chore(deps): update pre-commit hook mongodb/kingfisher to v1.103.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
mongodb/kingfisher	repository	minor	v1.102.0 → v1.103.0

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

mongodb/kingfisher (mongodb/kingfisher)

v1.103.0

Compare Source

• Git clone and remote-update operations now enforce wall-clock timeouts (20 min and 10 min defaults respectively) so a single unresponsive remote cannot park a clone worker indefinitely. Configurable via KF_GIT_CLONE_TIMEOUT_SECS and KF_GIT_UPDATE_TIMEOUT_SECS.
• Deadline enforcement is now propagated through repository object indexing, commit-graph traversal, tree traversal, and blob metadata assembly, replacing the previous 100 ms polling loop with cooperative cancellation at each phase boundary.
• Bounded concurrent in-flight repo scans with a permit pool sized at 2× repo_concurrency. Without this cap, a large multi-repo scan could queue thousands of closures into rayon's unbounded work queue and exhaust memory before any scan completed. Pass -v to enable a saturation-tracker thread that logs queue depth, active scan count, and permit availability every ~15 s.
• Resilient tar archive extraction: truncated or malformed archives now yield whatever entries completed successfully instead of failing the whole archive. If no entry completed, the archive falls back to a raw-bytes scan rather than being silently skipped.
• Archive decompression failures (broken zip, asar, etc.) now fall back to scanning the file's raw bytes instead of skipping the file entirely.
• Raised the single-stream decompression cap from 512 MB to 4 GB.
• Demoted expected truncation and path-filter log events from warn to debug across tar, zip, and asar extractors to reduce noise in normal operation.
• Context verifier now stitches split assignments — where the variable name appears on one line and the value on the next — into a single candidate, so secrets assigned across two lines are no longer missed.
• Expanded string literal coverage in the context verifier: Rust raw strings (r#"..."#, br#"..."#), Python/Ruby triple-quoted strings ("""...""", '''...'''), C# interpolated-verbatim strings ($@​"...", @$"..."), and language-prefix variants (b"...", f"...", rb"...", etc.) are all now recognized and correctly stripped.
• Go backtick strings are now parsed as verbatim string literals in the context verifier.
• Hex and underscore-separated numeric literals (0xFF, 1_000_000) are now matched in assignment patterns.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Only on Saturday (* * * * 6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.