580e20d573
fix: resolve 5 HIGH-severity CVEs blocking nightly container image scan
...
Patch vulnerable transitive dependencies across all three compiled
binaries in the Docker image (backend, Caddy, CrowdSec):
- go-jose/v3 and v4: JOSE/JWT validation bypass (CVE-2026-34986)
- otel/sdk: resource leak in OpenTelemetry SDK (CVE-2026-39883)
- pgproto3/v2: buffer overflow via pgx/v4 bump (CVE-2026-32286)
- AWS SDK v2: event stream injection in CrowdSec deps (GHSA-xmrv-pmrh-hhx2)
- OTel HTTP exporters: request smuggling (CVE-2026-39882)
- gRPC: bumped to v1.80.0 for transitive go-jose/v4 resolution
All Dockerfile patches include Renovate annotations for automated
future tracking. Renovate config extended to cover Go version and
GitHub Action refs in skill example workflows, preventing version
drift in non-CI files. SECURITY.md updated with pre-existing Alpine
base image CVE (no upstream fix available).
Nightly Go stdlib CVEs (1.26.1) self-heal on next development sync;
example workflow pinned to 1.26.2 for correctness.
2026-04-09 17:24:25 +00:00
bb496daae3
fix(ci): improve health check for Charon container in nightly build
2026-04-09 14:08:19 +00:00
4cd568b0e5
fix(deps): update multiple dependencies in package-lock.json
2026-04-09 14:04:00 +00:00
efd70cd651
fix(deps): update golang.org/x/text to v0.36.0 and other dependencies
2026-04-09 14:01:05 +00:00
3d4a63b515
fix(go): update Go version to 1.26.2
2026-04-09 13:58:24 +00:00
42cec9e8c3
Merge pull request #919 from Wikid82/renovate/feature/beta-release-non-major-updates
...
fix(deps): update non-major-updates (feature/beta-release)
2026-04-09 09:41:24 -04:00
73565e0e0d
fix(deps): update non-major-updates
2026-04-09 09:20:57 +00:00
6dddc5db43
Merge pull request #918 from Wikid82/renovate/feature/beta-release-non-major-updates
...
fix(deps): update non-major-updates (feature/beta-release)
2026-04-06 20:30:42 -04:00
ef90d1c0d7
fix(deps): update non-major-updates
2026-04-06 21:48:29 +00:00
2d923246a9
Merge pull request #916 from Wikid82/development
...
Propagate changes from development into feature/beta-release
2026-04-06 01:24:35 -04:00
241c0d1b35
Merge pull request #914 from Wikid82/renovate/development-non-major-updates
...
chore(deps): update non-major-updates (development)
2026-04-06 01:08:26 -04:00
a9767baa69
Merge branch 'development' into renovate/development-non-major-updates
2026-04-06 01:08:07 -04:00
79f0080c80
Merge pull request #915 from Wikid82/main
...
Propagate changes from main into development
2026-04-06 01:07:49 -04:00
bfa6fc0920
chore(deps): update non-major-updates
2026-04-06 04:42:28 +00:00
c70c87386e
Merge pull request #913 from Wikid82/bot/update-geolite2-checksum
...
chore(docker): update GeoLite2-Country.mmdb checksum
2026-04-06 00:38:12 -04:00
a5c6eb95c6
Merge pull request #887 from Wikid82/feature/beta-release
...
Feature: CrowdSec Dashboard Integration with Observable Metrics
2026-04-06 00:37:46 -04:00
f5ab2cddd8
chore(docker): update GeoLite2-Country.mmdb checksum
...
Automated checksum update for GeoLite2-Country.mmdb database.
Old: 7840f4b8891e7c866f948d4b020cdc12aeea51b09450b44ad96d1f14f6e32879
New: f5e80a9a3129d46e75c8cccd66bfac725b0449a6c89ba5093a16561d58f20bda
Auto-generated by: .github/workflows/update-geolite2.yml
2026-04-06 02:58:45 +00:00
47d306b44b
fix(docker): ensure CrowdSec hub index and collections bootstrap on every startup
2026-04-05 05:16:26 +00:00
5e73ba7bd0
fix(security): add temporary ignore rules for transitive HIGH vulnerabilities
2026-04-05 04:18:54 +00:00
32a30434b1
fix(security): prevent client injection of enrichment fields on decisions
2026-04-05 02:51:54 +00:00
138426311f
fix(models): prevent zero-date serialization for optional ExpiresAt
2026-04-05 02:51:54 +00:00
a8ef9dd6ce
fix(crowdsec): use read lock for non-mutating cache lookups
2026-04-05 02:51:54 +00:00
b48794df14
fix(deps): update smol-toml version constraint to ensure compatibility
2026-04-05 02:51:54 +00:00
85a80568b2
fix(ci): load Grype ignore config in supply chain verification
2026-04-05 02:51:54 +00:00
fc0e31df56
fix(deps): update tldts and tldts-core to version 7.0.28 for compatibility improvements
2026-04-05 02:51:54 +00:00
cb4ae8367c
Merge pull request #910 from Wikid82/renovate/feature/beta-release-non-major-updates
...
fix(deps): update dependency tldts to ^7.0.28 (feature/beta-release)
2026-04-04 22:32:58 -04:00
de020d9901
Merge pull request #909 from Wikid82/renovate/feature/beta-release-react-i18next-17.x
...
fix(deps): update dependency react-i18next to v17 (feature/beta-release)
2026-04-04 22:24:07 -04:00
0634357ee9
fix(deps): update dependency tldts to ^7.0.28
2026-04-05 02:04:41 +00:00
9753a13001
fix(deps): update dependency react-i18next to v17
2026-04-04 01:09:32 +00:00
d0deef1537
Merge branch 'development' into feature/beta-release
2026-04-03 21:08:07 -04:00
4603b57224
Merge pull request #908 from Wikid82/renovate/feature/beta-release-non-major-updates
...
fix(deps): update non-major-updates (feature/beta-release)
2026-04-03 21:07:43 -04:00
bb64ca64e2
Merge branch 'feature/beta-release' into renovate/feature/beta-release-non-major-updates
2026-04-03 21:07:31 -04:00
ce4a9c5626
Merge pull request #896 from Wikid82/renovate/feature/beta-release-react-i18next-17.x
...
fix(deps): update dependency react-i18next to v17 (feature/beta-release)
2026-04-03 21:07:00 -04:00
b45861090d
fix(deps): update non-major-updates
2026-04-04 00:58:06 +00:00
4a3f655a49
Merge pull request #907 from Wikid82/main
...
Propagate changes from main into development
2026-04-03 20:58:02 -04:00
29e069ac94
Merge branch 'feature/beta-release' into renovate/feature/beta-release-react-i18next-17.x
2026-04-03 20:56:19 -04:00
625fcf8e5c
fix: update Trivy action version and extend vulnerability review dates in configuration files
2026-04-04 00:54:55 +00:00
2b8ed06c3c
fix: remediate axios supply chain compromise and harden CI workflow permissions
2026-04-04 00:05:27 +00:00
34d73ad6ed
fix: update dependencies for @emnapi/core, @emnapi/runtime, @emnapi/wasi-threads, @playwright/test, and dotenv for compatibility improvements
2026-04-03 23:20:41 +00:00
e06a8cb676
fix: update go-sqlite3 and other dependencies for compatibility and improvements
2026-04-03 22:57:25 +00:00
5ba8cd60c8
fix: add npmDedupe to postUpdateOptions for improved dependency management
2026-04-03 22:55:15 +00:00
29985714a3
fix: update CORAZA_CADDY_VERSION to 2.4.0 for compatibility improvements
2026-04-03 22:39:40 +00:00
64c9d7adbe
fix: update CADDY_SECURITY_VERSION to 1.1.61 for security improvements
2026-04-03 22:38:28 +00:00
8d56760c64
Merge branch 'feature/beta-release' into renovate/feature/beta-release-react-i18next-17.x
2026-03-30 21:19:47 -04:00
087ae9cc0d
Merge pull request #890 from Wikid82/renovate/feature/beta-release-non-major-updates
...
fix(deps): update non-major-updates (feature/beta-release)
2026-03-30 21:19:28 -04:00
35b003ae5e
Merge branch 'feature/beta-release' into renovate/feature/beta-release-non-major-updates
2026-03-30 21:19:14 -04:00
cab3c68508
Merge pull request #895 from Wikid82/renovate/feature/beta-release-i18next-26.x
...
fix(deps): update dependency i18next to v26 (feature/beta-release)
2026-03-30 21:17:42 -04:00
b6558d4165
Merge pull request #894 from Wikid82/renovate/feature/beta-release-eslint-plugin-unicorn-64.x
...
chore(deps): update dependency eslint-plugin-unicorn to v64 (feature/beta-release)
2026-03-30 21:17:25 -04:00
64cbe5a74d
Merge pull request #893 from Wikid82/renovate/feature/beta-release-eslint-markdown-8.x
...
chore(deps): update dependency @eslint/markdown to v8 (feature/beta-release)
2026-03-30 21:17:10 -04:00
1d3e60b4f8
Merge pull request #892 from Wikid82/renovate/feature/beta-release-codecov-codecov-action-6.x
...
chore(deps): update codecov/codecov-action action to v6 (feature/beta-release)
2026-03-30 21:16:50 -04:00
GitHub Actions
Jeremy
renovate[bot]
Wikid82