From b7235020973152a6c7c4d8553bf5c3949d179bc9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 9 Feb 2026 05:27:05 +0000 Subject: [PATCH] fix(deps): update weekly-non-major-updates --- .github/workflows/codeql.yml | 6 ++--- .github/workflows/docker-build.yml | 6 ++--- .github/workflows/nightly-build.yml | 6 ++--- .github/workflows/security-pr.yml | 2 +- .github/workflows/security-weekly-rebuild.yml | 2 +- .github/workflows/supply-chain-pr.yml | 6 ++--- .github/workflows/supply-chain-verify.yml | 4 ++-- Dockerfile | 6 ++--- backend/go.mod | 2 +- frontend/package-lock.json | 24 +++++++++---------- frontend/package.json | 6 ++--- package-lock.json | 16 ++++++------- package.json | 4 ++-- 13 files changed, 45 insertions(+), 45 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8e4e8246..fbffeab0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -42,7 +42,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Initialize CodeQL - uses: github/codeql-action/init@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4 + uses: github/codeql-action/init@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4 with: languages: ${{ matrix.language }} # Use CodeQL config to exclude documented false positives @@ -58,10 +58,10 @@ jobs: cache-dependency-path: backend/go.sum - name: Autobuild - uses: github/codeql-action/autobuild@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4 + uses: github/codeql-action/autobuild@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4 + uses: github/codeql-action/analyze@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 36b1be13..924e2c77 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -524,7 +524,7 @@ jobs: - name: Upload Trivy results if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true' && steps.trivy-check.outputs.exists == 'true' - uses: github/codeql-action/upload-sarif@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4.32.1 + uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2 with: sarif_file: 'trivy-results.sarif' token: ${{ secrets.GITHUB_TOKEN }} @@ -532,7 +532,7 @@ jobs: # Generate SBOM (Software Bill of Materials) for supply chain security # Only for production builds (main/development) - feature branches use downstream supply-chain-pr.yml - name: Generate SBOM - uses: anchore/sbom-action@deef08a0db64bfad603422135db61477b16cef56 # v0.22.1 + uses: anchore/sbom-action@28d71544de8eaf1b958d335707167c5f783590ad # v0.22.2 if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true' && steps.skip.outputs.is_feature_push != 'true' with: image: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }} @@ -667,7 +667,7 @@ jobs: - name: Upload Trivy scan results if: always() - uses: github/codeql-action/upload-sarif@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4.32.1 + uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2 with: sarif_file: 'trivy-pr-results.sarif' category: 'docker-pr-image' diff --git a/.github/workflows/nightly-build.yml b/.github/workflows/nightly-build.yml index 8072813a..65b2597f 100644 --- a/.github/workflows/nightly-build.yml +++ b/.github/workflows/nightly-build.yml @@ -155,7 +155,7 @@ jobs: echo "- ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:nightly@${{ steps.build.outputs.digest }}" >> $GITHUB_STEP_SUMMARY - name: Generate SBOM - uses: anchore/sbom-action@deef08a0db64bfad603422135db61477b16cef56 # v0.22.1 + uses: anchore/sbom-action@28d71544de8eaf1b958d335707167c5f783590ad # v0.22.2 with: image: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:nightly@${{ steps.build.outputs.digest }} format: cyclonedx-json @@ -271,7 +271,7 @@ jobs: name: sbom-nightly - name: Scan with Grype - uses: anchore/scan-action@8d2fce09422cd6037e577f4130e9b925e9a37175 # v7.3.1 + uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7.3.2 with: sbom: sbom-nightly.json fail-build: false @@ -285,7 +285,7 @@ jobs: output: 'trivy-nightly.sarif' - name: Upload Trivy results - uses: github/codeql-action/upload-sarif@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4.32.1 + uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2 with: sarif_file: 'trivy-nightly.sarif' category: 'trivy-nightly' diff --git a/.github/workflows/security-pr.yml b/.github/workflows/security-pr.yml index 9d9cee01..2285aec5 100644 --- a/.github/workflows/security-pr.yml +++ b/.github/workflows/security-pr.yml @@ -234,7 +234,7 @@ jobs: - name: Upload Trivy SARIF to GitHub Security if: steps.check-artifact.outputs.artifact_exists == 'true' # github/codeql-action v4 - uses: github/codeql-action/upload-sarif@f959778b39f110f7919139e242fa5ac47393c877 + uses: github/codeql-action/upload-sarif@b13d724d35ff0a814e21683638ed68ed34cf53d1 with: sarif_file: 'trivy-binary-results.sarif' category: ${{ steps.pr-info.outputs.is_push == 'true' && format('security-scan-{0}', github.event.workflow_run.head_branch) || format('security-scan-pr-{0}', steps.pr-info.outputs.pr_number) }} diff --git a/.github/workflows/security-weekly-rebuild.yml b/.github/workflows/security-weekly-rebuild.yml index 202fd9a2..5cd216ff 100644 --- a/.github/workflows/security-weekly-rebuild.yml +++ b/.github/workflows/security-weekly-rebuild.yml @@ -106,7 +106,7 @@ jobs: severity: 'CRITICAL,HIGH,MEDIUM' - name: Upload Trivy results to GitHub Security - uses: github/codeql-action/upload-sarif@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4.32.1 + uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2 with: sarif_file: 'trivy-weekly-results.sarif' diff --git a/.github/workflows/supply-chain-pr.yml b/.github/workflows/supply-chain-pr.yml index ca8c11df..f807b7a7 100644 --- a/.github/workflows/supply-chain-pr.yml +++ b/.github/workflows/supply-chain-pr.yml @@ -216,7 +216,7 @@ jobs: # Generate SBOM using official Anchore action (auto-updated by Renovate) - name: Generate SBOM if: steps.check-artifact.outputs.artifact_found == 'true' - uses: anchore/sbom-action@deef08a0db64bfad603422135db61477b16cef56 # v0.22.1 + uses: anchore/sbom-action@28d71544de8eaf1b958d335707167c5f783590ad # v0.22.2 id: sbom with: image: ${{ steps.load-image.outputs.image_name }} @@ -234,7 +234,7 @@ jobs: # Scan for vulnerabilities using official Anchore action (auto-updated by Renovate) - name: Scan for vulnerabilities if: steps.check-artifact.outputs.artifact_found == 'true' - uses: anchore/scan-action@8d2fce09422cd6037e577f4130e9b925e9a37175 # v7.3.1 + uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7.3.2 id: grype-scan with: sbom: sbom.cyclonedx.json @@ -284,7 +284,7 @@ jobs: - name: Upload SARIF to GitHub Security if: steps.check-artifact.outputs.artifact_found == 'true' - uses: github/codeql-action/upload-sarif@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4 + uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4 continue-on-error: true with: sarif_file: grype-results.sarif diff --git a/.github/workflows/supply-chain-verify.yml b/.github/workflows/supply-chain-verify.yml index 29a342b3..9b12d6e4 100644 --- a/.github/workflows/supply-chain-verify.yml +++ b/.github/workflows/supply-chain-verify.yml @@ -114,7 +114,7 @@ jobs: # Generate SBOM using official Anchore action (auto-updated by Renovate) - name: Generate and Verify SBOM if: steps.image-check.outputs.exists == 'true' - uses: anchore/sbom-action@deef08a0db64bfad603422135db61477b16cef56 # v0.22.1 + uses: anchore/sbom-action@28d71544de8eaf1b958d335707167c5f783590ad # v0.22.2 with: image: ghcr.io/${{ github.repository_owner }}/charon:${{ steps.tag.outputs.tag }} format: cyclonedx-json @@ -228,7 +228,7 @@ jobs: # Scan for vulnerabilities using official Anchore action (auto-updated by Renovate) - name: Scan for Vulnerabilities if: steps.validate-sbom.outputs.valid == 'true' - uses: anchore/scan-action@8d2fce09422cd6037e577f4130e9b925e9a37175 # v7.3.1 + uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7.3.2 id: scan with: sbom: sbom-verify.cyclonedx.json diff --git a/Dockerfile b/Dockerfile index 774ce016..ba4bdf0a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,7 +35,7 @@ FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.9.0@sha256:c64defb9ed5a91eacb37f9 # CVEs fixed: CVE-2023-24531, CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, # CVE-2023-29405, CVE-2024-24790, CVE-2025-22871, and 15 more # renovate: datasource=docker depName=golang -FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:0032c99f1682c40dca54932e2fe0156dc575ed12c6a4fdec94df9db7a0c17ab0 AS gosu-builder +FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:dfdd969010ba978942302cee078235da13aef030d22841e873545001d68a61a7 AS gosu-builder COPY --from=xx / / WORKDIR /tmp/gosu @@ -89,7 +89,7 @@ RUN --mount=type=cache,target=/app/frontend/node_modules/.cache \ # ---- Backend Builder ---- # renovate: datasource=docker depName=golang -FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:0032c99f1682c40dca54932e2fe0156dc575ed12c6a4fdec94df9db7a0c17ab0 AS backend-builder +FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:dfdd969010ba978942302cee078235da13aef030d22841e873545001d68a61a7 AS backend-builder # Copy xx helpers for cross-compilation COPY --from=xx / / @@ -162,7 +162,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \ # Build Caddy from source to ensure we use the latest Go version and dependencies # This fixes vulnerabilities found in the pre-built Caddy images (e.g. CVE-2025-59530, stdlib issues) # renovate: datasource=docker depName=golang -FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:0032c99f1682c40dca54932e2fe0156dc575ed12c6a4fdec94df9db7a0c17ab0 AS caddy-builder +FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:dfdd969010ba978942302cee078235da13aef030d22841e873545001d68a61a7 AS caddy-builder ARG TARGETOS ARG TARGETARCH ARG CADDY_VERSION diff --git a/backend/go.mod b/backend/go.mod index 75c90fed..24122ea8 100644 --- a/backend/go.mod +++ b/backend/go.mod @@ -1,6 +1,6 @@ module github.com/Wikid82/charon/backend -go 1.25.6 +go 1.25.7 require ( github.com/containrrr/shoutrrr v0.8.0 diff --git a/frontend/package-lock.json b/frontend/package-lock.json index 9b1dcc60..2b92bc38 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -19,7 +19,7 @@ "class-variance-authority": "^0.7.1", "clsx": "^2.1.1", "date-fns": "^4.1.0", - "i18next": "^25.8.1", + "i18next": "^25.8.4", "i18next-browser-languagedetector": "^8.2.0", "lucide-react": "^0.563.0", "react": "^19.2.4", @@ -37,8 +37,8 @@ "@testing-library/jest-dom": "^6.9.1", "@testing-library/react": "^16.3.2", "@testing-library/user-event": "^14.6.1", - "@types/node": "^25.2.0", - "@types/react": "^19.2.10", + "@types/node": "^25.2.1", + "@types/react": "^19.2.13", "@types/react-dom": "^19.2.3", "@typescript-eslint/eslint-plugin": "^8.54.0", "@typescript-eslint/parser": "^8.54.0", @@ -3400,9 +3400,9 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "25.2.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-25.2.0.tgz", - "integrity": "sha512-DZ8VwRFUNzuqJ5khrvwMXHmvPe+zGayJhr2CDNiKB1WBE1ST8Djl00D0IC4vvNmHMdj6DlbYRIaFE7WHjlDl5w==", + "version": "25.2.2", + "resolved": "https://registry.npmjs.org/@types/node/-/node-25.2.2.tgz", + "integrity": "sha512-BkmoP5/FhRYek5izySdkOneRyXYN35I860MFAGupTdebyE66uZaR+bXLHq8k4DirE5DwQi3NuhvRU1jqTVwUrQ==", "dev": true, "license": "MIT", "peer": true, @@ -3411,9 +3411,9 @@ } }, "node_modules/@types/react": { - "version": "19.2.10", - "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.10.tgz", - "integrity": "sha512-WPigyYuGhgZ/cTPRXB2EwUw+XvsRA3GqHlsP4qteqrnnjDrApbS7MxcGr/hke5iUoeB7E/gQtrs9I37zAJ0Vjw==", + "version": "19.2.13", + "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.13.tgz", + "integrity": "sha512-KkiJeU6VbYbUOp5ITMIc7kBfqlYkKA5KhEHVrGMmUUMt7NeaZg65ojdPk+FtNrBAOXNVM5QM72jnADjM+XVRAQ==", "devOptional": true, "license": "MIT", "peer": true, @@ -5383,9 +5383,9 @@ } }, "node_modules/i18next": { - "version": "25.8.1", - "resolved": "https://registry.npmjs.org/i18next/-/i18next-25.8.1.tgz", - "integrity": "sha512-nFFxhwcRNggIrkv2hx/xMYVMG7Z8iMUA4ZuH4tgcbZiI0bK1jn3kSDIXNWuQDt1xVAu7mb7Qn82TpH7ZAk/okA==", + "version": "25.8.4", + "resolved": "https://registry.npmjs.org/i18next/-/i18next-25.8.4.tgz", + "integrity": "sha512-a9A0MnUjKvzjEN/26ZY1okpra9kA8MEwzYEz1BNm+IyxUKPRH6ihf0p7vj8YvULwZHKHl3zkJ6KOt4hewxBecQ==", "funding": [ { "type": "individual", diff --git a/frontend/package.json b/frontend/package.json index 6a20cf72..2c20524c 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -38,7 +38,7 @@ "class-variance-authority": "^0.7.1", "clsx": "^2.1.1", "date-fns": "^4.1.0", - "i18next": "^25.8.1", + "i18next": "^25.8.4", "i18next-browser-languagedetector": "^8.2.0", "lucide-react": "^0.563.0", "react": "^19.2.4", @@ -56,8 +56,8 @@ "@testing-library/jest-dom": "^6.9.1", "@testing-library/react": "^16.3.2", "@testing-library/user-event": "^14.6.1", - "@types/node": "^25.2.0", - "@types/react": "^19.2.10", + "@types/node": "^25.2.1", + "@types/react": "^19.2.13", "@types/react-dom": "^19.2.3", "@typescript-eslint/eslint-plugin": "^8.54.0", "@typescript-eslint/parser": "^8.54.0", diff --git a/package-lock.json b/package-lock.json index 215b1bf8..a465915c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,9 +13,9 @@ "devDependencies": { "@bgotink/playwright-coverage": "^0.3.2", "@playwright/test": "^1.58.1", - "@types/node": "^25.2.0", + "@types/node": "^25.2.1", "@types/tar": "^6.1.13", - "dotenv": "^17.2.3", + "dotenv": "^17.2.4", "markdownlint-cli2": "^0.20.0", "tar": "^7.5.7" } @@ -946,9 +946,9 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "25.2.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-25.2.0.tgz", - "integrity": "sha512-DZ8VwRFUNzuqJ5khrvwMXHmvPe+zGayJhr2CDNiKB1WBE1ST8Djl00D0IC4vvNmHMdj6DlbYRIaFE7WHjlDl5w==", + "version": "25.2.2", + "resolved": "https://registry.npmjs.org/@types/node/-/node-25.2.2.tgz", + "integrity": "sha512-BkmoP5/FhRYek5izySdkOneRyXYN35I860MFAGupTdebyE66uZaR+bXLHq8k4DirE5DwQi3NuhvRU1jqTVwUrQ==", "devOptional": true, "license": "MIT", "peer": true, @@ -1257,9 +1257,9 @@ } }, "node_modules/dotenv": { - "version": "17.2.3", - "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-17.2.3.tgz", - "integrity": "sha512-JVUnt+DUIzu87TABbhPmNfVdBDt18BLOWjMUFJMSi/Qqg7NTYtabbvSNJGOJ7afbRuv9D/lngizHtP7QyLQ+9w==", + "version": "17.2.4", + "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-17.2.4.tgz", + "integrity": "sha512-mudtfb4zRB4bVvdj0xRo+e6duH1csJRM8IukBqfTRvHotn9+LBXB8ynAidP9zHqoRC/fsllXgk4kCKlR21fIhw==", "dev": true, "license": "BSD-2-Clause", "engines": { diff --git a/package.json b/package.json index df0948bc..9a0bf92d 100644 --- a/package.json +++ b/package.json @@ -17,9 +17,9 @@ "devDependencies": { "@bgotink/playwright-coverage": "^0.3.2", "@playwright/test": "^1.58.1", - "@types/node": "^25.2.0", + "@types/node": "^25.2.1", "@types/tar": "^6.1.13", - "dotenv": "^17.2.3", + "dotenv": "^17.2.4", "markdownlint-cli2": "^0.20.0", "tar": "^7.5.7" }