Commit Graph

57226 Commits

Author SHA1 Message Date
TrueCharts Bot bbe4cc6f07 chore(jellyfin): update image docker.io/alpine/socat digest to 7f9a067 (#49363)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/alpine/socat | digest | `2b6b49e` → `7f9a067` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9qZWxseWZpbiIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvZGlnZXN0Il19-->
2026-06-22 21:01:26 +02:00
TrueCharts Bot efb1c9cb48 fix(healthchecks): update image ghcr.io/linuxserver/healthchecks 4.2.20260615 → 4.2.20260622 (#49366)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[ghcr.io/linuxserver/healthchecks](https://redirect.github.com/linuxserver/docker-healthchecks/packages)
([source](https://redirect.github.com/linuxserver/docker-healthchecks))
| patch | `b99ed55` → `86d1c6d` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9oZWFsdGhjaGVja3MiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19-->
2026-06-22 21:00:41 +02:00
TrueCharts Bot 928e6f74a6 feat(misskey): update image docker.io/misskey/misskey 2026.5.4 → 2026.6.0 (#49362)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[docker.io/misskey/misskey](https://redirect.github.com/misskey-dev/misskey)
| minor | `ec4d104` → `d3c2bf2` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Release Notes

<details>
<summary>misskey-dev/misskey (docker.io/misskey/misskey)</summary>

###
[`v2026.6.0`](https://redirect.github.com/misskey-dev/misskey/blob/HEAD/CHANGELOG.md#202660)

[Compare
Source](https://redirect.github.com/misskey-dev/misskey/compare/2026.5.4...2026.6.0)

##### General

- Feat: ジョブキュー管理画面からキューの一時停止/再開ができるように
- Feat: アンテナのタイムラインから個別のノートを削除できるように
- Feat:
ノート検索で投稿日時の期間を条件に加えられるように([#&#8203;16035](https://redirect.github.com/misskey-dev/misskey/issues/16035))
- Fix: コンパネからrootユーザーのパスワードをリセットしようとした際にエラーが通知されない問題を修正

##### Client

- Enhance: ユーザーページのファイルタブでスクロール位置が保持されるように
- Enhance: ドライブページでスクロール位置が保持されるように
- Enhance: 絵文字のメニューから直接絵文字パレットに絵文字を追加できるように
- Fix: URLプレビューのプレイヤーをウィンドウで開いたとき、プレイヤーが読み込まれるまでの間 `Invalid URL`
と表示される問題を修正
- Fix: 一部の実績が正しく表示されない問題を修正
- Fix: アクセストークン発行時のダイアログのタイトルが「確認コード」となっているのを修正
- Fix: 一部のUI要素の色が正しく表示されない問題を修正\
(Cherry-picked from
[MisskeyIO#1243](https://redirect.github.com/MisskeyIO/misskey/pull/1243))
- Fix: 「D」キーでダークモードを切り替える際にsyncDeviceDarkModeのチェックがバイパスされる問題を修正
- Fix: パスキー登録完了時の認証ダイアログの入力値が使われていない問題を修正
- Fix: メンションのサジェスト時に表示されるアイコン表示が画像サイズ次第で崩れる問題を修正
- Fix: ノートの下書きをリセットする際、未アップロードのファイルについては添付予定が解除されない問題を修正
- Fix: 画像アップロード時、フレームのキャプション付与が正しく行われないことがある問題を修正

##### Server

- Enhance: リモートノートクリーニングジョブのスキップ処理のパフォーマンス改善
- Enhance: リモートノートクリーニングジョブの削除対象検索処理のパフォーマンス改善
- Enhance: ActivityPub の画像添付に width/height を含めるように
- Enhance: URLプレビューのデフォルトの User Agent に Misskey サーバーのURLを含めるように
- Fix: backend バンドルで `@tensorflow/tfjs-node` を external に含めず、起動時に
`@mapbox/node-pre-gyp` の `find()` が backend の package.json を誤検出して `is
not node-pre-gyp ready` エラーを永続的に吐く問題を修正
- Fix: MemoryKVCacheのキャッシュGC処理において、更新されたキャッシュが期限切れにならないことがある問題を修正
- Fix: PerUserDriveChart がシステム所有ファイル (userId が null) の更新で `"group"`
の非NULL制約違反によりクラッシュする問題を修正
([#&#8203;17498](https://redirect.github.com/misskey-dev/misskey/issues/17498))
- Fix: センシティブメディア自動検出周りの依存関係・ファイルの解決に失敗する問題を修正
- Fix: フォロワー限定投稿を指名投稿で引用した際に、引用した投稿の公開範囲が意図せず変更される問題を修正
- Fix: `actor` を持たない不正なInboxアクティビティを受信した際に配送ジョブが `TypeError`
でクラッシュする問題を修正 (受信時に検証して400で返し、ジョブを積まないように変更)
- Fix: Startup and shutdown failures (port-in-use, socket permission
denied, plugin timeouts, leaked WebSocket connections) are now reported
through the misskey logger instead of an
UnhandledPromiseRejectionWarning stack trace
- Fix: リモートのノートに対するメンション数制限が、サーバーが解決できたユーザー数ベースで行われていた問題を修正
- Fix: セキュリティに関する修正

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9taXNza2V5IiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9taW5vciJdfQ==-->
2026-06-22 14:56:45 +02:00
TrueCharts Bot 9a9a1899bc fix(radicale): update image docker.io/tomsquest/docker-radicale 3.7.3.0 → 3.7.5.0 (#49361)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[docker.io/tomsquest/docker-radicale](https://redirect.github.com/tomsquest/docker-radicale)
| patch | `265195d` → `e4e694f` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Release Notes

<details>
<summary>tomsquest/docker-radicale
(docker.io/tomsquest/docker-radicale)</summary>

###
[`v3.7.5.0`](https://redirect.github.com/tomsquest/docker-radicale/blob/HEAD/CHANGELOG.md#3750---2026-06-22)

[Compare
Source](https://redirect.github.com/tomsquest/docker-radicale/compare/3.7.4.0...3.7.5.0)

###
[`v3.7.4.0`](https://redirect.github.com/tomsquest/docker-radicale/blob/HEAD/CHANGELOG.md#3740---2026-06-22)

[Compare
Source](https://redirect.github.com/tomsquest/docker-radicale/compare/3.7.3.0...3.7.4.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9yYWRpY2FsZSIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=-->
2026-06-22 14:55:42 +02:00
TrueCharts Bot 153730db38 fix(docuseal): update image docker.io/docuseal/docuseal 3.1.0 → 3.1.1 (#49360)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/docuseal/docuseal | patch | `cd61aa2` → `0db707b` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9kb2N1c2VhbCIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=-->
2026-06-22 14:55:01 +02:00
TrueCharts Bot 61069579ea chore(searxng): update image docker.io/searxng/searxng digest to 3f52dca (#49358)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/searxng/searxng | digest | `3f4f8d7` → `3f52dca` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9zZWFyeG5nIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9kaWdlc3QiXX0=-->
2026-06-22 14:54:56 +02:00
TrueCharts Bot cb957133ce chore(ombi): update image ghcr.io/linuxserver/ombi digest to aa44c36 (#49357)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[ghcr.io/linuxserver/ombi](https://redirect.github.com/linuxserver/docker-ombi/packages)
([source](https://redirect.github.com/linuxserver/docker-ombi)) | digest
| `8b4b1e9` → `aa44c36` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9vbWJpIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9kaWdlc3QiXX0=-->
2026-06-22 14:54:45 +02:00
TrueCharts Bot 628e63d71c chore(xen-orchestra): update image docker.io/ronivay/xen-orchestra digest to 34ab33e (#49359)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/ronivay/xen-orchestra | digest | `63a113c` → `34ab33e` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC94ZW4tb3JjaGVzdHJhIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9kaWdlc3QiXX0=-->
2026-06-22 14:54:41 +02:00
TrueCharts Bot 64528e7f1d chore(thelounge): update image docker.io/thelounge/thelounge digest to b624275 (#49347)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[docker.io/thelounge/thelounge](https://redirect.github.com/thelounge/thelounge-docker)
| digest | `b3c6432` → `b624275` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC90aGVsb3VuZ2UiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==-->
2026-06-22 07:15:52 +00:00
TrueCharts Bot c51bd6ed68 feat(tdarr): update image docker.io/haveagitgat/tdarr 2.79.01 → 2.80.01 (#49356)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[docker.io/haveagitgat/tdarr](https://redirect.github.com/HaveAGitGat/tdarr_express_be)
| minor | `d32377a` → `43e0808` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC90ZGFyciIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=-->
2026-06-22 08:50:44 +02:00
TrueCharts Bot d9a7d55da2 feat(tdarr-node): update image docker.io/haveagitgat/tdarr_node 2.79.01 → 2.80.01 (#49355)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[docker.io/haveagitgat/tdarr_node](https://redirect.github.com/HaveAGitGat/tdarr_express_be)
| minor | `26650fe` → `b4d210b` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC90ZGFyci1ub2RlIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9taW5vciJdfQ==-->
2026-06-22 08:50:10 +02:00
TrueCharts Bot e8719f4b6b chore(minecraft-gate): update image ghcr.io/minekube/gate digest to 313116d (#49353)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| ghcr.io/minekube/gate | digest | `4aa7af3` → `313116d` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9taW5lY3JhZnQtZ2F0ZSIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvZGlnZXN0Il19-->
2026-06-22 06:49:38 +00:00
TrueCharts Bot 9ff4a3d6c8 chore(fileflows): update image docker.io/revenz/fileflows digest to ebe9eec (#49352)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/revenz/fileflows | digest | `9a500ac` → `ebe9eec` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9maWxlZmxvd3MiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==-->
2026-06-22 08:49:20 +02:00
TrueCharts Bot cb66fee4cd chore(searxng): update image docker.io/searxng/searxng digest to 3f4f8d7 (#49354)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/searxng/searxng | digest | `d0f6ccf` → `3f4f8d7` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9zZWFyeG5nIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9kaWdlc3QiXX0=-->
2026-06-22 08:48:59 +02:00
TrueCharts Bot 3357b0f652 feat(nvidia-gpu-exporter): update image docker.io/utkuozdemir/nvidia_gpu_exporter 1.4.1 → 1.5.0 (#49351)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/utkuozdemir/nvidia_gpu_exporter | minor | `b921d70` →
`b5f70ca` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9udmlkaWEtZ3B1LWV4cG9ydGVyIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9taW5vciJdfQ==-->
2026-06-22 02:45:15 +02:00
TrueCharts Bot deaaf6551c fix(openwebrxplus): update image docker.io/slechev/openwebrxplus-softmbe 1.2.116 → 1.2.117 (#49349)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/slechev/openwebrxplus-softmbe | patch | `a33dd74` →
`465b34b` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9vcGVud2VicnhwbHVzIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9wYXRjaCJdfQ==-->
2026-06-22 02:45:05 +02:00
TrueCharts Bot ac8abbc8a5 fix(etherpad): update image ghcr.io/ether/etherpad 3.3.1 → 3.3.2 (#49348)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [ghcr.io/ether/etherpad](https://redirect.github.com/ether/etherpad) |
patch | `c4bcd4b` → `044e5b5` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Release Notes

<details>
<summary>ether/etherpad (ghcr.io/ether/etherpad)</summary>

###
[`v3.3.2`](https://redirect.github.com/ether/etherpad/blob/HEAD/CHANGELOG.md#332)

[Compare
Source](https://redirect.github.com/ether/etherpad/compare/3.3.1...3.3.2)

3.3.2 is a bug-fix and dependency-hardening follow-up to 3.3.1. It
rounds out the pad-deletion UX rework (suppressing the recovery token
for durable identities, keeping the token-less Delete button reachable,
and closing a read-only deletion hole), restores the saved-revision
markers that went missing from in-pad history mode in 3.3.x, and adds
env-var overrides so air-gapped installs can switch off Etherpad's
outbound calls without editing the image. It also fixes the `migrateDB`
/ `importSqlFile` / `migrateDirtyDBtoRealDB` CLI scripts against the
promise-based ueberdb2 API, rejects unreachable `.`/`..` pad ids, and
clears a batch of dependency security advisories (including
CVE-2026-54285). On the CI side it unblocks the installer smoke test
(which had been hanging the full 6-hour job ceiling since 3.2.0) and
pins ueberdb2 past a startup-exit regression in the packaged boot.

##### Security

- **Force `@opentelemetry/core` ≥ 2.8.0 (GHSA-8988-4f7v-96qf /
CVE-2026-54285,
[#&#8203;7975](https://redirect.github.com/ether/etherpad/issues/7975)).**
The transitive dep (pulled in via `@elastic/elasticsearch` →
`@elastic/transport`) had a `W3CBaggagePropagator.extract()` that did
not enforce W3C size limits on inbound baggage headers, allowing
unbounded memory allocation. Pinned via a `pnpm-workspace.yaml`
override; satisfies the existing `2.x` range with no parent bump.
- **Resolve open Dependabot security alerts
([#&#8203;7967](https://redirect.github.com/ether/etherpad/issues/7967)).**
Refreshes stale override floors and adds new ones via `pnpm-workspace`
overrides: `form-data` ≥ 4.0.6, `ws` ≥ 8.21.0, `esbuild` ≥ 0.28.1,
`basic-ftp` ≥ 5.3.1 (capped `<6.0.0` to avoid a surprise major on the
plugin-install path), `tar` ≥ 7.5.16, `js-yaml` ≥ 4.2.0, `qs` ≥ 6.15.2,
`ip-address` ≥ 10.1.1, and `@babel/core` ≥ 7.29.6.
- **Reject read-only deletion via token-less paths (part of
[#&#8203;7959](https://redirect.github.com/ether/etherpad/issues/7959) /
[#&#8203;7960](https://redirect.github.com/ether/etherpad/issues/7960)).**
Under `allowPadDeletionByAllUsers` a read-only viewer was granted
`canDeletePad=true`, and the server's `flagOk`/`creatorOk` branches
never checked `session.readonly` — so a read-only link holder could
delete a pad without a token. Read-only sessions are now excluded from
both the client var and the server's token-less authorization paths; a
valid recovery token stays sufficient regardless of session mode.

##### Notable enhancements

- **Pad deletion — suppress the recovery token for durable identities
and relabel the action
([#&#8203;7926](https://redirect.github.com/ether/etherpad/issues/7926)
/
[#&#8203;7930](https://redirect.github.com/ether/etherpad/issues/7930)).**
Building on the `allowPadDeletionByAllUsers` suppression, a creator's
deletion token is now also withheld when they have a *durable* identity
— authenticated (`req.session.user` with a username) **and** the
deployment pins that identity to a stable `authorID` via a `getAuthorId`
hook — since only then does the creator survive a cookie clear or a
different device, making the token redundant. This tightens the previous
"require authentication ⇒ always suppress" rule: without `getAuthorId`
the authorID still comes from the per-browser cookie, so an
authenticated user on a second device is *not* the creator and keeps
getting a token. A new `canDeleteWithoutToken` client var hides the
whole recovery-token disclosure (label, field, submit) when no token is
needed, and the recovery form now renders for all sessions (hidden by
default) so an authenticated creator without a durable mapping still has
UI to enter their token. `API.createPad` returns a `null`
`deletionToken` under `allowPadDeletionByAllUsers`, matching the
socket/UI path.
- **Offline/air-gapped installs — env-var overrides for the update
check, plugin catalog, and updater
([#&#8203;7917](https://redirect.github.com/ether/etherpad/issues/7917),
addresses
[#&#8203;7911](https://redirect.github.com/ether/etherpad/issues/7911)).**
Firewalled deployments could not disable Etherpad's outbound calls
without editing `settings.json` inside the image. The relevant keys are
now wired through the `${ENV:default}` substitution in
`settings.json.docker` and `settings.json.template`:
`PRIVACY_UPDATE_CHECK`, `PRIVACY_PLUGIN_CATALOG`, `UPDATES_TIER` (`off`
= no calls), `UPDATE_SERVER`, plus the docker-only `UPDATES_SOURCE` /
`UPDATES_CHANNEL` / `UPDATES_CHECK_INTERVAL_HOURS` /
`UPDATES_GITHUB_REPO` / `UPDATES_REQUIRE_ADMIN_FOR_STATUS`. A new
"Updates & privacy" section in `doc/docker.md` documents the set;
backend tests parse the shipped configs and fail if the `${ENV}`
placeholders are dropped. Config, docs, and tests only — no runtime code
change.

##### Notable fixes

- **Pad — keep the token-less Delete button reachable without pad-wide
settings
([#&#8203;7959](https://redirect.github.com/ether/etherpad/issues/7959)
/
[#&#8203;7960](https://redirect.github.com/ether/etherpad/issues/7960)).**
The token-less `#delete-pad` button was nested inside the
`enablePadWideSettings`-gated section, so disabling pad-wide settings
removed the only no-token deletion path — and combined with
[#&#8203;7926](https://redirect.github.com/ether/etherpad/issues/7926)
hiding the token disclosure when no token is needed, a user allowed to
delete could be left with no deletion UI at all. The button is now
always rendered (hidden by default) and driven by a `canDeletePad`
client var (creator or `allowPadDeletionByAllUsers`, excluding read-only
sessions), so the plain button and the recovery-token disclosure are
mutually coherent and neither depends on pad-wide settings.
- **History mode — restore the saved-revision markers
([#&#8203;7946](https://redirect.github.com/ether/etherpad/issues/7946)
/
[#&#8203;7948](https://redirect.github.com/ether/etherpad/issues/7948)).**
When
[#&#8203;7659](https://redirect.github.com/ether/etherpad/issues/7659)
moved the timeslider into the pad as an embedded iframe, the user-facing
control became the outer `#history-slider-input`, but the saved-revision
stars were still drawn into the now-hidden iframe `#ui-slider-bar`, so
"Save Revision" appeared to do nothing in in-pad history mode (a 3.3.x
regression). `pad_mode.ts` now bridges the embedded slider's saved
revisions onto the outer slider as percentage-positioned, aria-hidden
star markers (with click-to-seek for mouse users), and the server's
`SAVE_REVISION` handler broadcasts `NEW_SAVEDREV` to the pad room so a
revision saved by a collaborator appears live on an already-open history
slider. A single revision saved at rev 0 now renders too. Adds
Playwright coverage for both the single-client and two-client live
paths.
- **Import dialog — correct the outdated "no converter" help message
([#&#8203;7988](https://redirect.github.com/ether/etherpad/issues/7988)
/
[#&#8203;7989](https://redirect.github.com/ether/etherpad/issues/7989)).**
The notice claimed only plain text and HTML could be imported and linked
to the legacy AbiWord wiki, prompting LibreOffice installs for formats
that already work natively. Etherpad imports `.txt`, `.html`, `.docx`
(via mammoth) and `.etherpad` without LibreOffice; only
`.pdf`/`.odt`/`.doc`/`.rtf` still need it. The message now says so and
points at the documentation site.
- **PadManager — reject unreachable `.` and `..` pad ids
([#&#8203;7962](https://redirect.github.com/ether/etherpad/issues/7962)).**
`isValidPadId` accepted ids consisting only of URL dot-segments, but per
the WHATWG URL standard a browser normalises `/p/.` to `/p/` and `/p/..`
to `/`, so such a pad could be created in the database yet never opened
or exported. These ids are now rejected, and the admin `deletePad`
handler falls back to a raw key purge when `getPad()` throws so any
legacy `.`/`..` pad can still be removed.

##### Internal / contributor-facing

- **CLI — fix the database migration/import scripts against the ueberdb2
promise API
([#&#8203;7982](https://redirect.github.com/ether/etherpad/issues/7982)
/
[#&#8203;7983](https://redirect.github.com/ether/etherpad/issues/7983)).**
`migrateDB.ts` opened source and target databases, copied all keys, then
resolved without closing either — so under ueberdb2 6.1.x the keep-alive
timer kept the process hanging after "Done syncing dbs", and buffered
target writes were only guaranteed flushed on `close()`. It now closes
both databases (flushing writes, clearing the timer) on success and
error paths and exits with an explicit status. `importSqlFile.ts` and
`migrateDirtyDBtoRealDB.ts` were ported off the pre-v6 callback API to
`await db.init()` / `db.set(k, v)` / `db.close()`, removing two
`@ts-ignore`s that hid broken calls and fixing an undefined `length` in
a progress log; `tsc --noEmit` on the bin package is now clean.
- **CI — stop the installer smoke test hanging the 6-hour job ceiling
([#&#8203;7981](https://redirect.github.com/ether/etherpad/issues/7981)).**
The "Installer test" had hung on every ubuntu/macOS run since 3.2.0:
`pnpm run prod` is a nested launcher, so `kill "$PID"; wait "$PID"` only
signalled the outer pnpm and blocked forever if the node server didn't
exit on SIGTERM. Teardown now runs the launcher in its own process
group, kills the whole group (SIGTERM then SIGKILL), drops the blocking
`wait`, and adds an 8-minute `timeout-minutes` backstop to both smoke
steps.
- **CI — run the Debian-package smoke test on PRs
([#&#8203;7969](https://redirect.github.com/ether/etherpad/issues/7969)).**
The packaged-boot smoke test previously ran only on push to `develop` —
i.e. after merge — which is why the ueberdb2 startup-exit regression
turned `develop` red instead of being blocked at PR time. A
`pull_request` trigger (scoped to production-footprint paths) now runs
the build+smoke job on PRs; the release/apt-publish jobs stay
tag-guarded.
- **Release — park the non-functional `ep_etherpad` npm publish
([#&#8203;7922](https://redirect.github.com/ether/etherpad/issues/7922)).**
The `releaseEtherpad` workflow republished `./src` as `ep_etherpad`, a
package with zero dependents that nothing in the repo or any deployment
path consumes, and it had been failing with E404 (no OIDC trusted
publisher configured). The job is now gated behind an explicit `confirm:
true` dispatch input so a stray run fails fast with a clear message,
with the status documented in the workflow header and `AGENTS.MD`.
- **Tests — port the orphaned legacy timeslider specs to Playwright
([#&#8203;7949](https://redirect.github.com/ether/etherpad/issues/7949)).**
The `src/tests/frontend/specs/` mocha suite is run by no CI workflow, so
its timeslider coverage was dead — which is how the
[#&#8203;7946](https://redirect.github.com/ether/etherpad/issues/7946)
history-mode regression reached a release. The still-meaningful cases
(revision labels, export links, deep-link entry) were ported to
`frontend-new` Playwright specs re-targeted at the real in-pad UI, and
the three now-ported legacy specs were deleted.

##### Dependencies

- `ueberdb2` pinned to `6.1.13`. 6.1.10 rewrote the cache/buffer layer
to lazily arm an `.unref()`'d flush timer only when there are dirty
keys, so on a fresh empty dirty DB nothing anchored Node's event loop
and the packaged (.deb/systemd) boot could exit cleanly (code 0) before
`server.listen()` bound the port — failing the Debian-package health
check. The dep was pinned back to the last green release (6.1.9,
[#&#8203;7969](https://redirect.github.com/ether/etherpad/issues/7969))
and then rolled forward to the now-fixed `6.1.13`
([#&#8203;7979](https://redirect.github.com/ether/etherpad/issues/7979)),
pinned exactly rather than with a caret.
- `nodemailer` 8.x → 9.0.1
([#&#8203;7965](https://redirect.github.com/ether/etherpad/issues/7965)
/ [#&#8203;7950](https://redirect.github.com/ether/etherpad/issues/7950)
/
[#&#8203;7976](https://redirect.github.com/ether/etherpad/issues/7976)),
`mongodb` 7.1.1 → 7.3.0
([#&#8203;7941](https://redirect.github.com/ether/etherpad/issues/7941)),
`pg` 8.21.0 → 8.22.0
([#&#8203;7985](https://redirect.github.com/ether/etherpad/issues/7985)),
`undici` → 8.5.0
([#&#8203;7980](https://redirect.github.com/ether/etherpad/issues/7980)
etc.), `oidc-provider` 9.8.4 → 9.8.5
([#&#8203;7973](https://redirect.github.com/ether/etherpad/issues/7973)),
`pdfkit` 0.19.0 → 0.19.1
([#&#8203;7945](https://redirect.github.com/ether/etherpad/issues/7945)),
`semver` 7.8.3 → 7.8.4
([#&#8203;7943](https://redirect.github.com/ether/etherpad/issues/7943)),
and `@radix-ui/react-switch` 1.3.0 → 1.3.1
([#&#8203;7974](https://redirect.github.com/ether/etherpad/issues/7974)).
- Dev/build dependency group updates
([#&#8203;7964](https://redirect.github.com/ether/etherpad/issues/7964),
[#&#8203;7970](https://redirect.github.com/ether/etherpad/issues/7970),
[#&#8203;7978](https://redirect.github.com/ether/etherpad/issues/7978),
[#&#8203;7987](https://redirect.github.com/ether/etherpad/issues/7987),
[#&#8203;7944](https://redirect.github.com/ether/etherpad/issues/7944),
[#&#8203;7951](https://redirect.github.com/ether/etherpad/issues/7951),
[#&#8203;7952](https://redirect.github.com/ether/etherpad/issues/7952),
and others), including `@types/node` 25 → 26, `esbuild` 0.28.0 → 0.28.1,
`eslint` 10.4.1 → 10.5.0, `@playwright/test` 1.60 → 1.61, `vitest` 4.1.8
→ 4.1.9, and `actions/checkout` 6 → 7
([#&#8203;7977](https://redirect.github.com/ether/etherpad/issues/7977)).

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9ldGhlcnBhZCIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=-->
2026-06-22 00:44:56 +00:00
TrueCharts Bot 04124890cb chore(searxng): update image docker.io/searxng/searxng digest to d0f6ccf (#49346)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/searxng/searxng | digest | `ed29454` → `d0f6ccf` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9zZWFyeG5nIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9kaWdlc3QiXX0=-->
2026-06-22 02:44:41 +02:00
TrueCharts Bot e52ecf3fc9 chore(rflood): update image ghcr.io/hotio/rflood digest to 49c1885 (#49345)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| ghcr.io/hotio/rflood | digest | `99691b3` → `49c1885` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9yZmxvb2QiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==-->
2026-06-22 02:43:43 +02:00
TrueCharts Bot 9849637c6e chore(qinglong): update image docker.io/whyour/qinglong digest to 560acc2 (#49344)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[docker.io/whyour/qinglong](https://redirect.github.com/whyour/qinglong)
| digest | `a50f545` → `560acc2` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9xaW5nbG9uZyIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvZGlnZXN0Il19-->
2026-06-22 02:43:18 +02:00
TrueCharts Bot c7960f4d94 feat(docker): update image docker 29.5.3 → 29.6.0 (#49350)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker | minor | `7278248` → `7bb861a` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9kb2NrZXIiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL21pbm9yIl19-->
2026-06-22 02:42:31 +02:00
TrueCharts Bot 7be1c4ddaa chore(nitter): update image docker.io/zedeus/nitter digest to 9fdd458 (#49343)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/zedeus/nitter | digest | `f724be5` → `9fdd458` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9uaXR0ZXIiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==-->
2026-06-22 02:39:42 +02:00
TrueCharts Bot e36bfec97c feat(wekan): update image docker.io/wekanteam/wekan v9.65 → v9.67 (#49342)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [docker.io/wekanteam/wekan](https://redirect.github.com/wekan/wekan) |
minor | `a453464` → `6a6a5cc` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Release Notes

<details>
<summary>wekan/wekan (docker.io/wekanteam/wekan)</summary>

###
[`v9.67`](https://redirect.github.com/wekan/wekan/blob/HEAD/CHANGELOG.md#v967-2026-06-21-WeKan--release)

[Compare
Source](https://redirect.github.com/wekan/wekan/compare/v9.65...v9.67)

This release fixes the following bugs:

- [Reworked confusing and unreliable list
widths](https://redirect.github.com/wekan/wekan/issues/6409),
[#&#8203;6409](https://redirect.github.com/wekan/wekan/issues/6409): a
list now has **one** width instead of the old
"min width / max width / automatic" trio, and it reliably persists
across reloads (the render now drives the
`--list-width` CSS variable the styles actually use, so a width no
longer reverts to `auto` after reload).
  A new board setting **Personal list widths** chooses the scope:
- **Off (default) — Shared:** the width lives on the list
(`lists.width`), is the same for everyone on the board,
and only members with write access can change it (read-only/comment-only
members no longer see the resize
handle). Shared widths are included in board **export/import** (the
importer previously dropped `lists.width`;
it now preserves width, color and collapsed state, and the board's
list-width scope).
- **On — Personal:** each user keeps their own widths (profile, or
localStorage when not logged in), falling back
to the shared width then the default. The per-list popup is simplified
to a single width value plus an
**Auto list width** toggle (fit lists to content); the advanced per-list
min/max pixel options were removed.
Auto-width follows the same Shared/Personal scope (per-board for
everyone, or per-user) and is carried through
    export/import. Documented in `docs/Features/Lists/Lists.md`.

- `rebuild-wekan.sh` / `rebuild-wekan.bat` menu option 2 ("Build WeKan")
now also clears the rspack dev-build caches
(`_build` and `node_modules/.cache`) in addition to `node_modules` /
`.meteor/local` / `.build`, so the next
`meteor run` recompiles from scratch instead of occasionally serving
stale modules after a `git` checkout/merge.

- `rebuild-wekan.sh` / `rebuild-wekan.bat` now give the Meteor build
tool and Node a larger heap by default
(`TOOL_NODE_FLAGS` and `NODE_OPTIONS` = `--max-old-space-size=8192`) for
every dev-run, test and build option, so
long development sessions and test runs no longer crash with "FATAL
ERROR: ... JavaScript heap out of memory".
Both honor an existing value, so you can lower it on machines with less
RAM.

- [Fixed editing the 2nd/3rd organization or team in Admin Panel ›
People always showing the FIRST
one](https://redirect.github.com/wekan/wekan/issues/6411),
[#&#8203;6411](https://redirect.github.com/wekan/wekan/issues/6411): on
`/people`, clicking *Edit* on any organization or team filled
the form with the first one's values (so you could never edit the
others). The edit/settings popups are opened from
the row with data context `{ org }` / `{ team }`, but their helpers read
`this.orgId` / `this.teamId` (undefined
there) and called `getOrg(undefined)` / `getTeam(undefined)`, which
`findOne({})` resolves to the first document.
The popup helpers, the save handlers and the delete (settings) handlers
now resolve the clicked row's id from the
`{ org }` / `{ team }` context. Verified against a running instance
(each org/team now edits its own values).

- **Fixed boards not rendering at all (blank board view) after the
mongodb/bson 7.3.0 dependency bump.** bson 7.x runs
`const { startupSnapshot } = globalThis?.process?.getBuiltinModule('v8')
?? {}` at module-load time; the optional
chaining stops before the *call*, so in the browser — where a partial
`process` polyfill exists but has no
`getBuiltinModule` — it threw `TypeError: getBuiltinModule is not a
function` while evaluating
`client/components/cards/attachments.js` (`import { ObjectId } from
'bson'`). That aborted the client bundle
bootstrap part-way through `client/imports.js`, so every feature
imported after it (notifications, swimlanes,
rules, …) was never registered and the board view died with `No such
template: notifications`. Added a tiny browser
shim (`client/lib/bsonBrowserShim.js`, imported first in
`client/main.js`) that gives the browser `process` a no-op
`getBuiltinModule`, so bson takes its intended `?? {}` fallback. New
unit tests
(`client/lib/tests/bsonBrowserShim.tests.js`); also hardened the
[#&#8203;5686](https://redirect.github.com/wekan/wekan/issues/5686)
Playwright spec to run against a rendering
board. ([PR
#&#8203;6410](https://redirect.github.com/wekan/wekan/pull/6410))

- [Fixed REST API returning HTTP 500 with a stack trace for an invalid
request](https://redirect.github.com/wekan/wekan/pull/6406),
[#&#8203;5804](https://redirect.github.com/wekan/wekan/issues/5804):
posting a comment without the required `comment` parameter (or
to a board that does not exist) returned an HTTP 500 error page. The
schema-validation error thrown on insert is a
circular object (`SimpleSchemaValidationContext` → `SimpleSchema` → …),
and serializing it crashed the response
writer (`Converting circular structure to JSON`). Now: the `comment`
parameter is validated and a missing/empty one
returns **HTTP 400**; an unknown board returns **HTTP 404** (the
board-access checks no longer dereference
`board.members` of a non-existent board); the JSON response writer is
crash-proof (falls back to a safe
`{ "error": … }` payload instead of throwing); and REST comment errors
now use their real status code instead of
`200`. New unit tests in `server/lib/tests/apiResponseHelpers.tests.js`.
([PR #&#8203;6406](https://redirect.github.com/wekan/wekan/pull/6406))

- [Fixed selecting text in a checklist closing the
card](https://redirect.github.com/wekan/wekan/pull/6407),
[#&#8203;5686](https://redirect.github.com/wekan/wekan/issues/5686):
selecting the text of a checklist item and releasing the
mouse outside the card detail pane closed the card. The checklist items
template stops `mousedown` propagation
(for item sorting), so the existing `cardDetailsIsDragging` guard never
engaged and the document-level
"click outside to close" handler closed the card. The close handler now
also keeps the card open whenever a
live text selection is anchored inside the card pane (new
propagation-independent guard
`client/lib/cardCloseGuard.js`), so a deliberate click on empty board
space still closes the card. New unit
tests in `client/lib/tests/cardCloseGuard.tests.js` and a Playwright
regression test in
`tests/playwright/specs/34-checklist-text-selection.e2e.js`. ([PR
#&#8203;6407](https://redirect.github.com/wekan/wekan/pull/6407))

- [Fixed list reordering throwing `403 Access denied` for read-only
members](https://redirect.github.com/wekan/wekan/issues/5462),
[#&#8203;5462](https://redirect.github.com/wekan/wekan/issues/5462):
read-only / comment-only board members could still drag-reorder
lists, which fired a server write that allow/deny rejected with `403
Access denied` (the list then snapped back). Of
the three list jQuery-UI sortables in
`client/components/swimlanes/swimlanes.js`, one was not gated on
`Utils.canModifyBoard()`; it now is, consistent with the other two, plus
a defense-in-depth guard so a logged-in
user without write access can never persist a reorder (anonymous
public-board reordering via localStorage is
unaffected). The server already enforced this; the fix stops the
unauthorized drag and the console error. New
Playwright regression test in
`tests/playwright/specs/35-list-sort-permissions.e2e.js`. ([PR
#&#8203;6408](https://redirect.github.com/wekan/wekan/pull/6408))

Thanks to GitHub users Atry, mueller-ma and liferadioat for reporting.

