This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) | patch | `v1.20.0` → `v1.20.1` |
---
### Release Notes
<details>
<summary>cert-manager/cert-manager (cert-manager/cert-manager)</summary>
### [`v1.20.1`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.1)
[Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.20.0...v1.20.1)
v1.20.1 fixes an issue for OpenShift users that has to do with the finalizer RBAC, bumps gRPC to address a reported non-affecting vulnerability, and fixes a duplicate `parentRef` bug when both issuer config and annotations are present (Gateway API).
##### Bug or Regression
- Fixed duplicate `parentRef` bug when both issuer config and annotations are present. ([#​8658](https://github.com/cert-manager/cert-manager/issues/8658), [@​hjoshi123](https://github.com/hjoshi123))
- Add missing issuer finalizer RBAC to the order controller to support owner references. This was preventing OpenShift users from being able to upgrade to v1.20.0. ([#​8655](https://github.com/cert-manager/cert-manager/issues/8655), [@​erikgb](https://github.com/erikgb))
- Bump google.golang.org/grpc to fix vulnerability reported by scanners. This isn't a vulnerability that affects cert-manager, but we are bumping it because it is reported by scanners. ([#​8657](https://github.com/cert-manager/cert-manager/issues/8657), [@​erikgb](https://github.com/erikgb))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuOTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/5206
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [tailscale/tailscale](https://github.com/tailscale/tailscale) | patch | `v1.96.3` → `v1.96.4` |
---
### Release Notes
<details>
<summary>tailscale/tailscale (tailscale/tailscale)</summary>
### [`v1.96.4`](https://github.com/tailscale/tailscale/releases/tag/v1.96.4)
[Compare Source](https://github.com/tailscale/tailscale/compare/v1.96.3...v1.96.4)
Please refer to the changelog available at <https://tailscale.com/changelog>
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuOTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Reviewed-on: #5208
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [grafana/loki](https://github.com/grafana/loki) | patch | `3.7.0` → `3.7.1` |
---
### Release Notes
<details>
<summary>grafana/loki (grafana/loki)</summary>
### [`v3.7.1`](https://github.com/grafana/loki/releases/tag/v3.7.1)
[Compare Source](https://github.com/grafana/loki/compare/v3.7.0...v3.7.1)
##### Bug Fixes
- Upgrade Go and gRPC versions on 3.7.x ([#​21282](https://github.com/grafana/loki/issues/21282)) ([2c8fff2](2c8fff222b))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuOTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Reviewed-on: #5207
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| clickhouse/clickhouse-server | minor | `26.2.5` → `26.3.2` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45Mi4wIiwidXBkYXRlZEluVmVyIjoiNDMuOTUuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZG9ja2VyIiwiZG9ja2VyIl19-->
Reviewed-on: #5191
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| ghcr.io/sahara101/movie-roulette | minor | `v5.3.0` → `v5.4.0` |
| [sahara101/Movie-Roulette](https://github.com/sahara101/Movie-Roulette) | minor | `v5.3.0` → `v5.4.0` |
---
### Release Notes
<details>
<summary>sahara101/Movie-Roulette (sahara101/Movie-Roulette)</summary>
### [`v5.4.0`](https://github.com/sahara101/Movie-Roulette/releases/tag/v5.4.0)
[Compare Source](https://github.com/sahara101/Movie-Roulette/compare/v5.3.0...v5.4.0)
#### New Features
- **Watch Together - Watchlist & Library modes** (Plex only) - find movies to watch with a partner via two modes: **Watchlist** (intersects plex.tv watchlists, no app account needed) or **Library** (intersects local watch-status caches, instant). Enable via `PLEX_WATCH_TOGETHER=true` or Settings -> Plex
- **Multi-arch Docker manifest** - `latest` and version tags are now multi-arch manifests (AMD64, ARM64, ARMv7). `arm-latest` kept for backward compatibility
- **Filter panel redesign (HeroUI)** - filter is now a full-height right sidebar on desktop and a bottom-sheet on mobile, with open/close animations and an active-filter-count badge (or **W** for Watch Together)
#### Security
- **cbor2 -> 5.9.0** (CVE-2026-26209, high) - DoS via uncontrolled recursion in `cbor2.loads()`; affects WebAuthn/Passkey flow
- **requests -> 2.33.0** (CVE-2026-25645, medium) - insecure predictable temp filename in `extract_zipped_paths()`
#### Bug Fixes
- **Plex managed/home user cache not building** - resilient fallback chain (`switchUser()` -> `switchHomeUser()`) handles Plex CVE-2025-34158 / CVE-2025-69417 endpoint restriction
- **Empty cache file suppressing rebuilds** - cache build now also triggers when the file exists but is <= 2 bytes
- **Slow search** - queries local cache instead of media server API; drops from \~3-10 s to <50 ms; debounce reduced to 150 ms
- **Search modal uncloseable on mobile/PWA** - uses centered modal with tappable backdrop on mobile
- **Watchlist pool stall (3-5 s) after reset** - TTL is now sliding with 15-minute idle timeout instead of fixed 5-minute expiry
- **"All movies seen" toast missing in HeroUI** - pool reset surfaced in Watch Together response; toast uses glassmorphism styling
- **Filter close animation missing on mobile (HeroUI)** - bottom-sheet now slides down correctly instead of using the desktop keyframe
- **Update notification wrong theme on main page** - `heroui-theme.css` and `aceternity-effects.css` now loaded in HeroUI main page block
- **Login card off-center on mobile** - switches to `justify-content: center` at <=480px
- **Collection warning x button visible on mobile** - hidden at <=480px across all stylesheets
- **User Management usernames hidden on mobile** - scoped hide rule to `.user-item .user-name` to avoid conflict with `auth.css`
**Full Changelog**: <https://github.com/sahara101/Movie-Roulette/compare/v5.3.0...v5.4.0>
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45NS4wIiwidXBkYXRlZEluVmVyIjoiNDMuOTUuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZG9ja2VyIiwiZG9ja2VyIl19-->
Reviewed-on: #5200
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| dxflrs/garage | minor | `v2.1.0` → `v2.2.0` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45Mi4wIiwidXBkYXRlZEluVmVyIjoiNDMuOTIuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZG9ja2VyIiwiZG9ja2VyIl19-->
Reviewed-on: #5182
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [harbor.alexlebens.net/images/site-documentation](https://gitea.alexlebens.dev/alexlebens/site-documentation) | minor | `0.9.0` → `0.10.0` |
---
### Release Notes
<details>
<summary>alexlebens/site-documentation (harbor.alexlebens.net/images/site-documentation)</summary>
### [`v0.10.0`](https://gitea.alexlebens.dev/alexlebens/site-documentation/blob/HEAD/CHANGELOG.md#0100-2026-03-26)
[Compare Source](https://gitea.alexlebens.dev/alexlebens/site-documentation/compare/0.9.0...0.10.0)
##### Features
- add more apps ([33b64b0](33b64b0122))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45MS4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTEuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZG9ja2VyIiwiZG9ja2VyIl19-->
Reviewed-on: #5169
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
