From e43f811c53865785ac70198e6950a45aec6cc3b5c55d96fdd8bbbf67fd015748 Mon Sep 17 00:00:00 2001
From: Git SCM Staging <dirk+git-staging@dmllr.de>
Date: Thu, 3 Oct 2024 18:49:59 +0000
Subject: [PATCH 01/24] 
 [info=6747d5f7671b55c0ff5e8a8c7910ab57476d8671674e9ffa239cb588c8f7443a]

OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:mcepl:git-bug:1/git-bug?expand=0&rev=1
---
 _scmsync.obsinfo                             |   6 +-
 _service                                     |  13 +--
 _servicedata                                 |   2 +-
 build.specials.obscpio                       |   4 +-
 git-bug-0.8.0+git.1713935544.6d051a2.tar.gz  |   3 -
 git-bug-0.8.0+git.1725552198.b0cc690.obscpio |   3 +
 git-bug.changes                              |  90 +++++++++++++++++
 git-bug.obsinfo                              |   4 +
 git-bug.spec                                 |   7 +-
 remote-config.patch                          | 100 +++++++++++++++++++
 vendor.tar.gz                                |   4 +-
 11 files changed, 215 insertions(+), 21 deletions(-)
 delete mode 100644 git-bug-0.8.0+git.1713935544.6d051a2.tar.gz
 create mode 100644 git-bug-0.8.0+git.1725552198.b0cc690.obscpio
 create mode 100644 git-bug.obsinfo
 create mode 100644 remote-config.patch

diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo
index dd66b33..22c6274 100644
--- a/_scmsync.obsinfo
+++ b/_scmsync.obsinfo
@@ -1,4 +1,4 @@
-mtime: 1716306206
-commit: 37df43d87407ec2126096834cde3c96c3261b7ea
+mtime: 1727981298
+commit: 6747d5f7671b55c0ff5e8a8c7910ab57476d8671674e9ffa239cb588c8f7443a
 url: https://src.opensuse.org/mcepl_pkgs/git-bug.git
-revision: 37df43d87407ec2126096834cde3c96c3261b7ea
+revision: 6747d5f7671b55c0ff5e8a8c7910ab57476d8671674e9ffa239cb588c8f7443a
diff --git a/_service b/_service
index 057d144..4215177 100644
--- a/_service
+++ b/_service
@@ -1,19 +1,16 @@
 <services>
-    <service name="tar_scm" mode="manual">
+    <service name="obs_scm" mode="manual">
         <param name="versionprefix">0.8.0+git</param>
         <param name="url">https://github.com/MichaelMure/git-bug.git</param>
         <param name="scm">git</param>
-        <param name="exclude">.git*</param>
         <param name="changesgenerate">enable</param>
         <param name="changesauthor">mcepl@cepl.eu</param>
     </service>
-    <service name="recompress" mode="manual">
+    <service name="tar" mode="buildtime"/>
+    <service name="recompress" mode="buildtime">
         <param name="file">*.tar</param>
         <param name="compression">gz</param>
     </service>
-    <service name="set_version" mode="manual">
-        <param name="basename">git-bug</param>
-    </service>
-    <service name="go_modules" mode="manual">
-    </service>
+    <service name="set_version" mode="manual"/>
+    <service name="go_modules" mode="manual"/>
 </services>
diff --git a/_servicedata b/_servicedata
index b26ce67..ffe128b 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/MichaelMure/git-bug.git</param>
-              <param name="changesrevision">6d051a243c734489993c6733c1b21895d59e5e34</param></service></servicedata>
\ No newline at end of file
+              <param name="changesrevision">b0cc690854e501af9d91e2f09366263d629ceeaa</param></service></servicedata>
\ No newline at end of file
diff --git a/build.specials.obscpio b/build.specials.obscpio
index 5fb121b..e5d2f8e 100644
--- a/build.specials.obscpio
+++ b/build.specials.obscpio
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:fce9c0f1f8552a16aa03fae4df34d624f911bccf4e83a8b4abeb5a4d38cb8f25
-size 260
+oid sha256:4f404ef18f0d74ec9189097173058080ac3da53c17a407104262de177f03abe4
+size 304
diff --git a/git-bug-0.8.0+git.1713935544.6d051a2.tar.gz b/git-bug-0.8.0+git.1713935544.6d051a2.tar.gz
deleted file mode 100644
index ab24aa0..0000000
--- a/git-bug-0.8.0+git.1713935544.6d051a2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e2b961edb692b20ddc3454dde1eae2363ef20144a57c3a6b82ff190ead32ecdc
-size 2597759
diff --git a/git-bug-0.8.0+git.1725552198.b0cc690.obscpio b/git-bug-0.8.0+git.1725552198.b0cc690.obscpio
new file mode 100644
index 0000000..8058592
--- /dev/null
+++ b/git-bug-0.8.0+git.1725552198.b0cc690.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9b3661c916b26066d398293d13695d76fb61e00e5d4fe049830afeaeba924335
+size 7206413
diff --git a/git-bug.changes b/git-bug.changes
index faf6e3e..4cc4927 100644
--- a/git-bug.changes
+++ b/git-bug.changes
@@ -1,3 +1,93 @@
+-------------------------------------------------------------------
+Thu Oct 03 18:28:47 UTC 2024 - mcepl@cepl.eu
+
+- Update to version 0.8.0+git.1725552198.b0cc690:
+  * build(deps): bump golang.org/x/term from 0.23.0 to 0.24.0 (#1261)
+  * graphql: properly namespace Bug to make space for other entities (#1254)
+  * refactor: rename github test repository: test-github-bridge (#1256)
+  * build(deps-dev): bump the npm_and_yarn group across 1 directory with 4 updates (#1250)
+  * core: make label a common type, in a similar fashion as for status (#1252)
+  * chore: regenerate command completion and documentation (#1253)
+  * feat: update references to the git-bug organization (#1249)
+  * build(deps): bump github.com/vbauerster/mpb/v8 from 8.7.5 to 8.8.2 (#1248)
+  * build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0 (#1242)
+  * feat: add package to dev shell: delve (#1240)
+  * build(deps): bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#1239)
+  * build(deps): bump golang.org/x/text from 0.16.0 to 0.17.0 (#1237)
+  * feat(ci): support a merge queue
+  * DOC: it is "new" not "configure" command (also was missing \)
+  * build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0
+  * build(deps): bump golang.org/x/oauth2 from 0.21.0 to 0.22.0
+  * build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0
+  * fix: correct path for reusable workflow: lifecycle
+  * feat: merge go directive and toolchain specification
+  * feat: improved lifecycle management with stale-bot
+  * build(deps): bump github.com/vbauerster/mpb/v8 from 8.7.4 to 8.7.5
+  * revert: "feat: increase operations per run for workflow: cron"
+  * chore: update go dependencies
+  * fix: run the presubmit pipeline for PRs
+  * chore: remove refs to deprecated io/ioutil
+  * fix: move codeql into an independent workflow
+  * feat: bump node versions to 16.x, 18.x, and 20.x
+  * feat: refactor pipelines into reusable workflows
+  * build(deps): bump jsonwebtoken and @graphql-tools/prisma-loader
+  * build(deps-dev): bump tough-cookie from 4.1.2 to 4.1.3 in /webui
+  * build(deps): bump github.com/xanzy/go-gitlab from 0.106.0 to 0.107.0
+  * build(deps): bump graphql from 16.6.0 to 16.8.1 in /webui
+  * build(deps-dev): bump undici from 5.11.0 to 5.28.4 in /webui
+  * build(deps): bump @babel/traverse from 7.19.3 to 7.24.8 in /webui
+  * build(deps): bump github.com/99designs/gqlgen from 0.17.36 to 0.17.49
+  * build(deps): bump github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0
+  * build(deps-dev): bump semver from 5.7.1 to 5.7.2 in /webui
+  * build(deps-dev): bump word-wrap from 1.2.3 to 1.2.5 in /webui
+  * build(deps-dev): bump express from 4.18.1 to 4.19.2 in /webui
+  * build(deps-dev): bump ws from 7.5.9 to 7.5.10 in /webui
+  * build(deps): bump golang.org/x/vuln from 1.1.2 to 1.1.3
+  * build(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.12.0
+  * build(deps-dev): bump undici from 5.11.0 to 5.26.3 in /webui
+  * build(deps): bump github.com/vbauerster/mpb/v8 from 8.5.2 to 8.7.4
+  * build(deps): bump webpack from 5.74.0 to 5.76.1 in /webui
+  * build(deps): bump github.com/go-git/go-billy/v5 from 5.4.1 to 5.5.0
+  * build(deps): bump ua-parser-js from 0.7.31 to 0.7.33 in /webui
+  * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.15 to 2.5.16
+  * build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0
+  * build(deps): bump json5 from 1.0.1 to 1.0.2 in /webui
+  * build(deps): bump loader-utils from 2.0.2 to 2.0.4 in /webui
+  * build(deps): bump minimatch and recursive-readdir in /webui
+  * fix: add write for prs: stale/issue-and-pr
+  * feat: allow for manual execution of workflow: cron
+  * feat: increase operations per run for workflow: cron
+  * fix: add missing `with` property to //.github/workflows:cron.yml
+  * feat: add workflow for triaging stale issues and prs
+  * feat: add initial editorconfig configuration file
+  * feat: add a common file for git-blame ignored revisions
+  * feat: add a commit message template
+  * feat: add initial nix development shell
+  * feat: update action library versions
+  * feat: add concurrency limits to all pipelines
+  * fix: bump to go v1.22.5
+  * fix: correct typo: acceps => accepts
+  * build(deps): bump github.com/fatih/color from 1.16.0 to 1.17.0 (#1183)
+  * build(deps): bump github.com/gorilla/mux from 1.8.0 to 1.8.1 (#1181)
+  * build(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.1 (#1179)
+  * build(deps): bump golang.org/x/vuln from 1.0.0 to 1.1.2 (#1171)
+  * build(deps): bump golang.org/x/crypto from 0.21.0 to 0.25.0 (#1175)
+  * build(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.5 to 2.0.7 (#1113)
+  * build(deps): bump golang.org/x/text from 0.14.0 to 0.16.0 (#1173)
+  * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.8 to 2.5.15 (#1164)
+  * build(deps): bump github.com/hashicorp/go-retryablehttp (#1162)
+  * build(deps): bump golang.org/x/net from 0.14.0 to 0.23.0 (#1166)
+  * build(deps): bump golang.org/x/oauth2 from 0.11.0 to 0.21.0 (#1165)
+  * build(deps): bump github.com/xanzy/go-gitlab from 0.90.0 to 0.106.0 (#1167)
+  * build(deps): bump golang.org/x/sys from 0.11.0 to 0.14.0 (#1132)
+
+-------------------------------------------------------------------
+Sat Aug  3 15:16:21 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
+
+- Add remote-config.patch (gh#MichaelMure/git-bug!1076): try
+  reading git-bug.remote config value before defaulting to
+  'origin' when no explicit REMOTE argument.
+
 -------------------------------------------------------------------
 Tue May 07 14:31:42 UTC 2024 - mcepl@cepl.eu
 
diff --git a/git-bug.obsinfo b/git-bug.obsinfo
new file mode 100644
index 0000000..d1b0dbb
--- /dev/null
+++ b/git-bug.obsinfo
@@ -0,0 +1,4 @@
+name: git-bug
+version: 0.8.0+git.1725552198.b0cc690
+mtime: 1725552198
+commit: b0cc690854e501af9d91e2f09366263d629ceeaa
diff --git a/git-bug.spec b/git-bug.spec
index 18c4653..4eaccd2 100644
--- a/git-bug.spec
+++ b/git-bug.spec
@@ -17,19 +17,22 @@
 
 
 Name:           git-bug
-Version:        0.8.0+git.1713935544.6d051a2
+Version:        0.8.0+git.1725552198.b0cc690
 Release:        0
 Summary:        Distributed, offline-first bug tracker embedded in git, with bridges
 License:        MIT
 URL:            https://github.com/MichaelMure/git-bug
 # Source0:        https://github.com/MichaelMure/%%{name}/archive/refs/tags/v%%{version}.tar.gz#/git-bug-%%{version}.tar.gz
 Source0:        git-bug-%{version}.tar.gz
+# PATCH-FIX-UPSTREAM remote-config.patch gh#MichaelMure/git-bug!1076 mcepl@suse.com
+# try reading git-bug.remote config value before defaulting to 'origin' when no explicit REMOTE argument
+Patch0:         remote-config.patch
 Source1:        vendor.tar.gz
 # # PATCH-FEATURE-UPSTREAM 501-export.patch gh#MichaelMure/git-bug!501 mcepl@suse.com
 # # add a command to export bugs as raw operations
 # Patch0:         501-export.patch
 BuildRequires:  golang-packaging
-BuildRequires:  golang(API) = 1.18
+BuildRequires:  golang(API) = 1.22
 
 %description
 git-bug is a bug tracker that:
diff --git a/remote-config.patch b/remote-config.patch
new file mode 100644
index 0000000..45b73d4
--- /dev/null
+++ b/remote-config.patch
@@ -0,0 +1,100 @@
+From 65cfe2b3fff11d34b5ffc9f7e5d24aefb505497f Mon Sep 17 00:00:00 2001
+From: William Ahern <william@25thandClement.com>
+Date: Thu, 27 Jul 2023 22:06:45 -0700
+Subject: [PATCH] pull, push: try reading git-bug.remote config value before
+ defaulting to 'origin' when no explicit REMOTE argument
+
+---
+ commands/pull.go     |   16 +++++++++++-----
+ commands/push.go     |   16 +++++++++++-----
+ repository/config.go |   11 +++++++++++
+ 3 files changed, 33 insertions(+), 10 deletions(-)
+
+--- a/commands/pull.go
++++ b/commands/pull.go
+@@ -8,6 +8,7 @@ import (
+ 	"github.com/git-bug/git-bug/commands/completion"
+ 	"github.com/git-bug/git-bug/commands/execenv"
+ 	"github.com/git-bug/git-bug/entity"
++	"github.com/git-bug/git-bug/repository"
+ )
+ 
+ func newPullCommand(env *execenv.Env) *cobra.Command {
+@@ -25,13 +26,18 @@ func newPullCommand(env *execenv.Env) *c
+ }
+ 
+ func runPull(env *execenv.Env, args []string) error {
+-	if len(args) > 1 {
++	var remote string
++	switch {
++	case len(args) > 1:
+ 		return errors.New("Only pulling from one remote at a time is supported")
+-	}
+-
+-	remote := "origin"
+-	if len(args) == 1 {
++	case len(args) == 1:
+ 		remote = args[0]
++	default:
++		v, err := repository.GetDefaultString("git-bug.remote", env.Repo.AnyConfig(), "origin")
++		if err != nil {
++			return err
++		}
++		remote = v
+ 	}
+ 
+ 	env.Out.Println("Fetching remote ...")
+--- a/commands/push.go
++++ b/commands/push.go
+@@ -7,6 +7,7 @@ import (
+ 
+ 	"github.com/git-bug/git-bug/commands/completion"
+ 	"github.com/git-bug/git-bug/commands/execenv"
++	"github.com/git-bug/git-bug/repository"
+ )
+ 
+ func newPushCommand(env *execenv.Env) *cobra.Command {
+@@ -24,13 +25,18 @@ func newPushCommand(env *execenv.Env) *c
+ }
+ 
+ func runPush(env *execenv.Env, args []string) error {
+-	if len(args) > 1 {
++	var remote string
++	switch {
++	case len(args) > 1:
+ 		return errors.New("Only pushing to one remote at a time is supported")
+-	}
+-
+-	remote := "origin"
+-	if len(args) == 1 {
++	case len(args) == 1:
+ 		remote = args[0]
++	default:
++		v, err := repository.GetDefaultString("git-bug.remote", env.Repo.AnyConfig(), "origin")
++		if err != nil {
++			return err
++		}
++		remote = v
+ 	}
+ 
+ 	stdout, err := env.Backend.Push(remote)
+--- a/repository/config.go
++++ b/repository/config.go
+@@ -60,6 +60,17 @@ type ConfigWrite interface {
+ 	RemoveAll(keyPrefix string) error
+ }
+ 
++func GetDefaultString(key string, cfg ConfigRead, def string) (string, error) {
++	val, err := cfg.ReadString(key)
++	if err == nil {
++		return val, nil
++	} else if errors.Is(err, ErrNoConfigEntry) {
++		return def, nil
++	} else {
++		return "", err
++	}
++}
++
+ func ParseTimestamp(s string) (time.Time, error) {
+ 	timestamp, err := strconv.Atoi(s)
+ 	if err != nil {
diff --git a/vendor.tar.gz b/vendor.tar.gz
index b6ab2e4..d7517c2 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:20212cbdc6d9ca0461e8b47c6a459f9c061439252510fd0ffb9fdeb094651ab4
-size 6582254
+oid sha256:b44f1a26e4b38ceca0c7474e3befd040ce31b6a68d15537221f9e18731ea711c
+size 7532472
-- 
2.51.1


From 57f0d29002160cfa415a90869108bd1d6417b5483b77037918e2907fc94ca739 Mon Sep 17 00:00:00 2001
From: Git SCM Staging <dirk+git-staging@dmllr.de>
Date: Tue, 17 Dec 2024 14:09:44 +0000
Subject: [PATCH 02/24] 
 [info=fb65c5d555a534c3ef98b414d3cce1673c2de7ec09a005f8718ebf92aab17b08]

OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:mcepl:git-bug:2/git-bug?expand=0&rev=2
---
 CVE-2024-45337-bump-go-crypto.patch          | 232 +++++++++++++++++++
 _scmsync.obsinfo                             |   8 +-
 _service                                     |  13 +-
 _servicedata                                 |   2 +-
 build.specials.obscpio                       |   4 +-
 git-bug-0.8.0+git.1713935544.6d051a2.tar.gz  |   3 -
 git-bug-0.8.0+git.1733745604.d499b6e.obscpio |   3 +
 git-bug.changes                              | 100 ++++++++
 git-bug.obsinfo                              |   4 +
 git-bug.spec                                 |  18 +-
 remote-config.patch                          | 100 ++++++++
 vendor.tar.gz                                |   4 +-
 12 files changed, 466 insertions(+), 25 deletions(-)
 create mode 100644 CVE-2024-45337-bump-go-crypto.patch
 delete mode 100644 git-bug-0.8.0+git.1713935544.6d051a2.tar.gz
 create mode 100644 git-bug-0.8.0+git.1733745604.d499b6e.obscpio
 create mode 100644 git-bug.obsinfo
 create mode 100644 remote-config.patch

diff --git a/CVE-2024-45337-bump-go-crypto.patch b/CVE-2024-45337-bump-go-crypto.patch
new file mode 100644
index 0000000..ed61eff
--- /dev/null
+++ b/CVE-2024-45337-bump-go-crypto.patch
@@ -0,0 +1,232 @@
+From fc24dafc5962715b46bcf37091d7f388ded5aa4b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
+Date: Mon, 16 Dec 2024 18:02:51 +0100
+Subject: [PATCH 1/3] build(deps): move from github.com/xanzy/go-gitlab to
+ gitlab.com/gitlab-org/api/client-go
+
+---
+ bridge/gitlab/config.go      |    2 +-
+ bridge/gitlab/event.go       |    2 +-
+ bridge/gitlab/export.go      |    2 +-
+ bridge/gitlab/export_test.go |    4 ++--
+ bridge/gitlab/gitlab.go      |    2 +-
+ bridge/gitlab/gitlab_api.go  |    2 +-
+ bridge/gitlab/import.go      |    2 +-
+ go.mod                       |   23 +++++++++++++----------
+ go.sum                       |   28 ++++++++++++++--------------
+ 9 files changed, 35 insertions(+), 32 deletions(-)
+
+--- a/bridge/gitlab/config.go
++++ b/bridge/gitlab/config.go
+@@ -8,7 +8,7 @@ import (
+ 	"strings"
+ 
+ 	"github.com/pkg/errors"
+-	"github.com/xanzy/go-gitlab"
++	"gitlab.com/gitlab-org/api/client-go"
+ 
+ 	"github.com/git-bug/git-bug/bridge/core"
+ 	"github.com/git-bug/git-bug/bridge/core/auth"
+--- a/bridge/gitlab/event.go
++++ b/bridge/gitlab/event.go
+@@ -5,7 +5,7 @@ import (
+ 	"strings"
+ 	"time"
+ 
+-	"github.com/xanzy/go-gitlab"
++	"gitlab.com/gitlab-org/api/client-go"
+ 
+ 	"github.com/git-bug/git-bug/util/text"
+ )
+--- a/bridge/gitlab/export.go
++++ b/bridge/gitlab/export.go
+@@ -8,7 +8,7 @@ import (
+ 	"time"
+ 
+ 	"github.com/pkg/errors"
+-	"github.com/xanzy/go-gitlab"
++	"gitlab.com/gitlab-org/api/client-go"
+ 
+ 	"github.com/git-bug/git-bug/bridge/core"
+ 	"github.com/git-bug/git-bug/bridge/core/auth"
+--- a/bridge/gitlab/export_test.go
++++ b/bridge/gitlab/export_test.go
+@@ -9,7 +9,7 @@ import (
+ 	"testing"
+ 	"time"
+ 
+-	"github.com/xanzy/go-gitlab"
++	"gitlab.com/gitlab-org/api/client-go"
+ 
+ 	"github.com/git-bug/git-bug/entity"
+ 	"github.com/git-bug/git-bug/entity/dag"
+@@ -319,6 +319,6 @@ func deleteRepository(ctx context.Contex
+ 		return err
+ 	}
+ 
+-	_, err = client.Projects.DeleteProject(project, gitlab.WithContext(ctx))
++	_, err = client.Projects.DeleteProject(project, nil, gitlab.WithContext(ctx))
+ 	return err
+ }
+--- a/bridge/gitlab/gitlab.go
++++ b/bridge/gitlab/gitlab.go
+@@ -3,7 +3,7 @@ package gitlab
+ import (
+ 	"time"
+ 
+-	"github.com/xanzy/go-gitlab"
++	"gitlab.com/gitlab-org/api/client-go"
+ 
+ 	"github.com/git-bug/git-bug/bridge/core"
+ 	"github.com/git-bug/git-bug/bridge/core/auth"
+--- a/bridge/gitlab/gitlab_api.go
++++ b/bridge/gitlab/gitlab_api.go
+@@ -5,7 +5,7 @@ import (
+ 	"time"
+ 
+ 	"github.com/git-bug/git-bug/util/text"
+-	"github.com/xanzy/go-gitlab"
++	"gitlab.com/gitlab-org/api/client-go"
+ )
+ 
+ // Issues returns a channel with gitlab project issues, ascending order.
+--- a/bridge/gitlab/import.go
++++ b/bridge/gitlab/import.go
+@@ -6,7 +6,7 @@ import (
+ 	"strconv"
+ 	"time"
+ 
+-	"github.com/xanzy/go-gitlab"
++	"gitlab.com/gitlab-org/api/client-go"
+ 
+ 	"github.com/git-bug/git-bug/bridge/core"
+ 	"github.com/git-bug/git-bug/bridge/core/auth"
+--- a/go.mod
++++ b/go.mod
+@@ -35,12 +35,19 @@ require (
+ 	github.com/stretchr/testify v1.9.0
+ 	github.com/vbauerster/mpb/v8 v8.8.2
+ 	github.com/vektah/gqlparser/v2 v2.5.16
+-	github.com/xanzy/go-gitlab v0.107.0
+-	golang.org/x/crypto v0.26.0
++	gitlab.com/gitlab-org/api/client-go v0.116.0
++	golang.org/x/crypto v0.31.0
+ 	golang.org/x/oauth2 v0.22.0
+-	golang.org/x/sync v0.8.0
+-	golang.org/x/sys v0.25.0
+-	golang.org/x/text v0.17.0
++	golang.org/x/sync v0.10.0
++	golang.org/x/sys v0.28.0
++	golang.org/x/text v0.21.0
++)
++
++require (
++	github.com/google/go-querystring v1.1.0 // indirect
++	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
++	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
++	golang.org/x/time v0.3.0 // indirect
+ )
+ 
+ require (
+@@ -78,12 +85,9 @@ require (
+ 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+ 	github.com/golang/protobuf v1.5.4 // indirect
+ 	github.com/golang/snappy v0.0.4 // indirect
+-	github.com/google/go-querystring v1.1.0 // indirect
+ 	github.com/google/uuid v1.6.0 // indirect
+ 	github.com/gorilla/websocket v1.5.3 // indirect
+ 	github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // indirect
+-	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+-	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
+ 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+ 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+ 	github.com/kevinburke/ssh_config v1.2.0 // indirect
+@@ -117,8 +121,7 @@ require (
+ 	golang.org/x/mod v0.19.0 // indirect
+ 	golang.org/x/net v0.27.0 // indirect
+ 	golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 // indirect
+-	golang.org/x/term v0.24.0
+-	golang.org/x/time v0.5.0 // indirect
++	golang.org/x/term v0.27.0
+ 	golang.org/x/tools v0.23.0 // indirect
+ 	golang.org/x/vuln v1.1.3
+ 	google.golang.org/protobuf v1.34.2 // indirect
+--- a/go.sum
++++ b/go.sum
+@@ -311,8 +311,6 @@ github.com/vektah/gqlparser/v2 v2.5.16/g
+ github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
+ github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
+ github.com/willf/bitset v1.1.10/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
+-github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y=
+-github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY=
+ github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
+ github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
+ github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
+@@ -322,6 +320,8 @@ github.com/yuin/goldmark v1.4.13/go.mod
+ github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
+ github.com/zclconf/go-cty v1.15.0 h1:tTCRWxsexYUmtt/wVxgDClUe+uQusuI443uL6e+5sXQ=
+ github.com/zclconf/go-cty v1.15.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
++gitlab.com/gitlab-org/api/client-go v0.116.0 h1:Dy534gtZPMrnm3fAcmQRMadrcoUyFO4FQ4rXlSAdHAw=
++gitlab.com/gitlab-org/api/client-go v0.116.0/go.mod h1:B29OfnZklmaoiR7uHANh9jTyfWEgmXvZLVEnosw2Dx0=
+ go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
+ go.etcd.io/bbolt v1.3.10 h1:+BqfJTcCzTItrop8mq/lbzL8wSGtj94UO/3U31shqG0=
+ go.etcd.io/bbolt v1.3.10/go.mod h1:bK3UQLPJZly7IlNmV7uVHJDxfe5aK9Ll93e/74Y9oEQ=
+@@ -331,8 +331,8 @@ golang.org/x/crypto v0.0.0-2021092115510
+ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+ golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+ golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+-golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
+-golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
++golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
++golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+ golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
+ golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
+ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+@@ -357,8 +357,8 @@ golang.org/x/sync v0.0.0-20180314180146-
+ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
++golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
++golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+ golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+@@ -379,8 +379,8 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1
+ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+-golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
+-golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
++golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
++golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+ golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 h1:ka7TMW0Mo8QYTXm2hXSQ9fFUXS7Zln3S4pe9aq4JC7w=
+ golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4/go.mod h1:amNmu/SBSm2GAF3X+9U2C0epLocdh+r5Z+7oMYO5cLM=
+ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+@@ -390,8 +390,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDH
+ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+ golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+ golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+-golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
+-golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
++golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
++golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
+ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+@@ -402,10 +402,10 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+
+ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+ golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
+-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+-golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+-golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
++golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
++golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
++golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
++golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo
index dd66b33..c18d949 100644
--- a/_scmsync.obsinfo
+++ b/_scmsync.obsinfo
@@ -1,4 +1,4 @@
-mtime: 1716306206
-commit: 37df43d87407ec2126096834cde3c96c3261b7ea
-url: https://src.opensuse.org/mcepl_pkgs/git-bug.git
-revision: 37df43d87407ec2126096834cde3c96c3261b7ea
+mtime: 1734444417
+commit: fb65c5d555a534c3ef98b414d3cce1673c2de7ec09a005f8718ebf92aab17b08
+url: https://src.opensuse.org/mcepl/git-bug.git
+revision: fb65c5d555a534c3ef98b414d3cce1673c2de7ec09a005f8718ebf92aab17b08
diff --git a/_service b/_service
index 057d144..4215177 100644
--- a/_service
+++ b/_service
@@ -1,19 +1,16 @@
 <services>
-    <service name="tar_scm" mode="manual">
+    <service name="obs_scm" mode="manual">
         <param name="versionprefix">0.8.0+git</param>
         <param name="url">https://github.com/MichaelMure/git-bug.git</param>
         <param name="scm">git</param>
-        <param name="exclude">.git*</param>
         <param name="changesgenerate">enable</param>
         <param name="changesauthor">mcepl@cepl.eu</param>
     </service>
-    <service name="recompress" mode="manual">
+    <service name="tar" mode="buildtime"/>
+    <service name="recompress" mode="buildtime">
         <param name="file">*.tar</param>
         <param name="compression">gz</param>
     </service>
-    <service name="set_version" mode="manual">
-        <param name="basename">git-bug</param>
-    </service>
-    <service name="go_modules" mode="manual">
-    </service>
+    <service name="set_version" mode="manual"/>
+    <service name="go_modules" mode="manual"/>
 </services>
diff --git a/_servicedata b/_servicedata
index b26ce67..bb7f728 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/MichaelMure/git-bug.git</param>
-              <param name="changesrevision">6d051a243c734489993c6733c1b21895d59e5e34</param></service></servicedata>
\ No newline at end of file
+              <param name="changesrevision">d499b6e9d3333334614924669b74640a2d0b5485</param></service></servicedata>
\ No newline at end of file
diff --git a/build.specials.obscpio b/build.specials.obscpio
index 5fb121b..5061395 100644
--- a/build.specials.obscpio
+++ b/build.specials.obscpio
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:fce9c0f1f8552a16aa03fae4df34d624f911bccf4e83a8b4abeb5a4d38cb8f25
-size 260
+oid sha256:93a7938334c897fa433f8843a42bf72463a515d92fc0903453fd59f60412dcb2
+size 304
diff --git a/git-bug-0.8.0+git.1713935544.6d051a2.tar.gz b/git-bug-0.8.0+git.1713935544.6d051a2.tar.gz
deleted file mode 100644
index ab24aa0..0000000
--- a/git-bug-0.8.0+git.1713935544.6d051a2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e2b961edb692b20ddc3454dde1eae2363ef20144a57c3a6b82ff190ead32ecdc
-size 2597759
diff --git a/git-bug-0.8.0+git.1733745604.d499b6e.obscpio b/git-bug-0.8.0+git.1733745604.d499b6e.obscpio
new file mode 100644
index 0000000..299848a
--- /dev/null
+++ b/git-bug-0.8.0+git.1733745604.d499b6e.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2f683251b338ba457ddc5b1b5c7f5874c6b93f24c6919e5366f5d097c6f3e68b
+size 7206413
diff --git a/git-bug.changes b/git-bug.changes
index faf6e3e..8251c6e 100644
--- a/git-bug.changes
+++ b/git-bug.changes
@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Tue Dec 17 13:53:28 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
+
+- Update to version 0.8.0+git.1733745604.d499b6e:
+  * fix typos in docs (#1266)
+  * build(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 (#1289)
+- Add CVE-2024-45337-bump-go-crypto.patch to bump
+  golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for
+  CVE-2024-45337, bsc#1234565).
+
+-------------------------------------------------------------------
+Thu Oct 03 18:28:47 UTC 2024 - mcepl@cepl.eu
+
+- Update to version 0.8.0+git.1725552198.b0cc690:
+  * build(deps): bump golang.org/x/term from 0.23.0 to 0.24.0 (#1261)
+  * graphql: properly namespace Bug to make space for other entities (#1254)
+  * refactor: rename github test repository: test-github-bridge (#1256)
+  * build(deps-dev): bump the npm_and_yarn group across 1 directory with 4 updates (#1250)
+  * core: make label a common type, in a similar fashion as for status (#1252)
+  * chore: regenerate command completion and documentation (#1253)
+  * feat: update references to the git-bug organization (#1249)
+  * build(deps): bump github.com/vbauerster/mpb/v8 from 8.7.5 to 8.8.2 (#1248)
+  * build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0 (#1242)
+  * feat: add package to dev shell: delve (#1240)
+  * build(deps): bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#1239)
+  * build(deps): bump golang.org/x/text from 0.16.0 to 0.17.0 (#1237)
+  * feat(ci): support a merge queue
+  * DOC: it is "new" not "configure" command (also was missing \)
+  * build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0
+  * build(deps): bump golang.org/x/oauth2 from 0.21.0 to 0.22.0
+  * build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0
+  * fix: correct path for reusable workflow: lifecycle
+  * feat: merge go directive and toolchain specification
+  * feat: improved lifecycle management with stale-bot
+  * build(deps): bump github.com/vbauerster/mpb/v8 from 8.7.4 to 8.7.5
+  * revert: "feat: increase operations per run for workflow: cron"
+  * chore: update go dependencies
+  * fix: run the presubmit pipeline for PRs
+  * chore: remove refs to deprecated io/ioutil
+  * fix: move codeql into an independent workflow
+  * feat: bump node versions to 16.x, 18.x, and 20.x
+  * feat: refactor pipelines into reusable workflows
+  * build(deps): bump jsonwebtoken and @graphql-tools/prisma-loader
+  * build(deps-dev): bump tough-cookie from 4.1.2 to 4.1.3 in /webui
+  * build(deps): bump github.com/xanzy/go-gitlab from 0.106.0 to 0.107.0
+  * build(deps): bump graphql from 16.6.0 to 16.8.1 in /webui
+  * build(deps-dev): bump undici from 5.11.0 to 5.28.4 in /webui
+  * build(deps): bump @babel/traverse from 7.19.3 to 7.24.8 in /webui
+  * build(deps): bump github.com/99designs/gqlgen from 0.17.36 to 0.17.49
+  * build(deps): bump github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0
+  * build(deps-dev): bump semver from 5.7.1 to 5.7.2 in /webui
+  * build(deps-dev): bump word-wrap from 1.2.3 to 1.2.5 in /webui
+  * build(deps-dev): bump express from 4.18.1 to 4.19.2 in /webui
+  * build(deps-dev): bump ws from 7.5.9 to 7.5.10 in /webui
+  * build(deps): bump golang.org/x/vuln from 1.1.2 to 1.1.3
+  * build(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.12.0
+  * build(deps-dev): bump undici from 5.11.0 to 5.26.3 in /webui
+  * build(deps): bump github.com/vbauerster/mpb/v8 from 8.5.2 to 8.7.4
+  * build(deps): bump webpack from 5.74.0 to 5.76.1 in /webui
+  * build(deps): bump github.com/go-git/go-billy/v5 from 5.4.1 to 5.5.0
+  * build(deps): bump ua-parser-js from 0.7.31 to 0.7.33 in /webui
+  * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.15 to 2.5.16
+  * build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0
+  * build(deps): bump json5 from 1.0.1 to 1.0.2 in /webui
+  * build(deps): bump loader-utils from 2.0.2 to 2.0.4 in /webui
+  * build(deps): bump minimatch and recursive-readdir in /webui
+  * fix: add write for prs: stale/issue-and-pr
+  * feat: allow for manual execution of workflow: cron
+  * feat: increase operations per run for workflow: cron
+  * fix: add missing `with` property to //.github/workflows:cron.yml
+  * feat: add workflow for triaging stale issues and prs
+  * feat: add initial editorconfig configuration file
+  * feat: add a common file for git-blame ignored revisions
+  * feat: add a commit message template
+  * feat: add initial nix development shell
+  * feat: update action library versions
+  * feat: add concurrency limits to all pipelines
+  * fix: bump to go v1.22.5
+  * fix: correct typo: acceps => accepts
+  * build(deps): bump github.com/fatih/color from 1.16.0 to 1.17.0 (#1183)
+  * build(deps): bump github.com/gorilla/mux from 1.8.0 to 1.8.1 (#1181)
+  * build(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.1 (#1179)
+  * build(deps): bump golang.org/x/vuln from 1.0.0 to 1.1.2 (#1171)
+  * build(deps): bump golang.org/x/crypto from 0.21.0 to 0.25.0 (#1175)
+  * build(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.5 to 2.0.7 (#1113)
+  * build(deps): bump golang.org/x/text from 0.14.0 to 0.16.0 (#1173)
+  * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.8 to 2.5.15 (#1164)
+  * build(deps): bump github.com/hashicorp/go-retryablehttp (#1162)
+  * build(deps): bump golang.org/x/net from 0.14.0 to 0.23.0 (#1166)
+  * build(deps): bump golang.org/x/oauth2 from 0.11.0 to 0.21.0 (#1165)
+  * build(deps): bump github.com/xanzy/go-gitlab from 0.90.0 to 0.106.0 (#1167)
+  * build(deps): bump golang.org/x/sys from 0.11.0 to 0.14.0 (#1132)
+
+-------------------------------------------------------------------
+Sat Aug  3 15:16:21 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
+
+- Add remote-config.patch (gh#MichaelMure/git-bug!1076): try
+  reading git-bug.remote config value before defaulting to
+  'origin' when no explicit REMOTE argument.
+
 -------------------------------------------------------------------
 Tue May 07 14:31:42 UTC 2024 - mcepl@cepl.eu
 
diff --git a/git-bug.obsinfo b/git-bug.obsinfo
new file mode 100644
index 0000000..0fbb008
--- /dev/null
+++ b/git-bug.obsinfo
@@ -0,0 +1,4 @@
+name: git-bug
+version: 0.8.0+git.1733745604.d499b6e
+mtime: 1733745604
+commit: d499b6e9d3333334614924669b74640a2d0b5485
diff --git a/git-bug.spec b/git-bug.spec
index 18c4653..735ec5e 100644
--- a/git-bug.spec
+++ b/git-bug.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package git-bug
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           git-bug
-Version:        0.8.0+git.1713935544.6d051a2
+Version:        0.8.0+git.1733745604.d499b6e
 Release:        0
 Summary:        Distributed, offline-first bug tracker embedded in git, with bridges
 License:        MIT
@@ -25,11 +25,18 @@ URL:            https://github.com/MichaelMure/git-bug
 # Source0:        https://github.com/MichaelMure/%%{name}/archive/refs/tags/v%%{version}.tar.gz#/git-bug-%%{version}.tar.gz
 Source0:        git-bug-%{version}.tar.gz
 Source1:        vendor.tar.gz
+# PATCH-FIX-UPSTREAM remote-config.patch gh#MichaelMure/git-bug!1076 mcepl@suse.com
+# try reading git-bug.remote config value before defaulting to 'origin' when no explicit REMOTE argument
+Patch0:         remote-config.patch
+# PATCH-FIX-UPSTREAM CVE-2024-45337-bump-go-crypto.patch bsc#1234565 mcepl@suse.com
+# bump golang.org/x/crypto from v0.26.0 to v0.31.0
+Patch1:         CVE-2024-45337-bump-go-crypto.patch
+BuildRequires:  golang(API) = 1.22
 # # PATCH-FEATURE-UPSTREAM 501-export.patch gh#MichaelMure/git-bug!501 mcepl@suse.com
 # # add a command to export bugs as raw operations
 # Patch0:         501-export.patch
 BuildRequires:  golang-packaging
-BuildRequires:  golang(API) = 1.18
+BuildRequires:  git
 
 %description
 git-bug is a bug tracker that:
@@ -83,7 +90,7 @@ zsh shell completions for git-bug
 %autosetup -p1 -a1
 
 %build
-go build -v -x -mod=vendor -buildmode=pie
+%make_build build
 
 %install
 install -Dm755 git-bug %{buildroot}%{_bindir}/git-bug
@@ -98,7 +105,8 @@ install -Dm0644 misc/completion/zsh/git-bug  \
     %{buildroot}%{_sysconfdir}/zsh_completion.d/git-bug
 
 %check
-go test -v -s TestValidateUsername -mod=vendor -bench=. ./...
+# before we mark network requiring tests (gh#git-bug/git-bug#1313)
+%make_build test || true
 
