Bumps the npm_and_yarn group with 2 updates in the /webui directory:
[tmp](https://github.com/raszi/node-tmp) and
[inquirer](https://github.com/SBoudrias/Inquirer.js).

Removes `tmp`

Updates `inquirer` from 8.2.4 to 8.2.7
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/SBoudrias/Inquirer.js/commit/9c5259a889d37205829c2255171ef74c6336f7f3"><code>9c5259a</code></a>
Publish</li>
<li><a
href="https://github.com/SBoudrias/Inquirer.js/commit/e26d21369ae229fe7cab4c6678fb4718fb7758b7"><code>e26d213</code></a>
fix: Replace external-editor to remove CVE</li>
<li><a
href="https://github.com/SBoudrias/Inquirer.js/commit/30ec0483de28849e56bd6b9b61daaabf8edea16f"><code>30ec048</code></a>
Publish</li>
<li><a
href="https://github.com/SBoudrias/Inquirer.js/commit/728536ab46d7b33189771bf86ebffff373f24a2a"><code>728536a</code></a>
Fix coverage on clean clone</li>
<li><a
href="https://github.com/SBoudrias/Inquirer.js/commit/516a318067c75ea971e37d621f328e18713ccc04"><code>516a318</code></a>
Downgrade wrap-ansi</li>
<li><a
href="https://github.com/SBoudrias/Inquirer.js/commit/7a2ade6cf6a3d987f4138c0426493460f6b2515f"><code>7a2ade6</code></a>
Publish</li>
<li><a
href="https://github.com/SBoudrias/Inquirer.js/commit/42e9f9164474c17d830c77c0b37f68b3bda18699"><code>42e9f91</code></a>
Fix coverage reporting?</li>
<li><a
href="https://github.com/SBoudrias/Inquirer.js/commit/d53072cfc0d61bb2b6f8b129decd9a94434164a8"><code>d53072c</code></a>
Legacy fix default clearing on input (<a
href="https://redirect.github.com/SBoudrias/Inquirer.js/issues/1177">#1177</a>)</li>
<li><a
href="https://github.com/SBoudrias/Inquirer.js/commit/b41b8982c665f1960b99c88cb21bbb98fe5d5ae8"><code>b41b898</code></a>
Clean branch to make it work with v8 (last common.js release
branch)</li>
<li>See full diff in <a
href="https://github.com/SBoudrias/Inquirer.js/compare/inquirer@8.2.4...inquirer@8.2.7">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/git-bug/git-bug/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the go_modules group with 1 update in the / directory:
[github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure).

Updates `github.com/go-viper/mapstructure/v2` from 2.3.0 to 2.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-viper/mapstructure/releases">github.com/go-viper/mapstructure/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>refactor: replace interface{} with any by <a
href="https://github.com/sagikazarmark"><code>@​sagikazarmark</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/115">go-viper/mapstructure#115</a></li>
<li>build(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/114">go-viper/mapstructure#114</a></li>
<li>Generic tests by <a
href="https://github.com/sagikazarmark"><code>@​sagikazarmark</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/118">go-viper/mapstructure#118</a></li>
<li>Fix godoc reference link in README.md by <a
href="https://github.com/peczenyj"><code>@​peczenyj</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/107">go-viper/mapstructure#107</a></li>
<li>feat: add StringToTimeLocationHookFunc to convert strings to
*time.Location by <a
href="https://github.com/ErfanMomeniii"><code>@​ErfanMomeniii</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/117">go-viper/mapstructure#117</a></li>
<li>feat: add back previous StringToSlice as a weak function by <a
href="https://github.com/sagikazarmark"><code>@​sagikazarmark</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/119">go-viper/mapstructure#119</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/ErfanMomeniii"><code>@​ErfanMomeniii</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/117">go-viper/mapstructure#117</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0">https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/go-viper/mapstructure/commit/b9794a5f0e73d425210d6614ed833067029155f5"><code>b9794a5</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/119">#119</a>
from go-viper/string-to-weak-slice</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/17cdcb0741054e2a33938adf6bd1f2a5c0aa8f30"><code>17cdcb0</code></a>
feat: add back previous StringToSlice as a weak function</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/3caca3614c3ab2c5b5d359c44fdcd72058887b19"><code>3caca36</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/117">#117</a>
from ErfanMomeniii/main</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/9a861bc115f2b54ed4e494662f29c172d9ef046a"><code>9a861bc</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/107">#107</a>
from peczenyj/patch-2</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/86ed5b59da0615fb8c3a413f401cdf0231f1234c"><code>86ed5b5</code></a>
refactor: update</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/ace5b4e8b3dec99468ffa9498e42fb09d177b0a6"><code>ace5b4e</code></a>
chore: add interface any linter</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/1a4f1aef38bfa8549762aaf42c7c18a5d268e76e"><code>1a4f1ae</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/118">#118</a>
from go-viper/generic-tests</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/a2689090ed4348033c36724d866faf1f911a9f63"><code>a268909</code></a>
fix: lint</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/17f1fd44eb7606b109c9bb017c0a1c6d3e93b5cd"><code>17f1fd4</code></a>
test: add more comments</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/b48c8566836bf291bfee2b217d51fc36e8e61f6f"><code>b48c856</code></a>
test: expand tests</li>
<li>Additional commits viewable in <a
href="https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-viper/mapstructure/v2&package-manager=go_modules&previous-version=2.3.0&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/git-bug/git-bug/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the go_modules group with 1 update in the / directory:
[golang.org/x/oauth2](https://github.com/golang/oauth2).

Updates `golang.org/x/oauth2` from 0.22.0 to 0.27.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/oauth2/commit/681b4d8edca1bcfea5bce685d77ea7b82ed3e7b3"><code>681b4d8</code></a>
jws: split token into fixed number of parts</li>
<li><a
href="https://github.com/golang/oauth2/commit/3f78298beea38fb76a3fbca33e3056f4b7eb5502"><code>3f78298</code></a>
all: upgrade go directive to at least 1.23.0 [generated]</li>
<li><a
href="https://github.com/golang/oauth2/commit/109dabf9017129171d1807e485ca5633ecd095ac"><code>109dabf</code></a>
endpoints: add links/provider for Discord</li>
<li><a
href="https://github.com/golang/oauth2/commit/ac571fa341c2a2b979d2b2c8341fd24767ef5d47"><code>ac571fa</code></a>
oauth2: fix docs for Config.DeviceAuth</li>
<li><a
href="https://github.com/golang/oauth2/commit/314ee5b92bf23c4973aa8e61eba3ff458e80eef2"><code>314ee5b</code></a>
endpoints: add patreon endpoint</li>
<li><a
href="https://github.com/golang/oauth2/commit/b9c813be7d0ec3262d46deb8677ba5cda93d95ec"><code>b9c813b</code></a>
google: add warning about externally-provided credentials</li>
<li><a
href="https://github.com/golang/oauth2/commit/49a531d12a9ad6fa9f5a070d577ac752ada772c9"><code>49a531d</code></a>
all: make method and struct comments match the names</li>
<li><a
href="https://github.com/golang/oauth2/commit/22134a41033e44c2cd074106770ab5b7ca910d15"><code>22134a4</code></a>
README: don't recommend go get</li>
<li><a
href="https://github.com/golang/oauth2/commit/3e6480915d39dd1a80fa460e56413857f02cc1b9"><code>3e64809</code></a>
x/oauth2: add Token.ExpiresIn</li>
<li><a
href="https://github.com/golang/oauth2/commit/16a9973a41c72ea3e252e9c14be34fcaa2928211"><code>16a9973</code></a>
jwt: rename example to avoid vet error</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/oauth2/compare/v0.22.0...v0.27.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/oauth2&package-manager=go_modules&previous-version=0.22.0&new-version=0.27.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/git-bug/git-bug/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the npm_and_yarn group with 1 update in the /webui directory:
[form-data](https://github.com/form-data/form-data).

Updates `form-data` from 3.0.1 to 3.0.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/form-data/form-data/releases">form-data's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.2</h2>
<h3>Fixes</h3>
<ul>
<li>npmignore temporary build files (<a
href="https://redirect.github.com/form-data/form-data/issues/532">#532</a>)</li>
<li>move util.isArray to Array.isArray (<a
href="https://redirect.github.com/form-data/form-data/issues/564">#564</a>)</li>
</ul>
<h3>Tests</h3>
<ul>
<li>migrate from travis to GHA</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/form-data/form-data/blob/v3.0.4/CHANGELOG.md">form-data's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/form-data/form-data/compare/v3.0.3...v3.0.4">v3.0.4</a>
- 2025-07-16</h2>
<h3>Fixed</h3>
<ul>
<li>[Fix] <code>append</code>: avoid a crash on nullish values <a
href="https://redirect.github.com/form-data/form-data/issues/577"><code>[#577](https://github.com/form-data/form-data/issues/577)</code></a></li>
</ul>
<h3>Commits</h3>
<ul>
<li>[eslint] update linting config <a
href="https://github.com/form-data/form-data/commit/f5e7eb024bc3fc7e2074ff80f143a4f4cbc1dbda"><code>f5e7eb0</code></a></li>
<li>[meta] add <code>auto-changelog</code> <a
href="https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5"><code>d2eb290</code></a></li>
<li>[Tests] handle predict-v8-randomness failures in node &lt; 17 and
node &gt; 23 <a
href="https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f"><code>e8c574c</code></a></li>
<li>[Fix] Switch to using <code>crypto</code> random for boundary values
<a
href="https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd"><code>c6ced61</code></a></li>
<li>[Refactor] use <code>hasown</code> <a
href="https://github.com/form-data/form-data/commit/1a78b5dd05e508d67e97764d812ac7c6d92ea88d"><code>1a78b5d</code></a></li>
<li>[Fix] validate boundary type in <code>setBoundary()</code> method <a
href="https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4"><code>70bbaa0</code></a></li>
<li>[Tests] add tests to check the behavior of <code>getBoundary</code>
with non-strings <a
href="https://github.com/form-data/form-data/commit/b22a64ef94ba4f3f6ff7d1ac72a54cca128567df"><code>b22a64e</code></a></li>
<li>[meta] actually ensure the readme backup isn’t published <a
href="https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea"><code>0150851</code></a></li>
<li>[meta] remove local commit hooks <a
href="https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769"><code>fc42bb9</code></a></li>
<li>[Dev Deps] remove unused deps <a
href="https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb"><code>a14d09e</code></a></li>
<li>[meta] fix scripts to use prepublishOnly <a
href="https://github.com/form-data/form-data/commit/11d9f7338f18a59b431832a3562b49baece0a432"><code>11d9f73</code></a></li>
<li>[meta] fix readme capitalization <a
href="https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932"><code>fc38b48</code></a></li>
</ul>
<h2><a
href="https://github.com/form-data/form-data/compare/v3.0.2...v3.0.3">v3.0.3</a>
- 2025-02-14</h2>
<h3>Merged</h3>
<ul>
<li>[Fix] set <code>Symbol.toStringTag</code> when available <a
href="https://redirect.github.com/form-data/form-data/pull/573"><code>[#573](https://github.com/form-data/form-data/issues/573)</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>[Fix] set <code>Symbol.toStringTag</code> when available (<a
href="https://redirect.github.com/form-data/form-data/issues/573">#573</a>)
<a
href="https://redirect.github.com/form-data/form-data/issues/396"><code>[#396](https://github.com/form-data/form-data/issues/396)</code></a></li>
</ul>
<h3>Commits</h3>
<ul>
<li>[Refactor] use <code>Object.prototype.hasOwnProperty.call</code> <a
href="https://github.com/form-data/form-data/commit/7fecefe4ba8f775634aff86a698776ad95ecffb5"><code>7fecefe</code></a></li>
<li>[Dev Deps] update <code>@types/node</code>, <code>browserify</code>,
<code>coveralls</code>, <code>cross-spawn</code>, <code>eslint</code>,
<code>formidable</code>, <code>in-publish</code>, <code>pkgfiles</code>,
<code>pre-commit</code>, <code>puppeteer</code>, <code>request</code>,
<code>tape</code>, <code>typescript</code> <a
href="https://github.com/form-data/form-data/commit/8261fcb8bf5944d30ae3bd04b91b71d6a9932ef4"><code>8261fcb</code></a></li>
<li>Only apps should have lockfiles <a
href="https://github.com/form-data/form-data/commit/b82f59093cdbadb4b7ec0922d33ae7ab048b82ff"><code>b82f590</code></a></li>
<li>[Dev Deps] pin <code>request</code> which via
<code>tough-cookie</code> ^2.4 depends on <code>psl</code> <a
href="https://github.com/form-data/form-data/commit/e5df7f24383342264bd73dee3274818a40d04065"><code>e5df7f2</code></a></li>
<li>[Deps] update <code>mime-types</code> <a
href="https://github.com/form-data/form-data/commit/5a5bafee894fead10da49e1fa2b084e17f2e1034"><code>5a5bafe</code></a></li>
</ul>
<h2><a
href="https://github.com/form-data/form-data/compare/v3.0.1...v3.0.2">v3.0.2</a>
- 2024-10-10</h2>
<h3>Merged</h3>
<ul>
<li>fix (npmignore): ignore temporary build files <a
href="https://redirect.github.com/form-data/form-data/pull/532"><code>[#532](https://github.com/form-data/form-data/issues/532)</code></a></li>
</ul>
<h3>Commits</h3>
<ul>
<li>[Tests] migrate from travis to GHA <a
href="https://github.com/form-data/form-data/commit/8fdb3bc6b5d001f8909a9fca391d1d1d97ef1d79"><code>8fdb3bc</code></a></li>
<li>[eslint] clean up ignores <a
href="https://github.com/form-data/form-data/commit/3217b3ded8e382e51171d5c74c6038a21cc54440"><code>3217b3d</code></a></li>
<li>fix: move util.isArray to Array.isArray (<a
href="https://redirect.github.com/form-data/form-data/issues/564">#564</a>)
<a
href="https://github.com/form-data/form-data/commit/edb555a811f6f7e4668db4831551cf41c1de1cac"><code>edb555a</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/form-data/form-data/commit/9c82fcdf0858b2764060a87803a55375ffbee6ed"><code>9c82fcd</code></a>
v3.0.4</li>
<li><a
href="https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f"><code>e8c574c</code></a>
[Tests] handle predict-v8-randomness failures in node &lt; 17 and node
&gt; 23</li>
<li><a
href="https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd"><code>c6ced61</code></a>
[Fix] Switch to using <code>crypto</code> random for boundary
values</li>
<li><a
href="https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea"><code>0150851</code></a>
[meta] actually ensure the readme backup isn’t published</li>
<li><a
href="https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932"><code>fc38b48</code></a>
[meta] fix readme capitalization</li>
<li><a
href="https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5"><code>d2eb290</code></a>
[meta] add <code>auto-changelog</code></li>
<li><a
href="https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769"><code>fc42bb9</code></a>
[meta] remove local commit hooks</li>
<li><a
href="https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb"><code>a14d09e</code></a>
[Dev Deps] remove unused deps</li>
<li><a
href="https://github.com/form-data/form-data/commit/002b9b0c4862576305292ac44f7be25ec7ccea0e"><code>002b9b0</code></a>
[Fix] <code>append</code>: avoid a crash on nullish values</li>
<li><a
href="https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4"><code>70bbaa0</code></a>
[Fix] validate boundary type in <code>setBoundary()</code> method</li>
<li>Additional commits viewable in <a
href="https://github.com/form-data/form-data/compare/v3.0.1...v3.0.4">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~ljharb">ljharb</a>, a new releaser for
form-data since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=form-data&package-manager=npm_and_yarn&previous-version=3.0.1&new-version=3.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/git-bug/git-bug/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the npm_and_yarn group with 2 updates in the /webui directory:
[on-headers](https://github.com/jshttp/on-headers) and
[compression](https://github.com/expressjs/compression).

Updates `on-headers` from 1.0.2 to 1.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jshttp/on-headers/releases">on-headers's
releases</a>.</em></p>
<blockquote>
<h2>1.1.0</h2>
<h2>Important</h2>
<ul>
<li>Fix <a
href="https://www.cve.org/CVERecord?id=CVE-2025-7339">CVE-2025-7339</a>
(<a
href="https://github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q">GHSA-76c9-3jph-rj3q</a>)</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Migrate CI pipeline to GitHub actions by <a
href="https://github.com/carpasse"><code>@​carpasse</code></a> in <a
href="https://redirect.github.com/jshttp/on-headers/pull/12">jshttp/on-headers#12</a></li>
<li>fix README.md badges by <a
href="https://github.com/carpasse"><code>@​carpasse</code></a> in <a
href="https://redirect.github.com/jshttp/on-headers/pull/13">jshttp/on-headers#13</a></li>
<li>add OSSF scorecard action by <a
href="https://github.com/carpasse"><code>@​carpasse</code></a> in <a
href="https://redirect.github.com/jshttp/on-headers/pull/14">jshttp/on-headers#14</a></li>
<li>fix: use <code>ubuntu-latest</code> as ci runner by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/jshttp/on-headers/pull/19">jshttp/on-headers#19</a></li>
<li>ci: apply OSSF Scorecard security best practices by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/jshttp/on-headers/pull/20">jshttp/on-headers#20</a></li>
<li>👷 add upstream change detection by <a
href="https://github.com/ctcpip"><code>@​ctcpip</code></a> in <a
href="https://redirect.github.com/jshttp/on-headers/pull/31">jshttp/on-headers#31</a></li>
<li>✨ add script to update known hashes by <a
href="https://github.com/ctcpip"><code>@​ctcpip</code></a> in <a
href="https://redirect.github.com/jshttp/on-headers/pull/32">jshttp/on-headers#32</a></li>
<li>💚 update CI - add newer node versions by <a
href="https://github.com/ctcpip"><code>@​ctcpip</code></a> in <a
href="https://redirect.github.com/jshttp/on-headers/pull/33">jshttp/on-headers#33</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/carpasse"><code>@​carpasse</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/on-headers/pull/12">jshttp/on-headers#12</a></li>
<li><a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/on-headers/pull/19">jshttp/on-headers#19</a></li>
<li><a href="https://github.com/ctcpip"><code>@​ctcpip</code></a> made
their first contribution in <a
href="https://redirect.github.com/jshttp/on-headers/pull/31">jshttp/on-headers#31</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0">https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jshttp/on-headers/blob/master/HISTORY.md">on-headers's
changelog</a>.</em></p>
<blockquote>
<h1>1.1.0 / 2025-07-17</h1>
<ul>
<li>Fix <a
href="https://www.cve.org/CVERecord?id=CVE-2025-7339">CVE-2025-7339</a>
(<a
href="https://github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q">GHSA-76c9-3jph-rj3q</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/jshttp/on-headers/commit/4b017af88f5375bbdf3ad2ee732d2c122e4f52b0"><code>4b017af</code></a>
1.1.0</li>
<li><a
href="https://github.com/jshttp/on-headers/commit/b636f2d08e6c1e0a784b53a13cd61e05c09bb118"><code>b636f2d</code></a>
♻️ refactor header array code</li>
<li><a
href="https://github.com/jshttp/on-headers/commit/3e2c2d46c3e9592f6a1c3a3a1dbe622401f95d39"><code>3e2c2d4</code></a>
✨ ignore falsy header keys, matching node behavior</li>
<li><a
href="https://github.com/jshttp/on-headers/commit/172eb41b99a5a290b27a2c43fe602ca33aa1c8ce"><code>172eb41</code></a>
✨ support duplicate headers</li>
<li><a
href="https://github.com/jshttp/on-headers/commit/c6e384908c9c6127d18831d16ab0bd96e1231867"><code>c6e3849</code></a>
🔒️ fix array handling</li>
<li><a
href="https://github.com/jshttp/on-headers/commit/6893518341bb4e5363285df086b3158302d3b216"><code>6893518</code></a>
💚 update CI - add newer node versions</li>
<li><a
href="https://github.com/jshttp/on-headers/commit/56a345d82b51a0dcb8d09f061f87b1fd1dc4c01e"><code>56a345d</code></a>
✨ add script to update known hashes</li>
<li><a
href="https://github.com/jshttp/on-headers/commit/175ab217155d525371a5416ff059f895a3a532a6"><code>175ab21</code></a>
👷 add upstream change detection (<a
href="https://redirect.github.com/jshttp/on-headers/issues/31">#31</a>)</li>
<li><a
href="https://github.com/jshttp/on-headers/commit/ce0b2c8fcd313d38d3534fb731050dc16e105bf6"><code>ce0b2c8</code></a>
ci: apply OSSF Scorecard security best practices (<a
href="https://redirect.github.com/jshttp/on-headers/issues/20">#20</a>)</li>
<li><a
href="https://github.com/jshttp/on-headers/commit/1a38c543e75cd06217b449531de10b1758e35299"><code>1a38c54</code></a>
fix: use <code>ubuntu-latest</code> as ci runner (<a
href="https://redirect.github.com/jshttp/on-headers/issues/19">#19</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~ulisesgascon">ulisesgascon</a>, a new
releaser for on-headers since your current version.</p>
</details>
<br />

Updates `compression` from 1.7.4 to 1.8.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/compression/releases">compression's
releases</a>.</em></p>
<blockquote>
<h2>v1.8.1</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(docs): update multiple links from http to https by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/compression/pull/222">expressjs/compression#222</a></li>
<li>ci: add dependabot for github actions by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/compression/pull/207">expressjs/compression#207</a></li>
<li>build(deps): bump github/codeql-action from 2.23.2 to 3.28.15 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/compression/pull/228">expressjs/compression#228</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.3.1 to 2.4.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/compression/pull/229">expressjs/compression#229</a></li>
<li>build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.31.0 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/compression/pull/230">expressjs/compression#230</a></li>
<li>build(deps-dev): bump supertest from 6.2.3 to 6.3.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/compression/pull/231">expressjs/compression#231</a></li>
<li>[StepSecurity] ci: Harden GitHub Actions by <a
href="https://github.com/step-security-bot"><code>@​step-security-bot</code></a>
in <a
href="https://redirect.github.com/expressjs/compression/pull/235">expressjs/compression#235</a></li>
<li>build(deps): bump github/codeql-action from 3.28.15 to 3.29.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/compression/pull/243">expressjs/compression#243</a></li>
<li>build(deps): bump actions/upload-artifact from 4.3.1 to 4.6.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/compression/pull/239">expressjs/compression#239</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/compression/pull/240">expressjs/compression#240</a></li>
<li>build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/compression/pull/241">expressjs/compression#241</a></li>
<li>build(deps-dev): bump eslint-plugin-import from 2.31.0 to 2.32.0 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/compression/pull/244">expressjs/compression#244</a></li>
<li>deps: on-headers@1.1.0 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/compression/pull/246">expressjs/compression#246</a></li>
<li>Release: 1.8.1 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/compression/pull/247">expressjs/compression#247</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
made their first contribution in <a
href="https://redirect.github.com/expressjs/compression/pull/228">expressjs/compression#228</a></li>
<li><a
href="https://github.com/step-security-bot"><code>@​step-security-bot</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/compression/pull/235">expressjs/compression#235</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/compression/compare/1.8.0...v1.8.1">https://github.com/expressjs/compression/compare/1.8.0...v1.8.1</a></p>
<h2>v1.8.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Refactor chunkLength function for improved readability and
consistency by <a
href="https://github.com/Ayoub-Mabrouk"><code>@​Ayoub-Mabrouk</code></a>
in <a
href="https://redirect.github.com/expressjs/compression/pull/203">expressjs/compression#203</a></li>
<li>Refactor toBuffer function to simplify buffer check logic by <a
href="https://github.com/Ayoub-Mabrouk"><code>@​Ayoub-Mabrouk</code></a>
in <a
href="https://redirect.github.com/expressjs/compression/pull/201">expressjs/compression#201</a></li>
<li>ci: add CodeQL (SAST) by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/compression/pull/204">expressjs/compression#204</a></li>
<li>Use headersSent instead of _header by <a
href="https://github.com/maritz"><code>@​maritz</code></a> in <a
href="https://redirect.github.com/expressjs/compression/pull/129">expressjs/compression#129</a></li>
<li>Bugfix/use write head instead of implicit header by <a
href="https://github.com/Icehunter"><code>@​Icehunter</code></a> in <a
href="https://redirect.github.com/expressjs/compression/pull/170">expressjs/compression#170</a></li>
<li>feat: add default option by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/compression/pull/191">expressjs/compression#191</a></li>
<li>ci: update ci workflow by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/compression/pull/206">expressjs/compression#206</a></li>
<li>feat: support for brotli by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/compression/pull/194">expressjs/compression#194</a></li>
<li>docs: improve readme by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/compression/pull/209">expressjs/compression#209</a></li>
<li>docs: keywords field by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/compression/pull/210">expressjs/compression#210</a></li>
<li>refactor: simplify encoding negotiation logic by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/compression/pull/213">expressjs/compression#213</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/Ayoub-Mabrouk"><code>@​Ayoub-Mabrouk</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/compression/pull/203">expressjs/compression#203</a></li>
<li><a href="https://github.com/maritz"><code>@​maritz</code></a> made
their first contribution in <a
href="https://redirect.github.com/expressjs/compression/pull/129">expressjs/compression#129</a></li>
<li><a href="https://github.com/Icehunter"><code>@​Icehunter</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/compression/pull/170">expressjs/compression#170</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/compression/compare/1.7.5...v1.8.0">https://github.com/expressjs/compression/compare/1.7.5...v1.8.0</a></p>
<h2>1.7.5</h2>
<h2>What's Changed</h2>
<ul>
<li>chore: add support for OSSF scorecard reporting by <a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/compression/pull/186">expressjs/compression#186</a></li>
<li>ci: fix errors in ci github action for node 8 and 9 by <a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/compression/pull/187">expressjs/compression#187</a></li>
<li>docs: fix spelling by <a
href="https://github.com/dijonkitchen"><code>@​dijonkitchen</code></a>
in <a
href="https://redirect.github.com/expressjs/compression/pull/174">expressjs/compression#174</a></li>
<li>deps: bytes@3.1.2 by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/compression/pull/192">expressjs/compression#192</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/compression/blob/master/HISTORY.md">compression's
changelog</a>.</em></p>
<blockquote>
<h1>1.8.1 / 2025-07-17</h1>
<ul>
<li>deps: on-headers@~1.1.0
<ul>
<li>Fix <a
href="https://www.cve.org/CVERecord?id=CVE-2025-7339">CVE-2025-7339</a>
(<a
href="https://github.com/expressjs/on-headers/security/advisories/GHSA-76c9-3jph-rj3q">GHSA-76c9-3jph-rj3q</a>)</li>
</ul>
</li>
</ul>
<h1>1.8.0 / 2025-02-10</h1>
<ul>
<li>Use <code>res.headersSent</code> when available</li>
<li>Replace <code>_implicitHeader</code> with <code>writeHead</code>
property</li>
<li>add brotli support for versions of node that support it</li>
<li>Add the enforceEncoding option for requests without
<code>Accept-Encoding</code> header</li>
</ul>
<h1>1.7.5 / 2024-10-31</h1>
<ul>
<li>deps: Replace accepts with negotiator@~0.6.4
<ul>
<li>Add preference option</li>
</ul>
</li>
<li>deps: bytes@3.1.2
<ul>
<li>Add petabyte (<code>pb</code>) support</li>
<li>Fix &quot;thousandsSeparator&quot; incorrecting formatting
fractional part</li>
<li>Fix return value for un-parsable strings</li>
</ul>
</li>
<li>deps: compressible@~2.0.18
<ul>
<li>Mark <code>font/ttf</code> as compressible</li>
<li>Remove compressible from <code>multipart/mixed</code></li>
<li>deps: mime-db@'&gt;= 1.43.0 &lt; 2'</li>
</ul>
</li>
<li>deps: safe-buffer@5.2.1</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/expressjs/compression/commit/83a0c45fe190f4fcb8b515c18065db9cb9029dd1"><code>83a0c45</code></a>
1.8.1</li>
<li><a
href="https://github.com/expressjs/compression/commit/ce62713129f4b33eac4b833e1722410091646395"><code>ce62713</code></a>
deps: on-headers@1.1.0 (<a
href="https://redirect.github.com/expressjs/compression/issues/246">#246</a>)</li>
<li><a
href="https://github.com/expressjs/compression/commit/f4acb23985fa345318d34d4a96acf555a883efeb"><code>f4acb23</code></a>
build(deps-dev): bump eslint-plugin-import from 2.31.0 to 2.32.0 (<a
href="https://redirect.github.com/expressjs/compression/issues/244">#244</a>)</li>
<li><a
href="https://github.com/expressjs/compression/commit/6eaebe63f2ecac191d402c570bde140488435c4c"><code>6eaebe6</code></a>
build(deps): bump actions/checkout from 4.1.1 to 4.2.2 (<a
href="https://redirect.github.com/expressjs/compression/issues/241">#241</a>)</li>
<li><a
href="https://github.com/expressjs/compression/commit/37e062312fd270f84b5f50f7c6f88312609633f5"><code>37e0623</code></a>
build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 (<a
href="https://redirect.github.com/expressjs/compression/issues/240">#240</a>)</li>
<li><a
href="https://github.com/expressjs/compression/commit/bc436b26283c2f85a9711085dd0e4a580de50ba7"><code>bc436b2</code></a>
build(deps): bump actions/upload-artifact from 4.3.1 to 4.6.2 (<a
href="https://redirect.github.com/expressjs/compression/issues/239">#239</a>)</li>
<li><a
href="https://github.com/expressjs/compression/commit/2f9f5726751ecf12f7c46a9d1493bcd1966e09a7"><code>2f9f572</code></a>
build(deps): bump github/codeql-action from 3.28.15 to 3.29.2 (<a
href="https://redirect.github.com/expressjs/compression/issues/243">#243</a>)</li>
<li><a
href="https://github.com/expressjs/compression/commit/5f13b148d2a1a2daaa8647e03592214bb240bf18"><code>5f13b14</code></a>
[StepSecurity] ci: Harden GitHub Actions (<a
href="https://redirect.github.com/expressjs/compression/issues/235">#235</a>)</li>
<li><a
href="https://github.com/expressjs/compression/commit/76e094548125afbf8089a482d5982dc96c7ce398"><code>76e0945</code></a>
build(deps-dev): bump supertest from 6.2.3 to 6.3.4 (<a
href="https://redirect.github.com/expressjs/compression/issues/231">#231</a>)</li>
<li><a
href="https://github.com/expressjs/compression/commit/ae6ee809dc0cb40febaf2a5bff298465bd5a207f"><code>ae6ee80</code></a>
build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.31.0 (<a
href="https://redirect.github.com/expressjs/compression/issues/230">#230</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/expressjs/compression/compare/1.7.4...v1.8.1">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~ulisesgascon">ulisesgascon</a>, a new
releaser for compression since your current version.</p>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/git-bug/git-bug/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the go_modules group with 1 update in the / directory:
[github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure).

Updates `github.com/go-viper/mapstructure/v2` from 2.2.1 to 2.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-viper/mapstructure/releases">github.com/go-viper/mapstructure/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/46">go-viper/mapstructure#46</a></li>
<li>build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/47">go-viper/mapstructure#47</a></li>
<li>[enhancement] Add check for <code>reflect.Value</code> in
<code>ComposeDecodeHookFunc</code> by <a
href="https://github.com/mahadzaryab1"><code>@​mahadzaryab1</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/52">go-viper/mapstructure#52</a></li>
<li>build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/51">go-viper/mapstructure#51</a></li>
<li>build(deps): bump actions/checkout from 4.2.0 to 4.2.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/50">go-viper/mapstructure#50</a></li>
<li>build(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/55">go-viper/mapstructure#55</a></li>
<li>build(deps): bump actions/setup-go from 5.2.0 to 5.3.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/58">go-viper/mapstructure#58</a></li>
<li>ci: add Go 1.24 to the test matrix by <a
href="https://github.com/sagikazarmark"><code>@​sagikazarmark</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/74">go-viper/mapstructure#74</a></li>
<li>build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.5.0
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/72">go-viper/mapstructure#72</a></li>
<li>build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/76">go-viper/mapstructure#76</a></li>
<li>build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/78">go-viper/mapstructure#78</a></li>
<li>feat: add decode hook for netip.Prefix by <a
href="https://github.com/tklauser"><code>@​tklauser</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/85">go-viper/mapstructure#85</a></li>
<li>Updates by <a
href="https://github.com/sagikazarmark"><code>@​sagikazarmark</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/86">go-viper/mapstructure#86</a></li>
<li>build(deps): bump github/codeql-action from 2.13.4 to 3.28.15 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/87">go-viper/mapstructure#87</a></li>
<li>build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/93">go-viper/mapstructure#93</a></li>
<li>build(deps): bump github/codeql-action from 3.28.15 to 3.28.17 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/92">go-viper/mapstructure#92</a></li>
<li>build(deps): bump github/codeql-action from 3.28.17 to 3.28.19 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/97">go-viper/mapstructure#97</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/96">go-viper/mapstructure#96</a></li>
<li>Update README.md by <a
href="https://github.com/peczenyj"><code>@​peczenyj</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/90">go-viper/mapstructure#90</a></li>
<li>Add omitzero tag. by <a
href="https://github.com/Crystalix007"><code>@​Crystalix007</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/98">go-viper/mapstructure#98</a></li>
<li>Use error structs instead of duplicated strings by <a
href="https://github.com/m1k1o"><code>@​m1k1o</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/102">go-viper/mapstructure#102</a></li>
<li>build(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/101">go-viper/mapstructure#101</a></li>
<li>feat: add common error interface by <a
href="https://github.com/sagikazarmark"><code>@​sagikazarmark</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/105">go-viper/mapstructure#105</a></li>
<li>update linter by <a
href="https://github.com/sagikazarmark"><code>@​sagikazarmark</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/106">go-viper/mapstructure#106</a></li>
<li>Feature allow unset pointer by <a
href="https://github.com/rostislaved"><code>@​rostislaved</code></a> in
<a
href="https://redirect.github.com/go-viper/mapstructure/pull/80">go-viper/mapstructure#80</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/tklauser"><code>@​tklauser</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/85">go-viper/mapstructure#85</a></li>
<li><a href="https://github.com/peczenyj"><code>@​peczenyj</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/90">go-viper/mapstructure#90</a></li>
<li><a
href="https://github.com/Crystalix007"><code>@​Crystalix007</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/98">go-viper/mapstructure#98</a></li>
<li><a
href="https://github.com/rostislaved"><code>@​rostislaved</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/80">go-viper/mapstructure#80</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0">https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/go-viper/mapstructure/commit/8c61ec1924fcfa522f9fc6b4618c672db61d1a38"><code>8c61ec1</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/80">#80</a>
from rostislaved/feature-allow-unset-pointer</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/df765f469ad16a1996fd0f0ae6a32b20535b966a"><code>df765f4</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/106">#106</a>
from go-viper/update-linter</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/5f34b05aa12639380ef7c2af69eb6f8fd629dbd0"><code>5f34b05</code></a>
update linter</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/36de1e1d74f55681536097ff8467a8ce952ef183"><code>36de1e1</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/105">#105</a>
from go-viper/error-refactor</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/6a283a390ee7bc0f9331f58199db234902e0739f"><code>6a283a3</code></a>
chore: update error type doc</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/599cb73236404c044abcf278a45c3928d7480dd0"><code>599cb73</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/101">#101</a>
from go-viper/dependabot/github_actions/github/codeql...</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/ed3f92181528ff776a0324107b8b55026e93766a"><code>ed3f921</code></a>
feat: remove value from error messages</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/a3f8b227dcdae324c070d389152837f0aa635f4b"><code>a3f8b22</code></a>
revert: error message change</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/9661f6d07c319da00ae0508d99df5f3f0c3953bd"><code>9661f6d</code></a>
feat: add common error interface</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/f12f6c76fe743c8e4cc6465c6a9f16fcd8cede57"><code>f12f6c7</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/102">#102</a>
from m1k1o/prettify-errors2</li>
<li>Additional commits viewable in <a
href="https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-viper/mapstructure/v2&package-manager=go_modules&previous-version=2.2.1&new-version=2.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/git-bug/git-bug/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the go_modules group with 1 update in the / directory:
[github.com/cloudflare/circl](https://github.com/cloudflare/circl).

Updates `github.com/cloudflare/circl` from 1.4.0 to 1.6.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cloudflare/circl/releases">github.com/cloudflare/circl's
releases</a>.</em></p>
<blockquote>
<h2>CIRCL v1.6.1</h2>
<ul>
<li>Fixes some point checks on the FourQ curve.</li>
<li>Hybrid KEM fails on low-order points.</li>
</ul>
<h3>What's Changed</h3>
<ul>
<li>kem/hybrid: ensure X25519 hybrids fails with low order points by <a
href="https://github.com/Lekensteyn"><code>@​Lekensteyn</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/541">cloudflare/circl#541</a></li>
<li>.github: Use native ARM64 builders instead of QEMU by <a
href="https://github.com/Lekensteyn"><code>@​Lekensteyn</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/542">cloudflare/circl#542</a></li>
<li>Fixes several errors on twisted Edwards curves. by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/545">cloudflare/circl#545</a></li>
<li>Release v1.6.1 by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/546">cloudflare/circl#546</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1">https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1</a></p>
<h2>CIRCL v1.6.0</h2>
<h3>New!</h3>
<ul>
<li><a
href="https://github.com/cloudflare/circl/blob/main/vdaf/prio3">Prio3</a>
Verifiable Distributed Aggregation Function (<a
href="https://datatracker.ietf.org/doc/draft-irtf-cfrg-vdaf/">draft-irtf-cfrg-vdaf</a>).</li>
<li><a
href="https://github.com/cloudflare/circl/blob/main/kem/xwing">X-Wing</a>:
general-purpose hybrid post-quantum KEM (<a
href="https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/">draft-connolly-cfrg-xwing-kem</a>)</li>
</ul>
<h3>What's Changed</h3>
<ul>
<li>Add OIDs to ML-DSA by <a
href="https://github.com/bwesterb"><code>@​bwesterb</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/519">cloudflare/circl#519</a></li>
<li>Adds Prio3 a set of verifiable distributed aggregation functions. by
<a href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/522">cloudflare/circl#522</a></li>
<li>Run semgrep cronjob only in upstream repository. by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/526">cloudflare/circl#526</a></li>
<li>X-Wing PQ/T hybrid by <a
href="https://github.com/bwesterb"><code>@​bwesterb</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/471">cloudflare/circl#471</a></li>
<li>ckem: move crypto/elliptic to crypto/ecdh by <a
href="https://github.com/MingLLuo"><code>@​MingLLuo</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/529">cloudflare/circl#529</a></li>
<li>hpke: Update HPKE code to use ecdh stdlib package. by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/530">cloudflare/circl#530</a></li>
<li>prio3: Adds polynomial multiplication using NTT by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/532">cloudflare/circl#532</a></li>
<li>Add Prio3 in readme. by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/527">cloudflare/circl#527</a></li>
</ul>
<h3>New Contributors</h3>
<ul>
<li><a href="https://github.com/MingLLuo"><code>@​MingLLuo</code></a>
made their first contribution in <a
href="https://redirect.github.com/cloudflare/circl/pull/529">cloudflare/circl#529</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/cloudflare/circl/compare/v1.5.0...v1.6.0">https://github.com/cloudflare/circl/compare/v1.5.0...v1.6.0</a></p>
<h1>CIRCL v1.5.0</h1>
<p><strong>New:</strong> ML-DSA, Module-Lattice-based Digital Signature
Algorithm.</p>
<h3>What's Changed</h3>
<ul>
<li>kem: add X25519MLKEM768 TLS hybrid KEM by <a
href="https://github.com/bwesterb"><code>@​bwesterb</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/510">cloudflare/circl#510</a></li>
<li>Create semgrep.yml by <a
href="https://github.com/hrushikeshdeshpande"><code>@​hrushikeshdeshpande</code></a>
in <a
href="https://redirect.github.com/cloudflare/circl/pull/514">cloudflare/circl#514</a></li>
<li>repo: Some fixes reported by CodeQL by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/515">cloudflare/circl#515</a></li>
<li>Add ML-DSA (FIPS204) by <a
href="https://github.com/bwesterb"><code>@​bwesterb</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/480">cloudflare/circl#480</a></li>
<li>sign/mldsa: Add test for ML-DSA signature verification. by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/517">cloudflare/circl#517</a></li>
<li>Release v1.5.0 by <a
href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a
href="https://redirect.github.com/cloudflare/circl/pull/518">cloudflare/circl#518</a></li>
</ul>
<h3>New Contributors</h3>
<ul>
<li><a
href="https://github.com/hrushikeshdeshpande"><code>@​hrushikeshdeshpande</code></a>
made their first contribution in <a
href="https://redirect.github.com/cloudflare/circl/pull/514">cloudflare/circl#514</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/cloudflare/circl/compare/v1.4.0...v1.5.0">https://github.com/cloudflare/circl/compare/v1.4.0...v1.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cloudflare/circl/commit/c6d33e35234ebf5c4319d12ae7d77d7d17053e56"><code>c6d33e3</code></a>
Release v1.6.1</li>
<li><a
href="https://github.com/cloudflare/circl/commit/0c3868ef6fc8ce864bc4104863186afdd2947f14"><code>0c3868e</code></a>
curve4q: Shared must fail with low order points.</li>
<li><a
href="https://github.com/cloudflare/circl/commit/9fd570dd508eef941d3f42fb94413a899b96d52e"><code>9fd570d</code></a>
curve4q: Test showing DH does not fails on identity point.</li>
<li><a
href="https://github.com/cloudflare/circl/commit/c988ceba827fe09896e770c152646dded447903d"><code>c988ceb</code></a>
fourq: Correctly unmarshalling point.</li>
<li><a
href="https://github.com/cloudflare/circl/commit/ef2611dcde7f6d25e31082412bbb30f2a870d133"><code>ef2611d</code></a>
fourq: Test showing point unmarshal fails.</li>
<li><a
href="https://github.com/cloudflare/circl/commit/05eba44d1a35f979c5f3ac914bcc50c1122e8ced"><code>05eba44</code></a>
fourq: Handle the case of Z=0 for IsOnCurve and IsEqual.</li>
<li><a
href="https://github.com/cloudflare/circl/commit/eef08780cc3cb9befa20014e65f731391103be6b"><code>eef0878</code></a>
fourq: Test showing isEqual and IsOnCurve fail.</li>
<li><a
href="https://github.com/cloudflare/circl/commit/2298474ef688938e4a81ca14990b9a11a8677e2a"><code>2298474</code></a>
goldilocks; Handling points with z=0.</li>
<li><a
href="https://github.com/cloudflare/circl/commit/5a940a111507232035d0b753fbf3068c52d6b8ac"><code>5a940a1</code></a>
goldilocks: Test for IsEqual must fail with Z=0</li>
<li><a
href="https://github.com/cloudflare/circl/commit/48c3b6a2746a18db4d8b675ab296980514359340"><code>48c3b6a</code></a>
ed25519: Fix isEqual to handle points with Z=0.</li>
<li>Additional commits viewable in <a
href="https://github.com/cloudflare/circl/compare/v1.4.0...v1.6.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cloudflare/circl&package-manager=go_modules&previous-version=1.4.0&new-version=1.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/git-bug/git-bug/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Change-Id: Iddffb45d6ab73096e2c27e8e5029eabe47e092d8

Change-Id: I1085b7a7bad5eec02da81e131e92abc15af29d2d

Closes: #1404
Change-Id: Iee167b1de8df7019d39157fb258aa612942ab4d4

This change upgrades `bleve`, primarily to remove the need for the
replace directive on `github.com/willf/bitset`, but this change upgrades
further to move past a non-impacting vulnerability to the `bleve/http`
package [0] [1], even though we do not use it, even indirectly.

Note that even though the GitHub advisory [0] notes that this is patched
in `v2.5.0`, all that seems to have happened (see [1]) is that a README
was added to the package noting the vulnerabilities.

Other CVE databases [2] [3] do not mark this as resolved. Again,
however, git-bug DOES NOT USE this package, so it is not really a
concern.

The cache and indexing format was changed. Index storage gains are
_significant_ (at the time of writing, with the git-bug repository, this
change reduces the index cache from ~51 MiB to less than 4 MiB).

This does not come with a change to bleve's API. We do have a test that
validates that the index file exists, however, so this change refactors
that to check against the appropriate path.

[0]: https://github.com/advisories/GHSA-9w9f-6mg8-jp7w
[1]:
https://github.com/blevesearch/bleve/commit/1c7509d6a17d36f265c90b4e8f4e3a3182fe79ff
[2]: https://nvd.nist.gov/vuln/detail/CVE-2022-31022
[3]: https://pkg.go.dev/vuln/GO-2022-0470

BREAKING-CHANGE:
 This causes a change to the format of the internal, local cache that
 git-bug uses. Users should note that older versions of git-bug will be
 incompatible with this new cache format.

 If you wish to downgrade to an older version of git-bug, you should
 first remove the cache by executing `rm -rf .git/git-bug` in a
 terminal, and then initialize the older version of git-bug to build a
 compatible version of the cache.

Co-authored-by: Michael Muré <battoletre@gmail.com>
Change-Id: I9ab436ade9221bfd91b84ebaf47434f1b3d91cd3

Co-authored-by: Michael Muré <battoletre@gmail.com>

This change refactors the implementation of how the version is embedded
in the binary to reduce the number of variables necessary to determine
the version information from 3 to 1.

The legacy build variables are still supported, however, a warning will
be emitted instructing users to contact their package maintainer. The
legacy GitExacTag variable, if present, will be used to set main.version
if it is undefined. This ensures that unmigrated package builds will
continue to provide the correct version information.

The legacy build variables will be supported until 0.12.0, giving
package maintainers some time to migrate.

Change-Id: I05fea97169ea1af87b198174afe5b6663f860fd8

This change adds a new pipeline named `cron`, with an initial task that
will handle automatically updating the default branch for this
repository on May 31 2025.

Ref: #1404
Change-Id: Iff5529938d9be50de9733f98e72e86c4480e1d6e

This change removes the 'commands' command. This command historically
printed out all of the commands, optionally with help text. This is
superfluous, as we ship a manpage for each of the common shells, have
markdown documentation available in the repository, and provide help
text via the `--help` flag.

BREAKING-CHANGE: The `commands` command has been removed. There is no
replacement
 planned. Users are encouraged to run `--help`, view the markdown
 documentation available online, or run `man git-bug` to view the
 manpage in your terminal.
Change-Id: I8bbfb03c03c820ec0b56549e59ab76826c45b9cc

This change removes several commit preprocessors that were originally
used to touch up commit subjects on initial import, and are no longer
needed.

Change-Id: Ic23cef9cf6aef657c985937f5354b2b2db100fa7

Change-Id: I0a21fbc9eb6d11afb647c8e51e40d3a5f5155792

Change-Id: I68b8c234100ae91a6ad6b838211ce2ce7dd8feca

Change-Id: Ie21eb3761c8e632d1ff66c5b3fc2474f97e3364e

This change fixes an error typically encountered in the `git-bug-wipe`
command, caused by overly zealous implementations of
//repository:config.go%ConfigWrite.RemoveAll(). This change refactors
these implementations to only attempt to remove sections that exist,
and ignore non-existent sections.

Closes: #1451
Change-Id: I66e710239915c8601dd70a78ae65eb625e093ef6

Change-Id: I730373865da056571936357916b589a6cbc740b2

with this upgraded, we no longer depend on an vulnerable version of the
`ws` library through an old graphql version

This change adds additional information to //:CONTRIBUTING.md, meant to
provide guidance to potential contributors about how our review process
works, and how we suggest iterating and submitting changes.

Change-Id: I06073fa43d9fd37d35bc04aa5bfc0187d343b257

This change refactors all root pipelines (`trunk` and `presubmit`) to
limit the contents permission to read. By default, GitHub has taken the
overly-permissive approach of granting all permissions if the
`permissions` map is not explicitly defined. Usability wins out over
security, again.

Change-Id: Idaca851385fb82eefd6c7c9b8ee46b85a3f4901c

* upgrades remark/rehype/unified npm packages, and reconfigures
everything for 2025
* `Label` can now be made inline, which fixes a react hydration error on
the bug page
* new remark plugins for GFM, hard line breaks & syntax highlighting

This change removes `gokart` because it is unmaintained, and the
`replace` directive breaks `go install`.

Change-Id: I17ec23cc90abecbae20c4adaf6be46cf507645ec

This was disabled while debugging prettier vs. mdformat interactions
through treefmt, and accidentally committed in
08ffc2b82919b9254cc59c97756c546a508b4f73.

Change-Id: I14ebc1d0edf6ed755ad15b6ba58b6d9c6f5519f5

This change enables prettier, and enables formatting of //webui.

Change-Id: I2516459649bf6c19a8dc495d3a4d915a6a881b39

Recent changes were made to //webui, but the bundle was not updated.
This was missed because it was not validated in CI. This change runs
`make pack-webui` in order to generate this bundle.

Change-Id: I63ccad91c7edb381813db684ac65f83aa7c048fc

This change adds //.mailmap initialized with mappings for duplicate
names and email addresses found in the repository archive. When a
duplicate was found, the name and email were chosen preferring the
longest name for the author, and the most practical email address (e.g.
if an obvious personal and professional email address existed, the
personal address was chosen).

Duplicate names were found with the following command:

    git shortlog -se |\
awk 'match($0, /[0-9]+[ \t]+(.*)[ \t]+<.*>/, m) { print m[1] }' |\
        sort |\
        uniq -d

Duplicate email addresses were found with the following command:

    git shortlog -se |\
awk 'match($0, /<[^>]+>/) { print substr($0, RSTART+1, RLENGTH-2) }' |\
        sort |\
        uniq -d

Change-Id: Ie0280ee336098c080cf5af8062dae20cb7a41e8e

* removes the tabbed navigation completely
* makes it possible to see the custom name of the repository


tabs (and really all not "main" nav) were not in use and the features
may not work the same way in the future, so rather than redesigning, the
whole tab bare was removed.

for the custom name, if it's `__default`, the the default `git-bug` text
is displayed; otherwise, the name of the repo.

* upgrades react from v18->v19, the latest
* upgrades react router from v6->v7, the latest
* removes `react-moment`, which is not updated for react 19
* replace the trivial usages of the `<Moment>` component with a new one

This change adds //:CHANGELOG.md initialized with all current and prior
releases. The changelog is generated with the following command:

    git cliff -o CHANGELOG.md 0.1.0..v0.9.0

Change-Id: Iad09675d882c8fa7c135acb7224d3a07a35b1169

upgrades outdate npm dependencies to latest minor versions compatible
with each other, in prep for larger upgrades to bring up to date.

of note, React 17->18 drops the react-dom library and required some
mechanical changes due to apollo client errors no longer being
renderable.

---

screenshot to show application still running after upgrades

![Screenshot 2025-05-14 at 10 00
27 PM](https://github.com/user-attachments/assets/82257a5f-aefb-4fdb-8bc8-a5da12eceaaa)

This change provides more clarity as to the type and scope requirements,
and adds in additional information with regard to hyperlinks,
appropriate trailers to
use in the footer, and clarifies the difference between our requirements
and the conventional commit spec v1.0.0.

Change-Id: I7e3d4646c09728acf27c4efce24655896b8513a7

Change-Id: I70b522ef519e709e643ed90efbe712112d348141

This change changes the help bar's background color to the "black" value
for the terminal, and increases spacing between the different commands
to improve readability.

Closes: git-bug/git-bug#1411
Change-Id: I380d1fee4ae51869876f00c76c0f952d47dd8912

This change provides guidelines for writing conventional commit
messages, which will be enforced in the future. This change is being
made in order to improve ergonomics for browsing the repository and its
changes, and to support better changelog generation.

Change-Id: I533ca3c66e697aaafcc1409711600017006e264a

This change updates //:.editorconfig to improve the alignment between
its configuration settings and the output from formatters, in an effort
to reduce format cycles during iteration.

Change-Id: I8e1af63a961bc8ca29d8b4a41f80ae7251a96f26

Co-authored-by: KOTP <keeperotphones@gmail.com>

This change refactors the derivation defined in //nix/checks:pinact.nix,
rewriting it with pkgs.runCommand so that `nix flake check` actually
executes it.

Change-Id: Ic941133bcbedd8505580db71abbaaaf8326fb874

This change removes //.github/workflows:lifecycle.yml, which was
historically used to automatically label and unlabel issues and pull
requests based on inactivity. After consideration, it has been decided
that this sort of automatic label management introduces unecessary
noise.

The removal of this workflow means that issues and pull requests will no
longer be marked as idle or dormant. These labels can be removed:

- lifecycle/idle
- lifecycle/dormant

Change-Id: I03d8cc6cf11d8fde88029bd64315855d81e3d353

This change introduces a pipeline job called `mirror` that will push to
`refs/heads/trunk` automatically, in order to keep it in sync with the
default tree.

This job is restricted to the SoT for git-bug, and will only execute for
the first run of the workflow.

Refs: #1404
Change-Id: If65f83ce9058dd01aa74f6841dc58ac040284b18

This change replaces tabs inside of a raw string literal used as a patch
for the shell completion files with spaces, and removes a trailing
space. This fixes an issue where regeneration of the file would lead to
a diff.

Change-Id: I3469a859ed63fe4ef9b8b6f156ff0ce5cb7af91c

This test regularly fails on Windows. It should be rewritten so as to
avoid flakiness, however, marking it as flaky as a stop-gap enables a
better pipeline experience without requiring the upfront cost of
rewriting it.

Change-Id: Ia0dc13864e0fdf463b01a2a31b8d59b692c0c924

This change adds support to //internal/test%recorder for Helper(), and
improves the ergonomics around error reporting.

Change-Id: Ia1762587b16dee9ba6ca3c428c1f935eb333a63b

This change adds support to //internal/test for Failed() and
FailedNow(), and expands the support for setting and detecting the
failed status on //internal/test%recorder.

Change-Id: I04e7a978cbf0ead8d28722c0a3a0fc34136e72e1

This change adds an internal utility library for running flaky tests
with built-in support for incremental backoff retries. This can be used
by packages within this repository by importing `internal/test` and
invoking it as such:

    func SomeTest(t *testing.T) {
        f := test.NewFlaky(t, &test.FlakyOptions{
            // define options here
            ...
        })

        f.Run(func(t testing.TB) {
            // original test logic here
            ...
        }
    }

Change-Id: I8c6138c39c381bcee408ea6b7fe9d9b6eeb48fed