From 1f371487820a237f696b9d7a43cfcc5000edaa5b Mon Sep 17 00:00:00 2001 From: TrueCharts Bot Date: Mon, 6 Jul 2026 01:51:29 +0200 Subject: [PATCH] =?UTF-8?q?fix(semaphore):=20update=20image=20docker.io/se?= =?UTF-8?q?maphoreui/semaphore=20v2.18.18=20=E2=86=92=20v2.18.20=20(#49927?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/semaphoreui/semaphore](https://redirect.github.com/semaphoreui/semaphore) | patch | `c393396` → `9d9eaaf` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes
semaphoreui/semaphore (docker.io/semaphoreui/semaphore) ### [`v2.18.20`](https://redirect.github.com/semaphoreui/semaphore/releases/tag/v2.18.20) [Compare Source](https://redirect.github.com/semaphoreui/semaphore/compare/v2.18.19...v2.18.20) #### Bugfixes - Validate playbook path ### [`v2.18.19`](https://redirect.github.com/semaphoreui/semaphore/releases/tag/v2.18.19) [Compare Source](https://redirect.github.com/semaphoreui/semaphore/compare/v2.18.18...v2.18.19) #### v2.18.19 Release Summary This patch release includes several important security and validation fixes. ##### Security fixes - Added validation for Git repository URLs to prevent Git option injection. - Added `--end-of-options` to Git commands to make repository URL and branch handling safer. - Fixed branch override handling: task-level Git branch override is now applied only when the template explicitly allows it. - Prevented custom roles from shadowing built-in role slugs such as owner or manager. - Fixed permission resolution so built-in roles always use their built-in permissions instead of database-defined custom roles. - Added validation to prevent access keys from being updated with a different ID or moved to another project. ##### Reliability and tests - Added tests for Git URL validation and Git command injection protection. - Added tests for access key update validation. - Added tests for custom role validation and reserved role slugs. - Refactored Git branch resolution into a dedicated helper to make task behavior more consistent.
--- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). --- charts/stable/semaphore/Chart.yaml | 4 ++-- charts/stable/semaphore/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/stable/semaphore/Chart.yaml b/charts/stable/semaphore/Chart.yaml index db8738e8253..e3d3e1b3d52 100644 --- a/charts/stable/semaphore/Chart.yaml +++ b/charts/stable/semaphore/Chart.yaml @@ -9,7 +9,7 @@ annotations: trueforge.org/min_helm_version: "3.14" trueforge.org/train: stable apiVersion: v2 -appVersion: 2.18.18 +appVersion: 2.18.20 dependencies: - name: common version: 29.7.1 @@ -37,5 +37,5 @@ sources: - https://github.com/trueforge-org/truecharts/tree/master/charts/stable/semaphore - https://hub.docker.com/r/semaphoreui/semaphore type: application -version: 7.7.2 +version: 7.7.3 diff --git a/charts/stable/semaphore/values.yaml b/charts/stable/semaphore/values.yaml index 3fa699c7006..2b62563690d 100644 --- a/charts/stable/semaphore/values.yaml +++ b/charts/stable/semaphore/values.yaml @@ -1,7 +1,7 @@ # yaml-language-server: $schema=./values.schema.json image: repository: docker.io/semaphoreui/semaphore - tag: v2.18.18@sha256:c393396fba2e3b0a7b6f7e6efc9619cecb99a79f764e6fc6ea09f3421535f74e + tag: v2.18.20@sha256:9d9eaaf87f4ceab1852e5fe883f11733e54d4ee031bff9ff7dbf1592475d5c0a pullPolicy: IfNotPresent securityContext: