c018806
graphql: connection to list repos (#1534)
Michael Muré created
Commit log
481c049
feat(api): add a subscription for bugs (#1456)
Michael Muré created
c098c21
ci: remove redundant workflow: mirror (#1530)
Click to expand commit body
This workflow existed to mirror commits from `trunk` to the old default branch. Official support for maintaining the old default branch ended on January 31 2026, and as such, it no longer serves a purpose. Refs: #1404 Change-Id: Idd053c299c96958ffb85c3620cdef7ef29a59126
sudoforge created
dc800ec
feat: use git-describe for setting the version string (#1522)
Click to expand commit body
This change uses git-describe to set the version string, which improves
the user experience by always showing the most recent tag, with
additional git data (such as the delta of a commits between that tag and
HEAD).
Before this change, we see the following output:
git-bug undefined 7468b3793fbf go1.24.9 linux amd64
With this change, the output becomes:
git-bug v0.10.1-24-gb957ba2e-dirty b957ba2e5947/dirty go1.24.9 linux
amd64
The duplicated VCS information does add noise, however, this will be
dealt with in a future commit.
---------
Co-authored-by: sudoforge <no-reply@sudoforge.com>
Yaroslav Halchenko and sudoforge created
870d45b
test: use work_items url for gitlab issues (#1529)
Click to expand commit body
Gitlab has made a breaking change in that issues are returned from their
API with the new `work_items` URL schema.
That is, what used to be:
https://gitlab.com/:group/:project/-/issues/:id
is now:
https://gitlab.com/:group/:project/-/work_items/:id
This caused TestGitlabImport to fail, because we are using the hardcoded
URL in the test structures to match against issues fetched from the API.
Change-Id: I2aad98118fe4da7c56bdf2a83412ea753e1bbd23
sudoforge created
7468b37
build(deps): bump github.com/go-git/go-git/v5 from 5.13.0 to 5.16.5 in the go_modules group across 1 directory (#1517)
Click to expand commit body
Bumps the go_modules group with 1 update in the / directory: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git). Updates `github.com/go-git/go-git/v5` from 5.13.0 to 5.16.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's releases</a>.</em></p> <blockquote> <h2>v5.16.5</h2> <h2>What's Changed</h2> <ul> <li>build: Update module golang.org/x/crypto to v0.45.0 [SECURITY] (releases/v5.x) by <a href="https://github.com/go-git-renovate"><code>@​go-git-renovate</code></a>[bot] in <a href="https://redirect.github.com/go-git/go-git/pull/1744">go-git/go-git#1744</a></li> <li>build: Bump Go test versions to 1.23-1.25 (v5) by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1746">go-git/go-git#1746</a></li> <li>[v5] git: worktree, Don't delete local untracked files when resetting worktree by <a href="https://github.com/Ch00k"><code>@​Ch00k</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1800">go-git/go-git#1800</a></li> <li>Expand packfile checks by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1836">go-git/go-git#1836</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.16.4...v5.16.5">https://github.com/go-git/go-git/compare/v5.16.4...v5.16.5</a></p> <h2>v5.16.4</h2> <h2>What's Changed</h2> <ul> <li>backport plumbing: format/idxfile, prevent panic by <a href="https://github.com/swills"><code>@​swills</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1732">go-git/go-git#1732</a></li> <li>[backport] build: test, Fix build on Windows. by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1734">go-git/go-git#1734</a></li> <li>build: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by <a href="https://github.com/go-git-renovate"><code>@​go-git-renovate</code></a>[bot] in <a href="https://redirect.github.com/go-git/go-git/pull/1742">go-git/go-git#1742</a></li> <li>build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY] (releases/v5.x) by <a href="https://github.com/go-git-renovate"><code>@​go-git-renovate</code></a>[bot] in <a href="https://redirect.github.com/go-git/go-git/pull/1741">go-git/go-git#1741</a></li> <li>build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY] (releases/v5.x) by <a href="https://github.com/go-git-renovate"><code>@​go-git-renovate</code></a>[bot] in <a href="https://redirect.github.com/go-git/go-git/pull/1743">go-git/go-git#1743</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.16.3...v5.16.4">https://github.com/go-git/go-git/compare/v5.16.3...v5.16.4</a></p> <h2>v5.16.3</h2> <h2>What's Changed</h2> <ul> <li>internal: Expand regex to fix build [5.x] by <a href="https://github.com/baloo"><code>@​baloo</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1644">go-git/go-git#1644</a></li> <li>build: raise timeouts for windows CI tests and disable CIFuzz [5.x] by <a href="https://github.com/baloo"><code>@​baloo</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1646">go-git/go-git#1646</a></li> <li>plumbing: support commits extra headers, support jujutsu signed commit [5.x] by <a href="https://github.com/baloo"><code>@​baloo</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1633">go-git/go-git#1633</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.16.2...v5.16.3">https://github.com/go-git/go-git/compare/v5.16.2...v5.16.3</a></p> <h2>v5.16.2</h2> <h2>What's Changed</h2> <ul> <li>utils: fix diff so subpaths work for sparse checkouts, fixes 1455 to releases/v5.x by <a href="https://github.com/kane8n"><code>@​kane8n</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1567">go-git/go-git#1567</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.16.1...v5.16.2">https://github.com/go-git/go-git/compare/v5.16.1...v5.16.2</a></p> <h2>v5.16.1</h2> <h2>What's Changed</h2> <ul> <li>utils: merkletrie, Fix diff on sparse-checkout index. Fixes <a href="https://redirect.github.com/go-git/go-git/issues/1406">#1406</a> to releases/v5.x by <a href="https://github.com/kane8n"><code>@​kane8n</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1561">go-git/go-git#1561</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/kane8n"><code>@​kane8n</code></a> made their first contribution in <a href="https://redirect.github.com/go-git/go-git/pull/1561">go-git/go-git#1561</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.16.0...v5.16.1">https://github.com/go-git/go-git/compare/v5.16.0...v5.16.1</a></p> <h2>v5.16.0</h2> <h2>What's Changed</h2> <ul> <li>[v5] plumbing: support mTLS for HTTPS protocol by <a href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1510">go-git/go-git#1510</a></li> <li>v5: plumbing: transport, Reintroduce SetHostKeyCallback. Fix <a href="https://redirect.github.com/go-git/go-git/issues/1514">#1514</a> by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1515">go-git/go-git#1515</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-git/go-git/commit/48a1ae05eec4fff4dd0343744a00bf8d6a7a0b4b"><code>48a1ae0</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1836">#1836</a> from go-git/check-v5</li> <li><a href="https://github.com/go-git/go-git/commit/42bdf1f9044e2145acaed6ac4dbf1b8d257da5bd"><code>42bdf1f</code></a> storage: filesystem, Verify idx matches pack file</li> <li><a href="https://github.com/go-git/go-git/commit/4146a5653f186f90057afecb7e0addd9e623cf19"><code>4146a56</code></a> plumbing: format/idxfile, Verify idxfile's checksum</li> <li><a href="https://github.com/go-git/go-git/commit/63d78ec080cb176f8cd7bf46ce14f4ba01c1d2e5"><code>63d78ec</code></a> plumbing: format/packfile, Add new ErrMalformedPackFile</li> <li><a href="https://github.com/go-git/go-git/commit/25f1624754395a0c67839e71b34956c853f2eb3d"><code>25f1624</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1800">#1800</a> from Ch00k/no-delete-untracked-v5</li> <li><a href="https://github.com/go-git/go-git/commit/600fb139079e3c6886fcfeb20021c707e99e29b4"><code>600fb13</code></a> git: worktree, Don't delete local untracked files when resetting worktree</li> <li><a href="https://github.com/go-git/go-git/commit/390a56941510fdc19276aa298228d61889aad97a"><code>390a569</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1746">#1746</a> from pjbgf/bump-go</li> <li><a href="https://github.com/go-git/go-git/commit/61c8b859ce3366257354695e99d78fc3739b60fb"><code>61c8b85</code></a> build: Bump Go test versions to 1.23-1.25 (v5)</li> <li><a href="https://github.com/go-git/go-git/commit/e5a05ecd4fb91dc5323ec77667346ae94d84c043"><code>e5a05ec</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1744">#1744</a> from go-git/renovate/releases/v5.x-go-golang.org-x-c...</li> <li><a href="https://github.com/go-git/go-git/commit/1495930b098b5e72394ae8ccc2d9396b8aa7e013"><code>1495930</code></a> plumbing: Remove use of non-constant format strings</li> <li>Additional commits viewable in <a href="https://github.com/go-git/go-git/compare/v5.13.0...v5.16.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/git-bug/git-bug/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
335cca7
build(deps): bump the npm_and_yarn group across 1 directory with 2 updates (#1513)
Click to expand commit body
Bumps the npm_and_yarn group with 2 updates in the /webui directory: [qs](https://github.com/ljharb/qs) and [webpack](https://github.com/webpack/webpack). Updates `qs` from 6.13.0 to 6.14.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.1</strong></h2> <ul> <li>[Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li> <li>[Refactor] <code>parse</code>: extract key segment splitting helper</li> <li>[meta] add threat model</li> <li>[actions] add workflow permissions</li> <li>[Tests] <code>stringify</code>: increase coverage</li> <li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li> </ul> <h2><strong>6.14.0</strong></h2> <ul> <li>[New] <code>parse</code>: add <code>throwOnParameterLimitExceeded</code> option (<a href="https://redirect.github.com/ljharb/qs/issues/517">#517</a>)</li> <li>[Refactor] <code>parse</code>: use <code>utils.combine</code> more</li> <li>[patch] <code>parse</code>: add explicit <code>throwOnLimitExceeded</code> default</li> <li>[actions] use shared action; re-add finishers</li> <li>[meta] Fix changelog formatting bug</li> <li>[Deps] update <code>side-channel</code></li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>has-bigints</code>, <code>has-proto</code>, <code>has-symbols</code></li> <li>[Tests] increase coverage</li> </ul> <h2><strong>6.13.1</strong></h2> <ul> <li>[Fix] <code>stringify</code>: avoid a crash when a <code>filter</code> key is <code>null</code></li> <li>[Fix] <code>utils.merge</code>: functions should not be stringified into keys</li> <li>[Fix] <code>parse</code>: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset</li> <li>[Fix] <code>stringify</code>: ensure a non-string <code>filter</code> does not crash</li> <li>[Refactor] use <code>__proto__</code> syntax instead of <code>Object.create</code> for null objects</li> <li>[Refactor] misc cleanup</li> <li>[Tests] <code>utils.merge</code>: add some coverage</li> <li>[Tests] fix a test case</li> <li>[actions] split out node 10-20, and 20+</li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>mock-property</code>, <code>object-inspect</code>, <code>tape</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ljharb/qs/commit/3fa11a5f643c76896387bd2d86904a2d0141fdf7"><code>3fa11a5</code></a> v6.14.1</li> <li><a href="https://github.com/ljharb/qs/commit/a62670423c1ccab0dd83c621bfb98c7c024e314d"><code>a626704</code></a> [Dev Deps] update <code>npmignore</code></li> <li><a href="https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"><code>3086902</code></a> [Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li><a href="https://github.com/ljharb/qs/commit/fc7930e86c2264c1568c9f5606830e19b0bc2af2"><code>fc7930e</code></a> [Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/0b06aac566abee45ef0327667a7cc89e7aed8b58"><code>0b06aac</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/64951f6200a1fb72cc003c6e8226dde3d2ef591f"><code>64951f6</code></a> [Refactor] <code>parse</code>: extract key segment splitting helper</li> <li><a href="https://github.com/ljharb/qs/commit/e1bd2599cdff4c936ea52fb1f16f921cbe7aa88c"><code>e1bd259</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/f4b3d39709fef6ddbd85128d1ba4c6b566c4902e"><code>f4b3d39</code></a> [eslint] add eslint 9 optional peer dep</li> <li><a href="https://github.com/ljharb/qs/commit/6e94d9596ca50dffafcef40a5f64eca89962cf34"><code>6e94d95</code></a> [Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code></li> <li><a href="https://github.com/ljharb/qs/commit/973dc3c51c86da9f4e30edeb4b1725158d439102"><code>973dc3c</code></a> [actions] add workflow permissions</li> <li>Additional commits viewable in <a href="https://github.com/ljharb/qs/compare/v6.13.0...v6.14.1">compare view</a></li> </ul> </details> <br /> Updates `webpack` from 5.99.7 to 5.105.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/webpack/webpack/releases">webpack's releases</a>.</em></p> <blockquote> <h2>v5.105.0</h2> <h3>Minor Changes</h3> <ul> <li> <p>Allow resolving worker module by export condition name when using <code>new Worker()</code> (by <a href="https://github.com/hai-x"><code>@​hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20353">#20353</a>)</p> </li> <li> <p>Detect conditional imports to avoid compile-time linking errors for non-existent exports. (by <a href="https://github.com/hai-x"><code>@​hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20320">#20320</a>)</p> </li> <li> <p>Added the <code>tsconfig</code> option for the <code>resolver</code> options (replacement for <code>tsconfig-paths-webpack-plugin</code>). Can be <code>false</code> (disabled), <code>true</code> (use the default <code>tsconfig.json</code> file to search for it), a string path to <code>tsconfig.json</code>, or an object with <code>configFile</code> and <code>references</code> options. (by <a href="https://github.com/alexander-akait"><code>@​alexander-akait</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20400">#20400</a>)</p> </li> <li> <p>Support <code>import.defer()</code> for context modules. (by <a href="https://github.com/ahabhgk"><code>@​ahabhgk</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20399">#20399</a>)</p> </li> <li> <p>Added support for array values ​​to the <code>devtool</code> option. (by <a href="https://github.com/hai-x"><code>@​hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20191">#20191</a>)</p> </li> <li> <p>Improve rendering node built-in modules for ECMA module output. (by <a href="https://github.com/hai-x"><code>@​hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20255">#20255</a>)</p> </li> <li> <p>Unknown import.meta properties are now determined at runtime instead of being statically analyzed at compile time. (by <a href="https://github.com/xiaoxiaojx"><code>@​xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20312">#20312</a>)</p> </li> </ul> <h3>Patch Changes</h3> <ul> <li> <p>Fixed ESM default export handling for <code>.mjs</code> files in Module Federation (by <a href="https://github.com/y-okt"><code>@​y-okt</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20189">#20189</a>)</p> </li> <li> <p>Optimized <code>import.meta.env</code> handling in destructuring assignments by using cached stringified environment definitions. (by <a href="https://github.com/xiaoxiaojx"><code>@​xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20313">#20313</a>)</p> </li> <li> <p>Respect the <code>stats.errorStack</code> option in stats output. (by <a href="https://github.com/samarthsinh2660"><code>@​samarthsinh2660</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20258">#20258</a>)</p> </li> <li> <p>Fixed a bug where declaring a <code>module</code> variable in module scope would conflict with the default <code>moduleArgument</code>. (by <a href="https://github.com/xiaoxiaojx"><code>@​xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20265">#20265</a>)</p> </li> <li> <p>Fix VirtualUrlPlugin to set resourceData.context for proper module resolution. Previously, when context was not set, it would fallback to the virtual scheme path (e.g., <code>virtual:routes</code>), which is not a valid filesystem path, causing subsequent resolve operations to fail. (by <a href="https://github.com/xiaoxiaojx"><code>@​xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20390">#20390</a>)</p> </li> <li> <p>Fixed Worker self-import handling to support various URL patterns (e.g., <code>import.meta.url</code>, <code>new URL(import.meta.url)</code>, <code>new URL(import.meta.url, import.meta.url)</code>, <code>new URL("./index.js", import.meta.url)</code>). Workers that resolve to the same module are now properly deduplicated, regardless of the URL syntax used. (by <a href="https://github.com/xiaoxiaojx"><code>@​xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20381">#20381</a>)</p> </li> <li> <p>Reuse the same async entrypoint for the same Worker URL within a module to avoid circular dependency warnings when multiple Workers reference the same resource. (by <a href="https://github.com/xiaoxiaojx"><code>@​xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20345">#20345</a>)</p> </li> <li> <p>Fixed a bug where a self-referencing dependency would have an unused export name when imported inside a web worker. (by <a href="https://github.com/samarthsinh2660"><code>@​samarthsinh2660</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20251">#20251</a>)</p> </li> <li> <p>Fix missing export generation when concatenated modules in different chunks share the same runtime in module library bundles. (by <a href="https://github.com/hai-x"><code>@​hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20346">#20346</a>)</p> </li> <li> <p>Fixed <code>import.meta.env.xxx</code> behavior: when accessing a non-existent property, it now returns empty object instead of full object at runtime. (by <a href="https://github.com/xiaoxiaojx"><code>@​xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20289">#20289</a>)</p> </li> <li> <p>Improved parsing error reporting by adding a link to the loader documentation. (by <a href="https://github.com/gaurav10gg"><code>@​gaurav10gg</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20244">#20244</a>)</p> </li> <li> <p>Fix typescript types. (by <a href="https://github.com/alexander-akait"><code>@​alexander-akait</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20305">#20305</a>)</p> </li> <li> <p>Add declaration for unused harmony import specifier. (by <a href="https://github.com/hai-x"><code>@​hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20286">#20286</a>)</p> </li> <li> <p>Fix compressibility of modules while retaining portability. (by <a href="https://github.com/dmichon-msft"><code>@​dmichon-msft</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20287">#20287</a>)</p> </li> <li> <p>Optimize source map generation: only include <code>ignoreList</code> property when it has content, avoiding empty arrays in source maps. (by <a href="https://github.com/xiaoxiaojx"><code>@​xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20319">#20319</a>)</p> </li> <li> <p>Preserve star exports for dependencies in ECMA module output. (by <a href="https://github.com/hai-x"><code>@​hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20293">#20293</a>)</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/webpack/webpack/blob/main/CHANGELOG.md">webpack's changelog</a>.</em></p> <blockquote> <h2>5.105.0</h2> <h3>Minor Changes</h3> <ul> <li> <p>Allow resolving worker module by export condition name when using <code>new Worker()</code> (by <a href="https://github.com/hai-x"><code>@​hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20353">#20353</a>)</p> </li> <li> <p>Detect conditional imports to avoid compile-time linking errors for non-existent exports. (by <a href="https://github.com/hai-x"><code>@​hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20320">#20320</a>)</p> </li> <li> <p>Added the <code>tsconfig</code> option for the <code>resolver</code> options (replacement for <code>tsconfig-paths-webpack-plugin</code>). Can be <code>false</code> (disabled), <code>true</code> (use the default <code>tsconfig.json</code> file to search for it), a string path to <code>tsconfig.json</code>, or an object with <code>configFile</code> and <code>references</code> options. (by <a href="https://github.com/alexander-akait"><code>@​alexander-akait</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20400">#20400</a>)</p> </li> <li> <p>Support <code>import.defer()</code> for context modules. (by <a href="https://github.com/ahabhgk"><code>@​ahabhgk</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20399">#20399</a>)</p> </li> <li> <p>Added support for array values ​​to the <code>devtool</code> option. (by <a href="https://github.com/hai-x"><code>@​hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20191">#20191</a>)</p> </li> <li> <p>Improve rendering node built-in modules for ECMA module output. (by <a href="https://github.com/hai-x"><code>@​hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20255">#20255</a>)</p> </li> <li> <p>Unknown import.meta properties are now determined at runtime instead of being statically analyzed at compile time. (by <a href="https://github.com/xiaoxiaojx"><code>@​xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20312">#20312</a>)</p> </li> </ul> <h3>Patch Changes</h3> <ul> <li> <p>Fixed ESM default export handling for <code>.mjs</code> files in Module Federation (by <a href="https://github.com/y-okt"><code>@​y-okt</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20189">#20189</a>)</p> </li> <li> <p>Optimized <code>import.meta.env</code> handling in destructuring assignments by using cached stringified environment definitions. (by <a href="https://github.com/xiaoxiaojx"><code>@​xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20313">#20313</a>)</p> </li> <li> <p>Respect the <code>stats.errorStack</code> option in stats output. (by <a href="https://github.com/samarthsinh2660"><code>@​samarthsinh2660</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20258">#20258</a>)</p> </li> <li> <p>Fixed a bug where declaring a <code>module</code> variable in module scope would conflict with the default <code>moduleArgument</code>. (by <a href="https://github.com/xiaoxiaojx"><code>@​xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20265">#20265</a>)</p> </li> <li> <p>Fix VirtualUrlPlugin to set resourceData.context for proper module resolution. Previously, when context was not set, it would fallback to the virtual scheme path (e.g., <code>virtual:routes</code>), which is not a valid filesystem path, causing subsequent resolve operations to fail. (by <a href="https://github.com/xiaoxiaojx"><code>@​xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20390">#20390</a>)</p> </li> <li> <p>Fixed Worker self-import handling to support various URL patterns (e.g., <code>import.meta.url</code>, <code>new URL(import.meta.url)</code>, <code>new URL(import.meta.url, import.meta.url)</code>, <code>new URL("./index.js", import.meta.url)</code>). Workers that resolve to the same module are now properly deduplicated, regardless of the URL syntax used. (by <a href="https://github.com/xiaoxiaojx"><code>@​xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20381">#20381</a>)</p> </li> <li> <p>Reuse the same async entrypoint for the same Worker URL within a module to avoid circular dependency warnings when multiple Workers reference the same resource. (by <a href="https://github.com/xiaoxiaojx"><code>@​xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20345">#20345</a>)</p> </li> <li> <p>Fixed a bug where a self-referencing dependency would have an unused export name when imported inside a web worker. (by <a href="https://github.com/samarthsinh2660"><code>@​samarthsinh2660</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20251">#20251</a>)</p> </li> <li> <p>Fix missing export generation when concatenated modules in different chunks share the same runtime in module library bundles. (by <a href="https://github.com/hai-x"><code>@​hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20346">#20346</a>)</p> </li> <li> <p>Fixed <code>import.meta.env.xxx</code> behavior: when accessing a non-existent property, it now returns empty object instead of full object at runtime. (by <a href="https://github.com/xiaoxiaojx"><code>@​xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20289">#20289</a>)</p> </li> <li> <p>Improved parsing error reporting by adding a link to the loader documentation. (by <a href="https://github.com/gaurav10gg"><code>@​gaurav10gg</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20244">#20244</a>)</p> </li> <li> <p>Fix typescript types. (by <a href="https://github.com/alexander-akait"><code>@​alexander-akait</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20305">#20305</a>)</p> </li> <li> <p>Add declaration for unused harmony import specifier. (by <a href="https://github.com/hai-x"><code>@​hai-x</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20286">#20286</a>)</p> </li> <li> <p>Fix compressibility of modules while retaining portability. (by <a href="https://github.com/dmichon-msft"><code>@​dmichon-msft</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20287">#20287</a>)</p> </li> <li> <p>Optimize source map generation: only include <code>ignoreList</code> property when it has content, avoiding empty arrays in source maps. (by <a href="https://github.com/xiaoxiaojx"><code>@​xiaoxiaojx</code></a> in <a href="https://redirect.github.com/webpack/webpack/pull/20319">#20319</a>)</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/webpack/webpack/commit/1486f9aacca11d79dbb7ddbceed29b7e6df7a7ab"><code>1486f9a</code></a> chore(release): new release</li> <li><a href="https://github.com/webpack/webpack/commit/1a517f665aae7b4d3d29c8b408d09488a21fbf94"><code>1a517f6</code></a> feat: added the <code>tsconfig</code> option for the <code>resolver</code> options (<a href="https://redirect.github.com/webpack/webpack/issues/20400">#20400</a>)</li> <li><a href="https://github.com/webpack/webpack/commit/7b3b0f795df377a9d0073822a2d60c1390d03109"><code>7b3b0f7</code></a> feat: support <code>import.defer()</code> for context modules</li> <li><a href="https://github.com/webpack/webpack/commit/c4a6a922de4af37a92d05c0ddc975b5348cfa9a1"><code>c4a6a92</code></a> refactor: more types and increase types coverage</li> <li><a href="https://github.com/webpack/webpack/commit/5ecc58d722da7715ede7de59b97108dd715d1bfa"><code>5ecc58d</code></a> feat: consider asset module as side-effect-free (<a href="https://redirect.github.com/webpack/webpack/issues/20352">#20352</a>)</li> <li><a href="https://github.com/webpack/webpack/commit/cce0f6989888771ec279777ab8f8dce8e39198a0"><code>cce0f69</code></a> test: avoid comma operator in BinaryMiddleware test (<a href="https://redirect.github.com/webpack/webpack/issues/20398">#20398</a>)</li> <li><a href="https://github.com/webpack/webpack/commit/cd4793d50e8e1e519ecd07b76d9e5dc06357341e"><code>cd4793d</code></a> feat: support import specifier guard (<a href="https://redirect.github.com/webpack/webpack/issues/20320">#20320</a>)</li> <li><a href="https://github.com/webpack/webpack/commit/fe486552d060f6d2815a39a6bd0fb351d348658c"><code>fe48655</code></a> docs: update examples (<a href="https://redirect.github.com/webpack/webpack/issues/20397">#20397</a>)</li> <li><a href="https://github.com/webpack/webpack/commit/de107f8767a2a11759f8261ed1ac49bcddec34b6"><code>de107f8</code></a> fix(VirtualUrlPlugin): set resourceData.context to avoid invalid fallback (<a href="https://redirect.github.com/webpack/webpack/issues/2">#2</a>...</li> <li><a href="https://github.com/webpack/webpack/commit/a656ab1fd1064ef8dd3eef1a2f3071fc176b948f"><code>a656ab1</code></a> test: add self-import test case for dynamic import (<a href="https://redirect.github.com/webpack/webpack/issues/20389">#20389</a>)</li> <li>Additional commits viewable in <a href="https://github.com/webpack/webpack/compare/v5.99.7...v5.105.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for webpack since your current version.</p> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/git-bug/git-bug/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
0d58c49
build(deps): bump the npm_and_yarn group across 1 directory with 5 updates (#1510)
Click to expand commit body
Bumps the npm_and_yarn group with 5 updates in the /webui directory: | Package | From | To | | --- | --- | --- | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.2.0` | `13.2.1` | | [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.3.3` | | [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.14.1` | | [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.6.0` | `7.13.0` | Updates `lodash` from 4.17.21 to 4.17.23 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/dec55b7a3b382da075e2eac90089b4cd00a26cbb"><code>dec55b7</code></a> Bump main to v4.17.23 (<a href="https://redirect.github.com/lodash/lodash/issues/6088">#6088</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/19c9251b3631d7cf220b43bc757eb33f1084f117"><code>19c9251</code></a> fix: setCacheHas JSDoc return type should be boolean (<a href="https://redirect.github.com/lodash/lodash/issues/6071">#6071</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/b5e672995ae26929d111a6e94589f8d03fb8e578"><code>b5e6729</code></a> jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (<a href="https://redirect.github.com/lodash/lodash/issues/6062">#6062</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81"><code>edadd45</code></a> Prevent prototype pollution on baseUnset function</li> <li><a href="https://github.com/lodash/lodash/commit/4879a7a7d0a4494b0e83c7fa21bcc9fc6e7f1a6d"><code>4879a7a</code></a> doc: fix autoLink function, conversion of source links (<a href="https://redirect.github.com/lodash/lodash/issues/6056">#6056</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/9648f692b0fc7c2f6a7a763d754377200126c2e8"><code>9648f69</code></a> chore: remove <code>yarn.lock</code> file (<a href="https://redirect.github.com/lodash/lodash/issues/6053">#6053</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/dfa407db0bf5b200f2c7a9e4f06830ceaf074be9"><code>dfa407d</code></a> ci: remove legacy configuration files (<a href="https://redirect.github.com/lodash/lodash/issues/6052">#6052</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/156e1965ae78b121a88f81178ab81632304e8d64"><code>156e196</code></a> feat: add renovate setup (<a href="https://redirect.github.com/lodash/lodash/issues/6039">#6039</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/933e1061b8c344d3fc742cdc400175d5ffc99bce"><code>933e106</code></a> ci: add pipeline for Bun (<a href="https://redirect.github.com/lodash/lodash/issues/6023">#6023</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/072a807ff7ad8ffc7c1d2c3097266e815d138e20"><code>072a807</code></a> docs: update links related to Open JS Foundation (<a href="https://redirect.github.com/lodash/lodash/issues/5968">#5968</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.21...4.17.23">compare view</a></li> </ul> </details> <br /> Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/syntax-tree/mdast-util-to-hast/releases">mdast-util-to-hast's releases</a>.</em></p> <blockquote> <h2>13.2.1</h2> <h4>Fix</h4> <ul> <li>ab3a795 Fix support for spaces in class names</li> </ul> <h4>Types</h4> <ul> <li>efb5312 Refactor to use <code>@import</code>s</li> <li>a5bc210 Add declaration maps</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1">https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/174795b21f7757fffb54dd8d5fb4012f4751f791"><code>174795b</code></a> 13.2.1</li> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/3d05b3a715133df55689fe3753c2e47101315b4e"><code>3d05b3a</code></a> Update Node in Actions</li> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/ab3a79570a1afbfa7efef5d4a0cd9b5caafbc5d7"><code>ab3a795</code></a> Fix support for spaces in class names</li> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/efb531231020055e0dab7b39a18d80b569d5b566"><code>efb5312</code></a> Refactor to use <code>@import</code>s</li> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/a5bc210f1aa308e4c6141ac374893c9237fcd746"><code>a5bc210</code></a> Add declaration maps</li> <li><a href="https://github.com/syntax-tree/mdast-util-to-hast/commit/b54955d4e123b0167eac13646333c809bb8f301c"><code>b54955d</code></a> Add <code>.tsbuildinfo</code> to <code>.gitignore</code></li> <li>See full diff in <a href="https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1">compare view</a></li> </ul> </details> <br /> Updates `node-forge` from 1.3.1 to 1.3.3 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md">node-forge's changelog</a>.</em></p> <blockquote> <h2>1.3.3 - 2025-12-02</h2> <h3>Fixed</h3> <ul> <li>[pkcs12] Make digestAlgorithm parameters optional to fix PKCS#12/PFX issues introduced in 1.3.2.</li> </ul> <h2>1.3.2 - 2025-11-25</h2> <h3>Security</h3> <ul> <li><strong>HIGH</strong>: ASN.1 Validator Desynchronization <ul> <li>An Interpretation Conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.</li> <li>Reported by Hunter Wodzenski.</li> <li>CVE ID: <a href="https://www.cve.org/CVERecord?id=CVE-2025-12816">CVE-2025-12816</a></li> <li>GHSA ID: <a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq">GHSA-5gfm-wpxj-wjgq</a></li> </ul> </li> <li><strong>HIGH</strong>: ASN.1 Unbounded Recursion <ul> <li>An Uncontrolled Recursion (CWE-674) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs.</li> <li>Reported by Hunter Wodzenski.</li> <li>CVE ID: <a href="https://www.cve.org/CVERecord?id=CVE-2025-66031">CVE-2025-66031</a></li> <li>GHSA ID: <a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27">GHSA-554w-wpv2-vw27</a></li> </ul> </li> <li><strong>MODERATE</strong>: ASN.1 OID Integer Truncation <ul> <li>An Integer Overflow (CWE-190) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions.</li> <li>Reported by Hunter Wodzenski.</li> <li>CVE ID: <a href="https://www.cve.org/CVERecord?id=CVE-2025-66030">CVE-2025-66030</a></li> <li>GHSA ID: <a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g">GHSA-65ch-62r8-g69g</a></li> </ul> </li> </ul> <h3>Fixed</h3> <ul> <li>[asn1] Fix for vulnerability identified by CVE-2025-12816 PKCS#12 MAC verification bypass due to missing macData enforcement and improper asn1.validate routine.</li> <li>[asn1] Add <code>fromDer()</code> max recursion depth check. <ul> <li>Add a <code>asn1.maxDepth</code> global configurable maximum depth of 256.</li> <li>Add a <code>asn1.fromDer()</code> per-call <code>maxDepth</code> option.</li> <li><strong>NOTE</strong>: The default maximum is assumed to be higher than needed for valid data. If this assumption is false then this could be a breaking change. Please file an issue if there are use cases that need a higher maximum.</li> <li><strong>NOTE</strong>: The per-call <code>maxDepth</code> parameter has not been exposed up through all of the API stack due to the complexities involved. Please file an issue if there are use cases that require this instead of changing the default</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/digitalbazaar/forge/commit/1cea0aff4901589ae86e314f25782bbe312f9f69"><code>1cea0af</code></a> Release 1.3.3.</li> <li><a href="https://github.com/digitalbazaar/forge/commit/5265989cf5e54cfe1e27a10d71523007ce0507b1"><code>5265989</code></a> Update changelog.</li> <li><a href="https://github.com/digitalbazaar/forge/commit/e4f3961406395dd8e985dcf841852ceca73ac3a9"><code>e4f3961</code></a> Fix changelog for release.</li> <li><a href="https://github.com/digitalbazaar/forge/commit/503979b0295cf633a30199d6bd937f4a222481a0"><code>503979b</code></a> Update changelog.</li> <li><a href="https://github.com/digitalbazaar/forge/commit/c3b3b32a8c157ac57752934d3af63b5f798b58b8"><code>c3b3b32</code></a> Make digestAlgorithm parameters optional</li> <li><a href="https://github.com/digitalbazaar/forge/commit/6f70043a6db1abb9f3304f3d432efed3ba50fcca"><code>6f70043</code></a> Update CVE details.</li> <li><a href="https://github.com/digitalbazaar/forge/commit/f547b0d292745094190ecb250429d21e8804a375"><code>f547b0d</code></a> Start 1.3.3-0.</li> <li><a href="https://github.com/digitalbazaar/forge/commit/235ad3e70e4fdfdca4fdeb662dfba6588e2c38bd"><code>235ad3e</code></a> Release 1.3.2.</li> <li><a href="https://github.com/digitalbazaar/forge/commit/25982441171dc9815c87d3d886c5c8a1d092b334"><code>2598244</code></a> Update changelog.</li> <li><a href="https://github.com/digitalbazaar/forge/commit/0032dd0be8b6fb1b1092ef754d1dde91c10a95ad"><code>0032dd0</code></a> Fix typos.</li> <li>Additional commits viewable in <a href="https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.3">compare view</a></li> </ul> </details> <br /> Updates `qs` from 6.13.0 to 6.14.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.1</strong></h2> <ul> <li>[Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li> <li>[Refactor] <code>parse</code>: extract key segment splitting helper</li> <li>[meta] add threat model</li> <li>[actions] add workflow permissions</li> <li>[Tests] <code>stringify</code>: increase coverage</li> <li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li> </ul> <h2><strong>6.14.0</strong></h2> <ul> <li>[New] <code>parse</code>: add <code>throwOnParameterLimitExceeded</code> option (<a href="https://redirect.github.com/ljharb/qs/issues/517">#517</a>)</li> <li>[Refactor] <code>parse</code>: use <code>utils.combine</code> more</li> <li>[patch] <code>parse</code>: add explicit <code>throwOnLimitExceeded</code> default</li> <li>[actions] use shared action; re-add finishers</li> <li>[meta] Fix changelog formatting bug</li> <li>[Deps] update <code>side-channel</code></li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>has-bigints</code>, <code>has-proto</code>, <code>has-symbols</code></li> <li>[Tests] increase coverage</li> </ul> <h2><strong>6.13.1</strong></h2> <ul> <li>[Fix] <code>stringify</code>: avoid a crash when a <code>filter</code> key is <code>null</code></li> <li>[Fix] <code>utils.merge</code>: functions should not be stringified into keys</li> <li>[Fix] <code>parse</code>: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset</li> <li>[Fix] <code>stringify</code>: ensure a non-string <code>filter</code> does not crash</li> <li>[Refactor] use <code>__proto__</code> syntax instead of <code>Object.create</code> for null objects</li> <li>[Refactor] misc cleanup</li> <li>[Tests] <code>utils.merge</code>: add some coverage</li> <li>[Tests] fix a test case</li> <li>[actions] split out node 10-20, and 20+</li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>mock-property</code>, <code>object-inspect</code>, <code>tape</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ljharb/qs/commit/3fa11a5f643c76896387bd2d86904a2d0141fdf7"><code>3fa11a5</code></a> v6.14.1</li> <li><a href="https://github.com/ljharb/qs/commit/a62670423c1ccab0dd83c621bfb98c7c024e314d"><code>a626704</code></a> [Dev Deps] update <code>npmignore</code></li> <li><a href="https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"><code>3086902</code></a> [Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li><a href="https://github.com/ljharb/qs/commit/fc7930e86c2264c1568c9f5606830e19b0bc2af2"><code>fc7930e</code></a> [Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/0b06aac566abee45ef0327667a7cc89e7aed8b58"><code>0b06aac</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/64951f6200a1fb72cc003c6e8226dde3d2ef591f"><code>64951f6</code></a> [Refactor] <code>parse</code>: extract key segment splitting helper</li> <li><a href="https://github.com/ljharb/qs/commit/e1bd2599cdff4c936ea52fb1f16f921cbe7aa88c"><code>e1bd259</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/f4b3d39709fef6ddbd85128d1ba4c6b566c4902e"><code>f4b3d39</code></a> [eslint] add eslint 9 optional peer dep</li> <li><a href="https://github.com/ljharb/qs/commit/6e94d9596ca50dffafcef40a5f64eca89962cf34"><code>6e94d95</code></a> [Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code></li> <li><a href="https://github.com/ljharb/qs/commit/973dc3c51c86da9f4e30edeb4b1725158d439102"><code>973dc3c</code></a> [actions] add workflow permissions</li> <li>Additional commits viewable in <a href="https://github.com/ljharb/qs/compare/v6.13.0...v6.14.1">compare view</a></li> </ul> </details> <br /> Updates `react-router` from 7.6.0 to 7.13.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/remix-run/react-router/releases">react-router's releases</a>.</em></p> <blockquote> <h2>v7.13.0</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7130">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7130</a></p> <h2>v7.12.0</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120</a></p> <h2>v7.11.0</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110</a></p> <h2>v7.10.1</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101</a></p> <h2>v7.10.0</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100</a></p> <h2>v7.9.6</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796</a></p> <h2>v7.9.5</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795</a></p> <h2>v7.9.4</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794</a></p> <h2>v7.9.3</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793</a></p> <h2>v7.9.2</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792</a></p> <h2>v7.9.1</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791</a></p> <h2>v7.9.0</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790</a></p> <h2>v7.8.2</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782</a></p> <h2>v7.8.1</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v781">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v781</a></p> <h2>v7.8.0</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v780">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v780</a></p> <h2>v7.7.1</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v771">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v771</a></p> <h2>v7.7.0</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v770">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v770</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md">react-router's changelog</a>.</em></p> <blockquote> <h2>7.13.0</h2> <h3>Minor Changes</h3> <ul> <li>Add <code>crossOrigin</code> prop to <code>Links</code> component (<a href="https://redirect.github.com/remix-run/react-router/pull/14687">#14687</a>)</li> </ul> <h3>Patch Changes</h3> <ul> <li>Fix double slash normalization for useNavigate colon urls (<a href="https://redirect.github.com/remix-run/react-router/pull/14718">#14718</a>)</li> <li>Update failed origin checks to return a 400 status instead of a 500 (<a href="https://redirect.github.com/remix-run/react-router/pull/14737">#14737</a>)</li> <li>Bugfix <a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14666">#14666</a>: Inline criticalCss is missing nonce (<a href="https://redirect.github.com/remix-run/react-router/pull/14691">#14691</a>)</li> <li>Loosen <code>allowedActionOrigins</code> glob check so <code>**</code> matches all domains (<a href="https://redirect.github.com/remix-run/react-router/pull/14722">#14722</a>)</li> </ul> <h2>7.12.0</h2> <h3>Minor Changes</h3> <ul> <li>Add additional layer of CSRF protection by rejecting submissions to UI routes from external origins. If you need to permit access to specific external origins, you can specify them in the <code>react-router.config.ts</code> config <code>allowedActionOrigins</code> field. (<a href="https://redirect.github.com/remix-run/react-router/pull/14708">#14708</a>)</li> </ul> <h3>Patch Changes</h3> <ul> <li> <p>Fix <code>generatePath</code> when used with suffixed params (i.e., "/books/:id.json") (<a href="https://redirect.github.com/remix-run/react-router/pull/14269">#14269</a>)</p> </li> <li> <p>Export <code>UNSAFE_createMemoryHistory</code> and <code>UNSAFE_createHashHistory</code> alongside <code>UNSAFE_createBrowserHistory</code> for consistency. These are not intended to be used for new apps but intended to help apps usiong <code>unstable_HistoryRouter</code> migrate from v6->v7 so they can adopt the newer APIs. (<a href="https://redirect.github.com/remix-run/react-router/pull/14663">#14663</a>)</p> </li> <li> <p>Escape HTML in scroll restoration keys (<a href="https://redirect.github.com/remix-run/react-router/pull/14705">#14705</a>)</p> </li> <li> <p>Validate redirect locations (<a href="https://redirect.github.com/remix-run/react-router/pull/14706">#14706</a>)</p> </li> <li> <p>[UNSTABLE] Pass <code><Scripts nonce></code> value through to the underlying <code>importmap</code> <code>script</code> tag when using <code>future.unstable_subResourceIntegrity</code> (<a href="https://redirect.github.com/remix-run/react-router/pull/14675">#14675</a>)</p> </li> <li> <p>[UNSTABLE] Add a new <code>future.unstable_trailingSlashAwareDataRequests</code> flag to provide consistent behavior of <code>request.pathname</code> inside <code>middleware</code>, <code>loader</code>, and <code>action</code> functions on document and data requests when a trailing slash is present in the browser URL. (<a href="https://redirect.github.com/remix-run/react-router/pull/14644">#14644</a>)</p> <p>Currently, your HTTP and <code>request</code> pathnames would be as follows for <code>/a/b/c</code> and <code>/a/b/c/</code></p> <table> <thead> <tr> <th>URL <code>/a/b/c</code></th> <th><strong>HTTP pathname</strong></th> <th><strong><code>request</code> pathname`</strong></th> </tr> </thead> <tbody> <tr> <td><strong>Document</strong></td> <td><code>/a/b/c</code></td> <td><code>/a/b/c</code> ✅</td> </tr> <tr> <td><strong>Data</strong></td> <td><code>/a/b/c.data</code></td> <td><code>/a/b/c</code> ✅</td> </tr> </tbody> </table> <table> <thead> <tr> <th>URL <code>/a/b/c/</code></th> <th><strong>HTTP pathname</strong></th> <th><strong><code>request</code> pathname`</strong></th> </tr> </thead> <tbody> <tr> <td><strong>Document</strong></td> <td><code>/a/b/c/</code></td> <td><code>/a/b/c/</code> ✅</td> </tr> <tr> <td><strong>Data</strong></td> <td><code>/a/b/c.data</code></td> <td><code>/a/b/c</code> ⚠️</td> </tr> </tbody> </table> <p>With this flag enabled, these pathnames will be made consistent though a new <code>_.data</code> format for client-side <code>.data</code> requests:</p> <table> <thead> <tr> <th>URL <code>/a/b/c</code></th> <th><strong>HTTP pathname</strong></th> <th><strong><code>request</code> pathname`</strong></th> </tr> </thead> <tbody> <tr> <td><strong>Document</strong></td> <td><code>/a/b/c</code></td> <td><code>/a/b/c</code> ✅</td> </tr> </tbody> </table> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/remix-run/react-router/commit/5557ba3f848e52dfe400a47cc28256a51e13a150"><code>5557ba3</code></a> chore: Update version for release (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14749">#14749</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/62c6e0effd9ae754fa05b1812fd013341226c0cb"><code>62c6e0e</code></a> chore: Update version for release (pre) (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14738">#14738</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/3126264a690b1de97666fbd0c804b001d1c98235"><code>3126264</code></a> Return 400 response on failed origin checks (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14737">#14737</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/3a5b5ad0e5cf9918c646509563f5c41a89226ff3"><code>3a5b5ad</code></a> Fix double slash normalization for <code>useNavigate</code> paths with colons (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14718">#14718</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/f29c6c95631368afa1b475f824854a781e690c02"><code>f29c6c9</code></a> Add docs and loosen origins wildcard check (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14722">#14722</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/0bb972b74740cad416f5e551c10b54f2c20078ef"><code>0bb972b</code></a> fix(react-router/dom/ssr): add <code>nonce</code> to inline critical css (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14691">#14691</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/dd08f8d3b152ac3b6e7d126680fb74d88d18de9a"><code>dd08f8d</code></a> fix(react-router): add crossOrigin prop to Links component (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14687">#14687</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/c38d76ce4e9c7d3b689d7b375032859ea7b29d7f"><code>c38d76c</code></a> chore: format</li> <li><a href="https://github.com/remix-run/react-router/commit/26653a6bcbf8a9c5541f99dcfb526eafadf13434"><code>26653a6</code></a> chore: Update version for release (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14712">#14712</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/7ac2346873b4bba26d16c88e5cd5c5cb81ce6bb3"><code>7ac2346</code></a> chore: Update version for release (pre) (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14709">#14709</a>)</li> <li>Additional commits viewable in <a href="https://github.com/remix-run/react-router/commits/react-router@7.13.0/packages/react-router">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for react-router since your current version.</p> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/git-bug/git-bug/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
e5820cf
build(deps-dev): bump js-yaml from 3.14.1 to 3.14.2 in /webui in the npm_and_yarn group across 1 directory (#1498)
Click to expand commit body
Bumps the npm_and_yarn group with 1 update in the /webui directory:
[js-yaml](https://github.com/nodeca/js-yaml).
Updates `js-yaml` from 3.14.1 to 3.14.2
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's
changelog</a>.</em></p>
<blockquote>
<h2>[3.14.2] - 2025-11-15</h2>
<h3>Security</h3>
<ul>
<li>Backported v4.1.1 fix to v3</li>
</ul>
<h2>[4.1.1] - 2025-11-12</h2>
<h3>Security</h3>
<ul>
<li>Fix prototype pollution issue in yaml merge (<<)
operator.</li>
</ul>
<h2>[4.1.0] - 2021-04-15</h2>
<h3>Added</h3>
<ul>
<li>Types are now exported as <code>yaml.types.XXX</code>.</li>
<li>Every type now has <code>options</code> property with original
arguments kept as they were
(see <code>yaml.types.int.options</code> as an example).</li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>Schema.extend()</code> now keeps old type order in case of
conflicts
(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as
<code>abcd</code> instead of <code>cbad</code>).</li>
</ul>
<h2>[4.0.0] - 2021-01-03</h2>
<h3>Changed</h3>
<ul>
<li>Check <a
href="https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md">migration
guide</a> to see details for all breaking changes.</li>
<li>Breaking: "unsafe" tags <code>!!js/function</code>,
<code>!!js/regexp</code>, <code>!!js/undefined</code> are
moved to <a
href="https://github.com/nodeca/js-yaml-js-types">js-yaml-js-types</a>
package.</li>
<li>Breaking: removed <code>safe*</code> functions. Use
<code>load</code>, <code>loadAll</code>, <code>dump</code>
instead which are all now safe by default.</li>
<li><code>yaml.DEFAULT_SAFE_SCHEMA</code> and
<code>yaml.DEFAULT_FULL_SCHEMA</code> are removed, use
<code>yaml.DEFAULT_SCHEMA</code> instead.</li>
<li><code>yaml.Schema.create(schema, tags)</code> is removed, use
<code>schema.extend(tags)</code> instead.</li>
<li><code>!!binary</code> now always mapped to <code>Uint8Array</code>
on load.</li>
<li>Reduced nesting of <code>/lib</code> folder.</li>
<li>Parse numbers according to YAML 1.2 instead of YAML 1.1
(<code>01234</code> is now decimal,
<code>0o1234</code> is octal, <code>1:23</code> is parsed as string
instead of base60).</li>
<li><code>dump()</code> no longer quotes <code>:</code>, <code>[</code>,
<code>]</code>, <code>(</code>, <code>)</code> except when necessary, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/470">#470</a>,
<a
href="https://redirect.github.com/nodeca/js-yaml/issues/557">#557</a>.</li>
<li>Line and column in exceptions are now formatted as
<code>(X:Y)</code> instead of
<code>at line X, column Y</code> (also present in compact format), <a
href="https://redirect.github.com/nodeca/js-yaml/issues/332">#332</a>.</li>
<li>Code snippet created in exceptions now contains multiple lines with
line numbers.</li>
<li><code>dump()</code> now serializes <code>undefined</code> as
<code>null</code> in collections and removes keys with
<code>undefined</code> in mappings, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/571">#571</a>.</li>
<li><code>dump()</code> with <code>skipInvalid=true</code> now
serializes invalid items in collections as null.</li>
<li>Custom tags starting with <code>!</code> are now dumped as
<code>!tag</code> instead of <code>!<!tag></code>, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/576">#576</a>.</li>
<li>Custom tags starting with <code>tag:yaml.org,2002:</code> are now
shorthanded using <code>!!</code>, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/258">#258</a>.</li>
</ul>
<h3>Added</h3>
<ul>
<li>Added <code>.mjs</code> (es modules) support.</li>
<li>Added <code>quotingType</code> and <code>forceQuotes</code> options
for dumper to configure
string literal style, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/290">#290</a>,
<a
href="https://redirect.github.com/nodeca/js-yaml/issues/529">#529</a>.</li>
<li>Added <code>styles: { '!!null': 'empty' }</code> option for dumper
(serializes <code>{ foo: null }</code> as "<code>foo:
</code>"), <a
href="https://redirect.github.com/nodeca/js-yaml/issues/570">#570</a>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0"><code>9963d36</code></a>
3.14.2 released</li>
<li><a
href="https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1"><code>10d3c8e</code></a>
dist rebuild</li>
<li><a
href="https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266"><code>5278870</code></a>
fix prototype pollution in merge (<<) (<a
href="https://redirect.github.com/nodeca/js-yaml/issues/731">#731</a>)</li>
<li>See full diff in <a
href="https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/git-bug/git-bug/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
5920f3e
feat(config): add git-bug.remote for defining the default remote (#1460)
Click to expand commit body
Other way is to have explicit REMOTE argument. --------- Signed-off-by: Matěj Cepl <mcepl@cepl.eu> Co-authored-by: William Ahern <william@25thandClement.com>
Matěj Cepl and William Ahern created
cf47635
docs(cli): fix user show command documentation (#1497)
Click to expand commit body
As pointed out in [this comment](https://github.com/git-bug/git-bug/issues/530#issuecomment-3558997281), the documentation and CLI help incorrectly suggested that the command to display a user identity was `git-bug user user show USER_ID`, but when the actual command is `git-bug user show USER_ID`. This change fixes the `Use` field in `user_show.go` to use correct `show [USER_ID]` form instead of `user show [USER_ID]`, and updates the documentation and manpages accordingly.
Waldir Pimenta created
4eb041a
build(deps): bump golang.org/x/crypto from 0.37.0 to 0.45.0 in the go_modules group across 1 directory (#1496)
Click to expand commit body
Bumps the go_modules group with 1 update in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto). Updates `golang.org/x/crypto` from 0.37.0 to 0.45.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/4e0068c0098be10d7025c99ab7c50ce454c1f0f9"><code>4e0068c</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c"><code>e79546e</code></a> ssh: curb GSSAPI DoS risk by limiting number of specified OIDs</li> <li><a href="https://github.com/golang/crypto/commit/f91f7a7c31bf90b39c1de895ad116a2bacc88748"><code>f91f7a7</code></a> ssh/agent: prevent panic on malformed constraint</li> <li><a href="https://github.com/golang/crypto/commit/2df4153a0311bdfea44376e0eb6ef2faefb0275b"><code>2df4153</code></a> acme/autocert: let automatic renewal work with short lifetime certs</li> <li><a href="https://github.com/golang/crypto/commit/bcf6a849efcf4702fa5172cb0998b46c3da1e989"><code>bcf6a84</code></a> acme: pass context to request</li> <li><a href="https://github.com/golang/crypto/commit/b4f2b62076abeee4e43fb59544dac565715fbf1e"><code>b4f2b62</code></a> ssh: fix error message on unsupported cipher</li> <li><a href="https://github.com/golang/crypto/commit/79ec3a51fcc7fbd2691d56155d578225ccc542e2"><code>79ec3a5</code></a> ssh: allow to bind to a hostname in remote forwarding</li> <li><a href="https://github.com/golang/crypto/commit/122a78f140d9d3303ed3261bc374bbbca149140f"><code>122a78f</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/c0531f9c34514ad5c5551e2d6ce569ca673a8afd"><code>c0531f9</code></a> all: eliminate vet diagnostics</li> <li><a href="https://github.com/golang/crypto/commit/0997000b45e3a40598272081bcad03ffd21b8adb"><code>0997000</code></a> all: fix some comments</li> <li>Additional commits viewable in <a href="https://github.com/golang/crypto/compare/v0.37.0...v0.45.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/git-bug/git-bug/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
9427c45
build(deps): bump the npm_and_yarn group across 1 directory with 2 updates (#1482)
Click to expand commit body
Bumps the npm_and_yarn group with 2 updates in the /webui directory: [tmp](https://github.com/raszi/node-tmp) and [inquirer](https://github.com/SBoudrias/Inquirer.js). Removes `tmp` Updates `inquirer` from 8.2.4 to 8.2.7 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/SBoudrias/Inquirer.js/commit/9c5259a889d37205829c2255171ef74c6336f7f3"><code>9c5259a</code></a> Publish</li> <li><a href="https://github.com/SBoudrias/Inquirer.js/commit/e26d21369ae229fe7cab4c6678fb4718fb7758b7"><code>e26d213</code></a> fix: Replace external-editor to remove CVE</li> <li><a href="https://github.com/SBoudrias/Inquirer.js/commit/30ec0483de28849e56bd6b9b61daaabf8edea16f"><code>30ec048</code></a> Publish</li> <li><a href="https://github.com/SBoudrias/Inquirer.js/commit/728536ab46d7b33189771bf86ebffff373f24a2a"><code>728536a</code></a> Fix coverage on clean clone</li> <li><a href="https://github.com/SBoudrias/Inquirer.js/commit/516a318067c75ea971e37d621f328e18713ccc04"><code>516a318</code></a> Downgrade wrap-ansi</li> <li><a href="https://github.com/SBoudrias/Inquirer.js/commit/7a2ade6cf6a3d987f4138c0426493460f6b2515f"><code>7a2ade6</code></a> Publish</li> <li><a href="https://github.com/SBoudrias/Inquirer.js/commit/42e9f9164474c17d830c77c0b37f68b3bda18699"><code>42e9f91</code></a> Fix coverage reporting?</li> <li><a href="https://github.com/SBoudrias/Inquirer.js/commit/d53072cfc0d61bb2b6f8b129decd9a94434164a8"><code>d53072c</code></a> Legacy fix default clearing on input (<a href="https://redirect.github.com/SBoudrias/Inquirer.js/issues/1177">#1177</a>)</li> <li><a href="https://github.com/SBoudrias/Inquirer.js/commit/b41b8982c665f1960b99c88cb21bbb98fe5d5ae8"><code>b41b898</code></a> Clean branch to make it work with v8 (last common.js release branch)</li> <li>See full diff in <a href="https://github.com/SBoudrias/Inquirer.js/compare/inquirer@8.2.4...inquirer@8.2.7">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/git-bug/git-bug/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
ff7e5ea
build(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in the go_modules group across 1 directory (#1481)
Click to expand commit body
Bumps the go_modules group with 1 update in the / directory:
[github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure).
Updates `github.com/go-viper/mapstructure/v2` from 2.3.0 to 2.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-viper/mapstructure/releases">github.com/go-viper/mapstructure/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>refactor: replace interface{} with any by <a
href="https://github.com/sagikazarmark"><code>@​sagikazarmark</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/115">go-viper/mapstructure#115</a></li>
<li>build(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/114">go-viper/mapstructure#114</a></li>
<li>Generic tests by <a
href="https://github.com/sagikazarmark"><code>@​sagikazarmark</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/118">go-viper/mapstructure#118</a></li>
<li>Fix godoc reference link in README.md by <a
href="https://github.com/peczenyj"><code>@​peczenyj</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/107">go-viper/mapstructure#107</a></li>
<li>feat: add StringToTimeLocationHookFunc to convert strings to
*time.Location by <a
href="https://github.com/ErfanMomeniii"><code>@​ErfanMomeniii</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/117">go-viper/mapstructure#117</a></li>
<li>feat: add back previous StringToSlice as a weak function by <a
href="https://github.com/sagikazarmark"><code>@​sagikazarmark</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/119">go-viper/mapstructure#119</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/ErfanMomeniii"><code>@​ErfanMomeniii</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/117">go-viper/mapstructure#117</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0">https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/go-viper/mapstructure/commit/b9794a5f0e73d425210d6614ed833067029155f5"><code>b9794a5</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/119">#119</a>
from go-viper/string-to-weak-slice</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/17cdcb0741054e2a33938adf6bd1f2a5c0aa8f30"><code>17cdcb0</code></a>
feat: add back previous StringToSlice as a weak function</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/3caca3614c3ab2c5b5d359c44fdcd72058887b19"><code>3caca36</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/117">#117</a>
from ErfanMomeniii/main</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/9a861bc115f2b54ed4e494662f29c172d9ef046a"><code>9a861bc</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/107">#107</a>
from peczenyj/patch-2</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/86ed5b59da0615fb8c3a413f401cdf0231f1234c"><code>86ed5b5</code></a>
refactor: update</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/ace5b4e8b3dec99468ffa9498e42fb09d177b0a6"><code>ace5b4e</code></a>
chore: add interface any linter</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/1a4f1aef38bfa8549762aaf42c7c18a5d268e76e"><code>1a4f1ae</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/118">#118</a>
from go-viper/generic-tests</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/a2689090ed4348033c36724d866faf1f911a9f63"><code>a268909</code></a>
fix: lint</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/17f1fd44eb7606b109c9bb017c0a1c6d3e93b5cd"><code>17f1fd4</code></a>
test: add more comments</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/b48c8566836bf291bfee2b217d51fc36e8e61f6f"><code>b48c856</code></a>
test: expand tests</li>
<li>Additional commits viewable in <a
href="https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/git-bug/git-bug/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
e9caa40
build(deps): bump golang.org/x/oauth2 from 0.22.0 to 0.27.0 in the go_modules group across 1 directory (#1478)
Click to expand commit body
Bumps the go_modules group with 1 update in the / directory: [golang.org/x/oauth2](https://github.com/golang/oauth2). Updates `golang.org/x/oauth2` from 0.22.0 to 0.27.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/oauth2/commit/681b4d8edca1bcfea5bce685d77ea7b82ed3e7b3"><code>681b4d8</code></a> jws: split token into fixed number of parts</li> <li><a href="https://github.com/golang/oauth2/commit/3f78298beea38fb76a3fbca33e3056f4b7eb5502"><code>3f78298</code></a> all: upgrade go directive to at least 1.23.0 [generated]</li> <li><a href="https://github.com/golang/oauth2/commit/109dabf9017129171d1807e485ca5633ecd095ac"><code>109dabf</code></a> endpoints: add links/provider for Discord</li> <li><a href="https://github.com/golang/oauth2/commit/ac571fa341c2a2b979d2b2c8341fd24767ef5d47"><code>ac571fa</code></a> oauth2: fix docs for Config.DeviceAuth</li> <li><a href="https://github.com/golang/oauth2/commit/314ee5b92bf23c4973aa8e61eba3ff458e80eef2"><code>314ee5b</code></a> endpoints: add patreon endpoint</li> <li><a href="https://github.com/golang/oauth2/commit/b9c813be7d0ec3262d46deb8677ba5cda93d95ec"><code>b9c813b</code></a> google: add warning about externally-provided credentials</li> <li><a href="https://github.com/golang/oauth2/commit/49a531d12a9ad6fa9f5a070d577ac752ada772c9"><code>49a531d</code></a> all: make method and struct comments match the names</li> <li><a href="https://github.com/golang/oauth2/commit/22134a41033e44c2cd074106770ab5b7ca910d15"><code>22134a4</code></a> README: don't recommend go get</li> <li><a href="https://github.com/golang/oauth2/commit/3e6480915d39dd1a80fa460e56413857f02cc1b9"><code>3e64809</code></a> x/oauth2: add Token.ExpiresIn</li> <li><a href="https://github.com/golang/oauth2/commit/16a9973a41c72ea3e252e9c14be34fcaa2928211"><code>16a9973</code></a> jwt: rename example to avoid vet error</li> <li>Additional commits viewable in <a href="https://github.com/golang/oauth2/compare/v0.22.0...v0.27.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/git-bug/git-bug/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
791a80d
build(deps-dev): bump form-data from 3.0.1 to 3.0.4 in /webui in the npm_and_yarn group across 1 directory (#1479)
Click to expand commit body
Bumps the npm_and_yarn group with 1 update in the /webui directory: [form-data](https://github.com/form-data/form-data). Updates `form-data` from 3.0.1 to 3.0.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/form-data/form-data/releases">form-data's releases</a>.</em></p> <blockquote> <h2>v3.0.2</h2> <h3>Fixes</h3> <ul> <li>npmignore temporary build files (<a href="https://redirect.github.com/form-data/form-data/issues/532">#532</a>)</li> <li>move util.isArray to Array.isArray (<a href="https://redirect.github.com/form-data/form-data/issues/564">#564</a>)</li> </ul> <h3>Tests</h3> <ul> <li>migrate from travis to GHA</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/form-data/form-data/blob/v3.0.4/CHANGELOG.md">form-data's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/form-data/form-data/compare/v3.0.3...v3.0.4">v3.0.4</a> - 2025-07-16</h2> <h3>Fixed</h3> <ul> <li>[Fix] <code>append</code>: avoid a crash on nullish values <a href="https://redirect.github.com/form-data/form-data/issues/577"><code>[#577](https://github.com/form-data/form-data/issues/577)</code></a></li> </ul> <h3>Commits</h3> <ul> <li>[eslint] update linting config <a href="https://github.com/form-data/form-data/commit/f5e7eb024bc3fc7e2074ff80f143a4f4cbc1dbda"><code>f5e7eb0</code></a></li> <li>[meta] add <code>auto-changelog</code> <a href="https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5"><code>d2eb290</code></a></li> <li>[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 <a href="https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f"><code>e8c574c</code></a></li> <li>[Fix] Switch to using <code>crypto</code> random for boundary values <a href="https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd"><code>c6ced61</code></a></li> <li>[Refactor] use <code>hasown</code> <a href="https://github.com/form-data/form-data/commit/1a78b5dd05e508d67e97764d812ac7c6d92ea88d"><code>1a78b5d</code></a></li> <li>[Fix] validate boundary type in <code>setBoundary()</code> method <a href="https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4"><code>70bbaa0</code></a></li> <li>[Tests] add tests to check the behavior of <code>getBoundary</code> with non-strings <a href="https://github.com/form-data/form-data/commit/b22a64ef94ba4f3f6ff7d1ac72a54cca128567df"><code>b22a64e</code></a></li> <li>[meta] actually ensure the readme backup isn’t published <a href="https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea"><code>0150851</code></a></li> <li>[meta] remove local commit hooks <a href="https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769"><code>fc42bb9</code></a></li> <li>[Dev Deps] remove unused deps <a href="https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb"><code>a14d09e</code></a></li> <li>[meta] fix scripts to use prepublishOnly <a href="https://github.com/form-data/form-data/commit/11d9f7338f18a59b431832a3562b49baece0a432"><code>11d9f73</code></a></li> <li>[meta] fix readme capitalization <a href="https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932"><code>fc38b48</code></a></li> </ul> <h2><a href="https://github.com/form-data/form-data/compare/v3.0.2...v3.0.3">v3.0.3</a> - 2025-02-14</h2> <h3>Merged</h3> <ul> <li>[Fix] set <code>Symbol.toStringTag</code> when available <a href="https://redirect.github.com/form-data/form-data/pull/573"><code>[#573](https://github.com/form-data/form-data/issues/573)</code></a></li> </ul> <h3>Fixed</h3> <ul> <li>[Fix] set <code>Symbol.toStringTag</code> when available (<a href="https://redirect.github.com/form-data/form-data/issues/573">#573</a>) <a href="https://redirect.github.com/form-data/form-data/issues/396"><code>[#396](https://github.com/form-data/form-data/issues/396)</code></a></li> </ul> <h3>Commits</h3> <ul> <li>[Refactor] use <code>Object.prototype.hasOwnProperty.call</code> <a href="https://github.com/form-data/form-data/commit/7fecefe4ba8f775634aff86a698776ad95ecffb5"><code>7fecefe</code></a></li> <li>[Dev Deps] update <code>@types/node</code>, <code>browserify</code>, <code>coveralls</code>, <code>cross-spawn</code>, <code>eslint</code>, <code>formidable</code>, <code>in-publish</code>, <code>pkgfiles</code>, <code>pre-commit</code>, <code>puppeteer</code>, <code>request</code>, <code>tape</code>, <code>typescript</code> <a href="https://github.com/form-data/form-data/commit/8261fcb8bf5944d30ae3bd04b91b71d6a9932ef4"><code>8261fcb</code></a></li> <li>Only apps should have lockfiles <a href="https://github.com/form-data/form-data/commit/b82f59093cdbadb4b7ec0922d33ae7ab048b82ff"><code>b82f590</code></a></li> <li>[Dev Deps] pin <code>request</code> which via <code>tough-cookie</code> ^2.4 depends on <code>psl</code> <a href="https://github.com/form-data/form-data/commit/e5df7f24383342264bd73dee3274818a40d04065"><code>e5df7f2</code></a></li> <li>[Deps] update <code>mime-types</code> <a href="https://github.com/form-data/form-data/commit/5a5bafee894fead10da49e1fa2b084e17f2e1034"><code>5a5bafe</code></a></li> </ul> <h2><a href="https://github.com/form-data/form-data/compare/v3.0.1...v3.0.2">v3.0.2</a> - 2024-10-10</h2> <h3>Merged</h3> <ul> <li>fix (npmignore): ignore temporary build files <a href="https://redirect.github.com/form-data/form-data/pull/532"><code>[#532](https://github.com/form-data/form-data/issues/532)</code></a></li> </ul> <h3>Commits</h3> <ul> <li>[Tests] migrate from travis to GHA <a href="https://github.com/form-data/form-data/commit/8fdb3bc6b5d001f8909a9fca391d1d1d97ef1d79"><code>8fdb3bc</code></a></li> <li>[eslint] clean up ignores <a href="https://github.com/form-data/form-data/commit/3217b3ded8e382e51171d5c74c6038a21cc54440"><code>3217b3d</code></a></li> <li>fix: move util.isArray to Array.isArray (<a href="https://redirect.github.com/form-data/form-data/issues/564">#564</a>) <a href="https://github.com/form-data/form-data/commit/edb555a811f6f7e4668db4831551cf41c1de1cac"><code>edb555a</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/form-data/form-data/commit/9c82fcdf0858b2764060a87803a55375ffbee6ed"><code>9c82fcd</code></a> v3.0.4</li> <li><a href="https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f"><code>e8c574c</code></a> [Tests] handle predict-v8-randomness failures in node < 17 and node > 23</li> <li><a href="https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd"><code>c6ced61</code></a> [Fix] Switch to using <code>crypto</code> random for boundary values</li> <li><a href="https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea"><code>0150851</code></a> [meta] actually ensure the readme backup isn’t published</li> <li><a href="https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932"><code>fc38b48</code></a> [meta] fix readme capitalization</li> <li><a href="https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5"><code>d2eb290</code></a> [meta] add <code>auto-changelog</code></li> <li><a href="https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769"><code>fc42bb9</code></a> [meta] remove local commit hooks</li> <li><a href="https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb"><code>a14d09e</code></a> [Dev Deps] remove unused deps</li> <li><a href="https://github.com/form-data/form-data/commit/002b9b0c4862576305292ac44f7be25ec7ccea0e"><code>002b9b0</code></a> [Fix] <code>append</code>: avoid a crash on nullish values</li> <li><a href="https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4"><code>70bbaa0</code></a> [Fix] validate boundary type in <code>setBoundary()</code> method</li> <li>Additional commits viewable in <a href="https://github.com/form-data/form-data/compare/v3.0.1...v3.0.4">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~ljharb">ljharb</a>, a new releaser for form-data since your current version.</p> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/git-bug/git-bug/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
846c8ab
build(deps): bump the npm_and_yarn group across 1 directory with 2 updates (#1477)
Click to expand commit body
Bumps the npm_and_yarn group with 2 updates in the /webui directory: [on-headers](https://github.com/jshttp/on-headers) and [compression](https://github.com/expressjs/compression). Updates `on-headers` from 1.0.2 to 1.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jshttp/on-headers/releases">on-headers's releases</a>.</em></p> <blockquote> <h2>1.1.0</h2> <h2>Important</h2> <ul> <li>Fix <a href="https://www.cve.org/CVERecord?id=CVE-2025-7339">CVE-2025-7339</a> (<a href="https://github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q">GHSA-76c9-3jph-rj3q</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>Migrate CI pipeline to GitHub actions by <a href="https://github.com/carpasse"><code>@​carpasse</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/12">jshttp/on-headers#12</a></li> <li>fix README.md badges by <a href="https://github.com/carpasse"><code>@​carpasse</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/13">jshttp/on-headers#13</a></li> <li>add OSSF scorecard action by <a href="https://github.com/carpasse"><code>@​carpasse</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/14">jshttp/on-headers#14</a></li> <li>fix: use <code>ubuntu-latest</code> as ci runner by <a href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/19">jshttp/on-headers#19</a></li> <li>ci: apply OSSF Scorecard security best practices by <a href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/20">jshttp/on-headers#20</a></li> <li>👷 add upstream change detection by <a href="https://github.com/ctcpip"><code>@​ctcpip</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/31">jshttp/on-headers#31</a></li> <li>✨ add script to update known hashes by <a href="https://github.com/ctcpip"><code>@​ctcpip</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/32">jshttp/on-headers#32</a></li> <li>💚 update CI - add newer node versions by <a href="https://github.com/ctcpip"><code>@​ctcpip</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/33">jshttp/on-headers#33</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/carpasse"><code>@​carpasse</code></a> made their first contribution in <a href="https://redirect.github.com/jshttp/on-headers/pull/12">jshttp/on-headers#12</a></li> <li><a href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a> made their first contribution in <a href="https://redirect.github.com/jshttp/on-headers/pull/19">jshttp/on-headers#19</a></li> <li><a href="https://github.com/ctcpip"><code>@​ctcpip</code></a> made their first contribution in <a href="https://redirect.github.com/jshttp/on-headers/pull/31">jshttp/on-headers#31</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0">https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jshttp/on-headers/blob/master/HISTORY.md">on-headers's changelog</a>.</em></p> <blockquote> <h1>1.1.0 / 2025-07-17</h1> <ul> <li>Fix <a href="https://www.cve.org/CVERecord?id=CVE-2025-7339">CVE-2025-7339</a> (<a href="https://github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q">GHSA-76c9-3jph-rj3q</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jshttp/on-headers/commit/4b017af88f5375bbdf3ad2ee732d2c122e4f52b0"><code>4b017af</code></a> 1.1.0</li> <li><a href="https://github.com/jshttp/on-headers/commit/b636f2d08e6c1e0a784b53a13cd61e05c09bb118"><code>b636f2d</code></a> ♻️ refactor header array code</li> <li><a href="https://github.com/jshttp/on-headers/commit/3e2c2d46c3e9592f6a1c3a3a1dbe622401f95d39"><code>3e2c2d4</code></a> ✨ ignore falsy header keys, matching node behavior</li> <li><a href="https://github.com/jshttp/on-headers/commit/172eb41b99a5a290b27a2c43fe602ca33aa1c8ce"><code>172eb41</code></a> ✨ support duplicate headers</li> <li><a href="https://github.com/jshttp/on-headers/commit/c6e384908c9c6127d18831d16ab0bd96e1231867"><code>c6e3849</code></a> 🔒️ fix array handling</li> <li><a href="https://github.com/jshttp/on-headers/commit/6893518341bb4e5363285df086b3158302d3b216"><code>6893518</code></a> 💚 update CI - add newer node versions</li> <li><a href="https://github.com/jshttp/on-headers/commit/56a345d82b51a0dcb8d09f061f87b1fd1dc4c01e"><code>56a345d</code></a> ✨ add script to update known hashes</li> <li><a href="https://github.com/jshttp/on-headers/commit/175ab217155d525371a5416ff059f895a3a532a6"><code>175ab21</code></a> 👷 add upstream change detection (<a href="https://redirect.github.com/jshttp/on-headers/issues/31">#31</a>)</li> <li><a href="https://github.com/jshttp/on-headers/commit/ce0b2c8fcd313d38d3534fb731050dc16e105bf6"><code>ce0b2c8</code></a> ci: apply OSSF Scorecard security best practices (<a href="https://redirect.github.com/jshttp/on-headers/issues/20">#20</a>)</li> <li><a href="https://github.com/jshttp/on-headers/commit/1a38c543e75cd06217b449531de10b1758e35299"><code>1a38c54</code></a> fix: use <code>ubuntu-latest</code> as ci runner (<a href="https://redirect.github.com/jshttp/on-headers/issues/19">#19</a>)</li> <li>Additional commits viewable in <a href="https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~ulisesgascon">ulisesgascon</a>, a new releaser for on-headers since your current version.</p> </details> <br /> Updates `compression` from 1.7.4 to 1.8.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/compression/releases">compression's releases</a>.</em></p> <blockquote> <h2>v1.8.1</h2> <h2>What's Changed</h2> <ul> <li>fix(docs): update multiple links from http to https by <a href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/222">expressjs/compression#222</a></li> <li>ci: add dependabot for github actions by <a href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/207">expressjs/compression#207</a></li> <li>build(deps): bump github/codeql-action from 2.23.2 to 3.28.15 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/compression/pull/228">expressjs/compression#228</a></li> <li>build(deps): bump ossf/scorecard-action from 2.3.1 to 2.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/compression/pull/229">expressjs/compression#229</a></li> <li>build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.31.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/compression/pull/230">expressjs/compression#230</a></li> <li>build(deps-dev): bump supertest from 6.2.3 to 6.3.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/compression/pull/231">expressjs/compression#231</a></li> <li>[StepSecurity] ci: Harden GitHub Actions by <a href="https://github.com/step-security-bot"><code>@​step-security-bot</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/235">expressjs/compression#235</a></li> <li>build(deps): bump github/codeql-action from 3.28.15 to 3.29.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/compression/pull/243">expressjs/compression#243</a></li> <li>build(deps): bump actions/upload-artifact from 4.3.1 to 4.6.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/compression/pull/239">expressjs/compression#239</a></li> <li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/compression/pull/240">expressjs/compression#240</a></li> <li>build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/compression/pull/241">expressjs/compression#241</a></li> <li>build(deps-dev): bump eslint-plugin-import from 2.31.0 to 2.32.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/compression/pull/244">expressjs/compression#244</a></li> <li>deps: on-headers@1.1.0 by <a href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/246">expressjs/compression#246</a></li> <li>Release: 1.8.1 by <a href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/247">expressjs/compression#247</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] made their first contribution in <a href="https://redirect.github.com/expressjs/compression/pull/228">expressjs/compression#228</a></li> <li><a href="https://github.com/step-security-bot"><code>@​step-security-bot</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/compression/pull/235">expressjs/compression#235</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/compression/compare/1.8.0...v1.8.1">https://github.com/expressjs/compression/compare/1.8.0...v1.8.1</a></p> <h2>v1.8.0</h2> <h2>What's Changed</h2> <ul> <li>Refactor chunkLength function for improved readability and consistency by <a href="https://github.com/Ayoub-Mabrouk"><code>@​Ayoub-Mabrouk</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/203">expressjs/compression#203</a></li> <li>Refactor toBuffer function to simplify buffer check logic by <a href="https://github.com/Ayoub-Mabrouk"><code>@​Ayoub-Mabrouk</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/201">expressjs/compression#201</a></li> <li>ci: add CodeQL (SAST) by <a href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/204">expressjs/compression#204</a></li> <li>Use headersSent instead of _header by <a href="https://github.com/maritz"><code>@​maritz</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/129">expressjs/compression#129</a></li> <li>Bugfix/use write head instead of implicit header by <a href="https://github.com/Icehunter"><code>@​Icehunter</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/170">expressjs/compression#170</a></li> <li>feat: add default option by <a href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/191">expressjs/compression#191</a></li> <li>ci: update ci workflow by <a href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/206">expressjs/compression#206</a></li> <li>feat: support for brotli by <a href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/194">expressjs/compression#194</a></li> <li>docs: improve readme by <a href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/209">expressjs/compression#209</a></li> <li>docs: keywords field by <a href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/210">expressjs/compression#210</a></li> <li>refactor: simplify encoding negotiation logic by <a href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/213">expressjs/compression#213</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Ayoub-Mabrouk"><code>@​Ayoub-Mabrouk</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/compression/pull/203">expressjs/compression#203</a></li> <li><a href="https://github.com/maritz"><code>@​maritz</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/compression/pull/129">expressjs/compression#129</a></li> <li><a href="https://github.com/Icehunter"><code>@​Icehunter</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/compression/pull/170">expressjs/compression#170</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/compression/compare/1.7.5...v1.8.0">https://github.com/expressjs/compression/compare/1.7.5...v1.8.0</a></p> <h2>1.7.5</h2> <h2>What's Changed</h2> <ul> <li>chore: add support for OSSF scorecard reporting by <a href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/186">expressjs/compression#186</a></li> <li>ci: fix errors in ci github action for node 8 and 9 by <a href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/187">expressjs/compression#187</a></li> <li>docs: fix spelling by <a href="https://github.com/dijonkitchen"><code>@​dijonkitchen</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/174">expressjs/compression#174</a></li> <li>deps: bytes@3.1.2 by <a href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/compression/pull/192">expressjs/compression#192</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/compression/blob/master/HISTORY.md">compression's changelog</a>.</em></p> <blockquote> <h1>1.8.1 / 2025-07-17</h1> <ul> <li>deps: on-headers@~1.1.0 <ul> <li>Fix <a href="https://www.cve.org/CVERecord?id=CVE-2025-7339">CVE-2025-7339</a> (<a href="https://github.com/expressjs/on-headers/security/advisories/GHSA-76c9-3jph-rj3q">GHSA-76c9-3jph-rj3q</a>)</li> </ul> </li> </ul> <h1>1.8.0 / 2025-02-10</h1> <ul> <li>Use <code>res.headersSent</code> when available</li> <li>Replace <code>_implicitHeader</code> with <code>writeHead</code> property</li> <li>add brotli support for versions of node that support it</li> <li>Add the enforceEncoding option for requests without <code>Accept-Encoding</code> header</li> </ul> <h1>1.7.5 / 2024-10-31</h1> <ul> <li>deps: Replace accepts with negotiator@~0.6.4 <ul> <li>Add preference option</li> </ul> </li> <li>deps: bytes@3.1.2 <ul> <li>Add petabyte (<code>pb</code>) support</li> <li>Fix "thousandsSeparator" incorrecting formatting fractional part</li> <li>Fix return value for un-parsable strings</li> </ul> </li> <li>deps: compressible@~2.0.18 <ul> <li>Mark <code>font/ttf</code> as compressible</li> <li>Remove compressible from <code>multipart/mixed</code></li> <li>deps: mime-db@'>= 1.43.0 < 2'</li> </ul> </li> <li>deps: safe-buffer@5.2.1</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/expressjs/compression/commit/83a0c45fe190f4fcb8b515c18065db9cb9029dd1"><code>83a0c45</code></a> 1.8.1</li> <li><a href="https://github.com/expressjs/compression/commit/ce62713129f4b33eac4b833e1722410091646395"><code>ce62713</code></a> deps: on-headers@1.1.0 (<a href="https://redirect.github.com/expressjs/compression/issues/246">#246</a>)</li> <li><a href="https://github.com/expressjs/compression/commit/f4acb23985fa345318d34d4a96acf555a883efeb"><code>f4acb23</code></a> build(deps-dev): bump eslint-plugin-import from 2.31.0 to 2.32.0 (<a href="https://redirect.github.com/expressjs/compression/issues/244">#244</a>)</li> <li><a href="https://github.com/expressjs/compression/commit/6eaebe63f2ecac191d402c570bde140488435c4c"><code>6eaebe6</code></a> build(deps): bump actions/checkout from 4.1.1 to 4.2.2 (<a href="https://redirect.github.com/expressjs/compression/issues/241">#241</a>)</li> <li><a href="https://github.com/expressjs/compression/commit/37e062312fd270f84b5f50f7c6f88312609633f5"><code>37e0623</code></a> build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 (<a href="https://redirect.github.com/expressjs/compression/issues/240">#240</a>)</li> <li><a href="https://github.com/expressjs/compression/commit/bc436b26283c2f85a9711085dd0e4a580de50ba7"><code>bc436b2</code></a> build(deps): bump actions/upload-artifact from 4.3.1 to 4.6.2 (<a href="https://redirect.github.com/expressjs/compression/issues/239">#239</a>)</li> <li><a href="https://github.com/expressjs/compression/commit/2f9f5726751ecf12f7c46a9d1493bcd1966e09a7"><code>2f9f572</code></a> build(deps): bump github/codeql-action from 3.28.15 to 3.29.2 (<a href="https://redirect.github.com/expressjs/compression/issues/243">#243</a>)</li> <li><a href="https://github.com/expressjs/compression/commit/5f13b148d2a1a2daaa8647e03592214bb240bf18"><code>5f13b14</code></a> [StepSecurity] ci: Harden GitHub Actions (<a href="https://redirect.github.com/expressjs/compression/issues/235">#235</a>)</li> <li><a href="https://github.com/expressjs/compression/commit/76e094548125afbf8089a482d5982dc96c7ce398"><code>76e0945</code></a> build(deps-dev): bump supertest from 6.2.3 to 6.3.4 (<a href="https://redirect.github.com/expressjs/compression/issues/231">#231</a>)</li> <li><a href="https://github.com/expressjs/compression/commit/ae6ee809dc0cb40febaf2a5bff298465bd5a207f"><code>ae6ee80</code></a> build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.31.0 (<a href="https://redirect.github.com/expressjs/compression/issues/230">#230</a>)</li> <li>Additional commits viewable in <a href="https://github.com/expressjs/compression/compare/1.7.4...v1.8.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~ulisesgascon">ulisesgascon</a>, a new releaser for compression since your current version.</p> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/git-bug/git-bug/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
95e53ff
build(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 in the go_modules group across 1 directory (#1473)
Click to expand commit body
Bumps the go_modules group with 1 update in the / directory: [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure). Updates `github.com/go-viper/mapstructure/v2` from 2.2.1 to 2.3.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-viper/mapstructure/releases">github.com/go-viper/mapstructure/v2's releases</a>.</em></p> <blockquote> <h2>v2.3.0</h2> <h2>What's Changed</h2> <ul> <li>build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/46">go-viper/mapstructure#46</a></li> <li>build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/47">go-viper/mapstructure#47</a></li> <li>[enhancement] Add check for <code>reflect.Value</code> in <code>ComposeDecodeHookFunc</code> by <a href="https://github.com/mahadzaryab1"><code>@​mahadzaryab1</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/52">go-viper/mapstructure#52</a></li> <li>build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/51">go-viper/mapstructure#51</a></li> <li>build(deps): bump actions/checkout from 4.2.0 to 4.2.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/50">go-viper/mapstructure#50</a></li> <li>build(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/55">go-viper/mapstructure#55</a></li> <li>build(deps): bump actions/setup-go from 5.2.0 to 5.3.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/58">go-viper/mapstructure#58</a></li> <li>ci: add Go 1.24 to the test matrix by <a href="https://github.com/sagikazarmark"><code>@​sagikazarmark</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/74">go-viper/mapstructure#74</a></li> <li>build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/72">go-viper/mapstructure#72</a></li> <li>build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/76">go-viper/mapstructure#76</a></li> <li>build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/78">go-viper/mapstructure#78</a></li> <li>feat: add decode hook for netip.Prefix by <a href="https://github.com/tklauser"><code>@​tklauser</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/85">go-viper/mapstructure#85</a></li> <li>Updates by <a href="https://github.com/sagikazarmark"><code>@​sagikazarmark</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/86">go-viper/mapstructure#86</a></li> <li>build(deps): bump github/codeql-action from 2.13.4 to 3.28.15 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/87">go-viper/mapstructure#87</a></li> <li>build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/93">go-viper/mapstructure#93</a></li> <li>build(deps): bump github/codeql-action from 3.28.15 to 3.28.17 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/92">go-viper/mapstructure#92</a></li> <li>build(deps): bump github/codeql-action from 3.28.17 to 3.28.19 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/97">go-viper/mapstructure#97</a></li> <li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/96">go-viper/mapstructure#96</a></li> <li>Update README.md by <a href="https://github.com/peczenyj"><code>@​peczenyj</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/90">go-viper/mapstructure#90</a></li> <li>Add omitzero tag. by <a href="https://github.com/Crystalix007"><code>@​Crystalix007</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/98">go-viper/mapstructure#98</a></li> <li>Use error structs instead of duplicated strings by <a href="https://github.com/m1k1o"><code>@​m1k1o</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/102">go-viper/mapstructure#102</a></li> <li>build(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/101">go-viper/mapstructure#101</a></li> <li>feat: add common error interface by <a href="https://github.com/sagikazarmark"><code>@​sagikazarmark</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/105">go-viper/mapstructure#105</a></li> <li>update linter by <a href="https://github.com/sagikazarmark"><code>@​sagikazarmark</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/106">go-viper/mapstructure#106</a></li> <li>Feature allow unset pointer by <a href="https://github.com/rostislaved"><code>@​rostislaved</code></a> in <a href="https://redirect.github.com/go-viper/mapstructure/pull/80">go-viper/mapstructure#80</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/tklauser"><code>@​tklauser</code></a> made their first contribution in <a href="https://redirect.github.com/go-viper/mapstructure/pull/85">go-viper/mapstructure#85</a></li> <li><a href="https://github.com/peczenyj"><code>@​peczenyj</code></a> made their first contribution in <a href="https://redirect.github.com/go-viper/mapstructure/pull/90">go-viper/mapstructure#90</a></li> <li><a href="https://github.com/Crystalix007"><code>@​Crystalix007</code></a> made their first contribution in <a href="https://redirect.github.com/go-viper/mapstructure/pull/98">go-viper/mapstructure#98</a></li> <li><a href="https://github.com/rostislaved"><code>@​rostislaved</code></a> made their first contribution in <a href="https://redirect.github.com/go-viper/mapstructure/pull/80">go-viper/mapstructure#80</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0">https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-viper/mapstructure/commit/8c61ec1924fcfa522f9fc6b4618c672db61d1a38"><code>8c61ec1</code></a> Merge pull request <a href="https://redirect.github.com/go-viper/mapstructure/issues/80">#80</a> from rostislaved/feature-allow-unset-pointer</li> <li><a href="https://github.com/go-viper/mapstructure/commit/df765f469ad16a1996fd0f0ae6a32b20535b966a"><code>df765f4</code></a> Merge pull request <a href="https://redirect.github.com/go-viper/mapstructure/issues/106">#106</a> from go-viper/update-linter</li> <li><a href="https://github.com/go-viper/mapstructure/commit/5f34b05aa12639380ef7c2af69eb6f8fd629dbd0"><code>5f34b05</code></a> update linter</li> <li><a href="https://github.com/go-viper/mapstructure/commit/36de1e1d74f55681536097ff8467a8ce952ef183"><code>36de1e1</code></a> Merge pull request <a href="https://redirect.github.com/go-viper/mapstructure/issues/105">#105</a> from go-viper/error-refactor</li> <li><a href="https://github.com/go-viper/mapstructure/commit/6a283a390ee7bc0f9331f58199db234902e0739f"><code>6a283a3</code></a> chore: update error type doc</li> <li><a href="https://github.com/go-viper/mapstructure/commit/599cb73236404c044abcf278a45c3928d7480dd0"><code>599cb73</code></a> Merge pull request <a href="https://redirect.github.com/go-viper/mapstructure/issues/101">#101</a> from go-viper/dependabot/github_actions/github/codeql...</li> <li><a href="https://github.com/go-viper/mapstructure/commit/ed3f92181528ff776a0324107b8b55026e93766a"><code>ed3f921</code></a> feat: remove value from error messages</li> <li><a href="https://github.com/go-viper/mapstructure/commit/a3f8b227dcdae324c070d389152837f0aa635f4b"><code>a3f8b22</code></a> revert: error message change</li> <li><a href="https://github.com/go-viper/mapstructure/commit/9661f6d07c319da00ae0508d99df5f3f0c3953bd"><code>9661f6d</code></a> feat: add common error interface</li> <li><a href="https://github.com/go-viper/mapstructure/commit/f12f6c76fe743c8e4cc6465c6a9f16fcd8cede57"><code>f12f6c7</code></a> Merge pull request <a href="https://redirect.github.com/go-viper/mapstructure/issues/102">#102</a> from m1k1o/prettify-errors2</li> <li>Additional commits viewable in <a href="https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/git-bug/git-bug/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
6a3ca9e
build(deps): bump github.com/cloudflare/circl from 1.4.0 to 1.6.1 in the go_modules group across 1 directory (#1472)
Click to expand commit body
Bumps the go_modules group with 1 update in the / directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Updates `github.com/cloudflare/circl` from 1.4.0 to 1.6.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cloudflare/circl/releases">github.com/cloudflare/circl's releases</a>.</em></p> <blockquote> <h2>CIRCL v1.6.1</h2> <ul> <li>Fixes some point checks on the FourQ curve.</li> <li>Hybrid KEM fails on low-order points.</li> </ul> <h3>What's Changed</h3> <ul> <li>kem/hybrid: ensure X25519 hybrids fails with low order points by <a href="https://github.com/Lekensteyn"><code>@​Lekensteyn</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/541">cloudflare/circl#541</a></li> <li>.github: Use native ARM64 builders instead of QEMU by <a href="https://github.com/Lekensteyn"><code>@​Lekensteyn</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/542">cloudflare/circl#542</a></li> <li>Fixes several errors on twisted Edwards curves. by <a href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/545">cloudflare/circl#545</a></li> <li>Release v1.6.1 by <a href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/546">cloudflare/circl#546</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1">https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1</a></p> <h2>CIRCL v1.6.0</h2> <h3>New!</h3> <ul> <li><a href="https://github.com/cloudflare/circl/blob/main/vdaf/prio3">Prio3</a> Verifiable Distributed Aggregation Function (<a href="https://datatracker.ietf.org/doc/draft-irtf-cfrg-vdaf/">draft-irtf-cfrg-vdaf</a>).</li> <li><a href="https://github.com/cloudflare/circl/blob/main/kem/xwing">X-Wing</a>: general-purpose hybrid post-quantum KEM (<a href="https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/">draft-connolly-cfrg-xwing-kem</a>)</li> </ul> <h3>What's Changed</h3> <ul> <li>Add OIDs to ML-DSA by <a href="https://github.com/bwesterb"><code>@​bwesterb</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/519">cloudflare/circl#519</a></li> <li>Adds Prio3 a set of verifiable distributed aggregation functions. by <a href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/522">cloudflare/circl#522</a></li> <li>Run semgrep cronjob only in upstream repository. by <a href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/526">cloudflare/circl#526</a></li> <li>X-Wing PQ/T hybrid by <a href="https://github.com/bwesterb"><code>@​bwesterb</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/471">cloudflare/circl#471</a></li> <li>ckem: move crypto/elliptic to crypto/ecdh by <a href="https://github.com/MingLLuo"><code>@​MingLLuo</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/529">cloudflare/circl#529</a></li> <li>hpke: Update HPKE code to use ecdh stdlib package. by <a href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/530">cloudflare/circl#530</a></li> <li>prio3: Adds polynomial multiplication using NTT by <a href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/532">cloudflare/circl#532</a></li> <li>Add Prio3 in readme. by <a href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/527">cloudflare/circl#527</a></li> </ul> <h3>New Contributors</h3> <ul> <li><a href="https://github.com/MingLLuo"><code>@​MingLLuo</code></a> made their first contribution in <a href="https://redirect.github.com/cloudflare/circl/pull/529">cloudflare/circl#529</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/cloudflare/circl/compare/v1.5.0...v1.6.0">https://github.com/cloudflare/circl/compare/v1.5.0...v1.6.0</a></p> <h1>CIRCL v1.5.0</h1> <p><strong>New:</strong> ML-DSA, Module-Lattice-based Digital Signature Algorithm.</p> <h3>What's Changed</h3> <ul> <li>kem: add X25519MLKEM768 TLS hybrid KEM by <a href="https://github.com/bwesterb"><code>@​bwesterb</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/510">cloudflare/circl#510</a></li> <li>Create semgrep.yml by <a href="https://github.com/hrushikeshdeshpande"><code>@​hrushikeshdeshpande</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/514">cloudflare/circl#514</a></li> <li>repo: Some fixes reported by CodeQL by <a href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/515">cloudflare/circl#515</a></li> <li>Add ML-DSA (FIPS204) by <a href="https://github.com/bwesterb"><code>@​bwesterb</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/480">cloudflare/circl#480</a></li> <li>sign/mldsa: Add test for ML-DSA signature verification. by <a href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/517">cloudflare/circl#517</a></li> <li>Release v1.5.0 by <a href="https://github.com/armfazh"><code>@​armfazh</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/518">cloudflare/circl#518</a></li> </ul> <h3>New Contributors</h3> <ul> <li><a href="https://github.com/hrushikeshdeshpande"><code>@​hrushikeshdeshpande</code></a> made their first contribution in <a href="https://redirect.github.com/cloudflare/circl/pull/514">cloudflare/circl#514</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/cloudflare/circl/compare/v1.4.0...v1.5.0">https://github.com/cloudflare/circl/compare/v1.4.0...v1.