Avatar for the netresearch user
netresearch
ofelia
BlogDocsChangelog

Performance History

Latest Results

fix: update Go to 1.26.1 to fix stdlib vulnerabilities (#506) ## Summary - Updates Go from 1.26.0 to 1.26.1 to fix 5 stdlib vulnerabilities detected by govulncheck - Fixes: GO-2026-4599, GO-2026-4600, GO-2026-4601, GO-2026-4602, GO-2026-4603 ## Vulnerabilities fixed - `crypto/x509`: Panic in name constraint checking, incorrect email constraint enforcement - `net/url`: Incorrect parsing of IPv6 host literals - `os`: FileInfo can escape from a Root - `html/template`: URLs in meta content attribute actions not escaped
main
21 days ago
fix: update Go to 1.26.1 to fix stdlib vulnerabilities Fixes GO-2026-4599, GO-2026-4600, GO-2026-4601, GO-2026-4602, GO-2026-4603 (crypto/x509, net/url, os, html/template). Signed-off-by: Sebastian Mendel <sebastian.mendel@netresearch.de> Signed-off-by: Sebastian Mendel <info@sebastianmendel.de>
fix-govulncheck
21 days ago
chore(deps): bump github.com/netresearch/go-cron from 0.12.0 to 0.13.0 (#504) Bumps [github.com/netresearch/go-cron](https://github.com/netresearch/go-cron) from 0.12.0 to 0.13.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/netresearch/go-cron/releases">github.com/netresearch/go-cron's releases</a>.</em></p> <blockquote> <h2>v0.13.0</h2> <h2>Highlights</h2> <h3>Quoted timezone values (<a href="https://redirect.github.com/netresearch/go-cron/pull/337">#337</a>, <a href="https://redirect.github.com/netresearch/go-cron/issues/335">#335</a>)</h3> <p>Shell users who habitually quote environment variable values can now write <code>TZ=&quot;America/New_York&quot;</code> or <code>TZ='UTC'</code> in cron spec strings. Matching single or double quotes are stripped before validation. Mismatched or partial quotes are rejected with clear errors.</p> <pre lang="go"><code>// All of these now work c.AddFunc(`TZ=&quot;America/New_York&quot; 0 9 * * *`, job) c.AddFunc(`CRON_TZ='Asia/Tokyo' 30 4 * * *`, job) c.AddFunc(&quot;TZ=UTC * * * * *&quot;, job) // unquoted still works </code></pre> <p>See <a href="https://github.com/netresearch/go-cron/blob/main/docs/adr/ADR-021-quoted-timezone-values.md">ADR-021</a> for design rationale and scope.</p> <h2>Changes</h2> <h3>Features</h3> <ul> <li><strong>feat:</strong> allow quoted <code>TZ</code> and <code>CRON_TZ</code> values in spec strings (<a href="https://redirect.github.com/netresearch/go-cron/pull/337">#337</a>)</li> </ul> <h3>Documentation</h3> <ul> <li><strong>docs:</strong> ADR-021 — Quoted Timezone Values in Spec Strings</li> <li><strong>docs:</strong> updated README, DST_HANDLING, TROUBLESHOOTING, COOKBOOK with quoted timezone examples</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/netresearch/go-cron/compare/v0.12.0...v0.13.0">https://github.com/netresearch/go-cron/compare/v0.12.0...v0.13.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/netresearch/go-cron/commit/80da74e7cab9b3bb9ed8d8516de56cff906737d5"><code>80da74e</code></a> feat: allow quoted TZ and CRON_TZ values in spec strings (<a href="https://redirect.github.com/netresearch/go-cron/issues/337">#337</a>)</li> <li><a href="https://github.com/netresearch/go-cron/commit/4da5c1c5a313a3cae97a1a3f042d1e1c01ce7e49"><code>4da5c1c</code></a> feat: allow quoted TZ and CRON_TZ values in spec strings (<a href="https://redirect.github.com/netresearch/go-cron/issues/335">#335</a>)</li> <li>See full diff in <a href="https://github.com/netresearch/go-cron/compare/v0.12.0...v0.13.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/netresearch/go-cron&package-manager=go_modules&previous-version=0.12.0&new-version=0.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
main
21 days ago
chore(deps): bump github.com/docker/cli Bumps [github.com/docker/cli](https://github.com/docker/cli) from 29.2.1+incompatible to 29.3.0+incompatible. - [Commits](https://github.com/docker/cli/compare/v29.2.1...v29.3.0) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 29.3.0+incompatible dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot/go_modules/github.com/docker/cli-29.3.0incompatible
22 days ago
chore(deps): bump github.com/netresearch/go-cron from 0.12.0 to 0.13.0 Bumps [github.com/netresearch/go-cron](https://github.com/netresearch/go-cron) from 0.12.0 to 0.13.0. - [Release notes](https://github.com/netresearch/go-cron/releases) - [Changelog](https://github.com/netresearch/go-cron/blob/main/CHANGELOG.md) - [Commits](https://github.com/netresearch/go-cron/compare/v0.12.0...v0.13.0) --- updated-dependencies: - dependency-name: github.com/netresearch/go-cron dependency-version: 0.13.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot/go_modules/github.com/netresearch/go-cron-0.13.0
29 days ago
test: increase coverage from 82.5% to 86.2% (phase 2) (#503) ## Summary - **Core package**: 90.1% → 93.0% (+2.9pp) — scheduler, clock, composejob, docker SDK provider, resilience, performance metrics - **CLI package**: 78.9% → 84.2% (+5.3pp) — config parsing, daemon, doctor, docker handler, validate, init, progress, hashpw - **Middlewares package**: 88.1% → 97.5% (+9.4pp) — mail dedup, preset loading/caching, restore, save, webhook config/security - **Overall**: 82.5% → 86.2% (+3.7pp) **27 new test files** with ~7,000 lines of test code covering previously uncovered edge cases. ### Bug fixes included - `fix(test)`: Remove `t.Parallel()` from `TestValidateExecuteValidFile` — modifies global `os.Stdout`, races with parallel tests - `fix(test)`: Remove `t.Parallel()` from `TestPresetLoader_LoadFromURL` — modifies global URL validator, races with `SetGlobalSecurityConfig` ## Test plan - [x] All tests pass locally (`go test ./... -count=1 -short`) - [x] `golangci-lint run ./...` — 0 issues - [x] Coverage verified via `go tool cover -func` - [ ] CI passes on GitHub Actions
main
1 month ago
fix: eliminate data races detected by -race flag - Add sync.WaitGroup to DockerHandler to track background goroutines; Shutdown now waits for all goroutines to finish before nilling the provider, preventing the race between watchEvents/watchConfig/ watchContainerPolling reads and Shutdown's write to dockerProvider. - Fix TestProgressIndicator_Animate_TerminalMode: wait for the animate goroutine to fully exit before reading the shared bytes.Buffer, replacing the racy time.Sleep with a proper done-channel wait. - Remove t.Parallel() from TestBoot_MissingConfigUsesEmpty, TestBoot_WebAuthEnabled_MissingUsername, and TestBoot_WebAuthEnabled_MissingPassword which all write to the global newDockerHandler variable concurrently. Signed-off-by: Sebastian Mendel <info@sebastianmendel.de>
feat/test-coverage-phase2
1 month ago
fix(test): remove t.Parallel from TestValidateExecuteValidFile The test modifies global os.Stdout which races with other parallel tests, causing intermittent "invalid character '{' after top-level value" errors from json.Unmarshal when other tests write to stdout. Signed-off-by: Sebastian Mendel <info@sebastianmendel.de>
feat/test-coverage-phase2
1 month ago

Latest Branches

CodSpeed Performance Gauge
+23%
fix: update Go to 1.26.1 to fix stdlib vulnerabilities#506
21 days ago
22caf99
fix-govulncheck
CodSpeed Performance Gauge
-17%
chore(deps): bump github.com/docker/cli from 29.2.1+incompatible to 29.3.0+incompatible#505
22 days ago
5a3186a
dependabot/go_modules/github.com/docker/cli-29.3.0incompatible
CodSpeed Performance Gauge
-11%
chore(deps): bump github.com/netresearch/go-cron from 0.12.0 to 0.13.0#504
29 days ago
91e2e55
dependabot/go_modules/github.com/netresearch/go-cron-0.13.0
© 2026 CodSpeed Technology
Home Terms Privacy Docs