chore(deps): update pre-commit hook mongodb/kingfisher to v1.102.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
mongodb/kingfisher	repository	minor	v1.101.0 → v1.102.0

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

mongodb/kingfisher (mongodb/kingfisher)

v1.102.0

Compare Source

• Security: hardened ASAR and in-memory archive extraction to skip traversal or absolute entry paths before writing to the temp extraction directory.
• Security: git clone provider tokens (KF_GITHUB_TOKEN, KF_GITLAB_TOKEN, KF_GITEA_TOKEN, KF_AZURE_TOKEN, KF_HUGGINGFACE_TOKEN) are now installed as host-scoped, HTTPS-only credential helpers (credential.https://<host>.helper) instead of unscoped global ones, so a malicious clone target can no longer capture them via an auth challenge. Trusted hosts derive from each provider's SaaS default plus any configured --<provider>-api-url/--azure-base-url/--endpoint, preserving GitHub Enterprise and other self-hosted flows.
• Security: --output report files are opened with O_NOFOLLOW (with a symlink pre-check on non-Unix) so a symlink planted at the report path inside a scanned repository can no longer redirect the write to truncate or overwrite an arbitrary file.
• Security: single-stream gzip/bzip2/xz/zlib decompression is now bounded by a 512 MB decompressed-byte cap, preventing a small compression bomb from exhausting disk during a scan.
• Added 3 detection and validation rules for Cognition Devin API credentials: kingfisher.devin.1 (legacy personal keys, apk_user_ prefix), kingfisher.devin.2 (legacy service keys, apk_ prefix), and kingfisher.devin.3 (v3 service-user tokens, cog_ prefix / RFC 4648 base32). Live validation uses GET /v1/sessions for apk_* keys and GET /v3/self for cog_ tokens.
• Added kingfisher scan docker --archive <image.tar> for scanning saved Docker/OCI image archives directly, including OCI-layout docker save output and compressed tar archives.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Only on Saturday (* * * * 6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[argos-ci]

The latest updates on your projects. Learn more about Argos notifications ↗︎

Build	Status	Details	Updated (UTC)
default (Inspect)	⚠️ Changes detected (Review)	8 changed	May 30, 2026, 10:32 AM

[codecov]

❌ 1 Tests Failed:

Tests completed	Failed	Passed	Skipped
8050	1	8049	798

View the top 1 failed test(s) by shortest run time

weblate.trans.tests.test_selenium.SeleniumTests::test_add_component

Stack Traces | 51.4s run time

self = <weblate.trans.tests.test_selenium.SeleniumTests testMethod=test_add_component>

    @modify_settings(INSTALLED_APPS={"append": "weblate.billing"})
    def test_add_component(self) -> None:
        """Test user adding project and component."""
        user = self.do_login()
        create_test_billing(user)
    
        # Open billing page
        self.click(htmlid="user-dropdown")
        with self.wait_for_page_load():
            self.click(htmlid="billing-button")
        self.screenshot("user-billing.png")
    
        # Click on add project
        with self.wait_for_page_load():
            self.click(self.driver.find_element(By.CLASS_NAME, "billing-add-project"))
    
        # Add project
        self.driver.find_element(By.ID, "id_name").send_keys("WeblateOrg")
        self.driver.find_element(By.ID, "id_web").send_keys("https://weblate.org/")
        self.driver.find_element(By.ID, "id_instructions").send_keys(
            "https://weblate.org/contribute/"
        )
        self.screenshot("user-add-project.png")
        with self.wait_for_page_load():
            self.driver.find_element(By.ID, "id_name").submit()
        self.screenshot("user-add-project-done.png")
        self.assertIn("WeblateOrg", self.driver.title)
    
        # Click on add component
        with self.wait_for_page_load():
            self.click(self.driver.find_element(By.ID, "list-add-button"))
    
        # Add component
        self.driver.find_element(By.ID, "id_name").send_keys("Language names")
        self.driver.find_element(By.ID, "id_repo").send_keys(
            "https://github.com/WeblateOrg/demo.git"
        )
        self.screenshot("user-add-component-init.png")
        with self.wait_for_page_load(timeout=1200):
            self.driver.find_element(By.ID, "id_name").submit()
    
        self.screenshot("user-add-component-discovery.png")
>       discovery_choice = WebDriverWait(self.driver, 30).until(
            element_to_be_clickable((By.ID, "id_discovery_1"))
        )

