Commit log

536d8ed chore(deps): bump modernc.org/sqlite in the all group (#878)

Click to expand commit body 
Bumps the all group with 1 update: [modernc.org/sqlite](https://gitlab.com/cznic/sqlite).


Updates `modernc.org/sqlite` from 1.49.1 to 1.50.0
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.49.1...v1.50.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-version: 1.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

ac13536 chore: remove CODEOWNERS

Andrey Nering created

0c26b61 chore(deps): bump the all group across 1 directory with 5 updates (#877)

Click to expand commit body 
Bumps the all group with 4 updates in the / directory: [charm.land/bubbletea/v2](https://github.com/charmbracelet/bubbletea), [charm.land/lipgloss/v2](https://github.com/charmbracelet/lipgloss), [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite).


Updates `charm.land/bubbletea/v2` from 2.0.2 to 2.0.6
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v2.0.2...v2.0.6)

Updates `charm.land/lipgloss/v2` from 2.0.2 to 2.0.3
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v2.0.2...v2.0.3)

Updates `github.com/charmbracelet/x/ansi` from 0.11.6 to 0.11.7
- [Commits](https://github.com/charmbracelet/x/compare/ansi/v0.11.6...ansi/v0.11.7)

Updates `github.com/go-git/go-git/v5` from 5.17.2 to 5.18.0
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.17.2...v5.18.0)

Updates `modernc.org/sqlite` from 1.48.1 to 1.49.1
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.48.1...v1.49.1)

---
updated-dependencies:
- dependency-name: charm.land/bubbletea/v2
  dependency-version: 2.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: charm.land/lipgloss/v2
  dependency-version: 2.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/charmbracelet/x/ansi
  dependency-version: 0.11.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: modernc.org/sqlite
  dependency-version: 1.49.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

f081868 chore(deps): bump charm.land/wish/v2 from 2.0.0 to 2.0.1 (#876)

Click to expand commit body 
Bumps [charm.land/wish/v2](https://github.com/charmbracelet/wish) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/charmbracelet/wish/releases)
- [Commits](https://github.com/charmbracelet/wish/compare/v2.0.0...v2.0.1)

---
updated-dependencies:
- dependency-name: charm.land/wish/v2
  dependency-version: 2.0.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

c01f4eb chore(deps): bump the all group with 3 updates (#873)

Click to expand commit body 
Bumps the all group with 3 updates: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git), [github.com/lib/pq](https://github.com/lib/pq) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite).


Updates `github.com/go-git/go-git/v5` from 5.17.1 to 5.17.2
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.17.1...v5.17.2)

Updates `github.com/lib/pq` from 1.12.1 to 1.12.3
- [Release notes](https://github.com/lib/pq/releases)
- [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lib/pq/compare/v1.12.1...v1.12.3)

Updates `modernc.org/sqlite` from 1.48.0 to 1.48.1
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.48.0...v1.48.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.17.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/lib/pq
  dependency-version: 1.12.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: modernc.org/sqlite
  dependency-version: 1.48.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

6be0a06 chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.4 to 3.0.5 (#871)

Click to expand commit body 
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.4 to 3.0.5.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.4...v3.0.5)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-version: 3.0.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

e6c6b73 chore(deps): bump the all group across 1 directory with 3 updates (#870)

Click to expand commit body 
Bumps the all group with 3 updates in the / directory: [charm.land/bubbles/v2](https://github.com/charmbracelet/bubbles), [github.com/lib/pq](https://github.com/lib/pq) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite).


Updates `charm.land/bubbles/v2` from 2.0.0 to 2.1.0
- [Release notes](https://github.com/charmbracelet/bubbles/releases)
- [Commits](https://github.com/charmbracelet/bubbles/compare/v2.0.0...v2.1.0)

Updates `github.com/lib/pq` from 1.12.0 to 1.12.1
- [Release notes](https://github.com/lib/pq/releases)
- [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lib/pq/compare/v1.12.0...v1.12.1)

Updates `modernc.org/sqlite` from 1.47.0 to 1.48.0
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.47.0...v1.48.0)

---
updated-dependencies:
- dependency-name: charm.land/bubbles/v2
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/lib/pq
  dependency-version: 1.12.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: modernc.org/sqlite
  dependency-version: 1.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

94ba91b chore(deps): bump github.com/go-git/go-git/v5 from 5.17.0 to 5.17.1 (#869)

Click to expand commit body 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.17.0 to 5.17.1.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.17.0...v5.17.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.17.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

0c4bf91 chore(deps): bump codecov/codecov-action from 5 to 6 in the all group (#867)

Click to expand commit body 
Bumps the all group with 1 update: [codecov/codecov-action](https://github.com/codecov/codecov-action).


Updates `codecov/codecov-action` from 5 to 6
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

f9d3c67 chore(deps): bump the all group with 2 updates (#802)

Click to expand commit body 
Bumps the all group with 2 updates: [github.com/lib/pq](https://github.com/lib/pq) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite).


Updates `github.com/lib/pq` from 1.11.2 to 1.12.0
- [Release notes](https://github.com/lib/pq/releases)
- [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lib/pq/compare/v1.11.2...v1.12.0)

Updates `modernc.org/sqlite` from 1.46.1 to 1.47.0
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.46.1...v1.47.0)

---
updated-dependencies:
- dependency-name: github.com/lib/pq
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: modernc.org/sqlite
  dependency-version: 1.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

80490de fix(ci): use golangci-lint latest version

Ayman Bagabas created

1cb5c9e chore(test): ignore stderr output from stopserver on Windows auth bypass regression test

Ayman Bagabas created

dc8dd89 chore(deps): bump the all group with 7 updates (#798)

Click to expand commit body 
Bumps the all group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [charm.land/bubbletea/v2](https://github.com/charmbracelet/bubbletea) | `2.0.1` | `2.0.2` |
| [charm.land/glamour/v2](https://github.com/charmbracelet/glamour) | `2.0.0-20251110203732-69649f93d3b1` | `2.0.0` |
| [charm.land/lipgloss/v2](https://github.com/charmbracelet/lipgloss) | `2.0.0` | `2.0.2` |
| [charm.land/log/v2](https://github.com/charmbracelet/log) | `2.0.0-20251110204020-529bb77f35da` | `2.0.0` |
| [charm.land/wish/v2](https://github.com/charmbracelet/wish) | `2.0.0-20251118130305-6cd7463a7b97` | `2.0.0` |
| [github.com/charmbracelet/colorprofile](https://github.com/charmbracelet/colorprofile) | `0.4.2` | `0.4.3` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.48.0` | `0.49.0` |


Updates `charm.land/bubbletea/v2` from 2.0.1 to 2.0.2
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v2.0.1...v2.0.2)

Updates `charm.land/glamour/v2` from 2.0.0-20251110203732-69649f93d3b1 to 2.0.0
- [Release notes](https://github.com/charmbracelet/glamour/releases)
- [Commits](https://github.com/charmbracelet/glamour/commits/v2.0.0)

Updates `charm.land/lipgloss/v2` from 2.0.0 to 2.0.2
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v2.0.0...v2.0.2)

Updates `charm.land/log/v2` from 2.0.0-20251110204020-529bb77f35da to 2.0.0
- [Release notes](https://github.com/charmbracelet/log/releases)
- [Commits](https://github.com/charmbracelet/log/commits/v2.0.0)

Updates `charm.land/wish/v2` from 2.0.0-20251118130305-6cd7463a7b97 to 2.0.0
- [Release notes](https://github.com/charmbracelet/wish/releases)
- [Commits](https://github.com/charmbracelet/wish/commits/v2.0.0)

Updates `github.com/charmbracelet/colorprofile` from 0.4.2 to 0.4.3
- [Release notes](https://github.com/charmbracelet/colorprofile/releases)
- [Commits](https://github.com/charmbracelet/colorprofile/compare/v0.4.2...v0.4.3)

Updates `golang.org/x/crypto` from 0.48.0 to 0.49.0
- [Commits](https://github.com/golang/crypto/compare/v0.48.0...v0.49.0)

