chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
gh		minor	2.86.0 → 2.90.0
github.com/alecthomas/kong	require	minor	v1.12.1 → v1.15.0
github.com/alecthomas/repr	require	patch	v0.5.1 → v0.5.2
github.com/antchfx/htmlquery	require	patch	v1.3.4 → v1.3.6
github.com/antchfx/xpath	require	patch	v1.3.4 → v1.3.6
github.com/gabriel-vasile/mimetype	require	patch	v1.4.9 → v1.4.13
github.com/itchyny/gojq	require	patch	v0.12.18 → v0.12.19
github.com/klauspost/compress	require	patch	v1.18.0 → v1.18.5
github.com/mattn/go-isatty	require	patch	v0.0.20 → v0.0.21
github.com/ulikunitz/xz	require	patch	v0.5.12 → v0.5.15
go		minor	1.24.5 → 1.26.2
go (source)	toolchain	minor	1.24.5 → 1.26.2
go	uses-with	minor	1.24.x → 1.26.x
golang.org/x/net	require	minor	v0.42.0 → v0.53.0
golang.org/x/sync	require	minor	v0.16.0 → v0.20.0
golang.org/x/sys	require	minor	v0.38.0 → v0.43.0
golang.org/x/term	require	minor	v0.33.0 → v0.42.0
hugo		minor	0.148.1 → 0.152.2
just		minor	1.46.0 → 1.49.0
markupsafe (changelog)		patch	==3.0.2 → ==3.0.3
mkdocs-include-markdown-plugin (changelog)		minor	==7.1.6 → ==7.2.2
protoc		minor	3.7.1 → 3.20.3
python3		minor	3.13.2 → 3.14.3
shellcheck		minor	0.10.0 → 0.11.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

cli/cli (gh)

v2.90.0: GitHub CLI 2.90.0

Manage agent skills with gh skill (Public Preview)

Agent skills are portable sets of instructions, scripts, and resources that teach AI coding agents how to perform specific tasks. The new gh skill command makes it easy to discover, install, manage, and publish agent skills from GitHub repositories - right from the CLI.

# Discover skills
gh skill search copilot

# Preview a skill without installing
gh skill preview github/awesome-copilot documentation-writer

# Install a skill
gh skill install github/awesome-copilot documentation-writer

# Pin to a specific version
gh skill install github/awesome-copilot documentation-writer --pin v1.2.0

# Check installed skills for updates
gh skill update --all

# Validate and publish your own skills
gh skill publish --dry-run

Skills are automatically installed to the correct directory for your agent host. gh skill supports GitHub Copilot, Claude Code, Cursor, Codex, Gemini CLI, and Antigravity. Target a specific agent and scope with --agent and --scope flags.

gh skill publish validates skills against the Agent Skills specification and checks remote settings like tag protection and immutable releases to improve supply chain security.

Read the full announcement on the GitHub Blog.

gh skill is launching in public preview and is subject to change without notice.

Official extension suggestions

When you run a command that matches a known official extension that isn't installed (e.g. gh stack), the CLI now offers to install it instead of showing a generic "unknown command" error.

This feature is available for github/gh-aw and github/gh-stack.

When possible, you'll be prompted to install immediately. When prompting isn't possible, the CLI prints the gh extension install command to run.

gh extension install no longer requires authentication

gh extension install previously required a valid auth token even though it only needs to download a public release asset. The auth check has been removed, so you can install extensions without being logged in.

What's Changed

✨ Features

• Add gh skill command group: install, preview, search, update, publish by @​SamMorrowDrums in #​13165
• Suggest and install official extensions for unknown commands by @​BagToad in #​13175
• gh skill publish: auto-push unpushed commits before publish by @​SamMorrowDrums in #​13171
• Disable auth check for gh extension install by @​BagToad in #​13176

🐛 Fixes

• Fix infinite loop in gh release list --limit 0 by @​Bahtya in #​13097
• Ensure api and auth commands record agentic invocations by @​williammartin in #​13046
• Disable auth check for local-only skill flags by @​SamMorrowDrums in #​13173
• URL-encode parentPath in skills discovery API call by @​SamMorrowDrums in #​13172
• Fix: use target directory remotes in skills publish by @​SamMorrowDrums in #​13169
• Fix: preserve namespace in skills search deduplication by @​SamMorrowDrums in #​13170

📚 Docs & Chores

• docs: include PGP key fingerprints by @​babakks in #​13112
• docs: add sha/md5 checksums of keyring files by @​babakks in #​13150
• docs: fix SHA512 checksum for GPG key by @​timsu92 in #​13157
• docs(skill): polish skill commandset docs by @​babakks in #​13183
• Document dependency CVE policy in SECURITY.md by @​BagToad in #​13119
• Replace github.com/golang/snappy with klauspost/compress/snappy by @​thaJeztah in #​13048
• chore: bump to go1.26.2 by @​babakks in #​13116
• chore: delete experimental script/debian-devel by @​babakks in #​13127
• Suggest first party extensions by @​williammartin in #​13182
• Add cli/skill-reviewers as CODEOWNERS for skills packages by @​BagToad in #​13189
• Add @​cli/code-reviewers to all CODEOWNERS rules by @​BagToad in #​13190
• Address post-merge review feedback for skills commands by @​SamMorrowDrums in #​13185
• Fix skills-publish-dry-run acceptance test error message mismatch by @​SamMorrowDrums in #​13187
• Skills: replace real git in publish tests with CommandStubber by @​SamMorrowDrums in #​13188
• Remove redundant nil-client fallback in skills publish by @​SamMorrowDrums in #​13168
• Publish: use shared discovery logic instead of requiring skills/ directory by @​SamMorrowDrums in #​13167

Dependencies

• chore(deps): bump github.com/klauspost/compress from 1.18.4 to 1.18.5 by @​dependabot[bot] in #​13071
• chore(deps): bump github.com/yuin/goldmark from 1.7.16 to 1.8.2 by @​dependabot[bot] in #​13045
• chore(deps): bump charm.land/bubbles/v2 from 2.0.0 to 2.1.0 by @​dependabot[bot] in #​13051
• chore(deps): bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6 by @​dependabot[bot] in #​13152
• chore(deps): bump github.com/google/go-containerregistry from 0.21.3 to 0.21.4 by @​dependabot[bot] in #​13129
• chore(deps): bump github.com/sigstore/protobuf-specs from 0.5.0 to 0.5.1 by @​dependabot[bot] in #​13128
• chore(deps): bump github.com/in-toto/attestation from 1.1.2 to 1.2.0 by @​dependabot[bot] in #​13044
• chore(deps): bump advanced-security/filter-sarif from 1.0.1 to 1.1 by @​dependabot[bot] in #​12918
• chore(deps): bump google.golang.org/grpc from 1.79.3 to 1.80.0 by @​dependabot[bot] in #​13076
• chore(deps): bump github.com/hashicorp/go-version from 1.8.0 to 1.9.0 by @​dependabot[bot] in #​13065

New Contributors

• @​thaJeztah made their first contribution in #​13048
• @​Bahtya made their first contribution in #​13097
• @​timsu92 made their first contribution in #​13157
• @​SamMorrowDrums made their first contribution in #​13173

Full Changelog: cli/cli@v2.89.0...v2.90.0

v2.89.0: GitHub CLI 2.89.0

gh agent-task now works on ghe.com tenancies

gh agent-task commands previously failed with 401 Unauthorized for users on ghe.com tenancy hosts because the Copilot API URL was hardcoded. The URL is now resolved dynamically per host, so gh agent-task works correctly regardless of your GitHub hosting environment.

Experimental new prompter

A new TUI-based prompter powered by charmbracelet/huh is available behind the GH_EXPERIMENTAL_PROMPTER environment variable. This is an early preview — try it out and share feedback!

export GH_EXPERIMENTAL_PROMPTER=1

gh issue create and gh issue transfer no longer require extra token scopes

gh issue create and gh issue transfer previously fetched repository fields they didn't need, which could require additional token scopes. These commands now fetch only the minimal fields necessary for issue operations.

