Commit log

22d00e9 fix(ssh): cmd: remove unnecessary call to utils.SanitizeRepo

Ayman Bagabas created

a8d1bf3 fix: prevent path traversal attacks (#631)

Click to expand commit body 
This commit fixes a path traversal vulnerability in the repository
management code. The `SanitizeRepo` function now correctly returns a
sanitized version of the given repository name. It uses an absolute
path along with `path.Clean` to ensure that the path is cleaned
before being used.

Ayman Bagabas created

0fb868c chore(deps): bump golang.org/x/crypto from 0.31.0 to 0.32.0 (#632)

Click to expand commit body 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.31.0 to 0.32.0.
- [Commits](https://github.com/golang/crypto/compare/v0.31.0...v0.32.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

9cd64aa fix: using lipgloss tables instead of tablewriter (#618)

Click to expand commit body 
* fix: using lipgloss tables instead of tablewriter

* test: fix

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>

---------

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>

Carlos Alexandro Becker created

14bbcc3 chore: update go toolchain to v1.23.4

Click to expand commit body 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>

Carlos Alexandro Becker created

282e7eb chore(deps): bump github.com/alecthomas/chroma/v2 from 2.14.0 to 2.15.0 (#629)

Click to expand commit body 
Bumps [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma) from 2.14.0 to 2.15.0.
- [Release notes](https://github.com/alecthomas/chroma/releases)
- [Changelog](https://github.com/alecthomas/chroma/blob/master/.goreleaser.yml)
- [Commits](https://github.com/alecthomas/chroma/compare/v2.14.0...v2.15.0)

---
updated-dependencies:
- dependency-name: github.com/alecthomas/chroma/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

6679ba4 chore(deps): bump github.com/go-git/go-git/v5 from 5.13.0 to 5.13.1 (#627)

Click to expand commit body 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.13.0 to 5.13.1.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.13.0...v5.13.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

19a6f8d chore(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0 (#626)

Click to expand commit body 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.12.0 to 5.13.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.12.0...v5.13.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

22b21ea chore(deps): bump github.com/caarlos0/env/v11 from 11.3.0 to 11.3.1 (#623)

Click to expand commit body 
Bumps [github.com/caarlos0/env/v11](https://github.com/caarlos0/env) from 11.3.0 to 11.3.1.
- [Release notes](https://github.com/caarlos0/env/releases)
- [Changelog](https://github.com/caarlos0/env/blob/main/.goreleaser.yml)
- [Commits](https://github.com/caarlos0/env/compare/v11.3.0...v11.3.1)

---
updated-dependencies:
- dependency-name: github.com/caarlos0/env/v11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

8cccc97 chore(deps): bump modernc.org/sqlite from 1.34.3 to 1.34.4 (#624)

Click to expand commit body 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.34.3 to 1.34.4.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.3...v1.34.4)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

ec03324 chore(deps): bump modernc.org/sqlite from 1.34.2 to 1.34.3 (#622)

Click to expand commit body 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.34.2 to 1.34.3.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.2...v1.34.3)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

ef79da3 chore(deps): bump github.com/caarlos0/env/v11 from 11.2.2 to 11.3.0 (#620)

Click to expand commit body 
Bumps [github.com/caarlos0/env/v11](https://github.com/caarlos0/env) from 11.2.2 to 11.3.0.
- [Release notes](https://github.com/caarlos0/env/releases)
- [Changelog](https://github.com/caarlos0/env/blob/main/.goreleaser.yml)
- [Commits](https://github.com/caarlos0/env/compare/v11.2.2...v11.3.0)

---
updated-dependencies:
- dependency-name: github.com/caarlos0/env/v11
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

14729ba chore: bump ssh and wish versions

Ayman Bagabas created

c78da07 fix(config): add SOFT_SERVE_CONFIG_LOCATION to Environ

Click to expand commit body 
Fixes: c354d5f21134 (feat: optionally pull config from a custom file (envvar), default to data path. (#557))

Ayman Bagabas created

00be796 fix(config): add default values for the enabled fields

Click to expand commit body 
Fixes: 069db2777dfb (feat: support toggling servers on/off in configuration (#594) (#612))

Ayman Bagabas created

1de446f fix: prevent enumeration of private repo (#614)

DongoDB created

0540b4d feat: test framework supports turning off -race flag (#605)

Click to expand commit body 
This is useful on Windows where gcc is not always
available.

Co-authored-by: Jonatan Wallmander <jonatan.wallmander@kdab.com>

Jonatan Wallmander and Jonatan Wallmander created

069db27 feat: support toggling servers on/off in configuration (#594) (#612)

Click to expand commit body 
To test this, tests added the new function:

  `ensureservernotrunning [SERVICE_NAME]`

Co-authored-by: Jonatan Wallmander <jonatan.wallmander@kdab.com>

Jonatan Wallmander and Jonatan Wallmander created

7c45a99 fix(daemon): close listener only once (#615)

Click to expand commit body 
* fix(daemon): close listener only once

* refactor(daemon): rename Start to ListenAndServe and implement Serve

* fix(daemon): use atomic.Bool for server

* fix(daemon): attempt to fix idle timeout test

Ayman Bagabas created

b450d10 chore(deps): bump golang.org/x/crypto from 0.28.0 to 0.30.0 (#611)

Click to expand commit body 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.28.0 to 0.30.0.
- [Commits](https://github.com/golang/crypto/compare/v0.28.0...v0.30.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

a4eff5b chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.2 to 1.2.4 (#608)

Click to expand commit body 
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 1.1.2 to 1.2.4.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.1.2...v1.2.4)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

2b671b6 chore(deps): bump modernc.org/sqlite from 1.33.1 to 1.34.2 (#609)

Click to expand commit body 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.33.1 to 1.34.2.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.33.1...v1.34.2)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

5342174 chore(deps): bump golang.org/x/sync from 0.8.0 to 0.10.0 (#610)

Click to expand commit body 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.8.0 to 0.10.0.
- [Commits](https://github.com/golang/sync/compare/v0.8.0...v0.10.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

3aa71e0 fix: git daemon listens only when starting it (#607)

Click to expand commit body 
This was inconsistent with the other servers.

Co-authored-by: Jonatan Wallmander <jonatan.wallmander@kdab.com>

Jonatan Wallmander and Jonatan Wallmander created

5d5c55e fix: test framework supports ensuring specific port is open (#606)

Click to expand commit body 
The generic "waitforserver" has been renamed to
"ensureserverrunning".

This command now also takes an argument which denotes
which environment variable to pick the port from.

This is needed as the ports are randomized by the test.

Co-authored-by: Jonatan Wallmander <jonatan.wallmander@kdab.com>

Jonatan Wallmander and Jonatan Wallmander created

446ec63 feat: update go.mod to use go 1.22 and toolchain go1.23.2

Ayman Bagabas created

950ef0c Fix tui_session_seconds_total metric description (#602)

Przemek Wesołek created

226c137 chore(deps): bump codecov/codecov-action from 4 to 5 (#601)

dependabot[bot] created

682dccb chore(deps): bump github.com/charmbracelet/lipgloss (#585)

Click to expand commit body 
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss) from 0.13.0 to 0.13.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Changelog](https://github.com/charmbracelet/lipgloss/blob/master/.goreleaser.yml)
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.13.0...v0.13.1)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

d78d90d chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.1 to 1.1.2 (#586)

Click to expand commit body 
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.1.1...v1.1.2)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

c6c3e3b chore(deps): bump github.com/prometheus/client_golang (#584)

Click to expand commit body 
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.20.4 to 1.20.5.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.20.4...v1.20.5)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

c0931c2 chore(deps): bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#583)

dependabot[bot] created

5669b86 chore(deps): bump github.com/rogpeppe/go-internal from 1.12.0 to 1.13.1 (#581)

Click to expand commit body 
Bumps [github.com/rogpeppe/go-internal](https://github.com/rogpeppe/go-internal) from 1.12.0 to 1.13.1.
- [Release notes](https://github.com/rogpeppe/go-internal/releases)
- [Commits](https://github.com/rogpeppe/go-internal/compare/v1.12.0...v1.13.1)

---
updated-dependencies:
- dependency-name: github.com/rogpeppe/go-internal
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

eca5e32 chore(deps): bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 (#582)

dependabot[bot] created

dd4840b chore(deps): bump github.com/prometheus/client_golang (#578)

dependabot[bot] created

b83e99a chore(deps): bump modernc.org/sqlite from 1.33.0 to 1.33.1 (#577)

Click to expand commit body 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.33.0 to 1.33.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.33.0...v1.33.1)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

a1ec9e0 chore(deps): bump github.com/charmbracelet/bubbletea from 1.1.0 to 1.1.1 (#576)

Click to expand commit body 
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Changelog](https://github.com/charmbracelet/bubbletea/blob/main/.goreleaser.yml)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v1.1.0...v1.1.1)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

782b450 chore(deps): bump github.com/charmbracelet/bubbles from 0.18.0 to 0.20.0 (#575)

dependabot[bot] created

40ca43f chore(deps): bump github.com/charmbracelet/glamour from 0.7.0 to 0.8.0 (#574)

Ayman Bagabas created

6658cf1 fix: update position constant in `JoinHorizontal` (#552)

Click to expand commit body 
* fix: update position constant in JoinHorizontal

* fix: update position constant in JoinVertical

Aditi Patel created

85b4625 fix: add missing arg length check to fix runtime panic (#568)

Click to expand commit body 
* Add missing arg length check to fix runtime panic on "repo branch delete <reponame>" command with missing branch arg

* Add testscript case for missing argument

---------

Co-authored-by: x2 <x2@rrotn.local>

Christopher David Shirk and x2 created

c354d5f feat: optionally pull config from a custom file (envvar), default to data path. (#557)

Click to expand commit body 
* feat: optionally pull config from a custom file (envvar), default to data path.

* docs: add docs on SOFT_SERVE_CONFIG_LOCATION

* feat: add tests for SOFT_SERVE_CONFIG_LOCATION

Kendall Tauser created

ff10b94 chore(deps): bump github.com/charmbracelet/wish from 1.4.1 to 1.4.3

Click to expand commit body 
Bumps [github.com/charmbracelet/wish](https://github.com/charmbracelet/wish) from 1.4.1 to 1.4.3.
- [Release notes](https://github.com/charmbracelet/wish/releases)
- [Changelog](https://github.com/charmbracelet/wish/blob/main/.goreleaser.yml)
- [Commits](https://github.com/charmbracelet/wish/compare/v1.4.1...v1.4.3)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/wish
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

dependabot[bot] created

008c056 chore(deps): bump github.com/prometheus/client_golang

Click to expand commit body 
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.20.0 to 1.20.3.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/v1.20.3/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.20.0...v1.20.3)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

dependabot[bot] created

8cefa75 chore(deps): bump golang.org/x/crypto from 0.26.0 to 0.27.0

Click to expand commit body 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.26.0 to 0.27.0.
- [Commits](https://github.com/golang/crypto/compare/v0.26.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

dependabot[bot] created

5294d86 chore(deps): bump modernc.org/sqlite from 1.32.0 to 1.33.0

Click to expand commit body 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.32.0 to 1.33.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.32.0...v1.33.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

dependabot[bot] created

20b7d5f chore(deps): bump github.com/charmbracelet/keygen from 0.5.0 to 0.5.1 (#559)

dependabot[bot] created

4b044e7 chore(deps): bump github.com/charmbracelet/bubbletea from 1.0.0 to 1.1.0 (#569)

dependabot[bot] created

be5d8aa chore(deps): bump github.com/charmbracelet/bubbletea (#565)

dependabot[bot] created

47a4762 chore(deps): bump github.com/prometheus/client_golang (#558)

dependabot[bot] created