fix(deps): update module github.com/fsouza/go-dockerclient to v1.13.0 (master)#407
Open
github-actions[bot] wants to merge 1 commit intomasterfrom
Open
Conversation
Contributor
Author
ℹ Artifact update noticeFile name: go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
github-actions
bot
force-pushed
the
renovate/master-github.com-fsouza-go-dockerclient-1.x
branch
from
cdaa6fc to
dceff7c
Compare
github-actions
bot
changed the title
nekrich
pushed a commit
to nekrich/ofelia
that referenced
this pull request
Feb 13, 2026
Add a new ntfy-token preset that includes Bearer token authentication for self-hosted ntfy instances or private topics. The existing ntfy preset remains for public topics without authentication. Changes: - Add middlewares/presets/ntfy-token.yaml with Authorization header - Update ntfy.yaml to clarify it's for public topics only - Remove unused secret variable from ntfy preset - Update documentation with examples for both presets - Add tests for ntfy-token preset Closes mcuadros#407 (partial - authentication support)
nekrich
pushed a commit
to nekrich/ofelia
that referenced
this pull request
Feb 13, 2026
…cuadros#409) ## Summary - Add new `ntfy-token` preset with Bearer token authentication for self-hosted ntfy instances or private topics - Clarify that the existing `ntfy` preset is for public topics only - Remove unused `secret` variable from the `ntfy` preset (it was defined but never used in headers) ## Changes | File | Change | |------|--------| | `middlewares/presets/ntfy-token.yaml` | New preset with `Authorization: Bearer {secret}` header | | `middlewares/presets/ntfy.yaml` | Updated description, removed unused secret variable | | `docs/webhooks.md` | Added documentation for both presets with examples | | `middlewares/preset_test.go` | Added tests for ntfy-token preset | ## Usage **Public topics (no auth):** ```ini [webhook "ntfy-public"] preset = ntfy id = my-public-topic ``` **Private topics or self-hosted with tokens:** ```ini [webhook "ntfy-private"] preset = ntfy-token url = https://ntfy.example.com/my-topic secret = tk_AgQdq7mVBoFD37zQVN29RhuMzNIz2 ``` ## Related Partially addresses mcuadros#407 - This PR adds authentication support for ntfy. A separate PR will address the private network access (SSRF) configuration. ## Test plan - [x] All existing preset tests pass - [x] New `ntfy-token` preset loads correctly - [x] Authorization header is correctly set with Bearer token - [x] `ntfy` preset correctly excludes Authorization header - [x] Documentation examples are accurate
nekrich
pushed a commit
to nekrich/ofelia
that referenced
this pull request
Feb 13, 2026
Changes the webhook security model to a simpler, trust-the-config approach: - Removes webhook-allow-private-networks option (unnecessary complexity) - webhook-allowed-hosts now defaults to "*" (allow all hosts) - Setting specific hosts enables whitelist mode - Consistent with local command execution trust model Configuration examples: - Default (self-hosted): All hosts allowed (no config needed) - Whitelist mode: webhook-allowed-hosts = hooks.slack.com, ntfy.internal Fixes mcuadros#407
nekrich
pushed a commit
to nekrich/ofelia
that referenced
this pull request
Feb 13, 2026
…dros#410) ## Summary Simplifies webhook security to follow the same trust model as local command execution: **if you control the configuration, you control the behavior**. - `webhook-allowed-hosts` defaults to `*` (allow all hosts) - Setting specific hosts enables whitelist mode - Removed complex SSRF blocking (inconsistent with local command trust model) Closes mcuadros#407 ## Security Model Since Ofelia already trusts users to: - Run arbitrary commands via `job-local` - Execute commands in containers via `job-exec` It applies the same trust level to webhook destinations. The user controls the config; the user controls what happens. ## Configuration | Setting | Behavior | |---------|----------| | `webhook-allowed-hosts = *` (default) | All hosts allowed | | `webhook-allowed-hosts = hooks.slack.com, ntfy.internal` | Whitelist mode | ### Default (self-hosted environments) No configuration needed - all hosts work out of the box: ```ini # No config required - webhook-allowed-hosts defaults to "*" ``` ### Whitelist mode (cloud/multi-tenant deployments) ```ini [global] webhook-allowed-hosts = hooks.slack.com, discord.com, ntfy.internal, 192.168.1.20 ``` Supports wildcards: ```ini [global] webhook-allowed-hosts = *.slack.com, *.internal.example.com ``` ## Test Plan - [x] Unit tests for default `*` configuration (allow all) - [x] Unit tests for whitelist mode with specific hosts - [x] Unit tests for wildcard matching - [x] Documentation updated (webhooks.md, SECURITY.md) - [x] All existing tests pass
nekrich
pushed a commit
to nekrich/ofelia
that referenced
this pull request
Feb 13, 2026
## Summary Adds links to PRs and Issues in each release's notes, making it easy for users to see what changed. ### Changes 1. **Workflow update**: The `notify-released` job now adds an "Included in this release" section with: - Links to all merged PRs labeled with `released:vX.Y.Z` - Links to all closed Issues labeled with `released:vX.Y.Z` 2. **Backfill script**: `scripts/update-release-notes.sh` updates past release notes ### Example output in release notes ```markdown --- ## Included in this release ### Pull Requests - [mcuadros#408](netresearch#408) feat: secure web auth - [mcuadros#409](netresearch#409) feat: ntfy-token preset ### Issues - [mcuadros#407](netresearch#407) Add token auth for ntfy ``` ## Test Plan - [x] Dry-run script tested - [ ] Run update script after merge to backfill all releases
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.12.3->v1.13.0Release Notes
fsouza/go-dockerclient (github.com/fsouza/go-dockerclient)
v1.13.0Compare Source
v1.12.4Compare Source
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.