build(deps): bump the actions group across 1 directory with 3 updates

[dependabot]

Bumps the actions group with 3 updates in the / directory: trufflesecurity/trufflehog, dependabot/fetch-metadata and DavidAnson/markdownlint-cli2-action.

Updates trufflesecurity/trufflehog from 3.93.8 to 3.94.3

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.94.3

What's Changed

• Add release bot workflow by @​bryanbeverly in trufflesecurity/trufflehog#4835
• handle AADSTS50173 as explicit revocation signal for azure refresh tokens by @​jordanTunstill in trufflesecurity/trufflehog#4842
• Add AnalysisInfo to verified results by @​hxnyk in trufflesecurity/trufflehog#4862
• Add nil check and error context to GitHub analyzer by @​johnelliott in trufflesecurity/trufflehog#4858
• [CSM-1857] Fix expired Azure secrets being silently dropped by @​dipto-truffle in trufflesecurity/trufflehog#4845
• Add HTML decoder for secret detection in HTML-formatted sources by @​alafiand in trufflesecurity/trufflehog#4840
• Split out detector types into separate proto file in order to narrow CODEOWNERS scope by @​casey-tran in trufflesecurity/trufflehog#4871

New Contributors

• @​johnelliott made their first contribution in trufflesecurity/trufflehog#4858
• @​dipto-truffle made their first contribution in trufflesecurity/trufflehog#4845
• @​alafiand made their first contribution in trufflesecurity/trufflehog#4840

Full Changelog: trufflesecurity/trufflehog@v3.94.2...v3.94.3

v3.94.2

What's Changed

• Skip TestAPKHandler by @​shahzadhaider1 in trufflesecurity/trufflehog#4841
• fix: replace release-guard workflow with revert-latest job by @​sysread in trufflesecurity/trufflehog#4838
• Deprecated GoogleAPIKey Detector by @​nabeelalam in trufflesecurity/trufflehog#4853
• todoist: replace deprecated verification endpoint by @​rai1612 in trufflesecurity/trufflehog#4828
• Add Shopify OAuth Detector by @​amanfcp in trufflesecurity/trufflehog#4738
• [INS-425] Updated google.golang.org/grpc v1.78.0 --> v1.79.3 by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4852
• [INS-421] Re-enabled TestAPKHandler test and updated artifact url by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4856

New Contributors

• @​sysread made their first contribution in trufflesecurity/trufflehog#4838
• @​rai1612 made their first contribution in trufflesecurity/trufflehog#4828

Full Changelog: trufflesecurity/trufflehog@v3.94.1...v3.94.2

v3.94.1

What's Changed

• use struct-based SourceMetadataFunc signature across git sources by @​amanfcp in trufflesecurity/trufflehog#4813

Full Changelog: trufflesecurity/trufflehog@v3.94.0...v3.94.1

v3.94.0

What's Changed

• Use trContext instead of context throughout Filesystem source by @​camgunz in trufflesecurity/trufflehog#4804
• Make naming more consistent in the Filesystem source by @​camgunz in trufflesecurity/trufflehog#4805
• Rearrange some method parameters in the Filesystem source by @​camgunz in trufflesecurity/trufflehog#4806
• [INS-254] Datadog detector verification fix and endpoint configuration by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4616
• [INS-241] Datadogapikey detector by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4627
• Analysis info now uses snake case by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4765
• Add anypoint oauth2 detector to defaults.go by @​mustansir14 in trufflesecurity/trufflehog#4722
• Update README formatting and CLI help output by @​bryanbeverly in trufflesecurity/trufflehog#4758

... (truncated)

Commits

• 47e7b7c Split out detector types into separate proto file in order to narrow CODEOWNE...
• 9bfdb3e Add HTML decoder for secret detection in HTML-formatted sources (#4840)
• bff3d26 [CSM-1857] Fix expired Azure secrets being silently dropped (#4845)
• b0ee281 Add nil check and error context to GitHub analyzer (#4858)
• a8770b8 Add AnalysisInfo to verified results (#4862)
• 239dc4e handle AADSTS50173 as explicit revocation signal for azure refresh tokens (#4...
• e48f903 Add release bot workflow for trufflehog releases (#4835)
• 6bd2d14 Re-enabled TestAPKHandler test and updated artifact url (#4856)
• 681b305 Updated google.golang.org/grpc v1.78.0 --> v1.79.3 (#4852)
• e81c0fc Add Shopify OAuth Detector (#4738)
• Additional commits viewable in compare view

Updates dependabot/fetch-metadata from 2 to 3

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.0.0

The breaking change is requiring Node.js version v24 as the Actions runtime.

What's Changed

• feat: Parse versions from metadata links by @​ppkarwasz in dependabot/fetch-metadata#632
• Upgrade actions core and actions github packages by @​truggeri in dependabot/fetch-metadata#649
• docs: Add notes for using alert-lookup with App Token by @​sue445 in dependabot/fetch-metadata#656
• feat!: update Node.js version to v24 by @​sturman in dependabot/fetch-metadata#671
• Switch build tooling from ncc to esbuild by @​truggeri in dependabot/fetch-metadata#676
• Add --legal-comments=none to esbuild build commands by @​jeffwidman in dependabot/fetch-metadata#679
• Bump tsconfig target from es2022 to es2024 by @​jeffwidman in dependabot/fetch-metadata#680
• Remove vestigial outDir from tsconfig.json by @​jeffwidman in dependabot/fetch-metadata#681
• Switch tsconfig module resolution to bundler by @​jeffwidman in dependabot/fetch-metadata#682
• Remove skipLibCheck from tsconfig.json by @​jeffwidman in dependabot/fetch-metadata#683
• Add typecheck step to CI by @​jeffwidman in dependabot/fetch-metadata#685
• Enable noImplicitAny in tsconfig.json by @​jeffwidman in dependabot/fetch-metadata#684
• Upgrade @​actions/core to ^3.0.0 by @​truggeri in dependabot/fetch-metadata#677
• Upgrade @​actions/github to ^9.0.0 and @​octokit/request-error to ^7.1.0 by @​truggeri in dependabot/fetch-metadata#678
• Bump qs from 6.14.0 to 6.14.1 by @​dependabot[bot] in dependabot/fetch-metadata#651
• Bump hono from 4.11.1 to 4.11.4 by @​dependabot[bot] in dependabot/fetch-metadata#652
• Bump hono from 4.11.4 to 4.11.7 by @​dependabot[bot] in dependabot/fetch-metadata#653
• Bump hono from 4.11.7 to 4.12.0 by @​dependabot[bot] in dependabot/fetch-metadata#657
• Bump qs from 6.14.1 to 6.14.2 by @​dependabot[bot] in dependabot/fetch-metadata#655
• Bump @​modelcontextprotocol/sdk from 1.25.1 to 1.26.0 by @​dependabot[bot] in dependabot/fetch-metadata#654
• Bump @​hono/node-server from 1.19.9 to 1.19.10 by @​dependabot[bot] in dependabot/fetch-metadata#665
• Bump hono from 4.12.2 to 4.12.5 by @​dependabot[bot] in dependabot/fetch-metadata#664
• Bump minimatch from 3.1.2 to 3.1.5 by @​dependabot[bot] in dependabot/fetch-metadata#667
• Bump hono from 4.12.5 to 4.12.7 by @​dependabot[bot] in dependabot/fetch-metadata#668
• Bump actions/create-github-app-token from 2.2.1 to 3.0.0 by @​dependabot[bot] in dependabot/fetch-metadata#669
• Bump flatted from 3.3.3 to 3.4.2 by @​dependabot[bot] in dependabot/fetch-metadata#670
• build(deps-dev): bump picomatch from 2.3.1 to 2.3.2 by @​dependabot[bot] in dependabot/fetch-metadata#674

New Contributors

• @​ppkarwasz made their first contribution in dependabot/fetch-metadata#632
• @​truggeri made their first contribution in dependabot/fetch-metadata#649
• @​sue445 made their first contribution in dependabot/fetch-metadata#656
• @​sturman made their first contribution in dependabot/fetch-metadata#671

Full Changelog: dependabot/fetch-metadata@v2...v3.0.0

v2.5.0

What's Changed

• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot[bot] in dependabot/fetch-metadata#628
• Bump the dev-dependencies group with 11 updates by @​dependabot[bot] in dependabot/fetch-metadata#629
• Bump actions/create-github-app-token from 2.0.6 to 2.1.1 by @​dependabot[bot] in dependabot/fetch-metadata#635
• Bump actions/create-github-app-token from 2.1.1 to 2.1.4 by @​dependabot[bot] in dependabot/fetch-metadata#638
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in dependabot/fetch-metadata#636
• Bump actions/setup-node from 4 to 5 by @​dependabot[bot] in dependabot/fetch-metadata#637
• Bump actions/setup-node from 5 to 6 by @​dependabot[bot] in dependabot/fetch-metadata#639
• Bump actions/create-github-app-token from 2.1.4 to 2.2.0 by @​dependabot[bot] in dependabot/fetch-metadata#643

... (truncated)

Commits

• ffa630c v3.0.0 (#686)
• ec8fff2 Merge pull request #674 from dependabot/dependabot/npm_and_yarn/picomatch-2.3.2
• caf48bd build(deps-dev): bump picomatch from 2.3.1 to 2.3.2
• 13d8274 Upgrade @​actions/github to ^9.0.0 and @​octokit/request-error to ^7.1.0 (#678)
• b603099 Upgrade @​actions/core from ^1.11.1 to ^3.0.0 (#677)
• c5dc5b1 Enable noImplicitAny in tsconfig.json (#684)
• a183f3c Add typecheck step to CI (#685)
• 5e17564 Remove skipLibCheck from tsconfig.json (#683)
• bb56eeb Switch tsconfig module resolution to bundler (#682)
• 3632e3d Remove vestigial outDir from tsconfig.json (#681)
• Additional commits viewable in compare view

Updates DavidAnson/markdownlint-cli2-action from 22 to 23

Release notes

Sourced from DavidAnson/markdownlint-cli2-action's releases.

Update markdownlint-cli2 version (markdownlint-cli2 v0.22.0, markdownlint v0.40.0), update Node.js dependency to 24.

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.20.0, markdownlint v0.40.0).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.19.0, markdownlint v0.39.0).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.18.1, markdownlint v0.38.0).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.17.2, markdownlint v0.37.4).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.17.0, markdownlint v0.37.0).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.15.0, markdownlint v0.36.1).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.14.0, markdownlint v0.35.0).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.13.0, markdownlint v0.34.0).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.12.1, markdownlint v0.33.0).

Update markdownlint version (markdownlint-cli2 v0.11.0, markdownlint v0.32.1), remove deprecated "command" input.

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.10.0, markdownlint v0.31.1).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.9.2, markdownlint v0.30.0).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.8.1, markdownlint v0.29.0), add "config" and "fix" inputs, deprecate "command" input.

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.7.1, markdownlint v0.28.2).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.7.0, markdownlint v0.28.1), include link to rule information in title of annotations (clickable in GitHub).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.6.0, markdownlint v0.27.0).

No release notes provided.

... (truncated)

Commits

• ce4853d Update to version 23.0.0.
• 63a898c Improve type fidelity.
• 08fc3a2 Add configPointer input, examples for package.json/pyproject.toml.
• 154744f Freshen generated index.js file.
• d1d523c Bump markdownlint-cli2 from 0.21.0 to 0.22.0
• 619b235 Bump eslint from 10.0.3 to 10.1.0
• a226cbe Freshen generated index.js file.
• 5d93b2e Migrate from Node.js 20 to Node.js 24.
• 0cf8cdd Bump eslint from 10.0.2 to 10.0.3
• 462cc85 Bump @​stylistic/eslint-plugin from 5.9.0 to 5.10.0
• Additional commits viewable in compare view