Ggshield

Removed

- Removed support for python 3.8.

Added

- ggshield now uses the system certificates instead of the bundled ones. Note that this only works with Python >= 3.10 (1067).

Changed

- Pre-receive hook isn't blocking anymore when GitGuardian server is temporarily unavailable (return 5xx status code).

Fixed

- Files with emojis in their name are now handled properly.

- Fix ggshield crashing on Windows when doing big merges (1032).

<a id='changelog-1.37.0'></a>

Fixed

- `ggshield secret scan docker` now correctly handles ignored paths (548).

<a id='changelog-1.36.0'></a>

Removed

- `ggshield sca` and `ggshield iac` commands have been removed.

Fixed

- The `--instance` option now accepts both https://api.eu1.gitguardian.com/v1 or https://api.gitguardian.com/v1.

- Fix `ggshield secret scan pre-commit` crashing on big merges (1032).

<a id='changelog-1.35.0'></a>

Added

- `ggshield secret scan` now provides an `--all-secrets` option. When this option is set, it lists all found secrets and their possible ignore reason.

Changed

- Files contained in the `.git/` directory are now scanned. Files in subdirectories such as `.git/hooks` are still excluded.

- When scanning commits, ggshield now ignores by default secrets that are removed or contextual to the patch.

Fixed

- Handle trailing content in multi-parent hunk header.

- Installing ggshield from the release RPM on EL9 failed because of a missing library. This is now fixed (1036).

- Fix Visual Studio not being able to show error messages from ggshield pre-commit (170).

<a id='changelog-1.34.0'></a>

Added

- `ggshield config list` command now supports the `--json` option, allowing output in JSON format.

- All `secret scan` commands as well as the `api-status` and `quota` commands now supports the `--instance` option to allow using a different instance.

- The `api-status` command now prints where the API key and instance used come from.

Changed

- `ggshield api-status --json` output now includes the instance URL.

- `ggshield secret scan repo` now uses `git clone --mirror` to retrieve more git objects.

- `ggshield secret scan ci` now scans all commits of a Pull Request in the following CI environments: Jenkins, Azure, Bitbucket and Drone.

Deprecated

- ggshield now prints a warning message when it is being run executed by Python 3.8.

Fixed

- When running `ggshield secret scan ci` in a GitLab CI, new commits from the target branch that are not on the feature branch will no longer be scanned.

- Take into account the `--allow-self-signed` option at all levels in `ggshield secret scan` commands.

- When `ggshield secret scan` is called with `--with-incident-details` and the token does not have the required scopes, the command now fails and an error message is printed.

- ggshield no longer fails to report secrets for patches with content in hunk header lines.

<a id='changelog-1.33.0'></a>

Changed

- The `--debug` option now automatically turns on verbose mode.

- The `--use-gitignore` option now also applies to single files passed as argument.

- RPM packages now depend on `git-core` instead of `git`, reducing the number of dependencies to install (983).

Fixed

- When using the `--debug` option, the log output no longer overlaps with the progress bars.

- The ggshield pre-commit hook no longer crashes when merging files with spaces in their names (991).

- RPM packages now work correctly on RHEL 8.8 (984).

<a id='changelog-1.32.2'></a>