chore(deps): bump trufflesecurity/trufflehog from 3.95.5 to 3.95.6

[dependabot]

Bumps trufflesecurity/trufflehog from 3.95.5 to 3.95.6.

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.95.6

What's Changed

• Enigma detector enhance verification to prevent false verified findings by @​shahzadhaider1 in trufflesecurity/trufflehog#5011
• fix: scan files with lines exceeding bufio's default 64 KB token limit by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#5022
• fix(postgres): honor ignore tags for default port URLs by @​Dawn-Fighter in trufflesecurity/trufflehog#4968
• Move to github.com/moby/moby/client from docker/docker by @​trufflesteeeve in trufflesecurity/trufflehog#4987
• fix: avoid terminal probes before CLI output by @​Hackerchen716 in trufflesecurity/trufflehog#4994
• Update test containers dependency by @​trufflesteeeve in trufflesecurity/trufflehog#4978
• Re-host pkg/handlers JSON test fixtures under the org by @​amanfcp in trufflesecurity/trufflehog#5023
• [INS-465] Add datadogapikey detector to defaults.go by @​mustansir14 in trufflesecurity/trufflehog#4969
• [INS-470] Add Tly detector to defaults.go, gate it behind feat flag and update its verification logic by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#5006
• [INS-473] Add wit detector to defaults.go, gate it behind feat flag and update verification logic by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#5008
• Updating Klaviyo PK new format by @​breetan in trufflesecurity/trufflehog#5009
• Restructure Klaviyo detector pattern tests by @​martinlocklear in trufflesecurity/trufflehog#5026
• Replace Renovate config with shared preset (high-risk tier) by @​bryanbeverly in trufflesecurity/trufflehog#4992
• set redacted value to last 4 characters of secret, to match how the secret type admin interface displays it by @​jordanTunstill in trufflesecurity/trufflehog#5027
• GitHub finegrained analyzer was improperly handling errors by @​dustin-decker in trufflesecurity/trufflehog#4498
• [INS-469] Added Rev detectors to defaults.go and gated it behind feature flag by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#5005
• Fix Renovate lookup: update setup-captain version comment by @​bryanbeverly in trufflesecurity/trufflehog#4999
• [INS-472] [INS-515] Add user detector to defaults.go, gate it behind feat flag, update verification logic and add custom ep configuration by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#5007
• Fix: Resolve known dedup issues in notifierWorker by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#5028
• fix(dropbox): prevent long sl.u. tokens from being truncated by @​lukem-ts in trufflesecurity/trufflehog#5012
• fix: add filetype=sdist param to pypi detector by @​lukem-ts in trufflesecurity/trufflehog#4988
• Handlers - Embed small HTTP test fixtures by @​amanfcp in trufflesecurity/trufflehog#5001
• S3: surface bucket listing failures and fix multi-role object count by @​shahzadhaider1 in trufflesecurity/trufflehog#5035

New Contributors

• @​Dawn-Fighter made their first contribution in trufflesecurity/trufflehog#4968
• @​Hackerchen716 made their first contribution in trufflesecurity/trufflehog#4994
• @​breetan made their first contribution in trufflesecurity/trufflehog#5009
• @​lukem-ts made their first contribution in trufflesecurity/trufflehog#5012

Full Changelog: trufflesecurity/trufflehog@v3.95.4...v3.95.6

Commits

• 30d5bb9 S3: surface bucket listing failures and fix multi-role object count (#5035)
• f0739f1 close todo - embed small HTTP test fixtures (#5001)
• 36d680a add filetype=sdist param so we get the correct response code (#4988)
• 248ffd5 fix(dropbox): prevent long sl.u. tokens from being truncated before verificat...
• afbdaa8 Fix: Resolve known dedup issues in notifierWorker (#5028)
• 7bcf376 [INS-472] [INS-515] Add user detector to defaults.go, gate it behind feat fla...
• 84a2b33 Fix Renovate lookup: update setup-captain version comment (#4999)
• ac0805e [INS-469] Added Rev detectors to defaults.go and gated it behind feature flag...
• d03d087 GitHub finegrain analyzer was improperly handling errors (#4498)
• b64cefe set redacted value to last 4 characters of secret, to match how the secret ty...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🐷 TruffleHog + Entropy Beauty Scan

Average entropy of changed code: 4.996 bits/char
Verdict: ⚠️ Consider review — entropy outside sweet spot

Changed files entropy:

.github/workflows/gradle_pr.yml: 4.933
.github/workflows/gradle_snapshot.yml: 5.059

✅ No secrets or suspicious high-entropy strings found.

Mid-4 beauty heuristic in action — powered by our entropy chats! 😊