shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-07 23:18:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,820 Commits 1,148 Branches 344 Tags
596e55b13630b43decdfd40df9dbcfc6507dabcb
Commit Graph

1279 Commits

Author SHA1 Message Date
Ethan 7e89534d32 chore: use coder/hc-install fork to fix expired PGP key verification (#24516) 
hc-install's bundled HashiCorp release-signing pubkey contains both the
original armored block and a refreshed one, but
`openpgp.ReadArmoredKeyRing` only decodes the first, so the verifier
sees the expired key and terraform installs (and `TestInstall`) fail
with `openpgp: key expired`.

Point `github.com/hashicorp/hc-install` at our fork, which parses every
armored block and merges entities by fingerprint so the refreshed
self-signature wins. We can drop the go mod replace once
https://github.com/hashicorp/hc-install/pull/371 (or an equivalent
upstream fix) ships.

Relates to https://github.com/coder/internal/issues/1476
 2026-04-20 13:26:28 +10:00
Mathias Fredriksson 6b0bb02e5d fix: server-side diffs and stricter fuzzy splicing for edit_files (#24454) 
Fixes three classes of edit_files bugs and adds structured per-file
diff output for tool callers:

- New IncludeDiff flag on FileEditRequest; when set, the agent
  returns FileEditResponse.Files[]{Path, Diff} with unified diffs
  computed via go-udiff v0.4.1 Lines + ToUnified (not Unified,
  which calls log.Fatalf on internal error).
- Fuzzy match comparators split each line into leading whitespace,
  body, trailing whitespace, and ending. The splice substitutes at
  each position: on agreement between search and replace the file's
  bytes win; on disagreement the replacement's bytes are spliced
  verbatim. Carve-outs for empty-body lines, multi-line EOF splices,
  and level-aware indent translation for inserted lines.
- Indent-unit detection (GCD for spaces, tab-priority) lets a 4sp
  LLM search insert correctly into tab or 2sp files. Falls back to
  the previous cLead-inheritance path when units can't be detected
  cleanly.
- Empty search is rejected with "search string must not be empty".
- Duplicate file paths in one request are rejected; symlink aliases
  resolved via api.resolvePath before the dedup check.
- Frontend EditFilesRenderer consumes the structured files array by
  explicit path (no label munging) with per-file synthetic fallback
  for older agents or mismatched paths. On error, no diff is
  rendered so the synthetic fallback doesn't misrepresent a
  rejected edit as applied.

Breaking change: AgentConn.EditFiles changes from (ctx, req) error
to (ctx, req) (FileEditResponse, error) in codersdk/workspacesdk.
Source-breaking for external Go consumers; no compat shim per plan
owner.

Out of scope (tracked in CODAGT-214): level-aware indent for
middle-substituted splice lines. Locked in
TestEditFiles_FuzzyIndent_InsertionLevelAware's Lock_* cases plus
TestEditFiles_ReplaceAll_FuzzyIndentGap.
 2026-04-18 16:39:34 +03:00
dependabot[bot] 8e2343f59c chore: bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 (#24504) 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git)
from 5.17.1 to 5.18.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's
releases</a>.</em></p>
<blockquote>
<h2>v5.18.0</h2>
<h2>What's Changed</h2>
<ul>
<li>plumbing: transport/http, Add support for followRedirects policy by
<a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/2004">go-git/go-git#2004</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-git/go-git/compare/v5.17.2...v5.18.0">https://github.com/go-git/go-git/compare/v5.17.2...v5.18.0</a></p>
<h2>v5.17.2</h2>
<h2>What's Changed</h2>
<ul>
<li>build: Update module github.com/go-git/go-git/v5 to v5.17.1
[SECURITY] (releases/v5.x) by <a
href="https://github.com/go-git-renovate"><code>@​go-git-renovate</code></a>[bot]
in <a
href="https://redirect.github.com/go-git/go-git/pull/1941">go-git/go-git#1941</a></li>
<li>dotgit: skip writing pack files that already exist on disk by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1944">go-git/go-git#1944</a></li>
</ul>
<p>⚠️ This release fixes a bug (<a
href="https://redirect.github.com/go-git/go-git/issues/1942">go-git/go-git#1942</a>)
that blocked some users from upgrading to <code>v5.17.1</code>. Thanks
<a href="https://github.com/pskrbasu"><code>@​pskrbasu</code></a> for
reporting it. 🙇</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-git/go-git/compare/v5.17.1...v5.17.2">https://github.com/go-git/go-git/compare/v5.17.1...v5.17.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/go-git/go-git/commit/ea3e7ec9dfc54f577a01afb4dd601c0284604264"><code>ea3e7ec</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/2004">#2004</a>
from go-git/v5-http-hardening</li>
<li><a
href="https://github.com/go-git/go-git/commit/bcd20a9c525826081262a06a9ed9c3167abfcd53"><code>bcd20a9</code></a>
plumbing: transport/http, Add support for followRedirects policy</li>
<li><a
href="https://github.com/go-git/go-git/commit/45ae193b3a60aa8ec8a3e373f7265a7819473d5f"><code>45ae193</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/1944">#1944</a>
from go-git/fix-perms</li>
<li><a
href="https://github.com/go-git/go-git/commit/fda4f7464b597ff33d2dea1c026482a5e900037c"><code>fda4f74</code></a>
storage: filesystem/dotgit, Skip writing pack files that already exist
on disk</li>
<li><a
href="https://github.com/go-git/go-git/commit/2212dc7caeb2a389fe2129923811ef63f75a557a"><code>2212dc7</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/1941">#1941</a>
from go-git/renovate/releases/v5.x-go-github.com-go-...</li>
<li><a
href="https://github.com/go-git/go-git/commit/ebb2d7da7f5d5aebeaa0b5e13276d72d602c1ae3"><code>ebb2d7d</code></a>
build: Update module github.com/go-git/go-git/v5 to v5.17.1
[SECURITY]</li>
<li>See full diff in <a
href="https://github.com/go-git/go-git/compare/v5.17.1...v5.18.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-git/go-git/v5&package-manager=go_modules&previous-version=5.17.1&new-version=5.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-17 22:53:10 +00:00
Danielle Maywood 15d8e4ff9f feat: accept xhigh effort for Anthropic (#24439) 2026-04-16 17:25:34 +01:00
Cian Johnston 2b68a1f4bd chore: update our fork of fantasy/anthropic-sdk-go to fix MarshalJSON over-allocations (#24390) 
Updates go.mod to reference our internal fork of anthropic-sdk-go.

See: https://github.com/coder/anthropic-sdk-go/pull/7

Relates to CODAGT-167

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-15 19:47:09 +01:00
Paweł Banaszewski 34f3d4a92a chore: bump aibridge version (#24368) 
No major feature changes.
New version mostly includes linter changes.
 2026-04-15 14:55:58 +02:00
dependabot[bot] 10f0786966 chore: bump the x group across 1 directory with 7 updates (#24259) 
Bumps the x group with 4 updates in the / directory:
[golang.org/x/crypto](https://github.com/golang/crypto),
[golang.org/x/mod](https://github.com/golang/mod),
[golang.org/x/net](https://github.com/golang/net) and
[golang.org/x/tools](https://github.com/golang/tools).

