shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-07 23:18:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
12,434 Commits 1,148 Branches 344 Tags
1a774ab7ce99063a2e01beb94de3fcbccaf84dbe
Commit Graph

12434 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Fredriksson a226a75b32 docs: add early access dev container docs (#17613) 
This change documents the early access dev containers integration and
how to enable it, what features are available and what limitations exist
at the time of writing.

---------

Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
 2025-05-01 23:45:02 +01:00
Yevhenii Shcherbina ef11d4f769 fix: fix bug with deletion of prebuilt workspaces (#17652) 
Don't specify the template version for a delete transition, because the
prebuilt workspace may have been created using an older template
version.
If the template version isn't explicitly set, the builder will
automatically use the version from the last workspace build - which is
the desired behavior.
 2025-05-01 17:26:30 -04:00
Jaayden Halko d9ef6ed8ae chore: replace MoreMenu with DropdownMenu (#17615) 
Replace MoreMenu with DropDownMenu component to match update design
patterns.

Note: This was the result of experimentation using Cursor to make the
changes and Claude Code for fixing tests.

One key takeaway is that verbose e2e logging, especially benign
warnings/errors can confuse Claude Code in running playwright and
confirming its work.


<img width="201" alt="Screenshot 2025-05-01 at 00 00 52"
src="https://github.com/user-attachments/assets/4905582e-902e-4b61-adc8-14cab6bd006b"
/>
<img width="257" alt="Screenshot 2025-05-01 at 00 01 07"
src="https://github.com/user-attachments/assets/5befc420-724a-4c57-9a9d-330a39867fae"
/>
<img width="270" alt="Screenshot 2025-05-01 at 00 01 20"
src="https://github.com/user-attachments/assets/9cbf07cb-7d44-4228-ae6f-216e9f2faed0"
/>
<img width="224" alt="Screenshot 2025-05-01 at 00 01 30"
src="https://github.com/user-attachments/assets/9fe95916-3d9d-4600-9b1f-8a620e152a53"
/>
 2025-05-01 13:14:11 -04:00
brettkolodny b7e08ba7c9 fix: filter out deleted users when attempting to delete an organization (#17621) 
Closes
[coder/internal#601](https://github.com/coder/internal/issues/601)
 2025-05-01 13:26:01 -03:00
Phorcys cae4fa8b45 chore: correct typo in "Logs" page (#17633) 
I saw this typo when looking at the docs, quick fix.

https://coder.com/docs/admin/monitoring/logs
 2025-05-01 12:14:27 -04:00
Cian Johnston 4ac71e9fd9 fix(codersdk/toolsdk): ensure all tools include required fields of aisdk.Schema (#17632) 2025-05-01 12:19:35 +00:00
Spike Curtis ef00ae54f4 fix: fix data race in agentscripts.Runner (#17630) 
Fixes https://github.com/coder/internal/issues/604

Fixes a data race in `agentscripts.Runner` where a concurrent `Execute()` call races with `Init()`. We hit this race during shut down, which is not synchronized against starting up.

In this PR I've chosen to add synchronization to the `Runner` rather than try to synchronize the calls in the agent. When we close down the agent, it's OK to just throw an error if we were never initialized with a startup script---we don't want to wait for it since that requires an active connection to the control plane.
 2025-05-01 14:25:02 +04:00
Spike Curtis 35d686caef chore: add Spike & Cian as CODEOWNERS for provisionerd proto (#17629) 
Adds @spikecurtis  and @johnstcn as CODEOWNERS of the provisioner protocol files. These need to be versioned, so we need some human review over changes.
 2025-05-01 14:24:51 +04:00
Yevhenii Shcherbina 98e5611e16 fix: fix for prebuilds claiming and deletion (#17624) 
PR contains:
- fix for claiming & deleting prebuilds with immutable params
- unit test for claiming scenario
- unit test for deletion scenario

The parameter resolver was failing when deleting/claiming prebuilds
because a value for a previously-used parameter was provided to the
resolver, but since the value was unchanged (it's coming from the
preset) it failed in the resolver. The resolver was missing a check to
see if the old value != new value; if the values match then there's no
mutation of an immutable parameter.

---------

Signed-off-by: Danny Kopping <dannykopping@gmail.com>
 2025-05-01 08:52:23 +00:00
Ethan c7fc7b91ec fix: create directory before writing coder connect network info file (#17628) 
The regular network info file creation code also calls `Mkdirall`.

Wasn't picked up in manual testing as I already had the `/net` folder in
my VSCode.

Wasn't picked up in automated testing because we use an in-memory FS,
which for some reason does this implicitly.
 2025-05-01 16:53:13 +10:00
Jaayden Halko 4de7661c0b fix: remove unused import (#17626) 2025-04-30 18:09:00 -04:00
Jaayden Halko d104cd636d fix: display validation error for workspace name (#17564) 
- Display form validation error for workspace name
- Scroll to the workspace name field if there is a validation error
 2025-04-30 16:45:54 -04:00
dependabot[bot] 6bafe35774 chore: bump vite from 5.4.18 to 5.4.19 in /site (#17625) 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite)
from 5.4.18 to 5.4.19.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/releases">vite's
releases</a>.</em></p>
<blockquote>
<h2>v5.4.19</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v5.4.19/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/v5.4.19/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted -->5.4.19 (2025-04-30)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: backport <a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965">#19965</a>,
check static serve file inside sirv (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19966">#19966</a>)
(<a
href="https://github.com/vitejs/vite/commit/766947e7cbf1cdd07df9737394e8c870401b78b0">766947e</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/19965">#19965</a>
<a
href="https://redirect.github.com/vitejs/vite/issues/19966">#19966</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vitejs/vite/commit/80a333a23103ced0442d4463d1191433d90f5e19"><code>80a333a</code></a>
release: v5.4.19</li>
<li><a
href="https://github.com/vitejs/vite/commit/766947e7cbf1cdd07df9737394e8c870401b78b0"><code>766947e</code></a>
fix: backport <a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965">#19965</a>,
check static serve file inside sirv (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19966">#19966</a>)</li>
<li>See full diff in <a
href="https://github.com/vitejs/vite/commits/v5.4.19/packages/vite">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=vite&package-manager=npm_and_yarn&previous-version=5.4.18&new-version=5.4.19)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-30 19:17:56 +00:00
brettkolodny f108f9d71f chore: setup knip and remove unused exports, files, and dependencies (#17608) 
Closes [coder/interal#600](https://github.com/coder/internal/issues/600)
 2025-04-30 15:08:25 -04:00
Bruno Quaresma 205076e6e7 refactor: change how timings are formatted (#17623) 2025-04-30 13:58:12 -03:00
Edward Angert ef101ae2a0 docs: update ai feature stage to beta and ease the intro note's tone (#17620) 
[preview](https://coder.com/docs/@ai-feature-stage/ai-coder)
 2025-04-30 15:20:44 +00:00
Danny Kopping 6936a7b5a2 fix: fix prebuild omissions (#17579) 
Fixes accidental omission from https://github.com/coder/coder/pull/17527

---------

Signed-off-by: Danny Kopping <dannykopping@gmail.com>
 2025-04-30 14:26:30 +00:00
Bruno Quaresma ff54ae3f66 fix: update devcontainer data every 10s (#17619) 
Fix https://github.com/coder/internal/issues/594

**Notice:**
This is a temporary solution to get the devcontainers feature released.
Maybe a better solution, to avoid pulling the API every 10 seconds, is
to implement a websocket connection to get updates on containers.
 2025-04-30 11:17:41 -03:00
Mathias Fredriksson fe4c4122c9 fix(dogfood/coder): increase in-container docker daemon shutdown timeout (#17617) 
The default is 10 seconds and will not successfully clean up large
devcontainers inside the workspace.

Follow-up to #17528
 2025-04-30 17:01:22 +03:00
M Atif Ali 650a48c210 chore: update windsurf icon (#17607) 2025-04-30 14:00:10 +05:00
Cian Johnston d7e6eb7914 chore(cli): fix test flake when running in coder workspace (#17604) 
This test was failing inside a Coder workspace due to
`CODER_AGENT_TOKEN` being set.
 2025-04-30 09:18:58 +01:00
Ethan 7a1e56b707 test: avoid sharing echo.Responses across tests (#17610) 
I missed this in https://github.com/coder/coder/pull/17211 because I
only searched for `:= &echo.Responses` and not `= &echo.Responses` 🤦

Fixes flakes like
https://github.com/coder/coder/actions/runs/14746732612/job/41395403979
 2025-04-30 05:18:13 +00:00
Ethan 53ba3613b3 feat(cli): use coder connect in coder ssh --stdio, if available (#17572) 
Closes https://github.com/coder/vscode-coder/issues/447
Closes https://github.com/coder/jetbrains-coder/issues/543
Closes https://github.com/coder/coder-jetbrains-toolbox/issues/21

This PR adds Coder Connect support to `coder ssh --stdio`. 

When connecting to a workspace, if `--force-new-tunnel` is not passed, the CLI will first do a DNS lookup for `<agent>.<workspace>.<owner>.<hostname-suffix>`. If an IP address is returned, and it's within the Coder service prefix, the CLI will not create a new tailnet connection to the workspace, and instead dial the SSH server running on port 22 on the workspace directly over TCP.

This allows IDE extensions to use the Coder Connect tunnel, without requiring any modifications to the extensions themselves. 

Additionally, `using_coder_connect` is added to the `sshNetworkStats` file, which the VS Code extension (and maybe Jetbrains?) will be able to read, and indicate to the user that they are using Coder Connect.

One advantage of this approach is that running `coder ssh --stdio` on an offline workspace with Coder Connect enabled will have the CLI wait for the workspace to build, the agent to connect (and optionally, for the startup scripts to finish), before finally connecting using the Coder Connect tunnel.

As a result, `coder ssh --stdio` has the overhead of looking up the workspace and agent, and checking if they are running. On my device, this meant `coder ssh --stdio <workspace>` was approximately a second slower than just connecting to the workspace directly using `ssh <workspace>.coder` (I would assume anyone serious about their Coder Connect usage would know to just do the latter anyway).
 
To ensure this doesn't come at a significant performance cost, I've also benchmarked this PR.

<details>
<summary>Benchmark</summary>

## Methodology
All tests were completed on `dev.coder.com`, where a Linux workspace running in AWS `us-west1` was created.
The machine running Coder Desktop (the 'client') was a Windows VM running in the same AWS region and VPC as the workspace.

To test the performance of specifically the SSH connection, a port was forwarded between the client and workspace using:
```
ssh -p 22 -L7001:localhost:7001 <host>
```
where `host` was either an alias for an SSH ProxyCommand that called `coder ssh`, or a Coder Connect hostname.

For latency, [`tcping`](https://www.elifulkerson.com/projects/tcping.php) was used against the forwarded port:
```
tcping -n 100 localhost 7001
```

For throughput, [`iperf3`](https://iperf.fr/iperf-download.php) was used:
```
iperf3 -c localhost -p 7001
```
where an `iperf3` server was running on the workspace on port 7001.

## Test Cases

### Testcase 1: `coder ssh` `ProxyCommand` that bicopies from Coder Connect
This case tests the implementation in this PR, such that we can write a config like:
```
Host codercliconnect
    ProxyCommand /path/to/coder ssh --stdio workspace
```
With Coder Connect enabled, `ssh -p 22 -L7001:localhost:7001 codercliconnect` will use the Coder Connect tunnel. The results were as follows:

**Throughput, 10 tests, back to back:**
- Average throughput across all tests: 788.20 Mbits/sec
- Minimum average throughput: 731 Mbits/sec
- Maximum average throughput: 871 Mbits/sec
- Standard Deviation: 38.88 Mbits/sec

**Latency, 100 RTTs:**
- Average: 0.369ms
- Minimum: 0.290ms
- Maximum: 0.473ms

### Testcase 2: `ssh` dialing Coder Connect directly without a `ProxyCommand`

This is what we assume to be the 'best' way to use Coder Connect

**Throughput, 10 tests, back to back:**
- Average throughput across all tests: 789.50 Mbits/sec
- Minimum average throughput: 708 Mbits/sec
- Maximum average throughput: 839 Mbits/sec
- Standard Deviation: 39.98 Mbits/sec

**Latency, 100 RTTs:**
- Average: 0.369ms
- Minimum: 0.267ms
- Maximum: 0.440ms

### Testcase 3:  `coder ssh` `ProxyCommand` that creates its own Tailnet connection in-process

This is what normally happens when you run `coder ssh`:

**Throughput, 10 tests, back to back:**
- Average throughput across all tests: 610.20 Mbits/sec
- Minimum average throughput: 569 Mbits/sec
- Maximum average throughput: 664 Mbits/sec
- Standard Deviation: 27.29 Mbits/sec

**Latency, 100 RTTs:**
- Average: 0.335ms
- Minimum: 0.262ms
- Maximum: 0.452ms

## Analysis

Performing a two-tailed, unpaired t-test against the throughput of testcases 1 and 2, we find a P value of `0.9450`. This suggests the difference between the data sets is not statistically significant. In other words, there is a 94.5% chance that the difference between the data sets is due to chance.

## Conclusion

From the t-test, and by comparison to the status quo (regular `coder ssh`, which uses gvisor, and is noticeably slower), I think it's safe to say any impact on throughput or latency by the `ProxyCommand` performing a bicopy against Coder Connect is negligible. Users are very much unlikely to run into performance issues as a result of using Coder Connect via `coder ssh`, as implemented in this PR.

Less scientifically, I ran these same tests on my home network with my Sydney workspace, and both throughput and latency were consistent across testcases 1 and 2.

</details>
 2025-04-30 15:17:10 +10:00
ケイラ 70ea6788db chore: make the template docs view the default (#17606) 2025-04-29 16:12:39 -06:00
Stephen Kirby 67e1ab407c chore(docs): update release calendar for 2.21 patches (#17605) 2025-04-29 15:34:00 +00:00
Cian Johnston 2acf0adcf2 chore(codersdk/toolsdk): improve static analyzability of toolsdk.Tools (#17562) 
* Refactors toolsdk.Tools to remove opaque `map[string]any` argument in
favour of typed args structs.
* Refactors toolsdk.Tools to remove opaque passing of dependencies via
`context.Context` in favour of a tool dependencies struct.
* Adds panic recovery and clean context middleware to all tools.
* Adds `GenericTool` implementation to allow keeping `toolsdk.All` with
uniform type signature while maintaining type information in handlers.
* Adds stricter checks to `patchWorkspaceAgentAppStatus` handler.
 2025-04-29 16:05:23 +01:00
Mathias Fredriksson 1fc74f629e refactor(agent): update agentcontainers api initialization (#17600) 
There were too many ways to configure the agentcontainers API resulting
in inconsistent behavior or features not being enabled. This refactor
introduces a control flag for enabling or disabling the containers API.
When disabled, all implementations are no-op and explicit endpoint
behaviors are defined. When enabled, concrete implementations are used
by default but can be overridden by passing options.
 2025-04-29 17:53:10 +03:00
Cian Johnston 22b932a8e0 fix(cli): fix prompt issue in mcp configure claude-code (#17599) 
* Updates default Coder prompt.
* Skips the directions to report tasks if the pre-requisites are not
available (agent token and app slug).
* Adds the capability to override the default Coder prompt via
`CODER_MCP_CLAUDE_CODER_PROMPT`.
 2025-04-29 15:23:16 +01:00
Yevhenii Shcherbina 02b2de9ae4 refactor: skip reconciliation for some presets (#17595) 2025-04-29 07:55:37 -04:00
Mathias Fredriksson 268a50c193 feat(agent/agentcontainers): add file watcher and dirty status (#17573) 
Fixes coder/internal#479
Fixes coder/internal#480
 2025-04-29 11:53:58 +03:00
brettkolodny b6146dfe8a chore: remove circular dependencies (#17585) 
I've been bit in the past by hard to deduce bugs caused by circular
dependencies within TS projects. On a hunch that this could be
contributing to some flaky tests I've used the tool
[dpdm](https://github.com/acrazing/dpdm) to find and remove them.

This PR does the following:
- Move around exports/create new files to remove any non-type circular
depencies
- Add dpdm as a dev dependency and create the `check:circular-depency`
pnpm script
 2025-04-28 16:51:58 -04:00
ケイラ 12589026b6 chore: update error message for duplicate organization members (#17594) 
Closes https://github.com/coder/internal/issues/345
 2025-04-28 14:51:33 -06:00
Yevhenii Shcherbina a78f0fc4e1 refactor: use specific error for agpl and prebuilds (#17591) 
Follow-up PR to https://github.com/coder/coder/pull/17458
Addresses this discussion:
https://github.com/coder/coder/pull/17458#discussion_r2055940797
 2025-04-28 16:37:41 -04:00
Bruno Quaresma 1da27a1ebc fix: handle missed actions in workspace timings (#17593) 
Fix https://github.com/coder/coder/issues/16409

Since the provisioner timings action is not strongly typed, but it is
typed as a generic string, and we are not using
`noUncheckedIndexedAccess`, we can miss some of the actions returned
from the API, causing type errors. To avoid that, I changed the code to
be extra safe by adding `undefined` into the return type.
 2025-04-28 15:20:07 -03:00
Bruno Quaresma df47c300f3 fix: fix script timings spam in the workspace UI (#17590) 
Fix https://github.com/coder/coder/issues/17188

We forgot to filter the scripts by `run_on_start`, since we only
calculate timings in the start phase, which was causing the miss match
between the expected script timings count, and the loop in the refetch
logic.

While I think this fix is enough for now, I think the server should be
responsible to telling the client when to stop fetching. It could be a
simple attribute such as `done: false | true` or a websocket endpoint as
suggested by @dannykopping
[here](https://github.com/coder/coder/issues/17188#issuecomment-2788235333).
 2025-04-28 14:22:43 -03:00
Steven Masley 14105ff301 test: do not run memory race test in parallel (#17582) 
Closes
https://github.com/coder/internal/issues/597#issuecomment-2835262922

The parallelized tests share configs, which when accessed concurrently
throw race errors. The configs are read only, so it is fine to run these
tests with shared idp configs.
 2025-04-28 12:20:07 -05:00
Steven Masley b9177eff7f chore: update guts to latest, using mutations to prevent diffs (#17588) 
Guts changes: https://github.com/coder/guts/compare/v1.1.0...main
 2025-04-28 12:19:41 -05:00
Steven Masley 37c5e7c440 chore: return safe copy of string slice in 'ParseStringSliceClaim' (#17439) 
Claims parsed should be safe to mutate and filter. This was likely not
causing any bugs or issues, and just doing this out of precaution
 2025-04-28 12:18:02 -05:00
Yevhenii Shcherbina 9167cbfe4c refactor: claim prebuilt workspace tests (#17567) 
Follow-up to: https://github.com/coder/coder/pull/17458
Specifically it addresses these discussions:
- https://github.com/coder/coder/pull/17458#discussion_r2053531445
 2025-04-28 12:49:23 -04:00
Bruno Quaresma 3ab3ef865c feat: add link to provisioner jobs and daemons (#17509) 
Close https://github.com/coder/coder/issues/17314

**Demo**


https://github.com/user-attachments/assets/db37aa67-4755-4b72-a54d-2c3f0c297b7d

**Changes**
- Added the `xs` button variant
- Display all the daemons - idle and offline - and set a size limit to
100 results (explanation in the demo)
- Filter daemons and jobs by ID
 2025-04-28 11:38:32 -03:00
Bruno Quaresma 5ca90aeb59 fix: handle null value for experiments (#17584) 
Fix https://github.com/coder/coder/issues/17583

**Relevant info**
- `option.value` can be `null`
- It is always better to use `unknown` instead of `any`, and use type
assertion functions as `Array.isArray()` before using/accessing object
properties and functions
 2025-04-28 11:12:49 -03:00
dependabot[bot] 0a26eeec0c ci: bump the github-actions group with 7 updates (#17581) 
Bumps the github-actions group with 7 updates:

| Package | From | To |
| --- | --- | --- |
|
[step-security/harden-runner](https://github.com/step-security/harden-runner)
| `2.11.1` | `2.12.0` |
|
[google-github-actions/auth](https://github.com/google-github-actions/auth)
| `2.1.8` | `2.1.10` |
|
[actions/download-artifact](https://github.com/actions/download-artifact)
| `4.2.1` | `4.3.0` |
| [actions/attest](https://github.com/actions/attest) | `2.2.1` |
`2.3.0` |
|
[tj-actions/changed-files](https://github.com/tj-actions/changed-files)
| `9934ab3fdf63239da75d9e0fbd339c48620c72c4` |
`5426ecc3f5c2b10effaefbd374f0abdc6a571b2f` |
|
[nix-community/cache-nix-action](https://github.com/nix-community/cache-nix-action)
| `6.1.2` | `6.1.3` |
| [github/codeql-action](https://github.com/github/codeql-action) |
`3.28.15` | `3.28.16` |

Updates `step-security/harden-runner` from 2.11.1 to 2.12.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.12.0</h2>
<h2>What's Changed</h2>
<ol>
<li>
<p>A new option, <code>disable-sudo-and-containers</code>, is now
available to replace the <code>disable-sudo policy</code>, addressing
Docker-based privilege escalation (<a
href="https://github.com/step-security/harden-runner/security/advisories/GHSA-mxr3-8whj-j74r">CVE-2025-32955</a>).
More details can be found in this <a
href="https://www.stepsecurity.io/blog/evolving-harden-runners-disable-sudo-policy-for-improved-runner-security">blog
post</a>.</p>
</li>
<li>
<p>New detections have been added based on insights from the tj-actions
and reviewdog actions incidents.</p>
</li>
</ol>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2...v2.12.0">https://github.com/step-security/harden-runner/compare/v2...v2.12.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/step-security/harden-runner/commit/0634a2670c59f64b4a01f0f96f84700a4088b9f0"><code>0634a26</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/541">#541</a>
from step-security/rc-20</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/2e3c5113419044c10e6826351ff7cf7d56cbebe4"><code>2e3c511</code></a>
Update action.yml</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/40873e6a41e9ae4f46268f8ee038b3561bb88504"><code>40873e6</code></a>
Update README.md</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/484c2799ec63f20b4acc41bcf649dd4003718616"><code>484c279</code></a>
Update README.md</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/4c8582f45544ce2dafb2cfae82cfbebf0f41bde2"><code>4c8582f</code></a>
Update agent versions</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/e8d595cd66544d43aca8ac7e42a212a5a83b41f8"><code>e8d595c</code></a>
fix disable_sudo_and_containers bug</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/5d277fc8734baba8746d0c18cb0a2594d4692c66"><code>5d277fc</code></a>
fix journalctl related bug</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/ff2ab228bdb9f0c9129169d47dbb2bdf4b8f9b0e"><code>ff2ab22</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/536">#536</a>
from rohan-stepsecurity/feat/flag/disable-sudo-and-co...</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/b81d650d0e627a80d0d73d192b33d729507e0ef5"><code>b81d650</code></a>
fix: run sudo command only when both disable-sudo and
disable-sudo-and-docker...</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/769df4ef5d6336b33b11e5b0d43934309cf439f6"><code>769df4e</code></a>
Update agent</li>
<li>Additional commits viewable in <a
href="https://github.com/step-security/harden-runner/compare/c6295a65d1254861815972266d5933fd6e532bdf...0634a2670c59f64b4a01f0f96f84700a4088b9f0">compare
view</a></li>
</ul>
</details>
<br />

Updates `google-github-actions/auth` from 2.1.8 to 2.1.10
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google-github-actions/auth/releases">google-github-actions/auth's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.10</h2>
<h2>What's Changed</h2>
<ul>
<li>Declare workflow permissions by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/auth/pull/482">google-github-actions/auth#482</a></li>
<li>Document that the OIDC token expires in 5min by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/auth/pull/483">google-github-actions/auth#483</a></li>
<li>Release: v2.1.10 by <a
href="https://github.com/google-github-actions-bot"><code>@​google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/auth/pull/484">google-github-actions/auth#484</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/auth/compare/v2.1.9...v2.1.10">https://github.com/google-github-actions/auth/compare/v2.1.9...v2.1.10</a></p>
<h2>v2.1.9</h2>
<h2>What's Changed</h2>
<ul>
<li>Use our custom boolean parsing by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/auth/pull/478">google-github-actions/auth#478</a></li>
<li>Update deps by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/auth/pull/479">google-github-actions/auth#479</a></li>
<li>Release: v2.1.9 by <a
href="https://github.com/google-github-actions-bot"><code>@​google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/auth/pull/480">google-github-actions/auth#480</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/auth/compare/v2.1.8...v2.1.9">https://github.com/google-github-actions/auth/compare/v2.1.8...v2.1.9</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google-github-actions/auth/commit/ba79af03959ebeac9769e648f473a284504d9193"><code>ba79af0</code></a>
Release: v2.1.10 (<a
href="https://redirect.github.com/google-github-actions/auth/issues/484">#484</a>)</li>
<li><a
href="https://github.com/google-github-actions/auth/commit/bfaa66bd663615688155de119a676d67396f6bb7"><code>bfaa66b</code></a>
Document that the OIDC token expires in 5min (<a
href="https://redirect.github.com/google-github-actions/auth/issues/483">#483</a>)</li>
<li><a
href="https://github.com/google-github-actions/auth/commit/d0822ad9bf77d35dee590e455d9ef5b96ccb243c"><code>d0822ad</code></a>
Declare workflow permissions (<a
href="https://redirect.github.com/google-github-actions/auth/issues/482">#482</a>)</li>
<li><a
href="https://github.com/google-github-actions/auth/commit/7b53cdc2a387814ed14eec026287aac689ae8c9b"><code>7b53cdc</code></a>
Release: v2.1.9 (<a
href="https://redirect.github.com/google-github-actions/auth/issues/480">#480</a>)</li>
<li><a
href="https://github.com/google-github-actions/auth/commit/a9cfddf5d2f27aa426027a399f75d209953ade8e"><code>a9cfddf</code></a>
Update deps (<a
href="https://redirect.github.com/google-github-actions/auth/issues/479">#479</a>)</li>
<li><a
href="https://github.com/google-github-actions/auth/commit/b011f3988e66cb193db0f34974b1d7cde74e4f95"><code>b011f39</code></a>
Use our custom boolean parsing (<a
href="https://redirect.github.com/google-github-actions/auth/issues/478">#478</a>)</li>
<li>See full diff in <a
href="https://github.com/google-github-actions/auth/compare/71f986410dfbc7added4569d411d040a91dc6935...ba79af03959ebeac9769e648f473a284504d9193">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/download-artifact` from 4.2.1 to 4.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/download-artifact/releases">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: implement new <code>artifact-ids</code> input by <a
href="https://github.com/GrantBirki"><code>@​GrantBirki</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/401">actions/download-artifact#401</a></li>
<li>Fix workflow example for downloading by artifact ID by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/402">actions/download-artifact#402</a></li>
<li>Prep for v4.3.0 release by <a
href="https://github.com/robherley"><code>@​robherley</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/404">actions/download-artifact#404</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/GrantBirki"><code>@​GrantBirki</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/401">actions/download-artifact#401</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v4.2.1...v4.3.0">https://github.com/actions/download-artifact/compare/v4.2.1...v4.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/download-artifact/commit/d3f86a106a0bac45b974a628896c90dbdf5c8093"><code>d3f86a1</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/404">#404</a>
from actions/robherley/v4.3.0</li>
<li><a
href="https://github.com/actions/download-artifact/commit/fc02353415da80201a0da48ab47022efd7725d11"><code>fc02353</code></a>
prep for v4.3.0 release</li>
<li><a
href="https://github.com/actions/download-artifact/commit/77454371a433f370a16d329ef7db197f700a7a8f"><code>7745437</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/402">#402</a>
from actions/joshmgross/download-by-id-example</li>
<li><a
href="https://github.com/actions/download-artifact/commit/84fc7a0a358aabc7f97f7f590cbfc25f57e26c6a"><code>84fc7a0</code></a>
Remove path filters from Check dist workflow</li>
<li><a
href="https://github.com/actions/download-artifact/commit/67f2bc382f6ba5ba75812a05909e8c25a366b5fb"><code>67f2bc3</code></a>
Fix workflow example for downloading by artifact ID</li>
<li><a
href="https://github.com/actions/download-artifact/commit/8ea3c2c174f79a56792e9fdd9baad75d27c5d369"><code>8ea3c2c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/401">#401</a>
from actions/download-by-id</li>
<li><a
href="https://github.com/actions/download-artifact/commit/d219c630f65d8bd14366a9e2f731cbf854f62258"><code>d219c63</code></a>
add supporting unit tests for artifact downloads with ids</li>
<li><a
href="https://github.com/actions/download-artifact/commit/54124fbd881f8ce794405a06896c93c49c17463e"><code>54124fb</code></a>
revert <code>getArtifact()</code> changes - for now we have to list and
filter by artifa...</li>
<li><a
href="https://github.com/actions/download-artifact/commit/b83057b90d3e218abf5c7b1906579eb6c598ae85"><code>b83057b</code></a>
bundle</li>
<li><a
href="https://github.com/actions/download-artifact/commit/171183c7dce98c3cf8a1fc842429d0a38ed21d33"><code>171183c</code></a>
use the same <code>artifactClient.getArtifact</code> structure as seen
above in `isSingl...</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/download-artifact/compare/95815c38cf2ff2164869cbab79da8d1f422bc89e...d3f86a106a0bac45b974a628896c90dbdf5c8093">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/attest` from 2.2.1 to 2.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/attest/releases">actions/attest's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump <code>@​octokit/request</code> from 8.2.0 to 8.4.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/attest/pull/229">actions/attest#229</a></li>
<li>Bump <code>@​sigstore/oci</code> from 0.4.0 to 0.5.0 by <a
href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a
href="https://redirect.github.com/actions/attest/pull/235">actions/attest#235</a>
<ul>
<li>Adds support for reading the <code>HttpHeaders</code> value from the
Docker config file</li>
</ul>
</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/attest/compare/v2...v2.3.0">https://github.com/actions/attest/compare/v2...v2.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/attest/commit/afd638254319277bb3d7f0a234478733e2e46a73"><code>afd6382</code></a>
Bump <code>@​sigstore/oci</code> from 0.4.0 to 0.5.0 (<a
href="https://redirect.github.com/actions/attest/issues/235">#235</a>)</li>
<li><a
href="https://github.com/actions/attest/commit/d73111199c05526c91684e5e845606249f88accc"><code>d731111</code></a>
Bump the npm-development group across 1 directory with 6 updates (<a
href="https://redirect.github.com/actions/attest/issues/234">#234</a>)</li>
<li><a
href="https://github.com/actions/attest/commit/13aa4f6a9ce09dcf318f1ac18a48388699d96a62"><code>13aa4f6</code></a>
Bump <code>@​octokit/request</code> from 8.2.0 to 8.4.1 (<a
href="https://redirect.github.com/actions/attest/issues/229">#229</a>)</li>
<li><a
href="https://github.com/actions/attest/commit/129b656e44fad75bb154cc2953cf07ba1da8a419"><code>129b656</code></a>
Bump the npm-development group with 3 updates (<a
href="https://redirect.github.com/actions/attest/issues/227">#227</a>)</li>
<li><a
href="https://github.com/actions/attest/commit/f3c169c8df83481993e3075060fc687e87747125"><code>f3c169c</code></a>
Bump the npm-development group with 5 updates (<a
href="https://redirect.github.com/actions/attest/issues/225">#225</a>)</li>
<li><a
href="https://github.com/actions/attest/commit/48e991bfda5b806f66f0a2ad8ae4e17f14cdfd33"><code>48e991b</code></a>
Bump the npm-development group across 1 directory with 6 updates (<a
href="https://redirect.github.com/actions/attest/issues/223">#223</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/attest/compare/a63cfcc7d1aab266ee064c58250cfc2c7d07bc31...afd638254319277bb3d7f0a234478733e2e46a73">compare
view</a></li>
</ul>
</details>
<br />

Updates `tj-actions/changed-files` from
9934ab3fdf63239da75d9e0fbd339c48620c72c4 to
5426ecc3f5c2b10effaefbd374f0abdc6a571b2f
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tj-actions/changed-files/blob/main/HISTORY.md">tj-actions/changed-files's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h1><a
href="https://github.com/tj-actions/changed-files/compare/v46.0.4...v46.0.5">46.0.5</a>
- (2025-04-09)</h1>
<h2><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h2>
<ul>
<li><strong>deps:</strong> Bump yaml from 2.7.0 to 2.7.1 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2520">#2520</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/ed68ef82c095e0d48ec87eccea555d944a631a4c">ed68ef8</a>)
- (dependabot[bot])</li>
<li><strong>deps-dev:</strong> Bump typescript from 5.8.2 to 5.8.3 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2516">#2516</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/a7bc14b808f23d3b467a4079c69a81f1a4500fd5">a7bc14b</a>)
- (dependabot[bot])</li>
<li><strong>deps-dev:</strong> Bump <code>@​types/node</code> from
22.13.11 to 22.14.0 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2517">#2517</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/3d751f6b6d84071a17e1b9cf4ed79a80a27dd0ab">3d751f6</a>)
- (dependabot[bot])</li>
<li><strong>deps-dev:</strong> Bump eslint-plugin-prettier from 5.2.3 to
5.2.6 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2519">#2519</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/e2fda4ec3cb0bc2a353843cae823430b3124db8f">e2fda4e</a>)
- (dependabot[bot])</li>
<li><strong>deps-dev:</strong> Bump ts-jest from 29.2.6 to 29.3.1 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2518">#2518</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/0bed1b1132ec4879a39a2d624cf82a00d0bcfa48">0bed1b1</a>)
- (dependabot[bot])</li>
<li><strong>deps:</strong> Bump github/codeql-action from 3.28.12 to
3.28.15 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2530">#2530</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/68024587dc36f49685c96d59d3f1081830f968bb">6802458</a>)
- (dependabot[bot])</li>
<li><strong>deps:</strong> Bump tj-actions/branch-names from 8.0.1 to
8.1.0 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2521">#2521</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/cf2e39e86bf842d1f9bc5bca56c0a6b207cca792">cf2e39e</a>)
- (dependabot[bot])</li>
<li><strong>deps:</strong> Bump tj-actions/verify-changed-files from
20.0.1 to 20.0.4 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2523">#2523</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/6abeaa506a419f85fa9e681260b443adbeebb3d4">6abeaa5</a>)
- (dependabot[bot])</li>
</ul>
<h2><!-- raw HTML omitted -->⬆️ Upgrades</h2>
<ul>
<li>Upgraded to v46.0.4 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2511">#2511</a>)</li>
</ul>
<p>Co-authored-by: github-actions[bot] <!-- raw HTML omitted --> (<a
href="https://github.com/tj-actions/changed-files/commit/6f67ee9ac810f0192ea7b3d2086406f97847bcf9">6f67ee9</a>)
- (github-actions[bot])</p>
<h1><a
href="https://github.com/tj-actions/changed-files/compare/v46.0.3...v46.0.4">46.0.4</a>
- (2025-04-03)</h1>
<h2><!-- raw HTML omitted -->🐛 Bug Fixes</h2>
<ul>
<li>Bug modified_keys and changed_key outputs not set when no changes
detected (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2509">#2509</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/6cb76d07bee4c9772c6882c06c37837bf82a04d3">6cb76d0</a>)
- (Tonye Jack)</li>
</ul>
<h2><!-- raw HTML omitted -->📚 Documentation</h2>
<ul>
<li>Update readme (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2508">#2508</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/b74df86ccb65173a8e33ba5492ac1a2ca6b216fd">b74df86</a>)
- (Tonye Jack)</li>
</ul>
<h2><!-- raw HTML omitted -->⬆️ Upgrades</h2>
<ul>
<li>Upgraded to v46.0.3 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2506">#2506</a>)</li>
</ul>
<p>Co-authored-by: github-actions[bot] <!-- raw HTML omitted -->
Co-authored-by: Tonye Jack <a
href="mailto:jtonye@ymail.com">jtonye@ymail.com</a> (<a
href="https://github.com/tj-actions/changed-files/commit/27ae6b33eaed7bf87272fdeb9f1c54f9facc9d99">27ae6b3</a>)
- (github-actions[bot])</p>
<h1><a
href="https://github.com/tj-actions/changed-files/compare/v46.0.2...v46.0.3">46.0.3</a>
- (2025-03-23)</h1>
<h2><!-- raw HTML omitted -->🔄 Update</h2>
<ul>
<li>Updated README.md (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2501">#2501</a>)</li>
</ul>
<p>Co-authored-by: github-actions[bot] <!-- raw HTML omitted --> (<a
href="https://github.com/tj-actions/changed-files/commit/41e0de576a0f2b64d9f06f2773f539109e55a70a">41e0de5</a>)
- (github-actions[bot])</p>
<ul>
<li>Updated README.md (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2499">#2499</a>)</li>
</ul>
<p>Co-authored-by: github-actions[bot] <!-- raw HTML omitted --> (<a
href="https://github.com/tj-actions/changed-files/commit/945787811a795cd840a1157ac590dd7827a05c8e">9457878</a>)
- (github-actions[bot])</p>
<h2><!-- raw HTML omitted -->📚 Documentation</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/tj-actions/changed-files/commit/5426ecc3f5c2b10effaefbd374f0abdc6a571b2f"><code>5426ecc</code></a>
chore(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2545">#2545</a>)</li>
<li><a
href="https://github.com/tj-actions/changed-files/commit/513a44e6095ccea82c33927169db11eb75f72791"><code>513a44e</code></a>
chore(deps-dev): bump <code>@​types/node</code> from 22.14.1 to 22.15.0
(<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2544">#2544</a>)</li>
<li><a
href="https://github.com/tj-actions/changed-files/commit/46e217dc3e3b2601594036314ca9212588075592"><code>46e217d</code></a>
chore(deps): bump github/codeql-action from 3.28.15 to 3.28.16 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2542">#2542</a>)</li>
<li><a
href="https://github.com/tj-actions/changed-files/commit/c34c1c13a740b06851baff92ab9a653d93ad6ce7"><code>c34c1c1</code></a>
chore(deps): bump actions/setup-node from 4.3.0 to 4.4.0 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2539">#2539</a>)</li>
<li><a
href="https://github.com/tj-actions/changed-files/commit/52c3beb9971d42006b24e86bf3ea3fff18dde67f"><code>52c3beb</code></a>
chore(deps-dev): bump ts-jest from 29.3.1 to 29.3.2 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2536">#2536</a>)</li>
<li><a
href="https://github.com/tj-actions/changed-files/commit/ea3010bc88ae93076e154efd9eb64d1f5e6993f9"><code>ea3010b</code></a>
chore(deps-dev): bump <code>@​types/node</code> from 22.14.0 to 22.14.1
(<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2537">#2537</a>)</li>
<li><a
href="https://github.com/tj-actions/changed-files/commit/be393a90381e27c9fec2c8c2e02b00f005710145"><code>be393a9</code></a>
remove: commit and push step from build job (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2538">#2538</a>)</li>
<li><a
href="https://github.com/tj-actions/changed-files/commit/9b4bb2bedb217d3ede225b6b07ebde713177cd8f"><code>9b4bb2b</code></a>
chore(deps): bump tj-actions/branch-names from 8.1.0 to 8.2.1 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2535">#2535</a>)</li>
<li>See full diff in <a
href="https://github.com/tj-actions/changed-files/compare/9934ab3fdf63239da75d9e0fbd339c48620c72c4...5426ecc3f5c2b10effaefbd374f0abdc6a571b2f">compare
view</a></li>
</ul>
</details>
<br />

Updates `nix-community/cache-nix-action` from 6.1.2 to 6.1.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nix-community/cache-nix-action/releases">nix-community/cache-nix-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.1.3</h2>
<h2>Fixes</h2>
<ul>
<li>Use <code>bigint</code> instead of <code>number</code> for the store
size (<a
href="https://redirect.github.com/nix-community/cache-nix-action/issues/117">#117</a>)</li>
<li>Fix saving a cache (<a
href="https://redirect.github.com/nix-community/cache-nix-action/issues/122">#122</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/nix-community/cache-nix-action/commit/135667ec418502fa5a3598af6fb9eb733888ce6a"><code>135667e</code></a>
Merge pull request <a
href="https://redirect.github.com/nix-community/cache-nix-action/issues/122">#122</a>
from nix-community/118-bug-cant-save-a-cache</li>
<li><a
href="https://github.com/nix-community/cache-nix-action/commit/e29de90a039b410e88cd97a0029c3cbdad611ad5"><code>e29de90</code></a>
chore: build the action</li>
<li><a
href="https://github.com/nix-community/cache-nix-action/commit/6bd39b8caa31871d2bc38356ab8b94621ca1e116"><code>6bd39b8</code></a>
fix(action): use TarCommandModifiers</li>
<li><a
href="https://github.com/nix-community/cache-nix-action/commit/1b6f6754d3c59414aad4ab660cd611b1e35c0232"><code>1b6f675</code></a>
chore(deps): update buildjet/toolkit</li>
<li><a
href="https://github.com/nix-community/cache-nix-action/commit/2b45b8cabe18b0f3db2eb2cf4e195238eee4a325"><code>2b45b8c</code></a>
chore(deps): update actions/toolkit</li>
<li><a
href="https://github.com/nix-community/cache-nix-action/commit/f68581e27a06c8c9115dec37e42325d562d9664b"><code>f68581e</code></a>
chore: build the action</li>
<li><a
href="https://github.com/nix-community/cache-nix-action/commit/b6406dc6e7f9c6ad6b399ed561f29f7e406544d5"><code>b6406dc</code></a>
Merge pull request <a
href="https://redirect.github.com/nix-community/cache-nix-action/issues/117">#117</a>
from nix-community/116-bug-inputsgcmaxstoresizevalue-...</li>
<li><a
href="https://github.com/nix-community/cache-nix-action/commit/a91821953137cbb5f2a2d45fa174d69fea427ef4"><code>a918219</code></a>
chore: build the action</li>
<li><a
href="https://github.com/nix-community/cache-nix-action/commit/c6081efc5157c972934491630ade96e53259023c"><code>c6081ef</code></a>
feat(ci): add example of large gc-max-store-size</li>
<li><a
href="https://github.com/nix-community/cache-nix-action/commit/cf6af9e3e9fb402a3b92286b7c8b48afa94de5a6"><code>cf6af9e</code></a>
fix(action): use bigint for the store size</li>
<li>Additional commits viewable in <a
href="https://github.com/nix-community/cache-nix-action/compare/c448f065ba14308da81de769632ca67a3ce67cf5...135667ec418502fa5a3598af6fb9eb733888ce6a">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 3.28.15 to 3.28.16
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.16</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.16 - 23 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2863">#2863</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.16/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.16 - 23 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2863">#2863</a></li>
</ul>
<h2>3.28.15 - 07 Apr 2025</h2>
<ul>
<li>Fix bug where the action would fail if it tried to produce a debug
artifact with more than 65535 files. <a
href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li>
</ul>
<h2>3.28.14 - 07 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2838">#2838</a></li>
</ul>
<h2>3.28.13 - 24 Mar 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.12 - 19 Mar 2025</h2>
<ul>
<li>Dependency caching should now cache more dependencies for Java
<code>build-mode: none</code> extractions. This should speed up
workflows and avoid inconsistent alerts in some cases.</li>
<li>Update default CodeQL bundle version to 2.20.7. <a
href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li>
</ul>
<h2>3.28.11 - 07 Mar 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li>
</ul>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<h2>3.28.9 - 07 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li>
</ul>
<h2>3.28.8 - 29 Jan 2025</h2>
<ul>
<li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li>
</ul>
<h2>3.28.7 - 29 Jan 2025</h2>
<p>No user facing changes.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/28deaeda66b76a05916b6923827895f2b14ab387"><code>28deaed</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2865">#2865</a>
from github/update-v3.28.16-2a8cbadc0</li>
<li><a
href="https://github.com/github/codeql-action/commit/03c5d71c11f6cb2c5ba7eef371219a862be30193"><code>03c5d71</code></a>
Update changelog for v3.28.16</li>
<li><a
href="https://github.com/github/codeql-action/commit/2a8cbadc02bb64a7fd15d37c977acbad02496c80"><code>2a8cbad</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2863">#2863</a>
from github/update-bundle/codeql-bundle-v2.21.1</li>
<li><a
href="https://github.com/github/codeql-action/commit/f76eaf51a636a5c1d927998267d92d6475363ace"><code>f76eaf5</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/e63b3f5166c15fda4eb17886f01abe9445dd13f5"><code>e63b3f5</code></a>
Update default bundle to codeql-bundle-v2.21.1</li>
<li><a
href="https://github.com/github/codeql-action/commit/4c3e5362829f0b0bb62ff5f6c938d7f95574c306"><code>4c3e536</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2853">#2853</a>
from github/dependabot/npm_and_yarn/npm-7d84c66b66</li>
<li><a
href="https://github.com/github/codeql-action/commit/56dd02f26d99811d607284494ff84b7d862fe837"><code>56dd02f</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2852">#2852</a>
from github/dependabot/github_actions/actions-457587...</li>
<li><a
href="https://github.com/github/codeql-action/commit/192406dd845fb2228fcea74898b98df2a6cdcef6"><code>192406d</code></a>
Merge branch 'main' into
dependabot/github_actions/actions-4575878e06</li>
<li><a
href="https://github.com/github/codeql-action/commit/c7dbb2084ed1bb623fbbb3976cd6dbae6daaf1fe"><code>c7dbb20</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2857">#2857</a>
from github/nickfyson/address-vulns</li>
<li><a
href="https://github.com/github/codeql-action/commit/9a45cd8c5025281c30bbb652197ace083c291e49"><code>9a45cd8</code></a>
move use of input variables into env vars</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/45775bd8235c68ba998cffa5171334d58593da47...28deaeda66b76a05916b6923827895f2b14ab387">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-28 13:22:26 +00:00
dependabot[bot] b299ebebf7 chore: bump github.com/valyala/fasthttp from 1.60.0 to 1.61.0 (#17575) 
Bumps [github.com/valyala/fasthttp](https://github.com/valyala/fasthttp)
from 1.60.0 to 1.61.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/valyala/fasthttp/releases">github.com/valyala/fasthttp's
releases</a>.</em></p>
<blockquote>
<h2>v1.61.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps): bump golang.org/x/sys from 0.31.0 to 0.32.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/valyala/fasthttp/pull/1989">valyala/fasthttp#1989</a></li>
<li>chore(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/valyala/fasthttp/pull/1988">valyala/fasthttp#1988</a></li>
<li>chore(deps): bump securego/gosec from 2.22.2 to 2.22.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/valyala/fasthttp/pull/1990">valyala/fasthttp#1990</a></li>
<li>chore(deps): bump golang.org/x/net from 0.38.0 to 0.39.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/valyala/fasthttp/pull/1991">valyala/fasthttp#1991</a></li>
<li>Fix round robin addresses in dual stack dialing by <a
href="https://github.com/raviqqe"><code>@​raviqqe</code></a> in <a
href="https://redirect.github.com/valyala/fasthttp/pull/1995">valyala/fasthttp#1995</a></li>
<li>Fix panic when perIPConn.Close is called multiple times by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/1993">valyala/fasthttp#1993</a></li>
<li>early hint functionality by <a
href="https://github.com/pjebs"><code>@​pjebs</code></a> in <a
href="https://redirect.github.com/valyala/fasthttp/pull/1996">valyala/fasthttp#1996</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/raviqqe"><code>@​raviqqe</code></a> made
their first contribution in <a
href="https://redirect.github.com/valyala/fasthttp/pull/1995">valyala/fasthttp#1995</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/valyala/fasthttp/compare/v1.60.0...v1.61.0">https://github.com/valyala/fasthttp/compare/v1.60.0...v1.61.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/valyala/fasthttp/commit/a05560dd7e07834473c374ba3d1bfc9dfa508d64"><code>a05560d</code></a>
implement early hints (<a
href="https://redirect.github.com/valyala/fasthttp/issues/1996">#1996</a>)</li>
<li><a
href="https://github.com/valyala/fasthttp/commit/48f3a2f423f103cd67e504a51f3ec3a1381a5620"><code>48f3a2f</code></a>
Fix panic when perIPConn.Close is called multiple times (<a
href="https://redirect.github.com/valyala/fasthttp/issues/1993">#1993</a>)</li>
<li><a
href="https://github.com/valyala/fasthttp/commit/e380d34bce703d5d43b8effcef66b7305af12a35"><code>e380d34</code></a>
Fix round robin addresses in dual stack dialing (<a
href="https://redirect.github.com/valyala/fasthttp/issues/1995">#1995</a>)</li>
<li><a
href="https://github.com/valyala/fasthttp/commit/4c71125994a1a67c8c6cb979142ae4269c5d89f1"><code>4c71125</code></a>
chore(deps): bump golang.org/x/net from 0.38.0 to 0.39.0 (<a
href="https://redirect.github.com/valyala/fasthttp/issues/1991">#1991</a>)</li>
<li><a
href="https://github.com/valyala/fasthttp/commit/76acf1443d615f73837ed7ef2de7924316746809"><code>76acf14</code></a>
chore(deps): bump securego/gosec from 2.22.2 to 2.22.3 (<a
href="https://redirect.github.com/valyala/fasthttp/issues/1990">#1990</a>)</li>
<li><a
href="https://github.com/valyala/fasthttp/commit/236b2f3148d527c23524f44d9b521d7640dd06a6"><code>236b2f3</code></a>
chore(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0 (<a
href="https://redirect.github.com/valyala/fasthttp/issues/1988">#1988</a>)</li>
<li><a
href="https://github.com/valyala/fasthttp/commit/2629d9d8697d11b2085c73f5005a234448336e84"><code>2629d9d</code></a>
chore(deps): bump golang.org/x/sys from 0.31.0 to 0.32.0 (<a
href="https://redirect.github.com/valyala/fasthttp/issues/1989">#1989</a>)</li>
<li>See full diff in <a
href="https://github.com/valyala/fasthttp/compare/v1.60.0...v1.61.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/valyala/fasthttp&package-manager=go_modules&previous-version=1.60.0&new-version=1.61.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-28 13:12:46 +00:00
dependabot[bot] 38e7793c91 chore: bump github.com/gohugoio/hugo from 0.146.3 to 0.147.0 (#17577) 
Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from
0.146.3 to 0.147.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gohugoio/hugo/releases">github.com/gohugoio/hugo's
releases</a>.</em></p>
<blockquote>
<h2>v0.147.0</h2>
<p>This release comes with a new <code>aligny</code> option (shoutout to
<a href="https://github.com/pranshugaba"><code>@​pranshugaba</code></a>
for the implementation) for <a
href="https://gohugo.io/functions/images/text/">images.Text</a> that, in
combination with <code>alignx</code> makes it simple to e.g. center the
text on top of image in both axis. But the main reason this release
comes now and not later, is the improvements/fixes to the order Hugo
applies the default configuration to some keys. This is inherited from
how we did this before we rewrote the configuration handling, and it
made the merging of configuration from modules/themes into the config
root harder and less flexible than it had to be. Me, <a
href="https://github.com/bep"><code>@​bep</code></a>, looking into this,
was triggered by <a
href="https://discourse.gohugo.io/t/how-to-manage-common-config-in-hugo-using-modules/54485/4">this</a>
forum topic. Having many sites share a common configuration is very
useful. With this release, you can simply get what the thread starter
asks for by doing something à la:</p>
<pre lang="toml"><code>baseURL = &quot;http://example.org&quot;
title = &quot;My Hugo Site&quot;
<h1>... import any themes/modules.</h1>
<h1>This will merge in all config imported from imported modules.</h1>
<p>_merge = &quot;deep&quot;
</code></pre></p>
<p>See the <a
href="https://gohugo.io/configuration/introduction/#merge-configuration-settings">documentation</a>
for details.</p>
<h2>Bug fixes</h2>
<ul>
<li>tpl: Fix it so we always prefer internal codeblock rendering over
render-codeblock-foo.html and similar 07983e04e <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/13651">#13651</a></li>
<li>tpl/tplimpl: Fix allowFullScreen option in Vimeo and YouTube
shortcodes 5c491409d <a
href="https://github.com/jmooring"><code>@​jmooring</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/13650">#13650</a></li>
<li>config: Fix _merge issue when key doesn't exist on the left side
179aea11a <a href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/13643">#13643</a>
<a
href="https://redirect.github.com/gohugoio/hugo/issues/13646">#13646</a></li>
<li>all: Fix typos 6a0e04241 <a
href="https://github.com/coliff"><code>@​coliff</code></a></li>
</ul>
<h2>Improvements</h2>
<ul>
<li>create/skeletons: Adjust template names in theme skeleton 75b219db8
<a href="https://github.com/jmooring"><code>@​jmooring</code></a></li>
<li>tpl: Remove some unreached code branches ad4f63c92 <a
href="https://github.com/bep"><code>@​bep</code></a></li>
<li>images: Add some test cases for aligny on images.Text 53202314a <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/13414">#13414</a></li>
<li>images: Add option for vertical alignment to images.Text 2fce0bac0
<a
href="https://github.com/pranshugaba"><code>@​pranshugaba</code></a></li>
</ul>
<h2>Dependency Updates</h2>
<ul>
<li>build(deps): bump github.com/evanw/esbuild from 0.25.2 to 0.25.3
1bd7ac7ed <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li>
<li>build(deps): bump github.com/alecthomas/chroma/v2 from 2.16.0 to
2.17.0 41cb880f9 <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li>
</ul>
<h2>v0.146.7</h2>
<h2>Bug fixes</h2>
<ul>
<li>Revert the breaking change from 0.146.0 with dots in content
filenames 496730840 <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/13632">#13632</a></li>
<li>tpl: Fix indeterminate template lookup with templates with and
without lang 6d69dc88a <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/13636">#13636</a></li>
<li>tpl/collections: Fix where ... not in with empty slice 4eb0e4286 <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/13621">#13621</a></li>
<li>tpl: Fix layout fall back logic when layout is set in front matter
but not found 5e62cc6fc <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/13630">#13630</a></li>
</ul>
<h2>Improvements</h2>
<ul>
<li>parser/metadecoders: Add CSV targetType (map or slice) option to
transform.Unmarshal db72a1f07 <a
href="https://github.com/jmooring"><code>@​jmooring</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/8859">#8859</a></li>
<li>tpl: Detect and fail on infinite template recursion 1408c156d <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/13627">#13627</a></li>
</ul>
<h2>Dependency Updates</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/gohugoio/hugo/commit/7d0039b86ddd6397816cc3383cb0cfa481b15f32"><code>7d0039b</code></a>
releaser: Bump versions for release of 0.147.0</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/07983e04e29986a683c7a9f15d48b83e90aff09c"><code>07983e0</code></a>
tpl: Fix it so we always prefer internal codeblock rendering over
render-code...</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/5c491409d36d31f77cdc0407ed29ae2dca71363b"><code>5c49140</code></a>
tpl/tplimpl: Fix allowFullScreen option in Vimeo and YouTube
shortcodes</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/75b219db896cd0ae962f062b39fd67c38dfc8e5b"><code>75b219d</code></a>
create/skeletons: Adjust template names in theme skeleton</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/ad4f63c92f41824b861d317f9248fb30b7e68076"><code>ad4f63c</code></a>
tpl: Remove some unreached code branches</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/53202314abdd05d8f0b6ffdcef96640ac3267344"><code>5320231</code></a>
images: Add some test cases for aligny on images.Text</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/2fce0bac033d8b7e98046f85f669ba813d862788"><code>2fce0ba</code></a>
images: Add option for vertical alignment to images.Text</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/179aea11ac2ce80a38b211e11fd513cead63b17e"><code>179aea1</code></a>
config: Fix _merge issue when key doesn't exist on the left side</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/61a286595e9a333fef95db1e9a086ef9367b3d87"><code>61a2865</code></a>
Merge commit 'b3d87dd0fd746f07f9afa6e6a2969aea41da6a38'</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/b3d87dd0fd746f07f9afa6e6a2969aea41da6a38"><code>b3d87dd</code></a>
Squashed 'docs/' changes from dc7a9ae12..b654fcba0</li>
<li>Additional commits viewable in <a
href="https://github.com/gohugoio/hugo/compare/v0.146.3...v0.147.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo&package-manager=go_modules&previous-version=0.146.3&new-version=0.147.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-28 12:22:14 +00:00
dependabot[bot] 42e91de81d chore: bump google.golang.org/api from 0.229.0 to 0.230.0 (#17578) 
Bumps
[google.golang.org/api](https://github.com/googleapis/google-api-go-client)
from 0.229.0 to 0.230.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.230.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.229.0...v0.230.0">0.230.0</a>
(2025-04-22)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3111">#3111</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/59f08c8d98394de1311907950ae52b75db151a6a">59f08c8</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3113">#3113</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/40e4fb1ee01719658774befbfc582c20ee06581f">40e4fb1</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3114">#3114</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/f0bb0a13159f29b30624027724b3ea0ad08c0ff0">f0bb0a1</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3115">#3115</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/c122b14b51ab658a5f666b9ec9ab318288c4273d">c122b14</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3117">#3117</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/1c0aadbeaf819dfcb52903b978085ac96c12522c">1c0aadb</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3118">#3118</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/2b6fa61936ada3252efc355ea176dd638c2f5baa">2b6fa61</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3120">#3120</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/18c546ede7af9fae3ff7115c01a31208c3a9d734">18c546e</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3121">#3121</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/ff1b166e4564423ae96c464cad4435db71cefded">ff1b166</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>Removes-redundant (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3095">#3095</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/9e9ff112acacecddc17be15d4f37ca45fb9177ad">9e9ff11</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.229.0...v0.230.0">0.230.0</a>
(2025-04-22)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3111">#3111</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/59f08c8d98394de1311907950ae52b75db151a6a">59f08c8</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3113">#3113</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/40e4fb1ee01719658774befbfc582c20ee06581f">40e4fb1</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3114">#3114</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/f0bb0a13159f29b30624027724b3ea0ad08c0ff0">f0bb0a1</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3115">#3115</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/c122b14b51ab658a5f666b9ec9ab318288c4273d">c122b14</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3117">#3117</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/1c0aadbeaf819dfcb52903b978085ac96c12522c">1c0aadb</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3118">#3118</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/2b6fa61936ada3252efc355ea176dd638c2f5baa">2b6fa61</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3120">#3120</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/18c546ede7af9fae3ff7115c01a31208c3a9d734">18c546e</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3121">#3121</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/ff1b166e4564423ae96c464cad4435db71cefded">ff1b166</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>Removes-redundant (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3095">#3095</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/9e9ff112acacecddc17be15d4f37ca45fb9177ad">9e9ff11</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/e4f4ca981adfca5cdf031dd30c645ee356591d12"><code>e4f4ca9</code></a>
chore(main): release 0.230.0 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3112">#3112</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/ff1b166e4564423ae96c464cad4435db71cefded"><code>ff1b166</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3121">#3121</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/5b0e60da0b3c608ab354297a727eedac9c403fde"><code>5b0e60d</code></a>
chore(all): update all (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3119">#3119</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/18c546ede7af9fae3ff7115c01a31208c3a9d734"><code>18c546e</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3120">#3120</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/2b6fa61936ada3252efc355ea176dd638c2f5baa"><code>2b6fa61</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3118">#3118</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/1c0aadbeaf819dfcb52903b978085ac96c12522c"><code>1c0aadb</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3117">#3117</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/c122b14b51ab658a5f666b9ec9ab318288c4273d"><code>c122b14</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3115">#3115</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/f0bb0a13159f29b30624027724b3ea0ad08c0ff0"><code>f0bb0a1</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3114">#3114</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/9e9ff112acacecddc17be15d4f37ca45fb9177ad"><code>9e9ff11</code></a>
fix: removes-redundant (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3095">#3095</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/40e4fb1ee01719658774befbfc582c20ee06581f"><code>40e4fb1</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3113">#3113</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.229.0...v0.230.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.229.0&new-version=0.230.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-28 12:21:55 +00:00
dependabot[bot] cabfc98030 chore: bump github.com/mark3labs/mcp-go from 0.22.0 to 0.23.1 (#17576) 
Bumps [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go)
from 0.22.0 to 0.23.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/mark3labs/mcp-go/releases">github.com/mark3labs/mcp-go's
releases</a>.</em></p>
<blockquote>
<h2>Release v0.23.1</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(client): prevent panics by <a
href="https://github.com/jkoelker"><code>@​jkoelker</code></a> in <a
href="https://redirect.github.com/mark3labs/mcp-go/pull/192">mark3labs/mcp-go#192</a></li>
<li>fix: correct JSON key for client capabilities by <a
href="https://github.com/TBXark"><code>@​TBXark</code></a> in <a
href="https://redirect.github.com/mark3labs/mcp-go/pull/197">mark3labs/mcp-go#197</a></li>
<li>fix(client): check stdio started before sending notification by <a
href="https://github.com/cryo-zd"><code>@​cryo-zd</code></a> in <a
href="https://redirect.github.com/mark3labs/mcp-go/pull/199">mark3labs/mcp-go#199</a></li>
<li>fix(client): potential risk of sending on closed channel by <a
href="https://github.com/cryo-zd"><code>@​cryo-zd</code></a> in <a
href="https://redirect.github.com/mark3labs/mcp-go/pull/194">mark3labs/mcp-go#194</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/TBXark"><code>@​TBXark</code></a> made
their first contribution in <a
href="https://redirect.github.com/mark3labs/mcp-go/pull/197">mark3labs/mcp-go#197</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/mark3labs/mcp-go/compare/v0.23.0...v0.23.1">https://github.com/mark3labs/mcp-go/compare/v0.23.0...v0.23.1</a></p>
<h2>Release v0.23.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Export SendNotificationToAllClients by <a
href="https://github.com/scottfeldman"><code>@​scottfeldman</code></a>
in <a
href="https://redirect.github.com/mark3labs/mcp-go/pull/176">mark3labs/mcp-go#176</a></li>
<li>feat(server): Add hooks.AddOnUnregisterSession functionality by <a
href="https://github.com/robert-jackson-glean"><code>@​robert-jackson-glean</code></a>
in <a
href="https://redirect.github.com/mark3labs/mcp-go/pull/175">mark3labs/mcp-go#175</a></li>
<li>Refact: pre-allocate memory for memory-efficiency by <a
href="https://github.com/cryo-zd"><code>@​cryo-zd</code></a> in <a
href="https://redirect.github.com/mark3labs/mcp-go/pull/178">mark3labs/mcp-go#178</a></li>
<li>fix sse shutdown by <a
href="https://github.com/karngyan"><code>@​karngyan</code></a> in <a
href="https://redirect.github.com/mark3labs/mcp-go/pull/128">mark3labs/mcp-go#128</a></li>
<li>fix: update spec link by <a
href="https://github.com/warjiang"><code>@​warjiang</code></a> in <a
href="https://redirect.github.com/mark3labs/mcp-go/pull/188">mark3labs/mcp-go#188</a></li>
<li>Add <code>InProcessTransport</code> by <a
href="https://github.com/dugenkui03"><code>@​dugenkui03</code></a> in <a
href="https://redirect.github.com/mark3labs/mcp-go/pull/189">mark3labs/mcp-go#189</a></li>
<li>Optimize capability and notification according to specification by
<a href="https://github.com/dugenkui03"><code>@​dugenkui03</code></a> in
<a
href="https://redirect.github.com/mark3labs/mcp-go/pull/184">mark3labs/mcp-go#184</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/scottfeldman"><code>@​scottfeldman</code></a>
made their first contribution in <a
href="https://redirect.github.com/mark3labs/mcp-go/pull/176">mark3labs/mcp-go#176</a></li>
<li><a href="https://github.com/cryo-zd"><code>@​cryo-zd</code></a> made
their first contribution in <a
href="https://redirect.github.com/mark3labs/mcp-go/pull/178">mark3labs/mcp-go#178</a></li>
<li><a href="https://github.com/karngyan"><code>@​karngyan</code></a>
made their first contribution in <a
href="https://redirect.github.com/mark3labs/mcp-go/pull/128">mark3labs/mcp-go#128</a></li>
<li><a href="https://github.com/warjiang"><code>@​warjiang</code></a>
made their first contribution in <a
href="https://redirect.github.com/mark3labs/mcp-go/pull/188">mark3labs/mcp-go#188</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/mark3labs/mcp-go/compare/v0.22.0...v0.23.0">https://github.com/mark3labs/mcp-go/compare/v0.22.0...v0.23.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/mark3labs/mcp-go/commit/edda393a1a231aefaaef41086ba7344e30c6b559"><code>edda393</code></a>
fix potential risk of sending on closed channel (<a
href="https://redirect.github.com/mark3labs/mcp-go/issues/194">#194</a>)</li>
<li><a
href="https://github.com/mark3labs/mcp-go/commit/6e000c30767a9e03f90d2a3932af91c620945323"><code>6e000c3</code></a>
check stdio start before sending notification (<a
href="https://redirect.github.com/mark3labs/mcp-go/issues/199">#199</a>)</li>
<li><a
href="https://github.com/mark3labs/mcp-go/commit/fb13cfbf97dfa75c4245e3924a8e9ced99871a55"><code>fb13cfb</code></a>
fix: correct JSON key for client capabilities (<a
href="https://redirect.github.com/mark3labs/mcp-go/issues/197">#197</a>)</li>
<li><a
href="https://github.com/mark3labs/mcp-go/commit/d343bff720e8ce4c21415dd7bb253bd107d2d0d7"><code>d343bff</code></a>
fix(client): prevent panics (<a
href="https://redirect.github.com/mark3labs/mcp-go/issues/192">#192</a>)</li>
<li><a
href="https://github.com/mark3labs/mcp-go/commit/781b7327ad04888293d38d0bf0a9cd0588d3af79"><code>781b732</code></a>
optimize capability and notification (<a
href="https://redirect.github.com/mark3labs/mcp-go/issues/184">#184</a>)</li>
<li><a
href="https://github.com/mark3labs/mcp-go/commit/6760d870f40fa9df86a733170d2d3951ebe5659c"><code>6760d87</code></a>
in process transport (<a
href="https://redirect.github.com/mark3labs/mcp-go/issues/189">#189</a>)</li>
<li><a
href="https://github.com/mark3labs/mcp-go/commit/be0d8cbfe8cefde1ad0116b76b4abebd93bf323f"><code>be0d8cb</code></a>
fix: update spec link (<a
href="https://redirect.github.com/mark3labs/mcp-go/issues/188">#188</a>)</li>
<li><a
href="https://github.com/mark3labs/mcp-go/commit/2e4af4cf0c6dd36013aeb725f547ad4963c2155d"><code>2e4af4c</code></a>
fix sse shutdown (<a
href="https://redirect.github.com/mark3labs/mcp-go/issues/128">#128</a>)</li>
<li><a
href="https://github.com/mark3labs/mcp-go/commit/9f39a43b4e9d756e386289dd687f57cf9ffacfe0"><code>9f39a43</code></a>
Merge branch 'main' of github.com:mark3labs/mcp-go</li>
<li><a
href="https://github.com/mark3labs/mcp-go/commit/dd7dcc515d62b442b53b1789a4d41959547719a3"><code>dd7dcc5</code></a>
Fix spelling</li>
<li>Additional commits viewable in <a
href="https://github.com/mark3labs/mcp-go/compare/v0.22.0...v0.23.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/mark3labs/mcp-go&package-manager=go_modules&previous-version=0.22.0&new-version=0.23.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-28 12:20:30 +00:00
Danny Kopping e0483e3136 feat: add prebuilds metrics collector (#17547) 
Closes https://github.com/coder/internal/issues/509

---------

Signed-off-by: Danny Kopping <dannykopping@gmail.com>
 2025-04-28 12:28:56 +02:00
Hugo Dutka b47d54d777 chore: cache terraform providers between CI test runs (#17373) 
Addresses https://github.com/coder/internal/issues/322.

This PR starts caching Terraform providers used by `TestProvision` in
`provisioner/terraform/provision_test.go`. The goal is to improve the
reliability of this test by cutting down on the number of network calls
to external services. It leverages GitHub Actions cache, which [on depot
runners is persisted for 14 days by
default](https://depot.dev/docs/github-actions/overview#cache-retention-policy).

Other than the aforementioned `TestProvision`, I couldn't find any other
tests which depend on external terraform providers.
 2025-04-28 10:57:24 +02:00
Danny Kopping 08ad910171 feat: add prebuilds configuration & bootstrapping (#17527) 
Closes https://github.com/coder/internal/issues/508

---------

Signed-off-by: Danny Kopping <dannykopping@gmail.com>
Co-authored-by: Cian Johnston <cian@coder.com>
 2025-04-25 11:07:15 +02:00
Jaayden Halko e562e3c882 chore: mark parameters as required (#17551) 
This adds a red asterisk next to a parameter name if it is required and
marks passes the parameter required value to input and textarea form
controls.

The multi-select combobox needs additional work (in a separate PR) so
that it can handle the required prop correctly for form submit.

<img width="544" alt="Screenshot 2025-04-24 at 00 02 10"
src="https://github.com/user-attachments/assets/5c6758d3-41a4-444d-b7e9-e1fe011703d3"
/>
 2025-04-24 17:14:21 -04:00