This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [ghcr.io/moghtech/komodo-core](https://github.com/moghtech/komodo) | minor | `2.0.0` → `2.1.0` |
| [ghcr.io/moghtech/komodo-periphery](https://github.com/moghtech/komodo) | minor | `2.0.0` → `2.1.0` |
| [moghtech/komodo](https://github.com/moghtech/komodo) | minor | `v2.0.0` → `v2.1.0` |
---
### Release Notes
<details>
<summary>moghtech/komodo (ghcr.io/moghtech/komodo-core)</summary>
### [`v2.1.0`](https://github.com/moghtech/komodo/releases/tag/v2.1.0): Komodo v2.1.0
[Compare Source](https://github.com/moghtech/komodo/compare/v2.0.0...v2.1.0)
##### Changelog
- **Swarm**: Add "Update Node" support: update your swarm node `role` (manager, worker) and availability, and add / remove node labels
- **Swarm** / **Stack**: Add Swarm Stack environment file support.
- Docker swarm doesn't support files natively, this first **sources** the .env files on the shell, then runs `docker stack deploy`
- **Swarm**: Stacks and deployments attached to swarms can now poll for updates / auto update
- **Swarm**: Fix stack / service deploys hanging indefinitely if the services never converge
- **Swarm**: Fix resource sync support
- **UI**: Fix `deepCompare` method crash when encountering a `null` value, affecting some resource configuration pages.
- **UI**: Fix container ports not displaying when Server `External Address` not configured
- For users who used **privileged onboarding key** already, you can configure Server `External Address` to restore container port linking behavior.
- Future use of privileged onboarding key will move the existing Server `Address` to `External Address` field, if it's not already set.
- **UI**: Fix Build image registry Custom organization configuration.
- **UI**: Fix stack service / container selectors from crashing due to missing null check. This affected New Terminal creation menu.
- **UI**: Fix Info files "Hide / Show" buttons not working (clicking the header could still toggle show)
- **Logging**: Support disabling application-level logging timestamps
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDIuOSIsInVwZGF0ZWRJblZlciI6IjQzLjEwMi45IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkb2NrZXIiXX0=-->
Reviewed-on: #5398
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [harbor.alexlebens.net/images/site-documentation](https://gitea.alexlebens.dev/alexlebens/site-documentation) | minor | `0.13.0` → `0.14.0` |
---
### Release Notes
<details>
<summary>alexlebens/site-documentation (harbor.alexlebens.net/images/site-documentation)</summary>
### [`v0.14.0`](https://gitea.alexlebens.dev/alexlebens/site-documentation/blob/HEAD/CHANGELOG.md#0140-2026-04-01)
[Compare Source](https://gitea.alexlebens.dev/alexlebens/site-documentation/compare/0.13.0...0.14.0)
##### Bug Fixes
- **deps:** pin dependencies ([75a9af6](75a9af6d0b))
##### Features
- add homepage ([d894615](d8946158b0))
- change code theme ([dbe3d5c](dbe3d5cdd2))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDIuOCIsInVwZGF0ZWRJblZlciI6IjQzLjEwMi44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkb2NrZXIiXX0=-->
Reviewed-on: #5391
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [av1155/houndarr](https://github.com/av1155/houndarr) | patch | `v1.6.4` → `v1.6.5` |
---
### Release Notes
<details>
<summary>av1155/houndarr (av1155/houndarr)</summary>
### [`v1.6.5`](https://github.com/av1155/houndarr/releases/tag/v1.6.5)
[Compare Source](https://github.com/av1155/houndarr/compare/v1.6.4...v1.6.5)
##### Fixed
- Accessing Houndarr via links from dashboard apps (Homepage, Homarr, Organizr) no longer redirects to `/login`; session cookies now default to `SameSite=Lax` instead of `Strict` ([#​318](https://github.com/av1155/houndarr/issues/318)).
##### Added
- `HOUNDARR_COOKIE_SAMESITE` environment variable to configure the `SameSite` cookie policy; accepts `lax` (default) or `strict` ([#​318](https://github.com/av1155/houndarr/issues/318)).
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDIuOCIsInVwZGF0ZWRJblZlciI6IjQzLjEwMi44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJhdXRvbWVyZ2UiLCJnaXRodWItcmVsZWFzZXMiXX0=-->
Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/5383
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| g33kphr33k/musicgrabber | patch | `2.5.3` → `2.5.4` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDIuMCIsInVwZGF0ZWRJblZlciI6IjQzLjEwMi4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJhdXRvbWVyZ2UiLCJkb2NrZXIiLCJkb2NrZXIiXX0=-->
Reviewed-on: #5328
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [cloudnative-pg](https://cloudnative-pg.io) ([source](https://github.com/cloudnative-pg/charts)) | minor | `0.27.1` → `0.28.0` |
| [cloudnative-pg/cloudnative-pg](https://github.com/cloudnative-pg/cloudnative-pg) | minor | `1.28.1` → `1.29.0` |
---
### Release Notes
<details>
<summary>cloudnative-pg/charts (cloudnative-pg)</summary>
### [`v0.28.0`](https://github.com/cloudnative-pg/charts/releases/tag/cloudnative-pg-v0.28.0)
[Compare Source](https://github.com/cloudnative-pg/charts/compare/cloudnative-pg-v0.27.1...cloudnative-pg-v0.28.0)
CloudNativePG Operator Helm Chart
#### What's Changed
- fix(security): harden GitHub Actions workflows against expression injection by [@​mnencia](https://github.com/mnencia) in [#​823](https://github.com/cloudnative-pg/charts/pull/823)
- feat(monitoring): add support for custom PodMonitor by [@​Dashing-Nelson](https://github.com/Dashing-Nelson) in [#​724](https://github.com/cloudnative-pg/charts/pull/724)
- Release cloudnative-pg-v0.28.0 by [@​cnpg-bot](https://github.com/cnpg-bot) in [#​845](https://github.com/cloudnative-pg/charts/pull/845)
#### New Contributors
- [@​Dashing-Nelson](https://github.com/Dashing-Nelson) made their first contribution in [#​724](https://github.com/cloudnative-pg/charts/pull/724)
**Full Changelog**: <https://github.com/cloudnative-pg/charts/compare/cluster-v0.6.0...cloudnative-pg-v0.28.0>
</details>
<details>
<summary>cloudnative-pg/cloudnative-pg (cloudnative-pg/cloudnative-pg)</summary>
### [`v1.29.0`](https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.29.0)
[Compare Source](https://github.com/cloudnative-pg/cloudnative-pg/compare/v1.28.2...v1.29.0-rc1)
**Release date:** Mar 31, 2026
##### Important changes
- Updated the deprecation notice for native (in-tree) Barman Cloud support to reflect that it will now be removed in CloudNativePG 1.30.0, rather than 1.29.0. Users are still encouraged to migrate to the Barman Cloud Plugin. ([#​10167](https://github.com/cloudnative-pg/cloudnative-pg/pull/10167)) <!-- 1.28 1.27 -->
##### Features
- **PostgreSQL extensions in image catalogs**: extended the `ImageCatalog` functionality to support PostgreSQL extensions. This allows users to define and manage extension-specific images within a catalog, simplifying the deployment of customized PostgreSQL builds. ([#​9781](https://github.com/cloudnative-pg/cloudnative-pg/pull/9781))
- **Dynamic network access control via pod selectors**: introduced the declarative definition of `podSelectorRefs` to manage `pg_hba.conf` rules dynamically. By using label selectors to identify client pods, the operator automatically resolves their ephemeral IP addresses and updates the PostgreSQL host-based authentication rules accordingly. This ensures that only authorized workloads in the same namespace can connect to the database, eliminating the need for manual IP management or static CIDR ranges. ([#​10148](https://github.com/cloudnative-pg/cloudnative-pg/pull/10148))
- **Shared `ServiceAccount` support**: added an optional `serviceAccountName` field to both `Cluster` and `Pooler` specifications. This allows multiple resources to share a pre-existing ServiceAccount, facilitating one-time IAM configurations (such as AWS IRSA, GCP Workload Identity, or Azure Workload Identity) across all clusters and poolers. Contributed by [@​bozkayasalihx](https://github.com/bozkayasalihx). ([#​9287](https://github.com/cloudnative-pg/cloudnative-pg/pull/9287))
##### Enhancements
- Improved the `Pooler` CRD with support for granular configuration of TLS cipher suites and minimum/maximum TLS versions. This enables administrators to meet strict security compliance requirements for pooler-to-client and pooler-to-server connections. Contributed by [@​alex1989hu](https://github.com/alex1989hu). ([#​9571](https://github.com/cloudnative-pg/cloudnative-pg/pull/9571)) <!-- 1.28 1.27 1.25 -->
- Improved the reliability of major upgrades by setting `BackoffLimit=0` on the upgrade job, preventing unnecessary retries of a failed `pg_upgrade`. The operator now automatically deletes the failed job when a user reverts the container image, allowing the cluster to restart gracefully on the original version. ([#​10104](https://github.com/cloudnative-pg/cloudnative-pg/pull/10104), [#​10298](https://github.com/cloudnative-pg/cloudnative-pg/pull/10298)) <!-- 1.28 1.27 -->
- Improved the operator's observability by emitting native Kubernetes events during key phases of the reconciliation loop, providing visibility into the operator's decision-making process and the lifecycle of managed resources directly through `kubectl get events`. ([#​10040](https://github.com/cloudnative-pg/cloudnative-pg/pull/10040))
- Extended support for the `cnpg.io/reconciliationDisabled` annotation on Backup resources. This allows administrators to temporarily freeze the operator's reconciliation logic for specific backup objects. Contributed by [@​GabriFedi97](https://github.com/GabriFedi97). ([#​10020](https://github.com/cloudnative-pg/cloudnative-pg/pull/10020))
- Added a `bin_path` field to the `postgresql.extensions` stanza, as well as in `ImageCatalog` and `ClusterImageCatalog` resources. This allows extensions to specify directory paths for external binaries, which are automatically appended to the `PATH` environment variable of the Postgres process. ([#​10250](https://github.com/cloudnative-pg/cloudnative-pg/pull/10250))
- Added an `env` field to the `postgresql.extensions` stanza, as well as in `ImageCatalog` and `ClusterImageCatalog` resources. This allows cluster administrators to define custom environment variables for the Postgres process. This field supports the `${image_root}` placeholder to dynamically resolve to the extension's absolute mount path. ([#​10375](https://github.com/cloudnative-pg/cloudnative-pg/pull/10375))
- Implemented a finalizer for plugins to ensure that resources managed by a plugin are gracefully cleaned up when the corresponding service is deleted. ([#​9560](https://github.com/cloudnative-pg/cloudnative-pg/pull/9560))
- Improved role management by verifying the instance is the primary before each reconciliation cycle, avoiding unnecessary reconciliation attempts and spurious error messages on read-only replicas. ([#​9971](https://github.com/cloudnative-pg/cloudnative-pg/pull/9971)) <!-- 1.28 1.27 1.25 -->
- The operator now honors the `primaryUpdateMethod` when adding new PVCs to a cluster, ensuring that the rollout strategy (e.g., switchover vs. restart) is respected during storage expansion or additions. ([#​9720](https://github.com/cloudnative-pg/cloudnative-pg/pull/9720)) <!-- 1.28 1.27 -->
- Refined the `alpha.cnpg.io/unrecoverable` annotation logic to allow it to function even on pods that have not yet reached the `Ready` state, facilitating the recovery of stuck instances. ([#​9968](https://github.com/cloudnative-pg/cloudnative-pg/pull/9968)) <!-- 1.28 -->
- Introduced a "Terminal Error" phase for backups that encounter unrecoverable issues (such as invalid credentials or non-existent cloud buckets). This ensures the operator stops retrying doomed operations, preventing resource exhaustion and providing immediate, clear feedback in the status. ([#​9353](https://github.com/cloudnative-pg/cloudnative-pg/pull/9353))
- Improved monitoring of long-running backups by introducing `reconciliationStartedAt` and `reconciliationTerminatedAt` fields to the `Backup` status. This change separates the operator's internal lifecycle from the actual backup tool's execution timing (`startedAt`/`stoppedAt`), allowing users to track when the operator begins processing a request. ([#​9351](https://github.com/cloudnative-pg/cloudnative-pg/pull/9351))
- Added a `Pending` phase to the `Backup` status to explicitly indicate when a backup is queued and waiting for an available worker or instance availability. ([#​9364](https://github.com/cloudnative-pg/cloudnative-pg/pull/9364))
##### Security and Supply Chain
- **Security best practices integration**: integrated the OpenSSF baseline scanner and added a `SECURITY-INSIGHTS.yaml` file to the repository to align with industry-standard security reporting. ([#​10054](https://github.com/cloudnative-pg/cloudnative-pg/pull/10054), <!-- 1.28 1.27 1.25 --> [#​10062](https://github.com/cloudnative-pg/cloudnative-pg/pull/10062)) <!-- 1.28 1.27 1.25 -->
- **SLSA provenance and SBOMs**: added SLSA (Supply-chain Levels for Software Artifacts) provenance to release binaries and container images. Additionally, enabled Software Bill of Materials (SBOM) generation within the GoReleaser pipeline for improved dependency transparency. ([#​10048](https://github.com/cloudnative-pg/cloudnative-pg/pull/10048), <!-- 1.28 1.27 1.25 --> [#​10074](https://github.com/cloudnative-pg/cloudnative-pg/pull/10074)) <!-- 1.28 1.27 1.25 -->
- **Password leak prevention**: fixed a potential security risk where PostgreSQL could leak role passwords in the logs during specific reconciliation phases. ([#​9950](https://github.com/cloudnative-pg/cloudnative-pg/pull/9950)) <!-- 1.28 1.27 1.25 -->
##### Changes
- Updated the default PostgreSQL version to 18.3 (image `18.3-system-trixie`). ([#​10090](https://github.com/cloudnative-pg/cloudnative-pg/pull/10090)) <!-- 1.28 1.27 1.25 -->
##### Fixes
- Fixed a deadlock during operator upgrades affecting clusters using synchronous replication, where pods running the old and new operator versions computed different PostgreSQL configuration hashes, causing the uniformity check to block indefinitely and preventing both rolling updates and in-place upgrades from proceeding. ([#​10342](https://github.com/cloudnative-pg/cloudnative-pg/pull/10342)) <!-- 1.28 -->
- Fixed an issue where fencing annotations could not be processed when the WAL disk was full, because the disk space check blocked the instance manager from starting. The check is now performed later in the lifecycle loop, after fencing is evaluated. ([#​10302](https://github.com/cloudnative-pg/cloudnative-pg/pull/10302)) <!-- 1.28 1.27 -->
- Fixed an issue where replicas would get stuck in a `Pending` state if the `VolumeSnapshot` used for the initial bootstrap had been deleted. The operator now validates snapshot existence before use; if a snapshot is missing, it attempts to use the next available candidate or falls back to `pg_basebackup`. ([#​10192](https://github.com/cloudnative-pg/cloudnative-pg/pull/10192)) <!-- 1.28 1.27 1.25 -->
- Prevented the "supervised primary" rollout strategy from consuming all available rollout slots, which previously caused delays in scheduled updates. Contributed by [@​ermakov-oleg](https://github.com/ermakov-oleg). ([#​9977](https://github.com/cloudnative-pg/cloudnative-pg/pull/9977)) <!-- 1.28 1.27 1.25 -->
- Fixed an issue where certain hot-standby parameter changes were not being correctly applied to replica clusters. ([#​9952](https://github.com/cloudnative-pg/cloudnative-pg/pull/9952)) <!-- 1.28 1.27 1.25 -->
- Fixed a bug in the CNPG-I reconciler hook that could lead to skipping subsequent plugins when a "continue" result was returned. Contributed by [@​sharifmshaker](https://github.com/sharifmshaker). ([#​9978](https://github.com/cloudnative-pg/cloudnative-pg/pull/9978)) <!-- 1.28 1.27 -->
- Fixed a deadlock scenario that occurred when attempting to resize a filesystem on a PVC that was not currently attached to a Pod. Contributed by [@​jmealo](https://github.com/jmealo). ([#​9981](https://github.com/cloudnative-pg/cloudnative-pg/pull/9981)) <!-- 1.28 1.27 -->
- Fixed webhook validation of bootstrap recovery sources to accept external clusters configured with `ConnectionParameters` (for `pg_basebackup`-based recovery). Previously, these were incorrectly rejected unless a Barman object store or CNPG-i plugin was also configured. ([#​10268](https://github.com/cloudnative-pg/cloudnative-pg/pull/10268)) <!-- 1.28 1.27 1.25 -->
- Volume names for extensions and tablespaces are now prefixed to avoid naming collisions with standard cluster volumes. ([#​9973](https://github.com/cloudnative-pg/cloudnative-pg/pull/9973)) <!-- 1.28 1.27 -->
- When hibernating a non-healthy cluster, the operator now reports a `WaitingForHealthy` condition, making the deferred hibernation state visible through `cnpg status`. ([#​10193](https://github.com/cloudnative-pg/cloudnative-pg/pull/10193)) <!-- 1.28 1.27 1.25 -->
- Fixed fencing to work correctly even when the target pod does not exist. Fencing operates on a cluster-level annotation and should not depend on pod existence; instance name validation is now performed only in the `cnpg fencing on` command. ([#​10035](https://github.com/cloudnative-pg/cloudnative-pg/pull/10035)) <!-- 1.28 1.27 1.25 -->
- Fixed the cluster and pooler service reconcilers to correctly handle changes to all spec fields when using the patch update strategy. The reconciler now uses RFC 7386 JSON Merge Patching, preventing cloud-provider-set fields (such as `loadBalancerClass`) from being inadvertently removed. ([#​10190](https://github.com/cloudnative-pg/cloudnative-pg/pull/10190), [#​10311](https://github.com/cloudnative-pg/cloudnative-pg/pull/10311)) <!-- 1.28 1.27 1.25 -->
- Fixed a race condition in the deprecated in-tree Barman Cloud backup implementation affecting parallel WAL restore, where prefetched files could be read while still being downloaded, causing PostgreSQL recovery to fail with "invalid checkpoint record" errors. ([#​10285](https://github.com/cloudnative-pg/cloudnative-pg/pull/10285)) <!-- 1.28 1.27 1.25 -->
- Fixed the timeline history file validation to also apply to plugin-based WAL restore. Previously, the protection introduced in [#​9650](https://github.com/cloudnative-pg/cloudnative-pg/pull/9650) only covered in-tree restores, allowing plugins to bypass the check and download future timeline history files, causing timeline mismatch errors on replicas. ([#​9849](https://github.com/cloudnative-pg/cloudnative-pg/pull/9849)) <!-- 1.28 1.27 1.25 -->
- `cnpg` plugin:
- The cnpg plugin now correctly propagates ImagePullSecrets to the `pgbench` Job pod template. ([#​10174](https://github.com/cloudnative-pg/cloudnative-pg/pull/10174)) <!-- 1.28 1.27 1.25 -->
##### Supported versions
- Kubernetes 1.35, 1.34, and 1.33
- PostgreSQL 18, 17, 16, 15, and 14
- PostgreSQL 18.3 is the default image
- [PostgreSQL 14 support ends on November 12, 2026](https://www.postgresql.org/support/versioning/)
### [`v1.28.2`](https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.28.2)
[Compare Source](https://github.com/cloudnative-pg/cloudnative-pg/compare/v1.28.1...v1.28.2)
**Release date:** Mar 31, 2026
##### Important changes
- Updated the deprecation notice for native (in-tree) Barman Cloud support to reflect that it will now be removed in CloudNativePG 1.30.0, rather than 1.29.0. Users are still encouraged to migrate to the Barman Cloud Plugin. ([#​10167](https://github.com/cloudnative-pg/cloudnative-pg/pull/10167)) <!-- 1.28 1.27 -->
##### Enhancements
- Improved the `Pooler` CRD with support for granular configuration of TLS cipher suites and minimum/maximum TLS versions. This enables administrators to meet strict security compliance requirements for pooler-to-client and pooler-to-server connections. Contributed by [@​alex1989hu](https://github.com/alex1989hu). ([#​9571](https://github.com/cloudnative-pg/cloudnative-pg/pull/9571)) <!-- 1.28 1.27 1.25 -->
- Improved the reliability of major upgrades by setting `BackoffLimit=0` on the upgrade job, preventing unnecessary retries of a failed `pg_upgrade`. The operator now automatically deletes the failed job when a user reverts the container image, allowing the cluster to restart gracefully on the original version. ([#​10104](https://github.com/cloudnative-pg/cloudnative-pg/pull/10104), [#​10298](https://github.com/cloudnative-pg/cloudnative-pg/pull/10298)) <!-- 1.28 1.27 -->
- Improved role management by verifying the instance is the primary before each reconciliation cycle, avoiding unnecessary reconciliation attempts and spurious error messages on read-only replicas. ([#​9971](https://github.com/cloudnative-pg/cloudnative-pg/pull/9971)) <!-- 1.28 1.27 1.25 -->
- Extended the CRD schemas for `Cluster`, `ImageCatalog`, and `ClusterImageCatalog` to accept the `extensions`, `bin_path`, and `env` fields introduced in 1.29. The operator ignores these fields on older versions, but accepting them in the schema allows users to share a single manifest across clusters running different CNPG versions. ([#​10131](https://github.com/cloudnative-pg/cloudnative-pg/pull/10131), [#​10387](https://github.com/cloudnative-pg/cloudnative-pg/pull/10387)) <!-- 1.28 1.27 -->
- The operator now honors the `primaryUpdateMethod` when adding new PVCs to a cluster, ensuring that the rollout strategy (e.g., switchover vs. restart) is respected during storage expansion or additions. ([#​9720](https://github.com/cloudnative-pg/cloudnative-pg/pull/9720)) <!-- 1.28 1.27 -->
- Refined the `alpha.cnpg.io/unrecoverable` annotation logic to allow it to function even on pods that have not yet reached the `Ready` state, facilitating the recovery of stuck instances. ([#​9968](https://github.com/cloudnative-pg/cloudnative-pg/pull/9968)) <!-- 1.28 -->
##### Security and Supply Chain
- **Security best practices integration**: integrated the OpenSSF baseline scanner and added a `SECURITY-INSIGHTS.yaml` file to the repository to align with industry-standard security reporting. ([#​10054](https://github.com/cloudnative-pg/cloudnative-pg/pull/10054), <!-- 1.28 1.27 1.25 --> [#​10062](https://github.com/cloudnative-pg/cloudnative-pg/pull/10062)) <!-- 1.28 1.27 1.25 -->
