From 6bcfd6bc48ab2352b90d9448246772c4550cf763 Mon Sep 17 00:00:00 2001
From: Mick Grove <mick.grove@mongodb.com>
Date: Thu, 17 Jul 2025 14:31:09 -0700
Subject: [PATCH] upgraded cargo dependencies

---
 CHANGELOG.md            |  2 +-
 Cargo.toml              | 98 ++++++++++++++++++++---------------------
 data/rules/clarifai.yml | 38 ++++++++++++++++
 src/validation/jwt.rs   |  1 -
 4 files changed, 88 insertions(+), 51 deletions(-)
 create mode 100644 data/rules/clarifai.yml

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e0964dd..f15b21d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,7 +3,7 @@
 All notable changes to this project will be documented in this file.
 
 ## [1.22.0]
-- Added rules for Google Gemini AI, Cohere, Stability.ai, Replicate
+- Added rules for Google Gemini AI, Cohere, Stability.ai, Replicate, Runway, Clarifai
 
 ## [1.21.0]
 - Improved Azure Storage rule
diff --git a/Cargo.toml b/Cargo.toml
index c03c5ef..e7650ac 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -20,7 +20,7 @@ repository.workspace = true
 publish.workspace = true
 
 [dependencies]
-clap = { version = "4.3", features = [
+clap = { version = "4.5", features = [
     "cargo",
     "derive",
     "env",
@@ -28,7 +28,7 @@ clap = { version = "4.3", features = [
     "wrap_help",
 ] }
 anyhow = "1.0"
-bstr = { version = "1.0", features = ["serde"] }
+bstr = { version = "1.12", features = ["serde"] }
 fixedbitset = "0.5"
 gix = { version = "0.72", features = ["max-performance", "serde", "blocking-network-client"] }
 ignore = "0.4"
@@ -47,13 +47,13 @@ rayon = "1.10"
 sha1 = "0.10.6"
 hex = "0.4.3"
 vectorscan-rs = "0.0.5"
-regex = "1.10.6"
-serde_json = "1.0.128"
+regex = "1.11.1"
+serde_json = "1.0.140"
 lazy_static = "1.5.0"
-url = "2.5.2"
+url = "2.5.4"
 include_dir = { version = "0.7", features = ["glob"] }
 strum = { version = "0.26", features = ["derive"] }
-sysinfo = "0.31.2"
+sysinfo = "0.31.4"
 reqwest = { version = "0.12", default-features = false, features = [
     "json", 
     "gzip", 
@@ -67,91 +67,91 @@ reqwest = { version = "0.12", default-features = false, features = [
 ] }
 
