1320 Commits

Author	SHA1	Message	Date
Cian Johnston	a4afb9dfc6	feat: add --env-file flag to develop.sh (#25621) ... Adds `--env-file` to `scripts/develop.sh` to allow reading environment from a given file. This makes it easier to configure things like external auth providers, access URLs, and other dev-time settings without exporting a wall of environment variables in every shell session. > Generated with [Coder Agents](https://coder.com/agents)	2026-05-25 11:54:57 +01:00
Zach	8d0a73f0b1	chore: bump terraform-provider-coder and coder/preview for coder_secret removal (#25590) ... We decided to remove secret requirements and go a different direction for secrets in Coder (see PLAT-243). As a result, we removed the code in terraform-provider-coder and coder/preview to handle this resource. This PR pulls in said updated versions. Generated with assistance by Coder Agents.	2026-05-22 07:57:54 -06:00
Mathias Fredriksson	f1b772928d	feat: parse execute tool commands and render them in the chat UI (#25478) ... When the execute tool runs a chained shell command, the UI previously rendered the raw string. Long chains like "cd /repo && git pull && git add . && git commit -m fix" were hard to scan. A new ChatMessagePart.ParsedCommands [][]string field on tool-call parts carries one entry per simple command, parsed in chatd from args via mvdan.cc/sh/v3/syntax. The frontend renders the joined list ("cd, git pull, git add, git commit") in place of the raw command, and falls back to the raw command when the field is absent. Closes CODAGT-446	2026-05-21 08:12:34 +00:00
dependabot[bot]	ce57ecc908	chore: bump google.golang.org/api from 0.278.0 to 0.280.0 (#25516) ... Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.278.0 to 0.280.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/googleapis/google-api-go-client/releases">google.golang.org/api's releases</a>.</em></p> <blockquote> <h2>v0.280.0</h2> <h2><a href="https://github.com/googleapis/google-api-go-client/compare/v0.279.0...v0.280.0">0.280.0</a> (2026-05-19)</h2> <h3>Features</h3> <ul> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3591">#3591</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/55ba2fab69ee14286ad052f57ed90a726b071e86">55ba2fa</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3593">#3593</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/054d4b6054450d2be21f50fad64145a4e0125424">054d4b6</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3594">#3594</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/03829161b8cd77bf11f4a3a5d07a43f6b1904fbe">0382916</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3595">#3595</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/13e1ad2eeb540d19709df87ce9a0cfdb632f1bf3">13e1ad2</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3596">#3596</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/4c77865748dda2086de226e9401531c934cd909f">4c77865</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3598">#3598</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/ae2f33001826f523ecc6d2f141244e55fbac45c0">ae2f330</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3599">#3599</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/f82d2049187ed2ab7ee27831a1a78887c5969ca4">f82d204</a>)</li> </ul> <h2>v0.279.0</h2> <h2><a href="https://github.com/googleapis/google-api-go-client/compare/v0.278.0...v0.279.0">0.279.0</a> (2026-05-12)</h2> <h3>Features</h3> <ul> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3585">#3585</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/09db0e346a6b567747dceee3872229a62c95124c">09db0e3</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3587">#3587</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/e87e376dbd590cffb3632c378e1ade4a9dacf3ce">e87e376</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3590">#3590</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/d4241eaef9ab3daad4fd4aaeccc118795cfc58a7">d4241ea</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md">google.golang.org/api's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/googleapis/google-api-go-client/compare/v0.279.0...v0.280.0">0.280.0</a> (2026-05-19)</h2> <h3>Features</h3> <ul> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3591">#3591</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/55ba2fab69ee14286ad052f57ed90a726b071e86">55ba2fa</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3593">#3593</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/054d4b6054450d2be21f50fad64145a4e0125424">054d4b6</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3594">#3594</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/03829161b8cd77bf11f4a3a5d07a43f6b1904fbe">0382916</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3595">#3595</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/13e1ad2eeb540d19709df87ce9a0cfdb632f1bf3">13e1ad2</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3596">#3596</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/4c77865748dda2086de226e9401531c934cd909f">4c77865</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3598">#3598</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/ae2f33001826f523ecc6d2f141244e55fbac45c0">ae2f330</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3599">#3599</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/f82d2049187ed2ab7ee27831a1a78887c5969ca4">f82d204</a>)</li> </ul> <h2><a href="https://github.com/googleapis/google-api-go-client/compare/v0.278.0...v0.279.0">0.279.0</a> (2026-05-12)</h2> <h3>Features</h3> <ul> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3585">#3585</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/09db0e346a6b567747dceee3872229a62c95124c">09db0e3</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3587">#3587</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/e87e376dbd590cffb3632c378e1ade4a9dacf3ce">e87e376</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3590">#3590</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/d4241eaef9ab3daad4fd4aaeccc118795cfc58a7">d4241ea</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/googleapis/google-api-go-client/commit/3887b09ecbbaf25fba1bf52227ad5ca4f89e9968"><code>3887b09</code></a> chore(main): release 0.280.0 (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3592">#3592</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/f82d2049187ed2ab7ee27831a1a78887c5969ca4"><code>f82d204</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3599">#3599</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/13e7314e1377c0dd4e132a681b3130abc5843dbd"><code>13e7314</code></a> chore(all): update all (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3597">#3597</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/ae2f33001826f523ecc6d2f141244e55fbac45c0"><code>ae2f330</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3598">#3598</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/4c77865748dda2086de226e9401531c934cd909f"><code>4c77865</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3596">#3596</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/13e1ad2eeb540d19709df87ce9a0cfdb632f1bf3"><code>13e1ad2</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3595">#3595</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/03829161b8cd77bf11f4a3a5d07a43f6b1904fbe"><code>0382916</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3594">#3594</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/054d4b6054450d2be21f50fad64145a4e0125424"><code>054d4b6</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3593">#3593</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/55ba2fab69ee14286ad052f57ed90a726b071e86"><code>55ba2fa</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3591">#3591</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/e446d4cdeb5e63cd6916051edd2c56588eede309"><code>e446d4c</code></a> chore(main): release 0.279.0 (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3586">#3586</a>)</li> <li>Additional commits viewable in <a href="https://github.com/googleapis/google-api-go-client/compare/v0.278.0...v0.280.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-19 22:55:11 +00:00
dependabot[bot]	f6a9e43185	chore: bump github.com/coder/terraform-provider-coder/v2 from 2.16.0 to 2.17.0 (#25515) ... Bumps [github.com/coder/terraform-provider-coder/v2](https://github.com/coder/terraform-provider-coder) from 2.16.0 to 2.17.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/coder/terraform-provider-coder/releases">github.com/coder/terraform-provider-coder/v2's releases</a>.</em></p> <blockquote> <h2>v2.17.0</h2> <h2>What's Changed</h2> <ul> <li>build(deps): Bump golang.org/x/mod from 0.34.0 to 0.35.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/coder/terraform-provider-coder/pull/500">coder/terraform-provider-coder#500</a></li> <li>build(deps): Bump crazy-max/ghaction-import-gpg from 6.3.0 to 7.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/coder/terraform-provider-coder/pull/485">coder/terraform-provider-coder#485</a></li> <li>build(deps): Bump goreleaser/goreleaser-action from 7.0.0 to 7.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/coder/terraform-provider-coder/pull/502">coder/terraform-provider-coder#502</a></li> <li>build(deps): Bump goreleaser/goreleaser-action from 7.1.0 to 7.2.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/coder/terraform-provider-coder/pull/505">coder/terraform-provider-coder#505</a></li> <li>build(deps): Bump golang.org/x/mod from 0.35.0 to 0.36.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/coder/terraform-provider-coder/pull/508">coder/terraform-provider-coder#508</a></li> <li>chore: upgrade Go to 1.26 by <a href="https://github.com/matifali"><code>@​matifali</code></a> in <a href="https://redirect.github.com/coder/terraform-provider-coder/pull/494">coder/terraform-provider-coder#494</a></li> <li>chore: warn when coder_agent dir breaks Desktop file sync by <a href="https://github.com/zenithwolf1000"><code>@​zenithwolf1000</code></a> in <a href="https://redirect.github.com/coder/terraform-provider-coder/pull/507">coder/terraform-provider-coder#507</a></li> <li>build(deps): Bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.38.1 to 2.40.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/coder/terraform-provider-coder/pull/506">coder/terraform-provider-coder#506</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/zenithwolf1000"><code>@​zenithwolf1000</code></a> made their first contribution in <a href="https://redirect.github.com/coder/terraform-provider-coder/pull/507">coder/terraform-provider-coder#507</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/coder/terraform-provider-coder/compare/v2.16.0...v2.17.0">https://github.com/coder/terraform-provider-coder/compare/v2.16.0...v2.17.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/coder/terraform-provider-coder/commit/35a52f2969dfd236df4ea370fdb84a70475e5bbd"><code>35a52f2</code></a> build(deps): Bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.38.1 to...</li> <li><a href="https://github.com/coder/terraform-provider-coder/commit/c80aa71a5d8d03c8ebb7de2c02e34556fa98f04b"><code>c80aa71</code></a> chore: warn when coder_agent dir breaks Desktop file sync (<a href="https://redirect.github.com/coder/terraform-provider-coder/issues/507">#507</a>)</li> <li><a href="https://github.com/coder/terraform-provider-coder/commit/d1b758b3e04a35d3339fa838872bec137eb28e15"><code>d1b758b</code></a> chore: upgrade Go to 1.26 (<a href="https://redirect.github.com/coder/terraform-provider-coder/issues/494">#494</a>)</li> <li><a href="https://github.com/coder/terraform-provider-coder/commit/223b51b40f52bfdfcad65805f3bf94c31dfd531d"><code>223b51b</code></a> build(deps): Bump golang.org/x/mod from 0.35.0 to 0.36.0 (<a href="https://redirect.github.com/coder/terraform-provider-coder/issues/508">#508</a>)</li> <li><a href="https://github.com/coder/terraform-provider-coder/commit/fe03a1da39aaf2f1eb0945526d7a284339963262"><code>fe03a1d</code></a> build(deps): Bump goreleaser/goreleaser-action from 7.1.0 to 7.2.1 (<a href="https://redirect.github.com/coder/terraform-provider-coder/issues/505">#505</a>)</li> <li><a href="https://github.com/coder/terraform-provider-coder/commit/7da76fab022e71fd2ded14df27daa7de36e4980d"><code>7da76fa</code></a> build(deps): Bump goreleaser/goreleaser-action from 7.0.0 to 7.1.0 (<a href="https://redirect.github.com/coder/terraform-provider-coder/issues/502">#502</a>)</li> <li><a href="https://github.com/coder/terraform-provider-coder/commit/8f68c55762c371e4f4d3dcafd83688d0b613dffc"><code>8f68c55</code></a> build(deps): Bump crazy-max/ghaction-import-gpg from 6.3.0 to 7.0.0 (<a href="https://redirect.github.com/coder/terraform-provider-coder/issues/485">#485</a>)</li> <li><a href="https://github.com/coder/terraform-provider-coder/commit/99b6eee0c6467576672ad8ff5a4a68539ccba19b"><code>99b6eee</code></a> build(deps): Bump golang.org/x/mod from 0.34.0 to 0.35.0 (<a href="https://redirect.github.com/coder/terraform-provider-coder/issues/500">#500</a>)</li> <li>See full diff in <a href="https://github.com/coder/terraform-provider-coder/compare/v2.16.0...v2.17.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-19 22:52:59 +00:00