Updates `golang.org/x/crypto` from 0.49.0 to 0.50.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/crypto/commit/03ca0dcccbd37ba6be80adf74dde8d78a4d72817"><code>03ca0dc</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/crypto/commit/8400f4a938077a7a7817ab7d163d148e371b320b"><code>8400f4a</code></a>
ssh: respect signer's algorithm preference in
pickSignatureAlgorithm</li>
<li><a
href="https://github.com/golang/crypto/commit/81c6cb34a8fc386ed53293cd79e3c0c232ee7366"><code>81c6cb3</code></a>
ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength</li>
<li>See full diff in <a
href="https://github.com/golang/crypto/compare/v0.49.0...v0.50.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/mod` from 0.34.0 to 0.35.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/mod/commit/03901d351deb5bd95deb90714fb75bf8e232cb22"><code>03901d3</code></a>
go.mod: update golang.org/x dependencies</li>
<li>See full diff in <a
href="https://github.com/golang/mod/compare/v0.34.0...v0.35.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/net` from 0.52.0 to 0.53.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/net/commit/a8d1fc14d9e33e1f6842ab78a0127d42cd8fff44"><code>a8d1fc1</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/net/commit/056ac742146af742aa760d690269c02fa238cc7a"><code>056ac74</code></a>
quic: avoid depending on golang.org/x/sys/unix</li>
<li><a
href="https://github.com/golang/net/commit/c85f61116e47b1523036c3005f8b2923b661eb64"><code>c85f611</code></a>
http3: add http3 package for testing in std</li>
<li><a
href="https://github.com/golang/net/commit/805fc81a196b95c3c00f02e135ffb8a8d5582bdf"><code>805fc81</code></a>
http2: add transport API tests</li>
<li><a
href="https://github.com/golang/net/commit/e63b894ab3cd38a1d05396530dccde7ffa3f68d0"><code>e63b894</code></a>
http2: support testing via net/http.Transport.RoundTrip</li>
<li><a
href="https://github.com/golang/net/commit/9ee1e484e5aab0d95b3babbc6f1384d03f4f9e22"><code>9ee1e48</code></a>
http2/hpack: prevent HeaderField from escaping during encoding</li>
<li><a
href="https://github.com/golang/net/commit/1e71bd86e4a302b4e731bc06da6eb51679c7bd49"><code>1e71bd8</code></a>
http2: prevent hanging Transport due to bad SETTINGS frame</li>
<li><a
href="https://github.com/golang/net/commit/7bca15042b9d2bda1402cb42232a9c6ddbae6212"><code>7bca150</code></a>
internal/http3: respect net/http Server Shutdown context when shutting
down</li>
<li><a
href="https://github.com/golang/net/commit/44c41bee5028537e64410b1583e8ae329ceac284"><code>44c41be</code></a>
internal/http3: prevent server from holding mutex when sleeping during
shutdown</li>
<li><a
href="https://github.com/golang/net/commit/228a67a374710bff77fc490e7f538b317c34e247"><code>228a67a</code></a>
internal/http3: add CloseIdleConnections support in transport</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/net/compare/v0.52.0...v0.53.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/sys` from 0.42.0 to 0.43.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/sys/commit/f33a730cd0c449cfd6f7106780c73052e96cc33d"><code>f33a730</code></a>
windows: support nil security descriptor on GetNamedSecurityInfo</li>
<li><a
href="https://github.com/golang/sys/commit/493d1725989a7a3f3582adfa68faf7207aec666b"><code>493d172</code></a>
cpu: add runtime import in cpu_darwin_arm64_other.go</li>
<li><a
href="https://github.com/golang/sys/commit/2c2be756b97dee6d15aba69839acfbd4e0f3ccc5"><code>2c2be75</code></a>
windows: use syscall.SyscallN in Proc.Call</li>
<li><a
href="https://github.com/golang/sys/commit/a76ec62d6c5389e4fe51c659ba926bf71e471a67"><code>a76ec62</code></a>
cpu: roll back &quot;use IsProcessorFeaturePresent to calculate ARM64 on
windows&quot;</li>
<li>See full diff in <a
href="https://github.com/golang/sys/compare/v0.42.0...v0.43.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/term` from 0.41.0 to 0.42.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/term/commit/52b71d3344c86b384ed34ebf73f1e6f37044fe79"><code>52b71d3</code></a>
go.mod: update golang.org/x dependencies</li>
<li>See full diff in <a
href="https://github.com/golang/term/compare/v0.41.0...v0.42.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/text` from 0.35.0 to 0.36.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/text/commit/8577a70117e110160c45f32af0e0df84eef844f7"><code>8577a70</code></a>
go.mod: update golang.org/x dependencies</li>
<li>See full diff in <a
href="https://github.com/golang/text/compare/v0.35.0...v0.36.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/tools` from 0.43.0 to 0.44.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/3dd188df80fd3563559f02e4eeb10ba1043cce55"><code>3dd188d</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/aebd87084e63fd3aa0a5222eeae28af6c2e33629"><code>aebd870</code></a>
gopls: improve doc link matching to support links followed by a
colon</li>
<li><a
href="https://github.com/golang/tools/commit/5357b43c088d8403d5fcd9992431db0a351ce922"><code>5357b43</code></a>
go/analysis/passes/modernize: rangeint: handle type parameter
constraints</li>
<li><a
href="https://github.com/golang/tools/commit/bf04c618d518f244d26fb5c7ad77d893f8b1fc4d"><code>bf04c61</code></a>
go/types/internal/play: show normal terms of selected type</li>
<li><a
href="https://github.com/golang/tools/commit/0ae2de027e10d7a0530ecf7ccc2db8df8aa5dcb3"><code>0ae2de0</code></a>
gopls/internal/filecache: cache decoded objects in memCache</li>
<li><a
href="https://github.com/golang/tools/commit/8e51a5fb67f9b3e2b32792f21e727664ca6561e2"><code>8e51a5f</code></a>
go/ssa: support direct references to embedded fields in struct lit</li>
<li><a
href="https://github.com/golang/tools/commit/5005b9e710b3c1eef7e5077c77289410729919ec"><code>5005b9e</code></a>
internal/gcimporter: rename ureader_yes.go to ureader.go</li>
<li><a
href="https://github.com/golang/tools/commit/5ca865bb7d52012b73ac379c5aec59b3d04efce8"><code>5ca865b</code></a>
go/types/objectpath: add debugging command</li>
<li><a
href="https://github.com/golang/tools/commit/f6476fbaabd396b58618b473e4eb71e1f532b495"><code>f6476fb</code></a>
internal/gcimporter: consume generic methods in gcimporter</li>
<li><a
href="https://github.com/golang/tools/commit/b36d1d12a1a724eb9be6609c9789aec3d99e6030"><code>b36d1d1</code></a>
internal/pkgbits: sync version.go with goroot</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.43.0...v0.44.0">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-14 11:17:52 +00:00
Lukasz 03d662a06c build: bump Go toolchain to 1.25.9 (#24293) 
Bumps the Go toolchain from 1.25.8 to 1.25.9 across `go.mod`, the shared
setup-go action, and the dogfood image.
This keeps local builds, CI, and containerized workflows aligned on the
latest patch release, including the updated Go tarball checksum in the
Dockerfile.
 2026-04-14 12:15:31 +02:00
Yevhenii Shcherbina b78eba9f9d feat: make sure creds are always masked (#24241) 
## Summary  
Adds a `sanitizeCredentialHint` safety check in the db-to-SDK conversion
layer to ensure credential hints are always masked before being exposed
in the API. Also adds `credential_kind` and `credential_hint` assertions
to the session threads API test.
 2026-04-13 10:14:38 -04:00
dependabot[bot] 0552b927b2 chore: bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.67.0 to 0.68.0 (#24078) 
Bumps
[go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib)
from 0.67.0 to 0.68.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/releases">go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's
releases</a>.</em></p>
<blockquote>
<h2>Release
v1.43.0/v2.5.0/v0.68.0/v0.37.0/v0.23.0/v0.18.0/v0.16.0/v0.15.0</h2>
<h2>Added</h2>
<ul>
<li>Add <code>Resource</code> method to <code>SDK</code> in
<code>go.opentelemetry.io/contrib/otelconf/v0.3.0</code> to expose the
resolved SDK resource from declarative configuration. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8660">#8660</a>)</li>
<li>Add support to set the configuration file via
<code>OTEL_CONFIG_FILE</code> in
<code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8639">#8639</a>)</li>
<li>Add support for <code>service</code> resource detector in
<code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8674">#8674</a>)</li>
<li>Add support for <code>attribute_count_limit</code> and
<code>attribute_value_length_limit</code> in tracer provider
configuration in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8687">#8687</a>)</li>
<li>Add support for <code>attribute_count_limit</code> and
<code>attribute_value_length_limit</code> in logger provider
configuration in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8686">#8686</a>)</li>
<li>Add support for <code>server.address</code> and
<code>server.port</code> attributes in
<code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8723">#8723</a>)</li>
<li>Add support for <code>OTEL_SEMCONV_STABILITY_OPT_IN</code> in
<code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>.
Supported values are <code>rpc</code> (default), <code>rpc/dup</code>
and <code>rpc/old</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8726">#8726</a>)</li>
<li>Add the <code>http.route</code> metric attribute to
<code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8632">#8632</a>)</li>
</ul>
<h2>Changed</h2>
<ul>
<li>Prepend <code>_</code> to the normalized environment variable name
when the key starts with a digit in
<code>go.opentelemetry.io/contrib/propagators/envcar</code>, ensuring
POSIX compliance. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8678">#8678</a>)</li>
<li>Move experimental types from
<code>go.opentelemetry.io/contrib/otelconf</code> to
<code>go.opentelemetry.io/contrib/otelconf/x</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8529">#8529</a>)</li>
<li>Normalize cached environment variable names in
<code>go.opentelemetry.io/contrib/propagators/envcar</code>, aligning
<code>Carrier.Keys</code> output with the carrier's normalized key
format. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8761">#8761</a>)</li>
</ul>
<h2>Fixed</h2>
<ul>
<li>Fix <code>go.opentelemetry.io/contrib/otelconf</code> Prometheus
reader converting OTel dot-style label names (e.g.
<code>service.name</code>) to underscore-style
(<code>service_name</code>) in <code>target_info</code> when both
<code>without_type_suffix</code> and <code>without_units</code> are set.
Use <code>NoTranslation</code> instead of
<code>UnderscoreEscapingWithoutSuffixes</code> to preserve dot-style
label names while still suppressing metric name suffixes. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8763">#8763</a>)</li>
<li>Limit the request body size at 1MB in
<code>go.opentelemetry.io/contrib/zpages</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8656">#8656</a>)</li>
<li>Fix server spans using the client's address and port for
<code>server.address</code> and <code>server.port</code> attributes in
<code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8723">#8723</a>)</li>
</ul>
<h2>Removed</h2>
<ul>
<li>Host ID resource detector has been removed when configuring the
<code>host</code> resource detector in
<code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8581">#8581</a>)</li>
</ul>
<h2>Deprecated</h2>
<ul>
<li>Deprecate <code>OTEL_EXPERIMENTAL_CONFIG_FILE</code> in favour of
<code>OTEL_CONFIG_FILE</code> in
<code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8639">#8639</a>)</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>chore(deps): update module github.com/jgautheron/goconst to v1.9.0
by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8651">open-telemetry/opentelemetry-go-contrib#8651</a></li>
<li>chore(deps): update module go.yaml.in/yaml/v2 to v2.4.4 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8652">open-telemetry/opentelemetry-go-contrib#8652</a></li>
<li>chore(deps): update golang.org/x/telemetry digest to e526e8a by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8647">open-telemetry/opentelemetry-go-contrib#8647</a></li>
<li>chore(deps): update module k8s.io/klog/v2 to v2.140.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8650">open-telemetry/opentelemetry-go-contrib#8650</a></li>
<li>chore(deps): update module github.com/mgechev/revive to v1.14.0 by
<a href="https://github.com/mmorel-35"><code>@​mmorel-35</code></a> in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8646">open-telemetry/opentelemetry-go-contrib#8646</a></li>
<li>chore(deps): update module github.com/mgechev/revive to v1.15.0 by
<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot]
in <a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8539">open-telemetry/opentelemetry-go-contrib#8539</a></li>
<li>chore: fix noctx issues by <a
href="https://github.com/mmorel-35"><code>@​mmorel-35</code></a> in <a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8645">open-telemetry/opentelemetry-go-contrib#8645</a></li>
<li>chore(deps): update golang.org/x by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8655">open-telemetry/opentelemetry-go-contrib#8655</a></li>
<li>chore(deps): update module codeberg.org/chavacava/garif to v0.2.1 by
<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot]
in <a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8654">open-telemetry/opentelemetry-go-contrib#8654</a></li>
<li>chore(deps): update module github.com/mattn/go-runewidth to v0.0.21
by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8653">open-telemetry/opentelemetry-go-contrib#8653</a></li>
<li>fix(deps): update module go.opentelemetry.io/proto/otlp to v1.10.0
by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8657">open-telemetry/opentelemetry-go-contrib#8657</a></li>
<li>Limit the number of bytes read from the zpages body by <a
href="https://github.com/dmathieu"><code>@​dmathieu</code></a> in <a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8656">open-telemetry/opentelemetry-go-contrib#8656</a></li>
<li>fix(deps): update module github.com/golangci/golangci-lint/v2 to
v2.11.2 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8648">open-telemetry/opentelemetry-go-contrib#8648</a></li>
<li>fix(deps): update module github.com/golangci/golangci-lint/v2 to
v2.11.3 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8661">open-telemetry/opentelemetry-go-contrib#8661</a></li>
<li>chore(deps): update github.com/securego/gosec/v2 digest to 8895462
by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8663">open-telemetry/opentelemetry-go-contrib#8663</a></li>
<li>otelconf: support OTEL_CONFIG_FILE as it is no longer experimental
by <a href="https://github.com/codeboten"><code>@​codeboten</code></a>
in <a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8639">open-telemetry/opentelemetry-go-contrib#8639</a></li>
<li>chore(deps): update module github.com/sonatard/noctx to v0.5.1 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8664">open-telemetry/opentelemetry-go-contrib#8664</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md">go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's
changelog</a>.</em></p>
<blockquote>
<h2>[1.43.0/2.5.0/0.68.0/0.37.0/0.23.0/0.18.0/0.16.0/0.15.0] -
2026-04-03</h2>
<h3>Added</h3>
<ul>
<li>Add <code>Resource</code> method to <code>SDK</code> in
<code>go.opentelemetry.io/contrib/otelconf/v0.3.0</code> to expose the
resolved SDK resource from declarative configuration. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8660">#8660</a>)</li>
<li>Add support to set the configuration file via
<code>OTEL_CONFIG_FILE</code> in
<code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8639">#8639</a>)</li>
<li>Add support for <code>service</code> resource detector in
<code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8674">#8674</a>)</li>
<li>Add support for <code>attribute_count_limit</code> and
<code>attribute_value_length_limit</code> in tracer provider
configuration in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8687">#8687</a>)</li>
<li>Add support for <code>attribute_count_limit</code> and
<code>attribute_value_length_limit</code> in logger provider
configuration in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8686">#8686</a>)</li>
<li>Add support for <code>server.address</code> and
<code>server.port</code> attributes in
<code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8723">#8723</a>)</li>
<li>Add support for <code>OTEL_SEMCONV_STABILITY_OPT_IN</code> in
<code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>.
Supported values are <code>rpc</code> (default), <code>rpc/dup</code>
and <code>rpc/old</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8726">#8726</a>)</li>
<li>Add the <code>http.route</code> metric attribute to
<code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8632">#8632</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Prepend <code>_</code> to the normalized environment variable name
when the key starts with a digit in
<code>go.opentelemetry.io/contrib/propagators/envcar</code>, ensuring
POSIX compliance. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8678">#8678</a>)</li>
<li>Move experimental types from
<code>go.opentelemetry.io/contrib/otelconf</code> to
<code>go.opentelemetry.io/contrib/otelconf/x</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8529">#8529</a>)</li>
<li>Normalize cached environment variable names in
<code>go.opentelemetry.io/contrib/propagators/envcar</code>, aligning
<code>Carrier.Keys</code> output with the carrier's normalized key
format. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8761">#8761</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix <code>go.opentelemetry.io/contrib/otelconf</code> Prometheus
reader converting OTel dot-style label names (e.g.
<code>service.name</code>) to underscore-style
(<code>service_name</code>) in <code>target_info</code> when both
<code>without_type_suffix</code> and <code>without_units</code> are set.
Use <code>NoTranslation</code> instead of
<code>UnderscoreEscapingWithoutSuffixes</code> to preserve dot-style
label names while still suppressing metric name suffixes. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8763">#8763</a>)</li>
<li>Limit the request body size at 1MB in
<code>go.opentelemetry.io/contrib/zpages</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8656">#8656</a>)</li>
<li>Fix server spans using the client's address and port for
<code>server.address</code> and <code>server.port</code> attributes in
<code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8723">#8723</a>)</li>
</ul>
<h3>Removed</h3>
<ul>
<li>Host ID resource detector has been removed when configuring the
<code>host</code> resource detector in
<code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8581">#8581</a>)</li>
</ul>
<h3>Deprecated</h3>
<ul>
<li>Deprecate <code>OTEL_EXPERIMENTAL_CONFIG_FILE</code> in favour of
<code>OTEL_CONFIG_FILE</code> in
<code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8639">#8639</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/45977a4b9cf4a60effd1ee07367043f7e9bcae66"><code>45977a4</code></a>
Release v1.43.0/v2.5.0/v0.68.0/v0.37.0/v0.23.0/v0.18.0/v0.16.0/v0.15.0
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8769">#8769</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/0fcc1524d1a740b3632db418f73236d29536f119"><code>0fcc152</code></a>
fix(deps): update module
github.com/googlecloudplatform/opentelemetry-operati...</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/eaba3cdaa1559cc7425644e21a389f227e30dc86"><code>eaba3cd</code></a>
chore(deps): update googleapis to 6f92a3b (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8776">#8776</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/6df430c48045ad1221f203c01f6656367dd46fd1"><code>6df430c</code></a>
chore(deps): update module github.com/jgautheron/goconst to v1.10.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8771">#8771</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/ae90e3237e8d8f14bc3f181e1f82feb1686604f0"><code>ae90e32</code></a>
Fix otelconf prometheus label escaping (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8763">#8763</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/f202c3f8000fe3e681621808b5e316fe4749850a"><code>f202c3f</code></a>
otelconf: move experimental types to otelconf/x (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8529">#8529</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/8ddaecee1cc531ae753d4812842745bdfb805208"><code>8ddaece</code></a>
fix(deps): update aws-sdk-go-v2 monorepo (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8764">#8764</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/c7c03a47d4cf7252728b11efd78e2159b437dbd2"><code>c7c03a4</code></a>
chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8766">#8766</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/717a85a20313ac21712dd055ba2ede71205889e8"><code>717a85a</code></a>
envcar: normalize cached environment variable names (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8761">#8761</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/ad990b6d55811953d06ec88720fa373931fa1a27"><code>ad990b6</code></a>
fix(deps): update module github.com/aws/smithy-go to v1.24.3 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8765">#8765</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.67.0...zpages/v0.68.0">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-10 20:33:49 +00:00
dependabot[bot] 16b1b6865d chore: bump google.golang.org/api from 0.274.0 to 0.275.0 (#24260) 
Bumps
[google.golang.org/api](https://github.com/googleapis/google-api-go-client)
from 0.274.0 to 0.275.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.275.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.274.0...v0.275.0">0.275.0</a>
(2026-04-07)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3557">#3557</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/2b2ef99cb9f245743690a4d26e4fdc65287253e0">2b2ef99</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3560">#3560</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/9437d4d741a6ae9e1c20a6f727b9c8f64e1bc19e">9437d4d</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.274.0...v0.275.0">0.275.0</a>
(2026-04-07)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3557">#3557</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/2b2ef99cb9f245743690a4d26e4fdc65287253e0">2b2ef99</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3560">#3560</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/9437d4d741a6ae9e1c20a6f727b9c8f64e1bc19e">9437d4d</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/d43aa15bdf02279f1beaa366b551587391355265"><code>d43aa15</code></a>
chore(main): release 0.275.0 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3558">#3558</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/9437d4d741a6ae9e1c20a6f727b9c8f64e1bc19e"><code>9437d4d</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3560">#3560</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/0a62c64ae95b23c6ecb9fc71db89f09c479b0442"><code>0a62c64</code></a>
chore(all): update cloud.google.com/go/auth to v0.20.0 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3559">#3559</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/2b2ef99cb9f245743690a4d26e4fdc65287253e0"><code>2b2ef99</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3557">#3557</a>)</li>
<li>See full diff in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.274.0...v0.275.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.274.0&new-version=0.275.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-10 20:19:22 +00:00
dependabot[bot] 897533f08d chore: bump github.com/coreos/go-oidc/v3 from 3.17.0 to 3.18.0 (#24261) 
Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc)
from 3.17.0 to 3.18.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/coreos/go-oidc/releases">github.com/coreos/go-oidc/v3's
releases</a>.</em></p>
<blockquote>
<h2>v3.18.0</h2>
<h2>What's Changed</h2>
<ul>
<li>.github: configure dependabot by <a
href="https://github.com/ericchiang"><code>@​ericchiang</code></a> in <a
href="https://redirect.github.com/coreos/go-oidc/pull/477">coreos/go-oidc#477</a></li>
<li>.github: update go versions in CI by <a
href="https://github.com/ericchiang"><code>@​ericchiang</code></a> in <a
href="https://redirect.github.com/coreos/go-oidc/pull/480">coreos/go-oidc#480</a></li>
<li>build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.36.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/coreos/go-oidc/pull/478">coreos/go-oidc#478</a></li>
<li>build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/coreos/go-oidc/pull/479">coreos/go-oidc#479</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/coreos/go-oidc/compare/v3.17.0...v3.18.0">https://github.com/coreos/go-oidc/compare/v3.17.0...v3.18.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/coreos/go-oidc/commit/da6b3bfca8af72414ee0e6e8746585ff5d206003"><code>da6b3bf</code></a>
build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4</li>
<li><a
href="https://github.com/coreos/go-oidc/commit/7f80694215d5eb5b28f851f35845439b1e1e9e5d"><code>7f80694</code></a>
build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.36.0</li>
<li><a
href="https://github.com/coreos/go-oidc/commit/7271de57587bb756318f9819796ba846b1ba875a"><code>7271de5</code></a>
.github: update go versions in CI</li>
<li><a
href="https://github.com/coreos/go-oidc/commit/3ccf20fdc4afab7c64881a108d6f4c17a4ecc24d"><code>3ccf20f</code></a>
.github: configure dependabot</li>
<li>See full diff in <a
href="https://github.com/coreos/go-oidc/compare/v3.17.0...v3.18.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/coreos/go-oidc/v3&package-manager=go_modules&previous-version=3.17.0&new-version=3.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-10 20:19:21 +00:00
dependabot[bot] b68c14dd04 chore: bump github.com/hashicorp/go-getter from 1.8.4 to 1.8.6 (#24247) 
Bumps
[github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter)
from 1.8.4 to 1.8.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/go-getter/releases">github.com/hashicorp/go-getter's
releases</a>.</em></p>
<blockquote>
<h2>v1.8.6</h2>
<p>No release notes provided.</p>
<h2>v1.8.5</h2>
<h2>What's Changed</h2>
<ul>
<li>[chore] : Bump the go group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/576">hashicorp/go-getter#576</a></li>
<li>use %w to wrap error by <a
href="https://github.com/Ericwww"><code>@​Ericwww</code></a> in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/475">hashicorp/go-getter#475</a></li>
<li>fix: <a
href="https://redirect.github.com/hashicorp/go-getter/issues/538">#538</a>
http file download skipped if headResp.ContentLength is 0 by <a
href="https://github.com/martijnvdp"><code>@​martijnvdp</code></a> in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/539">hashicorp/go-getter#539</a></li>
<li>chore: fix error message capitalization in checksum function by <a
href="https://github.com/ssagarverma"><code>@​ssagarverma</code></a> in
<a
href="https://redirect.github.com/hashicorp/go-getter/pull/578">hashicorp/go-getter#578</a></li>
<li>[chore] : Bump the go group with 8 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/577">hashicorp/go-getter#577</a></li>
<li>Fix git url with ambiguous ref by <a
href="https://github.com/nimasamii"><code>@​nimasamii</code></a> in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/382">hashicorp/go-getter#382</a></li>
<li>fix: resolve compilation errors in get_git_test.go by <a
href="https://github.com/CreatorHead"><code>@​CreatorHead</code></a> in
<a
href="https://redirect.github.com/hashicorp/go-getter/pull/579">hashicorp/go-getter#579</a></li>
<li>[chore] : Bump the actions group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/582">hashicorp/go-getter#582</a></li>
<li>[chore] : Bump the go group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/583">hashicorp/go-getter#583</a></li>
<li>test that arbitrary files cannot be checksummed by <a
href="https://github.com/schmichael"><code>@​schmichael</code></a> in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/250">hashicorp/go-getter#250</a></li>
<li>[chore] : Bump google.golang.org/api from 0.260.0 to 0.262.0 in the
go group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/585">hashicorp/go-getter#585</a></li>
<li>[chore] : Bump actions/checkout from 6.0.1 to 6.0.2 in the actions
group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/586">hashicorp/go-getter#586</a></li>
<li>[chore] : Bump the go group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/588">hashicorp/go-getter#588</a></li>
<li>[chore] : Bump actions/cache from 5.0.2 to 5.0.3 in the actions
group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/589">hashicorp/go-getter#589</a></li>
<li>[chore] : Bump aws-actions/configure-aws-credentials from 5.1.1 to
6.0.0 in the actions group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/592">hashicorp/go-getter#592</a></li>
<li>[chore] : Bump google.golang.org/api from 0.264.0 to 0.265.0 in the
go group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/591">hashicorp/go-getter#591</a></li>
<li>[chore] : Bump the go group with 5 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/593">hashicorp/go-getter#593</a></li>
<li>IND-6310 - CRT Onboarding by <a
href="https://github.com/nasareeny"><code>@​nasareeny</code></a> in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/584">hashicorp/go-getter#584</a></li>
<li>Fix crt build path by <a
href="https://github.com/ssagarverma"><code>@​ssagarverma</code></a> in
<a
href="https://redirect.github.com/hashicorp/go-getter/pull/594">hashicorp/go-getter#594</a></li>
<li>[chore] : Bump the go group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/596">hashicorp/go-getter#596</a></li>
<li>fix: remove checkout action from set-product-version job by <a
href="https://github.com/ssagarverma"><code>@​ssagarverma</code></a> in
<a
href="https://redirect.github.com/hashicorp/go-getter/pull/598">hashicorp/go-getter#598</a></li>
<li>[chore] : Bump the actions group with 4 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/595">hashicorp/go-getter#595</a></li>
<li>fix(deps): upgrade go.opentelemetry.io/otel/sdk to v1.40.0
(GO-2026-4394) by <a
href="https://github.com/ssagarverma"><code>@​ssagarverma</code></a> in
<a
href="https://redirect.github.com/hashicorp/go-getter/pull/599">hashicorp/go-getter#599</a></li>
<li>Prepare go-getter for v1.8.5 release by <a
href="https://github.com/nasareeny"><code>@​nasareeny</code></a> in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/597">hashicorp/go-getter#597</a></li>
<li>[chore] : Bump the actions group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/600">hashicorp/go-getter#600</a></li>
<li>sec: bump go and xrepos + redact aws tokens in url by <a
href="https://github.com/dduzgun-security"><code>@​dduzgun-security</code></a>
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/604">hashicorp/go-getter#604</a></li>
</ul>
<p><strong>NOTES:</strong></p>
<p>Binary Distribution Update: To streamline our release process and
align with other HashiCorp tools, all release binaries will now be
published exclusively to the official HashiCorp <a
href="https://releases.hashicorp.com/go-getter/">release</a> site. We
will no longer attach release assets to GitHub Releases.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Ericwww"><code>@​Ericwww</code></a> made
their first contribution in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/475">hashicorp/go-getter#475</a></li>
<li><a
href="https://github.com/martijnvdp"><code>@​martijnvdp</code></a> made
their first contribution in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/539">hashicorp/go-getter#539</a></li>
<li><a href="https://github.com/nimasamii"><code>@​nimasamii</code></a>
made their first contribution in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/382">hashicorp/go-getter#382</a></li>
<li><a href="https://github.com/nasareeny"><code>@​nasareeny</code></a>
made their first contribution in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/584">hashicorp/go-getter#584</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/hashicorp/go-getter/compare/v1.8.4...v1.8.5">https://github.com/hashicorp/go-getter/compare/v1.8.4...v1.8.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/hashicorp/go-getter/commit/d23bff48fb87c956bb507a03d35a63ee45470e34"><code>d23bff4</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-getter/issues/608">#608</a>
from hashicorp/dependabot/go_modules/go-security-9c51...</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/2c4aba8e5286c18bc66358236454a3e3b0aa7421"><code>2c4aba8</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-getter/issues/613">#613</a>
from hashicorp/pull/v1.8.6</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/fe61ed9454b818721d81328d7e880fc2ed2c8d15"><code>fe61ed9</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-getter/issues/611">#611</a>
from hashicorp/SECVULN-41053</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/d53365612c5250f7df8d586ba3be70fbd42e613b"><code>d533656</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-getter/issues/606">#606</a>
from hashicorp/pull/CRT</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/388f23d7d40f1f1e1a9f5b40ee5590c08154cd6d"><code>388f23d</code></a>
Additional test for local branch and head</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/b7ceaa59b11a203c14cf58e5fcaa8f169c0ced6e"><code>b7ceaa5</code></a>
harden checkout ref handling and added regression tests</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/769cc14fdb0df5ac548f4ead1193b5c40460f11e"><code>769cc14</code></a>
Release version bump up</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/6086a6a1f6347f735401c26429d9a0e14ad29444"><code>6086a6a</code></a>
Review Comments Addressed</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/e02063cd28e97bb8a23a63e72e2a4a4ab6e982cf"><code>e02063c</code></a>
Revert &quot;SECVULN Fix for git checkout argument injection enables
arbitrary fil...</li>
<li><a
href="https://github.com/hashicorp/go-getter/commit/c93084dc4306b2c49c54fe6fbfbe79c98956e5f8"><code>c93084d</code></a>
[chore] : Bump google.golang.org/grpc</li>
<li>Additional commits viewable in <a
href="https://github.com/hashicorp/go-getter/compare/v1.8.4...v1.8.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/hashicorp/go-getter&package-manager=go_modules&previous-version=1.8.4&new-version=1.8.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-10 15:36:57 +00:00
Ethan ad2415ede7 fix: bump coder/tailscale to pick up RTM_MISS fix (#24187) 
## What