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC93ZWthbiIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=-->
2026-06-21 19:27:32 +00:00
TrueCharts Bot d05c447316 BREAKING CHANGE(firefox): Update image ghcr.io/linuxserver/firefox 1151.0.4 → 1152.0.1 (#49331)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[ghcr.io/linuxserver/firefox](https://redirect.github.com/linuxserver/docker-firefox/packages)
([source](https://redirect.github.com/linuxserver/docker-firefox)) |
major | `e31d817` → `1f4c0ce` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9maXJlZm94IiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9tYWpvciJdfQ==-->
2026-06-21 20:41:54 +02:00
TrueCharts Bot a2b5449a88 feat(tdarr-node): update image docker.io/haveagitgat/tdarr_node 2.78.01 → 2.79.01 (#49340) 2026-06-21 20:37:39 +02:00
TrueCharts Bot e5fbd43630 fix(flexo): update image docker.io/nroi/flexo 1.6.10 → 1.6.11 (#49337) 2026-06-21 20:37:36 +02:00
TrueCharts Bot 5c1ab274fd chore(tt-rss): update image ghcr.io/tt-rss/tt-rss digest to d6f6988 (#49336)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| ghcr.io/tt-rss/tt-rss | digest | `9018758` → `d6f6988` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC90dC1yc3MiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==-->
2026-06-21 20:37:29 +02:00
TrueCharts Bot 3ec7d38588 chore(rsshub): update image docker.io/diygod/rsshub digest to 281d34b (#49335)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/diygod/rsshub | digest | `264b47f` → `281d34b` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9yc3NodWIiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==-->
2026-06-21 20:36:49 +02:00
TrueCharts Bot 0f7e797be0 chore(blender): update image lscr.io/linuxserver/blender digest to cf6ebad (#49333) 2026-06-21 20:36:24 +02:00
TrueCharts Bot af89c32a8a fix(gitea): update image docker.io/gitea/gitea 1.26.3 → 1.26.4 (#49338)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [docker.io/gitea/gitea](https://redirect.github.com/go-gitea/gitea) |
patch | `4d1d796` → `cd1d261` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Release Notes

<details>
<summary>go-gitea/gitea (docker.io/gitea/gitea)</summary>

###
[`v1.26.4`](https://redirect.github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#1264---2026-06-21)

[Compare
Source](https://redirect.github.com/go-gitea/gitea/compare/v1.26.3...v1.26.4)

- SECURITY
- fix(auth): do not auto-reactivate disabled users on OAuth2 callback
([#&#8203;38009](https://redirect.github.com/go-gitea/gitea/issues/38009))
([#&#8203;38183](https://redirect.github.com/go-gitea/gitea/issues/38183))

- BUGFIXES
- fix: walk git log context error handling
([#&#8203;38182](https://redirect.github.com/go-gitea/gitea/issues/38182))
([#&#8203;38185](https://redirect.github.com/go-gitea/gitea/issues/38185))

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9naXRlYSIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=-->
2026-06-21 20:36:10 +02:00
TrueCharts Bot 907730b086 chore(automatic-ripping-machine): update image docker.io/automaticrippingmachine/automatic-ripping-machine digest to 1a8f270 (#49332) 2026-06-21 20:35:43 +02:00
TrueCharts Bot 18c5e5022b feat(tdarr): update image docker.io/haveagitgat/tdarr 2.78.01 → 2.79.01 (#49341)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[docker.io/haveagitgat/tdarr](https://redirect.github.com/HaveAGitGat/tdarr_express_be)
| minor | `e5163f3` → `d32377a` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC90ZGFyciIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=-->
2026-06-21 20:35:42 +02:00
TrueCharts Bot 1556a2a4fa fix(tandoor-recipes): update image ghcr.io/tandoorrecipes/recipes 2.6.9 → 2.6.11 (#49339)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[ghcr.io/tandoorrecipes/recipes](https://redirect.github.com/TandoorRecipes/recipes)
| patch | `969c5b3` → `2eb9a80` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Release Notes

<details>
<summary>TandoorRecipes/recipes
(ghcr.io/tandoorrecipes/recipes)</summary>

###
[`v2.6.11`](https://redirect.github.com/TandoorRecipes/recipes/releases/tag/2.6.11)

[Compare
Source](https://redirect.github.com/TandoorRecipes/recipes/compare/2.6.10...2.6.11)

- **improved** pantry booking dialog and table
- **fixed** another order parameter

###
[`v2.6.10`](https://redirect.github.com/TandoorRecipes/recipes/releases/tag/2.6.10)

[Compare
Source](https://redirect.github.com/TandoorRecipes/recipes/compare/2.6.9...2.6.10)

- **fixed** recipes marked as private could be viewed trough API utility
endpoints
<https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-cqj3-64qw-4w52>
- **fixed** recipe search and recipe book API endpoints accepting any
order by attribute
<https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-4x57-2q4q-xwpp>
- **fixed** regex ddos possibility in automation engine
<https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-f2gw-c2c7-59v7>
- **fixed** AI Providers could be configured with malicious URLs to
allow SSRF
<https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-wq4h-2r8x-cv65>
- ⚠️ if you are using custom AI backends you need to add them to the new
`AI_ALLOWED_URLS` settings (see
<https://docs.tandoor.dev/system/configuration/#ai-integration>)
- **fixed** bookmarklets of other users in your own space could be
accessed/deleted
<https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-4vw7-c646-g23w>
- **updated** lots of dependencies
- **updated** translations for various languages

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC90YW5kb29yLXJlY2lwZXMiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19-->
2026-06-21 20:34:59 +02:00
TrueCharts Bot 30aa35d955 chore(nitter): update image docker.io/zedeus/nitter digest to f724be5 (#49334)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/zedeus/nitter | digest | `2eb2292` → `f724be5` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9uaXR0ZXIiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==-->
2026-06-21 20:30:38 +02:00
TrueCharts Bot 7d52297319 chore(medusa): update image ghcr.io/linuxserver/medusa digest to 4720869 (#49328) 2026-06-21 14:27:47 +02:00
TrueCharts Bot 76b3891e8e fix(vocechat-server): update image docker.io/privoce/vocechat-server v0.5.19 → v0.5.20 (#49330)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/privoce/vocechat-server | patch | `ce9edf2` → `e5007e9` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC92b2NlY2hhdC1zZXJ2ZXIiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19-->
2026-06-21 14:27:40 +02:00
TrueCharts Bot f1661d8326 chore(nitter): update image docker.io/zedeus/nitter digest to 2eb2292 (#49329)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/zedeus/nitter | digest | `cb58e02` → `2eb2292` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9uaXR0ZXIiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==-->
2026-06-21 14:27:01 +02:00
TrueCharts Bot 598dc40402 fix(vocechat-server): update image docker.io/privoce/vocechat-server v0.5.18 → v0.5.19 (#49327) 2026-06-21 08:23:39 +02:00
TrueCharts Bot 9e741f64ce fix(multus-cni): update image docker.io/alpine/crane 0.21.6 → 0.21.7 (#49326) 2026-06-21 08:23:32 +02:00
TrueCharts Bot e4de601c13 chore(steam-headless): update image docker.io/josh5/steam-headless digest to adbc8de (#49324) 2026-06-21 08:23:24 +02:00
TrueCharts Bot 2938c519a8 fix(mstream): update image ghcr.io/linuxserver/mstream 6.11.1 → 6.11.2 (#49325)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[ghcr.io/linuxserver/mstream](https://redirect.github.com/linuxserver/docker-mstream/packages)
([source](https://redirect.github.com/linuxserver/docker-mstream)) |
patch | `ce2f683` → `b2ca98d` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9tc3RyZWFtIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9wYXRjaCJdfQ==-->
2026-06-21 08:23:19 +02:00
TrueCharts Bot a6461f8e2e chore(anything-llm): update image ghcr.io/mintplex-labs/anything-llm digest to 31a3d37 (#49321)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| ghcr.io/mintplex-labs/anything-llm | digest | `16f75d1` → `31a3d37` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9hbnl0aGluZy1sbG0iLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==-->
2026-06-21 08:22:19 +02:00
TrueCharts Bot d750988287 chore(nitter): update image docker.io/zedeus/nitter digest to cb58e02 (#49323)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/zedeus/nitter | digest | `1bc87a3` → `cb58e02` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9uaXR0ZXIiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==-->
2026-06-21 06:21:46 +00:00
TrueCharts Bot 5223ee6efc chore(farmos): update image docker.io/farmos/farmos digest to e297af5 (#49322)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/farmos/farmos | digest | `d083818` → `e297af5` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9mYXJtb3MiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==-->
2026-06-21 08:21:29 +02:00
TrueCharts-Bot fbf207006c Commit daily changes
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2026-06-21 00:44:28 +00:00
TrueCharts Bot 731d30dcef chore(nitter): update image docker.io/zedeus/nitter digest to 1bc87a3 (#49316)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| docker.io/zedeus/nitter | digest | `6879f43` → `1bc87a3` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9uaXR0ZXIiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==-->
2026-06-21 02:23:36 +02:00
TrueCharts Bot 3da7fbf450 feat(wekan): update image docker.io/wekanteam/wekan v9.64 → v9.65 (#49320)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [docker.io/wekanteam/wekan](https://redirect.github.com/wekan/wekan) |
minor | `ed6c960` → `a453464` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Release Notes

<details>
<summary>wekan/wekan (docker.io/wekanteam/wekan)</summary>

###
[`v9.65`](https://redirect.github.com/wekan/wekan/blob/HEAD/CHANGELOG.md#v965-2026-06-20-WeKan--release)

[Compare
Source](https://redirect.github.com/wekan/wekan/compare/v9.64...v9.65)

This release adds the following updates:

- Issue triage: closed 13 already-fixed Bug issues (with evidence),
relabeled \~25 mislabeled feature requests to `Feature` with a "Feature
Request:" title prefix, and prefixed \~35 environment-specific reports
"Environment specific:" and gave them the `Bug:Environment-specific`
label.
- Audited labels on all 533 open issues for correctness (type,
`Feature:Area`, `Targets:`, `Severity:`, etc.).
- Added 23 missing GitHub labels found by auditing `docs/Login` and
`docs/Features` against the issue labels, matching the existing label
style and colours (`Feature:*` = `#&#8203;0052cc`, `Targets:*` =
`#fbca04`), and applied them across open and closed issues:
- Login methods (`Feature:User-accounts:*`): ADFS, Azure, B2C, Google,
Header-Login, Nextcloud, Oracle, Zitadel, Autologin, Accounts-Lockout,
Forgot-Password.
- Features: `Feature:LaTeX`, `Feature:Mermaid-Diagram`, `Feature:Emoji`,
`Feature:Python`, `Feature:Cards:Cover`, `Feature:Cards:Location`,
`Feature:Custom-Logo`, `Feature:RTL`, `Feature:Members`,
`Feature:Multitenancy`, `Feature:Allow-private-boards-only`.
  - Platform: `Targets:Apache`.

and adds the following new features:

- [Threaded comment
replies](https://redirect.github.com/wekan/wekan/commit/bdb8e6254): card
comments gain an optional
`parentId`; a "Reply" link links a new comment to its parent, rendered
with an "in reply to" quote. Initial MVP
  (single-level visual threading).
- [Restrict board admins from editing/deleting other users'
comments](https://redirect.github.com/wekan/wekan/commit/bdb8e6254):
new board setting `restrictCommentEditing` (default off). When on, only
a comment's author may edit/delete it;
  enforced server-side via collection hooks.
- [Visible status of
sub-tasks](https://redirect.github.com/wekan/wekan/commit/d7ae93bb2):
each subtask now shows its current
list (prefixed with the board title when on a different board) read-only
next to its title.
- [Drag-and-drop search results into board
columns](https://redirect.github.com/wekan/wekan/commit/b998246c3):
cards in the
search-results list can be dragged onto board lists, reusing the
existing `card.move()`. MVP: drops append to
  the end of the target list (no pixel-precise insertion index yet).
- [Per-user permanent dismissal of the Announcement
banner](https://redirect.github.com/wekan/wekan/commit/bf75efaef): a
user
can permanently close the current announcement so it does not reappear
on reload/board-switch, until the admin
  edits the announcement text (which makes it reappear for everyone).
- [Show how many times a card's due date was
changed](https://redirect.github.com/wekan/wekan/commit/a8ed326a5): the
card detail
now displays a "due date changed N times" count (derived from existing
`a-dueAt` activities) for deadline
  accountability.
- [Restrict adding board members to the same Organization or
Team](https://redirect.github.com/wekan/wekan/commit/371258a6d):
new global admin setting `boardMembersFromSameOrgOrTeamOnly` (default
off). When on, a user can only be added to
a board if they share an Organization or Team with the inviter or an
active board member; enforced server-side in
  the invite/search paths. Site admins bypass.
- [Import Google Calendar `.ics` files into board
cards](https://redirect.github.com/wekan/wekan/commit/0a43d8ac3): MVP,
import-only. New dependency-free iCalendar parser
(`server/lib/icsImport.js`) maps each `VEVENT` to a card with
`startAt`/`dueAt` so events appear on Calendar/Gantt views, plus an
`importIcsToBoard` Meteor method and a REST
endpoint `POST
/api/boards/:boardId/swimlanes/:swimlaneId/lists/:listId/ics`
(documented in the OpenAPI spec, with
an `importics` example in `api.py`). Two-way Google Calendar sync is not
included (see

[wekan-ical-server](https://redirect.github.com/wekan/wekan-ical-server)
for read-only WeKan→calendar export).

and fixes the following bugs:

