Bearer/bearer v1.1.0

on GitHub

Highlights

• Reduced false positives in rules.
• Improved JS detections object deconstructing.
• New express JS rule for session information leaked via cached static assets #763
• Skip rules with code comments

Breaking Changes

• Custom rule syntax for triggers has changed - see the upgrade documentation here.

Changelog

• de801a2 chore(deps): bump Apple-Actions/import-codesign-certs from 1 to 2 (#777)
• 589ad0f chore(deps): bump actions/deploy-pages from 1 to 2 (#800)
• 46c8103 chore(deps): bump actions/setup-go from 3 to 4 (#801)
• 73adae3 chore(deps): bump aws-actions/configure-aws-credentials from 1 to 2 (#776)
• bd1954e chore(deps): bump github.com/aws/aws-sdk-go from 1.44.214 to 1.44.219 (#778)
• 2a12dd0 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.219 to 1.44.224 (#803)
• 27a3548 chore(deps): bump github.com/fatih/color from 1.14.1 to 1.15.0 (#780)
• 165a428 chore(deps): bump github.com/go-git/go-git/v5 from 5.6.0 to 5.6.1 (#806)
• 38588e5 chore(deps): bump github.com/open-policy-agent/opa from 0.49.2 to 0.50.0 (#779)
• 4dc4aa6 chore(deps): bump github.com/open-policy-agent/opa from 0.50.0 to 0.50.1 (#804)
• 27eff32 chore(deps): bump github.com/schollz/progressbar/v3 from 3.13.0 to 3.13.1 (#805)
• 79befed chore(deps): bump github.com/zricethezav/gitleaks/v8 from 8.16.0 to 8.16.1 (#802)
• ea82c51 chore(deps): bump google.golang.org/api from 0.111.0 to 0.112.0 (#781)
• a72192d chore(deps): bump google.golang.org/api from 0.112.0 to 0.114.0 (#807)
• ab27717 docs(fix): JS rules formatting (#775)
• cf39059 feat(JS rules): rule for express session for static assets (#763)
• 2739910 feat(Ruby Rails rules): add or remove Resource TODOs (#787)
• 7f4b086 feat(Ruby rules): add or remove Resource TODOs (#786)
• 092a0a6 feat(Ruby rules): improve remediation messages (#783)
• b614f50 feat(Ruby rules): improve third party docs (#785)
• af2976d feat(rules): update trigger attributes (#797)
• 675ed2b feat: add support for object deconstructing. (#789)
• 812ac7c feat: skip rules with comments in code (#794)
• 5729db4 fix(JS Express rules): improve default cookie rule (#754)
• bf2045d fix(JS Express rules): tighten path traversal rule (#759)
• 1d5c57d fix(JS rules): fix typo in JS AWS lambda rule (#784)
• 49cea66 fix(Ruby rules): remove duplicate devise rule (#772)
• 4c24ccf fix(Ruby rules): tighten ruby hardcoded secret rule pattern (#771)
• 787a111 fix(rules): fix typo in rule description (#798)
• 9258f6f fix: fix remediation message indentation (#770)
• 3d1ce4c fix: improve error messaging for custom detector failures (#791)
• 992169f fix: remove old integration test workflow (#769)
• 3766bf8 fix: split integration tests (#767)