Bumps `coder/tailscale` to
[`e956a95`](https://github.com/coder/tailscale/commit/e956a950740bd737c55451f56e77038f7430a919)
([PR #113](https://github.com/coder/tailscale/pull/113)) to pick up the
`RTM_MISS` fix for the Darwin network monitor.

Already released on `release/2.31` as v2.31.8. (#24185) to unblock a
customer. This PR is to update `main`.

## Why

On Darwin, `RTM_MISS` route-socket messages (fired on every failed route
lookup) were not filtered by `netmon`, causing each one to be treated as
a `LinkChange`. When netcheck sends STUN probes to an IPv6 address with
no route, this creates a self-sustaining feedback loop: `RTM_MISS` →
`LinkChange` → `ReSTUN` → netcheck → v6 STUN probe → `RTM_MISS` → …

The loop drives DERP home-region flapping at ~70× baseline, which at
fleet scale saturates PostgreSQL's `NOTIFY` lock and causes coordinator
health-check timeouts.

The upstream fix adds a single `if msg.Type == unix.RTM_MISS { return
true }` check to `skipRouteMessage`. This is safe because `RTM_MISS` is
a lookup-path signal, not a table-mutation signal — route withdrawals
always emit `RTM_DELETE` before any subsequent lookup can miss.

Of note is that this issue has only been reported recently, since users
updated to macOS 26.4.

Relates to ENG-2394
 2026-04-09 13:22:56 -04:00
Cian Johnston 27e5ff0a8e chore: update to our fork of charm.land/fantasy with appendCompact perf improvement (#24142) 
Fixes CODAGT-117

Updates go.mod to reference our forks of the following dependencies:
* charmbracelet/anthropic-sdk-go =>
https://github.com/coder/anthropic-sdk-go/tree/coder_2_33
* charm.land/fantasy => https://github.com/coder/fantasy/tree/coder_2_33
 2026-04-09 13:08:19 +01:00
Yevhenii Shcherbina 7f496c2f18 feat: byok-observability for aibridge (#23808) 
## Summary

Adds `credential_kind` and `credential_hint` columns to
`aibridge_interceptions` to record how each LLM request was
authenticated and provide a masked credential identifier for audit
purposes.

This enables admins to distinguish between centralized API keys,
personal API keys, and subscription-based credentials in the
interceptions audit log.

## Changes

- New migration adding `credential_kind`and `credential_hint` to
`aibridge_interceptions`
- Updated `InsertAIBridgeInterception` query and proto definition to
carry the new fields
- Wired proto fields through `translator.go` and `aibridgedserver.go` to
the database

Depends on https://github.com/coder/aibridge/pull/239
 2026-04-08 13:24:28 -04:00
Michael Suchacz 590235138f fix: pin fixed anthropic/fantasy forks for streaming token accounting (#24077) 2026-04-08 17:07:39 +00:00
Kyle Carberry b969d66978 feat: add dynamic tools support for chat API (#24036) 
Adds client-executed dynamic tools to the chat API. Dynamic tools are
declared by the client at chat creation time, presented to the LLM
alongside built-in tools, but executed by the client rather than chatd.
This enables external systems (Slack bots, IDE extensions, Discord bots,
CI/CD integrations) to plug custom tools into the LLM chat loop without
modifying chatd's built-in tool set.

Modeled after OpenAI's Assistants API: the chat pauses with
`requires_action` status when the LLM calls a dynamic tool, the client
POSTs results back via `POST /chats/{id}/tool-results`, and the chat
resumes.

See [this example](https://github.com/coder/coder-slackbot-poc) as a
reference for how this is used. It's highly-configurable, which would
enable creating chats from webhooks, periodically polling, or running as
a Slackbot.

<details>
<summary>Design context</summary>

### Architecture

The chatloop **exits** when it encounters dynamic tools and
**re-enters** when results arrive. No blocking channels, no pubsub for
tool results, no in-memory registry. The DB is the only coordination
mechanism.

```
Phase 1 (chatloop):
  LLM response → execute built-in tools only →
  Persist(assistant + built-in results) →
  status = requires_action → chatloop exits

Phase 2 (POST /tool-results):
  Persist(dynamic tool results) →
  status = pending → wakeCh → chatloop re-enters
```

### Validation (POST /tool-results)

1. Chat status must be `requires_action` (409 if not)
2. Read chat's `dynamic_tools` → set of dynamic tool names
3. Read last assistant message → extract tool-call parts matching
dynamic tool names
4. Submitted tool_call_ids must match exactly (400 for missing/extra)
5. Persist tool-result message parts, set status to `pending`, signal
wake

### Idempotency

Tool call IDs scoped per LLM step. State machine (`requires_action` →
`pending`) is the guard. First POST wins, subsequent get 409.

### Mixed tool calls

When the LLM calls both built-in and dynamic tools in one step, built-in
tools execute immediately. Their results are persisted in phase 1.
Dynamic tool results arrive via POST in phase 2. The LLM sees all
results when the chatloop resumes.

</details>

> 🤖 Generated by Coder Agents
 2026-04-08 11:54:44 -04:00
dependabot[bot] d87c5ef439 chore: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.96.0 to 1.97.3 (#24136) 
Bumps
[github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2)
from 1.96.0 to 1.97.3.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/90650dd22735ab68f6089ae5c39b6614286ae9ec"><code>90650dd</code></a>
Release 2026-03-26</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/dd88818bee7d632a8b9da6e2c78ef92e23c94c62"><code>dd88818</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/b662c50138bd393927871b46e84ee3483377f5be"><code>b662c50</code></a>
Update endpoints model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/500a9cb3522a0e71d798d7079ff5856b23c2cac1"><code>500a9cb</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/6221102f763bd65d7e403fa62c3a1e3d39e24dc6"><code>6221102</code></a>
fix stale skew and delayed skew healing (<a
href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/3359">#3359</a>)</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/0a39373433a121800bc68efa743a7486eb07aa3f"><code>0a39373</code></a>
fix order of generated event header handlers (<a
href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/3361">#3361</a>)</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/098f3898271e2eaaf8a92e38d1d928fb018805a6"><code>098f389</code></a>
Only generate resolveAccountID when it's required (<a
href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/3360">#3360</a>)</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/6ebab66428e97db0ee252fea042d56b1313cb9f6"><code>6ebab66</code></a>
Release 2026-03-25</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/b2ec3beebb986a5e74e50d0c105119d84e1e934e"><code>b2ec3be</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/abc126f6b35bfe2f77e2505f6d04f8ceced971ee"><code>abc126f</code></a>
Update API model</li>
<li>Additional commits viewable in <a
href="https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.96.0...service/s3/v1.97.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/aws/aws-sdk-go-v2/service/s3&package-manager=go_modules&previous-version=1.96.0&new-version=1.97.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-08 04:40:17 +00:00
dependabot[bot] ef3e17317c chore: bump github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream from 1.7.6 to 1.7.8 (#24134) 
Bumps
[github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream](https://github.com/aws/aws-sdk-go-v2)
from 1.7.6 to 1.7.8.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/e3b97d2a02cd4e27c40224f05aa1a7deba24abe2"><code>e3b97d2</code></a>
Release 2023-10-12</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/863010ddb23c242c2a5d49d9f40094a6a49b5525"><code>863010d</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/6946ef8b9149fe75ac1b427ca2c7f57cdcb64549"><code>6946ef8</code></a>
Update endpoints model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/6d93ded4536184d38a664b4b75dadd36cbd79878"><code>6d93ded</code></a>
Update API model</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/bebc232e7f65b02d0b519d11e73cf925c38e716f"><code>bebc232</code></a>
fix: fail to load config if configured profile doesn't exist (<a
href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/2309">#2309</a>)</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/5de46742b7fb1b72d93d344ee81568800a707267"><code>5de4674</code></a>
fix DNS timeout error not retried (<a
href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/2300">#2300</a>)</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/e155bb72a2ec20ec61db50fc3d4568e373fa4b63"><code>e155bb7</code></a>
Release 2023-10-06</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/9d342ba33937c562d215f317a37dea121ee9763d"><code>9d342ba</code></a>
Regenerated Clients</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/1df99141a143a38570d64a182ed972ce9e3dba65"><code>1df9914</code></a>
Update SDK's smithy-go dependency to v1.15.0</li>
<li><a
href="https://github.com/aws/aws-sdk-go-v2/commit/32ada3a191ac770b1b24164b667692183fc77ed9"><code>32ada3a</code></a>
Update API model</li>
<li>See full diff in <a
href="https://github.com/aws/aws-sdk-go-v2/compare/service/m2/v1.7.6...service/m2/v1.7.8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream&package-manager=go_modules&previous-version=1.7.6&new-version=1.7.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-08 03:14:12 +00:00
Kyle Carberry 16265e834e chore: update fantasy fork to use github.com/coder/fantasy (#24100) 
Moves the `charm.land/fantasy` replace directive from
`github.com/kylecarbs/fantasy` to `github.com/coder/fantasy`, pointing
at the same `cj/go1.25` branch and commit (`112927d9b6d8`).

> Generated by Coder Agents
 2026-04-07 16:11:49 +01:00
dependabot[bot] 2ea08aa168 chore: bump github.com/gohugoio/hugo from 0.159.2 to 0.160.0 (#24081) 
Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from
0.159.2 to 0.160.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gohugoio/hugo/releases">github.com/gohugoio/hugo's
releases</a>.</em></p>
<blockquote>
<h2>v0.160.0</h2>
<p>Now you can inject <a
href="https://gohugo.io/functions/css/build/#vars">CSS vars</a>, e.g.
from the configuration, into your stylesheets when building with <a
href="https://gohugo.io/functions/css/build/">css.Build</a>. Also, now
all the render hooks has a <a
href="https://gohugo.io/render-hooks/links/#position">.Position</a>
method, now also more accurate and effective.</p>
<h2>Bug fixes</h2>
<ul>
<li>Fix some recently introduced Position issues 4e91e14c <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14710">#14710</a></li>
<li>markup/goldmark: Fix double-escaping of ampersands in link URLs
dc9b51d2 <a href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14715">#14715</a></li>
<li>tpl: Fix stray quotes from partial decorator in script context
43aad711 <a href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14711">#14711</a></li>
</ul>
<h2>Improvements</h2>
<ul>
<li>all: Replace NewIntegrationTestBuilder with Test/TestE/TestRunning
481baa08 <a href="https://github.com/bep"><code>@​bep</code></a></li>
<li>tpl/css: Support <a
href="https://github.com/import"><code>@​import</code></a>
&quot;hugo:vars&quot; for CSS custom properties in css.Build 5d09b5e3 <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14699">#14699</a></li>
<li>Improve and extend .Position handling in Goldmark render hooks
303e443e <a href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14663">#14663</a></li>
<li>markup/goldmark: Clean up test 638262ce <a
href="https://github.com/bep"><code>@​bep</code></a></li>
</ul>
<h2>Dependency Updates</h2>
<ul>
<li>build(deps): bump github.com/magefile/mage from 1.16.1 to 1.17.1
bf6e35a7 <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li>
<li>build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4
0eda24e6 <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li>
<li>build(deps): bump golang.org/x/image from 0.37.0 to 0.38.0 beb57a68
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>readme: Revise edition descriptions and installation instructions
9f1f1be0 <a
href="https://github.com/jmooring"><code>@​jmooring</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/gohugoio/hugo/commit/652fc5acddf94e0501f778e196a8b630566b39ad"><code>652fc5a</code></a>
releaser: Bump versions for release of 0.160.0</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/bf6e35a7557bb31b0e38b29eb10b94e03afa0d8a"><code>bf6e35a</code></a>
build(deps): bump github.com/magefile/mage from 1.16.1 to 1.17.1</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/4e91e14cb0152f6e6bd216c0cd2f0913e6e17325"><code>4e91e14</code></a>
Fix some recently introduced Position issues</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/dc9b51d2e2fa1bfc2b7c68c01417bb7ae2c9c6a2"><code>dc9b51d</code></a>
markup/goldmark: Fix double-escaping of ampersands in link URLs</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/481baa08968e29e2a2771e9d6022c9f995b2fc11"><code>481baa0</code></a>
all: Replace NewIntegrationTestBuilder with Test/TestE/TestRunning</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/43aad7118da6f8365d9cdb4aaada1878ce68fb98"><code>43aad71</code></a>
tpl: Fix stray quotes from partial decorator in script context</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/9f1f1be0be2e5b8280e16df647d838c538edb9c2"><code>9f1f1be</code></a>
readme: Revise edition descriptions and installation instructions</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/0eda24e65fdde77878a17d9583c5f2bce4f3d437"><code>0eda24e</code></a>
build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/5d09b5e32a4d0e9b3fe8797c91804f6a7804bb5a"><code>5d09b5e</code></a>
tpl/css: Support <a
href="https://github.com/import"><code>@​import</code></a>
&quot;hugo:vars&quot; for CSS custom properties in css.Build</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/303e443ea7ba5c22dc5d2b5df5d7c5392b0dcc3a"><code>303e443</code></a>
Improve and extend .Position handling in Goldmark render hooks</li>
<li>Additional commits viewable in <a
href="https://github.com/gohugoio/hugo/compare/v0.159.2...v0.160.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo&package-manager=go_modules&previous-version=0.159.2&new-version=0.160.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-07 11:17:57 +00:00
dependabot[bot] d4b9248202 chore: bump github.com/valyala/fasthttp from 1.69.0 to 1.70.0 (#24080) 
Bumps [github.com/valyala/fasthttp](https://github.com/valyala/fasthttp)
from 1.69.0 to 1.70.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/valyala/fasthttp/releases">github.com/valyala/fasthttp's
releases</a>.</em></p>
<blockquote>
<h2>v1.70.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Go 1.26 and golangci-lint updates by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2146">valyala/fasthttp#2146</a></li>
<li>Add WithLimit methods for uncompression by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2147">valyala/fasthttp#2147</a></li>
<li>Honor Root for fs.FS and normalize fs-style roots by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2145">valyala/fasthttp#2145</a></li>
<li>Sanitize header values in all setter paths to prevent CRLF injection
by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2162">valyala/fasthttp#2162</a></li>
<li>Add ServeFileLiteral, ServeFSLiteral and SendFileLiteral by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2163">valyala/fasthttp#2163</a></li>
<li>Prevent chunk extension request smuggling by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2165">valyala/fasthttp#2165</a></li>
<li>Validate request URI format during header parsing to reject
malformed requests by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2168">valyala/fasthttp#2168</a></li>
<li>HTTP1/1 requires exactly one Host header by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2164">valyala/fasthttp#2164</a></li>
<li>Strict HTTP version validation and simplified first line parsing by
<a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2167">valyala/fasthttp#2167</a></li>
<li>Only normalize pre-colon whitespace for HTTP headers by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2172">valyala/fasthttp#2172</a></li>
<li>fs: reject '..' path segments in rewritten paths by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2173">valyala/fasthttp#2173</a></li>
<li>fasthttpproxy: reject CRLF in HTTP proxy CONNECT target by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2174">valyala/fasthttp#2174</a></li>
<li>fasthttpproxy: scope proxy auth cache to GetDialFunc by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2144">valyala/fasthttp#2144</a></li>
<li>feat: enhance performance by <a
href="https://github.com/ReneWerner87"><code>@​ReneWerner87</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2135">valyala/fasthttp#2135</a></li>
<li>export ErrConnectionClosed by <a
href="https://github.com/pjebs"><code>@​pjebs</code></a> in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2152">valyala/fasthttp#2152</a></li>
<li>fix: detect master process death in prefork children by <a
href="https://github.com/meruiden"><code>@​meruiden</code></a> in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2158">valyala/fasthttp#2158</a></li>
<li>return prev values by <a
href="https://github.com/pjebs"><code>@​pjebs</code></a> in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2123">valyala/fasthttp#2123</a></li>
<li>docs: added httpgo to related projects by <a
href="https://github.com/MUlt1mate"><code>@​MUlt1mate</code></a> in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2169">valyala/fasthttp#2169</a></li>
<li>chore(deps): bump actions/upload-artifact from 6 to 7 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2149">valyala/fasthttp#2149</a></li>
<li>chore(deps): bump github.com/andybalholm/brotli from 1.2.0 to 1.2.1
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2170">valyala/fasthttp#2170</a></li>
<li>chore(deps): bump github.com/klauspost/compress from 1.18.2 to
1.18.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2129">valyala/fasthttp#2129</a></li>
<li>chore(deps): bump github.com/klauspost/compress from 1.18.3 to
1.18.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2140">valyala/fasthttp#2140</a></li>
<li>chore(deps): bump github.com/klauspost/compress from 1.18.4 to
1.18.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2166">valyala/fasthttp#2166</a></li>
<li>chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2139">valyala/fasthttp#2139</a></li>
<li>chore(deps): bump golang.org/x/net from 0.48.0 to 0.49.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2128">valyala/fasthttp#2128</a></li>
<li>chore(deps): bump golang.org/x/net from 0.49.0 to 0.50.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2138">valyala/fasthttp#2138</a></li>
<li>chore(deps): bump golang.org/x/sys from 0.39.0 to 0.40.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2125">valyala/fasthttp#2125</a></li>
<li>chore(deps): bump golang.org/x/sys from 0.40.0 to 0.41.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2137">valyala/fasthttp#2137</a></li>
<li>chore(deps): bump securego/gosec from 2.22.11 to 2.23.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2142">valyala/fasthttp#2142</a></li>
<li>Update securego/gosec from 2.23.0 to 2.25.0 by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2161">valyala/fasthttp#2161</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/MUlt1mate"><code>@​MUlt1mate</code></a>
made their first contribution in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2169">valyala/fasthttp#2169</a></li>
<li><a href="https://github.com/meruiden"><code>@​meruiden</code></a>
made their first contribution in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2158">valyala/fasthttp#2158</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/valyala/fasthttp/compare/v1.69.0...v1.70.0">https://github.com/valyala/fasthttp/compare/v1.69.0...v1.70.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/valyala/fasthttp/commit/534461ad123bfbcc1190d29cb3553a19b72d2845"><code>534461a</code></a>
fasthttpproxy: reject CRLF in HTTP proxy CONNECT target (<a
href="https://redirect.github.com/valyala/fasthttp/issues/2174">#2174</a>)</li>
<li><a
href="https://github.com/valyala/fasthttp/commit/267e740f5657cb606d35de3ca54df55b2625508c"><code>267e740</code></a>
fs: reject '..' path segments in rewritten paths (<a
href="https://redirect.github.com/valyala/fasthttp/issues/2173">#2173</a>)</li>
<li><a
href="https://github.com/valyala/fasthttp/commit/a95a1ad11ceeb1726740070ab464b8d22d3278d8"><code>a95a1ad</code></a>
Only normalize pre-colon whitespace for HTTP headers (<a
href="https://redirect.github.com/valyala/fasthttp/issues/2172">#2172</a>)</li>
<li><a
href="https://github.com/valyala/fasthttp/commit/ab8c2aceea3da871f9f901e595425fd144d1790f"><code>ab8c2ac</code></a>
fix: detect master process death in prefork children (<a
href="https://redirect.github.com/valyala/fasthttp/issues/2158">#2158</a>)</li>
<li><a
href="https://github.com/valyala/fasthttp/commit/c4569c5fbb7b0142cb2607dbb170f6efcec96894"><code>c4569c5</code></a>
feat: enhance performance (<a
href="https://redirect.github.com/valyala/fasthttp/issues/2135">#2135</a>)</li>
<li><a
href="https://github.com/valyala/fasthttp/commit/beab280ed3f7be24111fe5b452564be647370ee7"><code>beab280</code></a>
chore(deps): bump github.com/andybalholm/brotli from 1.2.0 to 1.2.1 (<a
href="https://redirect.github.com/valyala/fasthttp/issues/2170">#2170</a>)</li>
<li><a
href="https://github.com/valyala/fasthttp/commit/82254a7addc61a494b6a504fb0c65871a9c0444f"><code>82254a7</code></a>
Normalize framing header names with pre-colon whitespace</li>
<li><a
href="https://github.com/valyala/fasthttp/commit/611132707f1d75db30a7f3347092e36bcd87094e"><code>6111327</code></a>
Strict HTTP version validation and simplified first line parsing (<a
href="https://redirect.github.com/valyala/fasthttp/issues/2167">#2167</a>)</li>
<li><a
href="https://github.com/valyala/fasthttp/commit/eb38f5fc140be062aa5acbbeb97571e538a4e781"><code>eb38f5f</code></a>
HTTP1/1 requires exactly one Host header (<a
href="https://redirect.github.com/valyala/fasthttp/issues/2164">#2164</a>)</li>
<li><a
href="https://github.com/valyala/fasthttp/commit/7d90713bda6f90f398f42dced466942912b44fd6"><code>7d90713</code></a>
Validate request URI format during header parsing to reject malformed
request...</li>
<li>Additional commits viewable in <a
href="https://github.com/valyala/fasthttp/compare/v1.69.0...v1.70.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/valyala/fasthttp&package-manager=go_modules&previous-version=1.69.0&new-version=1.70.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-07 11:17:34 +00:00
dependabot[bot] fd6c623560 chore: bump google.golang.org/api from 0.273.0 to 0.274.0 (#24079) 
Bumps
[google.golang.org/api](https://github.com/googleapis/google-api-go-client)
from 0.273.0 to 0.274.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.274.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.273.1...v0.274.0">0.274.0</a>
(2026-04-02)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3555">#3555</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/0e634ae13e626c6082c534eda8c03d5d3e673605">0e634ae</a>)</li>
</ul>
<h2>v0.273.1</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.273.0...v0.273.1">0.273.1</a>
(2026-03-31)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Merge duplicate x-goog-request-params header (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3547">#3547</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/2008108eb50215407a945afc2db9c45998c42bbe">2008108</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.273.1...v0.274.0">0.274.0</a>
(2026-04-02)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3555">#3555</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/0e634ae13e626c6082c534eda8c03d5d3e673605">0e634ae</a>)</li>
</ul>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.273.0...v0.273.1">0.273.1</a>
(2026-03-31)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Merge duplicate x-goog-request-params header (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3547">#3547</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/2008108eb50215407a945afc2db9c45998c42bbe">2008108</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/6c759a2bb66da9db49027475e4e76301b8d063df"><code>6c759a2</code></a>
chore(main): release 0.274.0 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3556">#3556</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/0e634ae13e626c6082c534eda8c03d5d3e673605"><code>0e634ae</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3555">#3555</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/0f75259689c5e80bd73e6e7018dbb9ec0dfd7d48"><code>0f75259</code></a>
chore: embargo aiplatform:v1beta1 temporarily (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3554">#3554</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/550f00c8f854c300c59f266cc0ddd60568ccfe20"><code>550f00c</code></a>
chore(main): release 0.273.1 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3551">#3551</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/da01f6aec8d3dd7914c6be434ce3bf26c1903396"><code>da01f6a</code></a>
chore(deps): bump github.com/go-git/go-git/v5 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3552">#3552</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/2008108eb50215407a945afc2db9c45998c42bbe"><code>2008108</code></a>
fix: merge duplicate x-goog-request-params header (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3547">#3547</a>)</li>
<li>See full diff in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.273.0...v0.274.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.273.0&new-version=0.274.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-07 11:16:33 +00:00
dependabot[bot] 78fa8094cc chore: bump github.com/gohugoio/hugo from 0.158.0 to 0.159.2 (#23957) 
Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from
0.158.0 to 0.159.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gohugoio/hugo/releases">github.com/gohugoio/hugo's
releases</a>.</em></p>
<blockquote>
<h2>v0.159.2</h2>
<p>Note that the security fix below is not a potential threat if you
either:</p>
<ul>
<li>Trust your Markdown content files.</li>
<li>Have custom <a href="https://gohugo.io/render-hooks/">render hook
template</a> for links and images.</li>
</ul>
<p>EDIT IN: This release also adds release archives for
non-extended-withdeploy builds.</p>
<h2>What's Changed</h2>
<ul>
<li>Fix potential content XSS by escaping dangerous URLs in Markdown
links and images 479fe6c6 <a
href="https://github.com/bep"><code>@​bep</code></a></li>
<li>resources/page: Fix shared reader in
Source.ValueAsOpenReadSeekCloser df520e31 <a
href="https://github.com/jmooring"><code>@​jmooring</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14684">#14684</a></li>
</ul>
<h2>v0.159.1</h2>
<p>The regression fixed in this release isn't new, but it's so subtle
that we thought we'd release this sooner rather than later. For some
time now, the minifier we use have stripped namespaced attributes in
SVGs, which broke dynamic constructs using e.g. <a
href="https://alpinejs.dev/directives/bind">AlpineJS' x-bind:</a>
namespace (library used by Hugo's <a
href="https://gohugo.io/">documentation site</a>).</p>
<p>To fix this, the upstream library has hadded a
<code>keepNamespaces</code> slice option. It was not possible to find a
default that would make all happy, so we opted for an option that at
least would make AlpineJS sites work out of the box:</p>
<pre lang="toml"><code> [minify.tdewolff.svg]
      keepNamespaces = ['', 'x-bind']
</code></pre>
<h2>What's Changed</h2>
<ul>
<li>minifiers: Keep x-bind and blank namespace in SVG minification
42289d76 <a href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14669">#14669</a></li>
</ul>
<h2>v0.159.0</h2>
<p>This release greatly improves and simplifies management of
Node.js/npm dependencies in a multi-module setup. See <a
href="https://gohugo.io/hugo-modules/nodejs-dependencies/">this page</a>
for more information.</p>
<h2>Note</h2>
<ul>
<li>Replace deprecated site.Data with hugo.Data in tests a8fca598 <a
href="https://github.com/bep"><code>@​bep</code></a></li>
<li>Replace deprecated excludeFiles and includeFiles with files in tests
182b1045 <a href="https://github.com/bep"><code>@​bep</code></a></li>
<li>Replace deprecated :filename with :contentbasename in the permalinks
test eb11c3d0 <a
href="https://github.com/bep"><code>@​bep</code></a></li>
</ul>
<h2>Bug fixes</h2>
<ul>
<li>tpl/tplimpl: Fix Vimeo shortcode test eaf4c751 <a
href="https://github.com/jmooring"><code>@​jmooring</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14649">#14649</a></li>
</ul>
<h2>Improvements</h2>
<ul>
<li>create: Return error instead of panic when page not found 807cae1d
<a href="https://github.com/mango766"><code>@​mango766</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14112">#14112</a></li>
<li>commands: Preserve non-content files in convert output c4fb61d9 <a
href="https://github.com/xndvaz"><code>@​xndvaz</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/4621">#4621</a></li>
<li>npm: Use workspaces to simplify <code>hugo mod npm pack</code>
d88a29e0 <a href="https://github.com/bep"><code>@​bep</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/gohugoio/hugo/commit/5f4646acaad89e1166aac118e118b0d28013f460"><code>5f4646a</code></a>
releaser: Bump versions for release of 0.159.2</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/479fe6c654937a850b65e74551dc4e857d52898f"><code>479fe6c</code></a>
Fix potential content XSS by escaping dangerous URLs in links and
images</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/81a5cdca0788ca39574a17d444c9db29d0b19e27"><code>81a5cdc</code></a>
releaser: Add standard withdeploy release assets</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/df520e315087210e069050a873fb5e208659af91"><code>df520e3</code></a>
resources/page: Fix shared reader in
Source.ValueAsOpenReadSeekCloser</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/b55d452e46e81369a65978459a0683efa484c11b"><code>b55d452</code></a>
testing: Simplify line ending handling in tests</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/ea7eac65589a7c6e138a2dfba12615335b29bef3"><code>ea7eac6</code></a>
readme: Update Go version to 1.25.0</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/458ebdd448492d82113b0149886f2b5f8e7b91a4"><code>458ebdd</code></a>
releaser: Prepare repository for 0.160.0-DEV</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/86c7d3afacab79dc53325602d77ef884b7570268"><code>86c7d3a</code></a>
releaser: Bump versions for release of 0.159.1</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/42289d76f9ccac052c22b84d7024e64cfb0a683b"><code>42289d7</code></a>
minifiers: Keep x-bind and blank namespace in SVG minification</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/0c013c2326be1bbebba9a9f89d27072074fc6cc4"><code>0c013c2</code></a>
Adjust depreceated syntax in tests</li>
<li>Additional commits viewable in <a
href="https://github.com/gohugoio/hugo/compare/v0.158.0...v0.159.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo&package-manager=go_modules&previous-version=0.158.0&new-version=0.159.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-02 08:44:24 +00:00
dependabot[bot] a85e00eed0 chore: bump google.golang.org/grpc from 1.79.3 to 1.80.0 (#23956) 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from
1.79.3 to 1.80.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's
releases</a>.</em></p>
<blockquote>
<h2>Release 1.80.0</h2>
<h1>Behavior Changes</h1>
<ul>
<li>balancer: log a warning if a balancer is registered with uppercase
letters, as balancer names should be lowercase. In a future release,
balancer names will be treated as case-insensitive; see <a
href="https://redirect.github.com/grpc/grpc-go/issues/5288">#5288</a>
for details. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8837">#8837</a>)</li>
<li>xds: update resource error handling and re-resolution logic (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8907">#8907</a>)
<ul>
<li>Re-resolve all <code>LOGICAL_DNS</code> clusters simultaneously when
re-resolution is requested.</li>
<li>Fail all in-flight RPCs immediately upon receipt of listener or
route resource errors, instead of allowing them to complete.</li>
</ul>
</li>
</ul>
<h1>Bug Fixes</h1>
<ul>
<li>xds: support the LB policy configured in <code>LOGICAL_DNS</code>
cluster resources instead of defaulting to <code>pick_first</code>. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8733">#8733</a>)</li>
<li>credentials/tls: perform per-RPC authority validation against the
leaf certificate instead of the entire peer certificate chain. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8831">#8831</a>)</li>
<li>xds: enabling A76 ring hash endpoint keys no longer causes EDS
resources with invalid proxy metadata to be NACKed when HTTP CONNECT
(gRFC A86) is disabled. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8875">#8875</a>)</li>
<li>xds: validate that the sum of endpoint weights in a locality does
not exceed the maximum <code>uint32</code> value. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8899">#8899</a>)
<ul>
<li>Special Thanks: <a
href="https://github.com/RAVEYUS"><code>@​RAVEYUS</code></a></li>
</ul>
</li>
<li>xds: fix incorrect proto field access in the weighted round robin
(WRR) configuration where <code>blackout_period</code> was used instead
of <code>weight_expiration_period</code>. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8915">#8915</a>)
<ul>
<li>Special Thanks: <a
href="https://github.com/gregbarasch"><code>@​gregbarasch</code></a></li>
</ul>
</li>
<li>xds/rbac: handle addresses with ports in IP matchers. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8990">#8990</a>)</li>
</ul>
<h1>New Features</h1>
<ul>
<li>ringhash: enable gRFC A76 (endpoint hash keys and request hash
headers) by default. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8922">#8922</a>)</li>
</ul>
<h1>Performance Improvements</h1>
<ul>
<li>credentials/alts: pool write buffers to reduce memory allocations
and usage. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8919">#8919</a>)</li>
<li>grpc: enable the use of pooled write buffers for buffering HTTP/2
frame writes by default. This reduces memory usage when connections are
idle. Use the <a
href="https://pkg.go.dev/google.golang.org/grpc#WithSharedWriteBuffer">WithSharedWriteBuffer</a>
dial option or the <a
href="https://pkg.go.dev/google.golang.org/grpc#SharedWriteBuffer">SharedWriteBuffer</a>
server option to disable this feature. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8957">#8957</a>)</li>
<li>xds/priority: stop caching child LB policies removed from the
configuration. This will help reduce memory and cpu usage when
localities are constantly switching between priorities. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8997">#8997</a>)</li>
<li>mem: add a faster tiered buffer pool; use the experimental <a
href="https://pkg.go.dev/google.golang.org/grpc/mem@master#NewBinaryTieredBufferPool">mem.NewBinaryTieredBufferPool</a>
function to create such pools. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8775">#8775</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/grpc/grpc-go/commit/397e45edaa68f8763773bbaaf539cf7894169cd2"><code>397e45e</code></a>
Change version to 1.80.0 (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8948">#8948</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/64ebf0a600005838970e6ba1eb0a9e46e528ed73"><code>64ebf0a</code></a>
Cherry-pick <a
href="https://redirect.github.com/grpc/grpc-go/issues/8997">#8997</a> to
v1.80.x (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9027">#9027</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/e45ed241865981b6973cdd0dd69571456d570282"><code>e45ed24</code></a>
xds/rbac: add additional handling for addresses with ports (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8990">#8990</a>)
(<a
href="https://redirect.github.com/grpc/grpc-go/issues/9022">#9022</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/c78d26e03e129f5cb357b757037fcded2333b74e"><code>c78d26e</code></a>
Cherry-pick <a
href="https://redirect.github.com/grpc/grpc-go/issues/8957">#8957</a> to
v1.80.x (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9007">#9007</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/bd7cd3c1abbd27fb751275a58886444d52103482"><code>bd7cd3c</code></a>
grpc: enforce strict path checking for incoming requests on the server
(<a
href="https://redirect.github.com/grpc/grpc-go/issues/8987">#8987</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/b6597b3d328c1ed6b003f9a23b942af7148352ca"><code>b6597b3</code></a>
xds/clusterimpl: use xdsConfig for updates and remove redundant fields
from L...</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/1d4fa8a7b772553e82137b059ad4a8f632a1c522"><code>1d4fa8a</code></a>
xds: change cdsbalancer to use update from dependency manager (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8907">#8907</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/8f47d364511c8eb0517b47e1a39f13a1370c6a10"><code>8f47d36</code></a>
attributes: Replace internal map with linked list (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8933">#8933</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/22e1ee8085952b4bdadf2928c187d665f6daff99"><code>22e1ee8</code></a>
xds: add panic recovery in xdsclient resource unmarshalling. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8895">#8895</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/7136e99ee323c26984174eb3cec85c201fef9946"><code>7136e99</code></a>
credentials/alts: Pool write buffers (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8919">#8919</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/grpc/grpc-go/compare/v1.79.3...v1.80.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/grpc&package-manager=go_modules&previous-version=1.79.3&new-version=1.80.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-02 08:28:01 +00:00
Danny Kopping c86f1288f1 chore: update aibridge with latest changes (#23863) 
https://github.com/coder/aibridge/compare/519b082ad666...a011104f377d

