80490de
fix(ci): use golangci-lint latest version
Ayman Bagabas created
Commit log
1cb5c9e
chore(test): ignore stderr output from stopserver on Windows auth bypass regression test
Ayman Bagabas created
dc8dd89
chore(deps): bump the all group with 7 updates (#798)
Click to expand commit body
Bumps the all group with 7 updates: | Package | From | To | | --- | --- | --- | | [charm.land/bubbletea/v2](https://github.com/charmbracelet/bubbletea) | `2.0.1` | `2.0.2` | | [charm.land/glamour/v2](https://github.com/charmbracelet/glamour) | `2.0.0-20251110203732-69649f93d3b1` | `2.0.0` | | [charm.land/lipgloss/v2](https://github.com/charmbracelet/lipgloss) | `2.0.0` | `2.0.2` | | [charm.land/log/v2](https://github.com/charmbracelet/log) | `2.0.0-20251110204020-529bb77f35da` | `2.0.0` | | [charm.land/wish/v2](https://github.com/charmbracelet/wish) | `2.0.0-20251118130305-6cd7463a7b97` | `2.0.0` | | [github.com/charmbracelet/colorprofile](https://github.com/charmbracelet/colorprofile) | `0.4.2` | `0.4.3` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.48.0` | `0.49.0` | Updates `charm.land/bubbletea/v2` from 2.0.1 to 2.0.2 - [Release notes](https://github.com/charmbracelet/bubbletea/releases) - [Commits](https://github.com/charmbracelet/bubbletea/compare/v2.0.1...v2.0.2) Updates `charm.land/glamour/v2` from 2.0.0-20251110203732-69649f93d3b1 to 2.0.0 - [Release notes](https://github.com/charmbracelet/glamour/releases) - [Commits](https://github.com/charmbracelet/glamour/commits/v2.0.0) Updates `charm.land/lipgloss/v2` from 2.0.0 to 2.0.2 - [Release notes](https://github.com/charmbracelet/lipgloss/releases) - [Commits](https://github.com/charmbracelet/lipgloss/compare/v2.0.0...v2.0.2) Updates `charm.land/log/v2` from 2.0.0-20251110204020-529bb77f35da to 2.0.0 - [Release notes](https://github.com/charmbracelet/log/releases) - [Commits](https://github.com/charmbracelet/log/commits/v2.0.0) Updates `charm.land/wish/v2` from 2.0.0-20251118130305-6cd7463a7b97 to 2.0.0 - [Release notes](https://github.com/charmbracelet/wish/releases) - [Commits](https://github.com/charmbracelet/wish/commits/v2.0.0) Updates `github.com/charmbracelet/colorprofile` from 0.4.2 to 0.4.3 - [Release notes](https://github.com/charmbracelet/colorprofile/releases) - [Commits](https://github.com/charmbracelet/colorprofile/compare/v0.4.2...v0.4.3) Updates `golang.org/x/crypto` from 0.48.0 to 0.49.0 - [Commits](https://github.com/golang/crypto/compare/v0.48.0...v0.49.0) --- updated-dependencies: - dependency-name: charm.land/bubbletea/v2 dependency-version: 2.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: charm.land/glamour/v2 dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: charm.land/lipgloss/v2 dependency-version: 2.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: charm.land/log/v2 dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: charm.land/wish/v2 dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/charmbracelet/colorprofile dependency-version: 0.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: golang.org/x/crypto dependency-version: 0.49.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
c147421
Merge commit from fork
Evan MORVAN created
85e19f1
chore(deps): bump golang.org/x/sync in the all group (#793)
Click to expand commit body
Bumps the all group with 1 update: [golang.org/x/sync](https://github.com/golang/sync). Updates `golang.org/x/sync` from 0.19.0 to 0.20.0 - [Commits](https://github.com/golang/sync/compare/v0.19.0...v0.20.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-version: 0.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
1959b0f
chore: bump bubbletea to v2.0.1
Ayman Bagabas created
879ece7
fix(ssrf): pin resolved IP in dial to prevent DNS rebinding (#791)
Vinayak Mishra created
3ef6600
fix(ssrf): handle DNS resolution in SSRF protection
Ayman Bagabas created
19bc627
fix(ssh): add argument validation to webhook deliveries commands
Ayman Bagabas created
45855b6
chore(deps): bump the all group across 1 directory with 10 updates (#787)
Click to expand commit body
Bumps the all group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [charm.land/bubbles/v2](https://github.com/charmbracelet/bubbles) | `2.0.0-rc.1.0.20251208171859-93a004ab70c8` | `2.0.0` | | [github.com/caarlos0/env/v11](https://github.com/caarlos0/env) | `11.3.1` | `11.4.0` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.5` | `5.17.0` | | [github.com/lib/pq](https://github.com/lib/pq) | `1.11.1` | `1.11.2` | | [github.com/lrstanley/bubblezone/v2](https://github.com/lrstanley/bubblezone) | `2.0.0-alpha.3` | `2.0.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.47.0` | `0.48.0` | | [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `1.44.3` | `1.46.1` | Updates `charm.land/bubbles/v2` from 2.0.0-rc.1.0.20251208171859-93a004ab70c8 to 2.0.0 - [Release notes](https://github.com/charmbracelet/bubbles/releases) - [Commits](https://github.com/charmbracelet/bubbles/commits/v2.0.0) Updates `charm.land/bubbletea/v2` from 2.0.0-rc.2.0.20251216153312-819e2e89c62e to 2.0.0 - [Release notes](https://github.com/charmbracelet/bubbletea/releases) - [Commits](https://github.com/charmbracelet/bubbletea/commits/v2.0.0) Updates `charm.land/lipgloss/v2` from 2.0.0-beta.3.0.20251205162909-7869489d8971 to 2.0.0 - [Release notes](https://github.com/charmbracelet/lipgloss/releases) - [Commits](https://github.com/charmbracelet/lipgloss/commits/v2.0.0) Updates `github.com/caarlos0/env/v11` from 11.3.1 to 11.4.0 - [Release notes](https://github.com/caarlos0/env/releases) - [Commits](https://github.com/caarlos0/env/compare/v11.3.1...v11.4.0) Updates `github.com/charmbracelet/colorprofile` from 0.4.1 to 0.4.2 - [Release notes](https://github.com/charmbracelet/colorprofile/releases) - [Commits](https://github.com/charmbracelet/colorprofile/compare/v0.4.1...v0.4.2) Updates `github.com/go-git/go-git/v5` from 5.16.5 to 5.17.0 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.16.5...v5.17.0) Updates `github.com/lib/pq` from 1.11.1 to 1.11.2 - [Release notes](https://github.com/lib/pq/releases) - [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md) - [Commits](https://github.com/lib/pq/compare/v1.11.1...v1.11.2) Updates `github.com/lrstanley/bubblezone/v2` from 2.0.0-alpha.3 to 2.0.0 - [Commits](https://github.com/lrstanley/bubblezone/compare/v2.0.0-alpha.3...v2.0.0) Updates `golang.org/x/crypto` from 0.47.0 to 0.48.0 - [Commits](https://github.com/golang/crypto/compare/v0.47.0...v0.48.0) Updates `modernc.org/sqlite` from 1.44.3 to 1.46.1 - [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.44.3...v1.46.1) --- updated-dependencies: - dependency-name: charm.land/bubbles/v2 dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: charm.land/bubbletea/v2 dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: charm.land/lipgloss/v2 dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/caarlos0/env/v11 dependency-version: 11.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/charmbracelet/colorprofile dependency-version: 0.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/lib/pq dependency-version: 1.11.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/lrstanley/bubblezone/v2 dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: golang.org/x/crypto dependency-version: 0.48.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: modernc.org/sqlite dependency-version: 1.46.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
e80b183
Merge commit from fork
Click to expand commit body
* fix: apply SSRF protection to LFS HTTP client The LFS HTTP client uses http.DefaultClient which has no SSRF protection. This allows server-side requests from LFS operations to reach private/internal networks. The webhook subsystem already has SSRF protection via secureHTTPClient with IP validation and redirect blocking, but the LFS code path was missed. Add a shared pkg/ssrf package with a secure HTTP client constructor that validates resolved IPs before dialing (blocking private, link- local, loopback, CGNAT, and reserved ranges) and blocks redirects. Replace http.DefaultClient in newHTTPClient() with ssrf.NewSecureClient() at both locations (batch API client and BasicTransferAdapter). * refactor: consolidate webhook SSRF protection into pkg/ssrf Pull shared IP validation into pkg/ssrf so both the LFS client and webhook client use the same SSRF protection. The webhook validator becomes a thin wrapper and the inline secureHTTPClient is replaced with ssrf.NewSecureClient(). Two latent issues in the webhook path fixed in the process: - nil ParseIP result was silently allowed through (now fail-closed) - IPv6-mapped IPv4 bypassed manual range checks (now normalized) Error aliases kept in pkg/webhook for backward compatibility.
Vinayak Mishra created
41aa86b
chore(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 (#784)
Click to expand commit body
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.16.4 to 5.16.5. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.16.4...v5.16.5) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.16.5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
a4edda0
chore(deps): bump github.com/charmbracelet/x/ansi in the all group (#783)
dependabot[bot] created
67188b7
chore(deps): bump the all group with 2 updates (#780)
Click to expand commit body
Bumps the all group with 2 updates: [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) and [github.com/lib/pq](https://github.com/lib/pq). Updates `github.com/golang-jwt/jwt/v5` from 5.3.0 to 5.3.1 - [Release notes](https://github.com/golang-jwt/jwt/releases) - [Commits](https://github.com/golang-jwt/jwt/compare/v5.3.0...v5.3.1) Updates `github.com/lib/pq` from 1.10.9 to 1.11.1 - [Release notes](https://github.com/lib/pq/releases) - [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md) - [Commits](https://github.com/lib/pq/compare/v1.10.9...v1.11.1) --- updated-dependencies: - dependency-name: github.com/golang-jwt/jwt/v5 dependency-version: 5.3.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/lib/pq dependency-version: 1.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
85fecd7
ci: sync dependabot config (#774)
Charm created
35a000e
chore(deps): bump the all group with 2 updates (#778)
Click to expand commit body
Bumps the all group with 2 updates: [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite). Updates `github.com/alecthomas/chroma/v2` from 2.23.0 to 2.23.1 - [Release notes](https://github.com/alecthomas/chroma/releases) - [Commits](https://github.com/alecthomas/chroma/compare/v2.23.0...v2.23.1) Updates `modernc.org/sqlite` from 1.44.2 to 1.44.3 - [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.44.2...v1.44.3) --- updated-dependencies: - dependency-name: github.com/alecthomas/chroma/v2 dependency-version: 2.23.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: modernc.org/sqlite dependency-version: 1.44.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
8539f9a
fix: authentication bypass
Ayman Bagabas created
91e4b2b
chore(deps): bump the all group with 4 updates (#776)
Click to expand commit body
Bumps the all group with 4 updates: [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma), [github.com/charmbracelet/x/ansi](https://github.com/charmbracelet/x), [golang.org/x/crypto](https://github.com/golang/crypto) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite). Updates `github.com/alecthomas/chroma/v2` from 2.22.0 to 2.23.0 - [Release notes](https://github.com/alecthomas/chroma/releases) - [Commits](https://github.com/alecthomas/chroma/compare/v2.22.0...v2.23.0) Updates `github.com/charmbracelet/x/ansi` from 0.11.3 to 0.11.4 - [Commits](https://github.com/charmbracelet/x/compare/ansi/v0.11.3...ansi/v0.11.4) Updates `golang.org/x/crypto` from 0.46.0 to 0.47.0 - [Commits](https://github.com/golang/crypto/compare/v0.46.0...v0.47.0) Updates `modernc.org/sqlite` from 1.43.0 to 1.44.2 - [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.43.0...v1.44.2) --- updated-dependencies: - dependency-name: github.com/alecthomas/chroma/v2 dependency-version: 2.23.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/charmbracelet/x/ansi dependency-version: 0.11.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: golang.org/x/crypto dependency-version: 0.47.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: modernc.org/sqlite dependency-version: 1.44.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
2368256
chore(deps): bump the all group with 3 updates (#775)
Click to expand commit body
Bumps the all group with 3 updates: [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma), [github.com/spf13/cobra](https://github.com/spf13/cobra) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite). Updates `github.com/alecthomas/chroma/v2` from 2.21.1 to 2.22.0 - [Release notes](https://github.com/alecthomas/chroma/releases) - [Commits](https://github.com/alecthomas/chroma/compare/v2.21.1...v2.22.0) Updates `github.com/spf13/cobra` from 1.10.1 to 1.10.2 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2) Updates `modernc.org/sqlite` from 1.42.2 to 1.43.0 - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.42.2...v1.43.0) --- updated-dependencies: - dependency-name: github.com/alecthomas/chroma/v2 dependency-version: 2.22.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/spf13/cobra dependency-version: 1.10.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: modernc.org/sqlite dependency-version: 1.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
28c4854
feat: add support for certificate reloading upon SIGHUP (#710)
Click to expand commit body
