ignore lottie false gitleaks hits

[transphorm]

Summary by CodeRabbit

• Chores
  • Updated security scanning configuration to refine allowlisting rules.

[coderabbitai]

Walkthrough

Added a new allowlist entry to .gitleaks.toml to exclude JSON files in the packages/mobile-sdk-alpha/src/animations directory from secret detection scans. This prevents false positives during gitleaks scanning.

Changes

Cohort / File(s)	Summary
Git Secrets Configuration \.gitleaks\.toml	Added allowlist path pattern to ignore JSON files in mobile SDK animations directory to prevent false positive secret detections

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🔐 Secrets safe behind the gate,
JSON files no longer bait,
False alarms fade away,
Gitleaks keeps threats at bay! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The PR title "ignore lottie false gitleaks hits" directly and accurately describes the main change in the changeset. The modification adds a gitleaks allowlist entry to suppress false positive security alerts for JSON animation files in the mobile SDK, which aligns perfectly with what the title conveys. The title is concise, specific (mentioning both "lottie" and "gitleaks"), and avoids vague language—a teammate reviewing the commit history would immediately understand that this addresses false gitleaks security scanning issues related to lottie animations.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch justin/fix-gitleaks-lottie-false-positives

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 250345a and 09f3c3f.

📒 Files selected for processing (1)

• .gitleaks.toml (1 hunks)

🔇 Additional comments (1)

.gitleaks.toml (1)

31-31: Verify this manual edit aligns with your maintainance workflow.

The pattern '''packages/mobile-sdk-alpha/src/animations/.*\.json$''' is well-formed and appropriately scoped—Lottie animations commonly trigger false positives in secret scanners due to their JSON structure. However, the file header (lines 1–4) indicates this configuration is auto-generated from cmd/generate/config/main.go.

If you regenerate the config, this manual edit will be lost. Consider whether this allowlist entry should instead be added via the code generator to persist across regenerations.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}