bbe4cc6f072b8a60c794e52a01ecb96493246d42
57226 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
bbe4cc6f07 |
chore(jellyfin): update image docker.io/alpine/socat digest to 7f9a067 (#49363)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/alpine/socat | digest | `2b6b49e` → `7f9a067` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9qZWxseWZpbiIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvZGlnZXN0Il19--> |
||
|
|
efb1c9cb48 |
fix(healthchecks): update image ghcr.io/linuxserver/healthchecks 4.2.20260615 → 4.2.20260622 (#49366)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/linuxserver/healthchecks](https://redirect.github.com/linuxserver/docker-healthchecks/packages) ([source](https://redirect.github.com/linuxserver/docker-healthchecks)) | patch | `b99ed55` → `86d1c6d` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9oZWFsdGhjaGVja3MiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19--> |
||
|
|
928e6f74a6 |
feat(misskey): update image docker.io/misskey/misskey 2026.5.4 → 2026.6.0 (#49362)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/misskey/misskey](https://redirect.github.com/misskey-dev/misskey) | minor | `ec4d104` → `d3c2bf2` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>misskey-dev/misskey (docker.io/misskey/misskey)</summary> ### [`v2026.6.0`](https://redirect.github.com/misskey-dev/misskey/blob/HEAD/CHANGELOG.md#202660) [Compare Source](https://redirect.github.com/misskey-dev/misskey/compare/2026.5.4...2026.6.0) ##### General - Feat: ジョブキュー管理画面からキューの一時停止/再開ができるように - Feat: アンテナのタイムラインから個別のノートを削除できるように - Feat: ノート検索で投稿日時の期間を条件に加えられるように([#​16035](https://redirect.github.com/misskey-dev/misskey/issues/16035)) - Fix: コンパネからrootユーザーのパスワードをリセットしようとした際にエラーが通知されない問題を修正 ##### Client - Enhance: ユーザーページのファイルタブでスクロール位置が保持されるように - Enhance: ドライブページでスクロール位置が保持されるように - Enhance: 絵文字のメニューから直接絵文字パレットに絵文字を追加できるように - Fix: URLプレビューのプレイヤーをウィンドウで開いたとき、プレイヤーが読み込まれるまでの間 `Invalid URL` と表示される問題を修正 - Fix: 一部の実績が正しく表示されない問題を修正 - Fix: アクセストークン発行時のダイアログのタイトルが「確認コード」となっているのを修正 - Fix: 一部のUI要素の色が正しく表示されない問題を修正\ (Cherry-picked from [MisskeyIO#1243](https://redirect.github.com/MisskeyIO/misskey/pull/1243)) - Fix: 「D」キーでダークモードを切り替える際にsyncDeviceDarkModeのチェックがバイパスされる問題を修正 - Fix: パスキー登録完了時の認証ダイアログの入力値が使われていない問題を修正 - Fix: メンションのサジェスト時に表示されるアイコン表示が画像サイズ次第で崩れる問題を修正 - Fix: ノートの下書きをリセットする際、未アップロードのファイルについては添付予定が解除されない問題を修正 - Fix: 画像アップロード時、フレームのキャプション付与が正しく行われないことがある問題を修正 ##### Server - Enhance: リモートノートクリーニングジョブのスキップ処理のパフォーマンス改善 - Enhance: リモートノートクリーニングジョブの削除対象検索処理のパフォーマンス改善 - Enhance: ActivityPub の画像添付に width/height を含めるように - Enhance: URLプレビューのデフォルトの User Agent に Misskey サーバーのURLを含めるように - Fix: backend バンドルで `@tensorflow/tfjs-node` を external に含めず、起動時に `@mapbox/node-pre-gyp` の `find()` が backend の package.json を誤検出して `is not node-pre-gyp ready` エラーを永続的に吐く問題を修正 - Fix: MemoryKVCacheのキャッシュGC処理において、更新されたキャッシュが期限切れにならないことがある問題を修正 - Fix: PerUserDriveChart がシステム所有ファイル (userId が null) の更新で `"group"` の非NULL制約違反によりクラッシュする問題を修正 ([#​17498](https://redirect.github.com/misskey-dev/misskey/issues/17498)) - Fix: センシティブメディア自動検出周りの依存関係・ファイルの解決に失敗する問題を修正 - Fix: フォロワー限定投稿を指名投稿で引用した際に、引用した投稿の公開範囲が意図せず変更される問題を修正 - Fix: `actor` を持たない不正なInboxアクティビティを受信した際に配送ジョブが `TypeError` でクラッシュする問題を修正 (受信時に検証して400で返し、ジョブを積まないように変更) - Fix: Startup and shutdown failures (port-in-use, socket permission denied, plugin timeouts, leaked WebSocket connections) are now reported through the misskey logger instead of an UnhandledPromiseRejectionWarning stack trace - Fix: リモートのノートに対するメンション数制限が、サーバーが解決できたユーザー数ベースで行われていた問題を修正 - Fix: セキュリティに関する修正 </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9taXNza2V5IiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9taW5vciJdfQ==--> |
||
|
|
9a9a1899bc |
fix(radicale): update image docker.io/tomsquest/docker-radicale 3.7.3.0 → 3.7.5.0 (#49361)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/tomsquest/docker-radicale](https://redirect.github.com/tomsquest/docker-radicale) | patch | `265195d` → `e4e694f` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>tomsquest/docker-radicale (docker.io/tomsquest/docker-radicale)</summary> ### [`v3.7.5.0`](https://redirect.github.com/tomsquest/docker-radicale/blob/HEAD/CHANGELOG.md#3750---2026-06-22) [Compare Source](https://redirect.github.com/tomsquest/docker-radicale/compare/3.7.4.0...3.7.5.0) ### [`v3.7.4.0`](https://redirect.github.com/tomsquest/docker-radicale/blob/HEAD/CHANGELOG.md#3740---2026-06-22) [Compare Source](https://redirect.github.com/tomsquest/docker-radicale/compare/3.7.3.0...3.7.4.0) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9yYWRpY2FsZSIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=--> |
||
|
|
153730db38 |
fix(docuseal): update image docker.io/docuseal/docuseal 3.1.0 → 3.1.1 (#49360)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/docuseal/docuseal | patch | `cd61aa2` → `0db707b` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9kb2N1c2VhbCIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=--> |
||
|
|
61069579ea |
chore(searxng): update image docker.io/searxng/searxng digest to 3f52dca (#49358)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/searxng/searxng | digest | `3f4f8d7` → `3f52dca` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9zZWFyeG5nIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9kaWdlc3QiXX0=--> |
||
|
|
cb957133ce |
chore(ombi): update image ghcr.io/linuxserver/ombi digest to aa44c36 (#49357)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/linuxserver/ombi](https://redirect.github.com/linuxserver/docker-ombi/packages) ([source](https://redirect.github.com/linuxserver/docker-ombi)) | digest | `8b4b1e9` → `aa44c36` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9vbWJpIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9kaWdlc3QiXX0=--> |
||
|
|
628e63d71c |
chore(xen-orchestra): update image docker.io/ronivay/xen-orchestra digest to 34ab33e (#49359)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/ronivay/xen-orchestra | digest | `63a113c` → `34ab33e` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC94ZW4tb3JjaGVzdHJhIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9kaWdlc3QiXX0=--> |
||
|
|
64528e7f1d |
chore(thelounge): update image docker.io/thelounge/thelounge digest to b624275 (#49347)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/thelounge/thelounge](https://redirect.github.com/thelounge/thelounge-docker) | digest | `b3c6432` → `b624275` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC90aGVsb3VuZ2UiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==--> |
||
|
|
c51bd6ed68 |
feat(tdarr): update image docker.io/haveagitgat/tdarr 2.79.01 → 2.80.01 (#49356)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/haveagitgat/tdarr](https://redirect.github.com/HaveAGitGat/tdarr_express_be) | minor | `d32377a` → `43e0808` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC90ZGFyciIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=--> |
||
|
|
d9a7d55da2 |
feat(tdarr-node): update image docker.io/haveagitgat/tdarr_node 2.79.01 → 2.80.01 (#49355)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/haveagitgat/tdarr_node](https://redirect.github.com/HaveAGitGat/tdarr_express_be) | minor | `26650fe` → `b4d210b` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC90ZGFyci1ub2RlIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9taW5vciJdfQ==--> |
||
|
|
e8719f4b6b |
chore(minecraft-gate): update image ghcr.io/minekube/gate digest to 313116d (#49353)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | ghcr.io/minekube/gate | digest | `4aa7af3` → `313116d` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9taW5lY3JhZnQtZ2F0ZSIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvZGlnZXN0Il19--> |
||
|
|
9ff4a3d6c8 |
chore(fileflows): update image docker.io/revenz/fileflows digest to ebe9eec (#49352)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/revenz/fileflows | digest | `9a500ac` → `ebe9eec` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9maWxlZmxvd3MiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==--> |
||
|
|
cb66fee4cd |
chore(searxng): update image docker.io/searxng/searxng digest to 3f4f8d7 (#49354)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/searxng/searxng | digest | `d0f6ccf` → `3f4f8d7` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9zZWFyeG5nIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9kaWdlc3QiXX0=--> |
||
|
|
3357b0f652 |