Includes https://github.com/coder/aibridge/pull/242 and
https://github.com/coder/aibridge/pull/229

Signed-off-by: Danny Kopping <danny@coder.com>
 2026-03-31 16:11:50 +00:00
Susana Ferreira b0036af57b feat: register multiple Copilot providers for business and enterprise upstreams (#23811) 
## Description

Adds support for multiple Copilot provider instances to route requests to different Copilot upstreams (individual, business, enterprise). Each instance has its own name and base URL, enabling per-upstream metrics, logs, circuit breakers, API dump, and routing.

## Changes

* Add Copilot business and enterprise provider names and host constants
* Register three Copilot provider instances in aibridged (default, business, enterprise)
* Update `defaultAIBridgeProvider` in `aibridgeproxy` to route new Copilot hosts to their corresponding providers

## Related

* Depends on: https://github.com/coder/aibridge/pull/240
* Closes: https://github.com/coder/aibridge/issues/152

Note: documentation changes will be added in a follow-up PR.

_Disclaimer: initially produced by Claude Opus 4.6, heavily modified and reviewed by @ssncferreira ._
 2026-03-31 16:00:37 +01:00
Danny Kopping 5d07014f9f chore: update aibridge lib (#23849) 
https://github.com/coder/aibridge/pull/230 has been merged, update the
dependency to match.

Includes other changes as well:
https://github.com/coder/aibridge/compare/dd8c239e5566...77d597aa123b
(cc @evgeniy-scherbina, @pawbana)

Signed-off-by: Danny Kopping <danny@coder.com>
 2026-03-31 16:11:40 +02:00
Lukasz acd2ff63a7 chore: bump Go toolchain to 1.25.8 (#23772) 
Bump the repository Go toolchain from 1.25.7 to 1.25.8.

