Update all dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/download-artifact	action	major	v7 → v8
actions/upload-artifact	action	major	v6 → v7
dawidd6/action-send-mail	action	major	v7 → v15
docker/build-push-action	action	major	v6 → v7
docker/setup-buildx-action	action	major	v3 → v4
docker/setup-qemu-action	action	major	v3 → v4
suzuki-shunsuke/github-action-renovate-config-validator	action	major	v1.1.1 → v2.1.0
trufflesecurity/trufflehog	action	minor	v3.92.4 → v3.93.8

---

Release Notes

actions/download-artifact (actions/download-artifact)

v8

Compare Source

actions/upload-artifact (actions/upload-artifact)

v7

Compare Source

dawidd6/action-send-mail (dawidd6/action-send-mail)

v15

Compare Source

What's Changed

• build(deps): bump undici from 6.23.0 to 6.24.1 by @​dependabot[bot] in #​275
• node_modules: update by @​dawidd6 in #​276

Full Changelog: dawidd6/action-send-mail@v14...v15

v14

Compare Source

What's Changed

• Fix 234 by @​felfert in #​271

Full Changelog: dawidd6/action-send-mail@v13...v14

v13

Compare Source

What's Changed

• Upgrade to node24 by @​felfert in #​273

Full Changelog: dawidd6/action-send-mail@v12...v13

v12

Compare Source

Possible Breaking Change

from input now needs to be in one of those forms:

• Plain Simple Name <user@example.com>
• user@example.com

What's Changed

• build(deps): bump minimatch from 3.1.3 to 3.1.5 by @​dependabot[bot] in #​265
• Misc. fixes by @​felfert in #​267
• build(deps): bump nodemailer from 8.0.1 to 8.0.2 by @​dependabot[bot] in #​269
• node_modules: update by @​dawidd6 in #​270

New Contributors

• @​felfert made their first contribution in #​267

Full Changelog: dawidd6/action-send-mail@v11...v12

v11

Compare Source

What's Changed

• Add support for custom email headers via JSON input by @​KaSpiros in #​264

New Contributors

• @​KaSpiros made their first contribution in #​264

Full Changelog: dawidd6/action-send-mail@v10...v11

v10

Compare Source

What's Changed

• build(deps): bump nodemailer from 8.0.0 to 8.0.1 by @​dependabot[bot] in #​260
• node_modules: update by @​dawidd6 in #​261
• build(deps): bump minimatch from 3.1.2 to 3.1.3 by @​dependabot[bot] in #​262
• node_modules: update by @​dawidd6 in #​263

Full Changelog: dawidd6/action-send-mail@v9...v10

v9

Compare Source

What's Changed

• build(deps): bump nodemailer from 7.0.13 to 8.0.0 by @​dependabot[bot] in #​258
• node_modules: update by @​dawidd6 in #​259

Full Changelog: dawidd6/action-send-mail@v8...v9

v8

Compare Source

What's Changed

• build(deps): bump @​actions/core from 2.0.1 to 2.0.2 by @​dependabot[bot] in #​247
• node_modules: update by @​dawidd6 in #​248
• build(deps): bump @​actions/core from 2.0.2 to 2.0.3 by @​dependabot[bot] in #​251
• build(deps): bump @​actions/glob from 0.5.0 to 0.5.1 by @​dependabot[bot] in #​249
• build(deps): bump nodemailer from 7.0.12 to 7.0.13 by @​dependabot[bot] in #​250
• build(deps): bump @​actions/glob from 0.5.1 to 0.6.1 by @​dependabot[bot] in #​253
• build(deps): bump @​actions/core from 2.0.3 to 3.0.0 by @​dependabot[bot] in #​252
• Convert CommonJS to ESM by @​Copilot in #​255
• Run npm ci --ignore-scripts to update dependencies by @​Copilot in #​254

New Contributors

• @​Copilot made their first contribution in #​255

Full Changelog: dawidd6/action-send-mail@v7...v8

docker/build-push-action (docker/build-push-action)

v7

Compare Source

docker/setup-buildx-action (docker/setup-buildx-action)

v4

Compare Source

docker/setup-qemu-action (docker/setup-qemu-action)

v4

Compare Source

suzuki-shunsuke/github-action-renovate-config-validator (suzuki-shunsuke/github-action-renovate-config-validator)

v2.1.0

Compare Source

Features

#​1092 Enable npm cache by default

Cache improves the performance and mitigates the API Rate Limit Issues.

v2.0.0

Compare Source

⚠️ Breaking Change

#​1063 The action installs Node.js 24 by default to support the latest Renovate.
If you don't want to install it, please set the input node-version to none.

Fixes

#​1060 Install the latest Renovate by default @​deviantintegral

trufflesecurity/trufflehog (trufflesecurity/trufflehog)

v3.93.8

Compare Source

What's Changed

• fix: make LDAP verification context-aware by @​mariduv in #​4768
• Stop growing filesystem resume data by @​rosecodym in #​4797

Full Changelog: trufflesecurity/trufflehog@v3.93.7...v3.93.8

v3.93.7

Compare Source

What's Changed

• [INS-331] Fix the issue causing the tests file system soruce tests to fail on windows by @​MuneebUllahKhan222 in #​4743
• Thread original chunk data through engine pipeline by @​dustin-decker in #​4780
• Added detector for JFrog Artifactory Reference Tokens by @​shahzadhaider1 in #​4684
• Fix JDBC detector regex truncating trailing non-alphanumeric password characters by @​amanfcp in #​4755

Full Changelog: trufflesecurity/trufflehog@v3.93.6...v3.93.7

v3.93.6

Compare Source

What's Changed

• GH_TOKEN needed for gh by @​bill-rich in #​4772
• Move verify flag into detectableChunk by @​rosecodym in #​4558

Full Changelog: trufflesecurity/trufflehog@v3.93.5...v3.93.6

v3.93.5

Compare Source

What's Changed

• Add workspace_id to Slack Continuous metadata by @​mariduv in #​4749
• fix(release): Disable docker provenance feature by @​mariduv in #​4752
• Base64 decoding depth assessment by @​dxa4481 in #​4744
• [INS-246] Add Google Gemini API key detector by @​mustansir14 in #​4649
• Refactor log package by @​mcastorina in #​4734
• [INS-309]updated google api version to v0.259.0 by @​MuneebUllahKhan222 in #​4736
• fix(ftp): set read deadline on connection to prevent indefinite hang by @​dylanTruffle in #​4759
• added rotation on 403s access_refused, this detector considered them indeterminate failures by @​jordanTunstill in #​4740
• [INS-283] Support following symlinks in filesystem source by @​MuneebUllahKhan222 in #​4742
• Fix typos in comments in json-enumerator source by @​bradlarsen in #​4764
• Fix race condition in release process by @​bill-rich in #​4766

Full Changelog: trufflesecurity/trufflehog@v3.93.4...v3.93.5

v3.93.4

Compare Source

What's Changed

• Add a new NDJSON / JSONL input source by @​bradlarsen in #​4721
• Fix typo in CODEOWNERS for pkg/analyzer by @​shahzadhaider1 in #​4748
• Pre-allocate anthropic analyzer bindings slice capacity with zero length by @​kashifkhan0771 in #​4746
• Made indeterminate error for JWT detector determinate by @​jordanTunstill in #​4745
• Optimize the regex pattern in the artifactory access token detector by @​shahzadhaider1 in #​4685

Full Changelog: trufflesecurity/trufflehog@v3.93.3...v3.93.4

v3.93.3

Compare Source

What's Changed

• OpenAI Admin Key Detector by @​amanfcp in #​4689

Full Changelog: trufflesecurity/trufflehog@v3.93.2...v3.93.3

v3.93.2

Compare Source

What's Changed

• Fix pre-receive hook hangs and missing logs by flushing logs on signal and using CommandContext for git commands by @​jordanTunstill in #​4714
• [INS-285] Fix custom detectors line number reporting to match the full regex instead of capture group by @​mustansir14 in #​4697

Full Changelog: trufflesecurity/trufflehog@v3.93.1...v3.93.2

v3.93.1

Compare Source

What's Changed

• Enhance security reporting guidelines in SECURITY.md by @​joeleonjr in #​4725
• Allow logging of caller info by @​rosecodym in #​4731

Full Changelog: trufflesecurity/trufflehog@v3.93.0...v3.93.1

v3.93.0

Compare Source

What's Changed

• Remove ResultWithMetadata.Data by @​rosecodym in #​4659
• Add tests for processResult by @​rosecodym in #​4674
• Switch out default HTTP client use in detectors by @​bradlarsen in #​4670
• [INS-202] Add rate limiting to the Github Analyzer by @​mustansir14 in #​4617
• Fix/issue 4578 path normalization for unix and windows by @​Rusted2361 in #​4614
• Auto-configure TruffleHog for Pre-commit Hooks by @​kashifkhan0771 in #​4666
• Include key info for analyze by @​bill-rich in #​4686
• fix: typos in comments by @​NAM-MAN in #​4676
• Stop using detectableChunk in processResult by @​rosecodym in #​4691
• fix(github): preserve trailing hyphens in repository names by @​PascalThuet in #​4695
• Skip failing Git Engine test by @​mustansir14 in #​4701
• [INS-281] Github Bug fix: UnitErr and UnitOK called for the same repo by @​mustansir14 in #​4681
• [INS-258] Revert includeRepos removal from GitHub source by @​mustansir14 in #​4673
• Re-enable Git Engine Test by @​shahzadhaider1 in #​4715
• Add some false positive tests by @​rosecodym in #​4703
• Unify false positive/overlap tests by @​rosecodym in #​4699
• Unify some false positive logic by @​rosecodym in #​4720
• [INS-249] Updated Gitlab client from v0.129.0 to v1.12.0(latest) by @​MuneebUllahKhan222 in #​4655
• [INS-307] Added unspecified(0.0.0.0) check to DetectorHttpClientWithNoLocalAddresses by @​MuneebUllahKhan222 in #​4726
• Added Analysis info to tableau detector by @​MuneebUllahKhan222 in #​4717
• Remove first-class verification overlap tracker by @​rosecodym in #​4723
• [INS-280] Fix Github "repostories" filter does not respect GHES endpoint by @​mustansir14 in #​4677
• [INS-228] Add ignorePattern configuration support to Postgres and Sqlserver detectors by @​mustansir14 in #​4612

New Contributors

• @​Rusted2361 made their first contribution in #​4614
• @​NAM-MAN made their first contribution in #​4676
• @​PascalThuet made their first contribution in #​4695

Full Changelog: trufflesecurity/trufflehog@v3.92.5...v3.93.0

v3.92.5

Compare Source

What's Changed

• [INS-206] Store Gitlab Project ID in secret location metadata by @​mustansir14 in #​4601
• [INS-242] Add more validations to Custom Detector config by @​mustansir14 in #​4642
• Fix syslog test failing due to hardcoded timestamp by @​MuneebUllahKhan222 in #​4646
• [INS-120] Increase code coverage for Postman's source scanItem function by @​MuneebUllahKhan222 in #​4648
• [INS-232] Fix S3 Source "panic: runtime error: index out of range" bug by @​mustansir14 in #​4610
• [INS-170] Unify JDBC URL Parsing Across Detector and Analyzer (Continued) by @​mustansir14 in #​4606
• Add exponential backoff retry logic in Twilio detector by @​shahzadhaider1 in #​4652
• Fix typo in help description for Postman API metric by @​shahzadhaider1 in #​4656
• Rework JWT detector to better block local IPs by @​bradlarsen in #​4607
• Gitlab Source: Backoff from Scan2 which is experimental to legacy pagination API call by @​kashifkhan0771 in #​4608
• fix: git commit date parsing for non-English locales by @​GLEF1X in #​4653
• fix: report accurate line numbers for chunked file scanning (#​1876) by @​GLEF1X in #​4615
• Add Postman API monthly request limit metric by @​shahzadhaider1 in #​4667
• [INS-243] Fix jdbc detector detecting incomplete connection string and fixed invalid… by @​MuneebUllahKhan222 in #​4636

New Contributors

• @​GLEF1X made their first contribution in #​4653

Full Changelog: trufflesecurity/trufflehog@v3.92.4...v3.92.5

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

---

This change is 

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/dawidd6/action-send-mail	4758fd2f0eab31f80897dc291e43c3867cce37bf	🟢 3.9	Details Check Score Reason Code-Review ⚠️ 1 Found 2/11 approved changesets -- score normalized to 1 Maintained 🟢 10 26 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
actions/trufflesecurity/trufflehog	6c05c4a00b91aa542267d8e32a8254774799d68d	🟢 6.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Binary-Artifacts 🟢 9 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits

Scanned Files

• .github/workflows/shared-secret-scan.yml