feat(nvidia-gpu-exporter): update image docker.io/utkuozdemir/nvidia_gpu_exporter 1.4.1 → 1.5.0 (#49351)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/utkuozdemir/nvidia_gpu_exporter | minor | `b921d70` → `b5f70ca` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9udmlkaWEtZ3B1LWV4cG9ydGVyIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9taW5vciJdfQ==--> |
||
|
|
deaaf6551c |
fix(openwebrxplus): update image docker.io/slechev/openwebrxplus-softmbe 1.2.116 → 1.2.117 (#49349)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/slechev/openwebrxplus-softmbe | patch | `a33dd74` → `465b34b` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9vcGVud2VicnhwbHVzIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9wYXRjaCJdfQ==--> |
||
|
|
ac8abbc8a5 |
fix(etherpad): update image ghcr.io/ether/etherpad 3.3.1 → 3.3.2 (#49348)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/ether/etherpad](https://redirect.github.com/ether/etherpad) | patch | `c4bcd4b` → `044e5b5` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>ether/etherpad (ghcr.io/ether/etherpad)</summary> ### [`v3.3.2`](https://redirect.github.com/ether/etherpad/blob/HEAD/CHANGELOG.md#332) [Compare Source](https://redirect.github.com/ether/etherpad/compare/3.3.1...3.3.2) 3.3.2 is a bug-fix and dependency-hardening follow-up to 3.3.1. It rounds out the pad-deletion UX rework (suppressing the recovery token for durable identities, keeping the token-less Delete button reachable, and closing a read-only deletion hole), restores the saved-revision markers that went missing from in-pad history mode in 3.3.x, and adds env-var overrides so air-gapped installs can switch off Etherpad's outbound calls without editing the image. It also fixes the `migrateDB` / `importSqlFile` / `migrateDirtyDBtoRealDB` CLI scripts against the promise-based ueberdb2 API, rejects unreachable `.`/`..` pad ids, and clears a batch of dependency security advisories (including CVE-2026-54285). On the CI side it unblocks the installer smoke test (which had been hanging the full 6-hour job ceiling since 3.2.0) and pins ueberdb2 past a startup-exit regression in the packaged boot. ##### Security - **Force `@opentelemetry/core` ≥ 2.8.0 (GHSA-8988-4f7v-96qf / CVE-2026-54285, [#​7975](https://redirect.github.com/ether/etherpad/issues/7975)).** The transitive dep (pulled in via `@elastic/elasticsearch` → `@elastic/transport`) had a `W3CBaggagePropagator.extract()` that did not enforce W3C size limits on inbound baggage headers, allowing unbounded memory allocation. Pinned via a `pnpm-workspace.yaml` override; satisfies the existing `2.x` range with no parent bump. - **Resolve open Dependabot security alerts ([#​7967](https://redirect.github.com/ether/etherpad/issues/7967)).** Refreshes stale override floors and adds new ones via `pnpm-workspace` overrides: `form-data` ≥ 4.0.6, `ws` ≥ 8.21.0, `esbuild` ≥ 0.28.1, `basic-ftp` ≥ 5.3.1 (capped `<6.0.0` to avoid a surprise major on the plugin-install path), `tar` ≥ 7.5.16, `js-yaml` ≥ 4.2.0, `qs` ≥ 6.15.2, `ip-address` ≥ 10.1.1, and `@babel/core` ≥ 7.29.6. - **Reject read-only deletion via token-less paths (part of [#​7959](https://redirect.github.com/ether/etherpad/issues/7959) / [#​7960](https://redirect.github.com/ether/etherpad/issues/7960)).** Under `allowPadDeletionByAllUsers` a read-only viewer was granted `canDeletePad=true`, and the server's `flagOk`/`creatorOk` branches never checked `session.readonly` — so a read-only link holder could delete a pad without a token. Read-only sessions are now excluded from both the client var and the server's token-less authorization paths; a valid recovery token stays sufficient regardless of session mode. ##### Notable enhancements - **Pad deletion — suppress the recovery token for durable identities and relabel the action ([#​7926](https://redirect.github.com/ether/etherpad/issues/7926) / [#​7930](https://redirect.github.com/ether/etherpad/issues/7930)).** Building on the `allowPadDeletionByAllUsers` suppression, a creator's deletion token is now also withheld when they have a *durable* identity — authenticated (`req.session.user` with a username) **and** the deployment pins that identity to a stable `authorID` via a `getAuthorId` hook — since only then does the creator survive a cookie clear or a different device, making the token redundant. This tightens the previous "require authentication ⇒ always suppress" rule: without `getAuthorId` the authorID still comes from the per-browser cookie, so an authenticated user on a second device is *not* the creator and keeps getting a token. A new `canDeleteWithoutToken` client var hides the whole recovery-token disclosure (label, field, submit) when no token is needed, and the recovery form now renders for all sessions (hidden by default) so an authenticated creator without a durable mapping still has UI to enter their token. `API.createPad` returns a `null` `deletionToken` under `allowPadDeletionByAllUsers`, matching the socket/UI path. - **Offline/air-gapped installs — env-var overrides for the update check, plugin catalog, and updater ([#​7917](https://redirect.github.com/ether/etherpad/issues/7917), addresses [#​7911](https://redirect.github.com/ether/etherpad/issues/7911)).** Firewalled deployments could not disable Etherpad's outbound calls without editing `settings.json` inside the image. The relevant keys are now wired through the `${ENV:default}` substitution in `settings.json.docker` and `settings.json.template`: `PRIVACY_UPDATE_CHECK`, `PRIVACY_PLUGIN_CATALOG`, `UPDATES_TIER` (`off` = no calls), `UPDATE_SERVER`, plus the docker-only `UPDATES_SOURCE` / `UPDATES_CHANNEL` / `UPDATES_CHECK_INTERVAL_HOURS` / `UPDATES_GITHUB_REPO` / `UPDATES_REQUIRE_ADMIN_FOR_STATUS`. A new "Updates & privacy" section in `doc/docker.md` documents the set; backend tests parse the shipped configs and fail if the `${ENV}` placeholders are dropped. Config, docs, and tests only — no runtime code change. ##### Notable fixes - **Pad — keep the token-less Delete button reachable without pad-wide settings ([#​7959](https://redirect.github.com/ether/etherpad/issues/7959) / [#​7960](https://redirect.github.com/ether/etherpad/issues/7960)).** The token-less `#delete-pad` button was nested inside the `enablePadWideSettings`-gated section, so disabling pad-wide settings removed the only no-token deletion path — and combined with [#​7926](https://redirect.github.com/ether/etherpad/issues/7926) hiding the token disclosure when no token is needed, a user allowed to delete could be left with no deletion UI at all. The button is now always rendered (hidden by default) and driven by a `canDeletePad` client var (creator or `allowPadDeletionByAllUsers`, excluding read-only sessions), so the plain button and the recovery-token disclosure are mutually coherent and neither depends on pad-wide settings. - **History mode — restore the saved-revision markers ([#​7946](https://redirect.github.com/ether/etherpad/issues/7946) / [#​7948](https://redirect.github.com/ether/etherpad/issues/7948)).** When [#​7659](https://redirect.github.com/ether/etherpad/issues/7659) moved the timeslider into the pad as an embedded iframe, the user-facing control became the outer `#history-slider-input`, but the saved-revision stars were still drawn into the now-hidden iframe `#ui-slider-bar`, so "Save Revision" appeared to do nothing in in-pad history mode (a 3.3.x regression). `pad_mode.ts` now bridges the embedded slider's saved revisions onto the outer slider as percentage-positioned, aria-hidden star markers (with click-to-seek for mouse users), and the server's `SAVE_REVISION` handler broadcasts `NEW_SAVEDREV` to the pad room so a revision saved by a collaborator appears live on an already-open history slider. A single revision saved at rev 0 now renders too. Adds Playwright coverage for both the single-client and two-client live paths. - **Import dialog — correct the outdated "no converter" help message ([#​7988](https://redirect.github.com/ether/etherpad/issues/7988) / [#​7989](https://redirect.github.com/ether/etherpad/issues/7989)).** The notice claimed only plain text and HTML could be imported and linked to the legacy AbiWord wiki, prompting LibreOffice installs for formats that already work natively. Etherpad imports `.txt`, `.html`, `.docx` (via mammoth) and `.etherpad` without LibreOffice; only `.pdf`/`.odt`/`.doc`/`.rtf` still need it. The message now says so and points at the documentation site. - **PadManager — reject unreachable `.` and `..` pad ids ([#​7962](https://redirect.github.com/ether/etherpad/issues/7962)).