chore(deps): update pre-commit hook mongodb/kingfisher to v1.78.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
mongodb/kingfisher	repository	minor	v1.77.0 → v1.78.0

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

mongodb/kingfisher (mongodb/kingfisher)

v1.78.0

Compare Source

• Added "Skipped Validations" counter to scan summary output to distinguish between validations that failed (HTTP errors, connection failures) and validations that were skipped due to missing preconditions (e.g., missing dependent rules). This provides better visibility into validation coverage for large scans.
• Improved error messages for kingfisher validate command when rules require dependent variables from depends_on sections. Now clearly explains which variables are needed and from which dependent rules they are normally captured.
• Fixed validate_command and revoke_command generation in scan output to include all required --var arguments for rules with depends_on sections (e.g., PubNub, Azure Storage). Commands now include dependent variables like --var SUBSCRIPTIONTOKEN=<value> or --var AZURENAME=<value>.
• Updated Azure Storage validation to use AZURENAME variable (matching the depends_on_rule configuration) with STORAGE_ACCOUNT maintained as a backward-compatible alias.
• Added internal dependent_captures field to match records to preserve variables from dependent rules through the validation pipeline for accurate command generation.
• Added --tls-mode <strict|lax|off> global flag to control TLS certificate validation behavior during credential validation:
  • strict (default): Full WebPKI certificate validation with trusted CA chains, hostname verification, and expiration checks
  • lax: Accept self-signed or unknown CA certificates, useful for database connections (PostgreSQL, MySQL, MongoDB) and services using private CAs (e.g., Amazon RDS)
  • off: Disable all TLS validation (equivalent to legacy --ignore-certs)
• Added rule-level tls_mode field allowing individual rules to opt into relaxed TLS validation when appropriate. Rules for PostgreSQL, MySQL, MongoDB, JDBC, and JWT now include tls_mode: lax by default.
• The --ignore-certs flag remains supported as a deprecated alias for --tls-mode=off for backward compatibility.
• Updated documentation to explain TLS validation modes and their security implications.
• Added comprehensive test coverage for TLS mode functionality including unit tests, integration tests, and rule configuration verification.
• Fixed deprecated commit stage name in .pre-commit-hooks.yaml to use pre-commit stage name, eliminating pre-commit framework warnings.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.