---
updated-dependencies:
- dependency-name: charm.land/bubbletea/v2
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: charm.land/glamour/v2
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: charm.land/lipgloss/v2
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: charm.land/log/v2
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: charm.land/wish/v2
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/charmbracelet/colorprofile
  dependency-version: 0.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: golang.org/x/crypto
  dependency-version: 0.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

c147421 Merge commit from fork

Evan MORVAN created

85e19f1 chore(deps): bump golang.org/x/sync in the all group (#793)

Click to expand commit body 
Bumps the all group with 1 update: [golang.org/x/sync](https://github.com/golang/sync).


Updates `golang.org/x/sync` from 0.19.0 to 0.20.0
- [Commits](https://github.com/golang/sync/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

1959b0f chore: bump bubbletea to v2.0.1

Ayman Bagabas created

879ece7 fix(ssrf): pin resolved IP in dial to prevent DNS rebinding (#791)

Vinayak Mishra created

3ef6600 fix(ssrf): handle DNS resolution in SSRF protection

Ayman Bagabas created

19bc627 fix(ssh): add argument validation to webhook deliveries commands

Ayman Bagabas created

45855b6 chore(deps): bump the all group across 1 directory with 10 updates (#787)

Click to expand commit body 
Bumps the all group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [charm.land/bubbles/v2](https://github.com/charmbracelet/bubbles) | `2.0.0-rc.1.0.20251208171859-93a004ab70c8` | `2.0.0` |
| [github.com/caarlos0/env/v11](https://github.com/caarlos0/env) | `11.3.1` | `11.4.0` |
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.5` | `5.17.0` |
| [github.com/lib/pq](https://github.com/lib/pq) | `1.11.1` | `1.11.2` |
| [github.com/lrstanley/bubblezone/v2](https://github.com/lrstanley/bubblezone) | `2.0.0-alpha.3` | `2.0.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.47.0` | `0.48.0` |
| [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `1.44.3` | `1.46.1` |



Updates `charm.land/bubbles/v2` from 2.0.0-rc.1.0.20251208171859-93a004ab70c8 to 2.0.0
- [Release notes](https://github.com/charmbracelet/bubbles/releases)
- [Commits](https://github.com/charmbracelet/bubbles/commits/v2.0.0)

Updates `charm.land/bubbletea/v2` from 2.0.0-rc.2.0.20251216153312-819e2e89c62e to 2.0.0
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Commits](https://github.com/charmbracelet/bubbletea/commits/v2.0.0)

Updates `charm.land/lipgloss/v2` from 2.0.0-beta.3.0.20251205162909-7869489d8971 to 2.0.0
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Commits](https://github.com/charmbracelet/lipgloss/commits/v2.0.0)

Updates `github.com/caarlos0/env/v11` from 11.3.1 to 11.4.0
- [Release notes](https://github.com/caarlos0/env/releases)
- [Commits](https://github.com/caarlos0/env/compare/v11.3.1...v11.4.0)

Updates `github.com/charmbracelet/colorprofile` from 0.4.1 to 0.4.2
- [Release notes](https://github.com/charmbracelet/colorprofile/releases)
- [Commits](https://github.com/charmbracelet/colorprofile/compare/v0.4.1...v0.4.2)

Updates `github.com/go-git/go-git/v5` from 5.16.5 to 5.17.0
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.16.5...v5.17.0)

Updates `github.com/lib/pq` from 1.11.1 to 1.11.2
- [Release notes](https://github.com/lib/pq/releases)
- [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lib/pq/compare/v1.11.1...v1.11.2)

Updates `github.com/lrstanley/bubblezone/v2` from 2.0.0-alpha.3 to 2.0.0
- [Commits](https://github.com/lrstanley/bubblezone/compare/v2.0.0-alpha.3...v2.0.0)

Updates `golang.org/x/crypto` from 0.47.0 to 0.48.0
- [Commits](https://github.com/golang/crypto/compare/v0.47.0...v0.48.0)

Updates `modernc.org/sqlite` from 1.44.3 to 1.46.1
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.44.3...v1.46.1)

---
updated-dependencies:
- dependency-name: charm.land/bubbles/v2
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: charm.land/bubbletea/v2
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: charm.land/lipgloss/v2
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/caarlos0/env/v11
  dependency-version: 11.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/charmbracelet/colorprofile
  dependency-version: 0.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/lib/pq
  dependency-version: 1.11.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/lrstanley/bubblezone/v2
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: golang.org/x/crypto
  dependency-version: 0.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: modernc.org/sqlite
  dependency-version: 1.46.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

e80b183 Merge commit from fork

Click to expand commit body 
* fix: apply SSRF protection to LFS HTTP client

The LFS HTTP client uses http.DefaultClient which has no SSRF
protection. This allows server-side requests from LFS operations
to reach private/internal networks. The webhook subsystem already
has SSRF protection via secureHTTPClient with IP validation and
redirect blocking, but the LFS code path was missed.

Add a shared pkg/ssrf package with a secure HTTP client constructor
that validates resolved IPs before dialing (blocking private, link-
local, loopback, CGNAT, and reserved ranges) and blocks redirects.
Replace http.DefaultClient in newHTTPClient() with ssrf.NewSecureClient()
at both locations (batch API client and BasicTransferAdapter).

* refactor: consolidate webhook SSRF protection into pkg/ssrf

Pull shared IP validation into pkg/ssrf so both the LFS client and
webhook client use the same SSRF protection. The webhook validator
becomes a thin wrapper and the inline secureHTTPClient is replaced
with ssrf.NewSecureClient().

Two latent issues in the webhook path fixed in the process:
- nil ParseIP result was silently allowed through (now fail-closed)
- IPv6-mapped IPv4 bypassed manual range checks (now normalized)

Error aliases kept in pkg/webhook for backward compatibility.

Vinayak Mishra created

41aa86b chore(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 (#784)

Click to expand commit body 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.16.4 to 5.16.5.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.16.4...v5.16.5)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.16.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

a4edda0 chore(deps): bump github.com/charmbracelet/x/ansi in the all group (#783)

dependabot[bot] created

67188b7 chore(deps): bump the all group with 2 updates (#780)

Click to expand commit body 
Bumps the all group with 2 updates: [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) and [github.com/lib/pq](https://github.com/lib/pq).


Updates `github.com/golang-jwt/jwt/v5` from 5.3.0 to 5.3.1
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Commits](https://github.com/golang-jwt/jwt/compare/v5.3.0...v5.3.1)

Updates `github.com/lib/pq` from 1.10.9 to 1.11.1
- [Release notes](https://github.com/lib/pq/releases)
- [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lib/pq/compare/v1.10.9...v1.11.1)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v5
  dependency-version: 5.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/lib/pq
  dependency-version: 1.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

85fecd7 ci: sync dependabot config (#774)

Charm created

35a000e chore(deps): bump the all group with 2 updates (#778)

Click to expand commit body 
Bumps the all group with 2 updates: [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite).


Updates `github.com/alecthomas/chroma/v2` from 2.23.0 to 2.23.1
- [Release notes](https://github.com/alecthomas/chroma/releases)
- [Commits](https://github.com/alecthomas/chroma/compare/v2.23.0...v2.23.1)

Updates `modernc.org/sqlite` from 1.44.2 to 1.44.3
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.44.2...v1.44.3)

---
updated-dependencies:
- dependency-name: github.com/alecthomas/chroma/v2
  dependency-version: 2.23.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: modernc.org/sqlite
  dependency-version: 1.44.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

8539f9a fix: authentication bypass

Ayman Bagabas created

91e4b2b chore(deps): bump the all group with 4 updates (#776)

Click to expand commit body 
Bumps the all group with 4 updates: [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma), [github.com/charmbracelet/x/ansi](https://github.com/charmbracelet/x), [golang.org/x/crypto](https://github.com/golang/crypto) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite).


Updates `github.com/alecthomas/chroma/v2` from 2.22.0 to 2.23.0
- [Release notes](https://github.com/alecthomas/chroma/releases)
- [Commits](https://github.com/alecthomas/chroma/compare/v2.22.0...v2.23.0)

Updates `github.com/charmbracelet/x/ansi` from 0.11.3 to 0.11.4
- [Commits](https://github.com/charmbracelet/x/compare/ansi/v0.11.3...ansi/v0.11.4)

Updates `golang.org/x/crypto` from 0.46.0 to 0.47.0
- [Commits](https://github.com/golang/crypto/compare/v0.46.0...v0.47.0)

Updates `modernc.org/sqlite` from 1.43.0 to 1.44.2
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.43.0...v1.44.2)

---
updated-dependencies:
- dependency-name: github.com/alecthomas/chroma/v2
  dependency-version: 2.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/charmbracelet/x/ansi
  dependency-version: 0.11.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: golang.org/x/crypto
  dependency-version: 0.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: modernc.org/sqlite
  dependency-version: 1.44.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

2368256 chore(deps): bump the all group with 3 updates (#775)

Click to expand commit body 
Bumps the all group with 3 updates: [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma), [github.com/spf13/cobra](https://github.com/spf13/cobra) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite).


Updates `github.com/alecthomas/chroma/v2` from 2.21.1 to 2.22.0
- [Release notes](https://github.com/alecthomas/chroma/releases)
- [Commits](https://github.com/alecthomas/chroma/compare/v2.21.1...v2.22.0)

Updates `github.com/spf13/cobra` from 1.10.1 to 1.10.2
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2)

Updates `modernc.org/sqlite` from 1.42.2 to 1.43.0
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.42.2...v1.43.0)

---
updated-dependencies:
- dependency-name: github.com/alecthomas/chroma/v2
  dependency-version: 2.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/spf13/cobra
  dependency-version: 1.10.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: modernc.org/sqlite
  dependency-version: 1.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

28c4854 feat: add support for certificate reloading upon SIGHUP (#710)

Click to expand commit body 
* feat: add support for certificate reloading upon SIGHUP

* fix: support certificate reloading for unix and add test

* fix(cmd): move cert reloader logic to the serve package

---------

Co-authored-by: Ayman Bagabas <ayman.bagabas@gmail.com>

Harsh Mantri and Ayman Bagabas created

0758e66 chore(ci): update linting workflow

Ayman Bagabas created

1249f9b chore(lint): remove unused nolint directive

Ayman Bagabas created

2d0e48f chore(lint): fix lint issues

Ayman Bagabas created

0f573f4 chore: update golangci-lint config

Ayman Bagabas created

000ab51 Merge commit from fork

Click to expand commit body 
* fix: require admin privileges for force delete of LFS locks

Move user context retrieval before the force flag check to ensure
proper authorization. Force deletions now require admin privileges,
preventing non-admin users from deleting locks owned by others.

Fixes GHSA-6jm8-x3g6-r33j (CVE-2026-22253)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: improve comment clarity for force delete path

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Tomer Fichman and Claude Opus 4.5 created

62e2d5c fix(ssh): ui: respect anon-access setting for the ui

Click to expand commit body 
Fixes: https://github.com/charmbracelet/soft-serve/issues/759

Ayman Bagabas created

ba7d415 ci: sync golangci-lint config (#767)

Click to expand commit body 
Co-authored-by: aymanbagabas <3187948+aymanbagabas@users.noreply.github.com>

github-actions[bot] and aymanbagabas created

c8779b1 chore(deps): bump the all group across 1 directory with 9 updates (#772)

Click to expand commit body 
Bumps the all group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma) | `2.20.0` | `2.21.1` |
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.2` | `5.16.4` |
| [github.com/google/go-querystring](https://github.com/google/go-querystring) | `1.1.0` | `1.2.0` |
| [github.com/muesli/mango-cobra](https://github.com/muesli/mango-cobra) | `1.2.0` | `1.3.0` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.23.0` | `1.23.2` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.45.0` | `0.46.0` |
| [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `1.38.2` | `1.42.2` |



