Skip to content

chore(deps): bump trufflesecurity/trufflehog from 3.94.2 to 3.94.3#199

Merged
GeWuYou merged 1 commit into
mainfrom
dependabot/github_actions/trufflesecurity/trufflehog-3.94.3
Apr 10, 2026
Merged

chore(deps): bump trufflesecurity/trufflehog from 3.94.2 to 3.94.3#199
GeWuYou merged 1 commit into
mainfrom
dependabot/github_actions/trufflesecurity/trufflehog-3.94.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 9, 2026

Copy link
Copy Markdown
Contributor

Bumps trufflesecurity/trufflehog from 3.94.2 to 3.94.3.

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.94.3

What's Changed

New Contributors

Full Changelog: trufflesecurity/trufflehog@v3.94.2...v3.94.3

Commits
  • 47e7b7c Split out detector types into separate proto file in order to narrow CODEOWNE...
  • 9bfdb3e Add HTML decoder for secret detection in HTML-formatted sources (#4840)
  • bff3d26 [CSM-1857] Fix expired Azure secrets being silently dropped (#4845)
  • b0ee281 Add nil check and error context to GitHub analyzer (#4858)
  • a8770b8 Add AnalysisInfo to verified results (#4862)
  • 239dc4e handle AADSTS50173 as explicit revocation signal for azure refresh tokens (#4...
  • e48f903 Add release bot workflow for trufflehog releases (#4835)
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump trufflesecurity/trufflehog from 3.94.2 to 3.94.3
900d66e 
Bumps [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.94.2 to 3.94.3.
- [Release notes](https://github.com/trufflesecurity/trufflehog/releases)
- [Commits](trufflesecurity/trufflehog@v3.94.2...v3.94.3)

---
updated-dependencies:
- dependency-name: trufflesecurity/trufflehog
  dependency-version: 3.94.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 9, 2026
@greptile-apps

greptile-apps Bot commented Apr 9, 2026

Copy link
Copy Markdown

Greptile Summary

This PR is an automated Dependabot bump of the trufflesecurity/trufflehog GitHub Action from v3.94.2 to v3.94.3 in the CI workflow. It is a single-line change within the secrets-scanning step.

  • Patch release v3.94.3 includes bugfixes (expired Azure secrets no longer silently dropped, nil-check improvements for the GitHub analyzer) and minor enhancements (HTML decoder for secret detection, AnalysisInfo on verified results) — no breaking changes.
  • The upgrade improves the fidelity and reliability of the existing TruffleHog scan without altering any workflow structure or inputs.

Confidence Score: 5/5

Safe to merge — routine patch bump of a security scanning action with no breaking changes.

Single-line version bump (3.94.2 → 3.94.3) generated by Dependabot. The upstream patch release contains only bugfixes and minor enhancements to TruffleHog's scanning capabilities. No workflow logic is altered, no new permissions are introduced, and the compatibility score from Dependabot is high.

No files require special attention.

Vulnerabilities

No security concerns identified. This change upgrades the TruffleHog secrets-scanning action to a patch release that fixes Azure secret handling and adds an HTML decoder — improvements that strengthen the repo's existing secret-detection posture.

Important Files Changed

Filename Overview
.github/workflows/ci.yml Single-line version bump of trufflesecurity/trufflehog from v3.94.2 to v3.94.3; no structural changes to the workflow.

Sequence Diagram

sequenceDiagram
    participant GH as GitHub Actions
    participant TH as trufflesecurity/trufflehog@v3.94.3
    participant Repo as Repository

    GH->>Repo: Checkout code
    GH->>TH: Run TruffleHog scan
    Note over TH: path: .<br/>base: github.event.before<br/>head: github.sha
    TH->>Repo: Diff base..head commits
    TH-->>GH: Report detected secrets (if any)
Loading

Reviews (1): Last reviewed commit: "chore(deps): bump trufflesecurity/truffl..." | Re-trigger Greptile

@GeWuYou GeWuYou merged commit dd00473 into main Apr 10, 2026
6 of 7 checks passed
@GeWuYou GeWuYou deleted the dependabot/github_actions/trufflesecurity/trufflehog-3.94.3 branch April 10, 2026 09:09
@dependabot dependabot Bot mentioned this pull request Apr 26, 2026
Closed
This was referenced May 10, 2026
Closed
Closed
@dependabot dependabot Bot mentioned this pull request May 21, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GeWuYou