.../trans/tests/test_selenium.py:1434: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <selenium.webdriver.support.wait.WebDriverWait (session="d745d8fd23adc2f10fccbcea00441174")>
method = <function element_to_be_clickable.<locals>._predicate at 0x126f40880>
message = ''

    def until(self, method: Callable[[D], Literal[False] | T], message: str = "") -> T:
        """Wait until the method returns a value that is not False.
    
        Calls the method provided with the driver as an argument until the
        return value does not evaluate to ``False``.
    
        Args:
            method: A callable object that takes a WebDriver instance as an
                argument.
            message: Optional message for TimeoutException.
    
        Returns:
            The result of the last call to `method`.
    
        Raises:
            TimeoutException: If 'method' does not return a truthy value within
                the WebDriverWait object's timeout.
    
        Example:
            >>> from selenium.webdriver.common.by import By
            >>> from selenium.webdriver.support.ui import WebDriverWait
            >>> from selenium.webdriver.support import expected_conditions as EC
            >>>
            >>> # Wait until an element is visible on the page
            >>> wait = WebDriverWait(driver, 10)
            >>> element = wait.until(EC.visibility_of_element_located((By.ID, "exampleId")))
            >>> print(element.text)
        """
        screen = None
        stacktrace = None
    
        end_time = time.monotonic() + self._timeout
        while True:
            try:
                value = method(self._driver)
                if value:
                    return value
            except self._ignored_exceptions as exc:
                screen = getattr(exc, "screen", None)
                stacktrace = getattr(exc, "stacktrace", None)
            if time.monotonic() > end_time:
                break
            time.sleep(self._poll)
>       raise TimeoutException(message, screen, stacktrace)
E       selenium.common.exceptions.TimeoutException: Message: 
E       Stacktrace:
E       0   chromedriver                        0x000000010128cc40 cxxbridge1$str$ptr + 3221216
E       1   chromedriver                        0x0000000101284b1c cxxbridge1$str$ptr + 3188156
E       2   chromedriver                        0x0000000100d478f4 _RNvCsiKAbIcglKMQ_7___rustc35___rust_no_alloc_shim_is_unstable_v2 + 75152
E       3   chromedriver                        0x0000000100d8fff8 _RNvCsiKAbIcglKMQ_7___rustc35___rust_no_alloc_shim_is_unstable_v2 + 371860
E       4   chromedriver                        0x0000000100dcf6f4 _RNvCsiKAbIcglKMQ_7___rustc35___rust_no_alloc_shim_is_unstable_v2 + 631696
E       5   chromedriver                        0x0000000100d859c0 _RNvCsiKAbIcglKMQ_7___rustc35___rust_no_alloc_shim_is_unstable_v2 + 329308
E       6   chromedriver                        0x000000010124ab70 cxxbridge1$str$ptr + 2950672
E       7   chromedriver                        0x000000010124e2c8 cxxbridge1$str$ptr + 2964840
E       8   chromedriver                        0x000000010122f8a8 cxxbridge1$str$ptr + 2839368
E       9   chromedriver                        0x000000010124eb48 cxxbridge1$str$ptr + 2967016
E       10  chromedriver                        0x00000001012203d4 cxxbridge1$str$ptr + 2776692
E       11  chromedriver                        0x00000001012737ac cxxbridge1$str$ptr + 3117644
E       12  chromedriver                        0x000000010127390c cxxbridge1$str$ptr + 3117996
E       13  chromedriver                        0x0000000101284774 cxxbridge1$str$ptr + 3187220
E       14  libsystem_pthread.dylib             0x000000018475bc58 _pthread_start + 136
E       15  libsystem_pthread.dylib             0x0000000184756c1c thread_start + 8

.venv/lib/python3.14.../webdriver/support/wait.py:121: TimeoutException

To view more test analytics, go to the Test Analytics Dashboard
_{📋 Got 3 mins? Take this short survey to help us improve Test Analytics.}