Skip to content

Commit 302d37d

Browse files
authored
Merge branch 'development' into main
2 parents 4e2283d + 5bdbdf8 commit 302d37d

12 files changed

Lines changed: 541 additions & 367 deletions

File tree

.github/renovate.json

Lines changed: 48 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -306,19 +306,22 @@
306306
"description": "Go: keep pgx within v4 (CrowdSec requires pgx/v4 module path)",
307307
"matchDatasources": ["go"],
308308
"matchPackageNames": ["github.com/jackc/pgx/v4"],
309-
"allowedVersions": "<5.0.0"
309+
"allowedVersions": "<5.0.0",
310+
"sourceUrl": "https://github.com/jackc/pgx"
310311
},
311312
{
312313
"description": "Go: keep go-jose/v3 within v3 (v4 is a different Go module path)",
313314
"matchDatasources": ["go"],
314315
"matchPackageNames": ["github.com/go-jose/go-jose/v3"],
315-
"allowedVersions": "<4.0.0"
316+
"allowedVersions": "<4.0.0",
317+
"sourceUrl": "https://github.com/go-jose/go-jose"
316318
},
317319
{
318320
"description": "Go: keep go-jose/v4 within v4 (v5 would be a different Go module path)",
319321
"matchDatasources": ["go"],
320322
"matchPackageNames": ["github.com/go-jose/go-jose/v4"],
321-
"allowedVersions": "<5.0.0"
323+
"allowedVersions": "<5.0.0",
324+
"sourceUrl": "https://github.com/go-jose/go-jose"
322325
},
323326
{
324327
"description": "Safety: Keep MAJOR updates separate and require manual review",
@@ -337,6 +340,48 @@
337340
"matchDatasources": ["go"],
338341
"matchPackageNames": ["github.com/google/uuid"],
339342
"sourceUrl": "https://github.com/google/uuid"
343+
},
344+
{
345+
"description": "Fix Renovate lookup for golang-jwt/jwt v5 module path",
346+
"matchDatasources": ["go"],
347+
"matchPackageNames": ["github.com/golang-jwt/jwt/v5"],
348+
"sourceUrl": "https://github.com/golang-jwt/jwt"
349+
},
350+
{
351+
"description": "Fix Renovate lookup for robfig/cron v3 module path",
352+
"matchDatasources": ["go"],
353+
"matchPackageNames": ["github.com/robfig/cron/v3"],
354+
"sourceUrl": "https://github.com/robfig/cron"
355+
},
356+
{
357+
"description": "Fix Renovate lookup for oschwald/maxminddb-golang v2 module path",
358+
"matchDatasources": ["go"],
359+
"matchPackageNames": ["github.com/oschwald/maxminddb-golang/v2"],
360+
"sourceUrl": "https://github.com/oschwald/maxminddb-golang"
361+
},
362+
{
363+
"description": "Fix Renovate lookup for cespare/xxhash v2 module path",
364+
"matchDatasources": ["go"],
365+
"matchPackageNames": ["github.com/cespare/xxhash/v2"],
366+
"sourceUrl": "https://github.com/cespare/xxhash"
367+
},
368+
{
369+
"description": "Fix Renovate lookup for klauspost/cpuid v2 module path",
370+
"matchDatasources": ["go"],
371+
"matchPackageNames": ["github.com/klauspost/cpuid/v2"],
372+
"sourceUrl": "https://github.com/klauspost/cpuid"
373+
},
374+
{
375+
"description": "Fix Renovate lookup for pelletier/go-toml v2 module path",
376+
"matchDatasources": ["go"],
377+
"matchPackageNames": ["github.com/pelletier/go-toml/v2"],
378+
"sourceUrl": "https://github.com/pelletier/go-toml"
379+
},
380+
{
381+
"description": "Fix Renovate lookup for go-playground/validator v10 module path",
382+
"matchDatasources": ["go"],
383+
"matchPackageNames": ["github.com/go-playground/validator/v10"],
384+
"sourceUrl": "https://github.com/go-playground/validator"
340385
}
341386
]
342387
}

.github/workflows/auto-changelog.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,6 @@ jobs:
2424
with:
2525
ref: ${{ github.event.workflow_run.head_sha || github.sha }}
2626
- name: Draft Release
27-
uses: release-drafter/release-drafter@5de93583980a40bd78603b6dfdcda5b4df377b32 # v7
27+
uses: release-drafter/release-drafter@563bf132657a13ded0b01fcb723c5a58cdd824e2 # v7
2828
env:
2929
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/renovate.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ jobs:
3333
go-version: ${{ env.GO_VERSION }}
3434

3535
- name: Run Renovate
36-
uses: renovatebot/github-action@83ec54fee49ab67d9cd201084c1ff325b4b462e4 # v46.1.10
36+
uses: renovatebot/github-action@f66d8679fcfcfa051abde6e7a623007173bf5164 # v46.1.12
3737
with:
3838
configurationFile: .github/renovate.json
3939
token: ${{ secrets.RENOVATE_TOKEN || secrets.GITHUB_TOKEN }}

Dockerfile

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -110,6 +110,11 @@ RUN apk upgrade --no-cache && \
110110
npm install -g npm@${NPM_VERSION} --no-fund --no-audit && \
111111
npm cache clean --force
112112

113+
# Patch CVE-2026-33671: picomatch ReDoS (fixed in 4.0.4) — bundled in Node.js 24.15.0 npm toolchain.
114+
# Remove when a patched Node.js 24 image is available.
115+
# hadolint ignore=DL3059
116+
RUN npm install -g picomatch@4.0.4 --no-fund --no-audit
117+
113118
RUN npm ci
114119

115120
# Copy frontend source and build
@@ -160,7 +165,7 @@ RUN set -eux; \
160165
# Note: xx-go install puts binaries in /go/bin/TARGETOS_TARGETARCH/dlv if cross-compiling.
161166
# We find it and move it to /go/bin/dlv so it's in a consistent location for the next stage.
162167
# renovate: datasource=go depName=github.com/go-delve/delve
163-
ARG DLV_VERSION=1.26.2
168+
ARG DLV_VERSION=1.26.3
164169
# hadolint ignore=DL3059,DL4006
165170
RUN CGO_ENABLED=0 xx-go install github.com/go-delve/delve/cmd/dlv@v${DLV_VERSION} && \
166171
DLV_PATH=$(find /go/bin -name dlv -type f | head -n 1) && \
@@ -392,13 +397,13 @@ RUN go get github.com/expr-lang/expr@v${EXPR_LANG_VERSION} && \
392397
go get go.opentelemetry.io/otel@v1.43.0 && \
393398
# GHSA-xmrv-pmrh-hhx2: AWS SDK v2 event stream injection
394399
# renovate: datasource=go depName=github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream
395-
go get github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream@v1.7.9 && \
400+
go get github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream@v1.7.10 && \
396401
# renovate: datasource=go depName=github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs
397-
go get github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs@v1.69.1 && \
402+
go get github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs@v1.71.1 && \
398403
# renovate: datasource=go depName=github.com/aws/aws-sdk-go-v2/service/kinesis
399-
go get github.com/aws/aws-sdk-go-v2/service/kinesis@v1.43.6 && \
404+
go get github.com/aws/aws-sdk-go-v2/service/kinesis@v1.43.7 && \
400405
# renovate: datasource=go depName=github.com/aws/aws-sdk-go-v2/service/s3
401-
go get github.com/aws/aws-sdk-go-v2/service/s3@v1.100.0 && \
406+
go get github.com/aws/aws-sdk-go-v2/service/s3@v1.100.1 && \
402407
go mod tidy
403408

404409
# Fix compatibility issues with expr-lang v1.17.7

backend/go.mod

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ require (
99
github.com/golang-jwt/jwt/v5 v5.3.1
1010
github.com/google/uuid v1.6.0
1111
github.com/gorilla/websocket v1.5.3
12-
github.com/mattn/go-sqlite3 v1.14.42
12+
github.com/mattn/go-sqlite3 v1.14.44
1313
github.com/moby/moby/client v0.4.1
1414
github.com/oschwald/geoip2-golang/v2 v2.1.0
1515
github.com/prometheus/client_golang v1.23.2
@@ -30,7 +30,7 @@ require (
3030
github.com/Microsoft/go-winio v0.6.2 // indirect
3131
github.com/beorn7/perks v1.0.1 // indirect
3232
github.com/bytedance/gopkg v0.1.4 // indirect
33-
github.com/bytedance/sonic v1.15.0 // indirect
33+
github.com/bytedance/sonic v1.15.1 // indirect
3434
github.com/bytedance/sonic/loader v0.5.1 // indirect
3535
github.com/cespare/xxhash/v2 v2.3.0 // indirect
3636
github.com/cloudwego/base64x v0.1.6 // indirect
@@ -58,7 +58,7 @@ require (
5858
github.com/klauspost/cpuid/v2 v2.3.0 // indirect
5959
github.com/kylelemons/godebug v1.1.0 // indirect
6060
github.com/leodido/go-urn v1.4.0 // indirect
61-
github.com/mattn/go-isatty v0.0.21 // indirect
61+
github.com/mattn/go-isatty v0.0.22 // indirect
6262
github.com/moby/docker-image-spec v1.3.1 // indirect
6363
github.com/moby/moby/api v1.54.2 // indirect
6464
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@@ -67,7 +67,7 @@ require (
6767
github.com/ncruces/go-strftime v1.0.0 // indirect
6868
github.com/opencontainers/go-digest v1.0.0 // indirect
6969
github.com/opencontainers/image-spec v1.1.1 // indirect
70-
github.com/oschwald/maxminddb-golang/v2 v2.1.1 // indirect
70+
github.com/oschwald/maxminddb-golang/v2 v2.2.0 // indirect
7171
github.com/pelletier/go-toml/v2 v2.3.0 // indirect
7272
github.com/pmezard/go-difflib v1.0.0 // indirect
7373
github.com/prometheus/client_model v0.6.2 // indirect
@@ -79,7 +79,7 @@ require (
7979
github.com/stretchr/objx v0.5.3 // indirect
8080
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
8181
github.com/ugorji/go/codec v1.3.1 // indirect
82-
go.mongodb.org/mongo-driver/v2 v2.5.1 // indirect
82+
go.mongodb.org/mongo-driver/v2 v2.6.0 // indirect
8383
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
8484
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 // indirect
8585
go.opentelemetry.io/otel v1.43.0 // indirect
@@ -93,5 +93,5 @@ require (
9393
modernc.org/libc v1.72.1 // indirect
9494
modernc.org/mathutil v1.7.1 // indirect
9595
modernc.org/memory v1.11.0 // indirect
96-
modernc.org/sqlite v1.49.1 // indirect
96+
modernc.org/sqlite v1.50.0 // indirect
9797
)

