Update all stable non-major dependencies #76
No reviewers
Labels
No labels
bug
duplicate
enhancement
help wanted
invalid
question
renovate
waiting on upstream
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
CCCHH/ansible-infra!76
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "renovate/all-stable-minor-patch"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
v2.20.1→v2.23.03.7.1→3.7.21.29.7→1.31.118.3→18.48.6.2→8.6.39.3.1→9.4.0v0.31.1→v0.32.1v3.10.0→v3.11.33.8.2→3.9.0v5.35.0→v5.36.026.5.7→26.6.0v26.3.0→v26.4.0v4.5.5→v4.6.1v7.15.1→v7.15.2Release Notes
binwiederhier/ntfy (docker.io/binwiederhier/ntfy)
v2.23.0Compare Source
Features:
visitor-topic-creation-limit-burst/visitor-topic-creation-limit-replenish, defaults 100 burst / 1m replenish) to mitigate topic-enumeration / squatting attacks that inflate the in-memory topic mapBug fixes + maintenance:
stacktrace-js,stacktrace-gps,humanize-duration, andjs-base64from the web app to reduce dependency and security footprintv2.22.0Compare Source
Bug fixes + maintenance:
v2.21.0Compare Source
This release adds the ability to verify email addresses using the
smtp-sender-verifyflag. This is a change that is required because ntfy.sh was used to send unsolicited emails and the AWS SES account was suspended. Going forward, ntfy.sh won't be able to send emails unless the email address was verified ahead of time.Features:
smtp-sender-verifyconfig flag, allowing server admins to require emailaddress verification before sending email notifications (#1681)
prometheus/alertmanager (docker.io/prom/alertmanager)
v0.32.1: 0.32.1 / 2026-04-29Compare Source
v0.32.0: 0.32.0 / 2026-04-08Compare Source
go get github.com/prometheus/alertmanager/uiwill now fail as compiled UI assets are no longer checked into the repository. Downstream builds that rely on these assets being present in the source tree must now build the UI from source. #5113Alertmanagercode.auth_secret_filefor smtp in document. #5036telegram_bot_token. #5114force_implicit_tlsconfig field name. #5030prometheus/prometheus (docker.io/prom/prometheus)
v3.11.3: 3.11.3 / 2026-04-27Compare Source
This release fixes mutiple security issues.
We would like to thank the following people for the responsible disclosures:
Shadowbyte (4c1dr3aper) - Charlie Lewis for the Remote-Read snappy decode vulnerability.
Brett Gervasoni for the AzureAD OAuth
client_secretvulnerability.@iiihaiii and @Ngocnn97 for the Old UI XSS vulnerability.
[SECURITY] AzureAD remote write: Fix OAuth
client_secretbeing exposed in plaintext via/-/configendpoint. GHSA-wg65-39gg-5wfj / CVE-2026-42151 #18590[SECURITY] Remote-read: Reject snappy-compressed requests whose declared decoded length exceeds the decode limit. GHSA-8rm2-7qqf-34qm / CVE-2026-42154 #18584
[SECURITY] UI: Fix stored XSS via unescaped
lelabel values in old UI heatmap chart tick labels. GHSA-fw8g-cg8f-9j28 #18588v3.11.2: 3.11.2 / 2026-04-13Compare Source
This release has a fix for a Stored XSS vulnerability that can be triggered via crafted metric names and label values in Prometheus web UI tooltips and metrics explorer. Thanks to Duc Anh Nguyen from TinyxLab for reporting it.