dependabot[bot]	91c405caa4	chore: bump github.com/brianvoe/gofakeit/v7 from 7.14.0 to 7.15.0 (#25513) ... Bumps [github.com/brianvoe/gofakeit/v7](https://github.com/brianvoe/gofakeit) from 7.14.0 to 7.15.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/brianvoe/gofakeit/commit/010dc54464bc1c104ee1bad3823325dd2e14d4dd"><code>010dc54</code></a> email - better email generation with weighted mix and testing valid email gen...</li> <li><a href="https://github.com/brianvoe/gofakeit/commit/794efc9b4520eb8f2df00b3db0aa8fb64e04d469"><code>794efc9</code></a> password - space usage adjustment</li> <li><a href="https://github.com/brianvoe/gofakeit/commit/ee08eae8003a40768c47bacd76dfa5503a461752"><code>ee08eae</code></a> Merge pull request <a href="https://redirect.github.com/brianvoe/gofakeit/issues/392">#392</a> from shubhamatkal/fix/password-guarantee-character-sets</li> <li><a href="https://github.com/brianvoe/gofakeit/commit/c38fe1a8fb22e850fbdbbe2a54d5954a60e13a65"><code>c38fe1a</code></a> github - workflow less verbose</li> <li><a href="https://github.com/brianvoe/gofakeit/commit/22b91127ddcc896b66a389c2c00b73985091d11c"><code>22b9112</code></a> datetime - yearly fix</li> <li><a href="https://github.com/brianvoe/gofakeit/commit/35520064411e85a403d4b41f22d3269604871e20"><code>3552006</code></a> fix: guarantee at least one char per enabled set in Password()</li> <li>See full diff in <a href="https://github.com/brianvoe/gofakeit/compare/v7.14.0...v7.15.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-19 22:52:23 +00:00
dependabot[bot]	01492e0e7b	chore: bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 (#25494) ... Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.19.0 to 5.19.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's releases</a>.</em></p> <blockquote> <h2>v5.19.1</h2> <h2>What's Changed</h2> <ul> <li>v5: plumbing: transport/ssh, Shell-quote path by <a href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2068">go-git/go-git#2068</a></li> <li>v5: git: submodule, Fix relative URL resolution by <a href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2070">go-git/go-git#2070</a></li> <li>v5: git: submodule, canonical remote for relative URLs by <a href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2074">go-git/go-git#2074</a></li> <li>v5: git: submodule, error on remote without URLs by <a href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2078">go-git/go-git#2078</a></li> <li>v5: plumbing: format/idxfile, Validate offset64 indices by <a href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2084">go-git/go-git#2084</a></li> <li>v5: *: Reject malformed variable-length integers by <a href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2092">go-git/go-git#2092</a></li> <li>v5: plumbing: format/packfile, Tighten delta validation by <a href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2091">go-git/go-git#2091</a></li> <li>v5: Add <code>worktreeFilesystem</code> wrapper for worktree and hardening by <a href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2100">go-git/go-git#2100</a></li> <li>v5: config: validate submodule names by <a href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2082">go-git/go-git#2082</a></li> <li>build: Update module github.com/go-git/go-git/v5 to v5.19.0 [SECURITY] (releases/v5.x) by <a href="https://github.com/go-git-renovate"><code>@​go-git-renovate</code></a>[bot] in <a href="https://redirect.github.com/go-git/go-git/pull/2111">go-git/go-git#2111</a></li> <li>v5: git: Allow MkdirAll on worktree-root paths by <a href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2117">go-git/go-git#2117</a></li> <li>v5: git: Stop validating symlink target paths by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2116">go-git/go-git#2116</a></li> <li>v5: plumbing: format decoder input bounds and contracts by <a href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2125">go-git/go-git#2125</a></li> <li>plumbing: format/packfile, cap delta chain depth in parser by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2137">go-git/go-git#2137</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1">https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-git/go-git/commit/3c3be601aa6c0fd0d536c0d1e4f898b4c60e65fe"><code>3c3be60</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/2137">#2137</a> from go-git/validate-v5</li> <li><a href="https://github.com/go-git/go-git/commit/3fba897bd9e84b1aec170fa708b80e297b7d6cf6"><code>3fba897</code></a> plumbing: format/packfile, cap delta chain depth in parser</li> <li><a href="https://github.com/go-git/go-git/commit/a97d6601c85e017bb64c2b0f2e3169f6ef6a6709"><code>a97d660</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/2125">#2125</a> from hiddeco/v5/format-input-bounds</li> <li><a href="https://github.com/go-git/go-git/commit/aeaa125c8af8e4c4c95b574c22c5633e97fc436e"><code>aeaa125</code></a> plumbing: format/objfile, require Header before Read</li> <li><a href="https://github.com/go-git/go-git/commit/1f38e171218526ea254a73187a52f0648253c1b8"><code>1f38e17</code></a> plumbing: format/packfile, bound inflate size</li> <li><a href="https://github.com/go-git/go-git/commit/f7545a02529e03998d6a7219140dc0e6644ad337"><code>f7545a0</code></a> plumbing: format/idxfile, bound nr by file size</li> <li><a href="https://github.com/go-git/go-git/commit/170b88181f385913a457a08b68c88956fb3f8e4f"><code>170b881</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/2116">#2116</a> from pjbgf/symlink-v5</li> <li><a href="https://github.com/go-git/go-git/commit/7b6d994467f06630268904aa3c441b6de7248b31"><code>7b6d994</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/2117">#2117</a> from hiddeco/v5/worktree-fs-mkdirall-root-noop</li> <li><a href="https://github.com/go-git/go-git/commit/f0709b32f8fbb87c16cd63c6762d2cd515f36541"><code>f0709b3</code></a> git: Stop validating symlink target paths</li> <li><a href="https://github.com/go-git/go-git/commit/776d00f11d336f26862d0f2bab987b217f3a7844"><code>776d00f</code></a> git: Allow MkdirAll on worktree-root paths</li> <li>Additional commits viewable in <a href="https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/coder/coder/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-19 16:20:21 +00:00
Rowan Smith	9cf359475b	fix: update tailscale fork to fix TSMP/ICMP callback leak (#25469) ... Updates `github.com/coder/tailscale` to [`v1.1.1-0.20260519043957-6f014ff9434f`](https://github.com/coder/tailscale/commit/6f014ff9434f8c7c4b5b0b0450cbaf2e8b4a52af) to include the fix from [coder/tailscale#122](https://github.com/coder/tailscale/pull/122), which ports the upstream [tailscale/tailscale#18113](https://github.com/tailscale/tailscale/pull/18113) fix for TSMP/ICMP callback leaks. Fixes #25380 > Generated with [Coder Agents](https://coder.com) by @rowansmithau	2026-05-19 15:19:09 +10:00
Ethan	e75bd3aca4	fix: preserve Anthropic replay fidelity (#25377) ... Anthropic is strict about replaying the latest assistant turn once it contains signed or redacted reasoning. We were still mutating that turn in a few Coder-owned places: dropping empty reasoning blocks on replay, rewriting provider-tool history during sanitization, and in the worst case sending a prompt we already knew Anthropic would reject. This patch keeps the latest signed assistant immutable through Coder's replay and sanitization paths, preserves empty signed or redacted reasoning anywhere Coder owns the ledger, and fails before the provider call if the prompt is still unsafe. It also bumps the existing `coder/fantasy` `coder_2_33` fork that `main` already uses to the commit containing coder/fantasy#35. These fixes have also been upstreamed to charmbracelet/fantasy. Closes CODAGT-409.	2026-05-18 15:20:33 +10:00
Ethan	e37bf4f7be	ci: bump paralleltestctx to v0.0.2 (#25323) ... ## Summary - bump `github.com/coder/paralleltestctx` from v0.0.1 to v0.0.2 - pick up the latest paralleltestctx timeout-context detection improvements in `go tool ... paralleltestctx` runs	2026-05-15 00:14:38 +10:00
Jakub Domeracki	1a1f06aa79	fix: verify PKCS7 signature on Azure instance identity tokens (#25286) ... Migrates Azure instance identity verification from `go.mozilla.org/pkcs7` and `github.com/fullsailor/pkcs7` to `github.com/smallstep/pkcs7`, using `VerifyWithChainAtTime` to validate both the PKCS7 signature and the certificate chain in one call. The previous code only verified the signer certificate against a set of intermediates/roots but did not verify that the PKCS7 signature itself covered the content, meaning tampered payloads could be accepted. The `Options` struct is restructured to accept `Roots`, `Intermediates`, and `CurrentTime` as explicit fields instead of embedding `x509.VerifyOptions`. The test helper `NewAzureInstanceIdentity` now builds a realistic 3-level certificate chain (Root CA -> Intermediate CA -> Signing Cert) matching real Azure trust hierarchy. New tests (`TestValidate_TamperedContent`, `TestValidate_UntrustedCertWithValidSignature`) confirm tampered and untrusted envelopes are rejected. Addresses GHSA-6x44-w3xg-hqqf. > [!NOTE] > This PR was authored by Coder Agents. <details> <summary>Implementation Plan</summary> ### Files Changed | File | Summary | |------|---------| | `coderd/azureidentity/azureidentity.go` | Replace `signer.Verify()` with `VerifyWithChainAtTime`; restructure `Options` struct; add `ParseCertificates()` helper | | `coderd/azureidentity/azureidentity_test.go` | Add `testCertChain` builder, tampered-content and untrusted-cert tests; update existing tests for new `Options` API | | `coderd/coderd.go` | Change `AzureCertificates` field from `x509.VerifyOptions` to `azureidentity.Options` | | `coderd/workspaceresourceauth.go` | Pass `api.AzureCertificates` directly instead of wrapping | | `coderd/coderdtest/coderdtest.go` | Migrate to `smallstep/pkcs7`; build 3-level cert chain in test helper | | `go.mod` / `go.sum` | Add `github.com/smallstep/pkcs7`; remove `fullsailor/pkcs7` and `go.mozilla.org/pkcs7` | </details>	2026-05-13 14:14:07 +00:00
dependabot[bot]	4b54925abc	chore: bump the x group across 1 directory with 7 updates (#25198) ... Bumps the x group with 4 updates in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/mod](https://github.com/golang/mod), [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/tools](https://github.com/golang/tools). Updates `golang.org/x/crypto` from 0.50.0 to 0.51.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/b8a14a8d65f88c0c79c139171f1354c69a6cdb8a"><code>b8a14a8</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/9d9d5078968ddb8a279092c665a24e7de4178778"><code>9d9d507</code></a> x509roots/fallback/bundle: fix bundle test with Go 1.27+</li> <li><a href="https://github.com/golang/crypto/commit/fd0b90d21f9ab4b5dd398e9526b570bfea86e370"><code>fd0b90d</code></a> acme: include Problem in OrderError.Error</li> <li><a href="https://github.com/golang/crypto/commit/b9e53593a6073e6a786c49e9ad27956a9b77e54e"><code>b9e5359</code></a> pbkdf2: turn into a wrapper for crypto/pbkdf2</li> <li><a href="https://github.com/golang/crypto/commit/cc0e4fc1d49127130b0d00612a2eeed2ab745d40"><code>cc0e4fc</code></a> hkdf: forward Extract to the standard library</li> <li><a href="https://github.com/golang/crypto/commit/a8e9237a216b050e1b11e041863825104a6811db"><code>a8e9237</code></a> x509roots/fallback: update bundle</li> <li>See full diff in <a href="https://github.com/golang/crypto/compare/v0.50.0...v0.51.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/mod` from 0.35.0 to 0.36.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/mod/commit/643da9ba74f1165d8cae1505d453b3de3cf21b7b"><code>643da9b</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/mod/commit/ccc3cdf529d1eee2a832437eb1b85240044d21cb"><code>ccc3cdf</code></a> zip: include 'but content has correct sum' note in TestVCS</li> <li><a href="https://github.com/golang/mod/commit/ab3031803214705d2c9f1102318b083e7086a155"><code>ab30318</code></a> zip: update zip hashes for new flate compression</li> <li>See full diff in <a href="https://github.com/golang/mod/compare/v0.35.0...v0.36.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/net` from 0.53.0 to 0.54.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/net/commit/b138e06246cb323f2f380c2b7f7dd91f581dd56b"><code>b138e06</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/net/commit/689f70a42abd350f3a1aaa70b0d13eb9543d927a"><code>689f70a</code></a> quic: fix wrong final size being used for RESET_STREAM frame</li> <li><a href="https://github.com/golang/net/commit/208f306b2f0fd008b388bee2c2644be279778e94"><code>208f306</code></a> http3: increase handshake timeout</li> <li><a href="https://github.com/golang/net/commit/49810da71b9026da9e0d028a6ad8c7730c52d9c4"><code>49810da</code></a> http2: enable net/http wrapping when go &gt;= 1.27</li> <li><a href="https://github.com/golang/net/commit/5e11a5ab891c117eda83b4304d60dd13286c1c76"><code>5e11a5a</code></a> quic: fix data race in streamForFrame</li> <li><a href="https://github.com/golang/net/commit/8c63081cd380ea768db5651941614b73472160ff"><code>8c63081</code></a> http2: use empty Transport rather than DefaultTransport in http2wrap</li> <li><a href="https://github.com/golang/net/commit/fc7b466ca49cb204039630533ece4fc557eb35cd"><code>fc7b466</code></a> http2: add http2wrap test</li> <li><a href="https://github.com/golang/net/commit/15c2cb1875fd727313dc4de909b3ee149422fbe2"><code>15c2cb1</code></a> http2: avoid overflowing 32-bit int when http2wrap enabled</li> <li><a href="https://github.com/golang/net/commit/64651885c2f2d745d77af2d7af2edbf568c179af"><code>6465188</code></a> http2: add wrapped Server</li> <li><a href="https://github.com/golang/net/commit/72f419a894cb0597dd5b6bcf119086bf2af41231"><code>72f419a</code></a> http2: add wrapped ClientConn</li> <li>Additional commits viewable in <a href="https://github.com/golang/net/compare/v0.53.0...v0.54.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/sys` from 0.43.0 to 0.44.