- [Fixed OIDC/OAuth2 "Log Out" redirecting to the identity provider home
page instead of back to
Wekan](https://redirect.github.com/wekan/wekan/commit/9e50c69eaaec8928b4eb8a122f9cb6f0447464a9).
With autologin (`OIDC_REDIRECTION_ENABLED=true`), clicking Log Out
redirected to the OAuth2 server URL
(for example the Keycloak base URL `https://id.company.com`), which
shows an error page for non-admin
users. Added the new optional `OAUTH2_LOGOUT_ENDPOINT` setting: when set
to the provider's
`end_session_endpoint` (Keycloak example
`/realms/<realm>/protocol/openid-connect/logout`), Wekan now
performs an OIDC RP-initiated logout that ends the identity provider
session and returns the user to
Wekan (`ROOT_URL`) via `post_logout_redirect_uri`. When unset, logout
behaviour is unchanged, so this
is backward compatible. For Keycloak 18+, add your Wekan `ROOT_URL` to
the client's
*Valid post logout redirect URIs*. See
[docs/Login/Keycloak/Keycloak.md](https://redirect.github.com/wekan/wekan/blob/main/docs/Login/Keycloak/Keycloak.md).
  Thanks to zambalee and xet7.
- [Fixed due dates not correctly colour
coded](https://redirect.github.com/wekan/wekan/commit/086254e10): future
due dates
more than 48 hours away are now shaded grey (`not-due`) instead of amber
(`due-soon`). Root cause was a
call to `diff(theDate, now, 'days')` where `'days'` is not a valid unit,
so the threshold compared raw
milliseconds; replaced with a precise hours-based comparison in a single
shared helper.
- [Fixed due date colour mismatch between list and card
detail](https://redirect.github.com/wekan/wekan/commit/086254e10):
an overdue card now shows red in both the minicard/list and the opened
card detail. The card-detail status
colours now use `!important` so overdue red overrides the due-date
yellow base (matching the minicard), and
the colour-decision logic is unified into one shared helper used by both
views.
- [Fixed unable to view all cards by due
date](https://redirect.github.com/wekan/wekan/commit/b3acbd692): removed
the
`limit: 100` cap in the `dueCards` publication so all of a user's due
cards across boards are shown.
- [Fixed unable to scroll past the first cards in the Due Cards view on
mobile](https://redirect.github.com/wekan/wekan/commit/b3acbd692):
the due-cards list now has a scoped scroll container with a
viewport-relative max height.
- [Fixed card-detail sub-popups disappearing on
mobile](https://redirect.github.com/wekan/wekan/commit/5c890baca):
assigning
a user or setting the due date on touch devices no longer closes the
popup (touch events inside the popup no
  longer bubble to the click-outside close handler on mobile viewports).
- [Fixed mobile board layout and tiny Home
button](https://redirect.github.com/wekan/wekan/commit/5c890baca):
minicards now
render one per row (full width) on narrow screens and the header Home /
All Boards button is a proper tap target.
- [Fixed enormous icons/menus/text after
upgrade](https://redirect.github.com/wekan/wekan/commit/5c890baca):
clamped runaway
  icon/label sizing on mobile.
- [Fixed oversized padding/margins and stray  emoji from recent UI
changes](https://redirect.github.com/wekan/wekan/commit/5c890baca):
trimmed excessive padding/margins on mobile; remaining stray plus emojis
are tracked for replacement with a
  Font Awesome icon.
- [Fixed board-level search not including
comments](https://redirect.github.com/wekan/wekan/commit/b998246c3):
in-board search
  now matches text inside card comments, consistent with global search.
- [Fixed "create list" not available in Lists board-view
mode](https://redirect.github.com/wekan/wekan/commit/c18ae388b): the
"Add list" composer now appears in Lists mode (using the board's default
swimlane), not only in Swimlanes mode.
- [Fixed board/list/swimlane numbering breaking first-letter keyboard
navigation](https://redirect.github.com/wekan/wekan/commit/fe4d2a56f):
the move/copy card popups no longer prefix a number to each option, so
options start with their name again and
  digit-named boards are readable.
- [Fixed missing notification and card-history entry when a new
attachment is
uploaded](https://redirect.github.com/wekan/wekan/commit/f59273508):
uploading an attachment now creates an `addAttachment` activity, so card
members and subscribers are notified
(consistent with attachment removal); previously the activity was never
created because the store-strategy
  upload hook was dead code.
- [Fixed copying a card selecting all/unnamed labels on the destination
board](https://redirect.github.com/wekan/wekan/commit/d26d117e3):
`Cards.copy()` now applies the same unnamed-label
guard as `Cards.move()` and persists the remapped labels onto the
inserted card.
- [Fixed copied card losing its cover ("show as
thumb")](https://redirect.github.com/wekan/wekan/commit/a0e701708):
`coverId` is now remapped to the newly copied
attachment instead of pointing at the original (now-unresolvable)
attachment id.
- [Fixed deleting a date on a linked card not taking
effect](https://redirect.github.com/wekan/wekan/commit/09e9c993e):
`unsetReceived/unsetStart/unsetDue/unsetEnd` now
resolve the real card id via `getRealId()` (consistent with the `set*`
methods) so they update the underlying
  linked card, not the link placeholder.
- [Fixed comment-only members being able to archive cards from the
UI](https://redirect.github.com/wekan/wekan/commit/aa412b2a1): the
archive action now respects
`Utils.canModifyCard()` like every other mutating card action (the
server allow-rule already rejected the write;
  this closes the client-side UX gap).
- [Fixed sub-task board being inaccessible until a
reload](https://redirect.github.com/wekan/wekan/commit/45bd7dcc8): the
"view subtask" navigation now guards against a
  not-yet-loaded board, mirroring the sibling handler.
- [Fixed the "When a card is moved to Archive" rule trigger not being
activatable](https://redirect.github.com/wekan/wekan/commit/da7c06ec6):
a CSS class-name mismatch (`js-add-arc-trigger` vs
`js-add-arch-trigger`) between the board-triggers template and its click
handler is fixed, with a regression test.
- [Fixed "select all in list" crossing
swimlanes](https://redirect.github.com/wekan/wekan/commit/300a9751e):
list select-all is now scoped to the current
swimlane in swimlanes view (`allCards()` gained an optional swimlane
scope); list-wide behaviour is preserved
  where there is no swimlane context.
- [Fixed copying a swimlane to another board losing card
labels](https://redirect.github.com/wekan/wekan/commit/9643dcded):
missing board-level labels are now recreated on the
destination board (preserving colour) before the per-card copy so label
assignments survive.
- [Fixed Calendar View ignoring the start-day-of-week
setting](https://redirect.github.com/wekan/wekan/commit/7eec78c04):
FullCalendar's `firstDay` is now derived from
  `getStartDayOfWeek()` instead of the locale default.
- [Fixed deleted-attachment notification crediting the uploader instead
of the
deleter](https://redirect.github.com/wekan/wekan/commit/2ba8882d8): the
`deleteAttachment` activity now records the
  acting user (falling back to the uploader for server/system removals).
- [Fixed updating a card title not firing the outgoing
webhook](https://redirect.github.com/wekan/wekan/commit/9aa97ab8f): a
title change now logs an `a-changedTitle` activity
(rendered in the activity feed) so the existing outgoing-webhook hook
fires, consistent with description/date changes.
- [Fixed @&#8203;mention: pressing Enter to pick a user closed the card
/ submitted the
comment](https://redirect.github.com/wekan/wekan/commit/3ce75dd87), also
[#&#8203;4172](https://redirect.github.com/wekan/wekan/issues/4172)
and [#&#8203;5457](https://redirect.github.com/wekan/wekan/issues/5457):
when the @&#8203;mention autocomplete dropdown is open, Enter now
selects the highlighted user instead of submitting/closing (shared
textcomplete keydown guard hardened).
- [Fixed REST card API move/sort/date/archive
bugs](https://redirect.github.com/wekan/wekan/commit/39e12035e):
consolidated duplicated board-move variable names
([#&#8203;5398](https://redirect.github.com/wekan/wekan/issues/5398));
moving a card to another list via the API now puts it on top of the
destination list like the Move Card
dialog
([#&#8203;5399](https://redirect.github.com/wekan/wekan/issues/5399));
due/received/start/end dates set via the API now
persist instead of being stripped
([#&#8203;5537](https://redirect.github.com/wekan/wekan/issues/5537));
and archived cards can be
inspected via the single-card GET and de-archived without needing a
`list_id`
([#&#8203;5546](https://redirect.github.com/wekan/wekan/issues/5546)).
- [Fixed the per-checklist "Hide checked items" toggle being inverted
and affecting all
checklists](https://redirect.github.com/wekan/wekan/commit/e98aae278):
it is now read per checklist and hides an item exactly
  when it is checked and that checklist's toggle is on.
- [Fixed setting a list/swimlane colour to `silver` saving it as
None](https://redirect.github.com/wekan/wekan/commit/6f8543322):
list/swimlane colours are normalized through a shared
canonical allowed-colour helper, so `silver` (and every offered colour)
is accepted and rendered.
- [Fixed internal caret `^board^` helper boards appearing in board lists
and the REST
API](https://redirect.github.com/wekan/wekan/commit/f819054bb):
caret-wrapped titles and non-`board` types are now
filtered from `/api/users/:userId/boards`, `/api/boards` and the
`Boards.userBoards` helper, consistent with the UI.
- [Fixed being unable to remove a deleted (non-existent) user from a
board's
members](https://redirect.github.com/wekan/wekan/commit/beac9e3d7):
orphaned member entries are now hard-removed by userId
  even when the user account no longer exists.
- [Fixed a custom number field displaying as `NaN` when cleared after
being set](https://redirect.github.com/wekan/wekan/commit/98315c26c): an
empty number value is stored as `''` and rendered as
  empty via a shared `formatNumberValue` helper.
- [Fixed subtask creation producing extra swimlanes/columns and only
allowing one
subtask](https://redirect.github.com/wekan/wekan/commit/4b27313c7), also
[#&#8203;5788](https://redirect.github.com/wekan/wekan/issues/5788),
[#&#8203;2256](https://redirect.github.com/wekan/wekan/issues/2256) and
[#&#8203;4782](https://redirect.github.com/wekan/wekan/issues/4782):
subtask
creation is now server-authoritative (`addSubtaskCard` Meteor method)
and client-side auto-creation of the default
subtasks board/list is guarded to the server, so the client can no
longer create duplicate subtasks boards/swimlanes
  and multiple subtasks can be created reliably.
- [Fixed board "always on card" custom fields not being applied to new
subtask
cards](https://redirect.github.com/wekan/wekan/commit/4b27313c7), also
[#&#8203;3562](https://redirect.github.com/wekan/wekan/issues/3562):
the destination board's automatic custom fields are now added to a new
subtask.
- [Fixed a circular subtask/parent reference hanging the whole
board](https://redirect.github.com/wekan/wekan/commit/4b27313c7): the
parent-chain guard compared array indices instead of
ids; it now compares by value and `setParentId` refuses a cyclic
re-parent.
- [Fixed the board Subtasks "Landing list for subtasks deposited here"
setting not saving / showing the wrong
list](https://redirect.github.com/wekan/wekan/commit/774289f92), also
[#&#8203;3876](https://redirect.github.com/wekan/wekan/issues/3876),
[#&#8203;4849](https://redirect.github.com/wekan/wekan/issues/4849) and
[#&#8203;4947](https://redirect.github.com/wekan/wekan/issues/4947): the
settings popup now reads the deposit board's lists and matches the
stored `subtasksDefaultListId`.
- [Fixed the subtask "View it" button opening the parent card instead of
the subtask](https://redirect.github.com/wekan/wekan/commit/c5cdc7b65):
navigation now targets the subtask's own board/card.
- [Fixed deleting a card not firing the outgoing
webhook](https://redirect.github.com/wekan/wekan/commit/7bb7540ba): card
deletion now creates a `deleteCard` activity (in the
before-remove hook and the REST delete endpoints) so the outgoing
webhook fires; board/list/swimlane deletion already
emitted their delete activities
([#&#8203;2950](https://redirect.github.com/wekan/wekan/issues/2950)).
- [Fixed a configured outgoing webhook making it impossible to set card
members](https://redirect.github.com/wekan/wekan/commit/8863ec24a):
outgoing webhook delivery is now fire-and-forget and
error-isolated, so a slow/unreachable/failing webhook endpoint can no
longer abort the member update.

Thanks to above GitHub users for their contributions and translators for
their translations.

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC93ZWthbiIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=-->
2026-06-21 02:19:42 +02:00
TrueCharts Bot ac3e3ca2d7 feat(ghostfolio): update image docker.io/ghostfolio/ghostfolio 3.12.0 → 3.13.0 (#49319)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[docker.io/ghostfolio/ghostfolio](https://redirect.github.com/ghostfolio/ghostfolio)
| minor | `f8728e6` → `1d62d9a` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Release Notes

<details>
<summary>ghostfolio/ghostfolio
(docker.io/ghostfolio/ghostfolio)</summary>

###
[`v3.13.0`](https://redirect.github.com/ghostfolio/ghostfolio/blob/HEAD/CHANGELOG.md#3130---2026-06-20)

[Compare
Source](https://redirect.github.com/ghostfolio/ghostfolio/compare/3.12.0...3.13.0)

##### Added

- Added an icon to indicate external links in the page tabs component
- Added the Korean (`ko`) language to the footer
- Added a data gathering frequency (`DAILY` or `HOURLY`) to the asset
profile to control the market data gathering interval

##### Changed

- Changed the *Fear & Greed Index* (market mood) in the markets overview
to use the stored market data instead of a live quote
- Moved the endpoint to get the asset profiles from `GET
api/v1/admin/market-data` to `GET api/v1/asset-profiles`
- Moved the endpoint to get the asset profile details from `GET
api/v1/market-data/:dataSource/:symbol` to `GET
api/v1/asset-profiles/:dataSource/:symbol`
- Added the selected asset profile count to the delete menu item of the
historical market data table in the admin control panel
- Added the selected asset profile count to the deletion confirmation
dialog of the historical market data table in the admin control panel
- Improved the sorting to be case-insensitive in the platform management
of the admin control panel
- Improved the sorting to be case-insensitive in the tag management of
the admin control panel
- Improved the language localization for German (`de`)
- Upgraded `yahoo-finance2` from version `3.14.2` to `3.15.3`

##### Fixed

- Fixed an issue with the localization of the country names
- Fixed an issue in the data provider service where quotes could be
missing for symbols that exist in multiple data sources by keying the
quotes response by the asset profile identifier