Updates `github.com/alecthomas/chroma/v2` from 2.20.0 to 2.21.1
- [Release notes](https://github.com/alecthomas/chroma/releases)
- [Commits](https://github.com/alecthomas/chroma/compare/v2.20.0...v2.21.1)

Updates `github.com/go-git/go-git/v5` from 5.16.2 to 5.16.4
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.16.2...v5.16.4)

Updates `github.com/google/go-querystring` from 1.1.0 to 1.2.0
- [Release notes](https://github.com/google/go-querystring/releases)
- [Commits](https://github.com/google/go-querystring/compare/v1.1.0...v1.2.0)

Updates `github.com/muesli/mango-cobra` from 1.2.0 to 1.3.0
- [Release notes](https://github.com/muesli/mango-cobra/releases)
- [Commits](https://github.com/muesli/mango-cobra/compare/v1.2.0...v1.3.0)

Updates `github.com/prometheus/client_golang` from 1.23.0 to 1.23.2
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.23.0...v1.23.2)

Updates `github.com/spf13/cobra` from 1.9.1 to 1.10.1
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.9.1...v1.10.1)

Updates `golang.org/x/crypto` from 0.45.0 to 0.46.0
- [Commits](https://github.com/golang/crypto/compare/v0.45.0...v0.46.0)

Updates `golang.org/x/sync` from 0.18.0 to 0.19.0
- [Commits](https://github.com/golang/sync/compare/v0.18.0...v0.19.0)

Updates `modernc.org/sqlite` from 1.38.2 to 1.42.2
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.38.2...v1.42.2)

---
updated-dependencies:
- dependency-name: github.com/alecthomas/chroma/v2
  dependency-version: 2.21.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.16.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/google/go-querystring
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/muesli/mango-cobra
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/prometheus/client_golang
  dependency-version: 1.23.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/spf13/cobra
  dependency-version: 1.10.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/crypto
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/sync
  dependency-version: 0.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: modernc.org/sqlite
  dependency-version: 1.42.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

2447a96 fix(tests): ignore stderr output in SSRF webhook test

Ayman Bagabas created

9e67180 chore(deps): bump actions/checkout from 5 to 6 in the all group (#765)

Click to expand commit body 
Bumps the all group with 1 update: [actions/checkout](https://github.com/actions/checkout).


Updates `actions/checkout` from 5 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

8262d91 chore: go mod tidy

Ayman Bagabas created

a7f2fbe chore: bump dependencies and use charm.land modules

Ayman Bagabas created

f946151 chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#764)

Click to expand commit body 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.41.0 to 0.45.0.
- [Commits](https://github.com/golang/crypto/compare/v0.41.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

8a99b84 test: fix

Click to expand commit body 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>

Carlos Alexandro Becker created

bb73b9a Merge commit from fork

Click to expand commit body 
closes GHSA-vwq2-jx9q-9h9f

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>

Carlos Alexandro Becker created

56e9784 docs: Add `IdentitiesOnly` option to ssh command examples (#628)

Rob Berwick created

d963932 Merge commit from fork

Click to expand commit body 
* sec: escape ansi sequences on user input

fixes HSA-fv2r-r8mp-pg48

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>

* Apply suggestion from @Tomer-PL

Co-authored-by: Tomer Fichman <tomer@irregular.com>

* chore: fmt

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>

---------

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Co-authored-by: Tomer Fichman <tomer@irregular.com>

Carlos Alexandro Becker and Tomer Fichman created

ea8799b feat: add CORS headers (#654)

fetsorn created

15e9e25 chore(deps): bump actions/setup-go from 5 to 6 in the all group (#748)

Click to expand commit body 
Bumps the all group with 1 update: [actions/setup-go](https://github.com/actions/setup-go).


Updates `actions/setup-go` from 5 to 6
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

6856877 feat: add readiness and liveness probes for self healing (#734)

Click to expand commit body 
* feat: add k8s readiness and liveness probes

* fix: switch to single err var and add logging

* chore: remove fmt import

Jay Madden created