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/sys/commit/fb1facd76f95fa87c151018200ea5e4892ff115d"><code>fb1facd</code></a> windows: avoid uint16 overflow in NewNTUnicodeString</li> <li><a href="https://github.com/golang/sys/commit/94ad893e1e59c1d079221324d38945d2aad8703f"><code>94ad893</code></a> windows: add GetIfTable2Ex, GetIpInterface{Entry,Table}, GetUnicastIpAddressT...</li> <li><a href="https://github.com/golang/sys/commit/54fe89f8411576c06b345b341ca79a77d878a4ad"><code>54fe89f</code></a> cpu: use IsProcessorFeaturePresent to calculate ARM64 on windows</li> <li><a href="https://github.com/golang/sys/commit/df7d5d7b60641d17d87e2b50911124cb65f954fd"><code>df7d5d7</code></a> unix: automatically remove container created by mkall.sh</li> <li><a href="https://github.com/golang/sys/commit/68a4a8e945b22751c1a619261b1d755372a1d5f7"><code>68a4a8e</code></a> unix: avoid nil pointer dereference in Utime</li> <li><a href="https://github.com/golang/sys/commit/690c91f6ecf3b3ef141ad2aedb1306a868b3a176"><code>690c91f</code></a> unix: add CPUSetDynamic for systems with more than 1024 CPUs</li> <li>See full diff in <a href="https://github.com/golang/sys/compare/v0.43.0...v0.44.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/term` from 0.42.0 to 0.43.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/term/commit/3c3e4855f7d2eb06c3e48933554add9ec6b599b5"><code>3c3e485</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/term/compare/v0.42.0...v0.43.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/text` from 0.36.0 to 0.37.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/text/commit/3ef517e623a4bfc08d6457f87d73afda7af7d8e1"><code>3ef517e</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/text/compare/v0.36.0...v0.37.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/tools` from 0.44.0 to 0.45.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/2aabba0e4be44cc8f254ced118a7156d04bbc9f3"><code>2aabba0</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/ef989b3f45baff2849e87f4a70d9a189be5a6959"><code>ef989b3</code></a> go/types/internal/play: show Info.Instances[Ident]</li> <li><a href="https://github.com/golang/tools/commit/21d44f2f2bb3f3a8e06e35523d14bb70cb275c89"><code>21d44f2</code></a> go/analysis/passes/inline: document skipping of TestF-&gt;F calls</li> <li><a href="https://github.com/golang/tools/commit/ec83c2190d81a18bbd472cc1498575b168017e5d"><code>ec83c21</code></a> go/analysis/passes/modernize: minmax: only remove exact userdefined</li> <li><a href="https://github.com/golang/tools/commit/5625353d39195f1deb9261c5ee983abbdc4a15ca"><code>5625353</code></a> go/analysis/passes/modernize: improve value variable name generation</li> <li><a href="https://github.com/golang/tools/commit/15a3bd5d4ce0651f5cf43ea125db2110c67b257b"><code>15a3bd5</code></a> gopls/internal/analysis/errorsastype: imporove example clarity</li> <li><a href="https://github.com/golang/tools/commit/cd57ef8f8dd7a30ef500bfe1eef0779223cbdfc3"><code>cd57ef8</code></a> go/packages: include dependency errors when CompiledGoFiles is missing</li> <li><a href="https://github.com/golang/tools/commit/053fdbcef55e8f977d8decc0fde2920c61eb5374"><code>053fdbc</code></a> go/analysis/passes/modernize: minmax: fix pure operands only</li> <li><a href="https://github.com/golang/tools/commit/bf84681c4a0185014c089cffd533e22bbeffcb49"><code>bf84681</code></a> go/analysis/passes/errorsas: add example of invalid errors.As use</li> <li><a href="https://github.com/golang/tools/commit/23921d1decfe5da40309ac183353c8cb38b03dfa"><code>23921d1</code></a> gopls: add errorsastype analyzer</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.44.0...v0.45.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-12 17:33:46 +00:00
dependabot[bot]	0234422a55	chore: bump google.golang.org/api from 0.277.0 to 0.278.0 (#25201) ... Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.277.0 to 0.278.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/googleapis/google-api-go-client/releases">google.golang.org/api's releases</a>.</em></p> <blockquote> <h2>v0.278.0</h2> <h2><a href="https://github.com/googleapis/google-api-go-client/compare/v0.277.0...v0.278.0">0.278.0</a> (2026-05-05)</h2> <h3>Features</h3> <ul> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3582">#3582</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/76b1187e506ac0f48caac67907dd0805b253f74c">76b1187</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3584">#3584</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/e36c88361d11545583325c3ac6bdbd9cf1f1a7d0">e36c883</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md">google.golang.org/api's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/googleapis/google-api-go-client/compare/v0.277.0...v0.278.0">0.278.0</a> (2026-05-05)</h2> <h3>Features</h3> <ul> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3582">#3582</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/76b1187e506ac0f48caac67907dd0805b253f74c">76b1187</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3584">#3584</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/e36c88361d11545583325c3ac6bdbd9cf1f1a7d0">e36c883</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/googleapis/google-api-go-client/commit/07c758daacbc24e32753c3f1b537c7f6cce626f0"><code>07c758d</code></a> chore(main): release 0.278.0 (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3583">#3583</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/e36c88361d11545583325c3ac6bdbd9cf1f1a7d0"><code>e36c883</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3584">#3584</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/76b1187e506ac0f48caac67907dd0805b253f74c"><code>76b1187</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3582">#3582</a>)</li> <li>See full diff in <a href="https://github.com/googleapis/google-api-go-client/compare/v0.277.0...v0.278.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-12 17:19:34 +00:00
Yevhenii Shcherbina	592e45dcfb	chore: bump coder-guts dependency (#25154) ... Bump coder/guts to v1.7.0. Related PR: https://github.com/coder/guts/pull/81	2026-05-11 19:18:44 -04:00
Garrett Delfosse	aed43d9b61	fix: update coder/tailscale to 85c03fc8fb2a (#24824) ... Updates `coder/tailscale` fork to [`85c03fc8fb2a`](https://github.com/coder/tailscale/commit/85c03fc8fb2ad8fdf5b9328be5d277aaa83afdff), which includes the DNS resilience fix from https://github.com/coder/tailscale/pull/114 (preserve NRPT rules on startup and improve hosts file retry). --- > Generated by Coder Agents	2026-05-11 17:35:33 -04:00
dependabot[bot]	c1c3b9784e	chore: bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.0 (#25124) ... Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.18.0 to 5.19.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's releases</a>.</em></p> <blockquote> <h2>v5.19.0</h2> <h2>What's Changed</h2> <ul> <li>build: Update module github.com/go-git/go-git/v5 to v5.18.0 [SECURITY] (releases/v5.x) by <a href="https://github.com/go-git-renovate"><code>@​go-git-renovate</code></a>[bot] in <a href="https://redirect.github.com/go-git/go-git/pull/2010">go-git/go-git#2010</a></li> <li>v5: Bump sha1cd and go-billy by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2060">go-git/go-git#2060</a></li> <li>v5: Align object encoding with upstream by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2065">go-git/go-git#2065</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.18.0...v5.19.0">https://github.com/go-git/go-git/compare/v5.18.0...v5.19.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-git/go-git/commit/bc930f4cbe095a3e1d49273655f73fcef7d41a42"><code>bc930f4</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/2065">#2065</a> from go-git/commit-v5</li> <li><a href="https://github.com/go-git/go-git/commit/d315264343cead712aa9eb56475c2ec96f5ecef1"><code>d315264</code></a> plumbing: object, Reset object before decode</li> <li><a href="https://github.com/go-git/go-git/commit/6e1d34890a4dae8a0df738e531234bd60b7e9b66"><code>6e1d348</code></a> plumbing: object, Align Tree handling with upstream</li> <li><a href="https://github.com/go-git/go-git/commit/e134ba34cf95ed0167e5b1df36a933d7bde9d02d"><code>e134ba3</code></a> tests: Skip double checks in Git v2.11</li> <li><a href="https://github.com/go-git/go-git/commit/1971422f6b1bec9176061b3293306981cfff981e"><code>1971422</code></a> tests: Add git conformance tests for signing verification</li> <li><a href="https://github.com/go-git/go-git/commit/a387aa8857a8fbba8e74b7f5485e9e030669ab5d"><code>a387aa8</code></a> plumbing: object, Add ErrMalformedTag</li> <li><a href="https://github.com/go-git/go-git/commit/f415670d906b5c6169d1fdc64f3f9f1d33eb6f9c"><code>f415670</code></a> plumbing: object, Decode Tag headers via a state machine</li> <li><a href="https://github.com/go-git/go-git/commit/5b0cd38a62e2336bb5f1a2ad0eb8ac8f9e7b740e"><code>5b0cd38</code></a> plumbing: object, Reject multi-signature commits at Verify</li> <li><a href="https://github.com/go-git/go-git/commit/fe8ed6223a6079d9fd84d853362a996e7df175fb"><code>fe8ed62</code></a> plumbing: object, Align Tag.EncodeWithoutSignature with Commit</li> <li><a href="https://github.com/go-git/go-git/commit/98e337d5bdc4c0536a40ab7381b2231f7e0b15cd"><code>98e337d</code></a> plumbing: object, Add support for Tag.SignatureSHA256</li> <li>Additional commits viewable in <a href="https://github.com/go-git/go-git/compare/v5.18.0...v5.19.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/coder/coder/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-11 15:57:33 +00:00
Ethan	b6dbc5614c	fix(coderd/x/chatd): handle truncated provider streams (#25074) ... coder/fantasy now fails closed when Anthropic or OpenAI Responses streams close before their provider terminal events instead of yielding a successful finish. This bumps the fantasy replacement to coder/fantasy#33 and teaches chat error classification to treat those failures as retryable timeout errors with explicit stream-closed messages. <img width="875" height="311" alt="image" src="https://github.com/user-attachments/assets/69c6f7b5-c885-46d2-a88b-b7a2b111bd55" />	2026-05-08 15:52:42 +10:00
Atif Ali	3d03c393d2	chore: bump Go toolchain version to 1.26.2 (#24975) ... ## Summary Bumps the repository Go toolchain from 1.25.9 to 1.26.2 across local development, CI, dogfood Docker images, and Nix builds. ## Changes - Update `go.mod` and the shared setup-go action to Go 1.26.2. - Update dogfood Ubuntu image Go versions and the official linux-amd64 tarball checksum. - Move Nix Go module builds from `buildGo125Module` to `buildGo126Module`. - Regenerate API docs affected by Go 1.26 stdlib URL documentation changes. ## Validation - `./scripts/check_go_versions.sh` - `make fmt` - `make lint` - `make build-slim` - `make test TEST_SHORT=1` - `make pre-commit` > 🤖 This PR was created with the help of Coder Agents, and needs a human review. 🧑💻	2026-05-06 17:06:07 +05:00
dependabot[bot]	b35a11cece	chore: bump google.golang.org/grpc from 1.80.0 to 1.81.0 (#24959) ... Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.80.0 to 1.81.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's releases</a>.</em></p> <blockquote> <h2>Release 1.81.0</h2> <h1>Behavior Changes</h1> <ul> <li>balancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8808">#8808</a>)</li> </ul> <h1>Dependencies</h1> <ul> <li>Minimum supported Go version is now 1.25. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8969">#8969</a>)</li> </ul> <h1>Bug Fixes</h1> <ul> <li>xds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8956">#8956</a>)</li> <li>transport: Send a <code>RST_STREAM</code> when receiving an <code>END_STREAM</code> when the stream is not already half-closed. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8832">#8832</a>)</li> <li>xds: Fix ADS resource name validation to prevent a panic. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8970">#8970</a>)</li> </ul> <h1>New Features</h1> <ul> <li>grpc/stats: Add support for custom labels in per-call metrics (<a href="https://github.com/grpc/proposal/blob/master/A108-otel-custom-per-call-label.md">gRFC A108</a>). (<a href="https://redirect.github.com/grpc/grpc-go/issues/9008">#9008</a>)</li> <li>xds: Add support for Server Name Indication (SNI) and SAN validation (<a href="https://github.com/grpc/proposal/blob/master/A101-SNI-setting-and-SNI-SAN-validation.md">gRFC A101</a>). Disabled by default. To enable, set <code>GRPC_EXPERIMENTAL_XDS_SNI=true</code> environment variable. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9016">#9016</a>)</li> <li>xds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (<a href="https://github.com/grpc/proposal/blob/master/A85-lrs-custom-metrics-changes.md">gRFC A85</a>). Disabled by default. To enable, set <code>GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true</code>. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9005">#9005</a>)</li> <li>xds: Add metrics to track xDS client connectivity and cached resource state (<a href="https://github.com/grpc/proposal/blob/master/A78-grpc-metrics-wrr-pf-xds.md">gRFC A78</a>). (<a href="https://redirect.github.com/grpc/grpc-go/issues/8807">#8807</a>)</li> <li>stats/otel: Enhance <code>grpc.subchannel.disconnections</code> metric by adding disconnection reason to the <code>grpc.disconnect_error</code> label (<a href="https://github.com/grpc/proposal/blob/master/A94-subchannel-otel-metrics.md">gRFC A94</a>). This provides granular insights into why subchannels are closing. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8973">#8973</a>)</li> <li>mem: Add <code>mem.Buffer.Slice()</code> API to slice the buffer like a slice. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8977">#8977</a>) <ul> <li>Special Thanks: <a href="https://github.com/ash2k"><code>@​ash2k</code></a></li> </ul> </li> </ul> <h1>Performance Improvements</h1> <ul> <li>alts: Pool read buffers to lower memory utilization when sockets are unreadable. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8964">#8964</a>)</li> <li>transport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set <code>GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false</code> and report any issues. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9032">#9032</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc-go/commit/cb18228317ff523e63d931b4058b0329585b7dcd"><code>cb18228</code></a> Change version to 1.81.0 (<a href="https://redirect.github.com/grpc/grpc-go/issues/9062">#9062</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/96748f973e20bbfcafa19a8bdffc85ad5da138d1"><code>96748f9</code></a> Cherry-pick <a href="https://redirect.github.com/grpc/grpc-go/issues/9105">#9105</a> to 1.81.x (<a href="https://redirect.github.com/grpc/grpc-go/issues/9106">#9106</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/91832222f0144f76527b630ca55cfea6e1aa015a"><code>9183222</code></a> Cherry pick <a href="https://redirect.github.com/grpc/grpc-go/issues/9055">#9055</a>, <a href="https://redirect.github.com/grpc/grpc-go/issues/9032">#9032</a> to v1.81.x (<a href="https://redirect.github.com/grpc/grpc-go/issues/9095">#9095</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/5cba6da4211f3b130238c792937f5921741b616a"><code>5cba6da</code></a> Revert &quot;deps: update dependencies for all modules (<a href="https://redirect.github.com/grpc/grpc-go/issues/9065">#9065</a>)&quot; (<a href="https://redirect.github.com/grpc/grpc-go/issues/9067">#9067</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/af8a9364aa7523ab24d214e9ef13e6ad64d5c5f9"><code>af8a936</code></a> deps: update dependencies for all modules (<a href="https://redirect.github.com/grpc/grpc-go/issues/9065">#9065</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/cdc60dfaaadde45e16aa3c28237c0e655a722c1a"><code>cdc60df</code></a> transport: optimize heap allocations in ready reader and update syscall conne...</li> <li><a href="https://github.com/grpc/grpc-go/commit/208d053e3204c806ba9e6205c26aa064c8b42852"><code>208d053</code></a> xds/resolver: pass complete XDSConfig in RPC context for HTTP filters (gRFC A...</li> <li><a href="https://github.com/grpc/grpc-go/commit/50fe1cc7fd78b78ae638ed90ea78514c934167ac"><code>50fe1cc</code></a> test: Fix flaky test <code>TestServerStreaming_ClientCallRecvMsgTwice</code> in `end2end...</li> <li><a href="https://github.com/grpc/grpc-go/commit/d574bad188f25ba03d41a506e6f2ef93837ad10b"><code>d574bad</code></a> build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (<a href="https://redirect.github.com/grpc/grpc-go/issues/9050">#9050</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/b8bf4d0488a351c563d63797ffba321585d6bb24"><code>b8bf4d0</code></a> build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in /inte...</li> <li>Additional commits viewable in <a href="https://github.com/grpc/grpc-go/compare/v1.80.0...v1.81.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-05 11:50:02 +00:00
dependabot[bot]	f09c1bd695	chore: bump google.golang.org/api from 0.276.0 to 0.277.0 (#24961) ... Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.276.0 to 0.277.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/googleapis/google-api-go-client/releases">google.golang.org/api's releases</a>.</em></p> <blockquote> <h2>v0.277.0</h2> <h2><a href="https://github.com/googleapis/google-api-go-client/compare/v0.276.0...v0.277.0">0.277.0</a> (2026-04-29)</h2> <h3>Features</h3> <ul> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3567">#3567</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/39582952e4eac1b744499f8a8063a4a5f1ce7d6b">3958295</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3571">#3571</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/ca9851efc573231ca1ed9c6fea4bc77d6052d0bb">ca9851e</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3574">#3574</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/8efb1afa0e5d9cc454f721124bba3881f3935e3c">8efb1af</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3575">#3575</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/de49bb519cab881f74e5b9ba11e263a2b9a4ad2e">de49bb5</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3577">#3577</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/ce68c87d9dc6c144b6df578df725470b30cf83d6">ce68c87</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3578">#3578</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/8be033e24e0c6ddb08a3df72c0a8997d21623a22">8be033e</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3579">#3579</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/bc6990e20803f2ff2fd1b77995f6e9180ab2302b">bc6990e</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3580">#3580</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/2de1a5aff3f3b6e53dff00da297c5d249ac8d791">2de1a5a</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3581">#3581</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/0c219d90e90899c93215558f3ea309c9732bf7ea">0c219d9</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>idtoken:</strong> Avoid double impersonation in tokenSourceFromBytes (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3576">#3576</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/75172cf5cb7bfc260c22e481323355306f684a09">75172cf</a>), refs <a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2301">#2301</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md">google.golang.org/api's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/googleapis/google-api-go-client/compare/v0.276.0...v0.277.0">0.277.0</a> (2026-04-29)</h2> <h3>Features</h3> <ul> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3567">#3567</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/39582952e4eac1b744499f8a8063a4a5f1ce7d6b">3958295</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3571">#3571</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/ca9851efc573231ca1ed9c6fea4bc77d6052d0bb">ca9851e</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3574">#3574</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/8efb1afa0e5d9cc454f721124bba3881f3935e3c">8efb1af</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3575">#3575</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/de49bb519cab881f74e5b9ba11e263a2b9a4ad2e">de49bb5</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3577">#3577</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/ce68c87d9dc6c144b6df578df725470b30cf83d6">ce68c87</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3578">#3578</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/8be033e24e0c6ddb08a3df72c0a8997d21623a22">8be033e</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3579">#3579</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/bc6990e20803f2ff2fd1b77995f6e9180ab2302b">bc6990e</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3580">#3580</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/2de1a5aff3f3b6e53dff00da297c5d249ac8d791">2de1a5a</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3581">#3581</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/0c219d90e90899c93215558f3ea309c9732bf7ea">0c219d9</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>idtoken:</strong> Avoid double impersonation in tokenSourceFromBytes (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3576">#3576</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/75172cf5cb7bfc260c22e481323355306f684a09">75172cf</a>), refs <a href="https://redirect.github.com/googleapis/google-api-go-client/issues/2301">#2301</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/googleapis/google-api-go-client/commit/dd598a60e19f836bb7ad709311b21d303bbab6c8"><code>dd598a6</code></a> chore(main): release 0.277.0 (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3568">#3568</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/b208a86db380e5e517451daa4e5f63fae1f723be"><code>b208a86</code></a> chore(all): update all (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3573">#3573</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/0c219d90e90899c93215558f3ea309c9732bf7ea"><code>0c219d9</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3581">#3581</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/75172cf5cb7bfc260c22e481323355306f684a09"><code>75172cf</code></a> fix(idtoken): avoid double impersonation in tokenSourceFromBytes (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3576">#3576</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/2de1a5aff3f3b6e53dff00da297c5d249ac8d791"><code>2de1a5a</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3580">#3580</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/60b078419409e11bc414c7ccbaf4d32ddfe2a5b0"><code>60b0784</code></a> chore(deps): bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 in /inter...</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/bc6990e20803f2ff2fd1b77995f6e9180ab2302b"><code>bc6990e</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3579">#3579</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/8be033e24e0c6ddb08a3df72c0a8997d21623a22"><code>8be033e</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3578">#3578</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/ce68c87d9dc6c144b6df578df725470b30cf83d6"><code>ce68c87</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3577">#3577</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/de49bb519cab881f74e5b9ba11e263a2b9a4ad2e"><code>de49bb5</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3575">#3575</a>)</li> <li>Additional commits viewable in <a href="https://github.com/googleapis/google-api-go-client/compare/v0.276.0...v0.277.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-05 11:34:30 +00:00
dependabot[bot]	44b0fa4065	chore: bump github.com/valyala/fasthttp from 1.70.0 to 1.71.0 (#24958) ... Bumps [github.com/valyala/fasthttp](https://github.com/valyala/fasthttp) from 1.70.0 to 1.71.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/valyala/fasthttp/releases">github.com/valyala/fasthttp's releases</a>.</em></p> <blockquote> <h2>v1.71.0</h2> <h2>What's Changed</h2> <ul> <li>feat(client): add RetryIfErrUpstream function to handle upstream information by <a href="https://github.com/mdenushev"><code>@​mdenushev</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2176">valyala/fasthttp#2176</a></li> <li>Match net/http sensitive header redirect policy by <a href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2181">valyala/fasthttp#2181</a></li> <li>Sanitize first-line header setters to prevent CRLF injection by <a href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2182">valyala/fasthttp#2182</a></li> <li>server: apply ReadTimeout before first byte with ReduceMemoryUsage by <a href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2183">valyala/fasthttp#2183</a></li> <li>header: reject invalid trailer names by <a href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2188">valyala/fasthttp#2188</a></li> <li>header: reject pre-colon whitespace in request headers by <a href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2187">valyala/fasthttp#2187</a></li> <li>Sanitize redirect Location header to prevent CRLF injection by <a href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2186">valyala/fasthttp#2186</a></li> <li>server: keep hijacked reader out of pool by <a href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2184">valyala/fasthttp#2184</a></li> <li>Sanitize cookie setters to prevent CRLF injection by <a href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2185">valyala/fasthttp#2185</a></li> <li>feat: add ExpectHandler for richer Expect: 100-continue handling by <a href="https://github.com/miretskiy"><code>@​miretskiy</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2175">valyala/fasthttp#2175</a></li> <li>http: reject whitespace before chunk extensions by <a href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2193">valyala/fasthttp#2193</a></li> <li>header: reject unsupported response Transfer-Encoding by <a href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2192">valyala/fasthttp#2192</a></li> <li>header: match net/http CL+TE handling by <a href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2190">valyala/fasthttp#2190</a></li> <li>chore(deps): bump securego/gosec from 2.25.0 to 2.26.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/valyala/fasthttp/pull/2195">valyala/fasthttp#2195</a></li> <li>chore(deps): bump github.com/klauspost/compress from 1.18.5 to 1.18.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/valyala/fasthttp/pull/2196">valyala/fasthttp#2196</a></li> <li>feat(prefork): Enhance prefork management with WatchMaster, CommandProducer, and Windows support by <a href="https://github.com/ReneWerner87"><code>@​ReneWerner87</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2180">valyala/fasthttp#2180</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/miretskiy"><code>@​miretskiy</code></a> made their first contribution in <a href="https://redirect.github.com/valyala/fasthttp/pull/2175">valyala/fasthttp#2175</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/valyala/fasthttp/compare/v1.70.0...v1.71.0">https://github.com/valyala/fasthttp/compare/v1.70.0...v1.71.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/valyala/fasthttp/commit/e9208ecebf0c102176bb0635043c17333b10401d"><code>e9208ec</code></a> Revert &quot;feat(prefork): graceful shutdown, leak fixes, hook robustness&quot; commit</li> <li><a href="https://github.com/valyala/fasthttp/commit/481e579af9e7d79f9ce27909edd2c42ef9dce173"><code>481e579</code></a> feat(prefork): Enhance prefork management with WatchMaster, CommandProducer, ...</li> <li><a href="https://github.com/valyala/fasthttp/commit/805cd1046567aa8a8b97a8bfe9e7b411621f68b2"><code>805cd10</code></a> Add note on MaxResponseBodySize compatibility with StreamResponseBody</li> <li><a href="https://github.com/valyala/fasthttp/commit/5b5c1be52ca382dcea0ed86931b3f1d2aba9dce6"><code>5b5c1be</code></a> chore(deps): bump github.com/klauspost/compress from 1.18.5 to 1.18.6 (<a href="https://redirect.github.com/valyala/fasthttp/issues/2196">#2196</a>)</li> <li><a href="https://github.com/valyala/fasthttp/commit/d6a99db432025de9ae13051cb42b3e6c3d6568a3"><code>d6a99db</code></a> chore(deps): bump securego/gosec from 2.25.0 to 2.26.1 (<a href="https://redirect.github.com/valyala/fasthttp/issues/2195">#2195</a>)</li> <li><a href="https://github.com/valyala/fasthttp/commit/f36c9009027f81f4fbf304822f96752517b08949"><code>f36c900</code></a> header: match net/http CL+TE handling (<a href="https://redirect.github.com/valyala/fasthttp/issues/2190">#2190</a>)</li> <li><a href="https://github.com/valyala/fasthttp/commit/0b4cede30fa0eb22f9d10999e23ebaabba15e107"><code>0b4cede</code></a> header: reject unsupported response Transfer-Encoding (<a href="https://redirect.github.com/valyala/fasthttp/issues/2192">#2192</a>)</li> <li><a href="https://github.com/valyala/fasthttp/commit/c497746f7d52ab88597dc88310e7f797cc7755aa"><code>c497746</code></a> http: reject whitespace before chunk extensions (<a href="https://redirect.github.com/valyala/fasthttp/issues/2193">#2193</a>)</li> <li><a href="https://github.com/valyala/fasthttp/commit/97b38d3a4884b7c3d8891750a4c752073bc3c152"><code>97b38d3</code></a> server: document SaveMultipartFile path trust requirement</li> <li><a href="https://github.com/valyala/fasthttp/commit/19e4b24955fb0ef764229802378a5e36ae7a822b"><code>19e4b24</code></a> feat: add ExpectHandler for richer Expect: 100-continue handling (<a href="https://redirect.github.com/valyala/fasthttp/issues/2175">#2175</a>)</li> <li>Additional commits viewable in <a href="https://github.com/valyala/fasthttp/compare/v1.70.0...v1.71.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-05 11:19:28 +00:00
dependabot[bot]	a970ffdac8	chore: bump github.com/gohugoio/hugo from 0.160.0 to 0.161.1 (#24957) ... Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from 0.160.0 to 0.161.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gohugoio/hugo/releases">github.com/gohugoio/hugo's releases</a>.</em></p> <blockquote> <h2>v0.161.1</h2> <h2>What's Changed</h2> <ul> <li>resources: Honor Retry-After header in resources.GetRemote retries c4eba928 <a href="https://github.com/bep"><code>@​bep</code></a> <a href="https://redirect.github.com/gohugoio/hugo/issues/14828">#14828</a></li> <li>warpc: Move to parson.c in <a href="https://github.com/kgabis/parson">https://github.com/kgabis/parson</a> 8b40a96b <a href="https://github.com/bep"><code>@​bep</code></a> <a href="https://redirect.github.com/gohugoio/hugo/issues/14823">#14823</a></li> <li>config/security: Add AllowChildProcess to security.node.permissions d65af84d <a href="https://github.com/bep"><code>@​bep</code></a> <a href="https://redirect.github.com/gohugoio/hugo/issues/14824">#14824</a></li> <li>config/security: Restrict default http.urls &quot;@&quot; deny to userinfo 454450a6 <a href="https://github.com/bep"><code>@​bep</code></a> <a href="https://redirect.github.com/gohugoio/hugo/issues/14825">#14825</a></li> </ul> <h2>v0.161.0</h2> <p>This release contains two security hardening fixes:</p> <ul> <li>We now run the Node tools PostCSS, Babel and TailwindCSS, by default, with the <code>--permission</code> flag with the permissions defined in <a href="https://gohugo.io/configuration/security/">security.node.permissions</a>. This means that you need Node &gt;= 22 installed and that <code>css.TailwindCSS</code> now requires that the Tailwind CSS CLI must be installed as a Node.js package. The <a href="https://github.com/tailwindlabs/tailwindcss/releases/latest">standalone executable</a> is no longer supported</li> <li>We have made the defaults in <a href="https://gohugo.io/configuration/security/#httpurls">security.http.urls</a> more restrictive.</li> </ul> <p>But there are some notable new features, as well:</p> <h2>Nested vars support in css.Build and css.Sass</h2> <p>A practical example in <code>css.Build</code> would be to have something like this in <code>hugo.toml</code>:</p> <pre lang="toml"><code>[params.style] primary = &quot;[#000000](https://github.com/gohugoio/hugo/issues/000000)&quot; background = &quot;#ffffff&quot; [params.style.dark] primary = &quot;#ffffff&quot; background = &quot;[#000000](https://github.com/gohugoio/hugo/issues/000000)&quot; </code></pre> <p>And in the stylesheet:</p> <pre lang="css"><code>@import &quot;hugo:vars&quot;; @import &quot;hugo:vars/dark&quot; (prefers-color-scheme: dark); <p>:root { color-scheme: light dark; } </code></pre></p> <h2>Slice-based permalinks config</h2> <p>The <code>permalinks</code> configuration is now much more flexible (the old setup still works). It uses the same <a href="https://gohugo.io/configuration/cascade/#target">target</a> matchers as in the <code>cascade</code> config, meaning you can now do:</p> <pre lang="yaml"><code>permalinks: - target: kind: page path: &quot;/books/**&quot; &lt;/tr&gt;&lt;/table&gt; </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gohugoio/hugo/commit/ea8f66a7ce988664dcc84c052fc96757042e2e4a"><code>ea8f66a</code></a> releaser: Bump versions for release of 0.161.1</li> <li><a href="https://github.com/gohugoio/hugo/commit/c4eba92863bbb988b23e63af40a22d6661b0ced6"><code>c4eba92</code></a> resources: Honor Retry-After header in resources.GetRemote retries</li> <li><a href="https://github.com/gohugoio/hugo/commit/8b40a96b6e992fbacd8626c24168889f50152808"><code>8b40a96</code></a> warpc: Move to parson.c in <a href="https://github.com/kgabis/parson">https://github.com/kgabis/parson</a></li> <li><a href="https://github.com/gohugoio/hugo/commit/d65af84d1572326057a9a55e26beb0cee784698a"><code>d65af84</code></a> config/security: Add AllowChildProcess to security.node.permissions</li> <li><a href="https://github.com/gohugoio/hugo/commit/454450a647111e5e0b41af595b310f3062c5630e"><code>454450a</code></a> config/security: Restrict default http.urls &quot;@&quot; deny to userinfo</li> <li><a href="https://github.com/gohugoio/hugo/commit/2bfcc6b9941724cd1d0b490583e89413d7a66979"><code>2bfcc6b</code></a> releaser: Prepare repository for 0.162.0-DEV</li> <li><a href="https://github.com/gohugoio/hugo/commit/98d396c16a07b51df06e7673d817a3880da6218d"><code>98d396c</code></a> releaser: Bump versions for release of 0.161.0</li> <li><a href="https://github.com/gohugoio/hugo/commit/d4ae662d598db81d239a291bc26336be5fec6893"><code>d4ae662</code></a> build(deps): bump github.com/getkin/kin-openapi from 0.135.0 to 0.137.0</li> <li><a href="https://github.com/gohugoio/hugo/commit/9ede5fb9e0304d3eb193b3c1a9214c735f05db21"><code>9ede5fb</code></a> build(deps): bump github.com/mattn/go-isatty from 0.0.21 to 0.0.22</li> <li><a href="https://github.com/gohugoio/hugo/commit/833a878eef4fce2bbabb05dcbb8a7e31f93aadda"><code>833a878</code></a> build(deps): bump github.com/tdewolff/minify/v2 from 2.24.12 to 2.24.13</li> <li>Additional commits viewable in <a href="https://github.com/gohugoio/hugo/compare/v0.160.0...v0.161.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-05 11:19:15 +00:00
dependabot[bot]	fc04f0d71e	chore: bump github.com/fsnotify/fsnotify from 1.9.0 to 1.10.1 (#24962) ... Bumps [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) from 1.9.0 to 1.10.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fsnotify/fsnotify/releases">github.com/fsnotify/fsnotify's releases</a>.</em></p> <blockquote> <h2>v1.10.1</h2> <h3>Changes and fixes</h3> <ul> <li> <p>inotify: don't remove sibling watches sharing a path prefix (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/754">#754</a>)</p> </li> <li> <p>inotify, windows: don't rename sibling watches sharing a path prefix (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/755">#755</a>)</p> </li> </ul> <p><a href="https://redirect.github.com/fsnotify/fsnotify/issues/754">#754</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/754">fsnotify/fsnotify#754</a> <a href="https://redirect.github.com/fsnotify/fsnotify/issues/755">#755</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/755">fsnotify/fsnotify#755</a></p> <h2>v1.10.0</h2> <p>This version of fsnotify needs Go 1.23.</p> <h3>Changes and fixes</h3> <ul> <li> <p>inotify: improve initialization error message (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/731">#731</a>)</p> </li> <li> <p>inotify: send Rename event if recursive watch is renamed (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/696">#696</a>)</p> </li> <li> <p>inotify: avoid copying event buffers when reading names (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/741">#741</a>)</p> </li> <li> <p>kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/748">#748</a>)</p> </li> <li> <p>kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/740">#740</a>)</p> </li> <li> <p>windows: fix nil pointer dereference in remWatch (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/736">#736</a>)</p> </li> <li> <p>windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/709">#709</a>, <a href="https://redirect.github.com/fsnotify/fsnotify/issues/749">#749</a>)</p> </li> </ul> <p><a href="https://redirect.github.com/fsnotify/fsnotify/issues/696">#696</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/696">fsnotify/fsnotify#696</a> <a href="https://redirect.github.com/fsnotify/fsnotify/issues/709">#709</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/709">fsnotify/fsnotify#709</a> <a href="https://redirect.github.com/fsnotify/fsnotify/issues/731">#731</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/731">fsnotify/fsnotify#731</a> <a href="https://redirect.github.com/fsnotify/fsnotify/issues/736">#736</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/736">fsnotify/fsnotify#736</a> <a href="https://redirect.github.com/fsnotify/fsnotify/issues/740">#740</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/740">fsnotify/fsnotify#740</a> <a href="https://redirect.github.com/fsnotify/fsnotify/issues/741">#741</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/741">fsnotify/fsnotify#741</a> <a href="https://redirect.github.com/fsnotify/fsnotify/issues/748">#748</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/748">fsnotify/fsnotify#748</a> <a href="https://redirect.github.com/fsnotify/fsnotify/issues/749">#749</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/749">fsnotify/fsnotify#749</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md">github.com/fsnotify/fsnotify's changelog</a>.</em></p> <blockquote> <h2>1.10.1 2026-05-04</h2> <h3>Changes and fixes</h3> <ul> <li> <p>inotify: don't remove sibling watches sharing a path prefix (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/754">#754</a>)</p> </li> <li> <p>inotify, windows: don't rename sibling watches sharing a path prefix (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/755">#755</a>)</p> </li> </ul> <p><a href="https://redirect.github.com/fsnotify/fsnotify/issues/754">#754</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/754">fsnotify/fsnotify#754</a> <a href="https://redirect.github.com/fsnotify/fsnotify/issues/755">#755</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/755">fsnotify/fsnotify#755</a></p> <h2>1.10.0 2026-04-30</h2> <p>This version of fsnotify needs Go 1.23.</p> <h3>Changes and fixes</h3> <ul> <li> <p>inotify: improve initialization error message (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/731">#731</a>)</p> </li> <li> <p>inotify: send Rename event if recursive watch is renamed (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/696">#696</a>)</p> </li> <li> <p>inotify: avoid copying event buffers when reading names (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/741">#741</a>)</p> </li> <li> <p>kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/748">#748</a>)</p> </li> <li> <p>kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/740">#740</a>)</p> </li> <li> <p>windows: fix nil pointer dereference in remWatch (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/736">#736</a>)</p> </li> <li> <p>windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/709">#709</a>, <a href="https://redirect.github.com/fsnotify/fsnotify/issues/749">#749</a>)</p> </li> </ul> <p><a href="https://redirect.github.com/fsnotify/fsnotify/issues/696">#696</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/696">fsnotify/fsnotify#696</a> <a href="https://redirect.github.com/fsnotify/fsnotify/issues/709">#709</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/709">fsnotify/fsnotify#709</a> <a href="https://redirect.github.com/fsnotify/fsnotify/issues/731">#731</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/731">fsnotify/fsnotify#731</a> <a href="https://redirect.github.com/fsnotify/fsnotify/issues/736">#736</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/736">fsnotify/fsnotify#736</a> <a href="https://redirect.github.com/fsnotify/fsnotify/issues/740">#740</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/740">fsnotify/fsnotify#740</a> <a href="https://redirect.github.com/fsnotify/fsnotify/issues/741">#741</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/741">fsnotify/fsnotify#741</a> <a href="https://redirect.github.com/fsnotify/fsnotify/issues/748">#748</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/748">fsnotify/fsnotify#748</a> <a