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Next step before merge
Security Review detailsBest possible solution: Merge the narrow Dependabot bump through the normal maintainer dependency-review path while preserving the existing workflow permissions and scan-range behavior. Do we have a high-confidence way to reproduce the issue? Not applicable: this is a dependency maintenance PR, not a bug report with runtime reproduction steps. The relevant verification is source review, upstream tag presence, and GitHub workflow checks on the PR head. Is this the best way to solve the issue? Yes: updating the existing action reference is the narrowest maintainable way to take this TruffleHog patch release. The PR does not introduce a parallel workflow, new permissions, or new configuration surface. AGENTS.md: not found in the target repository. Codex review notes: model internal, reasoning high; reviewed against 7754b9d416df. Label changesLabel justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
|
Superseded by #61. |
Bumps trufflesecurity/trufflehog from 3.95.6 to 3.95.7.
Release notes
Sourced from trufflesecurity/trufflehog's releases.
Commits
f446421[INS-407] Fixed AWS detector producing non deterministic output (#4836)885fa2d[INS-197] Add redhatpyxis api key detector (#4995)c09d726[INS-497] Add Pganalyze Read Key Detector (#4993)c1a1d6aExposeSecretPartsin the JSON output (#5073)39a1435Add scan_all_installations option for multi-org GitHub App scanning (#4775)8b85dcdBump shared renovate-config to v1.0.3 (#5044)2e4db5fSkip reverification results during deduplication (#5069)4945fa3huggingface: add bucket scanning (#5017)3d196c8[INS-406] Braintrust detector (#4826)6f52203fix: add git worktree support in PrepareRepo (#4690)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)