v1.63.0

[mickgmdb]

• Fixed bug when retrieving some finding values and injecting them as TOKENS in the rule templates
• Improved Datadog rule
• Improved AWS rule

[Copilot]

Pull Request Overview

This release (v1.63.0) fixes a critical bug in how capture groups are processed when injecting tokens into rule validation templates, and improves secret detection rules for Datadog and AWS.

Key changes:

• Fixed capture group serialization to exclude the full match (group 0) when explicit captures exist, preventing duplicate or incorrect TOKEN values in validation
• Simplified Datadog rule to remove application key dependency and validate with API key only
• Removed overly restrictive character validation for AWS secret keys

Reviewed Changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
src/matcher.rs	Reworked capture serialization logic to only include explicit groups, improved entropy/safe-listing logic for secret detection
src/validation/utils.rs	Updated capture processing to filter out duplicate unnamed captures and keep only the first
src/validation.rs	Added logic to skip TOKEN dependencies in validation to prevent incorrect injection
src/validation/aws.rs	Removed restrictive character validation for AWS secret keys
src/reporter.rs	Updated to use first serialized capture (index 0) instead of fallback logic
data/rules/datadog.yml	Simplified Datadog rule by removing application key dependency
src/main.rs	Switched from mimalloc/jemalloc to system allocator
tests/*	Updated test fixtures with new GitHub PAT tokens
.github/workflows/*	Improved vcpkg cache key structure
Cargo.toml, CHANGELOG.md	Version bump to 1.63.0 with changelog entries

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Remove commented-out old implementation. Dead code should be deleted rather than left as comments since version control preserves the history.

Suggested change

	// /// Return (NAME, value, start, end) for every capture we care about.
	// ///
	// /// * If a capture has a name, use that (upper-cased)
	// /// * If it’s unnamed, fall back to `"TOKEN"`
	// pub fn process_captures(captures: &SerializableCaptures) -> Vec<(String, String, usize, usize)> {
	// captures
	// .captures
	// .iter()
	// .map(|cap| {
	// let name =
	// cap.name.as_ref().map(|n| n.to_uppercase()).unwrap_or_else(|| "TOKEN".to_string());
	// (name, cap.value.to_string(), cap.start, cap.end)
	// })
	// .collect()
	// }

[Copilot]

Duplicate #[test] attribute detected. Line 198 and 199 both contain #[test], which will cause a compilation error.

Suggested change

#[test]

[Copilot]

[nitpick] Use consistent comment style. Replace decorative slashes with standard // comments to match project style.

Suggested change

	/////////////////////////////
	// Process matches
	/////////////////////////////
	//
	// Process matches
	//

[Copilot]

Remove redundant location comment. The file path is already clear from the file itself and adds no value.

Suggested change

// in src/matcher.rs

[Copilot]

The comment states URL-safe characters are included, but standard base64 uses + and /, while URL-safe base64 uses - and _. Consider clarifying that this function now accepts both standard and URL-safe base64 alphabets.

Suggested change

	// Include URL-safe characters '-' and '_'
	// Accepts both standard base64 ('+', '/') and URL-safe base64 ('-', '_') characters.