mirror of
https://github.com/arsvendg/Stirling-PDF.git
synced 2026-07-16 11:23:10 +02:00
05e2ce45d4d8d184630def7745da31bddf3ab2ce
100
Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
4149276b01 |
build(deps): bump actions/dependency-review-action from 4.8.2 to 4.9.0 (#6230)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
60c39c6f6e |
build(deps): bump actions/stale from 10.1.1 to 10.2.0 (#6227)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
9890d6a7de | fix: skip translation key extraction for files without i18n usage (#6221) | ||
|
|
7cb0f928bc |
build(deps): bump docker/login-action from 3.7.0 to 4.1.0 (#6072)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
42978b9ad6 |
build(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (#6021)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
c5cdde0b58 |
build(deps): bump docker/build-push-action from 6.18.0 to 7.1.0 (#6192)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
27ccf6afdd | chore(ci): consolidate Dependabot directories and pin GitHub Actions in workflow automation (#6172) | ||
|
|
436c8cbed2 | Line seperator fix for redaction drift (#6064) | ||
|
|
917edc43b3 |
Add specific View Scope For Selected Files (#6050)
## Fix 1 — Viewer bug (8 tools) 8 tools called `useFileSelection()` directly instead of routing through `useBaseTool`. In the viewer, this meant they operated on **all selected files** instead of only the one being viewed. For example: 10 files loaded, viewing file 3, running Add Stamp — all 10 files got stamped. **Root cause:** These tools had no view-scope awareness. `useFileSelection()` returns the raw workbench selection with no knowledge of which file is active in the viewer. **Fix:** A new hook `useViewScopedFiles` was introduced: ```ts // Viewer → only the active file // Everywhere else → all loaded files const selectedFiles = useViewScopedFiles(); ``` The 8 tools were updated to call this instead of `useFileSelection()`. **Tools fixed:** Add Stamp, Add Watermark, Add Password, Add Page Numbers, Add Attachments, Reorganize Pages, OCR, Convert --- ## Fix 2 — Page selector / active files context (all tools) `useBaseTool` returned `selectedFiles` (checked files only) in non-viewer contexts. In the page selector this is typically empty or stale — not the full set of loaded files that tools should operate on. **Fix:** `useBaseTool` was updated to use `useViewScopedFiles`, which returns all loaded files in non-viewer contexts. This affected every tool via `useBaseTool`. --- ## Workarounds for Compare & Merge Two tools intentionally need all loaded files regardless of view, so they use `ignoreViewerScope: true` in `useBaseTool`. **Compare** — needs exactly 2 files for its Original/Edited slots. Scoping to one file would break the comparison entirely. `ignoreViewerScope: true` is set and `disableScopeHints: true` hides the "(this file)" button label hint. The slot auto-mapping logic was also improved alongside this fix. **Merge** — needs 2+ files; merging a single file is meaningless. Rather than leaving the button silently disabled, Merge now: - Auto-redirects to the active files view on first open from the viewer - If the user navigates back to the viewer, shows a disabled button with a hint and a "Go to active files view" shortcut button --- ## How to Test --- ## Fix 1 — 8 tools (viewer scoping) ### Test steps (same for each) 1. Load 3 PDFs into workbench 2. Open viewer, navigate to file 2 3. Open the tool, configure settings, run 4. ✅ Only file 2 is in the results 5. ✅ Button label shows **"[Action] (this file)"** 6. ✅ A note below the button reads **"Only applying to: [filename]"** | Tool | What to configure | |---|---| | **Add Stamp** | Enter any text stamp or upload an image stamp | | **Add Watermark** | Select text watermark, enter any text | | **Add Page Numbers** | Leave defaults | | **Add Password** | Enter any owner + user password | | **Add Attachments** | Attach any small file | | **Reorganize Pages** | Enter a page range e.g. `1,2` | | **OCR** | Leave default language | | **Convert** | Convert PDF → any format | --- ## Fix 2 — All tools (page selector context) ### Test steps 1. Load 3 PDFs into workbench 2. Open the page selector view 3. Open any tool from the sidebar, run it 4. ✅ All 3 files are processed (not zero or a stale subset) --- ## Compare (intentionally ignores view scope) **A — Auto-fill with exactly 2 files** 1. Load exactly 2 PDFs 2. Open Compare from either the viewer or active files view 3. ✅ Both slots are filled automatically (Original + Edited) 4. ✅ No scope hint appears on the button **B — Manual selection with 3+ files** 1. Load 3+ PDFs 2. Open Compare 3. ✅ The first 2 files fill the slots 4. ✅ A 3rd file does not add a 3rd slot (capped at 2) **C — File removed mid-session** 1. Load 2 PDFs, let Compare auto-fill both slots 2. Remove one file from the workbench 3. ✅ The corresponding slot clears; the other slot is unchanged **D — Viewer mode** 1. Load 2 PDFs, open viewer 2. Open Compare from the viewer sidebar 3. ✅ Both files are still available for slot selection (not scoped to current file) --- ## Merge (intentionally ignores view scope, disabled in viewer) **A — Auto-redirect on first open from viewer** 1. Load 2+ PDFs, open the viewer 2. Open Merge from the viewer sidebar 3. ✅ Immediately redirected to the active files view **B — Viewer mode disabled state (after navigating back)** 1. From the active files view, open Merge, then navigate back to the viewer 2. ✅ Execute button is **disabled** with tooltip "Switch to the file editor to select multiple files" 3. ✅ A note appears: *"Merge needs 2 or more files. Head to the file editor to select them."* 4. ✅ A **"Go to active files view"** button is shown; clicking it navigates back **C — Active files view works normally** 1. Load 3 PDFs, open Merge from the active files view 2. ✅ All 3 files appear in the merge list 3. ✅ Button shows **"Merge (3 files)"** 4. Run the merge 5. ✅ Output is a single PDF containing all 3 files --- ## Button label behaviour (all tools) | Context | Expected button text | |---|---| | Viewer, 1 file loaded | `[Action]` (no suffix) | | Viewer, 2+ files loaded | `[Action] (this file)` | | Active files view, 1 file loaded | `[Action]` (no suffix) | | Active files view, 2+ files loaded | `[Action] (N files)` | | Merge in viewer | disabled — no suffix | | Compare | never shows scope suffix (`disableScopeHints: true`) | --------- Co-authored-by: Reece Browne <[email protected]> |
||
|
|
da9327ab1c |
Restore English search aliases in zh-TW tags (#6039)
# Description of Changes Preserve the translated zh-TW tags while restoring the English aliases used by frontend tool search. This keeps common English technical queries such as permissions or access control discoverable in the zh-TW locale. --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [x] I have performed a self-review of my own code - [x] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [x] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. ## GitHub Copilot Pull Reuqest summary > This pull request significantly expands the keyword tags for a wide range of PDF-related tools and actions in the Traditional Chinese (`zh-TW`) translation file. The main goal is to improve searchability and discoverability of features by including a comprehensive set of English and Chinese keywords, synonyms, and related phrases for each tool. > > The most important changes include: > > **Localization and Search Optimization:** > > * Expanded the `tags` fields for all tools and actions under the `[home.*]` sections in `frontend/public/locales/zh-TW/translation.toml` to include a broad set of English and Chinese keywords, synonyms, and common search phrases. This enhances feature discoverability for users searching in either language. [[1]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L3885-R3925) [[2]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L3934-R4039) [[3]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L4054-R4209) [[4]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L4218-R4218) > > **Consistency and Coverage:** > > * Ensured that each tool/action now has a rich set of tags that cover various ways users might refer to the feature, including technical terms, synonyms, and related concepts (e.g., "merge", "combine", "join" for PDF merging). [[1]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L3885-R3925) [[2]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L3934-R4039) [[3]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L4054-R4209) [[4]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L4218-R4218) > > **Internationalization Improvements:** > > * Added English keywords alongside Chinese ones to support bilingual search and better serve users who may search using English terms in a localized interface. [[1]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L3885-R3925) [[2]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L3934-R4039) [[3]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L4054-R4209) [[4]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L4218-R4218) > > These changes collectively make it easier for users to find the features they need, regardless of the language or terminology they use. |
||
|
|
1e97a32d4b |
feat(desktop): gate shared signing behind self-hosted auth (#6002)
## Summary This PR adds full desktop (Tauri) support for the shared signing feature when connected to a self-hosted server, and fixes several bugs discovered during that work. ### Feature gating Shared signing, file sharing, and share links are proprietary server features that require an authenticated self-hosted session. Previously these were read directly from `config` with no awareness of connection mode or auth state, meaning the UI could appear in SaaS/local mode or when logged out. - Introduce `useGroupSigningEnabled` and `useSharingEnabled` hooks with core implementations (web behaviour unchanged) and desktop overrides that require `selfhosted` mode + an active authenticated session - Extract shared subscription logic into `useSelfHostedAuth` (connection mode + auth state + config refetch) - `QuickAccessBar` now derives all three flags from the hooks instead of raw config ### Config timing fix When a user logs in via the SetupWizard, the `jwt-available` event fires a config fetch *before* the mode is switched to `selfhosted`. This meant the config was fetched from the local bundled backend (port ~59567) which has no knowledge of `storageGroupSigningEnabled`, causing the group signing button to stay hidden until a full page refresh. `useSelfHostedAuth` detects the mode transition and triggers a fresh config fetch at the correct moment, after the self-hosted URL is active. ### Bug fixes **`SignPopout.tsx`** — Manually setting `Content-Type: multipart/form-data` on two `FormData` POST requests stripped the auto-generated boundary, causing a `400 bad multipart` from the server. Removed the explicit headers so Axios sets them correctly. **`tauriHttpClient.ts`** — `response.json()` was called before `response.ok` was checked. A plain-text error body from the server (e.g. `"Cannot sign..."`) caused a `SyntaxError` that fell into the network error catch block and was reported as `ERR_NETWORK`, hiding the real failure. The fix checks `response.ok` first, reads error bodies as text, and handles empty 200 bodies (returning `null` instead of throwing). --- ## Testing ### Prerequisites - Desktop app running in self-hosted mode pointed at a local Stirling-PDF instance (`http://localhost:8080`) - The self-hosted instance has group signing and storage enabled in settings - At least two user accounts on the self-hosted instance ### 1. Feature gating — group signing button | Step | Expected | |---|---| | Open the desktop app in **local mode** (no server configured) | Group signing button absent from QuickAccessBar | | Switch to self-hosted mode but **do not log in** | Group signing button absent | | Log in to the self-hosted server | Group signing button appears without requiring a page refresh | | Log out | Group signing button disappears immediately | | Log back in | Group signing button reappears without a page refresh | ### 2. Feature gating — file sharing Repeat the same steps above, verifying the share and share-link buttons in the file manager follow the same visibility rules. ### 3. Create a signing session 1. Log in, open the group signing panel from QuickAccessBar 2. Select a PDF, add a participant, configure signature defaults and submit 3. Verify the session is created successfully (no `400 bad multipart` error) ### 4. Participant signing 1. As the invited participant, open the signing request from QuickAccessBar 2. Upload or draw a signature and submit 3. Verify signing completes successfully (no `ERR_NETWORK` error) ### 5. Error surfacing 1. Attempt an action that the server rejects (e.g. sign a document with an invalid certificate) 2. Verify the actual server error message is shown rather than a generic network error |
||
|
|
1ab07a9027 |
build(deps): bump crazy-max/ghaction-github-labeler from 5.3.0 to 6.0.0 (#6019)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
c3530024c4 |
feat(pdf): replace PdfLib with Pdfium for form handling and general rendering tasks (#5899)
# Description of Changes Improves PDF rendering in the viewer by adding digital signature field support, cleaning up overlay rendering, and migrating the contrast tool off pdf-lib to PDFium WASM. ### Signature Field Overlay - Added `SignatureFieldOverlay` component that renders digital signature form fields - Renders appearance streams when present; shows a fallback badge for unsigned fields - Uses PDFium WASM for bitmap extraction ### Overlay Rendering - Integrated `SignatureFieldOverlay` and `ButtonAppearanceOverlay` into `LocalEmbedPDF` - Overlays are now clipped to page boundaries - Clarified in `EmbedPdfViewer` that frontend overlays use PDFium WASM, backend overlays use PDFBox ### Contrast Tool Migration - Replaced pdf-lib with PDFium WASM in `useAdjustContrastOperation` - PDF page creation and image embedding now go through PDFium APIs directly - Updated bitmap handling and memory management accordingly ### Cleanup - Fixed import ordering in viewer components - Removed stale comments in the contrast operation hook <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Signed-off-by: Balázs Szücs <[email protected]> Co-authored-by: Reece Browne <[email protected]> |
||
|
|
1806b5d3be |
build(deps): bump actions/cache from 5.0.3 to 5.0.4 (#5976)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
81c0187bf1 |
build(deps): bump softprops/action-gh-release from 2.5.0 to 2.6.1 (#5979)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
9d51414fbb |
build(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (#5977)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
85d5bb5dc2 |
build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#5939)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
3908e258c8 |
build(deps): bump github/codeql-action from 4.32.4 to 4.32.6 (#5941)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
9df4692648 |
build(deps): bump actions/cache from 4.3.0 to 5.0.3 (#5940)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
400ee16e83 |
build(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 (#5887)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
f777efdd1c |
build(deps): bump actions/setup-python from 6.1.0 to 6.2.0 (#5886)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1d62f7ec23 |
build(deps): bump docker/metadata-action from 5.10.0 to 6.0.0 (#5889)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
c5b202f2a1 |
build(deps): bump crazy-max/ghaction-github-runtime from 3.1.0 to 4.0.0 (#5890)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
2d6f206c36 |
build(deps): bump actions/setup-node from 4.4.0 to 6.2.0 (#5691)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
161bfef7da |
build(deps): bump actions/ai-inference from 2.0.5 to 2.0.7 (#5831)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
690eceb548 |
build(deps): bump github/codeql-action from 4.31.10 to 4.32.4 (#5833)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
6a1597bb8d | ci: provide default desktop env vars in tauri GitHub Actions builds (#5815) | ||
|
|
d98ff194e4 |
[Aikido] AI Fix for 3rd party Github Actions should be pinned (#5817)
Co-authored-by: aikido-autofix[bot] <119856028+aikido-autofix[bot]@users.noreply.github.com> |
||
|
|
9d93f20c39 |
build(deps-dev): bump pillow from 12.1.0 to 12.1.1 in /.github/scripts in the pip group across 1 directory (#5720)
Bumps the pip group with 1 update in the /.github/scripts directory: [pillow](https://github.com/python-pillow/Pillow). Updates `pillow` from 12.1.0 to 12.1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow's releases</a>.</em></p> <blockquote> <h2>12.1.1</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html</a></p> <h2>Dependencies</h2> <ul> <li>Patch libavif for svt-av1 4.0 compatibility <a href="https://redirect.github.com/python-pillow/Pillow/issues/9413">#9413</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li> </ul> <h2>Other changes</h2> <ul> <li>Fix OOB Write with invalid tile extents <a href="https://redirect.github.com/python-pillow/Pillow/issues/9427">#9427</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-pillow/Pillow/commit/5158d98c807e719c5938aa3886913ef0ea6814e9"><code>5158d98</code></a> 12.1.1 version bump</li> <li><a href="https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"><code>9000313</code></a> Fix OOB Write with invalid tile extents (<a href="https://redirect.github.com/python-pillow/Pillow/issues/9427">#9427</a>)</li> <li><a href="https://github.com/python-pillow/Pillow/commit/cd0111849fb32c40860e3ee3d57b9b1cee4260cf"><code>cd01118</code></a> Patch libavif for svt-av1 4.0 compatibility</li> <li>See full diff in <a href="https://github.com/python-pillow/Pillow/compare/12.1.0...12.1.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Stirling-Tools/Stirling-PDF/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Brunton <[email protected]> |
||
|
|
549f796e47 | feat(form-fill): add CSV and XLSX extraction for form fields, improve file ID handling (#5776) | ||
|
|
fd039b8649 |
Update de translation.toml (#5736)
Vollständige Übersetzung der fehlenden englischen Texte ins Deutsche: - Schwärzungsfunktionen (Redactions) - Mobile Upload/Scanner-Einstellungen - Telegram-Bot-Konfiguration - Benutzerkontoeinstellungen - Stempel-Vorlagen und Tooltips - API-Fehlermeldungen - Verschiedene UI-Texte Insgesamt 146 Strings übersetzt. # Description of Changes <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
d5cf77cf50 |
refactor: fix homepage file upload path (#5738)
Extracts file-based navigation logic from HomePage into pure function with comprehensive test coverage. New behavior: - Opening 1 file from empty → switch to viewer (activeFileIndex: 0) - Opening 2+ files from empty → switch to fileEditor - pdfTextEditor tool → no auto-navigation (handles own empty state) - Non-startup transitions (N→M files) → no navigation Benefits: - Pure function → easy to test and reason about - Clear separation of concerns - Preserves all existing behavior including pdfTextEditor special case - Adds new multi-file startup behavior Changes: - HomePage.tsx: use getStartupNavigationAction() utility - homePageNavigation.ts: pure navigation logic - homePageNavigation.test.ts: comprehensive unit tests Note: prevFileCountRef initialization kept as useRef(activeFiles.length) to correctly handle files restored from IndexedDB on app startup. # Description of Changes <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
0a1d2effdc |
feat(frontend): Upgrade embedPDF to v2.6.0 and migrate to pdf-lib fork, fix attachment/bookmark panel (#5723)
# Description of Changes Upgrades embedPDF from v2.5.0 to v2.6.0 and migrates from unmaintained pdf-lib to @cantoo/pdf-lib fork. Adds defensive error handling for malformed PDFs and improves bridge lifecycle management. ### Changes **Dependencies** - Upgrade all @embedpdf/* packages from ^2.5.0 to ^2.6.0 - Replace pdf-lib with @cantoo/pdf-lib (maintained fork with better TypeScript support) **PDF Viewer Infrastructure (attachment/bookmark fix)** - Add useDocumentReady hook to track document lifecycle across bridges - Implement defensive bridge cleanup to prevent stale registrations - Fix race condition in document ready state detection by subscribing to events before checking state **Link Extraction (updated to cantoo/pdf-lib)** - Add graceful error handling for PDFs with invalid catalog structures - Extract enhanced link metadata (tooltips, colors, border styles, highlight modes) - Return empty results instead of throwing on malformed PDFs - Add validation for link creation (destination page bounds, rect dimensions, color values) **Signature Flattening (updated to cantoo/pdf-lib)** - Improve SVG embedding with three-tier fallback strategy (native vector, rasterized PNG, placeholder) - Add proper Unicode handling for PDF form tooltips via PDFString.decodeText() - Extract SVG utilities into cleaner strategy pattern **Form Field Processing (updated to cantoo/pdf-lib)** - Add support for display labels vs export values in dropdown/list fields per PDF spec 12.7.4.4 - Implement caching for expensive field property lookups - Add proper handling of malformed /Opt arrays <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [X] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [X] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [X] I have performed a self-review of my own code - [X] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [X] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Signed-off-by: Balázs Szücs <[email protected]> |
||
|
|
71c845bcd8 | feat(text-selection): implement text selection enhancement for double and triple-click actions (#5712) | ||
|
|
f3a4dbc903 |
feat(redaction): improve manual redaction with color selection and updated UI elements (#5679)
# Description of Changes <img width="1920" height="977" alt="image" src="https://github.com/user-attachments/assets/17e451b7-df2b-4097-b8aa-66954d89b935" /> <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Signed-off-by: Balázs Szücs <[email protected]> |
||
|
|
c8bc57d31c |
chore(ci): update GitHub Actions to latest stable versions (#5629)
# Description of Changes This pull request updates several GitHub Actions and related dependencies across multiple workflow files to newer versions. The main goal is to keep the CI/CD pipeline up-to-date with the latest security patches, features, and bug fixes provided by upstream maintainers. The changes primarily involve upgrading the versions of commonly used actions like `actions/checkout`, `docker/login-action`, `actions/setup-java`, `gradle/actions/setup-gradle`, and `actions/upload-artifact`. The most important changes are: **Actions Version Upgrades (General Maintenance & Security):** * Upgraded `actions/checkout` from v6.0.1 to v6.0.2 in all workflow files to ensure the latest bug fixes and improvements are used. [[1]](diffhunk://#diff-931fcb06ba030420d7044dde06465ad55b4e769a9bd374dcd6a0c76f79a5e30eL119-R119) [[2]](diffhunk://#diff-931fcb06ba030420d7044dde06465ad55b4e769a9bd374dcd6a0c76f79a5e30eL175-R175) [[3]](diffhunk://#diff-931fcb06ba030420d7044dde06465ad55b4e769a9bd374dcd6a0c76f79a5e30eL365-R365) [[4]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L48-R48) [[5]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L136-R136) [[6]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L148-R160) [[7]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L378-R378) [[8]](diffhunk://#diff-26fc40a450703e6602af586a24594196fb10e132de14a9a488ae64ee8cc51166L29-R29) [[9]](diffhunk://#diff-f1e8b4497f902b85c1b990cd7e6ebd928afd9051757fcb8f376be66260c9ea05L26-R26) [[10]](diffhunk://#diff-cfe84f4bb9657c721ff741644ee0bce45aa81aaef9dea1ea8741c946984e9722L23-R23) [[11]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L39-R39) [[12]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L63-R72) [[13]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L138-R147) [[14]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L175-R177) [[15]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L210-R219) [[16]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L264-R273) [[17]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L328-R328) [[18]](diffhunk://#diff-3117b4a93711d37b0a9a1668272eec716fea0b4f57dde16a85e7ab3f569c455dL35-R35) [[19]](diffhunk://#diff-7cdd3ccec44c8ba176bdc3b9ef54c3f56aa210a1a4e2bb5f79d87b1e50314a18L25-R25) [[20]](diffhunk://#diff-f8b6ec3c0af9cd2d8dffef6f3def2be6357fe596a606850ca7f5d799e1349069L26-R26) [[21]](diffhunk://#diff-3c0f521958c53ad27c967692b4d5480ead136acb33622ee97d39df814b1b202eL33-R33) * Upgraded `docker/login-action` from v3.6.0 to v3.7.0 for improved Docker Hub authentication. [[1]](diffhunk://#diff-931fcb06ba030420d7044dde06465ad55b4e769a9bd374dcd6a0c76f79a5e30eL192-R192) [[2]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L182-R182) [[3]](diffhunk://#diff-f8b6ec3c0af9cd2d8dffef6f3def2be6357fe596a606850ca7f5d799e1349069L88-R88) **Java and Gradle Tooling Updates:** * Updated `actions/setup-java` from v5.0.0 to v5.2.0 and `gradle/actions/setup-gradle` from v5.0.0 to v5.0.1 to get the latest Java and Gradle setup improvements. [[1]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L148-R160) [[2]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L63-R72) [[3]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L138-R147) [[4]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L210-R219) [[5]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L264-R273) [[6]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L338-R344) * Upgraded `actions/setup-node` from v5.0.0 to v6.1.0 for Node.js setup. **Artifact Handling Improvements:** * Upgraded `actions/upload-artifact` from v4.6.2 to v6.0.0 for uploading build and test artifacts, which may include performance and reliability improvements. [[1]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L104-R104) [[2]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L160-R160) [[3]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L193-R193) [[4]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L232-R232) [[5]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L379-R379) **Other Action Updates:** * Updated `actions/ai-inference` from v2.0.4 to v2.0.5 in the AI PR title review workflow. These updates help ensure that the CI/CD workflows remain secure, reliable, and compatible with the latest tools and platforms. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
fb37ee8038 |
feat(redaction): update to embedPDF v2.4.0 with unified redaction mode support (#5652)
# Description of Changes Bump to EmbedPDF v2.4.0 plus update to the redaction methods <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [X] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [X] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [X] I have performed a self-review of my own code - [X] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [X] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Signed-off-by: Balázs Szücs <[email protected]> |
||
|
|
62d2819213 |
build(deps): bump alpine from 3.23.2 to 3.23.3 in /docker/embedded (#5590)
Bumps alpine from 3.23.2 to 3.23.3. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
6f217066a1 |
build(deps): bump org.postgresql:postgresql from 42.7.8 to 42.7.9 (#5554)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) from 42.7.8 to 42.7.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pgjdbc/pgjdbc/releases">org.postgresql:postgresql's releases</a>.</em></p> <blockquote> <h2>v42.7.9</h2> <h2>Changes</h2> <ul> <li>Added changelogs for version 42.7.9 <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3908">#3908</a>)</li> <li>the classloader is nullable, and remove a space <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3907">#3907</a>)</li> <li>fix: incorrect pg_stat_replication.reply_time calculation <a href="https://github.com/atorik"><code>@atorik</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3906">#3906</a>)</li> <li>fix: issue <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3892">#3892</a>, PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3897">#3897</a>)</li> <li>fix badges for maven central and search paths. Sonatype has changed the search paths <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3901">#3901</a>)</li> <li>fix: make all Calendar instances proleptic Gregorian (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3837">#3837</a>) <a href="https://github.com/m-van-tilburg"><code>@m-van-tilburg</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3887">#3887</a>)</li> <li>test: add CI tests with Java 26 <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3893">#3893</a>)</li> <li>perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3866">#3866</a>)</li> <li>use ssl_is_used() to check for ssl connection <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3867">#3867</a>)</li> <li>Add PEMKeyManager to handle PEM based certs and keys. <a href="https://github.com/harinath001"><code>@harinath001</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3700">#3700</a>)</li> <li>Comment and simplify the complex state machine logic in QueryExecutorImpl <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3850">#3850</a>)</li> <li>Revert "fix: Issue <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3784">#3784</a> pgjdbc can't decode numeric arrays containing special numbers like NaN" <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3851">#3851</a>)</li> <li>fix: Issue <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3784">#3784</a> pgjdbc can't decode numeric arrays containing special numbers like NaN <a href="https://github.com/ShenFeng312"><code>@ShenFeng312</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3838">#3838</a>)</li> <li>Small simplication of locking patterns in QueryExecutorBase <a href="https://github.com/Sanne"><code>@Sanne</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3849">#3849</a>)</li> <li>doc: update property quoteReturningIdentifiers default value <a href="https://github.com/sodekim"><code>@sodekim</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3847">#3847</a>)</li> <li>feat: default query timeout property <a href="https://github.com/cfredri4"><code>@cfredri4</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3705">#3705</a>)</li> <li>create action to deploy docs to <a href="https://pgjdbc.github.io/">https://pgjdbc.github.io/</a> <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3819">#3819</a>)</li> <li>fix homepage release note <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3817">#3817</a>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li>fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3903">#3903</a>)</li> <li>fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3886">#3886</a>)</li> </ul> <h2>📝 Documentation</h2> <ul> <li>doc: add the new PGP signing key to the official documentation <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3813">#3813</a>)</li> </ul> <h2>🧰 Maintenance</h2> <ul> <li>chore: remove unused com.github.spotbugs Gradle plugin dependency <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3868">#3868</a>)</li> <li>chore: drop SpotBugs as we do not seem to use it <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3834">#3834</a>)</li> <li>chore: bump version to 42.7.9 after 42.7.8 release <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3810">#3810</a>)</li> </ul> <h2>⬆️ Dependencies</h2> <!-- raw HTML omitted --> <ul> <li>chore(deps): update actions/create-github-app-token digest to 29824e6 <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3898">#3898</a>)</li> <li>chore(deps): update actions/setup-java digest to c1e3236 <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3899">#3899</a>)</li> <li>chore(deps): update codecov/codecov-action digest to 671740a <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3900">#3900</a>)</li> <li>fix(deps): update dependency org.junit:junit-bom to v5.14.1 - autoclosed <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3884">#3884</a>)</li> <li>fix(deps): update dependency org.apache.bcel:bcel to v6.11.0 <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3883">#3883</a>)</li> <li>fix(deps): update dependency org.mockito:mockito-bom to v5.20.0 <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3885">#3885</a>)</li> <li>fix(deps): update dependency net.bytebuddy:byte-buddy-parent to v1.18.2 <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3882">#3882</a>)</li> <li>chore(deps): update github/codeql-action digest to 497990d <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3881">#3881</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md">org.postgresql:postgresql's changelog</a>.</em></p> <blockquote> <h2>[42.7.9] (2026-01-14)</h2> <h3>Added</h3> <ul> <li>feat: query timeout property [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3705">#3705</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3705">pgjdbc/pgjdbc#3705</a>)</li> <li>feat: Add PEMKeyManager to handle PEM based certs and keys [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3700">#3700</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3700">pgjdbc/pgjdbc#3700</a>)</li> </ul> <h3>Changed</h3> <ul> <li>perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder</li> <li>doc: update property quoteReturningIdentifiers default value [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3847">#3847</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3847">pgjdbc/pgjdbc#3847</a>)</li> <li>security: Use a static method forName to load all user supplied classes. Use the Class.forName 3 parameter method and do not initilize it unless it is a subclass of the expected class</li> </ul> <h3>Fixed</h3> <ul> <li>fix: incorrect pg_stat_replication.reply_time calculation [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3906">#3906</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3906">pgjdbc/pgjdbc#3906</a>)</li> <li>fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob</li> <li>fix: PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3897">#3897</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3897">pgjdbc/pgjdbc#3897</a>)</li> <li>fix: make all Calendar instances proleptic Gregorian [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3837">#3837</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3887">pgjdbc/pgjdbc#3887</a>)</li> <li>fix: Simplify concurrency guards on QueryExecutorBase#transaction and QueryExecutorBase#standardConformingStrings [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3897">#3897</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3849">pgjdbc/pgjdbc#3849</a>)</li> <li>fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3886">#3886</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3886">pgjdbc/pgjdbc#3886</a>)</li> <li>fix: Issue <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3784">#3784</a> pgjdbc can't decode numeric arrays containing special numbers like NaN [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3838">#3838</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3838">pgjdbc/pgjdbc#3838</a>)</li> <li>fix: use ssl_is_used() to check for ssl connection [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3867">#3867</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3867">pgjdbc/pgjdbc#3867</a>)</li> <li>fix: the classloader is nullable [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3907">#3907</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3907">pgjdbc/pgjdbc#3907</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/79b784e3a63def9d12088471334399a53016d880"><code>79b784e</code></a> Added changelogs for version 42.7.9 (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3908">#3908</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/1c00ffc02be1570027b6510cbcd760b916227800"><code>1c00ffc</code></a> doc: add the new PGP signing key to the official documentation</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/f774000c105ddb2971f50dc5cf51a2d20ee4c14a"><code>f774000</code></a> chore(deps): update actions/create-github-app-token digest to 29824e6</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/27daf3b48b8b7d266ba680f59345f3723e2786d2"><code>27daf3b</code></a> chore(deps): update actions/setup-java digest to c1e3236</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/6eb01ff6bcb7ba6d71c9363a29d7305911861946"><code>6eb01ff</code></a> chore(deps): update codecov/codecov-action digest to 671740a</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/dbf1e57747709b560da16fdcec0ba9e927393516"><code>dbf1e57</code></a> the classloader is nullable, and remove a space (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3907">#3907</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/6a20574f4c896b3f02d7f36d21ab1f3da15c3936"><code>6a20574</code></a> Merge commit from fork</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/c07721af972eee4f10873b1a23b3811336454436"><code>c07721a</code></a> fix: incorrect pg_stat_replication.reply_time calculation (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3906">#3906</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/83023f3c2ae98dc69df00a560dbbe386afafe3b1"><code>83023f3</code></a> fix: close temporary lob descriptors that are used internally in PreparedStat...</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/62c9805ef8606f3d38273ac69f64b14e936a0bfa"><code>62c9805</code></a> fix: issue <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3892">#3892</a>, PGXAConnection.prepare(Xid) should return XA_RDONLY if the ...</li> <li>Additional commits viewable in <a href="https://github.com/pgjdbc/pgjdbc/compare/REL42.7.8...REL42.7.9">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
691fb80554 |
build(deps): bump io.swagger.core.v3:swagger-core-jakarta from 2.2.41 to 2.2.42 (#5549)
Bumps io.swagger.core.v3:swagger-core-jakarta from 2.2.41 to 2.2.42. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1c43bd363a |
Pin GitHub Actions and add runner hardening (#5628)
# Description of Changes <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
e3982ed4c5 |
build(deps): bump pypdf from 6.6.0 to 6.6.2 in /testing/cucumber in the pip group across 1 directory (#5577)
Bumps the pip group with 1 update in the /testing/cucumber directory: [pypdf](https://github.com/py-pdf/pypdf). Updates `pypdf` from 6.6.0 to 6.6.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/py-pdf/pypdf/releases">pypdf's releases</a>.</em></p> <blockquote> <h2>Version 6.6.2, 2026-01-26</h2> <h2>What's new</h2> <h3>Security (SEC)</h3> <ul> <li>Detect cyclic references when retrieving outlines (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3610">#3610</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.6.1...6.6.2">Full Changelog</a></p> <h2>Version 6.6.1, 2026-01-25</h2> <h2>What's new</h2> <h3>Robustness (ROB)</h3> <ul> <li><code>/AcroForm</code> might be NullObject (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3601">#3601</a>) by <a href="https://github.com/joshkersey"><code>@joshkersey</code></a></li> <li>Handle missing font bounding boxes gracefully (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3600">#3600</a>) by <a href="https://github.com/LudovA"><code>@LudovA</code></a></li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.6.0...6.6.1">Full Changelog</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md">pypdf's changelog</a>.</em></p> <blockquote> <h2>Version 6.6.2, 2026-01-26</h2> <h3>Security (SEC)</h3> <ul> <li>Detect cyclic references when retrieving outlines (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3610">#3610</a>)</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.6.1...6.6.2">Full Changelog</a></p> <h2>Version 6.6.1, 2026-01-25</h2> <h3>Robustness (ROB)</h3> <ul> <li><code>/AcroForm</code> might be NullObject (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3601">#3601</a>)</li> <li>Handle missing font bounding boxes gracefully (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3600">#3600</a>)</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.6.0...6.6.1">Full Changelog</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/py-pdf/pypdf/commit/ad47d50fd7475650d71913c8c0927e9a79249c75"><code>ad47d50</code></a> REL: 6.6.2</li> <li><a href="https://github.com/py-pdf/pypdf/commit/b1282f8dcdc1a7b41ceab6740ffddfdf31b1fec1"><code>b1282f8</code></a> SEC: Detect cyclic references when retrieving outlines (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3610">#3610</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/f18e13c91cd47fa740997df4a7307fbc976388e1"><code>f18e13c</code></a> REL: 6.6.1</li> <li><a href="https://github.com/py-pdf/pypdf/commit/19735763b856cccf0f69630d0f582a448ec5d8bb"><code>1973576</code></a> DEV: Bump wheel from 0.44.0 to 0.46.2 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3608">#3608</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/4740225eaa67ad2e032e63d0453ea6c80bcae158"><code>4740225</code></a> ROB: <code>/AcroForm</code> might be NullObject (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3601">#3601</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/26fd6388754ed167e862bdd7a3eba614da191d34"><code>26fd638</code></a> ROB: Handle missing font bounding boxes gracefully (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3600">#3600</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/affe8eddf185b2875dcfa45090b7d09f06d3ba12"><code>affe8ed</code></a> DEV: Bump virtualenv from 20.27.0 to 20.36.1 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3597">#3597</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/df1b91da41e38ffaf0815e3fd687c037b375c728"><code>df1b91d</code></a> DEV: Add missing dependency to URL check</li> <li>See full diff in <a href="https://github.com/py-pdf/pypdf/compare/6.6.0...6.6.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Stirling-Tools/Stirling-PDF/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ludy <[email protected]> |
||
|
|
c40144db19 |
chore(ci): remove automated version sync job from build workflow (#5547)
# Description of Changes This pull request removes the `sync-versions` job from the GitHub Actions workflow configuration. The `sync-versions` job was responsible for ensuring that version numbers in certain frontend files matched the version defined in `build.gradle`, and for posting a comment on pull requests if discrepancies were found. Workflow cleanup: * Removed the entire `sync-versions` job from `.github/workflows/build.yml`, including steps for syncing app versions, checking for changes, and posting PR comments when version mismatches were detected. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: Copilot <[email protected]> |
||
|
|
3d7efc5d94 |
build(deps): bump debian from f668110 to ed542b2 in /docker/embedded (#5495)
Bumps debian from `f668110` to `ed542b2`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
ebf256fd50 |
build(deps): bump node from f4769ca to e80397b in /docker/frontend (#5498)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps node from `f4769ca` to `e80397b`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
f678e1d2e3 |
build(deps): bump nginx from c083c37 to b0f7830 in /docker/frontend (#5500)
Bumps nginx from `c083c37` to `b0f7830`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
dd7925fbf4 |
build(deps): bump io.micrometer:micrometer-core from 1.16.1 to 1.16.2 (#5466)
Bumps [io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer) from 1.16.1 to 1.16.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micrometer-metrics/micrometer/releases">io.micrometer:micrometer-core's releases</a>.</em></p> <blockquote> <h2>1.16.2</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>CaffeineCacheMetrics nullability is incompatible with Caffeine 3.2.3 <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6973">#6973</a></li> <li>ExecutorServiceMetrics: repeatedly logs exception when monitoring <code>ThreadPerTaskExecutor</code> without <code>--add-opens</code> <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6726">#6726</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.24 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/7027">#7027</a></li> <li>Bump com.netflix.spectator:spectator-reg-atlas from 1.9.2 to 1.9.3 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/7051">#7051</a></li> <li>Bump com.uber.nullaway:nullaway from 0.12.14 to 0.12.15 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/7020">#7020</a></li> <li>Bump grpc from 1.76.1 to 1.76.2 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6952">#6952</a></li> <li>Bump maven-resolver from 1.9.24 to 1.9.25 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6965">#6965</a></li> <li>Bump org.apache.httpcomponents.client5:httpclient5 from 5.5.1 to 5.5.2 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/7019">#7019</a></li> <li>Bump org.junit:junit-bom from 5.14.1 to 5.14.2 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/7056">#7056</a></li> <li>Bump spring6 from 6.2.14 to 6.2.15 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6971">#6971</a></li> <li>Bump testcontainers from 1.21.3 to 1.21.4 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6993">#6993</a></li> </ul> <h2>❤️ Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <p><a href="https://github.com/MariusVolkhart"><code>@MariusVolkhart</code></a> and <a href="https://github.com/izeye"><code>@izeye</code></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/6286e854f943bce9a2daf1214ce3cef6c7aad84d"><code>6286e85</code></a> Bump ch.qos.logback:logback-classic from 1.5.23 to 1.5.24 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/7059">#7059</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/5263cc740b73fd414ce30a910c78bc9bbb522854"><code>5263cc7</code></a> Merge branch '1.15.x' into 1.16.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/0523810d0d3aada310d9ed91e04d52aa420ffd9f"><code>0523810</code></a> Polish CurrentObservationTest (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/7048">#7048</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/3165fdffb9b1f7099f017805b3322c2a050653aa"><code>3165fdf</code></a> Merge branch '1.15.x' into 1.16.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/50ba16bb3d55912e7f25a3903aa2a3e57f3eb98a"><code>50ba16b</code></a> Handle when ThreadPerTaskExecutor.threadCount() is not available (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/7045">#7045</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/c38e88c7b2f0e6fd2e6e48ccc1949b389d61f2a4"><code>c38e88c</code></a> Bump org.junit:junit-bom from 5.14.1 to 5.14.2 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/7056">#7056</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/22ba833062aacac4d877686e76c539c873d7c659"><code>22ba833</code></a> Bump com.netflix.spectator:spectator-reg-atlas from 1.9.2 to 1.9.3 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/7051">#7051</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/916ced5cbc257a865c84dd2c59d6c2285c087e1b"><code>916ced5</code></a> Merge branch '1.15.x' into 1.16.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/50d273be26275a4e0d5a1549bb7ab6453e085bbe"><code>50d273b</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/6b44cf2b2148cd655c98592b183843823074f1d7"><code>6b44cf2</code></a> Relax time limit for PushMeterRegistryTest.waitForScheduledPublishToFinish_wh...</li> <li>Additional commits viewable in <a href="https://github.com/micrometer-metrics/micrometer/compare/v1.16.1...v1.16.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1b1d17f6f5 |
build(deps): bump logback from 1.5.23 to 1.5.24 (#5468)
Bumps `logback` from 1.5.23 to 1.5.24. Updates `ch.qos.logback:logback-core` from 1.5.23 to 1.5.24 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-core's releases</a>.</em></p> <blockquote> <h2>Logback 1.5.24</h2> <p><strong>2026-01-06 Release of logback version 1.5.24</strong></p> <p>• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See <a href="https://logback.qos.ch/manual/configuration.html#conditionalExp">the relevant documentation</a> for further details.</p> <p>• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/qos-ch/logback/commit/62bc5fc245dd3a52f3dd45e232733f4cefb4806d"><code>62bc5fc</code></a> prepare release 1.5.24</li> <li><a href="https://github.com/qos-ch/logback/commit/aac604d7e8ab4f91f240256755f3a09e53e909f3"><code>aac604d</code></a> typo fix of local variable name</li> <li><a href="https://github.com/qos-ch/logback/commit/8a6df9e5c4e935d158b85811d33f72d10373d914"><code>8a6df9e</code></a> ExpressionPropertyCondition constructor should be public</li> <li><a href="https://github.com/qos-ch/logback/commit/95e588c4e37b3e76ff2a5c13e60d7e0485d43fb2"><code>95e588c</code></a> minor changes in ExpressionPropertyCondition</li> <li><a href="https://github.com/qos-ch/logback/commit/859f5a1f34cdec0f63a1830394df8238e780a9f4"><code>859f5a1</code></a> added ExpressionPropertyCondition capable of parsing logical expressions on p...</li> <li><a href="https://github.com/qos-ch/logback/commit/348075adfa7cdd8f7bba60225ec570efb7761d3c"><code>348075a</code></a> start work on 1.5.24-SNAPSHOT</li> <li>See full diff in <a href="https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.24">compare view</a></li> </ul> </details> <br /> Updates `ch.qos.logback:logback-classic` from 1.5.23 to 1.5.24 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-classic's releases</a>.</em></p> <blockquote> <h2>Logback 1.5.24</h2> <p><strong>2026-01-06 Release of logback version 1.5.24</strong></p> <p>• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See <a href="https://logback.qos.ch/manual/configuration.html#conditionalExp">the relevant documentation</a> for further details.</p> <p>• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/qos-ch/logback/commit/62bc5fc245dd3a52f3dd45e232733f4cefb4806d"><code>62bc5fc</code></a> prepare release 1.5.24</li> <li><a href="https://github.com/qos-ch/logback/commit/aac604d7e8ab4f91f240256755f3a09e53e909f3"><code>aac604d</code></a> typo fix of local variable name</li> <li><a href="https://github.com/qos-ch/logback/commit/8a6df9e5c4e935d158b85811d33f72d10373d914"><code>8a6df9e</code></a> ExpressionPropertyCondition constructor should be public</li> <li><a href="https://github.com/qos-ch/logback/commit/95e588c4e37b3e76ff2a5c13e60d7e0485d43fb2"><code>95e588c</code></a> minor changes in ExpressionPropertyCondition</li> <li><a href="https://github.com/qos-ch/logback/commit/859f5a1f34cdec0f63a1830394df8238e780a9f4"><code>859f5a1</code></a> added ExpressionPropertyCondition capable of parsing logical expressions on p...</li> <li><a href="https://github.com/qos-ch/logback/commit/348075adfa7cdd8f7bba60225ec570efb7761d3c"><code>348075a</code></a> start work on 1.5.24-SNAPSHOT</li> <li>See full diff in <a href="https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.24">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
a95583b9e0 |
Add sync-versions job to GitHub Actions workflow (#5228)
# Description of Changes This pull request updates the `.github/workflows/build.yml` file to improve automation and consistency in the build process. The most significant change is the addition of a new `sync-versions` job that automatically checks for and synchronizes version differences across key files, and posts a comment on the pull request if mismatches are detected. Additionally, there are minor formatting updates for consistency. **Automation and version synchronization:** * Added a new `sync-versions` job that runs after the build, checks for version mismatches between `build.gradle` and several frontend files, and posts or updates a comment on the pull request to notify contributors if differences are found. This job uses a GitHub App bot for authentication and ensures that versioning remains consistent across the project. **Formatting consistency:** * Updated the YAML formatting for `node-version`, `cache`, and `python-version` fields to use double quotes for consistency in the `build.yml` workflow. [[1]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L150-R151) [[2]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L244-R338) <img width="1127" height="401" alt="image" src="https://github.com/user-attachments/assets/6930a72d-f72b-4909-97e2-51f0e0f61613" /> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
2d254ef0f6 |
build(deps): bump actions/checkout from 4.2.2 to 6.0.1 (#5465)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 6.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.1</h2> <h2>What's Changed</h2> <ul> <li>Update all references from v5 and v4 to v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2314">actions/checkout#2314</a></li> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> <li>Clarify v6 README by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2328">actions/checkout#2328</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6...v6.0.1">https://github.com/actions/checkout/compare/v6...v6.0.1</a></p> <h2>v6.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>v6-beta by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li> <li>update readme/changelog for v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p> <h2>v6-beta</h2> <h2>What's Changed</h2> <p>Updated persist-credentials to store the credentials under <code>$RUNNER_TEMP</code> instead of directly in the local git config.</p> <p>This requires a minimum Actions Runner version of <a href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a> to access the persisted credentials for <a href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker container action</a> scenarios.</p> <h2>v5.0.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p> <h2>v4.3.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v6.0.2</h2> <ul> <li>Fix tag handling: preserve annotations and explicit fetch-tags by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li> </ul> <h2>v6.0.1</h2> <ul> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> </ul> <h2>v6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>v5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>v5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>v4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>v4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8"><code>8e8c483</code></a> Clarify v6 README (<a href="https://redirect.github.com/actions/checkout/issues/2328">#2328</a>)</li> <li><a href="https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1"><code>033fa0d</code></a> Add worktree support for persist-credentials includeIf (<a href="https://redirect.github.com/actions/checkout/issues/2327">#2327</a>)</li> <li><a href="https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5"><code>c2d88d3</code></a> Update all references from v5 and v4 to v6 (<a href="https://redirect.github.com/actions/checkout/issues/2314">#2314</a>)</li> <li><a href="https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"><code>1af3b93</code></a> update readme/changelog for v6 (<a href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li> <li><a href="https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e"><code>71cf226</code></a> v6-beta (<a href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li> <li><a href="https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e"><code>069c695</code></a> Persist creds to a separate file (<a href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li> <li><a href="https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"><code>ff7abcd</code></a> Update README to include Node.js 24 support details and requirements (<a href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li> <li><a href="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8"><code>08c6903</code></a> Prepare v5.0.0 release (<a href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li> <li><a href="https://github.com/actions/checkout/commit/9f265659d3bb64ab1440b03b12f4d47a24320917"><code>9f26565</code></a> Update actions checkout to use node 24 (<a href="https://redirect.github.com/actions/checkout/issues/2226">#2226</a>)</li> <li><a href="https://github.com/actions/checkout/commit/08eba0b27e820071cde6df949e0beb9ba4906955"><code>08eba0b</code></a> Prepare release v4.3.0 (<a href="https://redirect.github.com/actions/checkout/issues/2237">#2237</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/checkout/compare/v4.2.2...8e8c483db84b4bee98b60c0593521ed34d9990e8">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ludy <[email protected]> |
||
|
|
a28464a954 |
build(deps): bump reportlab from 4.4.5 to 4.4.9 in /testing/cucumber (#5505)
Bumps [reportlab](https://www.reportlab.com/) from 4.4.5 to 4.4.9. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
fe56831889 |
build(deps-dev): bump stylelint-config-standard from 39.0.1 to 40.0.0 in /devTools (#5504)
Bumps [stylelint-config-standard](https://github.com/stylelint/stylelint-config-standard) from 39.0.1 to 40.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stylelint/stylelint-config-standard/releases">stylelint-config-standard's releases</a>.</em></p> <blockquote> <h2>40.0.0</h2> <ul> <li>Removed: <code>stylelint</code> less than <code>17.0.0</code> from peer dependencies.</li> <li>Removed: support for Node.js less than <code>20.19.0</code>.</li> <li>Changed: updated to <a href="https://github.com/stylelint/stylelint-config-recommended/releases/tag/18.0.0"><code>[email protected]</code></a>.</li> <li>Changed: module type to ESM.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/stylelint/stylelint-config-standard/blob/main/CHANGELOG.md">stylelint-config-standard's changelog</a>.</em></p> <blockquote> <h2>40.0.0</h2> <ul> <li>Removed: <code>stylelint</code> less than <code>17.0.0</code> from peer dependencies.</li> <li>Removed: support for Node.js less than <code>20.19.0</code>.</li> <li>Changed: updated to <a href="https://github.com/stylelint/stylelint-config-recommended/releases/tag/18.0.0"><code>[email protected]</code></a>.</li> <li>Changed: module type to ESM.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/fbbe7b8e3efaf6ad84084268944be412e4bee3df"><code>fbbe7b8</code></a> Release 40.0.0 (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/386">#386</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/e6368f9a6d83e178b97e3cf8eb1f76039f35df67"><code>e6368f9</code></a> Prepare 40.0.0 (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/381">#381</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/481e21c6ee154cb43b34c5b406e75b3a72cbfbc3"><code>481e21c</code></a> Bump the dev-deps group with 3 updates (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/382">#382</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/696689d525f3196bd90d4a58bb625cf56e6b67ba"><code>696689d</code></a> Bump stylelint/.github/.github/workflows/call-release-pr.yml from 0.3.1 to 0....</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/5d46c0f12b5ab9db4489508b1b58fea72d30a19c"><code>5d46c0f</code></a> Bump stylelint/.github/.github/workflows/call-lint.yml from 0.3.1 to 0.5.0 (#...</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/f888c90852fe7295926775580c1953d5c2d4580d"><code>f888c90</code></a> Bump stylelint/.github/.github/workflows/call-test.yml from 0.3.1 to 0.5.0 (#...</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/066dda1ba5047a6918141220ab0ef89247f93bf7"><code>066dda1</code></a> Fix vulnerable dependencies via <code>npm audit fix</code> (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/378">#378</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/b6e6aeceddacb35e781ebd1fb4e6c88d12aeb5cd"><code>b6e6aec</code></a> Bump js-yaml from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/379">#379</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/63bb8ddee460919d160b4bd15b8442c6201c6096"><code>63bb8dd</code></a> Bump mdast-util-to-hast from 13.1.0 to 13.2.1 (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/380">#380</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/0cc790a91bb5ba1fc29a83fe4f7156965fad23df"><code>0cc790a</code></a> Bump the dev-deps group with 2 updates (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/377">#377</a>)</li> <li>Additional commits viewable in <a href="https://github.com/stylelint/stylelint-config-standard/compare/39.0.1...40.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
f5fdb870a8 |
build(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 (#5503)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6.0.0 to 7.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h2>v7 - What's new</h2> <blockquote> <p>[!IMPORTANT] actions/download-artifact@v7 now runs on Node.js 24 (<code>runs.using: node24</code>) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <h3>Node.js 24</h3> <p>This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.</p> <h2>What's Changed</h2> <ul> <li>Update GHES guidance to include reference to Node 20 version by <a href="https://github.com/patrikpolyak"><code>@patrikpolyak</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/440">actions/download-artifact#440</a></li> <li>Download Artifact Node24 support by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/415">actions/download-artifact#415</a></li> <li>fix: update <code>@actions/artifact</code> to fix Node.js 24 punycode deprecation by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/451">actions/download-artifact#451</a></li> <li>prepare release v7.0.0 for Node.js 24 support by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/452">actions/download-artifact#452</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/patrikpolyak"><code>@patrikpolyak</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/440">actions/download-artifact#440</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/415">actions/download-artifact#415</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v6.0.0...v7.0.0">https://github.com/actions/download-artifact/compare/v6.0.0...v7.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/download-artifact/commit/37930b1c2abaa49bbe596cd826c3c89aef350131"><code>37930b1</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/452">#452</a> from actions/download-artifact-v7-release</li> <li><a href="https://github.com/actions/download-artifact/commit/72582b9e0acd370909e83fa4a1fd0fca3ad452d8"><code>72582b9</code></a> doc: update readme</li> <li><a href="https://github.com/actions/download-artifact/commit/0d2ec9d4cbcefe257d822f108de2a1f15f8da9f6"><code>0d2ec9d</code></a> chore: release v7.0.0 for Node.js 24 support</li> <li><a href="https://github.com/actions/download-artifact/commit/fd7ae8fda6dc16277a9ffbc91cdb0eedf156e912"><code>fd7ae8f</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/451">#451</a> from actions/fix-storage-blob</li> <li><a href="https://github.com/actions/download-artifact/commit/d484700543354b15886d6a52910cf61b7f1d2b27"><code>d484700</code></a> chore: restore minimatch.dep.yml license file</li> <li><a href="https://github.com/actions/download-artifact/commit/03a808050efe42bb6ad85281890afd4e4546672c"><code>03a8080</code></a> chore: remove obsolete dependency license files</li> <li><a href="https://github.com/actions/download-artifact/commit/56fe6d904b0968950f8b68ea17774c54973ed5e2"><code>56fe6d9</code></a> chore: update <code>@actions/artifact</code> license file to 5.0.1</li> <li><a href="https://github.com/actions/download-artifact/commit/8e3ebc4ab4d2e095e5eb44ba1a4a53b6b03976ad"><code>8e3ebc4</code></a> chore: update package-lock.json with <code>@actions/artifact</code><a href="https://github.com/5"><code>@5</code></a>.0.1</li> <li><a href="https://github.com/actions/download-artifact/commit/1e3c4b4d4906c98ab57453c24efefdf16c078044"><code>1e3c4b4</code></a> fix: update <code>@actions/artifact</code> to ^5.0.0 for Node.js 24 punycode fix</li> <li><a href="https://github.com/actions/download-artifact/commit/458627d354794c71bc386c8d5839d20b5885fe2a"><code>458627d</code></a> chore: use local <code>@actions/artifact</code> package for Node.js 24 testing</li> <li>Additional commits viewable in <a href="https://github.com/actions/download-artifact/compare/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53...37930b1c2abaa49bbe596cd826c3c89aef350131">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1436821a3a |
feat(admin): add tessdata language management for OCR and download support (#5519)
# Description of Changes ### What was changed - Added new admin-only API endpoints to: - List installed tessdata OCR languages - Fetch available tessdata languages from the official Tesseract repository - Download selected tessdata language files directly into the configured tessdata directory - Implemented server-side validation, safe language name handling, and directory writability checks. - Extended the Admin Advanced Settings UI to: - Display installed tessdata languages - Show available remote languages not yet installed - Allow selecting and downloading additional languages via a multi-select UI - Gracefully fall back to manual download links when the tessdata directory is not writable - Added new i18n strings for all related UI states (loading, success, error, permission warnings). ### Why the change was made - Managing OCR languages previously required manual filesystem interaction. - This change improves usability for administrators by enabling in-app management of tessdata languages while maintaining security constraints. - The writable directory check and manual fallback ensure compatibility with restricted or containerized environments. <img width="1282" height="832" alt="image" src="https://github.com/user-attachments/assets/aa958730-0ffb-4fd6-9af8-87c527a476e4" /> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: Copilot <[email protected]> |
||
|
|
8bb807471f |
chore(ci): enable Gradle dependency caching across GitHub workflows (#5400)
# Description of Changes This pull request updates the CI/CD workflows and Gradle configuration to improve build reproducibility, security, and external dependency management. The main changes include standardizing Gradle setup across workflows, securely injecting Maven credentials, and enabling Gradle build caching. There are also minor improvements to dependency version management and plugin repository configuration. **CI/CD Workflow Improvements:** - Standardized Gradle setup across all GitHub Actions workflows by explicitly adding a `Setup Gradle` step using `gradle/actions/[email protected]` and specifying Gradle version 8.14. This replaces previous usages and ensures consistency. [[1]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R71-R81) [[2]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L157-R176) [[3]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R134-R144) [[4]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R206-R216) [[5]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R260-R264) [[6]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R331-R341) [[7]](diffhunk://#diff-3c0f521958c53ad27c967692b4d5480ead136acb33622ee97d39df814b1b202eR339-R351) [[8]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bL53-R54) [[9]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bL121-R127) [[10]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bR206-R217) [[11]](diffhunk://#diff-6a2e9fb077e57351f4a7e10d03b114e256298babdf06e7e7ae666781a5cf36a1R60-R70) [[12]](diffhunk://#diff-62dcbe64a950b4efb54d691e1e87451a8cd535400aa9ea1e40893de5b57cd73bL45-R46) [[13]](diffhunk://#diff-76056236de05155107f6a660f1e3956059e37338011b8f0e72188afcb9b17b6fL46-R56) [[14]](diffhunk://#diff-fd60dc2adec58c1005c4e4164e9c24362fd6082fd3ab0403e54d276d9835fa6eL42-R65) [[15]](diffhunk://#diff-b34ab107dd4bc92075b2e89b6f16e4a2813e267ca7c2afebdb1931a0a3900d5aR102-R114) [[16]](diffhunk://#diff-98b618771a57e1758961359ecacbac2cff7cfef29aa021c3bc294ae926c4ce5bL47-R51) - Enabled Gradle build cache (`--build-cache`) for all build-related commands in workflows, improving build performance and consistency. Also removed unnecessary `clean` commands before builds to further optimize workflow times. [[1]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R71-R81) [[2]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L157-R176) [[3]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R134-R144) [[4]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R206-R216) [[5]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R331-R341) [[6]](diffhunk://#diff-3c0f521958c53ad27c967692b4d5480ead136acb33622ee97d39df814b1b202eR339-R351) [[7]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bL134-R144) [[8]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bR206-R217) [[9]](diffhunk://#diff-6a2e9fb077e57351f4a7e10d03b114e256298babdf06e7e7ae666781a5cf36a1R60-R70) [[10]](diffhunk://#diff-76056236de05155107f6a660f1e3956059e37338011b8f0e72188afcb9b17b6fL46-R56) [[11]](diffhunk://#diff-fd60dc2adec58c1005c4e4164e9c24362fd6082fd3ab0403e54d276d9835fa6eL42-R65) [[12]](diffhunk://#diff-b34ab107dd4bc92075b2e89b6f16e4a2813e267ca7c2afebdb1931a0a3900d5aR102-R114) [[13]](diffhunk://#diff-98b618771a57e1758961359ecacbac2cff7cfef29aa021c3bc294ae926c4ce5bL47-R51) **Security and Dependency Management:** - Injected Maven credentials (`MAVEN_USER`, `MAVEN_PASSWORD`, `MAVEN_PUBLIC_URL`) as environment variables in all relevant workflow steps, supporting secure access to private or custom Maven repositories. [[1]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R71-R81) [[2]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L157-R176) [[3]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R134-R144) [[4]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R206-R216) [[5]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R290-R293) [[6]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R331-R341) [[7]](diffhunk://#diff-3c0f521958c53ad27c967692b4d5480ead136acb33622ee97d39df814b1b202eR339-R351) [[8]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bR66-R69) [[9]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bL134-R144) [[10]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bR281-R283) [[11]](diffhunk://#diff-62dcbe64a950b4efb54d691e1e87451a8cd535400aa9ea1e40893de5b57cd73bR57-R60) [[12]](diffhunk://#diff-76056236de05155107f6a660f1e3956059e37338011b8f0e72188afcb9b17b6fR73-R76) [[13]](diffhunk://#diff-fd60dc2adec58c1005c4e4164e9c24362fd6082fd3ab0403e54d276d9835fa6eL42-R65) [[14]](diffhunk://#diff-b34ab107dd4bc92075b2e89b6f16e4a2813e267ca7c2afebdb1931a0a3900d5aR178-R180) [[15]](diffhunk://#diff-98b618771a57e1758961359ecacbac2cff7cfef29aa021c3bc294ae926c4ce5bL47-R51) - Added a `pluginManagement` block in `settings.gradle` to allow Gradle plugins to be resolved from a custom Maven repository if specified by environment variables, increasing flexibility for plugin sourcing. **Build and Dependency Versioning:** - Updated `app/proprietary/build.gradle` to use the `bouncycastleVersion` variable for the Bouncy Castle dependency version, improving maintainability and consistency of dependency versioning. **Workflow Trigger Improvements:** - Expanded the file path triggers in `.github/workflows/sync_files_v2.yml` to include additional Gradle build files, ensuring the workflow runs when any core build files are changed. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
8d6c8cbc11 |
build(deps): bump docker/login-action from 3.4.0 to 3.6.0 (#5464)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.4.0 to 3.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v3.6.0</h2> <ul> <li>Add <code>registry-auth</code> input for raw authentication to registries by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/887">docker/login-action#887</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0 in <a href="https://redirect.github.com/docker/login-action/pull/883">docker/login-action#883</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/login-action/pull/880">docker/login-action#880</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/login-action/pull/879">docker/login-action#879</a></li> <li>Bump tmp from 0.2.3 to 0.2.4 in <a href="https://redirect.github.com/docker/login-action/pull/881">docker/login-action#881</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.5.0...v3.6.0">https://github.com/docker/login-action/compare/v3.5.0...v3.6.0</a></p> <h2>v3.5.0</h2> <ul> <li>Support dual-stack endpoints for AWS ECR by <a href="https://github.com/Spacefish"><code>@Spacefish</code></a> <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/874">docker/login-action#874</a> <a href="https://redirect.github.com/docker/login-action/pull/876">docker/login-action#876</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.859.0 in <a href="https://redirect.github.com/docker/login-action/pull/860">docker/login-action#860</a> <a href="https://redirect.github.com/docker/login-action/pull/878">docker/login-action#878</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.859.0 in <a href="https://redirect.github.com/docker/login-action/pull/860">docker/login-action#860</a> <a href="https://redirect.github.com/docker/login-action/pull/878">docker/login-action#878</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.57.0 to 0.62.1 in <a href="https://redirect.github.com/docker/login-action/pull/870">docker/login-action#870</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/login-action/pull/875">docker/login-action#875</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.4.0...v3.5.0">https://github.com/docker/login-action/compare/v3.4.0...v3.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/login-action/commit/5e57cd118135c172c3672efd75eb46360885c0ef"><code>5e57cd1</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/890">#890</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/97e31439e8b415da4e1322633630e1563c42c0f2"><code>97e3143</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/3a0796b57f440ff1af59165907392527fa832e0c"><code>3a0796b</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/5b7b28b1cc417bbd34cd8c225a957c9ce9adf7f2"><code>5b7b28b</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/882">#882</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/abc9fb3154ad354cf35d6c78a862bee018dd4cb8"><code>abc9fb3</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/d46868881477a1d16bdcc80a5b2c05208b1befe4"><code>d468688</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/a99b2f88fc4efabea32b8ba09581cf535c1577e9"><code>a99b2f8</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/883">#883</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/login-action/commit/0d7fae8057d840a981e4132ce97862f6c8f48b42"><code>0d7fae8</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/9832253cb7b14f93bd4134396bd26e855e8e4bd2"><code>9832253</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0</li> <li><a href="https://github.com/docker/login-action/commit/09e05bbdf68bd9ce9eedefa6d2ebe03008c32b08"><code>09e05bb</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/881">#881</a> from docker/dependabot/npm_and_yarn/tmp-0.2.4</li> <li>Additional commits viewable in <a href="https://github.com/docker/login-action/compare/v3.4.0...5e57cd118135c172c3672efd75eb46360885c0ef">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0e8992e3a5 |
build(deps): bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#5463)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.11.1 to 3.12.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v3.12.0</h2> <ul> <li>Deprecate <code>install</code> input by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/455">docker/setup-buildx-action#455</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/434">docker/setup-buildx-action#434</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/436">docker/setup-buildx-action#436</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/432">docker/setup-buildx-action#432</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/435">docker/setup-buildx-action#435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0">https://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-buildx-action/commit/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f"><code>8d2750c</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/455">#455</a> from crazy-max/install-deprecated</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/e81846bcc4416a0bf18b8389e4f6fce279619ddc"><code>e81846b</code></a> deprecate install input</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/65d18f8f8a05aab1b2d761032bec9cd5578caadb"><code>65d18f8</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/454">#454</a> from docker/dependabot/github_actions/actions/checkout-6</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/000d75d273dec231f74115df50b6ee04c9b25e55"><code>000d75d</code></a> build(deps): bump actions/checkout from 5 to 6</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/1583c0f09d26c58c59d25b0eef29792b7ce99d9a"><code>1583c0f</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/443">#443</a> from nicolasleger/patch-1</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/ed158e796328af702db08c75bebb92f2fb10be88"><code>ed158e7</code></a> doc: bump actions/checkout from 4 to 5</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/4cc794f83e4b7488282e879f4469e86246e52ddd"><code>4cc794f</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/441">#441</a> from docker/dependabot/github_actions/actions/checkout-5</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/4dfc3d6c5d9e9534040f8d8b55bd4a98459b62b7"><code>4dfc3d6</code></a> build(deps): bump actions/checkout from 4 to 5</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/af1b253b8dc984466d22633f04ef341c1520ed2f"><code>af1b253</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/440">#440</a> from crazy-max/k3s-build</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/3c6ab92b04d9f3e63233e0e0168ba114c6b448bc"><code>3c6ab92</code></a> ci: k3s test with latest buildx</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-buildx-action/compare/e468171a9de216ec08956ac3ada2f0791b6bd435...8d2750c68a42422c14e847fe6c8ac0403b4cbd6f">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
aa39435303 |
build(deps): bump debian from 1c25564 to 449673e in /docker/embedded (#5357)
Bumps debian from `1c25564` to `449673e`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
3eaccc1e0e |
build(deps): bump alpine from 3.22.1 to 3.23.2 in /docker/embedded (#5319)
Bumps alpine from 3.22.1 to 3.23.2. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1a7fd6ac4e |
build(deps): bump alpine from 3.22.2 to 3.23.2 in /docker/backend (#5316)
Bumps alpine from 3.22.2 to 3.23.2. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
e49793a6b7 |
build(deps): bump urllib3 from 2.5.0 to 2.6.3 in /testing/cucumber in the pip group across 1 directory (#5456)
Bumps the pip group with 1 update in the /testing/cucumber directory: [urllib3](https://github.com/urllib3/urllib3). Updates `urllib3` from 2.5.0 to 2.6.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.6.3</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by <a href="https://github.com/D47A"><code>@D47A</code></a>, 8.9 High, GHSA-38jv-5279-wg99)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">urllib3/urllib3#3743</a>)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">urllib3/urllib3#3752</a>)</li> </ul> <h2>2.6.2</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3734">urllib3/urllib3#3734</a>)</li> </ul> <h2>2.6.1</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3731">#3731</a>)</li> </ul> <h2>2.6.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by <a href="https://github.com/Cycloctane"><code>@Cycloctane</code></a>, 8.9 High, GHSA-2xpw-w6gg-jr37)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by <a href="https://github.com/illia-v"><code>@illia-v</code></a>, 8.9 High, GHSA-gm62-xv2j-4w53)</li> </ul> <blockquote> <p>[!IMPORTANT]</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using <code>urllib3[brotli]</code> to install a compatible Brotli package automatically.</li> </ul> </blockquote> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.6.3 (2026-01-07)</h1> <ul> <li>Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (<code>GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99></code>__)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<code>[#3743](https://github.com/urllib3/urllib3/issues/3743) <https://github.com/urllib3/urllib3/issues/3743></code>__)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<code>[#3752](https://github.com/urllib3/urllib3/issues/3752) <https://github.com/urllib3/urllib3/issues/3752></code>__)</li> </ul> <h1>2.6.2 (2025-12-11)</h1> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<code>[#3734](https://github.com/urllib3/urllib3/issues/3734) <https://github.com/urllib3/urllib3/issues/3734></code>__)</li> </ul> <h1>2.6.1 (2025-12-08)</h1> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<code>[#3731](https://github.com/urllib3/urllib3/issues/3731) <https://github.com/urllib3/urllib3/issues/3731></code>__)</li> </ul> <h1>2.6.0 (2025-12-05)</h1> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (<code>GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37></code>__)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (<code>GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53></code>__)</li> </ul> <p>.. caution::</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc"><code>0248277</code></a> Release 2.6.3</li> <li><a href="https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"><code>8864ac4</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c"><code>70cecb2</code></a> Fix Scorecard issues related to vulnerable dev dependencies (<a href="https://redirect.github.com/urllib3/urllib3/issues/3755">#3755</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359"><code>41f249a</code></a> Move "v2.0 Migration Guide" to the end of the table of contents (<a href="https://redirect.github.com/urllib3/urllib3/issues/3747">#3747</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c"><code>fd4dffd</code></a> Patch <code>VerifiedHTTPSConnection</code> for Emscripten (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">#3752</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab"><code>13f0bfd</code></a> Handle massive values in Retry-After when calculating time to sleep for (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">#3743</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b"><code>8c480bf</code></a> Bump actions/upload-artifact from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3748">#3748</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1"><code>4b40616</code></a> Bump actions/cache from 4.3.0 to 5.0.1 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3750">#3750</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b"><code>82b8479</code></a> Bump actions/download-artifact from 6.0.0 to 7.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3749">#3749</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2"><code>34284cb</code></a> Mention experimental features in the security policy (<a href="https://redirect.github.com/urllib3/urllib3/issues/3746">#3746</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/2.5.0...2.6.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Stirling-Tools/Stirling-PDF/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
a366463496 |
ci(build): scope Docker layer cache per artifact to avoid cross-contamination (#5453)
This pull request updates the Docker build caching strategy in the
GitHub Actions workflow to improve cache isolation and efficiency. The
main change is the introduction of a cache `scope` based on the
`artifact-suffix` matrix value.
**Build caching improvements:**
*
[`.github/workflows/build.yml`](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L329-R330):
Updated `cache-from` and `cache-to` in the Docker build step to use a
scoped cache (`scope=${{ matrix.artifact-suffix }}`), enabling better
cache isolation across different build variants.
|
||
|
|
472ee54098 |
fix(translations): improve translation merger CLI and sync missing UI strings across locales (#5309)
# Description of Changes This pull request updates the Arabic translation file (`frontend/public/locales/ar-AR/translation.toml`) with a large number of new and improved strings, adding support for new features and enhancing clarity and coverage across the application. Additionally, it makes several improvements to the TOML language check script (`.github/scripts/check_language_toml.py`) and updates the corresponding GitHub Actions workflow to better track and validate translation changes. **Translation updates and enhancements:** * Added translations for new features and UI elements, including annotation tools, PDF/A-3b conversion, line art compression, background removal, split modes, onboarding tours, and more. [[1]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR343-R346) [[2]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR442-R460) [[3]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR514-R523) [[4]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR739-R743) [[5]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR1281-R1295) [[6]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR1412-R1416) [[7]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR2362-R2365) [[8]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR2411-R2415) [[9]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR2990) [[10]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR3408-R3420) [[11]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR3782-R3794) [[12]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR3812-R3815) [[13]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR3828-R3832) [[14]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effL3974-R4157) [[15]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR4208-R4221) [[16]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5247) [[17]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5414-R5423) [[18]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5444-R5447) * Improved and expanded coverage for settings, security, onboarding, and help menus, including detailed descriptions and tooltips for new and existing features. [[1]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR442-R460) [[2]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5247) [[3]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5414-R5423) [[4]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5444-R5447) **TOML language check script improvements:** * Increased the maximum allowed TOML file size from 500 KB to 570 KB to accommodate larger translation files. * Improved file validation logic to more accurately skip or process files based on directory structure and file type, and added informative print statements for skipped files. * Enhanced reporting in the difference check: now, instead of raising exceptions for unsafe files or oversized files, the script logs warnings and continues processing, improving robustness and clarity in CI reports. * Adjusted the placement of file check report lines for clarity in the generated report. **Workflow and CI improvements:** * Updated the GitHub Actions workflow (`.github/workflows/check_toml.yml`) to trigger on changes to the translation script and workflow files, in addition to translation TOMLs, ensuring all relevant changes are validated. These changes collectively improve the translation quality and coverage for Arabic users, enhance the reliability and clarity of the translation validation process, and ensure smoother CI/CD workflows for localization updates. <img width="654" height="133" alt="image" src="https://github.com/user-attachments/assets/9f3e505d-927f-4dc0-9098-cee70bbe85ca" /> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
e7b030e6b5 |
Add Telegram bot integration for pipeline processing (#5185)
# Description of Changes This pull request introduces Telegram bot integration to the application, enabling users to send files via Telegram for processing through the pipeline. The main changes add configuration options, dependency management, and a new service for handling Telegram interactions. **Telegram bot integration:** * Added a new `TelegramPipelineBot` service (`TelegramPipelineBot.java`) that listens for incoming Telegram messages, downloads attached files or photos, places them in a pipeline inbox folder, waits for processing results, and sends the output files back to the user. The service includes error handling and status messaging. * Introduced a `TelegramBotConfig` configuration class to initialize and register the Telegram bot only when enabled via application properties. * Added a new `Telegram` configuration section to `ApplicationProperties` and the `settings.yml.template`, supporting options like enabling/disabling the bot, bot token/username, pipeline folder, processing timeout, and polling interval. [[1]](diffhunk://#diff-1c357db0a3e88cf5bedd4a5852415fadad83b8b3b9eb56e67059d8b9d8b10702R63) [[2]](diffhunk://#diff-1c357db0a3e88cf5bedd4a5852415fadad83b8b3b9eb56e67059d8b9d8b10702R580-R589) [[3]](diffhunk://#diff-12f23603ae35319a3ea08f91b6340d5d935216941fda2e69d2df1b6cd22a63f2R108-R115) **Dependency management:** * Added the `org.telegram:telegrambots` library to the project dependencies to support Telegram bot functionality. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: Copilot <[email protected]> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
392462a325 |
build(deps): bump globals from 16.5.0 to 17.0.0 in /frontend (#5413)
Bumps [globals](https://github.com/sindresorhus/globals) from 16.5.0 to 17.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sindresorhus/globals/releases">globals's releases</a>.</em></p> <blockquote> <h2>v17.0.0</h2> <h3>Breaking</h3> <ul> <li>Split <code>audioWorklet</code> environment from <code>browser</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/320">#320</a>) 7bc293e</li> </ul> <h3>Improvements</h3> <ul> <li>Update globals (<a href="https://redirect.github.com/sindresorhus/globals/issues/329">#329</a>) ebe1063</li> <li>Get all browser globals from both <code>chrome</code> and <code>firefox</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/321">#321</a>) 59ceff8</li> <li>Add <code>bunBuiltin</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/324">#324</a>) 1bc6e3b</li> <li>Add <code>denoBuiltin</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/324">#324</a>) 1bc6e3b</li> <li>Add <code>paintWorklet</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/323">#323</a>) 4b78f56</li> <li>Add <code>sharedWorker</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/322">#322</a>) 4a02a85</li> </ul> <hr /> <p><a href="https://github.com/sindresorhus/globals/compare/v16.5.0...v17.0.0">https://github.com/sindresorhus/globals/compare/v16.5.0...v17.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sindresorhus/globals/commit/bb89b18916b00f6c4f089baa0d66cb7f0771ab1b"><code>bb89b18</code></a> 17.0.0</li> <li><a href="https://github.com/sindresorhus/globals/commit/ebe106340137419b4ac0150f746b7567fb78ce03"><code>ebe1063</code></a> Update globals (2026-01-01) (<a href="https://redirect.github.com/sindresorhus/globals/issues/329">#329</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/e3d8da349da72d66fcadf94d926d4ff96da3319c"><code>e3d8da3</code></a> Revert "Automate script for <code>paintWorklet</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/325">#325</a>)" (<a href="https://redirect.github.com/sindresorhus/globals/issues/328">#328</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/e7c0453f80840ebcef3a6bccaabc7a9dc0cb7a84"><code>e7c0453</code></a> Automate script for <code>paintWorklet</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/325">#325</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/1bc6e3bc6658d4243a714bb7dd7401f206fd3bc5"><code>1bc6e3b</code></a> Add <code>bunBuiltin</code> and <code>denoBuiltin</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/324">#324</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/4b78f56c1c305e34161183e8fd5ac89e92c72e84"><code>4b78f56</code></a> Add <code>paintWorklet</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/323">#323</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/59ceff80cb22de31a78651acdda4db1a91eefb11"><code>59ceff8</code></a> Get all browser globals from both <code>chrome</code> and <code>firefox</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/321">#321</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/4a02a852463c03ae722f14f06944c5aa7e0e06e0"><code>4a02a85</code></a> Add <code>sharedWorker</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/322">#322</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/7bc293ec2498be49293e3aec46186a98a76e5ecd"><code>7bc293e</code></a> Split <code>audioWorklet</code> environment from <code>browser</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/320">#320</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/814075ffd71e6b0599f2611cd445b00906ad2181"><code>814075f</code></a> Fix browser launch (<a href="https://redirect.github.com/sindresorhus/globals/issues/319">#319</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sindresorhus/globals/compare/v16.5.0...v17.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0a801fe3a6 |
build(deps): bump nginx from 8491795 to c083c37 in /docker/frontend (#5448)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps nginx from `8491795` to `c083c37`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
646df1bfb5 |
build(deps): bump node from 20-alpine to 25-alpine in /docker/frontend (#5311)
Bumps node from 20-alpine to 25-alpine. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
daf27b6128 |
build(deps): bump step-security/harden-runner from 2.12.1 to 2.14.0 (#5324)
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.12.1 to 2.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.14.0</h2> <h2>What's Changed</h2> <ul> <li>Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip_harden_runner, allowing organizations to opt out specific repos.</li> <li>Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0">https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0</a></p> <h2>v2.13.3</h2> <h2>What's Changed</h2> <ul> <li>Fixed an issue where process events were not uploaded in certain edge cases.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3">https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3</a></p> <h2>v2.13.2</h2> <h2>What's Changed</h2> <ul> <li>Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.</li> <li>Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.1...v2.13.2">https://github.com/step-security/harden-runner/compare/v2.13.1...v2.13.2</a></p> <h2>v2.13.1</h2> <h2>What's Changed</h2> <ul> <li> <p>Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues.</p> </li> <li> <p>Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions.</p> </li> <li> <p>Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability.</p> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1">https://github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1</a></p> <h2>v2.13.0</h2> <h2>What's Changed</h2> <ul> <li>Improved job markdown summary</li> <li>Https monitoring for all domains (included with the enterprise tier)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.13.0">https://github.com/step-security/harden-runner/compare/v2...v2.13.0</a></p> <h2>v2.12.2</h2> <h2>What's Changed</h2> <p>Added HTTPS Monitoring for additional destinations - *.githubusercontent.com Bug fixes:</p> <ul> <li>Implicitly allow local multicast, local unicast and broadcast IP addresses in block mode</li> <li>Increased policy map size for block mode</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/20cf305ff2072d973412fa9b1e3a4f227bda3c76"><code>20cf305</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/622">#622</a> from step-security/feature/custom-property-skip</li> <li><a href="https://github.com/step-security/harden-runner/commit/c51e8eeb6c4fdcd08f65e43a051dacdbfaa69702"><code>c51e8ee</code></a> feat: skip agent install and post step on subsequent runs for GitHub-hosted r...</li> <li><a href="https://github.com/step-security/harden-runner/commit/e152b90204c3d85cefa1441b701a47a13ed28bd7"><code>e152b90</code></a> feat: skip harden-runner based on repository custom property</li> <li><a href="https://github.com/step-security/harden-runner/commit/ee1faec052d1000061fa79a13e030db11b3f86bd"><code>ee1faec</code></a> feat: replace skip-harden-runner with skip-on-custom-property input</li> <li><a href="https://github.com/step-security/harden-runner/commit/1dc7c1764659d537dab2a854b8e165a801103eb1"><code>1dc7c17</code></a> feat: add skip-harden-runner input to conditionally skip execution</li> <li><a href="https://github.com/step-security/harden-runner/commit/df199fb7be9f65074067a9eb93f12bb4c5547cf2"><code>df199fb</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/620">#620</a> from step-security/rc-29</li> <li><a href="https://github.com/step-security/harden-runner/commit/03d096a772368b1f0222005a6899d3e35a7f62df"><code>03d096a</code></a> update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/40901073af04afd40408833437092a7467798f33"><code>4090107</code></a> fix: update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/95d9a5deda9de15063e7595e9719c11c38c90ae2"><code>95d9a5d</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/606">#606</a> from step-security/rc-28</li> <li><a href="https://github.com/step-security/harden-runner/commit/87e429d3fb470bcc827f338e5cce1155ff99c6eb"><code>87e429d</code></a> Update limitations.md</li> <li>Additional commits viewable in <a href="https://github.com/step-security/harden-runner/compare/v2.12.1...20cf305ff2072d973412fa9b1e3a4f227bda3c76">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
818c30cb55 |
build(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 (#5326)
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.6.0 to 3.7.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's releases</a>.</em></p> <blockquote> <h2>v3.7.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.56.0 to 0.67.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/217">docker/setup-qemu-action#217</a> <a href="https://redirect.github.com/docker/setup-qemu-action/pull/230">docker/setup-qemu-action#230</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/220">docker/setup-qemu-action#220</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/218">docker/setup-qemu-action#218</a></li> <li>Bump tmp from 0.2.3 to 0.2.4 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/221">docker/setup-qemu-action#221</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/219">docker/setup-qemu-action#219</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0">https://github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-qemu-action/commit/c7c53464625b32c7a7e944ae62b3e17d2b600130"><code>c7c5346</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/230">#230</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/3a517a1a6f815421d6c0f8ab069bd9cae3024828"><code>3a517a1</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/a5b45edf7e42dbe6d762ad8053bd35a7d336a850"><code>a5b45ed</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.67.0</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/3a64278e93930d340f1caabd280b2e78b36b5032"><code>3a64278</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/220">#220</a> from docker/dependabot/npm_and_yarn/brace-expansion-1...</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/94906ba253608103ef32875025dd58d7f74e2716"><code>94906ba</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/4027abfd67ddf4bd8f75dbf3bb8bf3b69764ded6"><code>4027abf</code></a> build(deps): bump brace-expansion from 1.1.11 to 1.1.12</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/bee0aaad0f43394cdb4b8756cd994ae278b0667c"><code>bee0aaa</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/221">#221</a> from docker/dependabot/npm_and_yarn/tmp-0.2.4</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/0d7e25756e271776f152e7669522f64f54c5e3e2"><code>0d7e257</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/b86960130e28d1756dfa88e15e28ee5880e893de"><code>b869601</code></a> build(deps): bump tmp from 0.2.3 to 0.2.4</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/3a043edff31c211e56ebb1e00a76ce49a831bd24"><code>3a043ed</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/219">#219</a> from docker/dependabot/npm_and_yarn/undici-5.29.0</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-qemu-action/compare/v3.6.0...c7c53464625b32c7a7e944ae62b3e17d2b600130">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
7460e58abf |
build(deps): bump io.micrometer:micrometer-core from 1.16.0 to 1.16.1 (#5358)
Bumps [io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer) from 1.16.0 to 1.16.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micrometer-metrics/micrometer/releases">io.micrometer:micrometer-core's releases</a>.</em></p> <blockquote> <h2>1.16.1</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Don't filter log events in LogbackMetricsBenchmark <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6891">#6891</a></li> <li>Return value nullability is incorrect on function wrapper methods <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6869">#6869</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Add link to the latest Micrometer Team talk <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6881">#6881</a></li> <li>Document JSpecify dependency <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6886">#6886</a></li> <li>Make cross-references more consistent in the docs <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6915">#6915</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6877">#6877</a></li> <li>Bump com.netflix.spectator:spectator-reg-atlas from 1.9.1 to 1.9.2 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6904">#6904</a></li> <li>Bump com.uber.nullaway:nullaway from 0.12.12 to 0.12.14 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6937">#6937</a></li> <li>Bump grpc from 1.76.0 to 1.76.1 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6902">#6902</a></li> <li>Bump io.freefair.aspectj.post-compile-weaving from 8.14.2 to 8.14.3 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6876">#6876</a></li> <li>Bump io.prometheus:prometheus-metrics-bom from 1.4.2 to 1.4.3 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6868">#6868</a></li> <li>Bump spring6 from 6.2.12 to 6.2.14 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6890">#6890</a></li> </ul> <h2>❤️ Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <p><a href="https://github.com/MiLabuda"><code>@MiLabuda</code></a>, <a href="https://github.com/izeye"><code>@izeye</code></a>, and <a href="https://github.com/ngocnhan-tran1996"><code>@ngocnhan-tran1996</code></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/0550e769cb9b4f15cff86c1e503fce8ae03ef84f"><code>0550e76</code></a> Merge branch '1.15.x' into 1.16.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/e8dd176ffe60d6ea068c7f536e5662278499cd8f"><code>e8dd176</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/d8a46b5a7080738e6f9afd623cfdfcf984f44185"><code>d8a46b5</code></a> Fixed flaky test for mongo client (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6924">#6924</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/0bbe73b0f447ca5ca94e1d2b621eda83d7735477"><code>0bbe73b</code></a> Bump com.uber.nullaway:nullaway from 0.12.13 to 0.12.14 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6937">#6937</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/d0b368dbbc1cd8511f693e7be97810978f67787d"><code>d0b368d</code></a> Polish <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6612">gh-6612</a> (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6932">#6932</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/aa9eac0d31acb389a03be50f266bc968c8ef207f"><code>aa9eac0</code></a> Bump com.uber.nullaway:nullaway from 0.12.12 to 0.12.13 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6930">#6930</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/57bd4ff8ebb64d941ece6d9fb04d2c921bd77ac1"><code>57bd4ff</code></a> Merge branch '1.15.x' into 1.16.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/11d8fb1f8081098ad91efc40ea8902b9113d03d3"><code>11d8fb1</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/5779b09fcb1d5266c614b50ecefe1ad42264b3c2"><code>5779b09</code></a> Backport fixing typos in docs</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/8b88e43a98221f50f56d43cdd5b0eafb986e835b"><code>8b88e43</code></a> Merge branch '1.15.x' into 1.16.x</li> <li>Additional commits viewable in <a href="https://github.com/micrometer-metrics/micrometer/compare/v1.16.0...v1.16.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ludy <[email protected]> |
||
|
|
a9ee7f6a8e |
build(deps): bump pypdf from 6.4.0 to 6.6.0 in /testing/cucumber (#5422)
Bumps [pypdf](https://github.com/py-pdf/pypdf) from 6.4.0 to 6.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/py-pdf/pypdf/releases">pypdf's releases</a>.</em></p> <blockquote> <h2>Version 6.6.0, 2026-01-09</h2> <h2>What's new</h2> <h3>Security (SEC)</h3> <ul> <li>Improve handling of partially broken PDF files (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3594">#3594</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Deprecations (DEP)</h3> <ul> <li>Block common page content modifications when assigned to reader (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3582">#3582</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>New Features (ENH)</h3> <ul> <li>Embellishments to generated text appearance streams (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3571">#3571</a>) by <a href="https://github.com/PJBrs"><code>@PJBrs</code></a></li> </ul> <h3>Bug Fixes (BUG)</h3> <ul> <li>Do not consider multi-byte BOM-like sequences as BOMs (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3589">#3589</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Avoid empty FlateDecode outputs without warning (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3579">#3579</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Documentation (DOC)</h3> <ul> <li>Add outlines documentation and link it in User Guide (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3511">#3511</a>) by <a href="https://github.com/mainuddin-md"><code>@mainuddin-md</code></a></li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Add PyPy 3.11 to test matrix and benchmarks (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3574">#3574</a>) by <a href="https://github.com/rassie"><code>@rassie</code></a></li> </ul> <h3>Maintenance (MAINT)</h3> <ul> <li>Fix compatibility with Pillow >= 12.1.0 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3590">#3590</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.5.0...6.6.0">Full Changelog</a></p> <h2>Version 6.5.0, 2025-12-21</h2> <h2>What's new</h2> <h3>New Features (ENH)</h3> <ul> <li>Limit jbig2dec memory usage (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3576">#3576</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> <li>FontDescriptor: Initiate from embedded font resource (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3551">#3551</a>) by <a href="https://github.com/PJBrs"><code>@PJBrs</code></a></li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Allow fallback to PBM files for jbig2dec without PNG support (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3567">#3567</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> <li>Use warning instead of error for early EOD for RunLengthDecode (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3548">#3548</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Test with macOS as well (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3401">#3401</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.4.2...6.5.0">Full Changelog</a></p> <h2>Version 6.4.2, 2025-12-14</h2> <h2>What's new</h2> <h3>Bug Fixes (BUG)</h3> <ul> <li>Fix KeyError when flattening form field without /Font in resources (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3554">#3554</a>) by <a href="https://github.com/jgillard"><code>@jgillard</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md">pypdf's changelog</a>.</em></p> <blockquote> <h2>Version 6.6.0, 2026-01-09</h2> <h3>Security (SEC)</h3> <ul> <li>Improve handling of partially broken PDF files (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3594">#3594</a>)</li> </ul> <h3>Deprecations (DEP)</h3> <ul> <li>Block common page content modifications when assigned to reader (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3582">#3582</a>)</li> </ul> <h3>New Features (ENH)</h3> <ul> <li>Embellishments to generated text appearance streams (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3571">#3571</a>)</li> </ul> <h3>Bug Fixes (BUG)</h3> <ul> <li>Do not consider multi-byte BOM-like sequences as BOMs (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3589">#3589</a>)</li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Avoid empty FlateDecode outputs without warning (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3579">#3579</a>)</li> </ul> <h3>Documentation (DOC)</h3> <ul> <li>Add outlines documentation and link it in User Guide (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3511">#3511</a>)</li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Add PyPy 3.11 to test matrix and benchmarks (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3574">#3574</a>)</li> </ul> <h3>Maintenance (MAINT)</h3> <ul> <li>Fix compatibility with Pillow >= 12.1.0 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3590">#3590</a>)</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.5.0...6.6.0">Full Changelog</a></p> <h2>Version 6.5.0, 2025-12-21</h2> <h3>New Features (ENH)</h3> <ul> <li>Limit jbig2dec memory usage (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3576">#3576</a>)</li> <li>FontDescriptor: Initiate from embedded font resource (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3551">#3551</a>)</li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Allow fallback to PBM files for jbig2dec without PNG support (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3567">#3567</a>)</li> <li>Use warning instead of error for early EOD for RunLengthDecode (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3548">#3548</a>)</li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Test with macOS as well (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3401">#3401</a>)</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.4.2...6.5.0">Full Changelog</a></p> <h2>Version 6.4.2, 2025-12-14</h2> <h3>Bug Fixes (BUG)</h3> <ul> <li>Fix KeyError when flattening form field without /Font in resources (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3554">#3554</a>)</li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Allow deleting non-existent annotations (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3559">#3559</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/py-pdf/pypdf/commit/10df9c72fa7fb9ab14101b9cb911d66e680282a8"><code>10df9c7</code></a> REL: 6.6.0</li> <li><a href="https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45"><code>2941657</code></a> SEC: Improve handling of partially broken PDF files (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3594">#3594</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/712688005e49d2d0a4427db0b16abbae160fe106"><code>7126880</code></a> DEV: Update to urllib3 2.6.3 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3593">#3593</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/f189f0755eb111564ae8667a990738a9e7ab4ba9"><code>f189f07</code></a> DOC: Add outlines documentation and link it in User Guide (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3511">#3511</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/a29e5326f543f93c4c317cf9f92df54aff68c584"><code>a29e532</code></a> BUG: Do not consider multi-byte BOM-like sequences as BOMs (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3589">#3589</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/d9ce594772717fdcfcd505d0309843461579bbf7"><code>d9ce594</code></a> MAINT: Converge on one shared Font class for text extraction and appearance s...</li> <li><a href="https://github.com/py-pdf/pypdf/commit/a65708c778467f1525662dfe5614a486adbd16b0"><code>a65708c</code></a> DEV: Check for JavaScript library updates on GitHub Pages (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3592">#3592</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/6951bb7c039afd02bd273dda412c3f36df76eba3"><code>6951bb7</code></a> MAINT: Fix compatibility with Pillow >= 12.1.0 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3590">#3590</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/97d47a001d574dfda54bf16c4dcee89ccbfabec8"><code>97d47a0</code></a> TST: Improve test coverage (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3584">#3584</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/bda80a4846a8646419a04cc253d81b73773d3cec"><code>bda80a4</code></a> DEV: Add PyPy 3.11 to test matrix and benchmarks (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3574">#3574</a>)</li> <li>Additional commits viewable in <a href="https://github.com/py-pdf/pypdf/compare/6.4.0...6.6.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
36e0fd566a |
build(deps): bump github/codeql-action from 4.31.5 to 4.31.10 (#5449)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.5 to 4.31.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v4.31.10</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.10 - 12 Jan 2026</h2> <ul> <li>Update default CodeQL bundle version to 2.23.9. <a href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.10/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.9</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.9 - 16 Dec 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.9/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.8</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.8 - 11 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.8. <a href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.8/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.7</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.7 - 05 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.7. <a href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.7/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.6</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.6 - 01 Dec 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>4.31.10 - 12 Jan 2026</h2> <ul> <li>Update default CodeQL bundle version to 2.23.9. <a href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li> </ul> <h2>4.31.9 - 16 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.8 - 11 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.8. <a href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li> </ul> <h2>4.31.7 - 05 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.7. <a href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li> </ul> <h2>4.31.6 - 01 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.5 - 24 Nov 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.6. <a href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li> </ul> <h2>4.31.4 - 18 Nov 2025</h2> <p>No user facing changes.</p> <h2>4.31.3 - 13 Nov 2025</h2> <ul> <li>CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see <a href="https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/">Upcoming deprecation of CodeQL Action v3</a>.</li> <li>Update default CodeQL bundle version to 2.23.5. <a href="https://redirect.github.com/github/codeql-action/pull/3288">#3288</a></li> </ul> <h2>4.31.2 - 30 Oct 2025</h2> <p>No user facing changes.</p> <h2>4.31.1 - 30 Oct 2025</h2> <ul> <li>The <code>add-snippets</code> input has been removed from the <code>analyze</code> action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.</li> </ul> <h2>4.31.0 - 24 Oct 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/cdefb33c0f6224e58673d9004f47f7cb3e328b89"><code>cdefb33</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3394">#3394</a> from github/update-v4.31.10-0fa411efd</li> <li><a href="https://github.com/github/codeql-action/commit/cfa77c6b134886357b1c716fbe58a7708833bf31"><code>cfa77c6</code></a> Update changelog for v4.31.10</li> <li><a href="https://github.com/github/codeql-action/commit/0fa411efd0628aefdf9d03a0faa20a1e0edafc4a"><code>0fa411e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3393">#3393</a> from github/update-bundle/codeql-bundle-v2.23.9</li> <li><a href="https://github.com/github/codeql-action/commit/c2843242125c2fb8dcd892f204eb2f8622886b78"><code>c284324</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/83e7d0046cd548fe4cb5d55f5b2ce30b0de62304"><code>83e7d00</code></a> Update default bundle to codeql-bundle-v2.23.9</li> <li><a href="https://github.com/github/codeql-action/commit/f6a16bef8e5c39e398e4da16862d381f76824ac6"><code>f6a16be</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3391">#3391</a> from github/dependabot/npm_and_yarn/npm-minor-f1cdf5...</li> <li><a href="https://github.com/github/codeql-action/commit/c1f5f1a8b57e6da99af540e7c2f23ed33152e270"><code>c1f5f1a</code></a> Rebuild</li> <li><a href="https://github.com/github/codeql-action/commit/1805d8d0a48bdde6eb34e4427b3c00c431427f89"><code>1805d8d</code></a> Bump the npm-minor group with 2 updates</li> <li><a href="https://github.com/github/codeql-action/commit/b2951d2a1ed70de8ec57301118b487b35c13595a"><code>b2951d2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3353">#3353</a> from github/kaspersv/bump-min-cli-v-for-overlay</li> <li><a href="https://github.com/github/codeql-action/commit/41448d92b9e7bb3a481b3134031a56e52f85528f"><code>41448d9</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3287">#3287</a> from github/henrymercer/generate-mergeback-last</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/fdbfb4d2750291e159f0156def62b853c2798ca2...cdefb33c0f6224e58673d9004f47f7cb3e328b89">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
65a5d05713 |
feat(ui): prevent self-modification in People management and highlight current user (#5441)
# Description of Changes This PR improves the People management UI by preventing users from modifying or deleting their own account and by visually highlighting the currently logged-in user. <img width="675" height="196" alt="image" src="https://github.com/user-attachments/assets/c45fb0b6-c766-412c-a53b-b72aed2925d2" /> ### What was changed - Integrated session-based authentication context to identify the currently logged-in user. - Added a helper to detect the current user in the user list. - Highlighted the current user's row with a subtle background color. - Disabled self-actions: - Editing own role - Enabling/disabling own account - Deleting own account - Kept password change available for the current user. ### Why the change was made - Prevents accidental self-lockout or privilege removal. - Aligns UI behavior with common security best practices. - Improves clarity by visually distinguishing the active user account. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
3c8fb8ac96 |
build(ci): pin base container images, switch npm install to npm ci, and harden EML error handling (#5353)
# Description of Changes This pull request introduces several improvements focused on security and reliability in both the Docker build process and the backend API. The most significant changes are the use of digest-pinned Docker base images to ensure reproducible builds, safer handling of user-provided filenames in error messages, and a switch to more reliable dependency installation in CI workflows. **Docker image security and reproducibility:** * All Dockerfiles now use digest-pinned base images (e.g., `node:20-alpine@sha256:...`, `gradle:8.14-jdk21@sha256:...`, `alpine:3.22.1@sha256:...`, `nginx:alpine@sha256:...`) to guarantee build consistency and protect against upstream image changes. [[1]](diffhunk://#diff-f8faae0938488156cf26e9322ffdf755deaa8770a7ac8c524dd6126c19548888L5-R5) [[2]](diffhunk://#diff-f8faae0938488156cf26e9322ffdf755deaa8770a7ac8c524dd6126c19548888L18-R18) [[3]](diffhunk://#diff-f8faae0938488156cf26e9322ffdf755deaa8770a7ac8c524dd6126c19548888L38-R38) [[4]](diffhunk://#diff-2f5cd3ad965c86a7a5b4af6e0513ad294e0426644d9f5b5358dfb16a2ef995a7L5-R5) [[5]](diffhunk://#diff-2f5cd3ad965c86a7a5b4af6e0513ad294e0426644d9f5b5358dfb16a2ef995a7L18-R18) [[6]](diffhunk://#diff-2f5cd3ad965c86a7a5b4af6e0513ad294e0426644d9f5b5358dfb16a2ef995a7L37-R37) [[7]](diffhunk://#diff-e9edf3a05475d0721a0e65be1ba0eeb162ae972891b0f6d7e1285687efab1de0L9-R9) [[8]](diffhunk://#diff-fa0700cfd7d90d832649eb1d0503904564bb3b28c48972be7d9f17e4ce32a3dcL9-R9) [[9]](diffhunk://#diff-2e766aaf0c87e7b8a62d2a2986f6999c38cc35f677479e31b77d1b427c7aeef7L5-R5) [[10]](diffhunk://#diff-1726db0cbef194c9be3cba9825c0794802b154e15e4c892c1544d0aace03e037L5-R5) [[11]](diffhunk://#diff-c1b6dd504a16fc68cd064baf9cf07d9dd31da56eb55de69601844ab03a5ae319L5-R5) [[12]](diffhunk://#diff-2fc7fcfcfdbb617dd8fbb6b1a2ea5709f9018d618d13942cb33d3e0ed127df16L5-R5) [[13]](diffhunk://#diff-2fc7fcfcfdbb617dd8fbb6b1a2ea5709f9018d618d13942cb33d3e0ed127df16L39-R39) [[14]](diffhunk://#diff-759e94102d21fe6f9bde8ddb0b4f95b5d5cd214b0355ea0419d3ea6c09e8ffbfL2-R2) [[15]](diffhunk://#diff-759e94102d21fe6f9bde8ddb0b4f95b5d5cd214b0355ea0419d3ea6c09e8ffbfL19-R19) **Backend API security:** * In `ConvertEmlToPDF.java`, error messages now escape user-provided filenames using `HtmlUtils.htmlEscape`, preventing potential XSS vulnerabilities when displaying error messages that include filenames. [[1]](diffhunk://#diff-45d22a96bae3e8a746b7fb2c39e25c80aee0bf733b528a3517db8fdd2a3d25cdR13) [[2]](diffhunk://#diff-45d22a96bae3e8a746b7fb2c39e25c80aee0bf733b528a3517db8fdd2a3d25cdR156-R170) **CI/CD reliability:** * All GitHub Actions workflows (`multiOSReleases.yml`, `releaseArtifacts.yml`, `tauri-build.yml`) now use `npm ci` instead of `npm install` for frontend dependency installation, ensuring clean, reproducible installs that match the lockfile. [[1]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bL271-R271) [[2]](diffhunk://#diff-699ff98fe113446c403eb07daf16dd1966c2a047ab0b9f7e38fd695d079f7dddL177-R177) [[3]](diffhunk://#diff-b34ab107dd4bc92075b2e89b6f16e4a2813e267ca7c2afebdb1931a0a3900d5aL177-R177) --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
0c96133544 |
Feature/v2/redact (#5249)
# Description of Changes - Add manual redaction and added it to the right rail in the viewer --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
991d158cb8 |
chore(ci): skip license bot actions for Dependabot PRs (#5368)
# Description of Changes ### What was changed - Added explicit conditions to exclude `dependabot[bot]` from: - GitHub App bot setup - Deleting previous license check comments - Posting license check comments on pull requests - Adjusted the summary step logic so Dependabot PRs are treated like fork PRs (summary-only, no comments). - Refactored the generated PR body formatting to use proper multi-line strings for improved readability. ### Why the change was made - Dependabot PRs cannot use repository GitHub App credentials, causing unnecessary failures in bot-related steps. - Avoids redundant or failing comment actions on automated dependency update PRs. - Improves clarity and robustness of the CI workflow when handling different PR actors. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
3fd0398648 |
chore(ci): streamline GitHub workflows, labels, and license automation for main (#5356)
# Description of Changes This pull request makes several updates to the repository’s CI/CD configuration, focusing on improving workflow automation, updating Java versions, enhancing labeling and file ownership, and cleaning up unused files. The most significant changes involve migrating workflows and labels to support a new `V3` branch, updating build environments to use JDK 21, and expanding automated dependency update coverage. **Key changes include:** ### CI/CD Workflow Updates * Updated all GitHub Actions workflows (`build.yml`, `PR-Demo-Comment-with-react.yml`, etc.) to use JDK 21 instead of JDK 17 for Java builds, ensuring compatibility with newer Java features and dependencies. [[1]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L120-R125) [[2]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R180-R187) [[3]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L226-R232) [[4]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L154-R154) [[5]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L288-L298) * Removed the now-unused `codeql.yml-disabled` file, cleaning up deprecated static analysis configuration. * Added a dedicated `frontend-validation` job in `build.yml` that only runs when frontend files change, improving CI efficiency. * Minor workflow improvements: consistent quoting in config paths, improved cache settings, and small cleanups in deploy scripts. [[1]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L150-R152) [[2]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L244-R247) [[3]](diffhunk://#diff-7cdd3ccec44c8ba176bdc3b9ef54c3f56aa210a1a4e2bb5f79d87b1e50314a18L29-R29) [[4]](diffhunk://#diff-f8b6ec3c0af9cd2d8dffef6f3def2be6357fe596a606850ca7f5d799e1349069L87) [[5]](diffhunk://#diff-f8b6ec3c0af9cd2d8dffef6f3def2be6357fe596a606850ca7f5d799e1349069L120-L127) [[6]](diffhunk://#diff-f8b6ec3c0af9cd2d8dffef6f3def2be6357fe596a606850ca7f5d799e1349069L189) [[7]](diffhunk://#diff-26fc40a450703e6602af586a24594196fb10e132de14a9a488ae64ee8cc51166L99) [[8]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L30-R39) [[9]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L69-R75) [[10]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R93) ### Branch and Label Management * Migrated auto-labeler and build workflows to track the `V3` branch instead of `V2`, and updated labels and labeler config to use `v3` instead of `v2`. [[1]](diffhunk://#diff-cfe84f4bb9657c721ff741644ee0bce45aa81aaef9dea1ea8741c946984e9722L7-R7) [[2]](diffhunk://#diff-d3d79c492fbafebc87fbb739c553afea093a79344ff78b88fe785ac3ca7e7b3dL49-R75) [[3]](diffhunk://#diff-080b7ef0dc11b28f262ea02985043c6229e353ecfdd5920b4d3b19f369f85dc6R87-R89) * Added new labels for `v3`, `Rust`, `Tauri`, and `license-review-required` to improve PR categorization and review processes. ### Dependency Automation * Expanded `dependabot.yml` to update Gradle dependencies in all relevant subdirectories (`/`, `/app/common`, `/app/core`, `/app/proprietary`) and ensured all ecosystems use the `rebase-strategy: auto` setting for more reliable PR updates. ### File Ownership and Labeling * Enhanced `.github/config/.files.yaml` to include new scripts and frontend-related files under the correct project and frontend categories, and introduced license file groups for both frontend and backend. [[1]](diffhunk://#diff-16e8af5ab290e6fdcf843429e4970b7dee6721897ad02c5291f259f47e0978deL5-R7) [[2]](diffhunk://#diff-16e8af5ab290e6fdcf843429e4970b7dee6721897ad02c5291f259f47e0978deR34-R60) * Improved labeler configuration to better match new frontend and translation file patterns, and introduced a new label group for Tauri-related files. --- These changes collectively modernize the repository’s automation, streamline maintenance, and prepare the project for ongoing work on the `V3` branch. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
8f1af5f967 |
build(deps-dev): bump stylelint from 16.26.0 to 16.26.1 in /devTools (#5314)
Bumps [stylelint](https://github.com/stylelint/stylelint) from 16.26.0 to 16.26.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stylelint/stylelint/releases">stylelint's releases</a>.</em></p> <blockquote> <h2>16.26.1</h2> <p>It fixes numerous false positive bugs, including many in the <code>declaration-property-value-no-unknown</code> rule for the latest CSS specifications.</p> <ul> <li>Fixed: <code>*-no-unknown</code> false positives for latest specs by integrating <code>@csstools/css-syntax-patches-for-csstree</code> (<a href="https://redirect.github.com/stylelint/stylelint/issues/8850">#8850</a>) (<a href="https://github.com/romainmenke"><code>@romainmenke</code></a>).</li> <li>Fixed: <code>at-rule-no-unknown</code> false positives for <code>@function</code> (<a href="https://redirect.github.com/stylelint/stylelint/issues/8851">#8851</a>) (<a href="https://github.com/jeddy3"><code>@jeddy3</code></a>).</li> <li>Fixed: <code>declaration-property-value-no-unknown</code> false positives for <code>attr()</code>, <code>if()</code> and custom functions (<a href="https://redirect.github.com/stylelint/stylelint/issues/8853">#8853</a>) (<a href="https://github.com/jeddy3"><code>@jeddy3</code></a>).</li> <li>Fixed: <code>function-url-quotes</code> false positives when URLs require quoting (<a href="https://redirect.github.com/stylelint/stylelint/issues/8804">#8804</a>) (<a href="https://github.com/taearls"><code>@taearls</code></a>).</li> <li>Fixed: <code>selector-pseudo-element-no-unknown</code> false positives for <code>::scroll-button()</code> (<a href="https://redirect.github.com/stylelint/stylelint/issues/8856">#8856</a>) (<a href="https://github.com/Mouvedia"><code>@Mouvedia</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md">stylelint's changelog</a>.</em></p> <blockquote> <h2>16.26.1 - 2025-11-28</h2> <p>It fixes numerous false positive bugs, including many in the <code>declaration-property-value-no-unknown</code> rule for the latest CSS specifications.</p> <ul> <li>Fixed: <code>*-no-unknown</code> false positives for latest specs by integrating <code>@csstools/css-syntax-patches-for-csstree</code> (<a href="https://redirect.github.com/stylelint/stylelint/pull/8850">#8850</a>) (<a href="https://github.com/romainmenke"><code>@romainmenke</code></a>).</li> <li>Fixed: <code>at-rule-no-unknown</code> false positives for <code>@function</code> (<a href="https://redirect.github.com/stylelint/stylelint/pull/8851">#8851</a>) (<a href="https://github.com/jeddy3"><code>@jeddy3</code></a>).</li> <li>Fixed: <code>declaration-property-value-no-unknown</code> false positives for <code>attr()</code>, <code>if()</code> and custom functions (<a href="https://redirect.github.com/stylelint/stylelint/pull/8853">#8853</a>) (<a href="https://github.com/jeddy3"><code>@jeddy3</code></a>).</li> <li>Fixed: <code>function-url-quotes</code> false positives when URLs require quoting (<a href="https://redirect.github.com/stylelint/stylelint/pull/8804">#8804</a>) (<a href="https://github.com/taearls"><code>@taearls</code></a>).</li> <li>Fixed: <code>selector-pseudo-element-no-unknown</code> false positives for <code>::scroll-button()</code> (<a href="https://redirect.github.com/stylelint/stylelint/pull/8856">#8856</a>) (<a href="https://github.com/Mouvedia"><code>@Mouvedia</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/stylelint/stylelint/commit/b96814344b7d1088e3459c44dcafebfbdabff412"><code>b968143</code></a> Release 16.26.1 (<a href="https://redirect.github.com/stylelint/stylelint/issues/8857">#8857</a>)</li> <li><a href="https://github.com/stylelint/stylelint/commit/2b24b9cd5030b4ef6726d575ea71d34005dd9929"><code>2b24b9c</code></a> Fix <code>selector-pseudo-element-no-unknown</code> false positives for `::scroll-button...</li> <li><a href="https://github.com/stylelint/stylelint/commit/f152564f037047a4f1a40c812fba77dde05d0062"><code>f152564</code></a> Fix <code>*-no-unknown</code> false positives for latest specs by integrating `@csstools...</li> <li><a href="https://github.com/stylelint/stylelint/commit/431cb53c0a181eaacc3b208a71c0e765c14faedf"><code>431cb53</code></a> Fix <code>at-rule-no-unknown</code> false positives for <code>@function</code> (<a href="https://redirect.github.com/stylelint/stylelint/issues/8851">#8851</a>)</li> <li><a href="https://github.com/stylelint/stylelint/commit/119097ea694cca6bf477ac534fd02c39c8b37c8e"><code>119097e</code></a> Fix <code>declaration-property-value-no-unknown</code> false positives for <code>attr()</code> and ...</li> <li><a href="https://github.com/stylelint/stylelint/commit/4b9c68be0763a87df187a7fc9de00bced940d916"><code>4b9c68b</code></a> Fix <code>function-url-quotes</code> false positives when URLs require quoting (<a href="https://redirect.github.com/stylelint/stylelint/issues/8804">#8804</a>)</li> <li><a href="https://github.com/stylelint/stylelint/commit/8cc4ced2e8938785aa29559609984df8c4d83431"><code>8cc4ced</code></a> Bump rollup from 4.52.5 to 4.53.2 (<a href="https://redirect.github.com/stylelint/stylelint/issues/8848">#8848</a>)</li> <li><a href="https://github.com/stylelint/stylelint/commit/4383feb6dfacb57fc334ab6441ba32e7ea4e3008"><code>4383feb</code></a> Bump file-entry-cache from 11.1.0 to 11.1.1 (<a href="https://redirect.github.com/stylelint/stylelint/issues/8846">#8846</a>)</li> <li><a href="https://github.com/stylelint/stylelint/commit/a8a7560c49f78ce1baaa1fd182c03685c12c7b37"><code>a8a7560</code></a> Bump the eslint group with 2 updates (<a href="https://redirect.github.com/stylelint/stylelint/issues/8845">#8845</a>)</li> <li><a href="https://github.com/stylelint/stylelint/commit/947ad33c1562b03e54b440693db69c5fbb4b39fb"><code>947ad33</code></a> Fix <code>patch-package</code> warning about mismatched <code>@types/css-tree</code> version (<a href="https://redirect.github.com/stylelint/stylelint/issues/8844">#8844</a>)</li> <li>See full diff in <a href="https://github.com/stylelint/stylelint/compare/16.26.0...16.26.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