** `isValidPadId` accepted ids consisting only of URL dot-segments, but per the WHATWG URL standard a browser normalises `/p/.` to `/p/` and `/p/..` to `/`, so such a pad could be created in the database yet never opened or exported. These ids are now rejected, and the admin `deletePad` handler falls back to a raw key purge when `getPad()` throws so any legacy `.`/`..` pad can still be removed. ##### Internal / contributor-facing - **CLI — fix the database migration/import scripts against the ueberdb2 promise API ([#​7982](https://redirect.github.com/ether/etherpad/issues/7982) / [#​7983](https://redirect.github.com/ether/etherpad/issues/7983)).** `migrateDB.ts` opened source and target databases, copied all keys, then resolved without closing either — so under ueberdb2 6.1.x the keep-alive timer kept the process hanging after "Done syncing dbs", and buffered target writes were only guaranteed flushed on `close()`. It now closes both databases (flushing writes, clearing the timer) on success and error paths and exits with an explicit status. `importSqlFile.ts` and `migrateDirtyDBtoRealDB.ts` were ported off the pre-v6 callback API to `await db.init()` / `db.set(k, v)` / `db.close()`, removing two `@ts-ignore`s that hid broken calls and fixing an undefined `length` in a progress log; `tsc --noEmit` on the bin package is now clean. - **CI — stop the installer smoke test hanging the 6-hour job ceiling ([#​7981](https://redirect.github.com/ether/etherpad/issues/7981)).** The "Installer test" had hung on every ubuntu/macOS run since 3.2.0: `pnpm run prod` is a nested launcher, so `kill "$PID"; wait "$PID"` only signalled the outer pnpm and blocked forever if the node server didn't exit on SIGTERM. Teardown now runs the launcher in its own process group, kills the whole group (SIGTERM then SIGKILL), drops the blocking `wait`, and adds an 8-minute `timeout-minutes` backstop to both smoke steps. - **CI — run the Debian-package smoke test on PRs ([#​7969](https://redirect.github.com/ether/etherpad/issues/7969)).** The packaged-boot smoke test previously ran only on push to `develop` — i.e. after merge — which is why the ueberdb2 startup-exit regression turned `develop` red instead of being blocked at PR time. A `pull_request` trigger (scoped to production-footprint paths) now runs the build+smoke job on PRs; the release/apt-publish jobs stay tag-guarded. - **Release — park the non-functional `ep_etherpad` npm publish ([#​7922](https://redirect.github.com/ether/etherpad/issues/7922)).** The `releaseEtherpad` workflow republished `./src` as `ep_etherpad`, a package with zero dependents that nothing in the repo or any deployment path consumes, and it had been failing with E404 (no OIDC trusted publisher configured). The job is now gated behind an explicit `confirm: true` dispatch input so a stray run fails fast with a clear message, with the status documented in the workflow header and `AGENTS.MD`. - **Tests — port the orphaned legacy timeslider specs to Playwright ([#​7949](https://redirect.github.com/ether/etherpad/issues/7949)).** The `src/tests/frontend/specs/` mocha suite is run by no CI workflow, so its timeslider coverage was dead — which is how the [#​7946](https://redirect.github.com/ether/etherpad/issues/7946) history-mode regression reached a release. The still-meaningful cases (revision labels, export links, deep-link entry) were ported to `frontend-new` Playwright specs re-targeted at the real in-pad UI, and the three now-ported legacy specs were deleted. ##### Dependencies - `ueberdb2` pinned to `6.1.13`. 6.1.10 rewrote the cache/buffer layer to lazily arm an `.unref()`'d flush timer only when there are dirty keys, so on a fresh empty dirty DB nothing anchored Node's event loop and the packaged (.deb/systemd) boot could exit cleanly (code 0) before `server.listen()` bound the port — failing the Debian-package health check. The dep was pinned back to the last green release (6.1.9, [#​7969](https://redirect.github.com/ether/etherpad/issues/7969)) and then rolled forward to the now-fixed `6.1.13` ([#​7979](https://redirect.github.com/ether/etherpad/issues/7979)), pinned exactly rather than with a caret. - `nodemailer` 8.x → 9.0.1 ([#​7965](https://redirect.github.com/ether/etherpad/issues/7965) / [#​7950](https://redirect.github.com/ether/etherpad/issues/7950) / [#​7976](https://redirect.github.com/ether/etherpad/issues/7976)), `mongodb` 7.1.1 → 7.3.0 ([#​7941](https://redirect.github.com/ether/etherpad/issues/7941)), `pg` 8.21.0 → 8.22.0 ([#​7985](https://redirect.github.com/ether/etherpad/issues/7985)), `undici` → 8.5.0 ([#​7980](https://redirect.github.com/ether/etherpad/issues/7980) etc.), `oidc-provider` 9.8.4 → 9.8.5 ([#​7973](https://redirect.github.com/ether/etherpad/issues/7973)), `pdfkit` 0.19.0 → 0.19.1 ([#​7945](https://redirect.github.com/ether/etherpad/issues/7945)), `semver` 7.8.3 → 7.8.4 ([#​7943](https://redirect.github.com/ether/etherpad/issues/7943)), and `@radix-ui/react-switch` 1.3.0 → 1.3.1 ([#​7974](https://redirect.github.com/ether/etherpad/issues/7974)). - Dev/build dependency group updates ([#​7964](https://redirect.github.com/ether/etherpad/issues/7964), [#​7970](https://redirect.github.com/ether/etherpad/issues/7970), [#​7978](https://redirect.github.com/ether/etherpad/issues/7978), [#​7987](https://redirect.github.com/ether/etherpad/issues/7987), [#​7944](https://redirect.github.com/ether/etherpad/issues/7944), [#​7951](https://redirect.github.com/ether/etherpad/issues/7951), [#​7952](https://redirect.github.com/ether/etherpad/issues/7952), and others), including `@types/node` 25 → 26, `esbuild` 0.28.0 → 0.28.1, `eslint` 10.4.1 → 10.5.0, `@playwright/test` 1.60 → 1.61, `vitest` 4.1.8 → 4.1.9, and `actions/checkout` 6 → 7 ([#​7977](https://redirect.github.com/ether/etherpad/issues/7977)). </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9ldGhlcnBhZCIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=--> |
||
|
|
04124890cb |
chore(searxng): update image docker.io/searxng/searxng digest to d0f6ccf (#49346)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/searxng/searxng | digest | `ed29454` → `d0f6ccf` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9zZWFyeG5nIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9kaWdlc3QiXX0=--> |
||
|
|
e52ecf3fc9 |
chore(rflood): update image ghcr.io/hotio/rflood digest to 49c1885 (#49345)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | ghcr.io/hotio/rflood | digest | `99691b3` → `49c1885` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9yZmxvb2QiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==--> |
||
|
|
9849637c6e |
chore(qinglong): update image docker.io/whyour/qinglong digest to 560acc2 (#49344)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/whyour/qinglong](https://redirect.github.com/whyour/qinglong) | digest | `a50f545` → `560acc2` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9xaW5nbG9uZyIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvZGlnZXN0Il19--> |
||
|
|
c7960f4d94 |
feat(docker): update image docker 29.5.3 → 29.6.0 (#49350)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker | minor | `7278248` → `7bb861a` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9kb2NrZXIiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL21pbm9yIl19--> |
||
|
|
7be1c4ddaa |
chore(nitter): update image docker.io/zedeus/nitter digest to 9fdd458 (#49343)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/zedeus/nitter | digest | `f724be5` → `9fdd458` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9uaXR0ZXIiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==--> |
||
|
|
e36bfec97c |
