False positive with new text-based `bun.lock`

[notramo]

A text-based lockfile (bun.lock) was recently added to Bun (to replace the previously used binary bun.lockb file). It can be created with bun install --save-text-lockfile. (Currently only the nightly builds have this feature.)

The plain-text file contains many checksums, and trufflehog mistakenly detects some checksums as access tokens.

This is a line from bun.lock that triggers a false positive:

    "@oxlint/linux-x64-gnu": ["@oxlint/[email protected]", "", { "os": "linux", "cpu": "x64" }, "sha512-e/KSj4fg5EFdK/bJLJjGRzaw2KZdYgr2mTt3k9HF9YIGl0UnBoX5h+q0hJ9scDTNNailT8qytvOjuiUhyJpAPA=="],

It says q0hJ9scDTNNailT8qytvOjuiUhyJpAPA (part of the checksum) is a Box access token.