- **SLSA provenance and SBOMs**: added SLSA (Supply-chain Levels for Software Artifacts) provenance to release binaries and container images. Additionally, enabled Software Bill of Materials (SBOM) generation within the GoReleaser pipeline for improved dependency transparency. ([#​10048](https://github.com/cloudnative-pg/cloudnative-pg/pull/10048), <!-- 1.28 1.27 1.25 --> [#​10074](https://github.com/cloudnative-pg/cloudnative-pg/pull/10074)) <!-- 1.28 1.27 1.25 -->
- **Password leak prevention**: fixed a potential security risk where PostgreSQL could leak role passwords in the logs during specific reconciliation phases. ([#​9950](https://github.com/cloudnative-pg/cloudnative-pg/pull/9950)) <!-- 1.28 1.27 1.25 -->
##### Changes
- Updated the default PostgreSQL version to 18.3 (image `18.3-system-trixie`). ([#​10090](https://github.com/cloudnative-pg/cloudnative-pg/pull/10090)) <!-- 1.28 1.27 1.25 -->
##### Fixes
- Fixed a deadlock during operator upgrades affecting clusters using synchronous replication, where pods running the old and new operator versions computed different PostgreSQL configuration hashes, causing the uniformity check to block indefinitely and preventing both rolling updates and in-place upgrades from proceeding. ([#​10342](https://github.com/cloudnative-pg/cloudnative-pg/pull/10342)) <!-- 1.28 -->
- Fixed an issue where fencing annotations could not be processed when the WAL disk was full, because the disk space check blocked the instance manager from starting. The check is now performed later in the lifecycle loop, after fencing is evaluated. ([#​10302](https://github.com/cloudnative-pg/cloudnative-pg/pull/10302)) <!-- 1.28 1.27 -->
- Fixed an issue where replicas would get stuck in a `Pending` state if the `VolumeSnapshot` used for the initial bootstrap had been deleted. The operator now validates snapshot existence before use; if a snapshot is missing, it attempts to use the next available candidate or falls back to `pg_basebackup`. ([#​10192](https://github.com/cloudnative-pg/cloudnative-pg/pull/10192)) <!-- 1.28 1.27 1.25 -->
- Prevented the "supervised primary" rollout strategy from consuming all available rollout slots, which previously caused delays in scheduled updates. Contributed by [@​ermakov-oleg](https://github.com/ermakov-oleg). ([#​9977](https://github.com/cloudnative-pg/cloudnative-pg/pull/9977)) <!-- 1.28 1.27 1.25 -->
- Fixed an issue where certain hot-standby parameter changes were not being correctly applied to replica clusters. ([#​9952](https://github.com/cloudnative-pg/cloudnative-pg/pull/9952)) <!-- 1.28 1.27 1.25 -->
- Fixed a bug in the CNPG-I reconciler hook that could lead to skipping subsequent plugins when a "continue" result was returned. Contributed by [@​sharifmshaker](https://github.com/sharifmshaker). ([#​9978](https://github.com/cloudnative-pg/cloudnative-pg/pull/9978)) <!-- 1.28 1.27 -->
- Fixed a deadlock scenario that occurred when attempting to resize a filesystem on a PVC that was not currently attached to a Pod. Contributed by [@​jmealo](https://github.com/jmealo). ([#​9981](https://github.com/cloudnative-pg/cloudnative-pg/pull/9981)) <!-- 1.28 1.27 -->
- Fixed webhook validation of bootstrap recovery sources to accept external clusters configured with `ConnectionParameters` (for `pg_basebackup`-based recovery). Previously, these were incorrectly rejected unless a Barman object store or CNPG-i plugin was also configured. ([#​10268](https://github.com/cloudnative-pg/cloudnative-pg/pull/10268)) <!-- 1.28 1.27 1.25 -->
- Volume names for extensions and tablespaces are now prefixed to avoid naming collisions with standard cluster volumes. ([#​9973](https://github.com/cloudnative-pg/cloudnative-pg/pull/9973)) <!-- 1.28 1.27 -->
- When hibernating a non-healthy cluster, the operator now reports a `WaitingForHealthy` condition, making the deferred hibernation state visible through `cnpg status`. ([#​10193](https://github.com/cloudnative-pg/cloudnative-pg/pull/10193)) <!-- 1.28 1.27 1.25 -->
- Fixed fencing to work correctly even when the target pod does not exist. Fencing operates on a cluster-level annotation and should not depend on pod existence; instance name validation is now performed only in the `cnpg fencing on` command. ([#​10035](https://github.com/cloudnative-pg/cloudnative-pg/pull/10035)) <!-- 1.28 1.27 1.25 -->
- Fixed the cluster and pooler service reconcilers to correctly handle changes to all spec fields when using the patch update strategy. The reconciler now uses RFC 7386 JSON Merge Patching, preventing cloud-provider-set fields (such as `loadBalancerClass`) from being inadvertently removed. ([#​10190](https://github.com/cloudnative-pg/cloudnative-pg/pull/10190), [#​10311](https://github.com/cloudnative-pg/cloudnative-pg/pull/10311)) <!-- 1.28 1.27 1.25 -->
- Fixed a race condition in the deprecated in-tree Barman Cloud backup implementation affecting parallel WAL restore, where prefetched files could be read while still being downloaded, causing PostgreSQL recovery to fail with "invalid checkpoint record" errors. ([#​10285](https://github.com/cloudnative-pg/cloudnative-pg/pull/10285)) <!-- 1.28 1.27 1.25 -->
- Fixed the timeline history file validation to also apply to plugin-based WAL restore. Previously, the protection introduced in [#​9650](https://github.com/cloudnative-pg/cloudnative-pg/pull/9650) only covered in-tree restores, allowing plugins to bypass the check and download future timeline history files, causing timeline mismatch errors on replicas. ([#​9849](https://github.com/cloudnative-pg/cloudnative-pg/pull/9849)) <!-- 1.28 1.27 1.25 -->
- `cnpg` plugin:
- The cnpg plugin now correctly propagates ImagePullSecrets to the `pgbench` Job pod template. ([#​10174](https://github.com/cloudnative-pg/cloudnative-pg/pull/10174)) <!-- 1.28 1.27 1.25 -->
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDIuNCIsInVwZGF0ZWRJblZlciI6IjQzLjEwMi42IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJoZWxtIl19-->
Reviewed-on: #5367
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| xenrox/ntfy-alertmanager | major | `0.5.0` → `1.0.0` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjEwMS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkb2NrZXIiXX0=-->
Reviewed-on: #5312
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [ghcr.io/haveagitgat/tdarr](https://github.com/HaveAGitGat/tdarr_express_be) | minor | `2.66.01` → `2.67.01` |
| [ghcr.io/haveagitgat/tdarr_node](https://github.com/HaveAGitGat/tdarr_express_be) | minor | `2.66.01` → `2.67.01` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuOTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZG9ja2VyIl19-->
Reviewed-on: #5271
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [binwiederhier/ntfy](https://github.com/binwiederhier/ntfy) | minor | `2.20.1` → `2.21.0` |
| [binwiederhier/ntfy](https://ntfy.sh/) ([source](https://github.com/binwiederhier/ntfy)) | minor | `v2.20.1` → `v2.21.0` |
---
### Release Notes
<details>
<summary>binwiederhier/ntfy (binwiederhier/ntfy)</summary>
### [`v2.21.0`](https://github.com/binwiederhier/ntfy/releases/tag/v2.21.0)
[Compare Source](https://github.com/binwiederhier/ntfy/compare/v2.20.1...v2.21.0)
This release adds the ability to verify email addresses using the `smtp-sender-verify` flag. This is a change that is required because ntfy.sh was used to send unsolicited emails and the AWS SES account was suspended. Going forward, ntfy.sh won't be able to send emails unless the email address was verified ahead of time.
**Features:**
- Add verified email recipients feature with `smtp-sender-verify` config flag, allowing server admins to require email
address verification before sending email notifications ([#​1681](https://github.com/binwiederhier/ntfy/pull/1681))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDEuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEwMS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkb2NrZXIiXX0=-->
Reviewed-on: #5300
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [favonia/cloudflare-ddns](https://github.com/favonia/cloudflare-ddns) | minor | `1.15.1` → `1.16.0` |
---
### Release Notes
<details>
<summary>favonia/cloudflare-ddns (favonia/cloudflare-ddns)</summary>
### [`v1.16.0`](https://github.com/favonia/cloudflare-ddns/blob/HEAD/CHANGELOG.markdown#1160-2026-03-30)
[Compare Source](https://github.com/favonia/cloudflare-ddns/compare/v1.15.1...v1.16.0)
Despite the gap of over a year since the last release, we are not aware of any security vulnerability affecting the default configuration. As always, please review the changelog and watch for warnings or errors when upgrading.
#### Highlights
1. **WAF lists now support /128 IPv6 entries.** Cloudflare’s API now accepts individual IPv6 addresses in WAF lists. New `IP4_DEFAULT_PREFIX_LEN` (default `/32`) and `IP6_DEFAULT_PREFIX_LEN` (default `/64`) control how bare addresses are stored in WAF lists. Users can now set `IP6_DEFAULT_PREFIX_LEN` to `128` for per-address granularity. DNS records currently ignore prefix lengths, but will use these in the future.
2. **Multi-instance support via comment-based selection.** New `MANAGED_RECORDS_COMMENT_REGEX` and `MANAGED_WAF_LIST_ITEMS_COMMENT_REGEX` let multiple updater instances safely share the same domain or WAF list, each managing only records or items with matching comments. New `WAF_LIST_ITEM_COMMENT` provides a fallback comment for WAF list items, similar to how `RECORD_COMMENT` serves as a fallback for DNS records.
3. **Multi-IP detection and reconciliation.** Providers now return multiple IP addresses, each with a CIDR prefix length, and the reconciliation algorithm has been redesigned to handle them correctly. The experimental `local.iface` provider now collects all matching global unicast addresses from the specified interface, instead of just the first one. Multi-address support in `url:` and `file:` providers is also experimental.
4. **New `file:` provider.** Reads IP addresses from a local file, re-reading each detection cycle. This enables integration with external scripts or monitoring systems without restarting the updater. (Multi-address support is experimental.)
5. **New variants of `url:` (`url.via4:` and `url.via6:`) for transport overrides.** By default, `url:<url>` connects using the same IP family as the address being detected. Override the IP family used to connect with `url.via4:<url>` or `url.via6:<url>` (e.g., get an IPv6 address over an IPv4 connection). (Multi-address support in URL-based providers is experimental.)
6. **Rewritten user-facing messages.** Many log messages have been reworded into clearer, more natural English.
#### Your Feedback Wanted
The IP prefix length work in this release lays the groundwork for several upcoming features. We’d love your input on the proposed configuration syntax:
- **Per-domain IPv6 host IDs** ([#​764](https://github.com/favonia/cloudflare-ddns/issues/764)):
- `IP6_DOMAINS=sub.example.com{hostid6=::2}`
- `IP6_DOMAINS=sub.example.com{hostid6=preserve}` (keep the detected host IDs)
- `IP6_DOMAINS=sub.example.com{hostid6=mac(77:cc:a7:f9:45:94)}` (compute an [EUI-64](https://en.wikipedia.org/wiki/IPv6_address#Modified_EUI-64) host ID from a MAC address)
- `DOMAINS=sub1.example.com{hostid6=::aad1},sub2.example.com{hostid6=preserve}`
- **Detection IP filtering** ([#​1138](https://github.com/favonia/cloudflare-ddns/issues/1138)):
- `IP6_DETECTION_FILTER=keep-all`
- `IP6_DETECTION_FILTER=!addr-in(fc00::/7)`
- `IP6_DETECTION_FILTER=subnet-in(2001:db8:abcd::/48)`
- `IP4_DETECTION_FILTER=!addr-in(10.0.0.0/8) && !addr-in(192.168.0.0/16)`
- `IP6_DETECTION_FILTER=contains(2002:dead:beef::/100) || contains(2005:dead:beef::/100)`
| input | `addr-in(1.1.0.0/16)` | `subnet-in(1.1.0.0/16)` | `contains(1.1.0.0/16)` |
| ------------ | ---------------------------------- | ----------------------- | ---------------------- |
| `1.1.1.1/8` | ✔️ | ❌️ | ✔️ |
| `1.1.1.1/16` | ✔️ | ✔️ | ✔️ |
| `1.1.1.1/24` | ✔️ | ✔️ | ❌️ |
| `1.2.2.2/8` | ❌️ (`1.2.2.2` not in `1.1.0.0/16`) | ❌️ | ✔️ |
Also planned: a linter for boolean expressions targeting advanced usage of `PROXIED` and the upcoming `IP4/6_DETECTION_FILTER`, and further robustness improvements to the default `cloudflare.trace` provider.
#### Reminder from the Past
As a reminder, since 1.13.0, **the updater no longer drops privileges internally, and `PUID` and `PGID` are ignored.** Please use Docker’s built-in mechanism to drop privileges. The old Docker Compose template may grant unneeded privileges to the new updater, which is not recommended. Please review the new, simpler, and more secure template in [README](./README.markdown). In a nutshell, **remove the `cap_add` attribute and replace the environment variables `PUID` and `PGID` with the [`user: "UID:GID"` attribute](https://docs.docker.com/reference/compose-file/services/#user)**. Similar options may exist for systems not using Docker Compose.
#### Other Notes
**Shoutrrr support is no longer experimental.** The shoutrrr notification integration, introduced in 1.12.0, is now considered stable.
#### Detailed Changes
##### Features
- The detection model has been redesigned so that providers return multiple IP addresses, each with a CIDR prefix length. New `IP4_DEFAULT_PREFIX_LEN` and `IP6_DEFAULT_PREFIX_LEN` settings control how bare addresses are stored in WAF lists. ([#​1144](https://github.com/favonia/cloudflare-ddns/issues/1144)) ([#​1156](https://github.com/favonia/cloudflare-ddns/issues/1156))
- The reconciliation algorithm has been redesigned to handle complex metadata mismatches when multiple IP addresses result in multiple records. ([#​1015](https://github.com/favonia/cloudflare-ddns/issues/1015)) ([#​1020](https://github.com/favonia/cloudflare-ddns/issues/1020)) ([#​1022](https://github.com/favonia/cloudflare-ddns/issues/1022)) ([#​1115](https://github.com/favonia/cloudflare-ddns/issues/1115))
- New `file:` provider reads IP addresses from a local file. ([#​1148](https://github.com/favonia/cloudflare-ddns/issues/1148))
- New `static:<ip1>,<ip2>,...` and `static.empty` providers have been added. `static.empty` actively clears managed content for a given IP family. ([#​1102](https://github.com/favonia/cloudflare-ddns/issues/1102)) ([#​1135](https://github.com/favonia/cloudflare-ddns/issues/1135))
- The `url:`, `file:`, and `static:` providers now accept addresses in CIDR notation (e.g., `198.51.100.1/24`). ([#​1159](https://github.com/favonia/cloudflare-ddns/issues/1159)) ([#​1169](https://github.com/favonia/cloudflare-ddns/issues/1169))
- The experimental `local.iface` provider now collects all matching global unicast addresses. ([#​1095](https://github.com/favonia/cloudflare-ddns/issues/1095))
- New `MANAGED_RECORDS_COMMENT_REGEX` selects only DNS records whose comments match a regex. ([#​1103](https://github.com/favonia/cloudflare-ddns/issues/1103))
- New `MANAGED_WAF_LIST_ITEMS_COMMENT_REGEX` and `WAF_LIST_ITEM_COMMENT` provide the same comment-based selection for WAF list items. ([#​1106](https://github.com/favonia/cloudflare-ddns/issues/1106))
- New `url.via4:<url>` and `url.via6:<url>` providers override the IP family used to connect to a custom URL. ([#​1131](https://github.com/favonia/cloudflare-ddns/issues/1131))
- The updater now warns about likely misconfigured `SHOUTRRR` values. ([#​1111](https://github.com/favonia/cloudflare-ddns/issues/1111))
##### Bug Fixes
- The configuration parser now warns about extra commas in lists (e.g., `a,,b`) except for trailing commas, which were silently ignored. ([#​1177](https://github.com/favonia/cloudflare-ddns/issues/1177))
- The updater now exits gracefully when `EMOJI` or `QUIET` is invalid. ([#​1174](https://github.com/favonia/cloudflare-ddns/issues/1174))
- The updater invalidates relevant zone search cache entries when a zone cannot be found for faster recovery. ([#​1125](https://github.com/favonia/cloudflare-ddns/issues/1125))
- API token verification is now stricter, catching malformed tokens before any update attempts. ([#​1126](https://github.com/favonia/cloudflare-ddns/issues/1126))
- Providers (especially `cloudflare.trace` and `cloudflare.doh`) now validate detected IP addresses more strictly. ([#​1097](https://github.com/favonia/cloudflare-ddns/issues/1097)) ([#​1099](https://github.com/favonia/cloudflare-ddns/issues/1099)) ([#​1101](https://github.com/favonia/cloudflare-ddns/issues/1101)) ([#​1151](https://github.com/favonia/cloudflare-ddns/issues/1151))
- WAF list entries in the configuration are now deduplicated. ([#​1091](https://github.com/favonia/cloudflare-ddns/issues/1091))
- The updater now warns when a configured domain does not look like a fully qualified domain name. ([#​1019](https://github.com/favonia/cloudflare-ddns/issues/1019))
- The updater now warns when DNS records and WAF list items for the same domain have mixed ownership (some managed, some not). ([#​1173](https://github.com/favonia/cloudflare-ddns/issues/1173))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjEwMS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkb2NrZXIiXX0=-->
Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/5301
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [frederikemmer/MediaLyze](https://github.com/frederikemmer/MediaLyze) | minor | `0.3.0` → `0.4.0` |
| [ghcr.io/frederikemmer/medialyze](https://github.com/frederikemmer/MediaLyze) | minor | `0.3.0` → `0.4.0` |
---
### Release Notes
<details>
<summary>frederikemmer/MediaLyze (frederikemmer/MediaLyze)</summary>
### [`v0.4.0`](https://github.com/frederikemmer/MediaLyze/blob/HEAD/CHANGELOG.md#v040)
[Compare Source](https://github.com/frederikemmer/MediaLyze/compare/v0.3.0...v0.4.0)
> 2026-03-30
First "rough" implementation for detecting duplicate files. May break desktop install use v0.3.0 if it's not working properly.
##### ✨ New
- add per-library duplicate detection with `off` (default), `filename`, `filehash`, `both` modes ([#​16](https://github.com/frederikemmer/MediaLyze/issues/16))
- view and search through duplicates on library page
- scan performance tuning in `App settings` with separate controls for per-scan analysis workers and parallel library scans
##### 🐛 Bug fixes
- rework scan execution so discovery streams files directly into analysis and duplicate workers, live progress reflects worker completion, and configured worker counts now affect real throughput
- stop auto-resuming or auto-queuing stale startup jobs, clear pending watchdog debounce requests on cancel, and improve failed scan diagnostics with copyable detailed error payloads
- tighten the duplicate and library-settings UI by capping visible duplicate variants with internal scrolling, aligning scan controls consistently, and making the `dev` desktop artifact build manual-only
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjEwMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkb2NrZXIiXX0=-->
Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/5294
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [ollama/ollama](https://github.com/ollama/ollama) | minor | `0.18.3` → `0.19.0` |
| ollama/ollama | minor | `0.18.3` → `0.19.0` |
---
### Release Notes
<details>
<summary>ollama/ollama (ollama/ollama)</summary>
### [`v0.19.0`](https://github.com/ollama/ollama/releases/tag/v0.19.0)
[Compare Source](https://github.com/ollama/ollama/compare/v0.18.3...v0.19.0)
#### What's Changed
- Ollama's app will now no longer incorrectly show "model is out of date"
- `ollama launch pi` now includes web search plugin that uses Ollama's web search
- Improved KV cache hit rate when using the Anthropic-compatible API
- Fixed tool call parsing issue with Qwen3.5 where tool calls would be output in thinking
- MLX runner will now create periodic snapshots during prompt processing
- Fixed KV cache snapshot memory leak in MLX runner
- Fixed issue where flash attention would be incorrectly enabled for `grok` models
- Fixed `qwen3-next:80b` not loading in Ollama
#### New Contributors
- [@​amatas](https://github.com/amatas) made their first contribution in [#​15022](https://github.com/ollama/ollama/pull/15022)
**Full Changelog**: <https://github.com/ollama/ollama/compare/v0.18.3...v0.19.0>
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45OS4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTkuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZG9ja2VyIl19-->
Reviewed-on: #5286
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [ghcr.io/rybbit-io/rybbit-backend](https://github.com/rybbit-io/rybbit) | minor | `v2.4.0` → `v2.5.0` |
| [rybbit-io/rybbit](https://github.com/rybbit-io/rybbit) | minor | `v2.4.0` → `v2.5.0` |
---
### Release Notes
<details>
<summary>rybbit-io/rybbit (ghcr.io/rybbit-io/rybbit-backend)</summary>
### [`v2.5.0`](https://github.com/rybbit-io/rybbit/releases/tag/v2.5.0)
[Compare Source](https://github.com/rybbit-io/rybbit/compare/v2.4.0...v2.5.0)
- Improved bot blocking capabilities
- Added teams to further subdivide organizations into groups of users and sites <https://rybbit.com/docs/teams>
- Added tagging that allows easy slicing of analytics into different cohorts, similar to an existing feature from Umami <https://rybbit.com/docs/tagging>
- Various minor performance improvements
Thank you [@​lukyrys](https://github.com/lukyrys) for multiple contributions over this period
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45OS4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTkuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZG9ja2VyIl19-->
Reviewed-on: #5275
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [Freika/dawarich](https://github.com/Freika/dawarich) | minor | `1.4.0` → `1.6.0` |
| [freikin/dawarich](https://github.com/Freika/dawarich) | minor | `1.4.0` → `1.6.0` |
---
### Release Notes
<details>
<summary>Freika/dawarich (Freika/dawarich)</summary>
### [`v1.6.0`](https://github.com/Freika/dawarich/blob/HEAD/CHANGELOG.md#160---2026-03-29)
[Compare Source](https://github.com/Freika/dawarich/compare/1.5.1...1.6.0)
##### Added
- Immich users can now enrich their photos with geodata.
- Users can now optionally enable two-factor authentication (2FA) for their accounts in Settings > Two-Factor Authentication. Supported methods: TOTP apps (Google Authenticator, Authy, etc.) and backup codes. Once enabled, users will be prompted for a 2FA code on login. This adds an extra layer of security to protect your location data.
##### Fixed
- Fix OIDC account linking failing when the email from the identity provider has different casing than the existing Dawarich account [#​1983](https://github.com/Freika/dawarich/issues/1983).
- Fix confirmation dialogs being ignored when clicking "Cancel" — destructive actions (account deletion, import/export deletion, place deletion) fired regardless of user choice due to Rails UJS and Turbo both handling the same click [#​1978](https://github.com/Freika/dawarich/issues/1978).
- Fix Year in Review share link being empty when toggling public access [#​2418](https://github.com/Freika/dawarich/issues/2418).
- Fix address field on Points page being empty when geodata properties are unavailable [#​2419](https://github.com/Freika/dawarich/issues/2419).
- Fix Stats API returning the same country/city count for every year instead of per-year counts [#​2280](https://github.com/Freika/dawarich/issues/2280).
- Fix flyover countries (with no visited cities) still showing in monthly stats views [#​2423](https://github.com/Freika/dawarich/issues/2423).
- Fix importing Google Timeline files. [#​2427](https://github.com/Freika/dawarich/issues/2427)
### [`v1.5.1`](https://github.com/Freika/dawarich/blob/HEAD/CHANGELOG.md#151---2026-03-28)
[Compare Source](https://github.com/Freika/dawarich/compare/1.5.0...1.5.1)
##### Fixed
- Fix points and tracks interactions on Map v2 being unresponsive after the latest update.
- Fix creating demo data from the onboarding modal.
- Fix navbar for cloud trial users.
- Reset months stats instead of deleting when there is no data.
### [`v1.5.0`](https://github.com/Freika/dawarich/blob/HEAD/CHANGELOG.md#150---2026-03-28)
[Compare Source](https://github.com/Freika/dawarich/compare/1.4.0...1.5.0)
##### Added
- GPS noise filtering. An automatic system to detect ahd filter out points with unrealistic speeds, altitudes, or sudden jumps.
- Support for signing in via web view using our Android app.
- On the map settings page user now can enable and disable map layers.
- Onboarding modal now offers a third option to load demo data (3 days in Berlin, \~1000 points) so new users can instantly see what the map looks like. Demo imports bypass trial limits, are clearly labeled with a "Demo" badge, and can be deleted from a banner on the map page or from the imports list.
- New tool to the Map V2 tools: The "Day per Country" button will open a modal showing a breakdown of how many days the user has spent in each country, based on their points data. This is calculated by grouping points by country and counting unique days with at least one point in that country.
##### Changed
- \[Cloud] The point creation API endpoints are being excluded from the default Lite/Pro rate limits (200/1,000 requests/hour). They now have general rate limits of 10,000 requests/hour.
- Buildings numbers on map V2 are now shown on closer zoom.
##### Fixed
- Users who registered via Google (or other OAuth providers) can now change their password and email without needing to enter their current password.
- Fix deadlocks in reverse geocoding job when multiple Sidekiq workers update points concurrently.
- Fix `counter_cache_column` error in points counter reset job by using direct SQL count instead of `reset_counters`.
- Fix duplicate place records causing `ON CONFLICT` cardinality violations during reverse geocoding.
- Fix `TypeError` crash in transportation mode backfill when Google export files have unexpected JSON structure.
- Fix inability to disable visit suggestions background job due to conflicting Rails UJS and Turbo handlers causing request cancellation [#​2118](https://github.com/Freika/dawarich/issues/2118).
- Fix visit confirm/decline buttons firing twice [#​2379](https://github.com/Freika/dawarich/issues/2379).
- Fix clicking on a point in Map v2 silently moving it to the cursor position. Points now only update when intentionally dragged [#​2149](https://github.com/Freika/dawarich/issues/2149), [#​2150](https://github.com/Freika/dawarich/issues/2150).
- Fix visit name suggester not recognizing Photon reverse geocoding data format, causing all suggested places to show as "Suggested place" [#​2151](https://github.com/Freika/dawarich/issues/2151), [#​2377](https://github.com/Freika/dawarich/issues/2377).
- Fix visit edit form displaying UTC times instead of the user's configured timezone [#​2168](https://github.com/Freika/dawarich/issues/2168).
- Fix export deletion failing when the export file was manually removed from disk [#​915](https://github.com/Freika/dawarich/issues/915).
- Fix PhotoPrism `before` date filter being off by one day, excluding photos taken on the end date [#​747](https://github.com/Freika/dawarich/issues/747).
- Fix datetime inputs allowing 5-digit years on Chrome by adding `max` attribute to all datetime-local fields [#​578](https://github.com/Freika/dawarich/issues/578).
- Fix Points page datetime fields requiring seconds input, preventing search on mobile browsers and some desktop browsers [#​1040](https://github.com/Freika/dawarich/issues/1040), [#​1478](https://github.com/Freika/dawarich/issues/1478).
- Fix altitude values being truncated to integers instead of preserving decimal precision [#​1573](https://github.com/Freika/dawarich/issues/1573).
- Fix suggested visits keeping "Suggested Visit" name when confirmed directly without selecting a place [#​1725](https://github.com/Freika/dawarich/issues/1725).
- Fix visit name becoming empty and uneditable when clicking the name field and then clicking away [#​1776](https://github.com/Freika/dawarich/issues/1776).
- Fix trips page crashing with `undefined method 'coordinates' for nil` when trip path calculation hasn't completed yet [#​1356](https://github.com/Freika/dawarich/issues/1356), [#​1765](https://github.com/Freika/dawarich/issues/1765).
- Fix Immich/PhotoPrism photos on map not being filtered by the selected date range [#​1755](https://github.com/Freika/dawarich/issues/1755).
- Fix short trips (less than one full day) not showing photos due to PhotoPrism `before` date filter being exclusive [#​1688](https://github.com/Freika/dawarich/issues/1688).
- Fix health check endpoint (`/api/v1/health`) triggering unnecessary `User Load` database queries on every request [#​1770](https://github.com/Freika/dawarich/issues/1770).
- Fix points created via Overland API (Home Assistant, GPSLogger) not being automatically reverse geocoded after creation [#​1242](https://github.com/Freika/dawarich/issues/1242).
- Fix monthly stats map crashing with `Invalid LatLng object: (NaN, NaN)` when points have missing coordinates [#​1762](https://github.com/Freika/dawarich/issues/1762).
- Fix trips failing with self-signed certificates by leveraging per-integration SSL skip settings [#​455](https://github.com/Freika/dawarich/issues/455).
- Fix non-admin users unable to access Background Jobs settings to trigger reverse geocoding or manage visit suggestions [#​1714](https://github.com/Freika/dawarich/issues/1714).
- Fix family page map not loading due to `escape_javascript` producing invalid JSON in the Stimulus data attribute.
- Fix countries appearing in visited statistics despite only being driven through without spending meaningful time in any city [#​1595](https://github.com/Freika/dawarich/issues/1595), [#​1779](https://github.com/Freika/dawarich/issues/1779).
- Fix `migrate_to_new_storage` rake task crashing when export URL is blank, already migrated, or points to a directory instead of a file [#​1018](https://github.com/Freika/dawarich/issues/1018), [#​1037](https://github.com/Freika/dawarich/issues/1037).
- Fix selecting the only suggested place for a visit having no effect because the dropdown `change` event never fires with a single option [#​471](https://github.com/Freika/dawarich/issues/471).
- Fix city duration calculation undercounting time spent due to integer division truncating sub-minute GPS intervals to zero [#​2408](https://github.com/Freika/dawarich/issues/2408).
- Fix tooltips in data tables (Imports, Exports, Points) being hidden behind adjacent rows [#​2409](https://github.com/Freika/dawarich/issues/2409).
- Fix iOS QR code in Account settings being cut off on the right side [#​2406](https://github.com/Freika/dawarich/issues/2406).
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuOTkuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZG9ja2VyIl19-->
Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/5260
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [ghcr.io/unpoller/unpoller](https://github.com/unpoller/unpoller) | minor | `v2.38.0` → `v2.39.0` |
| [unpoller/unpoller](https://github.com/unpoller/unpoller) | minor | `v2.38.0` → `v2.39.0` |
---
### Release Notes
<details>
<summary>unpoller/unpoller (ghcr.io/unpoller/unpoller)</summary>
### [`v2.39.0`](https://github.com/unpoller/unpoller/releases/tag/v2.39.0)
[Compare Source](https://github.com/unpoller/unpoller/compare/v2.38.0...v2.39.0)
##### Changelog
- [`c596e82`](c596e82cf2) fix: use v2 traffic API as DPI fallback for Network 9.1+ firmware ([#​985](https://github.com/unpoller/unpoller/issues/985))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuOTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZG9ja2VyIl19-->
Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/5255
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
The Renovate config in this repository needs migrating. Typically this is because one or more configuration options you are using have been renamed.
You don't need to merge this PR right away, because Renovate will continue to migrate these fields internally each time it runs. But later some of these fields may be fully deprecated and the migrations removed. So it's a good idea to merge this migration PR soon.
🔕 **Ignore**: Close this PR and you won't be reminded about config migration again, but one day your current config may no longer be valid.
❓ Got questions? Does something look wrong to you? Please don't hesitate to [request help here](https://github.com/renovatebot/renovate/discussions).
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
Reviewed-on: #5258
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
The Renovate config in this repository needs migrating. Typically this is because one or more configuration options you are using have been renamed.
You don't need to merge this PR right away, because Renovate will continue to migrate these fields internally each time it runs. But later some of these fields may be fully deprecated and the migrations removed. So it's a good idea to merge this migration PR soon.
🔕 **Ignore**: Close this PR and you won't be reminded about config migration again, but one day your current config may no longer be valid.
❓ Got questions? Does something look wrong to you? Please don't hesitate to [request help here](https://github.com/renovatebot/renovate/discussions).
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
Reviewed-on: #5251
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) | patch | `v1.20.0` → `v1.20.1` |
---
### Release Notes
<details>
<summary>cert-manager/cert-manager (cert-manager/cert-manager)</summary>
### [`v1.20.1`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.1)
[Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.20.0...v1.20.1)
v1.20.1 fixes an issue for OpenShift users that has to do with the finalizer RBAC, bumps gRPC to address a reported non-affecting vulnerability, and fixes a duplicate `parentRef` bug when both issuer config and annotations are present (Gateway API).
##### Bug or Regression
- Fixed duplicate `parentRef` bug when both issuer config and annotations are present. ([#​8658](https://github.com/cert-manager/cert-manager/issues/8658), [@​hjoshi123](https://github.com/hjoshi123))
- Add missing issuer finalizer RBAC to the order controller to support owner references. This was preventing OpenShift users from being able to upgrade to v1.20.0. ([#​8655](https://github.com/cert-manager/cert-manager/issues/8655), [@​erikgb](https://github.com/erikgb))
- Bump google.golang.org/grpc to fix vulnerability reported by scanners. This isn't a vulnerability that affects cert-manager, but we are bumping it because it is reported by scanners. ([#​8657](https://github.com/cert-manager/cert-manager/issues/8657), [@​erikgb](https://github.com/erikgb))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuOTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/5206
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [tailscale/tailscale](https://github.com/tailscale/tailscale) | patch | `v1.96.3` → `v1.96.4` |
---
### Release Notes
<details>
<summary>tailscale/tailscale (tailscale/tailscale)</summary>
### [`v1.96.4`](https://github.com/tailscale/tailscale/releases/tag/v1.96.4)
[Compare Source](https://github.com/tailscale/tailscale/compare/v1.96.3...v1.96.4)
Please refer to the changelog available at <https://tailscale.com/changelog>
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuOTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Reviewed-on: #5208
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [grafana/loki](https://github.com/grafana/loki) | patch | `3.7.0` → `3.7.1` |
---
### Release Notes
<details>
<summary>grafana/loki (grafana/loki)</summary>
### [`v3.7.1`](https://github.com/grafana/loki/releases/tag/v3.7.1)
[Compare Source](https://github.com/grafana/loki/compare/v3.7.0...v3.7.1)
##### Bug Fixes
- Upgrade Go and gRPC versions on 3.7.x ([#​21282](https://github.com/grafana/loki/issues/21282)) ([2c8fff2](2c8fff222b))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuOTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Reviewed-on: #5207
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
2026-03-28 01:29:53 +00:00
140 changed files with 1022 additions and 841 deletions
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
