chore(deps): bump trufflesecurity/trufflehog from 3.95.6 to 3.95.8#80
Conversation
|
Codex review: needs maintainer review before merge. Reviewed July 5, 2026, 4:15 PM ET / 20:15 UTC. Summary Reproducibility: not applicable. this is a dependency-update PR rather than a bug report. The source check confirms current main still uses the older action tag and the PR changes that exact line. Review metrics: 2 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Next step before merge
Security Review detailsBest possible solution: Merge the dependency update after the repository's required review gates remain green. Do we have a high-confidence way to reproduce the issue? Not applicable; this is a dependency-update PR rather than a bug report. The source check confirms current main still uses the older action tag and the PR changes that exact line. Is this the best way to solve the issue? Yes; for this dependency-maintenance item, the narrow one-line action tag update is the maintainable solution. The workflow permissions remain constrained and CI reports the updated path passing. AGENTS.md: not found in the target repository. Codex review notes: model internal, reasoning high; reviewed against d26b140c7a94. Label changesLabel changes:
Label justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
|
@dependabot rebase |
Bumps [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.95.6 to 3.95.8. - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](trufflesecurity/trufflehog@v3.95.6...v3.95.8) --- updated-dependencies: - dependency-name: trufflesecurity/trufflehog dependency-version: 3.95.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
c05863b to
b68368f
Compare
|
Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry! If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request |
|
Maintainer verification after merge:
No remaining caveats. |
Bumps trufflesecurity/trufflehog from 3.95.6 to 3.95.8.
Release notes
Sourced from trufflesecurity/trufflehog's releases.
Commits
00155c9Include encoded resume info instead of clobbering it (#5110)4d3a66ffixed syntax error (#5109)797f02b[INS-334] Octopus Deploy detector (#4787)7f04a89[INS-465] Skip unverified JWT Detector results when feature flag is enabled (...459d5a7Add prometheus metrics for engine channels and workers (#5095)f38f8f7fix(azuresastoken): match SAS tokens regardless of parameter order (#5043)6261f5cremoved "unauthorized" as exception for rotated graphana secrets (#5068)f446421[INS-407] Fixed AWS detector producing non deterministic output (#4836)885fa2d[INS-197] Add redhatpyxis api key detector (#4995)c09d726[INS-497] Add Pganalyze Read Key Detector (#4993)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)