chore(deps): bump trufflesecurity/trufflehog from 3.95.6 to 3.95.8#61
chore(deps): bump trufflesecurity/trufflehog from 3.95.6 to 3.95.8#61dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.95.6 to 3.95.8. - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](trufflesecurity/trufflehog@v3.95.6...v3.95.8) --- updated-dependencies: - dependency-name: trufflesecurity/trufflehog dependency-version: 3.95.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
|
Codex review: needs maintainer review before merge. Reviewed July 7, 2026, 10:57 PM ET / 02:57 UTC. Summary Reproducibility: not applicable. this is a dependency maintenance PR, not a bug report with runtime reproduction steps. The relevant verification is source review, upstream tag presence, and GitHub workflow checks on the PR head. Review metrics: 1 noteworthy metric.
Root-cause cluster Members:
Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything. Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Next step before merge
Security Review detailsBest possible solution: Merge the narrow Dependabot bump through the normal maintainer dependency-review path while preserving the existing workflow permissions and scan-range behavior. Do we have a high-confidence way to reproduce the issue? Not applicable: this is a dependency maintenance PR, not a bug report with runtime reproduction steps. The relevant verification is source review, upstream tag presence, and GitHub workflow checks on the PR head. Is this the best way to solve the issue? Yes: updating the existing action reference is the narrowest maintainable way to take this TruffleHog patch release. The PR does not introduce a parallel workflow, new permissions, or new configuration surface. AGENTS.md: not found in the target repository. Codex review notes: model internal, reasoning high; reviewed against 7754b9d416df. Label changesLabel changes:
Label justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
Bumps trufflesecurity/trufflehog from 3.95.6 to 3.95.8.
Release notes
Sourced from trufflesecurity/trufflehog's releases.
Commits
00155c9Include encoded resume info instead of clobbering it (#5110)4d3a66ffixed syntax error (#5109)797f02b[INS-334] Octopus Deploy detector (#4787)7f04a89[INS-465] Skip unverified JWT Detector results when feature flag is enabled (...459d5a7Add prometheus metrics for engine channels and workers (#5095)f38f8f7fix(azuresastoken): match SAS tokens regardless of parameter order (#5043)6261f5cremoved "unauthorized" as exception for rotated graphana secrets (#5068)f446421[INS-407] Fixed AWS detector producing non deterministic output (#4836)885fa2d[INS-197] Add redhatpyxis api key detector (#4995)c09d726[INS-497] Add Pganalyze Read Key Detector (#4993)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)