Update all stable non-major dependencies #76
No reviewers
Labels
No labels
bug
duplicate
enhancement
help wanted
invalid
question
renovate
waiting on upstream
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
CCCHH/ansible-infra!76
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "renovate/all-stable-minor-patch"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
v2.20.1→v2.24.013.0.1→13.0.23.7.1→3.7.21.29.7→1.31.118.3→18.48.6.2→8.8.09.3.1→9.4.0v0.31.1→v0.33.0v3.10.0→v3.12.03.8.2→3.9.0v5.35.0→v5.36.026.6.0→26.6.3v26.3.0→v26.4.012.2.2→12.3.2v4.5.5→v4.6.2v7.15.1→v7.15.3Release Notes
binwiederhier/ntfy (docker.io/binwiederhier/ntfy)
v2.24.0Compare Source
The main feature for this release is an in-memory ACL cache (
auth-access-cache) that can help bring down the read load on the production database. The topic authorization queries are consistently the highest ranking queries on the database, so this will help quite a bit. The current database load is quite low, but I'm expecting it to increase as more users join and use ntfy.Security issues:
secretno longer also matches a request forSECRET. SQLite'sLIKEis case-insensitive for ASCII by default. PostgreSQL was unaffected. It's honestly incredible that this issue remained undetected for so long, especially while ntfy.sh was running on SQLite (it now runs on PostgreSQL).Features:
auth-access-cache) that serves topic authorization without a database round-trip; off by default, intended for high-volume serversntfy --versionflag to the CLI (#1722, #1748, thanks to @sskender for the contribution, and @Saucy9607 for reporting)Bug fixes + maintenance:
relattribute on auto-linked notification URLs sonoreferrer/noopenerare actually applied (#1720, thanks to @dmitrylyzo for the contribution)ntfy.serviceunit (#1467, thanks to @Velocifyer for the contribution)cmdpackage build on macOS (darwin) so the server compiles from source (#1631, #1696, thanks to @ShipItAndPray for the contribution, and @XYenon for reporting)v2.23.0Compare Source
Features:
visitor-topic-creation-limit-burst/visitor-topic-creation-limit-replenish, defaults 100 burst / 1m replenish) to mitigate topic-enumeration / squatting attacks that inflate the in-memory topic mapBug fixes + maintenance:
stacktrace-js,stacktrace-gps,humanize-duration, andjs-base64from the web app to reduce dependency and security footprintv2.22.0Compare Source
Bug fixes + maintenance:
v2.21.0Compare Source
This release adds the ability to verify email addresses using the
smtp-sender-verifyflag. This is a change that is required because ntfy.sh was used to send unsolicited emails and the AWS SES account was suspended. Going forward, ntfy.sh won't be able to send emails unless the email address was verified ahead of time.Features:
smtp-sender-verifyconfig flag, allowing server admins to require emailaddress verification before sending email notifications (#1681)
grafana/grafana (docker.io/grafana/grafana)
v13.0.2: 13.0.2Download page
What's new highlights
Features and enhancements
Bug fixes
prometheus/alertmanager (docker.io/prom/alertmanager)
v0.33.0: 0.33.0 / 2026-06-12Compare Source
group-key-in-metricsfeature flag. #5047AlertMarker,GroupMarkertomarkerpackage. #5047alertmanager_marked_alerts. #5047typespackage:MemMarker,AlertState*,AlertStatus. #5047receiver_matchersfilter to/api/v2/receivers,/api/v2/alerts, and/api/v2/alerts/groups. #5152--enable-feature=event-recorder, with file, webhook, and kafka outputs. #5072, #5246use_aws_http_clientconfig option to the sns notifier. #5178resolve_transitionis not set. #4821wont_fix_resolutionJQL to prevent duplicate issue creation. #5185AWS_CA_BUNDLEenv variable for the sns notifier. #5178v0.32.2: 0.32.2 / 2026-06-05Compare Source
v0.32.1: 0.32.1 / 2026-04-29Compare Source
v0.32.0: 0.32.0 / 2026-04-08Compare Source
go get github.com/prometheus/alertmanager/uiwill now fail as compiled UI assets are no longer checked into the repository. Downstream builds that rely on these assets being present in the source tree must now build the UI from source. #5113Alertmanagercode.auth_secret_filefor smtp in document. #5036telegram_bot_token. #5114force_implicit_tlsconfig field name. #5030prometheus/prometheus (docker.io/prom/prometheus)
v3.12.0: 3.12.0 / 2026-05-28Compare Source
This release contains security fixes, new features (especially around PromQL and Service Discovery), performance improvements in TSDB, Start Timestamp improvements and numerous bug fixes.
Thanks to all contributors!
Key Highlights
rate(),irate(),increase(), andresets(). New experimental functionsstart(),end(),range(), andstep()are introduced.Changelog
/-/configendpoint. Thanks to @August829 and @Phaxma for reporting. GHSA-39j6-789q-qxvh #18649st-storageflag is enabled. #18221/api/v1/status/self_metricsendpoint returning the current state of the Prometheus server's own metrics about itself as JSON. #18411outscale_sd_configs) for discovering scrape targets from the Outscale Cloud API. #18139sort,sort_by_labelorsort_by_label_descis used within range (matrix) queries, as these functions do not have effect in that context. #18498start(),end(),range(), andstep()experimental functions #17877resets()function to consider start timestamp resets. Hidden behinduse-start-timestampsfeature flag. #18627CheckpointFromInMemorySeriesoption toagent.DBthat enables checkpoint based on in-memory series. #17948rate(),irate(), andincrease()calculations, behind a feature flaguse-start-timestamps. Doesn't work together with extended range selectorsanchoredandsmoothed. #18344st-synthesiswhich synthesizes unknown STs for scraped cumulative metrics. Useful when Remote Writing 2.0 with delta or Otel-based backends. #18279@stannotation inloadblocks to specify per-sample start timestamps. #18360external_idfield to ECS/MSK/RDS/Elasticache. #18579external_idfield. #17171--headerflag toquery instantcommand, matching existingquery rangebehaviour. #18418info()function incorrectly handling negated__name__matchers #17932/parse_ast. #18624health_filterfor Health API filtering, fixing breakage when using Catalog-only fields likeServiceTagsinfilter. #18479 #18499smoothedrate/increase returning zero instead of no result when all data falls strictly after the query range. #18523range()keyword in duration expressions such asfoo[5m+range()]. #18623@modifier is used. #18531prometheus_sd_refresh*andprometheus_sd_discovered_targetsmetrics for specific scrape jobs are deleted when the scrape job is removed. #17614--enable-featureflag description and sort feature names. #18487v3.11.3: 3.11.3 / 2026-04-27Compare Source
This release fixes mutiple security issues.
We would like to thank the following people for the responsible disclosures:
Shadowbyte (4c1dr3aper) - Charlie Lewis for the Remote-Read snappy decode vulnerability.
Brett Gervasoni for the AzureAD OAuth
client_secretvulnerability.@iiihaiii and @Ngocnn97 for the Old UI XSS vulnerability.
[SECURITY] AzureAD remote write: Fix OAuth
client_secretbeing exposed in plaintext via/-/configendpoint. GHSA-wg65-39gg-5wfj / CVE-2026-42151 #18590[SECURITY] Remote-read: Reject snappy-compressed requests whose declared decoded length exceeds the decode limit. GHSA-8rm2-7qqf-34qm / CVE-2026-42154 #18584
[SECURITY] UI: Fix stored XSS via unescaped
lelabel values in old UI heatmap chart tick labels. GHSA-fw8g-cg8f-9j28 #18588v3.11.2: 3.11.2 / 2026-04-13Compare Source
This release has a fix for a Stored XSS vulnerability that can be triggered via crafted metric names and label values in Prometheus web UI tooltips and metrics explorer. Thanks to Duc Anh Nguyen from TinyxLab for reporting it.
health_filterfield for Health API filtering. #18499v3.11.1: 3.11.1 / 2026-04-07Compare Source
insecure: true. #18469v3.11.0: 3.11.0 / 2026-04-02Compare Source
__meta_hetzner_datacenterlabel is deprecated for the rolerobotbut kept for backward compatibility, use the__meta_hetzner_robot_datacenterlabel instead. For the rolehcloud, the label is deprecated and will stop working after the 1 July 2026. #17850__meta_hetzner_hcloud_datacenter_locationand__meta_hetzner_hcloud_datacenter_location_network_zonelabels are deprecated, use the__meta_hetzner_hcloud_locationand__meta_hetzner_hcloud_location_network_zonelabels instead. #17850prometheus_sd_last_update_timestamp_secondsmetric to track the last time a service discovery update was sent to consumers. #18194__meta_kubernetes_pod_deployment_name,__meta_kubernetes_pod_cronjob_nameand__meta_kubernetes_pod_job_name, respectively. #17774</and>/operators for trimming observations from native histograms. #17904histogram_quantilesvariadic function for computing multiple quantiles at once. #17285storage.tsdb.retention.percentageconfiguration to configure the maximum percent of disk usable for TSDB storage. #18080st-storagefeature flag. When enabled, Prometheus stores ingested start timestamps (ST, previously called Created Timestamp) from scrape or OTLP in the TSDB and Agent WAL, and exposes them via Remote Write 2. #18062xor2-encodingfeature flag for the new TSDB block float sample chunk encoding that is optimized for scraped data and allows encoding start timestamps. #18062external_idsupport for sigv4. #17916first_over_timeandts_of_first_over_timePromQL functions. #18318KahanAdd. #18252endpointoption, a regression from the AWS SDK v2 migration. #18133client_idis empty. #18323*DualStackEndpointSlices policies. #18192prometheus_remote_storage_sent_batch_duration_secondsmeasuring before the request was sent. #18214use-uncached-iofeature flag is set on unsupported environments. #18219prometheus-pve/prometheus-pve-exporter (docker.io/prompve/prometheus-pve-exporter)
v3.9.0Compare Source
Added
v3.8.3Compare Source
Changed
TwiN/gatus (ghcr.io/twin/gatus)
v5.36.0Compare Source
What's Changed
New Contributors
Full Changelog: https://github.com/TwiN/gatus/compare/v5.35.0...v5.36.0
ansible/ansible-lint (https://github.com/ansible/ansible-lint)
v26.4.0Compare Source
Fixes
Maintenance
netbox-community/netbox (netbox)
v4.6.2: - 2026-06-02Compare Source
Enhancements
labelfield on device componentsquick_addon anObjectVarin custom scriptsenv()filterget_serializer_for_model()Bug Fixes
ValueErrorraised by CircuitTerminationForm when a termination type is set but the target object is blankvid_rangesbounds metadata inVLANGroup.save()to avoid miscounts and a crash on singleton rangessite_idfilter on the cables REST API returning no results when both endpoints are circuit terminationsfetch()on S3Backend to reliably resolve object keysnameanddescriptionfields on the GraphQL ConfigContextProfileFilter as optionalEventRuleFilter.action_object_typebeing typed as a string lookup against a ContentType foreign keygrant_tokenpermissions between the UI and REST APIAttributeErrorwhen creating a custom field choice set with base choicesv4.6.1: - 2026-05-19Compare Source
Enhancements
HTTP_CLIENT_IP_HEADERSconfiguration parameter to customize HTTP headers used to determine client IP addressPerformance Improvements
GRAPHQL_MAX_QUERY_DEPTH) to guard against excessively complex queriesBug Fixes
environment_params(CVE-2026-29514)interface_bgenerated when saving an unchanged wireless linkTypeErrorexception raised by table config validation whenorderingattribute is nullobject_typefield annotation on TableConfigType GraphQL typeuser_idFK filter on job filtersetcable_idFK filter on cable termination filtersetDeprecations
v4.6.0: - 2026-05-05Compare Source
New Features
Virtual Machine Types (#5795)
A new VirtualMachineType model has been introduced to enable categorization of virtual machines by instance type, analogous to how DeviceType categorizes physical hardware. VM types can be defined once and reused across many virtual machines.
Cable Bundles (#20151)
A new CableBundle model allows individual cables to be grouped together to represent physical cable runs that are managed as a unit; e.g. a bundle of 48 CAT6 cables between two patch panels. (Please note that this feature is not suitable for modeling individual fiber strands within a single cable.)
Rack Groups (#20961)
A flat RackGroup model has been reintroduced to provide a lightweight secondary axis of rack organization (e.g. by row or aisle) that is independent of the location hierarchy. Racks carry an optional foreign key to a RackGroup, and RackGroup can also serve as a scope for VLANGroup assignments.
ETag Support for REST API (#21356)
The REST API now returns an
ETagheader on responses for individual objects, derived from the object's last-updated timestamp. Clients can supply anIf-Matchheader on PUT/PATCH requests to guard against conflicting concurrent updates; if the object has been modified since the ETag was issued, the server returns a 412 (Precondition Failed) response.Cursor-based Pagination for REST API (#21363)
A new
startquery parameter has been introduced as an efficient alternative to the existingoffsetparameter for paginating large result sets. Rather than scanning the table up to a relative offset, thestartparameter filters for objects with a primary key equal to or greater than the given value, enabling constant-time pagination regardless of result set size.Enhancements
{module}position inheritance for nested module baystotal_vlan_idsattribute on VLAN group representation in REST & GraphQL APIsCHANGELOG_RETAIN_CREATE_LAST_UPDATEconfiguration parameter to retain creation & most recent update record in change log for each object{vc_position}template variable for device component template name/labelrf_channel_frequencyprecision to 3 decimal placesEnhancedURLValidatorwith Django'sURLValidatoradd_tags) and removal (remove_tags) via REST APIINTERNAL_IPSto enable debug toolbar for all clientsPerformance Improvements
Plugins
Deprecations
usernameandrequest_idfields in event datahousekeepingmanagement commandquerystringtemplate tagDEFAULT_ACTION_PERMISSIONSmappingmodelskey in application registryLOGIN_REQUIREDconfiguration parameterexpand_ipaddress_pattern()utility functionOther Changes
v4.5.10: - 2026-05-04Compare Source
Bug Fixes
connectedstatus to exclude incomplete cable pathscable_endfield on cabled objects to indicate it may be nullv4.5.9: - 2026-04-28Compare Source
Enhancements
profilefilter support for modulesdictsubclasses for theAPI_TOKEN_PEPPERSconfiguration parameterPerformance Improvements
Bug Fixes
available-prefixesendpoint request bodyPOST/PATCHrequests missing a trailing slashEventRule.action_dataas a JSON object to prevent server errors on object writesv4.5.8: - 2026-04-14Compare Source
Enhancements
humanize_speedtemplate filter to support decimal Gbps/Tbps valuesBug Fixes
ScriptModuleclass synchronization triggered on savev4.5.7: - 2026-04-03Compare Source
Enhancements
RQconfiguration parameter/api/extras/scripts/upload/)Performance Improvements
Bug Fixes
AttributeErrorexception when sorting a table as an anonymous userRelatedObjectDoesNotExistexception when viewing an interface with a virtual circuit terminationAttributeErrorexception when viewing virtual chassis memberv4.5.6: - 2026-03-31Compare Source
Enhancements
Bug Fixes
{module}variable for position fields in nested modulesFieldErrorexception when sorting the circuit group assignment table by the member columnoauth2-proxy/oauth2-proxy (quay.io/oauth2-proxy/oauth2-proxy)
v7.15.3Compare Source
v7.15.2Compare Source
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate.
a873ca2cfe0fd65b9a9a0fd65b9a9ac178d824dcc178d824dc7ceca873ddUpdate docker.io/binwiederhier/ntfy Docker tag to v2.21.0to Update all stable non-major dependencies7ceca873ddf9f3248cf1f9f3248cf156aee3266856aee32668a63edc7651a63edc7651a4a44564d0a4a44564d028e124dd7a28e124dd7aea5334d74aea5334d74a0413fe05b10413fe05b1b86c4a6801b86c4a6801b5943aa8b0b5943aa8b0de2758f9b9de2758f9b9a53d00c962a53d00c9624268a8770d4268a8770d8be5dfea998be5dfea99bb194d59dfbb194d59df83360bb19983360bb1992d1b885b4b2d1b885b4b5798eb57345798eb57344588c424534588c42453bc2f3b70d1bc2f3b70d11ffa0dd2531ffa0dd253436165e899436165e8998d5de6c6d58d5de6c6d5b8535ba4fdb8535ba4fd3474cb2d573474cb2d574c4ce69f7e4c4ce69f7edeec153407deec153407bda1a57786bda1a57786a116d58ccfa116d58ccfcd15864462cd158644623450754e8b3450754e8bc599c113a9c599c113a9504ec1518b504ec1518b044f260358044f260358ad062b280dad062b280d98d1bb9d1498d1bb9d144754025c054754025c05a4e3e7c4baa4e3e7c4ba58127bffc658127bffc677843e62f577843e62f57400d720047400d72004f5e19f2da5f5e19f2da5c1d6e7163ec1d6e7163e7b1d4b55a57b1d4b55a5d4a2dd588dd4a2dd588d0acb6ae2720acb6ae272617c288f44617c288f449aacf9463d9aacf9463daabc4f01efaabc4f01efa228f981b8a228f981b8aa06849101aa06849101d14c0d5177d14c0d517745b3da6ad045b3da6ad0ad18373ccead18373cceccce1d5ae3ccce1d5ae32d17176c4e2d17176c4e7c974404197c97440419abb54e850cabb54e850c9ab49e8eb49ab49e8eb41bcb77c4591bcb77c459d471303b11d471303b1179d2156a0779d2156a07b4f2341ff4b4f2341ff4660b486e40660b486e40f6f8a30d99f6f8a30d996a580dddc76a580dddc738aca6fd7b38aca6fd7bfda37d9852fda37d98522861d6b94a2861d6b94a3fdbbbef903fdbbbef90ca406d0c0bca406d0c0b860e471702860e47170241fc55ea3a41fc55ea3a4f540150de4f540150decf0bf7829fcf0bf7829f925dec2ae0925dec2ae04e717169684e717169683579bc83023579bc83024f1537f4cf4f1537f4cf4bd51256664bd51256662d4b39ed5b2d4b39ed5be7abd1926ae7abd1926a196edb0509196edb050978a3c05b7a78a3c05b7a885437ac78885437ac78899aa3cb94899aa3cb947783e7c79d7783e7c79d43bf26d6adView command line instructions
Checkout
From your project repository, check out a new branch and test the changes.Merge
Merge the changes and update on Forgejo.Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.