Skip to content

chore(deps): update pre-commit hook mongodb/kingfisher to v1.91.0#490

Merged
renovate[bot] merged 1 commit intomainfrom
renovate/mongodb-kingfisher-1.x
Mar 28, 2026
Merged

chore(deps): update pre-commit hook mongodb/kingfisher to v1.91.0#490
renovate[bot] merged 1 commit intomainfrom
renovate/mongodb-kingfisher-1.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Mar 28, 2026

This PR contains the following updates:

Package Type Update Change
mongodb/kingfisher repository minor v1.90.0v1.91.0

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

Release Notes

mongodb/kingfisher (mongodb/kingfisher)

v1.91.0

Compare Source

  • Added SSRF protection for credential validation: outbound HTTP requests now block connections to loopback, private, link-local, and other non-public IP addresses. HTTP redirect targets are DNS-resolved and validated against the same SSRF rules. Use --allow-internal-ips to opt out when scanning internal infrastructure.
  • Consolidated JWT SSRF checks to use the shared is_ssrf_safe_ip function, covering additional reserved ranges (CGNAT, documentation, benchmarking, IPv6 unique-local).
  • Removed ipnet dependency from kingfisher-scanner (no longer needed).
  • Remediated current RustSec vulnerability findings by upgrading core dependencies including gix, mysql_async, axum, indicatif, quick-xml, and console.
  • Added make audit-deps to run cargo audit locally and report vulnerable dependencies.
  • Refreshed pinned GitHub Actions for swatinem/rust-cache, msys2/setup-msys2, and ncipollo/release-action, and configured Dependabot to ignore selected GitHub Action major-version bumps.
  • OpenSSF Scorecard hardening: added SECURITY.md, .github/dependabot.yml, pinned all GitHub Actions by SHA, fixed dangerous workflow expression injection patterns, added top-level permissions: {} to pypi.yml, and added SLSA provenance generation for releases.
  • Added ClusterFuzzLite integration with four fuzz targets (entropy, location mapping, base64 decoding, span deduplication) and a make fuzz target for local fuzzing.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Third-party library dependencies. label Mar 28, 2026
@renovate renovate bot enabled auto-merge (squash) March 28, 2026 20:59
@renovate renovate bot merged commit 15003b1 into main Mar 28, 2026
8 checks passed
@renovate renovate bot deleted the renovate/mongodb-kingfisher-1.x branch March 28, 2026 21:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Third-party library dependencies.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants