chore(deps): bump linuxfabrik-lib from 3.1.0 to 3.2.0

[dependabot]

Bumps linuxfabrik-lib from 3.1.0 to 3.2.0.

Release notes

Sourced from linuxfabrik-lib's releases.

v3.2.0

Release Notes/CHANGELOG at https://github.com/Linuxfabrik/lib/blob/main/CHANGELOG.md

v3.1.1

Release Notes/CHANGELOG at https://github.com/Linuxfabrik/lib/blob/main/CHANGELOG.md

Changelog

Sourced from linuxfabrik-lib's changelog.

[v3.2.0] - 2026-04-14

Added

• url.py: add split_basic_auth(url) helper that extracts userinfo from a URL like https://user:secret@host/path, returns the URL with the userinfo stripped from the netloc, plus a headers dict carrying the matching Authorization: Basic ... entry. Pass both into lib.url.fetch() / lib.url.fetch_json(). This lets apps accept HTTP basic auth via the URL itself instead of exposing separate --username / --password arguments, which keeps the credentials out of ps listings, out of the request line, and out of any proxy access log

[v3.1.1] - 2026-04-14

Changed

• human.py: human2seconds() and humanduration2seconds() now accept the Unix-style lowercase day/week markers d and w in addition to the canonical Linuxfabrik uppercase D and W. This lets callers parse duration strings from third-party tools that follow the Unix convention (exim mailq age literals, sleep 3d, systemd timers, etc.) without having to normalize the input first. Uppercase D/W continue to work exactly as before, so no existing caller breaks
• nextcloud.py: run_occ() no longer relies on the Nextcloud occ script being marked executable. It now locates php via shutil.which('php') and invokes sudo -u \#<uid> php <occ> <cmd>, which also works on installations where occ lacks the execute bit or its shebang does not resolve to a working PHP interpreter. If no php is found in PATH, the call returns a descriptive error instead of silently failing

Security

• Harden the CI supply chain: the pre-commit install in the pre-commit-autoupdate workflow is now hash-pinned via .github/pre-commit/requirements.txt (generated with pip-compile --generate-hashes --strip-extras), and dependabot/fetch-metadata is pinned to a commit SHA so all GitHub Actions used in .github/workflows/ are now pinned by hash. The policy is documented in CONTRIBUTING.md under "CI Supply Chain"

Commits

• 3b029b2 chore: bump version number [skip ci]
• 894712c feat(url): add split_basic_auth() helper for URL-embedded HTTP basic auth
• f815718 chore: bump version number [skip ci]
• af746df feat(human): accept lowercase d/w aliases in human2seconds()
• b19badc fix(nextcloud): invoke occ via php to not require executable bit
• dd9d79c fix(ci): hash-pin pre-commit install and pin dependabot/fetch-metadata by SHA
• 841548a chore(endoflifedate.py): bump version numbers
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)