backend/go.sum

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
44
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
55
github.com/bytedance/gopkg v0.1.4 h1:oZnQwnX82KAIWb7033bEwtxvTqXcYMxDBaQxo5JJHWM=
66
github.com/bytedance/gopkg v0.1.4/go.mod h1:v1zWfPm21Fb+OsyXN2VAHdL6TBb2L88anLQgdyje6R4=
7-
github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uSE=
8-
github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
7+
github.com/bytedance/sonic v1.15.1 h1:nJD5PmM0vY7J8CT6MxoqbVAAMhkSmV2HgRAUrrpLoOw=
8+
github.com/bytedance/sonic v1.15.1/go.mod h1:mT2NbXunuaEbnZ+mRIX/vYqKISmgEuHFDI4UzmKx2SA=
99
github.com/bytedance/sonic/loader v0.5.1 h1:Ygpfa9zwRCCKSlrp5bBP/b/Xzc3VxsAW+5NIYXrOOpI=
1010
github.com/bytedance/sonic/loader v0.5.1/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
1111
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
@@ -89,10 +89,10 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0
8989
github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
9090
github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
9191
github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
92-
github.com/mattn/go-isatty v0.0.21 h1:xYae+lCNBP7QuW4PUnNG61ffM4hVIfm+zUzDuSzYLGs=
93-
github.com/mattn/go-isatty v0.0.21/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4=
94-
github.com/mattn/go-sqlite3 v1.14.42 h1:MigqEP4ZmHw3aIdIT7T+9TLa90Z6smwcthx+Azv4Cgo=
95-
github.com/mattn/go-sqlite3 v1.14.42/go.mod h1:pjEuOr8IwzLJP2MfGeTb0A35jauH+C2kbHKBr7yXKVQ=
92+
github.com/mattn/go-isatty v0.0.22 h1:j8l17JJ9i6VGPUFUYoTUKPSgKe/83EYU2zBC7YNKMw4=
93+
github.com/mattn/go-isatty v0.0.22/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4=
94+
github.com/mattn/go-sqlite3 v1.14.44 h1:3VSe+xafpbzsLbdr2AWlAZk9yRHiBhTBakioXaCKTF8=
95+
github.com/mattn/go-sqlite3 v1.14.44/go.mod h1:pjEuOr8IwzLJP2MfGeTb0A35jauH+C2kbHKBr7yXKVQ=
9696
github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
9797
github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
9898
github.com/moby/moby/api v1.54.2 h1:wiat9QAhnDQjA7wk1kh/TqHz2I1uUA7M7t9SAl/JNXg=
@@ -114,8 +114,8 @@ github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJw
114114
github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
115115
github.com/oschwald/geoip2-golang/v2 v2.1.0 h1:DjnLhNJu9WHwTrmoiQFvgmyJoczhdnm7LB23UBI2Amo=
116116
github.com/oschwald/geoip2-golang/v2 v2.1.0/go.mod h1:qdVmcPgrTJ4q2eP9tHq/yldMTdp2VMr33uVdFbHBiBc=
117-
github.com/oschwald/maxminddb-golang/v2 v2.1.1 h1:lA8FH0oOrM4u7mLvowq8IT6a3Q/qEnqRzLQn9eH5ojc=
118-
github.com/oschwald/maxminddb-golang/v2 v2.1.1/go.mod h1:PLdx6PR+siSIoXqqy7C7r3SB3KZnhxWr1Dp6g0Hacl8=
117+
github.com/oschwald/maxminddb-golang/v2 v2.2.0 h1:/2khmIiNvFxgfwGxitper3XBJBs5qTCPQ/H1iR9MgBw=
118+
github.com/oschwald/maxminddb-golang/v2 v2.2.0/go.mod h1:n/ctYVTFYQypkn5uO1CZnTmj8jdQKIVh/LX7gSaIl0w=
119119
github.com/pelletier/go-toml/v2 v2.3.0 h1:k59bC/lIZREW0/iVaQR8nDHxVq8OVlIzYCOJf421CaM=
120120
github.com/pelletier/go-toml/v2 v2.3.0/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
121121
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -157,8 +157,8 @@ github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS
157157
github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
158158
github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
159159
github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
160-
go.mongodb.org/mongo-driver/v2 v2.5.1 h1:j2U/Qp+wvueSpqitLCSZPT/+ZpVc1xzuwdHWwl7d8ro=
161-
go.mongodb.org/mongo-driver/v2 v2.5.1/go.mod h1:yOI9kBsufol30iFsl1slpdq1I0eHPzybRWdyYUs8K/0=
160+
go.mongodb.org/mongo-driver/v2 v2.6.0 h1:b9sJOYrkmt4l8bY43ZenFBcPlhYIjaOfYHLtbB/5qi8=
161+
go.mongodb.org/mongo-driver/v2 v2.6.0/go.mod h1:yOI9kBsufol30iFsl1slpdq1I0eHPzybRWdyYUs8K/0=
162162
go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
163163
go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
164164
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 h1:CqXxU8VOmDefoh0+ztfGaymYbhdB/tT3zs79QaZTNGY=
@@ -235,8 +235,8 @@ modernc.org/opt v0.2.0 h1:tGyef5ApycA7FSEOMraay9SaTk5zmbx7Tu+cJs4QKZg=
235235
modernc.org/opt v0.2.0/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
236236
modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
237237
modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
238-
modernc.org/sqlite v1.49.1 h1:dYGHTKcX1sJ+EQDnUzvz4TJ5GbuvhNJa8Fg6ElGx73U=
239-
modernc.org/sqlite v1.49.1/go.mod h1:m0w8xhwYUVY3H6pSDwc3gkJ/irZT/0YEXwBlhaxQEew=
238+
modernc.org/sqlite v1.50.0 h1:eMowQSWLK0MeiQTdmz3lqoF5dqclujdlIKeJA11+7oM=
239+
modernc.org/sqlite v1.50.0/go.mod h1:m0w8xhwYUVY3H6pSDwc3gkJ/irZT/0YEXwBlhaxQEew=
240240
modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
241241
modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
242242
modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=

0 commit comments

Comments
 (0)