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9naG9zdGZvbGlvIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9taW5vciJdfQ==-->
2026-06-21 02:19:03 +02:00
TrueCharts Bot 94ec1ff6e5 fix(gitea): update image docker.io/gitea/gitea 1.26.2 → 1.26.3 (#49317)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [docker.io/gitea/gitea](https://redirect.github.com/go-gitea/gitea) |
patch | `c5c21a7` → `4d1d796` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Release Notes

<details>
<summary>go-gitea/gitea (docker.io/gitea/gitea)</summary>

###
[`v1.26.3`](https://redirect.github.com/go-gitea/gitea/releases/tag/v1.26.3)

[Compare
Source](https://redirect.github.com/go-gitea/gitea/compare/v1.26.2...v1.26.3)

- BREAKING

- fix(actions)!: require merged PR to bypass fork PR approval gate
([#&#8203;38010](https://redirect.github.com/go-gitea/gitea/issues/38010))
([#&#8203;38041](https://redirect.github.com/go-gitea/gitea/issues/38041))

- SECURITY
- fix(hostmatcher): patch incorrect private list
([#&#8203;38170](https://redirect.github.com/go-gitea/gitea/issues/38170))
([#&#8203;38173](https://redirect.github.com/go-gitea/gitea/issues/38173))
- fix: Various security fixes
([#&#8203;38103](https://redirect.github.com/go-gitea/gitea/issues/38103))
([#&#8203;38151](https://redirect.github.com/go-gitea/gitea/issues/38151))
- fix: Various sec fixes
([#&#8203;38108](https://redirect.github.com/go-gitea/gitea/issues/38108))
([#&#8203;38147](https://redirect.github.com/go-gitea/gitea/issues/38147))
- fix: allow git clone of private repos with anonymous code access
([#&#8203;38074](https://redirect.github.com/go-gitea/gitea/issues/38074))
([#&#8203;38146](https://redirect.github.com/go-gitea/gitea/issues/38146))
- fix(auth): ignore stale OIDC external login links to organizations
([#&#8203;37875](https://redirect.github.com/go-gitea/gitea/issues/37875))
([#&#8203;38141](https://redirect.github.com/go-gitea/gitea/issues/38141))
- fix(hostmatcher): block reserved IP ranges from external/private
filters
([#&#8203;38039](https://redirect.github.com/go-gitea/gitea/issues/38039))
([#&#8203;38059](https://redirect.github.com/go-gitea/gitea/issues/38059))
- fix(lfs): require Code-unit access for cross-repo LFS object reuse
([#&#8203;38006](https://redirect.github.com/go-gitea/gitea/issues/38006))
([#&#8203;38050](https://redirect.github.com/go-gitea/gitea/issues/38050))
- fix(lfs): reject unknown SSH LFS sub-verbs to prevent auth bypass
([#&#8203;38008](https://redirect.github.com/go-gitea/gitea/issues/38008))
([#&#8203;38015](https://redirect.github.com/go-gitea/gitea/issues/38015))
- fix: bound CODEOWNERS regex match time
([#&#8203;38011](https://redirect.github.com/go-gitea/gitea/issues/38011))
([#&#8203;38025](https://redirect.github.com/go-gitea/gitea/issues/38025))
- fix: bound debian ParseControlFile to a single control stanza
([#&#8203;38044](https://redirect.github.com/go-gitea/gitea/issues/38044))
([#&#8203;38055](https://redirect.github.com/go-gitea/gitea/issues/38055))
- fix(deps): update module golang.org/x/net to v0.55.0 \[security]
([#&#8203;37813](https://redirect.github.com/go-gitea/gitea/issues/37813))
([#&#8203;37829](https://redirect.github.com/go-gitea/gitea/issues/37829))

- API
- feat(api): add Link header in ListForks
([#&#8203;38052](https://redirect.github.com/go-gitea/gitea/issues/38052))
([#&#8203;38063](https://redirect.github.com/go-gitea/gitea/issues/38063))

- BUGFIXES
- fix: Fix the panic when ssh remote lfs endpoint parsing failure
([#&#8203;38026](https://redirect.github.com/go-gitea/gitea/issues/38026))
([#&#8203;38158](https://redirect.github.com/go-gitea/gitea/issues/38158))
- fix(api): nil pointer panic when filtering tracked times by a
non-existent user
([#&#8203;38112](https://redirect.github.com/go-gitea/gitea/issues/38112))
([#&#8203;38115](https://redirect.github.com/go-gitea/gitea/issues/38115))
- fix: keep literal "false" value displayed in workflow\_dispatch choice
dropdowns
([#&#8203;38080](https://redirect.github.com/go-gitea/gitea/issues/38080))
([#&#8203;38096](https://redirect.github.com/go-gitea/gitea/issues/38096))
- fix: parse HEAD ref
([#&#8203;38119](https://redirect.github.com/go-gitea/gitea/issues/38119))
- fix: git cmd
([#&#8203;38084](https://redirect.github.com/go-gitea/gitea/issues/38084))
([#&#8203;38087](https://redirect.github.com/go-gitea/gitea/issues/38087))
- fix(releases): generate notes for initial tag
([#&#8203;37697](https://redirect.github.com/go-gitea/gitea/issues/37697))
([#&#8203;37986](https://redirect.github.com/go-gitea/gitea/issues/37986))
- fix(actions): return 404 when job log blob is missing
([#&#8203;38003](https://redirect.github.com/go-gitea/gitea/issues/38003))
([#&#8203;38004](https://redirect.github.com/go-gitea/gitea/issues/38004))
- fix(actions): exclude `workflow_call` from workflow trigger detection
([#&#8203;37894](https://redirect.github.com/go-gitea/gitea/issues/37894))
([#&#8203;37899](https://redirect.github.com/go-gitea/gitea/issues/37899))
- fix(actions): keep action run title clickable when commit subject is a
URL
([#&#8203;37867](https://redirect.github.com/go-gitea/gitea/issues/37867))
([#&#8203;37898](https://redirect.github.com/go-gitea/gitea/issues/37898))
- fix(actions): reject workflow\_dispatch for workflows without that
trigger
([#&#8203;37660](https://redirect.github.com/go-gitea/gitea/issues/37660))
([#&#8203;37895](https://redirect.github.com/go-gitea/gitea/issues/37895))
- fix(actions): ack re-sent `UpdateLog` finalize idempotently
([#&#8203;37885](https://redirect.github.com/go-gitea/gitea/issues/37885))
([#&#8203;37892](https://redirect.github.com/go-gitea/gitea/issues/37892))
- fix: http content file render
([#&#8203;37850](https://redirect.github.com/go-gitea/gitea/issues/37850))
([#&#8203;37856](https://redirect.github.com/go-gitea/gitea/issues/37856))
- fix(issues): clear stale ReviewTypeRequest when submitting pending
review
([#&#8203;37809](https://redirect.github.com/go-gitea/gitea/issues/37809))
([#&#8203;37815](https://redirect.github.com/go-gitea/gitea/issues/37815))
- fix: Fix issue target branch selection for non-collaborators
([#&#8203;36916](https://redirect.github.com/go-gitea/gitea/issues/36916))
([#&#8203;38164](https://redirect.github.com/go-gitea/gitea/issues/38164))

- BUILD
- fix(deps): update `@playwright/test` to 1.60.0
([#&#8203;38144](https://redirect.github.com/go-gitea/gitea/issues/38144))
- ci: add `tools/ci-tools.ts` for the PR labeler workflow
([#&#8203;37831](https://redirect.github.com/go-gitea/gitea/issues/37831))
- fix(build): swagger css import
([#&#8203;37801](https://redirect.github.com/go-gitea/gitea/issues/37801))
([#&#8203;37803](https://redirect.github.com/go-gitea/gitea/issues/37803))

Instances on **[Gitea Cloud](https://cloud.gitea.com)** will be
automatically upgraded to this version during the specified maintenance
window.

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9naXRlYSIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=-->
2026-06-21 02:17:24 +02:00
TrueCharts Bot cd72d44acb fix(slink): update image docker.io/anirdev/slink v1.12.0 → v1.12.1 (#49318)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [docker.io/anirdev/slink](https://docs.slinkapp.io)
([source](https://redirect.github.com/andrii-kryvoviaz/slink)) | patch |
`4de5027` → `2547ac8` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Release Notes

<details>
<summary>andrii-kryvoviaz/slink (docker.io/anirdev/slink)</summary>

###
[`v1.12.1`](https://redirect.github.com/andrii-kryvoviaz/slink/releases/tag/v1.12.1)

[Compare
Source](https://redirect.github.com/andrii-kryvoviaz/slink/compare/v1.12.0...v1.12.1)

#### 📦 Patch Notes

##### 🛠️ Improvements & Fixes

- **Upload Page:** General UI/UX improvements and fixes across the
upload page.
- **Volume Permissions:** Fixed a permissions issue affecting mounted
volumes on some NAS systems.
- **Maintenance:** Patched dependencies for security advisories across
the API (jwt-framework, Guzzle, PSR-7, JMESPath) and client (Babel), and
refreshed project dependencies.

**Full Changelog**:
<https://github.com/andrii-kryvoviaz/slink/compare/v1.12.0...v1.12.1>

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9zbGluayIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=-->
2026-06-21 02:16:52 +02:00