petru/coder-server
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
13,701 Commits 786 Branches 312 Tags
main
Commit Graph

1270 Commits

Author SHA1 Message Date
dependabot[bot]
0552b927b2 chore: bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.67.0 to 0.68.0 (#24078) 
Bumps
[go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib)
from 0.67.0 to 0.68.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/releases">go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's
releases</a>.</em></p>
<blockquote>
<h2>Release
v1.43.0/v2.5.0/v0.68.0/v0.37.0/v0.23.0/v0.18.0/v0.16.0/v0.15.0</h2>
<h2>Added</h2>
<ul>
<li>Add <code>Resource</code> method to <code>SDK</code> in
<code>go.opentelemetry.io/contrib/otelconf/v0.3.0</code> to expose the
resolved SDK resource from declarative configuration. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8660">#8660</a>)</li>
<li>Add support to set the configuration file via
<code>OTEL_CONFIG_FILE</code> in
<code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8639">#8639</a>)</li>
<li>Add support for <code>service</code> resource detector in
<code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8674">#8674</a>)</li>
<li>Add support for <code>attribute_count_limit</code> and
<code>attribute_value_length_limit</code> in tracer provider
configuration in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8687">#8687</a>)</li>
<li>Add support for <code>attribute_count_limit</code> and
<code>attribute_value_length_limit</code> in logger provider
configuration in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8686">#8686</a>)</li>
<li>Add support for <code>server.address</code> and
<code>server.port</code> attributes in
<code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8723">#8723</a>)</li>
<li>Add support for <code>OTEL_SEMCONV_STABILITY_OPT_IN</code> in
<code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>.
Supported values are <code>rpc</code> (default), <code>rpc/dup</code>
and <code>rpc/old</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8726">#8726</a>)</li>
<li>Add the <code>http.route</code> metric attribute to
<code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8632">#8632</a>)</li>
</ul>
<h2>Changed</h2>
<ul>
<li>Prepend <code>_</code> to the normalized environment variable name
when the key starts with a digit in
<code>go.opentelemetry.io/contrib/propagators/envcar</code>, ensuring
POSIX compliance. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8678">#8678</a>)</li>
<li>Move experimental types from
<code>go.opentelemetry.io/contrib/otelconf</code> to
<code>go.opentelemetry.io/contrib/otelconf/x</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8529">#8529</a>)</li>
<li>Normalize cached environment variable names in
<code>go.opentelemetry.io/contrib/propagators/envcar</code>, aligning
<code>Carrier.Keys</code> output with the carrier's normalized key
format. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8761">#8761</a>)</li>
</ul>
<h2>Fixed</h2>
<ul>
<li>Fix <code>go.opentelemetry.io/contrib/otelconf</code> Prometheus
reader converting OTel dot-style label names (e.g.
<code>service.name</code>) to underscore-style
(<code>service_name</code>) in <code>target_info</code> when both
<code>without_type_suffix</code> and <code>without_units</code> are set.
Use <code>NoTranslation</code> instead of
<code>UnderscoreEscapingWithoutSuffixes</code> to preserve dot-style
label names while still suppressing metric name suffixes. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8763">#8763</a>)</li>
<li>Limit the request body size at 1MB in
<code>go.opentelemetry.io/contrib/zpages</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8656">#8656</a>)</li>
<li>Fix server spans using the client's address and port for
<code>server.address</code> and <code>server.port</code> attributes in
<code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8723">#8723</a>)</li>
</ul>
<h2>Removed</h2>
<ul>
<li>Host ID resource detector has been removed when configuring the
<code>host</code> resource detector in
<code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8581">#8581</a>)</li>
</ul>
<h2>Deprecated</h2>
<ul>
<li>Deprecate <code>OTEL_EXPERIMENTAL_CONFIG_FILE</code> in favour of
<code>OTEL_CONFIG_FILE</code> in
<code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8639">#8639</a>)</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>chore(deps): update module github.com/jgautheron/goconst to v1.9.0
by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8651">open-telemetry/opentelemetry-go-contrib#8651</a></li>
<li>chore(deps): update module go.yaml.in/yaml/v2 to v2.4.4 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8652">open-telemetry/opentelemetry-go-contrib#8652</a></li>
<li>chore(deps): update golang.org/x/telemetry digest to e526e8a by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8647">open-telemetry/opentelemetry-go-contrib#8647</a></li>
<li>chore(deps): update module k8s.io/klog/v2 to v2.140.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8650">open-telemetry/opentelemetry-go-contrib#8650</a></li>
<li>chore(deps): update module github.com/mgechev/revive to v1.14.0 by
<a href="https://github.com/mmorel-35"><code>@​mmorel-35</code></a> in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8646">open-telemetry/opentelemetry-go-contrib#8646</a></li>
<li>chore(deps): update module github.com/mgechev/revive to v1.15.0 by
<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot]
in <a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8539">open-telemetry/opentelemetry-go-contrib#8539</a></li>
<li>chore: fix noctx issues by <a
href="https://github.com/mmorel-35"><code>@​mmorel-35</code></a> in <a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8645">open-telemetry/opentelemetry-go-contrib#8645</a></li>
<li>chore(deps): update golang.org/x by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8655">open-telemetry/opentelemetry-go-contrib#8655</a></li>
<li>chore(deps): update module codeberg.org/chavacava/garif to v0.2.1 by
<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot]
in <a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8654">open-telemetry/opentelemetry-go-contrib#8654</a></li>
<li>chore(deps): update module github.com/mattn/go-runewidth to v0.0.21
by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8653">open-telemetry/opentelemetry-go-contrib#8653</a></li>
<li>fix(deps): update module go.opentelemetry.io/proto/otlp to v1.10.0
by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8657">open-telemetry/opentelemetry-go-contrib#8657</a></li>
<li>Limit the number of bytes read from the zpages body by <a
href="https://github.com/dmathieu"><code>@​dmathieu</code></a> in <a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8656">open-telemetry/opentelemetry-go-contrib#8656</a></li>
<li>fix(deps): update module github.com/golangci/golangci-lint/v2 to
v2.11.2 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8648">open-telemetry/opentelemetry-go-contrib#8648</a></li>
<li>fix(deps): update module github.com/golangci/golangci-lint/v2 to
v2.11.3 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8661">open-telemetry/opentelemetry-go-contrib#8661</a></li>
<li>chore(deps): update github.com/securego/gosec/v2 digest to 8895462
by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8663">open-telemetry/opentelemetry-go-contrib#8663</a></li>
<li>otelconf: support OTEL_CONFIG_FILE as it is no longer experimental
by <a href="https://github.com/codeboten"><code>@​codeboten</code></a>
in <a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8639">open-telemetry/opentelemetry-go-contrib#8639</a></li>
<li>chore(deps): update module github.com/sonatard/noctx to v0.5.1 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8664">open-telemetry/opentelemetry-go-contrib#8664</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md">go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's
changelog</a>.</em></p>
<blockquote>
<h2>[1.43.0/2.5.0/0.68.0/0.37.0/0.23.0/0.18.0/0.16.0/0.15.0] -
2026-04-03</h2>
<h3>Added</h3>
<ul>
<li>Add <code>Resource</code> method to <code>SDK</code> in
<code>go.opentelemetry.io/contrib/otelconf/v0.3.0</code> to expose the
resolved SDK resource from declarative configuration. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8660">#8660</a>)</li>
<li>Add support to set the configuration file via
<code>OTEL_CONFIG_FILE</code> in
<code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8639">#8639</a>)</li>
<li>Add support for <code>service</code> resource detector in
<code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8674">#8674</a>)</li>
<li>Add support for <code>attribute_count_limit</code> and
<code>attribute_value_length_limit</code> in tracer provider
configuration in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8687">#8687</a>)</li>
<li>Add support for <code>attribute_count_limit</code> and
<code>attribute_value_length_limit</code> in logger provider
configuration in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8686">#8686</a>)</li>
<li>Add support for <code>server.address</code> and
<code>server.port</code> attributes in
<code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8723">#8723</a>)</li>
<li>Add support for <code>OTEL_SEMCONV_STABILITY_OPT_IN</code> in
<code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>.
Supported values are <code>rpc</code> (default), <code>rpc/dup</code>
and <code>rpc/old</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8726">#8726</a>)</li>
<li>Add the <code>http.route</code> metric attribute to
<code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8632">#8632</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Prepend <code>_</code> to the normalized environment variable name
when the key starts with a digit in
<code>go.opentelemetry.io/contrib/propagators/envcar</code>, ensuring
POSIX compliance. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8678">#8678</a>)</li>
<li>Move experimental types from
<code>go.opentelemetry.io/contrib/otelconf</code> to
<code>go.opentelemetry.io/contrib/otelconf/x</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8529">#8529</a>)</li>
<li>Normalize cached environment variable names in
<code>go.opentelemetry.io/contrib/propagators/envcar</code>, aligning
<code>Carrier.Keys</code> output with the carrier's normalized key
format. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8761">#8761</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix <code>go.opentelemetry.io/contrib/otelconf</code> Prometheus
reader converting OTel dot-style label names (e.g.
<code>service.name</code>) to underscore-style
(<code>service_name</code>) in <code>target_info</code> when both
<code>without_type_suffix</code> and <code>without_units</code> are set.
Use <code>NoTranslation</code> instead of
<code>UnderscoreEscapingWithoutSuffixes</code> to preserve dot-style
label names while still suppressing metric name suffixes. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8763">#8763</a>)</li>
<li>Limit the request body size at 1MB in
<code>go.opentelemetry.io/contrib/zpages</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8656">#8656</a>)</li>
<li>Fix server spans using the client's address and port for
<code>server.address</code> and <code>server.port</code> attributes in
<code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8723">#8723</a>)</li>
</ul>
<h3>Removed</h3>
<ul>
<li>Host ID resource detector has been removed when configuring the
<code>host</code> resource detector in
<code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8581">#8581</a>)</li>
</ul>
<h3>Deprecated</h3>
<ul>
<li>Deprecate <code>OTEL_EXPERIMENTAL_CONFIG_FILE</code> in favour of
<code>OTEL_CONFIG_FILE</code> in
<code>go.opentelemetry.io/contrib/otelconf</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8639">#8639</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="45977a4b9c"><code>45977a4</code></a>
Release v1.43.0/v2.5.0/v0.68.0/v0.37.0/v0.23.0/v0.18.0/v0.16.0/v0.15.0
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8769">#8769</a>)</li>
<li><a
href="0fcc1524d1"><code>0fcc152</code></a>
fix(deps): update module
github.com/googlecloudplatform/opentelemetry-operati...</li>
<li><a
href="eaba3cdaa1"><code>eaba3cd</code></a>
chore(deps): update googleapis to 6f92a3b (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8776">#8776</a>)</li>
<li><a
href="6df430c480"><code>6df430c</code></a>
chore(deps): update module github.com/jgautheron/goconst to v1.10.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8771">#8771</a>)</li>
<li><a
href="ae90e3237e"><code>ae90e32</code></a>
Fix otelconf prometheus label escaping (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8763">#8763</a>)</li>
<li><a
href="f202c3f800"><code>f202c3f</code></a>
otelconf: move experimental types to otelconf/x (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8529">#8529</a>)</li>
<li><a
href="8ddaecee1c"><code>8ddaece</code></a>
fix(deps): update aws-sdk-go-v2 monorepo (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8764">#8764</a>)</li>
<li><a
href="c7c03a47d4"><code>c7c03a4</code></a>
chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8766">#8766</a>)</li>
<li><a
href="717a85a203"><code>717a85a</code></a>
envcar: normalize cached environment variable names (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8761">#8761</a>)</li>
<li><a
href="ad990b6d55"><code>ad990b6</code></a>
fix(deps): update module github.com/aws/smithy-go to v1.24.3 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8765">#8765</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.67.0...zpages/v0.68.0">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-10 20:33:49 +00:00
dependabot[bot]
16b1b6865d chore: bump google.golang.org/api from 0.274.0 to 0.275.0 (#24260) 
Bumps
[google.golang.org/api](https://github.com/googleapis/google-api-go-client)
from 0.274.0 to 0.275.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.275.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.274.0...v0.275.0">0.275.0</a>
(2026-04-07)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3557">#3557</a>)
(<a
href="2b2ef99cb9">2b2ef99</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3560">#3560</a>)
(<a
href="9437d4d741">9437d4d</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.274.0...v0.275.0">0.275.0</a>
(2026-04-07)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3557">#3557</a>)
(<a
href="2b2ef99cb9">2b2ef99</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3560">#3560</a>)
(<a
href="9437d4d741">9437d4d</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d43aa15bdf"><code>d43aa15</code></a>
chore(main): release 0.275.0 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3558">#3558</a>)</li>
<li><a
href="9437d4d741"><code>9437d4d</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3560">#3560</a>)</li>
<li><a
href="0a62c64ae9"><code>0a62c64</code></a>
chore(all): update cloud.google.com/go/auth to v0.20.0 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3559">#3559</a>)</li>
<li><a
href="2b2ef99cb9"><code>2b2ef99</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3557">#3557</a>)</li>
<li>See full diff in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.274.0...v0.275.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.274.0&new-version=0.275.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-10 20:19:22 +00:00
dependabot[bot]
897533f08d chore: bump github.com/coreos/go-oidc/v3 from 3.17.0 to 3.18.0 (#24261) 
Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc)
from 3.17.0 to 3.18.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/coreos/go-oidc/releases">github.com/coreos/go-oidc/v3's
releases</a>.</em></p>
<blockquote>
<h2>v3.18.0</h2>
<h2>What's Changed</h2>
<ul>
<li>.github: configure dependabot by <a
href="https://github.com/ericchiang"><code>@​ericchiang</code></a> in <a
href="https://redirect.github.com/coreos/go-oidc/pull/477">coreos/go-oidc#477</a></li>
<li>.github: update go versions in CI by <a
href="https://github.com/ericchiang"><code>@​ericchiang</code></a> in <a
href="https://redirect.github.com/coreos/go-oidc/pull/480">coreos/go-oidc#480</a></li>
<li>build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.36.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/coreos/go-oidc/pull/478">coreos/go-oidc#478</a></li>
<li>build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/coreos/go-oidc/pull/479">coreos/go-oidc#479</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/coreos/go-oidc/compare/v3.17.0...v3.18.0">https://github.com/coreos/go-oidc/compare/v3.17.0...v3.18.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="da6b3bfca8"><code>da6b3bf</code></a>
build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4</li>
<li><a
href="7f80694215"><code>7f80694</code></a>
build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.36.0</li>
<li><a
href="7271de5758"><code>7271de5</code></a>
.github: update go versions in CI</li>
<li><a
href="3ccf20fdc4"><code>3ccf20f</code></a>
.github: configure dependabot</li>
<li>See full diff in <a
href="https://github.com/coreos/go-oidc/compare/v3.17.0...v3.18.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/coreos/go-oidc/v3&package-manager=go_modules&previous-version=3.17.0&new-version=3.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-10 20:19:21 +00:00
dependabot[bot]
b68c14dd04 chore: bump github.com/hashicorp/go-getter from 1.8.4 to 1.8.6 (#24247) 
Bumps
[github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter)
from 1.8.4 to 1.8.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/go-getter/releases">github.com/hashicorp/go-getter's
releases</a>.</em></p>
<blockquote>
<h2>v1.8.6</h2>
<p>No release notes provided.</p>
<h2>v1.8.5</h2>
<h2>What's Changed</h2>
<ul>
<li>[chore] : Bump the go group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/576">hashicorp/go-getter#576</a></li>
<li>use %w to wrap error by <a
href="https://github.com/Ericwww"><code>@​Ericwww</code></a> in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/475">hashicorp/go-getter#475</a></li>
<li>fix: <a
href="https://redirect.github.com/hashicorp/go-getter/issues/538">#538</a>
http file download skipped if headResp.ContentLength is 0 by <a
href="https://github.com/martijnvdp"><code>@​martijnvdp</code></a> in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/539">hashicorp/go-getter#539</a></li>
<li>chore: fix error message capitalization in checksum function by <a
href="https://github.com/ssagarverma"><code>@​ssagarverma</code></a> in
<a
href="https://redirect.github.com/hashicorp/go-getter/pull/578">hashicorp/go-getter#578</a></li>
<li>[chore] : Bump the go group with 8 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/577">hashicorp/go-getter#577</a></li>
<li>Fix git url with ambiguous ref by <a
href="https://github.com/nimasamii"><code>@​nimasamii</code></a> in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/382">hashicorp/go-getter#382</a></li>
<li>fix: resolve compilation errors in get_git_test.go by <a
href="https://github.com/CreatorHead"><code>@​CreatorHead</code></a> in
<a
href="https://redirect.github.com/hashicorp/go-getter/pull/579">hashicorp/go-getter#579</a></li>
<li>[chore] : Bump the actions group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/582">hashicorp/go-getter#582</a></li>
<li>[chore] : Bump the go group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/583">hashicorp/go-getter#583</a></li>
<li>test that arbitrary files cannot be checksummed by <a
href="https://github.com/schmichael"><code>@​schmichael</code></a> in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/250">hashicorp/go-getter#250</a></li>
<li>[chore] : Bump google.golang.org/api from 0.260.0 to 0.262.0 in the
go group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/585">hashicorp/go-getter#585</a></li>
<li>[chore] : Bump actions/checkout from 6.0.1 to 6.0.2 in the actions
group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/586">hashicorp/go-getter#586</a></li>
<li>[chore] : Bump the go group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/588">hashicorp/go-getter#588</a></li>
<li>[chore] : Bump actions/cache from 5.0.2 to 5.0.3 in the actions
group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/589">hashicorp/go-getter#589</a></li>
<li>[chore] : Bump aws-actions/configure-aws-credentials from 5.1.1 to
6.0.0 in the actions group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/592">hashicorp/go-getter#592</a></li>
<li>[chore] : Bump google.golang.org/api from 0.264.0 to 0.265.0 in the
go group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/591">hashicorp/go-getter#591</a></li>
<li>[chore] : Bump the go group with 5 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/593">hashicorp/go-getter#593</a></li>
<li>IND-6310 - CRT Onboarding by <a
href="https://github.com/nasareeny"><code>@​nasareeny</code></a> in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/584">hashicorp/go-getter#584</a></li>
<li>Fix crt build path by <a
href="https://github.com/ssagarverma"><code>@​ssagarverma</code></a> in
<a
href="https://redirect.github.com/hashicorp/go-getter/pull/594">hashicorp/go-getter#594</a></li>
<li>[chore] : Bump the go group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/596">hashicorp/go-getter#596</a></li>
<li>fix: remove checkout action from set-product-version job by <a
href="https://github.com/ssagarverma"><code>@​ssagarverma</code></a> in
<a
href="https://redirect.github.com/hashicorp/go-getter/pull/598">hashicorp/go-getter#598</a></li>
<li>[chore] : Bump the actions group with 4 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/595">hashicorp/go-getter#595</a></li>
<li>fix(deps): upgrade go.opentelemetry.io/otel/sdk to v1.40.0
(GO-2026-4394) by <a
href="https://github.com/ssagarverma"><code>@​ssagarverma</code></a> in
<a
href="https://redirect.github.com/hashicorp/go-getter/pull/599">hashicorp/go-getter#599</a></li>
<li>Prepare go-getter for v1.8.5 release by <a
href="https://github.com/nasareeny"><code>@​nasareeny</code></a> in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/597">hashicorp/go-getter#597</a></li>
<li>[chore] : Bump the actions group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/600">hashicorp/go-getter#600</a></li>
<li>sec: bump go and xrepos + redact aws tokens in url by <a
href="https://github.com/dduzgun-security"><code>@​dduzgun-security</code></a>
in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/604">hashicorp/go-getter#604</a></li>
</ul>
<p><strong>NOTES:</strong></p>
<p>Binary Distribution Update: To streamline our release process and
align with other HashiCorp tools, all release binaries will now be
published exclusively to the official HashiCorp <a
href="https://releases.hashicorp.com/go-getter/">release</a> site. We
will no longer attach release assets to GitHub Releases.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Ericwww"><code>@​Ericwww</code></a> made
their first contribution in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/475">hashicorp/go-getter#475</a></li>
<li><a
href="https://github.com/martijnvdp"><code>@​martijnvdp</code></a> made
their first contribution in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/539">hashicorp/go-getter#539</a></li>
<li><a href="https://github.com/nimasamii"><code>@​nimasamii</code></a>
made their first contribution in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/382">hashicorp/go-getter#382</a></li>
<li><a href="https://github.com/nasareeny"><code>@​nasareeny</code></a>
made their first contribution in <a
href="https://redirect.github.com/hashicorp/go-getter/pull/584">hashicorp/go-getter#584</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/hashicorp/go-getter/compare/v1.8.4...v1.8.5">https://github.com/hashicorp/go-getter/compare/v1.8.4...v1.8.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d23bff48fb"><code>d23bff4</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-getter/issues/608">#608</a>
from hashicorp/dependabot/go_modules/go-security-9c51...</li>
<li><a
href="2c4aba8e52"><code>2c4aba8</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-getter/issues/613">#613</a>
from hashicorp/pull/v1.8.6</li>
<li><a
href="fe61ed9454"><code>fe61ed9</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-getter/issues/611">#611</a>
from hashicorp/SECVULN-41053</li>
<li><a
href="d53365612c"><code>d533656</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-getter/issues/606">#606</a>
from hashicorp/pull/CRT</li>
<li><a
href="388f23d7d4"><code>388f23d</code></a>
Additional test for local branch and head</li>
<li><a
href="b7ceaa59b1"><code>b7ceaa5</code></a>
harden checkout ref handling and added regression tests</li>
<li><a
href="769cc14fdb"><code>769cc14</code></a>
Release version bump up</li>
<li><a
href="6086a6a1f6"><code>6086a6a</code></a>
Review Comments Addressed</li>
<li><a
href="e02063cd28"><code>e02063c</code></a>
Revert &quot;SECVULN Fix for git checkout argument injection enables
arbitrary fil...</li>
<li><a
href="c93084dc43"><code>c93084d</code></a>
[chore] : Bump google.golang.org/grpc</li>
<li>Additional commits viewable in <a
href="https://github.com/hashicorp/go-getter/compare/v1.8.4...v1.8.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/hashicorp/go-getter&package-manager=go_modules&previous-version=1.8.4&new-version=1.8.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-10 15:36:57 +00:00
Ethan
ad2415ede7 fix: bump coder/tailscale to pick up RTM_MISS fix (#24187) 
## What

Bumps `coder/tailscale` to
[`e956a95`](e956a95074)
([PR #113](https://github.com/coder/tailscale/pull/113)) to pick up the
`RTM_MISS` fix for the Darwin network monitor.

Already released on `release/2.31` as v2.31.8. (#24185) to unblock a
customer. This PR is to update `main`.

## Why

On Darwin, `RTM_MISS` route-socket messages (fired on every failed route
lookup) were not filtered by `netmon`, causing each one to be treated as
a `LinkChange`. When netcheck sends STUN probes to an IPv6 address with
no route, this creates a self-sustaining feedback loop: `RTM_MISS` →
`LinkChange` → `ReSTUN` → netcheck → v6 STUN probe → `RTM_MISS` → …

The loop drives DERP home-region flapping at ~70× baseline, which at
fleet scale saturates PostgreSQL's `NOTIFY` lock and causes coordinator
health-check timeouts.

The upstream fix adds a single `if msg.Type == unix.RTM_MISS { return
true }` check to `skipRouteMessage`. This is safe because `RTM_MISS` is
a lookup-path signal, not a table-mutation signal — route withdrawals
always emit `RTM_DELETE` before any subsequent lookup can miss.

Of note is that this issue has only been reported recently, since users
updated to macOS 26.4.

Relates to ENG-2394
 2026-04-09 13:22:56 -04:00
Cian Johnston
27e5ff0a8e chore: update to our fork of charm.land/fantasy with appendCompact perf improvement (#24142) 
Fixes CODAGT-117

Updates go.mod to reference our forks of the following dependencies:
* charmbracelet/anthropic-sdk-go =>
https://github.com/coder/anthropic-sdk-go/tree/coder_2_33
* charm.land/fantasy => https://github.com/coder/fantasy/tree/coder_2_33
 2026-04-09 13:08:19 +01:00
Yevhenii Shcherbina
7f496c2f18 feat: byok-observability for aibridge (#23808) 
## Summary

Adds `credential_kind` and `credential_hint` columns to
`aibridge_interceptions` to record how each LLM request was
authenticated and provide a masked credential identifier for audit
purposes.

This enables admins to distinguish between centralized API keys,
personal API keys, and subscription-based credentials in the
interceptions audit log.

## Changes

- New migration adding `credential_kind`and `credential_hint` to
`aibridge_interceptions`
- Updated `InsertAIBridgeInterception` query and proto definition to
carry the new fields
- Wired proto fields through `translator.go` and `aibridgedserver.go` to
the database

Depends on https://github.com/coder/aibridge/pull/239
 2026-04-08 13:24:28 -04:00
Michael Suchacz
590235138f fix: pin fixed anthropic/fantasy forks for streaming token accounting (#24077) 2026-04-08 17:07:39 +00:00
Kyle Carberry
b969d66978 feat: add dynamic tools support for chat API (#24036) 
Adds client-executed dynamic tools to the chat API. Dynamic tools are
declared by the client at chat creation time, presented to the LLM
alongside built-in tools, but executed by the client rather than chatd.
This enables external systems (Slack bots, IDE extensions, Discord bots,
CI/CD integrations) to plug custom tools into the LLM chat loop without
modifying chatd's built-in tool set.

Modeled after OpenAI's Assistants API: the chat pauses with
`requires_action` status when the LLM calls a dynamic tool, the client
POSTs results back via `POST /chats/{id}/tool-results`, and the chat
resumes.

See [this example](https://github.com/coder/coder-slackbot-poc) as a
reference for how this is used. It's highly-configurable, which would
enable creating chats from webhooks, periodically polling, or running as
a Slackbot.

<details>
<summary>Design context</summary>

### Architecture

The chatloop **exits** when it encounters dynamic tools and
**re-enters** when results arrive. No blocking channels, no pubsub for
tool results, no in-memory registry. The DB is the only coordination
mechanism.

```
Phase 1 (chatloop):
  LLM response → execute built-in tools only →
  Persist(assistant + built-in results) →
  status = requires_action → chatloop exits

Phase 2 (POST /tool-results):
  Persist(dynamic tool results) →
  status = pending → wakeCh → chatloop re-enters
```

### Validation (POST /tool-results)

1. Chat status must be `requires_action` (409 if not)
2. Read chat's `dynamic_tools` → set of dynamic tool names
3. Read last assistant message → extract tool-call parts matching
dynamic tool names
4. Submitted tool_call_ids must match exactly (400 for missing/extra)
5. Persist tool-result message parts, set status to `pending`, signal
wake

### Idempotency

Tool call IDs scoped per LLM step. State machine (`requires_action` →
`pending`) is the guard. First POST wins, subsequent get 409.

### Mixed tool calls

When the LLM calls both built-in and dynamic tools in one step, built-in
tools execute immediately. Their results are persisted in phase 1.
Dynamic tool results arrive via POST in phase 2. The LLM sees all
results when the chatloop resumes.

</details>

> 🤖 Generated by Coder Agents
 2026-04-08 11:54:44 -04:00
dependabot[bot]
d87c5ef439 chore: bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.96.0 to 1.97.3 (#24136) 
Bumps
[github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2)
from 1.96.0 to 1.97.3.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="90650dd227"><code>90650dd</code></a>
Release 2026-03-26</li>
<li><a
href="dd88818bee"><code>dd88818</code></a>
Regenerated Clients</li>
<li><a
href="b662c50138"><code>b662c50</code></a>
Update endpoints model</li>
<li><a
href="500a9cb352"><code>500a9cb</code></a>
Update API model</li>
<li><a
href="6221102f76"><code>6221102</code></a>
fix stale skew and delayed skew healing (<a
href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/3359">#3359</a>)</li>
<li><a
href="0a39373433"><code>0a39373</code></a>
fix order of generated event header handlers (<a
href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/3361">#3361</a>)</li>
<li><a
href="098f389827"><code>098f389</code></a>
Only generate resolveAccountID when it's required (<a
href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/3360">#3360</a>)</li>
<li><a
href="6ebab66428"><code>6ebab66</code></a>
Release 2026-03-25</li>
<li><a
href="b2ec3beebb"><code>b2ec3be</code></a>
Regenerated Clients</li>
<li><a
href="abc126f6b3"><code>abc126f</code></a>
Update API model</li>
<li>Additional commits viewable in <a
href="https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.96.0...service/s3/v1.97.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/aws/aws-sdk-go-v2/service/s3&package-manager=go_modules&previous-version=1.96.0&new-version=1.97.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-08 04:40:17 +00:00
dependabot[bot]
ef3e17317c chore: bump github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream from 1.7.6 to 1.7.8 (#24134) 
Bumps
[github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream](https://github.com/aws/aws-sdk-go-v2)
from 1.7.6 to 1.7.8.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e3b97d2a02"><code>e3b97d2</code></a>
Release 2023-10-12</li>
<li><a
href="863010ddb2"><code>863010d</code></a>
Regenerated Clients</li>
<li><a
href="6946ef8b91"><code>6946ef8</code></a>
Update endpoints model</li>
<li><a
href="6d93ded453"><code>6d93ded</code></a>
Update API model</li>
<li><a
href="bebc232e7f"><code>bebc232</code></a>
fix: fail to load config if configured profile doesn't exist (<a
href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/2309">#2309</a>)</li>
<li><a
href="5de46742b7"><code>5de4674</code></a>
fix DNS timeout error not retried (<a
href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/2300">#2300</a>)</li>
<li><a
href="e155bb72a2"><code>e155bb7</code></a>
Release 2023-10-06</li>
<li><a
href="9d342ba339"><code>9d342ba</code></a>
Regenerated Clients</li>
<li><a
href="1df99141a1"><code>1df9914</code></a>
Update SDK's smithy-go dependency to v1.15.0</li>
<li><a
href="32ada3a191"><code>32ada3a</code></a>
Update API model</li>
<li>See full diff in <a
href="https://github.com/aws/aws-sdk-go-v2/compare/service/m2/v1.7.6...service/m2/v1.7.8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream&package-manager=go_modules&previous-version=1.7.6&new-version=1.7.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-08 03:14:12 +00:00
Kyle Carberry
16265e834e chore: update fantasy fork to use github.com/coder/fantasy (#24100) 
Moves the `charm.land/fantasy` replace directive from
`github.com/kylecarbs/fantasy` to `github.com/coder/fantasy`, pointing
at the same `cj/go1.25` branch and commit (`112927d9b6d8`).

> Generated by Coder Agents
 2026-04-07 16:11:49 +01:00
dependabot[bot]
2ea08aa168 chore: bump github.com/gohugoio/hugo from 0.159.2 to 0.160.0 (#24081) 
Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from
0.159.2 to 0.160.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gohugoio/hugo/releases">github.com/gohugoio/hugo's
releases</a>.</em></p>
<blockquote>
<h2>v0.160.0</h2>
<p>Now you can inject <a
href="https://gohugo.io/functions/css/build/#vars">CSS vars</a>, e.g.
from the configuration, into your stylesheets when building with <a
href="https://gohugo.io/functions/css/build/">css.Build</a>. Also, now
all the render hooks has a <a
href="https://gohugo.io/render-hooks/links/#position">.Position</a>
method, now also more accurate and effective.</p>
<h2>Bug fixes</h2>
<ul>
<li>Fix some recently introduced Position issues 4e91e14c <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14710">#14710</a></li>
<li>markup/goldmark: Fix double-escaping of ampersands in link URLs
dc9b51d2 <a href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14715">#14715</a></li>
<li>tpl: Fix stray quotes from partial decorator in script context
43aad711 <a href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14711">#14711</a></li>
</ul>
<h2>Improvements</h2>
<ul>
<li>all: Replace NewIntegrationTestBuilder with Test/TestE/TestRunning
481baa08 <a href="https://github.com/bep"><code>@​bep</code></a></li>
<li>tpl/css: Support <a
href="https://github.com/import"><code>@​import</code></a>
&quot;hugo:vars&quot; for CSS custom properties in css.Build 5d09b5e3 <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14699">#14699</a></li>
<li>Improve and extend .Position handling in Goldmark render hooks
303e443e <a href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14663">#14663</a></li>
<li>markup/goldmark: Clean up test 638262ce <a
href="https://github.com/bep"><code>@​bep</code></a></li>
</ul>
<h2>Dependency Updates</h2>
<ul>
<li>build(deps): bump github.com/magefile/mage from 1.16.1 to 1.17.1
bf6e35a7 <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li>
<li>build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4
0eda24e6 <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li>
<li>build(deps): bump golang.org/x/image from 0.37.0 to 0.38.0 beb57a68
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>readme: Revise edition descriptions and installation instructions
9f1f1be0 <a
href="https://github.com/jmooring"><code>@​jmooring</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="652fc5acdd"><code>652fc5a</code></a>
releaser: Bump versions for release of 0.160.0</li>
<li><a
href="bf6e35a755"><code>bf6e35a</code></a>
build(deps): bump github.com/magefile/mage from 1.16.1 to 1.17.1</li>
<li><a
href="4e91e14cb0"><code>4e91e14</code></a>
Fix some recently introduced Position issues</li>
<li><a
href="dc9b51d2e2"><code>dc9b51d</code></a>
markup/goldmark: Fix double-escaping of ampersands in link URLs</li>
<li><a
href="481baa0896"><code>481baa0</code></a>
all: Replace NewIntegrationTestBuilder with Test/TestE/TestRunning</li>
<li><a
href="43aad7118d"><code>43aad71</code></a>
tpl: Fix stray quotes from partial decorator in script context</li>
<li><a
href="9f1f1be0be"><code>9f1f1be</code></a>
readme: Revise edition descriptions and installation instructions</li>
<li><a
href="0eda24e65f"><code>0eda24e</code></a>
build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4</li>
<li><a
href="5d09b5e32a"><code>5d09b5e</code></a>
tpl/css: Support <a
href="https://github.com/import"><code>@​import</code></a>
&quot;hugo:vars&quot; for CSS custom properties in css.Build</li>
<li><a
href="303e443ea7"><code>303e443</code></a>
Improve and extend .Position handling in Goldmark render hooks</li>
<li>Additional commits viewable in <a
href="https://github.com/gohugoio/hugo/compare/v0.159.2...v0.160.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo&package-manager=go_modules&previous-version=0.159.2&new-version=0.160.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-07 11:17:57 +00:00
dependabot[bot]
d4b9248202 chore: bump github.com/valyala/fasthttp from 1.69.0 to 1.70.0 (#24080) 
Bumps [github.com/valyala/fasthttp](https://github.com/valyala/fasthttp)
from 1.69.0 to 1.70.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/valyala/fasthttp/releases">github.com/valyala/fasthttp's
releases</a>.</em></p>
<blockquote>
<h2>v1.70.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Go 1.26 and golangci-lint updates by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2146">valyala/fasthttp#2146</a></li>
<li>Add WithLimit methods for uncompression by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2147">valyala/fasthttp#2147</a></li>
<li>Honor Root for fs.FS and normalize fs-style roots by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2145">valyala/fasthttp#2145</a></li>
<li>Sanitize header values in all setter paths to prevent CRLF injection
by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2162">valyala/fasthttp#2162</a></li>
<li>Add ServeFileLiteral, ServeFSLiteral and SendFileLiteral by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2163">valyala/fasthttp#2163</a></li>
<li>Prevent chunk extension request smuggling by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2165">valyala/fasthttp#2165</a></li>
<li>Validate request URI format during header parsing to reject
malformed requests by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2168">valyala/fasthttp#2168</a></li>
<li>HTTP1/1 requires exactly one Host header by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2164">valyala/fasthttp#2164</a></li>
<li>Strict HTTP version validation and simplified first line parsing by
<a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2167">valyala/fasthttp#2167</a></li>
<li>Only normalize pre-colon whitespace for HTTP headers by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2172">valyala/fasthttp#2172</a></li>
<li>fs: reject '..' path segments in rewritten paths by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2173">valyala/fasthttp#2173</a></li>
<li>fasthttpproxy: reject CRLF in HTTP proxy CONNECT target by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2174">valyala/fasthttp#2174</a></li>
<li>fasthttpproxy: scope proxy auth cache to GetDialFunc by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2144">valyala/fasthttp#2144</a></li>
<li>feat: enhance performance by <a
href="https://github.com/ReneWerner87"><code>@​ReneWerner87</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2135">valyala/fasthttp#2135</a></li>
<li>export ErrConnectionClosed by <a
href="https://github.com/pjebs"><code>@​pjebs</code></a> in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2152">valyala/fasthttp#2152</a></li>
<li>fix: detect master process death in prefork children by <a
href="https://github.com/meruiden"><code>@​meruiden</code></a> in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2158">valyala/fasthttp#2158</a></li>
<li>return prev values by <a
href="https://github.com/pjebs"><code>@​pjebs</code></a> in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2123">valyala/fasthttp#2123</a></li>
<li>docs: added httpgo to related projects by <a
href="https://github.com/MUlt1mate"><code>@​MUlt1mate</code></a> in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2169">valyala/fasthttp#2169</a></li>
<li>chore(deps): bump actions/upload-artifact from 6 to 7 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2149">valyala/fasthttp#2149</a></li>
<li>chore(deps): bump github.com/andybalholm/brotli from 1.2.0 to 1.2.1
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2170">valyala/fasthttp#2170</a></li>
<li>chore(deps): bump github.com/klauspost/compress from 1.18.2 to
1.18.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2129">valyala/fasthttp#2129</a></li>
<li>chore(deps): bump github.com/klauspost/compress from 1.18.3 to
1.18.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2140">valyala/fasthttp#2140</a></li>
<li>chore(deps): bump github.com/klauspost/compress from 1.18.4 to
1.18.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2166">valyala/fasthttp#2166</a></li>
<li>chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2139">valyala/fasthttp#2139</a></li>
<li>chore(deps): bump golang.org/x/net from 0.48.0 to 0.49.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2128">valyala/fasthttp#2128</a></li>
<li>chore(deps): bump golang.org/x/net from 0.49.0 to 0.50.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2138">valyala/fasthttp#2138</a></li>
<li>chore(deps): bump golang.org/x/sys from 0.39.0 to 0.40.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2125">valyala/fasthttp#2125</a></li>
<li>chore(deps): bump golang.org/x/sys from 0.40.0 to 0.41.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2137">valyala/fasthttp#2137</a></li>
<li>chore(deps): bump securego/gosec from 2.22.11 to 2.23.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2142">valyala/fasthttp#2142</a></li>
<li>Update securego/gosec from 2.23.0 to 2.25.0 by <a
href="https://github.com/erikdubbelboer"><code>@​erikdubbelboer</code></a>
in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2161">valyala/fasthttp#2161</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/MUlt1mate"><code>@​MUlt1mate</code></a>
made their first contribution in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2169">valyala/fasthttp#2169</a></li>
<li><a href="https://github.com/meruiden"><code>@​meruiden</code></a>
made their first contribution in <a
href="https://redirect.github.com/valyala/fasthttp/pull/2158">valyala/fasthttp#2158</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/valyala/fasthttp/compare/v1.69.0...v1.70.0">https://github.com/valyala/fasthttp/compare/v1.69.0...v1.70.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="534461ad12"><code>534461a</code></a>
fasthttpproxy: reject CRLF in HTTP proxy CONNECT target (<a
href="https://redirect.github.com/valyala/fasthttp/issues/2174">#2174</a>)</li>
<li><a
href="267e740f56"><code>267e740</code></a>
fs: reject '..' path segments in rewritten paths (<a
href="https://redirect.github.com/valyala/fasthttp/issues/2173">#2173</a>)</li>
<li><a
href="a95a1ad11c"><code>a95a1ad</code></a>
Only normalize pre-colon whitespace for HTTP headers (<a
href="https://redirect.github.com/valyala/fasthttp/issues/2172">#2172</a>)</li>
<li><a
href="ab8c2aceea"><code>ab8c2ac</code></a>
fix: detect master process death in prefork children (<a
href="https://redirect.github.com/valyala/fasthttp/issues/2158">#2158</a>)</li>
<li><a
href="c4569c5fbb"><code>c4569c5</code></a>
feat: enhance performance (<a
href="https://redirect.github.com/valyala/fasthttp/issues/2135">#2135</a>)</li>
<li><a
href="beab280ed3"><code>beab280</code></a>
chore(deps): bump github.com/andybalholm/brotli from 1.2.0 to 1.2.1 (<a
href="https://redirect.github.com/valyala/fasthttp/issues/2170">#2170</a>)</li>
<li><a
href="82254a7add"><code>82254a7</code></a>
Normalize framing header names with pre-colon whitespace</li>
<li><a
href="611132707f"><code>6111327</code></a>
Strict HTTP version validation and simplified first line parsing (<a
href="https://redirect.github.com/valyala/fasthttp/issues/2167">#2167</a>)</li>
<li><a
href="eb38f5fc14"><code>eb38f5f</code></a>
HTTP1/1 requires exactly one Host header (<a
href="https://redirect.github.com/valyala/fasthttp/issues/2164">#2164</a>)</li>
<li><a
href="7d90713bda"><code>7d90713</code></a>
Validate request URI format during header parsing to reject malformed
request...</li>
<li>Additional commits viewable in <a
href="https://github.com/valyala/fasthttp/compare/v1.69.0...v1.70.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/valyala/fasthttp&package-manager=go_modules&previous-version=1.69.0&new-version=1.70.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-07 11:17:34 +00:00
dependabot[bot]
fd6c623560 chore: bump google.golang.org/api from 0.273.0 to 0.274.0 (#24079) 
Bumps
[google.golang.org/api](https://github.com/googleapis/google-api-go-client)
from 0.273.0 to 0.274.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.274.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.273.1...v0.274.0">0.274.0</a>
(2026-04-02)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3555">#3555</a>)
(<a
href="0e634ae13e">0e634ae</a>)</li>
</ul>
<h2>v0.273.1</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.273.0...v0.273.1">0.273.1</a>
(2026-03-31)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Merge duplicate x-goog-request-params header (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3547">#3547</a>)
(<a
href="2008108eb5">2008108</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.273.1...v0.274.0">0.274.0</a>
(2026-04-02)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3555">#3555</a>)
(<a
href="0e634ae13e">0e634ae</a>)</li>
</ul>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.273.0...v0.273.1">0.273.1</a>
(2026-03-31)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Merge duplicate x-goog-request-params header (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3547">#3547</a>)
(<a
href="2008108eb5">2008108</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6c759a2bb6"><code>6c759a2</code></a>
chore(main): release 0.274.0 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3556">#3556</a>)</li>
<li><a
href="0e634ae13e"><code>0e634ae</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3555">#3555</a>)</li>
<li><a
href="0f75259689"><code>0f75259</code></a>
chore: embargo aiplatform:v1beta1 temporarily (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3554">#3554</a>)</li>
<li><a
href="550f00c8f8"><code>550f00c</code></a>
chore(main): release 0.273.1 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3551">#3551</a>)</li>
<li><a
href="da01f6aec8"><code>da01f6a</code></a>
chore(deps): bump github.com/go-git/go-git/v5 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3552">#3552</a>)</li>
<li><a
href="2008108eb5"><code>2008108</code></a>
fix: merge duplicate x-goog-request-params header (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3547">#3547</a>)</li>
<li>See full diff in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.273.0...v0.274.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.273.0&new-version=0.274.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-07 11:16:33 +00:00
dependabot[bot]
78fa8094cc chore: bump github.com/gohugoio/hugo from 0.158.0 to 0.159.2 (#23957) 
Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from
0.158.0 to 0.159.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gohugoio/hugo/releases">github.com/gohugoio/hugo's
releases</a>.</em></p>
<blockquote>
<h2>v0.159.2</h2>
<p>Note that the security fix below is not a potential threat if you
either:</p>
<ul>
<li>Trust your Markdown content files.</li>
<li>Have custom <a href="https://gohugo.io/render-hooks/">render hook
template</a> for links and images.</li>
</ul>
<p>EDIT IN: This release also adds release archives for
non-extended-withdeploy builds.</p>
<h2>What's Changed</h2>
<ul>
<li>Fix potential content XSS by escaping dangerous URLs in Markdown
links and images 479fe6c6 <a
href="https://github.com/bep"><code>@​bep</code></a></li>
<li>resources/page: Fix shared reader in
Source.ValueAsOpenReadSeekCloser df520e31 <a
href="https://github.com/jmooring"><code>@​jmooring</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14684">#14684</a></li>
</ul>
<h2>v0.159.1</h2>
<p>The regression fixed in this release isn't new, but it's so subtle
that we thought we'd release this sooner rather than later. For some
time now, the minifier we use have stripped namespaced attributes in
SVGs, which broke dynamic constructs using e.g. <a
href="https://alpinejs.dev/directives/bind">AlpineJS' x-bind:</a>
namespace (library used by Hugo's <a
href="https://gohugo.io/">documentation site</a>).</p>
<p>To fix this, the upstream library has hadded a
<code>keepNamespaces</code> slice option. It was not possible to find a
default that would make all happy, so we opted for an option that at
least would make AlpineJS sites work out of the box:</p>
<pre lang="toml"><code> [minify.tdewolff.svg]
      keepNamespaces = ['', 'x-bind']
</code></pre>
<h2>What's Changed</h2>
<ul>
<li>minifiers: Keep x-bind and blank namespace in SVG minification
42289d76 <a href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14669">#14669</a></li>
</ul>
<h2>v0.159.0</h2>
<p>This release greatly improves and simplifies management of
Node.js/npm dependencies in a multi-module setup. See <a
href="https://gohugo.io/hugo-modules/nodejs-dependencies/">this page</a>
for more information.</p>
<h2>Note</h2>
<ul>
<li>Replace deprecated site.Data with hugo.Data in tests a8fca598 <a
href="https://github.com/bep"><code>@​bep</code></a></li>
<li>Replace deprecated excludeFiles and includeFiles with files in tests
182b1045 <a href="https://github.com/bep"><code>@​bep</code></a></li>
<li>Replace deprecated :filename with :contentbasename in the permalinks
test eb11c3d0 <a
href="https://github.com/bep"><code>@​bep</code></a></li>
</ul>
<h2>Bug fixes</h2>
<ul>
<li>tpl/tplimpl: Fix Vimeo shortcode test eaf4c751 <a
href="https://github.com/jmooring"><code>@​jmooring</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14649">#14649</a></li>
</ul>
<h2>Improvements</h2>
<ul>
<li>create: Return error instead of panic when page not found 807cae1d
<a href="https://github.com/mango766"><code>@​mango766</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14112">#14112</a></li>
<li>commands: Preserve non-content files in convert output c4fb61d9 <a
href="https://github.com/xndvaz"><code>@​xndvaz</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/4621">#4621</a></li>
<li>npm: Use workspaces to simplify <code>hugo mod npm pack</code>
d88a29e0 <a href="https://github.com/bep"><code>@​bep</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5f4646acaa"><code>5f4646a</code></a>
releaser: Bump versions for release of 0.159.2</li>
<li><a
href="479fe6c654"><code>479fe6c</code></a>
Fix potential content XSS by escaping dangerous URLs in links and
images</li>
<li><a
href="81a5cdca07"><code>81a5cdc</code></a>
releaser: Add standard withdeploy release assets</li>
<li><a
href="df520e3150"><code>df520e3</code></a>
resources/page: Fix shared reader in
Source.ValueAsOpenReadSeekCloser</li>
<li><a
href="b55d452e46"><code>b55d452</code></a>
testing: Simplify line ending handling in tests</li>
<li><a
href="ea7eac6558"><code>ea7eac6</code></a>
readme: Update Go version to 1.25.0</li>
<li><a
href="458ebdd448"><code>458ebdd</code></a>
releaser: Prepare repository for 0.160.0-DEV</li>
<li><a
href="86c7d3afac"><code>86c7d3a</code></a>
releaser: Bump versions for release of 0.159.1</li>
<li><a
href="42289d76f9"><code>42289d7</code></a>
minifiers: Keep x-bind and blank namespace in SVG minification</li>
<li><a
href="0c013c2326"><code>0c013c2</code></a>
Adjust depreceated syntax in tests</li>
<li>Additional commits viewable in <a
href="https://github.com/gohugoio/hugo/compare/v0.158.0...v0.159.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo&package-manager=go_modules&previous-version=0.158.0&new-version=0.159.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-02 08:44:24 +00:00
dependabot[bot]
a85e00eed0 chore: bump google.golang.org/grpc from 1.79.3 to 1.80.0 (#23956) 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from
1.79.3 to 1.80.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's
releases</a>.</em></p>
<blockquote>
<h2>Release 1.80.0</h2>
<h1>Behavior Changes</h1>
<ul>
<li>balancer: log a warning if a balancer is registered with uppercase
letters, as balancer names should be lowercase. In a future release,
balancer names will be treated as case-insensitive; see <a
href="https://redirect.github.com/grpc/grpc-go/issues/5288">#5288</a>
for details. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8837">#8837</a>)</li>
<li>xds: update resource error handling and re-resolution logic (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8907">#8907</a>)
<ul>
<li>Re-resolve all <code>LOGICAL_DNS</code> clusters simultaneously when
re-resolution is requested.</li>
<li>Fail all in-flight RPCs immediately upon receipt of listener or
route resource errors, instead of allowing them to complete.</li>
</ul>
</li>
</ul>
<h1>Bug Fixes</h1>
<ul>
<li>xds: support the LB policy configured in <code>LOGICAL_DNS</code>
cluster resources instead of defaulting to <code>pick_first</code>. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8733">#8733</a>)</li>
<li>credentials/tls: perform per-RPC authority validation against the
leaf certificate instead of the entire peer certificate chain. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8831">#8831</a>)</li>
<li>xds: enabling A76 ring hash endpoint keys no longer causes EDS
resources with invalid proxy metadata to be NACKed when HTTP CONNECT
(gRFC A86) is disabled. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8875">#8875</a>)</li>
<li>xds: validate that the sum of endpoint weights in a locality does
not exceed the maximum <code>uint32</code> value. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8899">#8899</a>)
<ul>
<li>Special Thanks: <a
href="https://github.com/RAVEYUS"><code>@​RAVEYUS</code></a></li>
</ul>
</li>
<li>xds: fix incorrect proto field access in the weighted round robin
(WRR) configuration where <code>blackout_period</code> was used instead
of <code>weight_expiration_period</code>. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8915">#8915</a>)
<ul>
<li>Special Thanks: <a
href="https://github.com/gregbarasch"><code>@​gregbarasch</code></a></li>
</ul>
</li>
<li>xds/rbac: handle addresses with ports in IP matchers. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8990">#8990</a>)</li>
</ul>
<h1>New Features</h1>
<ul>
<li>ringhash: enable gRFC A76 (endpoint hash keys and request hash
headers) by default. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8922">#8922</a>)</li>
</ul>
<h1>Performance Improvements</h1>
<ul>
<li>credentials/alts: pool write buffers to reduce memory allocations
and usage. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8919">#8919</a>)</li>
<li>grpc: enable the use of pooled write buffers for buffering HTTP/2
frame writes by default. This reduces memory usage when connections are
idle. Use the <a
href="https://pkg.go.dev/google.golang.org/grpc#WithSharedWriteBuffer">WithSharedWriteBuffer</a>
dial option or the <a
href="https://pkg.go.dev/google.golang.org/grpc#SharedWriteBuffer">SharedWriteBuffer</a>
server option to disable this feature. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8957">#8957</a>)</li>
<li>xds/priority: stop caching child LB policies removed from the
configuration. This will help reduce memory and cpu usage when
localities are constantly switching between priorities. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8997">#8997</a>)</li>
<li>mem: add a faster tiered buffer pool; use the experimental <a
href="https://pkg.go.dev/google.golang.org/grpc/mem@master#NewBinaryTieredBufferPool">mem.NewBinaryTieredBufferPool</a>
function to create such pools. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8775">#8775</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="397e45edaa"><code>397e45e</code></a>
Change version to 1.80.0 (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8948">#8948</a>)</li>
<li><a
href="64ebf0a600"><code>64ebf0a</code></a>
Cherry-pick <a
href="https://redirect.github.com/grpc/grpc-go/issues/8997">#8997</a> to
v1.80.x (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9027">#9027</a>)</li>
<li><a
href="e45ed24186"><code>e45ed24</code></a>
xds/rbac: add additional handling for addresses with ports (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8990">#8990</a>)
(<a
href="https://redirect.github.com/grpc/grpc-go/issues/9022">#9022</a>)</li>
<li><a
href="c78d26e03e"><code>c78d26e</code></a>
Cherry-pick <a
href="https://redirect.github.com/grpc/grpc-go/issues/8957">#8957</a> to
v1.80.x (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9007">#9007</a>)</li>
<li><a
href="bd7cd3c1ab"><code>bd7cd3c</code></a>
grpc: enforce strict path checking for incoming requests on the server
(<a
href="https://redirect.github.com/grpc/grpc-go/issues/8987">#8987</a>)</li>
<li><a
href="b6597b3d32"><code>b6597b3</code></a>
xds/clusterimpl: use xdsConfig for updates and remove redundant fields
from L...</li>
<li><a
href="1d4fa8a7b7"><code>1d4fa8a</code></a>
xds: change cdsbalancer to use update from dependency manager (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8907">#8907</a>)</li>
<li><a
href="8f47d36451"><code>8f47d36</code></a>
attributes: Replace internal map with linked list (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8933">#8933</a>)</li>
<li><a
href="22e1ee8085"><code>22e1ee8</code></a>
xds: add panic recovery in xdsclient resource unmarshalling. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8895">#8895</a>)</li>
<li><a
href="7136e99ee3"><code>7136e99</code></a>
credentials/alts: Pool write buffers (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8919">#8919</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/grpc/grpc-go/compare/v1.79.3...v1.80.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/grpc&package-manager=go_modules&previous-version=1.79.3&new-version=1.80.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-02 08:28:01 +00:00
Danny Kopping
c86f1288f1 chore: update aibridge with latest changes (#23863) 
519b082ad6...a011104f37

Includes https://github.com/coder/aibridge/pull/242 and
https://github.com/coder/aibridge/pull/229

Signed-off-by: Danny Kopping <danny@coder.com>
 2026-03-31 16:11:50 +00:00
Susana Ferreira
b0036af57b feat: register multiple Copilot providers for business and enterprise upstreams (#23811) 
## Description

Adds support for multiple Copilot provider instances to route requests to different Copilot upstreams (individual, business, enterprise). Each instance has its own name and base URL, enabling per-upstream metrics, logs, circuit breakers, API dump, and routing.

## Changes

* Add Copilot business and enterprise provider names and host constants
* Register three Copilot provider instances in aibridged (default, business, enterprise)
* Update `defaultAIBridgeProvider` in `aibridgeproxy` to route new Copilot hosts to their corresponding providers

## Related

* Depends on: https://github.com/coder/aibridge/pull/240
* Closes: https://github.com/coder/aibridge/issues/152

Note: documentation changes will be added in a follow-up PR.

_Disclaimer: initially produced by Claude Opus 4.6, heavily modified and reviewed by @ssncferreira ._
 2026-03-31 16:00:37 +01:00
Danny Kopping
5d07014f9f chore: update aibridge lib (#23849) 
https://github.com/coder/aibridge/pull/230 has been merged, update the
dependency to match.

Includes other changes as well:
dd8c239e55...77d597aa12
(cc @evgeniy-scherbina, @pawbana)

Signed-off-by: Danny Kopping <danny@coder.com>
 2026-03-31 16:11:40 +02:00
Lukasz
acd2ff63a7 chore: bump Go toolchain to 1.25.8 (#23772) 
Bump the repository Go toolchain from 1.25.7 to 1.25.8.

Updates `go.mod`, the shared `setup-go` action default, and the dogfood
image checksum so local, CI, and dogfood builds stay aligned.
 2026-03-31 14:04:58 +02:00
dependabot[bot]
3cc31de57a chore: bump github.com/go-git/go-git/v5 from 5.17.0 to 5.17.1 (#23813) 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git)
from 5.17.0 to 5.17.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's
releases</a>.</em></p>
<blockquote>
<h2>v5.17.1</h2>
<h2>What's Changed</h2>
<ul>
<li>build: Update module github.com/cloudflare/circl to v1.6.3
[SECURITY] (releases/v5.x) by <a
href="https://github.com/go-git-renovate"><code>@​go-git-renovate</code></a>[bot]
in <a
href="https://redirect.github.com/go-git/go-git/pull/1930">go-git/go-git#1930</a></li>
<li>[v5] plumbing: format/index, Improve v4 entry name validation by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1935">go-git/go-git#1935</a></li>
<li>[v5] plumbing: format/idxfile, Fix version and fanout checks by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1937">go-git/go-git#1937</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-git/go-git/compare/v5.17.0...v5.17.1">https://github.com/go-git/go-git/compare/v5.17.0...v5.17.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e23dfd02d"><code>5e23dfd</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/1937">#1937</a>
from pjbgf/idx-v5</li>
<li><a
href="6b38a32681"><code>6b38a32</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/1935">#1935</a>
from pjbgf/index-v5</li>
<li><a
href="cd757fcb85"><code>cd757fc</code></a>
plumbing: format/idxfile, Fix version and fanout checks</li>
<li><a
href="3ec0d70cb6"><code>3ec0d70</code></a>
plumbing: format/index, Fix tree extension invalidated entry
parsing</li>
<li><a
href="dbe10b6b42"><code>dbe10b6</code></a>
plumbing: format/index, Align V2/V3 long name and V4 prefix encoding
with Git</li>
<li><a
href="e9b65df44c"><code>e9b65df</code></a>
plumbing: format/index, Improve v4 entry name validation</li>
<li><a
href="adad18daab"><code>adad18d</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/1930">#1930</a>
from go-git/renovate/releases/v5.x-go-github.com-clo...</li>
<li><a
href="29470bd1d8"><code>29470bd</code></a>
build: Update module github.com/cloudflare/circl to v1.6.3
[SECURITY]</li>
<li>See full diff in <a
href="https://github.com/go-git/go-git/compare/v5.17.0...v5.17.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-git/go-git/v5&package-manager=go_modules&previous-version=5.17.0&new-version=5.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-30 17:27:38 +00:00
dependabot[bot]
7d0a49f54b chore: bump google.golang.org/api from 0.272.0 to 0.273.0 (#23782) 
Bumps
[google.golang.org/api](https://github.com/googleapis/google-api-go-client)
from 0.272.0 to 0.273.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.273.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.272.0...v0.273.0">0.273.0</a>
(2026-03-23)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3542">#3542</a>)
(<a
href="a4b47110f2">a4b4711</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3546">#3546</a>)
(<a
href="0cacfa8557">0cacfa8</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.272.0...v0.273.0">0.273.0</a>
(2026-03-23)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3542">#3542</a>)
(<a
href="a4b47110f2">a4b4711</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3546">#3546</a>)
(<a
href="0cacfa8557">0cacfa8</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2e86962ce5"><code>2e86962</code></a>
chore(main): release 0.273.0 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3545">#3545</a>)</li>
<li><a
href="50ea74c1b0"><code>50ea74c</code></a>
chore(google-api-go-generator): restore aiplatform:v1beta1 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3549">#3549</a>)</li>
<li><a
href="0cacfa8557"><code>0cacfa8</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3546">#3546</a>)</li>
<li><a
href="d38a12991f"><code>d38a129</code></a>
chore(all): update all (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3548">#3548</a>)</li>
<li><a
href="a4b47110f2"><code>a4b4711</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3542">#3542</a>)</li>
<li><a
href="67cf706bd3"><code>67cf706</code></a>
chore(all): update module google.golang.org/grpc to v1.79.3 [SECURITY]
(<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3544">#3544</a>)</li>
<li>See full diff in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.272.0...v0.273.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.272.0&new-version=0.273.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-30 11:51:12 +00:00
dependabot[bot]
f77d0c1649 chore: bump github.com/hashicorp/go-version from 1.8.0 to 1.9.0 (#23784) 
Bumps
[github.com/hashicorp/go-version](https://github.com/hashicorp/go-version)
from 1.8.0 to 1.9.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/go-version/releases">github.com/hashicorp/go-version's
releases</a>.</em></p>
<blockquote>
<h2>v1.9.0</h2>
<h2>What's Changed</h2>
<h3>Enhancements</h3>
<ul>
<li>Add support for prefix of any character by <a
href="https://github.com/brondum"><code>@​brondum</code></a> in <a
href="https://redirect.github.com/hashicorp/go-version/pull/79">hashicorp/go-version#79</a></li>
</ul>
<h3>Internal</h3>
<ul>
<li>Update CHANGELOG for version 1.8.0 enhancements by <a
href="https://github.com/sonamtenzin2"><code>@​sonamtenzin2</code></a>
in <a
href="https://redirect.github.com/hashicorp/go-version/pull/178">hashicorp/go-version#178</a></li>
<li>Bump the github-actions-backward-compatible group across 1 directory
with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-version/pull/179">hashicorp/go-version#179</a></li>
<li>Bump the github-actions-breaking group with 4 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-version/pull/180">hashicorp/go-version#180</a></li>
<li>Bump the github-actions-backward-compatible group with 3 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-version/pull/182">hashicorp/go-version#182</a></li>
<li>Update GitHub Actions to trigger on pull requests and update go
version by <a
href="https://github.com/ssagarverma"><code>@​ssagarverma</code></a> in
<a
href="https://redirect.github.com/hashicorp/go-version/pull/185">hashicorp/go-version#185</a></li>
<li>Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the
github-actions-breaking group across 1 directory by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-version/pull/183">hashicorp/go-version#183</a></li>
<li>Bump the github-actions-backward-compatible group across 1 directory
with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/go-version/pull/186">hashicorp/go-version#186</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/sonamtenzin2"><code>@​sonamtenzin2</code></a>
made their first contribution in <a
href="https://redirect.github.com/hashicorp/go-version/pull/178">hashicorp/go-version#178</a></li>
<li><a href="https://github.com/brondum"><code>@​brondum</code></a> made
their first contribution in <a
href="https://redirect.github.com/hashicorp/go-version/pull/79">hashicorp/go-version#79</a></li>
<li><a
href="https://github.com/ssagarverma"><code>@​ssagarverma</code></a>
made their first contribution in <a
href="https://redirect.github.com/hashicorp/go-version/pull/185">hashicorp/go-version#185</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/hashicorp/go-version/compare/v1.8.0...v1.9.0">https://github.com/hashicorp/go-version/compare/v1.8.0...v1.9.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/go-version/blob/main/CHANGELOG.md">github.com/hashicorp/go-version's
changelog</a>.</em></p>
<blockquote>
<h1>1.9.0 (Mar 30, 2026)</h1>
<p>ENHANCEMENTS:</p>
<p>Support parsing versions with custom prefixes via opt-in option in <a
href="https://redirect.github.com/hashicorp/go-version/pull/79">hashicorp/go-version#79</a></p>
<p>INTERNAL:</p>
<ul>
<li>Bump the github-actions-backward-compatible group across 1 directory
with 2 updates in <a
href="https://redirect.github.com/hashicorp/go-version/pull/179">hashicorp/go-version#179</a></li>
<li>Bump the github-actions-breaking group with 4 updates in <a
href="https://redirect.github.com/hashicorp/go-version/pull/180">hashicorp/go-version#180</a></li>
<li>Bump the github-actions-backward-compatible group with 3 updates in
<a
href="https://redirect.github.com/hashicorp/go-version/pull/182">hashicorp/go-version#182</a></li>
<li>Update GitHub Actions to trigger on pull requests and update go
version in <a
href="https://redirect.github.com/hashicorp/go-version/pull/185">hashicorp/go-version#185</a></li>
<li>Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the
github-actions-breaking group across 1 directory in <a
href="https://redirect.github.com/hashicorp/go-version/pull/183">hashicorp/go-version#183</a></li>
<li>Bump the github-actions-backward-compatible group across 1 directory
with 2 updates in <a
href="https://redirect.github.com/hashicorp/go-version/pull/186">hashicorp/go-version#186</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b80b1e68c4"><code>b80b1e6</code></a>
Update CHANGELOG for version 1.9.0 (<a
href="https://redirect.github.com/hashicorp/go-version/issues/187">#187</a>)</li>
<li><a
href="e93736f315"><code>e93736f</code></a>
Bump the github-actions-backward-compatible group across 1 directory
with 2 u...</li>
<li><a
href="c009de06b7"><code>c009de0</code></a>
Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the
github-actions-breaki...</li>
<li><a
href="0474357931"><code>0474357</code></a>
Update GitHub Actions to trigger on pull requests and update go version
(<a
href="https://redirect.github.com/hashicorp/go-version/issues/185">#185</a>)</li>
<li><a
href="b4ab5fc7d9"><code>b4ab5fc</code></a>
Support parsing versions with custom prefixes via opt-in option (<a
href="https://redirect.github.com/hashicorp/go-version/issues/79">#79</a>)</li>
<li><a
href="25c683be0f"><code>25c683b</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-version/issues/182">#182</a>
from hashicorp/dependabot/github_actions/github-actio...</li>
<li><a
href="4f2bcd85ae"><code>4f2bcd8</code></a>
Bump the github-actions-backward-compatible group with 3 updates</li>
<li><a
href="acb8b18f5c"><code>acb8b18</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-version/issues/180">#180</a>
from hashicorp/dependabot/github_actions/github-actio...</li>
<li><a
href="0394c4f5eb"><code>0394c4f</code></a>
Merge pull request <a
href="https://redirect.github.com/hashicorp/go-version/issues/179">#179</a>
from hashicorp/dependabot/github_actions/github-actio...</li>
<li><a
href="b2fbaa797b"><code>b2fbaa7</code></a>
Bump the github-actions-backward-compatible group across 1 directory
with 2 u...</li>
<li>Additional commits viewable in <a
href="https://github.com/hashicorp/go-version/compare/v1.8.0...v1.9.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/hashicorp/go-version&package-manager=go_modules&previous-version=1.8.0&new-version=1.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-30 11:50:56 +00:00
Yevhenii Shcherbina
a86b8ab6f8 feat: aibridge BYOK (#23013) 
### Changes

  **coder/coder:**

- `coderd/aibridge/aibridge.go` — Added `HeaderCoderBYOKToken` constant,
`IsBYOK()` helper, and updated `ExtractAuthToken` to check the BYOK
header first.
- `enterprise/aibridged/http.go` — BYOK-aware header stripping: in BYOK
mode only the BYOK header is stripped (user's LLM credentials
preserved); in centralized mode all auth headers are stripped.
  
 <hr/>
 
**NOTE**: `X-Coder-Token` was removed! As of now `ExtractAuthToken`
retrieves token either from `X-Coder-AI-Governance-BYOK-Token` or from
`Authorization`/`X-Api-Key`.

---------

Co-authored-by: Susana Ferreira <susana@coder.com>
Co-authored-by: Danny Kopping <danny@coder.com>
 2026-03-25 14:17:56 -04:00
Hugo Dutka
398e2d3d8a chore: upgrade kylecarbs/fantasy to 112927d9b6d8 (#23596) 
The `ComputerUseProviderTool` function needed a little bit of an
adjustment because I changed `NewComputerUseTool`'s signature in
upstream fantasy a little bit.
 2026-03-25 15:30:46 +00:00
Michael Suchacz
5f57465518 fix: support xhigh reasoning effort for OpenAI models (#23545) 
## Summary

Adds `xhigh` to the OpenAI reasoning effort normalizer so GPT-5.4 class
models can use `reasoning_effort: xhigh` without it being silently
dropped.

## Problem

The SDK schema (`codersdk/chats.go`) already advertises `xhigh` as a
valid `reasoning_effort` value, but the runtime normalizer in
`chatprovider.go` only accepts `minimal|low|medium|high` for the OpenAI
provider. When a user sets `xhigh`, `ReasoningEffortFromChat()` returns
`nil` and the value never reaches the OpenAI API.

## Changes

- **Fantasy dependency**: Updated `kylecarbs/fantasy` (cj/go1.25) which
now includes the `ReasoningEffortXHigh` constant
([kylecarbs/fantasy#9](https://github.com/kylecarbs/fantasy/pull/9)).
- **`chatprovider.go`**: Adds `fantasyopenai.ReasoningEffortXHigh` to
the OpenAI case in `ReasoningEffortFromChat()`.
- **`chatprovider_test.go`**: Adds `OpenAIXHighEffort` test case.

## Upstream

-
[charmbracelet/fantasy#186](https://github.com/charmbracelet/fantasy/pull/186)
 2026-03-25 11:44:05 +01:00
Michael Suchacz
02356c61f6 fix: use previous_response_id chaining for OpenAI store=true follow-ups (#23450) 
OpenAI Responses follow-up turns were replaying full assistant/tool
history even when `store=true`, which breaks after reasoning +
provider-executed `web_search` output.

This change persists the OpenAI response ID on assistant messages, then
in `coderd/x/chatd` switches `store=true` follow-ups to
`previous_response_id` chaining with a system + new-user-only prompt.
`store=false` and missing-ID cases still fall back to manual replay.

It also updates the fake OpenAI server and integration coverage for the
chaining contract, and carries the rebased path move to `coderd/x/chatd`
plus the migration renumber needed after rebasing onto `main`.
 2026-03-24 14:57:40 +01:00
dependabot[bot]
796190d435 chore: bump github.com/gohugoio/hugo from 0.157.0 to 0.158.0 (#23432) 
Bumps [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) from
0.157.0 to 0.158.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gohugoio/hugo/releases">github.com/gohugoio/hugo's
releases</a>.</em></p>
<blockquote>
<h2>v0.158.0</h2>
<p>This release adds <a
href="https://gohugo.io/functions/css/build/">css.Build</a>, native and
very fast bundling/transformation/minifying of CSS resources. Also see
the new <a
href="https://gohugo.io/functions/strings/replacepairs/">strings.ReplacePairs</a>,
a very fast option if you need to do many string replacements.</p>
<h2>Notes</h2>
<ul>
<li>Upgrade to to Go 1.26.1 (<a
href="https://redirect.github.com/gohugoio/hugo/issues/14597">#14597</a>)
(note) 1f578f16 <a href="https://github.com/bep"><code>@​bep</code></a>
<a
href="https://redirect.github.com/gohugoio/hugo/issues/14595">#14595</a>.
This fixes a security issue in Go's template package used by Hugo: <a
href="https://www.cve.org/CVERecord?id=CVE-2026-27142">https://www.cve.org/CVERecord?id=CVE-2026-27142</a></li>
</ul>
<h2>Deprecations</h2>
<p>The methods and config options are deprecated and will be removed in
a future Hugo release.</p>
<p>Also see <a
href="https://discourse.gohugo.io/t/deprecations-in-v0-158-0/56869">this
article</a></p>
<h3>Language configuration</h3>
<ul>
<li><code>languageCode</code> → Use <code>locale</code> instead.</li>
<li><code>languages.&lt;lang&gt;.languageCode</code> → Use
<code>languages.&lt;lang&gt;.locale</code> instead.</li>
<li><code>languages.&lt;lang&gt;.languageName</code> → Use
<code>languages.&lt;lang&gt;.label</code> instead.</li>
<li><code>languages.&lt;lang&gt;.languageDirection</code> → Use
<code>languages.&lt;lang&gt;.direction</code> instead.</li>
</ul>
<h3>Language methods</h3>
<ul>
<li><code>.Site.LanguageCode</code> → Use
<code>.Site.Language.Locale</code> instead.</li>
<li><code>.Language.LanguageCode</code> → Use
<code>.Language.Locale</code> instead.</li>
<li><code>.Language.LanguageName</code> → Use
<code>.Language.Label</code> instead.</li>
<li><code>.Language.LanguageDirection</code> → Use
<code>.Language.Direction</code> instead.</li>
</ul>
<h2>Bug fixes</h2>
<ul>
<li>tpl/css: Fix external source maps e431f90b <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14620">#14620</a></li>
<li>hugolib: Fix server no watch 59e0446f <a
href="https://github.com/jmooring"><code>@​jmooring</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14615">#14615</a></li>
<li>resources: Fix context canceled on GetRemote with per-request
timeout 842d8f10 <a href="https://github.com/bep"><code>@​bep</code></a>
<a
href="https://redirect.github.com/gohugoio/hugo/issues/14611">#14611</a></li>
<li>tpl/tplimpl: Prefer early suffixes when media type matches 4eafd9eb
<a href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/13877">#13877</a>
<a
href="https://redirect.github.com/gohugoio/hugo/issues/14601">#14601</a></li>
<li>all: Run go fix ./... e3108225 <a
href="https://github.com/bep"><code>@​bep</code></a></li>
<li>internal/warpc: Fix SIGSEGV in Close() when dispatcher fails to
start c9b88e4d <a href="https://github.com/bep"><code>@​bep</code></a>
<a
href="https://redirect.github.com/gohugoio/hugo/issues/14536">#14536</a></li>
<li>Fix index out of range panic in fileEventsContentPaths f797f849 <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14573">#14573</a></li>
</ul>
<h2>Improvements</h2>
<ul>
<li>resources: Re-publish on transformation cache hit 3c980c07 <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14629">#14629</a></li>
<li>create/skeletons: Use css.Build in theme skeleton 404ac000 <a
href="https://github.com/jmooring"><code>@​jmooring</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14626">#14626</a></li>
<li>tpl/css: Add a test case for rebuilds on CSS options changes
06fcb724 <a href="https://github.com/bep"><code>@​bep</code></a></li>
<li>hugolib: Allow regular pages to cascade to self 9b5f1d49 <a
href="https://github.com/jmooring"><code>@​jmooring</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14627">#14627</a></li>
<li>tpl/css: Allow the user to override single loader entries 623722bb
<a href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14623">#14623</a></li>
<li>tpl/css: Make default loader resolution for CSS <a
href="https://github.com/import"><code>@​import</code></a> and url()
always behave the same a7cbcf15 <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14619">#14619</a></li>
<li>internal/js: Add default mainFields for CSS builds 36cdb2c7 <a
href="https://github.com/jmooring"><code>@​jmooring</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14614">#14614</a></li>
<li>Add css.Build 3e3b849c <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14609">#14609</a>
<a
href="https://redirect.github.com/gohugoio/hugo/issues/14613">#14613</a></li>
<li>resources: Use full path for Exif etc. decoding error/warning
messages c47ec233 <a
href="https://github.com/bep"><code>@​bep</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/12693">#12693</a></li>
<li>Move to new locales library and upgrade CLDR from v36.1 to v48.1
4652ae4a <a href="https://github.com/bep"><code>@​bep</code></a></li>
<li>tpl/strings: Add strings.ReplacePairs function 13a95b9c <a
href="https://github.com/jmooring"><code>@​jmooring</code></a> <a
href="https://redirect.github.com/gohugoio/hugo/issues/14594">#14594</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f41be7959a"><code>f41be79</code></a>
releaser: Bump versions for release of 0.158.0</li>
<li><a
href="0e46a97e8a"><code>0e46a97</code></a>
deps: Upgrade github.com/evanw/esbuild v0.27.3 =&gt; v0.27.4</li>
<li><a
href="c27d9e8fcf"><code>c27d9e8</code></a>
build(deps): bump github.com/getkin/kin-openapi from 0.133.0 to
0.134.0</li>
<li><a
href="098eac59a9"><code>098eac5</code></a>
build(deps): bump golang.org/x/tools from 0.42.0 to 0.43.0</li>
<li><a
href="3c980c072e"><code>3c980c0</code></a>
resources: Re-publish on transformation cache hit</li>
<li><a
href="404ac00001"><code>404ac00</code></a>
create/skeletons: Use css.Build in theme skeleton</li>
<li><a
href="06fcb72421"><code>06fcb72</code></a>
tpl/css: Add a test case for rebuilds on CSS options changes</li>
<li><a
href="9b5f1d491d"><code>9b5f1d4</code></a>
hugolib: Allow regular pages to cascade to self</li>
<li><a
href="87f8de8c7a"><code>87f8de8</code></a>
build(deps): bump gocloud.dev from 0.44.0 to 0.45.0</li>
<li><a
href="67ef6c68de"><code>67ef6c6</code></a>
build(deps): bump golang.org/x/sync from 0.19.0 to 0.20.0</li>
<li>Additional commits viewable in <a
href="https://github.com/gohugoio/hugo/compare/v0.157.0...v0.158.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gohugoio/hugo&package-manager=go_modules&previous-version=0.157.0&new-version=0.158.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-24 03:59:55 +00:00
dependabot[bot]
0900a44ff3 chore: bump github.com/fatih/color from 1.18.0 to 1.19.0 (#23431) 
Bumps [github.com/fatih/color](https://github.com/fatih/color) from
1.18.0 to 1.19.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/fatih/color/releases">github.com/fatih/color's
releases</a>.</em></p>
<blockquote>
<h2>v1.19.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump golang.org/x/sys from 0.25.0 to 0.28.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/fatih/color/pull/246">fatih/color#246</a></li>
<li>Fix for issue <a
href="https://redirect.github.com/fatih/color/issues/230">#230</a>
set/unsetwriter symmetric wrt color support detection by <a
href="https://github.com/ataypamart"><code>@​ataypamart</code></a> in <a
href="https://redirect.github.com/fatih/color/pull/243">fatih/color#243</a></li>
<li>chore: go mod cleanup by <a
href="https://github.com/sashamelentyev"><code>@​sashamelentyev</code></a>
in <a
href="https://redirect.github.com/fatih/color/pull/244">fatih/color#244</a></li>
<li>Bump golang.org/x/sys from 0.28.0 to 0.30.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/fatih/color/pull/249">fatih/color#249</a></li>
<li>Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/fatih/color/pull/248">fatih/color#248</a></li>
<li>Update CI and go deps by <a
href="https://github.com/fatih"><code>@​fatih</code></a> in <a
href="https://redirect.github.com/fatih/color/pull/254">fatih/color#254</a></li>
<li>Bump golang.org/x/sys from 0.31.0 to 0.37.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/fatih/color/pull/268">fatih/color#268</a></li>
<li>fix: include escape codes in byte counts from <code>Fprint</code>,
<code>Fprintf</code> by <a
href="https://github.com/qualidafial"><code>@​qualidafial</code></a> in
<a
href="https://redirect.github.com/fatih/color/pull/282">fatih/color#282</a></li>
<li>Bump golang.org/x/sys from 0.37.0 to 0.40.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/fatih/color/pull/277">fatih/color#277</a></li>
<li>fix: add nil check for os.Stdout to prevent panic on Windows
services by <a
href="https://github.com/majiayu000"><code>@​majiayu000</code></a> in <a
href="https://redirect.github.com/fatih/color/pull/275">fatih/color#275</a></li>
<li>Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/fatih/color/pull/259">fatih/color#259</a></li>
<li>Bump actions/checkout from 4 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/fatih/color/pull/273">fatih/color#273</a></li>
<li>Optimize Color.Equals performance (O(n²) → O(n)) by <a
href="https://github.com/UnSubble"><code>@​UnSubble</code></a> in <a
href="https://redirect.github.com/fatih/color/pull/269">fatih/color#269</a></li>
<li>Bump actions/setup-go from 5 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/fatih/color/pull/266">fatih/color#266</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/ataypamart"><code>@​ataypamart</code></a> made
their first contribution in <a
href="https://redirect.github.com/fatih/color/pull/243">fatih/color#243</a></li>
<li><a
href="https://github.com/sashamelentyev"><code>@​sashamelentyev</code></a>
made their first contribution in <a
href="https://redirect.github.com/fatih/color/pull/244">fatih/color#244</a></li>
<li><a
href="https://github.com/qualidafial"><code>@​qualidafial</code></a>
made their first contribution in <a
href="https://redirect.github.com/fatih/color/pull/282">fatih/color#282</a></li>
<li><a
href="https://github.com/majiayu000"><code>@​majiayu000</code></a> made
their first contribution in <a
href="https://redirect.github.com/fatih/color/pull/275">fatih/color#275</a></li>
<li><a href="https://github.com/UnSubble"><code>@​UnSubble</code></a>
made their first contribution in <a
href="https://redirect.github.com/fatih/color/pull/269">fatih/color#269</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/fatih/color/compare/v1.18.0...v1.19.0">https://github.com/fatih/color/compare/v1.18.0...v1.19.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ca25f6e17f"><code>ca25f6e</code></a>
Merge pull request <a
href="https://redirect.github.com/fatih/color/issues/266">#266</a> from
fatih/dependabot/github_actions/actions/setup-go-6</li>
<li><a
href="120598440a"><code>1205984</code></a>
Bump actions/setup-go from 5 to 6</li>
<li><a
href="5715c20323"><code>5715c20</code></a>
Merge pull request <a
href="https://redirect.github.com/fatih/color/issues/269">#269</a> from
UnSubble/main</li>
<li><a
href="2f6e200376"><code>2f6e200</code></a>
Merge branch 'main' into main</li>
<li><a
href="f72ec947d0"><code>f72ec94</code></a>
Merge pull request <a
href="https://redirect.github.com/fatih/color/issues/273">#273</a> from
fatih/dependabot/github_actions/actions/checkout-6</li>
<li><a
href="848e6330af"><code>848e633</code></a>
Merge branch 'main' into main</li>
<li><a
href="4c2cd34439"><code>4c2cd34</code></a>
Add tests</li>
<li><a
href="7f812f029c"><code>7f812f0</code></a>
Bump actions/checkout from 4 to 6</li>
<li><a
href="b7fc9f9557"><code>b7fc9f9</code></a>
Merge pull request <a
href="https://redirect.github.com/fatih/color/issues/259">#259</a> from
fatih/dependabot/github_actions/dominikh/staticc...</li>
<li><a
href="239a88f715"><code>239a88f</code></a>
Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0</li>
<li>Additional commits viewable in <a
href="https://github.com/fatih/color/compare/v1.18.0...v1.19.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/fatih/color&package-manager=go_modules&previous-version=1.18.0&new-version=1.19.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 11:41:47 +00:00
dependabot[bot]
4537413315 chore: bump google.golang.org/api from 0.271.0 to 0.272.0 (#23430) 
Bumps
[google.golang.org/api](https://github.com/googleapis/google-api-go-client)
from 0.271.0 to 0.272.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.272.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.271.0...v0.272.0">0.272.0</a>
(2026-03-16)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3534">#3534</a>)
(<a
href="b4d37a1279">b4d37a1</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3536">#3536</a>)
(<a
href="549ef3e695">549ef3e</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3537">#3537</a>)
(<a
href="6def284013">6def284</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3538">#3538</a>)
(<a
href="319b5abcbc">319b5ab</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3539">#3539</a>)
(<a
href="73bcfcf9b2">73bcfcf</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3541">#3541</a>)
(<a
href="6374c496fd">6374c49</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.271.0...v0.272.0">0.272.0</a>
(2026-03-16)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3534">#3534</a>)
(<a
href="b4d37a1279">b4d37a1</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3536">#3536</a>)
(<a
href="549ef3e695">549ef3e</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3537">#3537</a>)
(<a
href="6def284013">6def284</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3538">#3538</a>)
(<a
href="319b5abcbc">319b5ab</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3539">#3539</a>)
(<a
href="73bcfcf9b2">73bcfcf</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3541">#3541</a>)
(<a
href="6374c496fd">6374c49</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e7df9fe0b9"><code>e7df9fe</code></a>
chore(main): release 0.272.0 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3535">#3535</a>)</li>
<li><a
href="5d8b2662ac"><code>5d8b266</code></a>
chore(all): update all (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3540">#3540</a>)</li>
<li><a
href="6374c496fd"><code>6374c49</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3541">#3541</a>)</li>
<li><a
href="73bcfcf9b2"><code>73bcfcf</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3539">#3539</a>)</li>
<li><a
href="319b5abcbc"><code>319b5ab</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3538">#3538</a>)</li>
<li><a
href="6def284013"><code>6def284</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3537">#3537</a>)</li>
<li><a
href="549ef3e695"><code>549ef3e</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3536">#3536</a>)</li>
<li><a
href="b4d37a1279"><code>b4d37a1</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3534">#3534</a>)</li>
<li>See full diff in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.271.0...v0.272.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.271.0&new-version=0.272.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 11:33:26 +00:00
dependabot[bot]
f2b9d5f8f7 chore: bump github.com/fergusstrange/embedded-postgres from 1.32.0 to 1.34.0 (#23428) 
Bumps
[github.com/fergusstrange/embedded-postgres](https://github.com/fergusstrange/embedded-postgres)
from 1.32.0 to 1.34.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/fergusstrange/embedded-postgres/releases">github.com/fergusstrange/embedded-postgres's
releases</a>.</em></p>
<blockquote>
<h2>v1.34.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump V18 from 18.0.0 to 18.3.0 to fix darwin/arm64 by <a
href="https://github.com/nzoschke"><code>@​nzoschke</code></a> in <a
href="https://redirect.github.com/fergusstrange/embedded-postgres/pull/166">fergusstrange/embedded-postgres#166</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/nzoschke"><code>@​nzoschke</code></a>
made their first contribution in <a
href="https://redirect.github.com/fergusstrange/embedded-postgres/pull/166">fergusstrange/embedded-postgres#166</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/fergusstrange/embedded-postgres/compare/v1.33.0...v1.34.0">https://github.com/fergusstrange/embedded-postgres/compare/v1.33.0...v1.34.0</a></p>
<h2>v1.33.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add support for Postgres 18 and update default version by <a
href="https://github.com/otakakot"><code>@​otakakot</code></a> in <a
href="https://redirect.github.com/fergusstrange/embedded-postgres/pull/162">fergusstrange/embedded-postgres#162</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/otakakot"><code>@​otakakot</code></a>
made their first contribution in <a
href="https://redirect.github.com/fergusstrange/embedded-postgres/pull/162">fergusstrange/embedded-postgres#162</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/fergusstrange/embedded-postgres/compare/v1.32.0...v1.33.0">https://github.com/fergusstrange/embedded-postgres/compare/v1.32.0...v1.33.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="490777eebf"><code>490777e</code></a>
Bump V18 from 18.0.0 to 18.3.0 to fix darwin/arm64 (<a
href="https://redirect.github.com/fergusstrange/embedded-postgres/issues/166">#166</a>)</li>
<li><a
href="f351010461"><code>f351010</code></a>
Update README.md</li>
<li><a
href="cf5b3570ca"><code>cf5b357</code></a>
Update CircleCI config: add Rosetta installation step for macOS
executor</li>
<li><a
href="a278227198"><code>a278227</code></a>
Update CircleCI config: specify Go version 1.18 for macOS executor</li>
<li><a
href="e96b8985a6"><code>e96b898</code></a>
Update CircleCI config: change Apple executor from m2 to m4</li>
<li><a
href="10719368a4"><code>1071936</code></a>
Update CircleCI config: rename cache steps for Go modules</li>
<li><a
href="2bb06046c7"><code>2bb0604</code></a>
Update CircleCI config: modify macOS executor, upgrade xcode and go
orb</li>
<li><a
href="8b9ced41d4"><code>8b9ced4</code></a>
Add OSSI_TOKEN and OSSI_USERNAME to Nancy action environment</li>
<li><a
href="482d903234"><code>482d903</code></a>
Bump Nancy Vulnerability Checker to v1.0.52</li>
<li><a
href="3578d6e730"><code>3578d6e</code></a>
Add support for Postgres 18 and update default version (<a
href="https://redirect.github.com/fergusstrange/embedded-postgres/issues/162">#162</a>)</li>
<li>See full diff in <a
href="https://github.com/fergusstrange/embedded-postgres/compare/v1.32.0...v1.34.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/fergusstrange/embedded-postgres&package-manager=go_modules&previous-version=1.32.0&new-version=1.34.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 11:27:49 +00:00
Michael Suchacz
a6ba61e607 fix: use upstream fantasy fix for store=false replay (#23368) 2026-03-20 15:14:02 -04:00
dependabot[bot]
be5f9b1ffd chore: bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 (#23344) 
Bumps [github.com/buger/jsonparser](https://github.com/buger/jsonparser)
from 1.1.1 to 1.1.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/buger/jsonparser/releases">github.com/buger/jsonparser's
releases</a>.</em></p>
<blockquote>
<h2>v1.1.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Updated travis to build for 1.13 to 1.15 by <a
href="https://github.com/janreggie"><code>@​janreggie</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/225">buger/jsonparser#225</a></li>
<li>
<ul>
<li>eliminate 2 allocations in EachKey() by <a
href="https://github.com/Villenny"><code>@​Villenny</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/223">buger/jsonparser#223</a></li>
</ul>
</li>
<li>fix issue <a
href="https://redirect.github.com/buger/jsonparser/issues/150">#150</a>
(in deleting case) by <a
href="https://github.com/daria-kay"><code>@​daria-kay</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/226">buger/jsonparser#226</a></li>
<li>fixing the oss-fuzz issue by <a
href="https://github.com/daria-kay"><code>@​daria-kay</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/227">buger/jsonparser#227</a></li>
<li>Fix parseInt overflow check false negative by <a
href="https://github.com/carsonip"><code>@​carsonip</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/231">buger/jsonparser#231</a></li>
<li>Added bespoke error for null cases by <a
href="https://github.com/jonomacd"><code>@​jonomacd</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/228">buger/jsonparser#228</a></li>
<li>Fuzzing: Add CIFuzz by <a
href="https://github.com/AdamKorcz"><code>@​AdamKorcz</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/239">buger/jsonparser#239</a></li>
<li>Added latest versions of go to tests by <a
href="https://github.com/moredure"><code>@​moredure</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/244">buger/jsonparser#244</a></li>
<li>fix EachKey pIdxFlags allocation by <a
href="https://github.com/unxcepted"><code>@​unxcepted</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/241">buger/jsonparser#241</a></li>
<li>fix: prevent panic on negative slice index in Delete with malformed
JSON (GO-2026-4514) by <a
href="https://github.com/dbarrosop"><code>@​dbarrosop</code></a> in <a
href="https://redirect.github.com/buger/jsonparser/pull/276">buger/jsonparser#276</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/janreggie"><code>@​janreggie</code></a>
made their first contribution in <a
href="https://redirect.github.com/buger/jsonparser/pull/225">buger/jsonparser#225</a></li>
<li><a href="https://github.com/Villenny"><code>@​Villenny</code></a>
made their first contribution in <a
href="https://redirect.github.com/buger/jsonparser/pull/223">buger/jsonparser#223</a></li>
<li><a href="https://github.com/daria-kay"><code>@​daria-kay</code></a>
made their first contribution in <a
href="https://redirect.github.com/buger/jsonparser/pull/226">buger/jsonparser#226</a></li>
<li><a href="https://github.com/carsonip"><code>@​carsonip</code></a>
made their first contribution in <a
href="https://redirect.github.com/buger/jsonparser/pull/231">buger/jsonparser#231</a></li>
<li><a href="https://github.com/jonomacd"><code>@​jonomacd</code></a>
made their first contribution in <a
href="https://redirect.github.com/buger/jsonparser/pull/228">buger/jsonparser#228</a></li>
<li><a href="https://github.com/moredure"><code>@​moredure</code></a>
made their first contribution in <a
href="https://redirect.github.com/buger/jsonparser/pull/244">buger/jsonparser#244</a></li>
<li><a href="https://github.com/unxcepted"><code>@​unxcepted</code></a>
made their first contribution in <a
href="https://redirect.github.com/buger/jsonparser/pull/241">buger/jsonparser#241</a></li>
<li><a href="https://github.com/dbarrosop"><code>@​dbarrosop</code></a>
made their first contribution in <a
href="https://redirect.github.com/buger/jsonparser/pull/276">buger/jsonparser#276</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2">https://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a69e7e01cd"><code>a69e7e0</code></a>
Merge pull request <a
href="https://redirect.github.com/buger/jsonparser/issues/276">#276</a>
from dbarrosop/master</li>
<li><a
href="d3eacc0bab"><code>d3eacc0</code></a>
fix: prevent panic on negative slice index in Delete with malformed JSON
(GO-...</li>
<li><a
href="61b32cfdfa"><code>61b32cf</code></a>
Merge pull request <a
href="https://redirect.github.com/buger/jsonparser/issues/241">#241</a>
from unxcepted/master</li>
<li><a
href="2181e8398f"><code>2181e83</code></a>
Merge pull request <a
href="https://redirect.github.com/buger/jsonparser/issues/244">#244</a>
from ScaleChamp/patch-2</li>
<li><a
href="1510b51941"><code>1510b51</code></a>
Added latest versions of go to tests</li>
<li><a
href="6fc2e488ed"><code>6fc2e48</code></a>
fix: eachkey allocation</li>
<li><a
href="a6f867eb77"><code>a6f867e</code></a>
Merge pull request <a
href="https://redirect.github.com/buger/jsonparser/issues/239">#239</a>
from AdamKorcz/cifuzz1</li>
<li><a
href="cbc01fdbbe"><code>cbc01fd</code></a>
Fuzzing: Add CIFuzz</li>
<li><a
href="dc92d6932a"><code>dc92d69</code></a>
Merge pull request <a
href="https://redirect.github.com/buger/jsonparser/issues/228">#228</a>
from jonomacd/null-handling</li>
<li><a
href="2d9d6343e8"><code>2d9d634</code></a>
Merge pull request <a
href="https://redirect.github.com/buger/jsonparser/issues/231">#231</a>
from carsonip/fix-parseint-overflow-check</li>
<li>Additional commits viewable in <a
href="https://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/buger/jsonparser&package-manager=go_modules&previous-version=1.1.1&new-version=1.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-20 02:16:34 +00:00
Kyle Carberry
86cb313765 fix: update fantasy to fix OpenAI reasoning replay with Store enabled (#23297) 
## Problem

When `Store: true` is set for OpenAI Responses API calls (the new
default), multi-turn conversations with reasoning models fail on the
second message:

```
stream response: bad request: Item 'rs_xxx' of type 'reasoning' was provided
without its required following item.
```

The fantasy library was reconstructing full `OfReasoning` input items
(with encrypted content and summary) when replaying assistant messages.
The API cannot pair these reconstructed reasoning items with the output
items that originally followed them because the output items are sent as
plain `OfMessage` without server-side IDs.

## Fix

Updates the fantasy dependency (`kylecarbs/fantasy@cj/go1.25`) to skip
reasoning parts during conversation replay in `toResponsesPrompt`. With
`Store` enabled, the API already has the reasoning persisted server-side
— it doesn't need to be replayed in the input.

Fantasy PR: https://github.com/charmbracelet/fantasy/pull/181

## Testing

Adds `TestOpenAIReasoningRoundTrip` integration test that:
1. Sends a query to `o4-mini` (reasoning model with `Store: true`)
2. Verifies reasoning content is persisted
3. Sends a follow-up message — this was the failing step
4. Verifies the follow-up completes successfully

Requires `OPENAI_API_KEY` env var to run.
 2026-03-19 15:36:29 +00:00
Kyle Carberry
fdc2366227 chore: update fantasy dep to rebased cj/go1.25 branch (#23242) 
Updates the `charm.land/fantasy` replace to the rebased `cj/go1.25`
branch on `kylecarbs/fantasy`, which now includes:

- **chore: downgrade to Go 1.25**
- **feat: anthropic computer use**
- **chore: use kylecarbs/openai-go fork for coder/coder compat**

Switches the `openai-go/v3` replace from `SasSwart/openai-go` →
`kylecarbs/openai-go`, which is the same SasSwart perf fork plus a fix
for `WithJSONSet` being clobbered by deferred body serialization.
Without the fix, `NewStreaming` silently drops `stream: true` from
requests. See https://github.com/kylecarbs/openai-go/pull/2 for details.
 2026-03-19 12:59:39 +00:00
dependabot[bot]
7877b26088 chore: bump google.golang.org/grpc from 1.79.2 to 1.79.3 (#23271) 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from
1.79.2 to 1.79.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's
releases</a>.</em></p>
<blockquote>
<h2>Release 1.79.3</h2>
<h1>Security</h1>
<ul>
<li>server: fix an authorization bypass where malformed :path headers
(missing the leading slash) could bypass path-based restricted
&quot;deny&quot; rules in interceptors like <code>grpc/authz</code>. Any
request with a non-canonical path is now immediately rejected with an
<code>Unimplemented</code> error. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8981">#8981</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dda86dbd9c"><code>dda86db</code></a>
Change version to 1.79.3 (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8983">#8983</a>)</li>
<li><a
href="72186f163e"><code>72186f1</code></a>
grpc: enforce strict path checking for incoming requests on the server
(<a
href="https://redirect.github.com/grpc/grpc-go/issues/8981">#8981</a>)</li>
<li><a
href="97ca3522b2"><code>97ca352</code></a>
Changing version to 1.79.3-dev (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8954">#8954</a>)</li>
<li>See full diff in <a
href="https://github.com/grpc/grpc-go/compare/v1.79.2...v1.79.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/grpc&package-manager=go_modules&previous-version=1.79.2&new-version=1.79.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-19 02:46:30 +00:00
Steven Masley
c46136ff73 chore: update coder/trivy override (#23230) 
Coder/preview does this update as well. Because it is a `replace`, we
have to manually update our `replace` too
 2026-03-18 12:03:56 -05:00
Kacper Sawicki
1e07ec49a6 feat: add merge_strategy support for coder_env resources (#23107) 
## Description

Implements the server-side merge logic for the `merge_strategy`
attribute added to `coder_env` in [terraform-provider-coder
v2.15.0](https://github.com/coder/terraform-provider-coder/pull/489).
This allows template authors to control how duplicate environment
variable names are combined across multiple `coder_env` resources.

Relates to https://github.com/coder/coder/issues/21885

## Supported strategies

| Strategy | Behavior |
|----------|----------|
| `replace` (default) | Last value wins — backward compatible |
| `append` | Joins values with `:` separator (e.g. PATH additions) |
| `prepend` | Prepends value with `:` separator |
| `error` | Fails the build if the variable is already defined |

## Example

```hcl
resource "coder_env" "path_tools" {
  agent_id       = coder_agent.dev.id
  name           = "PATH"
  value          = "/home/coder/tools/bin"
  merge_strategy = "append"
}
```

## Changes

- **Proto**: Added `merge_strategy` field to `Env` message in
`provisioner.proto`
- **State reader**: Updated `agentEnvAttributes` struct and proto
construction in `resources.go`
- **Merge logic**: Added `mergeExtraEnvs()` function in
`provisionerdserver.go` with strategy-aware merging for both agent envs
and devcontainer subagent envs
- **Tests**: 15 unit tests covering all strategies, edge cases (empty
values, mixed strategies, multiple appends)
- **Dependency**: Bumped `terraform-provider-coder` v2.14.0 → v2.15.0
- **Fixtures**: Updated `duplicate-env-keys` test fixtures and golden
files

## Ordering

When multiple resources `append` or `prepend` to the same key, they are
processed in alphabetical order by Terraform resource address (per the
determinism fix in #22706).
 2026-03-18 15:43:28 +01:00
Ben Potter
f3bf5baba0 chore: update coder/tailscale fork to 33e050fd4bd9 (#23191) 
Updates the tailscale replace directive to pick up two new commits from
[coder/tailscale](https://github.com/coder/tailscale):

- [feat(magicsock): add DERPTLSConfig for custom TLS configuration
(#105)](8ffb3e998b)
- [chore: improve logging for derp server mesh clients
(#107)](33e050fd4b)

Relates to: PRODUCT-204
 2026-03-18 15:14:02 +11:00
Danny Kopping
365de3e367 feat: record model thoughts (#22676) 
Depends on https://github.com/coder/aibridge/pull/203
Closes https://github.com/coder/internal/issues/1337

---------

Signed-off-by: Danny Kopping <danny@coder.com>
 2026-03-17 11:41:10 +00:00
dependabot[bot]
2927fea959 chore: bump the x group with 6 updates (#23100) 
Bumps the x group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.48.0` |
`0.49.0` |
| [golang.org/x/mod](https://github.com/golang/mod) | `0.33.0` |
`0.34.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.51.0` |
`0.52.0` |
| [golang.org/x/term](https://github.com/golang/term) | `0.40.0` |
`0.41.0` |
| [golang.org/x/text](https://github.com/golang/text) | `0.34.0` |
`0.35.0` |
| [golang.org/x/tools](https://github.com/golang/tools) | `0.42.0` |
`0.43.0` |

Updates `golang.org/x/crypto` from 0.48.0 to 0.49.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="982eaa62df"><code>982eaa6</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="159944f128"><code>159944f</code></a>
ssh,acme: clean up tautological/impossible nil conditions</li>
<li><a
href="a408498e55"><code>a408498</code></a>
acme: only require prompt if server has terms of service</li>
<li><a
href="cab0f71854"><code>cab0f71</code></a>
all: upgrade go directive to at least 1.25.0 [generated]</li>
<li><a
href="2f26647a79"><code>2f26647</code></a>
x509roots/fallback: update bundle</li>
<li>See full diff in <a
href="https://github.com/golang/crypto/compare/v0.48.0...v0.49.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/mod` from 0.33.0 to 0.34.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1ac721dff8"><code>1ac721d</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="fb1fac8b36"><code>fb1fac8</code></a>
all: upgrade go directive to at least 1.25.0 [generated]</li>
<li>See full diff in <a
href="https://github.com/golang/mod/compare/v0.33.0...v0.34.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/net` from 0.51.0 to 0.52.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="316e20ce34"><code>316e20c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="9767a42264"><code>9767a42</code></a>
internal/http3: add support for plugging into net/http</li>
<li><a
href="4a812844d8"><code>4a81284</code></a>
http2: update docs to disrecommend this package</li>
<li><a
href="dec6603c16"><code>dec6603</code></a>
dns/dnsmessage: reject too large of names early during unpack</li>
<li><a
href="8afa12f927"><code>8afa12f</code></a>
http2: deprecate write schedulers</li>
<li><a
href="38019a2dbc"><code>38019a2</code></a>
http2: add missing copyright header to export_test.go</li>
<li><a
href="039b87fac4"><code>039b87f</code></a>
internal/http3: return error when Write is used after status 304 is
set</li>
<li><a
href="6267c6c4c8"><code>6267c6c</code></a>
internal/http3: add HTTP 103 Early Hints support to ClientConn</li>
<li><a
href="591bdf35bc"><code>591bdf3</code></a>
internal/http3: add HTTP 103 Early Hints support to Server</li>
<li><a
href="1faa6d8722"><code>1faa6d8</code></a>
internal/http3: avoid potential race when aborting RoundTrip</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/net/compare/v0.51.0...v0.52.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/term` from 0.40.0 to 0.41.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9d2dc074d2"><code>9d2dc07</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="d954e03213"><code>d954e03</code></a>
all: upgrade go directive to at least 1.25.0 [generated]</li>
<li>See full diff in <a
href="https://github.com/golang/term/compare/v0.40.0...v0.41.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/text` from 0.34.0 to 0.35.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7ca2c6d991"><code>7ca2c6d</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="73d1ba9140"><code>73d1ba9</code></a>
all: upgrade go directive to at least 1.25.0 [generated]</li>
<li>See full diff in <a
href="https://github.com/golang/text/compare/v0.34.0...v0.35.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/tools` from 0.42.0 to 0.43.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="24a8e95f9d"><code>24a8e95</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="3dd57fba1a"><code>3dd57fb</code></a>
gopls/internal/mcp: refactor unified diff generation</li>
<li><a
href="fcc014db2b"><code>fcc014d</code></a>
cmd/digraph: fix package doc</li>
<li><a
href="39f0f5c6d3"><code>39f0f5c</code></a>
cmd/stress: add -failfast flag</li>
<li><a
href="063c2644e2"><code>063c264</code></a>
gopls/test/integration/misc: add diagnostics to flaky test</li>
<li><a
href="deb6130cda"><code>deb6130</code></a>
gopls/internal/golang: fix hover panic in raw strings with CRLF</li>
<li><a
href="5f1186b975"><code>5f1186b</code></a>
gopls/internal/analysis/driverutil: remove unnecessary new imports</li>
<li><a
href="ff45494426"><code>ff45494</code></a>
go/analysis: expose GoMod etc. to Pass.Module</li>
<li><a
href="62daff4834"><code>62daff4</code></a>
go/analysis/passes/inline: fix panic in inlineAlias with instantiated
generic...</li>
<li><a
href="fcb6088b90"><code>fcb6088</code></a>
x/tools: delete obsolete code</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.42.0...v0.43.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 11:52:51 +00:00
dependabot[bot]
29225252f6 chore: bump google.golang.org/api from 0.269.0 to 0.271.0 (#23102) 
Bumps
[google.golang.org/api](https://github.com/googleapis/google-api-go-client)
from 0.269.0 to 0.271.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/releases">google.golang.org/api's
releases</a>.</em></p>
<blockquote>
<h2>v0.271.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.270.0...v0.271.0">0.271.0</a>
(2026-03-10)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3532">#3532</a>)
(<a
href="ccff5b35c0">ccff5b3</a>)</li>
</ul>
<h2>v0.270.0</h2>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.269.0...v0.270.0">0.270.0</a>
(2026-03-08)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3515">#3515</a>)
(<a
href="44db8ef7d0">44db8ef</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3518">#3518</a>)
(<a
href="b3dc663d78">b3dc663</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3519">#3519</a>)
(<a
href="01c06b9034">01c06b9</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3520">#3520</a>)
(<a
href="7ed04540e5">7ed0454</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3521">#3521</a>)
(<a
href="d11f54e813">d11f54e</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3523">#3523</a>)
(<a
href="ce39b40ded">ce39b40</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3525">#3525</a>)
(<a
href="15b140d66a">15b140d</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3526">#3526</a>)
(<a
href="1b18158bb7">1b18158</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3527">#3527</a>)
(<a
href="a932a454c4">a932a45</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3528">#3528</a>)
(<a
href="f6ede69e70">f6ede69</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3529">#3529</a>)
(<a
href="b73e4fbc00">b73e4fb</a>)</li>
<li><strong>option/internaloption:</strong> Add more option
introspection (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3524">#3524</a>)
(<a
href="ac5da8f066">ac5da8f</a>)</li>
<li><strong>option/internaloption:</strong> Unsafe option resolver (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3514">#3514</a>)
(<a
href="b263ceeb1a">b263cee</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md">google.golang.org/api's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.270.0...v0.271.0">0.271.0</a>
(2026-03-10)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3532">#3532</a>)
(<a
href="ccff5b35c0">ccff5b3</a>)</li>
</ul>
<h2><a
href="https://github.com/googleapis/google-api-go-client/compare/v0.269.0...v0.270.0">0.270.0</a>
(2026-03-08)</h2>
<h3>Features</h3>
<ul>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3515">#3515</a>)
(<a
href="44db8ef7d0">44db8ef</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3518">#3518</a>)
(<a
href="b3dc663d78">b3dc663</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3519">#3519</a>)
(<a
href="01c06b9034">01c06b9</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3520">#3520</a>)
(<a
href="7ed04540e5">7ed0454</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3521">#3521</a>)
(<a
href="d11f54e813">d11f54e</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3523">#3523</a>)
(<a
href="ce39b40ded">ce39b40</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3525">#3525</a>)
(<a
href="15b140d66a">15b140d</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3526">#3526</a>)
(<a
href="1b18158bb7">1b18158</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3527">#3527</a>)
(<a
href="a932a454c4">a932a45</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3528">#3528</a>)
(<a
href="f6ede69e70">f6ede69</a>)</li>
<li><strong>all:</strong> Auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3529">#3529</a>)
(<a
href="b73e4fbc00">b73e4fb</a>)</li>
<li><strong>option/internaloption:</strong> Add more option
introspection (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3524">#3524</a>)
(<a
href="ac5da8f066">ac5da8f</a>)</li>
<li><strong>option/internaloption:</strong> Unsafe option resolver (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3514">#3514</a>)
(<a
href="b263ceeb1a">b263cee</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e79327bd30"><code>e79327b</code></a>
chore(main): release 0.271.0 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3533">#3533</a>)</li>
<li><a
href="a3dde28f12"><code>a3dde28</code></a>
chore(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 in
/interna...</li>
<li><a
href="bad57c0a2c"><code>bad57c0</code></a>
chore(all): update all (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3530">#3530</a>)</li>
<li><a
href="ccff5b35c0"><code>ccff5b3</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3532">#3532</a>)</li>
<li><a
href="15dd0b11d3"><code>15dd0b1</code></a>
chore(option/internaloption): more accessors (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3531">#3531</a>)</li>
<li><a
href="ad5d5aa8fa"><code>ad5d5aa</code></a>
chore(main): release 0.270.0 (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3516">#3516</a>)</li>
<li><a
href="b73e4fbc00"><code>b73e4fb</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3529">#3529</a>)</li>
<li><a
href="f6ede69e70"><code>f6ede69</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3528">#3528</a>)</li>
<li><a
href="7342fc24a3"><code>7342fc2</code></a>
chore(all): update all (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3522">#3522</a>)</li>
<li><a
href="a932a454c4"><code>a932a45</code></a>
feat(all): auto-regenerate discovery clients (<a
href="https://redirect.github.com/googleapis/google-api-go-client/issues/3527">#3527</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/googleapis/google-api-go-client/compare/v0.269.0...v0.271.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/api&package-manager=go_modules&previous-version=0.269.0&new-version=0.271.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 11:34:33 +00:00
dependabot[bot]
93ea5f5d22 chore: bump github.com/coder/terraform-provider-coder/v2 from 2.13.1 to 2.14.0 (#23101) 
Bumps
[github.com/coder/terraform-provider-coder/v2](https://github.com/coder/terraform-provider-coder)
from 2.13.1 to 2.14.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/coder/terraform-provider-coder/releases">github.com/coder/terraform-provider-coder/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.14.0</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps): Bump golang.org/x/mod from 0.29.0 to 0.30.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/coder/terraform-provider-coder/pull/463">coder/terraform-provider-coder#463</a></li>
<li>build(deps): Bump actions/checkout from 5 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/coder/terraform-provider-coder/pull/468">coder/terraform-provider-coder#468</a></li>
<li>build(deps): Bump golang.org/x/crypto from 0.43.0 to 0.45.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/coder/terraform-provider-coder/pull/467">coder/terraform-provider-coder#467</a></li>
<li>build(deps): Bump github.com/hashicorp/terraform-plugin-log from
0.9.0 to 0.10.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/coder/terraform-provider-coder/pull/465">coder/terraform-provider-coder#465</a></li>
<li>fix: typo in data coder_external_auth example and docs by <a
href="https://github.com/krispage"><code>@​krispage</code></a> in <a
href="https://redirect.github.com/coder/terraform-provider-coder/pull/420">coder/terraform-provider-coder#420</a></li>
<li>feat: add confliction with <code>subdomain</code> by <a
href="https://github.com/jakehwll"><code>@​jakehwll</code></a> in <a
href="https://redirect.github.com/coder/terraform-provider-coder/pull/469">coder/terraform-provider-coder#469</a></li>
<li>build(deps): Bump golang.org/x/mod from 0.30.0 to 0.31.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/coder/terraform-provider-coder/pull/472">coder/terraform-provider-coder#472</a></li>
<li>build(deps): Bump golang.org/x/mod from 0.31.0 to 0.32.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/coder/terraform-provider-coder/pull/473">coder/terraform-provider-coder#473</a></li>
<li>feat: add <code>subagent_id</code> attribute to
<code>coder_devcontainer</code> resource by <a
href="https://github.com/DanielleMaywood"><code>@​DanielleMaywood</code></a>
in <a
href="https://redirect.github.com/coder/terraform-provider-coder/pull/474">coder/terraform-provider-coder#474</a></li>
<li>fix: embed timezone database via <code>time/tzdata</code> by <a
href="https://github.com/mtojek"><code>@​mtojek</code></a> in <a
href="https://redirect.github.com/coder/terraform-provider-coder/pull/476">coder/terraform-provider-coder#476</a></li>
<li>build(deps): Bump golang.org/x/mod from 0.32.0 to 0.33.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/coder/terraform-provider-coder/pull/477">coder/terraform-provider-coder#477</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/krispage"><code>@​krispage</code></a>
made their first contribution in <a
href="https://redirect.github.com/coder/terraform-provider-coder/pull/420">coder/terraform-provider-coder#420</a></li>
<li><a href="https://github.com/jakehwll"><code>@​jakehwll</code></a>
made their first contribution in <a
href="https://redirect.github.com/coder/terraform-provider-coder/pull/469">coder/terraform-provider-coder#469</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/coder/terraform-provider-coder/compare/v2.13.1...v2.14.0">https://github.com/coder/terraform-provider-coder/compare/v2.13.1...v2.14.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7fa3c10eaa"><code>7fa3c10</code></a>
build(deps): Bump golang.org/x/mod from 0.32.0 to 0.33.0 (<a
href="https://redirect.github.com/coder/terraform-provider-coder/issues/477">#477</a>)</li>
<li><a
href="ef9a6dda57"><code>ef9a6dd</code></a>
fix: embed timezone database via <code>time/tzdata</code> (<a
href="https://redirect.github.com/coder/terraform-provider-coder/issues/476">#476</a>)</li>
<li><a
href="b6966bf427"><code>b6966bf</code></a>
feat: add <code>subagent_id</code> attribute to
<code>coder_devcontainer</code> resource (<a
href="https://redirect.github.com/coder/terraform-provider-coder/issues/474">#474</a>)</li>
<li><a
href="c9f205fca1"><code>c9f205f</code></a>
build(deps): Bump golang.org/x/mod from 0.31.0 to 0.32.0 (<a
href="https://redirect.github.com/coder/terraform-provider-coder/issues/473">#473</a>)</li>
<li><a
href="7a81d18537"><code>7a81d18</code></a>
build(deps): Bump golang.org/x/mod from 0.30.0 to 0.31.0 (<a
href="https://redirect.github.com/coder/terraform-provider-coder/issues/472">#472</a>)</li>
<li><a
href="76bda72ec5"><code>76bda72</code></a>
feat: add confliction with <code>subdomain</code> (<a
href="https://redirect.github.com/coder/terraform-provider-coder/issues/469">#469</a>)</li>
<li><a
href="aee79c41a4"><code>aee79c4</code></a>
fix: typo in data coder_external_auth example and docs (<a
href="https://redirect.github.com/coder/terraform-provider-coder/issues/420">#420</a>)</li>
<li><a
href="9cfd35f441"><code>9cfd35f</code></a>
build(deps): Bump github.com/hashicorp/terraform-plugin-log (<a
href="https://redirect.github.com/coder/terraform-provider-coder/issues/465">#465</a>)</li>
<li><a
href="dd6246532b"><code>dd62465</code></a>
build(deps): Bump golang.org/x/crypto from 0.43.0 to 0.45.0 (<a
href="https://redirect.github.com/coder/terraform-provider-coder/issues/467">#467</a>)</li>
<li><a
href="60377bb12b"><code>60377bb</code></a>
build(deps): Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/coder/terraform-provider-coder/issues/468">#468</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/coder/terraform-provider-coder/compare/v2.13.1...v2.14.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/coder/terraform-provider-coder/v2&package-manager=go_modules&previous-version=2.13.1&new-version=2.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 11:33:55 +00:00
Jon Ayers
f714f589c5 fix: fork gvisor to avoid integer overflow (#23055) 2026-03-13 16:26:12 -05:00
Hugo Dutka
84527390c6 feat: chat desktop backend (#23005) 
Implement the backend for the desktop feature for agents.

- Adds a new `/api/experimental/chats/$id/desktop` endpoint to coderd
which exposes a VNC stream from a
[portabledesktop](https://github.com/coder/portabledesktop) process
running inside the workspace
- Adds a new `spawn_computer_use_agent` tool to chatd, which spawns a
subagent that has access to the `computer` tool which lets it interact
with the `portabledesktop` process running inside the workspace
- Adds the plumbing to make the above possible

There's a follow up frontend PR here:
https://github.com/coder/coder/pull/23006
 2026-03-13 19:49:34 +01:00
Michael Suchacz
c3b6284955 feat: add chat cost analytics backend (#23036) 
Add cost tracking for LLM chat interactions with microdollar precision.

## Changes
- Add `chatcost` package for per-message cost calculation using
`shopspring/decimal` for intermediate arithmetic
- **Ceil rounding policy**: fractional micros round UP to next whole
micro (applied once after summing all components)
- Database migration: `total_cost_micros` BIGINT column with historical
backfill and `created_at` index
- API endpoints: per-user cost summary and admin rollup under
`/api/experimental/chats/cost/`
- SDK types: `ChatCostSummary`, `ChatCostModelBreakdown`,
`ChatCostUserRollup`
- Fix `modeloptionsgen` to handle `decimal.Decimal` as opaque numeric
type
- Update frontend pricing test fixtures for string decimal types

## Design decisions
- `NULL` = unpriced (no matching model config), `0` = free
- Reasoning tokens included in output tokens (no double-counting)
- Integer microdollars (BIGINT) for storage and API responses
- Price config uses `decimal.Decimal` for exact parsing; totals use
`int64`

Frontend: #23037
 2026-03-13 18:30:49 +01:00
Kyle Carberry
072e9a212f fix(chatloop): keep provider-executed tool results in assistant message (#23012) 
## Problem

When a step contains both provider-executed tool calls (e.g. Anthropic
web search) and local tool calls in parallel, the next loop iteration
fails with the Anthropic API claiming the regular tool call has no
result. However, sending a new user message (which reloads messages from
the DB) works fine.

## Root cause

`toResponseMessages` was placing **all** tool results into the tool-role
message, regardless of `ProviderExecuted`. When Fantasy's Anthropic
provider later converted these messages for the API, it moved the
provider tool result from the tool message to the **end** of the
previous assistant message (`prevMsg.Content = append(...)`). This
placed `web_search_tool_result` **after** the regular `tool_use` block:

```
assistant: [server_tool_use(A), tool_use(B), web_search_tool_result(A)]  ← wrong order
user:      [tool_result(B)]
```

The persistence layer in `chatd.go` already handles this correctly —
provider-executed tool results stay in the assistant message, producing
the expected ordering:

```
assistant: [server_tool_use(A), web_search_tool_result(A), tool_use(B)]  ← correct order
user:      [tool_result(B)]
```

This is why reloading from the DB fixed it.

## Fix

In the `ContentTypeToolResult` case of `toResponseMessages`, route
provider-executed results to `assistantParts` instead of `toolParts`,
matching the persistence layer's behavior.

## Testing

Added
`TestToResponseMessages_ProviderExecutedToolResultInAssistantMessage`
which verifies that mixed provider+local tool results are split
correctly between the assistant and tool messages.
 2026-03-12 20:22:09 +00:00
Kyle Carberry
a6697b1b29 fix(chatd): fix PE tool result persistence via fantasy bump (#22996) 
Fixes Anthropic 400 error on multi-turn conversations with web search:

> web_search tool use with id srvtoolu_... was found without a
corresponding web_search_tool_result block

Provider-executed tool results (e.g. `web_search`) had a nil `Result`
field, which serialized as `"result":null`. Fantasy's
`UnmarshalToolResultOutputContent` couldn't deserialize `null` back, so
the entire assistant message became unreadable after persistence. On the
next LLM call, Anthropic rejected the conversation because
`server_tool_use` had no matching `web_search_tool_result`.

**Fix:** Bump the fantasy fork to e4bbc7bb3054 which returns `nil, nil`
for null `Result` JSON instead of erroring.

**Testing:** Added `integration_test.go` with
`TestAnthropicWebSearchRoundTrip` (requires `ANTHROPIC_API_KEY`) that:
- Sends a query triggering web search
- Verifies the persisted assistant message contains all parts the UI
needs: `tool-call(PE)`, `source`, `tool-result(PE)`, and `text`
- Sends a follow-up to confirm the round-trip works with Anthropic
 2026-03-12 16:04:30 +00:00
Kyle Carberry
57dc23f603 feat(chatd): add provider-native web search tools to chats (#22909) 
## What

Adds provider-native web search tools to the chat system. Anthropic,
OpenAI, and Google all offer server-side web search — this wires them up
as opt-in per-model config options using the existing
`ChatModelProviderOptions` JSONB column (no migration).

Web search is **off by default**.

## Config

Set `web_search_enabled: true` in the model config provider options:

```json
{
  "provider_options": {
    "anthropic": {
      "web_search_enabled": true,
      "allowed_domains": ["docs.coder.com", "github.com"]
    }
  }
}
```

Available options per provider:

- **Anthropic**: `web_search_enabled`, `allowed_domains`,
`blocked_domains`
- **OpenAI**: `web_search_enabled`, `search_context_size`
(`low`/`medium`/`high`), `allowed_domains`
- **Google**: `web_search_enabled`

## Backend

- `codersdk/chats.go` — new fields on the per-provider option structs
- `coderd/chatd/chatd.go` — `buildProviderTools()` reads config, creates
`ProviderDefinedTool` entries (uses `anthropic.WebSearchTool()` helper
from fantasy)
- `coderd/chatd/chatloop/chatloop.go` — `ProviderTools` on `RunOptions`,
merged into `Call.Tools`. Provider-executed tool calls skip local
execution. `StreamPartTypeToolResult` with `ProviderExecuted: true` is
accumulated inline (matching fantasy's own agent.go pattern) instead of
post-stream synthesis.
- `coderd/chatd/chatprompt/` — `MarshalToolResult` carries
`ProviderMetadata` through DB persistence so multi-turn round-trips work
(Anthropic needs `encrypted_content` back)

## Frontend

- Source citations render **inline** at the tool-call position (not
bottom-of-message), using `ToolCollapsible` so they look like other tool
cards — collapsed "Searched N results" with globe icon, expand to see
source pills
- Provider-executed tool calls/results are hidden from the normal tool
card UI
- Tool-role messages with only provider-executed results return `null`
(no empty bubble)
- Both persisted (messageParsing.ts) and streaming (streamState.ts)
paths group consecutive `source` parts into a single `{ type: "sources"
}` render block

## Fantasy changes

The fantasy fork (`kylecarbs/fantasy` branch `cj/go1.25`) has the
Anthropic tool code merged in, but will hopefully go upstream from:
https://github.com/charmbracelet/fantasy/pull/163
 2026-03-11 21:33:15 +00:00