Skip to content

chore(deps): update pre-commit hook mongodb/kingfisher to v1.91.0#160

Merged
renovate[bot] merged 1 commit intomainfrom
renovate/mongodb-kingfisher-1.x
Mar 28, 2026
Merged

chore(deps): update pre-commit hook mongodb/kingfisher to v1.91.0#160
renovate[bot] merged 1 commit intomainfrom
renovate/mongodb-kingfisher-1.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Mar 28, 2026

This PR contains the following updates:

Package Type Update Change
mongodb/kingfisher repository minor v1.90.0v1.91.0

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

Release Notes

mongodb/kingfisher (mongodb/kingfisher)

v1.91.0

Compare Source

  • Added SSRF protection for credential validation: outbound HTTP requests now block connections to loopback, private, link-local, and other non-public IP addresses. HTTP redirect targets are DNS-resolved and validated against the same SSRF rules. Use --allow-internal-ips to opt out when scanning internal infrastructure.
  • Consolidated JWT SSRF checks to use the shared is_ssrf_safe_ip function, covering additional reserved ranges (CGNAT, documentation, benchmarking, IPv6 unique-local).
  • Removed ipnet dependency from kingfisher-scanner (no longer needed).
  • Remediated current RustSec vulnerability findings by upgrading core dependencies including gix, mysql_async, axum, indicatif, quick-xml, and console.
  • Added make audit-deps to run cargo audit locally and report vulnerable dependencies.
  • Refreshed pinned GitHub Actions for swatinem/rust-cache, msys2/setup-msys2, and ncipollo/release-action, and configured Dependabot to ignore selected GitHub Action major-version bumps.
  • OpenSSF Scorecard hardening: added SECURITY.md, .github/dependabot.yml, pinned all GitHub Actions by SHA, fixed dangerous workflow expression injection patterns, added top-level permissions: {} to pypi.yml, and added SLSA provenance generation for releases.
  • Added ClusterFuzzLite integration with four fuzz targets (entropy, location mapping, base64 decoding, span deduplication) and a make fuzz target for local fuzzing.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot enabled auto-merge (squash) March 28, 2026 20:47
@renovate renovate Bot merged commit a841348 into main Mar 28, 2026
35 checks passed
@renovate renovate Bot deleted the renovate/mongodb-kingfisher-1.x branch March 28, 2026 21:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants