mirror of
https://github.com/arsvendg/Stirling-PDF.git
synced 2026-07-16 11:23:10 +02:00
fc048872d794d1028c6d45f7cea16dacd67592fb
100
Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
fc048872d7 |
build(deps): bump idna from 3.12 to 3.15 in /testing/cucumber in the pip group across 1 directory (#6403)
Bumps the pip group with 1 update in the /testing/cucumber directory: [idna](https://github.com/kjd/idna). Updates `idna` from 3.12 to 3.15 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8"><code>af30a09</code></a> Release 3.15</li> <li><a href="https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2"><code>30314d4</code></a> Pre-release 3.15rc0</li> <li><a href="https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9"><code>05d4b21</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/237">#237</a> from kjd/convert-docs-to-markdown</li> <li><a href="https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee"><code>2987fdb</code></a> Convert README and HISTORY from reStructuredText to Markdown</li> <li><a href="https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c"><code>59fa800</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/236">#236</a> from kjd/dependabot/github_actions/actions-f3e34333ea</li> <li><a href="https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2"><code>def6983</code></a> Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea</li> <li><a href="https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631"><code>bbd8004</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/234">#234</a> from StanFromIreland/patch-1</li> <li><a href="https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc"><code>edd07c0</code></a> Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group</li> <li><a href="https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123"><code>5557db0</code></a> Merge branch 'master' into patch-1</li> <li><a href="https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d"><code>f11746c</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/235">#235</a> from StanFromIreland/patch-2</li> <li>Additional commits viewable in <a href="https://github.com/kjd/idna/compare/v3.12...v3.15">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Stirling-Tools/Stirling-PDF/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
19982d7207 |
build(deps): bump actions/ai-inference from 2.0.7 to 2.1.0 (#6415)
Signed-off-by: dependabot[bot] <[email protected]> |
||
|
|
cdfefb02bc |
build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 (#6421)
Signed-off-by: dependabot[bot] <[email protected]> |
||
|
|
017c8d59fa |
feat(ai): add Contradiction Agent on a new ChunkedMapper primitive (#6369)
## Summary Adds a new AI specialist that finds **textual contradictions** across one or more PDFs — conflicting claims, recommendations, points of view, contested facts — built entirely in Python on top of the new `DocumentService` + `ChunkedReasoner` stack from #6314. Replaces the closed #6304, which was started before #6314 landed and therefore over-engineered (Java orchestrator, two-round handshake, resume artifact, discriminated-union lift). Two commits: 1. **`refactor(engine): extract ChunkedMapper[T] from ChunkedReasoner`** — pure refactor, public API of ChunkedReasoner unchanged. New `ChunkedMapper[T: BaseModel]` is a generic parallel-chunk primitive (slicing, semaphore, time-bounded extraction, cancellation drain, progress events) that's now a peer to ChunkedReasoner rather than locked inside it. The compression loop stays on ChunkedReasoner where it belongs. 2. **`feat(ai): add Contradiction Agent on ChunkedMapper`** — the agent itself, plus integrations into `PdfReviewAgent` and `PdfQuestionAgent`. ## Architecture - **Python-only.** No Java code. No `AgentToolId.CONTRADICTION_AGENT`. No dedicated HTTP endpoint. No resume artifact, no discriminated-union lift in `contracts/common.py`. Detector runs inside the Python engine and the Python engine alone. - **Review path** (`PdfReviewAgent`): a new `ContradictionIntentClassifier` fires on contradiction-flavoured prompts; agent runs detection synchronously and emits a single `EditPlanResponse(steps=[ADD_COMMENTS])`. Single-turn flow — no resume. - **Question path** (`PdfQuestionAgent`): a new `ContradictionCapability` joins `RagCapability` and `WholeDocReaderCapability` in the smart-model toolset, exposing `find_contradictions(query)`. The smart model picks it from the toolset alongside `search_knowledge` and `read_full_document`. ## Inside `ContradictionDetector.detect()` 1. `DocumentService.read_pages(file_id)` → ordered `list[Page]`. 2. `ChunkedMapper[_ExtractedClaims].map_pages(...)` — char-budgeted multi-page slicing; each slice runs the claim-extractor LLM in parallel under a semaphore. 3. Page-traceability: the extractor returns `_ExtractedClaim.page` (which `[Page N]` marker the claim came from). The wrapper validates `page ∈ chunk.pages`; if not, mechanical fallback searches the chunk's page text for the verbatim quote and reassigns. If still no match, drop the claim. 4. `Claim.anchor_quality: Literal[\"verbatim\", \"paraphrased\"]` is set by a substring check against the declared page's text. Verbatim quotes feed `anchor_text` for snap-to-quote add-comments placement; paraphrased ones fall back to margin geometry. 5. Subject canonicalisation: ONE fast-model LLM call collapses synonyms across the document. Fails open to lexical bucketing. 6. Pre-filters: drop identical-quote pairs; drop same-page same-polarity paraphrases. 7. Per-bucket pair detection in parallel (separate semaphore, cap 5). Buckets > 12 claims chunk into windows of 12 with overlap 2; pairs deduped across overlapping windows by frozen `(i, j)` index pair. 8. Summary fast-model call with fallback string on error. ## Prompt-injection hardening Every prompt that interpolates user-supplied or PDF-extracted text wraps content in `<user_message>` / `<verdict>` / `<content>` tags with an explicit SECURITY preamble instructing the model to treat tagged content as data only. ## Limitations - **Combined math + contradiction intent**: when both intent classifiers fire on the same prompt, contradiction takes precedence and the math intent is silently dropped. Documented in the Review module docstring and pinned by `test_review_integration.py::test_contradiction_precedence_over_math`. - **Cross-window contradiction reach**: within a subject bucket, pairs more than ~10 claim indices apart in the same chunked window may be missed by the overlap-2 strategy. Documented in `test_detector.py`. Acceptable for v1. ## Settings (engine/src/stirling/config/settings.py) ```python contradiction_detect_concurrency = 5 # per-bucket detector semaphore contradiction_bucket_chunk_size = 12 # max claims per detector call contradiction_bucket_chunk_overlap = 2 # overlap for >threshold buckets ``` `chars_per_slice` and extraction concurrency are reused from the existing `chunked_reasoner_*` settings. ## Test plan - [x] `uv run pytest tests/ -v` — **245/245 pass** (210 pre-existing + 35 new) - [x] `uv run ruff check src/ tests/` — clean - [x] `uv run pyright src/stirling/agents/contradiction/ src/stirling/contracts/contradiction.py` — 0 errors - [x] `./gradlew :proprietary:test` — green; no Java was touched, but verified untouched - [x] Page-traceability tests cover: valid page kept, hallucinated page dropped, mechanical-reassign on misattribution, anchor-quality verbatim vs paraphrased - [x] Review integration: ADD_COMMENTS plan with two paired CommentSpecs per contradiction; NeedIngestResponse precheck; precedence vs math intent pinned - [x] Question integration: all three capabilities wired into smart-model toolset; `find_contradictions` returns formatted report text - [x] ChunkedMapper standalone: slicing, multi-chunk ordering, worker failures, timeouts, cancellation drain, semaphore saturation - [x] ChunkedReasoner regression: all pre-existing tests pass unchanged after the internal split ## Relationship to closed #6304 #6304 was closed in favour of this PR. The closed PR predated #6314 and modelled the agent as a Java-orchestrated two-round examine/deliberate flow with its own HTTP endpoint and a discriminated-union resume artifact. With #6314 making full ordered page text available to the engine via `DocumentService.read_pages`, none of that is needed. Net effect: drop ~600 lines of Java, drop the two-round handshake, drop the `ToolReportArtifact` lift, while ending up with a more scalable agent (chunk-based instead of page-based extraction; tested to ChunkedReasoner-equivalent scale). |
||
|
|
0c3a512b21 |
build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0 (#6346)
Signed-off-by: dependabot[bot] <[email protected]> |
||
|
|
d76d25654a |
build(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0 (#6378)
Signed-off-by: dependabot[bot] <[email protected]> |
||
|
|
31b00b7d06 |
build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (#6379)
Signed-off-by: dependabot[bot] <[email protected]> |
||
|
|
31f6ea4b25 |
perf(frontend): stabilize hot-path context subscriptions to fix excessive rerenders (#6373)
## Summary
The frontend was rerendering excessively across many interactions —
typing, clicking tools, opening modals, toggling the sidebar — because
**multiple compounding ref-instability cascades defeated `memo()` checks
in hot paths**. This PR fixes the cascades structurally.
Seven focused commits, low-to-high blast radius:
1. `perf(contexts): memoize BannerContext provider value`
2. `perf(contexts): memoize CommentAuthor and ActiveDocument provider
values`
3. `perf(contexts): memoize AppConfigContext provider value`
4. `perf(useToolManagement): stop spreading tool entries to keep refs
stable` — **root-cause fix**
5. `refactor(ToolPicker): hoist module-scope styles and helpers`
6. `feat(ToolWorkflowContext): add ref-stable Actions and Data subset
contexts` — additive
7. `perf(tools): migrate hot consumers to slim contexts and wrap in
memo()`
(Plus `style: apply prettier formatting` for CI.)
## What was wrong
Whenever something high-up in the tree caused a render, a chain of
unstable references propagated downward and forced every `ToolButton` to
re-execute its full body (hooks, derived computations, hook
subscriptions to other contexts). The chain:
- **4 unstable Context providers** (`Banner`, `CommentAuthor`,
`ActiveDocument`, `AppConfig`) were passing fresh `value={{ … }}`
objects on every render. Every consumer rerendered on every ancestor
render.
- **`useToolManagement.toolRegistry`** spread `{...baseTool, name,
description}` — a no-op spread that manufactured a new tool object
identity on every memo recompute.
- **The big `ToolWorkflowContext`** (25+ fields including
`state.searchQuery`) rebuilt its entire value on every
keystroke/click/toggle, forcing every `useToolWorkflow()` consumer (~36
files) to rerender.
- **`useToolNavigation`** transitively subscribed every `ToolButton` to
the full workflow context.
- **`ToolButton` & `ToolPicker`** weren't `memo()`-wrapped, so nothing
checked.
- **`ToolPanel`** passed inline `onSelect={(id) =>
handleToolSelect(...)}` — fresh ref every render, defeats child
memoization.
- **`ToolPicker`** allocated inline styles / `[]` / `toTitleCase` inside
the function body — churned `useToolSections`'s internal memo.
## Interaction matrix — what improves
The PR fixes the underlying ref-stability problem; the same fix benefits
*every* interaction that previously triggered the cascade:
| Interaction | Before | After |
|---|---|---|
| **Typing in tool search** | All visible buttons rerender per keystroke
| Only buttons whose matched-text changes rerender |
| **Clicking a tool** | All 36 `useToolWorkflow()` consumers rerender |
Only previously-selected and newly-selected buttons rerender (via
`isSelected` prop) |
| **Toggling sidebar / panel mode / reader mode** | Every tool button
rerenders | Tool components stay still (slim context doesn't see UI
state) |
| **Switching workbench / navigation** | `handleToolSelect` identity
changes → cascades through `onSelect` props | Ref-stabilized in Actions
context. Identity stable. Children's memo bails |
| **Modal/dialog open/close** | AppConfig churns → every `useAppConfig`
consumer rerenders (ToolButton reads `premiumEnabled`) | AppConfig
memoized; consumers rerender only when config changes |
| **Banner show/hide** | BannerProvider value churns → every consumer
rerenders on any ancestor render | Memoized; AppLayout rerenders only
when banner content changes |
| **Any state update high in the tree** | Compounding cascade defeats
memo everywhere | Stable subscriptions; memo bails out |
## Evidence
Per-keystroke prop instability on `ToolButton` (cleanest measurable
signal, captured via custom memo comparators logging which prop refs
differ):
| | `tool` ref diffs | `onSelect` ref diffs | `matchedSynonym` value
diffs | Total |
|---|---|---|---|---|
| Before | 18 | 18 | 6 | **42** |
| After | 0 | 0 | 6 | **6 (all legitimate)** |
→ **86% reduction** in spurious per-keystroke prop instability. The 6
remaining matched-synonym diffs are correct (different substring
highlighted per keystroke).
Context value rebuild counts during a keystroke (verified with
instrumented `useMemo` factories): `useToolWorkflowData=0`,
`useToolWorkflowActions=0`, `AppConfigContext=0`.
The same stabilization applies to click/toggle/modal interactions — they
were all driven by the same cascading invalidations.
## Honest caveat on render-count metrics
`React.Profiler` counts and function-body execution counts in **dev
mode** came back identical before vs after (StrictMode + concurrent
rendering + Mantine internal commits dominate the numbers). The PR's
value is measured against the **prop-stability signal** above, not
Profiler counts. Production builds — where StrictMode doesn't
double-render and Mantine internals aren't constantly committing — will
show memo bail out properly.
## Risk × benefit
| # | Commit | Risk | Benefit |
|---|--------|------|---------|
| 1 | BannerContext memo | ⬛ Trivial | 🟦 Small |
| 2 | CommentAuthor + ActiveDocument memo | ⬛ Trivial | 🟦 Small |
| 3 | AppConfig memo | ⬛ Trivial | 🟦 Moderate (wide consumer base) |
| 4 | useToolManagement spread removal | ⬛ Trivial | 🟥 **High (root
cause)** |
| 5 | ToolPicker hoist | ⬛ Trivial | 🟦 Small |
| 6 | ToolWorkflowContext split | 🟧 Low-Med | 🟥 **High (foundation)** |
| 7 | Hot consumer migration + memo | 🟧 Low-Med | 🟥 **High
(actualization)** |
Commit 6 introduces an invariant: ref-stabilized callbacks in the
Actions context must only be invoked from event handlers (post-commit),
never during render. All current call sites comply.
## Test plan
- [x] `npx playwright test --project=stubbed` — 145 / 6 skipped / 0
failed before and after.
- [x] Targeted regression: `main-dashboard`, `tool-search`, `navigation`
— 11/11 passing.
- [x] CI passing on commits (one infrastructure flake on
`docker-compose-tests` — "No space left on device" — unrelated;
rerunning).
- [ ] Manual sanity check in a dev build after merge.
## What this enables
The same Actions + Data subset-context pattern can be applied to
`FileContext`, `NavigationContext`, and other big contexts. The
foundation is in place.
|
||
|
|
5b9ef852ab |
ci: remove frontend validation PR comment after successful check (#6360)
# Description of Changes - Added a GitHub Actions step to remove the frontend validation check comment when the frontend check succeeds on pull requests. - The step searches for an existing PR comment containing the `<!-- frontend-check -->` marker and deletes it if found. - The change was made to keep pull request discussions clean by removing stale frontend check comments once the validation passes. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have run `task check` to verify linters, typechecks, and tests pass - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#7-testing) for more details. |
||
|
|
294b616a63 |
build(deps): bump org.springframework.boot:spring-boot-dependencies from 4.0.5 to 4.0.6 (#6337)
Bumps [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) from 4.0.5 to 4.0.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot:spring-boot-dependencies's releases</a>.</em></p> <blockquote> <h2>v4.0.6</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50188">#50188</a></li> <li>Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50187">#50187</a></li> <li>ApplicationPidFileWriter does not handle symlinks correctly <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50185">#50185</a></li> <li>RandomValuePropertySource is not suitable for secrets <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50183">#50183</a></li> <li>Cassandra auto-configuration misconfigures CqlSessionBuilder <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50180">#50180</a></li> <li>ApplicationTemp does not handle symlinks correctly <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50178">#50178</a></li> <li>Remote DevTools performs comparison incorrectly <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50176">#50176</a></li> <li>spring.rabbitmq.ssl.verify-hostname is applied inconsistently <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50174">#50174</a></li> <li>Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50077">#50077</a></li> <li>Classic starters are missing several modules <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50071">#50071</a></li> <li>Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic <a href="https://redirect.github.com/spring-projects/spring-boot/pull/50069">#50069</a></li> <li>Annotations like <code>@Ssl</code> don't work on <code>@Bean</code> methods when using <code>@ServiceConnection</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50064">#50064</a></li> <li>EnversRevisionRepositoriesRegistrar should reuse <code>@EnableEnversRepositories</code> rather than configuring the JPA counterpart <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50039">#50039</a></li> <li>WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50017">#50017</a></li> <li>Imports on a containing test class are ignored when a nested class has imports <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50012">#50012</a></li> <li>With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49951">#49951</a></li> <li>500 response from env endpoint when supplied pattern is invalid <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49946">#49946</a></li> <li>Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49945">#49945</a></li> <li>HTTP method is lost when configuring excludes in EndpointRequest <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49943">#49943</a></li> <li>Honor HttpMethod for reactive additional endpoint paths <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49880">#49880</a></li> <li>Docker Compose support doesn't work with apache/artemis image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49869">#49869</a></li> <li>Docker Compose support doesn't work with apache/activemq image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49866">#49866</a></li> <li>Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49854">#49854</a></li> <li>API versioning path strategy should be applied path last as it is not meant to yield <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49800">#49800</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Update docs to encourage Java fundamentals for beginners that prefer to learn that way <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50146">#50146</a></li> <li>HTTP Service Interface Clients still document that API versioning can be configured via properties <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50126">#50126</a></li> <li>Link to the observability section of the Lettuce documentation is broken <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50097">#50097</a></li> <li>Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50085">#50085</a></li> <li>MySamlRelyingPartyConfiguration is missing a Kotlin sample <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50024">#50024</a></li> <li>Incorrect default value for management.httpexchanges.recording.include in configuration metadata <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50019">#50019</a></li> <li>Link to the Kubernetes documentation when discussing startup probes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50015">#50015</a></li> <li>Typo in JdbcSessionAutoConfiguration Javadoc <a href="https://redirect.github.com/spring-projects/spring-boot/pull/49873">#49873</a></li> <li>Clarify that configuration property default values are not available through the Environment <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49851">#49851</a></li> <li>Document the need for Liquibase and Flyway starters <a href="https://redirect.github.com/spring-projects/spring-boot/pull/49839">#49839</a></li> <li>Kafka documentation refers to deprecated JSON serializer and deserializer classes <a href="https://redirect.github.com/spring-projects/spring-boot/pull/49826">#49826</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Upgrade to Elasticsearch Client 9.2.8 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50027">#50027</a></li> <li>Upgrade to Groovy 5.0.5 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49911">#49911</a></li> <li>Upgrade to Hibernate 7.2.12.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50134">#50134</a></li> <li>Upgrade to Jackson Bom 3.1.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50051">#50051</a></li> <li>Upgrade to <a href="https://github.com/jaxen-xpath/jaxen/releases/tag/v2.0.1">Jaxen 2.0.1</a> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50104">#50104</a></li> <li>Upgrade to <a href="https://github.com/FirebirdSQL/jaybird/releases/tag/v6.0.5">Jaybird 6.0.5</a> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49914">#49914</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/8821ad2cd381bb4b9615a61479e1de7305a8ba39"><code>8821ad2</code></a> Release v4.0.6</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9e4048a03f17adfe78057a3c4d5b4693305c0ae0"><code>9e4048a</code></a> Merge branch '3.5.x' into 4.0.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/20bb11c3984802990572ddbeae8b66885a8f2462"><code>20bb11c</code></a> Next development version (v3.5.15-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/98daa8ea30f39a5b0ca6768b5cbc2dc8698ef4e1"><code>98daa8e</code></a> Merge branch '3.5.x' into 4.0.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9dc5aa2863f598a15d3dfa116f4b89249daba7e7"><code>9dc5aa2</code></a> Polish</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/874f6294b91da18367b8b5ab7b2fad3fa23cfba6"><code>874f629</code></a> Fix default security with actuator but without health</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/e41b3bf731d1134bc18ec1f68ac01e0fe1c54923"><code>e41b3bf</code></a> Enable hostname verification for SSL connections to Elasticsearch</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ef8527bb0ef8f564f4f9c57a7be99a7aa96c6ab0"><code>ef8527b</code></a> Merge branch '3.5.x' into 4.0.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/f533a4549c3999aac30cb5830f07dc304933e93d"><code>f533a45</code></a> Do not follow symlinks when writing PID file</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/4a7bd332b6d19fef1aa4cf28434985f2b03a2e0f"><code>4a7bd33</code></a> Merge branch '3.5.x' into 4.0.x</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v4.0.5...v4.0.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
8645280ee5 |
build(deps): bump reportlab from 4.4.10 to 4.5.0 in /testing/cucumber (#6338)
Bumps [reportlab](https://www.reportlab.com/) from 4.4.10 to 4.5.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
bd50e2e59d |
build(deps): bump commons-io:commons-io from 2.21.0 to 2.22.0 in /app/core (#6344)
Bumps commons-io:commons-io from 2.21.0 to 2.22.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
77abaf5de5 |
build(deps): bump actions/cache from 5.0.4 to 5.0.5 (#6349)
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.4 to 5.0.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v5.0.5</h2> <h2>What's Changed</h2> <ul> <li>Update ts-http-runtime dependency by <a href="https://github.com/yacaovsnc"><code>@yacaovsnc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1747">actions/cache#1747</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v5...v5.0.5">https://github.com/actions/cache/compare/v5...v5.0.5</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h2>How to prepare a release</h2> <blockquote> <p>[!NOTE]<br /> Relevant for maintainers with write access only.</p> </blockquote> <ol> <li>Switch to a new branch from <code>main</code>.</li> <li>Run <code>npm test</code> to ensure all tests are passing.</li> <li>Update the version in <a href="https://github.com/actions/cache/blob/main/package.json"><code>https://github.com/actions/cache/blob/main/package.json</code></a>.</li> <li>Run <code>npm run build</code> to update the compiled files.</li> <li>Update this <a href="https://github.com/actions/cache/blob/main/RELEASES.md"><code>https://github.com/actions/cache/blob/main/RELEASES.md</code></a> with the new version and changes in the <code>## Changelog</code> section.</li> <li>Run <code>licensed cache</code> to update the license report.</li> <li>Run <code>licensed status</code> and resolve any warnings by updating the <a href="https://github.com/actions/cache/blob/main/.licensed.yml"><code>https://github.com/actions/cache/blob/main/.licensed.yml</code></a> file with the exceptions.</li> <li>Commit your changes and push your branch upstream.</li> <li>Open a pull request against <code>main</code> and get it reviewed and merged.</li> <li>Draft a new release <a href="https://github.com/actions/cache/releases">https://github.com/actions/cache/releases</a> use the same version number used in <code>package.json</code> <ol> <li>Create a new tag with the version number.</li> <li>Auto generate release notes and update them to match the changes you made in <code>RELEASES.md</code>.</li> <li>Toggle the set as the latest release option.</li> <li>Publish the release.</li> </ol> </li> <li>Navigate to <a href="https://github.com/actions/cache/actions/workflows/release-new-action-version.yml">https://github.com/actions/cache/actions/workflows/release-new-action-version.yml</a> <ol> <li>There should be a workflow run queued with the same version number.</li> <li>Approve the run to publish the new version and update the major tags for this action.</li> </ol> </li> </ol> <h2>Changelog</h2> <h3>5.0.4</h3> <ul> <li>Bump <code>minimatch</code> to v3.1.5 (fixes ReDoS via globstar patterns)</li> <li>Bump <code>undici</code> to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)</li> <li>Bump <code>fast-xml-parser</code> to v5.5.6</li> </ul> <h3>5.0.3</h3> <ul> <li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li> <li>Bump <code>@actions/core</code> to v2.0.3</li> </ul> <h3>5.0.2</h3> <ul> <li>Bump <code>@actions/cache</code> to v5.0.3 <a href="https://redirect.github.com/actions/cache/pull/1692">#1692</a></li> </ul> <h3>5.0.1</h3> <ul> <li>Update <code>@azure/storage-blob</code> to <code>^12.29.1</code> via <code>@actions/[email protected]</code> <a href="https://redirect.github.com/actions/cache/pull/1685">#1685</a></li> </ul> <h3>5.0.0</h3> <blockquote> <p>[!IMPORTANT] <code>actions/cache@v5</code> runs on the Node.js 24 runtime and requires a minimum Actions Runner version of <code>2.327.1</code>.</p> </blockquote> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae"><code>27d5ce7</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1747">#1747</a> from actions/yacaovsnc/update-dependency</li> <li><a href="https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd"><code>f280785</code></a> licensed changes</li> <li><a href="https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7"><code>619aeb1</code></a> npm run build generated dist files</li> <li><a href="https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6"><code>bcf16c2</code></a> Update ts-http-runtime to 0.3.5</li> <li>See full diff in <a href="https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
503a81be50 |
build(deps): bump KSXGitHub/github-actions-deploy-aur from 4.1.2 to 4.1.3 (#6347)
Bumps [KSXGitHub/github-actions-deploy-aur](https://github.com/ksxgithub/github-actions-deploy-aur) from 4.1.2 to 4.1.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ksxgithub/github-actions-deploy-aur/releases">KSXGitHub/github-actions-deploy-aur's releases</a>.</em></p> <blockquote> <h2>v4.1.3</h2> <p>There is a bug in <code>runuser</code> that converts all <code>-c</code> (even after <code>--</code>) into <code>--command</code> which <code>bash</code> doesn't recognize. This release removes the <code>-c</code> flag entirely, bash would execute <code>/build.sh</code> as if it's a file. Hopefully, the behavior preserves. If not, maybe just switch to <code>su</code> or <code>sudo</code>.</p> <p>Relevant PR: <a href="https://redirect.github.com/KSXGitHub/github-actions-deploy-aur/pull/51">KSXGitHub/github-actions-deploy-aur#51</a>.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/KSXGitHub/github-actions-deploy-aur/commit/da03e160361ce01bf087e790b6ffd196d7dccff7"><code>da03e16</code></a> fix: <code>bash: --command: invalid option</code> (<a href="https://redirect.github.com/ksxgithub/github-actions-deploy-aur/issues/51">#51</a>)</li> <li><a href="https://github.com/KSXGitHub/github-actions-deploy-aur/commit/3b403c740ae5e446b747b45451ec68665428dab1"><code>3b403c7</code></a> docs(readme): use the GitHub's note syntax</li> <li><a href="https://github.com/KSXGitHub/github-actions-deploy-aur/commit/e17cd797381bddd766236d808302398b090398d2"><code>e17cd79</code></a> docs(readme): remove patreon</li> <li>See full diff in <a href="https://github.com/ksxgithub/github-actions-deploy-aur/compare/v4.1.2...v4.1.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
67fc5c70b9 |
build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (#6343)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.2 to 4.35.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v4.35.3</h2> <ul> <li><em>Upcoming breaking change</em>: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li> <li>Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. <a href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li> <li>Best-effort connection tests for private registries now use <code>GET</code> requests instead of <code>HEAD</code> for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. <a href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li> <li>Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. <a href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>4.35.4 - 07 May 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li> </ul> <h2>4.35.3 - 01 May 2026</h2> <ul> <li><em>Upcoming breaking change</em>: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li> <li>Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. <a href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li> <li>Best-effort connection tests for private registries now use <code>GET</code> requests instead of <code>HEAD</code> for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. <a href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li> <li>Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. <a href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li> </ul> <h2>4.35.2 - 15 Apr 2026</h2> <ul> <li>The undocumented TRAP cache cleanup feature that could be enabled using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the <code>trap-caching: false</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li> <li>The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. <a href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li> <li>Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. <a href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li> <li>Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a href="https://redirect.github.com/github/codeql-action/pull/3807">#3807</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2">2.25.2</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3823">#3823</a></li> </ul> <h2>4.35.1 - 27 Mar 2026</h2> <ul> <li>Fix incorrect minimum required Git version for <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a>: it should have been 2.36.0, not 2.11.0. <a href="https://redirect.github.com/github/codeql-action/pull/3781">#3781</a></li> </ul> <h2>4.35.0 - 27 Mar 2026</h2> <ul> <li>Reduced the minimum Git version required for <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> from 2.38.0 to 2.11.0. <a href="https://redirect.github.com/github/codeql-action/pull/3767">#3767</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1">2.25.1</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3773">#3773</a></li> </ul> <h2>4.34.1 - 20 Mar 2026</h2> <ul> <li>Downgrade default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a> due to issues with a small percentage of Actions and JavaScript analyses. <a href="https://redirect.github.com/github/codeql-action/pull/3762">#3762</a></li> </ul> <h2>4.34.0 - 20 Mar 2026</h2> <ul> <li>Added an experimental change which disables TRAP caching when <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. <a href="https://redirect.github.com/github/codeql-action/pull/3569">#3569</a></li> <li>We are rolling out improved incremental analysis to C/C++ analyses that use build mode <code>none</code>. We expect this rollout to be complete by the end of April 2026. <a href="https://redirect.github.com/github/codeql-action/pull/3584">#3584</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0">2.25.0</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3585">#3585</a></li> </ul> <h2>4.33.0 - 16 Mar 2026</h2> <ul> <li>Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. <a href="https://redirect.github.com/github/codeql-action/pull/3562">#3562</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/e46ed2cbd01164d986452f91f178727624ae40d7"><code>e46ed2c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3867">#3867</a> from github/update-v4.35.3-8c6e48dbe</li> <li><a href="https://github.com/github/codeql-action/commit/b73d1d163446ca5e62b96698027210ab41df6a4a"><code>b73d1d1</code></a> Add changelog entry for <a href="https://redirect.github.com/github/codeql-action/issues/3853">#3853</a></li> <li><a href="https://github.com/github/codeql-action/commit/24e0bb00a931e2a5edb703ce3b22a70f3a3e800b"><code>24e0bb0</code></a> Reorder changelog entries</li> <li><a href="https://github.com/github/codeql-action/commit/ec298daba71cf7592feacbd1c0887cddc0659f62"><code>ec298da</code></a> Update changelog for v4.35.3</li> <li><a href="https://github.com/github/codeql-action/commit/8c6e48dbe051ceb3015c19554831af1b43275f46"><code>8c6e48d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3865">#3865</a> from github/update-bundle/codeql-bundle-v2.25.3</li> <li><a href="https://github.com/github/codeql-action/commit/719098349ea5beae8aa364bf9b71ff1c8d937df2"><code>7190983</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/2bb209555a024d051f6271c8a846b402497f9445"><code>2bb2095</code></a> Update default bundle to codeql-bundle-v2.25.3</li> <li><a href="https://github.com/github/codeql-action/commit/7851e55dc3be31ec4bcc3ef98453de2cb306e698"><code>7851e55</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3850">#3850</a> from github/mbg/private-registry/cloudsmith-gcp</li> <li><a href="https://github.com/github/codeql-action/commit/262a15f6cf4c7a43d6a38ad76392e5e2d4977751"><code>262a15f</code></a> Add generic non-printable chars test for OIDC configs</li> <li><a href="https://github.com/github/codeql-action/commit/a6109b1c07173a53ece3d179a925ff9644d1fabd"><code>a6109b1</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3853">#3853</a> from github/mbg/start-proxy/improved-checks</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/95e58e9a2cdfd71adc6e0353d5c52f41a045d225...e46ed2cbd01164d986452f91f178727624ae40d7">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1e6514a471 |
build(deps): bump org.projectlombok:lombok from 1.18.44 to 1.18.46 (#6342)
Bumps [org.projectlombok:lombok](https://github.com/projectlombok/lombok) from 1.18.44 to 1.18.46. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown">org.projectlombok:lombok's changelog</a>.</em></p> <blockquote> <h3>v1.18.46 (April 22nd, 2026)</h3> <ul> <li>PLATFORM: JDK26 support added <a href="https://redirect.github.com/projectlombok/lombok/issues/4019">#4019</a>.</li> <li>PLATFORM: Spring Tools Suite 5 supported <a href="https://redirect.github.com/projectlombok/lombok/issues/3985">#3985</a>.</li> <li>BUGFIX: <code>@Jacksonized</code> no longer stops generating <code>@JsonProperty</code> once an explicit <code>@JsonIgnore</code> annotations is encountered <a href="https://redirect.github.com/projectlombok/lombok/issues/4022">#4022</a>.</li> <li>BUGFIX: In eclipse, mixing <code>@Jacksonized</code> and <code>fluent = true</code> no longer causes the error <code>com.fasterxml.jackson.annotation.JsonProperty is not a repeatable annotation interface</code>. <a href="https://redirect.github.com/projectlombok/lombok/issues/3934">#3934</a>.</li> <li>BUGFIX: Some finishing touches for v1.18.44's support of Jackson3 <a href="https://redirect.github.com/projectlombok/lombok/issues/4004">#4004</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/projectlombok/lombok/commit/936ca59baf844fd6c0ad641974295498785d8091"><code>936ca59</code></a> [build] lombok's launcher is still intended to be 1.4 compatible, or at least...</li> <li><a href="https://github.com/projectlombok/lombok/commit/fcdab3f29e1b48c8f4b33ef9231ec2587a43d122"><code>fcdab3f</code></a> [version] pre-release version bump</li> <li><a href="https://github.com/projectlombok/lombok/commit/1cb7d49c5d2dc98af7a66413d8119dec285d0666"><code>1cb7d49</code></a> [changelog]<a href="https://redirect.github.com/projectlombok/lombok/issues/4004">#4004</a> Mention Jackson3 final touches in changelog.</li> <li><a href="https://github.com/projectlombok/lombok/commit/12a15b00555ec8097eca2bf7d77c2c2124e13e0e"><code>12a15b0</code></a> Fix: Bump EA_JDK to 27 (25 and 26 have been released)</li> <li><a href="https://github.com/projectlombok/lombok/commit/2be766cfc2ef56f2d986f28f734c98535d611aee"><code>2be766c</code></a> Merge branch 'jackson3-final-touches'</li> <li><a href="https://github.com/projectlombok/lombok/commit/290fa4c8539c7e97b47f7e80033e078127050eb5"><code>290fa4c</code></a> [trivial] constantize the warning we spit out for ambiguous jackson2/3, and m...</li> <li><a href="https://github.com/projectlombok/lombok/commit/e6567b6621f86b43033ab4a75e0273780e18e998"><code>e6567b6</code></a> test: Add Jackson 3 test cases and version ambiguity warnings</li> <li><a href="https://github.com/projectlombok/lombok/commit/45e72e241abe98dcfb66408402da825dd2b8e925"><code>45e72e2</code></a> feat: Add Jackson 3 databind/dataformat annotations to HandlerUtil copy lists</li> <li><a href="https://github.com/projectlombok/lombok/commit/184d42363d86446a63b6270ac1eb352dc43ae76c"><code>184d423</code></a> feat: Add Jackson 3 support to <a href="https://github.com/Jacksonized"><code>@Jacksonized</code></a> handlers</li> <li><a href="https://github.com/projectlombok/lombok/commit/e027ad0f1515bd33d4d329d90e59dccbaf44651e"><code>e027ad0</code></a> refactored to ShadowClassLoader use Collections::enumeration instead of Vector</li> <li>Additional commits viewable in <a href="https://github.com/projectlombok/lombok/compare/v1.18.44...v1.18.46">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
c4874deb5d |
build(deps): bump step-security/harden-runner from 2.19.0 to 2.19.1 (#6341)
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.19.0 to 2.19.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.19.1</h2> <h2>What's Changed</h2> <ul> <li>fix: detect ubuntu-slim runners early and bail out by <a href="https://github.com/devantler"><code>@devantler</code></a> in <a href="https://redirect.github.com/step-security/harden-runner/pull/657">step-security/harden-runner#657</a></li> </ul> <p>What the fix changes</p> <ul> <li>Harden-Runner will detect <code>ubuntu-slim</code> runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.</li> </ul> <p>What the fix does not do</p> <ul> <li>Jobs running on <code>ubuntu-slim</code> will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).</li> <li>Per GitHub's docs on <a href="https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners">single-CPU runners</a>: "The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported." Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.</li> </ul> <p>For StepSecurity enterprise customers If your security posture requires that workflows are always monitored, you can block the use of <code>ubuntu-slim</code> via workflow run policies see the <a href="https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy">Runner Label Policy</a> docs. This lets you enforce that jobs only run on monitored runner types.</p> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/devantler"><code>@devantler</code></a> made their first contribution in <a href="https://redirect.github.com/step-security/harden-runner/pull/657">step-security/harden-runner#657</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1">https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450"><code>a5ad31d</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/657">#657</a> from devantler/fix/ubuntu-slim-user-env</li> <li><a href="https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c"><code>6e92856</code></a> build dist and trim ubuntu-slim message</li> <li><a href="https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209"><code>4e0504e</code></a> Merge branch 'main' into fix/ubuntu-slim-user-env</li> <li><a href="https://github.com/step-security/harden-runner/commit/376d25a97f3a1640ff8cbbddaa4af25948df2cf3"><code>376d25a</code></a> fix: detect ubuntu-slim runners early and bail out</li> <li>See full diff in <a href="https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...a5ad31d6a139d249332a2605b85202e8c0b78450">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1a63aa045e |
build(deps): bump the tauri group across 1 directory with 7 updates (#6305)
Bumps the tauri group with 5 updates in the /frontend/src-tauri directory: | Package | From | To | | --- | --- | --- | | [tauri](https://github.com/tauri-apps/tauri) | `2.10.2` | `2.10.3` | | [tauri-plugin-fs](https://github.com/tauri-apps/plugins-workspace) | `2.4.5` | `2.5.0` | | [tauri-plugin-dialog](https://github.com/tauri-apps/plugins-workspace) | `2.6.0` | `2.7.0` | | [tauri-plugin-http](https://github.com/tauri-apps/plugins-workspace) | `2.5.7` | `2.5.8` | | [tauri-plugin-single-instance](https://github.com/tauri-apps/plugins-workspace) | `2.4.0` | `2.4.1` | Updates `tauri` from 2.10.2 to 2.10.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases">tauri's releases</a>.</em></p> <blockquote> <h2>tauri v2.10.3</h2> <!-- raw HTML omitted --> <pre><code>Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 941 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (1052 crate dependencies) Crate: atk Version: 0.18.2 Warning: unmaintained Title: gtk-rs GTK3 bindings - no longer maintained Date: 2024-03-04 ID: RUSTSEC-2024-0413 URL: https://rustsec.org/advisories/RUSTSEC-2024-0413 Dependency tree: atk 0.18.2 └── gtk 0.18.2 ├── wry 0.54.0 │ └── tauri-runtime-wry 2.10.1 │ └── tauri 2.10.3 │ ├── tauri-utils 2.8.3 │ │ ├── tauri-schema-generator 0.0.0 │ │ ├── tauri-runtime-wry 2.10.1 │ │ ├── tauri-runtime 2.10.1 │ │ │ ├── tauri-runtime-wry 2.10.1 │ │ │ └── tauri 2.10.3 │ │ ├── tauri-plugin 2.5.4 │ │ │ ├── tauri-plugin-sample 0.1.0 │ │ │ │ └── api 0.1.0 │ │ │ └── tauri-plugin-log 2.6.0 │ │ │ └── api 0.1.0 │ │ ├── tauri-macros 2.5.5 │ │ │ └── tauri 2.10.3 │ │ ├── tauri-codegen 2.5.5 │ │ │ ├── tauri-macros 2.5.5 │ │ │ └── tauri-build 2.5.6 │ │ │ ├── tauri-file-associations-demo 0.1.0 │ │ │ ├── tauri 2.10.3 │ │ │ ├── resources 0.1.0 │ │ │ ├── bench_helloworld 0.1.0 │ │ │ ├── bench_files_transfer 0.1.0 │ │ │ ├── bench_cpu_intensive 0.1.0 │ │ │ └── api 0.1.0 │ │ ├── tauri-cli 2.10.1 │ │ │ └── tauri-cli-node 0.0.0 │ │ ├── tauri-bundler 2.8.1 │ │ │ └── tauri-cli 2.10.1 │ │ ├── tauri-build 2.5.6 </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tauri-apps/tauri/commit/9b17a7aeae9a83222ffe829aa4e2d8a5ba6bed8c"><code>9b17a7a</code></a> fix(ci): bump rustsec/audit-check to v2 and ignore time audit (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15030">#15030</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/d86827980d45826bb30749a3dbc11c9326ed8bd9"><code>d868279</code></a> apply version updates (<a href="https://redirect.github.com/tauri-apps/tauri/issues/14897">#14897</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/3a65cc6885ea61e35dc5be23b229043ab6e92372"><code>3a65cc6</code></a> fix(test): disable <code>resolve_resource_dir</code> on Android (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15026">#15026</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/52cf195b78e0b78f02d8aae997116c620355b095"><code>52cf195</code></a> refactor(cli): reduce some nesting code (<a href="https://redirect.github.com/tauri-apps/tauri/issues/14844">#14844</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/c3cbff3f7430161715f80f82128b345a6f7140c9"><code>c3cbff3</code></a> fix: resource path handles <code>./</code> path differently (<a href="https://redirect.github.com/tauri-apps/tauri/issues/14662">#14662</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/33754ae5e3740d022483b6164511c5c001a3c24b"><code>33754ae</code></a> fix(cli): unusable empty password private keys (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15022">#15022</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/3935dee121e1dcb4f377c9933233c0ace186b0bb"><code>3935dee</code></a> Add AI tool policy to contributing guide (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15002">#15002</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/33932a72b27c970dde242da5241f7a340277507d"><code>33932a7</code></a> chore(deps-dev): bump svelte from 5.51.5 to 5.53.5 (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15015">#15015</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/7d3c7593a9d41ac1cc7f72e959263f22d32bc61d"><code>7d3c759</code></a> chore(deps): update dependency rollup to v4.59.0 (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15001">#15001</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/f20256bca542dfd6ba4b5e2741a6a9439cc57be8"><code>f20256b</code></a> chore: fix clippy warnings (<a href="https://redirect.github.com/tauri-apps/tauri/issues/14999">#14999</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tauri-apps/tauri/compare/tauri-v2.10.2...tauri-v2.10.3">compare view</a></li> </ul> </details> <br /> Updates `tauri-plugin-fs` from 2.4.5 to 2.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-fs's releases</a>.</em></p> <blockquote> <h2>dialog-js v2.5.0</h2> <h2>[2.5.0]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/dff6fa986a9a05ba98b6ca660fea78ae97251fc2"><code>dff6fa98</code></a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/3034">#3034</a> by <a href="https://github.com/tauri-apps/plugins-workspace/../../onehumandev"><code>@onehumandev</code></a>) Add <code>pickerMode</code> option to file picker (currently only used on iOS)</li> </ul> <h3>Dependencies</h3> <ul> <li>Upgraded to <code>[email protected]</code></li> </ul> <h3>feat</h3> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/c23fa03f07d5c1c220bcf0bca482364513e3f754"><code>c23fa03f</code></a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/3098">#3098</a> by <a href="https://github.com/tauri-apps/plugins-workspace/../../Lepidopteran"><code>@Lepidopteran</code></a>) Add <code>xdg-portal</code> as an optional feature for <code>rfd</code></li> </ul> <!-- raw HTML omitted --> <pre><code>npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. npm warn publish npm auto-corrected some errors in your package.json when publishing. Please run "npm pkg fix" to address these errors. npm warn publish errors corrected: npm warn publish "repository" was changed from a string to an object npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git" npm notice npm notice 📦 @tauri-apps/[email protected] npm notice Tarball Contents npm notice 888B LICENSE.spdx npm notice 3.5kB README.md npm notice 6.4kB dist-js/index.cjs npm notice 12.2kB dist-js/index.d.ts npm notice 6.3kB dist-js/index.js npm notice 11B dist-js/init.d.ts npm notice 656B package.json npm notice Tarball Details npm notice name: @tauri-apps/plugin-dialog npm notice version: 2.5.0 npm notice filename: tauri-apps-plugin-dialog-2.5.0.tgz npm notice package size: 5.8 kB npm notice unpacked size: 30.0 kB npm notice shasum: 52057077b52cc51643ac9829d48c2c590e5e1a54 npm notice integrity: sha512-I0R0ygwRd9AN8[...]lxPHD5vDcFjiA== npm notice total files: 7 npm notice npm notice Security Notice: Classic tokens have been revoked. Granular tokens are now limited to 90 days and require 2FA by default. Update your CI/CD workflows to avoid disruption. Learn more https://gh.io/all-npm-classic-tokens-revoked npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access npm notice publish Signed provenance statement with source and build information from GitHub Actions npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=804721691 + @tauri-apps/[email protected] </code></pre> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/d6a3898001a4bcc659e045f9501498751b77dbe6"><code>d6a3898</code></a> Publish New Versions (v2) (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3268">#3268</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/2e5bcdf202f98ec0fb0481725dd32f0626c766c8"><code>2e5bcdf</code></a> chore(deps): fix audits (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3373">#3373</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/4374b4fc1a9a7c0506034d86707fd3288d347f9b"><code>4374b4f</code></a> chore(notification): remove unused dev-deps (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3372">#3372</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/f75d21db3351d6f12adf585c2c797c20ece94f7f"><code>f75d21d</code></a> chore(deps): remove used of tauri-utils build feature (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3360">#3360</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/4b95f5e079593d5b2b98220c332f420dc70d18d1"><code>4b95f5e</code></a> chore(deps): update dependency eslint to v10.1.0 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3357">#3357</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/99c3e37b54c115e8712f67c2b53ed1f2f0b4aae6"><code>99c3e37</code></a> chore(deps): bump tar in /plugins/updater/tests/updater-migration/v1-app (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3352">#3352</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/eaac19a5b7e325a06d4c1c6d740e38d86c55cd89"><code>eaac19a</code></a> chore(deps): update rust crate tar to v0.4.45 [security] (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3353">#3353</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/5183e314cbabc179228e232992ad67025f30272d"><code>5183e31</code></a> chore(deps): update dependency typescript-eslint to v8.57.1 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3344">#3344</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/2c0883e64e9a53ea18102ed350cd5e65ba7c8f4b"><code>2c0883e</code></a> chore(deps): update dependency vite to v8 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3346">#3346</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/024ec0c29c20cf94579dab9b79d6be0da61a8daa"><code>024ec0c</code></a> fix(deep-link): ChromeOS deep link calls filtered and ignored by plugin (fix ...</li> <li>Additional commits viewable in <a href="https://github.com/tauri-apps/plugins-workspace/compare/fs-v2.4.5...fs-v2.5.0">compare view</a></li> </ul> </details> <br /> Updates `tauri-plugin-dialog` from 2.6.0 to 2.7.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-dialog's releases</a>.</em></p> <blockquote> <h2>dialog-js v2.7.0</h2> <h2>[2.7.0]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/24154472a6710a690173df0a121125d1f1b871e8"><code>24154472</code></a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/3287">#3287</a> by <a href="https://github.com/tauri-apps/plugins-workspace/../../Legend-Master"><code>@Legend-Master</code></a>) Re-use <code>message</code> command in Rust side for <code>ask</code> and <code>confirm</code> commands, <code>allow-ask</code> and <code>allow-confirm</code> permissions are now aliases to <code>allow-message</code></li> </ul> <h3>Dependencies</h3> <ul> <li>Upgraded to <code>[email protected]</code></li> </ul> <!-- raw HTML omitted --> <pre><code>npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options. npm warn publish npm auto-corrected some errors in your package.json when publishing. Please run "npm pkg fix" to address these errors. npm warn publish errors corrected: npm warn publish "repository" was changed from a string to an object npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git" npm notice npm notice 📦 @tauri-apps/[email protected] npm notice Tarball Contents npm notice 888B LICENSE.spdx npm notice 3.5kB README.md npm notice 6.9kB dist-js/index.cjs npm notice 14.6kB dist-js/index.d.ts npm notice 6.8kB dist-js/index.js npm notice 11B dist-js/init.d.ts npm notice 657B package.json npm notice Tarball Details npm notice name: @tauri-apps/plugin-dialog npm notice version: 2.7.0 npm notice filename: tauri-apps-plugin-dialog-2.7.0.tgz npm notice package size: 6.7 kB npm notice unpacked size: 33.3 kB npm notice shasum: b510ecd42d9900725eaf51f42ec98523c40d29b4 npm notice integrity: sha512-4nS/hfGMGCXiA[...]RtrKXkANKDHvw== npm notice total files: 7 npm notice npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access npm notice publish Signed provenance statement with source and build information from GitHub Actions npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=1235993203 + @tauri-apps/[email protected] </code></pre> <!-- raw HTML omitted --> <h2>dialog v2.7.0</h2> <h2>[2.7.0]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/24154472a6710a690173df0a121125d1f1b871e8"><code>24154472</code></a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/3287">#3287</a> by <a href="https://github.com/tauri-apps/plugins-workspace/../../Legend-Master"><code>@Legend-Master</code></a>) Re-use <code>message</code> command in Rust side for <code>ask</code> and <code>confirm</code> commands, <code>allow-ask</code> and <code>allow-confirm</code> permissions are now aliases to <code>allow-message</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/51b430be986ed98635c02ba504f6f30a35771c01"><code>51b430b</code></a> ci: delete .changes/updater-new-bundle-support.md</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/fd439b143e265fc3ab4de435d6d4b641cffc66f1"><code>fd439b1</code></a> Publish New Versions (v2) (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2964">#2964</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/2522b71f6bcae65c03b24415eb9295c9e7c84ffc"><code>2522b71</code></a> fix(deep-link): revert the breaking change introduced by <a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2928">#2928</a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2970">#2970</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/9021a732474322073769c1b21f6eee2e4b0dd15e"><code>9021a73</code></a> chore(deps): update dependency rollup to v4.50.0 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2966">#2966</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/625bb1c0965394b88522643731f78ccbcca84add"><code>625bb1c</code></a> feat(log): re-export the log crate (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2965">#2965</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/6215afe0239f815740a2c28150614ca4fef0b486"><code>6215afe</code></a> chore(deps): update dependency rollup to v4.49.0 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2962">#2962</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/8cf8eeab02efddd4e44e3bba92b33902a8c00956"><code>8cf8eea</code></a> feat(updater): inject bundle_type into endpoint url (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2960">#2960</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/509eba8d441c4f6ecf0af77b572cb2afd69a752d"><code>509eba8</code></a> feat: support message dialogs with 3 buttons (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2641">#2641</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/9ac5fe84e704ef20c437456cb1017b54b101b333"><code>9ac5fe8</code></a> feat(updater): support bundle-specific targets (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2624">#2624</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/c24741031993894929a9ed00972ff9f6cd9540be"><code>c247410</code></a> chore(deps): update dependency typescript-eslint to v8.41.0 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2956">#2956</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tauri-apps/plugins-workspace/compare/log-v2.6.0...log-v2.7.0">compare view</a></li> </ul> </details> <br /> Updates `tauri-plugin-http` from 2.5.7 to 2.5.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-http's releases</a>.</em></p> <blockquote> <h2>http-js v2.5.8</h2> <h2>[2.5.8]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/29712892526cfc2d35c9002e0a56925084ae1b73"><code>29712892</code></a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/3252">#3252</a> by <a href="https://github.com/tauri-apps/plugins-workspace/../../NVolcz"><code>@NVolcz</code></a>) Correct Response header initialization to support cloning and ensure Set-Cookie visibility.</li> </ul> <h3>Dependencies</h3> <ul> <li>Upgraded to <code>[email protected]</code></li> </ul> <!-- raw HTML omitted --> <pre><code>npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options. npm warn publish npm auto-corrected some errors in your package.json when publishing. Please run "npm pkg fix" to address these errors. npm warn publish errors corrected: npm warn publish "repository" was changed from a string to an object npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git" npm notice npm notice 📦 @tauri-apps/[email protected] npm notice Tarball Contents npm notice 888B LICENSE.spdx npm notice 2.6kB README.md npm notice 7.1kB dist-js/index.cjs npm notice 2.4kB dist-js/index.d.ts npm notice 7.0kB dist-js/index.js npm notice 655B package.json npm notice Tarball Details npm notice name: @tauri-apps/plugin-http npm notice version: 2.5.8 npm notice filename: tauri-apps-plugin-http-2.5.8.tgz npm notice package size: 5.1 kB npm notice unpacked size: 20.5 kB npm notice shasum: a6e638fd0d1b17563ef0c53745373c0b1eb50260 npm notice integrity: sha512-oxd7oypzQeu8k[...]hKUbhuKWcunRw== npm notice total files: 6 npm notice npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access npm notice publish Signed provenance statement with source and build information from GitHub Actions npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=1235993387 + @tauri-apps/[email protected] </code></pre> <!-- raw HTML omitted --> <h2>http v2.5.8</h2> <h2>[2.5.8]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/29712892526cfc2d35c9002e0a56925084ae1b73"><code>29712892</code></a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/3252">#3252</a> by <a href="https://github.com/tauri-apps/plugins-workspace/../../NVolcz"><code>@NVolcz</code></a>) Correct Response header initialization to support cloning and ensure Set-Cookie visibility.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/d6a3898001a4bcc659e045f9501498751b77dbe6"><code>d6a3898</code></a> Publish New Versions (v2) (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3268">#3268</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/2e5bcdf202f98ec0fb0481725dd32f0626c766c8"><code>2e5bcdf</code></a> chore(deps): fix audits (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3373">#3373</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/4374b4fc1a9a7c0506034d86707fd3288d347f9b"><code>4374b4f</code></a> chore(notification): remove unused dev-deps (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3372">#3372</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/f75d21db3351d6f12adf585c2c797c20ece94f7f"><code>f75d21d</code></a> chore(deps): remove used of tauri-utils build feature (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3360">#3360</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/4b95f5e079593d5b2b98220c332f420dc70d18d1"><code>4b95f5e</code></a> chore(deps): update dependency eslint to v10.1.0 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3357">#3357</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/99c3e37b54c115e8712f67c2b53ed1f2f0b4aae6"><code>99c3e37</code></a> chore(deps): bump tar in /plugins/updater/tests/updater-migration/v1-app (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3352">#3352</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/eaac19a5b7e325a06d4c1c6d740e38d86c55cd89"><code>eaac19a</code></a> chore(deps): update rust crate tar to v0.4.45 [security] (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3353">#3353</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/5183e314cbabc179228e232992ad67025f30272d"><code>5183e31</code></a> chore(deps): update dependency typescript-eslint to v8.57.1 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3344">#3344</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/2c0883e64e9a53ea18102ed350cd5e65ba7c8f4b"><code>2c0883e</code></a> chore(deps): update dependency vite to v8 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3346">#3346</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/024ec0c29c20cf94579dab9b79d6be0da61a8daa"><code>024ec0c</code></a> fix(deep-link): ChromeOS deep link calls filtered and ignored by plugin (fix ...</li> <li>Additional commits viewable in <a href="https://github.com/tauri-apps/plugins-workspace/compare/http-v2.5.7...http-v2.5.8">compare view</a></li> </ul> </details> <br /> Updates `tauri-plugin-single-instance` from 2.4.0 to 2.4.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-single-instance's releases</a>.</em></p> <blockquote> <h2>store-js v2.4.1</h2> <h2>[2.4.1]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/93426f85120f49beb9f40222bff45185a32d54a9"><code>93426f85</code></a> Fixed an issue that caused docs.rs builds to fail. No user facing changes.</li> </ul> <!-- raw HTML omitted --> <pre><code>npm warn publish npm auto-corrected some errors in your package.json when publishing. Please run "npm pkg fix" to address these errors. npm warn publish errors corrected: npm warn publish "repository" was changed from a string to an object npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git" npm notice npm notice 📦 @tauri-apps/[email protected] npm notice Tarball Contents npm notice 888B LICENSE.spdx npm notice 4.4kB README.md npm notice 6.6kB dist-js/index.cjs npm notice 8.5kB dist-js/index.d.ts npm notice 6.4kB dist-js/index.js npm notice 711B package.json npm notice Tarball Details npm notice name: @tauri-apps/plugin-store npm notice version: 2.4.1 npm notice filename: tauri-apps-plugin-store-2.4.1.tgz npm notice package size: 5.5 kB npm notice unpacked size: 27.5 kB npm notice shasum: 5e2d3362e41861d2fa79a3f1a78c091e12963236 npm notice integrity: sha512-ckGSEzZ5Ii4Hf[...]ugpGRDOFOunkA== npm notice total files: 6 npm notice npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access npm notice publish Signed provenance statement with source and build information from GitHub Actions npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=644610830 + @tauri-apps/[email protected] </code></pre> <!-- raw HTML omitted --> <h2>store v2.4.1</h2> <h2>[2.4.1]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/93426f85120f49beb9f40222bff45185a32d54a9"><code>93426f85</code></a> Fixed an issue that caused docs.rs builds to fail. No user facing changes.</li> </ul> <!-- raw HTML omitted --> <pre><code>Updating crates.io index </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/d66aa6ff78cbbeaef1542a1fa930c33399578a25"><code>d66aa6f</code></a> publish new versions (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2822">#2822</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/6f345870df4e7b187deb869df03b79858e03b4fe"><code>6f34587</code></a> fix(single-instance): disable dbus name replacement (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2860">#2860</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/708fa4e2b77e847ce554115e80f7eb685f4a322e"><code>708fa4e</code></a> chore(deps): update dependency eslint-config-prettier to v10.1.8 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2858">#2858</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/b7292030594daa04e78979214478031241b6e38e"><code>b729203</code></a> fix(upload): fix download() locks main thread on Android (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2838">#2838</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/2f9c71aae77cddd4ca2ffe9d13e9e1f23ee4f478"><code>2f9c71a</code></a> chore(deps): update dependency rollup to v4.45.1 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2850">#2850</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/80d4d8e128922b022e76049189a657b71ce95a97"><code>80d4d8e</code></a> chore(deps): update eslint monorepo to v9.31.0 (v2) (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2839">#2839</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/e7a98b0d2e60463ff86a0f031ce3c84c83a21274"><code>e7a98b0</code></a> chore(deps): update dependency typescript-eslint to v8.37.0 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2848">#2848</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/44a1f659125a341191420e650608b0b6ff316a0e"><code>44a1f65</code></a> fix(fs): <code>writeFile</code> create file by default (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2846">#2846</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/6210cd31df00bb3c55642013c74dc1da81fa00f9"><code>6210cd3</code></a> chore(deps): update dependency rollup to v4.45.0 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2841">#2841</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/467f07b7de4103a653e40fec8badb6f24abcef39"><code>467f07b</code></a> chore(deps): update dependency vite to v7 (v2) (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/2800">#2800</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tauri-apps/plugins-workspace/compare/fs-v2.4.0...fs-v2.4.1">compare view</a></li> </ul> </details> <br /> Updates `tauri-plugin-deep-link` from 2.4.7 to 2.4.9 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/plugins-workspace/releases">tauri-plugin-deep-link's releases</a>.</em></p> <blockquote> <h2>deep-link-js v2.4.9</h2> <h2>[2.4.9]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/e6cdc9f52e2cd975b11b8e4c12879d597f1f76c3"><code>e6cdc9f5</code></a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/3396">#3396</a> by <a href="https://github.com/tauri-apps/plugins-workspace/../../Legend-Master"><code>@Legend-Master</code></a>) Fix broken iOS custom URL schemes</li> </ul> <!-- raw HTML omitted --> <pre><code>npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options. npm warn publish npm auto-corrected some errors in your package.json when publishing. Please run "npm pkg fix" to address these errors. npm warn publish errors corrected: npm warn publish "repository" was changed from a string to an object npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git" npm notice npm notice 📦 @tauri-apps/[email protected] npm notice Tarball Contents npm notice 888B LICENSE.spdx npm notice 6.2kB README.md npm notice 3.5kB dist-js/index.cjs npm notice 2.9kB dist-js/index.d.ts npm notice 3.4kB dist-js/index.js npm notice 801B package.json npm notice Tarball Details npm notice name: @tauri-apps/plugin-deep-link npm notice version: 2.4.9 npm notice filename: tauri-apps-plugin-deep-link-2.4.9.tgz npm notice package size: 4.4 kB npm notice unpacked size: 17.7 kB npm notice shasum: ae56d59130380f806b533b3107c3f16654e66a8d npm notice integrity: sha512-u0SKOUHnJ1wqe[...]hIvqLBRpgHJlA== npm notice total files: 6 npm notice npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access npm notice publish Signed provenance statement with source and build information from GitHub Actions npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=1429011657 + @tauri-apps/[email protected] </code></pre> <!-- raw HTML omitted --> <h2>deep-link v2.4.9</h2> <h2>[2.4.9]</h2> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/e6cdc9f52e2cd975b11b8e4c12879d597f1f76c3"><code>e6cdc9f5</code></a> (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/pull/3396">#3396</a> by <a href="https://github.com/tauri-apps/plugins-workspace/../../Legend-Master"><code>@Legend-Master</code></a>) Fix broken iOS custom URL schemes</li> </ul> <!-- raw HTML omitted --> <pre><code></tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/5c7668b6bb7c9a509f394d584568b3a922161e50"><code>5c7668b</code></a> publish new versions (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3397">#3397</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/ec0540138bece081e9a87982091947360e61987a"><code>ec05401</code></a> chore(deps): update rust crate toml to v1 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3323">#3323</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/b86e999beb9fb48ef54adf3d0af631f94c06a5d0"><code>b86e999</code></a> chore(deps): update tauri packages to 2.11 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3407">#3407</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/c463d8ab1422a4cf44f627a7b4e6ba9d3553f334"><code>c463d8a</code></a> chore(deps): update rustls-webpki in lockfile, ignore core2 in audit (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3405">#3405</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/1bb7beb3076a8bf76b084223d0e4225bb2e53bc9"><code>1bb7beb</code></a> chore(deps): bump openssl (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3402">#3402</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/3412fa2741b3b6e7a251e3548a43b21f2c26c635"><code>3412fa2</code></a> docs(readme): fix platform support matrix (opener supports mobile)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/af81fdac9881d4ed52fbc18b9511bf10f7540ebb"><code>af81fda</code></a> docs(readme): fix platform support matrix (mobile is supported)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/c1fd33b3a2735f2e25c1d026dc524af932db3315"><code>c1fd33b</code></a> fix(opener): allow open network share locations (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3343">#3343</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/250857b7b72cd59825a14caa046160dc2ba1bb12"><code>250857b</code></a> chore(deps): update dependency typescript to v6 (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3363">#3363</a>)</li> <li><a href="https://github.com/tauri-apps/plugins-workspace/commit/964e13f124ad1feeb93c10168b265dc4936f738c"><code>964e13f</code></a> fix(store): dead lock trying to set while exiting (<a href="https://redirect.github.com/tauri-apps/plugins-workspace/issues/3395">#3395</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tauri-apps/plugins-workspace/compare/deep-link-v2.4.7...deep-link-v2.4.9">compare view</a></li> </ul> </details> <br /> Updates `tauri-build` from 2.5.5 to 2.6.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases">tauri-build's releases</a>.</em></p> <blockquote> <h2>tauri-build v2.6.0</h2> <!-- raw HTML omitted --> <pre><code>Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 1060 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (1086 crate dependencies) Crate: atk Version: 0.18.2 Warning: unmaintained Title: gtk-rs GTK3 bindings - no longer maintained Date: 2024-03-04 ID: RUSTSEC-2024-0413 URL: https://rustsec.org/advisories/RUSTSEC-2024-0413 Dependency tree: atk 0.18.2 └── gtk 0.18.2 ├── wry 0.55.0 │ └── tauri-runtime-wry 2.11.0 │ └── tauri 2.11.0 │ ├── tauri-utils 2.9.0 │ │ ├── tauri-schema-generator 0.0.0 │ │ ├── tauri-runtime-wry 2.11.0 │ │ ├── tauri-runtime 2.11.0 │ │ │ ├── tauri-runtime-wry 2.11.0 │ │ │ └── tauri 2.11.0 │ │ ├── tauri-plugin 2.6.0 │ │ │ ├── tauri-plugin-sample 0.1.0 │ │ │ │ └── api 0.1.0 │ │ │ └── tauri-plugin-log 2.6.0 │ │ │ └── api 0.1.0 │ │ ├── tauri-macros 2.6.0 │ │ │ └── tauri 2.11.0 │ │ ├── tauri-codegen 2.6.0 │ │ │ ├── tauri-macros 2.6.0 │ │ │ └── tauri-build 2.6.0 │ │ │ ├── tauri-file-associations-demo 0.1.0 │ │ │ ├── tauri 2.11.0 │ │ │ ├── resources 0.1.0 │ │ │ ├── bench_helloworld 0.1.0 │ │ │ ├── bench_files_transfer 0.1.0 │ │ │ ├── bench_cpu_intensive 0.1.0 │ │ │ └── api 0.1.0 │ │ ├── tauri-cli 2.11.0 │ │ │ └── tauri-cli-node 0.0.0 │ │ ├── tauri-bundler 2.9.0 │ │ │ └── tauri-cli 2.11.0 │ │ ├── tauri-build 2.6.0 </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tauri-apps/tauri/commit/e60834fc67d87c10e2f44b2568052295cb61c325"><code>e60834f</code></a> Apply Version Updates From Current Changes (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15041">#15041</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/df05c00563a91fc936bd15c6b10dd2825472f96b"><code>df05c00</code></a> chore: minor bump for codegen crate</li> <li><a href="https://github.com/tauri-apps/tauri/commit/13bea1777fed60c75e37fe67d7ded5dde0b2997d"><code>13bea17</code></a> chore: fmt</li> <li><a href="https://github.com/tauri-apps/tauri/commit/9808236ebf7755d498d674b614f3fc75eeac1ec4"><code>9808236</code></a> fix(macOS): correct value for work_area.position.y (<a href="https://redirect.github.com/tauri-apps/tauri/issues/14655">#14655</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/eb0312ea9e493954298ac0b3fdaae7eafb52750e"><code>eb0312e</code></a> feat(mobile): Propagate tao::Event::Suspended and tao::Event::Resumed to the ...</li> <li><a href="https://github.com/tauri-apps/tauri/commit/4ef5797f0fb27fa2df3f39f4a54e48ef319560ec"><code>4ef5797</code></a> feat(ios): add --no-sign and --archive-only flags to ios build (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15061">#15061</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/110336c88a8c0a04476619db0a5c8f7694d969a5"><code>110336c</code></a> fix(macOS): fix incorrect window position on multi-monitor setups (<a href="https://redirect.github.com/tauri-apps/tauri/issues/15250">#15250</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/c00a3dbffccd6e051d3b7332f706b6c63759865d"><code>c00a3db</code></a> feat(macros): add support for rename command macro in tauri-macros <a href="https://redirect.github.com/tauri-apps/tauri/issues/14173">#14173</a> (<a href="https://redirect.github.com/tauri-apps/tauri/issues/1">#1</a>...</li> <li><a href="https://github.com/tauri-apps/tauri/commit/764b9139a32de149d8a914a6b5ec6cd1937c64eb"><code>764b913</code></a> feat(cli): restart Android emulator if it is disconnected from adb (<a href="https://redirect.github.com/tauri-apps/tauri/issues/14313">#14313</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/1035f12eeb8b23d9780881606d442d11c786e39e"><code>1035f12</code></a> fix(windows): tauri-bundler detect arm system (<a href="https://redirect.github.com/tauri-apps/tauri/issues/14923">#14923</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tauri-apps/tauri/compare/tauri-build-v2.5.5...tauri-build-v2.6.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
34c9e9bdc5 |
build(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (#6258)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
f89f7d99ba |
build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#6297)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
84e30cd008 |
build(deps): bump actions/github-script from 7.1.0 to 9.0.0 (#6298)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
69236a89c8 |
build(deps): bump gradle/actions from 5.0.1 to 6.1.0 (#6294)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
c58deb6b55 |
build(deps): bump tauri-apps/tauri-action from 0.5.25 to 0.6.2 (#6257)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
5bd62eeb5c |
build(deps): bump github/codeql-action from 4.32.6 to 4.35.2 (#6256)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
87e5b84324 |
build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (#6254)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
4149276b01 |
build(deps): bump actions/dependency-review-action from 4.8.2 to 4.9.0 (#6230)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
60c39c6f6e |
build(deps): bump actions/stale from 10.1.1 to 10.2.0 (#6227)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
9890d6a7de | fix: skip translation key extraction for files without i18n usage (#6221) | ||
|
|
7cb0f928bc |
build(deps): bump docker/login-action from 3.7.0 to 4.1.0 (#6072)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
42978b9ad6 |
build(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (#6021)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
c5cdde0b58 |
build(deps): bump docker/build-push-action from 6.18.0 to 7.1.0 (#6192)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
27ccf6afdd | chore(ci): consolidate Dependabot directories and pin GitHub Actions in workflow automation (#6172) | ||
|
|
436c8cbed2 | Line seperator fix for redaction drift (#6064) | ||
|
|
917edc43b3 |
Add specific View Scope For Selected Files (#6050)
## Fix 1 — Viewer bug (8 tools) 8 tools called `useFileSelection()` directly instead of routing through `useBaseTool`. In the viewer, this meant they operated on **all selected files** instead of only the one being viewed. For example: 10 files loaded, viewing file 3, running Add Stamp — all 10 files got stamped. **Root cause:** These tools had no view-scope awareness. `useFileSelection()` returns the raw workbench selection with no knowledge of which file is active in the viewer. **Fix:** A new hook `useViewScopedFiles` was introduced: ```ts // Viewer → only the active file // Everywhere else → all loaded files const selectedFiles = useViewScopedFiles(); ``` The 8 tools were updated to call this instead of `useFileSelection()`. **Tools fixed:** Add Stamp, Add Watermark, Add Password, Add Page Numbers, Add Attachments, Reorganize Pages, OCR, Convert --- ## Fix 2 — Page selector / active files context (all tools) `useBaseTool` returned `selectedFiles` (checked files only) in non-viewer contexts. In the page selector this is typically empty or stale — not the full set of loaded files that tools should operate on. **Fix:** `useBaseTool` was updated to use `useViewScopedFiles`, which returns all loaded files in non-viewer contexts. This affected every tool via `useBaseTool`. --- ## Workarounds for Compare & Merge Two tools intentionally need all loaded files regardless of view, so they use `ignoreViewerScope: true` in `useBaseTool`. **Compare** — needs exactly 2 files for its Original/Edited slots. Scoping to one file would break the comparison entirely. `ignoreViewerScope: true` is set and `disableScopeHints: true` hides the "(this file)" button label hint. The slot auto-mapping logic was also improved alongside this fix. **Merge** — needs 2+ files; merging a single file is meaningless. Rather than leaving the button silently disabled, Merge now: - Auto-redirects to the active files view on first open from the viewer - If the user navigates back to the viewer, shows a disabled button with a hint and a "Go to active files view" shortcut button --- ## How to Test --- ## Fix 1 — 8 tools (viewer scoping) ### Test steps (same for each) 1. Load 3 PDFs into workbench 2. Open viewer, navigate to file 2 3. Open the tool, configure settings, run 4. ✅ Only file 2 is in the results 5. ✅ Button label shows **"[Action] (this file)"** 6. ✅ A note below the button reads **"Only applying to: [filename]"** | Tool | What to configure | |---|---| | **Add Stamp** | Enter any text stamp or upload an image stamp | | **Add Watermark** | Select text watermark, enter any text | | **Add Page Numbers** | Leave defaults | | **Add Password** | Enter any owner + user password | | **Add Attachments** | Attach any small file | | **Reorganize Pages** | Enter a page range e.g. `1,2` | | **OCR** | Leave default language | | **Convert** | Convert PDF → any format | --- ## Fix 2 — All tools (page selector context) ### Test steps 1. Load 3 PDFs into workbench 2. Open the page selector view 3. Open any tool from the sidebar, run it 4. ✅ All 3 files are processed (not zero or a stale subset) --- ## Compare (intentionally ignores view scope) **A — Auto-fill with exactly 2 files** 1. Load exactly 2 PDFs 2. Open Compare from either the viewer or active files view 3. ✅ Both slots are filled automatically (Original + Edited) 4. ✅ No scope hint appears on the button **B — Manual selection with 3+ files** 1. Load 3+ PDFs 2. Open Compare 3. ✅ The first 2 files fill the slots 4. ✅ A 3rd file does not add a 3rd slot (capped at 2) **C — File removed mid-session** 1. Load 2 PDFs, let Compare auto-fill both slots 2. Remove one file from the workbench 3. ✅ The corresponding slot clears; the other slot is unchanged **D — Viewer mode** 1. Load 2 PDFs, open viewer 2. Open Compare from the viewer sidebar 3. ✅ Both files are still available for slot selection (not scoped to current file) --- ## Merge (intentionally ignores view scope, disabled in viewer) **A — Auto-redirect on first open from viewer** 1. Load 2+ PDFs, open the viewer 2. Open Merge from the viewer sidebar 3. ✅ Immediately redirected to the active files view **B — Viewer mode disabled state (after navigating back)** 1. From the active files view, open Merge, then navigate back to the viewer 2. ✅ Execute button is **disabled** with tooltip "Switch to the file editor to select multiple files" 3. ✅ A note appears: *"Merge needs 2 or more files. Head to the file editor to select them."* 4. ✅ A **"Go to active files view"** button is shown; clicking it navigates back **C — Active files view works normally** 1. Load 3 PDFs, open Merge from the active files view 2. ✅ All 3 files appear in the merge list 3. ✅ Button shows **"Merge (3 files)"** 4. Run the merge 5. ✅ Output is a single PDF containing all 3 files --- ## Button label behaviour (all tools) | Context | Expected button text | |---|---| | Viewer, 1 file loaded | `[Action]` (no suffix) | | Viewer, 2+ files loaded | `[Action] (this file)` | | Active files view, 1 file loaded | `[Action]` (no suffix) | | Active files view, 2+ files loaded | `[Action] (N files)` | | Merge in viewer | disabled — no suffix | | Compare | never shows scope suffix (`disableScopeHints: true`) | --------- Co-authored-by: Reece Browne <[email protected]> |
||
|
|
da9327ab1c |
Restore English search aliases in zh-TW tags (#6039)
# Description of Changes Preserve the translated zh-TW tags while restoring the English aliases used by frontend tool search. This keeps common English technical queries such as permissions or access control discoverable in the zh-TW locale. --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [x] I have performed a self-review of my own code - [x] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [x] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. ## GitHub Copilot Pull Reuqest summary > This pull request significantly expands the keyword tags for a wide range of PDF-related tools and actions in the Traditional Chinese (`zh-TW`) translation file. The main goal is to improve searchability and discoverability of features by including a comprehensive set of English and Chinese keywords, synonyms, and related phrases for each tool. > > The most important changes include: > > **Localization and Search Optimization:** > > * Expanded the `tags` fields for all tools and actions under the `[home.*]` sections in `frontend/public/locales/zh-TW/translation.toml` to include a broad set of English and Chinese keywords, synonyms, and common search phrases. This enhances feature discoverability for users searching in either language. [[1]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L3885-R3925) [[2]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L3934-R4039) [[3]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L4054-R4209) [[4]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L4218-R4218) > > **Consistency and Coverage:** > > * Ensured that each tool/action now has a rich set of tags that cover various ways users might refer to the feature, including technical terms, synonyms, and related concepts (e.g., "merge", "combine", "join" for PDF merging). [[1]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L3885-R3925) [[2]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L3934-R4039) [[3]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L4054-R4209) [[4]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L4218-R4218) > > **Internationalization Improvements:** > > * Added English keywords alongside Chinese ones to support bilingual search and better serve users who may search using English terms in a localized interface. [[1]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L3885-R3925) [[2]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L3934-R4039) [[3]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L4054-R4209) [[4]](diffhunk://#diff-5979ec7aabfd804ffe625390faee80bfc5b97bdb00f72cc3ce27359f82450e87L4218-R4218) > > These changes collectively make it easier for users to find the features they need, regardless of the language or terminology they use. |
||
|
|
1e97a32d4b |
feat(desktop): gate shared signing behind self-hosted auth (#6002)
## Summary This PR adds full desktop (Tauri) support for the shared signing feature when connected to a self-hosted server, and fixes several bugs discovered during that work. ### Feature gating Shared signing, file sharing, and share links are proprietary server features that require an authenticated self-hosted session. Previously these were read directly from `config` with no awareness of connection mode or auth state, meaning the UI could appear in SaaS/local mode or when logged out. - Introduce `useGroupSigningEnabled` and `useSharingEnabled` hooks with core implementations (web behaviour unchanged) and desktop overrides that require `selfhosted` mode + an active authenticated session - Extract shared subscription logic into `useSelfHostedAuth` (connection mode + auth state + config refetch) - `QuickAccessBar` now derives all three flags from the hooks instead of raw config ### Config timing fix When a user logs in via the SetupWizard, the `jwt-available` event fires a config fetch *before* the mode is switched to `selfhosted`. This meant the config was fetched from the local bundled backend (port ~59567) which has no knowledge of `storageGroupSigningEnabled`, causing the group signing button to stay hidden until a full page refresh. `useSelfHostedAuth` detects the mode transition and triggers a fresh config fetch at the correct moment, after the self-hosted URL is active. ### Bug fixes **`SignPopout.tsx`** — Manually setting `Content-Type: multipart/form-data` on two `FormData` POST requests stripped the auto-generated boundary, causing a `400 bad multipart` from the server. Removed the explicit headers so Axios sets them correctly. **`tauriHttpClient.ts`** — `response.json()` was called before `response.ok` was checked. A plain-text error body from the server (e.g. `"Cannot sign..."`) caused a `SyntaxError` that fell into the network error catch block and was reported as `ERR_NETWORK`, hiding the real failure. The fix checks `response.ok` first, reads error bodies as text, and handles empty 200 bodies (returning `null` instead of throwing). --- ## Testing ### Prerequisites - Desktop app running in self-hosted mode pointed at a local Stirling-PDF instance (`http://localhost:8080`) - The self-hosted instance has group signing and storage enabled in settings - At least two user accounts on the self-hosted instance ### 1. Feature gating — group signing button | Step | Expected | |---|---| | Open the desktop app in **local mode** (no server configured) | Group signing button absent from QuickAccessBar | | Switch to self-hosted mode but **do not log in** | Group signing button absent | | Log in to the self-hosted server | Group signing button appears without requiring a page refresh | | Log out | Group signing button disappears immediately | | Log back in | Group signing button reappears without a page refresh | ### 2. Feature gating — file sharing Repeat the same steps above, verifying the share and share-link buttons in the file manager follow the same visibility rules. ### 3. Create a signing session 1. Log in, open the group signing panel from QuickAccessBar 2. Select a PDF, add a participant, configure signature defaults and submit 3. Verify the session is created successfully (no `400 bad multipart` error) ### 4. Participant signing 1. As the invited participant, open the signing request from QuickAccessBar 2. Upload or draw a signature and submit 3. Verify signing completes successfully (no `ERR_NETWORK` error) ### 5. Error surfacing 1. Attempt an action that the server rejects (e.g. sign a document with an invalid certificate) 2. Verify the actual server error message is shown rather than a generic network error |
||
|
|
1ab07a9027 |
build(deps): bump crazy-max/ghaction-github-labeler from 5.3.0 to 6.0.0 (#6019)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
c3530024c4 |
feat(pdf): replace PdfLib with Pdfium for form handling and general rendering tasks (#5899)
# Description of Changes Improves PDF rendering in the viewer by adding digital signature field support, cleaning up overlay rendering, and migrating the contrast tool off pdf-lib to PDFium WASM. ### Signature Field Overlay - Added `SignatureFieldOverlay` component that renders digital signature form fields - Renders appearance streams when present; shows a fallback badge for unsigned fields - Uses PDFium WASM for bitmap extraction ### Overlay Rendering - Integrated `SignatureFieldOverlay` and `ButtonAppearanceOverlay` into `LocalEmbedPDF` - Overlays are now clipped to page boundaries - Clarified in `EmbedPdfViewer` that frontend overlays use PDFium WASM, backend overlays use PDFBox ### Contrast Tool Migration - Replaced pdf-lib with PDFium WASM in `useAdjustContrastOperation` - PDF page creation and image embedding now go through PDFium APIs directly - Updated bitmap handling and memory management accordingly ### Cleanup - Fixed import ordering in viewer components - Removed stale comments in the contrast operation hook <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Signed-off-by: Balázs Szücs <[email protected]> Co-authored-by: Reece Browne <[email protected]> |
||
|
|
1806b5d3be |
build(deps): bump actions/cache from 5.0.3 to 5.0.4 (#5976)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
81c0187bf1 |
build(deps): bump softprops/action-gh-release from 2.5.0 to 2.6.1 (#5979)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
9d51414fbb |
build(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (#5977)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
85d5bb5dc2 |
build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#5939)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
3908e258c8 |
build(deps): bump github/codeql-action from 4.32.4 to 4.32.6 (#5941)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
9df4692648 |
build(deps): bump actions/cache from 4.3.0 to 5.0.3 (#5940)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
400ee16e83 |
build(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 (#5887)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
f777efdd1c |
build(deps): bump actions/setup-python from 6.1.0 to 6.2.0 (#5886)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1d62f7ec23 |
build(deps): bump docker/metadata-action from 5.10.0 to 6.0.0 (#5889)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
c5b202f2a1 |
build(deps): bump crazy-max/ghaction-github-runtime from 3.1.0 to 4.0.0 (#5890)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
2d6f206c36 |
build(deps): bump actions/setup-node from 4.4.0 to 6.2.0 (#5691)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
161bfef7da |
build(deps): bump actions/ai-inference from 2.0.5 to 2.0.7 (#5831)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
690eceb548 |
build(deps): bump github/codeql-action from 4.31.10 to 4.32.4 (#5833)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
6a1597bb8d | ci: provide default desktop env vars in tauri GitHub Actions builds (#5815) | ||
|
|
d98ff194e4 |
[Aikido] AI Fix for 3rd party Github Actions should be pinned (#5817)
Co-authored-by: aikido-autofix[bot] <119856028+aikido-autofix[bot]@users.noreply.github.com> |
||
|
|
9d93f20c39 |
build(deps-dev): bump pillow from 12.1.0 to 12.1.1 in /.github/scripts in the pip group across 1 directory (#5720)
Bumps the pip group with 1 update in the /.github/scripts directory: [pillow](https://github.com/python-pillow/Pillow). Updates `pillow` from 12.1.0 to 12.1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow's releases</a>.</em></p> <blockquote> <h2>12.1.1</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html</a></p> <h2>Dependencies</h2> <ul> <li>Patch libavif for svt-av1 4.0 compatibility <a href="https://redirect.github.com/python-pillow/Pillow/issues/9413">#9413</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li> </ul> <h2>Other changes</h2> <ul> <li>Fix OOB Write with invalid tile extents <a href="https://redirect.github.com/python-pillow/Pillow/issues/9427">#9427</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-pillow/Pillow/commit/5158d98c807e719c5938aa3886913ef0ea6814e9"><code>5158d98</code></a> 12.1.1 version bump</li> <li><a href="https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"><code>9000313</code></a> Fix OOB Write with invalid tile extents (<a href="https://redirect.github.com/python-pillow/Pillow/issues/9427">#9427</a>)</li> <li><a href="https://github.com/python-pillow/Pillow/commit/cd0111849fb32c40860e3ee3d57b9b1cee4260cf"><code>cd01118</code></a> Patch libavif for svt-av1 4.0 compatibility</li> <li>See full diff in <a href="https://github.com/python-pillow/Pillow/compare/12.1.0...12.1.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Stirling-Tools/Stirling-PDF/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Brunton <[email protected]> |
||
|
|
549f796e47 | feat(form-fill): add CSV and XLSX extraction for form fields, improve file ID handling (#5776) | ||
|
|
fd039b8649 |
Update de translation.toml (#5736)
Vollständige Übersetzung der fehlenden englischen Texte ins Deutsche: - Schwärzungsfunktionen (Redactions) - Mobile Upload/Scanner-Einstellungen - Telegram-Bot-Konfiguration - Benutzerkontoeinstellungen - Stempel-Vorlagen und Tooltips - API-Fehlermeldungen - Verschiedene UI-Texte Insgesamt 146 Strings übersetzt. # Description of Changes <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
d5cf77cf50 |
refactor: fix homepage file upload path (#5738)
Extracts file-based navigation logic from HomePage into pure function with comprehensive test coverage. New behavior: - Opening 1 file from empty → switch to viewer (activeFileIndex: 0) - Opening 2+ files from empty → switch to fileEditor - pdfTextEditor tool → no auto-navigation (handles own empty state) - Non-startup transitions (N→M files) → no navigation Benefits: - Pure function → easy to test and reason about - Clear separation of concerns - Preserves all existing behavior including pdfTextEditor special case - Adds new multi-file startup behavior Changes: - HomePage.tsx: use getStartupNavigationAction() utility - homePageNavigation.ts: pure navigation logic - homePageNavigation.test.ts: comprehensive unit tests Note: prevFileCountRef initialization kept as useRef(activeFiles.length) to correctly handle files restored from IndexedDB on app startup. # Description of Changes <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
0a1d2effdc |
feat(frontend): Upgrade embedPDF to v2.6.0 and migrate to pdf-lib fork, fix attachment/bookmark panel (#5723)
# Description of Changes Upgrades embedPDF from v2.5.0 to v2.6.0 and migrates from unmaintained pdf-lib to @cantoo/pdf-lib fork. Adds defensive error handling for malformed PDFs and improves bridge lifecycle management. ### Changes **Dependencies** - Upgrade all @embedpdf/* packages from ^2.5.0 to ^2.6.0 - Replace pdf-lib with @cantoo/pdf-lib (maintained fork with better TypeScript support) **PDF Viewer Infrastructure (attachment/bookmark fix)** - Add useDocumentReady hook to track document lifecycle across bridges - Implement defensive bridge cleanup to prevent stale registrations - Fix race condition in document ready state detection by subscribing to events before checking state **Link Extraction (updated to cantoo/pdf-lib)** - Add graceful error handling for PDFs with invalid catalog structures - Extract enhanced link metadata (tooltips, colors, border styles, highlight modes) - Return empty results instead of throwing on malformed PDFs - Add validation for link creation (destination page bounds, rect dimensions, color values) **Signature Flattening (updated to cantoo/pdf-lib)** - Improve SVG embedding with three-tier fallback strategy (native vector, rasterized PNG, placeholder) - Add proper Unicode handling for PDF form tooltips via PDFString.decodeText() - Extract SVG utilities into cleaner strategy pattern **Form Field Processing (updated to cantoo/pdf-lib)** - Add support for display labels vs export values in dropdown/list fields per PDF spec 12.7.4.4 - Implement caching for expensive field property lookups - Add proper handling of malformed /Opt arrays <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [X] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [X] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [X] I have performed a self-review of my own code - [X] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [X] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Signed-off-by: Balázs Szücs <[email protected]> |
||
|
|
71c845bcd8 | feat(text-selection): implement text selection enhancement for double and triple-click actions (#5712) | ||
|
|
f3a4dbc903 |
feat(redaction): improve manual redaction with color selection and updated UI elements (#5679)
# Description of Changes <img width="1920" height="977" alt="image" src="https://github.com/user-attachments/assets/17e451b7-df2b-4097-b8aa-66954d89b935" /> <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Signed-off-by: Balázs Szücs <[email protected]> |
||
|
|
c8bc57d31c |
chore(ci): update GitHub Actions to latest stable versions (#5629)
# Description of Changes This pull request updates several GitHub Actions and related dependencies across multiple workflow files to newer versions. The main goal is to keep the CI/CD pipeline up-to-date with the latest security patches, features, and bug fixes provided by upstream maintainers. The changes primarily involve upgrading the versions of commonly used actions like `actions/checkout`, `docker/login-action`, `actions/setup-java`, `gradle/actions/setup-gradle`, and `actions/upload-artifact`. The most important changes are: **Actions Version Upgrades (General Maintenance & Security):** * Upgraded `actions/checkout` from v6.0.1 to v6.0.2 in all workflow files to ensure the latest bug fixes and improvements are used. [[1]](diffhunk://#diff-931fcb06ba030420d7044dde06465ad55b4e769a9bd374dcd6a0c76f79a5e30eL119-R119) [[2]](diffhunk://#diff-931fcb06ba030420d7044dde06465ad55b4e769a9bd374dcd6a0c76f79a5e30eL175-R175) [[3]](diffhunk://#diff-931fcb06ba030420d7044dde06465ad55b4e769a9bd374dcd6a0c76f79a5e30eL365-R365) [[4]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L48-R48) [[5]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L136-R136) [[6]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L148-R160) [[7]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L378-R378) [[8]](diffhunk://#diff-26fc40a450703e6602af586a24594196fb10e132de14a9a488ae64ee8cc51166L29-R29) [[9]](diffhunk://#diff-f1e8b4497f902b85c1b990cd7e6ebd928afd9051757fcb8f376be66260c9ea05L26-R26) [[10]](diffhunk://#diff-cfe84f4bb9657c721ff741644ee0bce45aa81aaef9dea1ea8741c946984e9722L23-R23) [[11]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L39-R39) [[12]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L63-R72) [[13]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L138-R147) [[14]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L175-R177) [[15]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L210-R219) [[16]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L264-R273) [[17]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L328-R328) [[18]](diffhunk://#diff-3117b4a93711d37b0a9a1668272eec716fea0b4f57dde16a85e7ab3f569c455dL35-R35) [[19]](diffhunk://#diff-7cdd3ccec44c8ba176bdc3b9ef54c3f56aa210a1a4e2bb5f79d87b1e50314a18L25-R25) [[20]](diffhunk://#diff-f8b6ec3c0af9cd2d8dffef6f3def2be6357fe596a606850ca7f5d799e1349069L26-R26) [[21]](diffhunk://#diff-3c0f521958c53ad27c967692b4d5480ead136acb33622ee97d39df814b1b202eL33-R33) * Upgraded `docker/login-action` from v3.6.0 to v3.7.0 for improved Docker Hub authentication. [[1]](diffhunk://#diff-931fcb06ba030420d7044dde06465ad55b4e769a9bd374dcd6a0c76f79a5e30eL192-R192) [[2]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L182-R182) [[3]](diffhunk://#diff-f8b6ec3c0af9cd2d8dffef6f3def2be6357fe596a606850ca7f5d799e1349069L88-R88) **Java and Gradle Tooling Updates:** * Updated `actions/setup-java` from v5.0.0 to v5.2.0 and `gradle/actions/setup-gradle` from v5.0.0 to v5.0.1 to get the latest Java and Gradle setup improvements. [[1]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L148-R160) [[2]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L63-R72) [[3]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L138-R147) [[4]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L210-R219) [[5]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L264-R273) [[6]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L338-R344) * Upgraded `actions/setup-node` from v5.0.0 to v6.1.0 for Node.js setup. **Artifact Handling Improvements:** * Upgraded `actions/upload-artifact` from v4.6.2 to v6.0.0 for uploading build and test artifacts, which may include performance and reliability improvements. [[1]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L104-R104) [[2]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L160-R160) [[3]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L193-R193) [[4]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L232-R232) [[5]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L379-R379) **Other Action Updates:** * Updated `actions/ai-inference` from v2.0.4 to v2.0.5 in the AI PR title review workflow. These updates help ensure that the CI/CD workflows remain secure, reliable, and compatible with the latest tools and platforms. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
fb37ee8038 |
feat(redaction): update to embedPDF v2.4.0 with unified redaction mode support (#5652)
# Description of Changes Bump to EmbedPDF v2.4.0 plus update to the redaction methods <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [X] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [X] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [X] I have performed a self-review of my own code - [X] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [X] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Signed-off-by: Balázs Szücs <[email protected]> |
||
|
|
62d2819213 |
build(deps): bump alpine from 3.23.2 to 3.23.3 in /docker/embedded (#5590)
Bumps alpine from 3.23.2 to 3.23.3. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
6f217066a1 |
build(deps): bump org.postgresql:postgresql from 42.7.8 to 42.7.9 (#5554)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) from 42.7.8 to 42.7.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pgjdbc/pgjdbc/releases">org.postgresql:postgresql's releases</a>.</em></p> <blockquote> <h2>v42.7.9</h2> <h2>Changes</h2> <ul> <li>Added changelogs for version 42.7.9 <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3908">#3908</a>)</li> <li>the classloader is nullable, and remove a space <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3907">#3907</a>)</li> <li>fix: incorrect pg_stat_replication.reply_time calculation <a href="https://github.com/atorik"><code>@atorik</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3906">#3906</a>)</li> <li>fix: issue <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3892">#3892</a>, PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3897">#3897</a>)</li> <li>fix badges for maven central and search paths. Sonatype has changed the search paths <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3901">#3901</a>)</li> <li>fix: make all Calendar instances proleptic Gregorian (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3837">#3837</a>) <a href="https://github.com/m-van-tilburg"><code>@m-van-tilburg</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3887">#3887</a>)</li> <li>test: add CI tests with Java 26 <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3893">#3893</a>)</li> <li>perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3866">#3866</a>)</li> <li>use ssl_is_used() to check for ssl connection <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3867">#3867</a>)</li> <li>Add PEMKeyManager to handle PEM based certs and keys. <a href="https://github.com/harinath001"><code>@harinath001</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3700">#3700</a>)</li> <li>Comment and simplify the complex state machine logic in QueryExecutorImpl <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3850">#3850</a>)</li> <li>Revert "fix: Issue <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3784">#3784</a> pgjdbc can't decode numeric arrays containing special numbers like NaN" <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3851">#3851</a>)</li> <li>fix: Issue <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3784">#3784</a> pgjdbc can't decode numeric arrays containing special numbers like NaN <a href="https://github.com/ShenFeng312"><code>@ShenFeng312</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3838">#3838</a>)</li> <li>Small simplication of locking patterns in QueryExecutorBase <a href="https://github.com/Sanne"><code>@Sanne</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3849">#3849</a>)</li> <li>doc: update property quoteReturningIdentifiers default value <a href="https://github.com/sodekim"><code>@sodekim</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3847">#3847</a>)</li> <li>feat: default query timeout property <a href="https://github.com/cfredri4"><code>@cfredri4</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3705">#3705</a>)</li> <li>create action to deploy docs to <a href="https://pgjdbc.github.io/">https://pgjdbc.github.io/</a> <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3819">#3819</a>)</li> <li>fix homepage release note <a href="https://github.com/davecramer"><code>@davecramer</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3817">#3817</a>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li>fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3903">#3903</a>)</li> <li>fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3886">#3886</a>)</li> </ul> <h2>📝 Documentation</h2> <ul> <li>doc: add the new PGP signing key to the official documentation <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3813">#3813</a>)</li> </ul> <h2>🧰 Maintenance</h2> <ul> <li>chore: remove unused com.github.spotbugs Gradle plugin dependency <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3868">#3868</a>)</li> <li>chore: drop SpotBugs as we do not seem to use it <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3834">#3834</a>)</li> <li>chore: bump version to 42.7.9 after 42.7.8 release <a href="https://github.com/vlsi"><code>@vlsi</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3810">#3810</a>)</li> </ul> <h2>⬆️ Dependencies</h2> <!-- raw HTML omitted --> <ul> <li>chore(deps): update actions/create-github-app-token digest to 29824e6 <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3898">#3898</a>)</li> <li>chore(deps): update actions/setup-java digest to c1e3236 <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3899">#3899</a>)</li> <li>chore(deps): update codecov/codecov-action digest to 671740a <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3900">#3900</a>)</li> <li>fix(deps): update dependency org.junit:junit-bom to v5.14.1 - autoclosed <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3884">#3884</a>)</li> <li>fix(deps): update dependency org.apache.bcel:bcel to v6.11.0 <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3883">#3883</a>)</li> <li>fix(deps): update dependency org.mockito:mockito-bom to v5.20.0 <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3885">#3885</a>)</li> <li>fix(deps): update dependency net.bytebuddy:byte-buddy-parent to v1.18.2 <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3882">#3882</a>)</li> <li>chore(deps): update github/codeql-action digest to 497990d <a href="https://github.com/renovate-bot"><code>@renovate-bot</code></a> (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3881">#3881</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md">org.postgresql:postgresql's changelog</a>.</em></p> <blockquote> <h2>[42.7.9] (2026-01-14)</h2> <h3>Added</h3> <ul> <li>feat: query timeout property [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3705">#3705</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3705">pgjdbc/pgjdbc#3705</a>)</li> <li>feat: Add PEMKeyManager to handle PEM based certs and keys [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3700">#3700</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3700">pgjdbc/pgjdbc#3700</a>)</li> </ul> <h3>Changed</h3> <ul> <li>perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder</li> <li>doc: update property quoteReturningIdentifiers default value [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3847">#3847</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3847">pgjdbc/pgjdbc#3847</a>)</li> <li>security: Use a static method forName to load all user supplied classes. Use the Class.forName 3 parameter method and do not initilize it unless it is a subclass of the expected class</li> </ul> <h3>Fixed</h3> <ul> <li>fix: incorrect pg_stat_replication.reply_time calculation [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3906">#3906</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3906">pgjdbc/pgjdbc#3906</a>)</li> <li>fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob</li> <li>fix: PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3897">#3897</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3897">pgjdbc/pgjdbc#3897</a>)</li> <li>fix: make all Calendar instances proleptic Gregorian [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3837">#3837</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3887">pgjdbc/pgjdbc#3887</a>)</li> <li>fix: Simplify concurrency guards on QueryExecutorBase#transaction and QueryExecutorBase#standardConformingStrings [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3897">#3897</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3849">pgjdbc/pgjdbc#3849</a>)</li> <li>fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3886">#3886</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3886">pgjdbc/pgjdbc#3886</a>)</li> <li>fix: Issue <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3784">#3784</a> pgjdbc can't decode numeric arrays containing special numbers like NaN [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3838">#3838</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3838">pgjdbc/pgjdbc#3838</a>)</li> <li>fix: use ssl_is_used() to check for ssl connection [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3867">#3867</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3867">pgjdbc/pgjdbc#3867</a>)</li> <li>fix: the classloader is nullable [PR <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3907">#3907</a>](<a href="https://redirect.github.com/pgjdbc/pgjdbc/pull/3907">pgjdbc/pgjdbc#3907</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/79b784e3a63def9d12088471334399a53016d880"><code>79b784e</code></a> Added changelogs for version 42.7.9 (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3908">#3908</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/1c00ffc02be1570027b6510cbcd760b916227800"><code>1c00ffc</code></a> doc: add the new PGP signing key to the official documentation</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/f774000c105ddb2971f50dc5cf51a2d20ee4c14a"><code>f774000</code></a> chore(deps): update actions/create-github-app-token digest to 29824e6</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/27daf3b48b8b7d266ba680f59345f3723e2786d2"><code>27daf3b</code></a> chore(deps): update actions/setup-java digest to c1e3236</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/6eb01ff6bcb7ba6d71c9363a29d7305911861946"><code>6eb01ff</code></a> chore(deps): update codecov/codecov-action digest to 671740a</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/dbf1e57747709b560da16fdcec0ba9e927393516"><code>dbf1e57</code></a> the classloader is nullable, and remove a space (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3907">#3907</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/6a20574f4c896b3f02d7f36d21ab1f3da15c3936"><code>6a20574</code></a> Merge commit from fork</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/c07721af972eee4f10873b1a23b3811336454436"><code>c07721a</code></a> fix: incorrect pg_stat_replication.reply_time calculation (<a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3906">#3906</a>)</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/83023f3c2ae98dc69df00a560dbbe386afafe3b1"><code>83023f3</code></a> fix: close temporary lob descriptors that are used internally in PreparedStat...</li> <li><a href="https://github.com/pgjdbc/pgjdbc/commit/62c9805ef8606f3d38273ac69f64b14e936a0bfa"><code>62c9805</code></a> fix: issue <a href="https://redirect.github.com/pgjdbc/pgjdbc/issues/3892">#3892</a>, PGXAConnection.prepare(Xid) should return XA_RDONLY if the ...</li> <li>Additional commits viewable in <a href="https://github.com/pgjdbc/pgjdbc/compare/REL42.7.8...REL42.7.9">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
691fb80554 |
build(deps): bump io.swagger.core.v3:swagger-core-jakarta from 2.2.41 to 2.2.42 (#5549)
Bumps io.swagger.core.v3:swagger-core-jakarta from 2.2.41 to 2.2.42. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1c43bd363a |
Pin GitHub Actions and add runner hardening (#5628)
# Description of Changes <!-- Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
e3982ed4c5 |
build(deps): bump pypdf from 6.6.0 to 6.6.2 in /testing/cucumber in the pip group across 1 directory (#5577)
Bumps the pip group with 1 update in the /testing/cucumber directory: [pypdf](https://github.com/py-pdf/pypdf). Updates `pypdf` from 6.6.0 to 6.6.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/py-pdf/pypdf/releases">pypdf's releases</a>.</em></p> <blockquote> <h2>Version 6.6.2, 2026-01-26</h2> <h2>What's new</h2> <h3>Security (SEC)</h3> <ul> <li>Detect cyclic references when retrieving outlines (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3610">#3610</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.6.1...6.6.2">Full Changelog</a></p> <h2>Version 6.6.1, 2026-01-25</h2> <h2>What's new</h2> <h3>Robustness (ROB)</h3> <ul> <li><code>/AcroForm</code> might be NullObject (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3601">#3601</a>) by <a href="https://github.com/joshkersey"><code>@joshkersey</code></a></li> <li>Handle missing font bounding boxes gracefully (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3600">#3600</a>) by <a href="https://github.com/LudovA"><code>@LudovA</code></a></li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.6.0...6.6.1">Full Changelog</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md">pypdf's changelog</a>.</em></p> <blockquote> <h2>Version 6.6.2, 2026-01-26</h2> <h3>Security (SEC)</h3> <ul> <li>Detect cyclic references when retrieving outlines (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3610">#3610</a>)</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.6.1...6.6.2">Full Changelog</a></p> <h2>Version 6.6.1, 2026-01-25</h2> <h3>Robustness (ROB)</h3> <ul> <li><code>/AcroForm</code> might be NullObject (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3601">#3601</a>)</li> <li>Handle missing font bounding boxes gracefully (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3600">#3600</a>)</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.6.0...6.6.1">Full Changelog</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/py-pdf/pypdf/commit/ad47d50fd7475650d71913c8c0927e9a79249c75"><code>ad47d50</code></a> REL: 6.6.2</li> <li><a href="https://github.com/py-pdf/pypdf/commit/b1282f8dcdc1a7b41ceab6740ffddfdf31b1fec1"><code>b1282f8</code></a> SEC: Detect cyclic references when retrieving outlines (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3610">#3610</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/f18e13c91cd47fa740997df4a7307fbc976388e1"><code>f18e13c</code></a> REL: 6.6.1</li> <li><a href="https://github.com/py-pdf/pypdf/commit/19735763b856cccf0f69630d0f582a448ec5d8bb"><code>1973576</code></a> DEV: Bump wheel from 0.44.0 to 0.46.2 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3608">#3608</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/4740225eaa67ad2e032e63d0453ea6c80bcae158"><code>4740225</code></a> ROB: <code>/AcroForm</code> might be NullObject (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3601">#3601</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/26fd6388754ed167e862bdd7a3eba614da191d34"><code>26fd638</code></a> ROB: Handle missing font bounding boxes gracefully (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3600">#3600</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/affe8eddf185b2875dcfa45090b7d09f06d3ba12"><code>affe8ed</code></a> DEV: Bump virtualenv from 20.27.0 to 20.36.1 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3597">#3597</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/df1b91da41e38ffaf0815e3fd687c037b375c728"><code>df1b91d</code></a> DEV: Add missing dependency to URL check</li> <li>See full diff in <a href="https://github.com/py-pdf/pypdf/compare/6.6.0...6.6.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Stirling-Tools/Stirling-PDF/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ludy <[email protected]> |
||
|
|
c40144db19 |
chore(ci): remove automated version sync job from build workflow (#5547)
# Description of Changes This pull request removes the `sync-versions` job from the GitHub Actions workflow configuration. The `sync-versions` job was responsible for ensuring that version numbers in certain frontend files matched the version defined in `build.gradle`, and for posting a comment on pull requests if discrepancies were found. Workflow cleanup: * Removed the entire `sync-versions` job from `.github/workflows/build.yml`, including steps for syncing app versions, checking for changes, and posting PR comments when version mismatches were detected. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: Copilot <[email protected]> |
||
|
|
3d7efc5d94 |
build(deps): bump debian from f668110 to ed542b2 in /docker/embedded (#5495)
Bumps debian from `f668110` to `ed542b2`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
ebf256fd50 |
build(deps): bump node from f4769ca to e80397b in /docker/frontend (#5498)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps node from `f4769ca` to `e80397b`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
f678e1d2e3 |
build(deps): bump nginx from c083c37 to b0f7830 in /docker/frontend (#5500)
Bumps nginx from `c083c37` to `b0f7830`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
dd7925fbf4 |
build(deps): bump io.micrometer:micrometer-core from 1.16.1 to 1.16.2 (#5466)
Bumps [io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer) from 1.16.1 to 1.16.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micrometer-metrics/micrometer/releases">io.micrometer:micrometer-core's releases</a>.</em></p> <blockquote> <h2>1.16.2</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>CaffeineCacheMetrics nullability is incompatible with Caffeine 3.2.3 <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6973">#6973</a></li> <li>ExecutorServiceMetrics: repeatedly logs exception when monitoring <code>ThreadPerTaskExecutor</code> without <code>--add-opens</code> <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6726">#6726</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.24 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/7027">#7027</a></li> <li>Bump com.netflix.spectator:spectator-reg-atlas from 1.9.2 to 1.9.3 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/7051">#7051</a></li> <li>Bump com.uber.nullaway:nullaway from 0.12.14 to 0.12.15 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/7020">#7020</a></li> <li>Bump grpc from 1.76.1 to 1.76.2 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6952">#6952</a></li> <li>Bump maven-resolver from 1.9.24 to 1.9.25 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6965">#6965</a></li> <li>Bump org.apache.httpcomponents.client5:httpclient5 from 5.5.1 to 5.5.2 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/7019">#7019</a></li> <li>Bump org.junit:junit-bom from 5.14.1 to 5.14.2 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/7056">#7056</a></li> <li>Bump spring6 from 6.2.14 to 6.2.15 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6971">#6971</a></li> <li>Bump testcontainers from 1.21.3 to 1.21.4 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6993">#6993</a></li> </ul> <h2>❤️ Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <p><a href="https://github.com/MariusVolkhart"><code>@MariusVolkhart</code></a> and <a href="https://github.com/izeye"><code>@izeye</code></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/6286e854f943bce9a2daf1214ce3cef6c7aad84d"><code>6286e85</code></a> Bump ch.qos.logback:logback-classic from 1.5.23 to 1.5.24 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/7059">#7059</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/5263cc740b73fd414ce30a910c78bc9bbb522854"><code>5263cc7</code></a> Merge branch '1.15.x' into 1.16.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/0523810d0d3aada310d9ed91e04d52aa420ffd9f"><code>0523810</code></a> Polish CurrentObservationTest (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/7048">#7048</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/3165fdffb9b1f7099f017805b3322c2a050653aa"><code>3165fdf</code></a> Merge branch '1.15.x' into 1.16.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/50ba16bb3d55912e7f25a3903aa2a3e57f3eb98a"><code>50ba16b</code></a> Handle when ThreadPerTaskExecutor.threadCount() is not available (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/7045">#7045</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/c38e88c7b2f0e6fd2e6e48ccc1949b389d61f2a4"><code>c38e88c</code></a> Bump org.junit:junit-bom from 5.14.1 to 5.14.2 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/7056">#7056</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/22ba833062aacac4d877686e76c539c873d7c659"><code>22ba833</code></a> Bump com.netflix.spectator:spectator-reg-atlas from 1.9.2 to 1.9.3 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/7051">#7051</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/916ced5cbc257a865c84dd2c59d6c2285c087e1b"><code>916ced5</code></a> Merge branch '1.15.x' into 1.16.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/50d273be26275a4e0d5a1549bb7ab6453e085bbe"><code>50d273b</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/6b44cf2b2148cd655c98592b183843823074f1d7"><code>6b44cf2</code></a> Relax time limit for PushMeterRegistryTest.waitForScheduledPublishToFinish_wh...</li> <li>Additional commits viewable in <a href="https://github.com/micrometer-metrics/micrometer/compare/v1.16.1...v1.16.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1b1d17f6f5 |
build(deps): bump logback from 1.5.23 to 1.5.24 (#5468)
Bumps `logback` from 1.5.23 to 1.5.24. Updates `ch.qos.logback:logback-core` from 1.5.23 to 1.5.24 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-core's releases</a>.</em></p> <blockquote> <h2>Logback 1.5.24</h2> <p><strong>2026-01-06 Release of logback version 1.5.24</strong></p> <p>• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See <a href="https://logback.qos.ch/manual/configuration.html#conditionalExp">the relevant documentation</a> for further details.</p> <p>• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/qos-ch/logback/commit/62bc5fc245dd3a52f3dd45e232733f4cefb4806d"><code>62bc5fc</code></a> prepare release 1.5.24</li> <li><a href="https://github.com/qos-ch/logback/commit/aac604d7e8ab4f91f240256755f3a09e53e909f3"><code>aac604d</code></a> typo fix of local variable name</li> <li><a href="https://github.com/qos-ch/logback/commit/8a6df9e5c4e935d158b85811d33f72d10373d914"><code>8a6df9e</code></a> ExpressionPropertyCondition constructor should be public</li> <li><a href="https://github.com/qos-ch/logback/commit/95e588c4e37b3e76ff2a5c13e60d7e0485d43fb2"><code>95e588c</code></a> minor changes in ExpressionPropertyCondition</li> <li><a href="https://github.com/qos-ch/logback/commit/859f5a1f34cdec0f63a1830394df8238e780a9f4"><code>859f5a1</code></a> added ExpressionPropertyCondition capable of parsing logical expressions on p...</li> <li><a href="https://github.com/qos-ch/logback/commit/348075adfa7cdd8f7bba60225ec570efb7761d3c"><code>348075a</code></a> start work on 1.5.24-SNAPSHOT</li> <li>See full diff in <a href="https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.24">compare view</a></li> </ul> </details> <br /> Updates `ch.qos.logback:logback-classic` from 1.5.23 to 1.5.24 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-classic's releases</a>.</em></p> <blockquote> <h2>Logback 1.5.24</h2> <p><strong>2026-01-06 Release of logback version 1.5.24</strong></p> <p>• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See <a href="https://logback.qos.ch/manual/configuration.html#conditionalExp">the relevant documentation</a> for further details.</p> <p>• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/qos-ch/logback/commit/62bc5fc245dd3a52f3dd45e232733f4cefb4806d"><code>62bc5fc</code></a> prepare release 1.5.24</li> <li><a href="https://github.com/qos-ch/logback/commit/aac604d7e8ab4f91f240256755f3a09e53e909f3"><code>aac604d</code></a> typo fix of local variable name</li> <li><a href="https://github.com/qos-ch/logback/commit/8a6df9e5c4e935d158b85811d33f72d10373d914"><code>8a6df9e</code></a> ExpressionPropertyCondition constructor should be public</li> <li><a href="https://github.com/qos-ch/logback/commit/95e588c4e37b3e76ff2a5c13e60d7e0485d43fb2"><code>95e588c</code></a> minor changes in ExpressionPropertyCondition</li> <li><a href="https://github.com/qos-ch/logback/commit/859f5a1f34cdec0f63a1830394df8238e780a9f4"><code>859f5a1</code></a> added ExpressionPropertyCondition capable of parsing logical expressions on p...</li> <li><a href="https://github.com/qos-ch/logback/commit/348075adfa7cdd8f7bba60225ec570efb7761d3c"><code>348075a</code></a> start work on 1.5.24-SNAPSHOT</li> <li>See full diff in <a href="https://github.com/qos-ch/logback/compare/v_1.5.23...v_1.5.24">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
a95583b9e0 |
Add sync-versions job to GitHub Actions workflow (#5228)
# Description of Changes This pull request updates the `.github/workflows/build.yml` file to improve automation and consistency in the build process. The most significant change is the addition of a new `sync-versions` job that automatically checks for and synchronizes version differences across key files, and posts a comment on the pull request if mismatches are detected. Additionally, there are minor formatting updates for consistency. **Automation and version synchronization:** * Added a new `sync-versions` job that runs after the build, checks for version mismatches between `build.gradle` and several frontend files, and posts or updates a comment on the pull request to notify contributors if differences are found. This job uses a GitHub App bot for authentication and ensures that versioning remains consistent across the project. **Formatting consistency:** * Updated the YAML formatting for `node-version`, `cache`, and `python-version` fields to use double quotes for consistency in the `build.yml` workflow. [[1]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L150-R151) [[2]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L244-R338) <img width="1127" height="401" alt="image" src="https://github.com/user-attachments/assets/6930a72d-f72b-4909-97e2-51f0e0f61613" /> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
2d254ef0f6 |
build(deps): bump actions/checkout from 4.2.2 to 6.0.1 (#5465)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 6.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.1</h2> <h2>What's Changed</h2> <ul> <li>Update all references from v5 and v4 to v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2314">actions/checkout#2314</a></li> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> <li>Clarify v6 README by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2328">actions/checkout#2328</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6...v6.0.1">https://github.com/actions/checkout/compare/v6...v6.0.1</a></p> <h2>v6.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>v6-beta by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li> <li>update readme/changelog for v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p> <h2>v6-beta</h2> <h2>What's Changed</h2> <p>Updated persist-credentials to store the credentials under <code>$RUNNER_TEMP</code> instead of directly in the local git config.</p> <p>This requires a minimum Actions Runner version of <a href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a> to access the persisted credentials for <a href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker container action</a> scenarios.</p> <h2>v5.0.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p> <h2>v4.3.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v6.0.2</h2> <ul> <li>Fix tag handling: preserve annotations and explicit fetch-tags by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li> </ul> <h2>v6.0.1</h2> <ul> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> </ul> <h2>v6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>v5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>v5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>v4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>v4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8"><code>8e8c483</code></a> Clarify v6 README (<a href="https://redirect.github.com/actions/checkout/issues/2328">#2328</a>)</li> <li><a href="https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1"><code>033fa0d</code></a> Add worktree support for persist-credentials includeIf (<a href="https://redirect.github.com/actions/checkout/issues/2327">#2327</a>)</li> <li><a href="https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5"><code>c2d88d3</code></a> Update all references from v5 and v4 to v6 (<a href="https://redirect.github.com/actions/checkout/issues/2314">#2314</a>)</li> <li><a href="https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"><code>1af3b93</code></a> update readme/changelog for v6 (<a href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li> <li><a href="https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e"><code>71cf226</code></a> v6-beta (<a href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li> <li><a href="https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e"><code>069c695</code></a> Persist creds to a separate file (<a href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li> <li><a href="https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"><code>ff7abcd</code></a> Update README to include Node.js 24 support details and requirements (<a href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li> <li><a href="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8"><code>08c6903</code></a> Prepare v5.0.0 release (<a href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li> <li><a href="https://github.com/actions/checkout/commit/9f265659d3bb64ab1440b03b12f4d47a24320917"><code>9f26565</code></a> Update actions checkout to use node 24 (<a href="https://redirect.github.com/actions/checkout/issues/2226">#2226</a>)</li> <li><a href="https://github.com/actions/checkout/commit/08eba0b27e820071cde6df949e0beb9ba4906955"><code>08eba0b</code></a> Prepare release v4.3.0 (<a href="https://redirect.github.com/actions/checkout/issues/2237">#2237</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/checkout/compare/v4.2.2...8e8c483db84b4bee98b60c0593521ed34d9990e8">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ludy <[email protected]> |
||
|
|
a28464a954 |
build(deps): bump reportlab from 4.4.5 to 4.4.9 in /testing/cucumber (#5505)
Bumps [reportlab](https://www.reportlab.com/) from 4.4.5 to 4.4.9. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
fe56831889 |
build(deps-dev): bump stylelint-config-standard from 39.0.1 to 40.0.0 in /devTools (#5504)
Bumps [stylelint-config-standard](https://github.com/stylelint/stylelint-config-standard) from 39.0.1 to 40.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stylelint/stylelint-config-standard/releases">stylelint-config-standard's releases</a>.</em></p> <blockquote> <h2>40.0.0</h2> <ul> <li>Removed: <code>stylelint</code> less than <code>17.0.0</code> from peer dependencies.</li> <li>Removed: support for Node.js less than <code>20.19.0</code>.</li> <li>Changed: updated to <a href="https://github.com/stylelint/stylelint-config-recommended/releases/tag/18.0.0"><code>[email protected]</code></a>.</li> <li>Changed: module type to ESM.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/stylelint/stylelint-config-standard/blob/main/CHANGELOG.md">stylelint-config-standard's changelog</a>.</em></p> <blockquote> <h2>40.0.0</h2> <ul> <li>Removed: <code>stylelint</code> less than <code>17.0.0</code> from peer dependencies.</li> <li>Removed: support for Node.js less than <code>20.19.0</code>.</li> <li>Changed: updated to <a href="https://github.com/stylelint/stylelint-config-recommended/releases/tag/18.0.0"><code>[email protected]</code></a>.</li> <li>Changed: module type to ESM.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/fbbe7b8e3efaf6ad84084268944be412e4bee3df"><code>fbbe7b8</code></a> Release 40.0.0 (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/386">#386</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/e6368f9a6d83e178b97e3cf8eb1f76039f35df67"><code>e6368f9</code></a> Prepare 40.0.0 (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/381">#381</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/481e21c6ee154cb43b34c5b406e75b3a72cbfbc3"><code>481e21c</code></a> Bump the dev-deps group with 3 updates (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/382">#382</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/696689d525f3196bd90d4a58bb625cf56e6b67ba"><code>696689d</code></a> Bump stylelint/.github/.github/workflows/call-release-pr.yml from 0.3.1 to 0....</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/5d46c0f12b5ab9db4489508b1b58fea72d30a19c"><code>5d46c0f</code></a> Bump stylelint/.github/.github/workflows/call-lint.yml from 0.3.1 to 0.5.0 (#...</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/f888c90852fe7295926775580c1953d5c2d4580d"><code>f888c90</code></a> Bump stylelint/.github/.github/workflows/call-test.yml from 0.3.1 to 0.5.0 (#...</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/066dda1ba5047a6918141220ab0ef89247f93bf7"><code>066dda1</code></a> Fix vulnerable dependencies via <code>npm audit fix</code> (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/378">#378</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/b6e6aeceddacb35e781ebd1fb4e6c88d12aeb5cd"><code>b6e6aec</code></a> Bump js-yaml from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/379">#379</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/63bb8ddee460919d160b4bd15b8442c6201c6096"><code>63bb8dd</code></a> Bump mdast-util-to-hast from 13.1.0 to 13.2.1 (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/380">#380</a>)</li> <li><a href="https://github.com/stylelint/stylelint-config-standard/commit/0cc790a91bb5ba1fc29a83fe4f7156965fad23df"><code>0cc790a</code></a> Bump the dev-deps group with 2 updates (<a href="https://redirect.github.com/stylelint/stylelint-config-standard/issues/377">#377</a>)</li> <li>Additional commits viewable in <a href="https://github.com/stylelint/stylelint-config-standard/compare/39.0.1...40.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
f5fdb870a8 |
build(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 (#5503)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6.0.0 to 7.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h2>v7 - What's new</h2> <blockquote> <p>[!IMPORTANT] actions/download-artifact@v7 now runs on Node.js 24 (<code>runs.using: node24</code>) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <h3>Node.js 24</h3> <p>This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.</p> <h2>What's Changed</h2> <ul> <li>Update GHES guidance to include reference to Node 20 version by <a href="https://github.com/patrikpolyak"><code>@patrikpolyak</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/440">actions/download-artifact#440</a></li> <li>Download Artifact Node24 support by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/415">actions/download-artifact#415</a></li> <li>fix: update <code>@actions/artifact</code> to fix Node.js 24 punycode deprecation by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/451">actions/download-artifact#451</a></li> <li>prepare release v7.0.0 for Node.js 24 support by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/452">actions/download-artifact#452</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/patrikpolyak"><code>@patrikpolyak</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/440">actions/download-artifact#440</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/415">actions/download-artifact#415</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v6.0.0...v7.0.0">https://github.com/actions/download-artifact/compare/v6.0.0...v7.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/download-artifact/commit/37930b1c2abaa49bbe596cd826c3c89aef350131"><code>37930b1</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/452">#452</a> from actions/download-artifact-v7-release</li> <li><a href="https://github.com/actions/download-artifact/commit/72582b9e0acd370909e83fa4a1fd0fca3ad452d8"><code>72582b9</code></a> doc: update readme</li> <li><a href="https://github.com/actions/download-artifact/commit/0d2ec9d4cbcefe257d822f108de2a1f15f8da9f6"><code>0d2ec9d</code></a> chore: release v7.0.0 for Node.js 24 support</li> <li><a href="https://github.com/actions/download-artifact/commit/fd7ae8fda6dc16277a9ffbc91cdb0eedf156e912"><code>fd7ae8f</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/451">#451</a> from actions/fix-storage-blob</li> <li><a href="https://github.com/actions/download-artifact/commit/d484700543354b15886d6a52910cf61b7f1d2b27"><code>d484700</code></a> chore: restore minimatch.dep.yml license file</li> <li><a href="https://github.com/actions/download-artifact/commit/03a808050efe42bb6ad85281890afd4e4546672c"><code>03a8080</code></a> chore: remove obsolete dependency license files</li> <li><a href="https://github.com/actions/download-artifact/commit/56fe6d904b0968950f8b68ea17774c54973ed5e2"><code>56fe6d9</code></a> chore: update <code>@actions/artifact</code> license file to 5.0.1</li> <li><a href="https://github.com/actions/download-artifact/commit/8e3ebc4ab4d2e095e5eb44ba1a4a53b6b03976ad"><code>8e3ebc4</code></a> chore: update package-lock.json with <code>@actions/artifact</code><a href="https://github.com/5"><code>@5</code></a>.0.1</li> <li><a href="https://github.com/actions/download-artifact/commit/1e3c4b4d4906c98ab57453c24efefdf16c078044"><code>1e3c4b4</code></a> fix: update <code>@actions/artifact</code> to ^5.0.0 for Node.js 24 punycode fix</li> <li><a href="https://github.com/actions/download-artifact/commit/458627d354794c71bc386c8d5839d20b5885fe2a"><code>458627d</code></a> chore: use local <code>@actions/artifact</code> package for Node.js 24 testing</li> <li>Additional commits viewable in <a href="https://github.com/actions/download-artifact/compare/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53...37930b1c2abaa49bbe596cd826c3c89aef350131">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1436821a3a |
feat(admin): add tessdata language management for OCR and download support (#5519)
# Description of Changes ### What was changed - Added new admin-only API endpoints to: - List installed tessdata OCR languages - Fetch available tessdata languages from the official Tesseract repository - Download selected tessdata language files directly into the configured tessdata directory - Implemented server-side validation, safe language name handling, and directory writability checks. - Extended the Admin Advanced Settings UI to: - Display installed tessdata languages - Show available remote languages not yet installed - Allow selecting and downloading additional languages via a multi-select UI - Gracefully fall back to manual download links when the tessdata directory is not writable - Added new i18n strings for all related UI states (loading, success, error, permission warnings). ### Why the change was made - Managing OCR languages previously required manual filesystem interaction. - This change improves usability for administrators by enabling in-app management of tessdata languages while maintaining security constraints. - The writable directory check and manual fallback ensure compatibility with restricted or containerized environments. <img width="1282" height="832" alt="image" src="https://github.com/user-attachments/assets/aa958730-0ffb-4fd6-9af8-87c527a476e4" /> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: Copilot <[email protected]> |
||
|
|
8bb807471f |
chore(ci): enable Gradle dependency caching across GitHub workflows (#5400)
# Description of Changes This pull request updates the CI/CD workflows and Gradle configuration to improve build reproducibility, security, and external dependency management. The main changes include standardizing Gradle setup across workflows, securely injecting Maven credentials, and enabling Gradle build caching. There are also minor improvements to dependency version management and plugin repository configuration. **CI/CD Workflow Improvements:** - Standardized Gradle setup across all GitHub Actions workflows by explicitly adding a `Setup Gradle` step using `gradle/actions/[email protected]` and specifying Gradle version 8.14. This replaces previous usages and ensures consistency. [[1]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R71-R81) [[2]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L157-R176) [[3]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R134-R144) [[4]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R206-R216) [[5]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R260-R264) [[6]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R331-R341) [[7]](diffhunk://#diff-3c0f521958c53ad27c967692b4d5480ead136acb33622ee97d39df814b1b202eR339-R351) [[8]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bL53-R54) [[9]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bL121-R127) [[10]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bR206-R217) [[11]](diffhunk://#diff-6a2e9fb077e57351f4a7e10d03b114e256298babdf06e7e7ae666781a5cf36a1R60-R70) [[12]](diffhunk://#diff-62dcbe64a950b4efb54d691e1e87451a8cd535400aa9ea1e40893de5b57cd73bL45-R46) [[13]](diffhunk://#diff-76056236de05155107f6a660f1e3956059e37338011b8f0e72188afcb9b17b6fL46-R56) [[14]](diffhunk://#diff-fd60dc2adec58c1005c4e4164e9c24362fd6082fd3ab0403e54d276d9835fa6eL42-R65) [[15]](diffhunk://#diff-b34ab107dd4bc92075b2e89b6f16e4a2813e267ca7c2afebdb1931a0a3900d5aR102-R114) [[16]](diffhunk://#diff-98b618771a57e1758961359ecacbac2cff7cfef29aa021c3bc294ae926c4ce5bL47-R51) - Enabled Gradle build cache (`--build-cache`) for all build-related commands in workflows, improving build performance and consistency. Also removed unnecessary `clean` commands before builds to further optimize workflow times. [[1]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R71-R81) [[2]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L157-R176) [[3]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R134-R144) [[4]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R206-R216) [[5]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R331-R341) [[6]](diffhunk://#diff-3c0f521958c53ad27c967692b4d5480ead136acb33622ee97d39df814b1b202eR339-R351) [[7]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bL134-R144) [[8]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bR206-R217) [[9]](diffhunk://#diff-6a2e9fb077e57351f4a7e10d03b114e256298babdf06e7e7ae666781a5cf36a1R60-R70) [[10]](diffhunk://#diff-76056236de05155107f6a660f1e3956059e37338011b8f0e72188afcb9b17b6fL46-R56) [[11]](diffhunk://#diff-fd60dc2adec58c1005c4e4164e9c24362fd6082fd3ab0403e54d276d9835fa6eL42-R65) [[12]](diffhunk://#diff-b34ab107dd4bc92075b2e89b6f16e4a2813e267ca7c2afebdb1931a0a3900d5aR102-R114) [[13]](diffhunk://#diff-98b618771a57e1758961359ecacbac2cff7cfef29aa021c3bc294ae926c4ce5bL47-R51) **Security and Dependency Management:** - Injected Maven credentials (`MAVEN_USER`, `MAVEN_PASSWORD`, `MAVEN_PUBLIC_URL`) as environment variables in all relevant workflow steps, supporting secure access to private or custom Maven repositories. [[1]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R71-R81) [[2]](diffhunk://#diff-8d23782ae5caff72d55828bb25814854f5f2523f299d7dbcda4a3537dd84c5c3L157-R176) [[3]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R134-R144) [[4]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R206-R216) [[5]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R290-R293) [[6]](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721R331-R341) [[7]](diffhunk://#diff-3c0f521958c53ad27c967692b4d5480ead136acb33622ee97d39df814b1b202eR339-R351) [[8]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bR66-R69) [[9]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bL134-R144) [[10]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bR281-R283) [[11]](diffhunk://#diff-62dcbe64a950b4efb54d691e1e87451a8cd535400aa9ea1e40893de5b57cd73bR57-R60) [[12]](diffhunk://#diff-76056236de05155107f6a660f1e3956059e37338011b8f0e72188afcb9b17b6fR73-R76) [[13]](diffhunk://#diff-fd60dc2adec58c1005c4e4164e9c24362fd6082fd3ab0403e54d276d9835fa6eL42-R65) [[14]](diffhunk://#diff-b34ab107dd4bc92075b2e89b6f16e4a2813e267ca7c2afebdb1931a0a3900d5aR178-R180) [[15]](diffhunk://#diff-98b618771a57e1758961359ecacbac2cff7cfef29aa021c3bc294ae926c4ce5bL47-R51) - Added a `pluginManagement` block in `settings.gradle` to allow Gradle plugins to be resolved from a custom Maven repository if specified by environment variables, increasing flexibility for plugin sourcing. **Build and Dependency Versioning:** - Updated `app/proprietary/build.gradle` to use the `bouncycastleVersion` variable for the Bouncy Castle dependency version, improving maintainability and consistency of dependency versioning. **Workflow Trigger Improvements:** - Expanded the file path triggers in `.github/workflows/sync_files_v2.yml` to include additional Gradle build files, ensuring the workflow runs when any core build files are changed. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
8d6c8cbc11 |
build(deps): bump docker/login-action from 3.4.0 to 3.6.0 (#5464)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.4.0 to 3.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v3.6.0</h2> <ul> <li>Add <code>registry-auth</code> input for raw authentication to registries by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/887">docker/login-action#887</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0 in <a href="https://redirect.github.com/docker/login-action/pull/883">docker/login-action#883</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/login-action/pull/880">docker/login-action#880</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/login-action/pull/879">docker/login-action#879</a></li> <li>Bump tmp from 0.2.3 to 0.2.4 in <a href="https://redirect.github.com/docker/login-action/pull/881">docker/login-action#881</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.5.0...v3.6.0">https://github.com/docker/login-action/compare/v3.5.0...v3.6.0</a></p> <h2>v3.5.0</h2> <ul> <li>Support dual-stack endpoints for AWS ECR by <a href="https://github.com/Spacefish"><code>@Spacefish</code></a> <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/874">docker/login-action#874</a> <a href="https://redirect.github.com/docker/login-action/pull/876">docker/login-action#876</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.859.0 in <a href="https://redirect.github.com/docker/login-action/pull/860">docker/login-action#860</a> <a href="https://redirect.github.com/docker/login-action/pull/878">docker/login-action#878</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.859.0 in <a href="https://redirect.github.com/docker/login-action/pull/860">docker/login-action#860</a> <a href="https://redirect.github.com/docker/login-action/pull/878">docker/login-action#878</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.57.0 to 0.62.1 in <a href="https://redirect.github.com/docker/login-action/pull/870">docker/login-action#870</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/login-action/pull/875">docker/login-action#875</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.4.0...v3.5.0">https://github.com/docker/login-action/compare/v3.4.0...v3.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/login-action/commit/5e57cd118135c172c3672efd75eb46360885c0ef"><code>5e57cd1</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/890">#890</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/97e31439e8b415da4e1322633630e1563c42c0f2"><code>97e3143</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/3a0796b57f440ff1af59165907392527fa832e0c"><code>3a0796b</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/5b7b28b1cc417bbd34cd8c225a957c9ce9adf7f2"><code>5b7b28b</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/882">#882</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/abc9fb3154ad354cf35d6c78a862bee018dd4cb8"><code>abc9fb3</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/d46868881477a1d16bdcc80a5b2c05208b1befe4"><code>d468688</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/a99b2f88fc4efabea32b8ba09581cf535c1577e9"><code>a99b2f8</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/883">#883</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/login-action/commit/0d7fae8057d840a981e4132ce97862f6c8f48b42"><code>0d7fae8</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/9832253cb7b14f93bd4134396bd26e855e8e4bd2"><code>9832253</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0</li> <li><a href="https://github.com/docker/login-action/commit/09e05bbdf68bd9ce9eedefa6d2ebe03008c32b08"><code>09e05bb</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/881">#881</a> from docker/dependabot/npm_and_yarn/tmp-0.2.4</li> <li>Additional commits viewable in <a href="https://github.com/docker/login-action/compare/v3.4.0...5e57cd118135c172c3672efd75eb46360885c0ef">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0e8992e3a5 |
build(deps): bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#5463)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.11.1 to 3.12.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v3.12.0</h2> <ul> <li>Deprecate <code>install</code> input by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/455">docker/setup-buildx-action#455</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/434">docker/setup-buildx-action#434</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/436">docker/setup-buildx-action#436</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/432">docker/setup-buildx-action#432</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/435">docker/setup-buildx-action#435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0">https://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-buildx-action/commit/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f"><code>8d2750c</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/455">#455</a> from crazy-max/install-deprecated</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/e81846bcc4416a0bf18b8389e4f6fce279619ddc"><code>e81846b</code></a> deprecate install input</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/65d18f8f8a05aab1b2d761032bec9cd5578caadb"><code>65d18f8</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/454">#454</a> from docker/dependabot/github_actions/actions/checkout-6</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/000d75d273dec231f74115df50b6ee04c9b25e55"><code>000d75d</code></a> build(deps): bump actions/checkout from 5 to 6</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/1583c0f09d26c58c59d25b0eef29792b7ce99d9a"><code>1583c0f</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/443">#443</a> from nicolasleger/patch-1</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/ed158e796328af702db08c75bebb92f2fb10be88"><code>ed158e7</code></a> doc: bump actions/checkout from 4 to 5</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/4cc794f83e4b7488282e879f4469e86246e52ddd"><code>4cc794f</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/441">#441</a> from docker/dependabot/github_actions/actions/checkout-5</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/4dfc3d6c5d9e9534040f8d8b55bd4a98459b62b7"><code>4dfc3d6</code></a> build(deps): bump actions/checkout from 4 to 5</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/af1b253b8dc984466d22633f04ef341c1520ed2f"><code>af1b253</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/440">#440</a> from crazy-max/k3s-build</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/3c6ab92b04d9f3e63233e0e0168ba114c6b448bc"><code>3c6ab92</code></a> ci: k3s test with latest buildx</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-buildx-action/compare/e468171a9de216ec08956ac3ada2f0791b6bd435...8d2750c68a42422c14e847fe6c8ac0403b4cbd6f">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
aa39435303 |
build(deps): bump debian from 1c25564 to 449673e in /docker/embedded (#5357)
Bumps debian from `1c25564` to `449673e`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
3eaccc1e0e |
build(deps): bump alpine from 3.22.1 to 3.23.2 in /docker/embedded (#5319)
Bumps alpine from 3.22.1 to 3.23.2. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1a7fd6ac4e |
build(deps): bump alpine from 3.22.2 to 3.23.2 in /docker/backend (#5316)
Bumps alpine from 3.22.2 to 3.23.2. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
e49793a6b7 |
build(deps): bump urllib3 from 2.5.0 to 2.6.3 in /testing/cucumber in the pip group across 1 directory (#5456)
Bumps the pip group with 1 update in the /testing/cucumber directory: [urllib3](https://github.com/urllib3/urllib3). Updates `urllib3` from 2.5.0 to 2.6.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.6.3</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by <a href="https://github.com/D47A"><code>@D47A</code></a>, 8.9 High, GHSA-38jv-5279-wg99)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">urllib3/urllib3#3743</a>)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">urllib3/urllib3#3752</a>)</li> </ul> <h2>2.6.2</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3734">urllib3/urllib3#3734</a>)</li> </ul> <h2>2.6.1</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3731">#3731</a>)</li> </ul> <h2>2.6.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by <a href="https://github.com/Cycloctane"><code>@Cycloctane</code></a>, 8.9 High, GHSA-2xpw-w6gg-jr37)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by <a href="https://github.com/illia-v"><code>@illia-v</code></a>, 8.9 High, GHSA-gm62-xv2j-4w53)</li> </ul> <blockquote> <p>[!IMPORTANT]</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using <code>urllib3[brotli]</code> to install a compatible Brotli package automatically.</li> </ul> </blockquote> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.6.3 (2026-01-07)</h1> <ul> <li>Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (<code>GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99></code>__)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<code>[#3743](https://github.com/urllib3/urllib3/issues/3743) <https://github.com/urllib3/urllib3/issues/3743></code>__)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<code>[#3752](https://github.com/urllib3/urllib3/issues/3752) <https://github.com/urllib3/urllib3/issues/3752></code>__)</li> </ul> <h1>2.6.2 (2025-12-11)</h1> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<code>[#3734](https://github.com/urllib3/urllib3/issues/3734) <https://github.com/urllib3/urllib3/issues/3734></code>__)</li> </ul> <h1>2.6.1 (2025-12-08)</h1> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<code>[#3731](https://github.com/urllib3/urllib3/issues/3731) <https://github.com/urllib3/urllib3/issues/3731></code>__)</li> </ul> <h1>2.6.0 (2025-12-05)</h1> <h2>Security</h2> <ul> <li>Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (<code>GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37></code>__)</li> <li>Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the <code>Content-Encoding</code> header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (<code>GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53></code>__)</li> </ul> <p>.. caution::</p> <ul> <li>If urllib3 is not installed with the optional <code>urllib3[brotli]</code> extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc"><code>0248277</code></a> Release 2.6.3</li> <li><a href="https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"><code>8864ac4</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c"><code>70cecb2</code></a> Fix Scorecard issues related to vulnerable dev dependencies (<a href="https://redirect.github.com/urllib3/urllib3/issues/3755">#3755</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359"><code>41f249a</code></a> Move "v2.0 Migration Guide" to the end of the table of contents (<a href="https://redirect.github.com/urllib3/urllib3/issues/3747">#3747</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c"><code>fd4dffd</code></a> Patch <code>VerifiedHTTPSConnection</code> for Emscripten (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">#3752</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab"><code>13f0bfd</code></a> Handle massive values in Retry-After when calculating time to sleep for (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">#3743</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b"><code>8c480bf</code></a> Bump actions/upload-artifact from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3748">#3748</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1"><code>4b40616</code></a> Bump actions/cache from 4.3.0 to 5.0.1 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3750">#3750</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b"><code>82b8479</code></a> Bump actions/download-artifact from 6.0.0 to 7.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3749">#3749</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2"><code>34284cb</code></a> Mention experimental features in the security policy (<a href="https://redirect.github.com/urllib3/urllib3/issues/3746">#3746</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/2.5.0...2.6.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Stirling-Tools/Stirling-PDF/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
a366463496 |
ci(build): scope Docker layer cache per artifact to avoid cross-contamination (#5453)
This pull request updates the Docker build caching strategy in the
GitHub Actions workflow to improve cache isolation and efficiency. The
main change is the introduction of a cache `scope` based on the
`artifact-suffix` matrix value.
**Build caching improvements:**
*
[`.github/workflows/build.yml`](diffhunk://#diff-5c3fa597431eda03ac3339ae6bf7f05e1a50d6fc7333679ec38e21b337cb6721L329-R330):
Updated `cache-from` and `cache-to` in the Docker build step to use a
scoped cache (`scope=${{ matrix.artifact-suffix }}`), enabling better
cache isolation across different build variants.
|
||
|
|
472ee54098 |
fix(translations): improve translation merger CLI and sync missing UI strings across locales (#5309)
# Description of Changes This pull request updates the Arabic translation file (`frontend/public/locales/ar-AR/translation.toml`) with a large number of new and improved strings, adding support for new features and enhancing clarity and coverage across the application. Additionally, it makes several improvements to the TOML language check script (`.github/scripts/check_language_toml.py`) and updates the corresponding GitHub Actions workflow to better track and validate translation changes. **Translation updates and enhancements:** * Added translations for new features and UI elements, including annotation tools, PDF/A-3b conversion, line art compression, background removal, split modes, onboarding tours, and more. [[1]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR343-R346) [[2]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR442-R460) [[3]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR514-R523) [[4]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR739-R743) [[5]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR1281-R1295) [[6]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR1412-R1416) [[7]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR2362-R2365) [[8]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR2411-R2415) [[9]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR2990) [[10]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR3408-R3420) [[11]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR3782-R3794) [[12]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR3812-R3815) [[13]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR3828-R3832) [[14]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effL3974-R4157) [[15]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR4208-R4221) [[16]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5247) [[17]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5414-R5423) [[18]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5444-R5447) * Improved and expanded coverage for settings, security, onboarding, and help menus, including detailed descriptions and tooltips for new and existing features. [[1]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR442-R460) [[2]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5247) [[3]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5414-R5423) [[4]](diffhunk://#diff-460d5f61a7649a5b149373af2e52a8a87d9a1964cf54240a78ad4747e7233effR5444-R5447) **TOML language check script improvements:** * Increased the maximum allowed TOML file size from 500 KB to 570 KB to accommodate larger translation files. * Improved file validation logic to more accurately skip or process files based on directory structure and file type, and added informative print statements for skipped files. * Enhanced reporting in the difference check: now, instead of raising exceptions for unsafe files or oversized files, the script logs warnings and continues processing, improving robustness and clarity in CI reports. * Adjusted the placement of file check report lines for clarity in the generated report. **Workflow and CI improvements:** * Updated the GitHub Actions workflow (`.github/workflows/check_toml.yml`) to trigger on changes to the translation script and workflow files, in addition to translation TOMLs, ensuring all relevant changes are validated. These changes collectively improve the translation quality and coverage for Arabic users, enhance the reliability and clarity of the translation validation process, and ensure smoother CI/CD workflows for localization updates. <img width="654" height="133" alt="image" src="https://github.com/user-attachments/assets/9f3e505d-927f-4dc0-9098-cee70bbe85ca" /> --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
e7b030e6b5 |
Add Telegram bot integration for pipeline processing (#5185)
# Description of Changes This pull request introduces Telegram bot integration to the application, enabling users to send files via Telegram for processing through the pipeline. The main changes add configuration options, dependency management, and a new service for handling Telegram interactions. **Telegram bot integration:** * Added a new `TelegramPipelineBot` service (`TelegramPipelineBot.java`) that listens for incoming Telegram messages, downloads attached files or photos, places them in a pipeline inbox folder, waits for processing results, and sends the output files back to the user. The service includes error handling and status messaging. * Introduced a `TelegramBotConfig` configuration class to initialize and register the Telegram bot only when enabled via application properties. * Added a new `Telegram` configuration section to `ApplicationProperties` and the `settings.yml.template`, supporting options like enabling/disabling the bot, bot token/username, pipeline folder, processing timeout, and polling interval. [[1]](diffhunk://#diff-1c357db0a3e88cf5bedd4a5852415fadad83b8b3b9eb56e67059d8b9d8b10702R63) [[2]](diffhunk://#diff-1c357db0a3e88cf5bedd4a5852415fadad83b8b3b9eb56e67059d8b9d8b10702R580-R589) [[3]](diffhunk://#diff-12f23603ae35319a3ea08f91b6340d5d935216941fda2e69d2df1b6cd22a63f2R108-R115) **Dependency management:** * Added the `org.telegram:telegrambots` library to the project dependencies to support Telegram bot functionality. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: Copilot <[email protected]> Co-authored-by: Anthony Stirling <[email protected]> |
||
|
|
392462a325 |
build(deps): bump globals from 16.5.0 to 17.0.0 in /frontend (#5413)
Bumps [globals](https://github.com/sindresorhus/globals) from 16.5.0 to 17.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sindresorhus/globals/releases">globals's releases</a>.</em></p> <blockquote> <h2>v17.0.0</h2> <h3>Breaking</h3> <ul> <li>Split <code>audioWorklet</code> environment from <code>browser</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/320">#320</a>) 7bc293e</li> </ul> <h3>Improvements</h3> <ul> <li>Update globals (<a href="https://redirect.github.com/sindresorhus/globals/issues/329">#329</a>) ebe1063</li> <li>Get all browser globals from both <code>chrome</code> and <code>firefox</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/321">#321</a>) 59ceff8</li> <li>Add <code>bunBuiltin</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/324">#324</a>) 1bc6e3b</li> <li>Add <code>denoBuiltin</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/324">#324</a>) 1bc6e3b</li> <li>Add <code>paintWorklet</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/323">#323</a>) 4b78f56</li> <li>Add <code>sharedWorker</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/322">#322</a>) 4a02a85</li> </ul> <hr /> <p><a href="https://github.com/sindresorhus/globals/compare/v16.5.0...v17.0.0">https://github.com/sindresorhus/globals/compare/v16.5.0...v17.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sindresorhus/globals/commit/bb89b18916b00f6c4f089baa0d66cb7f0771ab1b"><code>bb89b18</code></a> 17.0.0</li> <li><a href="https://github.com/sindresorhus/globals/commit/ebe106340137419b4ac0150f746b7567fb78ce03"><code>ebe1063</code></a> Update globals (2026-01-01) (<a href="https://redirect.github.com/sindresorhus/globals/issues/329">#329</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/e3d8da349da72d66fcadf94d926d4ff96da3319c"><code>e3d8da3</code></a> Revert "Automate script for <code>paintWorklet</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/325">#325</a>)" (<a href="https://redirect.github.com/sindresorhus/globals/issues/328">#328</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/e7c0453f80840ebcef3a6bccaabc7a9dc0cb7a84"><code>e7c0453</code></a> Automate script for <code>paintWorklet</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/325">#325</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/1bc6e3bc6658d4243a714bb7dd7401f206fd3bc5"><code>1bc6e3b</code></a> Add <code>bunBuiltin</code> and <code>denoBuiltin</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/324">#324</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/4b78f56c1c305e34161183e8fd5ac89e92c72e84"><code>4b78f56</code></a> Add <code>paintWorklet</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/323">#323</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/59ceff80cb22de31a78651acdda4db1a91eefb11"><code>59ceff8</code></a> Get all browser globals from both <code>chrome</code> and <code>firefox</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/321">#321</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/4a02a852463c03ae722f14f06944c5aa7e0e06e0"><code>4a02a85</code></a> Add <code>sharedWorker</code> environment (<a href="https://redirect.github.com/sindresorhus/globals/issues/322">#322</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/7bc293ec2498be49293e3aec46186a98a76e5ecd"><code>7bc293e</code></a> Split <code>audioWorklet</code> environment from <code>browser</code> (<a href="https://redirect.github.com/sindresorhus/globals/issues/320">#320</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/814075ffd71e6b0599f2611cd445b00906ad2181"><code>814075f</code></a> Fix browser launch (<a href="https://redirect.github.com/sindresorhus/globals/issues/319">#319</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sindresorhus/globals/compare/v16.5.0...v17.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
0a801fe3a6 |
build(deps): bump nginx from 8491795 to c083c37 in /docker/frontend (#5448)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps nginx from `8491795` to `c083c37`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
646df1bfb5 |
build(deps): bump node from 20-alpine to 25-alpine in /docker/frontend (#5311)
Bumps node from 20-alpine to 25-alpine. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
daf27b6128 |
build(deps): bump step-security/harden-runner from 2.12.1 to 2.14.0 (#5324)
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.12.1 to 2.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.14.0</h2> <h2>What's Changed</h2> <ul> <li>Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip_harden_runner, allowing organizations to opt out specific repos.</li> <li>Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0">https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0</a></p> <h2>v2.13.3</h2> <h2>What's Changed</h2> <ul> <li>Fixed an issue where process events were not uploaded in certain edge cases.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3">https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3</a></p> <h2>v2.13.2</h2> <h2>What's Changed</h2> <ul> <li>Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.</li> <li>Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.1...v2.13.2">https://github.com/step-security/harden-runner/compare/v2.13.1...v2.13.2</a></p> <h2>v2.13.1</h2> <h2>What's Changed</h2> <ul> <li> <p>Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues.</p> </li> <li> <p>Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions.</p> </li> <li> <p>Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability.</p> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1">https://github.com/step-security/harden-runner/compare/v2.13.0...v2.13.1</a></p> <h2>v2.13.0</h2> <h2>What's Changed</h2> <ul> <li>Improved job markdown summary</li> <li>Https monitoring for all domains (included with the enterprise tier)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2...v2.13.0">https://github.com/step-security/harden-runner/compare/v2...v2.13.0</a></p> <h2>v2.12.2</h2> <h2>What's Changed</h2> <p>Added HTTPS Monitoring for additional destinations - *.githubusercontent.com Bug fixes:</p> <ul> <li>Implicitly allow local multicast, local unicast and broadcast IP addresses in block mode</li> <li>Increased policy map size for block mode</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/20cf305ff2072d973412fa9b1e3a4f227bda3c76"><code>20cf305</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/622">#622</a> from step-security/feature/custom-property-skip</li> <li><a href="https://github.com/step-security/harden-runner/commit/c51e8eeb6c4fdcd08f65e43a051dacdbfaa69702"><code>c51e8ee</code></a> feat: skip agent install and post step on subsequent runs for GitHub-hosted r...</li> <li><a href="https://github.com/step-security/harden-runner/commit/e152b90204c3d85cefa1441b701a47a13ed28bd7"><code>e152b90</code></a> feat: skip harden-runner based on repository custom property</li> <li><a href="https://github.com/step-security/harden-runner/commit/ee1faec052d1000061fa79a13e030db11b3f86bd"><code>ee1faec</code></a> feat: replace skip-harden-runner with skip-on-custom-property input</li> <li><a href="https://github.com/step-security/harden-runner/commit/1dc7c1764659d537dab2a854b8e165a801103eb1"><code>1dc7c17</code></a> feat: add skip-harden-runner input to conditionally skip execution</li> <li><a href="https://github.com/step-security/harden-runner/commit/df199fb7be9f65074067a9eb93f12bb4c5547cf2"><code>df199fb</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/620">#620</a> from step-security/rc-29</li> <li><a href="https://github.com/step-security/harden-runner/commit/03d096a772368b1f0222005a6899d3e35a7f62df"><code>03d096a</code></a> update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/40901073af04afd40408833437092a7467798f33"><code>4090107</code></a> fix: update agent</li> <li><a href="https://github.com/step-security/harden-runner/commit/95d9a5deda9de15063e7595e9719c11c38c90ae2"><code>95d9a5d</code></a> Merge pull request <a href="https://redirect.github.com/step-security/harden-runner/issues/606">#606</a> from step-security/rc-28</li> <li><a href="https://github.com/step-security/harden-runner/commit/87e429d3fb470bcc827f338e5cce1155ff99c6eb"><code>87e429d</code></a> Update limitations.md</li> <li>Additional commits viewable in <a href="https://github.com/step-security/harden-runner/compare/v2.12.1...20cf305ff2072d973412fa9b1e3a4f227bda3c76">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
818c30cb55 |
build(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 (#5326)
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.6.0 to 3.7.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's releases</a>.</em></p> <blockquote> <h2>v3.7.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.56.0 to 0.67.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/217">docker/setup-qemu-action#217</a> <a href="https://redirect.github.com/docker/setup-qemu-action/pull/230">docker/setup-qemu-action#230</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/220">docker/setup-qemu-action#220</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/218">docker/setup-qemu-action#218</a></li> <li>Bump tmp from 0.2.3 to 0.2.4 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/221">docker/setup-qemu-action#221</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/219">docker/setup-qemu-action#219</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0">https://github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-qemu-action/commit/c7c53464625b32c7a7e944ae62b3e17d2b600130"><code>c7c5346</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/230">#230</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/3a517a1a6f815421d6c0f8ab069bd9cae3024828"><code>3a517a1</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/a5b45edf7e42dbe6d762ad8053bd35a7d336a850"><code>a5b45ed</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.67.0</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/3a64278e93930d340f1caabd280b2e78b36b5032"><code>3a64278</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/220">#220</a> from docker/dependabot/npm_and_yarn/brace-expansion-1...</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/94906ba253608103ef32875025dd58d7f74e2716"><code>94906ba</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/4027abfd67ddf4bd8f75dbf3bb8bf3b69764ded6"><code>4027abf</code></a> build(deps): bump brace-expansion from 1.1.11 to 1.1.12</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/bee0aaad0f43394cdb4b8756cd994ae278b0667c"><code>bee0aaa</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/221">#221</a> from docker/dependabot/npm_and_yarn/tmp-0.2.4</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/0d7e25756e271776f152e7669522f64f54c5e3e2"><code>0d7e257</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/b86960130e28d1756dfa88e15e28ee5880e893de"><code>b869601</code></a> build(deps): bump tmp from 0.2.3 to 0.2.4</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/3a043edff31c211e56ebb1e00a76ce49a831bd24"><code>3a043ed</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/219">#219</a> from docker/dependabot/npm_and_yarn/undici-5.29.0</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-qemu-action/compare/v3.6.0...c7c53464625b32c7a7e944ae62b3e17d2b600130">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
7460e58abf |
build(deps): bump io.micrometer:micrometer-core from 1.16.0 to 1.16.1 (#5358)
Bumps [io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer) from 1.16.0 to 1.16.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micrometer-metrics/micrometer/releases">io.micrometer:micrometer-core's releases</a>.</em></p> <blockquote> <h2>1.16.1</h2> <h2>🐞 Bug Fixes</h2> <ul> <li>Don't filter log events in LogbackMetricsBenchmark <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6891">#6891</a></li> <li>Return value nullability is incorrect on function wrapper methods <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6869">#6869</a></li> </ul> <h2>📔 Documentation</h2> <ul> <li>Add link to the latest Micrometer Team talk <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6881">#6881</a></li> <li>Document JSpecify dependency <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6886">#6886</a></li> <li>Make cross-references more consistent in the docs <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6915">#6915</a></li> </ul> <h2>🔨 Dependency Upgrades</h2> <ul> <li>Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6877">#6877</a></li> <li>Bump com.netflix.spectator:spectator-reg-atlas from 1.9.1 to 1.9.2 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6904">#6904</a></li> <li>Bump com.uber.nullaway:nullaway from 0.12.12 to 0.12.14 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6937">#6937</a></li> <li>Bump grpc from 1.76.0 to 1.76.1 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6902">#6902</a></li> <li>Bump io.freefair.aspectj.post-compile-weaving from 8.14.2 to 8.14.3 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6876">#6876</a></li> <li>Bump io.prometheus:prometheus-metrics-bom from 1.4.2 to 1.4.3 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6868">#6868</a></li> <li>Bump spring6 from 6.2.12 to 6.2.14 <a href="https://redirect.github.com/micrometer-metrics/micrometer/pull/6890">#6890</a></li> </ul> <h2>❤️ Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <p><a href="https://github.com/MiLabuda"><code>@MiLabuda</code></a>, <a href="https://github.com/izeye"><code>@izeye</code></a>, and <a href="https://github.com/ngocnhan-tran1996"><code>@ngocnhan-tran1996</code></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/0550e769cb9b4f15cff86c1e503fce8ae03ef84f"><code>0550e76</code></a> Merge branch '1.15.x' into 1.16.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/e8dd176ffe60d6ea068c7f536e5662278499cd8f"><code>e8dd176</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/d8a46b5a7080738e6f9afd623cfdfcf984f44185"><code>d8a46b5</code></a> Fixed flaky test for mongo client (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6924">#6924</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/0bbe73b0f447ca5ca94e1d2b621eda83d7735477"><code>0bbe73b</code></a> Bump com.uber.nullaway:nullaway from 0.12.13 to 0.12.14 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6937">#6937</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/d0b368dbbc1cd8511f693e7be97810978f67787d"><code>d0b368d</code></a> Polish <a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6612">gh-6612</a> (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6932">#6932</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/aa9eac0d31acb389a03be50f266bc968c8ef207f"><code>aa9eac0</code></a> Bump com.uber.nullaway:nullaway from 0.12.12 to 0.12.13 (<a href="https://redirect.github.com/micrometer-metrics/micrometer/issues/6930">#6930</a>)</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/57bd4ff8ebb64d941ece6d9fb04d2c921bd77ac1"><code>57bd4ff</code></a> Merge branch '1.15.x' into 1.16.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/11d8fb1f8081098ad91efc40ea8902b9113d03d3"><code>11d8fb1</code></a> Merge branch '1.14.x' into 1.15.x</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/5779b09fcb1d5266c614b50ecefe1ad42264b3c2"><code>5779b09</code></a> Backport fixing typos in docs</li> <li><a href="https://github.com/micrometer-metrics/micrometer/commit/8b88e43a98221f50f56d43cdd5b0eafb986e835b"><code>8b88e43</code></a> Merge branch '1.15.x' into 1.16.x</li> <li>Additional commits viewable in <a href="https://github.com/micrometer-metrics/micrometer/compare/v1.16.0...v1.16.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ludy <[email protected]> |
||
|
|
a9ee7f6a8e |
build(deps): bump pypdf from 6.4.0 to 6.6.0 in /testing/cucumber (#5422)
Bumps [pypdf](https://github.com/py-pdf/pypdf) from 6.4.0 to 6.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/py-pdf/pypdf/releases">pypdf's releases</a>.</em></p> <blockquote> <h2>Version 6.6.0, 2026-01-09</h2> <h2>What's new</h2> <h3>Security (SEC)</h3> <ul> <li>Improve handling of partially broken PDF files (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3594">#3594</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Deprecations (DEP)</h3> <ul> <li>Block common page content modifications when assigned to reader (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3582">#3582</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>New Features (ENH)</h3> <ul> <li>Embellishments to generated text appearance streams (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3571">#3571</a>) by <a href="https://github.com/PJBrs"><code>@PJBrs</code></a></li> </ul> <h3>Bug Fixes (BUG)</h3> <ul> <li>Do not consider multi-byte BOM-like sequences as BOMs (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3589">#3589</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Avoid empty FlateDecode outputs without warning (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3579">#3579</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Documentation (DOC)</h3> <ul> <li>Add outlines documentation and link it in User Guide (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3511">#3511</a>) by <a href="https://github.com/mainuddin-md"><code>@mainuddin-md</code></a></li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Add PyPy 3.11 to test matrix and benchmarks (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3574">#3574</a>) by <a href="https://github.com/rassie"><code>@rassie</code></a></li> </ul> <h3>Maintenance (MAINT)</h3> <ul> <li>Fix compatibility with Pillow >= 12.1.0 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3590">#3590</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.5.0...6.6.0">Full Changelog</a></p> <h2>Version 6.5.0, 2025-12-21</h2> <h2>What's new</h2> <h3>New Features (ENH)</h3> <ul> <li>Limit jbig2dec memory usage (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3576">#3576</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> <li>FontDescriptor: Initiate from embedded font resource (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3551">#3551</a>) by <a href="https://github.com/PJBrs"><code>@PJBrs</code></a></li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Allow fallback to PBM files for jbig2dec without PNG support (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3567">#3567</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> <li>Use warning instead of error for early EOD for RunLengthDecode (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3548">#3548</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Test with macOS as well (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3401">#3401</a>) by <a href="https://github.com/stefan6419846"><code>@stefan6419846</code></a></li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.4.2...6.5.0">Full Changelog</a></p> <h2>Version 6.4.2, 2025-12-14</h2> <h2>What's new</h2> <h3>Bug Fixes (BUG)</h3> <ul> <li>Fix KeyError when flattening form field without /Font in resources (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3554">#3554</a>) by <a href="https://github.com/jgillard"><code>@jgillard</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md">pypdf's changelog</a>.</em></p> <blockquote> <h2>Version 6.6.0, 2026-01-09</h2> <h3>Security (SEC)</h3> <ul> <li>Improve handling of partially broken PDF files (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3594">#3594</a>)</li> </ul> <h3>Deprecations (DEP)</h3> <ul> <li>Block common page content modifications when assigned to reader (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3582">#3582</a>)</li> </ul> <h3>New Features (ENH)</h3> <ul> <li>Embellishments to generated text appearance streams (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3571">#3571</a>)</li> </ul> <h3>Bug Fixes (BUG)</h3> <ul> <li>Do not consider multi-byte BOM-like sequences as BOMs (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3589">#3589</a>)</li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Avoid empty FlateDecode outputs without warning (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3579">#3579</a>)</li> </ul> <h3>Documentation (DOC)</h3> <ul> <li>Add outlines documentation and link it in User Guide (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3511">#3511</a>)</li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Add PyPy 3.11 to test matrix and benchmarks (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3574">#3574</a>)</li> </ul> <h3>Maintenance (MAINT)</h3> <ul> <li>Fix compatibility with Pillow >= 12.1.0 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3590">#3590</a>)</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.5.0...6.6.0">Full Changelog</a></p> <h2>Version 6.5.0, 2025-12-21</h2> <h3>New Features (ENH)</h3> <ul> <li>Limit jbig2dec memory usage (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3576">#3576</a>)</li> <li>FontDescriptor: Initiate from embedded font resource (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3551">#3551</a>)</li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Allow fallback to PBM files for jbig2dec without PNG support (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3567">#3567</a>)</li> <li>Use warning instead of error for early EOD for RunLengthDecode (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3548">#3548</a>)</li> </ul> <h3>Developer Experience (DEV)</h3> <ul> <li>Test with macOS as well (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3401">#3401</a>)</li> </ul> <p><a href="https://github.com/py-pdf/pypdf/compare/6.4.2...6.5.0">Full Changelog</a></p> <h2>Version 6.4.2, 2025-12-14</h2> <h3>Bug Fixes (BUG)</h3> <ul> <li>Fix KeyError when flattening form field without /Font in resources (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3554">#3554</a>)</li> </ul> <h3>Robustness (ROB)</h3> <ul> <li>Allow deleting non-existent annotations (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3559">#3559</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/py-pdf/pypdf/commit/10df9c72fa7fb9ab14101b9cb911d66e680282a8"><code>10df9c7</code></a> REL: 6.6.0</li> <li><a href="https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45"><code>2941657</code></a> SEC: Improve handling of partially broken PDF files (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3594">#3594</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/712688005e49d2d0a4427db0b16abbae160fe106"><code>7126880</code></a> DEV: Update to urllib3 2.6.3 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3593">#3593</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/f189f0755eb111564ae8667a990738a9e7ab4ba9"><code>f189f07</code></a> DOC: Add outlines documentation and link it in User Guide (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3511">#3511</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/a29e5326f543f93c4c317cf9f92df54aff68c584"><code>a29e532</code></a> BUG: Do not consider multi-byte BOM-like sequences as BOMs (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3589">#3589</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/d9ce594772717fdcfcd505d0309843461579bbf7"><code>d9ce594</code></a> MAINT: Converge on one shared Font class for text extraction and appearance s...</li> <li><a href="https://github.com/py-pdf/pypdf/commit/a65708c778467f1525662dfe5614a486adbd16b0"><code>a65708c</code></a> DEV: Check for JavaScript library updates on GitHub Pages (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3592">#3592</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/6951bb7c039afd02bd273dda412c3f36df76eba3"><code>6951bb7</code></a> MAINT: Fix compatibility with Pillow >= 12.1.0 (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3590">#3590</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/97d47a001d574dfda54bf16c4dcee89ccbfabec8"><code>97d47a0</code></a> TST: Improve test coverage (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3584">#3584</a>)</li> <li><a href="https://github.com/py-pdf/pypdf/commit/bda80a4846a8646419a04cc253d81b73773d3cec"><code>bda80a4</code></a> DEV: Add PyPy 3.11 to test matrix and benchmarks (<a href="https://redirect.github.com/py-pdf/pypdf/issues/3574">#3574</a>)</li> <li>Additional commits viewable in <a href="https://github.com/py-pdf/pypdf/compare/6.4.0...6.6.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
36e0fd566a |
build(deps): bump github/codeql-action from 4.31.5 to 4.31.10 (#5449)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.5 to 4.31.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v4.31.10</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.10 - 12 Jan 2026</h2> <ul> <li>Update default CodeQL bundle version to 2.23.9. <a href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.10/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.9</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.9 - 16 Dec 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.9/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.8</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.8 - 11 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.8. <a href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.8/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.7</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.7 - 05 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.7. <a href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.7/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.6</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.6 - 01 Dec 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>4.31.10 - 12 Jan 2026</h2> <ul> <li>Update default CodeQL bundle version to 2.23.9. <a href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li> </ul> <h2>4.31.9 - 16 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.8 - 11 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.8. <a href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li> </ul> <h2>4.31.7 - 05 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.7. <a href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li> </ul> <h2>4.31.6 - 01 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.5 - 24 Nov 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.6. <a href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li> </ul> <h2>4.31.4 - 18 Nov 2025</h2> <p>No user facing changes.</p> <h2>4.31.3 - 13 Nov 2025</h2> <ul> <li>CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see <a href="https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/">Upcoming deprecation of CodeQL Action v3</a>.</li> <li>Update default CodeQL bundle version to 2.23.5. <a href="https://redirect.github.com/github/codeql-action/pull/3288">#3288</a></li> </ul> <h2>4.31.2 - 30 Oct 2025</h2> <p>No user facing changes.</p> <h2>4.31.1 - 30 Oct 2025</h2> <ul> <li>The <code>add-snippets</code> input has been removed from the <code>analyze</code> action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.</li> </ul> <h2>4.31.0 - 24 Oct 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/cdefb33c0f6224e58673d9004f47f7cb3e328b89"><code>cdefb33</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3394">#3394</a> from github/update-v4.31.10-0fa411efd</li> <li><a href="https://github.com/github/codeql-action/commit/cfa77c6b134886357b1c716fbe58a7708833bf31"><code>cfa77c6</code></a> Update changelog for v4.31.10</li> <li><a href="https://github.com/github/codeql-action/commit/0fa411efd0628aefdf9d03a0faa20a1e0edafc4a"><code>0fa411e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3393">#3393</a> from github/update-bundle/codeql-bundle-v2.23.9</li> <li><a href="https://github.com/github/codeql-action/commit/c2843242125c2fb8dcd892f204eb2f8622886b78"><code>c284324</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/83e7d0046cd548fe4cb5d55f5b2ce30b0de62304"><code>83e7d00</code></a> Update default bundle to codeql-bundle-v2.23.9</li> <li><a href="https://github.com/github/codeql-action/commit/f6a16bef8e5c39e398e4da16862d381f76824ac6"><code>f6a16be</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3391">#3391</a> from github/dependabot/npm_and_yarn/npm-minor-f1cdf5...</li> <li><a href="https://github.com/github/codeql-action/commit/c1f5f1a8b57e6da99af540e7c2f23ed33152e270"><code>c1f5f1a</code></a> Rebuild</li> <li><a href="https://github.com/github/codeql-action/commit/1805d8d0a48bdde6eb34e4427b3c00c431427f89"><code>1805d8d</code></a> Bump the npm-minor group with 2 updates</li> <li><a href="https://github.com/github/codeql-action/commit/b2951d2a1ed70de8ec57301118b487b35c13595a"><code>b2951d2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3353">#3353</a> from github/kaspersv/bump-min-cli-v-for-overlay</li> <li><a href="https://github.com/github/codeql-action/commit/41448d92b9e7bb3a481b3134031a56e52f85528f"><code>41448d9</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3287">#3287</a> from github/henrymercer/generate-mergeback-last</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/fdbfb4d2750291e159f0156def62b853c2798ca2...cdefb33c0f6224e58673d9004f47f7cb3e328b89">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
65a5d05713 |
feat(ui): prevent self-modification in People management and highlight current user (#5441)
# Description of Changes This PR improves the People management UI by preventing users from modifying or deleting their own account and by visually highlighting the currently logged-in user. <img width="675" height="196" alt="image" src="https://github.com/user-attachments/assets/c45fb0b6-c766-412c-a53b-b72aed2925d2" /> ### What was changed - Integrated session-based authentication context to identify the currently logged-in user. - Added a helper to detect the current user in the user list. - Highlighted the current user's row with a subtle background color. - Disabled self-actions: - Editing own role - Enabling/disabling own account - Deleting own account - Kept password change available for the current user. ### Why the change was made - Prevents accidental self-lockout or privilege removal. - Aligns UI behavior with common security best practices. - Improves clarity by visually distinguishing the active user account. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
3c8fb8ac96 |
build(ci): pin base container images, switch npm install to npm ci, and harden EML error handling (#5353)
# Description of Changes This pull request introduces several improvements focused on security and reliability in both the Docker build process and the backend API. The most significant changes are the use of digest-pinned Docker base images to ensure reproducible builds, safer handling of user-provided filenames in error messages, and a switch to more reliable dependency installation in CI workflows. **Docker image security and reproducibility:** * All Dockerfiles now use digest-pinned base images (e.g., `node:20-alpine@sha256:...`, `gradle:8.14-jdk21@sha256:...`, `alpine:3.22.1@sha256:...`, `nginx:alpine@sha256:...`) to guarantee build consistency and protect against upstream image changes. [[1]](diffhunk://#diff-f8faae0938488156cf26e9322ffdf755deaa8770a7ac8c524dd6126c19548888L5-R5) [[2]](diffhunk://#diff-f8faae0938488156cf26e9322ffdf755deaa8770a7ac8c524dd6126c19548888L18-R18) [[3]](diffhunk://#diff-f8faae0938488156cf26e9322ffdf755deaa8770a7ac8c524dd6126c19548888L38-R38) [[4]](diffhunk://#diff-2f5cd3ad965c86a7a5b4af6e0513ad294e0426644d9f5b5358dfb16a2ef995a7L5-R5) [[5]](diffhunk://#diff-2f5cd3ad965c86a7a5b4af6e0513ad294e0426644d9f5b5358dfb16a2ef995a7L18-R18) [[6]](diffhunk://#diff-2f5cd3ad965c86a7a5b4af6e0513ad294e0426644d9f5b5358dfb16a2ef995a7L37-R37) [[7]](diffhunk://#diff-e9edf3a05475d0721a0e65be1ba0eeb162ae972891b0f6d7e1285687efab1de0L9-R9) [[8]](diffhunk://#diff-fa0700cfd7d90d832649eb1d0503904564bb3b28c48972be7d9f17e4ce32a3dcL9-R9) [[9]](diffhunk://#diff-2e766aaf0c87e7b8a62d2a2986f6999c38cc35f677479e31b77d1b427c7aeef7L5-R5) [[10]](diffhunk://#diff-1726db0cbef194c9be3cba9825c0794802b154e15e4c892c1544d0aace03e037L5-R5) [[11]](diffhunk://#diff-c1b6dd504a16fc68cd064baf9cf07d9dd31da56eb55de69601844ab03a5ae319L5-R5) [[12]](diffhunk://#diff-2fc7fcfcfdbb617dd8fbb6b1a2ea5709f9018d618d13942cb33d3e0ed127df16L5-R5) [[13]](diffhunk://#diff-2fc7fcfcfdbb617dd8fbb6b1a2ea5709f9018d618d13942cb33d3e0ed127df16L39-R39) [[14]](diffhunk://#diff-759e94102d21fe6f9bde8ddb0b4f95b5d5cd214b0355ea0419d3ea6c09e8ffbfL2-R2) [[15]](diffhunk://#diff-759e94102d21fe6f9bde8ddb0b4f95b5d5cd214b0355ea0419d3ea6c09e8ffbfL19-R19) **Backend API security:** * In `ConvertEmlToPDF.java`, error messages now escape user-provided filenames using `HtmlUtils.htmlEscape`, preventing potential XSS vulnerabilities when displaying error messages that include filenames. [[1]](diffhunk://#diff-45d22a96bae3e8a746b7fb2c39e25c80aee0bf733b528a3517db8fdd2a3d25cdR13) [[2]](diffhunk://#diff-45d22a96bae3e8a746b7fb2c39e25c80aee0bf733b528a3517db8fdd2a3d25cdR156-R170) **CI/CD reliability:** * All GitHub Actions workflows (`multiOSReleases.yml`, `releaseArtifacts.yml`, `tauri-build.yml`) now use `npm ci` instead of `npm install` for frontend dependency installation, ensuring clean, reproducible installs that match the lockfile. [[1]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bL271-R271) [[2]](diffhunk://#diff-699ff98fe113446c403eb07daf16dd1966c2a047ab0b9f7e38fd695d079f7dddL177-R177) [[3]](diffhunk://#diff-b34ab107dd4bc92075b2e89b6f16e4a2813e267ca7c2afebdb1931a0a3900d5aL177-R177) --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |
||
|
|
0c96133544 |
Feature/v2/redact (#5249)
# Description of Changes - Add manual redaction and added it to the right rail in the viewer --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. |