pool/git-bug
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

leap-16.0 #8

Manually merged
mcepl merged 29 commits from mcepl/git-bug:leap-16.0 into leap-16.0 2025-12-04 13:51:42 +01:00
Conversation 13 Commits 29 Files Changed 10 +166 -32
mcepl commented 2025-12-01 12:12:34 +01:00
Contributor
Copy Link
Tue Nov 25 17:41:00 UTC 2025 - Matej Cepl mcepl@cepl.eu

- Revendor to include fixed version of depending libraries:
- GO-2025-4116 (CVE-2025-47913, bsc#1253506) upgrade
golang.org/x/crypto to v0.43.0
- GO-2025-3900 (GHSA-2464-8j7c-4cjm) upgrade
github.com/go-viper/mapstructure/v2 to v2.4.0
- GO-2025-3787 (GHSA-fv92-fjc5-jj9h) included in the previous
- GO-2025-3754 (GHSA-2x5j-vhc8-9cwm) upgrade
github.com/cloudflare/circl to v1.6.1
- GO-2025-4134 (CVE-2025-58181, bsc#1253930) upgrade
golang.org/x/crypto/ssh to v0.45.0
- GO-2025-4135 (CVE-2025-47914, bsc#1254084) upgrade
golang.org/x/crypto/ssh/agent to v0.45.0

Wed Oct 15 20:05:09 UTC 2025 - Matej Cepl mcepl@cepl.eu

  • Revendor to include golang.org/x/net/html v 0.45.0 to prevent
    possible DoS by various algorithms with quadratic complexity
    when parsing HTML documents (bsc#1251463, CVE-2025-47911 and
    bsc#1251664, CVE-2025-58190).

Mon May 19 08:38:03 UTC 2025 - Matej Cepl mcepl@cepl.eu

  • Update to version 0.10.1:
    • cli: ignore missing sections when removing configuration (ddb22a2f)
  • Update to version 0.10.0:
    • bridge: correct command used to create a new bridge (9942337b)
    • web: simplify header navigation (7e95b169)
    • webui: remark upgrade + gfm + syntax highlighting (6ee47b96)
    • BREAKING CHANGE: dev-infra: remove gokart (89b880bd)
  • Update to version 0.10.0
    • bridge: correct command used to create a new bridge (9942337b)
    • web: simplify header navigation (7e95b169)
    • web: remark upgrade + gfm + syntax highlighting (6ee47b96)
  • Update to version 0.9.0:
    • completion: remove errata from string literal (aa102c91)
    • tui: improve readability of the help bar (23be684a)

Tue May 06 10:21:55 UTC 2025 - mcepl@cepl.eu

  • Update to version 0.8.1+git.1746484874.96c7a111:
    • docs: update install, contrib, and usage documentation (#1222)
    • fix: resolve the remote URI using url.*.insteadOf (#1394)
    • build(deps): bump the go_modules group across 1 directory with 3 updates (#1376)
    • chore: gofmt simplify gitlab/export_test.go (#1392)
    • fix: checkout repo before setting up go environment (#1390)
    • feat: bump to go v1.24.2 (#1389)
    • chore: update golang.org/x/net (#1379)
    • fix: use -0700 when formatting time (#1388)
    • fix: use correct url for gitlab PATs (#1384)
    • refactor: remove depdendency on pnpm for auto-label action (#1383)
    • feat: add action: auto-label (#1380)
    • feat: remove lifecycle/frozen (#1377)
    • build(deps): bump the npm_and_yarn group across 1 directory with 12 updates (#1378)
    • feat: support new exclusion label: lifecycle/pinned (#1375)
    • fix: refactor how gitlab title changes are detected (#1370)
    • revert: "Create Dependabot config file" (#1374)
    • refactor: rename //:git-bug.go to //:main.go (#1373)
    • build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.16 to 2.5.25 (#1361)
    • fix: set GitLastTag to an empty string when git-describe errors (#1355)
    • chore: update go-git to v5@masterupdate_mods (#1284)
    • refactor: Directly swap two variables to optimize code (#1272)
    • Update README.md Matrix link to new room (#1275)
  • Remove upstreamed patch:
    • CVE-2025-22869-bump-go-crypto-ssh.patch

Tue Mar 25 15:29:50 UTC 2025 - mcepl@cepl.eu

  • Update to version 0.8.0+git.1742269202.0ab94c9:
    • deps(crypto): bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337) (#1312)
  • Remove upstreamed CVE-2024-45337-bump-go-crypto.patch
    (apparently upstream still didn’t see the other one).

Thu Mar 13 17:02:33 UTC 2025 - mcepl@cepl.eu

  • Add CVE-2025-22869-bump-go-crypto-ssh.patch to update
    golang.org/x/crypto/ssh to v0.35.0 (bsc#1239494,
    CVE-2025-22869).

Wed Jan 22 16:32:25 UTC 2025 - Matej Cepl mcepl@cepl.eu

  • Add missing Requires to completion subpackages.

Wed Jan 8 09:00:10 UTC 2025 - Matej Cepl mcepl@cepl.eu

  • Update vendorization.

Tue Dec 17 13:53:28 UTC 2024 - Matej Cepl mcepl@cepl.eu

  • Update to version 0.8.0+git.1733745604.d499b6e:
    • fix typos in docs (#1266)
    • build(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 (#1289)
  • Add CVE-2024-45337-bump-go-crypto.patch to bump
    golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for
    CVE-2024-45337, bsc#1234565).
------------------------------------------------------------------- Tue Nov 25 17:41:00 UTC 2025 - Matej Cepl <mcepl@cepl.eu> - Revendor to include fixed version of depending libraries: - GO-2025-4116 (CVE-2025-47913, bsc#1253506) upgrade golang.org/x/crypto to v0.43.0 - GO-2025-3900 (GHSA-2464-8j7c-4cjm) upgrade github.com/go-viper/mapstructure/v2 to v2.4.0 - GO-2025-3787 (GHSA-fv92-fjc5-jj9h) included in the previous - GO-2025-3754 (GHSA-2x5j-vhc8-9cwm) upgrade github.com/cloudflare/circl to v1.6.1 - GO-2025-4134 (CVE-2025-58181, bsc#1253930) upgrade golang.org/x/crypto/ssh to v0.45.0 - GO-2025-4135 (CVE-2025-47914, bsc#1254084) upgrade golang.org/x/crypto/ssh/agent to v0.45.0 ------------------------------------------------------------------- Wed Oct 15 20:05:09 UTC 2025 - Matej Cepl <mcepl@cepl.eu> - Revendor to include golang.org/x/net/html v 0.45.0 to prevent possible DoS by various algorithms with quadratic complexity when parsing HTML documents (bsc#1251463, CVE-2025-47911 and bsc#1251664, CVE-2025-58190). ------------------------------------------------------------------- Mon May 19 08:38:03 UTC 2025 - Matej Cepl <mcepl@cepl.eu> - Update to version 0.10.1: - cli: ignore missing sections when removing configuration (ddb22a2f) - Update to version 0.10.0: - bridge: correct command used to create a new bridge (9942337b) - web: simplify header navigation (7e95b169) - webui: remark upgrade + gfm + syntax highlighting (6ee47b96) - BREAKING CHANGE: dev-infra: remove gokart (89b880bd) - Update to version 0.10.0 - bridge: correct command used to create a new bridge (9942337b) - web: simplify header navigation (7e95b169) - web: remark upgrade + gfm + syntax highlighting (6ee47b96) - Update to version 0.9.0: - completion: remove errata from string literal (aa102c91) - tui: improve readability of the help bar (23be684a) ------------------------------------------------------------------- Tue May 06 10:21:55 UTC 2025 - mcepl@cepl.eu - Update to version 0.8.1+git.1746484874.96c7a111: * docs: update install, contrib, and usage documentation (#1222) * fix: resolve the remote URI using url.*.insteadOf (#1394) * build(deps): bump the go_modules group across 1 directory with 3 updates (#1376) * chore: gofmt simplify gitlab/export_test.go (#1392) * fix: checkout repo before setting up go environment (#1390) * feat: bump to go v1.24.2 (#1389) * chore: update golang.org/x/net (#1379) * fix: use -0700 when formatting time (#1388) * fix: use correct url for gitlab PATs (#1384) * refactor: remove depdendency on pnpm for auto-label action (#1383) * feat: add action: auto-label (#1380) * feat: remove lifecycle/frozen (#1377) * build(deps): bump the npm_and_yarn group across 1 directory with 12 updates (#1378) * feat: support new exclusion label: lifecycle/pinned (#1375) * fix: refactor how gitlab title changes are detected (#1370) * revert: "Create Dependabot config file" (#1374) * refactor: rename //:git-bug.go to //:main.go (#1373) * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.16 to 2.5.25 (#1361) * fix: set GitLastTag to an empty string when git-describe errors (#1355) * chore: update go-git to v5@masterupdate_mods (#1284) * refactor: Directly swap two variables to optimize code (#1272) * Update README.md Matrix link to new room (#1275) - Remove upstreamed patch: - CVE-2025-22869-bump-go-crypto-ssh.patch ------------------------------------------------------------------- Tue Mar 25 15:29:50 UTC 2025 - mcepl@cepl.eu - Update to version 0.8.0+git.1742269202.0ab94c9: * deps(crypto): bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337) (#1312) - Remove upstreamed CVE-2024-45337-bump-go-crypto.patch (apparently upstream still didn’t see the other one). ------------------------------------------------------------------- Thu Mar 13 17:02:33 UTC 2025 - mcepl@cepl.eu - Add CVE-2025-22869-bump-go-crypto-ssh.patch to update golang.org/x/crypto/ssh to v0.35.0 (bsc#1239494, CVE-2025-22869). ------------------------------------------------------------------- Wed Jan 22 16:32:25 UTC 2025 - Matej Cepl <mcepl@cepl.eu> - Add missing Requires to completion subpackages. ------------------------------------------------------------------- Wed Jan 8 09:00:10 UTC 2025 - Matej Cepl <mcepl@cepl.eu> - Update vendorization. ------------------------------------------------------------------- Tue Dec 17 13:53:28 UTC 2024 - Matej Cepl <mcepl@cepl.eu> - Update to version 0.8.0+git.1733745604.d499b6e: * fix typos in docs (#1266) * build(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 (#1289) - Add CVE-2024-45337-bump-go-crypto.patch to bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337, bsc#1234565).
mcepl added 30 commits 2025-12-01 12:12:35 +01:00
[info=6747d5f7671b55c0ff5e8a8c7910ab57476d8671674e9ffa239cb588c8f7443a] e43f811c53 
OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:mcepl:git-bug:1/git-bug?expand=0&rev=1
Accepting request 1205581 from devel:Factory:git-workflow:staging:mcepl:git-bug:1 cd87a14c18 
Update to version 0.8.0+git.1725552198.b0cc690:

Also switch to _service and generated tarball

(🤖: Submission of git-bug via #1 by mcepl)

OBS-URL: https://build.opensuse.org/request/show/1205581
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git-bug?expand=0&rev=5
[info=fb65c5d555a534c3ef98b414d3cce1673c2de7ec09a005f8718ebf92aab17b08] 57f0d29002 
OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:mcepl:git-bug:2/git-bug?expand=0&rev=2
Accepting request 1231700 from devel:Factory:git-workflow:staging:mcepl:git-bug:2 c2907d34aa 
Cve 2024 45337 Crypto Bump

- Update to version 0.8.0+git.1733745604.d499b6e:
  * fix typos in docs (#1266)
  * build(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 (#1289)
- Add CVE-2024-45337-bump-go-crypto.patch to bump
  golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for
  CVE-2024-45337, bsc#1234565).

(🤖: Submission of git-bug via #2 by mcepl)

OBS-URL: https://build.opensuse.org/request/show/1231700
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git-bug?expand=0&rev=6
[info=8d9522113e7a913f925136b2791d03c574a9ebb8c3769f747425dd7821d9e7dd] 600eb6be4a 
OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:mcepl:git-bug:4/git-bug?expand=0&rev=1
[info=5b5e1e4425abe81c6eb06b5f66c4a96f5fb3fbba1e7e492a2890642bbbeaa96c] c87da1ac25 
OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:mcepl:git-bug:4/git-bug?expand=0&rev=2
[info=eff75f601dc996202884e1ff651d125e45bc69e73c9530e62abe3be97c7eb860] 6fa5e7c335 
OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:mcepl:git-bug:4/git-bug?expand=0&rev=3
[info=aaf8ee748406cfd8a24815afb6cad5ebfcd523a41bb54afe583ce5f567c16682] 49bc748fa9 
OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:mcepl:git-bug:4/git-bug?expand=0&rev=4
Accepting request 1235844 from devel:Factory:git-workflow:staging:mcepl:git-bug:4 8eda2c2f40 
Update To D499b6e

Update to the commit d499b6e.

(🤖: Submission of git-bug via #4 by mcepl)

OBS-URL: https://build.opensuse.org/request/show/1235844
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git-bug?expand=0&rev=7
[info=f332bd0a0cbb8c2e69a5ca29a0c130cb7c2e5b77e43712f39412b52dc47c8ac8] a45cc7b70a 
OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:mcepl:git-bug:4/git-bug?expand=0&rev=5
[info=ab782b159e8850be0471942de2f849b659567314a17a59e7663ce792e9f48abc] f84e3f119c 
OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:mcepl:git-bug:4/git-bug?expand=0&rev=6
Accepting request 1239615 from devel:Factory:git-workflow:staging:mcepl:git-bug:4 62690c0dc5 
Update To D499b6e

Update to the commit d499b6e.

(🤖: Submission of git-bug via #4 by mcepl)

OBS-URL: https://build.opensuse.org/request/show/1239615
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git-bug?expand=0&rev=8
Accepting request 1256145 from devel:Factory:git-workflow:staging:mcepl:git-bug:7 736dfb254c 
- Update to version 0.8.0+git.1742269202.0ab94c9:

- Update to version 0.8.0+git.1742269202.0ab94c9:

(🤖: Submission of git-bug via #7 by mcepl)

OBS-URL: https://build.opensuse.org/request/show/1256145
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git-bug?expand=0&rev=9
Accepting request 1275060 from devel:tools:scm 53d65ccf0f 
- Update to version 0.8.1+git.1746484874.96c7a111:
* docs: update install, contrib, and usage documentation (#1222)
* fix: resolve the remote URI using url.*.insteadOf (#1394)
* build(deps): bump the go_modules group across 1 directory with 3 updates (#1376)
* chore: gofmt simplify gitlab/export_test.go (#1392)
* fix: checkout repo before setting up go environment (#1390)
* feat: bump to go v1.24.2 (#1389)
* chore: update golang.org/x/net (#1379)
* fix: use -0700 when formatting time (#1388)
* fix: use correct url for gitlab PATs (#1384)
* refactor: remove depdendency on pnpm for auto-label action (#1383)
* feat: add action: auto-label (#1380)
* feat: remove lifecycle/frozen (#1377)
* build(deps): bump the npm_and_yarn group across 1 directory with 12 updates (#1378)
* feat: support new exclusion label: lifecycle/pinned (#1375)
* fix: refactor how gitlab title changes are detected (#1370)
* revert: "Create Dependabot config file" (#1374)
* refactor: rename //:git-bug.go to //:main.go (#1373)
* build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.16 to 2.5.25 (#1361)
* fix: set GitLastTag to an empty string when git-describe errors (#1355)
* chore: update go-git to v5@masterupdate_mods (#1284)
* refactor: Directly swap two variables to optimize code (#1272)
* Update README.md Matrix link to new room (#1275)
- Remove upstreamed patch:
- CVE-2025-22869-bump-go-crypto-ssh.patch

OBS-URL: https://build.opensuse.org/request/show/1275060
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git-bug?expand=0&rev=10
Accepting request 1278375 from devel:tools:scm e594f64458 
- Update to version 0.10.1:
  - cli: ignore missing sections when removing configuration (ddb22a2f)
- Update to version 0.10.0:
  - bridge: correct command used to create a new bridge (9942337b)
  - web: simplify header navigation (7e95b169)
  - webui: remark upgrade + gfm + syntax highlighting (6ee47b96)
  - BREAKING CHANGE: dev-infra: remove gokart (89b880bd)
- Update to version 0.10.0
  - bridge: correct command used to create a new bridge (9942337b)
  - web: simplify header navigation (7e95b169)
  - web: remark upgrade + gfm + syntax highlighting (6ee47b96)
- Update to version 0.9.0:
  - completion: remove errata from string literal (aa102c91)
  - tui: improve readability of the help bar (23be684a)

OBS-URL: https://build.opensuse.org/request/show/1278375
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git-bug?expand=0&rev=11
Accepting request 1312668 from devel:tools:scm 6911af6e1c 
- Revendor to include golang.org/x/net/html v 0.45.0 to prevent
  possible DoS by various algorithms with quadratic complexity
  when parsing HTML documents (bsc#1251463, CVE-2025-47911 and
  bsc#1251664, CVE-2025-58190).

OBS-URL: https://build.opensuse.org/request/show/1312668
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git-bug?expand=0&rev=12
chore: remove _scmsync.obsinfo and build.specials.obscpio e69176ea22
Add remote-config.patch (gh#MichaelMure/git-bug!1076): try 10920bec49 
reading git-bug.remote config value before defaulting to 'origin'
when no explicit REMOTE argument.
Update to version 0.8.0+git.1725552198.b0cc690: 0a90390d7d 
* build(deps): bump golang.org/x/term from 0.23.0 to 0.24.0 (#1261)
  * graphql: properly namespace Bug to make space for other entities (#1254)
  * refactor: rename github test repository: test-github-bridge (#1256)
  * build(deps-dev): bump the npm_and_yarn group across 1 directory with 4 updates (#1250)
  * core: make label a common type, in a similar fashion as for status (#1252)
  * chore: regenerate command completion and documentation (#1253)
  * feat: update references to the git-bug organization (#1249)
  * build(deps): bump github.com/vbauerster/mpb/v8 from 8.7.5 to 8.8.2 (#1248)
  * build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0 (#1242)
  * feat: add package to dev shell: delve (#1240)
  * build(deps): bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#1239)
  * build(deps): bump golang.org/x/text from 0.16.0 to 0.17.0 (#1237)
  * feat(ci): support a merge queue
  * DOC: it is "new" not "configure" command (also was missing \)
  * build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0
  * build(deps): bump golang.org/x/oauth2 from 0.21.0 to 0.22.0
  * build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0
  * fix: correct path for reusable workflow: lifecycle
  * feat: merge go directive and toolchain specification
  * feat: improved lifecycle management with stale-bot
  * build(deps): bump github.com/vbauerster/mpb/v8 from 8.7.4 to 8.7.5
  * revert: "feat: increase operations per run for workflow: cron"
  * chore: update go dependencies
  * fix: run the presubmit pipeline for PRs
  * chore: remove refs to deprecated io/ioutil
  * fix: move codeql into an independent workflow
  * feat: bump node versions to 16.x, 18.x, and 20.x
  * feat: refactor pipelines into reusable workflows
  * build(deps): bump jsonwebtoken and @graphql-tools/prisma-loader
  * build(deps-dev): bump tough-cookie from 4.1.2 to 4.1.3 in /webui
  * build(deps): bump github.com/xanzy/go-gitlab from 0.106.0 to 0.107.0
  * build(deps): bump graphql from 16.6.0 to 16.8.1 in /webui
  * build(deps-dev): bump undici from 5.11.0 to 5.28.4 in /webui
  * build(deps): bump @babel/traverse from 7.19.3 to 7.24.8 in /webui
  * build(deps): bump github.com/99designs/gqlgen from 0.17.36 to 0.17.49
  * build(deps): bump github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0
  * build(deps-dev): bump semver from 5.7.1 to 5.7.2 in /webui
  * build(deps-dev): bump word-wrap from 1.2.3 to 1.2.5 in /webui
  * build(deps-dev): bump express from 4.18.1 to 4.19.2 in /webui
  * build(deps-dev): bump ws from 7.5.9 to 7.5.10 in /webui
  * build(deps): bump golang.org/x/vuln from 1.1.2 to 1.1.3
  * build(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.12.0
  * build(deps-dev): bump undici from 5.11.0 to 5.26.3 in /webui
  * build(deps): bump github.com/vbauerster/mpb/v8 from 8.5.2 to 8.7.4
  * build(deps): bump webpack from 5.74.0 to 5.76.1 in /webui
  * build(deps): bump github.com/go-git/go-billy/v5 from 5.4.1 to 5.5.0
  * build(deps): bump ua-parser-js from 0.7.31 to 0.7.33 in /webui
  * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.15 to 2.5.16
  * build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0
  * build(deps): bump json5 from 1.0.1 to 1.0.2 in /webui
  * build(deps): bump loader-utils from 2.0.2 to 2.0.4 in /webui
  * build(deps): bump minimatch and recursive-readdir in /webui
  * fix: add write for prs: stale/issue-and-pr
  * feat: allow for manual execution of workflow: cron
  * feat: increase operations per run for workflow: cron
  * fix: add missing `with` property to //.github/workflows:cron.yml
  * feat: add workflow for triaging stale issues and prs
  * feat: add initial editorconfig configuration file
  * feat: add a common file for git-blame ignored revisions
  * feat: add a commit message template
  * feat: add initial nix development shell
  * feat: update action library versions
  * feat: add concurrency limits to all pipelines
  * fix: bump to go v1.22.5
  * fix: correct typo: acceps => accepts
  * build(deps): bump github.com/fatih/color from 1.16.0 to 1.17.0 (#1183)
  * build(deps): bump github.com/gorilla/mux from 1.8.0 to 1.8.1 (#1181)
  * build(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.1 (#1179)
  * build(deps): bump golang.org/x/vuln from 1.0.0 to 1.1.2 (#1171)
  * build(deps): bump golang.org/x/crypto from 0.21.0 to 0.25.0 (#1175)
  * build(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.5 to 2.0.7 (#1113)
  * build(deps): bump golang.org/x/text from 0.14.0 to 0.16.0 (#1173)
  * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.8 to 2.5.15 (#1164)
  * build(deps): bump github.com/hashicorp/go-retryablehttp (#1162)
  * build(deps): bump golang.org/x/net from 0.14.0 to 0.23.0 (#1166)
  * build(deps): bump golang.org/x/oauth2 from 0.11.0 to 0.21.0 (#1165)
  * build(deps): bump github.com/xanzy/go-gitlab from 0.90.0 to 0.106.0 (#1167)
  * build(deps): bump golang.org/x/sys from 0.11.0 to 0.14.0 (#1132)
Update to version 0.8.0+git.1733745604.d499b6e: 66a824f09d 
* fix typos in docs (#1266)
  * build(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 (#1289)
Add CVE-2024-45337-bump-go-crypto.patch to bump
  golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for
  CVE-2024-45337, bsc#1234565).
Update vendorization. e0e1013448
- Update to version 0.8.0+git.1742269202.0ab94c9: 879eb5a851 
* deps(crypto): bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337) (#1312)
- Remove upstreamed CVE-2024-45337-bump-go-crypto.patch
  (apparently upstream still didn’t see the other one).
- Add CVE-2025-22869-bump-go-crypto-ssh.patch to update
  golang.org/x/crypto/ssh to v0.35.0 (bsc#1239494,
  CVE-2025-22869).
Update to version 0.8.1+git.1746484874.96c7a111: b11e736a03 
* docs: update install, contrib, and usage documentation (#1222)
  * fix: resolve the remote URI using url.*.insteadOf (#1394)
  * build(deps): bump the go_modules group across 1 directory with 3 updates (#1376)
  * chore: gofmt simplify gitlab/export_test.go (#1392)
  * fix: checkout repo before setting up go environment (#1390)
  * feat: bump to go v1.24.2 (#1389)
  * chore: update golang.org/x/net (#1379)
  * fix: use -0700 when formatting time (#1388)
  * fix: use correct url for gitlab PATs (#1384)
  * refactor: remove depdendency on pnpm for auto-label action (#1383)
  * feat: add action: auto-label (#1380)
  * feat: remove lifecycle/frozen (#1377)
  * build(deps): bump the npm_and_yarn group across 1 directory with 12 updates (#1378)
  * feat: support new exclusion label: lifecycle/pinned (#1375)
  * fix: refactor how gitlab title changes are detected (#1370)
  * revert: "Create Dependabot config file" (#1374)
  * refactor: rename //:git-bug.go to //:main.go (#1373)
  * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.16 to 2.5.25 (#1361)
  * fix: set GitLastTag to an empty string when git-describe errors (#1355)
  * chore: update go-git to v5@masterupdate_mods (#1284)
  * refactor: Directly swap two variables to optimize code (#1272)
  * Update README.md Matrix link to new room (#1275)
Remove upstreamed patch:
  - CVE-2025-22869-bump-go-crypto-ssh.patch
Update to version 0.10.1: a807919e5c 
- cli: ignore missing sections when removing configuration (ddb22a2f)
Update to version 0.10.0:
  - bridge: correct command used to create a new bridge (9942337b)
  - web: simplify header navigation (7e95b169)
  - webui: remark upgrade + gfm + syntax highlighting (6ee47b96)
  - BREAKING CHANGE: dev-infra: remove gokart (89b880bd)
Update to version 0.10.0
  - bridge: correct command used to create a new bridge (9942337b)
  - web: simplify header navigation (7e95b169)
  - web: remark upgrade + gfm + syntax highlighting (6ee47b96)
Update to version 0.9.0:
  - completion: remove errata from string literal (aa102c91)
  - tui: improve readability of the help bar (23be684a)
Revendor to include fixed version of depending libraries bfa8e9f39c 
- GO-2025-4116 (CVE-2025-47913, bsc#1253506) upgrade
    golang.org/x/crypto to v0.43.0
  - GO-2025-3900 (GHSA-2464-8j7c-4cjm) upgrade
    github.com/go-viper/mapstructure/v2 to v2.4.0
  - GO-2025-3787 (GHSA-fv92-fjc5-jj9h) included in the previous
  - GO-2025-3754 (GHSA-2x5j-vhc8-9cwm) upgrade
    github.com/cloudflare/circl to v1.6.1
  - GO-2025-4134 (CVE-2025-58181, bsc#1253930) upgrade
    golang.org/x/crypto/ssh to v0.45.0
  - GO-2025-4135 (CVE-2025-47914, bsc#1254084) upgrade
    golang.org/x/crypto/ssh/agent to v0.45.0
Update vendorization. 8db14c9276
- Update to version 0.8.0+git.1742269202.0ab94c9: 7a7657462d 
* deps(crypto): bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337) (#1312)
- Remove upstreamed CVE-2024-45337-bump-go-crypto.patch
  (apparently upstream still didn’t see the other one).
- Add CVE-2025-22869-bump-go-crypto-ssh.patch to update
  golang.org/x/crypto/ssh to v0.35.0 (bsc#1239494,
  CVE-2025-22869).
Update to version 0.8.1+git.1746484874.96c7a111: 8d744abe01 
* docs: update install, contrib, and usage documentation (#1222)
  * fix: resolve the remote URI using url.*.insteadOf (#1394)
  * build(deps): bump the go_modules group across 1 directory with 3 updates (#1376)
  * chore: gofmt simplify gitlab/export_test.go (#1392)
  * fix: checkout repo before setting up go environment (#1390)
  * feat: bump to go v1.24.2 (#1389)
  * chore: update golang.org/x/net (#1379)
  * fix: use -0700 when formatting time (#1388)
  * fix: use correct url for gitlab PATs (#1384)
  * refactor: remove depdendency on pnpm for auto-label action (#1383)
  * feat: add action: auto-label (#1380)
  * feat: remove lifecycle/frozen (#1377)
  * build(deps): bump the npm_and_yarn group across 1 directory with 12 updates (#1378)
  * feat: support new exclusion label: lifecycle/pinned (#1375)
  * fix: refactor how gitlab title changes are detected (#1370)
  * revert: "Create Dependabot config file" (#1374)
  * refactor: rename //:git-bug.go to //:main.go (#1373)
  * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.16 to 2.5.25 (#1361)
  * fix: set GitLastTag to an empty string when git-describe errors (#1355)
  * chore: update go-git to v5@masterupdate_mods (#1284)
  * refactor: Directly swap two variables to optimize code (#1272)
  * Update README.md Matrix link to new room (#1275)
Remove upstreamed patch:
  - CVE-2025-22869-bump-go-crypto-ssh.patch
Update to version 0.10.1: 023f13dbfa 
- cli: ignore missing sections when removing configuration (ddb22a2f)
Update to version 0.10.0:
  - bridge: correct command used to create a new bridge (9942337b)
  - web: simplify header navigation (7e95b169)
  - webui: remark upgrade + gfm + syntax highlighting (6ee47b96)
  - BREAKING CHANGE: dev-infra: remove gokart (89b880bd)
Update to version 0.10.0
  - bridge: correct command used to create a new bridge (9942337b)
  - web: simplify header navigation (7e95b169)
  - web: remark upgrade + gfm + syntax highlighting (6ee47b96)
Update to version 0.9.0:
  - completion: remove errata from string literal (aa102c91)
  - tui: improve readability of the help bar (23be684a)
Revendor to include fixed version of depending libraries 2ce85f6adf 
- GO-2025-4116 (CVE-2025-47913, bsc#1253506) upgrade
    golang.org/x/crypto to v0.43.0
  - GO-2025-3900 (GHSA-2464-8j7c-4cjm) upgrade
    github.com/go-viper/mapstructure/v2 to v2.4.0
  - GO-2025-3787 (GHSA-fv92-fjc5-jj9h) included in the previous
  - GO-2025-3754 (GHSA-2x5j-vhc8-9cwm) upgrade
    github.com/cloudflare/circl to v1.6.1
  - GO-2025-4134 (CVE-2025-58181, bsc#1253930) upgrade
    golang.org/x/crypto/ssh to v0.45.0
  - GO-2025-4135 (CVE-2025-47914, bsc#1254084) upgrade
    golang.org/x/crypto/ssh/agent to v0.45.0
autogits_workflow_pr_bot requested review from legaldb 2025-12-01 12:13:00 +01:00
autogits_workflow_pr_bot requested review from maintenance-release-review 2025-12-01 12:13:01 +01:00
autogits_workflow_pr_bot requested review from opensuse-review 2025-12-01 12:13:01 +01:00
maintenance-release-review commented 2025-12-01 12:14:08 +01:00
First-time contributor
Copy Link

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @maintenance-release-review: approve.
To request changes on behalf of the group, create the following comment: @maintenance-release-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@maintenance-release-review: approve`. To request changes on behalf of the group, create the following comment: `@maintenance-release-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
opensuse-review commented 2025-12-01 12:21:39 +01:00
Member
Copy Link

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dimstar, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @opensuse-review: approve.
To request changes on behalf of the group, create the following comment: @opensuse-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dimstar, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@opensuse-review: approve`. To request changes on behalf of the group, create the following comment: `@opensuse-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
legaldb commented 2025-12-01 12:29:16 +01:00
Member
Copy Link

Legal reviewed as acceptable_by_lawyer:

Accepted because previously reviewed under the same license (491249)
Legal reviewed as [acceptable_by_lawyer](https://legaldb.suse.de/reviews/details/491937): ``` Accepted because previously reviewed under the same license (491249) ```
report.md
1.5 KiB
legaldb approved these changes 2025-12-01 12:29:16 +01:00
Dismissed
mcepl added 2 commits 2025-12-01 12:50:33 +01:00
Revendor to include fixed version of depending libraries 2ce85f6adf 
- GO-2025-4116 (CVE-2025-47913, bsc#1253506) upgrade
    golang.org/x/crypto to v0.43.0
  - GO-2025-3900 (GHSA-2464-8j7c-4cjm) upgrade
    github.com/go-viper/mapstructure/v2 to v2.4.0
  - GO-2025-3787 (GHSA-fv92-fjc5-jj9h) included in the previous
  - GO-2025-3754 (GHSA-2x5j-vhc8-9cwm) upgrade
    github.com/cloudflare/circl to v1.6.1
  - GO-2025-4134 (CVE-2025-58181, bsc#1253930) upgrade
    golang.org/x/crypto/ssh to v0.45.0
  - GO-2025-4135 (CVE-2025-47914, bsc#1254084) upgrade
    golang.org/x/crypto/ssh/agent to v0.45.0
Revendor to include fixed version of depending libraries 2390ae6cee 
- GO-2025-4116 (CVE-2025-47913, bsc#1253506) upgrade
    golang.org/x/crypto to v0.43.0
  - GO-2025-3900 (GHSA-2464-8j7c-4cjm) upgrade
    github.com/go-viper/mapstructure/v2 to v2.4.0
  - GO-2025-3787 (GHSA-fv92-fjc5-jj9h) included in the previous
  - GO-2025-3754 (GHSA-2x5j-vhc8-9cwm) upgrade
    github.com/cloudflare/circl to v1.6.1
  - GO-2025-4134 (CVE-2025-58181, bsc#1253930) upgrade
    golang.org/x/crypto/ssh to v0.45.0
  - GO-2025-4135 (CVE-2025-47914, bsc#1254084) upgrade
    golang.org/x/crypto/ssh/agent to v0.45.0
mcepl dismissed legaldb's review 2025-12-01 12:50:34 +01:00
Reason:

New commits pushed, approval review dismissed automatically according to repository settings

autogits_workflow_pr_bot requested review from legaldb 2025-12-01 12:50:58 +01:00
opensuse-review commented 2025-12-01 12:52:05 +01:00
Member
Copy Link

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dimstar, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @opensuse-review: approve.
To request changes on behalf of the group, create the following comment: @opensuse-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dimstar, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@opensuse-review: approve`. To request changes on behalf of the group, create the following comment: `@opensuse-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
maintenance-release-review commented 2025-12-01 12:54:26 +01:00
First-time contributor
Copy Link

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @maintenance-release-review: approve.
To request changes on behalf of the group, create the following comment: @maintenance-release-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@maintenance-release-review: approve`. To request changes on behalf of the group, create the following comment: `@maintenance-release-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
legaldb commented 2025-12-01 13:09:26 +01:00
Member
Copy Link

Legal reviewed as acceptable_by_lawyer:

Accepted because previously reviewed under the same license (491937)
Legal reviewed as [acceptable_by_lawyer](https://legaldb.suse.de/reviews/details/491941): ``` Accepted because previously reviewed under the same license (491937) ```
report.md
1.5 KiB
legaldb approved these changes 2025-12-01 13:09:26 +01:00
msmeissn commented 2025-12-03 10:09:54 +01:00
First-time contributor
Copy Link

@maintenance-release-review: approve

merge ok

@maintenance-release-review: approve merge ok
maintenance-release-review approved these changes 2025-12-03 10:12:16 +01:00
maintenance-release-review left a comment
First-time contributor
Copy Link

msmeissn approved a review on behalf of maintenance-release-review

msmeissn approved a review on behalf of maintenance-release-review
mstrigl commented 2025-12-03 16:08:22 +01:00
First-time contributor
Copy Link

@opensuse-review : approve

LGTM

@opensuse-review : approve LGTM
mstrigl commented 2025-12-03 16:08:23 +01:00
First-time contributor
Copy Link

merge ok

merge ok
opensuse-review approved these changes 2025-12-03 16:13:39 +01:00
opensuse-review left a comment
Member
Copy Link

mstrigl approved a review on behalf of opensuse-review

mstrigl approved a review on behalf of opensuse-review
mcepl manually merged commit 2390ae6cee into leap-16.0 2025-12-04 13:51:42 +01:00
Sign in to join this conversation.
Reviewers
No Reviewers
legaldb
maintenance-release-review
opensuse-review
Labels
Clear labels
legaldb
Critical Priority
Critical legaldb priority
Archived
legaldb
High Priority
2
High legaldb priority
legaldb
Normal Priority
1
Normal legaldb priority
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
adamm_super adrianSuSE autobuild-owner autobuild-review autogits_workflow_pr_bot bigironman dirkmueller eroca factory_bot gitea_test legaldb lkocman-factory maxlin_factory opensuse-review packagehub-review smithfarm
No Assignees
6 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: pool/git-bug#8
Delete Branch "mcepl/git-bug:leap-16.0"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?