chore(deps): update dependency betterleaks/betterleaks to v1.6.1

[renovate]

This PR contains the following updates:

Package	Update	Change
betterleaks/betterleaks	minor	1.5.0 → 1.6.1

---

Release Notes

betterleaks/betterleaks (betterleaks/betterleaks)

v1.6.1

Compare Source

Changelog

• 28f08b4 config command (#​218)
• 228352f build: upgrade crypto to v0.53.0 (#​217)

v1.6.0

Compare Source

What's New

v1.6.0 focuses on faster startup, lower cold-scan overhead, and the migration of Betterleaks’ expression runtime from CEL to Expr.

• Replaced CEL-based filtering and validation with Expr. Existing CEL-shaped configs are still accepted for compatibility, but new configs should use Expr syntax.
• Improved cold-start performance by lazily initializing expensive runtime work (160ms -> 20ms) :
  • regex compilation
  • global finding filters
  • per-rule filters
  • validation expressions
  • cl100k_base tokenizer loading
• Added rule specificity support for more accurate generic-rule suppression.
  More specific rules now run first and can suppress lower-specificity generic matches earlier.
• Switched keyword prefiltering to github.com/RRethy/ahocorasick. (faster startup, less mem)
• Added lazy regex compilation while preserving early regex validation.
• Added --validation-debug support with safer redaction of sensitive HTTP headers.
• Reduced dependency weight by removing cel-go and related protobuf/genproto dependencies. Release binary size goes from 30MB to 22.7MB.

Note on CEL vs Expr and compatibility

When filtering and validation logic was implemented in CEL I was unaware of expr-lang. Expr provides all the bells and whistles that CEL provided but at a smaller cost. Expr is slightly faster and a much smaller dependency.

• Existing CEL-style configs remain supported through compatibility handling.
• New configs should prefer Expr syntax.
• The deprecated allowlist translation path remains available.

What's Changed

• Lazy load patterns, cl100k_base tokenizer, swap CEL for expr by @​zricethezav in #​215

Full Changelog: betterleaks/betterleaks@v1.5.0...v1.6.0

---

Configuration

📅 Schedule: (in timezone Asia/Taipei)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[Copilot]

Copilot can't review bot-authored pull requests automatically. A user with Copilot access can request a review manually.