[v1.87.0]
- Tree-sitter verification now runs for blobs from
0bytes up to128 KiB(previously1 KiBto64 KiB), while remaining a post-regex verification step applied only to context-dependent candidate matches from Hyperscan/Vectorscan. - False-positive reduction: Hyperscan/Vectorscan still scans everything first, then tree-sitter performs a second-pass verification only on auto-classified context-dependent findings; self-identifying/token-explicit findings stay regex-first.
- Hardened Perplexity API key validation to reject auth failures (
401/403) and avoid false "Active Credential" results from error payloads. - Fixed Yelp API key validation false positives by switching to an auth-enforcing endpoint (
/v3/businesses/search) and adding explicit auth error guards. - Added 37 new provider detection + HTTP validation rules: Ably, AbstractAPI, AbuseIPDB, AviationStack, Better Stack, Brevo, Clearout, Clerk, Cloudinary, Coinlayer, Contentstack, Currencylayer, Daily, Fixer, Geoapify, Hunter.io, Mux, NewsAPI, Numverify, OneSignal, Pinecone, Pingdom, Positionstack, Railway, Render, Rollbar, Salesloft, Sanity, StatusCake, Storyblok, UptimeRobot, urlscan.io, VirusTotal, WeatherAPI, Webflow, and ZeroBounce.
- Tightened regex specificity for newly added rules by replacing broad variable-length token captures with explicit fixed formats/lengths and aligned examples to pass
rules check.