build(deps): bump github.com/betterleaks/betterleaks from 1.5.0 to 1.6.0 in the go-dependencies group

[dependabot]

https://entire.io/gh/entireio/cli/trails/675

Bumps the go-dependencies group with 1 update: github.com/betterleaks/betterleaks.

Updates github.com/betterleaks/betterleaks from 1.5.0 to 1.6.0

Release notes

Sourced from github.com/betterleaks/betterleaks's releases.

v1.6.0

What's New

v1.6.0 focuses on faster startup, lower cold-scan overhead, and the migration of Betterleaks’ expression runtime from CEL to Expr.

• Replaced CEL-based filtering and validation with Expr. Existing CEL-shaped configs are still accepted for compatibility, but new configs should use Expr syntax.
• Improved cold-start performance by lazily initializing expensive runtime work (160ms -> 20ms) :
  • regex compilation
  • global finding filters
  • per-rule filters
  • validation expressions
  • cl100k_base tokenizer loading
• Added rule specificity support for more accurate generic-rule suppression. More specific rules now run first and can suppress lower-specificity generic matches earlier.
• Switched keyword prefiltering to github.com/RRethy/ahocorasick. (faster startup, less mem)
• Added lazy regex compilation while preserving early regex validation.
• Added --validation-debug support with safer redaction of sensitive HTTP headers.
• Reduced dependency weight by removing cel-go and related protobuf/genproto dependencies. Release binary size goes from 30MB to 22.7MB.

Note on CEL vs Expr and compatibility

When filtering and validation logic was implemented in CEL I was unaware of expr-lang. Expr provides all the bells and whistles that CEL provided but at a smaller cost. Expr is slightly faster and a much smaller dependency.

• Existing CEL-style configs remain supported through compatibility handling.
• New configs should prefer Expr syntax.
• The deprecated allowlist translation path remains available.

What's Changed

• Lazy load patterns, cl100k_base tokenizer, swap CEL for expr by @​zricethezav in betterleaks/betterleaks#215

Full Changelog: betterleaks/betterleaks@v1.5.0...v1.6.0

Commits

• 6475f3f Lazy load patterns, cl100k_base tokenizer, swap CEL for expr (#215)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[Soph]

1. Hold the PR and report upstream — Detector.DetectString regressed to non-concurrency-safe in 1.6.0; ask them to make compiledProgram evaluation allocate per-call (or document the new contract). Cleanest.