* feat: add support for certificate reloading upon SIGHUP * fix: support certificate reloading for unix and add test * fix(cmd): move cert reloader logic to the serve package --------- Co-authored-by: Ayman Bagabas <ayman.bagabas@gmail.com>
Harsh Mantri and Ayman Bagabas created
0758e66
chore(ci): update linting workflow
Ayman Bagabas created
1249f9b
chore(lint): remove unused nolint directive
Ayman Bagabas created
2d0e48f
chore(lint): fix lint issues
Ayman Bagabas created
0f573f4
chore: update golangci-lint config
Ayman Bagabas created
000ab51
Merge commit from fork
Click to expand commit body
* fix: require admin privileges for force delete of LFS locks Move user context retrieval before the force flag check to ensure proper authorization. Force deletions now require admin privileges, preventing non-admin users from deleting locks owned by others. Fixes GHSA-6jm8-x3g6-r33j (CVE-2026-22253) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: improve comment clarity for force delete path Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Tomer Fichman and Claude Opus 4.5 created
62e2d5c
fix(ssh): ui: respect anon-access setting for the ui
Click to expand commit body
Fixes: https://github.com/charmbracelet/soft-serve/issues/759
Ayman Bagabas created
ba7d415
ci: sync golangci-lint config (#767)
Click to expand commit body
Co-authored-by: aymanbagabas <3187948+aymanbagabas@users.noreply.github.com>
github-actions[bot] and aymanbagabas created
c8779b1
chore(deps): bump the all group across 1 directory with 9 updates (#772)
Click to expand commit body
Bumps the all group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma) | `2.20.0` | `2.21.1` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.2` | `5.16.4` | | [github.com/google/go-querystring](https://github.com/google/go-querystring) | `1.1.0` | `1.2.0` | | [github.com/muesli/mango-cobra](https://github.com/muesli/mango-cobra) | `1.2.0` | `1.3.0` | | [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.23.0` | `1.23.2` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.45.0` | `0.46.0` | | [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `1.38.2` | `1.42.2` | Updates `github.com/alecthomas/chroma/v2` from 2.20.0 to 2.21.1 - [Release notes](https://github.com/alecthomas/chroma/releases) - [Commits](https://github.com/alecthomas/chroma/compare/v2.20.0...v2.21.1) Updates `github.com/go-git/go-git/v5` from 5.16.2 to 5.16.4 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.16.2...v5.16.4) Updates `github.com/google/go-querystring` from 1.1.0 to 1.2.0 - [Release notes](https://github.com/google/go-querystring/releases) - [Commits](https://github.com/google/go-querystring/compare/v1.1.0...v1.2.0) Updates `github.com/muesli/mango-cobra` from 1.2.0 to 1.3.0 - [Release notes](https://github.com/muesli/mango-cobra/releases) - [Commits](https://github.com/muesli/mango-cobra/compare/v1.2.0...v1.3.0) Updates `github.com/prometheus/client_golang` from 1.23.0 to 1.23.2 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.23.0...v1.23.2) Updates `github.com/spf13/cobra` from 1.9.1 to 1.10.1 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.9.1...v1.10.1) Updates `golang.org/x/crypto` from 0.45.0 to 0.46.0 - [Commits](https://github.com/golang/crypto/compare/v0.45.0...v0.46.0) Updates `golang.org/x/sync` from 0.18.0 to 0.19.0 - [Commits](https://github.com/golang/sync/compare/v0.18.0...v0.19.0) Updates `modernc.org/sqlite` from 1.38.2 to 1.42.2 - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.38.2...v1.42.2) --- updated-dependencies: - dependency-name: github.com/alecthomas/chroma/v2 dependency-version: 2.21.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.16.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/google/go-querystring dependency-version: 1.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/muesli/mango-cobra dependency-version: 1.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/prometheus/client_golang dependency-version: 1.23.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/spf13/cobra dependency-version: 1.10.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/crypto dependency-version: 0.46.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/sync dependency-version: 0.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: modernc.org/sqlite dependency-version: 1.42.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
2447a96
fix(tests): ignore stderr output in SSRF webhook test
Ayman Bagabas created
9e67180
chore(deps): bump actions/checkout from 5 to 6 in the all group (#765)
Click to expand commit body
Bumps the all group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 5 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
8262d91
chore: go mod tidy
Ayman Bagabas created
a7f2fbe
chore: bump dependencies and use charm.land modules
Ayman Bagabas created
