Bumps the github-actions group with 3 updates in the / directory:
[coder/coder](https://github.com/coder/coder),
[crate-ci/typos](https://github.com/crate-ci/typos) and
[zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action).
Updates `coder/coder` from 2.32.0 to 2.33.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/coder/coder/releases">coder/coder's
releases</a>.</em></p>
<blockquote>
<h2>v2.33.3</h2>
<h2>Changelog</h2>
<blockquote>
<p>[!NOTE]
This is a mainline Coder release. We advise enterprise customers without
a staging environment to install our <a
href="https://github.com/coder/coder/releases/latest">latest stable
release</a> while we refine this version. Learn more about our <a
href="https://coder.com/docs/install/releases">Release Schedule</a>.</p>
</blockquote>
<h3>Bug fixes</h3>
<ul>
<li>Upgrade Go toolchain from 1.25.9 to 1.25.10 (<a
href="https://redirect.github.com/coder/coder/issues/25230">#25230</a>,
e5a96f3608)</li>
<li>Cherry-pick go-git v5.19.0 (CVE-2026-45022) (<a
href="https://redirect.github.com/coder/coder/issues/25229">#25229</a>,
4e4e23539e)</li>
<li>Dashboard: Show Organizations in admin dropdown for single-org OSS
deployments (<a
href="https://redirect.github.com/coder/coder/issues/25175">#25175</a>,
bbca430b4c)</li>
<li>fix(scripts/ironbank): update base image to UBI9 and remove urllib3
(CVE-2026-44431) (<a
href="https://redirect.github.com/coder/coder/issues/25247">#25247</a>,
818fc72802)</li>
<li>Server: Harden Azure identity certificate fetch (cherry-pick v2.33)
(<a
href="https://redirect.github.com/coder/coder/issues/25276">#25276</a>,
844c1e0467)</li>
<li>Verify PKCS7 signature on Azure instance identity tokens (2.33
cherry-pick) (<a
href="https://redirect.github.com/coder/coder/issues/25302">#25302</a>,
2b778f292c)</li>
</ul>
<p>Compare: <a
href="https://github.com/coder/coder/compare/v2.33.2...v2.33.3"><code>v2.33.2...v2.33.3</code></a></p>
<h2>Container image</h2>
<ul>
<li><code>docker pull ghcr.io/coder/coder:2.33.3</code></li>
</ul>
<h2>Install/upgrade</h2>
<p>Refer to our docs to <a
href="https://coder.com/docs/install">install</a> or <a
href="https://coder.com/docs/install/upgrade">upgrade</a> Coder, or use
a release asset below.</p>
<h2>v2.33.2</h2>
<h2>Changelog</h2>
<blockquote>
<p>[!NOTE]
This is a mainline Coder release. We advise enterprise customers without
a staging environment to install our <a
href="https://github.com/coder/coder/releases/latest">latest stable
release</a> while we refine this version. Learn more about our <a
href="https://coder.com/docs/install/releases">Release Schedule</a>.</p>
</blockquote>
<h3>Bug fixes</h3>
<ul>
<li>Backport 11 Coder Agents docs PRs to release/2.33 (<a
href="https://redirect.github.com/coder/coder/issues/25047">#25047</a>,
d622e86fa0)</li>
</ul>
<p>Compare: <a
href="https://github.com/coder/coder/compare/v2.33.1...v2.33.2"><code>v2.33.1...v2.33.2</code></a></p>
<h2>Container image</h2>
<ul>
<li><code>docker pull ghcr.io/coder/coder:2.33.2</code></li>
</ul>
<h2>Install/upgrade</h2>
<p>Refer to our docs to <a
href="https://coder.com/docs/install">install</a> or <a
href="https://coder.com/docs/install/upgrade">upgrade</a> Coder, or use
a release asset below.</p>
<h2>v2.33.1</h2>
<h2>Changelog</h2>
<blockquote>
<p>[!NOTE]
This is a mainline Coder release. We advise enterprise customers without
a staging environment to install our <a
href="https://github.com/coder/coder/releases/latest">latest stable
release</a> while we refine this version. Learn more about our <a
href="https://coder.com/docs/install/releases">Release Schedule</a>.</p>
</blockquote>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2b778f292c"><code>2b778f2</code></a>
fix: verify PKCS7 signature on Azure instance identity tokens (2.33
cherry-pi...</li>
<li><a
href="844c1e0467"><code>844c1e0</code></a>
fix(coderd): harden Azure identity certificate fetch (cherry-pick v2.33)
(<a
href="https://redirect.github.com/coder/coder/issues/25">#25</a>...</li>
<li><a
href="818fc72802"><code>818fc72</code></a>
fix(scripts/ironbank): update base image to UBI9 and remove urllib3
(CVE-2026...</li>
<li><a
href="bbca430b4c"><code>bbca430</code></a>
fix(site): show Organizations in admin dropdown for single-org OSS
deployment...</li>
<li><a
href="4e4e23539e"><code>4e4e235</code></a>
fix: cherry-pick go-git v5.19.0 (CVE-2026-45022) (<a
href="https://redirect.github.com/coder/coder/issues/25229">#25229</a>)</li>
<li><a
href="e5a96f3608"><code>e5a96f3</code></a>
fix: upgrade Go toolchain from 1.25.9 to 1.25.10 (<a
href="https://redirect.github.com/coder/coder/issues/25230">#25230</a>)</li>
<li><a
href="d622e86fa0"><code>d622e86</code></a>
fix: backport 11 Coder Agents docs PRs to release/2.33 (<a
href="https://redirect.github.com/coder/coder/issues/25047">#25047</a>)</li>
<li><a
href="3e34ba7bf0"><code>3e34ba7</code></a>
chore: remove agents experiment flag and mark feature as beta (<a
href="https://redirect.github.com/coder/coder/issues/24432">#24432</a>)
(<a
href="https://redirect.github.com/coder/coder/issues/25003">#25003</a>)</li>
<li><a
href="f009c17217"><code>f009c17</code></a>
fix(coderd): cut DB fan-out on agent instance-identity auth (backport <a
href="https://redirect.github.com/coder/coder/issues/24973">#24973</a>)...</li>
<li><a
href="17635dde5c"><code>17635dd</code></a>
chore: include pgcoordinator schema changes in 2.33 (<a
href="https://redirect.github.com/coder/coder/issues/24931">#24931</a>)</li>
<li>Additional commits viewable in <a
href="34584e909b...2b778f292c">compare
view</a></li>
</ul>
</details>
<br />
Updates `crate-ci/typos` from 1.45.1 to 1.46.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.46.2</h2>
<h2>[1.46.2] - 2026-05-16</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct to <code>criterias</code></li>
<li>Don't correct to <code>replaceables</code></li>
</ul>
<h2>v1.46.1</h2>
<h2>[1.46.1] - 2026-05-08</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct to <code>confidentials</code></li>
</ul>
<h2>v1.46.0</h2>
<h2>[1.46.0] - 2026-04-30</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1531">April
2026</a> changes</li>
</ul>
<h2>v1.45.2</h2>
<h2>[1.45.2] - 2026-04-27</h2>
<h3>Fixes</h3>
<ul>
<li>Ignore ssh ed25519 public keys</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="https://keepachangelog.com/">Keep a
Changelog</a>
and this project adheres to <a href="https://semver.org/">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.46.2] - 2026-05-16</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct to <code>criterias</code></li>
<li>Don't correct to <code>replaceables</code></li>
</ul>
<h2>[1.46.1] - 2026-05-08</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct to <code>confidentials</code></li>
</ul>
<h2>[1.46.0] - 2026-04-30</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1531">April
2026</a> changes</li>
</ul>
<h2>[1.45.2] - 2026-04-27</h2>
<h3>Fixes</h3>
<ul>
<li>Ignore ssh ed25519 public keys</li>
</ul>
<h2>[1.45.1] - 2026-04-13</h2>
<h3>Fixes</h3>
<ul>
<li><em>(action)</em> Use a temp dir for caching</li>
</ul>
<h2>[1.45.0] - 2026-04-01</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1509">March
2026</a> changes</li>
</ul>
<h2>[1.44.0] - 2026-02-27</h2>
<h3>Features</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="aca895bf05"><code>aca895b</code></a>
chore: Release</li>
<li><a
href="4dbdd7509d"><code>4dbdd75</code></a>
docs: Update changelog</li>
<li><a
href="3da2876731"><code>3da2876</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1556">#1556</a>
from epage/replaceable</li>
<li><a
href="8918680477"><code>8918680</code></a>
fix(dict): Don't correct to replaceables</li>
<li><a
href="57d5422e87"><code>57d5422</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1555">#1555</a>
from epage/criteria</li>
<li><a
href="f54668abd7"><code>f54668a</code></a>
fix(dict): Don't correct to criterias</li>
<li><a
href="5374cbf686"><code>5374cbf</code></a>
chore: Release</li>
<li><a
href="52448f5ecf"><code>52448f5</code></a>
docs: Update changelog</li>
<li><a
href="030c719ff1"><code>030c719</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1552">#1552</a>
from epage/fixes</li>
<li><a
href="7a688c7c08"><code>7a688c7</code></a>
fix(dict): Confidentials isn't valid</li>
<li>Additional commits viewable in <a
href="cf5f1c29a8...aca895bf05">compare
view</a></li>
</ul>
</details>
<br />
Updates `zizmorcore/zizmor-action` from 0.5.3 to 0.5.6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/zizmorcore/zizmor-action/releases">zizmorcore/zizmor-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.5.6</h2>
<ul>
<li>1.25.2 is now available via the action</li>
<li>1.25.2 is now the default version of zizmor used by the action</li>
</ul>
<h2>v0.5.5</h2>
<p>This is a no-op release.</p>
<h2>v0.5.4</h2>
<ul>
<li>1.25.0 is now available via the action</li>
<li>1.25.0 is now the default version of zizmor used by the action</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5f14fd08f7"><code>5f14fd0</code></a>
Sync zizmor versions (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/114">#114</a>)</li>
<li><a
href="a16621b09c"><code>a16621b</code></a>
Bump pins in README (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/112">#112</a>)</li>
<li><a
href="1c03e047a3"><code>1c03e04</code></a>
chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 in the
github-ac...</li>
<li><a
href="b572f7b1a1"><code>b572f7b</code></a>
Sync zizmor versions (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/111">#111</a>)</li>
<li><a
href="06928c5dcb"><code>06928c5</code></a>
chore(deps): bump github/codeql-action in the github-actions group (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/109">#109</a>)</li>
<li><a
href="5ea8b96e10"><code>5ea8b96</code></a>
docs: Update link to GitHub docs (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/108">#108</a>)</li>
<li><a
href="849ac26095"><code>849ac26</code></a>
chore(deps): bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/106">#106</a>)</li>
<li><a
href="814f9778ac"><code>814f977</code></a>
Bump pins in README (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/103">#103</a>)</li>
<li>See full diff in <a
href="b1d7e1fb5d...5f14fd08f7">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the github-actions group with 2 updates:
[coder/coder](https://github.com/coder/coder) and
[actions/setup-go](https://github.com/actions/setup-go).
Updates `coder/coder` from 2.31.5 to 2.31.6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/coder/coder/releases">coder/coder's
releases</a>.</em></p>
<blockquote>
<h2>v2.31.6</h2>
<h2>Changelog</h2>
<blockquote>
<p>[!NOTE]
This is a mainline Coder release. We advise enterprise customers without
a staging environment to install our <a
href="https://github.com/coder/coder/releases/latest">latest stable
release</a> while we refine this version. Learn more about our <a
href="https://coder.com/docs/install/releases">Release Schedule</a>.</p>
</blockquote>
<h3>Bug fixes</h3>
<ul>
<li>Open coder_app links in new tab when open_in is tab (<a
href="https://redirect.github.com/coder/coder/issues/23000">#23000</a>,
e419eb310)</li>
</ul>
<h3>Chores</h3>
<ul>
<li>Switch agent gone response from 502 to 404 (backport <a
href="https://redirect.github.com/coder/coder/issues/23090">#23090</a>)
(<a
href="https://redirect.github.com/coder/coder/issues/23635">#23635</a>,
f7650296c)</li>
</ul>
<p>Compare: <a
href="https://github.com/coder/coder/compare/v2.31.5...v2.31.6"><code>v2.31.5...v2.31.6</code></a></p>
<h2>Container image</h2>
<ul>
<li><code>docker pull ghcr.io/coder/coder:2.31.6</code></li>
</ul>
<h2>Install/upgrade</h2>
<p>Refer to our docs to <a
href="https://coder.com/docs/install">install</a> or <a
href="https://coder.com/docs/install/upgrade">upgrade</a> Coder, or use
a release asset below.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f7650296ce"><code>f765029</code></a>
chore: switch agent gone response from 502 to 404 (backport <a
href="https://redirect.github.com/coder/coder/issues/23090">#23090</a>)
(<a
href="https://redirect.github.com/coder/coder/issues/23635">#23635</a>)</li>
<li><a
href="e419eb3101"><code>e419eb3</code></a>
fix: open coder_app links in new tab when open_in is tab (cherry-pick <a
href="https://redirect.github.com/coder/coder/issues/23000">#23000</a>)...</li>
<li>See full diff in <a
href="1a774ab7ce...f7650296ce">compare
view</a></li>
</ul>
</details>
<br />
Updates `actions/setup-go` from 6.3.0 to 6.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v6.4.0</h2>
<h2>What's Changed</h2>
<h3>Enhancement</h3>
<ul>
<li>Add go-download-base-url input for custom Go distributions by <a
href="https://github.com/gdams"><code>@gdams</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/721">actions/setup-go#721</a></li>
</ul>
<h3>Dependency update</h3>
<ul>
<li>Upgrade minimatch from 3.1.2 to 3.1.5 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/727">actions/setup-go#727</a></li>
</ul>
<h3>Documentation update</h3>
<ul>
<li>Rearrange README.md, add advanced-usage.md by <a
href="https://github.com/priyagupta108"><code>@priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/724">actions/setup-go#724</a></li>
<li>Fix Microsoft build of Go link by <a
href="https://github.com/gdams"><code>@gdams</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/734">actions/setup-go#734</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/gdams"><code>@gdams</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/721">actions/setup-go#721</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v6...v6.4.0">https://github.com/actions/setup-go/compare/v6...v6.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4a3601121d"><code>4a36011</code></a>
docs: fix Microsoft build of Go link (<a
href="https://redirect.github.com/actions/setup-go/issues/734">#734</a>)</li>
<li><a
href="8f19afcc70"><code>8f19afc</code></a>
feat: add go-download-base-url input for custom Go distributions (<a
href="https://redirect.github.com/actions/setup-go/issues/721">#721</a>)</li>
<li><a
href="27fdb267c1"><code>27fdb26</code></a>
Bump minimatch from 3.1.2 to 3.1.5 (<a
href="https://redirect.github.com/actions/setup-go/issues/727">#727</a>)</li>
<li><a
href="def8c394e3"><code>def8c39</code></a>
Rearrange README.md, add advanced-usage.md (<a
href="https://redirect.github.com/actions/setup-go/issues/724">#724</a>)</li>
<li>See full diff in <a
href="4b73464bb3...4a3601121d">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Description
This PR adds a zizmor security scan to the CI pipeline to analyze new
and existing GitHub Actions workflows under .github/workflows/.
- Runs zizmor on PRs and fails the check when HIGH severity (or above)
issues are found, so they can block merges.
- Runs zizmor on main to produce security reporting (where applicable),
keeping visibility into findings over time.
- Intended to be added as a required status check so workflow-security
regressions can’t land unnoticed.
Reference: coder/registry#642 (comment) / zizmor-action
## Type of Change
- [ ] New module
- [ ] New template
- [ ] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [x] Other - CI / security tooling
## Testing & Validation
- Validation via PR check - opened a test PR with a deliberately risky
workflow and confirmed zizmor reports and blocks on HIGH findings
## Related Issues
coder/registry#642 (comment) / zizmor-action
## Description
Add CI mode to version bump script to output Pass or Fail with a less
verbose comment when it fails
<!-- Briefly describe what this PR does and why -->
## Type of Change
- [ ] New module
- [ ] New template
- [ ] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [X] Other
## Testing & Validation
- [X] Tests pass (`bun test`)
- [X] Code formatted (`bun fmt`)
- [X] Changes tested locally
## Related Issues
<!-- Link related issues or write "None" if not applicable -->
Bumps the go_modules group with 1 update in the / directory:
[golang.org/x/crypto](https://github.com/golang/crypto).
Updates `golang.org/x/crypto` from 0.35.0 to 0.45.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4e0068c009"><code>4e0068c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="e79546e28b"><code>e79546e</code></a>
ssh: curb GSSAPI DoS risk by limiting number of specified OIDs</li>
<li><a
href="f91f7a7c31"><code>f91f7a7</code></a>
ssh/agent: prevent panic on malformed constraint</li>
<li><a
href="2df4153a03"><code>2df4153</code></a>
acme/autocert: let automatic renewal work with short lifetime certs</li>
<li><a
href="bcf6a849ef"><code>bcf6a84</code></a>
acme: pass context to request</li>
<li><a
href="b4f2b62076"><code>b4f2b62</code></a>
ssh: fix error message on unsupported cipher</li>
<li><a
href="79ec3a51fc"><code>79ec3a5</code></a>
ssh: allow to bind to a hostname in remote forwarding</li>
<li><a
href="122a78f140"><code>122a78f</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="c0531f9c34"><code>c0531f9</code></a>
all: eliminate vet diagnostics</li>
<li><a
href="0997000b45"><code>0997000</code></a>
all: fix some comments</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/crypto/compare/v0.35.0...v0.45.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/coder/registry/network/alerts).
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: DevCats <christofer@coder.com>
Co-authored-by: Atif Ali <atif@coder.com>
Bumps the github-actions group with 2 updates in the / directory:
[crate-ci/typos](https://github.com/crate-ci/typos) and
[golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action).
Updates `crate-ci/typos` from 1.38.1 to 1.39.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.39.0</h2>
<h2>[1.39.0] - 2025-10-31</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1383">October
2025</a> changes</li>
</ul>
<h3>Fixes</h3>
<ul>
<li>When a typo is pluralized, prefer pluralized corrections</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h2>[1.39.0] - 2025-10-31</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1383">October
2025</a> changes</li>
</ul>
<h3>Fixes</h3>
<ul>
<li>When a typo is pluralized, prefer pluralized corrections</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="07d900b8fa"><code>07d900b</code></a>
chore: Release</li>
<li><a
href="fcce1f892d"><code>fcce1f8</code></a>
chore: Release</li>
<li><a
href="85692fd91b"><code>85692fd</code></a>
docs: Update changelog</li>
<li><a
href="da7527cc35"><code>da7527c</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1406">#1406</a>
from epage/oct</li>
<li><a
href="9046b5b2e9"><code>9046b5b</code></a>
feat(dict): October additions</li>
<li><a
href="9a86c0a0c0"><code>9a86c0a</code></a>
docs: Update screenshot</li>
<li>See full diff in <a
href="https://github.com/crate-ci/typos/compare/v1.38.1...v1.39.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `golangci/golangci-lint-action` from 8 to 9
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's
releases</a>.</em></p>
<blockquote>
<h2>v9.0.0</h2>
<p>In the scope of this release, we change Nodejs runtime from node20 to
node24 (<a
href="https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/">https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/</a>).</p>
<h2>What's Changed</h2>
<h3>Changes</h3>
<ul>
<li>feat: add install-only option by <a
href="https://github.com/ldez"><code>@ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1305">golangci/golangci-lint-action#1305</a></li>
<li>feat: support Module Plugin System by <a
href="https://github.com/ldez"><code>@ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1306">golangci/golangci-lint-action#1306</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/golangci/golangci-lint-action/compare/v8.0.0...v9.0.0">https://github.com/golangci/golangci-lint-action/compare/v8.0.0...v9.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0a35821d5c"><code>0a35821</code></a>
docs: update readme</li>
<li><a
href="043b1b8d1c"><code>043b1b8</code></a>
feat: support Module Plugin System (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1306">#1306</a>)</li>
<li><a
href="a66d26a465"><code>a66d26a</code></a>
feat: add install-only option (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1305">#1305</a>)</li>
<li><a
href="7fe1b22e0c"><code>7fe1b22</code></a>
build(deps): bump the dependencies group with 2 updates (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1303">#1303</a>)</li>
<li><a
href="14973f18c8"><code>14973f1</code></a>
build(deps-dev): bump the dev-dependencies group with 2 updates (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1299">#1299</a>)</li>
<li><a
href="8c2d575d9b"><code>8c2d575</code></a>
build(deps): bump <code>@types/node</code> from 24.8.1 to 24.9.1 in the
dependencies group...</li>
<li><a
href="b002b6ecfc"><code>b002b6e</code></a>
build(deps): bump actions/setup-node from 5 to 6 (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1296">#1296</a>)</li>
<li><a
href="c13f4ed1a9"><code>c13f4ed</code></a>
build(deps): bump <code>@types/node</code> from 24.7.2 to 24.8.1 in the
dependencies group...</li>
<li><a
href="b68d21b131"><code>b68d21b</code></a>
docs: improve readme</li>
<li><a
href="06188a2a4a"><code>06188a2</code></a>
build(deps): bump github/codeql-action from 3 to 4 (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1293">#1293</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/golangci/golangci-lint-action/compare/v8...v9">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: DevCats <christofer@coder.com>
## Description
<!-- Briefly describe what this PR does and why -->
## Type of Change
- [ ] New module
- [ ] New template
- [ ] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other
## Module Information
<!-- Delete this section if not applicable -->
**Path:** `registry/[namespace]/modules/[module-name]`
**New version:** `v1.0.0`
**Breaking change:** [ ] Yes [ ] No
## Template Information
<!-- Delete this section if not applicable -->
**Path:** `registry/[namespace]/templates/[template-name]`
## Testing & Validation
- [ ] Tests pass (`bun test`)
- [ ] Code formatted (`bun fmt`)
- [ ] Changes tested locally
## Related Issues
<!-- Link related issues or write "None" if not applicable -->
Bumps the github-actions group with 1 update:
[crate-ci/typos](https://github.com/crate-ci/typos).
Updates `crate-ci/typos` from 1.37.2 to 1.38.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.38.1</h2>
<h2>[1.38.1] - 2025-10-07</h2>
<h3>Fixes</h3>
<ul>
<li>Ignore common golang identifiers</li>
</ul>
<h2>v1.38.0</h2>
<h2>[1.38.0] - 2025-10-06</h2>
<h3>Features</h3>
<ul>
<li>Update type list</li>
</ul>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>typ</code></li>
<li>Consistently error on unused config fields</li>
</ul>
<h2>v1.37.3</h2>
<h2>[1.37.3] - 2025-10-06</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>PN</code> for <code>bitbake</code> file
types</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h2>[1.38.1] - 2025-10-07</h2>
<h3>Fixes</h3>
<ul>
<li>Ignore common golang identifiers</li>
</ul>
<h2>[1.38.0] - 2025-10-06</h2>
<h3>Features</h3>
<ul>
<li>Update type list</li>
</ul>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>typ</code></li>
<li>Consistently error on unused config fields</li>
</ul>
<h2>[1.37.3] - 2025-10-06</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>PN</code> for <code>bitbake</code> file
types</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="80c8a4945e"><code>80c8a49</code></a>
chore: Release</li>
<li><a
href="c1008ce1b6"><code>c1008ce</code></a>
docs: Update changelog</li>
<li><a
href="62a3b5083a"><code>62a3b50</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1398">#1398</a>
from ccoveille-forks/go-exclusions</li>
<li><a
href="e6bedbde77"><code>e6bedbd</code></a>
fix(config): Add some Go exclusions</li>
<li><a
href="90cacd60e8"><code>90cacd6</code></a>
docs(ref): Speak to glob ambiguity</li>
<li><a
href="b81b12ea1b"><code>b81b12e</code></a>
docs(ref): Clarify directories are not spell checked</li>
<li><a
href="eaf25df994"><code>eaf25df</code></a>
docs(ref): Speak to locale's behavior</li>
<li><a
href="a9735e2e14"><code>a9735e2</code></a>
docs(ref): Provide identifier/word config examples</li>
<li><a
href="3c14191fcc"><code>3c14191</code></a>
docs(ref): Talk about include lists</li>
<li><a
href="d0f81dc972"><code>d0f81dc</code></a>
docs(ref): Re-organize help more like cargo</li>
<li>Additional commits viewable in <a
href="https://github.com/crate-ci/typos/compare/v1.37.2...v1.38.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Description
CI was failing on new module releases because there was no fallback to
gh api failures when there was no previous tag for the module was found.
