chore(deps): update module github.com/cockroachdb/redact to v1.1.8

[red-hat-konflux]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/cockroachdb/redact	v1.1.5 → v1.1.8

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

cockroachdb/redact (github.com/cockroachdb/redact)

v1.1.8: Feature Enhancements and Performance Improvements

Compare Source

Note: Behavior Change in Redact()

There is a subtle behavior change in how the Redact method operates in this version.

Previously, Redact() worked with a regexp based search-and-replace methodology which would, in the case of nested markers, redact the inner markers only: ‹a‹b›c› would be redacted to ‹a‹×›c›. Mis-matched markers would also leak information.

The changes in v1.1.8 modify behavior to be more greedy when encountering a redaction start marker. You can expect information after a start marker to be consistently redacted until we see an end marker.

Please note that the library already takes steps to prevent mismatched markers from being output. It already escapes redaction markers within provided strings automatically so nested or mismatched markers can only occur if the library is manipulating RedactableString instances it did not create.

Some examples below highlight what's different:

	Input	Match	Result	Stray markers	Exposed content
Regex (Old)	‹a‹b›c›	‹b› (inner pair only)	‹a‹×›c›	‹ left, › right	"a", "c"
Iteration (New)	‹a‹b›c›	‹a‹b› (first ‹ to first ›)	‹×›c›	› right	"c"

	Input	Match	Result	Stray markers	Exposed content
Regex (Old)	‹SECRET‹inner›	‹inner› (inner pair only)	‹SECRET‹×›	‹	"SECRET"
Iteration (New)	‹SECRET‹inner›	‹SECRET‹inner› (first ‹ to first ›)	‹×›	none	none

	Input	Match	Result	Stray markers	Exposed content
Regex (Old)	‹inner›SECRET›	‹inner› (inner pair only)	‹×›SECRET›	›	"SECRET"
Iteration (New)	‹inner›SECRET›	‹inner› (first ‹ to first ›)	‹×›SECRET› (same as before)	›	"SECRET"

---

What's Changed

v1.1.8 — Performance: replace regexp with manual scanning

• Replace regexp-based implementation in Redact() with manual byte scanning (#​36)
• Replace regexp-based implementation in StripMarkers() and EscapeMarkers() with manual byte scanning (#​37)
• Add comprehensive tests and benchmarks for StripMarkers and EscapeMarkers

v1.1.7 — Hash-based redaction and OTel processor

• Introduce hash-based redaction: redacted values are replaced with a SHA-256 hash, enabling correlation of redacted values across log entries without revealing the original content (#​33)
• Add OpenTelemetry collector processor for redacting log data in OTel pipelines (#​31)

v1.1.6 — SafeByte/SafeBytes support

• Add SafeByte and SafeBytes interfaces, allowing types to indicate they produce safe (non-sensitive) byte output (#​30)

Full Changelog: cockroachdb/redact@v1.1.5...v1.1.8

v1.1.7

Compare Source

v1.1.6

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: backend/go.sum

Command failed: go get -t ./...
go: downloading github.com/cockroachdb/redact v1.1.8
go: github.com/apache/incubator-devlake/helpers/unithelper imports
	github.com/apache/incubator-devlake/mocks/core/context: cannot find module providing package github.com/apache/incubator-devlake/mocks/core/context
go: github.com/apache/incubator-devlake/helpers/unithelper imports
	github.com/apache/incubator-devlake/mocks/core/dal: cannot find module providing package github.com/apache/incubator-devlake/mocks/core/dal
go: github.com/apache/incubator-devlake/helpers/unithelper imports
	github.com/apache/incubator-devlake/mocks/core/log: cannot find module providing package github.com/apache/incubator-devlake/mocks/core/log
go: github.com/apache/incubator-devlake/helpers/unithelper imports
	github.com/apache/incubator-devlake/mocks/core/plugin: cannot find module providing package github.com/apache/incubator-devlake/mocks/core/plugin
go: github.com/apache/incubator-devlake/helpers/pluginhelper/api tested by
	github.com/apache/incubator-devlake/helpers/pluginhelper/api.test imports
	github.com/apache/incubator-devlake/mocks/helpers/pluginhelper/api: cannot find module providing package github.com/apache/incubator-devlake/mocks/helpers/pluginhelper/api
go: module github.com/aws/aws-sdk-go is deprecated: aws-sdk-go is deprecated. Use aws-sdk-go-v2.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.