Skip to content

chore(secret-leak-check): bump betterleaks default to v1.4.1#47

Merged
dkastl merged 1 commit into
mainfrom
chore/betterleaks-v1.4.1
Jun 7, 2026
Merged

chore(secret-leak-check): bump betterleaks default to v1.4.1#47
dkastl merged 1 commit into
mainfrom
chore/betterleaks-v1.4.1

Conversation

@dkastl

@dkastl dkastl commented Jun 7, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Contributor

What

Bump the reusable-secret-leak-check.yml default betterleaks image from v1.3.0 to v1.4.1, pinned by the multi-arch index digest sha256:1edd6588...62bff7.

Why

v1.3.1 through v1.4.0 were rebuilt with Go 1.25.0 and crashed on linux/amd64 with a taggedPointerPack runtime panic, which forced the revert to v1.3.0. Upstream's v1.4.1 fixes the Go toolchain issue.

Verification

$ docker run --rm --platform linux/amd64 ghcr.io/betterleaks/betterleaks:v1.4.1 version
1.4.1

Runs clean on amd64 (exit 0, no panic). Index digest covers linux/amd64 + linux/arm64.

Callers pinning @v1 (e.g. the per-repo PR-time secret-leak check) pick this up once the release tag moves.

Summary by CodeRabbit

  • Chores
    • Updated the secret leak detection tool to a newer version for enhanced scanning capabilities.

@dkastl
chore(secret-leak-check): bump betterleaks default to v1.4.1
6a6bd0a 
v1.4.1 fixes the Go 1.25 taggedPointerPack runtime panic on linux/amd64
that affected v1.3.1 through v1.4.0. Verified the v1.4.1 image runs clean
on amd64 (version -> 1.4.1, exit 0). Pinned by the multi-arch index digest.
@coderabbitai

coderabbitai Bot commented Jun 7, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 3161d9ee-1dd9-4fb7-9125-e18b2091ee66

📥 Commits

Reviewing files that changed from the base of the PR and between 4390296 and 6a6bd0a.

📒 Files selected for processing (1)
  • .github/workflows/reusable-secret-leak-check.yml

Walkthrough

This PR updates the default betterleaks container image digest in the reusable secret-leak-check workflow from v1.3.0 to v1.4.1.

Changes

Betterleaks image version update

Layer / File(s) Summary
Betterleaks image digest update
.github/workflows/reusable-secret-leak-check.yml		 The betterleaks-image workflow input default is updated from a v1.3.0 digest to the v1.4.1 digest, upgrading the pinned container image for secret-leak scanning.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

  • geolonia/.github#40: Prior version bump of the same betterleaks-image input default in the reusable secret-leak-check workflow.
  • geolonia/.github#24: Original introduction of the betterleaks-image workflow input with an initial pinned digest default.
  • geolonia/.github#43: Another update to the same workflow input default with a different pinned betterleaks image digest.
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and concisely summarizes the main change: bumping the betterleaks default image version from v1.3.0 to v1.4.1 in the secret-leak-check workflow.
Description check ✅ Passed The description is well-structured with What/Why/Verification sections explaining the change rationale and verification. It exceeds the basic template requirements by providing comprehensive context.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/betterleaks-v1.4.1

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions

github-actions Bot commented Jun 7, 2026

Copy link
Copy Markdown

Secret Leak Check

OK No secrets detected in this PR's diff.

@dkastl dkastl merged commit 4b3b72a into main Jun 7, 2026
2 checks passed
@dkastl dkastl deleted the chore/betterleaks-v1.4.1 branch June 7, 2026 21:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dkastl