Update deps (#762)

Author: jkjell

.pre-commit-config.yaml

@@ -1,18 +1,18 @@
 repos:
 - repo: https://github.com/gitleaks/gitleaks
-  rev: v8.16.3
+  rev: v8.30.0
   hooks:
   - id: gitleaks
 - repo: https://github.com/golangci/golangci-lint
-  rev: v1.52.2
+  rev: v2.11.4
   hooks:
   - id: golangci-lint
 - repo: https://github.com/jumanjihouse/pre-commit-hooks
   rev: 3.0.0
   hooks:
   - id: shellcheck
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.4.0
+  rev: v6.0.0
   hooks:
   - id: end-of-file-fixer
     exclude: ^docs/

Makefile

@@ -32,7 +32,7 @@ docgen: ## Generate the docs
 	go run ./docgen
 	# some configuration variables use the user's home directory in their default values.
 	# we want the documentation to just print $$HOME in these cases
-	sed -i "s|${HOME}|"'$$HOME|g' docs/commands.md
+	sed -i '' "s|${HOME}|"'$$HOME|g' docs/commands.md
 
 help: ## Display this help screen
 	@grep -h -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'

cmd/config.go

@@ -33,9 +33,14 @@ func initConfig(rootCmd *cobra.Command, rootOptions *options.RootOptions) error
 		if rootCmd.Flags().Lookup("config").Changed {
 			return fmt.Errorf("config file %s does not exist", rootOptions.Config)
 		} else {
-			log.Debugf("%s does not exist, using command line arguments", rootOptions.Config)
-			return nil
+			// This is the deprecated behavior of loading this file by default, error out now
+			if _, err := os.Stat(".witness.yaml"); err == nil {
+				return fmt.Errorf("default use of .witness.yaml is deprecated, please specify the config file with --config or -c")
+			}
 		}
+
+		log.Debug("No config file found, using command line arguments")
+		return nil
 	}
 
 	v.SetConfigFile(rootOptions.Config)

cmd/verify.go

@@ -143,7 +143,7 @@ func runVerify(ctx context.Context, vo options.VerifyOptions, verifiers ...crypt
 				return fmt.Errorf("failed to parse intermediate CA certificate: %w", err)
 			}
 
-			policyRoots = append(policyIntermediates, cert)
+			policyIntermediates = append(policyIntermediates, cert)
 		}
 	}
 

docgen/verify.sh

@@ -31,6 +31,7 @@ cp docs/concepts/collection.md "$tmpdir/concepts/"
 go run ./docgen --dir "$tmpdir"
 # some configuration variables use the user's home directory in their default values.
 # we want the documentation to just print $HOME in these cases
+# shellcheck disable=SC2016
 sed -i "s|${HOME}|"'$HOME|g' "$tmpdir/commands.md"
 echo "###########################################"
 echo "If diffs are found, run: make docgen"

docs/attestors/secretscan.md

@@ -19,6 +19,42 @@ The attestor uses [Gitleaks](https://github.com/zricethezav/gitleaks) to scan fo
 
 When secrets are found, they are recorded in a structured format with the actual secret replaced by a DigestSet containing cryptographic hashes of the secret using all configured hash algorithms from the attestation context.
 
+## SecretScan Attestor Examples
+
+This section contains examples demonstrating the capabilities of the SecretScan attestor. You can find the demo script [here](https://github.com/in-toto/go-witness/blob/main/attestation/secretscan/examples/demo-encoded-secrets.sh)
+
+### Demo Scripts
+
+### `demo-encoded-secrets.sh`
+
+This script demonstrates the multi-layer encoding detection capabilities of the secretscan attestor. It:
+
+1. Creates test files with secrets in various encodings:
+   - Plain text
+   - Base64-encoded
+   - Double base64-encoded
+   - URL-encoded
+   - Hex-encoded
+   - Mixed encoding (base64 + URL)
+
+2. Runs the witness CLI with the secretscan attestor on each file
+
+3. Extracts and displays the findings from each attestation
+
+### Running the Demo
+
+```sh
+# Make sure the script is executable
+chmod +x demo-encoded-secrets.sh
+
+# Run the demo
+./demo-encoded-secrets.sh
+```
+
+## Additional Resources
+
+For more information about the secretscan attestor, see the [main README](https://github.com/in-toto/go-witness/blob/main/attestation/secretscan/README.md) in the parent directory.
+
 ## Schema
 ```json
 {
@@ -92,39 +128,3 @@ When secrets are found, they are recorded in a structured format with the actual
   }
 }
 ```
-
-# SecretScan Attestor Examples
-
-This section contains examples demonstrating the capabilities of the SecretScan attestor. You can find the demo script [here](https://github.com/in-toto/go-witness/blob/main/attestation/secretscan/examples/demo-encoded-secrets.sh)
-
-### Demo Scripts
-
-### `demo-encoded-secrets.sh`
-
-This script demonstrates the multi-layer encoding detection capabilities of the secretscan attestor. It:
-
-1. Creates test files with secrets in various encodings:
-   - Plain text
-   - Base64-encoded
-   - Double base64-encoded
-   - URL-encoded
-   - Hex-encoded
-   - Mixed encoding (base64 + URL)
-
-2. Runs the witness CLI with the secretscan attestor on each file
-
-3. Extracts and displays the findings from each attestation
-
-### Running the Demo
-
-```sh
-# Make sure the script is executable
-chmod +x demo-encoded-secrets.sh
-
-# Run the demo
-./demo-encoded-secrets.sh
-```
-
-## Additional Resources
-
-For more information about the secretscan attestor, see the [main README](https://github.com/in-toto/go-witness/blob/main/attestation/secretscan/README.md) in the parent directory.