fix(semaphore): update image docker.io/semaphoreui/semaphore v2.18.18 → v2.18.20 (#49927)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[docker.io/semaphoreui/semaphore](https://redirect.github.com/semaphoreui/semaphore)
| patch | `c393396` → `9d9eaaf` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Release Notes

<details>
<summary>semaphoreui/semaphore
(docker.io/semaphoreui/semaphore)</summary>

###
[`v2.18.20`](https://redirect.github.com/semaphoreui/semaphore/releases/tag/v2.18.20)

[Compare
Source](https://redirect.github.com/semaphoreui/semaphore/compare/v2.18.19...v2.18.20)

#### Bugfixes

- Validate playbook path

###
[`v2.18.19`](https://redirect.github.com/semaphoreui/semaphore/releases/tag/v2.18.19)

[Compare
Source](https://redirect.github.com/semaphoreui/semaphore/compare/v2.18.18...v2.18.19)

#### v2.18.19 Release Summary

This patch release includes several important security and validation
fixes.

##### Security fixes

- Added validation for Git repository URLs to prevent Git option
injection.
- Added `--end-of-options` to Git commands to make repository URL and
branch handling safer.
- Fixed branch override handling: task-level Git branch override is now
applied only when the template explicitly allows it.
- Prevented custom roles from shadowing built-in role slugs such as
owner or manager.
- Fixed permission resolution so built-in roles always use their
built-in permissions instead of database-defined custom roles.
- Added validation to prevent access keys from being updated with a
different ID or moved to another project.

##### Reliability and tests

- Added tests for Git URL validation and Git command injection
protection.
- Added tests for access key update validation.
- Added tests for custom role validation and reserved role slugs.
- Refactored Git branch resolution into a dedicated helper to make task
behavior more consistent.

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9zZW1hcGhvcmUiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19-->
This commit is contained in:
TrueCharts Bot
2026-07-06 01:51:29 +02:00
committed by GitHub
parent 0c66dfde69
commit 1f37148782
2 changed files with 3 additions and 3 deletions
+2 -2
View File
@@ -9,7 +9,7 @@ annotations:
trueforge.org/min_helm_version: "3.14"
trueforge.org/train: stable
apiVersion: v2
appVersion: 2.18.18
appVersion: 2.18.20
dependencies:
- name: common
version: 29.7.1
@@ -37,5 +37,5 @@ sources:
- https://github.com/trueforge-org/truecharts/tree/master/charts/stable/semaphore
- https://hub.docker.com/r/semaphoreui/semaphore
type: application
version: 7.7.2
version: 7.7.3
+1 -1
View File
@@ -1,7 +1,7 @@
# yaml-language-server: $schema=./values.schema.json
image:
repository: docker.io/semaphoreui/semaphore
tag: v2.18.18@sha256:c393396fba2e3b0a7b6f7e6efc9619cecb99a79f764e6fc6ea09f3421535f74e
tag: v2.18.20@sha256:9d9eaaf87f4ceab1852e5fe883f11733e54d4ee031bff9ff7dbf1592475d5c0a
pullPolicy: IfNotPresent
securityContext: