Skip to content

Version 0.13 -> 1.0 Dev->Main #287

Open
liquidsec wants to merge 163 commits intomainfrom
dev
Open

Version 0.13 -> 1.0 Dev->Main #287
liquidsec wants to merge 163 commits intomainfrom
dev

Conversation

@liquidsec
Copy link
Collaborator

@liquidsec liquidsec commented Oct 9, 2025

No description provided.

dependabot bot and others added 11 commits September 30, 2025 01:10
@dependabot
Bump markupsafe from 3.0.2 to 3.0.3
19cb876 
Bumps [markupsafe](https://github.com/pallets/markupsafe) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/pallets/markupsafe/releases)
- [Changelog](https://github.com/pallets/markupsafe/blob/main/CHANGES.rst)
- [Commits](pallets/markupsafe@3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: markupsafe
  dependency-version: 3.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump cryptography from 46.0.1 to 46.0.2
cf57df0 
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.1 to 46.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.1...46.0.2)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump django from 4.2.24 to 4.2.25
29cc44d 
Bumps [django](https://github.com/django/django) from 4.2.24 to 4.2.25.
- [Commits](django/django@4.2.24...4.2.25)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 4.2.25
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump certifi from 2025.8.3 to 2025.10.5
91a35a2 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2025.8.3 to 2025.10.5.
- [Commits](certifi/python-certifi@2025.08.03...2025.10.05)

---
updated-dependencies:
- dependency-name: certifi
  dependency-version: 2025.10.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump asgiref from 3.9.2 to 3.10.0
9c0073e 
Bumps [asgiref](https://github.com/django/asgiref) from 3.9.2 to 3.10.0.
- [Changelog](https://github.com/django/asgiref/blob/main/CHANGELOG.txt)
- [Commits](django/asgiref@3.9.2...3.10.0)

---
updated-dependencies:
- dependency-name: asgiref
  dependency-version: 3.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@liquidsec
Merge pull request #282 from blacklanternsecurity/dependabot/pip/dev/…
eee4b0c 
…cryptography-46.0.2

Bump cryptography from 46.0.1 to 46.0.2
@liquidsec
Merge pull request #286 from blacklanternsecurity/dependabot/pip/dev/…
5d9a076 
…asgiref-3.10.0

Bump asgiref from 3.9.2 to 3.10.0
@liquidsec
Merge pull request #285 from blacklanternsecurity/dependabot/pip/dev/…
973491e 
…certifi-2025.10.5

Bump certifi from 2025.8.3 to 2025.10.5
@liquidsec
Merge branch 'dev' into dependabot/pip/django-4.2.25
770ceef
@liquidsec
Merge pull request #284 from blacklanternsecurity/dependabot/pip/djan…
7d8cf61 
…go-4.2.25

Bump django from 4.2.24 to 4.2.25
@liquidsec
Merge pull request #281 from blacklanternsecurity/dependabot/pip/dev/…
1ab4086 
…markupsafe-3.0.3

Bump markupsafe from 3.0.2 to 3.0.3
@codecov-commenter
Copy link

codecov-commenter commented Oct 9, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (4540a4a) to head (427b8ca).

Additional details and impacted files 
@@             Coverage Diff             @@
##              main      #287     +/-   ##
===========================================
  Coverage   100.00%   100.00%             
===========================================
  Files           24        30      +6     
  Lines         1848      3084   +1236     
===========================================
+ Hits          1848      3084   +1236

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

dependabot bot and others added 18 commits October 13, 2025 15:41
@dependabot
Bump idna from 3.10 to 3.11
999f71e 
Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.11.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.10...v3.11)

---
updated-dependencies:
- dependency-name: idna
  dependency-version: '3.11'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump charset-normalizer from 3.4.3 to 3.4.4
3bdc2ce 
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.3 to 3.4.4.
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](jawah/charset_normalizer@3.4.3...3.4.4)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-version: 3.4.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@liquidsec
Merge pull request #288 from blacklanternsecurity/dependabot/pip/dev/…
ee66d53 
…idna-3.11

Bump idna from 3.10 to 3.11
@dependabot
Bump cryptography from 46.0.2 to 46.0.3
f6211c1 
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.2 to 46.0.3.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.2...46.0.3)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@liquidsec
Merge pull request #290 from blacklanternsecurity/dependabot/pip/dev/…
841c939 
…cryptography-46.0.3

Bump cryptography from 46.0.2 to 46.0.3
@liquidsec
Merge pull request #289 from blacklanternsecurity/dependabot/pip/dev/…
1b0b42a 
…charset-normalizer-3.4.4

Bump charset-normalizer from 3.4.3 to 3.4.4
@dependabot
Bump django from 4.2.24 to 4.2.26
814abe7 
Bumps [django](https://github.com/django/django) from 4.2.24 to 4.2.26.
- [Commits](django/django@4.2.24...4.2.26)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 4.2.26
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump certifi from 2025.10.5 to 2025.11.12
9be4ffe 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2025.10.5 to 2025.11.12.
- [Commits](certifi/python-certifi@2025.10.05...2025.11.12)

---
updated-dependencies:
- dependency-name: certifi
  dependency-version: 2025.11.12
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@liquidsec
Merge pull request #293 from blacklanternsecurity/dependabot/pip/dev/…
77bcd90 
…certifi-2025.11.12

Bump certifi from 2025.10.5 to 2025.11.12
@liquidsec
Merge branch 'dev' into dependabot/pip/django-4.2.26
8716712
@liquidsec
Merge pull request #292 from blacklanternsecurity/dependabot/pip/djan…
95c20ca 
…go-4.2.26

Bump django from 4.2.24 to 4.2.26
@dependabot
Bump asgiref from 3.10.0 to 3.11.0
be0de16 
Bumps [asgiref](https://github.com/django/asgiref) from 3.10.0 to 3.11.0.
- [Changelog](https://github.com/django/asgiref/blob/main/CHANGELOG.txt)
- [Commits](django/asgiref@3.10.0...3.11.0)

---
updated-dependencies:
- dependency-name: asgiref
  dependency-version: 3.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump cryptography from 46.0.1 to 46.0.3
69af08c 
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.1 to 46.0.3.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.1...46.0.3)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump sqlparse from 0.5.3 to 0.5.4
7fe7f71 
Bumps [sqlparse](https://github.com/andialbrecht/sqlparse) from 0.5.3 to 0.5.4.
- [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG)
- [Commits](andialbrecht/sqlparse@0.5.3...0.5.4)

---
updated-dependencies:
- dependency-name: sqlparse
  dependency-version: 0.5.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump werkzeug from 3.1.3 to 3.1.4
3807a04 
Bumps [werkzeug](https://github.com/pallets/werkzeug) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.1.3...3.1.4)

---
updated-dependencies:
- dependency-name: werkzeug
  dependency-version: 3.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@liquidsec
Merge pull request #294 from blacklanternsecurity/dependabot/pip/dev/…
f535f2e 
…asgiref-3.11.0

Bump asgiref from 3.10.0 to 3.11.0
@liquidsec
Merge pull request #295 from blacklanternsecurity/dependabot/pip/dev/…
565636c 
…cryptography-46.0.3

Bump cryptography from 46.0.1 to 46.0.3
@liquidsec
Merge pull request #296 from blacklanternsecurity/dependabot/pip/dev/…
6f283c6 
…sqlparse-0.5.4

Bump sqlparse from 0.5.3 to 0.5.4
liquidsec and others added 18 commits February 27, 2026 18:50
@liquidsec
Merge pull request #351 from blacklanternsecurity/regex-fixes
edb4e21 
Fix CodeQL regex security alerts
@liquidsec
ruff format
3e95e70
@liquidsec
Merge pull request #349 from blacklanternsecurity/dependabot/pip/dev/…
557e00d 
…pytest-9.0.2

Bump pytest from 8.4.2 to 9.0.2
@liquidsec
Fix ASPNET_Resource base64 crash and add per-module carve_locations s…
35044b1 
…coping
@liquidsec
Merge pull request #352 from blacklanternsecurity/carve-locations-and…
0e139fd 
…-resource-fix

Fix ASPNET_Resource base64 crash and add per-module carve_locations scoping
@liquidsec
Add Strapi and common tutorial JWT secrets to wordlist
aae7516
@liquidsec
Add new JSF viewstate passwords and ASP.NET machine keys
f5180dd
@liquidsec
Add new Rack secret keys including GitHub Enterprise hardcoded secret
8034042
@liquidsec
Merge pull request #353 from blacklanternsecurity/new-keys-2-26
969df1a 
New keys 2/26
@liquidsec
Add Play Framework secret keys to JWT wordlist
617c292
@liquidsec
Merge pull request #354 from blacklanternsecurity/new-keys-2-26
232161d 
Add Play Framework secret keys to JWT wordlist
@liquidsec
Add active module system with GlobalProtect default master key probe
6a9ac67
@liquidsec
Add Shiro RememberMe active module, unify --custom-secrets CLI, add -…
6fc3d67 
…-list-modules
@liquidsec
Format --list-modules output as aligned tables
8817e83
@dependabot
Bump django from 4.2.28 to 5.2.11
c859bbe 
Bumps [django](https://github.com/django/django) from 4.2.28 to 5.2.11.
- [Commits](django/django@4.2.28...5.2.11)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 5.2.11
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@liquidsec
Merge pull request #355 from blacklanternsecurity/dependabot/pip/dev/…
5c143da 
…django-5.2.11

Bump django from 4.2.28 to 5.2.11
@liquidsec
Add IBM LTPA token modules (passive + active) with 100% test coverage
90b53e5
@liquidsec
Merge pull request #356 from blacklanternsecurity/websphere-ltpa
1bb59f8 
Add IBM LTPA token detection (passive + active) and active module system
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 3, 2026
View reviewed changes
dependabot bot and others added 11 commits March 3, 2026 15:40
@dependabot
Bump django from 5.2.11 to 5.2.12
88aea82 
Bumps [django](https://github.com/django/django) from 5.2.11 to 5.2.12.
- [Commits](django/django@5.2.11...5.2.12)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 5.2.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@liquidsec
Merge pull request #357 from blacklanternsecurity/dependabot/pip/dev/…
8f8ed3b 
…django-5.2.12

Bump django from 5.2.11 to 5.2.12
@liquidsec
Fix MAC_DISABLED detection for null-padded ViewStates
0bb1b8f
@liquidsec
Merge pull request #358 from blacklanternsecurity/no-mac-fix-1
bcd2562 
Fix MAC_DISABLED detection for null-padded ViewStates
@dependabot
Bump django from 5.2.11 to 5.2.12
27fdc79 
Bumps [django](https://github.com/django/django) from 5.2.11 to 5.2.12.
- [Commits](django/django@5.2.11...5.2.12)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 5.2.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@liquidsec
Merge pull request #359 from blacklanternsecurity/dependabot/pip/dev/…
5f98274 
…django-5.2.12

Bump django from 5.2.11 to 5.2.12
@dependabot
Bump django from 4.2.24 to 4.2.29
638e320 
Bumps [django](https://github.com/django/django) from 4.2.24 to 4.2.29.
- [Commits](django/django@4.2.24...4.2.29)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 4.2.29
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@liquidsec
Merge branch 'dev' into dependabot/pip/django-4.2.29
3bb1046
@liquidsec
Merge pull request #360 from blacklanternsecurity/dependabot/pip/djan…
807c760 
…go-4.2.29

Bump django from 4.2.24 to 4.2.29
@dependabot
Bump charset-normalizer from 3.4.4 to 3.4.5
a2278a0 
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.4 to 3.4.5.
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](jawah/charset_normalizer@3.4.4...3.4.5)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-version: 3.4.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@liquidsec
Merge pull request #361 from blacklanternsecurity/dependabot/pip/dev/…
427b8ca 
…charset-normalizer-3.4.5

Bump charset-normalizer from 3.4.4 to 3.4.5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TheTechromancer TheTechromancer TheTechromancer requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@liquidsec @codecov-commenter @TheTechromancer