Skip to content

build(deps): bump the go-dependencies group across 1 directory with 3 updates#53

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-bf7612b7b6
Jul 1, 2026
Merged

build(deps): bump the go-dependencies group across 1 directory with 3 updates#53
github-actions[bot] merged 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-bf7612b7b6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-dependencies group with 3 updates in the / directory: github.com/alecthomas/chroma/v2, github.com/juanfont/headscale and tailscale.com/client/tailscale/v2.

Updates github.com/alecthomas/chroma/v2 from 2.24.1 to 2.27.0

Release notes

Sourced from github.com/alecthomas/chroma/v2's releases.

v2.27.0

Changelog

  • a6d00fe fix(html): make mode class output opt-in via WithModeClasses
  • f52d015 chore: some house-keeping
  • f08a9ab chore: add fmt + test to BUILD.bit
  • 6da8f88 fix(yaml): comments can be key-values (#1289)
  • 67785a4 chore(deps): update all non-major dependencies (#1285)
  • d9dd73f Add templ XML lexer (#1283)
  • effffdb chore(deps): update all non-major dependencies (#1280)
  • 03236a4 support for PostScript font files (#1282)
  • e10d532 Fix YAML slash comments with colons (#1278)

v2.26.1

Changelog

  • 56c7702 fix: downgrade go.mod version to 1.25

v2.26.0

Changelog

  • a4d3f60 feat(chromad): use style counterparts for theme switching
  • ce159e6 chore: migrate to new bit format
  • 180ea9f perf(colour): replace Sprintf/ParseUint round-trip in NewColour with direct bit arithmetic (#1274)
  • 68a08b0 docs: how to support dynamic theme switching
  • 6fb9d92 feat(html): tag output with style mode
  • a71fea3 feat(styles): add light/dark mode support

v2.25.0

Changelog

  • c3826f0 chore: go mod tidy
  • fb5bc39 fix: emit HTTP body tokens without Coalesce
  • a3c2946 Improve Nu file detection (#1260)
  • e841b1a chore(deps): update all non-major dependencies (#1272)
  • 3ed2db8 Add Gemfile.lock lexer (& ruby improvements) (#1269)
  • 41fb546 Add YAML+Jinja lexer (#1268)
  • e99b881 chore(deps): update all non-major dependencies (#1263)
  • e67dd2f (Markless) Fix parse issue for embed directives without options (#1266)
  • dffa370 fix(go): tokenize trailing // as comment instead of consuming next line (#1265)
  • 1cf1560 chore: upgrade to github.com/dlclark/regexp2/v2
  • 2cbcf7b chore: upgrade golangci-lint
  • 786675b chore(deps): update all non-major dependencies (#1257)
  • 235590c feat: add JSONL support to JSON lexer (#1262)
  • f9b5c97 fix(dart): match single-line comments without trailing newline (#1225) (#1261)
  • 097f8e9 Mention Arturo in README (#1256)
  • d46ce60 feat(markdown): highlight frontmatter and comments (#1245)
  • f786b2a feat(lexers): add support for LilyPond (#1255)
  • 0a02b98 chore(deps): update actions/checkout digest to de0fac2 (#1212)
  • c55009e Fix AGENTS.md referencing a non-existent scripts directory (#1231)
  • c5e763e Improve protobuf lexer (#1253)
  • 113cd0e Add Arturo lexer (#1232)
  • 4498d71 chore(deps): update dependency binaryen to v129 (#1238)
  • 885f912 Added f4 to "Projects using Chroma" list (#1242)

... (truncated)

Commits

Updates github.com/juanfont/headscale from 0.28.0 to 0.29.0

Release notes

Sourced from github.com/juanfont/headscale's releases.

v0.29.0

Minimum supported Tailscale client version: v1.80.0

Tailscale ACL compatibility improvements

Extensive test cases were systematically generated using Tailscale clients and the official SaaS to understand how the packet filter should be generated. We discovered a few differences, but overall our implementation was very close. #3036

SSH check action

SSH rules with "action": "check" are now supported. When a client initiates a SSH connection to a node with a check action policy, the user is prompted to authenticate via OIDC or CLI approval before access is granted. OIDC approval requires the authenticated user to own the source node; tagged source nodes cannot use SSH check-mode.

A new headscale auth CLI command group supports the approval flow:

  • headscale auth approve --auth-id <id> approves a pending authentication request (SSH check or web auth)
  • headscale auth reject --auth-id <id> rejects a pending authentication request
  • headscale auth register --auth-id <id> --user <user> registers a node (replaces deprecated headscale nodes register)

#1850 #3180

Policy tests (beta)

Headscale now evaluates the tests block in a policy file. Tests assert reachability between named sources and destinations and cover the whole policy — both acls and grants rules contribute. They run on user-initiated writes via headscale policy set, on SIGHUP reload (systemctl reload headscale / kill -HUP $(pidof headscale)), and on headscale policy check. A failing test rejects the write before it is applied, with the same error message Tailscale SaaS would return for the same policy.

At boot a stored policy whose tests no longer pass — for example because a referenced user was deleted while the server was offline — logs a warning and the server keeps running. Fix the policy and reload.

This feature is beta while behavioural coverage against Tailscale SaaS broadens.

#3229

SSH policy tests (beta)

Headscale now evaluates the sshTests block in a policy file. Each entry names a source, one or more destination hosts, and three optional user lists: accept asserts the listed login users reach every destination via an accept- or check-action SSH rule, deny asserts none of them reach any destination, and check requires reachability specifically through a check-action rule. Tests run on headscale policy set, on SIGHUP reload (systemctl reload headscale /

... (truncated)

Changelog

Sourced from github.com/juanfont/headscale's changelog.