feat(wekan): update image docker.io/wekanteam/wekan v9.65 → v9.67 (#49342)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/wekanteam/wekan](https://redirect.github.com/wekan/wekan) | minor | `a453464` → `6a6a5cc` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>wekan/wekan (docker.io/wekanteam/wekan)</summary> ### [`v9.67`](https://redirect.github.com/wekan/wekan/blob/HEAD/CHANGELOG.md#v967-2026-06-21-WeKan--release) [Compare Source](https://redirect.github.com/wekan/wekan/compare/v9.65...v9.67) This release fixes the following bugs: - [Reworked confusing and unreliable list widths](https://redirect.github.com/wekan/wekan/issues/6409), [#​6409](https://redirect.github.com/wekan/wekan/issues/6409): a list now has **one** width instead of the old "min width / max width / automatic" trio, and it reliably persists across reloads (the render now drives the `--list-width` CSS variable the styles actually use, so a width no longer reverts to `auto` after reload). A new board setting **Personal list widths** chooses the scope: - **Off (default) — Shared:** the width lives on the list (`lists.width`), is the same for everyone on the board, and only members with write access can change it (read-only/comment-only members no longer see the resize handle). Shared widths are included in board **export/import** (the importer previously dropped `lists.width`; it now preserves width, color and collapsed state, and the board's list-width scope). - **On — Personal:** each user keeps their own widths (profile, or localStorage when not logged in), falling back to the shared width then the default. The per-list popup is simplified to a single width value plus an **Auto list width** toggle (fit lists to content); the advanced per-list min/max pixel options were removed. Auto-width follows the same Shared/Personal scope (per-board for everyone, or per-user) and is carried through export/import. Documented in `docs/Features/Lists/Lists.md`. - `rebuild-wekan.sh` / `rebuild-wekan.bat` menu option 2 ("Build WeKan") now also clears the rspack dev-build caches (`_build` and `node_modules/.cache`) in addition to `node_modules` / `.meteor/local` / `.build`, so the next `meteor run` recompiles from scratch instead of occasionally serving stale modules after a `git` checkout/merge. - `rebuild-wekan.sh` / `rebuild-wekan.bat` now give the Meteor build tool and Node a larger heap by default (`TOOL_NODE_FLAGS` and `NODE_OPTIONS` = `--max-old-space-size=8192`) for every dev-run, test and build option, so long development sessions and test runs no longer crash with "FATAL ERROR: ... JavaScript heap out of memory". Both honor an existing value, so you can lower it on machines with less RAM. - [Fixed editing the 2nd/3rd organization or team in Admin Panel › People always showing the FIRST one](https://redirect.github.com/wekan/wekan/issues/6411), [#​6411](https://redirect.github.com/wekan/wekan/issues/6411): on `/people`, clicking *Edit* on any organization or team filled the form with the first one's values (so you could never edit the others). The edit/settings popups are opened from the row with data context `{ org }` / `{ team }`, but their helpers read `this.orgId` / `this.teamId` (undefined there) and called `getOrg(undefined)` / `getTeam(undefined)`, which `findOne({})` resolves to the first document. The popup helpers, the save handlers and the delete (settings) handlers now resolve the clicked row's id from the `{ org }` / `{ team }` context. Verified against a running instance (each org/team now edits its own values). - **Fixed boards not rendering at all (blank board view) after the mongodb/bson 7.3.0 dependency bump.** bson 7.x runs `const { startupSnapshot } = globalThis?.process?.getBuiltinModule('v8') ?? {}` at module-load time; the optional chaining stops before the *call*, so in the browser — where a partial `process` polyfill exists but has no `getBuiltinModule` — it threw `TypeError: getBuiltinModule is not a function` while evaluating `client/components/cards/attachments.js` (`import { ObjectId } from 'bson'`). That aborted the client bundle bootstrap part-way through `client/imports.js`, so every feature imported after it (notifications, swimlanes, rules, …) was never registered and the board view died with `No such template: notifications`. Added a tiny browser shim (`client/lib/bsonBrowserShim.js`, imported first in `client/main.js`) that gives the browser `process` a no-op `getBuiltinModule`, so bson takes its intended `?? {}` fallback. New unit tests (`client/lib/tests/bsonBrowserShim.tests.js`); also hardened the [#​5686](https://redirect.github.com/wekan/wekan/issues/5686) Playwright spec to run against a rendering board. ([PR #​6410](https://redirect.github.com/wekan/wekan/pull/6410)) - [Fixed REST API returning HTTP 500 with a stack trace for an invalid request](https://redirect.github.com/wekan/wekan/pull/6406), [#​5804](https://redirect.github.com/wekan/wekan/issues/5804): posting a comment without the required `comment` parameter (or to a board that does not exist) returned an HTTP 500 error page. The schema-validation error thrown on insert is a circular object (`SimpleSchemaValidationContext` → `SimpleSchema` → …), and serializing it crashed the response writer (`Converting circular structure to JSON`). Now: the `comment` parameter is validated and a missing/empty one returns **HTTP 400**; an unknown board returns **HTTP 404** (the board-access checks no longer dereference `board.members` of a non-existent board); the JSON response writer is crash-proof (falls back to a safe `{ "error": … }` payload instead of throwing); and REST comment errors now use their real status code instead of `200`. New unit tests in `server/lib/tests/apiResponseHelpers.tests.js`. ([PR #​6406](https://redirect.github.com/wekan/wekan/pull/6406)) - [Fixed selecting text in a checklist closing the card](https://redirect.github.com/wekan/wekan/pull/6407), [#​5686](https://redirect.github.com/wekan/wekan/issues/5686): selecting the text of a checklist item and releasing the mouse outside the card detail pane closed the card. The checklist items template stops `mousedown` propagation (for item sorting), so the existing `cardDetailsIsDragging` guard never engaged and the document-level "click outside to close" handler closed the card. The close handler now also keeps the card open whenever a live text selection is anchored inside the card pane (new propagation-independent guard `client/lib/cardCloseGuard.js`), so a deliberate click on empty board space still closes the card. New unit tests in `client/lib/tests/cardCloseGuard.tests.js` and a Playwright regression test in `tests/playwright/specs/34-checklist-text-selection.e2e.js`. ([PR #​6407](https://redirect.github.com/wekan/wekan/pull/6407)) - [Fixed list reordering throwing `403 Access denied` for read-only members](https://redirect.github.com/wekan/wekan/issues/5462), [#​5462](https://redirect.github.com/wekan/wekan/issues/5462): read-only / comment-only board members could still drag-reorder lists, which fired a server write that allow/deny rejected with `403 Access denied` (the list then snapped back). Of the three list jQuery-UI sortables in `client/components/swimlanes/swimlanes.js`, one was not gated on `Utils.canModifyBoard()`; it now is, consistent with the other two, plus a defense-in-depth guard so a logged-in user without write access can never persist a reorder (anonymous public-board reordering via localStorage is unaffected). The server already enforced this; the fix stops the unauthorized drag and the console error. New Playwright regression test in `tests/playwright/specs/35-list-sort-permissions.e2e.js`. ([PR #​6408](https://redirect.github.com/wekan/wekan/pull/6408)) Thanks to GitHub users Atry, mueller-ma and liferadioat for reporting. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC93ZWthbiIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=--> |
||
|
|
d05c447316 |
BREAKING CHANGE(firefox): Update image ghcr.io/linuxserver/firefox 1151.0.4 → 1152.0.1 (#49331)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/linuxserver/firefox](https://redirect.github.com/linuxserver/docker-firefox/packages) ([source](https://redirect.github.com/linuxserver/docker-firefox)) | major | `e31d817` → `1f4c0ce` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9maXJlZm94IiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9tYWpvciJdfQ==--> |
||
|
|
a2b5449a88 | feat(tdarr-node): update image docker.io/haveagitgat/tdarr_node 2.78.01 → 2.79.01 (#49340) | ||
|
|
e5fbd43630 | fix(flexo): update image docker.io/nroi/flexo 1.6.10 → 1.6.11 (#49337) | ||
|
|
5c1ab274fd |
chore(tt-rss): update image ghcr.io/tt-rss/tt-rss digest to d6f6988 (#49336)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | ghcr.io/tt-rss/tt-rss | digest | `9018758` → `d6f6988` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC90dC1yc3MiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==--> |
||
|
|
3ec7d38588 |
chore(rsshub): update image docker.io/diygod/rsshub digest to 281d34b (#49335)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/diygod/rsshub | digest | `264b47f` → `281d34b` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9yc3NodWIiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==--> |
||
|
|
0f7e797be0 | chore(blender): update image lscr.io/linuxserver/blender digest to cf6ebad (#49333) | ||
|
|
af89c32a8a |
fix(gitea): update image docker.io/gitea/gitea 1.26.3 → 1.26.4 (#49338)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/gitea/gitea](https://redirect.github.com/go-gitea/gitea) | patch | `4d1d796` → `cd1d261` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>go-gitea/gitea (docker.io/gitea/gitea)</summary> ### [`v1.26.4`](https://redirect.github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#1264---2026-06-21) [Compare Source](https://redirect.github.com/go-gitea/gitea/compare/v1.26.3...v1.26.4) - SECURITY - fix(auth): do not auto-reactivate disabled users on OAuth2 callback ([#​38009](https://redirect.github.com/go-gitea/gitea/issues/38009)) ([#​38183](https://redirect.github.com/go-gitea/gitea/issues/38183)) - BUGFIXES - fix: walk git log context error handling ([#​38182](https://redirect.github.com/go-gitea/gitea/issues/38182)) ([#​38185](https://redirect.github.com/go-gitea/gitea/issues/38185)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9naXRlYSIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=--> |
||
|
|
907730b086 | chore(automatic-ripping-machine): update image docker.io/automaticrippingmachine/automatic-ripping-machine digest to 1a8f270 (#49332) | ||
|
|
18c5e5022b |
feat(tdarr): update image docker.io/haveagitgat/tdarr 2.78.01 → 2.79.01 (#49341)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/haveagitgat/tdarr](https://redirect.github.com/HaveAGitGat/tdarr_express_be) | minor | `e5163f3` → `d32377a` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC90ZGFyciIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=--> |
||
|
|
1556a2a4fa |
fix(tandoor-recipes): update image ghcr.io/tandoorrecipes/recipes 2.6.9 → 2.6.11 (#49339)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/tandoorrecipes/recipes](https://redirect.github.com/TandoorRecipes/recipes) | patch | `969c5b3` → `2eb9a80` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>TandoorRecipes/recipes (ghcr.io/tandoorrecipes/recipes)</summary> ### [`v2.6.11`](https://redirect.github.com/TandoorRecipes/recipes/releases/tag/2.6.11) [Compare Source](https://redirect.github.com/TandoorRecipes/recipes/compare/2.6.10...2.6.11) - **improved** pantry booking dialog and table - **fixed** another order parameter ### [`v2.6.10`](https://redirect.github.com/TandoorRecipes/recipes/releases/tag/2.6.10) [Compare Source](https://redirect.github.com/TandoorRecipes/recipes/compare/2.6.9...2.6.10) - **fixed** recipes marked as private could be viewed trough API utility endpoints <https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-cqj3-64qw-4w52> - **fixed** recipe search and recipe book API endpoints accepting any order by attribute <https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-4x57-2q4q-xwpp> - **fixed** regex ddos possibility in automation engine <https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-f2gw-c2c7-59v7> - **fixed** AI Providers could be configured with malicious URLs to allow SSRF <https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-wq4h-2r8x-cv65> - ⚠️ if you are using custom AI backends you need to add them to the new `AI_ALLOWED_URLS` settings (see <https://docs.tandoor.dev/system/configuration/#ai-integration>) - **fixed** bookmarklets of other users in your own space could be accessed/deleted <https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-4vw7-c646-g23w> - **updated** lots of dependencies - **updated** translations for various languages </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC90YW5kb29yLXJlY2lwZXMiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19--> |
||
|
|
30aa35d955 |
chore(nitter): update image docker.io/zedeus/nitter digest to f724be5 (#49334)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/zedeus/nitter | digest | `2eb2292` → `f724be5` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9uaXR0ZXIiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==--> |
||
|
|
7d52297319 | chore(medusa): update image ghcr.io/linuxserver/medusa digest to 4720869 (#49328) | ||
|
|
76b3891e8e |
fix(vocechat-server): update image docker.io/privoce/vocechat-server v0.5.19 → v0.5.20 (#49330)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/privoce/vocechat-server | patch | `ce9edf2` → `e5007e9` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC92b2NlY2hhdC1zZXJ2ZXIiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19--> |
||
|
|
f1661d8326 |
chore(nitter): update image docker.io/zedeus/nitter digest to 2eb2292 (#49329)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/zedeus/nitter | digest | `cb58e02` → `2eb2292` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9uaXR0ZXIiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==--> |
||
|
|
598dc40402 | fix(vocechat-server): update image docker.io/privoce/vocechat-server v0.5.18 → v0.5.19 (#49327) | ||
|
|
9e741f64ce | fix(multus-cni): update image docker.io/alpine/crane 0.21.6 → 0.21.7 (#49326) | ||
|
|
e4de601c13 | chore(steam-headless): update image docker.io/josh5/steam-headless digest to adbc8de (#49324) | ||
|
|
2938c519a8 |
fix(mstream): update image ghcr.io/linuxserver/mstream 6.11.1 → 6.11.2 (#49325)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/linuxserver/mstream](https://redirect.github.com/linuxserver/docker-mstream/packages) ([source](https://redirect.github.com/linuxserver/docker-mstream)) | patch | `ce2f683` → `b2ca98d` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9tc3RyZWFtIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9wYXRjaCJdfQ==--> |
||
|
|
a6461f8e2e |
chore(anything-llm): update image ghcr.io/mintplex-labs/anything-llm digest to 31a3d37 (#49321)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | ghcr.io/mintplex-labs/anything-llm | digest | `16f75d1` → `31a3d37` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9hbnl0aGluZy1sbG0iLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==--> |
||
|
|
d750988287 |
chore(nitter): update image docker.io/zedeus/nitter digest to cb58e02 (#49323)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/zedeus/nitter | digest | `1bc87a3` → `cb58e02` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9uaXR0ZXIiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==--> |
||
|
|
5223ee6efc |
chore(farmos): update image docker.io/farmos/farmos digest to e297af5 (#49322)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/farmos/farmos | digest | `d083818` → `e297af5` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9mYXJtb3MiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==--> |
||
|
|
fbf207006c |
Commit daily changes
Signed-off-by: TrueCharts-Bot <bot@truecharts.org> |
||
|
|
731d30dcef |
chore(nitter): update image docker.io/zedeus/nitter digest to 1bc87a3 (#49316)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/zedeus/nitter | digest | `6879f43` → `1bc87a3` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9uaXR0ZXIiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==--> |
||
|
|
3da7fbf450 |
feat(wekan): update image docker.io/wekanteam/wekan v9.64 → v9.65 (#49320)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/wekanteam/wekan](https://redirect.github.com/wekan/wekan) | minor | `ed6c960` → `a453464` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>wekan/wekan (docker.io/wekanteam/wekan)</summary> ### [`v9.65`](https://redirect.github.com/wekan/wekan/blob/HEAD/CHANGELOG.md#v965-2026-06-20-WeKan--release) [Compare Source](https://redirect.github.com/wekan/wekan/compare/v9.64...v9.65) This release adds the following updates: - Issue triage: closed 13 already-fixed Bug issues (with evidence), relabeled \~25 mislabeled feature requests to `Feature` with a "Feature Request:" title prefix, and prefixed \~35 environment-specific reports "Environment specific:" and gave them the `Bug:Environment-specific` label. - Audited labels on all 533 open issues for correctness (type, `Feature:Area`, `Targets:`, `Severity:`, etc.). - Added 23 missing GitHub labels found by auditing `docs/Login` and `docs/Features` against the issue labels, matching the existing label style and colours (`Feature:*` = `#​0052cc`, `Targets:*` = `#fbca04`), and applied them across open and closed issues: - Login methods (`Feature:User-accounts:*`): ADFS, Azure, B2C, Google, Header-Login, Nextcloud, Oracle, Zitadel, Autologin, Accounts-Lockout, Forgot-Password. - Features: `Feature:LaTeX`, `Feature:Mermaid-Diagram`, `Feature:Emoji`, `Feature:Python`, `Feature:Cards:Cover`, `Feature:Cards:Location`, `Feature:Custom-Logo`, `Feature:RTL`, `Feature:Members`, `Feature:Multitenancy`, `Feature:Allow-private-boards-only`. - Platform: `Targets:Apache`. and adds the following new features: - [Threaded comment replies](https://redirect.github.com/wekan/wekan/commit/bdb8e6254): card comments gain an optional `parentId`; a "Reply" link links a new comment to its parent, rendered with an "in reply to" quote. Initial MVP (single-level visual threading). - [Restrict board admins from editing/deleting other users' comments](https://redirect.github.com/wekan/wekan/commit/bdb8e6254): new board setting `restrictCommentEditing` (default off). When on, only a comment's author may edit/delete it; enforced server-side via collection hooks. - [Visible status of sub-tasks](https://redirect.github.com/wekan/wekan/commit/d7ae93bb2): each subtask now shows its current list (prefixed with the board title when on a different board) read-only next to its title. - [Drag-and-drop search results into board columns](https://redirect.github.com/wekan/wekan/commit/b998246c3): cards in the search-results list can be dragged onto board lists, reusing the existing `card.move()`. MVP: drops append to the end of the target list (no pixel-precise insertion index yet). - [Per-user permanent dismissal of the Announcement banner](https://redirect.github.com/wekan/wekan/commit/bf75efaef): a user can permanently close the current announcement so it does not reappear on reload/board-switch, until the admin edits the announcement text (which makes it reappear for everyone). - [Show how many times a card's due date was changed](https://redirect.github.com/wekan/wekan/commit/a8ed326a5): the card detail now displays a "due date changed N times" count (derived from existing `a-dueAt` activities) for deadline accountability. - [Restrict adding board members to the same Organization or Team](https://redirect.github.com/wekan/wekan/commit/371258a6d): new global admin setting `boardMembersFromSameOrgOrTeamOnly` (default off). When on, a user can only be added to a board if they share an Organization or Team with the inviter or an active board member; enforced server-side in the invite/search paths. Site admins bypass. - [Import Google Calendar `.ics` files into board cards](https://redirect.github.com/wekan/wekan/commit/0a43d8ac3): MVP, import-only. New dependency-free iCalendar parser (`server/lib/icsImport.js`) maps each `VEVENT` to a card with `startAt`/`dueAt` so events appear on Calendar/Gantt views, plus an `importIcsToBoard` Meteor method and a REST endpoint `POST /api/boards/:boardId/swimlanes/:swimlaneId/lists/:listId/ics` (documented in the OpenAPI spec, with an `importics` example in `api.py`). Two-way Google Calendar sync is not included (see [wekan-ical-server](https://redirect.github.com/wekan/wekan-ical-server) for read-only WeKan→calendar export). and fixes the following bugs: - [Fixed OIDC/OAuth2 "Log Out" redirecting to the identity provider home page instead of back to Wekan](https://redirect.github.com/wekan/wekan/commit/9e50c69eaaec8928b4eb8a122f9cb6f0447464a9). With autologin (`OIDC_REDIRECTION_ENABLED=true`), clicking Log Out redirected to the OAuth2 server URL (for example the Keycloak base URL `https://id.company.com`), which shows an error page for non-admin users. Added the new optional `OAUTH2_LOGOUT_ENDPOINT` setting: when set to the provider's `end_session_endpoint` (Keycloak example `/realms/<realm>/protocol/openid-connect/logout`), Wekan now performs an OIDC RP-initiated logout that ends the identity provider session and returns the user to Wekan (`ROOT_URL`) via `post_logout_redirect_uri`. When unset, logout behaviour is unchanged, so this is backward compatible. For Keycloak 18+, add your Wekan `ROOT_URL` to the client's *Valid post logout redirect URIs*. See [docs/Login/Keycloak/Keycloak.md](https://redirect.github.com/wekan/wekan/blob/main/docs/Login/Keycloak/Keycloak.md). Thanks to zambalee and xet7. - [Fixed due dates not correctly colour coded](https://redirect.github.com/wekan/wekan/commit/086254e10): future due dates more than 48 hours away are now shaded grey (`not-due`) instead of amber (`due-soon`). Root cause was a call to `diff(theDate, now, 'days')` where `'days'` is not a valid unit, so the threshold compared raw milliseconds; replaced with a precise hours-based comparison in a single shared helper. - [Fixed due date colour mismatch between list and card detail](https://redirect.github.com/wekan/wekan/commit/086254e10): an overdue card now shows red in both the minicard/list and the opened card detail. The card-detail status colours now use `!important` so overdue red overrides the due-date yellow base (matching the minicard), and the colour-decision logic is unified into one shared helper used by both views. - [Fixed unable to view all cards by due date](https://redirect.github.com/wekan/wekan/commit/b3acbd692): removed the `limit: 100` cap in the `dueCards` publication so all of a user's due cards across boards are shown. - [Fixed unable to scroll past the first cards in the Due Cards view on mobile](https://redirect.github.com/wekan/wekan/commit/b3acbd692): the due-cards list now has a scoped scroll container with a viewport-relative max height. - [Fixed card-detail sub-popups disappearing on mobile](https://redirect.github.com/wekan/wekan/commit/5c890baca): assigning a user or setting the due date on touch devices no longer closes the popup (touch events inside the popup no longer bubble to the click-outside close handler on mobile viewports). - [Fixed mobile board layout and tiny Home button](https://redirect.github.com/wekan/wekan/commit/5c890baca): minicards now render one per row (full width) on narrow screens and the header Home / All Boards button is a proper tap target. - [Fixed enormous icons/menus/text after upgrade](https://redirect.github.com/wekan/wekan/commit/5c890baca): clamped runaway icon/label sizing on mobile. - [Fixed oversized padding/margins and stray ➕ emoji from recent UI changes](https://redirect.github.com/wekan/wekan/commit/5c890baca): trimmed excessive padding/margins on mobile; remaining stray plus emojis are tracked for replacement with a Font Awesome icon. - [Fixed board-level search not including comments](https://redirect.github.com/wekan/wekan/commit/b998246c3): in-board search now matches text inside card comments, consistent with global search. - [Fixed "create list" not available in Lists board-view mode](https://redirect.github.com/wekan/wekan/commit/c18ae388b): the "Add list" composer now appears in Lists mode (using the board's default swimlane), not only in Swimlanes mode. - [Fixed board/list/swimlane numbering breaking first-letter keyboard navigation](https://redirect.github.com/wekan/wekan/commit/fe4d2a56f): the move/copy card popups no longer prefix a number to each option, so options start with their name again and digit-named boards are readable. - [Fixed missing notification and card-history entry when a new attachment is uploaded](https://redirect.github.com/wekan/wekan/commit/f59273508): uploading an attachment now creates an `addAttachment` activity, so card members and subscribers are notified (consistent with attachment removal); previously the activity was never created because the store-strategy upload hook was dead code. - [Fixed copying a card selecting all/unnamed labels on the destination board](https://redirect.github.com/wekan/wekan/commit/d26d117e3): `Cards.copy()` now applies the same unnamed-label guard as `Cards.move()` and persists the remapped labels onto the inserted card. - [Fixed copied card losing its cover ("show as thumb")](https://redirect.github.com/wekan/wekan/commit/a0e701708): `coverId` is now remapped to the newly copied attachment instead of pointing at the original (now-unresolvable) attachment id. - [Fixed deleting a date on a linked card not taking effect](https://redirect.github.com/wekan/wekan/commit/09e9c993e): `unsetReceived/unsetStart/unsetDue/unsetEnd` now resolve the real card id via `getRealId()` (consistent with the `set*` methods) so they update the underlying linked card, not the link placeholder. - [Fixed comment-only members being able to archive cards from the UI](https://redirect.github.com/wekan/wekan/commit/aa412b2a1): the archive action now respects `Utils.canModifyCard()` like every other mutating card action (the server allow-rule already rejected the write; this closes the client-side UX gap). - [Fixed sub-task board being