 
-chrono = "0.4.38"
-thiserror = "1.0.63"
-tokio = { version = "1.39.2", features = ["full"] }
+chrono = "0.4.41"
+thiserror = "1.0.69"
+tokio = { version = "1.46.1", features = ["full"] }
 base64 = "0.22.1"
-crossbeam-channel = "0.5.13"
+crossbeam-channel = "0.5.15"
 indenter = "0.3.3"
 serde-sarif = "0.4"
-console = "0.15.8"
-time = "0.3.36"
-tempfile = "3.12.0"
-num_cpus = "1.16.0"
-once_cell = "1.19.0"
-http = "1.1.0"
-liquid = "0.26.4"
-liquid-core = "0.26.4"
-flate2 = "1.0.33"
+console = "0.15.11"
+time = "0.3.41"
+tempfile = "3.20.0"
+num_cpus = "1.17.0"
+once_cell = "1.21.3"
+http = "1.3.1"
+liquid = "0.26.11"
+liquid-core = "0.26.11"
+flate2 = "1.1.2"
 brotli = "6.0.0"
 thousands = "0.2.0"
 base32 = "0.5.1"
 crossbeam-skiplist = "0.1.3"
 tokio-postgres = { version = "0.7", default-features = false, features = ["runtime"] }
 mongodb = { version = "3.2", default-features = false, features = ["rustls-tls", "aws-auth", "compat-3-0-0", "dns-resolver"] }
-bson = "2.13.0"
-ring = "0.17.8"
-pem = "3.0.4"
-aws-config = "1.5.10"
-aws-credential-types = "1.2.1"
-aws-sdk-sts = "1.21.0"
-aws-types = "1.3.3"
+bson = "2.15.0"
+ring = "0.17.14"
+pem = "3.0.5"
+aws-config = "1.8.2"
+aws-credential-types = "1.2.4"
+aws-sdk-sts = "1.73.0"
+aws-types = "1.3.7"
 byteorder = "1.5.0"
-parking_lot = "0.12.3"
+parking_lot = "0.12.4"
 octorust =  "0.9.0"
-reqwest-middleware = "0.4.1"
+reqwest-middleware = "0.4.2"
 tracing-subscriber = {version = "0.3.19", features = ["env-filter"] }
-tracing-core = "0.1.33"
-tree-sitter = "0.24.4"
+tracing-core = "0.1.34"
+tree-sitter = "0.24.7"
 tree-sitter-bash = "0.23.3"
-tree-sitter-c = "0.23.2"
+tree-sitter-c = "0.23.4"
 tree-sitter-c-sharp = "0.23.1"
 tree-sitter-cpp = "0.23.4"
-tree-sitter-css = "0.23.1"
+tree-sitter-css = "0.23.2"
 tree-sitter-go = "0.23.4"
 tree-sitter-html = "0.23.2"
-tree-sitter-java = "0.23.4"
+tree-sitter-java = "0.23.5"
 tree-sitter-javascript = "0.23.1"
 tree-sitter-php = "0.23.11"
-tree-sitter-python = "0.23.4"
+tree-sitter-python = "0.23.6"
 tree-sitter-ruby = "0.23.1"
-tree-sitter-rust = "0.23.2"
+tree-sitter-rust = "0.23.3"
 tree-sitter-toml-ng = "0.7.0"
 tree-sitter-typescript = "0.23.2"
 tree-sitter-yaml = "0.6.1"
 streaming-iterator = "0.1.9"
 tree-sitter-regex = "0.24.3"
 content_inspector = "0.2.4"
-rustc-hash = "2.1.0"
+rustc-hash = "2.1.1"
 term_size = "0.3.2"
-bzip2 = "0.5.0"
-zip = "2.2.2"
-tar = "0.4.43"
+bzip2 = "0.5.2"
+zip = "2.4.2"
+tar = "0.4.44"
 xz2 = "0.1.7"
 asar = "0.3.0"
-blake3 = "1.5.5"
-memmap2 = "0.9.5"
+blake3 = "1.8.2"
+memmap2 = "0.9.7"
 futures = "0.3.31"
 dashmap = "6.1.0"
 xxhash-rust = { version = "0.8.15", features = ["xxh3", "const_xxh3"] }
 serde_yaml = "0.9.34"
 hmac = "0.12.1"
-sha2 = "0.10.8"
+sha2 = "0.10.9"
 strum_macros = "0.27.1"
 humantime = "2.2.0"
 path-dedot = "3.1.1"
 quick-xml = {version = "0.37.5", features = ["serde","serialize"] }
-rustls = "0.23.26"
+rustls = "0.23.29"
 tokio-postgres-rustls = "0.13.0"
 rustls-native-certs = "0.8.1"
 predicates = "3.1.3"
 assert_cmd = "2.0.17"
-proptest = "1.6.0"
+proptest = "1.7.0"
 color-backtrace = "0.7.0"
 gitlab = "0.1711.0"
-mimalloc = {version = "0.1.46", features = ["override"]}
-thread_local = "1.1.8"
-crc32fast = "1.4.2"
+mimalloc = {version = "0.1.47", features = ["override"]}
+thread_local = "1.1.9"
+crc32fast = "1.5.0"
 bloomfilter = "3.0.1"
 uuid = "1.17.0"
 urlencoding = "2.1.3"
@@ -177,9 +177,9 @@ use-jemalloc  = ["tikv-jemallocator"]
 system-alloc  = []                # forces System allocator
 
 [dev-dependencies]
-pretty_assertions = "1.3"
+pretty_assertions = "1.4"
 temp-env = "0.3.6"
-wiremock = "0.6.2"
+wiremock = "0.6.4"
 git2 = "0.20.2"
 rand_chacha = "0.9.0"
 
diff --git a/data/rules/clarifai.yml b/data/rules/clarifai.yml
new file mode 100644
index 0000000..e3f7167
--- /dev/null
+++ b/data/rules/clarifai.yml
@@ -0,0 +1,38 @@
+rules:
+  - name: Clarifai API Key
+    id: kingfisher.clarifai.1
+    pattern: |
+      (?xi)             
+      \b
+      clarifai
+      (?:.|[\n\r]){0,32}?
+      \b
+      (                  
+        [0-9a-f]{32,36}
+      )
+      \b
+    min_entropy: 3.0
+    confidence: medium
+    examples:
+      - clarifai_key = 29ee853d47364107b9edf5e5ad4374c2
+      - "clarifai_token: eb3cf5440b7b45f8954bb4a1fcea0ea5"
+      - clarifai-secret = 8e43e018f61b493c8104024ee124a57f
+      - clarifai_api = cf3cacafabe747988298298bffcbb459
+    references:
+      - https://docs.gitguardian.com/secrets-detection/secrets-detection-engine/detectors/specifics/clarifai_key
+      - https://docs.clarifai.com/control/authentication/key/ 
+    validation:
+      type: Http
+      content:
+        request:
+          method: GET
+          url: https://api.clarifai.com/v2/models
+          headers:
+            Authorization: Key {{ TOKEN }}
+          response_matcher:
+            - report_response: true
+            - type: WordMatch
+              match_all_words: true
+              words:
+                - '"models"'
+                - '"status"'
diff --git a/src/validation/jwt.rs b/src/validation/jwt.rs
index 6449fd2..59cac9d 100644
--- a/src/validation/jwt.rs
+++ b/src/validation/jwt.rs
@@ -185,7 +185,6 @@ fn is_blocked_ip(ip: std::net::IpAddr) -> bool {
 mod tests {
     use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine as _};
     use chrono::{Duration as ChronoDuration, Utc};
-    use reqwest::Client;
 
     use super::validate_jwt;