30 Commits

Author SHA1 Message Date
renovate 90b7974a20 chore(deps): update golang:1.26.4 docker digest to f83d235 (#180)
dancefetcher / build (push) Successful in 8m36s
dancefetcher / deploy-prod (push) Successful in 50s
2026-06-24 06:49:05 +00:00
renovate 558ad7a5a5 chore(deps): update actions/checkout action to v7 (#179)
dancefetcher / build (push) Successful in 9m9s
dancefetcher / deploy-prod (push) Successful in 42s
This PR contains the following updates:

| Package | Type | Update | Change | Pending |
|---|---|---|---|---|
| [actions/checkout](https://github.com/actions/checkout) | action | major | `v6` → `v7` | `v7.0.0` |

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

### [`v7.0.0`](https://github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v700)

[Compare Source](https://github.com/actions/checkout/compare/v7.0.0...v7.0.0)

- Block checking out fork PR for pull\_request\_target and workflow\_run by [@&#8203;aiqiaoy](https://github.com/aiqiaoy) in [#&#8203;2454](https://github.com/actions/checkout/pull/2454)
- Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2458](https://github.com/actions/checkout/pull/2458)
- Bump flatted from 3.3.1 to 3.4.2 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2460](https://github.com/actions/checkout/pull/2460)
- Bump js-yaml from 4.1.0 to 4.2.0 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2461](https://github.com/actions/checkout/pull/2461)
- Bump [@&#8203;actions/core](https://github.com/actions/core) and [@&#8203;actions/tool-cache](https://github.com/actions/tool-cache) and Remove uuid by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2459](https://github.com/actions/checkout/pull/2459)
- upgrade module to esm and update dependencies by [@&#8203;aiqiaoy](https://github.com/aiqiaoy) in [#&#8203;2463](https://github.com/actions/checkout/pull/2463)
- Bump the minor-npm-dependencies group across 1 directory with 3 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2462](https://github.com/actions/checkout/pull/2462)

### [`v7`](https://github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v700)

[Compare Source](https://github.com/actions/checkout/compare/v6.0.3...v7.0.0)

- Block checking out fork PR for pull\_request\_target and workflow\_run by [@&#8203;aiqiaoy](https://github.com/aiqiaoy) in [#&#8203;2454](https://github.com/actions/checkout/pull/2454)
- Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2458](https://github.com/actions/checkout/pull/2458)
- Bump flatted from 3.3.1 to 3.4.2 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2460](https://github.com/actions/checkout/pull/2460)
- Bump js-yaml from 4.1.0 to 4.2.0 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2461](https://github.com/actions/checkout/pull/2461)
- Bump [@&#8203;actions/core](https://github.com/actions/core) and [@&#8203;actions/tool-cache](https://github.com/actions/tool-cache) and Remove uuid by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2459](https://github.com/actions/checkout/pull/2459)
- upgrade module to esm and update dependencies by [@&#8203;aiqiaoy](https://github.com/aiqiaoy) in [#&#8203;2463](https://github.com/actions/checkout/pull/2463)
- Bump the minor-npm-dependencies group across 1 directory with 3 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;2462](https://github.com/actions/checkout/pull/2462)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMjAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIyMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->

Reviewed-on: #179
Co-authored-by: Renovate Bot <renovate@unbound.se>
Co-committed-by: Renovate Bot <renovate@unbound.se>
2026-06-20 19:39:12 +00:00
renovate ef8e68d209 chore(deps): update golang:1.26.4 docker digest to 62df9f3 (#178)
dancefetcher / build (push) Successful in 11m33s
dancefetcher / deploy-prod (push) Successful in 52s
2026-06-11 06:25:14 +00:00
renovate 6b1762d786 chore(deps): update golang docker tag to v1.26.4 (#177)
dancefetcher / build (push) Successful in 9m12s
dancefetcher / deploy-prod (push) Successful in 42s
2026-06-05 23:20:10 +00:00
renovate 92e42f4e61 chore(deps): update go toolchain directive to v1.26.4 [security] (#175)
dancefetcher / build (push) Successful in 11m53s
dancefetcher / deploy-prod (push) Successful in 54s
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [go](https://go.dev/) ([source](https://github.com/golang/go)) | toolchain | patch | `1.26.3` → `1.26.4` |

---

### Inefficient candidate hostname parsing in crypto/x509
[CVE-2026-27145](https://nvd.nist.gov/vuln/detail/CVE-2026-27145) / [GO-2026-5037](https://pkg.go.dev/vuln/GO-2026-5037)

<details>
<summary>More information</summary>

#### Details
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname.

With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.

#### Severity
Unknown

#### References
- [https://go.dev/cl/783621](https://go.dev/cl/783621)
- [https://go.dev/issue/79694](https://go.dev/issue/79694)
- [https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw](https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw)

This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5037) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)).
</details>

---

### Quadratic complexity in WordDecoder.DecodeHeader in mime
[CVE-2026-42504](https://nvd.nist.gov/vuln/detail/CVE-2026-42504) / [GO-2026-5038](https://pkg.go.dev/vuln/GO-2026-5038)

<details>
<summary>More information</summary>

#### Details
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.

#### Severity
Unknown

#### References
- [https://go.dev/issue/79217](https://go.dev/issue/79217)
- [https://go.dev/cl/774481](https://go.dev/cl/774481)
- [https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw](https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw)

This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5038) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)).
</details>

---

### Arbitrary inputs are included in errors without any escaping in net/textproto
[CVE-2026-42507](https://nvd.nist.gov/vuln/detail/CVE-2026-42507) / [GO-2026-5039](https://pkg.go.dev/vuln/GO-2026-5039)

<details>
<summary>More information</summary>

#### Details
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged.

#### Severity
Unknown

#### References
- [https://go.dev/issue/79346](https://go.dev/issue/79346)
- [https://go.dev/cl/777060](https://go.dev/cl/777060)
- [https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw](https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw)

This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5039) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)).
</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - ""
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMDIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjIwMi4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->

Reviewed-on: #175
Co-authored-by: Renovate Bot <renovate@unbound.se>
Co-committed-by: Renovate Bot <renovate@unbound.se>
2026-06-03 05:40:03 +00:00
renovate e498f5d12f chore(deps): update golang:1.26.3 docker digest to 54d3246 (#174)
dancefetcher / build (push) Successful in 19m11s
dancefetcher / deploy-prod (push) Successful in 1m2s
2026-05-20 06:21:44 +00:00
renovate 7770d3ae24 chore(deps): update golang docker tag to v1.26.3 (#173)
dancefetcher / build (push) Successful in 7m3s
dancefetcher / deploy-prod (push) Successful in 42s
2026-05-11 23:13:54 +00:00
renovate 01380bfb07 chore(deps): update go toolchain directive to v1.26.3 (#172)
dancefetcher / build (push) Successful in 7m54s
dancefetcher / deploy-prod (push) Successful in 47s
2026-05-10 00:15:09 +00:00
renovate 4749b56088 chore(deps): update golang:1.26.2 docker digest to e1203b8 (#171)
dancefetcher / build (push) Successful in 10m30s
dancefetcher / deploy-prod (push) Successful in 47s
2026-04-22 08:17:02 +00:00
renovate f429e3bd16 chore(deps): update golang docker tag to v1.26.2 (#170)
dancefetcher / build (push) Successful in 10m22s
dancefetcher / deploy-prod (push) Successful in 50s
2026-04-10 22:55:25 +00:00
renovate bea8a99de5 chore(deps): update dependency go to v1.26.2 (#169)
dancefetcher / build (push) Successful in 20m50s
dancefetcher / deploy-prod (push) Successful in 1m6s
2026-04-10 01:22:50 +00:00
renovate ed8c5add07 chore(deps): update golang:1.26.1 docker digest to 5ba1126 (#168)
dancefetcher / build (push) Successful in 8m53s
dancefetcher / deploy-prod (push) Successful in 45s
2026-04-07 05:30:16 +00:00
renovate 20d3cc12b4 chore(deps): update golang:1.26.1 docker digest to 984bf90 (#167)
dancefetcher / build (push) Successful in 14m31s
dancefetcher / deploy-prod (push) Successful in 52s
2026-03-17 02:18:58 +00:00
renovate 28809f6f15 chore(deps): update golang docker tag to v1.26.1 (#166)
dancefetcher / build (push) Successful in 6m48s
dancefetcher / deploy-prod (push) Successful in 1m4s
2026-03-06 02:18:41 +00:00
renovate 45e6ef8802 chore(deps): update dependency go to v1.26.1 (#165)
dancefetcher / build (push) Successful in 5m42s
dancefetcher / deploy-prod (push) Successful in 1m20s
2026-03-06 01:16:31 +00:00
argoyle 7e9fffa7d0 Merge pull request 'fix(k8s): remove CPU limits to resolve KubeCPUOvercommit alert' (#164) from remove-cpu-limits into master
dancefetcher / build (push) Successful in 5m17s
dancefetcher / deploy-prod (push) Successful in 44s
Reviewed-on: #164
2026-03-01 11:27:27 +00:00
argoyle 27041f7ca5 fix(k8s): remove CPU limits to resolve KubeCPUOvercommit alert
dancefetcher / build (pull_request) Successful in 6m23s
dancefetcher / deploy-prod (pull_request) Has been skipped
Remove cpu from resource limits while keeping memory limits and all
requests intact. CPU limits cause unnecessary throttling and
overcommit alerts when actual usage is far below limits.
2026-03-01 12:15:54 +01:00
renovate 3157a712e2 chore(deps): update golang:1.26.0 docker digest to 9835fb4 (#163)
dancefetcher / build (push) Successful in 5m36s
dancefetcher / deploy-prod (push) Successful in 1m9s
2026-02-24 22:31:46 +00:00
renovate e6681eb02e chore(deps): update golang docker tag to v1.26.0 (#162)
dancefetcher / build (push) Failing after 2s
dancefetcher / deploy-prod (push) Has been skipped
2026-02-11 00:11:02 +00:00
renovate 66b6ea5aa4 chore(deps): update golang:1.25.7 docker digest to d2819ff (#161)
dancefetcher / build (push) Successful in 1h17m16s
dancefetcher / deploy-prod (push) Failing after 2s
2026-02-10 22:31:38 +00:00
renovate 962d93784b chore(deps): update dependency go to v1.26.0 (#160)
dancefetcher / build (push) Successful in 6m24s
dancefetcher / deploy-prod (push) Successful in 44s
2026-02-10 20:27:15 +00:00
argoyle e77ea61eca Merge pull request 'chore(deps): update golang docker tag to v1.25.7' (#159) from renovate/golang-1.x into master
dancefetcher / build (push) Successful in 28m49s
dancefetcher / deploy-prod (push) Successful in 50s
Reviewed-on: #159
2026-02-05 09:20:54 +00:00
renovate 1777762126 chore(deps): update golang docker tag to v1.25.7
dancefetcher / build (pull_request) Successful in 16m3s
dancefetcher / deploy-prod (pull_request) Has been cancelled
2026-02-04 18:05:09 +00:00
renovate b9f0dbe97e chore(deps): update dependency go to v1.25.7 (#158)
dancefetcher / build (push) Successful in 15m4s
dancefetcher / deploy-prod (push) Successful in 43s
2026-02-04 16:24:16 +00:00
renovate 412c3c7ba3 chore(deps): update golang:1.25.6 docker digest to ceda080 (#157)
dancefetcher / build (push) Successful in 21m58s
dancefetcher / deploy-prod (push) Successful in 59s
2026-02-03 08:27:29 +00:00
renovate 17d6092dc8 chore(deps): update golang docker tag to v1.25.6 (#156)
dancefetcher / build (push) Successful in 1h18m0s
dancefetcher / deploy-prod (push) Successful in 1m15s
2026-01-15 22:24:13 +00:00
renovate dd2633fb44 chore(deps): update dependency go to v1.25.6 (#155)
dancefetcher / build (push) Successful in 12m16s
dancefetcher / deploy-prod (push) Successful in 37s
2026-01-15 20:25:32 +00:00
renovate 9bea70c3aa chore(deps): update golang:1.25.5 docker digest to 3a01526 (#154)
dancefetcher / build (push) Successful in 51m52s
dancefetcher / deploy-prod (push) Failing after 2s
2026-01-13 06:29:08 +00:00
argoyle 4d4c4737a3 Merge pull request 'fix: remove incorrect digest pinning from image reference' (#153) from fix/remove-digest-pinning into master
dancefetcher / build (push) Successful in 9m32s
dancefetcher / deploy-prod (push) Successful in 31s
Reviewed-on: #153
2026-01-09 12:02:01 +00:00
argoyle bb9d47f6b3 fix: remove incorrect digest pinning from image reference
dancefetcher / build (pull_request) Successful in 20m19s
dancefetcher / deploy-prod (pull_request) Has been skipped
2026-01-09 11:54:24 +01:00
4 changed files with 5 additions and 6 deletions
+2 -2
View File
@@ -13,7 +13,7 @@ jobs:
BUILDTOOLS_CONTENT: ${{ secrets.BUILDTOOLS_CONTENT }}
GITEA_REPOSITORY: ${{ gitea.repository }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- uses: buildtool/setup-buildtools-action@v1
- name: Build and push
run: unset GITEA_TOKEN && build && push
@@ -27,7 +27,7 @@ jobs:
GITEA_REPOSITORY: ${{ gitea.repository }}
environment: prod
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- uses: buildtool/setup-buildtools-action@v1
- name: Deploy
run: deploy prod
+1 -1
View File
@@ -1,4 +1,4 @@
FROM amd64/golang:1.25.5@sha256:ad03ba93327b8a6143b49373790b5d92c28067bdb814418509466122ee9c9e63 as build
FROM amd64/golang:1.26.4@sha256:f83d23523668b4ea5b644ae7711b2284f35f3bc3369a02655a8bc30d98586c4d as build
WORKDIR /build
ENV CGO_ENABLED=0
ADD . /build
+1 -1
View File
@@ -2,7 +2,7 @@ module gitlab.com/unboundsoftware/dancefinder/dancefetcher
go 1.24.0
toolchain go1.25.5
toolchain go1.26.4
require (
github.com/alecthomas/kingpin/v2 v2.4.0
+1 -2
View File
@@ -13,11 +13,10 @@ spec:
spec:
containers:
- name: dancefetcher
image: oci.unbound.se/dancefinder/dancefetcher@sha256:91a06ed01855f35887c8577a1e521ddb67a37e753e9951562bb0521d7c59e179:${COMMIT}
image: oci.unbound.se/dancefinder/dancefetcher:${COMMIT}
imagePullPolicy: Always
resources:
limits:
cpu: 600m
memory: 200Mi
requests:
cpu: 20m