9342c73600
chore(deps): update directus/directus to v11.16.1 ( #4648 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 29s
renovate / renovate (push) Has been cancelled
2026-03-11 22:28:31 +00:00
7d9a4ecfd2
feat: remove monitor
lint-test-helm / lint-helm (push) Successful in 23s
render-manifests-push / render-manifests-push (push) Successful in 1m1s
renovate / renovate (push) Has been cancelled
2026-03-11 17:25:53 -05:00
0ac8d5a3d5
feat: set object store to null
lint-test-helm / lint-helm (push) Successful in 12s
render-manifests-push / render-manifests-push (push) Successful in 56s
renovate / renovate (push) Successful in 11m37s
2026-03-11 16:57:17 -05:00
4e81f19249
feat: remove object gateway
lint-test-helm / lint-helm (push) Successful in 19s
render-manifests-push / render-manifests-push (push) Successful in 1m8s
renovate / renovate (push) Has been cancelled
2026-03-11 16:52:03 -05:00
3d35bdf2df
feat: change security context
lint-test-helm / lint-helm (push) Successful in 23s
render-manifests-push / render-manifests-push (push) Successful in 54s
renovate / renovate (push) Has been cancelled
2026-03-11 16:47:42 -05:00
10ca9c3d8e
feat: move to local storage
lint-test-helm / lint-helm (push) Successful in 15s
render-manifests-push / render-manifests-push (push) Successful in 33s
renovate / renovate (push) Has been cancelled
2026-03-11 16:37:47 -05:00
3ff086685f
feat: migrated to garage
lint-test-helm / lint-helm (push) Successful in 23s
render-manifests-push / render-manifests-push (push) Successful in 53s
renovate / renovate (push) Successful in 10m57s
2026-03-11 16:15:14 -05:00
695a71095f
fix: wrong port
lint-test-helm / lint-helm (push) Successful in 19s
render-manifests-push / render-manifests-push (push) Successful in 35s
renovate / renovate (push) Successful in 2m45s
2026-03-11 15:42:28 -05:00
904f21d7ef
feat: vault path
lint-test-helm / lint-helm (push) Successful in 10s
render-manifests-push / render-manifests-push (push) Successful in 56s
renovate / renovate (push) Successful in 12m4s
2026-03-11 15:24:48 -05:00
f269912cec
feat: change backing storage to garage
lint-test-helm / lint-helm (push) Successful in 23s
render-manifests-push / render-manifests-push (push) Successful in 36s
renovate / renovate (push) Has been cancelled
2026-03-11 15:21:47 -05:00
a41495ac5b
feat: change service
lint-test-helm / lint-helm (push) Successful in 21s
render-manifests-push / render-manifests-push (push) Successful in 47s
renovate / renovate (push) Successful in 1m28s
2026-03-11 14:40:53 -05:00
0d4cd74d1e
feat: change index
lint-test-helm / lint-helm (push) Successful in 22s
render-manifests-push / render-manifests-push (push) Successful in 1m11s
renovate / renovate (push) Successful in 2m45s
2026-03-11 14:05:10 -05:00
d9d30f9c29
fix: missing key
lint-test-helm / lint-helm (push) Successful in 20s
render-manifests-push / render-manifests-push (push) Successful in 52s
renovate / renovate (push) Successful in 3m27s
2026-03-11 13:56:46 -05:00
1eeefb8a1c
feat: change main service
lint-test-helm / lint-helm (push) Failing after 5s
render-manifests-push / render-manifests-push (push) Failing after 34s
renovate / renovate (push) Has been cancelled
2026-03-11 13:53:48 -05:00
537e2f0f8d
feat: enable backups and index
lint-test-helm / lint-helm (push) Successful in 24s
render-manifests-push / render-manifests-push (push) Successful in 1m22s
renovate / renovate (push) Successful in 3m18s
2026-03-11 13:45:37 -05:00
9d201656b6
chore(deps): update booklore-app/booklore to v2.2.0 ( #4633 )
...
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 20s
renovate / renovate (push) Successful in 1m40s
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [booklore-app/BookLore](https://github.com/booklore-app/BookLore ) | minor | `v2.1.0` → `v2.2.0` |
| [ghcr.io/booklore-app/booklore](https://github.com/booklore-app/booklore ) | minor | `v2.1.0` → `v2.2.0` |
---
### Release Notes
<details>
<summary>booklore-app/BookLore (booklore-app/BookLore)</summary>
### [`v2.2.0`](https://github.com/booklore-app/booklore/releases/tag/v2.2.0 )
[Compare Source](https://github.com/booklore-app/BookLore/compare/v2.1.0...v2.2.0 )
#### 🌟 What's New in v2.2.0
This release introduces (or brings back) two new library organization modes: **Book per File** and **Book per Folder**, giving you explicit control over how Booklore groups files into books during scanning.
When Booklore first started, the philosophy was simple: don't worry about how files are organized on disk, just scan everything and figure it out. This worked well when libraries only contained single-file formats like EPUB and PDF. But as support grew for multi-format books and multi-file audiobooks, that approach started to break down. The existing Auto-detect mode uses fuzzy filename matching and heuristics to guess how files should be grouped, and while it works in many cases, it has some real problems: files can get missed during scans, multi-file audiobooks sometimes show up as separate books (one per file), and the grouping behavior is unpredictable since it depends on how your files happen to be named.
Rather than continuing to patch Auto-detect, I'm introducing two new modes that are simple, predictable, and thoroughly-tested:
- **Book per File**: Every file becomes its own book. One file, one book, no guessing. This is now the default for new libraries.
- **Book per Folder**: Files in the same folder are grouped into a single book. Great for organized libraries with an `Author/Title/` structure, and it handles multi-format books and folder-based audiobooks naturally. If you have a folder with an EPUB, a MOBI, and an `audiobook/` subfolder, they all become one book.
**Auto-detect is not going away.** Existing libraries using it will continue to work as before. But it's now marked as legacy, and I strongly recommend switching to one of the new modes. They're simpler, more reliable, and will be the focus of ongoing development and support going forward.
You can set the organization mode when creating a new library, but cannot change it on an existing library. For a detailed breakdown of each mode with examples, check out the [documentation](https://booklore.org/docs/library/organization-modes ).
#### 🚀 New Features
- Scanner organization modes and monitoring rework ([#​3279](https://github.com/booklore-app/BookLore/issues/3279 )) by [@​acx10](https://github.com/acx10 )
#### ✨ Enhancements
- Add configurable magnifier zoom and lens size for CBX reader ([#​3260](https://github.com/booklore-app/BookLore/issues/3260 )) ([#​3268](https://github.com/booklore-app/BookLore/issues/3268 )) by [@​acx10](https://github.com/acx10 )
#### 🐛 Bug Fixes
- Make OIDC scopes configurable ([#​3261](https://github.com/booklore-app/BookLore/issues/3261 )) ([#​3265](https://github.com/booklore-app/BookLore/issues/3265 )) by [@​acx10](https://github.com/acx10 )
#### 🛠️ Refactoring & Maintenance
- Lock organization mode dropdown for AUTO\_DETECT libraries ([#​3284](https://github.com/booklore-app/BookLore/issues/3284 )) by [@​acx10](https://github.com/acx10 )
- Lock organization mode for AUTO\_DETECT libraries ([#​3283](https://github.com/booklore-app/BookLore/issues/3283 )) by [@​acx10](https://github.com/acx10 )
- Translations update from Hosted Weblate ([#​3248](https://github.com/booklore-app/BookLore/issues/3248 )) by [@​acx10](https://github.com/acx10 )
#### 🐳 Docker Images
- **Docker Hub:** `booklore/booklore:v2.2.0`
- **GitHub Container Registry:** `ghcr.io/booklore-app/booklore:v2.2.0`
**Full Changelog**: <https://github.com/booklore-app/booklore/compare/v2.1.0...v2.2.0 >
<img width="728" height="942" alt="Screenshot 2026-03-11 at 8 51 59 AM" src="https://github.com/user-attachments/assets/a8decbd8-e80f-4865-b6ee-bbb612fd20b7 " />
<img width="728" height="942" alt="Screenshot 2026-03-11 at 8 51 20 AM" src="https://github.com/user-attachments/assets/51a11cb8-d4ec-47b8-ac09-61cc222a8ab4 " />
</details>
<details>
<summary>booklore-app/booklore (ghcr.io/booklore-app/booklore)</summary>
### [`v2.2.0`](https://github.com/booklore-app/booklore/releases/tag/v2.2.0 )
[Compare Source](https://github.com/booklore-app/booklore/compare/v2.1.0...v2.2.0 )
#### 🌟 What's New in v2.2.0
This release introduces (or brings back) two new library organization modes: **Book per File** and **Book per Folder**, giving you explicit control over how Booklore groups files into books during scanning.
When Booklore first started, the philosophy was simple: don't worry about how files are organized on disk, just scan everything and figure it out. This worked well when libraries only contained single-file formats like EPUB and PDF. But as support grew for multi-format books and multi-file audiobooks, that approach started to break down. The existing Auto-detect mode uses fuzzy filename matching and heuristics to guess how files should be grouped, and while it works in many cases, it has some real problems: files can get missed during scans, multi-file audiobooks sometimes show up as separate books (one per file), and the grouping behavior is unpredictable since it depends on how your files happen to be named.
Rather than continuing to patch Auto-detect, I'm introducing two new modes that are simple, predictable, and thoroughly-tested:
- **Book per File**: Every file becomes its own book. One file, one book, no guessing. This is now the default for new libraries.
- **Book per Folder**: Files in the same folder are grouped into a single book. Great for organized libraries with an `Author/Title/` structure, and it handles multi-format books and folder-based audiobooks naturally. If you have a folder with an EPUB, a MOBI, and an `audiobook/` subfolder, they all become one book.
**Auto-detect is not going away.** Existing libraries using it will continue to work as before. But it's now marked as legacy, and I strongly recommend switching to one of the new modes. They're simpler, more reliable, and will be the focus of ongoing development and support going forward.
You can set the organization mode when creating a new library, but cannot change it on an existing library. For a detailed breakdown of each mode with examples, check out the [documentation](https://booklore.org/docs/library/organization-modes ).
#### 🚀 New Features
- Scanner organization modes and monitoring rework ([#​3279](https://github.com/booklore-app/booklore/issues/3279 )) by [@​acx10](https://github.com/acx10 )
#### ✨ Enhancements
- Add configurable magnifier zoom and lens size for CBX reader ([#​3260](https://github.com/booklore-app/booklore/issues/3260 )) ([#​3268](https://github.com/booklore-app/booklore/issues/3268 )) by [@​acx10](https://github.com/acx10 )
#### 🐛 Bug Fixes
- Make OIDC scopes configurable ([#​3261](https://github.com/booklore-app/booklore/issues/3261 )) ([#​3265](https://github.com/booklore-app/booklore/issues/3265 )) by [@​acx10](https://github.com/acx10 )
#### 🛠️ Refactoring & Maintenance
- Lock organization mode dropdown for AUTO\_DETECT libraries ([#​3284](https://github.com/booklore-app/booklore/issues/3284 )) by [@​acx10](https://github.com/acx10 )
- Lock organization mode for AUTO\_DETECT libraries ([#​3283](https://github.com/booklore-app/booklore/issues/3283 )) by [@​acx10](https://github.com/acx10 )
- Translations update from Hosted Weblate ([#​3248](https://github.com/booklore-app/booklore/issues/3248 )) by [@​acx10](https://github.com/acx10 )
#### 🐳 Docker Images
- **Docker Hub:** `booklore/booklore:v2.2.0`
- **GitHub Container Registry:** `ghcr.io/booklore-app/booklore:v2.2.0`
**Full Changelog**: <https://github.com/booklore-app/booklore/compare/v2.1.0...v2.2.0 >
<img width="728" height="942" alt="Screenshot 2026-03-11 at 8 51 59 AM" src="https://github.com/user-attachments/assets/a8decbd8-e80f-4865-b6ee-bbb612fd20b7 " />
<img width="728" height="942" alt="Screenshot 2026-03-11 at 8 51 20 AM" src="https://github.com/user-attachments/assets/51a11cb8-d4ec-47b8-ac09-61cc222a8ab4 " />
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->
Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4633
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net >
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net >
2026-03-11 16:06:56 +00:00
95601d3090
chore(deps): update helm release element-web to v1.4.32 ( #4634 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 10s
renovate / renovate (push) Has been cancelled
2026-03-11 16:04:46 +00:00
1a7eaf2d0c
chore(deps): update harbor.alexlebens.net/images/site-profile docker tag to v3.1.0 ( #4631 )
...
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 10s
renovate / renovate (push) Successful in 4m29s
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [harbor.alexlebens.net/images/site-profile](https://gitea.alexlebens.dev/alexlebens/site-profile ) | minor | `3.0.0` → `3.1.0` |
---
### Release Notes
<details>
<summary>alexlebens/site-profile (harbor.alexlebens.net/images/site-profile)</summary>
### [`v3.1.0`](https://gitea.alexlebens.dev/alexlebens/site-profile/compare/3.0.0...3.1.0 )
[Compare Source](https://gitea.alexlebens.dev/alexlebens/site-profile/compare/3.0.0...3.1.0 )
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->
Reviewed-on: #4631
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net >
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net >
2026-03-11 06:56:19 +00:00
5876d9ab79
chore(deps): update harbor.alexlebens.net/images/site-profile docker tag to v3 ( #4628 )
...
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 13s
renovate / renovate (push) Successful in 3m0s
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [harbor.alexlebens.net/images/site-profile](https://gitea.alexlebens.dev/alexlebens/site-profile ) | major | `2.25.0` → `3.0.0` |
---
### Release Notes
<details>
<summary>alexlebens/site-profile (harbor.alexlebens.net/images/site-profile)</summary>
### [`v3.0.0`](https://gitea.alexlebens.dev/alexlebens/site-profile/compare/2.25.0...3.0.0 )
[Compare Source](https://gitea.alexlebens.dev/alexlebens/site-profile/compare/2.25.0...3.0.0 )
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->
Reviewed-on: #4628
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net >
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net >
2026-03-11 06:25:20 +00:00
1c03121d81
chore(deps): update ghcr.io/linuxserver/prowlarr:2.3.0 docker digest to 9ef5d8b ( #4627 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 10s
renovate / renovate (push) Successful in 3m26s
2026-03-11 06:02:48 +00:00
8a828db5a6
chore(deps): update d3fk/s3cmd:latest docker digest to a41234c ( #4623 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 10s
renovate / renovate (push) Successful in 2m35s
2026-03-11 04:03:28 +00:00
fe1332a37f
chore(deps): update ghcr.io/linuxserver/lidarr:3.1.2-nightly docker digest to 2b1b64f ( #4624 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Has been cancelled
renovate / renovate (push) Has been cancelled
2026-03-11 04:03:18 +00:00
0c807bfdf8
chore(deps): update ghcr.io/linuxserver/bazarr:1.5.6 docker digest to 05f9d5b ( #4620 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 29s
render-manifests-dispatch / render-manifests-dispatch (push) Has started running
renovate / renovate (push) Successful in 2m50s
2026-03-10 22:04:30 +00:00
66ea9f6e9d
feat: fix service
lint-test-helm / lint-helm (push) Successful in 26s
render-manifests-push / render-manifests-push (push) Successful in 39s
renovate / renovate (push) Successful in 4m1s
2026-03-10 16:21:08 -05:00
bb2eb87f04
feat: add movie-routelette
lint-test-docker / lint-docker-compose (push) Successful in 18s
lint-test-helm / lint-helm (push) Successful in 29s
render-manifests-push / render-manifests-push (push) Successful in 51s
renovate / renovate (push) Successful in 2m46s
2026-03-10 16:05:21 -05:00
fc4489c280
chore(deps): update goharbor/harbor-exporter docker tag to v2.14.3 ( #4605 )
...
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 22s
renovate / renovate (push) Successful in 2m5s
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| goharbor/harbor-exporter | patch | `v2.14.2` → `v2.14.3` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21lcmdlIiwiaW1hZ2UiXX0=-->
Reviewed-on: #4605
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net >
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net >
2026-03-10 20:15:39 +00:00
bba5b244a4
chore(deps): update goharbor/registry-photon docker tag to v2.14.3 ( #4610 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 28s
renovate / renovate (push) Successful in 2m12s
2026-03-10 20:12:04 +00:00
a9222afe69
chore(deps): update goharbor/harbor-registryctl docker tag to v2.14.3 ( #4609 )
lint-test-helm / lint-helm (push) Has been cancelled
render-manifests-push / render-manifests-push (push) Has been cancelled
renovate / renovate (push) Has been cancelled
2026-03-10 20:12:00 +00:00
b5984a21c3
chore(deps): update goharbor/harbor-portal docker tag to v2.14.3 ( #4608 )
lint-test-helm / lint-helm (push) Has been cancelled
render-manifests-push / render-manifests-push (push) Has been cancelled
renovate / renovate (push) Has been cancelled
2026-03-10 20:11:36 +00:00
d909ba3edd
chore(deps): update goharbor/harbor-jobservice docker tag to v2.14.3 ( #4607 )
lint-test-helm / lint-helm (push) Has been cancelled
render-manifests-push / render-manifests-push (push) Has been cancelled
renovate / renovate (push) Has been cancelled
2026-03-10 20:11:21 +00:00
f95e1987cf
chore(deps): update goharbor/harbor-core docker tag to v2.14.3 ( #4604 )
lint-test-helm / lint-helm (push) Has been cancelled
render-manifests-push / render-manifests-push (push) Has been skipped
renovate / renovate (push) Has been cancelled
2026-03-10 20:10:59 +00:00
9a9198fa40
chore(deps): update ghcr.io/siderolabs/talosctl docker tag to v1.12.5 ( #4603 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Has been cancelled
renovate / renovate (push) Has been cancelled
2026-03-10 20:10:45 +00:00
fd4e5349f8
chore(deps): update dependency goharbor/harbor to v2.14.3 ( #4602 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 15s
renovate / renovate (push) Has been cancelled
2026-03-10 20:10:18 +00:00
b5ecdf7cc9
chore(deps): update gitroomhq/postiz-app to v2.20.2 ( #4600 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 26s
renovate / renovate (push) Successful in 2m23s
2026-03-10 19:27:38 +00:00
def594a753
chore(deps): update vectorim/element-web docker tag to v1.12.12 ( #4596 )
...
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 14s
renovate / renovate (push) Has been cancelled
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [vectorim/element-web](https://github.com/element-hq/element-web ) | patch | `v1.12.11` → `v1.12.12` |
---
### Release Notes
<details>
<summary>element-hq/element-web (vectorim/element-web)</summary>
### [`v1.12.12`](https://github.com/element-hq/element-web/releases/tag/v1.12.12 )
[Compare Source](https://github.com/element-hq/element-web/compare/v1.12.11...v1.12.12 )
#### ✨ Features
- Add stable support for MSC4380 invite blocking ([#​31966](https://github.com/element-hq/element-web/pull/31966 )). Contributed by [@​richvdh](https://github.com/richvdh ).
- Hide the names of banned users behind a spoiler tag ([#​32424](https://github.com/element-hq/element-web/pull/32424 )). Contributed by [@​andybalaam](https://github.com/andybalaam ).
- Room list: remove bold effect on selected room ([#​32593](https://github.com/element-hq/element-web/pull/32593 )). Contributed by [@​florianduros](https://github.com/florianduros ).
- Use Compound buttons in auth screens ([#​32562](https://github.com/element-hq/element-web/pull/32562 )). Contributed by [@​t3chguy](https://github.com/t3chguy ).
- Track room list sorting algorithm changes ([#​32556](https://github.com/element-hq/element-web/pull/32556 )). Contributed by [@​MidhunSureshR](https://github.com/MidhunSureshR ).
- Update `sso_redirect_options` to work for Native OIDC ([#​32537](https://github.com/element-hq/element-web/pull/32537 )). Contributed by [@​t3chguy](https://github.com/t3chguy ).
#### 🐛 Bug Fixes
- Room list: avoid excessive re-renders on room list store update or filter change ([#​32663](https://github.com/element-hq/element-web/pull/32663 )). Contributed by [@​florianduros](https://github.com/florianduros ).
- Room list: listen to call event to check number of participants ([#​32677](https://github.com/element-hq/element-web/pull/32677 )). Contributed by [@​florianduros](https://github.com/florianduros ).
- Fix invite-specific join errors not being shown ([#​32621](https://github.com/element-hq/element-web/pull/32621 )). Contributed by [@​Half-Shot](https://github.com/Half-Shot ).
- Prevent logging lots of "Browser unsupported" lines ([#​32647](https://github.com/element-hq/element-web/pull/32647 )). Contributed by [@​Half-Shot](https://github.com/Half-Shot ).
- Update critical gradient for room status bar ([#​32575](https://github.com/element-hq/element-web/pull/32575 )). Contributed by [@​Half-Shot](https://github.com/Half-Shot ).
- Room list: avoid header overflowing when too long ([#​32645](https://github.com/element-hq/element-web/pull/32645 )). Contributed by [@​florianduros](https://github.com/florianduros ).
- Room list: center focus outline of room list item ([#​32637](https://github.com/element-hq/element-web/pull/32637 )). Contributed by [@​florianduros](https://github.com/florianduros ).
- Fix misaligned cross in complete security dialog ([#​32614](https://github.com/element-hq/element-web/pull/32614 )). Contributed by [@​dbkr](https://github.com/dbkr ).
- Room list: fix keyboard navigation ([#​32585](https://github.com/element-hq/element-web/pull/32585 )). Contributed by [@​florianduros](https://github.com/florianduros ).
- Don't show empty privacy section ([#​32582](https://github.com/element-hq/element-web/pull/32582 )). Contributed by [@​dbkr](https://github.com/dbkr ).
- Disable room list image dragging ([#​32590](https://github.com/element-hq/element-web/pull/32590 )). Contributed by [@​florianduros](https://github.com/florianduros ).
- Update UserMenu theme toggle to use IconButton ([#​32591](https://github.com/element-hq/element-web/pull/32591 )). Contributed by [@​t3chguy](https://github.com/t3chguy ).
- Room list: make room list item scales with large font size ([#​32523](https://github.com/element-hq/element-web/pull/32523 )). Contributed by [@​florianduros](https://github.com/florianduros ).
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21lcmdlIiwiaW1hZ2UiXX0=-->
Reviewed-on: #4596
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net >
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net >
2026-03-10 19:24:51 +00:00
3ed423c486
chore(deps): update dependency rancher/local-path-provisioner to v0.0.35 ( #4585 )
...
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 13s
renovate / renovate (push) Has been cancelled
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [rancher/local-path-provisioner](https://github.com/rancher/local-path-provisioner ) | patch | `v0.0.34` → `v0.0.35` |
---
### Release Notes
<details>
<summary>rancher/local-path-provisioner (rancher/local-path-provisioner)</summary>
### [`v0.0.35`](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.35 ): Local Path Provisioner v0.0.35
[Compare Source](https://github.com/rancher/local-path-provisioner/compare/v0.0.34...v0.0.35 )
#### What's Changed
- Add FOSSA scanning workflow by [@​macedogm](https://github.com/macedogm ) in [#​551](https://github.com/rancher/local-path-provisioner/pull/551 )
- Build linux/ppc64le images through build on GitHub Actions by [@​kishen-v](https://github.com/kishen-v ) in [#​554](https://github.com/rancher/local-path-provisioner/pull/554 )
- updated golang to 1.26.0 by [@​jgoodall](https://github.com/jgoodall ) in [#​557](https://github.com/rancher/local-path-provisioner/pull/557 )
- feat: Allow custom node affinity keys by [@​ipantchev](https://github.com/ipantchev ) in [#​559](https://github.com/rancher/local-path-provisioner/pull/559 )
- chore: update golang to 1.26.1 by [@​derekbit](https://github.com/derekbit ) in [#​561](https://github.com/rancher/local-path-provisioner/pull/561 )
- chore(release): bump to v0.0.35 by [@​derekbit](https://github.com/derekbit ) in [#​562](https://github.com/rancher/local-path-provisioner/pull/562 )
#### New Contributors
- [@​macedogm](https://github.com/macedogm ) made their first contribution in [#​551](https://github.com/rancher/local-path-provisioner/pull/551 )
- [@​jgoodall](https://github.com/jgoodall ) made their first contribution in [#​557](https://github.com/rancher/local-path-provisioner/pull/557 )
- [@​ipantchev](https://github.com/ipantchev ) made their first contribution in [#​559](https://github.com/rancher/local-path-provisioner/pull/559 )
**Full Changelog**: <https://github.com/rancher/local-path-provisioner/compare/v0.0.34...v0.0.35 >
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21lcmdlIiwiaW1hZ2UiXX0=-->
Reviewed-on: #4585
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net >
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net >
2026-03-10 19:24:26 +00:00
4f5ee67cad
chore(deps): update kube-prometheus-stack docker tag to v82.10.3 ( #4595 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 39s
renovate / renovate (push) Successful in 2m16s
2026-03-10 19:03:26 +00:00
87e5e348e9
chore(deps): update helm release local-path-provisioner to v0.0.36 ( #4593 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 15s
renovate / renovate (push) Has been cancelled
2026-03-10 19:00:55 +00:00
89d2cc51e2
chore(deps): update helm release argo-cd to v9.4.10 ( #4591 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 9s
renovate / renovate (push) Successful in 2m43s
2026-03-10 18:58:52 +00:00
63c72c1384
chore(deps): update helm release alloy to v1.6.2 ( #4589 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 30s
renovate / renovate (push) Has been cancelled
2026-03-10 18:57:08 +00:00
07fd0da730
chore(deps): update g33kphr33k/musicgrabber docker tag to v2.3.5 ( #4586 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 14s
renovate / renovate (push) Successful in 2m18s
2026-03-10 18:54:06 +00:00
0deb5b636a
chore(deps): update dependency element-hq/element-web to v1.12.12 ( #4584 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 9s
renovate / renovate (push) Has been cancelled
2026-03-10 18:51:52 +00:00
9c88efb755
chore(deps): update helm release cert-manager to v1.20.0 ( #4582 )
...
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 16s
renovate / renovate (push) Has been cancelled
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [cert-manager](https://cert-manager.io ) ([source](https://github.com/cert-manager/cert-manager )) | minor | `v1.19.4` → `v1.20.0` |
---
### Release Notes
<details>
<summary>cert-manager/cert-manager (cert-manager)</summary>
### [`v1.20.0`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.0 )
[Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.4...v1.20.0 )
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
v1.20.0 adds support for the new ListenerSet resource, adds support for Azure Private DNS; parentRefs are no longer required when using ACME with Gateway API, and OtherNames was promoted to Beta.
#### Changes by Kind
##### Feature
- Added a set of flags to permit setting NetworkPolicy across all deployed containers. Remove redundant global IP ranges from example policies. ([#​8370](https://github.com/cert-manager/cert-manager/issues/8370 ), [@​jcpunk](https://github.com/jcpunk ))
- Added selectable fields to custom resource definitions for .spec.issuerRef.{group, kind, name} ([#​8256](https://github.com/cert-manager/cert-manager/issues/8256 ), [@​tareksha](https://github.com/tareksha ))
- Added support for specifying `imagePullSecrets` in the `startupapicheck-job` Helm template to enable pulling images from private registries. ([#​8186](https://github.com/cert-manager/cert-manager/issues/8186 ), [@​mathieu-clnk](https://github.com/mathieu-clnk ))
- Added 'extraContainers' helm chart value, allowing the deployment of arbitrary sidecar containers within the cert-manager operator pod. This can be used to support, for e.g., AWS IAM Roles Anywhere for Route53 DNS01 verification. ([#​8355](https://github.com/cert-manager/cert-manager/issues/8355 ), [@​dancmeyers](https://github.com/dancmeyers ))
- Added `parentRef` override annotations on the Certificate resource. ([#​8518](https://github.com/cert-manager/cert-manager/issues/8518 ), [@​hjoshi123](https://github.com/hjoshi123 ))
- Added support for azure private zones for dns01 issuer. ([#​8494](https://github.com/cert-manager/cert-manager/issues/8494 ), [@​hjoshi123](https://github.com/hjoshi123 ))
- Added support for configuring PEM decoding size limits, allowing operators to handle larger certificates and keys. ([#​7642](https://github.com/cert-manager/cert-manager/issues/7642 ), [@​robertlestak](https://github.com/robertlestak ))
- Added support for unhealthyPodEvictionPolicy in PodDisruptionBudget ([#​7728](https://github.com/cert-manager/cert-manager/issues/7728 ), [@​jcpunk](https://github.com/jcpunk ))
- For Venafi provider, read `venafi.cert-manager.io/custom-fields` annotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. ([#​8301](https://github.com/cert-manager/cert-manager/issues/8301 ), [@​k0da](https://github.com/k0da ))
- Improve error message when CA issuers are misconfigured to use a clashing secret name ([#​8374](https://github.com/cert-manager/cert-manager/issues/8374 ), [@​majiayu000](https://github.com/majiayu000 ))
- Introduce a new Ingress annotation `acme.cert-manager.io/http01-ingress-ingressclassname` to override `http01.ingress.ingressClassName` field in HTTP-01 challenge solvers. ([#​8244](https://github.com/cert-manager/cert-manager/issues/8244 ), [@​lunarwhite](https://github.com/lunarwhite ))
- Update `global.nodeSelector` to helm chart to perform a `merge` and allow for a single `nodeSelector` to be set across all services. ([#​8195](https://github.com/cert-manager/cert-manager/issues/8195 ), [@​StingRayZA](https://github.com/StingRayZA ))
- Vault issuers will now include the Vault server address as one of the default audiences on generated service account tokens. ([#​8228](https://github.com/cert-manager/cert-manager/issues/8228 ), [@​terinjokes](https://github.com/terinjokes ))
- Added experimental `XListenerSet` feature gate ([#​8394](https://github.com/cert-manager/cert-manager/issues/8394 ), [@​hjoshi123](https://github.com/hjoshi123 ))
##### Documentation
- Add GWAPI documentation to NOTES.TXT in helm chart ([#​8353](https://github.com/cert-manager/cert-manager/issues/8353 ), [@​jaxels10](https://github.com/jaxels10 ))
##### Bug or Regression
- Adds logs for cases when acme server returns us a fatal error in the order controller ([#​8199](https://github.com/cert-manager/cert-manager/issues/8199 ), [@​Peac36](https://github.com/Peac36 ))
- Fixed an issue where kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed ([#​8160](https://github.com/cert-manager/cert-manager/issues/8160 ), [@​inteon](https://github.com/inteon ))
- Changes to the Duration and RenewBefore annotations on ingress and gateway-api resources will now trigger certificate updates. ([#​8232](https://github.com/cert-manager/cert-manager/issues/8232 ), [@​eleanor-merry](https://github.com/eleanor-merry ))
- Fix an issue where ACME challenge TXT records are not cleaned up when there are many resource records in CloudDNS. ([#​8456](https://github.com/cert-manager/cert-manager/issues/8456 ), [@​tkna](https://github.com/tkna ))
- Fix unregulated retries with the DigitalOcean DNS-01 solver
Add full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging ([#​8221](https://github.com/cert-manager/cert-manager/issues/8221 ), [@​wallrj-cyberark](https://github.com/wallrj-cyberark ))
- Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. ([#​8403](https://github.com/cert-manager/cert-manager/issues/8403 ), [@​calm329](https://github.com/calm329 ))
- Fixed an issue where HTTP-01 challenges failed when the Host header contains an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. ([#​8424](https://github.com/cert-manager/cert-manager/issues/8424 ), [@​SlashNephy](https://github.com/SlashNephy ))
- Fixed the HTTP-01 Gateway solver creating invalid HTTPRoutes by not setting spec.hostnames when the challenge DNSName is an IP address. ([#​8443](https://github.com/cert-manager/cert-manager/issues/8443 ), [@​alviss7](https://github.com/alviss7 ))
- Revert API defaults for issuer reference kind and group introduced in 0.19.0 ([#​8173](https://github.com/cert-manager/cert-manager/issues/8173 ), [@​erikgb](https://github.com/erikgb ))
- Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. ([#​8469](https://github.com/cert-manager/cert-manager/issues/8469 ), [@​SgtCoDFish](https://github.com/SgtCoDFish ))
- Update Go to `v1.25.5` to fix `CVE-2025-61727` and `CVE-2025-61729` ([#​8290](https://github.com/cert-manager/cert-manager/issues/8290 ), [@​octo-sts](https://github.com/octo-sts )\[bot])
- When Prometheus monitoring is enabled, the metrics label is now set to the intended value of `cert-manager`. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). ([#​8162](https://github.com/cert-manager/cert-manager/issues/8162 ), [@​LiquidPL](https://github.com/LiquidPL ))
##### Other (Cleanup or Flake)
- Promoted the OtherNames feature to Beta and enabled it by default ([#​8288](https://github.com/cert-manager/cert-manager/issues/8288 ), [@​wallrj-cyberark](https://github.com/wallrj-cyberark ))
- Promoting `xlistenerset` feature gate to `listenerset` ([#​8501](https://github.com/cert-manager/cert-manager/issues/8501 ), [@​hjoshi123](https://github.com/hjoshi123 ))
- Rebranding of the Venafi Issuer to CyberArk ([#​8215](https://github.com/cert-manager/cert-manager/issues/8215 ), [@​iossifbenbassat123](https://github.com/iossifbenbassat123 ))
- Switched to SSA for challenge finalizer updates ([#​8519](https://github.com/cert-manager/cert-manager/issues/8519 ), [@​inteon](https://github.com/inteon ))
- The default container user (UID) is now 65532 (previously 1000) and the default container group (GID) is now 65532 (previously 0) ([#​8408](https://github.com/cert-manager/cert-manager/issues/8408 ), [@​wallrj-cyberark](https://github.com/wallrj-cyberark ))
- The feature-gate DefaultPrivateKeyRotationPolicyAlways moved from Beta to GA and can no longer be disabled. ([#​8287](https://github.com/cert-manager/cert-manager/issues/8287 ), [@​wallrj-cyberark](https://github.com/wallrj-cyberark ))
- Update cert-manager's ACME client, forked from golang/x/crypto ([#​8268](https://github.com/cert-manager/cert-manager/issues/8268 ), [@​SgtCoDFish](https://github.com/SgtCoDFish ))
- Use the latest version of Kyverno (1.16.2) in the best-practice installation tests ([#​8389](https://github.com/cert-manager/cert-manager/issues/8389 ), [@​wallrj-cyberark](https://github.com/wallrj-cyberark ))
- We stopped testing with Coutour due to it not supporting the new XListenerSet resource, and moved to kgateway. ([#​8426](https://github.com/cert-manager/cert-manager/issues/8426 ), [@​hjoshi123](https://github.com/hjoshi123 ))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiY2hhcnQiXX0=-->
Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4582
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net >
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net >
2026-03-10 18:49:17 +00:00
b108a9702c
chore(deps): update dependency cert-manager/cert-manager to v1.20.0 ( #4581 )
...
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 8s
renovate / renovate (push) Has been cancelled
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager ) | minor | `v1.19.4` → `v1.20.0` |
---
### Release Notes
<details>
<summary>cert-manager/cert-manager (cert-manager/cert-manager)</summary>
### [`v1.20.0`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.0 )
[Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.4...v1.20.0 )
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
v1.20.0 adds support for the new ListenerSet resource, adds support for Azure Private DNS; parentRefs are no longer required when using ACME with Gateway API, and OtherNames was promoted to Beta.
#### Changes by Kind
##### Feature
- Added a set of flags to permit setting NetworkPolicy across all deployed containers. Remove redundant global IP ranges from example policies. ([#​8370](https://github.com/cert-manager/cert-manager/issues/8370 ), [@​jcpunk](https://github.com/jcpunk ))
- Added selectable fields to custom resource definitions for .spec.issuerRef.{group, kind, name} ([#​8256](https://github.com/cert-manager/cert-manager/issues/8256 ), [@​tareksha](https://github.com/tareksha ))
- Added support for specifying `imagePullSecrets` in the `startupapicheck-job` Helm template to enable pulling images from private registries. ([#​8186](https://github.com/cert-manager/cert-manager/issues/8186 ), [@​mathieu-clnk](https://github.com/mathieu-clnk ))
- Added 'extraContainers' helm chart value, allowing the deployment of arbitrary sidecar containers within the cert-manager operator pod. This can be used to support, for e.g., AWS IAM Roles Anywhere for Route53 DNS01 verification. ([#​8355](https://github.com/cert-manager/cert-manager/issues/8355 ), [@​dancmeyers](https://github.com/dancmeyers ))
- Added `parentRef` override annotations on the Certificate resource. ([#​8518](https://github.com/cert-manager/cert-manager/issues/8518 ), [@​hjoshi123](https://github.com/hjoshi123 ))
- Added support for azure private zones for dns01 issuer. ([#​8494](https://github.com/cert-manager/cert-manager/issues/8494 ), [@​hjoshi123](https://github.com/hjoshi123 ))
- Added support for configuring PEM decoding size limits, allowing operators to handle larger certificates and keys. ([#​7642](https://github.com/cert-manager/cert-manager/issues/7642 ), [@​robertlestak](https://github.com/robertlestak ))
- Added support for unhealthyPodEvictionPolicy in PodDisruptionBudget ([#​7728](https://github.com/cert-manager/cert-manager/issues/7728 ), [@​jcpunk](https://github.com/jcpunk ))
- For Venafi provider, read `venafi.cert-manager.io/custom-fields` annotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. ([#​8301](https://github.com/cert-manager/cert-manager/issues/8301 ), [@​k0da](https://github.com/k0da ))
- Improve error message when CA issuers are misconfigured to use a clashing secret name ([#​8374](https://github.com/cert-manager/cert-manager/issues/8374 ), [@​majiayu000](https://github.com/majiayu000 ))
- Introduce a new Ingress annotation `acme.cert-manager.io/http01-ingress-ingressclassname` to override `http01.ingress.ingressClassName` field in HTTP-01 challenge solvers. ([#​8244](https://github.com/cert-manager/cert-manager/issues/8244 ), [@​lunarwhite](https://github.com/lunarwhite ))
- Update `global.nodeSelector` to helm chart to perform a `merge` and allow for a single `nodeSelector` to be set across all services. ([#​8195](https://github.com/cert-manager/cert-manager/issues/8195 ), [@​StingRayZA](https://github.com/StingRayZA ))
- Vault issuers will now include the Vault server address as one of the default audiences on generated service account tokens. ([#​8228](https://github.com/cert-manager/cert-manager/issues/8228 ), [@​terinjokes](https://github.com/terinjokes ))
- Added experimental `XListenerSet` feature gate ([#​8394](https://github.com/cert-manager/cert-manager/issues/8394 ), [@​hjoshi123](https://github.com/hjoshi123 ))
##### Documentation
- Add GWAPI documentation to NOTES.TXT in helm chart ([#​8353](https://github.com/cert-manager/cert-manager/issues/8353 ), [@​jaxels10](https://github.com/jaxels10 ))
##### Bug or Regression
- Adds logs for cases when acme server returns us a fatal error in the order controller ([#​8199](https://github.com/cert-manager/cert-manager/issues/8199 ), [@​Peac36](https://github.com/Peac36 ))
- Fixed an issue where kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed ([#​8160](https://github.com/cert-manager/cert-manager/issues/8160 ), [@​inteon](https://github.com/inteon ))
- Changes to the Duration and RenewBefore annotations on ingress and gateway-api resources will now trigger certificate updates. ([#​8232](https://github.com/cert-manager/cert-manager/issues/8232 ), [@​eleanor-merry](https://github.com/eleanor-merry ))
- Fix an issue where ACME challenge TXT records are not cleaned up when there are many resource records in CloudDNS. ([#​8456](https://github.com/cert-manager/cert-manager/issues/8456 ), [@​tkna](https://github.com/tkna ))
- Fix unregulated retries with the DigitalOcean DNS-01 solver
Add full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging ([#​8221](https://github.com/cert-manager/cert-manager/issues/8221 ), [@​wallrj-cyberark](https://github.com/wallrj-cyberark ))
- Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. ([#​8403](https://github.com/cert-manager/cert-manager/issues/8403 ), [@​calm329](https://github.com/calm329 ))
- Fixed an issue where HTTP-01 challenges failed when the Host header contains an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. ([#​8424](https://github.com/cert-manager/cert-manager/issues/8424 ), [@​SlashNephy](https://github.com/SlashNephy ))
- Fixed the HTTP-01 Gateway solver creating invalid HTTPRoutes by not setting spec.hostnames when the challenge DNSName is an IP address. ([#​8443](https://github.com/cert-manager/cert-manager/issues/8443 ), [@​alviss7](https://github.com/alviss7 ))
- Revert API defaults for issuer reference kind and group introduced in 0.19.0 ([#​8173](https://github.com/cert-manager/cert-manager/issues/8173 ), [@​erikgb](https://github.com/erikgb ))
- Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. ([#​8469](https://github.com/cert-manager/cert-manager/issues/8469 ), [@​SgtCoDFish](https://github.com/SgtCoDFish ))
- Update Go to `v1.25.5` to fix `CVE-2025-61727` and `CVE-2025-61729` ([#​8290](https://github.com/cert-manager/cert-manager/issues/8290 ), [@​octo-sts](https://github.com/octo-sts )\[bot])
- When Prometheus monitoring is enabled, the metrics label is now set to the intended value of `cert-manager`. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). ([#​8162](https://github.com/cert-manager/cert-manager/issues/8162 ), [@​LiquidPL](https://github.com/LiquidPL ))
##### Other (Cleanup or Flake)
- Promoted the OtherNames feature to Beta and enabled it by default ([#​8288](https://github.com/cert-manager/cert-manager/issues/8288 ), [@​wallrj-cyberark](https://github.com/wallrj-cyberark ))
- Promoting `xlistenerset` feature gate to `listenerset` ([#​8501](https://github.com/cert-manager/cert-manager/issues/8501 ), [@​hjoshi123](https://github.com/hjoshi123 ))
- Rebranding of the Venafi Issuer to CyberArk ([#​8215](https://github.com/cert-manager/cert-manager/issues/8215 ), [@​iossifbenbassat123](https://github.com/iossifbenbassat123 ))
- Switched to SSA for challenge finalizer updates ([#​8519](https://github.com/cert-manager/cert-manager/issues/8519 ), [@​inteon](https://github.com/inteon ))
- The default container user (UID) is now 65532 (previously 1000) and the default container group (GID) is now 65532 (previously 0) ([#​8408](https://github.com/cert-manager/cert-manager/issues/8408 ), [@​wallrj-cyberark](https://github.com/wallrj-cyberark ))
- The feature-gate DefaultPrivateKeyRotationPolicyAlways moved from Beta to GA and can no longer be disabled. ([#​8287](https://github.com/cert-manager/cert-manager/issues/8287 ), [@​wallrj-cyberark](https://github.com/wallrj-cyberark ))
- Update cert-manager's ACME client, forked from golang/x/crypto ([#​8268](https://github.com/cert-manager/cert-manager/issues/8268 ), [@​SgtCoDFish](https://github.com/SgtCoDFish ))
- Use the latest version of Kyverno (1.16.2) in the best-practice installation tests ([#​8389](https://github.com/cert-manager/cert-manager/issues/8389 ), [@​wallrj-cyberark](https://github.com/wallrj-cyberark ))
- We stopped testing with Coutour due to it not supporting the new XListenerSet resource, and moved to kgateway. ([#​8426](https://github.com/cert-manager/cert-manager/issues/8426 ), [@​hjoshi123](https://github.com/hjoshi123 ))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->
Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4581
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net >
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net >
2026-03-10 18:46:58 +00:00
159eef86a8
chore(deps): update dependency element-hq/synapse to v1.149.0 ( #4580 )
...
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 10s
renovate / renovate (push) Has been cancelled
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [element-hq/synapse](https://github.com/element-hq/synapse ) | minor | `v1.148.0` → `v1.149.0` |
---
### Release Notes
<details>
<summary>element-hq/synapse (element-hq/synapse)</summary>
### [`v1.149.0`](https://github.com/element-hq/synapse/releases/tag/v1.149.0 )
[Compare Source](https://github.com/element-hq/synapse/compare/v1.148.0...v1.149.0 )
### Synapse 1.149.0 (2026-03-10)
No significant changes since 1.149.0rc1.
### Synapse 1.149.0rc1 (2026-03-03)
#### Features
- Add experimental support for [MSC4388: Secure out-of-band channel for sign in with QR](https://github.com/matrix-org/matrix-spec-proposals/pull/4388 ). ([#​19127](https://github.com/element-hq/synapse/issues/19127 ))
- Add stable support for [MSC4380](https://github.com/matrix-org/matrix-spec-proposals/pull/4380 ) invite blocking. ([#​19431](https://github.com/element-hq/synapse/issues/19431 ))
#### Bugfixes
- Fix the 'Login as a user' Admin API not checking if the user exists before issuing an access token. ([#​18518](https://github.com/element-hq/synapse/issues/18518 ))
- Fix `/sync` missing membership event in `state_after` (experimental [MSC4222](https://github.com/matrix-org/matrix-spec-proposals/pull/4222 ) implementation) in some scenarios. ([#​19460](https://github.com/element-hq/synapse/issues/19460 ))
#### Internal Changes
- Add log to explain when and why we freeze objects in the garbage collector. ([#​19440](https://github.com/element-hq/synapse/issues/19440 ))
- Better instrument `JoinRoomAliasServlet` with tracing. ([#​19461](https://github.com/element-hq/synapse/issues/19461 ))
- Fix Complement CI not running against the code from our PRs. ([#​19475](https://github.com/element-hq/synapse/issues/19475 ))
- Log `docker system info` in CI so we have a plain record of how GitHub runners evolve over time. ([#​19480](https://github.com/element-hq/synapse/issues/19480 ))
- Rename the `test_disconnect` test helper so that pytest doesn't see it as a test. ([#​19486](https://github.com/element-hq/synapse/issues/19486 ))
- Add a log line when we delete devices. Contributed by [@​bradtgmurray](https://github.com/bradtgmurray ) @​ Beeper. ([#​19496](https://github.com/element-hq/synapse/issues/19496 ))
- Pre-allocate the buffer based on the expected `Content-Length` with the Rust HTTP client. ([#​19498](https://github.com/element-hq/synapse/issues/19498 ))
- Cancel long-running sync requests if the client has gone away. ([#​19499](https://github.com/element-hq/synapse/issues/19499 ))
- Try and reduce reactor tick times when under heavy load. ([#​19507](https://github.com/element-hq/synapse/issues/19507 ))
- Simplify Rust HTTP client response streaming and limiting. ([#​19510](https://github.com/element-hq/synapse/issues/19510 ))
- Replace deprecated collection import locations with current locations. ([#​19515](https://github.com/element-hq/synapse/issues/19515 ))
- Bump most locked Python dependencies to their latest versions. ([#​19519](https://github.com/element-hq/synapse/issues/19519 ))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->
Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4580
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net >
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net >
2026-03-10 18:45:40 +00:00
2c9310f8d1
chore(deps): update searxng/searxng:latest docker digest to 943c899 ( #4578 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 21s
renovate / renovate (push) Successful in 3m44s
2026-03-10 09:05:29 +00:00
38f5fccfec
chore(deps): update valkey docker tag to v0.4.0 ( #4572 )
...
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 15s
render-manifests-dispatch / render-manifests-dispatch (push) Successful in 26m24s
renovate / renovate (push) Successful in 5m9s
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [valkey](https://github.com/valkey-io/valkey ) | minor | `0.3.0` → `0.4.0` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->
Reviewed-on: #4572
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net >
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net >
2026-03-10 02:32:01 +00:00
9ead85b4a5
chore(deps): update kube-prometheus-stack docker tag to v82.10.2 ( #4574 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 22s
renovate / renovate (push) Successful in 3m0s
2026-03-09 23:03:45 +00:00
c5c90f4ea1
chore(deps): update helm release generic-device-plugin to v0.20.21 ( #4573 )
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 15s
renovate / renovate (push) Has been cancelled
2026-03-09 23:03:10 +00:00
ea93e215e4
chore(deps): update cloudflared docker tag to v2.4.0 ( #4571 )
...
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 19s
renovate / renovate (push) Successful in 3m24s
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [cloudflared](https://github.com/cloudflare/cloudflared ) | minor | `2.3.0` → `2.4.0` |
---
### Release Notes
<details>
<summary>cloudflare/cloudflared (cloudflared)</summary>
### [`v2.4.0`](https://github.com/cloudflare/cloudflared/blob/HEAD/CHANGES.md#202240 )
##### Bug Fixes
- `cloudflared tunnel run` no longer logs the Tunnel token or JSON credentials in clear text as those are the secret
that allows to run the Tunnel.
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->
Reviewed-on: #4571
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net >
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net >
2026-03-09 22:52:38 +00:00