href="https://redirect.github.com/fsnotify/fsnotify/issues/749">#749</a>: <a href="https://redirect.github.com/fsnotify/fsnotify/pull/749">fsnotify/fsnotify#749</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fsnotify/fsnotify/commit/76b01a6e8f502187fecedea8b025e79e5a86085c"><code>76b01a6</code></a> Release 1.10.1</li> <li><a href="https://github.com/fsnotify/fsnotify/commit/fec150b807510e54e5b25def4b6e5fb001b4898c"><code>fec150b</code></a> Update changelog</li> <li><a href="https://github.com/fsnotify/fsnotify/commit/162b4216ab8f92ecd26425530bee198972c9b3cb"><code>162b421</code></a> inotify, windows: don't rename sibling watches sharing a path prefix (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/755">#755</a>)</li> <li><a href="https://github.com/fsnotify/fsnotify/commit/224257f23b2f3a96509b316c5cead71dd4a9099a"><code>224257f</code></a> inotify: don't remove sibling watches sharing a path prefix (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/754">#754</a>)</li> <li><a href="https://github.com/fsnotify/fsnotify/commit/e0c956c0ccaf51562fee30ef5c055c74e6ae2104"><code>e0c956c</code></a> windows: document directory Write events and stabilize tests (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/745">#745</a>)</li> <li><a href="https://github.com/fsnotify/fsnotify/commit/8d01d7b9cbe0199e4a1e60fbd965fb05dbb42123"><code>8d01d7b</code></a> Release 1.10.0</li> <li><a href="https://github.com/fsnotify/fsnotify/commit/602284e4a8cadd488d7a5fa07c48462dfac25108"><code>602284e</code></a> Update changelog</li> <li><a href="https://github.com/fsnotify/fsnotify/commit/7f03e59f9659552d8a084e03024cb9b983748ed7"><code>7f03e59</code></a> kqueue: skip ENOENT entries in watchDirectoryFiles (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/748">#748</a>)</li> <li><a href="https://github.com/fsnotify/fsnotify/commit/dab9dde2fc9ba4d0c1076318f81cabcc8fdb2ec9"><code>dab9dde</code></a> windows: lock watch field updates against concurrent WatchList (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/709">#709</a>) (<a href="https://redirect.github.com/fsnotify/fsnotify/issues/749">#749</a>)</li> <li><a href="https://github.com/fsnotify/fsnotify/commit/eadf267ce152b5e62d48cc2c13bb08bd4062b6c7"><code>eadf267</code></a> kqueue: drop watches directly in Close() instead of going through remove() (#...</li> <li>Additional commits viewable in <a href="https://github.com/fsnotify/fsnotify/compare/v1.9.0...v1.10.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-05 11:18:24 +00:00
Steven Masley	d4f913a4cf	chore: bump coder/serpent to accept empty env vars (#24926) ... Non-zero default values can now be set to `""` with env vars. Eg: `--log-human="" --log-json="/dev/stderr"`	2026-05-04 13:42:03 -05:00
Michael Suchacz	0bb09935bc	feat: add computer-use provider selection for AI agents (#24772) ... Adds a deployment-wide setting to select the computer-use provider (Anthropic or OpenAI) for AI agents, plus the OpenAI computer-use runner needed to honor that selection. The setting is stored in `site_configs` under `agents_computer_use_provider`, defaults to Anthropic when unset, and is exposed via experimental GET/PUT endpoints under `/api/experimental/chats/config/computer-use-provider`. The chatd computer-use tool now dispatches to either `runAnthropicComputerUse` or `runOpenAIComputerUse` based on the resolved provider, with provider-specific result metadata for OpenAI screenshots. Frontend adds a provider dropdown to the Agents Experiments settings page nested under the virtual desktop toggle, with disabled state handling while virtual desktop is off and skeleton loaders while config queries are in flight. Hugo and Codex review follow-up: - Uses shared provider validation and clearer computer-use constant names. - Removes stale OpenAI pending-safety-checks commentary. - Documents why provider result metadata is needed for OpenAI screenshots. - Keeps the computer-use subagent visible when provider credentials are missing, then returns a clear spawn-time configuration error. - Uses OpenAI's recommended 1600x900 screenshot geometry to preserve the native 16:9 aspect ratio. - Moves OpenAI-specific computer-use helpers into `coderd/x/chatd/chatopenai/computeruse` after rebasing onto the provider package refactor in `main`. - Converts OpenAI pixel scroll deltas to Coder desktop wheel-click amounts. - Preserves OpenAI pointer modifiers with key down/up desktop actions and rejects unsupported non-left double-click buttons explicitly. - Maps OpenAI back/forward side-button clicks to browser navigation key actions. - Defaults omitted OpenAI click buttons to left-click. - Retries mouse release cleanup if the final OpenAI drag release fails. - Keeps computer-use subagent availability messages stable when provider config cannot be loaded, while logging the backend error. - Releases remaining OpenAI modifier keys if a synthetic key-up cleanup action fails. - Updates Storybook interaction stories so provider snapshots show the selected final provider. > Mux updated this PR description on behalf of Mike.	2026-05-04 20:30:50 +02:00
George K	fb6e00de18	fix: preserve rollback errors in runTx (#24598) ... Previously, `runTx` could lose a deferred rollback failure when returning an existing transaction error, because the rollback path could not update the final return value. https://go.dev/play/p/AhBK31lO0Gd	2026-04-30 10:27:53 -07:00
dylanhuff-at-coder	fb84e72319	feat: add secret requirement contract to dynamic parameters (#24785) ... Adds structured `secret_requirements` to dynamic parameter responses and enforces missing required secrets during workspace start. Stop, delete, and tag rendering paths skip secret requirement enforcement so unmet secrets do not prevent cleanup. The SDK, generated API docs/types, and backend render/resolver/wsbuilder tests are updated for the new contract.	2026-04-29 16:38:26 -07:00
Michael Suchacz	8fe11e9b14	fix: match Bedrock streaming accept headers (#24781) ... > Mux is working on behalf of Mike. ## Summary - Bump `github.com/coder/anthropic-sdk-go` to the corrected Bedrock streaming header fix from coder/anthropic-sdk-go#14. - Match botocore's `InvokeModelWithResponseStream` request shape by using `X-Amzn-Bedrock-Accept` and omitting the HTTP `Accept` header. - Update chatd regression coverage for the corrected header shape. ## Context The previous fix set `Accept: application/vnd.amazon.eventstream`. Real boto3/botocore streaming requests do not send that header. They send `X-Amzn-Bedrock-Accept: application/json`, which is the modeled Bedrock request header for the desired model response MIME type. ## Validation - `go test ./coderd/x/chatd/chatprovider -run 'TestModelFromConfig_Bedrock(StreamingHeaders|StripsAnthropicHeaders)?$' -count=1` - `go mod tidy -diff` - `git diff --check` - pre-commit hook during `git commit`	2026-04-28 14:39:10 +02:00
dependabot[bot]	8ba894ba46	chore: bump github.com/invopop/jsonschema from 0.13.0 to 0.14.0 (#24773) ... Bumps [github.com/invopop/jsonschema](https://github.com/invopop/jsonschema) from 0.13.0 to 0.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/invopop/jsonschema/releases">github.com/invopop/jsonschema's releases</a>.</em></p> <blockquote> <h2>v0.14.0</h2> <h2>What's Changed</h2> <ul> <li>Upgrade to golangci-lint v2 by <a href="https://github.com/samlown"><code>@​samlown</code></a> in <a href="https://redirect.github.com/invopop/jsonschema/pull/187">invopop/jsonschema#187</a></li> <li>Bump minimum Go version to 1.24 by <a href="https://github.com/samlown"><code>@​samlown</code></a> in <a href="https://redirect.github.com/invopop/jsonschema/pull/188">invopop/jsonschema#188</a></li> <li>Support omitzero json tags by <a href="https://github.com/YvanGuidoin"><code>@​YvanGuidoin</code></a> in <a href="https://redirect.github.com/invopop/jsonschema/pull/161">invopop/jsonschema#161</a></li> <li>feat: Respect json:&quot;,string&quot; for integer fields in generated schema by <a href="https://github.com/fengxsong"><code>@​fengxsong</code></a> in <a href="https://redirect.github.com/invopop/jsonschema/pull/183">invopop/jsonschema#183</a></li> <li>Split jsonschema_extras only on unescaped commas by <a href="https://github.com/liorokman"><code>@​liorokman</code></a> in <a href="https://redirect.github.com/invopop/jsonschema/pull/173">invopop/jsonschema#173</a></li> <li>Fix nil pointer dereference in ReflectFromType with ExpandedStruct (fix <a href="https://redirect.github.com/invopop/jsonschema/issues/163">#163</a>) by <a href="https://github.com/edznux-dd"><code>@​edznux-dd</code></a> in <a href="https://redirect.github.com/invopop/jsonschema/pull/186">invopop/jsonschema#186</a></li> <li>Replace wk8/go-ordered-map with pb33f/ordered-map by <a href="https://github.com/samlown"><code>@​samlown</code></a> in <a href="https://redirect.github.com/invopop/jsonschema/pull/189">invopop/jsonschema#189</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/YvanGuidoin"><code>@​YvanGuidoin</code></a> made their first contribution in <a href="https://redirect.github.com/invopop/jsonschema/pull/161">invopop/jsonschema#161</a></li> <li><a href="https://github.com/fengxsong"><code>@​fengxsong</code></a> made their first contribution in <a href="https://redirect.github.com/invopop/jsonschema/pull/183">invopop/jsonschema#183</a></li> <li><a href="https://github.com/liorokman"><code>@​liorokman</code></a> made their first contribution in <a href="https://redirect.github.com/invopop/jsonschema/pull/173">invopop/jsonschema#173</a></li> <li><a href="https://github.com/edznux-dd"><code>@​edznux-dd</code></a> made their first contribution in <a href="https://redirect.github.com/invopop/jsonschema/pull/186">invopop/jsonschema#186</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/invopop/jsonschema/compare/v0.13.0...v0.14.0">https://github.com/invopop/jsonschema/compare/v0.13.0...v0.14.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/invopop/jsonschema/commit/2c57d6074bf9004aaaf1fc9c07ff0ea730b23de7"><code>2c57d60</code></a> Merge pull request <a href="https://redirect.github.com/invopop/jsonschema/issues/189">#189</a> from invopop/replace-wk8-with-pb33f-ordered-map</li> <li><a href="https://github.com/invopop/jsonschema/commit/d8cc8ebd57b811474861dd25409560271f084128"><code>d8cc8eb</code></a> Replace wk8/go-ordered-map with pb33f/ordered-map</li> <li><a href="https://github.com/invopop/jsonschema/commit/0d5bd753ec797ec5366a2145bf8252bff5f6406f"><code>0d5bd75</code></a> Merge pull request <a href="https://redirect.github.com/invopop/jsonschema/issues/186">#186</a> from edznux-dd/fix/expanded-struct-nil-deref</li> <li><a href="https://github.com/invopop/jsonschema/commit/3d693733ab7bca092e8604299fb82ecb573b6b10"><code>3d69373</code></a> Merge pull request <a href="https://redirect.github.com/invopop/jsonschema/issues/173">#173</a> from liorokman/escape-extras-tags</li> <li><a href="https://github.com/invopop/jsonschema/commit/b43264d2a5a9b129a943a1603d5d9df80f705b1f"><code>b43264d</code></a> Silence revive unused-parameter on fuzz callback</li> <li><a href="https://github.com/invopop/jsonschema/commit/7b21bb5bcefbed61748f2ac0388ccfc5a07ce928"><code>7b21bb5</code></a> Merge remote-tracking branch 'origin/main' into pr-186-expanded-struct</li> <li><a href="https://github.com/invopop/jsonschema/commit/048739859f24dff300c94b8b2a75f17cb8f94c4c"><code>0487398</code></a> Fix ExtraWithComman typo in test struct field</li> <li><a href="https://github.com/invopop/jsonschema/commit/bc932369a8e17ddd0028658e1be49e35d6a748b5"><code>bc93236</code></a> Merge remote-tracking branch 'origin/main' into pr-173-escape-extras</li> <li><a href="https://github.com/invopop/jsonschema/commit/d39f13c8fc27de49b934bd043f64e2f3284c920b"><code>d39f13c</code></a> Merge pull request <a href="https://redirect.github.com/invopop/jsonschema/issues/183">#183</a> from fengxsong/feat/reflect-json-string-for-integers</li> <li><a href="https://github.com/invopop/jsonschema/commit/f2e2b913ec19ef878325e6ee1b78eb2dbcea26bb"><code>f2e2b91</code></a> Extend json:&quot;,string&quot; support to number and boolean fields</li> <li>Additional commits viewable in <a href="https://github.com/invopop/jsonschema/compare/v0.13.0...v0.14.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-28 11:52:56 +00:00
Michael Suchacz	dec3e98e54	fix: set Bedrock streaming accept headers (#24776) ... > Mux is working on behalf of Mike. ## Summary - Bump `github.com/coder/anthropic-sdk-go` to the clean Bedrock streaming header fix from coder/anthropic-sdk-go#10. - Add chatd regression coverage that verifies Bedrock streaming requests use AWS event stream headers and include `X-Amzn-Bedrock-Accept` in the SigV4 signed headers. ## SDK follow-up - Reverted the bad coder/anthropic-sdk-go#8 merge with coder/anthropic-sdk-go#9. - Re-applied only the intended Bedrock streaming header change in coder/anthropic-sdk-go#10. ## Validation - `go test ./coderd/x/chatd/chatprovider -run 'TestModelFromConfig_Bedrock(StreamingHeaders|StripsAnthropicHeaders)?$' -count=1` - `go test ./coderd/x/chatd/chatprovider -count=1` - `go mod tidy -diff` - `make lint` - pre-commit hook during `git commit`	2026-04-28 11:28:20 +00:00
