From e66404c81795606005095eeca5ce46fecb39e8b4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 14 Dec 2025 06:43:09 +0000 Subject: [PATCH 01/11] chore(deps): pin actions/upload-artifact action to ea165f8 --- .github/workflows/security-weekly-rebuild.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/security-weekly-rebuild.yml b/.github/workflows/security-weekly-rebuild.yml index 44c5bdb6..08d9e9d5 100644 --- a/.github/workflows/security-weekly-rebuild.yml +++ b/.github/workflows/security-weekly-rebuild.yml @@ -110,7 +110,7 @@ jobs: severity: 'CRITICAL,HIGH,MEDIUM,LOW' - name: Upload Trivy JSON results - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: trivy-weekly-scan-${{ github.run_number }} path: trivy-weekly-results.json From 0600f9da2a3d897d349340a67751374bb371cf83 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 14 Dec 2025 06:43:33 +0000 Subject: [PATCH 02/11] chore(deps): update dependency go to v1.25.5 --- .github/workflows/release-goreleaser.yml | 2 +- backend/go.mod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-goreleaser.yml b/.github/workflows/release-goreleaser.yml index a6f46f45..8b5d5930 100644 --- a/.github/workflows/release-goreleaser.yml +++ b/.github/workflows/release-goreleaser.yml @@ -26,7 +26,7 @@ jobs: - name: Set up Go uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 with: - go-version: '1.23.x' + go-version: '1.25.5' - name: Set up Node.js uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 diff --git a/backend/go.mod b/backend/go.mod index 4b44c643..fa69e381 100644 --- a/backend/go.mod +++ b/backend/go.mod @@ -1,6 +1,6 @@ module github.com/Wikid82/charon/backend -go 1.25 +go 1.25.5 require ( github.com/containrrr/shoutrrr v0.8.0 From 7c4b0002b5b573ee30a115a9b8a9ca2f8684cff8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 14 Dec 2025 06:43:40 +0000 Subject: [PATCH 03/11] chore(deps): update dependency node to v20.19.6 --- .github/workflows/release-goreleaser.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-goreleaser.yml b/.github/workflows/release-goreleaser.yml index a6f46f45..8cde538c 100644 --- a/.github/workflows/release-goreleaser.yml +++ b/.github/workflows/release-goreleaser.yml @@ -31,7 +31,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 with: - node-version: '20.x' + node-version: '20.19.6' - name: Build Frontend working-directory: frontend From 8c44d52b6931203826e6cd91545efe42c6ab0f1b Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Sun, 14 Dec 2025 06:50:39 +0000 Subject: [PATCH 04/11] fix: update log message to include an icon for SQL injection detection --- frontend/src/components/__tests__/LiveLogViewer.test.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/src/components/__tests__/LiveLogViewer.test.tsx b/frontend/src/components/__tests__/LiveLogViewer.test.tsx index e30fc0eb..eae7df6e 100644 --- a/frontend/src/components/__tests__/LiveLogViewer.test.tsx +++ b/frontend/src/components/__tests__/LiveLogViewer.test.tsx @@ -406,7 +406,7 @@ describe('LiveLogViewer', () => { // Use findBy queries (built-in waiting) instead of single waitFor with multiple assertions // This avoids race conditions where one failing assertion causes the entire block to retry await screen.findByText('10.0.0.1'); - await screen.findByText(/BLOCKED: SQL injection detected/); + await screen.findByText(/🚫 BLOCKED: SQL injection detected/); await screen.findByText(/\[SQL injection detected\]/); // For getAllByText, keep in waitFor but separate from other assertions From c19c4d4ff008d092c16b46db38a91166a076c669 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 14 Dec 2025 07:01:56 +0000 Subject: [PATCH 05/11] chore(deps): update actions/upload-artifact action to v5 --- .github/workflows/security-weekly-rebuild.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/security-weekly-rebuild.yml b/.github/workflows/security-weekly-rebuild.yml index 08d9e9d5..7c538c0d 100644 --- a/.github/workflows/security-weekly-rebuild.yml +++ b/.github/workflows/security-weekly-rebuild.yml @@ -110,7 +110,7 @@ jobs: severity: 'CRITICAL,HIGH,MEDIUM,LOW' - name: Upload Trivy JSON results - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 with: name: trivy-weekly-scan-${{ github.run_number }} path: trivy-weekly-results.json From 85fd287b34b4ab1e34036aef9e0d0d6031b3bf7e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 14 Dec 2025 07:01:59 +0000 Subject: [PATCH 06/11] chore(deps): update actions/upload-artifact action to v6 --- .github/workflows/security-weekly-rebuild.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/security-weekly-rebuild.yml b/.github/workflows/security-weekly-rebuild.yml index 08d9e9d5..2ee60a3b 100644 --- a/.github/workflows/security-weekly-rebuild.yml +++ b/.github/workflows/security-weekly-rebuild.yml @@ -110,7 +110,7 @@ jobs: severity: 'CRITICAL,HIGH,MEDIUM,LOW' - name: Upload Trivy JSON results - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 with: name: trivy-weekly-scan-${{ github.run_number }} path: trivy-weekly-results.json From 833e2de2d60ddd945b41173ed832146424418207 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Sun, 14 Dec 2025 07:09:10 +0000 Subject: [PATCH 07/11] fix: update version to 0.7.9 and add maxminddb-golang dependency --- .version | 2 +- go.work.sum | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.version b/.version index 1d0ba9ea..972ef76a 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -0.4.0 +0.7.9 diff --git a/go.work.sum b/go.work.sum index 1e280482..9aac90f5 100644 --- a/go.work.sum +++ b/go.work.sum @@ -42,6 +42,7 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/oschwald/maxminddb-golang/v2 v2.1.1/go.mod h1:PLdx6PR+siSIoXqqy7C7r3SB3KZnhxWr1Dp6g0Hacl8= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= From a26beefb082934353bd07fc564e997d71a42b1ed Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Sun, 14 Dec 2025 07:11:04 +0000 Subject: [PATCH 08/11] fix: update Go version to 1.25.5 in go.work --- go.work | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.work b/go.work index 166f9fc9..49e522aa 100644 --- a/go.work +++ b/go.work @@ -1,3 +1,3 @@ -go 1.25 +go 1.25.5 use ./backend From 7bca378275c4f43f2367d6e48eed3ed22bfcbf00 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Sun, 14 Dec 2025 07:22:25 +0000 Subject: [PATCH 09/11] fix: update renovate configuration for scheduling and automerge settings --- .github/renovate.json | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/renovate.json b/.github/renovate.json index 82182b43..461adba5 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -14,8 +14,11 @@ "labels": ["dependencies"], "rebaseWhen": "conflicted", "vulnerabilityAlerts": { "enabled": true }, - "schedule": ["every weekday"], + "schedule": ["before 4am on Monday"], "rangeStrategy": "bump", + "automerge": true, + "automergeType": "pr", + "platformAutomerge": true, "customManagers": [ { "customType": "regex", @@ -29,6 +32,11 @@ } ], "packageRules": [ + { + "description": "Automerge digest updates (action pins, Docker SHAs)", + "matchUpdateTypes": ["digest", "pin"], + "automerge": true + }, { "description": "Caddy transitive dependency patches in Dockerfile", "matchManagers": ["regex"], @@ -55,7 +63,7 @@ "matchManagers": ["gomod"], "labels": ["dependencies", "go"], "matchUpdateTypes": ["minor", "patch"], - "automerge": false + "automerge": true }, { "description": "GitHub Actions updates", From d63a08d6a21268e1250cb3b9f8c9a4a858425e8a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 14 Dec 2025 07:31:30 +0000 Subject: [PATCH 10/11] chore(deps): update dependency node to v22 --- .github/workflows/release-goreleaser.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-goreleaser.yml b/.github/workflows/release-goreleaser.yml index 8277b8a9..70f775d5 100644 --- a/.github/workflows/release-goreleaser.yml +++ b/.github/workflows/release-goreleaser.yml @@ -31,7 +31,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 with: - node-version: '20.19.6' + node-version: '22.21.1' - name: Build Frontend working-directory: frontend From df59d982896475938a58298b586f5f3f54c4ddf4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 14 Dec 2025 07:31:33 +0000 Subject: [PATCH 11/11] chore(deps): update dependency node to v24 --- .github/workflows/release-goreleaser.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-goreleaser.yml b/.github/workflows/release-goreleaser.yml index 8277b8a9..4528dc2e 100644 --- a/.github/workflows/release-goreleaser.yml +++ b/.github/workflows/release-goreleaser.yml @@ -31,7 +31,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 with: - node-version: '20.19.6' + node-version: '24.12.0' - name: Build Frontend working-directory: frontend