 %files
 %license LICENSE
diff --git a/remote-config.patch b/remote-config.patch
new file mode 100644
index 0000000..45b73d4
--- /dev/null
+++ b/remote-config.patch
@@ -0,0 +1,100 @@
+From 65cfe2b3fff11d34b5ffc9f7e5d24aefb505497f Mon Sep 17 00:00:00 2001
+From: William Ahern <william@25thandClement.com>
+Date: Thu, 27 Jul 2023 22:06:45 -0700
+Subject: [PATCH] pull, push: try reading git-bug.remote config value before
+ defaulting to 'origin' when no explicit REMOTE argument
+
+---
+ commands/pull.go     |   16 +++++++++++-----
+ commands/push.go     |   16 +++++++++++-----
+ repository/config.go |   11 +++++++++++
+ 3 files changed, 33 insertions(+), 10 deletions(-)
+
+--- a/commands/pull.go
++++ b/commands/pull.go
+@@ -8,6 +8,7 @@ import (
+ 	"github.com/git-bug/git-bug/commands/completion"
+ 	"github.com/git-bug/git-bug/commands/execenv"
+ 	"github.com/git-bug/git-bug/entity"
++	"github.com/git-bug/git-bug/repository"
+ )
+ 
+ func newPullCommand(env *execenv.Env) *cobra.Command {
+@@ -25,13 +26,18 @@ func newPullCommand(env *execenv.Env) *c
+ }
+ 
+ func runPull(env *execenv.Env, args []string) error {
+-	if len(args) > 1 {
++	var remote string
++	switch {
++	case len(args) > 1:
+ 		return errors.New("Only pulling from one remote at a time is supported")
+-	}
+-
+-	remote := "origin"
+-	if len(args) == 1 {
++	case len(args) == 1:
+ 		remote = args[0]
++	default:
++		v, err := repository.GetDefaultString("git-bug.remote", env.Repo.AnyConfig(), "origin")
++		if err != nil {
++			return err
++		}
++		remote = v
+ 	}
+ 
+ 	env.Out.Println("Fetching remote ...")
+--- a/commands/push.go
++++ b/commands/push.go
+@@ -7,6 +7,7 @@ import (
+ 
+ 	"github.com/git-bug/git-bug/commands/completion"
+ 	"github.com/git-bug/git-bug/commands/execenv"
++	"github.com/git-bug/git-bug/repository"
+ )
+ 
+ func newPushCommand(env *execenv.Env) *cobra.Command {
+@@ -24,13 +25,18 @@ func newPushCommand(env *execenv.Env) *c
+ }
+ 
+ func runPush(env *execenv.Env, args []string) error {
+-	if len(args) > 1 {
++	var remote string
++	switch {
++	case len(args) > 1:
+ 		return errors.New("Only pushing to one remote at a time is supported")
+-	}
+-
+-	remote := "origin"
+-	if len(args) == 1 {
++	case len(args) == 1:
+ 		remote = args[0]
++	default:
++		v, err := repository.GetDefaultString("git-bug.remote", env.Repo.AnyConfig(), "origin")
++		if err != nil {
++			return err
++		}
++		remote = v
+ 	}
+ 
+ 	stdout, err := env.Backend.Push(remote)
+--- a/repository/config.go
++++ b/repository/config.go
+@@ -60,6 +60,17 @@ type ConfigWrite interface {
+ 	RemoveAll(keyPrefix string) error
+ }
+ 
++func GetDefaultString(key string, cfg ConfigRead, def string) (string, error) {
++	val, err := cfg.ReadString(key)
++	if err == nil {
++		return val, nil
++	} else if errors.Is(err, ErrNoConfigEntry) {
++		return def, nil
++	} else {
++		return "", err
++	}
++}
++
+ func ParseTimestamp(s string) (time.Time, error) {
+ 	timestamp, err := strconv.Atoi(s)
+ 	if err != nil {
diff --git a/vendor.tar.gz b/vendor.tar.gz
index b6ab2e4..3079bdd 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:20212cbdc6d9ca0461e8b47c6a459f9c061439252510fd0ffb9fdeb094651ab4
-size 6582254
+oid sha256:2f1d954ae3d3791dfdc13ca9502515cb431fe6a8eb20ff809cb7096016a5f590
+size 7859447
-- 
2.51.1


From 600eb6be4a5f5ee73a79f7eb2a854fd59b47af8326fb435ca02e8c4f1acb83f2 Mon Sep 17 00:00:00 2001
From: Git SCM Staging <dirk+git-staging@dmllr.de>
Date: Wed, 8 Jan 2025 08:59:16 +0000
Subject: [PATCH 03/24] 
 [info=8d9522113e7a913f925136b2791d03c574a9ebb8c3769f747425dd7821d9e7dd]

OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:mcepl:git-bug:4/git-bug?expand=0&rev=1
---
 _scmsync.obsinfo       | 6 +++---
 build.specials.obscpio | 2 +-
 vendor.tar.gz          | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo
index c18d949..2891a7d 100644
--- a/_scmsync.obsinfo
+++ b/_scmsync.obsinfo
@@ -1,4 +1,4 @@
-mtime: 1734444417
-commit: fb65c5d555a534c3ef98b414d3cce1673c2de7ec09a005f8718ebf92aab17b08
+mtime: 1736326652
+commit: 8d9522113e7a913f925136b2791d03c574a9ebb8c3769f747425dd7821d9e7dd
 url: https://src.opensuse.org/mcepl/git-bug.git
-revision: fb65c5d555a534c3ef98b414d3cce1673c2de7ec09a005f8718ebf92aab17b08
+revision: 8d9522113e7a913f925136b2791d03c574a9ebb8c3769f747425dd7821d9e7dd
diff --git a/build.specials.obscpio b/build.specials.obscpio
index 5061395..f4ff792 100644
--- a/build.specials.obscpio
+++ b/build.specials.obscpio
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:93a7938334c897fa433f8843a42bf72463a515d92fc0903453fd59f60412dcb2
+oid sha256:8c0851b26cb3844467125e92501136d5c70d64610425e1107afa6154d7c7d038
 size 304
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 3079bdd..7667453 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:2f1d954ae3d3791dfdc13ca9502515cb431fe6a8eb20ff809cb7096016a5f590
-size 7859447
+oid sha256:555564bf5b0d1b96bd4ef73d81878112abdc8e16e8b24c3ed52da4e6f6b23d91
+size 7513790
-- 
2.51.1


From c87da1ac25a938b2017200cff141fa31957e541875f45a29162bde2f9279d920 Mon Sep 17 00:00:00 2001
From: Git SCM Staging <dirk+git-staging@dmllr.de>
Date: Wed, 8 Jan 2025 09:00:38 +0000
Subject: [PATCH 04/24] 
 [info=5b5e1e4425abe81c6eb06b5f66c4a96f5fb3fbba1e7e492a2890642bbbeaa96c]

OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:mcepl:git-bug:4/git-bug?expand=0&rev=2
---
 _scmsync.obsinfo       | 6 +++---
 build.specials.obscpio | 2 +-
 git-bug.changes        | 5 +++++
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo
index 2891a7d..07a236c 100644
--- a/_scmsync.obsinfo
+++ b/_scmsync.obsinfo
@@ -1,4 +1,4 @@
-mtime: 1736326652
-commit: 8d9522113e7a913f925136b2791d03c574a9ebb8c3769f747425dd7821d9e7dd
+mtime: 1736326824
+commit: 5b5e1e4425abe81c6eb06b5f66c4a96f5fb3fbba1e7e492a2890642bbbeaa96c
 url: https://src.opensuse.org/mcepl/git-bug.git
-revision: 8d9522113e7a913f925136b2791d03c574a9ebb8c3769f747425dd7821d9e7dd
+revision: 5b5e1e4425abe81c6eb06b5f66c4a96f5fb3fbba1e7e492a2890642bbbeaa96c
diff --git a/build.specials.obscpio b/build.specials.obscpio
index f4ff792..2d92321 100644
--- a/build.specials.obscpio
+++ b/build.specials.obscpio
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:8c0851b26cb3844467125e92501136d5c70d64610425e1107afa6154d7c7d038
+oid sha256:27f881c1ff931f8a3d30367a211c8d29f19d5c7eb855c224c8a37f10db051f78
 size 304
diff --git a/git-bug.changes b/git-bug.changes
index 8251c6e..d28a570 100644
--- a/git-bug.changes
+++ b/git-bug.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Jan  8 09:00:10 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Update vendorization.
+
 -------------------------------------------------------------------
 Tue Dec 17 13:53:28 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
 
-- 
2.51.1


From 6fa5e7c33588cf5c2c74c68c13808e40e28f2484656dda7fb9dd245daa24ac01 Mon Sep 17 00:00:00 2001
From: Git SCM Staging <dirk+git-staging@dmllr.de>
Date: Wed, 8 Jan 2025 09:03:15 +0000
Subject: [PATCH 05/24] 
 [info=eff75f601dc996202884e1ff651d125e45bc69e73c9530e62abe3be97c7eb860]

OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:mcepl:git-bug:4/git-bug?expand=0&rev=3
---
 _scmsync.obsinfo       | 6 +++---
 build.specials.obscpio | 2 +-
 vendor.tar.gz          | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo
index 07a236c..734c2b4 100644
--- a/_scmsync.obsinfo
+++ b/_scmsync.obsinfo
@@ -1,4 +1,4 @@
-mtime: 1736326824
-commit: 5b5e1e4425abe81c6eb06b5f66c4a96f5fb3fbba1e7e492a2890642bbbeaa96c
+mtime: 1736326967
+commit: eff75f601dc996202884e1ff651d125e45bc69e73c9530e62abe3be97c7eb860
 url: https://src.opensuse.org/mcepl/git-bug.git
-revision: 5b5e1e4425abe81c6eb06b5f66c4a96f5fb3fbba1e7e492a2890642bbbeaa96c
+revision: eff75f601dc996202884e1ff651d125e45bc69e73c9530e62abe3be97c7eb860
diff --git a/build.specials.obscpio b/build.specials.obscpio
index 2d92321..0bfb829 100644
--- a/build.specials.obscpio
+++ b/build.specials.obscpio
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:27f881c1ff931f8a3d30367a211c8d29f19d5c7eb855c224c8a37f10db051f78
+oid sha256:cbc5f7d46ce5ce805f43c9359044ad97b96104a969a1eefd087a89b49ac62fe4
 size 304
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 7667453..5b82514 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:555564bf5b0d1b96bd4ef73d81878112abdc8e16e8b24c3ed52da4e6f6b23d91
-size 7513790
+oid sha256:fa65c6ec01b862cadef21c916ae475575cd600a55e5a9795faa20fcad4ead0ff
+size 7513774
-- 
2.51.1


From 49bc748fa9ecfbfeb3742b078e549716012ece74b2cf632bc797fffdc0016132 Mon Sep 17 00:00:00 2001
From: Git SCM Staging <dirk+git-staging@dmllr.de>
Date: Wed, 8 Jan 2025 09:16:06 +0000
Subject: [PATCH 06/24] 
 [info=aaf8ee748406cfd8a24815afb6cad5ebfcd523a41bb54afe583ce5f567c16682]

OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:mcepl:git-bug:4/git-bug?expand=0&rev=4
---
 _scmsync.obsinfo       | 6 +++---
 build.specials.obscpio | 2 +-
 vendor.tar.gz          | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo
index 734c2b4..8f5312b 100644
--- a/_scmsync.obsinfo
+++ b/_scmsync.obsinfo
@@ -1,4 +1,4 @@
-mtime: 1736326967
-commit: eff75f601dc996202884e1ff651d125e45bc69e73c9530e62abe3be97c7eb860
+mtime: 1736327741
+commit: aaf8ee748406cfd8a24815afb6cad5ebfcd523a41bb54afe583ce5f567c16682
 url: https://src.opensuse.org/mcepl/git-bug.git
-revision: eff75f601dc996202884e1ff651d125e45bc69e73c9530e62abe3be97c7eb860
+revision: aaf8ee748406cfd8a24815afb6cad5ebfcd523a41bb54afe583ce5f567c16682
diff --git a/build.specials.obscpio b/build.specials.obscpio
index 0bfb829..fb8519d 100644
--- a/build.specials.obscpio
+++ b/build.specials.obscpio
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:cbc5f7d46ce5ce805f43c9359044ad97b96104a969a1eefd087a89b49ac62fe4
+oid sha256:4e2b910a9f070484c151ad4797549f3a32795fcefd1e874e6d0aaff25d2c5593
 size 304
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 5b82514..49d7b88 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:fa65c6ec01b862cadef21c916ae475575cd600a55e5a9795faa20fcad4ead0ff
-size 7513774
+oid sha256:e608cc4c6464f470427de2fe11b3f8c22e6760daefd68d3f166a3d22f2a6bf9a
+size 7864722
-- 
2.51.1


From a45cc7b70af39a854fac58af0b8516444de30b32a90cc41dea8c3eae310a1bd4 Mon Sep 17 00:00:00 2001
From: Git SCM Staging <dirk+git-staging@dmllr.de>
Date: Wed, 22 Jan 2025 15:43:03 +0000
Subject: [PATCH 07/24] 
 [info=f332bd0a0cbb8c2e69a5ca29a0c130cb7c2e5b77e43712f39412b52dc47c8ac8]

OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:mcepl:git-bug:4/git-bug?expand=0&rev=5
---
 _scmsync.obsinfo       | 6 +++---
 build.specials.obscpio | 2 +-
 git-bug.spec           | 4 ++++
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo
index 8f5312b..5cc376f 100644
--- a/_scmsync.obsinfo
+++ b/_scmsync.obsinfo
@@ -1,4 +1,4 @@
-mtime: 1736327741
-commit: aaf8ee748406cfd8a24815afb6cad5ebfcd523a41bb54afe583ce5f567c16682
+mtime: 1737560555
+commit: f332bd0a0cbb8c2e69a5ca29a0c130cb7c2e5b77e43712f39412b52dc47c8ac8
 url: https://src.opensuse.org/mcepl/git-bug.git
-revision: aaf8ee748406cfd8a24815afb6cad5ebfcd523a41bb54afe583ce5f567c16682
+revision: f332bd0a0cbb8c2e69a5ca29a0c130cb7c2e5b77e43712f39412b52dc47c8ac8
diff --git a/build.specials.obscpio b/build.specials.obscpio
index fb8519d..241ac61 100644
--- a/build.specials.obscpio
+++ b/build.specials.obscpio
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:4e2b910a9f070484c151ad4797549f3a32795fcefd1e874e6d0aaff25d2c5593
+oid sha256:cb64211eb030b6f73247fbec2fdde58edf56ab59e702314ace05ae25abaeb90a
 size 304
diff --git a/git-bug.spec b/git-bug.spec
index 735ec5e..0fec399 100644
--- a/git-bug.spec
+++ b/git-bug.spec
@@ -62,6 +62,7 @@ git-bug is a bug tracker that:
 %package bash-completion
 Summary:        Bash completion for git-bug
 Requires:       bash-completion
+Requires:       %{name} = %{version}
 Supplements:    (git-bug and bash-completion)
 BuildArch:      noarch
 
@@ -71,6 +72,7 @@ Bash shell completions for git-bug
 %package fish-completion
 Summary:        Fish completion for git-bug
 Requires:       fish
+Requires:       %{name} = %{version}
 Supplements:    (git-bug and fish)
 BuildArch:      noarch
 
@@ -80,6 +82,8 @@ Fish shell completions for git-bug
 %package zsh-completion
 Summary:        ZSH completion for git-bug
 Group:          Productivity/File utilities
+Requires:       zsh
+Requires:       %{name} = %{version}
 Supplements:    (git-bug and zsh)
 BuildArch:      noarch
 
-- 
2.51.1


From f84e3f119c7a19f680326ce3902016ef392c17d08c815955f0118e04daa6ece4 Mon Sep 17 00:00:00 2001
From: Git SCM Staging <dirk+git-staging@dmllr.de>
Date: Wed, 22 Jan 2025 16:33:00 +0000
Subject: [PATCH 08/24] 
 [info=ab782b159e8850be0471942de2f849b659567314a17a59e7663ce792e9f48abc]

OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:mcepl:git-bug:4/git-bug?expand=0&rev=6
---
 _scmsync.obsinfo       | 6 +++---
 build.specials.obscpio | 2 +-
 git-bug.changes        | 5 +++++
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo
index 5cc376f..c1e0dc1 100644
--- a/_scmsync.obsinfo
+++ b/_scmsync.obsinfo
@@ -1,4 +1,4 @@
-mtime: 1737560555
-commit: f332bd0a0cbb8c2e69a5ca29a0c130cb7c2e5b77e43712f39412b52dc47c8ac8
+mtime: 1737563561
+commit: ab782b159e8850be0471942de2f849b659567314a17a59e7663ce792e9f48abc
 url: https://src.opensuse.org/mcepl/git-bug.git
-revision: f332bd0a0cbb8c2e69a5ca29a0c130cb7c2e5b77e43712f39412b52dc47c8ac8
+revision: ab782b159e8850be0471942de2f849b659567314a17a59e7663ce792e9f48abc
diff --git a/build.specials.obscpio b/build.specials.obscpio
index 241ac61..290ac60 100644
--- a/build.specials.obscpio
+++ b/build.specials.obscpio
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:cb64211eb030b6f73247fbec2fdde58edf56ab59e702314ace05ae25abaeb90a
+oid sha256:b4df0153523f3ee90b9d8aa5379bbe71caf92859b3a8b56b052bed1f78601161
 size 304
diff --git a/git-bug.changes b/git-bug.changes
index d28a570..d6e5602 100644
--- a/git-bug.changes
+++ b/git-bug.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Jan 22 16:32:25 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Add missing Requires to completion subpackages.
+
 -------------------------------------------------------------------
 Wed Jan  8 09:00:10 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 
-- 
2.51.1


From 736dfb254c98a044fd6140d32fbcf97ebfebf95fd563a48adf03a7fabba42f30 Mon Sep 17 00:00:00 2001
From: Ana Guerrero <ana.guerrero+factory@suse.com>
Date: Wed, 26 Mar 2025 20:20:52 +0000
Subject: [PATCH 09/24] Accepting request 1256145 from
 devel:Factory:git-workflow:staging:mcepl:git-bug:7
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Update to version 0.8.0+git.1742269202.0ab94c9:

- Update to version 0.8.0+git.1742269202.0ab94c9:

(🤖: Submission of git-bug via https://src.opensuse.org/pool/git-bug/pulls/7 by mcepl)

OBS-URL: https://build.opensuse.org/request/show/1256145
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git-bug?expand=0&rev=9
---
 CVE-2024-45337-bump-go-crypto.patch          | 232 -------------------
 CVE-2025-22869-bump-go-crypto-ssh.patch      | 103 ++++++++
 _scmsync.obsinfo                             |   8 +-
 _service                                     |   2 +-
 _servicedata                                 |   4 +-
 build.specials.obscpio                       |   2 +-
 git-bug-0.8.0+git.1733745604.d499b6e.obscpio |   3 -
 git-bug-0.8.0+git.1742269202.0ab94c9.obscpio |   3 +
 git-bug.changes                              |  15 ++
 git-bug.obsinfo                              |   6 +-
 git-bug.spec                                 |  10 +-
 remote-config.patch                          |  28 ++-
 vendor.tar.gz                                |   4 +-
 13 files changed, 157 insertions(+), 263 deletions(-)
 delete mode 100644 CVE-2024-45337-bump-go-crypto.patch
 create mode 100644 CVE-2025-22869-bump-go-crypto-ssh.patch
 delete mode 100644 git-bug-0.8.0+git.1733745604.d499b6e.obscpio
 create mode 100644 git-bug-0.8.0+git.1742269202.0ab94c9.obscpio

diff --git a/CVE-2024-45337-bump-go-crypto.patch b/CVE-2024-45337-bump-go-crypto.patch
deleted file mode 100644
index ed61eff..0000000
--- a/CVE-2024-45337-bump-go-crypto.patch
+++ /dev/null
@@ -1,232 +0,0 @@
-From fc24dafc5962715b46bcf37091d7f388ded5aa4b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
-Date: Mon, 16 Dec 2024 18:02:51 +0100
-Subject: [PATCH 1/3] build(deps): move from github.com/xanzy/go-gitlab to
- gitlab.com/gitlab-org/api/client-go
-
----
- bridge/gitlab/config.go      |    2 +-
- bridge/gitlab/event.go       |    2 +-
- bridge/gitlab/export.go      |    2 +-
- bridge/gitlab/export_test.go |    4 ++--
- bridge/gitlab/gitlab.go      |    2 +-
- bridge/gitlab/gitlab_api.go  |    2 +-
- bridge/gitlab/import.go      |    2 +-
- go.mod                       |   23 +++++++++++++----------
- go.sum                       |   28 ++++++++++++++--------------
- 9 files changed, 35 insertions(+), 32 deletions(-)
-
---- a/bridge/gitlab/config.go
-+++ b/bridge/gitlab/config.go
-@@ -8,7 +8,7 @@ import (
- 	"strings"
- 
- 	"github.com/pkg/errors"
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/bridge/core"
- 	"github.com/git-bug/git-bug/bridge/core/auth"
---- a/bridge/gitlab/event.go
-+++ b/bridge/gitlab/event.go
-@@ -5,7 +5,7 @@ import (
- 	"strings"
- 	"time"
- 
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/util/text"
- )
---- a/bridge/gitlab/export.go
-+++ b/bridge/gitlab/export.go
-@@ -8,7 +8,7 @@ import (
- 	"time"
- 
- 	"github.com/pkg/errors"
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/bridge/core"
- 	"github.com/git-bug/git-bug/bridge/core/auth"
---- a/bridge/gitlab/export_test.go
-+++ b/bridge/gitlab/export_test.go
-@@ -9,7 +9,7 @@ import (
- 	"testing"
- 	"time"
- 
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/entity"
- 	"github.com/git-bug/git-bug/entity/dag"
-@@ -319,6 +319,6 @@ func deleteRepository(ctx context.Contex
- 		return err
- 	}
- 
--	_, err = client.Projects.DeleteProject(project, gitlab.WithContext(ctx))
-+	_, err = client.Projects.DeleteProject(project, nil, gitlab.WithContext(ctx))
- 	return err
- }
---- a/bridge/gitlab/gitlab.go
-+++ b/bridge/gitlab/gitlab.go
-@@ -3,7 +3,7 @@ package gitlab
- import (
- 	"time"
- 
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/bridge/core"
- 	"github.com/git-bug/git-bug/bridge/core/auth"
---- a/bridge/gitlab/gitlab_api.go
-+++ b/bridge/gitlab/gitlab_api.go
-@@ -5,7 +5,7 @@ import (
- 	"time"
- 
- 	"github.com/git-bug/git-bug/util/text"
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- )
- 
- // Issues returns a channel with gitlab project issues, ascending order.
---- a/bridge/gitlab/import.go
-+++ b/bridge/gitlab/import.go
-@@ -6,7 +6,7 @@ import (
- 	"strconv"
- 	"time"
- 
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/bridge/core"
- 	"github.com/git-bug/git-bug/bridge/core/auth"
---- a/go.mod
-+++ b/go.mod
-@@ -35,12 +35,19 @@ require (
- 	github.com/stretchr/testify v1.9.0
- 	github.com/vbauerster/mpb/v8 v8.8.2
- 	github.com/vektah/gqlparser/v2 v2.5.16
--	github.com/xanzy/go-gitlab v0.107.0
--	golang.org/x/crypto v0.26.0
-+	gitlab.com/gitlab-org/api/client-go v0.116.0
-+	golang.org/x/crypto v0.31.0
- 	golang.org/x/oauth2 v0.22.0
--	golang.org/x/sync v0.8.0
--	golang.org/x/sys v0.25.0
--	golang.org/x/text v0.17.0
-+	golang.org/x/sync v0.10.0
-+	golang.org/x/sys v0.28.0
-+	golang.org/x/text v0.21.0
-+)
-+
-+require (
-+	github.com/google/go-querystring v1.1.0 // indirect
-+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
-+	golang.org/x/time v0.3.0 // indirect
- )
- 
- require (
-@@ -78,12 +85,9 @@ require (
- 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
- 	github.com/golang/protobuf v1.5.4 // indirect
- 	github.com/golang/snappy v0.0.4 // indirect
--	github.com/google/go-querystring v1.1.0 // indirect
- 	github.com/google/uuid v1.6.0 // indirect
- 	github.com/gorilla/websocket v1.5.3 // indirect
- 	github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // indirect
--	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
--	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
- 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
- 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
- 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-@@ -117,8 +121,7 @@ require (
- 	golang.org/x/mod v0.19.0 // indirect
- 	golang.org/x/net v0.27.0 // indirect
- 	golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 // indirect
--	golang.org/x/term v0.24.0
--	golang.org/x/time v0.5.0 // indirect
-+	golang.org/x/term v0.27.0
- 	golang.org/x/tools v0.23.0 // indirect
- 	golang.org/x/vuln v1.1.3
- 	google.golang.org/protobuf v1.34.2 // indirect
---- a/go.sum
-+++ b/go.sum
-@@ -311,8 +311,6 @@ github.com/vektah/gqlparser/v2 v2.5.16/g
- github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
- github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
- github.com/willf/bitset v1.1.10/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
--github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y=
--github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY=
- github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
- github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
- github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-@@ -322,6 +320,8 @@ github.com/yuin/goldmark v1.4.13/go.mod
- github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
- github.com/zclconf/go-cty v1.15.0 h1:tTCRWxsexYUmtt/wVxgDClUe+uQusuI443uL6e+5sXQ=
- github.com/zclconf/go-cty v1.15.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
-+gitlab.com/gitlab-org/api/client-go v0.116.0 h1:Dy534gtZPMrnm3fAcmQRMadrcoUyFO4FQ4rXlSAdHAw=
-+gitlab.com/gitlab-org/api/client-go v0.116.0/go.mod h1:B29OfnZklmaoiR7uHANh9jTyfWEgmXvZLVEnosw2Dx0=
- go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
- go.etcd.io/bbolt v1.3.10 h1:+BqfJTcCzTItrop8mq/lbzL8wSGtj94UO/3U31shqG0=
- go.etcd.io/bbolt v1.3.10/go.mod h1:bK3UQLPJZly7IlNmV7uVHJDxfe5aK9Ll93e/74Y9oEQ=
-@@ -331,8 +331,8 @@ golang.org/x/crypto v0.0.0-2021092115510
- golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
- golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
- golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
--golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
--golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
-+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
-+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
- golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
- golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
- golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-@@ -357,8 +357,8 @@ golang.org/x/sync v0.0.0-20180314180146-
- golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
- golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
- golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
--golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
--golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
- golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
- golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
- golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-@@ -379,8 +379,8 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1
- golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
- golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
- golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
--golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
--golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
- golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 h1:ka7TMW0Mo8QYTXm2hXSQ9fFUXS7Zln3S4pe9aq4JC7w=
- golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4/go.mod h1:amNmu/SBSm2GAF3X+9U2C0epLocdh+r5Z+7oMYO5cLM=
- golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-@@ -390,8 +390,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDH
- golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
- golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
- golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
--golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
--golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
-+golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
-+golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
- golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
- golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
- golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-@@ -402,10 +402,10 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+
- golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
- golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
- golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
--golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
--golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
--golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
--golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
-+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-+golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
-+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
- golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
- golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
- golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
diff --git a/CVE-2025-22869-bump-go-crypto-ssh.patch b/CVE-2025-22869-bump-go-crypto-ssh.patch
new file mode 100644
index 0000000..b262451
--- /dev/null
+++ b/CVE-2025-22869-bump-go-crypto-ssh.patch
@@ -0,0 +1,103 @@
+---
+ go.mod |   14 ++++++++------
+ go.sum |   20 ++++++++++----------
+ 2 files changed, 18 insertions(+), 16 deletions(-)
+
+Index: git-bug-0.8.0+git.1742269202.0ab94c9/go.mod
+===================================================================
+--- git-bug-0.8.0+git.1742269202.0ab94c9.orig/go.mod	2025-03-18 04:40:02.000000000 +0100
++++ git-bug-0.8.0+git.1742269202.0ab94c9/go.mod	2025-03-25 16:42:47.276480680 +0100
+@@ -1,6 +1,8 @@
+ module github.com/git-bug/git-bug
+ 
+-go 1.22.5
++go 1.23.0
++
++toolchain go1.24.1
+ 
+ // https://github.com/praetorian-inc/gokart/pull/84
+ replace github.com/praetorian-inc/gokart v0.5.1 => github.com/selesy/gokart v0.5.2-rc1
+@@ -36,11 +38,11 @@
+ 	github.com/vbauerster/mpb/v8 v8.8.2
+ 	github.com/vektah/gqlparser/v2 v2.5.16
+ 	gitlab.com/gitlab-org/api/client-go v0.116.0
+-	golang.org/x/crypto v0.31.0
++	golang.org/x/crypto v0.35.0
+ 	golang.org/x/oauth2 v0.22.0
+-	golang.org/x/sync v0.10.0
+-	golang.org/x/sys v0.28.0
+-	golang.org/x/text v0.21.0
++	golang.org/x/sync v0.11.0
++	golang.org/x/sys v0.30.0
++	golang.org/x/text v0.22.0
+ )
+ 
+ require (
+@@ -121,7 +123,7 @@
+ 	golang.org/x/mod v0.19.0 // indirect
+ 	golang.org/x/net v0.27.0 // indirect
+ 	golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 // indirect
+-	golang.org/x/term v0.27.0
++	golang.org/x/term v0.29.0
+ 	golang.org/x/tools v0.23.0 // indirect
+ 	golang.org/x/vuln v1.1.3
+ 	google.golang.org/protobuf v1.34.2 // indirect
+Index: git-bug-0.8.0+git.1742269202.0ab94c9/go.sum
+===================================================================
+--- git-bug-0.8.0+git.1742269202.0ab94c9.orig/go.sum	2025-03-18 04:40:02.000000000 +0100
++++ git-bug-0.8.0+git.1742269202.0ab94c9/go.sum	2025-03-25 16:42:47.278128567 +0100
+@@ -331,8 +331,8 @@
+ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+ golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+ golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+-golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+-golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
++golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
++golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
+ golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
+ golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
+ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+@@ -357,8 +357,8 @@
+ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
++golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
++golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+ golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+@@ -379,8 +379,8 @@
+ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
++golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
++golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+ golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 h1:ka7TMW0Mo8QYTXm2hXSQ9fFUXS7Zln3S4pe9aq4JC7w=
+ golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4/go.mod h1:amNmu/SBSm2GAF3X+9U2C0epLocdh+r5Z+7oMYO5cLM=
+ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+@@ -390,8 +390,8 @@
+ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+ golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+ golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+-golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
+-golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
++golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
++golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
+ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+@@ -402,8 +402,8 @@
+ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+ golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
++golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
++golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+ golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
+ golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo
index c1e0dc1..84eb788 100644
--- a/_scmsync.obsinfo
+++ b/_scmsync.obsinfo
@@ -1,4 +1,4 @@
-mtime: 1737563561
-commit: ab782b159e8850be0471942de2f849b659567314a17a59e7663ce792e9f48abc
-url: https://src.opensuse.org/mcepl/git-bug.git
-revision: ab782b159e8850be0471942de2f849b659567314a17a59e7663ce792e9f48abc
+mtime: 1742979124
+commit: fb15c5e482c95286deb19afaad6c8fa332805c9ea831a416eb881d0a6cfe7ef4
+url: https://src.opensuse.org/pool/git-bug.git
+revision: fb15c5e482c95286deb19afaad6c8fa332805c9ea831a416eb881d0a6cfe7ef4
diff --git a/_service b/_service
index 4215177..77f1305 100644
--- a/_service
+++ b/_service
@@ -1,7 +1,7 @@
 <services>
     <service name="obs_scm" mode="manual">
         <param name="versionprefix">0.8.0+git</param>
-        <param name="url">https://github.com/MichaelMure/git-bug.git</param>
+        <param name="url">https://github.com/git-bug/git-bug.git</param>
         <param name="scm">git</param>
         <param name="changesgenerate">enable</param>
         <param name="changesauthor">mcepl@cepl.eu</param>
diff --git a/_servicedata b/_servicedata
index bb7f728..b7c0bf9 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/MichaelMure/git-bug.git</param>
-              <param name="changesrevision">d499b6e9d3333334614924669b74640a2d0b5485</param></service></servicedata>
\ No newline at end of file
+              <param name="changesrevision">d499b6e9d3333334614924669b74640a2d0b5485</param></service><service name="tar_scm">
+                <param name="url">https://github.com/git-bug/git-bug.git</param>
+              <param name="changesrevision">0ab94c9b7ac53ca9ab56febcf5cc3f26959e8b8a</param></service></servicedata>
\ No newline at end of file
diff --git a/build.specials.obscpio b/build.specials.obscpio
index 290ac60..94296fa 100644
--- a/build.specials.obscpio
+++ b/build.specials.obscpio
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:b4df0153523f3ee90b9d8aa5379bbe71caf92859b3a8b56b052bed1f78601161
+oid sha256:e966820bdd79db6e3eed1d28a73eacdc9d390b5e27b55907d82ced1160841993
 size 304
diff --git a/git-bug-0.8.0+git.1733745604.d499b6e.obscpio b/git-bug-0.8.0+git.1733745604.d499b6e.obscpio
deleted file mode 100644
index 299848a..0000000
--- a/git-bug-0.8.0+git.1733745604.d499b6e.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2f683251b338ba457ddc5b1b5c7f5874c6b93f24c6919e5366f5d097c6f3e68b
-size 7206413
diff --git a/git-bug-0.8.0+git.1742269202.0ab94c9.obscpio b/git-bug-0.8.0+git.1742269202.0ab94c9.obscpio
new file mode 100644
index 0000000..9fe0c0a
--- /dev/null
+++ b/git-bug-0.8.0+git.1742269202.0ab94c9.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eac693d55f8f3c2e8e839e2e8381c5955dc6548aa004d6185db80ee68e6c5e0d
+size 7206925
diff --git a/git-bug.changes b/git-bug.changes
index d6e5602..91c61a8 100644
--- a/git-bug.changes
+++ b/git-bug.changes
@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Tue Mar 25 15:29:50 UTC 2025 - mcepl@cepl.eu
+
+- Update to version 0.8.0+git.1742269202.0ab94c9:
+  * deps(crypto): bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337) (#1312)
+- Remove upstreamed CVE-2024-45337-bump-go-crypto.patch
+  (apparently upstream still didn’t see the other one).
+
+-------------------------------------------------------------------
+Thu Mar 13 17:02:33 UTC 2025 - mcepl@cepl.eu
+
+- Add CVE-2025-22869-bump-go-crypto-ssh.patch to update
+  golang.org/x/crypto/ssh to v0.35.0 (bsc#1239494,
+  CVE-2025-22869).
+
 -------------------------------------------------------------------
 Wed Jan 22 16:32:25 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 
diff --git a/git-bug.obsinfo b/git-bug.obsinfo
index 0fbb008..8e35472 100644
--- a/git-bug.obsinfo
+++ b/git-bug.obsinfo
@@ -1,4 +1,4 @@
 name: git-bug
-version: 0.8.0+git.1733745604.d499b6e
-mtime: 1733745604
-commit: d499b6e9d3333334614924669b74640a2d0b5485
+version: 0.8.0+git.1742269202.0ab94c9
+mtime: 1742269202
+commit: 0ab94c9b7ac53ca9ab56febcf5cc3f26959e8b8a
diff --git a/git-bug.spec b/git-bug.spec
index 0fec399..7359b9b 100644
--- a/git-bug.spec
+++ b/git-bug.spec
@@ -17,7 +17,7 @@
 
 
 Name:           git-bug
-Version:        0.8.0+git.1733745604.d499b6e
+Version:        0.8.0+git.1742269202.0ab94c9
 Release:        0
 Summary:        Distributed, offline-first bug tracker embedded in git, with bridges
 License:        MIT
@@ -28,10 +28,10 @@ Source1:        vendor.tar.gz
 # PATCH-FIX-UPSTREAM remote-config.patch gh#MichaelMure/git-bug!1076 mcepl@suse.com
 # try reading git-bug.remote config value before defaulting to 'origin' when no explicit REMOTE argument
 Patch0:         remote-config.patch
-# PATCH-FIX-UPSTREAM CVE-2024-45337-bump-go-crypto.patch bsc#1234565 mcepl@suse.com
-# bump golang.org/x/crypto from v0.26.0 to v0.31.0
-Patch1:         CVE-2024-45337-bump-go-crypto.patch
-BuildRequires:  golang(API) = 1.22
+# PATCH-FIX-UPSTREAM CVE-2025-22869-bump-go-crypto-ssh.patch bsc#1239494 mcepl@suse.com
+# bump golang.org/x/crypto to v0.35.0
+Patch2:         CVE-2025-22869-bump-go-crypto-ssh.patch
+BuildRequires:  golang(API) = 1.23
 # # PATCH-FEATURE-UPSTREAM 501-export.patch gh#MichaelMure/git-bug!501 mcepl@suse.com
 # # add a command to export bugs as raw operations
 # Patch0:         501-export.patch
diff --git a/remote-config.patch b/remote-config.patch
index 45b73d4..8bc6fd6 100644
--- a/remote-config.patch
+++ b/remote-config.patch
@@ -10,9 +10,11 @@ Subject: [PATCH] pull, push: try reading git-bug.remote config value before
  repository/config.go |   11 +++++++++++
  3 files changed, 33 insertions(+), 10 deletions(-)
 
---- a/commands/pull.go
-+++ b/commands/pull.go
-@@ -8,6 +8,7 @@ import (
+Index: git-bug-0.8.0+git.1742269202.0ab94c9/commands/pull.go
+===================================================================
+--- git-bug-0.8.0+git.1742269202.0ab94c9.orig/commands/pull.go	2025-03-18 04:40:02.000000000 +0100
++++ git-bug-0.8.0+git.1742269202.0ab94c9/commands/pull.go	2025-03-25 16:36:27.048924722 +0100
+@@ -8,6 +8,7 @@
  	"github.com/git-bug/git-bug/commands/completion"
  	"github.com/git-bug/git-bug/commands/execenv"
  	"github.com/git-bug/git-bug/entity"
@@ -20,7 +22,7 @@ Subject: [PATCH] pull, push: try reading git-bug.remote config value before
  )
  
  func newPullCommand(env *execenv.Env) *cobra.Command {
-@@ -25,13 +26,18 @@ func newPullCommand(env *execenv.Env) *c
+@@ -25,13 +26,18 @@
  }
  
  func runPull(env *execenv.Env, args []string) error {
@@ -44,9 +46,11 @@ Subject: [PATCH] pull, push: try reading git-bug.remote config value before
  	}
  
  	env.Out.Println("Fetching remote ...")
---- a/commands/push.go
-+++ b/commands/push.go
-@@ -7,6 +7,7 @@ import (
+Index: git-bug-0.8.0+git.1742269202.0ab94c9/commands/push.go
+===================================================================
+--- git-bug-0.8.0+git.1742269202.0ab94c9.orig/commands/push.go	2025-03-18 04:40:02.000000000 +0100
++++ git-bug-0.8.0+git.1742269202.0ab94c9/commands/push.go	2025-03-25 16:36:27.049118817 +0100
+@@ -7,6 +7,7 @@
  
  	"github.com/git-bug/git-bug/commands/completion"
  	"github.com/git-bug/git-bug/commands/execenv"
@@ -54,7 +58,7 @@ Subject: [PATCH] pull, push: try reading git-bug.remote config value before
  )
  
  func newPushCommand(env *execenv.Env) *cobra.Command {
-@@ -24,13 +25,18 @@ func newPushCommand(env *execenv.Env) *c
+@@ -24,13 +25,18 @@
  }
  
  func runPush(env *execenv.Env, args []string) error {
@@ -78,9 +82,11 @@ Subject: [PATCH] pull, push: try reading git-bug.remote config value before
  	}
  
  	stdout, err := env.Backend.Push(remote)
---- a/repository/config.go
-+++ b/repository/config.go
-@@ -60,6 +60,17 @@ type ConfigWrite interface {
+Index: git-bug-0.8.0+git.1742269202.0ab94c9/repository/config.go
+===================================================================
+--- git-bug-0.8.0+git.1742269202.0ab94c9.orig/repository/config.go	2025-03-18 04:40:02.000000000 +0100
++++ git-bug-0.8.0+git.1742269202.0ab94c9/repository/config.go	2025-03-25 16:36:27.049354801 +0100
+@@ -60,6 +60,17 @@
  	RemoveAll(keyPrefix string) error
  }
  
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 49d7b88..266fd36 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:e608cc4c6464f470427de2fe11b3f8c22e6760daefd68d3f166a3d22f2a6bf9a
-size 7864722
+oid sha256:b3d4eedd9c7468028055ec50887bf7590ba49473fb2bd7f368fc78a0e120d60b
+size 7873892
-- 
2.51.1


From 53d65ccf0f083250447cc636eca5ba2520a705dbba87a46f503119a32ab71cb7 Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dleuenberger@suse.com>
Date: Wed, 7 May 2025 17:19:03 +0000
Subject: [PATCH 10/24] Accepting request 1275060 from devel:tools:scm

- Update to version 0.8.1+git.1746484874.96c7a111:
* docs: update install, contrib, and usage documentation (#1222)
* fix: resolve the remote URI using url.*.insteadOf (#1394)
* build(deps): bump the go_modules group across 1 directory with 3 updates (#1376)
* chore: gofmt simplify gitlab/export_test.go (#1392)
* fix: checkout repo before setting up go environment (#1390)
* feat: bump to go v1.24.2 (#1389)
* chore: update golang.org/x/net (#1379)
* fix: use -0700 when formatting time (#1388)
* fix: use correct url for gitlab PATs (#1384)
* refactor: remove depdendency on pnpm for auto-label action (#1383)
* feat: add action: auto-label (#1380)
* feat: remove lifecycle/frozen (#1377)
* build(deps): bump the npm_and_yarn group across 1 directory with 12 updates (#1378)
* feat: support new exclusion label: lifecycle/pinned (#1375)
* fix: refactor how gitlab title changes are detected (#1370)
* revert: "Create Dependabot config file" (#1374)
* refactor: rename //:git-bug.go to //:main.go (#1373)
* build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.16 to 2.5.25 (#1361)
* fix: set GitLastTag to an empty string when git-describe errors (#1355)
* chore: update go-git to v5@masterupdate_mods (#1284)
* refactor: Directly swap two variables to optimize code (#1272)
* Update README.md Matrix link to new room (#1275)
- Remove upstreamed patch:
- CVE-2025-22869-bump-go-crypto-ssh.patch

OBS-URL: https://build.opensuse.org/request/show/1275060
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git-bug?expand=0&rev=10
---
 CVE-2025-22869-bump-go-crypto-ssh.patch      | 103 -------------------
 _scmsync.obsinfo                             |   8 +-
 _service                                     |   8 +-
 _servicedata                                 |   2 +-
 build.specials.obscpio                       |   4 +-
 git-bug-0.8.0+git.1742269202.0ab94c9.obscpio |   3 -
 git-bug-0.8.1+git.1746484874.96c7a111.tar.gz |   3 +
 git-bug.changes                              |  29 ++++++
 git-bug.spec                                 |   5 +-
 remote-config.patch                          |  18 ++--
 vendor.tar.gz                                |   4 +-
 11 files changed, 55 insertions(+), 132 deletions(-)
 delete mode 100644 CVE-2025-22869-bump-go-crypto-ssh.patch
 delete mode 100644 git-bug-0.8.0+git.1742269202.0ab94c9.obscpio
 create mode 100644 git-bug-0.8.1+git.1746484874.96c7a111.tar.gz

diff --git a/CVE-2025-22869-bump-go-crypto-ssh.patch b/CVE-2025-22869-bump-go-crypto-ssh.patch
deleted file mode 100644
index b262451..0000000
--- a/CVE-2025-22869-bump-go-crypto-ssh.patch
+++ /dev/null
@@ -1,103 +0,0 @@
----
- go.mod |   14 ++++++++------
- go.sum |   20 ++++++++++----------
- 2 files changed, 18 insertions(+), 16 deletions(-)
-
-Index: git-bug-0.8.0+git.1742269202.0ab94c9/go.mod
-===================================================================
---- git-bug-0.8.0+git.1742269202.0ab94c9.orig/go.mod	2025-03-18 04:40:02.000000000 +0100
-+++ git-bug-0.8.0+git.1742269202.0ab94c9/go.mod	2025-03-25 16:42:47.276480680 +0100
-@@ -1,6 +1,8 @@
- module github.com/git-bug/git-bug
- 
--go 1.22.5
-+go 1.23.0
-+
-+toolchain go1.24.1
- 
- // https://github.com/praetorian-inc/gokart/pull/84
- replace github.com/praetorian-inc/gokart v0.5.1 => github.com/selesy/gokart v0.5.2-rc1
-@@ -36,11 +38,11 @@
- 	github.com/vbauerster/mpb/v8 v8.8.2
- 	github.com/vektah/gqlparser/v2 v2.5.16
- 	gitlab.com/gitlab-org/api/client-go v0.116.0
--	golang.org/x/crypto v0.31.0
-+	golang.org/x/crypto v0.35.0
- 	golang.org/x/oauth2 v0.22.0
--	golang.org/x/sync v0.10.0
--	golang.org/x/sys v0.28.0
--	golang.org/x/text v0.21.0
-+	golang.org/x/sync v0.11.0
-+	golang.org/x/sys v0.30.0
-+	golang.org/x/text v0.22.0
- )
- 
- require (
-@@ -121,7 +123,7 @@
- 	golang.org/x/mod v0.19.0 // indirect
- 	golang.org/x/net v0.27.0 // indirect
- 	golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 // indirect
--	golang.org/x/term v0.27.0
-+	golang.org/x/term v0.29.0
- 	golang.org/x/tools v0.23.0 // indirect
- 	golang.org/x/vuln v1.1.3
- 	google.golang.org/protobuf v1.34.2 // indirect
-Index: git-bug-0.8.0+git.1742269202.0ab94c9/go.sum
-===================================================================
---- git-bug-0.8.0+git.1742269202.0ab94c9.orig/go.sum	2025-03-18 04:40:02.000000000 +0100
-+++ git-bug-0.8.0+git.1742269202.0ab94c9/go.sum	2025-03-25 16:42:47.278128567 +0100
-@@ -331,8 +331,8 @@
- golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
- golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
- golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
--golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
--golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
-+golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
- golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
- golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
- golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-@@ -357,8 +357,8 @@
- golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
- golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
- golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
--golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
--golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
-+golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
- golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
- golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
- golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-@@ -379,8 +379,8 @@
- golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
- golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
- golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
--golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
--golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
-+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
- golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 h1:ka7TMW0Mo8QYTXm2hXSQ9fFUXS7Zln3S4pe9aq4JC7w=
- golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4/go.mod h1:amNmu/SBSm2GAF3X+9U2C0epLocdh+r5Z+7oMYO5cLM=
- golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-@@ -390,8 +390,8 @@
- golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
- golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
- golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
--golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
--golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-+golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
-+golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
- golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
- golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
- golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-@@ -402,8 +402,8 @@
- golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
- golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
- golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
--golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
--golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
-+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
- golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
- golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
- golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo
index 84eb788..6cfcd4e 100644
--- a/_scmsync.obsinfo
+++ b/_scmsync.obsinfo
@@ -1,4 +1,4 @@
-mtime: 1742979124
-commit: fb15c5e482c95286deb19afaad6c8fa332805c9ea831a416eb881d0a6cfe7ef4
-url: https://src.opensuse.org/pool/git-bug.git
-revision: fb15c5e482c95286deb19afaad6c8fa332805c9ea831a416eb881d0a6cfe7ef4
+mtime: 1746595404
+commit: 846c3f4492b7c78cd0073bcb8ba48370bd2bd991ee95d74cd27c6d37c85bf668
+url: https://src.opensuse.org/mcepl/git-bug
+revision: factory
diff --git a/_service b/_service
index 77f1305..747be97 100644
--- a/_service
+++ b/_service
@@ -1,13 +1,13 @@
 <services>
-    <service name="obs_scm" mode="manual">
-        <param name="versionprefix">0.8.0+git</param>
+    <service name="tar_scm" mode="manual">
+        <param name="versionprefix">0.8.1+git</param>
+        <param name="revision">v0.8.1</param>
         <param name="url">https://github.com/git-bug/git-bug.git</param>
         <param name="scm">git</param>
         <param name="changesgenerate">enable</param>
         <param name="changesauthor">mcepl@cepl.eu</param>
     </service>
-    <service name="tar" mode="buildtime"/>
-    <service name="recompress" mode="buildtime">
+    <service name="recompress" mode="manual">
         <param name="file">*.tar</param>
         <param name="compression">gz</param>
     </service>
diff --git a/_servicedata b/_servicedata
index b7c0bf9..a330163 100644
--- a/_servicedata
+++ b/_servicedata
@@ -3,4 +3,4 @@
                 <param name="url">https://github.com/MichaelMure/git-bug.git</param>
               <param name="changesrevision">d499b6e9d3333334614924669b74640a2d0b5485</param></service><service name="tar_scm">
                 <param name="url">https://github.com/git-bug/git-bug.git</param>
-              <param name="changesrevision">0ab94c9b7ac53ca9ab56febcf5cc3f26959e8b8a</param></service></servicedata>
\ No newline at end of file
+              <param name="changesrevision">96c7a111a3cb075b5ce485f709c3eb82da121a50</param></service></servicedata>
\ No newline at end of file
diff --git a/build.specials.obscpio b/build.specials.obscpio
index 94296fa..fb21430 100644
--- a/build.specials.obscpio
+++ b/build.specials.obscpio
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:e966820bdd79db6e3eed1d28a73eacdc9d390b5e27b55907d82ced1160841993
-size 304
+oid sha256:bcc4a5ef5089a5cc921ad4aa7220dabe3664210b862b54aaae40de03347248ad
+size 336
diff --git a/git-bug-0.8.0+git.1742269202.0ab94c9.obscpio b/git-bug-0.8.0+git.1742269202.0ab94c9.obscpio
deleted file mode 100644
index 9fe0c0a..0000000
--- a/git-bug-0.8.0+git.1742269202.0ab94c9.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:eac693d55f8f3c2e8e839e2e8381c5955dc6548aa004d6185db80ee68e6c5e0d
-size 7206925
diff --git a/git-bug-0.8.1+git.1746484874.96c7a111.tar.gz b/git-bug-0.8.1+git.1746484874.96c7a111.tar.gz
new file mode 100644
index 0000000..35620c1
--- /dev/null
+++ b/git-bug-0.8.1+git.1746484874.96c7a111.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fb930695a66c4be23b3c4129ba164ed7d8f14d66249bc7726bbbeeccedb85ec9
+size 2581373
diff --git a/git-bug.changes b/git-bug.changes
index 91c61a8..5818897 100644
--- a/git-bug.changes
+++ b/git-bug.changes
@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Tue May 06 10:21:55 UTC 2025 - mcepl@cepl.eu
+
+- Update to version 0.8.1+git.1746484874.96c7a111:
+  * docs: update install, contrib, and usage documentation (#1222)
+  * fix: resolve the remote URI using url.*.insteadOf (#1394)
+  * build(deps): bump the go_modules group across 1 directory with 3 updates (#1376)
+  * chore: gofmt simplify gitlab/export_test.go (#1392)
+  * fix: checkout repo before setting up go environment (#1390)
+  * feat: bump to go v1.24.2 (#1389)
+  * chore: update golang.org/x/net (#1379)
+  * fix: use -0700 when formatting time (#1388)
+  * fix: use correct url for gitlab PATs (#1384)
+  * refactor: remove depdendency on pnpm for auto-label action (#1383)
+  * feat: add action: auto-label (#1380)
+  * feat: remove lifecycle/frozen (#1377)
+  * build(deps): bump the npm_and_yarn group across 1 directory with 12 updates (#1378)
+  * feat: support new exclusion label: lifecycle/pinned (#1375)
+  * fix: refactor how gitlab title changes are detected (#1370)
+  * revert: "Create Dependabot config file" (#1374)
+  * refactor: rename //:git-bug.go to //:main.go (#1373)
+  * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.16 to 2.5.25 (#1361)
+  * fix: set GitLastTag to an empty string when git-describe errors (#1355)
+  * chore: update go-git to v5@masterupdate_mods (#1284)
+  * refactor: Directly swap two variables to optimize code (#1272)
+  * Update README.md Matrix link to new room (#1275)
+- Remove upstreamed patch:
+  - CVE-2025-22869-bump-go-crypto-ssh.patch
+
 -------------------------------------------------------------------
 Tue Mar 25 15:29:50 UTC 2025 - mcepl@cepl.eu
 
diff --git a/git-bug.spec b/git-bug.spec
index 7359b9b..938500d 100644
--- a/git-bug.spec
+++ b/git-bug.spec
@@ -17,7 +17,7 @@
 
 
 Name:           git-bug
-Version:        0.8.0+git.1742269202.0ab94c9
+Version:        0.8.1+git.1746484874.96c7a111
 Release:        0
 Summary:        Distributed, offline-first bug tracker embedded in git, with bridges
 License:        MIT
@@ -28,9 +28,6 @@ Source1:        vendor.tar.gz
 # PATCH-FIX-UPSTREAM remote-config.patch gh#MichaelMure/git-bug!1076 mcepl@suse.com
 # try reading git-bug.remote config value before defaulting to 'origin' when no explicit REMOTE argument
 Patch0:         remote-config.patch
-# PATCH-FIX-UPSTREAM CVE-2025-22869-bump-go-crypto-ssh.patch bsc#1239494 mcepl@suse.com
-# bump golang.org/x/crypto to v0.35.0
-Patch2:         CVE-2025-22869-bump-go-crypto-ssh.patch
 BuildRequires:  golang(API) = 1.23
 # # PATCH-FEATURE-UPSTREAM 501-export.patch gh#MichaelMure/git-bug!501 mcepl@suse.com
 # # add a command to export bugs as raw operations
diff --git a/remote-config.patch b/remote-config.patch
index 8bc6fd6..e71688e 100644
--- a/remote-config.patch
+++ b/remote-config.patch
@@ -10,10 +10,10 @@ Subject: [PATCH] pull, push: try reading git-bug.remote config value before
  repository/config.go |   11 +++++++++++
  3 files changed, 33 insertions(+), 10 deletions(-)
 
-Index: git-bug-0.8.0+git.1742269202.0ab94c9/commands/pull.go
+Index: git-bug-0.8.1+git.1746484874.96c7a111/commands/pull.go
 ===================================================================
---- git-bug-0.8.0+git.1742269202.0ab94c9.orig/commands/pull.go	2025-03-18 04:40:02.000000000 +0100
-+++ git-bug-0.8.0+git.1742269202.0ab94c9/commands/pull.go	2025-03-25 16:36:27.048924722 +0100
+--- git-bug-0.8.1+git.1746484874.96c7a111.orig/commands/pull.go	2025-05-06 00:41:14.000000000 +0200
++++ git-bug-0.8.1+git.1746484874.96c7a111/commands/pull.go	2025-05-06 12:25:33.320505683 +0200
 @@ -8,6 +8,7 @@
  	"github.com/git-bug/git-bug/commands/completion"
  	"github.com/git-bug/git-bug/commands/execenv"
@@ -46,10 +46,10 @@ Index: git-bug-0.8.0+git.1742269202.0ab94c9/commands/pull.go
  	}
  
  	env.Out.Println("Fetching remote ...")
-Index: git-bug-0.8.0+git.1742269202.0ab94c9/commands/push.go
+Index: git-bug-0.8.1+git.1746484874.96c7a111/commands/push.go
 ===================================================================
---- git-bug-0.8.0+git.1742269202.0ab94c9.orig/commands/push.go	2025-03-18 04:40:02.000000000 +0100
-+++ git-bug-0.8.0+git.1742269202.0ab94c9/commands/push.go	2025-03-25 16:36:27.049118817 +0100
+--- git-bug-0.8.1+git.1746484874.96c7a111.orig/commands/push.go	2025-05-06 00:41:14.000000000 +0200
++++ git-bug-0.8.1+git.1746484874.96c7a111/commands/push.go	2025-05-06 12:25:33.320753379 +0200
 @@ -7,6 +7,7 @@
  
  	"github.com/git-bug/git-bug/commands/completion"
@@ -82,10 +82,10 @@ Index: git-bug-0.8.0+git.1742269202.0ab94c9/commands/push.go
  	}
  
  	stdout, err := env.Backend.Push(remote)
-Index: git-bug-0.8.0+git.1742269202.0ab94c9/repository/config.go
+Index: git-bug-0.8.1+git.1746484874.96c7a111/repository/config.go
 ===================================================================
---- git-bug-0.8.0+git.1742269202.0ab94c9.orig/repository/config.go	2025-03-18 04:40:02.000000000 +0100
-+++ git-bug-0.8.0+git.1742269202.0ab94c9/repository/config.go	2025-03-25 16:36:27.049354801 +0100
+--- git-bug-0.8.1+git.1746484874.96c7a111.orig/repository/config.go	2025-05-06 00:41:14.000000000 +0200
++++ git-bug-0.8.1+git.1746484874.96c7a111/repository/config.go	2025-05-06 12:25:33.320922899 +0200
 @@ -60,6 +60,17 @@
  	RemoveAll(keyPrefix string) error
  }
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 266fd36..dd8a8d3 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:b3d4eedd9c7468028055ec50887bf7590ba49473fb2bd7f368fc78a0e120d60b
-size 7873892
+oid sha256:783a6532a40b31c193b7b1f39ca8ce910a792cff930257ef21111ae7e21269b2
+size 7640637
-- 
2.51.1


From e594f64458337c96779c7248b4bae1a78135c1ffc2a10fb504db3c96355b8c0f Mon Sep 17 00:00:00 2001
From: Ana Guerrero <ana.guerrero+factory@suse.com>
Date: Tue, 20 May 2025 07:38:42 +0000
Subject: [PATCH 11/24] Accepting request 1278375 from devel:tools:scm

- Update to version 0.10.1:
  - cli: ignore missing sections when removing configuration (ddb22a2f)
- Update to version 0.10.0:
  - bridge: correct command used to create a new bridge (9942337b)
  - web: simplify header navigation (7e95b169)
  - webui: remark upgrade + gfm + syntax highlighting (6ee47b96)
  - BREAKING CHANGE: dev-infra: remove gokart (89b880bd)
- Update to version 0.10.0
  - bridge: correct command used to create a new bridge (9942337b)
  - web: simplify header navigation (7e95b169)
  - web: remark upgrade + gfm + syntax highlighting (6ee47b96)
- Update to version 0.9.0:
  - completion: remove errata from string literal (aa102c91)
  - tui: improve readability of the help bar (23be684a)

OBS-URL: https://build.opensuse.org/request/show/1278375
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git-bug?expand=0&rev=11
---
 _scmsync.obsinfo                             |  4 ++--
 _service                                     |  4 ++--
 build.specials.obscpio                       |  2 +-
 git-bug-0.10.1.tar.gz                        |  3 +++
 git-bug-0.8.1+git.1746484874.96c7a111.tar.gz |  3 ---
 git-bug.changes                              | 18 ++++++++++++++++++
 git-bug.spec                                 | 17 +++++++++++------
 vendor.tar.gz                                |  4 ++--
 8 files changed, 39 insertions(+), 16 deletions(-)
 create mode 100644 git-bug-0.10.1.tar.gz
 delete mode 100644 git-bug-0.8.1+git.1746484874.96c7a111.tar.gz

diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo
index 6cfcd4e..1446415 100644
--- a/_scmsync.obsinfo
+++ b/_scmsync.obsinfo
@@ -1,4 +1,4 @@
-mtime: 1746595404
-commit: 846c3f4492b7c78cd0073bcb8ba48370bd2bd991ee95d74cd27c6d37c85bf668
+mtime: 1747648451
+commit: 83936a093bc18e10ba06dd7fc096e91e9c75633035e494fe89c7792dc54c8f1d
 url: https://src.opensuse.org/mcepl/git-bug
 revision: factory
diff --git a/_service b/_service
index 747be97..9ba31b6 100644
--- a/_service
+++ b/_service
@@ -1,5 +1,5 @@
 <services>
-    <service name="tar_scm" mode="manual">
+    <!-- service name="tar_scm" mode="manual">
         <param name="versionprefix">0.8.1+git</param>
         <param name="revision">v0.8.1</param>
         <param name="url">https://github.com/git-bug/git-bug.git</param>
@@ -11,6 +11,6 @@
         <param name="file">*.tar</param>
         <param name="compression">gz</param>
     </service>
-    <service name="set_version" mode="manual"/>
+    <service name="set_version" mode="manual"/ -->
     <service name="go_modules" mode="manual"/>
 </services>
diff --git a/build.specials.obscpio b/build.specials.obscpio
index fb21430..6107c50 100644
--- a/build.specials.obscpio
+++ b/build.specials.obscpio
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:bcc4a5ef5089a5cc921ad4aa7220dabe3664210b862b54aaae40de03347248ad
+oid sha256:8e573e7f24d965ab2a09adb6138b0bd0bd887bb4c7a77527760453ca8cde5f83
 size 336
diff --git a/git-bug-0.10.1.tar.gz b/git-bug-0.10.1.tar.gz
new file mode 100644
index 0000000..fd16892
--- /dev/null
+++ b/git-bug-0.10.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1b5cafa3d9918ce18c4674c93b83359e211def83e716d5841fa93c77b457e6c2
+size 2669305
diff --git a/git-bug-0.8.1+git.1746484874.96c7a111.tar.gz b/git-bug-0.8.1+git.1746484874.96c7a111.tar.gz
deleted file mode 100644
index 35620c1..0000000
--- a/git-bug-0.8.1+git.1746484874.96c7a111.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fb930695a66c4be23b3c4129ba164ed7d8f14d66249bc7726bbbeeccedb85ec9
-size 2581373
diff --git a/git-bug.changes b/git-bug.changes
index 5818897..f7e0c91 100644
--- a/git-bug.changes
+++ b/git-bug.changes
@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Mon May 19 08:38:03 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Update to version 0.10.1:
+  - cli: ignore missing sections when removing configuration (ddb22a2f)
+- Update to version 0.10.0:
+  - bridge: correct command used to create a new bridge (9942337b)
+  - web: simplify header navigation (7e95b169)
+  - webui: remark upgrade + gfm + syntax highlighting (6ee47b96)
+  - BREAKING CHANGE: dev-infra: remove gokart (89b880bd)
+- Update to version 0.10.0
+  - bridge: correct command used to create a new bridge (9942337b)
+  - web: simplify header navigation (7e95b169)
+  - web: remark upgrade + gfm + syntax highlighting (6ee47b96)
+- Update to version 0.9.0:
+  - completion: remove errata from string literal (aa102c91)
+  - tui: improve readability of the help bar (23be684a)
+
 -------------------------------------------------------------------
 Tue May 06 10:21:55 UTC 2025 - mcepl@cepl.eu
 
diff --git a/git-bug.spec b/git-bug.spec
index 938500d..ef57591 100644
--- a/git-bug.spec
+++ b/git-bug.spec
@@ -17,18 +17,18 @@
 
 
 Name:           git-bug
-Version:        0.8.1+git.1746484874.96c7a111
+Version:        0.10.1
 Release:        0
 Summary:        Distributed, offline-first bug tracker embedded in git, with bridges
 License:        MIT
 URL:            https://github.com/MichaelMure/git-bug
-# Source0:        https://github.com/MichaelMure/%%{name}/archive/refs/tags/v%%{version}.tar.gz#/git-bug-%%{version}.tar.gz
-Source0:        git-bug-%{version}.tar.gz
+Source0:        https://github.com/MichaelMure/%{name}/archive/refs/tags/v%{version}.tar.gz#/git-bug-%{version}.tar.gz
+# Source0:        git-bug-%%{version}.tar.gz
 Source1:        vendor.tar.gz
 # PATCH-FIX-UPSTREAM remote-config.patch gh#MichaelMure/git-bug!1076 mcepl@suse.com
 # try reading git-bug.remote config value before defaulting to 'origin' when no explicit REMOTE argument
 Patch0:         remote-config.patch
-BuildRequires:  golang(API) = 1.23
+BuildRequires:  golang(API) = 1.24
 # # PATCH-FEATURE-UPSTREAM 501-export.patch gh#MichaelMure/git-bug!501 mcepl@suse.com
 # # add a command to export bugs as raw operations
 # Patch0:         501-export.patch
@@ -91,7 +91,12 @@ zsh shell completions for git-bug
 %autosetup -p1 -a1
 
 %build
-%make_build build
+# COMMANDS_PATH="github.com/git-bug/git-bug/commands"
+# LDFLAGS="-X ${COMMANDS_PATH}.GitCommit=${GIT_COMMIT} \
+# 	-X ${COMMANDS_PATH}.GitLastTag=${GIT_LAST_TAG} \
+# 	-X ${COMMANDS_PATH}.GitExactTag=${GIT_EXACT_TAG}"
+export GOFLAGS="-buildmode=pie"
+go build
 
 %install
 install -Dm755 git-bug %{buildroot}%{_bindir}/git-bug
@@ -107,7 +112,7 @@ install -Dm0644 misc/completion/zsh/git-bug  \
 
 %check
 # before we mark network requiring tests (gh#git-bug/git-bug#1313)
-%make_build test || true
+go test -v -bench=. ./... || true
 
 %files
 %license LICENSE
diff --git a/vendor.tar.gz b/vendor.tar.gz
index dd8a8d3..f2d1d91 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:783a6532a40b31c193b7b1f39ca8ce910a792cff930257ef21111ae7e21269b2
-size 7640637
+oid sha256:804f816c8ad5832ddb6e0334bef65242b873ab790ac6dd5bd011d04e877643f7
+size 7514840
-- 
2.51.1


From 6911af6e1c5222b0667283f126a1b54541454adb9d67ec41eba95f05b8920ff6 Mon Sep 17 00:00:00 2001
From: Ana Guerrero <ana.guerrero+factory@suse.com>
Date: Tue, 21 Oct 2025 09:17:02 +0000
Subject: [PATCH 12/24] Accepting request 1312668 from devel:tools:scm

- Revendor to include golang.org/x/net/html v 0.45.0 to prevent
  possible DoS by various algorithms with quadratic complexity
  when parsing HTML documents (bsc#1251463, CVE-2025-47911 and
  bsc#1251664, CVE-2025-58190).

OBS-URL: https://build.opensuse.org/request/show/1312668
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git-bug?expand=0&rev=12
---
 _scmsync.obsinfo       | 4 ++--
 _servicedata           | 2 +-
 build.specials.obscpio | 2 +-
 git-bug.changes        | 8 ++++++++
 vendor.tar.gz          | 2 +-
 5 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo
index 1446415..241d95d 100644
--- a/_scmsync.obsinfo
+++ b/_scmsync.obsinfo
@@ -1,4 +1,4 @@
-mtime: 1747648451
-commit: 83936a093bc18e10ba06dd7fc096e91e9c75633035e494fe89c7792dc54c8f1d
+mtime: 1761006338
+commit: fc67d2471d040d2c89d7cf0c36806dff775021cde0f0d8b8fbfb326312705d9b
 url: https://src.opensuse.org/mcepl/git-bug
 revision: factory
diff --git a/_servicedata b/_servicedata
index a330163..3c0f8e0 100644
--- a/_servicedata
+++ b/_servicedata
@@ -3,4 +3,4 @@
                 <param name="url">https://github.com/MichaelMure/git-bug.git</param>
               <param name="changesrevision">d499b6e9d3333334614924669b74640a2d0b5485</param></service><service name="tar_scm">
                 <param name="url">https://github.com/git-bug/git-bug.git</param>
-              <param name="changesrevision">96c7a111a3cb075b5ce485f709c3eb82da121a50</param></service></servicedata>
\ No newline at end of file
+              <param name="changesrevision">96c7a111a3cb075b5ce485f709c3eb82da121a50</param></service></servicedata>
diff --git a/build.specials.obscpio b/build.specials.obscpio
index 6107c50..16adf0f 100644
--- a/build.specials.obscpio
+++ b/build.specials.obscpio
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:8e573e7f24d965ab2a09adb6138b0bd0bd887bb4c7a77527760453ca8cde5f83
+oid sha256:655ff0748eb612f3e3cbc9d53e8c9d2444988feb02da215fbf0b060769e89578
 size 336
diff --git a/git-bug.changes b/git-bug.changes
index f7e0c91..2d6541e 100644
--- a/git-bug.changes
+++ b/git-bug.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Oct 15 20:05:09 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Revendor to include golang.org/x/net/html v 0.45.0 to prevent
+  possible DoS by various algorithms with quadratic complexity
+  when parsing HTML documents (bsc#1251463, CVE-2025-47911 and
+  bsc#1251664, CVE-2025-58190).
+
 -------------------------------------------------------------------
 Mon May 19 08:38:03 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 
diff --git a/vendor.tar.gz b/vendor.tar.gz
index f2d1d91..53dfbe6 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:804f816c8ad5832ddb6e0334bef65242b873ab790ac6dd5bd011d04e877643f7
+oid sha256:294d97d2295b66c174194b0e26ec80e4b8a533ac709392635f87282b5b94f34f
 size 7514840
-- 
2.51.1


From 43a25d6598ca49ed3bd8ee189c1fed83e3c2ba1524fd3e9698df1c3065d17d99 Mon Sep 17 00:00:00 2001
From: Ana Guerrero <ana.guerrero+factory@suse.com>
Date: Wed, 26 Nov 2025 16:15:50 +0000
Subject: [PATCH 13/24] Accepting request 1320059 from devel:tools:scm

- Revendor to include fixed version of depending libraries:
  - GO-2025-4116 (CVE-2025-47913, bsc#1253506) upgrade
    golang.org/x/crypto to v0.43.0
  - GO-2025-3900 (GHSA-2464-8j7c-4cjm) upgrade
    github.com/go-viper/mapstructure/v2 to v2.4.0
  - GO-2025-3787 (GHSA-fv92-fjc5-jj9h) included in the previous
  - GO-2025-3754 (GHSA-2x5j-vhc8-9cwm) upgrade
    github.com/cloudflare/circl to v1.6.1
  - GO-2025-4134 (CVE-2025-58181, bsc#1253930) upgrade
    golang.org/x/crypto/ssh to v0.45.0
  - GO-2025-4135 (CVE-2025-47914, bsc#1254084) upgrade
    golang.org/x/crypto/ssh/agent to v0.45.0

OBS-URL: https://build.opensuse.org/request/show/1320059
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git-bug?expand=0&rev=13
---
 _scmsync.obsinfo       |  4 ++--
 _service               |  8 +++++++-
 build.specials.obscpio |  2 +-
 git-bug.changes        | 16 ++++++++++++++++
 vendor.tar.gz          |  4 ++--
 5 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo
index 241d95d..0a4bb92 100644
--- a/_scmsync.obsinfo
+++ b/_scmsync.obsinfo
@@ -1,4 +1,4 @@
-mtime: 1761006338
-commit: fc67d2471d040d2c89d7cf0c36806dff775021cde0f0d8b8fbfb326312705d9b
+mtime: 1764093923
+commit: bfa8e9f39cf4935bee104b5cb556b8d9ab45d131ab1952423c3893b03c8ed4f8
 url: https://src.opensuse.org/mcepl/git-bug
 revision: factory
diff --git a/_service b/_service
index 9ba31b6..225665c 100644
--- a/_service
+++ b/_service
@@ -12,5 +12,11 @@
         <param name="compression">gz</param>
     </service>
     <service name="set_version" mode="manual"/ -->
-    <service name="go_modules" mode="manual"/>
+    <service name="go_modules" mode="manual">
+      <param name="replace">golang.org/x/crypto=golang.org/x/crypto@v0.43.0</param>
+      <param name="replace">github.com/go-viper/mapstructure/v2=github.com/go-viper/mapstructure/v2@v2.4.0</param>
+      <param name="replace">github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1</param>
+      <param name="replace">golang.org/x/crypto/ssh=golang.org/x/crypto/ssh@v0.45.0</param>
+      <param name="replace">golang.org/x/crypto/ssh/agent=golang.org/x/crypto/ssh/agent@v0.45.0</param>
+    </service>
 </services>
diff --git a/build.specials.obscpio b/build.specials.obscpio
index 16adf0f..862a8d0 100644
--- a/build.specials.obscpio
+++ b/build.specials.obscpio
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:655ff0748eb612f3e3cbc9d53e8c9d2444988feb02da215fbf0b060769e89578
+oid sha256:9fdf68f315d5766525033bf1dfff37cbc5a5c0dd7614f262b87636461668b6c6
 size 336
diff --git a/git-bug.changes b/git-bug.changes
index 2d6541e..4b147a3 100644
--- a/git-bug.changes
+++ b/git-bug.changes
@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Tue Nov 25 17:41:00 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Revendor to include fixed version of depending libraries:
+  - GO-2025-4116 (CVE-2025-47913, bsc#1253506) upgrade
+    golang.org/x/crypto to v0.43.0
+  - GO-2025-3900 (GHSA-2464-8j7c-4cjm) upgrade
+    github.com/go-viper/mapstructure/v2 to v2.4.0
+  - GO-2025-3787 (GHSA-fv92-fjc5-jj9h) included in the previous
+  - GO-2025-3754 (GHSA-2x5j-vhc8-9cwm) upgrade
+    github.com/cloudflare/circl to v1.6.1
+  - GO-2025-4134 (CVE-2025-58181, bsc#1253930) upgrade
+    golang.org/x/crypto/ssh to v0.45.0
+  - GO-2025-4135 (CVE-2025-47914, bsc#1254084) upgrade
+    golang.org/x/crypto/ssh/agent to v0.45.0
+
 -------------------------------------------------------------------
 Wed Oct 15 20:05:09 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 53dfbe6..0308d1e 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:294d97d2295b66c174194b0e26ec80e4b8a533ac709392635f87282b5b94f34f
-size 7514840
+oid sha256:dda306632534f9b055876ce74523450dffe12274f7717092a53f45177394c79c
+size 7602649
-- 
2.51.1


From 4a4372415ea4e1053689be4feecb9010e1532c26b8610fa1bd8c43df3df54d55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Sat, 3 Aug 2024 17:27:38 +0200
Subject: [PATCH 14/24] Add remote-config.patch (gh#MichaelMure/git-bug!1076):
 try reading git-bug.remote config value before defaulting to 'origin' when no
 explicit REMOTE argument.

---
 git-bug.spec | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/git-bug.spec b/git-bug.spec
index 63a3f72..c2a295e 100644
--- a/git-bug.spec
+++ b/git-bug.spec
@@ -22,8 +22,11 @@ Release:        0
 Summary:        Distributed, offline-first bug tracker embedded in git, with bridges
 License:        MIT
 URL:            https://github.com/MichaelMure/git-bug
-Source0:        https://github.com/MichaelMure/%{name}/archive/refs/tags/v%{version}.tar.gz#/git-bug-%{version}.tar.gz
-# Source0:        git-bug-%%{version}.tar.gz
+# Source0:        https://github.com/MichaelMure/%%{name}/archive/refs/tags/v%%{version}.tar.gz#/git-bug-%%{version}.tar.gz
+Source0:        git-bug-%{version}.tar.gz
+# PATCH-FIX-UPSTREAM remote-config.patch gh#MichaelMure/git-bug!1076 mcepl@suse.com
+# try reading git-bug.remote config value before defaulting to 'origin' when no explicit REMOTE argument
+Patch0:         remote-config.patch
 Source1:        vendor.tar.gz
 # PATCH-FIX-UPSTREAM remote-config.patch gh#MichaelMure/git-bug!1076 mcepl@suse.com
 # try reading git-bug.remote config value before defaulting to 'origin' when no explicit REMOTE argument
-- 
2.51.1


From cbfe50b11c617b9b2aea75eafeaa4cedc975cf68c8441dfbbb3ee34f194914e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Tue, 17 Dec 2024 15:06:57 +0100
Subject: [PATCH 15/24] Update to version 0.8.0+git.1733745604.d499b6e:   * fix
 typos in docs (#1266)   * build(deps): bump github.com/go-git/go-billy/v5
 from 5.5.0 to 5.6.0 (#1289) Add CVE-2024-45337-bump-go-crypto.patch to bump  
 golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for   CVE-2024-45337,
 bsc#1234565).

---
 CVE-2024-45337-bump-go-crypto.patch          | 232 +++++++++++++++++++
 git-bug-0.8.0+git.1733745604.d499b6e.obscpio |   3 +
 git-bug.spec                                 |   3 -
 3 files changed, 235 insertions(+), 3 deletions(-)
 create mode 100644 CVE-2024-45337-bump-go-crypto.patch
 create mode 100644 git-bug-0.8.0+git.1733745604.d499b6e.obscpio

diff --git a/CVE-2024-45337-bump-go-crypto.patch b/CVE-2024-45337-bump-go-crypto.patch
new file mode 100644
index 0000000..ed61eff
--- /dev/null
+++ b/CVE-2024-45337-bump-go-crypto.patch
@@ -0,0 +1,232 @@
+From fc24dafc5962715b46bcf37091d7f388ded5aa4b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
+Date: Mon, 16 Dec 2024 18:02:51 +0100
+Subject: [PATCH 1/3] build(deps): move from github.com/xanzy/go-gitlab to
+ gitlab.com/gitlab-org/api/client-go
+
+---
+ bridge/gitlab/config.go      |    2 +-
+ bridge/gitlab/event.go       |    2 +-
+ bridge/gitlab/export.go      |    2 +-
+ bridge/gitlab/export_test.go |    4 ++--
+ bridge/gitlab/gitlab.go      |    2 +-
+ bridge/gitlab/gitlab_api.go  |    2 +-
+ bridge/gitlab/import.go      |    2 +-
+ go.mod                       |   23 +++++++++++++----------
+ go.sum                       |   28 ++++++++++++++--------------
+ 9 files changed, 35 insertions(+), 32 deletions(-)
+
+--- a/bridge/gitlab/config.go
++++ b/bridge/gitlab/config.go
+@@ -8,7 +8,7 @@ import (
+ 	"strings"
+ 
+ 	"github.com/pkg/errors"
+-	"github.com/xanzy/go-gitlab"
++	"gitlab.com/gitlab-org/api/client-go"
+ 
+ 	"github.com/git-bug/git-bug/bridge/core"
+ 	"github.com/git-bug/git-bug/bridge/core/auth"
+--- a/bridge/gitlab/event.go
++++ b/bridge/gitlab/event.go
+@@ -5,7 +5,7 @@ import (
+ 	"strings"
+ 	"time"
+ 
+-	"github.com/xanzy/go-gitlab"
++	"gitlab.com/gitlab-org/api/client-go"
+ 
+ 	"github.com/git-bug/git-bug/util/text"
+ )
+--- a/bridge/gitlab/export.go
++++ b/bridge/gitlab/export.go
+@@ -8,7 +8,7 @@ import (
+ 	"time"
+ 
+ 	"github.com/pkg/errors"
+-	"github.com/xanzy/go-gitlab"
++	"gitlab.com/gitlab-org/api/client-go"
+ 
+ 	"github.com/git-bug/git-bug/bridge/core"
+ 	"github.com/git-bug/git-bug/bridge/core/auth"
+--- a/bridge/gitlab/export_test.go
++++ b/bridge/gitlab/export_test.go
+@@ -9,7 +9,7 @@ import (
+ 	"testing"
+ 	"time"
+ 
+-	"github.com/xanzy/go-gitlab"
++	"gitlab.com/gitlab-org/api/client-go"
+ 
+ 	"github.com/git-bug/git-bug/entity"
+ 	"github.com/git-bug/git-bug/entity/dag"
+@@ -319,6 +319,6 @@ func deleteRepository(ctx context.Contex
+ 		return err
+ 	}
+ 
+-	_, err = client.Projects.DeleteProject(project, gitlab.WithContext(ctx))
++	_, err = client.Projects.DeleteProject(project, nil, gitlab.WithContext(ctx))
+ 	return err
+ }
+--- a/bridge/gitlab/gitlab.go
++++ b/bridge/gitlab/gitlab.go
+@@ -3,7 +3,7 @@ package gitlab
+ import (
+ 	"time"
+ 
+-	"github.com/xanzy/go-gitlab"
++	"gitlab.com/gitlab-org/api/client-go"
+ 
+ 	"github.com/git-bug/git-bug/bridge/core"
+ 	"github.com/git-bug/git-bug/bridge/core/auth"
+--- a/bridge/gitlab/gitlab_api.go
++++ b/bridge/gitlab/gitlab_api.go
+@@ -5,7 +5,7 @@ import (
+ 	"time"
+ 
+ 	"github.com/git-bug/git-bug/util/text"
+-	"github.com/xanzy/go-gitlab"
++	"gitlab.com/gitlab-org/api/client-go"
+ )
+ 
+ // Issues returns a channel with gitlab project issues, ascending order.
+--- a/bridge/gitlab/import.go
++++ b/bridge/gitlab/import.go
+@@ -6,7 +6,7 @@ import (
+ 	"strconv"
+ 	"time"
+ 
+-	"github.com/xanzy/go-gitlab"
++	"gitlab.com/gitlab-org/api/client-go"
+ 
+ 	"github.com/git-bug/git-bug/bridge/core"
+ 	"github.com/git-bug/git-bug/bridge/core/auth"
+--- a/go.mod
++++ b/go.mod
+@@ -35,12 +35,19 @@ require (
+ 	github.com/stretchr/testify v1.9.0
+ 	github.com/vbauerster/mpb/v8 v8.8.2
+ 	github.com/vektah/gqlparser/v2 v2.5.16
+-	github.com/xanzy/go-gitlab v0.107.0
+-	golang.org/x/crypto v0.26.0
++	gitlab.com/gitlab-org/api/client-go v0.116.0
++	golang.org/x/crypto v0.31.0
+ 	golang.org/x/oauth2 v0.22.0
+-	golang.org/x/sync v0.8.0
+-	golang.org/x/sys v0.25.0
+-	golang.org/x/text v0.17.0
++	golang.org/x/sync v0.10.0
++	golang.org/x/sys v0.28.0
++	golang.org/x/text v0.21.0
++)
++
++require (
++	github.com/google/go-querystring v1.1.0 // indirect
++	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
++	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
++	golang.org/x/time v0.3.0 // indirect
+ )
+ 
+ require (
+@@ -78,12 +85,9 @@ require (
+ 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+ 	github.com/golang/protobuf v1.5.4 // indirect
+ 	github.com/golang/snappy v0.0.4 // indirect
+-	github.com/google/go-querystring v1.1.0 // indirect
+ 	github.com/google/uuid v1.6.0 // indirect
+ 	github.com/gorilla/websocket v1.5.3 // indirect
+ 	github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // indirect
+-	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+-	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
+ 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+ 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+ 	github.com/kevinburke/ssh_config v1.2.0 // indirect
+@@ -117,8 +121,7 @@ require (
+ 	golang.org/x/mod v0.19.0 // indirect
+ 	golang.org/x/net v0.27.0 // indirect
+ 	golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 // indirect
+-	golang.org/x/term v0.24.0
+-	golang.org/x/time v0.5.0 // indirect
++	golang.org/x/term v0.27.0
+ 	golang.org/x/tools v0.23.0 // indirect
+ 	golang.org/x/vuln v1.1.3
+ 	google.golang.org/protobuf v1.34.2 // indirect
+--- a/go.sum
++++ b/go.sum
+@@ -311,8 +311,6 @@ github.com/vektah/gqlparser/v2 v2.5.16/g
+ github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
+ github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
+ github.com/willf/bitset v1.1.10/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
+-github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y=
+-github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY=
+ github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
+ github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
+ github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
+@@ -322,6 +320,8 @@ github.com/yuin/goldmark v1.4.13/go.mod
+ github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
+ github.com/zclconf/go-cty v1.15.0 h1:tTCRWxsexYUmtt/wVxgDClUe+uQusuI443uL6e+5sXQ=
+ github.com/zclconf/go-cty v1.15.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
++gitlab.com/gitlab-org/api/client-go v0.116.0 h1:Dy534gtZPMrnm3fAcmQRMadrcoUyFO4FQ4rXlSAdHAw=
++gitlab.com/gitlab-org/api/client-go v0.116.0/go.mod h1:B29OfnZklmaoiR7uHANh9jTyfWEgmXvZLVEnosw2Dx0=
+ go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
+ go.etcd.io/bbolt v1.3.10 h1:+BqfJTcCzTItrop8mq/lbzL8wSGtj94UO/3U31shqG0=
+ go.etcd.io/bbolt v1.3.10/go.mod h1:bK3UQLPJZly7IlNmV7uVHJDxfe5aK9Ll93e/74Y9oEQ=
+@@ -331,8 +331,8 @@ golang.org/x/crypto v0.0.0-2021092115510
+ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+ golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+ golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+-golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
+-golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
++golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
++golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+ golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
+ golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
+ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+@@ -357,8 +357,8 @@ golang.org/x/sync v0.0.0-20180314180146-
+ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
++golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
++golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+ golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+@@ -379,8 +379,8 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1
+ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+-golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
+-golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
++golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
++golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+ golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 h1:ka7TMW0Mo8QYTXm2hXSQ9fFUXS7Zln3S4pe9aq4JC7w=
+ golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4/go.mod h1:amNmu/SBSm2GAF3X+9U2C0epLocdh+r5Z+7oMYO5cLM=
+ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+@@ -390,8 +390,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDH
+ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+ golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+ golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+-golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
+-golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
++golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
++golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
+ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+@@ -402,10 +402,10 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+
+ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+ golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
+-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+-golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+-golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
++golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
++golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
++golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
++golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
diff --git a/git-bug-0.8.0+git.1733745604.d499b6e.obscpio b/git-bug-0.8.0+git.1733745604.d499b6e.obscpio
new file mode 100644
index 0000000..299848a
--- /dev/null
+++ b/git-bug-0.8.0+git.1733745604.d499b6e.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2f683251b338ba457ddc5b1b5c7f5874c6b93f24c6919e5366f5d097c6f3e68b
+size 7206413
diff --git a/git-bug.spec b/git-bug.spec
index c2a295e..56c3866 100644
--- a/git-bug.spec
+++ b/git-bug.spec
@@ -24,9 +24,6 @@ License:        MIT
 URL:            https://github.com/MichaelMure/git-bug
 # Source0:        https://github.com/MichaelMure/%%{name}/archive/refs/tags/v%%{version}.tar.gz#/git-bug-%%{version}.tar.gz
 Source0:        git-bug-%{version}.tar.gz
-# PATCH-FIX-UPSTREAM remote-config.patch gh#MichaelMure/git-bug!1076 mcepl@suse.com
-# try reading git-bug.remote config value before defaulting to 'origin' when no explicit REMOTE argument
-Patch0:         remote-config.patch
 Source1:        vendor.tar.gz
 # PATCH-FIX-UPSTREAM remote-config.patch gh#MichaelMure/git-bug!1076 mcepl@suse.com
 # try reading git-bug.remote config value before defaulting to 'origin' when no explicit REMOTE argument
-- 
2.51.1


From ee758f0302c44758bfaa760b2a342e300267c7c7c6535441095ca53027a8749a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Wed, 8 Jan 2025 09:57:32 +0100
Subject: [PATCH 16/24] Update vendorization.

---
 vendor.tar.gz | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/vendor.tar.gz b/vendor.tar.gz
index 9ad992e..a2b807e 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:0127054aba7465091992d408f3ef860aeafba92ee8c8ba9a05b34e829f6ef7ef
-size 7602894
+oid sha256:19b201ea57a13b67d1e5db0a65bca037b854831abf6ec6530b0ba58d9377eeaa
+size 7602908
-- 
2.51.1


From 25a56cc7429aae13b76a8192baedec1969ea95ac43f25e6b1673ff9f58e28a85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Thu, 13 Mar 2025 18:29:48 +0100
Subject: [PATCH 17/24] =?UTF-8?q?-=20Update=20to=20version=200.8.0+git.174?=
 =?UTF-8?q?2269202.0ab94c9:=20=20=20*=20deps(crypto):=20bump=20golang.org/?=
 =?UTF-8?q?x/crypto=20from=20v0.26.0=20to=20v0.31.0=20(fix=20for=20CVE-202?=
 =?UTF-8?q?4-45337)=20(#1312)=20-=20Remove=20upstreamed=20CVE-2024-45337-b?=
 =?UTF-8?q?ump-go-crypto.patch=20=20=20(apparently=20upstream=20still=20di?=
 =?UTF-8?q?dn=E2=80=99t=20see=20the=20other=20one).=20-=20Add=20CVE-2025-2?=
 =?UTF-8?q?2869-bump-go-crypto-ssh.patch=20to=20update=20=20=20golang.org/?=
 =?UTF-8?q?x/crypto/ssh=20to=20v0.35.0=20(bsc#1239494,=20=20=20CVE-2025-22?=
 =?UTF-8?q?869).?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CVE-2024-45337-bump-go-crypto.patch          | 232 -------------------
 CVE-2025-22869-bump-go-crypto-ssh.patch      | 103 ++++++++
 git-bug-0.8.0+git.1733745604.d499b6e.obscpio |   3 -
 git-bug-0.8.0+git.1742269202.0ab94c9.obscpio |   3 +
 vendor.tar.gz                                |   4 +-
 5 files changed, 108 insertions(+), 237 deletions(-)
 delete mode 100644 CVE-2024-45337-bump-go-crypto.patch
 create mode 100644 CVE-2025-22869-bump-go-crypto-ssh.patch
 delete mode 100644 git-bug-0.8.0+git.1733745604.d499b6e.obscpio
 create mode 100644 git-bug-0.8.0+git.1742269202.0ab94c9.obscpio

diff --git a/CVE-2024-45337-bump-go-crypto.patch b/CVE-2024-45337-bump-go-crypto.patch
deleted file mode 100644
index ed61eff..0000000
--- a/CVE-2024-45337-bump-go-crypto.patch
+++ /dev/null
@@ -1,232 +0,0 @@
-From fc24dafc5962715b46bcf37091d7f388ded5aa4b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
-Date: Mon, 16 Dec 2024 18:02:51 +0100
-Subject: [PATCH 1/3] build(deps): move from github.com/xanzy/go-gitlab to
- gitlab.com/gitlab-org/api/client-go
-
----
- bridge/gitlab/config.go      |    2 +-
- bridge/gitlab/event.go       |    2 +-
- bridge/gitlab/export.go      |    2 +-
- bridge/gitlab/export_test.go |    4 ++--
- bridge/gitlab/gitlab.go      |    2 +-
- bridge/gitlab/gitlab_api.go  |    2 +-
- bridge/gitlab/import.go      |    2 +-
- go.mod                       |   23 +++++++++++++----------
- go.sum                       |   28 ++++++++++++++--------------
- 9 files changed, 35 insertions(+), 32 deletions(-)
-
---- a/bridge/gitlab/config.go
-+++ b/bridge/gitlab/config.go
-@@ -8,7 +8,7 @@ import (
- 	"strings"
- 
- 	"github.com/pkg/errors"
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/bridge/core"
- 	"github.com/git-bug/git-bug/bridge/core/auth"
---- a/bridge/gitlab/event.go
-+++ b/bridge/gitlab/event.go
-@@ -5,7 +5,7 @@ import (
- 	"strings"
- 	"time"
- 
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/util/text"
- )
---- a/bridge/gitlab/export.go
-+++ b/bridge/gitlab/export.go
-@@ -8,7 +8,7 @@ import (
- 	"time"
- 
- 	"github.com/pkg/errors"
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/bridge/core"
- 	"github.com/git-bug/git-bug/bridge/core/auth"
---- a/bridge/gitlab/export_test.go
-+++ b/bridge/gitlab/export_test.go
-@@ -9,7 +9,7 @@ import (
- 	"testing"
- 	"time"
- 
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/entity"
- 	"github.com/git-bug/git-bug/entity/dag"
-@@ -319,6 +319,6 @@ func deleteRepository(ctx context.Contex
- 		return err
- 	}
- 
--	_, err = client.Projects.DeleteProject(project, gitlab.WithContext(ctx))
-+	_, err = client.Projects.DeleteProject(project, nil, gitlab.WithContext(ctx))
- 	return err
- }
---- a/bridge/gitlab/gitlab.go
-+++ b/bridge/gitlab/gitlab.go
-@@ -3,7 +3,7 @@ package gitlab
- import (
- 	"time"
- 
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/bridge/core"
- 	"github.com/git-bug/git-bug/bridge/core/auth"
---- a/bridge/gitlab/gitlab_api.go
-+++ b/bridge/gitlab/gitlab_api.go
-@@ -5,7 +5,7 @@ import (
- 	"time"
- 
- 	"github.com/git-bug/git-bug/util/text"
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- )
- 
- // Issues returns a channel with gitlab project issues, ascending order.
---- a/bridge/gitlab/import.go
-+++ b/bridge/gitlab/import.go
-@@ -6,7 +6,7 @@ import (
- 	"strconv"
- 	"time"
- 
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/bridge/core"
- 	"github.com/git-bug/git-bug/bridge/core/auth"
---- a/go.mod
-+++ b/go.mod
-@@ -35,12 +35,19 @@ require (
- 	github.com/stretchr/testify v1.9.0
- 	github.com/vbauerster/mpb/v8 v8.8.2
- 	github.com/vektah/gqlparser/v2 v2.5.16
--	github.com/xanzy/go-gitlab v0.107.0
--	golang.org/x/crypto v0.26.0
-+	gitlab.com/gitlab-org/api/client-go v0.116.0
-+	golang.org/x/crypto v0.31.0
- 	golang.org/x/oauth2 v0.22.0
--	golang.org/x/sync v0.8.0
--	golang.org/x/sys v0.25.0
--	golang.org/x/text v0.17.0
-+	golang.org/x/sync v0.10.0
-+	golang.org/x/sys v0.28.0
-+	golang.org/x/text v0.21.0
-+)
-+
-+require (
-+	github.com/google/go-querystring v1.1.0 // indirect
-+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
-+	golang.org/x/time v0.3.0 // indirect
- )
- 
- require (
-@@ -78,12 +85,9 @@ require (
- 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
- 	github.com/golang/protobuf v1.5.4 // indirect
- 	github.com/golang/snappy v0.0.4 // indirect
--	github.com/google/go-querystring v1.1.0 // indirect
- 	github.com/google/uuid v1.6.0 // indirect
- 	github.com/gorilla/websocket v1.5.3 // indirect
- 	github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // indirect
--	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
--	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
- 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
- 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
- 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-@@ -117,8 +121,7 @@ require (
- 	golang.org/x/mod v0.19.0 // indirect
- 	golang.org/x/net v0.27.0 // indirect
- 	golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 // indirect
--	golang.org/x/term v0.24.0
--	golang.org/x/time v0.5.0 // indirect
-+	golang.org/x/term v0.27.0
- 	golang.org/x/tools v0.23.0 // indirect
- 	golang.org/x/vuln v1.1.3
- 	google.golang.org/protobuf v1.34.2 // indirect
---- a/go.sum
-+++ b/go.sum
-@@ -311,8 +311,6 @@ github.com/vektah/gqlparser/v2 v2.5.16/g
- github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
- github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
- github.com/willf/bitset v1.1.10/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
--github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y=
--github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY=
- github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
- github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
- github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-@@ -322,6 +320,8 @@ github.com/yuin/goldmark v1.4.13/go.mod
- github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
- github.com/zclconf/go-cty v1.15.0 h1:tTCRWxsexYUmtt/wVxgDClUe+uQusuI443uL6e+5sXQ=
- github.com/zclconf/go-cty v1.15.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
-+gitlab.com/gitlab-org/api/client-go v0.116.0 h1:Dy534gtZPMrnm3fAcmQRMadrcoUyFO4FQ4rXlSAdHAw=
-+gitlab.com/gitlab-org/api/client-go v0.116.0/go.mod h1:B29OfnZklmaoiR7uHANh9jTyfWEgmXvZLVEnosw2Dx0=
- go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
- go.etcd.io/bbolt v1.3.10 h1:+BqfJTcCzTItrop8mq/lbzL8wSGtj94UO/3U31shqG0=
- go.etcd.io/bbolt v1.3.10/go.mod h1:bK3UQLPJZly7IlNmV7uVHJDxfe5aK9Ll93e/74Y9oEQ=
-@@ -331,8 +331,8 @@ golang.org/x/crypto v0.0.0-2021092115510
- golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
- golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
- golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
--golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
--golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
-+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
-+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
- golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
- golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
- golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-@@ -357,8 +357,8 @@ golang.org/x/sync v0.0.0-20180314180146-
- golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
- golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
- golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
--golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
--golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
- golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
- golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
- golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-@@ -379,8 +379,8 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1
- golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
- golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
- golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
--golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
--golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
- golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 h1:ka7TMW0Mo8QYTXm2hXSQ9fFUXS7Zln3S4pe9aq4JC7w=
- golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4/go.mod h1:amNmu/SBSm2GAF3X+9U2C0epLocdh+r5Z+7oMYO5cLM=
- golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-@@ -390,8 +390,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDH
- golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
- golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
- golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
--golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
--golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
-+golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
-+golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
- golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
- golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
- golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-@@ -402,10 +402,10 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+
- golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
- golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
- golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
--golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
--golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
--golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
--golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
-+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-+golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
-+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
- golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
- golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
- golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
diff --git a/CVE-2025-22869-bump-go-crypto-ssh.patch b/CVE-2025-22869-bump-go-crypto-ssh.patch
new file mode 100644
index 0000000..b262451
--- /dev/null
+++ b/CVE-2025-22869-bump-go-crypto-ssh.patch
@@ -0,0 +1,103 @@
+---
+ go.mod |   14 ++++++++------
+ go.sum |   20 ++++++++++----------
+ 2 files changed, 18 insertions(+), 16 deletions(-)
+
+Index: git-bug-0.8.0+git.1742269202.0ab94c9/go.mod
+===================================================================
+--- git-bug-0.8.0+git.1742269202.0ab94c9.orig/go.mod	2025-03-18 04:40:02.000000000 +0100
++++ git-bug-0.8.0+git.1742269202.0ab94c9/go.mod	2025-03-25 16:42:47.276480680 +0100
+@@ -1,6 +1,8 @@
+ module github.com/git-bug/git-bug
+ 
+-go 1.22.5
++go 1.23.0
++
++toolchain go1.24.1
+ 
+ // https://github.com/praetorian-inc/gokart/pull/84
+ replace github.com/praetorian-inc/gokart v0.5.1 => github.com/selesy/gokart v0.5.2-rc1
+@@ -36,11 +38,11 @@
+ 	github.com/vbauerster/mpb/v8 v8.8.2
+ 	github.com/vektah/gqlparser/v2 v2.5.16
+ 	gitlab.com/gitlab-org/api/client-go v0.116.0
+-	golang.org/x/crypto v0.31.0
++	golang.org/x/crypto v0.35.0
+ 	golang.org/x/oauth2 v0.22.0
+-	golang.org/x/sync v0.10.0
+-	golang.org/x/sys v0.28.0
+-	golang.org/x/text v0.21.0
++	golang.org/x/sync v0.11.0
++	golang.org/x/sys v0.30.0
++	golang.org/x/text v0.22.0
+ )
+ 
+ require (
+@@ -121,7 +123,7 @@
+ 	golang.org/x/mod v0.19.0 // indirect
+ 	golang.org/x/net v0.27.0 // indirect
+ 	golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 // indirect
+-	golang.org/x/term v0.27.0
++	golang.org/x/term v0.29.0
+ 	golang.org/x/tools v0.23.0 // indirect
+ 	golang.org/x/vuln v1.1.3
+ 	google.golang.org/protobuf v1.34.2 // indirect
+Index: git-bug-0.8.0+git.1742269202.0ab94c9/go.sum
+===================================================================
+--- git-bug-0.8.0+git.1742269202.0ab94c9.orig/go.sum	2025-03-18 04:40:02.000000000 +0100
++++ git-bug-0.8.0+git.1742269202.0ab94c9/go.sum	2025-03-25 16:42:47.278128567 +0100
+@@ -331,8 +331,8 @@
+ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+ golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+ golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+-golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+-golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
++golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
++golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
+ golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
+ golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
+ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+@@ -357,8 +357,8 @@
+ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
++golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
++golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+ golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+@@ -379,8 +379,8 @@
+ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
++golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
++golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+ golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 h1:ka7TMW0Mo8QYTXm2hXSQ9fFUXS7Zln3S4pe9aq4JC7w=
+ golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4/go.mod h1:amNmu/SBSm2GAF3X+9U2C0epLocdh+r5Z+7oMYO5cLM=
+ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+@@ -390,8 +390,8 @@
+ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+ golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+ golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+-golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
+-golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
++golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
++golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
+ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+@@ -402,8 +402,8 @@
+ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+ golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
++golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
++golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+ golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
+ golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
diff --git a/git-bug-0.8.0+git.1733745604.d499b6e.obscpio b/git-bug-0.8.0+git.1733745604.d499b6e.obscpio
deleted file mode 100644
index 299848a..0000000
--- a/git-bug-0.8.0+git.1733745604.d499b6e.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2f683251b338ba457ddc5b1b5c7f5874c6b93f24c6919e5366f5d097c6f3e68b
-size 7206413
diff --git a/git-bug-0.8.0+git.1742269202.0ab94c9.obscpio b/git-bug-0.8.0+git.1742269202.0ab94c9.obscpio
new file mode 100644
index 0000000..9fe0c0a
--- /dev/null
+++ b/git-bug-0.8.0+git.1742269202.0ab94c9.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eac693d55f8f3c2e8e839e2e8381c5955dc6548aa004d6185db80ee68e6c5e0d
+size 7206925
diff --git a/vendor.tar.gz b/vendor.tar.gz
index a2b807e..29b4be6 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:19b201ea57a13b67d1e5db0a65bca037b854831abf6ec6530b0ba58d9377eeaa
-size 7602908
+oid sha256:20fa93effe9a8f721dc973e1ef598bd70920f070861b713ba599cd06fb8992a2
+size 7602484
-- 
2.51.1


From addf54ad770d05aef3e398972ccc427f2727e8e4685ff98c10b19f1d124308f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Mon, 19 May 2025 08:44:14 +0000
Subject: [PATCH 18/24] Update to version 0.10.1:   - cli: ignore missing
 sections when removing configuration (ddb22a2f) Update to version 0.10.0:   -
 bridge: correct command used to create a new bridge (9942337b)   - web:
 simplify header navigation (7e95b169)   - webui: remark upgrade + gfm +
 syntax highlighting (6ee47b96)   - BREAKING CHANGE: dev-infra: remove gokart
 (89b880bd) Update to version 0.10.0   - bridge: correct command used to
 create a new bridge (9942337b)   - web: simplify header navigation (7e95b169)
   - web: remark upgrade + gfm + syntax highlighting (6ee47b96) Update to
 version 0.9.0:   - completion: remove errata from string literal (aa102c91)  
 - tui: improve readability of the help bar (23be684a)

---
 git-bug.spec  | 4 ++--
 vendor.tar.gz | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/git-bug.spec b/git-bug.spec
index 56c3866..63a3f72 100644
--- a/git-bug.spec
+++ b/git-bug.spec
@@ -22,8 +22,8 @@ Release:        0
 Summary:        Distributed, offline-first bug tracker embedded in git, with bridges
 License:        MIT
 URL:            https://github.com/MichaelMure/git-bug
-# Source0:        https://github.com/MichaelMure/%%{name}/archive/refs/tags/v%%{version}.tar.gz#/git-bug-%%{version}.tar.gz
-Source0:        git-bug-%{version}.tar.gz
+Source0:        https://github.com/MichaelMure/%{name}/archive/refs/tags/v%{version}.tar.gz#/git-bug-%{version}.tar.gz
+# Source0:        git-bug-%%{version}.tar.gz
 Source1:        vendor.tar.gz
 # PATCH-FIX-UPSTREAM remote-config.patch gh#MichaelMure/git-bug!1076 mcepl@suse.com
 # try reading git-bug.remote config value before defaulting to 'origin' when no explicit REMOTE argument
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 29b4be6..b6b47cd 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:20fa93effe9a8f721dc973e1ef598bd70920f070861b713ba599cd06fb8992a2
-size 7602484
+oid sha256:308f4ff342ccdd3e3b49b3c5ced11d9101cd9713ee122fd33dfb47d32d87ca27
+size 7602368
-- 
2.51.1


From 8c2532d6f13162da4fc2fc6427a80c6ee1eae25f2c66adcbc71f598a9edfe6d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Tue, 25 Nov 2025 19:05:23 +0100
Subject: [PATCH 19/24] Revendor to include fixed version of depending
 libraries

  - GO-2025-4116 (CVE-2025-47913, bsc#1253506) upgrade
    golang.org/x/crypto to v0.43.0
  - GO-2025-3900 (GHSA-2464-8j7c-4cjm) upgrade
    github.com/go-viper/mapstructure/v2 to v2.4.0
  - GO-2025-3787 (GHSA-fv92-fjc5-jj9h) included in the previous
  - GO-2025-3754 (GHSA-2x5j-vhc8-9cwm) upgrade
    github.com/cloudflare/circl to v1.6.1
  - GO-2025-4134 (CVE-2025-58181, bsc#1253930) upgrade
    golang.org/x/crypto/ssh to v0.45.0
  - GO-2025-4135 (CVE-2025-47914, bsc#1254084) upgrade
    golang.org/x/crypto/ssh/agent to v0.45.0
---
 .gitattributes | 1 +
 vendor.tar.gz  | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.gitattributes b/.gitattributes
index 9b03811..a9bfeea 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -21,3 +21,4 @@
 *.xz filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
+*.changes merge=merge-changes
diff --git a/vendor.tar.gz b/vendor.tar.gz
index b6b47cd..a5249fe 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:308f4ff342ccdd3e3b49b3c5ced11d9101cd9713ee122fd33dfb47d32d87ca27
-size 7602368
+oid sha256:0d72e413f7828db667243b1cecc74652096edec5a8abf7aa78f1a87f323a9b66
+size 7602484
-- 
2.51.1


From 4826cd11511ced82ebfd1a887d25203c3ad334665dd3cf85507ecc76003aec92 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Wed, 8 Jan 2025 09:57:32 +0100
Subject: [PATCH 20/24] Update vendorization.

---
 vendor.tar.gz | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/vendor.tar.gz b/vendor.tar.gz
index a5249fe..deca1b4 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:0d72e413f7828db667243b1cecc74652096edec5a8abf7aa78f1a87f323a9b66
-size 7602484
+oid sha256:fe8c239dcf98cca69d664f7e5ae854dda8a2f8fb3a3955d0c6433132ed788d22
+size 7602682
-- 
2.51.1


From 2f237648f67a36ccc34d196f0d5eb942e421c6f1d5d7dac5ed9e82004481bd8f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Thu, 13 Mar 2025 18:29:48 +0100
Subject: [PATCH 21/24] =?UTF-8?q?-=20Update=20to=20version=200.8.0+git.174?=
 =?UTF-8?q?2269202.0ab94c9:=20=20=20*=20deps(crypto):=20bump=20golang.org/?=
 =?UTF-8?q?x/crypto=20from=20v0.26.0=20to=20v0.31.0=20(fix=20for=20CVE-202?=
 =?UTF-8?q?4-45337)=20(#1312)=20-=20Remove=20upstreamed=20CVE-2024-45337-b?=
 =?UTF-8?q?ump-go-crypto.patch=20=20=20(apparently=20upstream=20still=20di?=
 =?UTF-8?q?dn=E2=80=99t=20see=20the=20other=20one).=20-=20Add=20CVE-2025-2?=
 =?UTF-8?q?2869-bump-go-crypto-ssh.patch=20to=20update=20=20=20golang.org/?=
 =?UTF-8?q?x/crypto/ssh=20to=20v0.35.0=20(bsc#1239494,=20=20=20CVE-2025-22?=
 =?UTF-8?q?869).?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 vendor.tar.gz | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/vendor.tar.gz b/vendor.tar.gz
index deca1b4..6eb065e 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:fe8c239dcf98cca69d664f7e5ae854dda8a2f8fb3a3955d0c6433132ed788d22
-size 7602682
+oid sha256:199463fa4d350636b2f5c443ac50524a749af2294fc39cdebebdbccf320fbb0c
+size 7602719
-- 
2.51.1


From 1d76ad48def5d7ff18ec1fae868afafb4c1fea4b6183f85ec13cb7b4266af844 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Tue, 6 May 2025 12:27:07 +0200
Subject: [PATCH 22/24] Update to version 0.8.1+git.1746484874.96c7a111:   *
 docs: update install, contrib, and usage documentation (#1222)   * fix:
 resolve the remote URI using url.*.insteadOf (#1394)   * build(deps): bump
 the go_modules group across 1 directory with 3 updates (#1376)   * chore:
 gofmt simplify gitlab/export_test.go (#1392)   * fix: checkout repo before
 setting up go environment (#1390)   * feat: bump to go v1.24.2 (#1389)   *
 chore: update golang.org/x/net (#1379)   * fix: use -0700 when formatting
 time (#1388)   * fix: use correct url for gitlab PATs (#1384)   * refactor:
 remove depdendency on pnpm for auto-label action (#1383)   * feat: add
 action: auto-label (#1380)   * feat: remove lifecycle/frozen (#1377)   *
 build(deps): bump the npm_and_yarn group across 1 directory with 12 updates
 (#1378)   * feat: support new exclusion label: lifecycle/pinned (#1375)   *
 fix: refactor how gitlab title changes are detected (#1370)   * revert:
 "Create Dependabot config file" (#1374)   * refactor: rename //:git-bug.go to
 //:main.go (#1373)   * build(deps): bump github.com/vektah/gqlparser/v2 from
 2.5.16 to 2.5.25 (#1361)   * fix: set GitLastTag to an empty string when
 git-describe errors (#1355)   * chore: update go-git to v5@masterupdate_mods
 (#1284)   * refactor: Directly swap two variables to optimize code (#1272)  
 * Update README.md Matrix link to new room (#1275) Remove upstreamed patch:  
 - CVE-2025-22869-bump-go-crypto-ssh.patch

---
 CVE-2025-22869-bump-go-crypto-ssh.patch      | 103 -------------------
 git-bug-0.8.0+git.1742269202.0ab94c9.obscpio |   3 -
 git-bug-0.8.1+git.1746484874.96c7a111.tar.gz |   3 +
 vendor.tar.gz                                |   4 +-
 4 files changed, 5 insertions(+), 108 deletions(-)
 delete mode 100644 CVE-2025-22869-bump-go-crypto-ssh.patch
 delete mode 100644 git-bug-0.8.0+git.1742269202.0ab94c9.obscpio
 create mode 100644 git-bug-0.8.1+git.1746484874.96c7a111.tar.gz

diff --git a/CVE-2025-22869-bump-go-crypto-ssh.patch b/CVE-2025-22869-bump-go-crypto-ssh.patch
deleted file mode 100644
index b262451..0000000
--- a/CVE-2025-22869-bump-go-crypto-ssh.patch
+++ /dev/null
@@ -1,103 +0,0 @@
----
- go.mod |   14 ++++++++------
- go.sum |   20 ++++++++++----------
- 2 files changed, 18 insertions(+), 16 deletions(-)
-
-Index: git-bug-0.8.0+git.1742269202.0ab94c9/go.mod
-===================================================================
---- git-bug-0.8.0+git.1742269202.0ab94c9.orig/go.mod	2025-03-18 04:40:02.000000000 +0100
-+++ git-bug-0.8.0+git.1742269202.0ab94c9/go.mod	2025-03-25 16:42:47.276480680 +0100
-@@ -1,6 +1,8 @@
- module github.com/git-bug/git-bug
- 
--go 1.22.5
-+go 1.23.0
-+
-+toolchain go1.24.1
- 
- // https://github.com/praetorian-inc/gokart/pull/84
- replace github.com/praetorian-inc/gokart v0.5.1 => github.com/selesy/gokart v0.5.2-rc1
-@@ -36,11 +38,11 @@
- 	github.com/vbauerster/mpb/v8 v8.8.2
- 	github.com/vektah/gqlparser/v2 v2.5.16
- 	gitlab.com/gitlab-org/api/client-go v0.116.0
--	golang.org/x/crypto v0.31.0
-+	golang.org/x/crypto v0.35.0
- 	golang.org/x/oauth2 v0.22.0
--	golang.org/x/sync v0.10.0
--	golang.org/x/sys v0.28.0
--	golang.org/x/text v0.21.0
-+	golang.org/x/sync v0.11.0
-+	golang.org/x/sys v0.30.0
-+	golang.org/x/text v0.22.0
- )
- 
- require (
-@@ -121,7 +123,7 @@
- 	golang.org/x/mod v0.19.0 // indirect
- 	golang.org/x/net v0.27.0 // indirect
- 	golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 // indirect
--	golang.org/x/term v0.27.0
-+	golang.org/x/term v0.29.0
- 	golang.org/x/tools v0.23.0 // indirect
- 	golang.org/x/vuln v1.1.3
- 	google.golang.org/protobuf v1.34.2 // indirect
-Index: git-bug-0.8.0+git.1742269202.0ab94c9/go.sum
-===================================================================
---- git-bug-0.8.0+git.1742269202.0ab94c9.orig/go.sum	2025-03-18 04:40:02.000000000 +0100
-+++ git-bug-0.8.0+git.1742269202.0ab94c9/go.sum	2025-03-25 16:42:47.278128567 +0100
-@@ -331,8 +331,8 @@
- golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
- golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
- golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
--golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
--golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
-+golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
- golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
- golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
- golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-@@ -357,8 +357,8 @@
- golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
- golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
- golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
--golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
--golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
-+golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
- golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
- golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
- golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-@@ -379,8 +379,8 @@
- golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
- golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
- golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
--golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
--golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
-+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
- golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 h1:ka7TMW0Mo8QYTXm2hXSQ9fFUXS7Zln3S4pe9aq4JC7w=
- golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4/go.mod h1:amNmu/SBSm2GAF3X+9U2C0epLocdh+r5Z+7oMYO5cLM=
- golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-@@ -390,8 +390,8 @@
- golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
- golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
- golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
--golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
--golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-+golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
-+golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
- golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
- golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
- golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-@@ -402,8 +402,8 @@
- golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
- golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
- golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
--golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
--golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
-+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
- golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
- golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
- golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
diff --git a/git-bug-0.8.0+git.1742269202.0ab94c9.obscpio b/git-bug-0.8.0+git.1742269202.0ab94c9.obscpio
deleted file mode 100644
index 9fe0c0a..0000000
--- a/git-bug-0.8.0+git.1742269202.0ab94c9.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:eac693d55f8f3c2e8e839e2e8381c5955dc6548aa004d6185db80ee68e6c5e0d
-size 7206925
diff --git a/git-bug-0.8.1+git.1746484874.96c7a111.tar.gz b/git-bug-0.8.1+git.1746484874.96c7a111.tar.gz
new file mode 100644
index 0000000..35620c1
--- /dev/null
+++ b/git-bug-0.8.1+git.1746484874.96c7a111.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fb930695a66c4be23b3c4129ba164ed7d8f14d66249bc7726bbbeeccedb85ec9
+size 2581373
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 6eb065e..6ff11e9 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:199463fa4d350636b2f5c443ac50524a749af2294fc39cdebebdbccf320fbb0c
-size 7602719
+oid sha256:b5045ffc70684ee0527a8281213b17e9d74d3e6cae10899d410fcea9ce88860d
+size 7752264
-- 
2.51.1


From c59d8fd39fffb580d000d9fa2f96d97c796bd60952cad365540ebdaec981bb5f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Mon, 19 May 2025 08:44:14 +0000
Subject: [PATCH 23/24] Update to version 0.10.1:   - cli: ignore missing
 sections when removing configuration (ddb22a2f) Update to version 0.10.0:   -
 bridge: correct command used to create a new bridge (9942337b)   - web:
 simplify header navigation (7e95b169)   - webui: remark upgrade + gfm +
 syntax highlighting (6ee47b96)   - BREAKING CHANGE: dev-infra: remove gokart
 (89b880bd) Update to version 0.10.0   - bridge: correct command used to
 create a new bridge (9942337b)   - web: simplify header navigation (7e95b169)
   - web: remark upgrade + gfm + syntax highlighting (6ee47b96) Update to
 version 0.9.0:   - completion: remove errata from string literal (aa102c91)  
 - tui: improve readability of the help bar (23be684a)

---
 git-bug-0.8.1+git.1746484874.96c7a111.tar.gz | 3 ---
 vendor.tar.gz                                | 4 ++--
 2 files changed, 2 insertions(+), 5 deletions(-)
 delete mode 100644 git-bug-0.8.1+git.1746484874.96c7a111.tar.gz

diff --git a/git-bug-0.8.1+git.1746484874.96c7a111.tar.gz b/git-bug-0.8.1+git.1746484874.96c7a111.tar.gz
deleted file mode 100644
index 35620c1..0000000
--- a/git-bug-0.8.1+git.1746484874.96c7a111.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fb930695a66c4be23b3c4129ba164ed7d8f14d66249bc7726bbbeeccedb85ec9
-size 2581373
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 6ff11e9..55daf8b 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:b5045ffc70684ee0527a8281213b17e9d74d3e6cae10899d410fcea9ce88860d
-size 7752264
+oid sha256:2d8edb4050e1a6c310a0cd25ac2c143d8feaea7222da34588b644b7a38d5b279
+size 7602892
-- 
2.51.1


From 2390ae6ceea5fe7d3bcf4286e25b81f87bfd2ecb02bcfe4aa49e5facfeb575ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Tue, 25 Nov 2025 19:05:23 +0100
Subject: [PATCH 24/24] Revendor to include fixed version of depending
 libraries

  - GO-2025-4116 (CVE-2025-47913, bsc#1253506) upgrade
    golang.org/x/crypto to v0.43.0
  - GO-2025-3900 (GHSA-2464-8j7c-4cjm) upgrade
    github.com/go-viper/mapstructure/v2 to v2.4.0
  - GO-2025-3787 (GHSA-fv92-fjc5-jj9h) included in the previous
  - GO-2025-3754 (GHSA-2x5j-vhc8-9cwm) upgrade
    github.com/cloudflare/circl to v1.6.1
  - GO-2025-4134 (CVE-2025-58181, bsc#1253930) upgrade
    golang.org/x/crypto/ssh to v0.45.0
  - GO-2025-4135 (CVE-2025-47914, bsc#1254084) upgrade
    golang.org/x/crypto/ssh/agent to v0.45.0
---
 vendor.tar.gz | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/vendor.tar.gz b/vendor.tar.gz
index 55daf8b..c64d4fe 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:2d8edb4050e1a6c310a0cd25ac2c143d8feaea7222da34588b644b7a38d5b279
-size 7602892
+oid sha256:36f67c0eda3f851eb70ae10380100a54d1cd63708c597ebb2736a7dfae6fd54d
+size 7602879
-- 
2.51.1