dependabot[bot]	411dc1ca8e	chore: bump github.com/aws/smithy-go from 1.24.2 to 1.25.1 (#24775) ... Bumps [github.com/aws/smithy-go](https://github.com/aws/smithy-go) from 1.24.2 to 1.25.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aws/smithy-go/releases">github.com/aws/smithy-go's releases</a>.</em></p> <blockquote> <h2>v1.25.0</h2> <h1>Release (2026-04-15)</h1> <h2>General Highlights</h2> <ul> <li><strong>Dependency Update</strong>: Updated to the latest SDK module versions</li> </ul> <h2>Module Highlights</h2> <ul> <li><code>github.com/aws/smithy-go</code>: v1.25.0 <ul> <li><strong>Feature</strong>: Add support for endpointBdd trait</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aws/smithy-go/blob/main/CHANGELOG.md">github.com/aws/smithy-go's changelog</a>.</em></p> <blockquote> <h1>Release (2026-04-23)</h1> <h2>General Highlights</h2> <ul> <li><strong>Dependency Update</strong>: Updated to the latest SDK module versions</li> </ul> <h2>Module Highlights</h2> <ul> <li><code>github.com/aws/smithy-go</code>: v1.25.1 <ul> <li><strong>Bug Fix</strong>: Fixed a memory leak in the LRU cache implementation used by some AWS services.</li> </ul> </li> </ul> <h1>Release (2026-04-15)</h1> <h2>General Highlights</h2> <ul> <li><strong>Dependency Update</strong>: Updated to the latest SDK module versions</li> </ul> <h2>Module Highlights</h2> <ul> <li><code>github.com/aws/smithy-go</code>: v1.25.0 <ul> <li><strong>Feature</strong>: Add support for endpointBdd trait</li> </ul> </li> </ul> <h1>Release (2026-04-02)</h1> <h2>General Highlights</h2> <ul> <li><strong>Dependency Update</strong>: Updated to the latest SDK module versions</li> </ul> <h2>Module Highlights</h2> <ul> <li><code>github.com/aws/smithy-go</code>: v1.24.3 <ul> <li><strong>Bug Fix</strong>: Add additional sigv4 configuration.</li> </ul> </li> <li><code>github.com/aws/smithy-go/aws-http-auth</code>: <a href="https://github.com/aws/smithy-go/blob/main/aws-http-auth/CHANGELOG.md#v113-2026-04-02">v1.1.3</a> <ul> <li><strong>Bug Fix</strong>: Add additional sigv4 configuration.</li> </ul> </li> </ul> <h1>Release (2026-02-27)</h1> <h2>General Highlights</h2> <ul> <li><strong>Dependency Update</strong>: Bump minimum go version to 1.24.</li> </ul> <h1>Release (2026-02-20)</h1> <h2>General Highlights</h2> <ul> <li><strong>Dependency Update</strong>: Updated to the latest SDK module versions</li> </ul> <h2>Module Highlights</h2> <ul> <li><code>github.com/aws/smithy-go</code>: v1.24.1 <ul> <li><strong>Feature</strong>: Add new middleware functions to get event stream output from middleware</li> </ul> </li> </ul> <h1>Release (2025-12-01)</h1> <h2>General Highlights</h2> <ul> <li><strong>Dependency Update</strong>: Updated to the latest SDK module versions</li> </ul> <h2>Module Highlights</h2> <ul> <li><code>github.com/aws/smithy-go</code>: v1.24.0</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aws/smithy-go/commit/e094f45e716e33a1b950cf8bbe804790bf87f965"><code>e094f45</code></a> Release 2026-04-23</li> <li><a href="https://github.com/aws/smithy-go/commit/214d45be3be5188c4d2fd9cf744c21f8b3dfbabc"><code>214d45b</code></a> changelog</li> <li><a href="https://github.com/aws/smithy-go/commit/3477da0b4dbf31de58ac375fe5abe5d268280824"><code>3477da0</code></a> fix lrucache memory leak on existing item put (<a href="https://redirect.github.com/aws/smithy-go/issues/652">#652</a>)</li> <li><a href="https://github.com/aws/smithy-go/commit/0d0b4d00f2430e62a790203b89fd76dceb4ae213"><code>0d0b4d0</code></a> Bump Smithy version to 1.69.0 (<a href="https://redirect.github.com/aws/smithy-go/issues/650">#650</a>)</li> <li><a href="https://github.com/aws/smithy-go/commit/be5e5ef0d73560eac9d71df7995b0eaffb9a8d71"><code>be5e5ef</code></a> check <a href="https://github.com/enum"><code>@​enum</code></a> on strings for cbor (<a href="https://redirect.github.com/aws/smithy-go/issues/649">#649</a>)</li> <li><a href="https://github.com/aws/smithy-go/commit/5beb80e9da6bcad40dc304f062c27d8269abd67d"><code>5beb80e</code></a> Ensure javadoc uses utf-8 (<a href="https://redirect.github.com/aws/smithy-go/issues/648">#648</a>)</li> <li><a href="https://github.com/aws/smithy-go/commit/73bb8a7d6e222332d46eec7209ba3cd0ba520239"><code>73bb8a7</code></a> Release 2026-04-15</li> <li><a href="https://github.com/aws/smithy-go/commit/f056c6fb0b43ba9bfeca6c29c8c1e1046437e45e"><code>f056c6f</code></a> Changelog</li> <li><a href="https://github.com/aws/smithy-go/commit/ee36afc3d70050ba990c8de8d65043ac11d1f9f4"><code>ee36afc</code></a> Implement BDD generator for <a href="https://github.com/endpointBdd"><code>@​endpointBdd</code></a> Smithy trait (<a href="https://redirect.github.com/aws/smithy-go/issues/647">#647</a>)</li> <li><a href="https://github.com/aws/smithy-go/commit/3dbea7015f5ed79312e2a3cb6bbf39f7a26e46ea"><code>3dbea70</code></a> Release 2026-04-02</li> <li>Additional commits viewable in <a href="https://github.com/aws/smithy-go/compare/v1.24.2...v1.25.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-28 11:18:10 +00:00
dependabot[bot]	a700523043	chore: bump github.com/sony/gobreaker/v2 from 2.3.0 to 2.4.0 (#24774) ... Bumps [github.com/sony/gobreaker/v2](https://github.com/sony/gobreaker) from 2.3.0 to 2.4.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sony/gobreaker/commit/0ae90251b774f890e7586c96ea82d61eb74d556d"><code>0ae9025</code></a> Update README (<a href="https://redirect.github.com/sony/gobreaker/issues/114">#114</a>)</li> <li><a href="https://github.com/sony/gobreaker/commit/1ab58bdde813e51022946f4c9ee25906f0350982"><code>1ab58bd</code></a> feat(circuitbreaker): add tri-state outcome evaluation with Excluded support ...</li> <li><a href="https://github.com/sony/gobreaker/commit/91fd4d17c2aab3de8e6f5cd6bb738e8a4d4e6d68"><code>91fd4d1</code></a> Update Go version matrix in test workflow (<a href="https://redirect.github.com/sony/gobreaker/issues/113">#113</a>)</li> <li>See full diff in <a href="https://github.com/sony/gobreaker/compare/v2.3.0...v2.4.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-28 11:15:36 +00:00
Zach	ef6e452825	chore: uprev coder/terraform-provider-coder to v2.16.0 (#24719) ... Bumps coder/terraform-provider-coder to v2.16.0 to pick up the `coder_secret` data source that enables expressing a required user secret in a template.	2026-04-27 08:29:57 -06:00
Michael Suchacz	99a83a2702	fix: clean Bedrock headers (#24718) ... Bedrock chat provider requests can inherit Anthropic public API headers from the process environment, which causes mixed Anthropic and Bedrock auth headers on signed requests. Update the Anthropic SDK fork so its Bedrock middleware strips Anthropic-only headers before signing requests, and keep a chatprovider regression test for the production request shape. > Mux is acting on Mike's behalf.	2026-04-26 21:50:29 +02:00
Michael Suchacz	62e9752acd	fix: prevent malformed OpenAI Responses continuations (#24725) ... > Worked on by Mux on Mike's behalf. ## Summary - Disable OpenAI Responses `previous_response_id` chain mode when the prior assistant response has unresolved local tool calls, so the next request can include paired tool outputs instead of sending an incomplete continuation. - Update the fantasy pin to a Responses replay fix that preserves stored reasoning references, only replays web search references when paired with reasoning, and validates local function-call output pairing before send. - Add fake OpenAI Responses input validation for the two production 400 shapes and integration coverage for full-history reasoning plus web search replay. - Add sanitized diagnostics for the OpenAI Responses continuity errors. ## Tests - `go test ./providers/openai -run 'TestResponsesToPrompt_(ReasoningWithStore|ReasoningWithWebSearchCombined|WebSearchRequiresReasoningReference|ReasoningWithFunctionCallCombined|WebSearchProviderExecutedToolResults)|TestPrepareParams_(SkipsProviderExecutedToolReferences|ValidatesFunctionCallOutputPairing)|TestValidateResponsesInput_WebSearchReferenceRequiresReasoning' -count=1` - `go test ./providers/openai -count=1` - `GOWORK=off go test ./coderd/x/chatd/chattest -run TestValidateResponsesAPIInput -count=1` - `GOWORK=off go test ./coderd/x/chatd -run 'TestOpenAIResponses(NoStaleWebSearchReplay|FullReplayPairsReasoningAndWebSearch|ChainModeSkipsWhenLocalCallPending|ChainModeStillFiresForProviderExecutedOnly)$|TestResolveChainMode_' -count=1` - `GOWORK=off go test ./coderd/x/chatd/chatprompt -run 'TestInjectMissingToolResults_' -count=1` - `GOWORK=off go test ./coderd/x/chatd/chaterror -run TestClassify_OpenAIResponsesAPIDiagnostics -count=1` - `GOWORK=off go test ./coderd/x/chatd/... -count=1` - `git diff --check` - `git commit` pre-commit hook	2026-04-26 21:23:06 +02:00
blinkagent[bot]	a497d934db	chore: bump coder/fantasy to include gpt-5.5 Responses API support (#24712) ... Bumps the `charm.land/fantasy` replace directive to pick up <https://github.com/coder/fantasy/pull/29>, which adds `gpt-5.5` and `gpt-5.5-pro` to `responsesReasoningModelIDs`. Without this, chatd's `useOpenAIResponsesOptions` returns false for GPT-5.5, so it falls back to Chat Completions and never attaches `ResponsesProviderOptions` (losing `store=true` + `previous_response_id` chaining and other Responses-only features). ## Changes - `go.mod`: `github.com/coder/fantasy v0.0.0-20260416152503-959aa39579d2` → `v0.0.0-20260424191546-5ab464a305f4` - `go.sum`: updated hashes Verified `go build ./coderd/x/chatd/...` passes locally. Created on behalf of @ibetitsmike Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>	2026-04-24 19:35:26 +00:00
Paweł Banaszewski	e00e85765b	chore: move aibridge library code into coder repo (#24190) ... This PR merges code from `coder/aibridge` repository into `coder/coder`. It was split into 4 PRs for easier review but stacked PRs will need to be merged into this PR so all checks pass. * https://github.com/coder/coder/pull/24190 -> raw code copy (this PR, before merging PRs on top of it, it was just 1 commit: https://github.com/coder/coder/commit/70d33f33200c7e77df910957595715f81f9bec24) * https://github.com/coder/coder/pull/24570 -> update imports in `coder/coder` to use copied code * https://github.com/coder/coder/pull/24586 -> linter fixes and CI integration (also added README.md) * https://github.com/coder/coder/pull/24571 -> added exclude to scripts/check_emdash.sh check Original PR message (before PR squash): Moves coder/aibridge code into coder/coder repository. Omitted files: - `go.mod`, `go.sum`, `.gitignore`, `.github/workflows/ci.yml,` `Makefile`, `LICENSE`, `README.md` (modified README.md is added later) - `.github`, `example`, `buildinfo,` `scripts` directories Simple verification script (will list omitted files) ``` tmp=$(mktemp -d) echo "$tmp" git clone --depth=1 https://github.com/coder/aibridge "$tmp/aibridge" git clone --depth=1 --branch pb/aibridge-code-move https://github.com/coder/coder "$tmp/coder" diff -rq --exclude=.git "$tmp/aibridge" "$tmp/coder/aibridge" # rm -rf "$tmp" ```	2026-04-22 17:01:01 +02:00
Lukasz	869168b316	chore: bump gomarkdown to patched revision (#24567) ... Updates `github.com/gomarkdown/markdown` from `v0.0.0-20240930133441-72d49d9543d8` to `v0.0.0-20260411013819-759bbc3e3207`. This pulls in the patched upstream revision for the markdown dependency.	2026-04-21 14:46:32 +00:00
Ethan	bd3ed18fb1	chore: bump hashicorp/hc-install to v0.9.4 and drop coder fork replace (#24547) ... Upstream `github.com/hashicorp/hc-install` v0.9.4 ships the refreshed HashiCorp release-signing key (hashicorp/hc-install#355 + hashicorp/hc-install#372), so the `coder/hc-install` fork replace directive added in #24516 is no longer needed. Relates to https://github.com/coder/internal/issues/1476 Closes ENG-2496	2026-04-21 15:21:12 +10:00
Susana Ferreira	522118ab20	feat: support AWS SDK default credential chain for Bedrock authentication (#24346) ... ## Description Makes AWS Bedrock credentials optional. When `AccessKey` and `AccessKeySecret` are not set, AI Bridge falls back to the AWS SDK default credential chain, which supports IAM Roles (instance profiles, IRSA, ECS task roles), SSO, shared credentials files, and environment variables. This allows AI Bridge to authenticate with AWS Bedrock using: - Permanent credentials (access key + secret) as before - IAM Roles, shared config files, environment variables, SSO, etc, via the SDK default credential chain Depends on: https://github.com/coder/aibridge/pull/265 Related to: https://github.com/coder/aibridge/issues/144 Related to: https://linear.app/codercom/issue/AIGOV-67 _Disclaimer: initially produced by Claude Opus 4.6, modified and reviewed by @ssncferreira ._	2026-04-20 10:00:05 +01:00
Ethan	ef6969dd70	feat(coderd/x/chatd): agent-created file attachments in chat (#24280) ... Agents can already see workspace files and take screenshots, but users could not download those artifacts from chat. This PR adds durable chat attachments to chatd. `attach_file`, explicit `computer` screenshot actions (not the automatic post-action screenshots), and `propose_plan` now fetch bytes over the agent connection, store them in `chat_files`, link them to the chat, and carry attachment metadata in tool responses so `buildAssistantPartsForPersist` can materialize ordinary `type:"file"` assistant parts that the chat file APIs serve. The same storage helpers are reused for other artifact-producing paths. `wait_agent` recordings and thumbnails are stored as chat files and linked back to the parent chat, with best-effort relinking so parent chats retain those artifacts without leaving orphaned rows when chat-file caps reject links. `storeChatAttachment` wraps insert + link in one transaction, files are capped at 10 MB each and 20 per chat, and serving defaults to `Content-Disposition: attachment` with an explicit inline-safe allowlist. This PR also consolidates chat-file media policy in `coderd/chatfiles`. Uploads and tool-generated attachments share byte-based MIME detection, SVG blocking, inline-safety rules, and compatible `text/plain` refinement for JSON, CSV, and Markdown. Prompt construction still only inlines synthetic pasted text for model consumption; assistant-created attachments are persisted for the user and intentionally not replayed into later LLM turns. UI follow-up lives in #24281. Relates to CODAGT-91	2026-04-20 18:04:35 +10:00
Ethan	7e89534d32	chore: use coder/hc-install fork to fix expired PGP key verification (#24516) ... hc-install's bundled HashiCorp release-signing pubkey contains both the original armored block and a refreshed one, but `openpgp.ReadArmoredKeyRing` only decodes the first, so the verifier sees the expired key and terraform installs (and `TestInstall`) fail with `openpgp: key expired`. Point `github.com/hashicorp/hc-install` at our fork, which parses every armored block and merges entities by fingerprint so the refreshed self-signature wins. We can drop the go mod replace once https://github.com/hashicorp/hc-install/pull/371 (or an equivalent upstream fix) ships. Relates to https://github.com/coder/internal/issues/1476	2026-04-20 13:26:28 +10:00
Mathias Fredriksson	6b0bb02e5d	fix: server-side diffs and stricter fuzzy splicing for edit_files (#24454) ... Fixes three classes of edit_files bugs and adds structured per-file diff output for tool callers: - New IncludeDiff flag on FileEditRequest; when set, the agent returns FileEditResponse.Files[]{Path, Diff} with unified diffs computed via go-udiff v0.4.1 Lines + ToUnified (not Unified, which calls log.Fatalf on internal error). - Fuzzy match comparators split each line into leading whitespace, body, trailing whitespace, and ending. The splice substitutes at each position: on agreement between search and replace the file's bytes win; on disagreement the replacement's bytes are spliced verbatim. Carve-outs for empty-body lines, multi-line EOF splices, and level-aware indent translation for inserted lines. - Indent-unit detection (GCD for spaces, tab-priority) lets a 4sp LLM search insert correctly into tab or 2sp files. Falls back to the previous cLead-inheritance path when units can't be detected cleanly. - Empty search is rejected with "search string must not be empty". - Duplicate file paths in one request are rejected; symlink aliases resolved via api.resolvePath before the dedup check. - Frontend EditFilesRenderer consumes the structured files array by explicit path (no label munging) with per-file synthetic fallback for older agents or mismatched paths. On error, no diff is rendered so the synthetic fallback doesn't misrepresent a rejected edit as applied. Breaking change: AgentConn.EditFiles changes from (ctx, req) error to (ctx, req) (FileEditResponse, error) in codersdk/workspacesdk. Source-breaking for external Go consumers; no compat shim per plan owner. Out of scope (tracked in CODAGT-214): level-aware indent for middle-substituted splice lines. Locked in TestEditFiles_FuzzyIndent_InsertionLevelAware's Lock_* cases plus TestEditFiles_ReplaceAll_FuzzyIndentGap.	2026-04-18 16:39:34 +03:00
dependabot[bot]	8e2343f59c	chore: bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 (#24504) ... Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.17.1 to 5.18.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's releases</a>.</em></p> <blockquote> <h2>v5.18.0</h2> <h2>What's Changed</h2> <ul> <li>plumbing: transport/http, Add support for followRedirects policy by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/2004">go-git/go-git#2004</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.17.2...v5.18.0">https://github.com/go-git/go-git/compare/v5.17.2...v5.18.0</a></p> <h2>v5.17.2</h2> <h2>What's Changed</h2> <ul> <li>build: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY] (releases/v5.x) by <a href="https://github.com/go-git-renovate"><code>@​go-git-renovate</code></a>[bot] in <a href="https://redirect.github.com/go-git/go-git/pull/1941">go-git/go-git#1941</a></li> <li>dotgit: skip writing pack files that already exist on disk by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1944">go-git/go-git#1944</a></li> </ul> <p>⚠️ This release fixes a bug (<a href="https://redirect.github.com/go-git/go-git/issues/1942">go-git/go-git#1942</a>) that blocked some users from upgrading to <code>v5.17.1</code>. Thanks <a href="https://github.com/pskrbasu"><code>@​pskrbasu</code></a> for reporting it. 🙇</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.17.1...v5.17.2">https://github.com/go-git/go-git/compare/v5.17.1...v5.17.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-git/go-git/commit/ea3e7ec9dfc54f577a01afb4dd601c0284604264"><code>ea3e7ec</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/2004">#2004</a> from go-git/v5-http-hardening</li> <li><a href="https://github.com/go-git/go-git/commit/bcd20a9c525826081262a06a9ed9c3167abfcd53"><code>bcd20a9</code></a> plumbing: transport/http, Add support for followRedirects policy</li> <li><a href="https://github.com/go-git/go-git/commit/45ae193b3a60aa8ec8a3e373f7265a7819473d5f"><code>45ae193</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1944">#1944</a> from go-git/fix-perms</li> <li><a href="https://github.com/go-git/go-git/commit/fda4f7464b597ff33d2dea1c026482a5e900037c"><code>fda4f74</code></a> storage: filesystem/dotgit, Skip writing pack files that already exist on disk</li> <li><a href="https://github.com/go-git/go-git/commit/2212dc7caeb2a389fe2129923811ef63f75a557a"><code>2212dc7</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1941">#1941</a> from go-git/renovate/releases/v5.x-go-github.com-go-...</li> <li><a href="https://github.com/go-git/go-git/commit/ebb2d7da7f5d5aebeaa0b5e13276d72d602c1ae3"><code>ebb2d7d</code></a> build: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY]</li> <li>See full diff in <a href="https://github.com/go-git/go-git/compare/v5.17.1...v5.18.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/coder/coder/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-17 22:53:10 +00:00
Danielle Maywood	15d8e4ff9f	feat: accept xhigh effort for Anthropic (#24439)	2026-04-16 17:25:34 +01:00
Cian Johnston	2b68a1f4bd	chore: update our fork of fantasy/anthropic-sdk-go to fix MarshalJSON over-allocations (#24390) ... Updates go.mod to reference our internal fork of anthropic-sdk-go. See: https://github.com/coder/anthropic-sdk-go/pull/7 Relates to CODAGT-167 --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2026-04-15 19:47:09 +01:00
Paweł Banaszewski	34f3d4a92a	chore: bump aibridge version (#24368) ... No major feature changes. New version mostly includes linter changes.	2026-04-15 14:55:58 +02:00
dependabot[bot]	10f0786966	chore: bump the x group across 1 directory with 7 updates (#24259) ... Bumps the x group with 4 updates in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/mod](https://github.com/golang/mod), [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/tools](https://github.com/golang/tools). Updates `golang.org/x/crypto` from 0.49.0 to 0.50.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/03ca0dcccbd37ba6be80adf74dde8d78a4d72817"><code>03ca0dc</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/8400f4a938077a7a7817ab7d163d148e371b320b"><code>8400f4a</code></a> ssh: respect signer's algorithm preference in pickSignatureAlgorithm</li> <li><a href="https://github.com/golang/crypto/commit/81c6cb34a8fc386ed53293cd79e3c0c232ee7366"><code>81c6cb3</code></a> ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength</li> <li>See full diff in <a href="https://github.com/golang/crypto/compare/v0.49.0...v0.50.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/mod` from 0.34.0 to 0.35.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/mod/commit/03901d351deb5bd95deb90714fb75bf8e232cb22"><code>03901d3</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/mod/compare/v0.34.0...v0.35.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/net` from 0.52.0 to 0.53.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/net/commit/a8d1fc14d9e33e1f6842ab78a0127d42cd8fff44"><code>a8d1fc1</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/net/commit/056ac742146af742aa760d690269c02fa238cc7a"><code>056ac74</code></a> quic: avoid depending on golang.org/x/sys/unix</li> <li><a href="https://github.com/golang/net/commit/c85f61116e47b1523036c3005f8b2923b661eb64"><code>c85f611</code></a> http3: add http3 package for testing in std</li> <li><a href="https://github.com/golang/net/commit/805fc81a196b95c3c00f02e135ffb8a8d5582bdf"><code>805fc81</code></a> http2: add transport API tests</li> <li><a href="https://github.com/golang/net/commit/e63b894ab3cd38a1d05396530dccde7ffa3f68d0"><code>e63b894</code></a> http2: support testing via net/http.Transport.RoundTrip</li> <li><a href="https://github.com/golang/net/commit/9ee1e484e5aab0d95b3babbc6f1384d03f4f9e22"><code>9ee1e48</code></a> http2/hpack: prevent HeaderField from escaping during encoding</li> <li><a href="https://github.com/golang/net/commit/1e71bd86e4a302b4e731bc06da6eb51679c7bd49"><code>1e71bd8</code></a> http2: prevent hanging Transport due to bad SETTINGS frame</li> <li><a href="https://github.com/golang/net/commit/7bca15042b9d2bda1402cb42232a9c6ddbae6212"><code>7bca150</code></a> internal/http3: respect net/http Server Shutdown context when shutting down</li> <li><a href="https://github.com/golang/net/commit/44c41bee5028537e64410b1583e8ae329ceac284"><code>44c41be</code></a> internal/http3: prevent server from holding mutex when sleeping during shutdown</li> <li><a href="https://github.com/golang/net/commit/228a67a374710bff77fc490e7f538b317c34e247"><code>228a67a</code></a> internal/http3: add CloseIdleConnections support in transport</li> <li>Additional commits viewable in <a href="https://github.com/golang/net/compare/v0.52.0...v0.53.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/sys` from 0.42.0 to 0.43.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/sys/commit/f33a730cd0c449cfd6f7106780c73052e96cc33d"><code>f33a730</code></a> windows: support nil security descriptor on GetNamedSecurityInfo</li> <li><a href="https://github.com/golang/sys/commit/493d1725989a7a3f3582adfa68faf7207aec666b"><code>493d172</code></a> cpu: add runtime import in cpu_darwin_arm64_other.go</li> <li><a href="https://github.com/golang/sys/commit/2c2be756b97dee6d15aba69839acfbd4e0f3ccc5"><code>2c2be75</code></a> windows: use syscall.SyscallN in Proc.Call</li> <li><a href="https://github.com/golang/sys/commit/a76ec62d6c5389e4fe51c659ba926bf71e471a67"><code>a76ec62</code></a> cpu: roll back &quot;use IsProcessorFeaturePresent to calculate ARM64 on windows&quot;</li> <li>See full diff in <a href="https://github.com/golang/sys/compare/v0.42.0...v0.43.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/term` from 0.41.0 to 0.42.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/term/commit/52b71d3344c86b384ed34ebf73f1e6f37044fe79"><code>52b71d3</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/term/compare/v0.41.0...v0.42.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/text` from 0.35.0 to 0.36.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/text/commit/8577a70117e110160c45f32af0e0df84eef844f7"><code>8577a70</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/text/compare/v0.35.0...v0.36.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/tools` from 0.43.0 to 0.44.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/3dd188df80fd3563559f02e4eeb10ba1043cce55"><code>3dd188d</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/aebd87084e63fd3aa0a5222eeae28af6c2e33629"><code>aebd870</code></a> gopls: improve doc link matching to support links followed by a colon</li> <li><a href="https://github.com/golang/tools/commit/5357b43c088d8403d5fcd9992431db0a351ce922"><code>5357b43</code></a> go/analysis/passes/modernize: rangeint: handle type parameter constraints</li> <li><a href="https://github.com/golang/tools/commit/bf04c618d518f244d26fb5c7ad77d893f8b1fc4d"><code>bf04c61</code></a> go/types/internal/play: show normal terms of selected type</li> <li><a href="https://github.com/golang/tools/commit/0ae2de027e10d7a0530ecf7ccc2db8df8aa5dcb3"><code>0ae2de0</code></a> gopls/internal/filecache: cache decoded objects in memCache</li> <li><a href="https://github.com/golang/tools/commit/8e51a5fb67f9b3e2b32792f21e727664ca6561e2"><code>8e51a5f</code></a> go/ssa: support direct references to embedded fields in struct lit</li> <li><a href="https://github.com/golang/tools/commit/5005b9e710b3c1eef7e5077c77289410729919ec"><code>5005b9e</code></a> internal/gcimporter: rename ureader_yes.go to ureader.go</li> <li><a href="https://github.com/golang/tools/commit/5ca865bb7d52012b73ac379c5aec59b3d04efce8"><code>5ca865b</code></a> go/types/objectpath: add debugging command</li> <li><a href="https://github.com/golang/tools/commit/f6476fbaabd396b58618b473e4eb71e1f532b495"><code>f6476fb</code></a> internal/gcimporter: consume generic methods in gcimporter</li> <li><a href="https://github.com/golang/tools/commit/b36d1d12a1a724eb9be6609c9789aec3d99e6030"><code>b36d1d1</code></a> internal/pkgbits: sync version.go with goroot</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.43.0...v0.44.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-14 11:17:52 +00:00
Lukasz	03d662a06c	build: bump Go toolchain to 1.25.9 (#24293) ... Bumps the Go toolchain from 1.25.8 to 1.25.9 across `go.mod`, the shared setup-go action, and the dogfood image. This keeps local builds, CI, and containerized workflows aligned on the latest patch release, including the updated Go tarball checksum in the Dockerfile.	2026-04-14 12:15:31 +02:00
Yevhenii Shcherbina	b78eba9f9d	feat: make sure creds are always masked (#24241) ... ## Summary Adds a `sanitizeCredentialHint` safety check in the db-to-SDK conversion layer to ensure credential hints are always masked before being exposed in the API. Also adds `credential_kind` and `credential_hint` assertions to the session threads API test.	2026-04-13 10:14:38 -04:00