Updates `go.mod`, the shared `setup-go` action default, and the dogfood
image checksum so local, CI, and dogfood builds stay aligned.
 2026-03-31 14:04:58 +02:00
dependabot[bot] 3cc31de57a chore: bump github.com/go-git/go-git/v5 from 5.17.0 to 5.17.1 (#23813) 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git)
from 5.17.0 to 5.17.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's
releases</a>.</em></p>
<blockquote>
<h2>v5.17.1</h2>
<h2>What's Changed</h2>
<ul>
<li>build: Update module github.com/cloudflare/circl to v1.6.3
[SECURITY] (releases/v5.x) by <a
href="https://github.com/go-git-renovate"><code>@​go-git-renovate</code></a>[bot]
in <a
href="https://redirect.github.com/go-git/go-git/pull/1930">go-git/go-git#1930</a></li>
<li>[v5] plumbing: format/index, Improve v4 entry name validation by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1935">go-git/go-git#1935</a></li>
<li>[v5] plumbing: format/idxfile, Fix version and fanout checks by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1937">go-git/go-git#1937</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-git/go-git/compare/v5.17.0...v5.17.1">https://github.com/go-git/go-git/compare/v5.17.0...v5.17.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/go-git/go-git/commit/5e23dfd02db92644dc4a3358ceb297fce875b772"><code>5e23dfd</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/1937">#1937</a>
from pjbgf/idx-v5</li>
<li><a
href="https://github.com/go-git/go-git/commit/6b38a326816b80f64c20cc0e6113958b65c05a1c"><code>6b38a32</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/1935">#1935</a>
from pjbgf/index-v5</li>
<li><a
href="https://github.com/go-git/go-git/commit/cd757fcb856a2dcc5fff6c110320a8ff62e99513"><code>cd757fc</code></a>
plumbing: format/idxfile, Fix version and fanout checks</li>
<li><a
href="https://github.com/go-git/go-git/commit/3ec0d70cb687ae1da5f4d18faa4229bd971a8710"><code>3ec0d70</code></a>
plumbing: format/index, Fix tree extension invalidated entry
parsing</li>
<li><a
href="https://github.com/go-git/go-git/commit/dbe10b6b425a2a4ea92a9d98e20cd68e15aede01"><code>dbe10b6</code></a>
plumbing: format/index, Align V2/V3 long name and V4 prefix encoding
with Git</li>
<li><a
href="https://github.com/go-git/go-git/commit/e9b65df44cb97faeba148b47523a362beaecddf9"><code>e9b65df</code></a>
plumbing: format/index, Improve v4 entry name validation</li>
<li><a
href="https://github.com/go-git/go-git/commit/adad18daabddee04c5a889f0230035e74bca32c0"><code>adad18d</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/1930">#1930</a>
from go-git/renovate/releases/v5.x-go-github.com-clo...</li>
<li><a
href="https://github.com/go-git/go-git/commit/29470bd1d862c6e902996b8e8ff8eb7a0515a9be"><code>29470bd</code></a>
build: Update module github.com/cloudflare/circl to v1.6.3
[SECURITY]</li>
<li>See full diff in <a
href="https://github.com/go-git/go-git/compare/v5.17.0...v5.17.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-git/go-git/v5&package-manager=go_modules&previous-version=5.17.0&new-version=5.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-30 17:27:38 +00:00
dependabot[bot] 7d0a49f54b chore: bump google.golang.org/api from 0.272.0 to 0.273.0 (#23782) 
Bumps
[google.golang.org/api](https://github.com/googleapis/google-api-go-client)
from 0.272.0 to 0.273.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.273.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.272.0...v0.273.0">0.273.0</a>
(2026-03-23)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3542">#3542</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/a4b47110f2ba5bf8bdb32174f26f609615e0e8dc">a4b4711</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3546">#3546</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/0cacfa8557f0f7d21166c4dfef84f60c6d9f1a49">0cacfa8</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.272.0...v0.273.0">0.273.0</a>
(2026-03-23)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3542">#3542</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/a4b47110f2ba5bf8bdb32174f26f609615e0e8dc">a4b4711</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3546">#3546</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/0cacfa8557f0f7d21166c4dfef84f60c6d9f1a49">0cacfa8</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/2e86962ce58da59e39ffacd1cb9930abe979fd3c"><code>2e86962</code></a>
chore(main): release 0.273.0 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3545">#3545</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/50ea74c1b06b4bb59546145272bc51fc205b36ed"><code>50ea74c</code></a>
chore(google-api-go-generator): restore aiplatform:v1beta1 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3549">#3549</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/0cacfa8557f0f7d21166c4dfef84f60c6d9f1a49"><code>0cacfa8</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3546">#3546</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/d38a12991f9cee22a29ada664c5eef3942116ad9"><code>d38a129</code></a>
chore(all): update all (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3548">#3548</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/a4b47110f2ba5bf8bdb32174f26f609615e0e8dc"><code>a4b4711</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3542">#3542</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/67cf706bd3f9bd26f2a61ada3290190c0c8545ff"><code>67cf706</code></a>
chore(all): update module google.golang.org/grpc to v1.79.3 [SECURITY]
(<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3544">#3544</a>)</li>
<li>See full diff in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.272.0...v0.273.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.272.0&new-version=0.273.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-30 11:51:12 +00:00
dependabot[bot] f77d0c1649 chore: bump github.com/hashicorp/go-version from 1.8.0 to 1.9.0 (#23784) 
Bumps
[github.com/hashicorp/go-version](https://github.com/hashicorp/go-version)
from 1.8.0 to 1.9.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/go-version/releases">github.com/hashicorp/go-version's
releases</a>.</em></p>
<blockquote>
<h2>v1.9.0</h2>
<h2>What's Changed</h2>
<h3>Enhancements</h3>
<ul>
<li>Add support for prefix of any character by <a
href="https://github.com/brondum"><code>@​brondum</code></a> in <a
href="https://redirect.github.com/hashicorp/go-version/pull/79">hashicorp/go-version#79</a></li>
</ul>
<h3>Internal</h3>
<ul>
<li>Update CHANGELOG for version 1.8.0 enhancements by <a
href="https://github.com/sonamtenzin2"><code>@​sonamtenzin2</code></a>
in <a
href="https://redirect.github.com/hashicorp/go-version/pull/178">hashicorp/go-version#178</a></li>
<li>Bump the github-actions-backward-compatible group across 1 directory
with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-version/pull/179">hashicorp/go-version#179</a></li>
<li>Bump the github-actions-breaking group with 4 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-version/pull/180">hashicorp/go-version#180</a></li>
<li>Bump the github-actions-backward-compatible group with 3 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-version/pull/182">hashicorp/go-version#182</a></li>
<li>Update GitHub Actions to trigger on pull requests and update go
version by <a
href="https://github.com/ssagarverma"><code>@​ssagarverma</code></a> in
<a
href="https://redirect.github.com/hashicorp/go-version/pull/185">hashicorp/go-version#185</a></li>
<li>Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the
github-actions-breaking group across 1 directory by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-version/pull/183">hashicorp/go-version#183</a></li>
<li>Bump the github-actions-backward-compatible group across 1 directory
with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-version/pull/186">hashicorp/go-version#186</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/sonamtenzin2"><code>@​sonamtenzin2</code></a>
made their first contribution in <a
href="https://redirect.github.com/hashicorp/go-version/pull/178">hashicorp/go-version#178</a></li>
<li><a href="https://github.com/brondum"><code>@​brondum</code></a> made
their first contribution in <a
href="https://redirect.github.com/hashicorp/go-version/pull/79">hashicorp/go-version#79</a></li>
<li><a
href="https://github.com/ssagarverma"><code>@​ssagarverma</code></a>
made their first contribution in <a
href="https://redirect.github.com/hashicorp/go-version/pull/185">hashicorp/go-version#185</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/hashicorp/go-version/compare/v1.8.0...v1.9.0">https://github.com/hashicorp/go-version/compare/v1.8.0...v1.9.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/go-version/blob/main/CHANGELOG.md">github.com/hashicorp/go-version's
changelog</a>.</em></p>
<blockquote>
<h1>1.9.0 (Mar 30, 2026)</h1>
<p>ENHANCEMENTS:</p>
<p>Support parsing versions with custom prefixes via opt-in option in <a
href="https://redirect.github.com/hashicorp/go-version/pull/79">hashicorp/go-version#79</a></p>
<p>INTERNAL:</p>
<ul>
<li>Bump the github-actions-backward-compatible group across 1 directory
with 2 updates in <a
href="https://redirect.github.com/hashicorp/go-version/pull/179">hashicorp/go-version#179</a></li>
<li>Bump the github-actions-breaking group with 4 updates in <a
href="https://redirect.github.com/hashicorp/go-version/pull/180">hashicorp/go-version#180</a></li>
<li>Bump the github-actions-backward-compatible group with 3 updates in
<a
href="https://redirect.github.com/hashicorp/go-version/pull/182">hashicorp/go-version#182</a></li>
<li>Update GitHub Actions to trigger on pull requests and update go
version in <a
href="https://redirect.github.com/hashicorp/go-version/pull/185">hashicorp/go-version#185</a></li>
<li>Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the
github-actions-breaking group across 1 directory in <a
href="https://redirect.github.com/hashicorp/go-version/pull/183">hashicorp/go-version#183</a></li>
<li>Bump the github-actions-backward-compatible group across 1 directory
with 2 updates in <a
href="https://redirect.github.com/hashicorp/go-version/pull/186">hashicorp/go-version#186</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/hashicorp/go-version/commit/b80b1e68c4854757b38663ec02bada2d839b6f56"><code>b80b1e6</code></a>
Update CHANGELOG for version 1.9.0 (<a
href="https://redirect.github.com/hashicorp/go-version/issues/187">#187</a>)</li>
<li><a
href="https://github.com/hashicorp/go-version/commit/e93736f31592c971fe8ebbd600844cad58b18ad8"><code>e93736f</code></a>
Bump the github-actions-backward-compatible group across 1 directory
with 2 u...</li>
<li><a
href="https://github.com/hashicorp/go-version/commit/c009de06b736afce5f36f7180c1356d6a40bee38"><code>c009de0</code></a>
Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the
github-actions-breaki...</li>
<li><a
href="https://github.com/hashicorp/go-version/commit/0474357931d1b2fe3d7ac492bcd8ee4802b3c22c"><code>0474357</code></a>
Update GitHub Actions to trigger on pull requests and update go version
(<a
href="https://redirect.github.com/hashicorp/go-version/issues/185">#185</a>)</li>
<li><a
href="https://github.com/hashicorp/go-version/commit/b4ab5fc7d9d3eb48253b467f8f00b22403ec8089"><code>b4ab5fc</code></a>
Support parsing versions with custom prefixes via opt-in option (<a
href="https://redirect.github.com/hashicorp/go-version/issues/79">#79</a>)</li>
<li><a
href="https://github.com/hashicorp/go-version/commit/25c683be0f3830787e522175e0309e14de37ef7b"><code>25c683b</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-version/issues/182">#182</a>
from hashicorp/dependabot/github_actions/github-actio...</li>
<li><a
href="https://github.com/hashicorp/go-version/commit/4f2bcd85ae00b22689501fa029976f6544d18a6b"><code>4f2bcd8</code></a>
Bump the github-actions-backward-compatible group with 3 updates</li>
<li><a
href="https://github.com/hashicorp/go-version/commit/acb8b18f5cb9ada9a3c92a9477e54aab6dd7900f"><code>acb8b18</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-version/issues/180">#180</a>
from hashicorp/dependabot/github_actions/github-actio...</li>
<li><a
href="https://github.com/hashicorp/go-version/commit/0394c4f5ebf87c7bdf0a3034ee48613bfe5bf341"><code>0394c4f</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-version/issues/179">#179</a>
from hashicorp/dependabot/github_actions/github-actio...</li>
<li><a
href="https://github.com/hashicorp/go-version/commit/b2fbaa797b31cd3b36e55bdc4f20a765acc9a251"><code>b2fbaa7</code></a>
Bump the github-actions-backward-compatible group across 1 directory
with 2 u...</li>
<li>Additional commits viewable in <a
href="https://github.com/hashicorp/go-version/compare/v1.8.0...v1.9.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/hashicorp/go-version&package-manager=go_modules&previous-version=1.8.0&new-version=1.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-30 11:50:56 +00:00
Yevhenii Shcherbina a86b8ab6f8 feat: aibridge BYOK (#23013) 
### Changes

  **coder/coder:**

- `coderd/aibridge/aibridge.go` — Added `HeaderCoderBYOKToken` constant,
`IsBYOK()` helper, and updated `ExtractAuthToken` to check the BYOK
header first.
- `enterprise/aibridged/http.go` — BYOK-aware header stripping: in BYOK
mode only the BYOK header is stripped (user's LLM credentials
preserved); in centralized mode all auth headers are stripped.
  
 <hr/>
 
**NOTE**: `X-Coder-Token` was removed! As of now `ExtractAuthToken`
retrieves token either from `X-Coder-AI-Governance-BYOK-Token` or from
`Authorization`/`X-Api-Key`.

---------

Co-authored-by: Susana Ferreira <susana@coder.com>
Co-authored-by: Danny Kopping <danny@coder.com>
 2026-03-25 14:17:56 -04:00
Hugo Dutka 398e2d3d8a chore: upgrade kylecarbs/fantasy to 112927d9b6d8 (#23596) 
The `ComputerUseProviderTool` function needed a little bit of an
adjustment because I changed `NewComputerUseTool`'s signature in
upstream fantasy a little bit.
 2026-03-25 15:30:46 +00:00
Michael Suchacz 5f57465518 fix: support xhigh reasoning effort for OpenAI models (#23545) 
## Summary

Adds `xhigh` to the OpenAI reasoning effort normalizer so GPT-5.4 class
models can use `reasoning_effort: xhigh` without it being silently
dropped.

## Problem

The SDK schema (`codersdk/chats.go`) already advertises `xhigh` as a
valid `reasoning_effort` value, but the runtime normalizer in
`chatprovider.go` only accepts `minimal|low|medium|high` for the OpenAI
provider. When a user sets `xhigh`, `ReasoningEffortFromChat()` returns
`nil` and the value never reaches the OpenAI API.

## Changes

- **Fantasy dependency**: Updated `kylecarbs/fantasy` (cj/go1.25) which
now includes the `ReasoningEffortXHigh` constant
([kylecarbs/fantasy#9](https://github.com/kylecarbs/fantasy/pull/9)).
- **`chatprovider.go`**: Adds `fantasyopenai.ReasoningEffortXHigh` to
the OpenAI case in `ReasoningEffortFromChat()`.
- **`chatprovider_test.go`**: Adds `OpenAIXHighEffort` test case.

## Upstream

-
[charmbracelet/fantasy#186](https://github.com/charmbracelet/fantasy/pull/186)
 2026-03-25 11:44:05 +01:00
Michael Suchacz 02356c61f6 fix: use previous_response_id chaining for OpenAI store=true follow-ups (#23450) 
OpenAI Responses follow-up turns were replaying full assistant/tool
history even when `store=true`, which breaks after reasoning +
provider-executed `web_search` output.

This change persists the OpenAI response ID on assistant messages, then
in `coderd/x/chatd` switches `store=true` follow-ups to
`previous_response_id` chaining with a system + new-user-only prompt.
`store=false` and missing-ID cases still fall back to manual replay.

It also updates the fake OpenAI server and integration coverage for the
chaining contract, and carries the rebased path move to `coderd/x/chatd`
plus the migration renumber needed after rebasing onto `main`.
 2026-03-24 14:57:40 +01:00
dependabot[bot] 796190d435 chore: bump github.com/gohugoio/hugo from 0.157.0 to 0.158.0 (#23432) 
Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from
0.157.0 to 0.158.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gohugoio/hugo/releases">github.com/gohugoio/hugo's
releases</a>.</em></p>
<blockquote>
<h2>v0.158.0</h2>
<p>This release adds <a
href="https://gohugo.io/functions/css/build/">css.Build</a>, native and
very fast bundling/transformation/minifying of CSS resources. Also see
the new <a
href="https://gohugo.io/functions/strings/replacepairs/">strings.ReplacePairs</a>,
a very fast option if you need to do many string replacements.</p>
<h2>Notes</h2>
<ul>
<li>Upgrade to to Go 1.26.1 (<a
href="https://redirect.github.com/gohugoio/hugo/issues/14597">#14597</a>)
(note) 1f578f16 <a href="https://github.com/bep"><code>@​bep</code></a>
<a
href="https://redirect.github.com/gohugoio/hugo/issues/14595">#14595</a>.
This fixes a security issue in Go's template package used by Hugo: <a
href="https://www.cve.org/CVERecord?id=CVE-2026-27142">https://www.cve.org/CVERecord?id=CVE-2026-27142</a></li>
</ul>
<h2>Deprecations</h2>
<p>The methods and config options are deprecated and will be removed in
a future Hugo release.</p>
<p>Also see <a
href="https://discourse.gohugo.io/t/deprecations-in-v0-158-0/56869">this
article</a></p>
<h3>Language configuration</h3>
<ul>
<li><code>languageCode</code> → Use <code>locale</code> instead.</li>
<li><code>languages.&lt;lang&gt;.languageCode</code> → Use
<code>languages.&lt;lang&gt;.locale</code> instead.</li>
<li><code>languages.&lt;lang&gt;.languageName</code> → Use
<code>languages.&lt;lang&gt;.label</code> instead.</li>
<li><code>languages.&lt;lang&gt;.languageDirection</code> → Use
<code>languages.&lt;lang&gt;.direction</code> instead.</li>
</ul>
<h3>Language methods</h3>
<ul>
<li><code>.Site.LanguageCode</code> → Use
<code>.Site.Language.Locale</code> instead.</li>
<li><code>.Language.LanguageCode</code> → Use
<code>.Language.Locale</code> instead.</li>
<li><code>.Language.LanguageName</code> → Use
<code>.Language.Label</code> instead.</li>
<li><code>.Language.LanguageDirection</code> → Use
<code>.Language.Direction</code> instead.</li>
</ul>
<h2>Bug fixes</h2>
<ul>
<li>tpl/css: Fix external source maps e431f90b <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14620">#14620</a></li>
<li>hugolib: Fix server no watch 59e0446f <a
href="https://github.com/jmooring"><code>@​jmooring</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14615">#14615</a></li>
<li>resources: Fix context canceled on GetRemote with per-request
timeout 842d8f10 <a href="https://github.com/bep"><code>@​bep</code></a>
<a
href="https://redirect.github.com/gohugoio/hugo/issues/14611">#14611</a></li>
<li>tpl/tplimpl: Prefer early suffixes when media type matches 4eafd9eb
<a href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/13877">#13877</a>
<a
href="https://redirect.github.com/gohugoio/hugo/issues/14601">#14601</a></li>
<li>all: Run go fix ./... e3108225 <a
href="https://github.com/bep"><code>@​bep</code></a></li>
<li>internal/warpc: Fix SIGSEGV in Close() when dispatcher fails to
start c9b88e4d <a href="https://github.com/bep"><code>@​bep</code></a>
<a
href="https://redirect.github.com/gohugoio/hugo/issues/14536">#14536</a></li>
<li>Fix index out of range panic in fileEventsContentPaths f797f849 <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14573">#14573</a></li>
</ul>
<h2>Improvements</h2>
<ul>
<li>resources: Re-publish on transformation cache hit 3c980c07 <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14629">#14629</a></li>
<li>create/skeletons: Use css.Build in theme skeleton 404ac000 <a
href="https://github.com/jmooring"><code>@​jmooring</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14626">#14626</a></li>
<li>tpl/css: Add a test case for rebuilds on CSS options changes
06fcb724 <a href="https://github.com/bep"><code>@​bep</code></a></li>
<li>hugolib: Allow regular pages to cascade to self 9b5f1d49 <a
href="https://github.com/jmooring"><code>@​jmooring</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14627">#14627</a></li>
<li>tpl/css: Allow the user to override single loader entries 623722bb
<a href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14623">#14623</a></li>
<li>tpl/css: Make default loader resolution for CSS <a
href="https://github.com/import"><code>@​import</code></a> and url()
always behave the same a7cbcf15 <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14619">#14619</a></li>
<li>internal/js: Add default mainFields for CSS builds 36cdb2c7 <a
href="https://github.com/jmooring"><code>@​jmooring</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14614">#14614</a></li>
<li>Add css.Build 3e3b849c <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14609">#14609</a>
<a
href="https://redirect.github.com/gohugoio/hugo/issues/14613">#14613</a></li>
<li>resources: Use full path for Exif etc. decoding error/warning
messages c47ec233 <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/12693">#12693</a></li>
<li>Move to new locales library and upgrade CLDR from v36.1 to v48.1
4652ae4a <a href="https://github.com/bep"><code>@​bep</code></a></li>
<li>tpl/strings: Add strings.ReplacePairs function 13a95b9c <a
href="https://github.com/jmooring"><code>@​jmooring</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14594">#14594</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/gohugoio/hugo/commit/f41be7959a44108641f1e081adf5c4be7fc1bb63"><code>f41be79</code></a>
releaser: Bump versions for release of 0.158.0</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/0e46a97e8a0d5b7ad1dbea1a39dace7a3ee29fcf"><code>0e46a97</code></a>
deps: Upgrade github.com/evanw/esbuild v0.27.3 =&gt; v0.27.4</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/c27d9e8fcfa5aad6cfedd0552add2a6c8ec74525"><code>c27d9e8</code></a>
build(deps): bump github.com/getkin/kin-openapi from 0.133.0 to
0.134.0</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/098eac59a9d4f4567acb16018453c0d389677690"><code>098eac5</code></a>
build(deps): bump golang.org/x/tools from 0.42.0 to 0.43.0</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/3c980c072ee6a9c37a1c6028a7d328696f745836"><code>3c980c0</code></a>
resources: Re-publish on transformation cache hit</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/404ac00001de49c0ccbff4131be40fa2651e4a06"><code>404ac00</code></a>
create/skeletons: Use css.Build in theme skeleton</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/06fcb724219eecdc20367e86e1a8134d3d7e0e5b"><code>06fcb72</code></a>
tpl/css: Add a test case for rebuilds on CSS options changes</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/9b5f1d491d2b7cde198dd2fd858de92e9e97700f"><code>9b5f1d4</code></a>
hugolib: Allow regular pages to cascade to self</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/87f8de8c7ab10516614180080f97490645bbfdec"><code>87f8de8</code></a>
build(deps): bump gocloud.dev from 0.44.0 to 0.45.0</li>
<li><a
href="https://github.com/gohugoio/hugo/commit/67ef6c68deb031f2dcff926b0cc236a07dcca334"><code>67ef6c6</code></a>
build(deps): bump golang.org/x/sync from 0.19.0 to 0.20.0</li>
<li>Additional commits viewable in <a
href="https://github.com/gohugoio/hugo/compare/v0.157.0...v0.158.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo&package-manager=go_modules&previous-version=0.157.0&new-version=0.158.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-24 03:59:55 +00:00
dependabot[bot] 0900a44ff3 chore: bump github.com/fatih/color from 1.18.0 to 1.19.0 (#23431) 
Bumps [github.com/fatih/color](https://github.com/fatih/color) from
1.18.0 to 1.19.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/fatih/color/releases">github.com/fatih/color's
releases</a>.</em></p>
<blockquote>
<h2>v1.19.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump golang.org/x/sys from 0.25.0 to 0.28.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/fatih/color/pull/246">fatih/color#246</a></li>
<li>Fix for issue <a
href="https://redirect.github.com/fatih/color/issues/230">#230</a>
set/unsetwriter symmetric wrt color support detection by <a
href="https://github.com/ataypamart"><code>@​ataypamart</code></a> in <a
href="https://redirect.github.com/fatih/color/pull/243">fatih/color#243</a></li>
<li>chore: go mod cleanup by <a
href="https://github.com/sashamelentyev"><code>@​sashamelentyev</code></a>
in <a
href="https://redirect.github.com/fatih/color/pull/244">fatih/color#244</a></li>
<li>Bump golang.org/x/sys from 0.28.0 to 0.30.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/fatih/color/pull/249">fatih/color#249</a></li>
<li>Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/fatih/color/pull/248">fatih/color#248</a></li>
<li>Update CI and go deps by <a
href="https://github.com/fatih"><code>@​fatih</code></a> in <a
href="https://redirect.github.com/fatih/color/pull/254">fatih/color#254</a></li>
<li>Bump golang.org/x/sys from 0.31.0 to 0.37.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/fatih/color/pull/268">fatih/color#268</a></li>
<li>fix: include escape codes in byte counts from <code>Fprint</code>,
<code>Fprintf</code> by <a
href="https://github.com/qualidafial"><code>@​qualidafial</code></a> in
<a
href="https://redirect.github.com/fatih/color/pull/282">fatih/color#282</a></li>
<li>Bump golang.org/x/sys from 0.37.0 to 0.40.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/fatih/color/pull/277">fatih/color#277</a></li>
<li>fix: add nil check for os.Stdout to prevent panic on Windows
services by <a
href="https://github.com/majiayu000"><code>@​majiayu000</code></a> in <a
href="https://redirect.github.com/fatih/color/pull/275">fatih/color#275</a></li>
<li>Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/fatih/color/pull/259">fatih/color#259</a></li>
<li>Bump actions/checkout from 4 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/fatih/color/pull/273">fatih/color#273</a></li>
<li>Optimize Color.Equals performance (O(n²) → O(n)) by <a
href="https://github.com/UnSubble"><code>@​UnSubble</code></a> in <a
href="https://redirect.github.com/fatih/color/pull/269">fatih/color#269</a></li>
<li>Bump actions/setup-go from 5 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/fatih/color/pull/266">fatih/color#266</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/ataypamart"><code>@​ataypamart</code></a> made
their first contribution in <a
href="https://redirect.github.com/fatih/color/pull/243">fatih/color#243</a></li>
<li><a
href="https://github.com/sashamelentyev"><code>@​sashamelentyev</code></a>
made their first contribution in <a
href="https://redirect.github.com/fatih/color/pull/244">fatih/color#244</a></li>
<li><a
href="https://github.com/qualidafial"><code>@​qualidafial</code></a>
made their first contribution in <a
href="https://redirect.github.com/fatih/color/pull/282">fatih/color#282</a></li>
<li><a
href="https://github.com/majiayu000"><code>@​majiayu000</code></a> made
their first contribution in <a
href="https://redirect.github.com/fatih/color/pull/275">fatih/color#275</a></li>
<li><a href="https://github.com/UnSubble"><code>@​UnSubble</code></a>
made their first contribution in <a
href="https://redirect.github.com/fatih/color/pull/269">fatih/color#269</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/fatih/color/compare/v1.18.0...v1.19.0">https://github.com/fatih/color/compare/v1.18.0...v1.19.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/fatih/color/commit/ca25f6e17f118a5a259f3c2c0d395949d1103a5a"><code>ca25f6e</code></a>
Merge pull request <a
href="https://redirect.github.com/fatih/color/issues/266">#266</a> from
fatih/dependabot/github_actions/actions/setup-go-6</li>
<li><a
href="https://github.com/fatih/color/commit/120598440a16510564204450092d1e7925fad9ae"><code>1205984</code></a>
Bump actions/setup-go from 5 to 6</li>
<li><a
href="https://github.com/fatih/color/commit/5715c20323d8c79f60d4944831fcfa3b76cd5734"><code>5715c20</code></a>
Merge pull request <a
href="https://redirect.github.com/fatih/color/issues/269">#269</a> from
UnSubble/main</li>
<li><a
href="https://github.com/fatih/color/commit/2f6e2003760028129f34c4ad5c3728b904811d3c"><code>2f6e200</code></a>
Merge branch 'main' into main</li>
<li><a
href="https://github.com/fatih/color/commit/f72ec947d0c34504dfd08b0db68d89f37503fc90"><code>f72ec94</code></a>
Merge pull request <a
href="https://redirect.github.com/fatih/color/issues/273">#273</a> from
fatih/dependabot/github_actions/actions/checkout-6</li>
<li><a
href="https://github.com/fatih/color/commit/848e6330af5690fa24bb038d5330839a33f1f0e5"><code>848e633</code></a>
Merge branch 'main' into main</li>
<li><a
href="https://github.com/fatih/color/commit/4c2cd3443934693bd8892fc0f7bb5bbec8e3788a"><code>4c2cd34</code></a>
Add tests</li>
<li><a
href="https://github.com/fatih/color/commit/7f812f029c41eddd3ac7fbbdf6cc78e4b175944b"><code>7f812f0</code></a>
Bump actions/checkout from 4 to 6</li>
<li><a
href="https://github.com/fatih/color/commit/b7fc9f9557629556aff702751b5268cefcbafa15"><code>b7fc9f9</code></a>
Merge pull request <a
href="https://redirect.github.com/fatih/color/issues/259">#259</a> from
fatih/dependabot/github_actions/dominikh/staticc...</li>
<li><a
href="https://github.com/fatih/color/commit/239a88f715e8e35f40492da7a1e08f7173e78e05"><code>239a88f</code></a>
Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0</li>
<li>Additional commits viewable in <a
href="https://github.com/fatih/color/compare/v1.18.0...v1.19.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/fatih/color&package-manager=go_modules&previous-version=1.18.0&new-version=1.19.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 11:41:47 +00:00
dependabot[bot] 4537413315 chore: bump google.golang.org/api from 0.271.0 to 0.272.0 (#23430) 
Bumps
[google.golang.org/api](https://github.com/googleapis/google-api-go-client)
from 0.271.0 to 0.272.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.272.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.271.0...v0.272.0">0.272.0</a>
(2026-03-16)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3534">#3534</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/b4d37a1279665d52b8b4672a6a91732ae8eb3cf6">b4d37a1</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3536">#3536</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/549ef3e69575edbe4fee27bc485a093dc88b90b3">549ef3e</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3537">#3537</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/6def284013185ab4ac2fa389594ee6013086d5d0">6def284</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3538">#3538</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/319b5abcbc42b77f6acc861e45365b65695e8096">319b5ab</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3539">#3539</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/73bcfcf9b2fd8def3aec1cdff10e6d4ee646af41">73bcfcf</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3541">#3541</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/6374c496fde577aa9f5b32470e45676ff4f69dde">6374c49</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.271.0...v0.272.0">0.272.0</a>
(2026-03-16)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3534">#3534</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/b4d37a1279665d52b8b4672a6a91732ae8eb3cf6">b4d37a1</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3536">#3536</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/549ef3e69575edbe4fee27bc485a093dc88b90b3">549ef3e</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3537">#3537</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/6def284013185ab4ac2fa389594ee6013086d5d0">6def284</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3538">#3538</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/319b5abcbc42b77f6acc861e45365b65695e8096">319b5ab</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3539">#3539</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/73bcfcf9b2fd8def3aec1cdff10e6d4ee646af41">73bcfcf</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3541">#3541</a>)
(<a
href="https://github.com/googleapis/google-api-go-client/commit/6374c496fde577aa9f5b32470e45676ff4f69dde">6374c49</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/e7df9fe0b92461f87b6d267a600e6825d1221e75"><code>e7df9fe</code></a>
chore(main): release 0.272.0 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3535">#3535</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/5d8b2662ac4cd19ac978d9f08bedb59dc41c8247"><code>5d8b266</code></a>
chore(all): update all (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3540">#3540</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/6374c496fde577aa9f5b32470e45676ff4f69dde"><code>6374c49</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3541">#3541</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/73bcfcf9b2fd8def3aec1cdff10e6d4ee646af41"><code>73bcfcf</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3539">#3539</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/319b5abcbc42b77f6acc861e45365b65695e8096"><code>319b5ab</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3538">#3538</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/6def284013185ab4ac2fa389594ee6013086d5d0"><code>6def284</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3537">#3537</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/549ef3e69575edbe4fee27bc485a093dc88b90b3"><code>549ef3e</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3536">#3536</a>)</li>
<li><a
href="https://github.com/googleapis/google-api-go-client/commit/b4d37a1279665d52b8b4672a6a91732ae8eb3cf6"><code>b4d37a1</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3534">#3534</a>)</li>
<li>See full diff in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.271.0...v0.272.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.271.0&new-version=0.272.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 11:33:26 +00:00
dependabot[bot] f2b9d5f8f7 chore: bump github.com/fergusstrange/embedded-postgres from 1.32.0 to 1.34.0 (#23428) 
Bumps
[github.com/fergusstrange/embedded-postgres](https://github.com/fergusstrange/embedded-postgres)
from 1.32.0 to 1.34.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/fergusstrange/embedded-postgres/releases">github.com/fergusstrange/embedded-postgres's
releases</a>.</em></p>
<blockquote>
<h2>v1.34.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump V18 from 18.0.0 to 18.3.0 to fix darwin/arm64 by <a
href="https://github.com/nzoschke"><code>@​nzoschke</code></a> in <a
href="https://redirect.github.com/fergusstrange/embedded-postgres/pull/166">fergusstrange/embedded-postgres#166</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/nzoschke"><code>@​nzoschke</code></a>
made their first contribution in <a
href="https://redirect.github.com/fergusstrange/embedded-postgres/pull/166">fergusstrange/embedded-postgres#166</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/fergusstrange/embedded-postgres/compare/v1.33.0...v1.34.0">https://github.com/fergusstrange/embedded-postgres/compare/v1.33.0...v1.34.0</a></p>
<h2>v1.33.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add support for Postgres 18 and update default version by <a
href="https://github.com/otakakot"><code>@​otakakot</code></a> in <a
href="https://redirect.github.com/fergusstrange/embedded-postgres/pull/162">fergusstrange/embedded-postgres#162</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/otakakot"><code>@​otakakot</code></a>
made their first contribution in <a
href="https://redirect.github.com/fergusstrange/embedded-postgres/pull/162">fergusstrange/embedded-postgres#162</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/fergusstrange/embedded-postgres/compare/v1.32.0...v1.33.0">https://github.com/fergusstrange/embedded-postgres/compare/v1.32.0...v1.33.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/fergusstrange/embedded-postgres/commit/490777eebf4d3fe8615496cd4fc8430f5b93379d"><code>490777e</code></a>
Bump V18 from 18.0.0 to 18.3.0 to fix darwin/arm64 (<a
href="https://redirect.github.com/fergusstrange/embedded-postgres/issues/166">#166</a>)</li>
<li><a
href="https://github.com/fergusstrange/embedded-postgres/commit/f351010461d7666dff82b7bf88986d1e4d5824af"><code>f351010</code></a>
Update README.md</li>
<li><a
href="https://github.com/fergusstrange/embedded-postgres/commit/cf5b3570ca7fc727fae6e4874ec08b4818b705b1"><code>cf5b357</code></a>
Update CircleCI config: add Rosetta installation step for macOS
executor</li>
<li><a
href="https://github.com/fergusstrange/embedded-postgres/commit/a2782271984af1c658bc68ec5ead130968be4071"><code>a278227</code></a>
Update CircleCI config: specify Go version 1.18 for macOS executor</li>
<li><a
href="https://github.com/fergusstrange/embedded-postgres/commit/e96b8985a6cf932ee40a412ab8403dc13073420e"><code>e96b898</code></a>
Update CircleCI config: change Apple executor from m2 to m4</li>
<li><a
href="https://github.com/fergusstrange/embedded-postgres/commit/10719368a4343cc494f84db42b1a8a3199b6cc4f"><code>1071936</code></a>
Update CircleCI config: rename cache steps for Go modules</li>
<li><a
href="https://github.com/fergusstrange/embedded-postgres/commit/2bb06046c7b832f9bd54034f2a665b01f6f037b5"><code>2bb0604</code></a>
Update CircleCI config: modify macOS executor, upgrade xcode and go
orb</li>
<li><a
href="https://github.com/fergusstrange/embedded-postgres/commit/8b9ced41d43db993baf672c7a3ac308c9822d99c"><code>8b9ced4</code></a>
Add OSSI_TOKEN and OSSI_USERNAME to Nancy action environment</li>
<li><a
href="https://github.com/fergusstrange/embedded-postgres/commit/482d9032341eeede28e7f69637d3c0856721aae7"><code>482d903</code></a>
Bump Nancy Vulnerability Checker to v1.0.52</li>
<li><a
href="https://github.com/fergusstrange/embedded-postgres/commit/3578d6e73071963906311f846e6cf51470203bdc"><code>3578d6e</code></a>
Add support for Postgres 18 and update default version (<a
href="https://redirect.github.com/fergusstrange/embedded-postgres/issues/162">#162</a>)</li>
<li>See full diff in <a
href="https://github.com/fergusstrange/embedded-postgres/compare/v1.32.0...v1.34.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/fergusstrange/embedded-postgres&package-manager=go_modules&previous-version=1.32.0&new-version=1.34.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 11:27:49 +00:00
Michael Suchacz a6ba61e607 fix: use upstream fantasy fix for store=false replay (#23368) 2026-03-20 15:14:02 -04:00
dependabot[bot] be5f9b1ffd chore: bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 (#23344) 
Bumps [github.com/buger/jsonparser](https://github.com/buger/jsonparser)
from 1.1.1 to 1.1.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/buger/jsonparser/releases">github.com/buger/jsonparser's
releases</a>.</em></p>
<blockquote>
<h2>v1.1.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Updated travis to build for 1.13 to 1.15 by <a
href="https://github.com/janreggie"><code>@​janreggie</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/225">buger/jsonparser#225</a></li>
<li>
<ul>
<li>eliminate 2 allocations in EachKey() by <a
href="https://github.com/Villenny"><code>@​Villenny</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/223">buger/jsonparser#223</a></li>
</ul>
</li>
<li>fix issue <a
href="https://redirect.github.com/buger/jsonparser/issues/150">#150</a>
(in deleting case) by <a
href="https://github.com/daria-kay"><code>@​daria-kay</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/226">buger/jsonparser#226</a></li>
<li>fixing the oss-fuzz issue by <a
href="https://github.com/daria-kay"><code>@​daria-kay</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/227">buger/jsonparser#227</a></li>
<li>Fix parseInt overflow check false negative by <a
href="https://github.com/carsonip"><code>@​carsonip</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/231">buger/jsonparser#231</a></li>
<li>Added bespoke error for null cases by <a
href="https://github.com/jonomacd"><code>@​jonomacd</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/228">buger/jsonparser#228</a></li>
<li>Fuzzing: Add CIFuzz by <a
href="https://github.com/AdamKorcz"><code>@​AdamKorcz</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/239">buger/jsonparser#239</a></li>
<li>Added latest versions of go to tests by <a
href="https://github.com/moredure"><code>@​moredure</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/244">buger/jsonparser#244</a></li>
<li>fix EachKey pIdxFlags allocation by <a
href="https://github.com/unxcepted"><code>@​unxcepted</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/241">buger/jsonparser#241</a></li>
<li>fix: prevent panic on negative slice index in Delete with malformed
JSON (GO-2026-4514) by <a
href="https://github.com/dbarrosop"><code>@​dbarrosop</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/276">buger/jsonparser#276</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/janreggie"><code>@​janreggie</code></a>
made their first contribution in <a
href="https://redirect.github.com/buger/jsonparser/pull/225">buger/jsonparser#225</a></li>
<li><a href="https://github.com/Villenny"><code>@​Villenny</code></a>
made their first contribution in <a
href="https://redirect.github.com/buger/jsonparser/pull/223">buger/jsonparser#223</a></li>
<li><a href="https://github.com/daria-kay"><code>@​daria-kay</code></a>
made their first contribution in <a
href="https://redirect.github.com/buger/jsonparser/pull/226">buger/jsonparser#226</a></li>
<li><a href="https://github.com/carsonip"><code>@​carsonip</code></a>
made their first contribution in <a
href="https://redirect.github.com/buger/jsonparser/pull/231">buger/jsonparser#231</a></li>
<li><a href="https://github.com/jonomacd"><code>@​jonomacd</code></a>
made their first contribution in <a
href="https://redirect.github.com/buger/jsonparser/pull/228">buger/jsonparser#228</a></li>
<li><a href="https://github.com/moredure"><code>@​moredure</code></a>
made their first contribution in <a
href="https://redirect.github.com/buger/jsonparser/pull/244">buger/jsonparser#244</a></li>
<li><a href="https://github.com/unxcepted"><code>@​unxcepted</code></a>
made their first contribution in <a
href="https://redirect.github.com/buger/jsonparser/pull/241">buger/jsonparser#241</a></li>
<li><a href="https://github.com/dbarrosop"><code>@​dbarrosop</code></a>
made their first contribution in <a
href="https://redirect.github.com/buger/jsonparser/pull/276">buger/jsonparser#276</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2">https://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/buger/jsonparser/commit/a69e7e01cd4ad67bdfd3ac2c080b9212af16f4b0"><code>a69e7e0</code></a>
Merge pull request <a
href="https://redirect.github.com/buger/jsonparser/issues/276">#276</a>
from dbarrosop/master</li>
<li><a
href="https://github.com/buger/jsonparser/commit/d3eacc0bab779d6cf98221f5268828fff287876e"><code>d3eacc0</code></a>
fix: prevent panic on negative slice index in Delete with malformed JSON
(GO-...</li>
<li><a
href="https://github.com/buger/jsonparser/commit/61b32cfdfa0f5d368ef7c7daef28ce12d538740f"><code>61b32cf</code></a>
Merge pull request <a
href="https://redirect.github.com/buger/jsonparser/issues/241">#241</a>
from unxcepted/master</li>
<li><a
href="https://github.com/buger/jsonparser/commit/2181e8398f18397c9cacbaea9889314bb585e868"><code>2181e83</code></a>
Merge pull request <a
href="https://redirect.github.com/buger/jsonparser/issues/244">#244</a>
from ScaleChamp/patch-2</li>
<li><a
href="https://github.com/buger/jsonparser/commit/1510b5194182fc2fb898f28cdbceb42fd7258bfa"><code>1510b51</code></a>
Added latest versions of go to tests</li>
<li><a
href="https://github.com/buger/jsonparser/commit/6fc2e488ed3cc4f1f1debec3b0c70715bd7be6fd"><code>6fc2e48</code></a>
fix: eachkey allocation</li>
<li><a
href="https://github.com/buger/jsonparser/commit/a6f867eb7787e4ec54536b77b5d628ddf5c4f73d"><code>a6f867e</code></a>
Merge pull request <a
href="https://redirect.github.com/buger/jsonparser/issues/239">#239</a>
from AdamKorcz/cifuzz1</li>
<li><a
href="https://github.com/buger/jsonparser/commit/cbc01fdbbe131706e89eeaaf0cd917760d8d3949"><code>cbc01fd</code></a>
Fuzzing: Add CIFuzz</li>
<li><a
href="https://github.com/buger/jsonparser/commit/dc92d6932a1272b4d8f485f798a88c3a75106256"><code>dc92d69</code></a>
Merge pull request <a
href="https://redirect.github.com/buger/jsonparser/issues/228">#228</a>
from jonomacd/null-handling</li>
<li><a
href="https://github.com/buger/jsonparser/commit/2d9d6343e8621ddc18c70749663f74bc584c0de4"><code>2d9d634</code></a>
Merge pull request <a
href="https://redirect.github.com/buger/jsonparser/issues/231">#231</a>
from carsonip/fix-parseint-overflow-check</li>
<li>Additional commits viewable in <a
href="https://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/buger/jsonparser&package-manager=go_modules&previous-version=1.1.1&new-version=1.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-20 02:16:34 +00:00
Kyle Carberry 86cb313765 fix: update fantasy to fix OpenAI reasoning replay with Store enabled (#23297) 
## Problem