What's Changed

✨ Features

• gh pr create, gh issue create, gh issue edit: search-based assignee selection and login-based mutation on github.com by @​BagToad in #​13009
• Add experimental huh-only prompter gated by GH_EXPERIMENTAL_PROMPTER by @​BagToad in #​12859

🐛 Fixes

• fix(agent-task): resolve Copilot API URL dynamically for ghe.com tenancies by @​BagToad in #​12956
• fix(issue): avoid fetching unnecessary fields in issue create and issue transfer by @​babakks in #​12884
• fix: resolve data race in codespaces port forwarder by @​Lslightly in #​13033

📚 Docs & Chores

• Record agentic invocations in User-Agent header by @​williammartin in #​13023
• docs: clarify that gh pr edit --add-reviewer can re-request reviews by @​joshjohanning in #​13021
• Add AGENTS.md by @​williammartin in #​13024
• Fix typo: remove extra space in README.md link by @​realMelTuc in #​12725
• Align triage.md with current triage process by @​tidy-dev in #​13030
• Remove auto-labels from issue templates by @​tidy-dev in #​12972
• Consolidate actor-mode signals into ApiActorsSupported by @​BagToad in #​13025
• Fix acceptance test failures: git identity, headRepository JSON, obsolete traversal test by @​BagToad in #​13037

Dependencies

• chore(deps): bump google.golang.org/grpc from 1.79.2 to 1.79.3 by @​dependabot[bot] in #​12963
• chore(deps): bump github.com/google/go-containerregistry from 0.20.7 to 0.21.3 by @​dependabot[bot] in #​12962
• chore(deps): bump github.com/zalando/go-keyring from 0.2.6 to 0.2.8 by @​dependabot[bot] in #​13031
• chore(deps): bump microsoft/setup-msbuild from 2.0.0 to 3.0.0 by @​dependabot[bot] in #​13005
• chore(deps): bump mislav/bump-homebrew-formula-action from 3.6 to 4.1 by @​dependabot[bot] in #​13004
• chore(deps): bump azure/login from 2.3.0 to 3.0.0 by @​dependabot[bot] in #​12951

New Contributors

• @​joshjohanning made their first contribution in #​13021
• @​realMelTuc made their first contribution in #​12725
• @​Lslightly made their first contribution in #​13033

Full Changelog: v2.88.1...v2.89.0

v2.88.1: GitHub CLI 2.88.1

Fix pr commands failing with read:project scope error

v2.88.0 introduced a regression where pr commands would fail with the error:

error: your authentication token is missing required scopes [read:project]
To request it, run:  gh auth refresh -s read:project

Previously, missing read:project scope was gracefully handled, and project data was silently skipped. A change inadvertently broke the error matching that enabled this graceful degradation. v2.88.1 reverts these changes so that pr commands work correctly without requiring the read:project scope.

What's Changed

• Migrate Windows code signing from client secret to OIDC by @​BagToad in #​12911
• Revert "refactor: deduplicate scope error handling between api/client.go and project queries" by @​williammartin in #​12914
• Revert "fix: clarify scope error while creating issues for projects" by @​williammartin in #​12915

Full Changelog: cli/cli@v2.88.0...v2.88.1

v2.88.0: GitHub CLI 2.88.0

Request Copilot Code Review from gh

gh pr create and gh pr edit now support Copilot Code Review as a reviewer. Request a review with --add-reviewer @​copilot, or select Copilot interactively from the searchable reviewer prompt.

Create a pull request and request review from Copilot:

gh pr create --reviewer @​copilot

Edit a pull request and request review from Copilot:

gh pr edit --add-reviewer @​copilot

Close issues as duplicates with gh issue close --duplicate-of

You can now close issues as duplicates and link to a duplicate issue directly from the CLI. The new --duplicate-of flag accepts an issue number or URL and marks the closed issue as a duplicate of the referenced one. You can also use --reason duplicate to set the close reason without linking a specific issue.