16cd453870 |
build(deps): bump org.sonarqube from 7.1.0.6387 to 7.2.2.6593 (#5313)
Bumps org.sonarqube from 7.1.0.6387 to 7.2.2.6593. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
42f9384ece |
build(deps): bump debian from 7cb087f to 1c25564 in /docker/embedded (#5310)
Bumps debian from `7cb087f` to `1c25564`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
804f1d8975 |
deps(ci): update Dependabot, pre-commit tooling, and testing dependencies (#5170)
# Description of Changes This pull request updates dependency management and CI/CD configurations to improve automation, security, and maintainability. The most significant changes include expanding Dependabot coverage to more directories and ecosystems, updating pre-commit and Python dependency versions, and pinning action versions in GitHub workflows for better reproducibility and security. **Dependency Management Improvements:** * Expanded Dependabot configuration in `.github/dependabot.yml` to include additional directories and package ecosystems such as npm, docker, cargo, and pip, ensuring automated dependency updates across more parts of the project. * Updated Python dependencies in `.github/scripts/requirements_pre_commit.txt` to newer versions for `cfgv`, `filelock`, `platformdirs`, `pre-commit`, and `virtualenv`, improving compatibility and security. [[1]](diffhunk://#diff-4b865d764c6955aa3ab06c7beff7c08a122e5145c1f0fecd7b4fd4575848b598L7-R17) [[2]](diffhunk://#diff-4b865d764c6955aa3ab06c7beff7c08a122e5145c1f0fecd7b4fd4575848b598L27-R33) [[3]](diffhunk://#diff-4b865d764c6955aa3ab06c7beff7c08a122e5145c1f0fecd7b4fd4575848b598L110-R112) * Added `tomli-w` to `.github/scripts/requirements_sync_readme.in` and `.github/scripts/requirements_sync_readme.txt` for TOML file writing support. [[1]](diffhunk://#diff-e359c7d332d374a67300c004d7bab6c37cb16b5e1b9c8cd63adf2b59462c1f06R2) [[2]](diffhunk://#diff-cf0fa825b1295e115dbbe842a6f179ed0c72dd80b758d3238ab792cdd0013a4cR7-R10) **CI/CD Workflow Enhancements:** * Updated installation commands in `.github/workflows/check_toml.yml` and `.github/workflows/sync_files_v2.yml` to use hashed and version-pinned dependencies, improving reproducibility and security. Also removed redundant dependency installation in the sync workflow. [[1]](diffhunk://#diff-3117b4a93711d37b0a9a1668272eec716fea0b4f57dde16a85e7ab3f569c455dL203-R203) [[2]](diffhunk://#diff-b1acd58f6bdc16d0f02514058f8842a8ec3c90e8771f6a1e83801fa14ee5041cL56-R56) [[3]](diffhunk://#diff-b1acd58f6bdc16d0f02514058f8842a8ec3c90e8771f6a1e83801fa14ee5041cL68-L70) * Pinned GitHub Actions versions in `.github/workflows/deploy-on-v2-commit.yml` by using commit SHAs for actions such as `actions/checkout`, `docker/setup-buildx-action`, `docker/login-action`, and `docker/build-push-action`, ensuring builds use known-good versions. [[1]](diffhunk://#diff-f8b6ec3c0af9cd2d8dffef6f3def2be6357fe596a606850ca7f5d799e1349069L26-R29) [[2]](diffhunk://#diff-f8b6ec3c0af9cd2d8dffef6f3def2be6357fe596a606850ca7f5d799e1349069L89-R96) [[3]](diffhunk://#diff-f8b6ec3c0af9cd2d8dffef6f3def2be6357fe596a606850ca7f5d799e1349069L109-R109) **Pre-commit Configuration Updates:** * Updated hooks in `.pre-commit-config.yaml` to newer versions for `ruff-pre-commit`, `gitleaks`, and `pre-commit-hooks`, providing enhanced linting and security scanning. [[1]](diffhunk://#diff-63a9c44a44acf85fea213a857769990937107cf072831e1a26808cfde9d096b9L3-R3) [[2]](diffhunk://#diff-63a9c44a44acf85fea213a857769990937107cf072831e1a26808cfde9d096b9L25-R29) --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
d97820c232 |
build(deps): bump docker/metadata-action from 5.8.0 to 5.10.0 (#5299)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.8.0 to 5.10.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/metadata-action/releases">docker/metadata-action's releases</a>.</em></p> <blockquote> <h2>v5.10.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.66.0 to 0.68.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/559">docker/metadata-action#559</a> <a href="https://redirect.github.com/docker/metadata-action/pull/569">docker/metadata-action#569</a></li> <li>Bump js-yaml from 3.14.1 to 3.14.2 in <a href="https://redirect.github.com/docker/metadata-action/pull/564">docker/metadata-action#564</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/metadata-action/compare/v5.9.0...v5.10.0">https://github.com/docker/metadata-action/compare/v5.9.0...v5.10.0</a></p> <h2>v5.9.0</h2> <ul> <li>Add <code>tag-names</code> output to return tag names without image base name by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/553">docker/metadata-action#553</a></li> <li>Bump <code>@babel/runtime-corejs3</code> from 7.14.7 to 7.28.2 in <a href="https://redirect.github.com/docker/metadata-action/pull/539">docker/metadata-action#539</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.66.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/555">docker/metadata-action#555</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/metadata-action/pull/540">docker/metadata-action#540</a></li> <li>Bump csv-parse from 5.6.0 to 6.1.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/532">docker/metadata-action#532</a></li> <li>Bump semver from 7.7.2 to 7.7.3 in in <a href="https://redirect.github.com/docker/metadata-action/pull/554">docker/metadata-action#554</a></li> <li>Bump tmp from 0.2.3 to 0.2.5 in <a href="https://redirect.github.com/docker/metadata-action/pull/541">docker/metadata-action#541</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/metadata-action/compare/v5.8.0...v5.9.0">https://github.com/docker/metadata-action/compare/v5.8.0...v5.9.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/metadata-action/commit/c299e40c65443455700f0fdfc63efafe5b349051"><code>c299e40</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/569">#569</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/metadata-action/commit/f015d7914a06d5c4931affc0780479c2336fd8e3"><code>f015d79</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/metadata-action/commit/121bcc2ca8f5f246e9af338aeb41e55825fe7c88"><code>121bcc2</code></a> chore(deps): Bump <code>@docker/actions-toolkit</code> from 0.67.0 to 0.68.0</li> <li><a href="https://github.com/docker/metadata-action/commit/f7b6bf41b94feca9834c527e3bd584efa2e7280b"><code>f7b6bf4</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/564">#564</a> from docker/dependabot/npm_and_yarn/js-yaml-3.14.2</li> <li><a href="https://github.com/docker/metadata-action/commit/0b95c6b8604d853d90ab386caf3a1e754d9697f7"><code>0b95c6b</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/565">#565</a> from docker/dependabot/github_actions/actions/checkout-6</li> <li><a href="https://github.com/docker/metadata-action/commit/17f70d7525d8de2c783e41c092e28219c8fc2a67"><code>17f70d7</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/568">#568</a> from motoki317/docs/fix-to-24h-schedule-pattern</li> <li><a href="https://github.com/docker/metadata-action/commit/afd7e6d7bbf70ea7bc2e4f3c782fe1feabe42d88"><code>afd7e6d</code></a> docs(README): Fix date format from 12h to 24h in schedule pattern</li> <li><a href="https://github.com/docker/metadata-action/commit/602aff8e11accbaf5f2233069201ffe332de3d5e"><code>602aff8</code></a> chore(deps): Bump actions/checkout from 5 to 6</li> <li><a href="https://github.com/docker/metadata-action/commit/aecb1a49a52523dc3b4dcab352cae7572eb61c87"><code>aecb1a4</code></a> chore(deps): Bump js-yaml from 3.14.1 to 3.14.2</li> <li><a href="https://github.com/docker/metadata-action/commit/8d8c7c12f7b958582a5cb82ba16d5903cb27976a"><code>8d8c7c1</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/559">#559</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li>Additional commits viewable in <a href="https://github.com/docker/metadata-action/compare/v5.8.0...c299e40c65443455700f0fdfc63efafe5b349051">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
03cd7c1456 |
build(deps): bump peter-evans/create-pull-request from 7.0.8 to 8.0.0 (#5300)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.8 to 8.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's releases</a>.</em></p> <blockquote> <h2>Create Pull Request v8.0.0</h2> <h2>What's new in v8</h2> <ul> <li>Requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later if you are using a self-hosted runner for Node 24 support.</li> </ul> <h2>What's Changed</h2> <ul> <li>chore: Update checkout action version to v6 by <a href="https://github.com/yonas"><code>@yonas</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4258">peter-evans/create-pull-request#4258</a></li> <li>Update actions/checkout references to <a href="https://github.com/v6"><code>@v6</code></a> in docs by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4259">peter-evans/create-pull-request#4259</a></li> <li>feat: v8 by <a href="https://github.com/peter-evans"><code>@peter-evans</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4260">peter-evans/create-pull-request#4260</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yonas"><code>@yonas</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4258">peter-evans/create-pull-request#4258</a></li> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4259">peter-evans/create-pull-request#4259</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v7.0.11...v8.0.0">https://github.com/peter-evans/create-pull-request/compare/v7.0.11...v8.0.0</a></p> <h2>Create Pull Request v7.0.11</h2> <h2>What's Changed</h2> <ul> <li>fix: restrict remote prune to self-hosted runners by <a href="https://github.com/peter-evans"><code>@peter-evans</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4250">peter-evans/create-pull-request#4250</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v7.0.10...v7.0.11">https://github.com/peter-evans/create-pull-request/compare/v7.0.10...v7.0.11</a></p> <h2>Create Pull Request v7.0.10</h2> <p>⚙️ Fixes an issue where updating a pull request failed when targeting a forked repository with the same owner as its parent.</p> <h2>What's Changed</h2> <ul> <li>build(deps): bump the github-actions group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4235">peter-evans/create-pull-request#4235</a></li> <li>build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4240">peter-evans/create-pull-request#4240</a></li> <li>fix: provider list pulls fallback for multi fork same owner by <a href="https://github.com/peter-evans"><code>@peter-evans</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4245">peter-evans/create-pull-request#4245</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/obnyis"><code>@obnyis</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4064">peter-evans/create-pull-request#4064</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v7.0.9...v7.0.10">https://github.com/peter-evans/create-pull-request/compare/v7.0.9...v7.0.10</a></p> <h2>Create Pull Request v7.0.9</h2> <p>⚙️ Fixes an <a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4228">incompatibility</a> with the recently released <code>actions/checkout@v6</code>.</p> <h2>What's Changed</h2> <ul> <li>~70 dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>docs: fix workaround description about <code>ready_for_review</code> by <a href="https://github.com/ybiquitous"><code>@ybiquitous</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3939">peter-evans/create-pull-request#3939</a></li> <li>Docs: <code>add-paths</code> default behavior by <a href="https://github.com/joeflack4"><code>@joeflack4</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3928">peter-evans/create-pull-request#3928</a></li> <li>docs: update to create-github-app-token v2 by <a href="https://github.com/Goooler"><code>@Goooler</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4063">peter-evans/create-pull-request#4063</a></li> <li>Fix compatibility with actions/checkout@v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4230">peter-evans/create-pull-request#4230</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/joeflack4"><code>@joeflack4</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3928">peter-evans/create-pull-request#3928</a></li> <li><a href="https://github.com/Goooler"><code>@Goooler</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4063">peter-evans/create-pull-request#4063</a></li> <li><a href="https://github.com/ericsciple"><code>@ericsciple</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4230">peter-evans/create-pull-request#4230</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/peter-evans/create-pull-request/commit/98357b18bf14b5342f975ff684046ec3b2a07725"><code>98357b1</code></a> feat: v8 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4260">#4260</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/41c0e4b7899a4a0922bf899d64c5f25738cfe356"><code>41c0e4b</code></a> Update actions/checkout references to <a href="https://github.com/v6"><code>@v6</code></a> in docs (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4259">#4259</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/994332de4c8124517167807167073cf397678768"><code>994332d</code></a> chore: Update checkout action version to v6 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4258">#4258</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/22a9089034f40e5a961c8808d113e2c98fb63676"><code>22a9089</code></a> fix: restrict remote prune to self-hosted runners (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4250">#4250</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/d4f3be6ce6f4083b7ac7490ab98b48a62db1ee41"><code>d4f3be6</code></a> fix: provider list pulls fallback for multi fork same owner (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4245">#4245</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/bc8a47f5657f110049f4afd030c95529a9c62b76"><code>bc8a47f</code></a> build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4240">#4240</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/a67ef28ca5df73d51a15007068e5931257943b0d"><code>a67ef28</code></a> build(deps): bump the github-actions group with 2 updates (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4235">#4235</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/84ae59a2cdc2258d6fa0732dd66352dddae2a412"><code>84ae59a</code></a> fix: compatibility with actions/checkout@v6 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4230">#4230</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/b4733b9419fd47bbfa1807b15627e17cd70b5b22"><code>b4733b9</code></a> build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4222">#4222</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/0edc001d28a2959cd7a6b505629f1d82f0a6e67d"><code>0edc001</code></a> build(deps-dev): bump the npm group with 2 updates (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4201">#4201</a>)</li> <li>Additional commits viewable in <a href="https://github.com/peter-evans/create-pull-request/compare/v7.0.8...98357b18bf14b5342f975ff684046ec3b2a07725">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
b1b37366e8 |
build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (#5302)
Bumps [actions/github-script](https://github.com/actions/github-script) from 7.0.1 to 8.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p> <blockquote> <h2>v8.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update Node.js version support to 24.x by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/637">actions/github-script#637</a></li> <li>README for updating actions/github-script from v7 to v8 by <a href="https://github.com/sneha-krip"><code>@sneha-krip</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/653">actions/github-script#653</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/637">actions/github-script#637</a></li> <li><a href="https://github.com/sneha-krip"><code>@sneha-krip</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/653">actions/github-script#653</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v7.1.0...v8.0.0">https://github.com/actions/github-script/compare/v7.1.0...v8.0.0</a></p> <h2>v7.1.0</h2> <h2>What's Changed</h2> <ul> <li>Upgrade husky to v9 by <a href="https://github.com/benelan"><code>@benelan</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/482">actions/github-script#482</a></li> <li>Add workflow file for publishing releases to immutable action package by <a href="https://github.com/Jcambass"><code>@Jcambass</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/485">actions/github-script#485</a></li> <li>Upgrade IA Publish by <a href="https://github.com/Jcambass"><code>@Jcambass</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/486">actions/github-script#486</a></li> <li>Fix workflow status badges by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/497">actions/github-script#497</a></li> <li>Update usage of <code>actions/upload-artifact</code> by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/512">actions/github-script#512</a></li> <li>Clear up package name confusion by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/514">actions/github-script#514</a></li> <li>Update dependencies with <code>npm audit fix</code> by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/515">actions/github-script#515</a></li> <li>Specify that the used script is JavaScript by <a href="https://github.com/timotk"><code>@timotk</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/478">actions/github-script#478</a></li> <li>chore: Add Dependabot for NPM and Actions by <a href="https://github.com/nschonni"><code>@nschonni</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/472">actions/github-script#472</a></li> <li>Define <code>permissions</code> in workflows and update actions by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/531">actions/github-script#531</a></li> <li>chore: Add Dependabot for .github/actions/install-dependencies by <a href="https://github.com/nschonni"><code>@nschonni</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/532">actions/github-script#532</a></li> <li>chore: Remove .vscode settings by <a href="https://github.com/nschonni"><code>@nschonni</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/533">actions/github-script#533</a></li> <li>ci: Use github/setup-licensed by <a href="https://github.com/nschonni"><code>@nschonni</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/473">actions/github-script#473</a></li> <li>make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by <a href="https://github.com/iamstarkov"><code>@iamstarkov</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/508">actions/github-script#508</a></li> <li>Remove <code>octokit</code> README updates for v7 by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/557">actions/github-script#557</a></li> <li>docs: add "exec" usage examples by <a href="https://github.com/neilime"><code>@neilime</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/546">actions/github-script#546</a></li> <li>Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/github-script/pull/563">actions/github-script#563</a></li> <li>Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/github-script/pull/575">actions/github-script#575</a></li> <li>Clearly document passing inputs to the <code>script</code> by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/603">actions/github-script#603</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/610">actions/github-script#610</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/benelan"><code>@benelan</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/482">actions/github-script#482</a></li> <li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/485">actions/github-script#485</a></li> <li><a href="https://github.com/timotk"><code>@timotk</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/478">actions/github-script#478</a></li> <li><a href="https://github.com/iamstarkov"><code>@iamstarkov</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/508">actions/github-script#508</a></li> <li><a href="https://github.com/neilime"><code>@neilime</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/546">actions/github-script#546</a></li> <li><a href="https://github.com/nebuk89"><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/610">actions/github-script#610</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v7...v7.1.0">https://github.com/actions/github-script/compare/v7...v7.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd"><code>ed59741</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/653">#653</a> from actions/sneha-krip/readme-for-v8</li> <li><a href="https://github.com/actions/github-script/commit/2dc352e4baefd91bec0d06f6ae2f1045d1687ca3"><code>2dc352e</code></a> Bold minimum Actions Runner version in README</li> <li><a href="https://github.com/actions/github-script/commit/01e118c8d0d22115597e46514b5794e7bc3d56f1"><code>01e118c</code></a> Update README for Node 24 runtime requirements</li> <li><a href="https://github.com/actions/github-script/commit/8b222ac82eda86dcad7795c9d49b839f7bf5b18b"><code>8b222ac</code></a> Apply suggestion from <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a></li> <li><a href="https://github.com/actions/github-script/commit/adc0eeac992408a7b276994ca87edde1c8ce4d25"><code>adc0eea</code></a> README for updating actions/github-script from v7 to v8</li> <li><a href="https://github.com/actions/github-script/commit/20fe497b3fe0c7be8aae5c9df711ac716dc9c425"><code>20fe497</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/637">#637</a> from actions/node24</li> <li><a href="https://github.com/actions/github-script/commit/e7b7f222b11a03e8b695c4c7afba89a02ea20164"><code>e7b7f22</code></a> update licenses</li> <li><a href="https://github.com/actions/github-script/commit/2c81ba05f308415d095291e6eeffe983d822345b"><code>2c81ba0</code></a> Update Node.js version support to 24.x</li> <li><a href="https://github.com/actions/github-script/commit/f28e40c7f34bde8b3046d885e986cb6290c5673b"><code>f28e40c</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/610">#610</a> from actions/nebuk89-patch-1</li> <li><a href="https://github.com/actions/github-script/commit/1ae9958572fde544457e4d51aed5ea044e8936f3"><code>1ae9958</code></a> Update README.md</li> <li>Additional commits viewable in <a href="https://github.com/actions/github-script/compare/v7.0.1...ed597411d8f924073f98dfc5c65a23a2325f34cd">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1810a12cf3 |
feat(rotate): add keyboard shortcuts for rotating with arrow keys (#5294)
# Description of Changes This pull request adds keyboard shortcut support to the `RotateSettings` component, allowing users to rotate using the left and right arrow keys. This improves accessibility and user experience when interacting with rotation controls. **Enhanced keyboard interaction:** * Added a `useEffect` hook to listen for `ArrowLeft` and `ArrowRight` key presses, triggering the `rotateAnticlockwise` and `rotateClockwise` methods on the `parameters` object, respectively. <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. Signed-off-by: Balázs Szücs <[email protected]> |
||
|
|
c3cd8c48b5 |
build(deps): bump imageioVersion from 3.12.0 to 3.13.0 (#5295)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps `imageioVersion` from 3.12.0 to 3.13.0. Updates `com.twelvemonkeys.imageio:imageio-batik` from 3.12.0 to 3.13.0 Updates `com.twelvemonkeys.imageio:imageio-bmp` from 3.12.0 to 3.13.0 Updates `com.twelvemonkeys.imageio:imageio-jpeg` from 3.12.0 to 3.13.0 Updates `com.twelvemonkeys.imageio:imageio-tiff` from 3.12.0 to 3.13.0 Updates `com.twelvemonkeys.imageio:imageio-webp` from 3.12.0 to 3.13.0 Updates `com.twelvemonkeys.imageio:imageio-psd` from 3.12.0 to 3.13.0 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
2502a8def0 |
build(deps): bump logback from 1.5.22 to 1.5.23 (#5298)
Bumps `logback` from 1.5.22 to 1.5.23. Updates `ch.qos.logback:logback-core` from 1.5.22 to 1.5.23 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-core's releases</a>.</em></p> <blockquote> <h2>Logback 1.5.23</h2> <p><strong>2025-12-21 Release of logback version 1.5.23</strong></p> <p>• In response to <a href="https://redirect.github.com/qos-ch/logback/issues/959">issues/959</a> file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the <code>ConcurrentModificationException</code> reported in the issue.</p> <p>• ZIP and XZ compression now use a <code>BufferedOutputStream</code> when writing to the compressed file. This issue was reported in <a href="https://redirect.github.com/qos-ch/logback/issues/988">issues/988</a>.</p> <p>• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/qos-ch/logback/commit/0bcc3feb54a6d99caac70969ee5f8334aad1fbaf"><code>0bcc3fe</code></a> prepare release 1.5.23</li> <li><a href="https://github.com/qos-ch/logback/commit/4627dbd618cbb2365a09c8013ec3fc00d349743e"><code>4627dbd</code></a> better to use BufferedOutputStream during ZIP and XZ compression, especially ...</li> <li><a href="https://github.com/qos-ch/logback/commit/299f091d3211ad38869aadadbf7b2f66f231ad52"><code>299f091</code></a> add collision test in presence of conditional processing</li> <li><a href="https://github.com/qos-ch/logback/commit/b446f3f06188f4041cea827832ffb8a90fb07241"><code>b446f3f</code></a> In Context, remove collision map</li> <li><a href="https://github.com/qos-ch/logback/commit/a3eb14df4886ce8c398f6486b22ea77ad45ba9af"><code>a3eb14d</code></a> in response to issues/959, collision detection is now done by FileCollisionAn...</li> <li><a href="https://github.com/qos-ch/logback/commit/681b2be7e11dc46f883ead7ed4603dbad92812ae"><code>681b2be</code></a> remove unused method, minor comment edits</li> <li><a href="https://github.com/qos-ch/logback/commit/17a3edfccc6021cfdd6f0ff52bfd2ae8bcc2c393"><code>17a3edf</code></a> start work on 1.5.23-SNAPSHOT</li> <li>See full diff in <a href="https://github.com/qos-ch/logback/compare/v_1.5.22...v_1.5.23">compare view</a></li> </ul> </details> <br /> Updates `ch.qos.logback:logback-classic` from 1.5.22 to 1.5.23 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-classic's releases</a>.</em></p> <blockquote> <h2>Logback 1.5.23</h2> <p><strong>2025-12-21 Release of logback version 1.5.23</strong></p> <p>• In response to <a href="https://redirect.github.com/qos-ch/logback/issues/959">issues/959</a> file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the <code>ConcurrentModificationException</code> reported in the issue.</p> <p>• ZIP and XZ compression now use a <code>BufferedOutputStream</code> when writing to the compressed file. This issue was reported in <a href="https://redirect.github.com/qos-ch/logback/issues/988">issues/988</a>.</p> <p>• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/qos-ch/logback/commit/0bcc3feb54a6d99caac70969ee5f8334aad1fbaf"><code>0bcc3fe</code></a> prepare release 1.5.23</li> <li><a href="https://github.com/qos-ch/logback/commit/4627dbd618cbb2365a09c8013ec3fc00d349743e"><code>4627dbd</code></a> better to use BufferedOutputStream during ZIP and XZ compression, especially ...</li> <li><a href="https://github.com/qos-ch/logback/commit/299f091d3211ad38869aadadbf7b2f66f231ad52"><code>299f091</code></a> add collision test in presence of conditional processing</li> <li><a href="https://github.com/qos-ch/logback/commit/b446f3f06188f4041cea827832ffb8a90fb07241"><code>b446f3f</code></a> In Context, remove collision map</li> <li><a href="https://github.com/qos-ch/logback/commit/a3eb14df4886ce8c398f6486b22ea77ad45ba9af"><code>a3eb14d</code></a> in response to issues/959, collision detection is now done by FileCollisionAn...</li> <li><a href="https://github.com/qos-ch/logback/commit/681b2be7e11dc46f883ead7ed4603dbad92812ae"><code>681b2be</code></a> remove unused method, minor comment edits</li> <li><a href="https://github.com/qos-ch/logback/commit/17a3edfccc6021cfdd6f0ff52bfd2ae8bcc2c393"><code>17a3edf</code></a> start work on 1.5.23-SNAPSHOT</li> <li>See full diff in <a href="https://github.com/qos-ch/logback/compare/v_1.5.22...v_1.5.23">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
e997f0d4ff |
build(deps): bump com.squareup.okhttp3:okhttp-bom from 5.3.1 to 5.3.2 (#4961)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [com.squareup.okhttp3:okhttp-bom](https://github.com/square/okhttp) from 5.3.1 to 5.3.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/square/okhttp/blob/master/CHANGELOG.md">com.squareup.okhttp3:okhttp-bom's changelog</a>.</em></p> <blockquote> <h2>Version 5.3.2</h2> <p><em>2025-11-18</em></p> <ul> <li> <p>Fix: Don't delay triggering timeouts. In Okio 3.16.0 we introduced a regression that caused timeouts to fire later than they were supposed to.</p> </li> <li> <p>Upgrade: [Okio 3.16.4][okio_3_16_4].</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/square/okhttp/commit/75b9c267744cdd2e8b222d247052748ff0954304"><code>75b9c26</code></a> Prepare for release 5.3.2.</li> <li><a href="https://github.com/square/okhttp/commit/ab48e5d86d0c0b16b3679b9b9522acf65db73da4"><code>ab48e5d</code></a> Okio 3.16.4 (<a href="https://redirect.github.com/square/okhttp/issues/9200">#9200</a>)</li> <li><a href="https://github.com/square/okhttp/commit/a9a4638b3d38b83782a959514b4183ddea0f071f"><code>a9a4638</code></a> Prepare next development version.</li> <li>See full diff in <a href="https://github.com/square/okhttp/compare/parent-5.3.1...parent-5.3.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
e137436656 |
build(deps): bump bouncycastleVersion from 1.82 to 1.83 (#5111)
Bumps `bouncycastleVersion` from 1.82 to 1.83. Updates `org.bouncycastle:bcprov-jdk18on` from 1.82 to 1.83 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html">org.bouncycastle:bcprov-jdk18on's changelog</a>.</em></p> <blockquote> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted -->2.1.1 Version<!-- raw HTML omitted --><!-- raw HTML omitted --> Release: 1.83<!-- raw HTML omitted --> Date: 2025, November 27th.</p> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted -->2.2.1 Version<!-- raw HTML omitted --><!-- raw HTML omitted --> Release: 1.82<!-- raw HTML omitted --> Date: 2025, 17th September.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/bcgit/bc-java/commits">compare view</a></li> </ul> </details> <br /> Updates `org.bouncycastle:bcpkix-jdk18on` from 1.82 to 1.83 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html">org.bouncycastle:bcpkix-jdk18on's changelog</a>.</em></p> <blockquote> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted -->2.1.1 Version<!-- raw HTML omitted --><!-- raw HTML omitted --> Release: 1.83<!-- raw HTML omitted --> Date: 2025, November 27th.</p> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted -->2.2.1 Version<!-- raw HTML omitted --><!-- raw HTML omitted --> Release: 1.82<!-- raw HTML omitted --> Date: 2025, 17th September.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/bcgit/bc-java/commits">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1649b9bffb |
build(deps): bump softprops/action-gh-release from 2.4.2 to 2.5.0 (#5134)
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.4.2 to 2.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/releases">softprops/action-gh-release's releases</a>.</em></p> <blockquote> <h2>v2.5.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat: mark release as draft until all artifacts are uploaded by <a href="https://github.com/dumbmoron"><code>@dumbmoron</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/692">softprops/action-gh-release#692</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>chore(deps): bump the npm group across 1 directory with 5 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/softprops/action-gh-release/pull/697">softprops/action-gh-release#697</a></li> <li>chore(deps): bump actions/checkout from 5.0.0 to 5.0.1 in the github-actions group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/softprops/action-gh-release/pull/689">softprops/action-gh-release#689</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/dumbmoron"><code>@dumbmoron</code></a> made their first contribution in <a href="https://redirect.github.com/softprops/action-gh-release/pull/692">softprops/action-gh-release#692</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/softprops/action-gh-release/compare/v2.4.2...v2.5.0">https://github.com/softprops/action-gh-release/compare/v2.4.2...v2.5.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md">softprops/action-gh-release's changelog</a>.</em></p> <blockquote> <h2>2.5.0</h2> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat: mark release as draft until all artifacts are uploaded by <a href="https://github.com/dumbmoron"><code>@dumbmoron</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/692">softprops/action-gh-release#692</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>dependency updates</li> </ul> <h2>2.4.2</h2> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat: Ensure generated release notes cannot be over 125000 characters by <a href="https://github.com/BeryJu"><code>@BeryJu</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/684">softprops/action-gh-release#684</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>dependency updates</li> </ul> <h2>2.4.1</h2> <h2>What's Changed</h2> <h3>Other Changes 🔄</h3> <ul> <li>fix(util): support brace expansion globs containing commas in parseInputFiles by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/672">softprops/action-gh-release#672</a></li> <li>fix: gracefully fallback to body when body_path cannot be read by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/671">softprops/action-gh-release#671</a></li> </ul> <h2>2.4.0</h2> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat(action): respect working_directory for files globs by <a href="https://github.com/stephenway"><code>@stephenway</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/667">softprops/action-gh-release#667</a></li> </ul> <h2>2.3.4</h2> <h2>What's Changed</h2> <h3>Bug fixes 🐛</h3> <ul> <li>fix(action): handle 422 already_exists race condition by <a href="https://github.com/stephenway"><code>@stephenway</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/665">softprops/action-gh-release#665</a></li> </ul> <h3>Other Changes 🔄</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/softprops/action-gh-release/commit/a06a81a03ee405af7f2048a818ed3f03bbf83c7b"><code>a06a81a</code></a> release 2.5.0</li> <li><a href="https://github.com/softprops/action-gh-release/commit/7da8983734babbd3165bced7ac7add895656129f"><code>7da8983</code></a> feat: mark release as draft until all artifacts are uploaded (<a href="https://redirect.github.com/softprops/action-gh-release/issues/692">#692</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/87973286a4d52a3789332acb79caa97720ecde8d"><code>8797328</code></a> chore(deps): bump actions/checkout in the github-actions group (<a href="https://redirect.github.com/softprops/action-gh-release/issues/689">#689</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/1bfc62a71b435bb6eb12e454577ad67e07938581"><code>1bfc62a</code></a> chore(deps): bump the npm group across 1 directory with 5 updates (<a href="https://redirect.github.com/softprops/action-gh-release/issues/697">#697</a>)</li> <li>See full diff in <a href="https://github.com/softprops/action-gh-release/compare/5be0e66d93ac7ed76da52eca8bb058f665c3a5fe...a06a81a03ee405af7f2048a818ed3f03bbf83c7b">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | softprops/action-gh-release | [>= 2.2.a, < 2.3] | </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
e6d3f20c36 |
build(deps): bump actions/stale from 10.1.0 to 10.1.1 (#5133)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [actions/stale](https://github.com/actions/stale) from 10.1.0 to 10.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/stale/releases">actions/stale's releases</a>.</em></p> <blockquote> <h2>v10.1.1</h2> <h2>What's Changed</h2> <h3>Bug Fix</h3> <ul> <li>Add Missing Input Reading for <code>only-issue-types</code> by <a href="https://github.com/Bibo-Joshi"><code>@Bibo-Joshi</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1298">actions/stale#1298</a></li> </ul> <h3>Improvement</h3> <ul> <li>Improves error handling when rate limiting is disabled on GHES. by <a href="https://github.com/chiranjib-swain"><code>@chiranjib-swain</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1300">actions/stale#1300</a></li> </ul> <h3>Dependency Upgrades</h3> <ul> <li>Upgrade eslint-config-prettier from 8.10.0 to 10.1.8 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1276">actions/stale#1276</a></li> <li>Upgrade <code>@types/node</code> from 20.10.3 to 24.2.0 and document breaking changes in v10 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1280">actions/stale#1280</a></li> <li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1291">actions/stale#1291</a></li> <li>Upgrade actions/checkout from 4 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1306">actions/stale#1306</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/chiranjib-swain"><code>@chiranjib-swain</code></a> made their first contribution in <a href="https://redirect.github.com/actions/stale/pull/1300">actions/stale#1300</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/stale/compare/v10...v10.1.1">https://github.com/actions/stale/compare/v10...v10.1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/stale/commit/997185467fa4f803885201cee163a9f38240193d"><code>9971854</code></a> build(deps): bump actions/checkout from 4 to 6 (<a href="https://redirect.github.com/actions/stale/issues/1306">#1306</a>)</li> <li><a href="https://github.com/actions/stale/commit/5611b9defa6b7799a950489b00163db69f7a3ece"><code>5611b9d</code></a> build(deps): bump actions/publish-action from 0.3.0 to 0.4.0 (<a href="https://redirect.github.com/actions/stale/issues/1291">#1291</a>)</li> <li><a href="https://github.com/actions/stale/commit/fad0de84e50d1aba7b0236cdaf0ea98a43286849"><code>fad0de8</code></a> Improves error handling when rate limiting is disabled on GHES. (<a href="https://redirect.github.com/actions/stale/issues/1300">#1300</a>)</li> <li><a href="https://github.com/actions/stale/commit/39bea7de61dd70ce4705a976f904f33d5e1e0f49"><code>39bea7d</code></a> Add Missing Input Reading for <code>only-issue-types</code> (<a href="https://redirect.github.com/actions/stale/issues/1298">#1298</a>)</li> <li><a href="https://github.com/actions/stale/commit/e46bbabb3ede15841d25946157759558dd16306e"><code>e46bbab</code></a> build(deps-dev): bump <code>@types/node</code> from 20.10.3 to 24.2.0 and document breakin...</li> <li><a href="https://github.com/actions/stale/commit/65d1d4804d3060875fff9f9fa8a49e27f71ce7f0"><code>65d1d48</code></a> build(deps-dev): bump eslint-config-prettier from 8.10.0 to 10.1.8 (<a href="https://redirect.github.com/actions/stale/issues/1276">#1276</a>)</li> <li>See full diff in <a href="https://github.com/actions/stale/compare/5f858e3efba33a5ca4407a664cc011ad407f2008...997185467fa4f803885201cee163a9f38240193d">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
79d5bc942d |
build(deps): bump actions/setup-python from 6.0.0 to 6.1.0 (#4992)
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 6.0.0 to 6.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-python/releases">actions/setup-python's releases</a>.</em></p> <blockquote> <h2>v6.1.0</h2> <h2>What's Changed</h2> <h3>Enhancements:</h3> <ul> <li>Add support for <code>pip-install</code> input by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1201">actions/setup-python#1201</a></li> <li>Add graalpy early-access and windows builds by <a href="https://github.com/timfel"><code>@timfel</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/880">actions/setup-python#880</a></li> </ul> <h3>Dependency and Documentation updates:</h3> <ul> <li>Enhanced wording and updated example usage for <code>allow-prereleases</code> by <a href="https://github.com/yarikoptic"><code>@yarikoptic</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/979">actions/setup-python#979</a></li> <li>Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1139">actions/setup-python#1139</a></li> <li>Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1094">actions/setup-python#1094</a></li> <li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1199">actions/setup-python#1199</a></li> <li>Upgrade requests from 2.32.2 to 2.32.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1130">actions/setup-python#1130</a></li> <li>Upgrade prettier from 3.5.3 to 3.6.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1234">actions/setup-python#1234</a></li> <li>Upgrade <code>@types/node</code> from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1235">actions/setup-python#1235</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yarikoptic"><code>@yarikoptic</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/979">actions/setup-python#979</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-python/compare/v6...v6.1.0">https://github.com/actions/setup-python/compare/v6...v6.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-python/commit/83679a892e2d95755f2dac6acb0bfd1e9ac5d548"><code>83679a8</code></a> Bump <code>@types/node</code> from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...</li> <li><a href="https://github.com/actions/setup-python/commit/bfc4944b43a5d84377eca3cf6ab5b7992ba61923"><code>bfc4944</code></a> Bump prettier from 3.5.3 to 3.6.2 (<a href="https://redirect.github.com/actions/setup-python/issues/1234">#1234</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/97aeb3efb8a852c559869050c7fb175b4efcc8cf"><code>97aeb3e</code></a> Bump requests from 2.32.2 to 2.32.4 in /<strong>tests</strong>/data (<a href="https://redirect.github.com/actions/setup-python/issues/1130">#1130</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/443da59188462e2402e2942686db5aa6723f4bed"><code>443da59</code></a> Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...</li> <li><a href="https://github.com/actions/setup-python/commit/cfd55ca82492758d853442341ad4d8010466803a"><code>cfd55ca</code></a> graalpy: add graalpy early-access and windows builds (<a href="https://redirect.github.com/actions/setup-python/issues/880">#880</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/bba65e51ff35d50c6dbaaacd8a4681db13aa7cb4"><code>bba65e5</code></a> Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (<a href="https://redirect.github.com/actions/setup-python/issues/1094">#1094</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/18566f86b301499665bd3eb1a2247e0849c64fa5"><code>18566f8</code></a> Improve wording and "fix example" (remove 3.13) on testing against pre-releas...</li> <li><a href="https://github.com/actions/setup-python/commit/2e3e4b15a884dc73a63f962bff250a855150a234"><code>2e3e4b1</code></a> Add support for pip-install input (<a href="https://redirect.github.com/actions/setup-python/issues/1201">#1201</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/4267e283df95c05d9f16ece6624106f44613b489"><code>4267e28</code></a> Bump urllib3 from 1.26.19 to 2.5.0 in /<strong>tests</strong>/data and document breaking c...</li> <li>See full diff in <a href="https://github.com/actions/setup-python/compare/e797f83bcb11b83ae66e0230d6156d7c80228e7c...83679a892e2d95755f2dac6acb0bfd1e9ac5d548">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
d652fc1d1c |
build(deps): bump actions/ai-inference from 1.2.8 to 2.0.4 (#5132)
Bumps [actions/ai-inference](https://github.com/actions/ai-inference) from 1.2.8 to 2.0.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/ai-inference/releases">actions/ai-inference's releases</a>.</em></p> <blockquote> <h2>v2.0.4</h2> <h2>What's Changed</h2> <ul> <li>Clarify token requirements for MCP integration by <a href="https://github.com/GulerSevil"><code>@GulerSevil</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/139">actions/ai-inference#139</a></li> <li>Pass GitHub MCP Tools by <a href="https://github.com/maartenvandiemen"><code>@maartenvandiemen</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/142">actions/ai-inference#142</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/GulerSevil"><code>@GulerSevil</code></a> made their first contribution in <a href="https://redirect.github.com/actions/ai-inference/pull/139">actions/ai-inference#139</a></li> <li><a href="https://github.com/maartenvandiemen"><code>@maartenvandiemen</code></a> made their first contribution in <a href="https://redirect.github.com/actions/ai-inference/pull/142">actions/ai-inference#142</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/ai-inference/compare/v2...v2.0.4">https://github.com/actions/ai-inference/compare/v2...v2.0.4</a></p> <h2>v2.0.3</h2> <h2>What's Changed</h2> <ul> <li>Mock inference in CI by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/150">actions/ai-inference#150</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/ai-inference/compare/v2...v2.0.3">https://github.com/actions/ai-inference/compare/v2...v2.0.3</a></p> <h2>v2.0.2</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): bump actions/checkout from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/ai-inference/pull/94">actions/ai-inference#94</a></li> <li>docs: update documentation on mcp usage by <a href="https://github.com/FidelusAleksander"><code>@FidelusAleksander</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/93">actions/ai-inference#93</a></li> <li>Clarify PAT requirement for github-mcp-token by <a href="https://github.com/srt32"><code>@srt32</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/147">actions/ai-inference#147</a></li> <li>fix: do template substition after parsing prompt YAML by <a href="https://github.com/dsanders11"><code>@dsanders11</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/136">actions/ai-inference#136</a></li> <li>feat: support modelParameters in prompt.yaml files by <a href="https://github.com/dsanders11"><code>@dsanders11</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/148">actions/ai-inference#148</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/FidelusAleksander"><code>@FidelusAleksander</code></a> made their first contribution in <a href="https://redirect.github.com/actions/ai-inference/pull/93">actions/ai-inference#93</a></li> <li><a href="https://github.com/srt32"><code>@srt32</code></a> made their first contribution in <a href="https://redirect.github.com/actions/ai-inference/pull/147">actions/ai-inference#147</a></li> <li><a href="https://github.com/dsanders11"><code>@dsanders11</code></a> made their first contribution in <a href="https://redirect.github.com/actions/ai-inference/pull/136">actions/ai-inference#136</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/ai-inference/compare/v2...v2.0.2">https://github.com/actions/ai-inference/compare/v2...v2.0.2</a></p> <h2>v2.0.1</h2> <h2>What's Changed</h2> <ul> <li>Parse inference response format defensively by <a href="https://github.com/sgoedecke"><code>@sgoedecke</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/97">actions/ai-inference#97</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/ai-inference/compare/v2...v2.0.1">https://github.com/actions/ai-inference/compare/v2...v2.0.1</a></p> <h2>v2.0.0</h2> <h2>What's Changed</h2> <ul> <li>Node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/79">actions/ai-inference#79</a></li> <li>Pin two imported actions to a set sha by <a href="https://github.com/garman"><code>@garman</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/90">actions/ai-inference#90</a></li> <li>Uses tmp library to ensure more secure tmp file creation by <a href="https://github.com/JessRudder"><code>@JessRudder</code></a> in <a href="https://redirect.github.com/actions/ai-inference/pull/91">actions/ai-inference#91</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/ai-inference/pull/79">actions/ai-inference#79</a></li> <li><a href="https://github.com/garman"><code>@garman</code></a> made their first contribution in <a href="https://redirect.github.com/actions/ai-inference/pull/90">actions/ai-inference#90</a></li> <li><a href="https://github.com/JessRudder"><code>@JessRudder</code></a> made their first contribution in <a href="https://redirect.github.com/actions/ai-inference/pull/91">actions/ai-inference#91</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/ai-inference/commit/334892bb203895caaed82ec52d23c1ed9385151e"><code>334892b</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/142">#142</a> from maartenvandiemen/feature/pass-toolsets</li> <li><a href="https://github.com/actions/ai-inference/commit/bbe0ccb2444c1e35852645a7e65bf1d83941efdd"><code>bbe0ccb</code></a> Fix failing tests</li> <li><a href="https://github.com/actions/ai-inference/commit/ca3b99ea743cc306cdaa68d07f817e930927c489"><code>ca3b99e</code></a> Undo changes in tests.</li> <li><a href="https://github.com/actions/ai-inference/commit/8a5d2ea4a1b866720d3acc8bbbccd159e6ca7c3a"><code>8a5d2ea</code></a> Merge branch 'main' into feature/pass-toolsets</li> <li><a href="https://github.com/actions/ai-inference/commit/112739fb15acc0a01a0d9ffc4637a0f5ca7dcc50"><code>112739f</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/139">#139</a> from GulerSevil/patch-1</li> <li><a href="https://github.com/actions/ai-inference/commit/f95554969e9a265f90a0c97938d04a6f319db7f3"><code>f955549</code></a> Merge branch 'main' into patch-1</li> <li><a href="https://github.com/actions/ai-inference/commit/9e60aa0a3f27cab0e62286d74d9c77b04b1d0596"><code>9e60aa0</code></a> Lint fix</li> <li><a href="https://github.com/actions/ai-inference/commit/02c6cc30ae592ce65ee356387748dfc2fd5f7993"><code>02c6cc3</code></a> Merge pull request <a href="https://redirect.github.com/actions/ai-inference/issues/150">#150</a> from actions/sgoedecke/mock-inference-in-ci</li> <li><a href="https://github.com/actions/ai-inference/commit/18d468666d48874954c853d63c0d9091bdfeb3b2"><code>18d4686</code></a> fix: keep response-file temp file for downstream steps</li> <li><a href="https://github.com/actions/ai-inference/commit/fd73d0264cd240d895c114657b06fd1b952b97b6"><code>fd73d02</code></a> Mock inference in CI</li> <li>Additional commits viewable in <a href="https://github.com/actions/ai-inference/compare/b81b2afb8390ee6839b494a404766bef6493c7d9...334892bb203895caaed82ec52d23c1ed9385151e">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0c3c0765a3 |
Bump logback from 1.5.21 to 1.5.22 (#5281)
Bumps `logback` from 1.5.21 to 1.5.22. Updates `ch.qos.logback:logback-core` from 1.5.21 to 1.5.22 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-core's releases</a>.</em></p> <blockquote> <h2>Logback 1.5.22</h2> <p><strong>2025-12-11 Release of logback version 1.5.22</strong></p> <p>• In order to prevent involuntary information leakage, Logback will no longer output the value of a substituted variable, if the variable name contains any of the case-insensitive strings "password", "secret" or "confidential". This problem was reported by Chintan Rohila in <a href="https://redirect.github.com/qos-ch/logback/issues/986">issues/986</a>.</p> <p>• Logback now takes the overridden <code>toString()</code> method of <code>Throwable</code> subclasses into account when printing stack traces. This issue was reported in <a href="https://jira.qos.ch/browse/LOGBACK-543">LOGBACK-543</a> by Alvin Chee, with a fix provided in <a href="https://redirect.github.com/qos-ch/logback/pull/404">PR 404</a> by Brett Kail.</p> <p>• Instead of limit-counting guard, Logback now uses a tumbling-window guard to rate limit internal error messages.</p> <p>• A bit-wise identical binary of this version can be reproduced by building from source code at commit 572379aabd2f672b49593e4020696c624541e5b0 associated with the tag v_1.5.22. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/qos-ch/logback/commit/572379aabd2f672b49593e4020696c624541e5b0"><code>572379a</code></a> prepare release 1.5.22</li> <li><a href="https://github.com/qos-ch/logback/commit/39d17ea3b3381d08b181c300e27ca0713ffc20b8"><code>39d17ea</code></a> fix status printing of variable substitution when the variable name contains ...</li> <li><a href="https://github.com/qos-ch/logback/commit/75509a918665cc16a8d35ee4024be03e17c7147a"><code>75509a9</code></a> fix PR 404, LOGBACK-543</li> <li><a href="https://github.com/qos-ch/logback/commit/8eb93569728ab33c50b963d42ea9fcd4269c502f"><code>8eb9356</code></a> remove unused import</li> <li><a href="https://github.com/qos-ch/logback/commit/6131a3ad0af65a72df2e78d56424d9ac0fed8935"><code>6131a3a</code></a> use a slightly more sophisticated guard for printing status messages</li> <li><a href="https://github.com/qos-ch/logback/commit/9efca21c6e07feefa2a6ffb6b9b3807f357515e8"><code>9efca21</code></a> add no-args constructor to support various serialization frameworks</li> <li><a href="https://github.com/qos-ch/logback/commit/1bea5804f8329a7e49a4197e34cc297ad46a597c"><code>1bea580</code></a> minor comment edits</li> <li><a href="https://github.com/qos-ch/logback/commit/bd07fddf12b8b74d28d313a56e7357f6202d2449"><code>bd07fdd</code></a> update angus, greenmail versions</li> <li><a href="https://github.com/qos-ch/logback/commit/aef993c64b4a7119f9e831fd4acaa7e470e267ca"><code>aef993c</code></a> start work on 1.5.22-SNAPSHOT</li> <li>See full diff in <a href="https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.22">compare view</a></li> </ul> </details> <br /> Updates `ch.qos.logback:logback-classic` from 1.5.21 to 1.5.22 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-classic's releases</a>.</em></p> <blockquote> <h2>Logback 1.5.22</h2> <p><strong>2025-12-11 Release of logback version 1.5.22</strong></p> <p>• In order to prevent involuntary information leakage, Logback will no longer output the value of a substituted variable, if the variable name contains any of the case-insensitive strings "password", "secret" or "confidential". This problem was reported by Chintan Rohila in <a href="https://redirect.github.com/qos-ch/logback/issues/986">issues/986</a>.</p> <p>• Logback now takes the overridden <code>toString()</code> method of <code>Throwable</code> subclasses into account when printing stack traces. This issue was reported in <a href="https://jira.qos.ch/browse/LOGBACK-543">LOGBACK-543</a> by Alvin Chee, with a fix provided in <a href="https://redirect.github.com/qos-ch/logback/pull/404">PR 404</a> by Brett Kail.</p> <p>• Instead of limit-counting guard, Logback now uses a tumbling-window guard to rate limit internal error messages.</p> <p>• A bit-wise identical binary of this version can be reproduced by building from source code at commit 572379aabd2f672b49593e4020696c624541e5b0 associated with the tag v_1.5.22. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/qos-ch/logback/commit/572379aabd2f672b49593e4020696c624541e5b0"><code>572379a</code></a> prepare release 1.5.22</li> <li><a href="https://github.com/qos-ch/logback/commit/39d17ea3b3381d08b181c300e27ca0713ffc20b8"><code>39d17ea</code></a> fix status printing of variable substitution when the variable name contains ...</li> <li><a href="https://github.com/qos-ch/logback/commit/75509a918665cc16a8d35ee4024be03e17c7147a"><code>75509a9</code></a> fix PR 404, LOGBACK-543</li> <li><a href="https://github.com/qos-ch/logback/commit/8eb93569728ab33c50b963d42ea9fcd4269c502f"><code>8eb9356</code></a> remove unused import</li> <li><a href="https://github.com/qos-ch/logback/commit/6131a3ad0af65a72df2e78d56424d9ac0fed8935"><code>6131a3a</code></a> use a slightly more sophisticated guard for printing status messages</li> <li><a href="https://github.com/qos-ch/logback/commit/9efca21c6e07feefa2a6ffb6b9b3807f357515e8"><code>9efca21</code></a> add no-args constructor to support various serialization frameworks</li> <li><a href="https://github.com/qos-ch/logback/commit/1bea5804f8329a7e49a4197e34cc297ad46a597c"><code>1bea580</code></a> minor comment edits</li> <li><a href="https://github.com/qos-ch/logback/commit/bd07fddf12b8b74d28d313a56e7357f6202d2449"><code>bd07fdd</code></a> update angus, greenmail versions</li> <li><a href="https://github.com/qos-ch/logback/commit/aef993c64b4a7119f9e831fd4acaa7e470e267ca"><code>aef993c</code></a> start work on 1.5.22-SNAPSHOT</li> <li>See full diff in <a href="https://github.com/qos-ch/logback/compare/v_1.5.21...v_1.5.22">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
9c03914edd |
Add admin password reset option for users (#5180)
## Summary - add backend support for admins to reset user passwords and optionally email notifications when SMTP is enabled - surface mail capability in admin settings data for the UI - add a shared change-password modal hooked into People and Team user actions with random password generation and email options ## Testing - not run (not requested) ------ [Codex Task](https://chatgpt.com/codex/tasks/task_b_6934b978fe3c83289b5b95dec79b3d38) --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> |
||
|
|
85d9b5b83d |
feat(viewer): Add interactive link layer with (basic) internal/external navigation support (#5077)
# Description of Changes Added a new `LinkLayer` component to the PDF viewer that renders clickable overlays for PDF link annotations, enabling both internal page navigation and external URL links. - Created `LinkLayer.tsx` component that extracts link annotations using the EmbedPDF annotation API with fallback to direct PDF document access - Implemented scale-aware positioning to maintain accurate link hotspots at different zoom levels - Added support for internal navigation (GoTo actions) using smooth scrolling and external links (URI actions) opening in new tabs - Integrated accessibility features with proper ARIA labels and keyboard navigation - Modified `LocalEmbedPDF.tsx` to always register the annotation plugin (even when editing is disabled) to enable reading existing link annotations - Updated `ReactRoutingController.java` and test formatting for code style consistency **Key features:** - Multi-source annotation detection (annotation API → document API → page API fallback) - Navigation lock to prevent race conditions - React performance optimizations (useMemo, useCallback) - TypeScript type safety for PDF actions and destinations This does not address support for Attachment links. Sadly, that does not seem to be possible with EmbedPDF <img width="773" height="957" alt="image" src="https://github.com/user-attachments/assets/8a04d15a-79b5-46b6-af8b-3d27246581a7" /> <img width="773" height="957" alt="image" src="https://github.com/user-attachments/assets/eeb39ca7-a114-4bd5-a4eb-9e8a27331297" /> <img width="773" height="957" alt="image" src="https://github.com/user-attachments/assets/1ee6bba3-d233-4a11-bf1a-1b56696265e1" /> <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [X] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [X] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [X] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. Signed-off-by: Balázs Szücs <[email protected]> |
||
|
|
87bf7a5b7f |
Add edit table of contents tool to React UI (#4917)
## Summary - add a dedicated edit table of contents tool to the React UI, complete with bookmark editor, import/export actions, and parameter handling - register the tool in the translated registry and extend the English translations with the new strings - wire up the backend endpoints through a new operation hook and form-data serialization helpers ## Testing - ./gradlew build ------ [Codex Task](https://chatgpt.com/codex/tasks/task_b_691a4a87a9c4832899ecd1c55989f27f) --------- Co-authored-by: Reece Browne <[email protected]> |
||
|
|
74a1438c21 |
[V2] feat(unzip/front-end): Implement ZIP extraction confirmation for archives over 20 files (#4834)
# Description of Changes TLDR: - Introduced a user confirmation dialog for extracting ZIP files with more than **20 files**. - Created `useZipConfirmation` hook to handle confirmation dialog logic and state. - Implemented `ZipWarningModal` component to display the confirmation dialog. - Updated `zipFileService` to count files in ZIP and trigger confirmation callback for large files. - Integrated confirmation flow into `FileContext` and `useToolResources`. - Added translations for new ZIP warning dialog messages. This pull request introduces a user confirmation dialog when attempting to extract large ZIP files (**over 20 files**), improving safety and user experience by preventing accidental extraction of very large archives. The implementation includes a reusable confirmation modal, a custom hook to handle dialog state and resolution, and updates to the ZIP extraction logic to support this workflow. **User Experience Improvements** * Added a new localized warning dialog (`ZipWarningModal`) that prompts users for confirmation when extracting ZIP files containing more than 20 files. This dialog displays the ZIP file name, file count, and offers "Cancel" and "Extract" actions, with responsive layouts for desktop and mobile **ZIP Extraction Workflow Enhancements** * Updated the ZIP extraction logic in `ZipFileService` to count the number of files in a ZIP and invoke a confirmation callback if the file count exceeds the threshold. Extraction proceeds only if the user confirms; otherwise, the ZIP remains unextracted. * Added a new hook (`useZipConfirmation`) to manage the confirmation dialog’s state and provide a promise-based API for requesting user confirmation. **Integration with Application State** * Integrated the confirmation workflow into `FileContext`, passing the confirmation function into ZIP extraction calls and rendering the modal dialog at the appropriate time. * Updated relevant interfaces and method signatures to support the optional confirmation callback for large ZIP extractions throughout the codebase. <img width="515" height="321" alt="image" src="https://github.com/user-attachments/assets/f35a7588-4635-4ccd-9ee6-95edb17fee99" /> <img width="515" height="321" alt="image" src="https://github.com/user-attachments/assets/0525acf3-4174-42cd-8912-910e754c467c" /> <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [X] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [X] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [X] I have performed a self-review of my own code - [X] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [X] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [X] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Signed-off-by: Balázs Szücs <[email protected]> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
4d349c047b |
[V2] feat(delete-form,modify-form,fill-form,extract-forms): add delete, modify, fill, and extract form functionality (#4830)
# Description of Changes TLDR - Adds `/api/v1/form/fields`, `/fill`, `/modify-fields`, and `/delete-fields` endpoints for end-to-end AcroForm workflows. - Centralizes form field detection, filling, modification, and deletion logic in `FormUtils` with strict type handling. - Introduces `FormPayloadParser` for resilient JSON parsing across legacy flat payloads and new structured payloads. - Reuses and extends `FormCopyUtils` plus `FormFieldTypeSupport` to create, clone, and normalize widget properties when transforming forms. ### Implementation Details - `FormFillController` updates the new multipart APIs, and streams updated documents or metadata responses. - `FormUtils` now owns extraction, template building, value application (including flattening strategies), and field CRUD helpers used by the controller endpoints. - `FormPayloadParser` normalizes request bodies: accepts flat key/value maps, combined `fields` arrays, or nested templates, returning deterministic LinkedHashMap ordering for repeatable fills. - `FormFieldTypeSupport` encapsulates per-type creation, value copying, default appearance, and option handling; utilized by both modification flows and `FormCopyUtils` transformations. - `FormCopyUtils` exposes shared routines for making widgets across documents ### API Surface (Multipart Form Data) - `POST /api/v1/form/fields` -> returns `FormUtils.FormFieldExtraction` with ordered `FormFieldInfo` records plus a fill template. - `POST /api/v1/form/fill` -> applies parsed values via `FormUtils.applyFieldValues`; optional `flatten` renders appearances while respecting strict validation. - `POST /api/v1/form/modify-fields` -> updates existing fields in-place using `FormUtils.modifyFormFields` with definitions parsed from `updates` payloads. - `POST /api/v1/form/delete-fields` -> removes named fields after `FormPayloadParser.parseNameList` deduplication and validation. <img width="1305" height="284" alt="image" src="https://github.com/user-attachments/assets/ef6f3d76-4dc4-42c1-a779-0649610cbf9a" /> ### Individual endpoints: <img width="1318" height="493" alt="image" src="https://github.com/user-attachments/assets/65abfef9-50a2-42e6-8830-f07a7854d3c2" /> <img width="1310" height="582" alt="image" src="https://github.com/user-attachments/assets/dd903773-5513-42d9-ba5d-3d8f204d6a0d" /> <img width="1318" height="493" alt="image" src="https://github.com/user-attachments/assets/c22f65a7-721a-45bb-bb99-4708c423e89e" /> <img width="1318" height="493" alt="image" src="https://github.com/user-attachments/assets/a76852f5-d5d1-442a-8e5e-d0f29404542a" /> ### Data Validation & Type Safety - Field type inference (`detectFieldType`) and choice option resolution ensure only supported values are written; checkbox mapping uses export states and boolean heuristics. - Choice inputs pass through `filterChoiceSelections` / `filterSingleChoiceSelection` to reject invalid entries and provide actionable logs. - Text fills leverage `setTextValue` to merge inline formatting resources and regenerate appearances when necessary. - `applyFieldValues` supports strict mode (default) to raise when unknown fields are supplied, preventing silent data loss. ### Automation Workflow Support The `/fill` and `/fields` endpoints are designed to work together for automated form processing. The workflow is straightforward: extract the form structure, modify the values, and submit for filling. How It Works: 1. The `/fields` endpoint extracts all form field metadata from your PDF 2. You modify the returned JSON to set the desired values for each field 3. The `/fill` endpoint accepts this same JSON structure to populate the form Example Workflow: ```bash # Step 1: Extract form structure and save to fields.json curl -o fields.json \ -F [email protected] \ http://localhost:8080/api/v1/form/fields # Step 2: Edit fields.json to update the "value" property for each field # (Use your preferred text editor or script to modify the values) # Step 3: Fill the form using the modified JSON curl -o filled-form.pdf \ -F [email protected] \ -F [email protected] \ http://localhost:8080/api/v1/form/fill ``` #### How to Fill the `template` JSON The `template` (your data) is filled by creating key-value pairs that match the "rules" defined in the `fields` array (the schema). 1. Find the Field `name`: Look in the `fields` array for the `name` of the field you want to fill. * *Example:* `{"name": "Agent of Dependent", "type": "text", ...}` 2. Use `name` as the Key: This `name` becomes the key (in quotes) in your `template` object. * *Example:* `{"Agent of Dependent": ...}` 3. Find the `type`: Look at the `type` for that same field. This tells you what *kind* of value to provide. * `"type": "text"` requires a string (e.g., `"John Smith"`). * `"type": "checkbox"` requires a boolean (e.g., `true` or `false`). * `"type": "combobox"` requires a string that *exactly matches* one of its `"options"` (e.g., `"Choice 1"`). 4. Add the Value: This matching value becomes the value for your key. #### Correct Examples * For a Textbox: * Schema: `{"name": "Agent of Dependent", "type": "text", ...}` * Template: `{"Agent of Dependent": "Mary Jane"}` * For a Checkbox: * Schema: `{"name": "Option 2", "type": "checkbox", ...}` * Template: `{"Option 2": true}` * For a Dropdown (Combobox): * Schema: `{"name": "Dropdown2", "type": "combobox", "options": ["Choice 1", "Choice 2", ...] ...}` * Template: `{"Dropdown2": "Choice 1"}` ### Incorrect Examples (These Will Error) * Wrong Type: `{"Option 2": "Checked"}` * Error: "Option 2" is a `checkbox` and expects `true` or `false`, not a string. * Wrong Option: `{"Dropdown2": "Choice 99"}` * Error: `"Choice 99"` is not listed in the `options` for "Dropdown2". ### For people manually doing this For users filling forms manually, there's a simplified format that focuses only on field names and values: ```json { "FullName": "", "ID": "", "Gender": "Off", "Married": false, "City": "[]" } ``` This format is easier to work with when you're manually editing the JSON. You can skip the full metadata structure (type, label, required, etc.) and just provide the field names with their values. Important caveat: Even though the type information isn't visible in this simplified format, type validation is still enforced by PDF viewers. This simplified format just makes manual editing more convenient while maintaining data integrity. Please note: this suffers from: https://issues.apache.org/jira/browse/PDFBOX-5962 Closes https://github.com/Stirling-Tools/Stirling-PDF/issues/237 Closes https://github.com/Stirling-Tools/Stirling-PDF/issues/3569 <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [x] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [x] I have performed a self-review of my own code - [x] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [x] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [x] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Signed-off-by: Balázs Szücs <[email protected]> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
20600ac1c3 |
ci(deps): pin GitHub Actions to SHAs, upgrade to checkout v5 & setup-* v5/6, adopt Node 22, harden runner, bump docker-compose (#4591)
# Description of Changes <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: Copilot <[email protected]> |