https://github.com/coder/registry/actions/runs/17225186737/job/48868318539
<!-- Briefly describe what this PR does and why -->
## Type of Change
- [ ] New module
- [ ] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [X] Other
Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.34.0 to
1.35.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.35.3</h2>
<h2>[1.35.3] - 2025-08-08</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>ratatui</code> in Rust files</li>
</ul>
<h2>v1.35.2</h2>
<h2>[1.35.2] - 2025-08-07</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>unmarshaling</code></li>
</ul>
<h2>v1.35.1</h2>
<h2>[1.35.1] - 2025-08-04</h2>
<h3>Fixes</h3>
<ul>
<li>Fix typo in correction to <code>apostroph</code></li>
<li>Fix typo in correction to <code>cordinate</code></li>
<li>Fix typo in correction to <code>reproduceability</code></li>
<li>Fix typo in correction to <code>revolutionss</code></li>
<li>Fix typo in correction to <code>transivity</code></li>
</ul>
<h2>v1.35.0</h2>
<h2>[1.35.0] - 2025-08-04</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1331">July
2025</a> changes</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h2>[1.35.3] - 2025-08-08</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>ratatui</code> in Rust files</li>
</ul>
<h2>[1.35.2] - 2025-08-07</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>unmarshaling</code></li>
</ul>
<h2>[1.35.1] - 2025-08-04</h2>
<h3>Fixes</h3>
<ul>
<li>Fix typo in correction to <code>apostroph</code></li>
<li>Fix typo in correction to <code>cordinate</code></li>
<li>Fix typo in correction to <code>reproduceability</code></li>
<li>Fix typo in correction to <code>revolutionss</code></li>
<li>Fix typo in correction to <code>transivity</code></li>
</ul>
<h2>[1.35.0] - 2025-08-04</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1331">July
2025</a> changes</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="52bd719c2c"><code>52bd719</code></a>
chore: Release</li>
<li><a
href="c6f77dda9e"><code>c6f77dd</code></a>
docs: Update changelog</li>
<li><a
href="e35d08c453"><code>e35d08c</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1353">#1353</a>
from Rolv-Apneseth/ratatui</li>
<li><a
href="9d6691bc8c"><code>9d6691b</code></a>
fix: Ignore <code>ratatui</code> in Rust files</li>
<li><a
href="f1231bc2bc"><code>f1231bc</code></a>
chore: Release</li>
<li><a
href="66def6387b"><code>66def63</code></a>
docs: Update changelog</li>
<li><a
href="623f09b5bc"><code>623f09b</code></a>
chore: Release</li>
<li><a
href="1080316783"><code>1080316</code></a>
chore: Release</li>
<li><a
href="442605b529"><code>442605b</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1352">#1352</a>
from epage/marshaling</li>
<li><a
href="983f866bac"><code>983f866</code></a>
fix(dict): Don't correct marshaling</li>
<li>Additional commits viewable in <a
href="https://github.com/crate-ci/typos/compare/v1.34.0...v1.35.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Description
This PR updates the CI release flow to match the registry-server's new
development flow.
The "dev" registry now deploys directly from the main branch of
registry-server.
The "production" registry now deploys from tagged releases of
registry-server. We have added a "production" tag that will
track the same commit as the latest semver release of the
registry-server.
---
## Type of Change
- [ ] New module
- [x] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other
---
## Related Issues
Fixes https://github.com/coder/registry/pull/170
Closes #
Reverts https://github.com/coder/registry/pull/168 which should not have
been merged, and disables production deployments for now until a fix is
in place on the registry-server side.
## Description
Set up Pre-Req's, and ensure that formatting is done before checking
diff since it likes to not respect prettier formatting.
---
## Type of Change
- [ ] New module
- [X] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other
---
## Testing & Validation
- [X] Tests pass (`bun test`)
- [X] Code formatted (`bun run fmt`)
- [ ] Changes tested locally
---------
Co-authored-by: Atif Ali <atif@coder.com>
dependabot[bot]