Skip to content

chore(deps): update security updates#332

Merged
flemzord merged 1 commit intomainfrom
renovate/security
Mar 19, 2026
Merged

chore(deps): update security updates#332
flemzord merged 1 commit intomainfrom
renovate/security

Conversation

@NumaryBot
Copy link
Contributor

@NumaryBot NumaryBot commented Mar 19, 2026

This PR contains the following updates:

Package Type Update Change
dario.cat/mergo indirect patch v1.0.1 -> v1.0.2
github.com/Masterminds/semver/v3 indirect minor v3.3.0 -> v3.4.0
github.com/fatih/color indirect minor v1.10.0 -> v1.18.0
github.com/goccy/go-yaml require minor v1.12.0 -> v1.19.2
github.com/mattn/go-colorable indirect patch v0.1.8 -> v0.1.14
github.com/mattn/go-isatty indirect patch v0.0.12 -> v0.0.20
github.com/spf13/cast indirect minor v1.7.0 -> v1.10.0
github.com/spf13/cobra require minor v1.8.1 -> v1.10.2
github.com/spf13/pflag indirect patch v1.0.5 -> v1.0.10
golang.org/x/crypto indirect minor v0.45.0 -> v0.49.0
golang.org/x/sys indirect minor v0.38.0 -> v0.42.0
golang.org/x/xerrors indirect digest 5ec99f8 -> 7835f81

Release Notes

imdario/mergo (dario.cat/mergo)

v1.0.2

Compare Source

What's Changed

  • Drops gopkg.in/yaml.v3, only used for loading fixtures. Thanks @​trim21 for bringing to my attention (#​262) that this library is no longer maintained.

Full Changelog: darccio/mergo@v1.0.1...v1.0.2

Masterminds/semver (github.com/Masterminds/semver/v3)

v3.4.0

Compare Source

There are a few changes in this release to highlight:

  1. Constraints now has a property IncludePrerelease. When set to true the Check and Validate methods will include prereleases.
  2. When an AND group has one constraint with a prerelease but more than one constraint then prereleases will be included. For example, >1.0.0-beta.1 < 2. In the past this would not have included prereleases because each constraint needed to have a prerelease. Now, only one constraint needs to have a prerelease. This is considered a long standing bug fix. Note, this does not carry across OR groups. For example, >1.0.0-beta.1 < 2 || > 3. In this case, prereleases will not be included when evaluating against >3.
  3. NewVersion coercion with leading "0"'s is restored. This can be disabled by setting the package level property CoerceNewVersion to false.

What's Changed

New Contributors

Full Changelog: Masterminds/semver@v3.3.1...v3.4.0

v3.3.1

Compare Source

What's Changed

Full Changelog: Masterminds/semver@v3.3.0...v3.3.1

fatih/color (github.com/fatih/color)

v1.18.0

Compare Source

What's Changed

New Contributors

Full Changelog: fatih/color@v1.17.0...v1.18.0

v1.17.0

Compare Source

What's Changed

New Contributors

Full Changelog: fatih/color@v1.16.0...v1.17.0

v1.16.0

Compare Source

What's Changed

Dependency updates

New Contributors

Full Changelog: fatih/color@v1.15.0...v1.16.0

v1.15.0

Compare Source

What's Changed

New Contributors

Full Changelog: fatih/color@v1.14.1...v1.15.0

v1.14.1

Compare Source

What's Changed

Full Changelog: fatih/color@v1.14.0...v1.14.1

v1.14.0

Compare Source

What's Changed

New Contributors

Full Changelog: fatih/color@v1.13.0...v1.14.0

v1.13.0

Compare Source

This release updates the following dependencies:

github.com/mattn/go-colorable v0.1.9
github.com/mattn/go-isatty v0.0.14

v1.12.0

Compare Source

This release adds support for the NO_COLOR. For more information check out: https://no-color.org The pull request adding this change is: https://github.com/fatih/color/pull/137

v1.11.0

Compare Source

This release removes the vendor/ folder introduced by the PR: https://github.com/fatih/color/pull/138

goccy/go-yaml (github.com/goccy/go-yaml)

v1.19.2: 1.19.2

Compare Source

What's Changed

New Contributors

Full Changelog: goccy/go-yaml@v1.19.1...v1.19.2

v1.19.1: 1.19.1

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.19.0...v1.19.1

v1.19.0: 1.19.0

Compare Source

What's Changed

New Contributors

Full Changelog: goccy/go-yaml@v1.18.0...v1.19.0

v1.18.0: 1.18.0

Compare Source

What's Changed

New Contributors

Full Changelog: goccy/go-yaml@v1.17.1...v1.18.0

v1.17.1: 1.17.1

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.17.0...v1.17.1

v1.17.0: 1.17.0

Compare Source

What's Changed

New Contributors

Full Changelog: goccy/go-yaml@v1.16.0...v1.17.0

v1.16.0: 1.16.0

Compare Source

What's Changed

New Contributors

Full Changelog: goccy/go-yaml@v1.15.23...v1.16.0

v1.15.23: 1.15.23

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.15.22...v1.15.23

v1.15.22: 1.15.22

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.15.21...v1.15.22

v1.15.21: 1.15.21

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.15.20...v1.15.21

v1.15.20: 1.15.20

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.15.19...v1.15.20

v1.15.19: 1.15.19

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.15.18...v1.15.19

v1.15.18: 1.15.18

Compare Source

What's Changed

New Contributors

Full Changelog: goccy/go-yaml@v1.15.17...v1.15.18

v1.15.17: 1.15.17

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.15.16...v1.15.17

v1.15.16: 1.15.16

Compare Source

What's Changed

New Contributors

Full Changelog: goccy/go-yaml@v1.15.15...v1.15.16

v1.15.15: 1.15.15

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.15.14...v1.15.15

v1.15.14: 1.15.14

Compare Source

What's Changed

New Contributors

Full Changelog: goccy/go-yaml@v1.15.13...v1.15.14

v1.15.13: 1.15.13

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.15.12...v1.15.13

v1.15.12: 1.15.12

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.15.11...v1.15.12

v1.15.11: 1.15.11

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.15.10...v1.15.11

v1.15.10: 1.15.10

Compare Source

What's Changed

New Contributors

Full Changelog: goccy/go-yaml@v1.15.9...v1.15.10

v1.15.9: 1.15.9

Compare Source

What's Changed

New Contributors

Full Changelog: goccy/go-yaml@v1.15.8...v1.15.9

v1.15.8: 1.15.8

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.15.7...v1.15.8

v1.15.7: 1.15.7

Compare Source

What's Changed

New Contributors

Full Changelog: goccy/go-yaml@v1.15.6...v1.15.7

v1.15.6: 1.15.6

Compare Source

What's Changed

New Contributors

Full Changelog: goccy/go-yaml@v1.15.5...v1.15.6

v1.15.5: 1.15.5

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.15.4...v1.15.5

v1.15.4: 1.15.4

Compare Source

What's Changed

Pass 300 tests of YAML Test Suite 🎉

  • Details: total:[402] passed:[300] failure:[102] passedRate:[74.626862%]

We’ve finally surpassed go-yaml/yaml.

  • gopkg.in/yaml.v3: total:[402] passed:[295] failure:[107] passedRate:[73.383087%]

Full Changelog: goccy/go-yaml@v1.15.3...v1.15.4

v1.15.3: 1.15.3

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.15.2...v1.15.3

v1.15.2: 1.15.2

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.15.1...v1.15.2

v1.15.1: 1.15.1

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.15.0...v1.15.1

v1.15.0: 1.15.0

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.14.3...v1.15.0

v1.14.3: 1.14.3

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.14.2...v1.14.3

v1.14.2: 1.14.2

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.14.1...v1.14.2

v1.14.1: 1.14.1

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.14.0...v1.14.1

v1.14.0: 1.14.0

Compare Source

What's Changed

Breaking Changes

Previously, using the same map key did not result in a parsing error, but from now on, it will throw an error by default. If you want to keep the previous behavior, specify the parser.AllowDuplicateMapKey() option.
Similarly, during Decode, it will also throw an error by default. To keep the previous behavior, specify the yaml.AllowDuplicateMapKey() option when decoding.

Also, yaml.DisallowDuplicateKey option is deprecated.

Full Changelog: goccy/go-yaml@v1.13.10...v1.14.0

v1.13.10: 1.13.10

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.13.9...v1.13.10

v1.13.9: 1.13.9

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.13.8...v1.13.9

v1.13.8: 1.13.8

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.13.7...v1.13.8

v1.13.7: 1.13.7

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.13.6...v1.13.7

v1.13.6: 1.13.6

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.13.5...v1.13.6

v1.13.5: 1.13.5

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.13.4...v1.13.5

v1.13.4: 1.13.4

Compare Source

What's Changed

Full Changelog: goccy/go-yaml@v1.13.3...v1.13.4

[v1.13.3](https://redirect.github.com/goccy/go-y

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@NumaryBot NumaryBot requested a review from a team as a code owner March 19, 2026 17:38
@NumaryBot NumaryBot requested a review from a team March 19, 2026 17:38
@NumaryBot
Copy link
Contributor Author

NumaryBot commented Mar 19, 2026

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: undefined
Command failed: just pre-commit
go run github.com/norwoodj/helm-docs/cmd/helm-docs@v1.14 --chart-search-root=charts --document-dependency-values --skip-version-footer
go: downloading github.com/norwoodj/helm-docs v1.14.2
go: downloading github.com/sirupsen/logrus v1.9.3
go: downloading github.com/spf13/cobra v1.8.1
go: downloading github.com/spf13/viper v1.16.0
go: downloading github.com/gobwas/glob v0.2.3
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading golang.org/x/sys v0.18.0
go: downloading github.com/Masterminds/sprig/v3 v3.2.3
go: downloading helm.sh/helm/v3 v3.15.2
go: downloading github.com/fsnotify/fsnotify v1.6.0
go: downloading github.com/mitchellh/mapstructure v1.5.0
go: downloading github.com/spf13/afero v1.9.5
go: downloading github.com/spf13/cast v1.5.1
go: downloading github.com/spf13/jwalterweatherman v1.1.0
go: downloading github.com/spf13/pflag v1.0.5
go: downloading github.com/Masterminds/goutils v1.1.1
go: downloading github.com/Masterminds/semver/v3 v3.2.1
go: downloading github.com/google/uuid v1.3.0
go: downloading github.com/huandu/xstrings v1.4.0
go: downloading github.com/imdario/mergo v0.3.13
go: downloading github.com/mitchellh/copystructure v1.2.0
go: downloading github.com/shopspring/decimal v1.3.1
go: downloading golang.org/x/crypto v0.21.0
go: downloading github.com/pkg/errors v0.9.1
go: downloading github.com/subosito/gotenv v1.4.2
go: downloading github.com/hashicorp/hcl v1.0.0
go: downloading gopkg.in/ini.v1 v1.67.0
go: downloading github.com/magiconair/properties v1.8.7
go: downloading github.com/pelletier/go-toml/v2 v2.0.8
go: downloading golang.org/x/text v0.14.0
go: downloading github.com/mitchellh/reflectwalk v1.0.2
time="2026-03-19T17:37:25Z" level=info msg="Found Chart directories [agent, cloudprem, console-v3, core, formance, membership, portal, regions, stargate]"
time="2026-03-19T17:37:25Z" level=info msg="Generating README Documentation for chart charts/agent"
time="2026-03-19T17:37:25Z" level=info msg="Generating README Documentation for chart charts/core"
time="2026-03-19T17:37:25Z" level=warning msg="Chart in \"charts/console-v3\" has a remote dependency \"postgresql\". Dependency values will not be included."
time="2026-03-19T17:37:25Z" level=warning msg="Chart in \"charts/membership\" has a remote dependency \"dex\". Dependency values will not be included."
time="2026-03-19T17:37:25Z" level=warning msg="Chart in \"charts/membership\" has a remote dependency \"postgresql\". Dependency values will not be included."
time="2026-03-19T17:37:25Z" level=warning msg="Chart in \"charts/portal\" has a remote dependency \"postgresql\". Dependency values will not be included."
time="2026-03-19T17:37:25Z" level=info msg="Generating README Documentation for chart charts/cloudprem"
time="2026-03-19T17:37:25Z" level=warning msg="Chart in \"charts/stargate\" has a remote dependency \"postgresql\". Dependency values will not be included."
time="2026-03-19T17:37:25Z" level=info msg="Generating README Documentation for chart charts/stargate"
time="2026-03-19T17:37:25Z" level=warning msg="Chart in \"charts/console-v3\" has a remote dependency \"postgresql\". Dependency values will not be included."
time="2026-03-19T17:37:25Z" level=info msg="Generating README Documentation for chart charts/console-v3"
time="2026-03-19T17:37:25Z" level=warning msg="Chart in \"charts/portal\" has a remote dependency \"postgresql\". Dependency values will not be included."
time="2026-03-19T17:37:25Z" level=info msg="Generating README Documentation for chart charts/portal"
time="2026-03-19T17:37:25Z" level=warning msg="Chart in \"charts/console-v3\" has a remote dependency \"postgresql\". Dependency values will not be included."
time="2026-03-19T17:37:25Z" level=warning msg="Chart in \"charts/regions\" has a remote dependency \"operator\". Dependency values will not be included."
time="2026-03-19T17:37:25Z" level=info msg="Generating README Documentation for chart charts/regions"
time="2026-03-19T17:37:25Z" level=warning msg="Chart in \"charts/membership\" has a remote dependency \"dex\". Dependency values will not be included."
time="2026-03-19T17:37:25Z" level=warning msg="Chart in \"charts/membership\" has a remote dependency \"postgresql\". Dependency values will not be included."
time="2026-03-19T17:37:25Z" level=warning msg="Chart in \"charts/portal\" has a remote dependency \"postgresql\". Dependency values will not be included."
time="2026-03-19T17:37:25Z" level=warning msg="Chart in \"charts/regions\" has a remote dependency \"operator\". Dependency values will not be included."
time="2026-03-19T17:37:25Z" level=warning msg="Chart in \"charts/formance\" has a remote dependency \"postgresql\". Dependency values will not be included."
time="2026-03-19T17:37:25Z" level=info msg="Generating README Documentation for chart charts/formance"
time="2026-03-19T17:37:25Z" level=warning msg="Chart in \"charts/membership\" has a remote dependency \"dex\". Dependency values will not be included."
time="2026-03-19T17:37:25Z" level=warning msg="Chart in \"charts/membership\" has a remote dependency \"postgresql\". Dependency values will not be included."
time="2026-03-19T17:37:25Z" level=info msg="Generating README Documentation for chart charts/membership"
helm plugin install https://github.com/losisin/helm-values-schema-json.git --version v1.9.2 || true
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

  0 3303k    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 3303k  100 3303k    0     0  6685k      0 --:--:-- --:--:-- --:--:-- 70.1M
helm schema -input ./charts/stargate/values.yaml -output ./charts/stargate/values.schema.json
helm schema -input ./charts/cloudprem/values.yaml -output ./charts/cloudprem/values.schema.json
helm schema -input ./charts/core/values.yaml -output ./charts/core/values.schema.json
helm schema -input ./charts/portal/values.yaml -output ./charts/portal/values.schema.json
helm schema -input ./charts/console-v3/values.yaml -output ./charts/console-v3/values.schema.json
helm schema -input ./charts/agent/values.yaml -output ./charts/agent/values.schema.json
helm schema -input ./charts/formance/values.yaml -output ./charts/formance/values.schema.json
helm schema -input ./charts/membership/values.yaml -output ./charts/membership/values.schema.json
helm schema -input ./charts/regions/values.yaml -output ./charts/regions/values.schema.json
echo $GITHUB_TOKEN | helm registry login ghcr.io -u NumaryBot --password-stdin || true
echo $GITHUB_TOKEN | helm registry login ghcr.io -u NumaryBot --password-stdin || true
echo $GITHUB_TOKEN | helm registry login ghcr.io -u NumaryBot --password-stdin || true
echo $GITHUB_TOKEN | helm registry login ghcr.io -u NumaryBot --password-stdin || true
echo $GITHUB_TOKEN | helm registry login ghcr.io -u NumaryBot --password-stdin || true
echo $GITHUB_TOKEN | helm registry login ghcr.io -u NumaryBot --password-stdin || true
echo $GITHUB_TOKEN | helm registry login ghcr.io -u NumaryBot --password-stdin || true
echo $GITHUB_TOKEN | helm registry login ghcr.io -u NumaryBot --password-stdin || true
echo $GITHUB_TOKEN | helm registry login ghcr.io -u NumaryBot --password-stdin || true
Login Succeeded
Login Succeeded
Login Succeeded
Login Succeeded
Login Succeeded
Login Succeeded
Login Succeeded
Login Succeeded
Login Succeeded
Pulled: registry-1.docker.io/bitnamicharts/postgresql:18.5.8
Digest: sha256:0741fa48284044418dd0e3afbcc45d4d3bd6ce05dc8bf768840a069fa08c9665
Pulled: registry-1.docker.io/bitnamicharts/postgresql:15.5.38
Digest: sha256:fd220eb22fa79a7c3568928d5eebba7b57ea00a9d10a6134e1d42bc51f0e3346
Pulled: registry-1.docker.io/bitnamicharts/postgresql:18.5.8
Digest: sha256:0741fa48284044418dd0e3afbcc45d4d3bd6ce05dc8bf768840a069fa08c9665
Pulled: registry-1.docker.io/bitnamicharts/postgresql:18.5.8
Digest: sha256:0741fa48284044418dd0e3afbcc45d4d3bd6ce05dc8bf768840a069fa08c9665
Pulled: registry-1.docker.io/bitnamicharts/postgresql:18.5.8
Digest: sha256:0741fa48284044418dd0e3afbcc45d4d3bd6ce05dc8bf768840a069fa08c9665
Pulled: ghcr.io/formancehq/helm/operator:3.8.3
Digest: sha256:78d556fc7684b8a8ed509556cf4fd3a2fd51581eba6def9663330ebe1aac3235
Pulled: ghcr.io/formancehq/helm/operator:3.8.3
Digest: sha256:78d556fc7684b8a8ed509556cf4fd3a2fd51581eba6def9663330ebe1aac3235
Pulled: registry-1.docker.io/bitnamicharts/postgresql:18.5.8
Digest: sha256:0741fa48284044418dd0e3afbcc45d4d3bd6ce05dc8bf768840a069fa08c9665
Pulled: registry-1.docker.io/bitnamicharts/postgresql:18.5.8
Digest: sha256:0741fa48284044418dd0e3afbcc45d4d3bd6ce05dc8bf768840a069fa08c9665
Pulled: registry-1.docker.io/bitnamicharts/postgresql:18.5.8
Digest: sha256:0741fa48284044418dd0e3afbcc45d4d3bd6ce05dc8bf768840a069fa08c9665
Pulled: registry-1.docker.io/bitnamicharts/postgresql:18.5.8
Digest: sha256:0741fa48284044418dd0e3afbcc45d4d3bd6ce05dc8bf768840a069fa08c9665
Pulled: registry-1.docker.io/bitnamicharts/postgresql:18.5.8
Digest: sha256:0741fa48284044418dd0e3afbcc45d4d3bd6ce05dc8bf768840a069fa08c9665
Pulled: registry-1.docker.io/bitnamicharts/postgresql:18.5.8
Digest: sha256:0741fa48284044418dd0e3afbcc45d4d3bd6ce05dc8bf768840a069fa08c9665
Error: can't load config: the Go language version (go1.24) used to build golangci-lint is lower than the targeted Go version (1.25.0)
Failed executing command with error: can't load config: the Go language version (go1.24) used to build golangci-lint is lower than the targeted Go version (1.25.0)
error: Recipe `lint` failed on line 11 with exit code 3

@coderabbitai
Copy link

coderabbitai bot commented Mar 19, 2026

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (2)
  • tools/readme/go.mod is excluded by !**/*.mod
  • tools/readme/go.sum is excluded by !**/*.sum, !**/*.sum

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f1cf5153-f5c9-4dab-9184-649d9b75b8bd

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/security
📝 Coding Plan
  • Generate coding plan for human review comments

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@flemzord flemzord merged commit 0a1c742 into main Mar 19, 2026
4 of 10 checks passed
@flemzord flemzord deleted the renovate/security branch March 19, 2026 17:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@flemzord flemzord flemzord approved these changes

Assignees

No one assigned

Labels

release security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@NumaryBot @flemzord