inaccessible until a reload](https://redirect.github.com/wekan/wekan/commit/45bd7dcc8): the "view subtask" navigation now guards against a not-yet-loaded board, mirroring the sibling handler. - [Fixed the "When a card is moved to Archive" rule trigger not being activatable](https://redirect.github.com/wekan/wekan/commit/da7c06ec6): a CSS class-name mismatch (`js-add-arc-trigger` vs `js-add-arch-trigger`) between the board-triggers template and its click handler is fixed, with a regression test. - [Fixed "select all in list" crossing swimlanes](https://redirect.github.com/wekan/wekan/commit/300a9751e): list select-all is now scoped to the current swimlane in swimlanes view (`allCards()` gained an optional swimlane scope); list-wide behaviour is preserved where there is no swimlane context. - [Fixed copying a swimlane to another board losing card labels](https://redirect.github.com/wekan/wekan/commit/9643dcded): missing board-level labels are now recreated on the destination board (preserving colour) before the per-card copy so label assignments survive. - [Fixed Calendar View ignoring the start-day-of-week setting](https://redirect.github.com/wekan/wekan/commit/7eec78c04): FullCalendar's `firstDay` is now derived from `getStartDayOfWeek()` instead of the locale default. - [Fixed deleted-attachment notification crediting the uploader instead of the deleter](https://redirect.github.com/wekan/wekan/commit/2ba8882d8): the `deleteAttachment` activity now records the acting user (falling back to the uploader for server/system removals). - [Fixed updating a card title not firing the outgoing webhook](https://redirect.github.com/wekan/wekan/commit/9aa97ab8f): a title change now logs an `a-changedTitle` activity (rendered in the activity feed) so the existing outgoing-webhook hook fires, consistent with description/date changes. - [Fixed @​mention: pressing Enter to pick a user closed the card / submitted the comment](https://redirect.github.com/wekan/wekan/commit/3ce75dd87), also [#​4172](https://redirect.github.com/wekan/wekan/issues/4172) and [#​5457](https://redirect.github.com/wekan/wekan/issues/5457): when the @​mention autocomplete dropdown is open, Enter now selects the highlighted user instead of submitting/closing (shared textcomplete keydown guard hardened). - [Fixed REST card API move/sort/date/archive bugs](https://redirect.github.com/wekan/wekan/commit/39e12035e): consolidated duplicated board-move variable names ([#​5398](https://redirect.github.com/wekan/wekan/issues/5398)); moving a card to another list via the API now puts it on top of the destination list like the Move Card dialog ([#​5399](https://redirect.github.com/wekan/wekan/issues/5399)); due/received/start/end dates set via the API now persist instead of being stripped ([#​5537](https://redirect.github.com/wekan/wekan/issues/5537)); and archived cards can be inspected via the single-card GET and de-archived without needing a `list_id` ([#​5546](https://redirect.github.com/wekan/wekan/issues/5546)). - [Fixed the per-checklist "Hide checked items" toggle being inverted and affecting all checklists](https://redirect.github.com/wekan/wekan/commit/e98aae278): it is now read per checklist and hides an item exactly when it is checked and that checklist's toggle is on. - [Fixed setting a list/swimlane colour to `silver` saving it as None](https://redirect.github.com/wekan/wekan/commit/6f8543322): list/swimlane colours are normalized through a shared canonical allowed-colour helper, so `silver` (and every offered colour) is accepted and rendered. - [Fixed internal caret `^board^` helper boards appearing in board lists and the REST API](https://redirect.github.com/wekan/wekan/commit/f819054bb): caret-wrapped titles and non-`board` types are now filtered from `/api/users/:userId/boards`, `/api/boards` and the `Boards.userBoards` helper, consistent with the UI. - [Fixed being unable to remove a deleted (non-existent) user from a board's members](https://redirect.github.com/wekan/wekan/commit/beac9e3d7): orphaned member entries are now hard-removed by userId even when the user account no longer exists. - [Fixed a custom number field displaying as `NaN` when cleared after being set](https://redirect.github.com/wekan/wekan/commit/98315c26c): an empty number value is stored as `''` and rendered as empty via a shared `formatNumberValue` helper. - [Fixed subtask creation producing extra swimlanes/columns and only allowing one subtask](https://redirect.github.com/wekan/wekan/commit/4b27313c7), also [#​5788](https://redirect.github.com/wekan/wekan/issues/5788), [#​2256](https://redirect.github.com/wekan/wekan/issues/2256) and [#​4782](https://redirect.github.com/wekan/wekan/issues/4782): subtask creation is now server-authoritative (`addSubtaskCard` Meteor method) and client-side auto-creation of the default subtasks board/list is guarded to the server, so the client can no longer create duplicate subtasks boards/swimlanes and multiple subtasks can be created reliably. - [Fixed board "always on card" custom fields not being applied to new subtask cards](https://redirect.github.com/wekan/wekan/commit/4b27313c7), also [#​3562](https://redirect.github.com/wekan/wekan/issues/3562): the destination board's automatic custom fields are now added to a new subtask. - [Fixed a circular subtask/parent reference hanging the whole board](https://redirect.github.com/wekan/wekan/commit/4b27313c7): the parent-chain guard compared array indices instead of ids; it now compares by value and `setParentId` refuses a cyclic re-parent. - [Fixed the board Subtasks "Landing list for subtasks deposited here" setting not saving / showing the wrong list](https://redirect.github.com/wekan/wekan/commit/774289f92), also [#​3876](https://redirect.github.com/wekan/wekan/issues/3876), [#​4849](https://redirect.github.com/wekan/wekan/issues/4849) and [#​4947](https://redirect.github.com/wekan/wekan/issues/4947): the settings popup now reads the deposit board's lists and matches the stored `subtasksDefaultListId`. - [Fixed the subtask "View it" button opening the parent card instead of the subtask](https://redirect.github.com/wekan/wekan/commit/c5cdc7b65): navigation now targets the subtask's own board/card. - [Fixed deleting a card not firing the outgoing webhook](https://redirect.github.com/wekan/wekan/commit/7bb7540ba): card deletion now creates a `deleteCard` activity (in the before-remove hook and the REST delete endpoints) so the outgoing webhook fires; board/list/swimlane deletion already emitted their delete activities ([#​2950](https://redirect.github.com/wekan/wekan/issues/2950)). - [Fixed a configured outgoing webhook making it impossible to set card members](https://redirect.github.com/wekan/wekan/commit/8863ec24a): outgoing webhook delivery is now fire-and-forget and error-isolated, so a slow/unreachable/failing webhook endpoint can no longer abort the member update. Thanks to above GitHub users for their contributions and translators for their translations. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC93ZWthbiIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=--> |
||
|
|
ac3e3ca2d7 |
feat(ghostfolio): update image docker.io/ghostfolio/ghostfolio 3.12.0 → 3.13.0 (#49319)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/ghostfolio/ghostfolio](https://redirect.github.com/ghostfolio/ghostfolio) | minor | `f8728e6` → `1d62d9a` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>ghostfolio/ghostfolio (docker.io/ghostfolio/ghostfolio)</summary> ### [`v3.13.0`](https://redirect.github.com/ghostfolio/ghostfolio/blob/HEAD/CHANGELOG.md#3130---2026-06-20) [Compare Source](https://redirect.github.com/ghostfolio/ghostfolio/compare/3.12.0...3.13.0) ##### Added - Added an icon to indicate external links in the page tabs component - Added the Korean (`ko`) language to the footer - Added a data gathering frequency (`DAILY` or `HOURLY`) to the asset profile to control the market data gathering interval ##### Changed - Changed the *Fear & Greed Index* (market mood) in the markets overview to use the stored market data instead of a live quote - Moved the endpoint to get the asset profiles from `GET api/v1/admin/market-data` to `GET api/v1/asset-profiles` - Moved the endpoint to get the asset profile details from `GET api/v1/market-data/:dataSource/:symbol` to `GET api/v1/asset-profiles/:dataSource/:symbol` - Added the selected asset profile count to the delete menu item of the historical market data table in the admin control panel - Added the selected asset profile count to the deletion confirmation dialog of the historical market data table in the admin control panel - Improved the sorting to be case-insensitive in the platform management of the admin control panel - Improved the sorting to be case-insensitive in the tag management of the admin control panel - Improved the language localization for German (`de`) - Upgraded `yahoo-finance2` from version `3.14.2` to `3.15.3` ##### Fixed - Fixed an issue with the localization of the country names - Fixed an issue in the data provider service where quotes could be missing for symbols that exist in multiple data sources by keying the quotes response by the asset profile identifier </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9naG9zdGZvbGlvIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9taW5vciJdfQ==--> |
||
|
|
94ec1ff6e5 |
fix(gitea): update image docker.io/gitea/gitea 1.26.2 → 1.26.3 (#49317)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/gitea/gitea](https://redirect.github.com/go-gitea/gitea) | patch | `c5c21a7` → `4d1d796` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>go-gitea/gitea (docker.io/gitea/gitea)</summary> ### [`v1.26.3`](https://redirect.github.com/go-gitea/gitea/releases/tag/v1.26.3) [Compare Source](https://redirect.github.com/go-gitea/gitea/compare/v1.26.2...v1.26.3) - BREAKING - fix(actions)!: require merged PR to bypass fork PR approval gate ([#​38010](https://redirect.github.com/go-gitea/gitea/issues/38010)) ([#​38041](https://redirect.github.com/go-gitea/gitea/issues/38041)) - SECURITY - fix(hostmatcher): patch incorrect private list ([#​38170](https://redirect.github.com/go-gitea/gitea/issues/38170)) ([#​38173](https://redirect.github.com/go-gitea/gitea/issues/38173)) - fix: Various security fixes ([#​38103](https://redirect.github.com/go-gitea/gitea/issues/38103)) ([#​38151](https://redirect.github.com/go-gitea/gitea/issues/38151)) - fix: Various sec fixes ([#​38108](https://redirect.github.com/go-gitea/gitea/issues/38108)) ([#​38147](https://redirect.github.com/go-gitea/gitea/issues/38147)) - fix: allow git clone of private repos with anonymous code access ([#​38074](https://redirect.github.com/go-gitea/gitea/issues/38074)) ([#​38146](https://redirect.github.com/go-gitea/gitea/issues/38146)) - fix(auth): ignore stale OIDC external login links to organizations ([#​37875](https://redirect.github.com/go-gitea/gitea/issues/37875)) ([#​38141](https://redirect.github.com/go-gitea/gitea/issues/38141)) - fix(hostmatcher): block reserved IP ranges from external/private filters ([#​38039](https://redirect.github.com/go-gitea/gitea/issues/38039)) ([#​38059](https://redirect.github.com/go-gitea/gitea/issues/38059)) - fix(lfs): require Code-unit access for cross-repo LFS object reuse ([#​38006](https://redirect.github.com/go-gitea/gitea/issues/38006)) ([#​38050](https://redirect.github.com/go-gitea/gitea/issues/38050)) - fix(lfs): reject unknown SSH LFS sub-verbs to prevent auth bypass ([#​38008](https://redirect.github.com/go-gitea/gitea/issues/38008)) ([#​38015](https://redirect.github.com/go-gitea/gitea/issues/38015)) - fix: bound CODEOWNERS regex match time ([#​38011](https://redirect.github.com/go-gitea/gitea/issues/38011)) ([#​38025](https://redirect.github.com/go-gitea/gitea/issues/38025)) - fix: bound debian ParseControlFile to a single control stanza ([#​38044](https://redirect.github.com/go-gitea/gitea/issues/38044)) ([#​38055](https://redirect.github.com/go-gitea/gitea/issues/38055)) - fix(deps): update module golang.org/x/net to v0.55.0 \[security] ([#​37813](https://redirect.github.com/go-gitea/gitea/issues/37813)) ([#​37829](https://redirect.github.com/go-gitea/gitea/issues/37829)) - API - feat(api): add Link header in ListForks ([#​38052](https://redirect.github.com/go-gitea/gitea/issues/38052)) ([#​38063](https://redirect.github.com/go-gitea/gitea/issues/38063)) - BUGFIXES - fix: Fix the panic when ssh remote lfs endpoint parsing failure ([#​38026](https://redirect.github.com/go-gitea/gitea/issues/38026)) ([#​38158](https://redirect.github.com/go-gitea/gitea/issues/38158)) - fix(api): nil pointer panic when filtering tracked times by a non-existent user ([#​38112](https://redirect.github.com/go-gitea/gitea/issues/38112)) ([#​38115](https://redirect.github.com/go-gitea/gitea/issues/38115)) - fix: keep literal "false" value displayed in workflow\_dispatch choice dropdowns ([#​38080](https://redirect.github.com/go-gitea/gitea/issues/38080)) ([#​38096](https://redirect.github.com/go-gitea/gitea/issues/38096)) - fix: parse HEAD ref ([#​38119](https://redirect.github.com/go-gitea/gitea/issues/38119)) - fix: git cmd ([#​38084](https://redirect.github.com/go-gitea/gitea/issues/38084)) ([#​38087](https://redirect.github.com/go-gitea/gitea/issues/38087)) - fix(releases): generate notes for initial tag ([#​37697](https://redirect.github.com/go-gitea/gitea/issues/37697)) ([#​37986](https://redirect.github.com/go-gitea/gitea/issues/37986)) - fix(actions): return 404 when job log blob is missing ([#​38003](https://redirect.github.com/go-gitea/gitea/issues/38003)) ([#​38004](https://redirect.github.com/go-gitea/gitea/issues/38004)) - fix(actions): exclude `workflow_call` from workflow trigger detection ([#​37894](https://redirect.github.com/go-gitea/gitea/issues/37894)) ([#​37899](https://redirect.github.com/go-gitea/gitea/issues/37899)) - fix(actions): keep action run title clickable when commit subject is a URL ([#​37867](https://redirect.github.com/go-gitea/gitea/issues/37867)) ([#​37898](https://redirect.github.com/go-gitea/gitea/issues/37898)) - fix(actions): reject workflow\_dispatch for workflows without that trigger ([#​37660](https://redirect.github.com/go-gitea/gitea/issues/37660)) ([#​37895](https://redirect.github.com/go-gitea/gitea/issues/37895)) - fix(actions): ack re-sent `UpdateLog` finalize idempotently ([#​37885](https://redirect.github.com/go-gitea/gitea/issues/37885)) ([#​37892](https://redirect.github.com/go-gitea/gitea/issues/37892)) - fix: http content file render ([#​37850](https://redirect.github.com/go-gitea/gitea/issues/37850)) ([#​37856](https://redirect.github.com/go-gitea/gitea/issues/37856)) - fix(issues): clear stale ReviewTypeRequest when submitting pending review ([#​37809](https://redirect.github.com/go-gitea/gitea/issues/37809)) ([#​37815](https://redirect.github.com/go-gitea/gitea/issues/37815)) - fix: Fix issue target branch selection for non-collaborators ([#​36916](https://redirect.github.com/go-gitea/gitea/issues/36916)) ([#​38164](https://redirect.github.com/go-gitea/gitea/issues/38164)) - BUILD - fix(deps): update `@playwright/test` to 1.60.0 ([#​38144](https://redirect.github.com/go-gitea/gitea/issues/38144)) - ci: add `tools/ci-tools.ts` for the PR labeler workflow ([#​37831](https://redirect.github.com/go-gitea/gitea/issues/37831)) - fix(build): swagger css import ([#​37801](https://redirect.github.com/go-gitea/gitea/issues/37801)) ([#​37803](https://redirect.github.com/go-gitea/gitea/issues/37803)) Instances on **[Gitea Cloud](https://cloud.gitea.com)** will be automatically upgraded to this version during the specified maintenance window. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9naXRlYSIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=--> |
||
|
|
cd72d44acb |
fix(slink): update image docker.io/anirdev/slink v1.12.0 → v1.12.1 (#49318)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/anirdev/slink](https://docs.slinkapp.io) ([source](https://redirect.github.com/andrii-kryvoviaz/slink)) | patch | `4de5027` → `2547ac8` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>andrii-kryvoviaz/slink (docker.io/anirdev/slink)</summary> ### [`v1.12.1`](https://redirect.github.com/andrii-kryvoviaz/slink/releases/tag/v1.12.1) [Compare Source](https://redirect.github.com/andrii-kryvoviaz/slink/compare/v1.12.0...v1.12.1) #### 📦 Patch Notes ##### 🛠️ Improvements & Fixes - **Upload Page:** General UI/UX improvements and fixes across the upload page. - **Volume Permissions:** Fixed a permissions issue affecting mounted volumes on some NAS systems. - **Maintenance:** Patched dependencies for security advisories across the API (jwt-framework, Guzzle, PSR-7, JMESPath) and client (Babel), and refreshed project dependencies. **Full Changelog**: <https://github.com/andrii-kryvoviaz/slink/compare/v1.12.0...v1.12.1> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9zbGluayIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=--> |