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cloudflare/circl/commit/c6d33e35234ebf5c4319d12ae7d77d7d17053e56"><code>c6d33e3</code></a> Release v1.6.1</li> <li><a href="https://github.com/cloudflare/circl/commit/0c3868ef6fc8ce864bc4104863186afdd2947f14"><code>0c3868e</code></a> curve4q: Shared must fail with low order points.</li> <li><a href="https://github.com/cloudflare/circl/commit/9fd570dd508eef941d3f42fb94413a899b96d52e"><code>9fd570d</code></a> curve4q: Test showing DH does not fails on identity point.</li> <li><a href="https://github.com/cloudflare/circl/commit/c988ceba827fe09896e770c152646dded447903d"><code>c988ceb</code></a> fourq: Correctly unmarshalling point.</li> <li><a href="https://github.com/cloudflare/circl/commit/ef2611dcde7f6d25e31082412bbb30f2a870d133"><code>ef2611d</code></a> fourq: Test showing point unmarshal fails.</li> <li><a href="https://github.com/cloudflare/circl/commit/05eba44d1a35f979c5f3ac914bcc50c1122e8ced"><code>05eba44</code></a> fourq: Handle the case of Z=0 for IsOnCurve and IsEqual.</li> <li><a href="https://github.com/cloudflare/circl/commit/eef08780cc3cb9befa20014e65f731391103be6b"><code>eef0878</code></a> fourq: Test showing isEqual and IsOnCurve fail.</li> <li><a href="https://github.com/cloudflare/circl/commit/2298474ef688938e4a81ca14990b9a11a8677e2a"><code>2298474</code></a> goldilocks; Handling points with z=0.</li> <li><a href="https://github.com/cloudflare/circl/commit/5a940a111507232035d0b753fbf3068c52d6b8ac"><code>5a940a1</code></a> goldilocks: Test for IsEqual must fail with Z=0</li> <li><a href="https://github.com/cloudflare/circl/commit/48c3b6a2746a18db4d8b675ab296980514359340"><code>48c3b6a</code></a> ed25519: Fix isEqual to handle points with Z=0.</li> <li>Additional commits viewable in <a href="https://github.com/cloudflare/circl/compare/v1.4.0...v1.6.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/git-bug/git-bug/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
da70bf5
refactor: replace references of "master" with "trunk" (#1471)
Click to expand commit body
Change-Id: Iddffb45d6ab73096e2c27e8e5029eabe47e092d8
sudoforge created
0398fc0
refactor: remove one-shot workflow: cron/rename-default-branch (#1470)
Click to expand commit body
Change-Id: I1085b7a7bad5eec02da81e131e92abc15af29d2d
sudoforge created
555fc2d
feat(dev-infra): set trunk workflow to run on branch: trunk (#1464)
Click to expand commit body
Closes: #1404 Change-Id: Iee167b1de8df7019d39157fb258aa612942ab4d4
sudoforge created
b80d27c
build(deps)!: upgrade bleve v1.0.14 => v2.5.1 (#1442)
Click to expand commit body
This change upgrades `bleve`, primarily to remove the need for the replace directive on `github.com/willf/bitset`, but this change upgrades further to move past a non-impacting vulnerability to the `bleve/http` package [0] [1], even though we do not use it, even indirectly. Note that even though the GitHub advisory [0] notes that this is patched in `v2.5.0`, all that seems to have happened (see [1]) is that a README was added to the package noting the vulnerabilities. Other CVE databases [2] [3] do not mark this as resolved. Again, however, git-bug DOES NOT USE this package, so it is not really a concern. The cache and indexing format was changed. Index storage gains are _significant_ (at the time of writing, with the git-bug repository, this change reduces the index cache from ~51 MiB to less than 4 MiB). This does not come with a change to bleve's API. We do have a test that validates that the index file exists, however, so this change refactors that to check against the appropriate path. [0]: https://github.com/advisories/GHSA-9w9f-6mg8-jp7w [1]: https://github.com/blevesearch/bleve/commit/1c7509d6a17d36f265c90b4e8f4e3a3182fe79ff [2]: https://nvd.nist.gov/vuln/detail/CVE-2022-31022 [3]: https://pkg.go.dev/vuln/GO-2022-0470 BREAKING-CHANGE: This causes a change to the format of the internal, local cache that git-bug uses. Users should note that older versions of git-bug will be incompatible with this new cache format. If you wish to downgrade to an older version of git-bug, you should first remove the cache by executing `rm -rf .git/git-bug` in a terminal, and then initialize the older version of git-bug to build a compatible version of the cache. Co-authored-by: Michael Muré <battoletre@gmail.com> Change-Id: I9ab436ade9221bfd91b84ebaf47434f1b3d91cd3 Co-authored-by: Michael Muré <battoletre@gmail.com>
sudoforge and Michael Muré created
e49c93d
build: reduce complexity for setting the version (#1466)
Click to expand commit body
This change refactors the implementation of how the version is embedded in the binary to reduce the number of variables necessary to determine the version information from 3 to 1. The legacy build variables are still supported, however, a warning will be emitted instructing users to contact their package maintainer. The legacy GitExacTag variable, if present, will be used to set main.version if it is undefined. This ensures that unmigrated package builds will continue to provide the correct version information. The legacy build variables will be supported until 0.12.0, giving package maintainers some time to migrate. Change-Id: I05fea97169ea1af87b198174afe5b6663f860fd8
sudoforge created
01d6899
feat(dev-infra): add pipeline: cron/rename-default-branch (#1465)
Click to expand commit body
This change adds a new pipeline named `cron`, with an initial task that will handle automatically updating the default branch for this repository on May 31 2025. Ref: #1404 Change-Id: Iff5529938d9be50de9733f98e72e86c4480e1d6e
sudoforge created
9311542
refactor(cli)!: remove the 'commands' command (#1462)
Click to expand commit body
This change removes the 'commands' command. This command historically printed out all of the commands, optionally with help text. This is superfluous, as we ship a manpage for each of the common shells, have markdown documentation available in the repository, and provide help text via the `--help` flag. BREAKING-CHANGE: The `commands` command has been removed. There is no replacement planned. Users are encouraged to run `--help`, view the markdown documentation available online, or run `man git-bug` to view the manpage in your terminal. Change-Id: I8bbfb03c03c820ec0b56549e59ab76826c45b9cc
sudoforge created
170ce48
refactor(changelog): remove extraneous commit preprocessors (#1461)
Click to expand commit body
This change removes several commit preprocessors that were originally used to touch up commit subjects on initial import, and are no longer needed. Change-Id: Ic23cef9cf6aef657c985937f5354b2b2db100fa7
sudoforge created
26086bb
docs(dev-infra): fix missing link to //:CHANGELOG.md (#1458)
Click to expand commit body
Change-Id: I0a21fbc9eb6d11afb647c8e51e40d3a5f5155792
sudoforge created
f2070b5
docs(changelog): bump for v0.10.1 (#1457)
Click to expand commit body
Change-Id: I68b8c234100ae91a6ad6b838211ce2ce7dd8feca
sudoforge created
b49a652
docs(dev-infra): add a section about commit messages to //:CONTRIBUTING.md (#1454)
Click to expand commit body
Change-Id: Ie21eb3761c8e632d1ff66c5b3fc2474f97e3364e
sudoforge created
ddb22a2
fix(cli): ignore missing sections when removing configuration (#1455)
Click to expand commit body
This change fixes an error typically encountered in the `git-bug-wipe` command, caused by overly zealous implementations of //repository:config.go%ConfigWrite.RemoveAll(). This change refactors these implementations to only attempt to remove sections that exist, and ignore non-existent sections. Closes: #1451 Change-Id: I66e710239915c8601dd70a78ae65eb625e093ef6
sudoforge created
08d928d
feat(dev-infra): move gqlgen to go-tool (#1453)
Michael Muré created
44d9031
docs(changelog): bump for v0.10.0
Click to expand commit body
Change-Id: I730373865da056571936357916b589a6cbc740b2
sudoforge created
3b5a2ac
build(web): upgrade graphql-eslint plugin (#1449)
Click to expand commit body
with this upgraded, we no longer depend on an vulnerable version of the `ws` library through an old graphql version
Jonathan Raphaelson created
4d053ac
docs(dev-infra): add guidelines for submitting changes (#1448)
Click to expand commit body
This change adds additional information to //:CONTRIBUTING.md, meant to provide guidance to potential contributors about how our review process works, and how we suggest iterating and submitting changes. Change-Id: I06073fa43d9fd37d35bc04aa5bfc0187d343b257
sudoforge created
ab8c5cc
ci: limit default permissions to contents.read (#1447)
Click to expand commit body
This change refactors all root pipelines (`trunk` and `presubmit`) to limit the contents permission to read. By default, GitHub has taken the overly-permissive approach of granting all permissions if the `permissions` map is not explicitly defined. Usability wins out over security, again. Change-Id: Idaca851385fb82eefd6c7c9b8ee46b85a3f4901c
sudoforge created
6ee47b9
feat(webui): remark upgrade + gfm + syntax highlighting (#1444)
Click to expand commit body
* upgrades remark/rehype/unified npm packages, and reconfigures everything for 2025 * `Label` can now be made inline, which fixes a react hydration error on the bug page * new remark plugins for GFM, hard line breaks & syntax highlighting
Jonathan Raphaelson created
948dd34
build(web): upgrade graphql-codegen and tools (#1443)
Jonathan Raphaelson created
89b880b
feat(dev-infra)!: remove gokart (#1441)
Click to expand commit body
This change removes `gokart` because it is unmaintained, and the `replace` directive breaks `go install`. Change-Id: I17ec23cc90abecbae20c4adaf6be46cf507645ec
sudoforge created
6811472
fix(dev-infra): re-enable markdown formatting (#1439)
Click to expand commit body
This was disabled while debugging prettier vs. mdformat interactions through treefmt, and accidentally committed in 08ffc2b82919b9254cc59c97756c546a508b4f73. Change-Id: I14ebc1d0edf6ed755ad15b6ba58b6d9c6f5519f5
sudoforge created
08ffc2b
feat(dev-infra): enable formatting of //webui (#1429)
Click to expand commit body
This change enables prettier, and enables formatting of //webui. Change-Id: I2516459649bf6c19a8dc495d3a4d915a6a881b39
sudoforge created
62bc7eb
build(web): generate the web bundle for the go binary (#1428)
Click to expand commit body
Recent changes were made to //webui, but the bundle was not updated. This was missed because it was not validated in CI. This change runs `make pack-webui` in order to generate this bundle. Change-Id: I63ccad91c7edb381813db684ac65f83aa7c048fc
sudoforge created
b3a3f57
feat(dev-infra): add initial //:.mailmap (#1426)
Click to expand commit body
This change adds //.mailmap initialized with mappings for duplicate
names and email addresses found in the repository archive. When a
duplicate was found, the name and email were chosen preferring the
longest name for the author, and the most practical email address (e.g.
if an obvious personal and professional email address existed, the
personal address was chosen).
Duplicate names were found with the following command:
git shortlog -se |\
awk 'match($0, /[0-9]+[ \t]+(.*)[ \t]+<.*>/, m) { print m[1] }' |\
sort |\
uniq -d
Duplicate email addresses were found with the following command:
git shortlog -se |\
awk 'match($0, /<[^>]+>/) { print substr($0, RSTART+1, RLENGTH-2) }' |\
sort |\
uniq -d
Change-Id: Ie0280ee336098c080cf5af8062dae20cb7a41e8e
sudoforge created
7e95b16
feat(web): simplify header navigation (#1427)
Click to expand commit body
* removes the tabbed navigation completely * makes it possible to see the custom name of the repository tabs (and really all not "main" nav) were not in use and the features may not work the same way in the future, so rather than redesigning, the whole tab bare was removed. for the custom name, if it's `__default`, the the default `git-bug` text is displayed; otherwise, the name of the repo.
Jonathan Raphaelson created
13b7aec
build(web): upgrade react dependencies (#1425)
Click to expand commit body
* upgrades react from v18->v19, the latest * upgrades react router from v6->v7, the latest * removes `react-moment`, which is not updated for react 19 * replace the trivial usages of the `<Moment>` component with a new one
Jonathan Raphaelson created
407e513
feat(changelog): add initial changelog (#1415)
Click to expand commit body
This change adds //:CHANGELOG.md initialized with all current and prior
releases. The changelog is generated with the following command:
git cliff -o CHANGELOG.md 0.1.0..v0.9.0
Change-Id: Iad09675d882c8fa7c135acb7224d3a07a35b1169
sudoforge created
9942337
docs(bridge): correct command used to create a new bridge (#1422)
Mischa created
0cff651
build(web): upgrade minor NPM dependencies, and React to v18 (#1421)
Click to expand commit body
upgrades outdate npm dependencies to latest minor versions compatible with each other, in prep for larger upgrades to bring up to date. of note, React 17->18 drops the react-dom library and required some mechanical changes due to apollo client errors no longer being renderable. --- screenshot to show application still running after upgrades 
Jonathan Raphaelson created
bd93665
docs(dev-infra): improve commit message guidelines (#1417)
Click to expand commit body
This change provides more clarity as to the type and scope requirements, and adds in additional information with regard to hyperlinks, appropriate trailers to use in the footer, and clarifies the difference between our requirements and the conventional commit spec v1.0.0. Change-Id: I7e3d4646c09728acf27c4efce24655896b8513a7
sudoforge created
e2756ab
ci: remove unused internal action: auto-label (#1414)
Click to expand commit body
Change-Id: I70b522ef519e709e643ed90efbe712112d348141
sudoforge created