f946151
chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#764)
Click to expand commit body
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.41.0 to 0.45.0. - [Commits](https://github.com/golang/crypto/compare/v0.41.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
8a99b84
test: fix
Click to expand commit body
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Carlos Alexandro Becker created
bb73b9a
Merge commit from fork
Click to expand commit body
closes GHSA-vwq2-jx9q-9h9f Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Carlos Alexandro Becker created
56e9784
docs: Add `IdentitiesOnly` option to ssh command examples (#628)
Rob Berwick created
d963932
Merge commit from fork
Click to expand commit body
* sec: escape ansi sequences on user input fixes HSA-fv2r-r8mp-pg48 Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com> * Apply suggestion from @Tomer-PL Co-authored-by: Tomer Fichman <tomer@irregular.com> * chore: fmt Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com> --------- Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com> Co-authored-by: Tomer Fichman <tomer@irregular.com>
Carlos Alexandro Becker and Tomer Fichman created
ea8799b
feat: add CORS headers (#654)
fetsorn created
15e9e25
chore(deps): bump actions/setup-go from 5 to 6 in the all group (#748)
Click to expand commit body
Bumps the all group with 1 update: [actions/setup-go](https://github.com/actions/setup-go). Updates `actions/setup-go` from 5 to 6 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
6856877
feat: add readiness and liveness probes for self healing (#734)
Click to expand commit body
* feat: add k8s readiness and liveness probes * fix: switch to single err var and add logging * chore: remove fmt import
Jay Madden created
5c8639b
chore(deps): update all deps (#746)
Click to expand commit body
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Carlos Alexandro Becker created
8e52267
chore(deps): bump github.com/sergi/go-diff (#729)
Click to expand commit body
Bumps [github.com/sergi/go-diff](https://github.com/sergi/go-diff) from 1.3.2-0.20230802210424-5b0b94c5c0d3 to 1.4.0. - [Commits](https://github.com/sergi/go-diff/commits/v1.4.0) --- updated-dependencies: - dependency-name: github.com/sergi/go-diff dependency-version: 1.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
bec9fb3
chore(deps): bump github.com/prometheus/client_golang (#739)
Click to expand commit body
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.22.0 to 1.23.0. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.22.0...v1.23.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-version: 1.23.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
e5edfd5
sec: update git-module (#742)
Click to expand commit body
The regex solution proposed in #737 is not sufficient. I've added `--end-of-options` to the relevant commands in https://github.com/aymanbagabas/git-module/pull/1 so this reverts changes made in #737 and update git-module to include that fix. Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Carlos Alexandro Becker created
a73db1a
test: use a repo that doesn't change as much (#743)
Click to expand commit body
wizard tutorial last commit was 2y ago catwalk get commits almost daily Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Carlos Alexandro Becker created
5d9034c
ci: sync dependabot config (#741)
Charm created
76a71ef
chore(deps): bump actions/checkout from 4 to 5 (#735)
Click to expand commit body
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
5a2bde5
fix: check that commit is a SHA1 (#737)
Click to expand commit body
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Carlos Alexandro Becker created
68e6304
chore(deps): bump github.com/alecthomas/chroma/v2 from 2.19.0 to 2.20.0 (#730)
Click to expand commit body
Bumps [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma) from 2.19.0 to 2.20.0. - [Release notes](https://github.com/alecthomas/chroma/releases) - [Changelog](https://github.com/alecthomas/chroma/blob/master/.goreleaser.yml) - [Commits](https://github.com/alecthomas/chroma/compare/v2.19.0...v2.20.0) --- updated-dependencies: - dependency-name: github.com/alecthomas/chroma/v2 dependency-version: 2.20.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created
efa8c06
chore(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.2 to 5.3.0 (#731)
Click to expand commit body
Bumps [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) from 5.2.2 to 5.3.0. - [Release notes](https://github.com/golang-jwt/jwt/releases) - [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md) - [Commits](https://github.com/golang-jwt/jwt/compare/v5.2.2...v5.3.0) --- updated-dependencies: - dependency-name: github.com/golang-jwt/jwt/v5 dependency-version: 5.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] and dependabot[bot] created