0.29.0 (2026-06-17)

Minimum supported Tailscale client version: v1.80.0

Tailscale ACL compatibility improvements

Extensive test cases were systematically generated using Tailscale clients and the official SaaS to understand how the packet filter should be generated. We discovered a few differences, but overall our implementation was very close. #3036

SSH check action

SSH rules with "action": "check" are now supported. When a client initiates a SSH connection to a node with a check action policy, the user is prompted to authenticate via OIDC or CLI approval before access is granted. OIDC approval requires the authenticated user to own the source node; tagged source nodes cannot use SSH check-mode.

A new headscale auth CLI command group supports the approval flow:

  • headscale auth approve --auth-id <id> approves a pending authentication request (SSH check or web auth)
  • headscale auth reject --auth-id <id> rejects a pending authentication request
  • headscale auth register --auth-id <id> --user <user> registers a node (replaces deprecated headscale nodes register)

#1850 #3180

Policy tests (beta)

Headscale now evaluates the tests block in a policy file. Tests assert reachability between named sources and destinations and cover the whole policy — both acls and grants rules contribute. They run on user-initiated writes via headscale policy set, on SIGHUP reload (systemctl reload headscale / kill -HUP $(pidof headscale)), and on headscale policy check. A failing test rejects the write before it is applied, with the same error message Tailscale SaaS would return for the same policy.

At boot a stored policy whose tests no longer pass — for example because a referenced user was deleted while the server was offline — logs a warning and the server keeps running. Fix the policy and reload.

This feature is beta while behavioural coverage against Tailscale SaaS broadens.

#3229

SSH policy tests (beta)

Headscale now evaluates the sshTests block in a policy file. Each entry names a source, one or more destination hosts, and three optional user lists: accept asserts the listed login users reach every destination via an accept- or check-action SSH rule, deny asserts none of them reach any destination, and check requires reachability specifically through a check-action

... (truncated)

Commits
  • b0c221f changelog: set 0.29 date
  • 68a6d3c db: drop ambiguous machine-key getter, match precisely in test helper
  • 1689478 state: return all nodes for a machine key, reject ambiguous ownership
  • a1d3e98 state: allow key expiry to be set on tagged nodes
  • b83bf3f state: serialise registration per machine key
  • 96d2e6e state: roll back node store when re-registration write fails
  • 9b89497 db: treat unknown pre-auth key as not found
  • bff216a state: update node in place on pre-auth-key re-registration
  • fd08b8f state: make any-user machine-key lookup deterministic
  • a73d38b state: reject re-registration claiming another node's key
  • Additional commits viewable in compare view

Updates tailscale.com/client/tailscale/v2 from 2.9.1-0.20260406222307-5d0550509a1c to 2.10.1

Release notes

Sourced from tailscale.com/client/tailscale/v2's releases.

v2.10.1

Changelog

  • 36a2e0709301324f7aca49669c07f950c1af613e: fix: return zero status code on HTTP error to prevent nil pointer dereference (@​almeidapaulopt)

v2.10.0

Changelog

  • 860fd33d3a166e7a30b9a5012580986775b86c20: services: rename VIPService to Service (@​rajsinghtech)
  • 39c60209e76aff2983cebe2e7d703ba0e6c316ca: devices: add device posture identity to devices response (@​jaxxstorm)
  • 5d0550509a1c970ef7cf98380f106c4036f48f0c: devices: add hardware addresses (@​jaxxstorm)
  • b1993e08c460b5e5150c7244b565ffdd260c5f1e: policyfile: add services to ACLAutoApprovers (@​knyar)
  • e3648985d0a0cc9190fb04d376360dda8f646162: policyfile: add PresetAppID field to NodeAttrGrantApp (@​SamyDjemai)
  • 1bc91985fb3681efe9bd898615f3e219d9a57340: policyfile: handle 200 OK responses; support ACL tests; add tests (@​alexwlchan)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

… updates

Bumps the go-dependencies group with 3 updates in the / directory: [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma), [github.com/juanfont/headscale](https://github.com/juanfont/headscale) and [tailscale.com/client/tailscale/v2](https://github.com/tailscale/tailscale-client-go-v2).


Updates `github.com/alecthomas/chroma/v2` from 2.24.1 to 2.27.0
- [Release notes](https://github.com/alecthomas/chroma/releases)
- [Commits](alecthomas/chroma@v2.24.1...v2.27.0)

Updates `github.com/juanfont/headscale` from 0.28.0 to 0.29.0
- [Release notes](https://github.com/juanfont/headscale/releases)
- [Changelog](https://github.com/juanfont/headscale/blob/main/CHANGELOG.md)
- [Commits](juanfont/headscale@v0.28.0...v0.29.0)

Updates `tailscale.com/client/tailscale/v2` from 2.9.1-0.20260406222307-5d0550509a1c to 2.10.1
- [Release notes](https://github.com/tailscale/tailscale-client-go-v2/releases)
- [Commits](https://github.com/tailscale/tailscale-client-go-v2/commits/v2.10.1)

---
updated-dependencies:
- dependency-name: github.com/alecthomas/chroma/v2
  dependency-version: 2.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/juanfont/headscale
  dependency-version: 0.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: tailscale.com/client/tailscale/v2
  dependency-version: 2.10.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 1, 2026
@github-actions github-actions Bot enabled auto-merge (squash) July 1, 2026 15:31
@github-actions github-actions Bot added the build label Jul 1, 2026
@github-actions github-actions Bot merged commit 5a82858 into main Jul 1, 2026
10 of 11 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/go-dependencies-bf7612b7b6 branch July 1, 2026 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

build dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant