ci: bump trufflesecurity/trufflehog from 3.95.3 to 3.95.6 in the actions-patch-minor group across 1 directory

[dependabot]

Bumps the actions-patch-minor group with 1 update in the / directory: trufflesecurity/trufflehog.

Updates trufflesecurity/trufflehog from 3.95.3 to 3.95.6

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.95.6

What's Changed

• Enigma detector enhance verification to prevent false verified findings by @​shahzadhaider1 in trufflesecurity/trufflehog#5011
• fix: scan files with lines exceeding bufio's default 64 KB token limit by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#5022
• fix(postgres): honor ignore tags for default port URLs by @​Dawn-Fighter in trufflesecurity/trufflehog#4968
• Move to github.com/moby/moby/client from docker/docker by @​trufflesteeeve in trufflesecurity/trufflehog#4987
• fix: avoid terminal probes before CLI output by @​Hackerchen716 in trufflesecurity/trufflehog#4994
• Update test containers dependency by @​trufflesteeeve in trufflesecurity/trufflehog#4978
• Re-host pkg/handlers JSON test fixtures under the org by @​amanfcp in trufflesecurity/trufflehog#5023
• [INS-465] Add datadogapikey detector to defaults.go by @​mustansir14 in trufflesecurity/trufflehog#4969
• [INS-470] Add Tly detector to defaults.go, gate it behind feat flag and update its verification logic by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#5006
• [INS-473] Add wit detector to defaults.go, gate it behind feat flag and update verification logic by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#5008
• Updating Klaviyo PK new format by @​breetan in trufflesecurity/trufflehog#5009
• Restructure Klaviyo detector pattern tests by @​martinlocklear in trufflesecurity/trufflehog#5026
• Replace Renovate config with shared preset (high-risk tier) by @​bryanbeverly in trufflesecurity/trufflehog#4992
• set redacted value to last 4 characters of secret, to match how the secret type admin interface displays it by @​jordanTunstill in trufflesecurity/trufflehog#5027
• GitHub finegrained analyzer was improperly handling errors by @​dustin-decker in trufflesecurity/trufflehog#4498
• [INS-469] Added Rev detectors to defaults.go and gated it behind feature flag by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#5005
• Fix Renovate lookup: update setup-captain version comment by @​bryanbeverly in trufflesecurity/trufflehog#4999
• [INS-472] [INS-515] Add user detector to defaults.go, gate it behind feat flag, update verification logic and add custom ep configuration by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#5007
• Fix: Resolve known dedup issues in notifierWorker by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#5028
• fix(dropbox): prevent long sl.u. tokens from being truncated by @​lukem-ts in trufflesecurity/trufflehog#5012
• fix: add filetype=sdist param to pypi detector by @​lukem-ts in trufflesecurity/trufflehog#4988
• Handlers - Embed small HTTP test fixtures by @​amanfcp in trufflesecurity/trufflehog#5001
• S3: surface bucket listing failures and fix multi-role object count by @​shahzadhaider1 in trufflesecurity/trufflehog#5035

New Contributors

• @​Dawn-Fighter made their first contribution in trufflesecurity/trufflehog#4968
• @​Hackerchen716 made their first contribution in trufflesecurity/trufflehog#4994
• @​breetan made their first contribution in trufflesecurity/trufflehog#5009
• @​lukem-ts made their first contribution in trufflesecurity/trufflehog#5012

Full Changelog: trufflesecurity/trufflehog@v3.95.4...v3.95.6

v3.95.5

What's Changed

• [INS-461] Add test to ensure new detectors are registered in defaults.go by @​mustansir14 in trufflesecurity/trufflehog#4915
• [INS-455] Unify common logic in Atlassian Data Center detectors by @​mustansir14 in trufflesecurity/trufflehog#4907
• fix(github): cache repo info under original URL on redirect by @​kashifkhan0771 in trufflesecurity/trufflehog#4958
• Added GitLab OAuth Detector by @​shahzadhaider1 in trufflesecurity/trufflehog#4729
• Box Detector: Extract Subject ID for Analyzer Integration by @​shahzadhaider1 in trufflesecurity/trufflehog#4761
• [INS-346] SpectralOps Personal API Key Detector by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4770
• [INS-335] Added AWS Appsync Detector by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4803
• fix(twilio): deduplicate matches to prevent O(N×M) result explosion by @​kashifkhan0771 in trufflesecurity/trufflehog#4954
• Automate corpora testing in CI by @​mustansir14 in trufflesecurity/trufflehog#4927
• Enable errcheck and staticcheck for golangci-lint v2 and resolve all issues by @​amanfcp in trufflesecurity/trufflehog#4924
• feat: add host, db and username to ExtraData for database detectors by @​mariocj89 in trufflesecurity/trufflehog#4849
• Remove over speculation from Corpora CI workflow by @​mustansir14 in trufflesecurity/trufflehog#4974
• Fix line numbers for duplicate secrets within a chunk by @​amanfcp in trufflesecurity/trufflehog#4910
• Add feature flags for Pinecone, Cloudinary, and GitLab OAuth detectors by @​camgunz in trufflesecurity/trufflehog#4961

... (truncated)

Commits

• 30d5bb9 S3: surface bucket listing failures and fix multi-role object count (#5035)
• f0739f1 close todo - embed small HTTP test fixtures (#5001)
• 36d680a add filetype=sdist param so we get the correct response code (#4988)
• 248ffd5 fix(dropbox): prevent long sl.u. tokens from being truncated before verificat...
• afbdaa8 Fix: Resolve known dedup issues in notifierWorker (#5028)
• 7bcf376 [INS-472] [INS-515] Add user detector to defaults.go, gate it behind feat fla...
• 84a2b33 Fix Renovate lookup: update setup-captain version comment (#4999)
• ac0805e [INS-469] Added Rev detectors to defaults.go and gated it behind feature flag...
• d03d087 GitHub finegrain analyzer was improperly handling errors (#4498)
• b64cefe set redacted value to last 4 characters of secret, to match how the secret ty...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

Summary by cubic

Bump trufflesecurity/trufflehog in the secrets scan workflow from v3.95.3 to v3.95.6 to pick up bug fixes and detector improvements.

• Dependencies
  • Update .github/workflows/secrets.yml to use trufflesecurity/trufflehog@30d5bb9 (v3.95.6) from @37b7700 (v3.95.3)

^{Written for commit bbdab59. Summary will update on new commits.}