Merge pull request #679 from Wikid82/renovate/development-weekly-non-major-updates

fix(deps): update weekly-non-major-updates (development)
2026-02-09 01:11:12 -05:00
parent 7907bec067 b723502097
commit 8cb7e35918
13 changed files with 45 additions and 45 deletions
@@ -42,7 +42,7 @@ jobs:
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - name: Initialize CodeQL
-        uses: github/codeql-action/init@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4
+        uses: github/codeql-action/init@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4
        with:
          languages: ${{ matrix.language }}
          # Use CodeQL config to exclude documented false positives
@@ -58,10 +58,10 @@ jobs:
          cache-dependency-path: backend/go.sum

      - name: Autobuild
-        uses: github/codeql-action/autobuild@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4
+        uses: github/codeql-action/autobuild@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4
+        uses: github/codeql-action/analyze@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4
        with:
          category: "/language:${{ matrix.language }}"

@@ -524,7 +524,7 @@ jobs:

      - name: Upload Trivy results
        if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true' && steps.trivy-check.outputs.exists == 'true'
-        uses: github/codeql-action/upload-sarif@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4.32.1
+        uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
        with:
          sarif_file: 'trivy-results.sarif'
          token: ${{ secrets.GITHUB_TOKEN }}
@@ -532,7 +532,7 @@ jobs:
      # Generate SBOM (Software Bill of Materials) for supply chain security
      # Only for production builds (main/development) - feature branches use downstream supply-chain-pr.yml
      - name: Generate SBOM
-        uses: anchore/sbom-action@deef08a0db64bfad603422135db61477b16cef56 # v0.22.1
+        uses: anchore/sbom-action@28d71544de8eaf1b958d335707167c5f783590ad # v0.22.2
        if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true' && steps.skip.outputs.is_feature_push != 'true'
        with:
          image: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
@@ -667,7 +667,7 @@ jobs:

      - name: Upload Trivy scan results
        if: always()
-        uses: github/codeql-action/upload-sarif@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4.32.1
+        uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
        with:
          sarif_file: 'trivy-pr-results.sarif'
          category: 'docker-pr-image'
@@ -155,7 +155,7 @@ jobs:
          echo "- ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:nightly@${{ steps.build.outputs.digest }}" >> $GITHUB_STEP_SUMMARY

      - name: Generate SBOM
-        uses: anchore/sbom-action@deef08a0db64bfad603422135db61477b16cef56  # v0.22.1
+        uses: anchore/sbom-action@28d71544de8eaf1b958d335707167c5f783590ad  # v0.22.2
        with:
          image: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:nightly@${{ steps.build.outputs.digest }}
          format: cyclonedx-json
@@ -271,7 +271,7 @@ jobs:
          name: sbom-nightly

      - name: Scan with Grype
-        uses: anchore/scan-action@8d2fce09422cd6037e577f4130e9b925e9a37175  # v7.3.1
+        uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c  # v7.3.2
        with:
          sbom: sbom-nightly.json
          fail-build: false
@@ -285,7 +285,7 @@ jobs:
          output: 'trivy-nightly.sarif'

      - name: Upload Trivy results
-        uses: github/codeql-action/upload-sarif@6bc82e05fd0ea64601dd4b465378bbcf57de0314  # v4.32.1
+        uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2  # v4.32.2
        with:
          sarif_file: 'trivy-nightly.sarif'
          category: 'trivy-nightly'
@@ -234,7 +234,7 @@ jobs:
      - name: Upload Trivy SARIF to GitHub Security
        if: steps.check-artifact.outputs.artifact_exists == 'true'
        # github/codeql-action v4
-        uses: github/codeql-action/upload-sarif@f959778b39f110f7919139e242fa5ac47393c877
+        uses: github/codeql-action/upload-sarif@b13d724d35ff0a814e21683638ed68ed34cf53d1
        with:
          sarif_file: 'trivy-binary-results.sarif'
          category: ${{ steps.pr-info.outputs.is_push == 'true' && format('security-scan-{0}', github.event.workflow_run.head_branch) || format('security-scan-pr-{0}', steps.pr-info.outputs.pr_number) }}
@@ -106,7 +106,7 @@ jobs:
          severity: 'CRITICAL,HIGH,MEDIUM'

      - name: Upload Trivy results to GitHub Security
-        uses: github/codeql-action/upload-sarif@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4.32.1
+        uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
        with:
          sarif_file: 'trivy-weekly-results.sarif'

@@ -216,7 +216,7 @@ jobs:
      # Generate SBOM using official Anchore action (auto-updated by Renovate)
      - name: Generate SBOM
        if: steps.check-artifact.outputs.artifact_found == 'true'
-        uses: anchore/sbom-action@deef08a0db64bfad603422135db61477b16cef56 # v0.22.1
+        uses: anchore/sbom-action@28d71544de8eaf1b958d335707167c5f783590ad # v0.22.2
        id: sbom
        with:
          image: ${{ steps.load-image.outputs.image_name }}
@@ -234,7 +234,7 @@ jobs:
      # Scan for vulnerabilities using official Anchore action (auto-updated by Renovate)
      - name: Scan for vulnerabilities
        if: steps.check-artifact.outputs.artifact_found == 'true'
-        uses: anchore/scan-action@8d2fce09422cd6037e577f4130e9b925e9a37175 # v7.3.1
+        uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7.3.2
        id: grype-scan
        with:
          sbom: sbom.cyclonedx.json
@@ -284,7 +284,7 @@ jobs:

      - name: Upload SARIF to GitHub Security
        if: steps.check-artifact.outputs.artifact_found == 'true'
-        uses: github/codeql-action/upload-sarif@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4
+        uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4
        continue-on-error: true
        with:
          sarif_file: grype-results.sarif
@@ -114,7 +114,7 @@ jobs:
      # Generate SBOM using official Anchore action (auto-updated by Renovate)
      - name: Generate and Verify SBOM
        if: steps.image-check.outputs.exists == 'true'
-        uses: anchore/sbom-action@deef08a0db64bfad603422135db61477b16cef56 # v0.22.1
+        uses: anchore/sbom-action@28d71544de8eaf1b958d335707167c5f783590ad # v0.22.2
        with:
          image: ghcr.io/${{ github.repository_owner }}/charon:${{ steps.tag.outputs.tag }}
          format: cyclonedx-json
@@ -228,7 +228,7 @@ jobs:
      # Scan for vulnerabilities using official Anchore action (auto-updated by Renovate)
      - name: Scan for Vulnerabilities
        if: steps.validate-sbom.outputs.valid == 'true'
-        uses: anchore/scan-action@8d2fce09422cd6037e577f4130e9b925e9a37175 # v7.3.1
+        uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7.3.2
        id: scan
        with:
          sbom: sbom-verify.cyclonedx.json
@@ -35,7 +35,7 @@ FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.9.0@sha256:c64defb9ed5a91eacb37f9
 # CVEs fixed: CVE-2023-24531, CVE-2023-24540, CVE-2023-29402, CVE-2023-29404,
 #             CVE-2023-29405, CVE-2024-24790, CVE-2025-22871, and 15 more
 # renovate: datasource=docker depName=golang
-FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:0032c99f1682c40dca54932e2fe0156dc575ed12c6a4fdec94df9db7a0c17ab0 AS gosu-builder
+FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:dfdd969010ba978942302cee078235da13aef030d22841e873545001d68a61a7 AS gosu-builder
 COPY --from=xx / /

 WORKDIR /tmp/gosu
@@ -89,7 +89,7 @@ RUN --mount=type=cache,target=/app/frontend/node_modules/.cache \

 # ---- Backend Builder ----
 # renovate: datasource=docker depName=golang
-FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:0032c99f1682c40dca54932e2fe0156dc575ed12c6a4fdec94df9db7a0c17ab0 AS backend-builder
+FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:dfdd969010ba978942302cee078235da13aef030d22841e873545001d68a61a7 AS backend-builder
 # Copy xx helpers for cross-compilation
 COPY --from=xx / /

@@ -162,7 +162,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
 # Build Caddy from source to ensure we use the latest Go version and dependencies
 # This fixes vulnerabilities found in the pre-built Caddy images (e.g. CVE-2025-59530, stdlib issues)
 # renovate: datasource=docker depName=golang
-FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:0032c99f1682c40dca54932e2fe0156dc575ed12c6a4fdec94df9db7a0c17ab0 AS caddy-builder
+FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:dfdd969010ba978942302cee078235da13aef030d22841e873545001d68a61a7 AS caddy-builder
 ARG TARGETOS
 ARG TARGETARCH
 ARG CADDY_VERSION
@@ -1,6 +1,6 @@
 module github.com/Wikid82/charon/backend

-go 1.25.6
+go 1.25.7

 require (
 	github.com/containrrr/shoutrrr v0.8.0
@@ -19,7 +19,7 @@
        "class-variance-authority": "^0.7.1",
        "clsx": "^2.1.1",
        "date-fns": "^4.1.0",
-        "i18next": "^25.8.1",
+        "i18next": "^25.8.4",
        "i18next-browser-languagedetector": "^8.2.0",
        "lucide-react": "^0.563.0",
        "react": "^19.2.4",
@@ -37,8 +37,8 @@
        "@testing-library/jest-dom": "^6.9.1",
        "@testing-library/react": "^16.3.2",
        "@testing-library/user-event": "^14.6.1",
-        "@types/node": "^25.2.0",
-        "@types/react": "^19.2.10",
+        "@types/node": "^25.2.1",
+        "@types/react": "^19.2.13",
        "@types/react-dom": "^19.2.3",
        "@typescript-eslint/eslint-plugin": "^8.54.0",
        "@typescript-eslint/parser": "^8.54.0",
@@ -3400,9 +3400,9 @@
      "license": "MIT"
    },
    "node_modules/@types/node": {
-      "version": "25.2.0",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.2.0.tgz",
-      "integrity": "sha512-DZ8VwRFUNzuqJ5khrvwMXHmvPe+zGayJhr2CDNiKB1WBE1ST8Djl00D0IC4vvNmHMdj6DlbYRIaFE7WHjlDl5w==",
+      "version": "25.2.2",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.2.2.tgz",
+      "integrity": "sha512-BkmoP5/FhRYek5izySdkOneRyXYN35I860MFAGupTdebyE66uZaR+bXLHq8k4DirE5DwQi3NuhvRU1jqTVwUrQ==",
      "dev": true,
      "license": "MIT",
      "peer": true,
@@ -3411,9 +3411,9 @@
      }
    },
    "node_modules/@types/react": {
-      "version": "19.2.10",
-      "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.10.tgz",
-      "integrity": "sha512-WPigyYuGhgZ/cTPRXB2EwUw+XvsRA3GqHlsP4qteqrnnjDrApbS7MxcGr/hke5iUoeB7E/gQtrs9I37zAJ0Vjw==",
+      "version": "19.2.13",
+      "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.13.tgz",
+      "integrity": "sha512-KkiJeU6VbYbUOp5ITMIc7kBfqlYkKA5KhEHVrGMmUUMt7NeaZg65ojdPk+FtNrBAOXNVM5QM72jnADjM+XVRAQ==",
      "devOptional": true,
      "license": "MIT",
      "peer": true,
@@ -5383,9 +5383,9 @@
      }
    },
    "node_modules/i18next": {
-      "version": "25.8.1",
-      "resolved": "https://registry.npmjs.org/i18next/-/i18next-25.8.1.tgz",
-      "integrity": "sha512-nFFxhwcRNggIrkv2hx/xMYVMG7Z8iMUA4ZuH4tgcbZiI0bK1jn3kSDIXNWuQDt1xVAu7mb7Qn82TpH7ZAk/okA==",
+      "version": "25.8.4",
+      "resolved": "https://registry.npmjs.org/i18next/-/i18next-25.8.4.tgz",
+      "integrity": "sha512-a9A0MnUjKvzjEN/26ZY1okpra9kA8MEwzYEz1BNm+IyxUKPRH6ihf0p7vj8YvULwZHKHl3zkJ6KOt4hewxBecQ==",
      "funding": [
        {
          "type": "individual",
@@ -38,7 +38,7 @@
    "class-variance-authority": "^0.7.1",
    "clsx": "^2.1.1",
    "date-fns": "^4.1.0",
-    "i18next": "^25.8.1",
+    "i18next": "^25.8.4",
    "i18next-browser-languagedetector": "^8.2.0",
    "lucide-react": "^0.563.0",
    "react": "^19.2.4",
@@ -56,8 +56,8 @@
    "@testing-library/jest-dom": "^6.9.1",
    "@testing-library/react": "^16.3.2",
    "@testing-library/user-event": "^14.6.1",
-    "@types/node": "^25.2.0",
-    "@types/react": "^19.2.10",
+    "@types/node": "^25.2.1",
+    "@types/react": "^19.2.13",
    "@types/react-dom": "^19.2.3",
    "@typescript-eslint/eslint-plugin": "^8.54.0",
    "@typescript-eslint/parser": "^8.54.0",
@@ -13,9 +13,9 @@
      "devDependencies": {
        "@bgotink/playwright-coverage": "^0.3.2",
        "@playwright/test": "^1.58.1",
-        "@types/node": "^25.2.0",
+        "@types/node": "^25.2.1",
        "@types/tar": "^6.1.13",
-        "dotenv": "^17.2.3",
+        "dotenv": "^17.2.4",
        "markdownlint-cli2": "^0.20.0",
        "tar": "^7.5.7"
      }
@@ -946,9 +946,9 @@
      "license": "MIT"
    },
    "node_modules/@types/node": {
-      "version": "25.2.0",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.2.0.tgz",
-      "integrity": "sha512-DZ8VwRFUNzuqJ5khrvwMXHmvPe+zGayJhr2CDNiKB1WBE1ST8Djl00D0IC4vvNmHMdj6DlbYRIaFE7WHjlDl5w==",
+      "version": "25.2.2",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.2.2.tgz",
+      "integrity": "sha512-BkmoP5/FhRYek5izySdkOneRyXYN35I860MFAGupTdebyE66uZaR+bXLHq8k4DirE5DwQi3NuhvRU1jqTVwUrQ==",
      "devOptional": true,
      "license": "MIT",
      "peer": true,
@@ -1257,9 +1257,9 @@
      }
    },
    "node_modules/dotenv": {
-      "version": "17.2.3",
-      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-17.2.3.tgz",
-      "integrity": "sha512-JVUnt+DUIzu87TABbhPmNfVdBDt18BLOWjMUFJMSi/Qqg7NTYtabbvSNJGOJ7afbRuv9D/lngizHtP7QyLQ+9w==",
+      "version": "17.2.4",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-17.2.4.tgz",
+      "integrity": "sha512-mudtfb4zRB4bVvdj0xRo+e6duH1csJRM8IukBqfTRvHotn9+LBXB8ynAidP9zHqoRC/fsllXgk4kCKlR21fIhw==",
      "dev": true,
      "license": "BSD-2-Clause",
      "engines": {
@@ -17,9 +17,9 @@
  "devDependencies": {
    "@bgotink/playwright-coverage": "^0.3.2",
    "@playwright/test": "^1.58.1",
-    "@types/node": "^25.2.0",
+    "@types/node": "^25.2.1",
    "@types/tar": "^6.1.13",
-    "dotenv": "^17.2.3",
+    "dotenv": "^17.2.4",
    "markdownlint-cli2": "^0.20.0",
    "tar": "^7.5.7"
  }