When `Store: true` is set for OpenAI Responses API calls (the new
default), multi-turn conversations with reasoning models fail on the
second message:

```
stream response: bad request: Item 'rs_xxx' of type 'reasoning' was provided
without its required following item.
```

The fantasy library was reconstructing full `OfReasoning` input items
(with encrypted content and summary) when replaying assistant messages.
The API cannot pair these reconstructed reasoning items with the output
items that originally followed them because the output items are sent as
plain `OfMessage` without server-side IDs.

## Fix

Updates the fantasy dependency (`kylecarbs/fantasy@cj/go1.25`) to skip
reasoning parts during conversation replay in `toResponsesPrompt`. With
`Store` enabled, the API already has the reasoning persisted server-side
— it doesn't need to be replayed in the input.

Fantasy PR: https://github.com/charmbracelet/fantasy/pull/181

## Testing

Adds `TestOpenAIReasoningRoundTrip` integration test that:
1. Sends a query to `o4-mini` (reasoning model with `Store: true`)
2. Verifies reasoning content is persisted
3. Sends a follow-up message — this was the failing step
4. Verifies the follow-up completes successfully

Requires `OPENAI_API_KEY` env var to run.
 2026-03-19 15:36:29 +00:00
Kyle Carberry fdc2366227 chore: update fantasy dep to rebased cj/go1.25 branch (#23242) 
Updates the `charm.land/fantasy` replace to the rebased `cj/go1.25`
branch on `kylecarbs/fantasy`, which now includes:

- **chore: downgrade to Go 1.25**
- **feat: anthropic computer use**
- **chore: use kylecarbs/openai-go fork for coder/coder compat**

Switches the `openai-go/v3` replace from `SasSwart/openai-go` →
`kylecarbs/openai-go`, which is the same SasSwart perf fork plus a fix
for `WithJSONSet` being clobbered by deferred body serialization.
Without the fix, `NewStreaming` silently drops `stream: true` from
requests. See https://github.com/kylecarbs/openai-go/pull/2 for details.
 2026-03-19 12:59:39 +00:00
dependabot[bot] 7877b26088 chore: bump google.golang.org/grpc from 1.79.2 to 1.79.3 (#23271) 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from
1.79.2 to 1.79.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's
releases</a>.</em></p>
<blockquote>
<h2>Release 1.79.3</h2>
<h1>Security</h1>
<ul>
<li>server: fix an authorization bypass where malformed :path headers
(missing the leading slash) could bypass path-based restricted
&quot;deny&quot; rules in interceptors like <code>grpc/authz</code>. Any
request with a non-canonical path is now immediately rejected with an
<code>Unimplemented</code> error. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8981">#8981</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/grpc/grpc-go/commit/dda86dbd9cecb8b35b58c73d507d81d67761205f"><code>dda86db</code></a>
Change version to 1.79.3 (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8983">#8983</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/72186f163e75a065c39e6f7df9b6dea07fbdeff5"><code>72186f1</code></a>
grpc: enforce strict path checking for incoming requests on the server
(<a
href="https://redirect.github.com/grpc/grpc-go/issues/8981">#8981</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/97ca3522b239edf6813e2b1106924e9d55e89d43"><code>97ca352</code></a>
Changing version to 1.79.3-dev (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8954">#8954</a>)</li>
<li>See full diff in <a
href="https://github.com/grpc/grpc-go/compare/v1.79.2...v1.79.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/grpc&package-manager=go_modules&previous-version=1.79.2&new-version=1.79.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-19 02:46:30 +00:00
Steven Masley c46136ff73 chore: update coder/trivy override (#23230) 
Coder/preview does this update as well. Because it is a `replace`, we
have to manually update our `replace` too
 2026-03-18 12:03:56 -05:00
Kacper Sawicki 1e07ec49a6 feat: add merge_strategy support for coder_env resources (#23107) 
## Description

Implements the server-side merge logic for the `merge_strategy`
attribute added to `coder_env` in [terraform-provider-coder
v2.15.0](https://github.com/coder/terraform-provider-coder/pull/489).
This allows template authors to control how duplicate environment
variable names are combined across multiple `coder_env` resources.

Relates to https://github.com/coder/coder/issues/21885

## Supported strategies

| Strategy | Behavior |
|----------|----------|
| `replace` (default) | Last value wins — backward compatible |
| `append` | Joins values with `:` separator (e.g. PATH additions) |
| `prepend` | Prepends value with `:` separator |
| `error` | Fails the build if the variable is already defined |

## Example

```hcl
resource "coder_env" "path_tools" {
  agent_id       = coder_agent.dev.id
  name           = "PATH"
  value          = "/home/coder/tools/bin"
  merge_strategy = "append"
}
```

## Changes

- **Proto**: Added `merge_strategy` field to `Env` message in
`provisioner.proto`
- **State reader**: Updated `agentEnvAttributes` struct and proto
construction in `resources.go`
- **Merge logic**: Added `mergeExtraEnvs()` function in
`provisionerdserver.go` with strategy-aware merging for both agent envs
and devcontainer subagent envs
- **Tests**: 15 unit tests covering all strategies, edge cases (empty
values, mixed strategies, multiple appends)
- **Dependency**: Bumped `terraform-provider-coder` v2.14.0 → v2.15.0
- **Fixtures**: Updated `duplicate-env-keys` test fixtures and golden
files

## Ordering

When multiple resources `append` or `prepend` to the same key, they are
processed in alphabetical order by Terraform resource address (per the
determinism fix in #22706).
 2026-03-18 15:43:28 +01:00
Ben Potter f3bf5baba0 chore: update coder/tailscale fork to 33e050fd4bd9 (#23191) 
Updates the tailscale replace directive to pick up two new commits from
[coder/tailscale](https://github.com/coder/tailscale):

- [feat(magicsock): add DERPTLSConfig for custom TLS configuration
(#105)](https://github.com/coder/tailscale/commit/8ffb3e998ba9c11d770eacac9a2f3932ce36590d)
- [chore: improve logging for derp server mesh clients
(#107)](https://github.com/coder/tailscale/commit/33e050fd4bd97d9e805afb4df7fac7a1c6e4abf8)

Relates to: PRODUCT-204
 2026-03-18 15:14:02 +11:00
Danny Kopping 365de3e367 feat: record model thoughts (#22676) 
Depends on https://github.com/coder/aibridge/pull/203
Closes https://github.com/coder/internal/issues/1337

---------

Signed-off-by: Danny Kopping <danny@coder.com>
 2026-03-17 11:41:10 +00:00