alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

chore(deps): update gotenberg/gotenberg docker tag to v8.31.0 #6025

Merged
alexlebens merged 1 commits from renovate/unified-gotenberg into main 2026-04-18 00:19:19 +00:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
renovate-bot commented 2026-04-17 15:08:29 +00:00
Collaborator
Copy Link

This PR contains the following updates:

Package Update Change
gotenberg/gotenberg minor 8.30.18.31.0

Release Notes

gotenberg/gotenberg (gotenberg/gotenberg)

v8.31.0: 8.31.0

Compare Source

Breaking Changes & Security Fixes ⚠️

  • Stopped publishing thecodingmachine/gotenberg images. Pull from gotenberg/gotenberg instead.
  • SSRF hardening (breaking). Resolves outbound URLs (Chromium asset fetches, webhook delivery, download-from) and rejects non-public addresses: loopback, RFC1918, link-local, unspecified, multicast, IPv6 unique-local, IPv4-mapped IPv6. Pins the dial to the validated IP to prevent DNS rebinding.
  • Defaulted webhook deny list (breaking). --webhook-deny-list now defaults to a regex blocking loopback, RFC1918, link-local, and IPv6 unique-local ranges. Override the flag to call internal hosts.
  • Sanitized ExifTool metadata (breaking for System: tags). Strips control characters and line breaks from /forms/pdfengines/metadata/write payloads. Drops System:-prefixed tags. Blocks argument smuggling and filesystem pseudo-tag abuse.

New Features

  • Embed files metadata. Adds embedsMetadata to every route accepting embeds (Chromium HTML/URL/Markdown, LibreOffice convert, PDF Engines merge/split/embed). Pass a JSON object keyed by filename with per-file fields (mimeType, relationship, etc.) - thanks @​Jean-Beru!

Bug Fixes

  • Pinned Chromium to v146 on ppc64le to work around an upstream regression.

Deprecated Flags

Old New
--webhook-error-allow-list --webhook-allow-list
--webhook-error-deny-list --webhook-deny-list

Old flags still work.

Chore

  • Updated Go dependencies.

Configuration

📅 Schedule: (in timezone America/Chicago)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [gotenberg/gotenberg](https://github.com/gotenberg/gotenberg) | minor | `8.30.1` → `8.31.0` | --- ### Release Notes <details> <summary>gotenberg/gotenberg (gotenberg/gotenberg)</summary> ### [`v8.31.0`](https://github.com/gotenberg/gotenberg/releases/tag/v8.31.0): 8.31.0 [Compare Source](https://github.com/gotenberg/gotenberg/compare/v8.30.1...v8.31.0) #### Breaking Changes & Security Fixes ⚠️ - **Stopped publishing `thecodingmachine/gotenberg` images.** Pull from `gotenberg/gotenberg` instead. - **SSRF hardening (breaking).** Resolves outbound URLs (Chromium asset fetches, webhook delivery, download-from) and rejects non-public addresses: loopback, RFC1918, link-local, unspecified, multicast, IPv6 unique-local, IPv4-mapped IPv6. Pins the dial to the validated IP to prevent DNS rebinding. - **Defaulted webhook deny list (breaking).** `--webhook-deny-list` now defaults to a regex blocking loopback, RFC1918, link-local, and IPv6 unique-local ranges. Override the flag to call internal hosts. - **Sanitized ExifTool metadata (breaking for `System:` tags).** Strips control characters and line breaks from `/forms/pdfengines/metadata/write` payloads. Drops `System:`-prefixed tags. Blocks argument smuggling and filesystem pseudo-tag abuse. #### New Features - **Embed files metadata.** Adds `embedsMetadata` to every route accepting `embeds` (Chromium HTML/URL/Markdown, LibreOffice convert, PDF Engines merge/split/embed). Pass a JSON object keyed by filename with per-file fields (`mimeType`, `relationship`, etc.) - thanks [@&#8203;Jean-Beru](https://github.com/Jean-Beru)! #### Bug Fixes - **Pinned Chromium to v146 on ppc64le** to work around an upstream regression. #### Deprecated Flags | Old | New | | ---------------------------- | ---------------------- | | `--webhook-error-allow-list` | `--webhook-allow-list` | | `--webhook-error-deny-list` | `--webhook-deny-list` | Old flags still work. #### Chore - Updated Go dependencies. </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjUuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkb2NrZXIiXX0=-->
renovate-bot added the docker label 2026-04-17 15:08:29 +00:00
renovate-bot added 1 commit 2026-04-17 22:56:03 +00:00
chore(deps): update gotenberg/gotenberg docker tag to v8.31.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 47s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 24s
Details
render-manifests / render-manifests (pull_request) Successful in 59s
Details
952c97cfde
renovate-bot force-pushed renovate/unified-gotenberg from 38aad3fd00 to 952c97cfde 2026-04-17 22:56:03 +00:00 Compare
alexlebens merged commit 399d4dcd1f into main 2026-04-18 00:19:19 +00:00
alexlebens deleted branch renovate/unified-gotenberg 2026-04-18 00:19:24 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Renovate
Issue generated by Renovate.
 automerge
This PR will be automerged by Renovate.
 chart
Chart update generated by Renovate.
 docker
Docker update generated by Renovate.
github-actions
Github Action update generated by Renovate.
helm
Helm update generated by Renovate.
image
Image update generated by Renovate.
 stale
PR or Issue that has not been updated recently.
No Label docker
Milestone
No items
No Milestone
Assignees
Clear assignees
gitea-bot renovate-bot alexlebens
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: alexlebens/infrastructure#6025
Delete Branch "renovate/unified-gotenberg"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?