health_filterfield for Health API filtering. #18499v3.11.1: 3.11.1 / 2026-04-07Compare Source
insecure: true. #18469v3.11.0: 3.11.0 / 2026-04-02Compare Source
__meta_hetzner_datacenterlabel is deprecated for the rolerobotbut kept for backward compatibility, use the__meta_hetzner_robot_datacenterlabel instead. For the rolehcloud, the label is deprecated and will stop working after the 1 July 2026. #17850__meta_hetzner_hcloud_datacenter_locationand__meta_hetzner_hcloud_datacenter_location_network_zonelabels are deprecated, use the__meta_hetzner_hcloud_locationand__meta_hetzner_hcloud_location_network_zonelabels instead. #17850prometheus_sd_last_update_timestamp_secondsmetric to track the last time a service discovery update was sent to consumers. #18194__meta_kubernetes_pod_deployment_name,__meta_kubernetes_pod_cronjob_nameand__meta_kubernetes_pod_job_name, respectively. #17774</and>/operators for trimming observations from native histograms. #17904histogram_quantilesvariadic function for computing multiple quantiles at once. #17285storage.tsdb.retention.percentageconfiguration to configure the maximum percent of disk usable for TSDB storage. #18080st-storagefeature flag. When enabled, Prometheus stores ingested start timestamps (ST, previously called Created Timestamp) from scrape or OTLP in the TSDB and Agent WAL, and exposes them via Remote Write 2. #18062xor2-encodingfeature flag for the new TSDB block float sample chunk encoding that is optimized for scraped data and allows encoding start timestamps. #18062external_idsupport for sigv4. #17916first_over_timeandts_of_first_over_timePromQL functions. #18318KahanAdd. #18252endpointoption, a regression from the AWS SDK v2 migration. #18133client_idis empty. #18323*DualStackEndpointSlices policies. #18192prometheus_remote_storage_sent_batch_duration_secondsmeasuring before the request was sent. #18214use-uncached-iofeature flag is set on unsupported environments. #18219prometheus-pve/prometheus-pve-exporter (docker.io/prompve/prometheus-pve-exporter)
v3.9.0Compare Source
Added
v3.8.3Compare Source
Changed
TwiN/gatus (ghcr.io/twin/gatus)
v5.36.0Compare Source
What's Changed
New Contributors
Full Changelog: https://github.com/TwiN/gatus/compare/v5.35.0...v5.36.0
ansible/ansible-lint (https://github.com/ansible/ansible-lint)
v26.4.0Compare Source
Fixes
Maintenance
netbox-community/netbox (netbox)
v4.6.1: - 2026-05-19Compare Source
Enhancements
HTTP_CLIENT_IP_HEADERSconfiguration parameter to customize HTTP headers used to determine client IP addressPerformance Improvements
GRAPHQL_MAX_QUERY_DEPTH) to guard against excessively complex queriesBug Fixes
environment_params(CVE-2026-29514)interface_bgenerated when saving an unchanged wireless linkTypeErrorexception raised by table config validation whenorderingattribute is nullobject_typefield annotation on TableConfigType GraphQL typeuser_idFK filter on job filtersetcable_idFK filter on cable termination filtersetDeprecations
v4.6.0: - 2026-05-05Compare Source
New Features
Virtual Machine Types (#5795)
A new VirtualMachineType model has been introduced to enable categorization of virtual machines by instance type, analogous to how DeviceType categorizes physical hardware. VM types can be defined once and reused across many virtual machines.
Cable Bundles (#20151)
A new CableBundle model allows individual cables to be grouped together to represent physical cable runs that are managed as a unit; e.g. a bundle of 48 CAT6 cables between two patch panels. (Please note that this feature is not suitable for modeling individual fiber strands within a single cable.)
Rack Groups (#20961)
A flat RackGroup model has been reintroduced to provide a lightweight secondary axis of rack organization (e.g. by row or aisle) that is independent of the location hierarchy. Racks carry an optional foreign key to a RackGroup, and RackGroup can also serve as a scope for VLANGroup assignments.
ETag Support for REST API (#21356)
The REST API now returns an
ETagheader on responses for individual objects, derived from the object's last-updated timestamp. Clients can supply anIf-Matchheader on PUT/PATCH requests to guard against conflicting concurrent updates; if the object has been modified since the ETag was issued, the server returns a 412 (Precondition Failed) response.Cursor-based Pagination for REST API (#21363)
A new
startquery parameter has been introduced as an efficient alternative to the existingoffsetparameter for paginating large result sets. Rather than scanning the table up to a relative offset, thestartparameter filters for objects with a primary key equal to or greater than the given value, enabling constant-time pagination regardless of result set size.Enhancements
{module}position inheritance for nested module baystotal_vlan_idsattribute on VLAN group representation in REST & GraphQL APIsCHANGELOG_RETAIN_CREATE_LAST_UPDATEconfiguration parameter to retain creation & most recent update record in change log for each object{vc_position}template variable for device component template name/labelrf_channel_frequencyprecision to 3 decimal placesEnhancedURLValidatorwith Django'sURLValidatoradd_tags) and removal (remove_tags) via REST APIINTERNAL_IPSto enable debug toolbar for all clientsPerformance Improvements
Plugins
Deprecations
usernameandrequest_idfields in event datahousekeepingmanagement commandquerystringtemplate tagDEFAULT_ACTION_PERMISSIONSmappingmodelskey in application registryLOGIN_REQUIREDconfiguration parameterexpand_ipaddress_pattern()utility functionOther Changes
v4.5.10: - 2026-05-04Compare Source
Bug Fixes
connectedstatus to exclude incomplete cable pathscable_endfield on cabled objects to indicate it may be nullv4.5.9: - 2026-04-28Compare Source
Enhancements
profilefilter support for modulesdictsubclasses for theAPI_TOKEN_PEPPERSconfiguration parameterPerformance Improvements
Bug Fixes
available-prefixesendpoint request bodyPOST/PATCHrequests missing a trailing slashEventRule.action_dataas a JSON object to prevent server errors on object writesv4.5.8: - 2026-04-14Compare Source
Enhancements
humanize_speedtemplate filter to support decimal Gbps/Tbps valuesBug Fixes
ScriptModuleclass synchronization triggered on savev4.5.7: - 2026-04-03Compare Source
Enhancements
RQconfiguration parameter/api/extras/scripts/upload/)Performance Improvements
Bug Fixes
AttributeErrorexception when sorting a table as an anonymous userRelatedObjectDoesNotExistexception when viewing an interface with a virtual circuit terminationAttributeErrorexception when viewing virtual chassis memberv4.5.6: - 2026-03-31Compare Source
Enhancements
Bug Fixes
{module}variable for position fields in nested modulesFieldErrorexception when sorting the circuit group assignment table by the member columnoauth2-proxy/oauth2-proxy (quay.io/oauth2-proxy/oauth2-proxy)
v7.15.2Compare Source
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate.
a873ca2cfe0fd65b9a9a0fd65b9a9ac178d824dcc178d824dc7ceca873ddUpdate docker.io/binwiederhier/ntfy Docker tag to v2.21.0to Update all stable non-major dependencies7ceca873ddf9f3248cf1f9f3248cf156aee3266856aee32668a63edc7651a63edc7651a4a44564d0a4a44564d028e124dd7a28e124dd7aea5334d74aea5334d74a0413fe05b10413fe05b1b86c4a6801b86c4a6801b5943aa8b0b5943aa8b0de2758f9b9de2758f9b9a53d00c962a53d00c9624268a8770d4268a8770d8be5dfea998be5dfea99bb194d59dfbb194d59df83360bb19983360bb1992d1b885b4b2d1b885b4b5798eb57345798eb57344588c424534588c42453bc2f3b70d1bc2f3b70d11ffa0dd2531ffa0dd253436165e899436165e8998d5de6c6d58d5de6c6d5b8535ba4fdb8535ba4fd3474cb2d573474cb2d574c4ce69f7e4c4ce69f7edeec153407deec153407bda1a57786bda1a57786a116d58ccfa116d58ccfcd15864462cd158644623450754e8b3450754e8bc599c113a9c599c113a9504ec1518b504ec1518b044f260358044f260358ad062b280dad062b280d98d1bb9d1498d1bb9d144754025c054754025c05a4e3e7c4baa4e3e7c4ba58127bffc658127bffc677843e62f577843e62f57400d720047400d72004f5e19f2da5f5e19f2da5c1d6e7163ec1d6e7163e7b1d4b55a57b1d4b55a5d4a2dd588dd4a2dd588d0acb6ae2720acb6ae272617c288f44617c288f449aacf9463d9aacf9463daabc4f01efaabc4f01efa228f981b8a228f981b8aa06849101aa06849101d14c0d5177d14c0d517745b3da6ad045b3da6ad0ad18373ccead18373cceccce1d5ae3ccce1d5ae32d17176c4e2d17176c4e7c974404197c97440419abb54e850cabb54e850c9ab49e8eb49ab49e8eb41bcb77c4591bcb77c459d471303b11d471303b1179d2156a07View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.Merge
Merge the changes and update on Forgejo.Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.