# Close as duplicate, linking to the original issue
gh issue close 123 --duplicate-of 456

# Close with duplicate reason only
gh issue close 123 --reason duplicate

JSON support for gh agent-task

gh agent-task list and gh agent-task view now support --json, --jq, and --template flags, consistent with other gh commands.

gh agent-task list --json id,name,state
gh agent-task view <id> --json state --jq '.state'

What's Changed

✨ Features

• gh pr create: login-based reviewer requests and search-based interactive selection by @​BagToad in #​12627
• gh pr view and gh issue view: show friendly display names for all actors by @​BagToad in #​12854
• gh issue close: add --duplicate-of flag and duplicate reason by @​tksohishi in #​12811
• gh pr diff: add --exclude flag to filter files from diff output by @​yuvrajangadsingh in #​12655
• gh pr view/list: add changeType field to files JSON output by @​yuvrajangadsingh in #​12657
• gh repo clone: add --no-upstream flag by @​4RH1T3CT0R7 in #​12686
• gh repo edit: add --squash-merge-commit-message flag by @​yuvrajangadsingh in #​12846
• gh browse: add --blame flag by @​masonmcelvain in #​11486
• gh agent-task list: add --json support by @​maxbeizer in #​12806
• gh agent-task view: add --json support by @​maxbeizer in #​12807
• gh copilot: set COPILOT_GH env var when launching Copilot CLI by @​devm33 in #​12821

🐛 Fixes

• Fix gh project item-edit error when editing Draft Issue with only one (--title/--body) flag by @​ManManavadaria in #​12787
• Fix extension install error message showing raw struct instead of owner/repo by @​Copilot in #​12836
• Fix incorrect integer conversion from int to uint16 in port forwarder by @​BagToad in #​12831
• Fix invalid ANSI SGR escape code in JSON and diff colorization by @​BagToad in #​12720
• Fix assignees databaseId always being 0 in --json output by @​srt32 in #​12783
• Fix error when --remote flag used with repo argument by @​majiayu000 in #​12375
• Fix redundant API call in gh issue view --comments by @​VishnuVV27 in #​12652
• Clarify scope error while creating issues for projects by @​elijahthis in #​12596
• Reject pull request-only search qualifiers in gh issue list by @​LouisLau-art in #​12623
• Prevent .git/config corruption on repeated issue develop --name invocation by @​gunadhya in #​12651
• Use pre-compiled regexp for matching Content-Type by @​itchyny in #​12781
• Isolate generated licenses per platform (os/arch) by @​babakks in #​12774

📚 Docs & Chores

• Add examples to gh issue close help text by @​BagToad in #​12830
• Customizable install prefix in Makefile by @​scarf005 in #​11714
• Deduplicate scope error handling between api/client.go and project queries by @​yuvrajangadsingh in #​12845
• Remove unnecessary StateReason and StateReasonDuplicate feature detection by @​BagToad in #​12838
• Update Go version requirement to 1.26+ by @​BagToad in #​12864
• Add monthly pitch surfacing workflow by @​tidy-dev in #​12894

Dependencies

• Bump Go from 1.25.7 to 1.26.1 by @​BagToad in #​12860
• chore(deps): bump golang.org/x/sync from 0.19.0 to 0.20.0 by @​dependabot[bot] in #​12886
• chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.2 by @​dependabot[bot] in #​12851
• chore(deps): bump github.com/docker/cli from 29.0.3+incompatible to 29.2.0+incompatible by @​dependabot[bot] in #​12842
• chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.1 by @​dependabot[bot] in #​12759
• chore(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 by @​dependabot[bot] in #​12760
• chore(deps): bump actions/upload-artifact from 6 to 7 by @​dependabot[bot] in #​12797
• chore(deps): bump actions/download-artifact from 7 to 8 by @​dependabot[bot] in #​12796
• chore(deps): bump actions/attest-build-provenance from 3.2.0 to 4.1.0 by @​dependabot[bot] in #​12795
• chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.11 to 1.4.13 by @​dependabot[bot] in #​12615

New Contributors

• @​srt32 made their first contribution in #​12783
• @​itchyny made their first contribution in #​12781
• @​VishnuVV27 made their first contribution in #​12652
• @​elijahthis made their first contribution in #​12596
• @​ManManavadaria made their first contribution in #​12787
• @​maxbeizer made their first contribution in #​12806
• @​LouisLau-art made their first contribution in #​12623
• @​4RH1T3CT0R7 made their first contribution in #​12686
• @​yuvrajangadsingh made their first contribution in #​12657
• @​masonmcelvain made their first contribution in #​11486
• @​scarf005 made their first contribution in #​11714
• @​tksohishi made their first contribution in #​12811
• @​tidy-dev made their first contribution in #​12894

Full Changelog: cli/cli@v2.87.3...v2.88.0

v2.87.3: GitHub CLI 2.87.3

What's Changed

• Fix project mutation query variable usage by @​williammartin in #​12757

Full Changelog: cli/cli@v2.87.2...v2.87.3

v2.87.2: GitHub CLI 2.87.2

ℹ️ Note

This release was cut primarily to resolve a publishing issue. We recommend reviewing the v2.87.1 release notes for the complete set of latest features and fixes.

What's Changed

• chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 by @​dependabot[bot] in #​12659

Full Changelog: cli/cli@v2.87.1...v2.87.2

v2.87.0: GitHub CLI 2.87.0

gh workflow run immediately returns workflow run URL

One of our most requested features - with the latest changes in GitHub API, gh workflow run will immediately print the created workflow run URL.

Improved gh auth login experience in VM/WSL environments

We have observed rare cases of time drift between the wall and monotonic clocks, mostly in WSL or VM environments, causing failures during polling for the OAuth token. This new release implements measures to account for such situations.

If you continue to experience gh auth login issues in WSL, please comment in #​9370

Request Copilot Code Review from gh + performance improvements

gh pr edit now supports Copilot Code Review as a reviewer. You can request a review from Copilot using the --add-reviewer @​copilot flag or interactively by selecting reviewers in the prompts.

This release also introduces a new search experience for selecting reviewers and assignees in gh pr edit. Instead of loading all collaborators and teams upfront, results are now fetched based on inputs to a new search option. Initial options are suggestions based on those involved with the pull request already.

? Reviewers  [Use arrows to move, space to select, <right> to all, <left> to none, type to filter]
  [ ]  Search (7472 more)
  [x]  BagToad (Kynan Ware)
> [x]  Copilot (AI)

This experience will follow in gh pr create and gh issue for assignees in a later release.

What's Changed

✨ Features

• Bundle licenses at release time by @​williammartin in #​12625
• Add --query flag to project item-list by @​williammartin in #​12696
• feat(workflow run): retrieve workflow dispatch run details by @​babakks in #​12695
• Pin REST API version to 2022-11-28 by @​williammartin in #​12680
• Respect --exit-status with --log and --log-failed in run view by @​williammartin in #​12679
• Fork with default branch only during pr create by @​williammartin in #​12673
• gh pr edit: Add support for Copilot as reviewer with search capability, performance and accessibility improvements by @​BagToad in #​12567
• gh pr edit: new interactive prompt for assignee selection, performance and accessibility improvements by @​BagToad in #​12526

📚 Docs & Chores

• Clean up project item-list query addition changes by @​williammartin in #​12714
• gh release upload: Clarify --clobber flag deletes assets before re-uploading by @​BagToad in #​12711
• Add usage examples to gh gist edit command by @​BagToad in #​12710
• Remove feedback issue template by @​BagToad in #​12708
• Migrate issue triage workflows to shared workflows by @​BagToad in #​12677
• Migrate PR triage workflows to shared workflows by @​BagToad in #​12707
• Add missing TODO comments for featuredetection if-statements by @​BagToad in #​12701
• Add manual dispatch to bump-go workflow by @​BagToad in #​12631
• typo: dont to don't by @​cuiweixie in #​12554
• Fix fmt.Errorf format argument in ParseFullReference by @​mikelolasagasti in #​12516
• Lint source.md by @​Sethispr in #​12521

Dependencies

• chore(deps): bump golang.org/x/text from 0.32.0 to 0.33.0 by @​dependabot[bot] in #​12468
• chore(deps): bump golang.org/x/term from 0.38.0 to 0.39.0 by @​dependabot[bot] in #​12616
• Bump go to 1.25.7 by @​BagToad in #​12630
• chore(deps): bump golang.org/x/crypto from 0.46.0 to 0.47.0 by @​dependabot[bot] in #​12629
• chore: bump cli/oauth to v1.2.2 by @​babakks in #​12573
• update Go to 1.25.6 by @​BagToad in #​12580
• chore(deps): bump actions/attest-build-provenance from 3.1.0 to 3.2.0 by @​dependabot[bot] in #​12558
• chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 by @​dependabot[bot] in #​12524
• chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 by @​dependabot[bot] in #​12555
• chore(deps): bump github.com/gdamore/tcell/v2 from 2.13.4 to 2.13.7 by @​dependabot[bot] in #​12469
• chore(deps): bump github.com/sigstore/sigstore from 1.10.0 to 1.10.4 by @​dependabot[bot] in #​12525
• chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 by @​dependabot[bot] in #​12515
• chore(deps): bump actions/download-artifact from 6 to 7 by @​dependabot[bot] in #​12314
• chore(deps): bump actions/upload-artifact from 5 to 6 by @​dependabot[bot] in #​12315
• chore(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.4.0 by @​dependabot[bot] in #​12354

New Contributors

• @​Sethispr made their first contribution in #​12521
• @​cuiweixie made their first contribution in #​12554

Full Changelog: cli/cli@v2.86.0...v2.87.0

alecthomas/kong (github.com/alecthomas/kong)

v1.15.0

Compare Source

v1.14.0

Compare Source

v1.13.0

Compare Source

alecthomas/repr (github.com/alecthomas/repr)

v0.5.2

Compare Source

antchfx/htmlquery (github.com/antchfx/htmlquery)

v1.3.6

Compare Source

Update github.com/antchfx/xpath from v1.3.5 to v1.3.6.

v1.3.5

Compare Source

• Fix #​75 (@​zak-pawel)

• Update github.com/antchfx/xpath from v1.3.3 to v1.3.5

antchfx/xpath (github.com/antchfx/xpath)

v1.3.6

Compare Source

Merged PR:

• #​120(@​mislav) - Fix last() predicate on grouped expr.

Fixed:

• #​121

v1.3.5

Compare Source

Merged PR:

• #​117(@​mislav）- fix ancestor:: axes with position predicate.

Fixed:

• #​113 - (fix string() function)

gabriel-vasile/mimetype (github.com/gabriel-vasile/mimetype)

v1.4.13: Support for .hlp, .inf, .fm, .bufr

Compare Source

What's Changed

• ndjson: fix inputs truncated on the second line; fix #​744 in #​745
• bmp: harden detection against false-positives in #​746
• os2: add support for .hlp and .inf in #​747
• ttf: harden detection in #​750
• ttf: use ints instead of string for better performance in #​751
• framemaker: add support in #​752
• bufr: add support in #​754
• Extend: ensure MIME string normalization by @​yzqzss in #​756
• m3u: add x-mpegurl alias by @​AltayAkkus in #​755

New Contributors

• @​yzqzss made their first contribution in #​756
• @​AltayAkkus made their first contribution in #​755

Full Changelog: gabriel-vasile/mimetype@v1.4.12...v1.4.13

v1.4.12: RFC822, GRIB, Zlib support

Compare Source

What's Changed

• zip+json: add benchmarks for better performance tracking of pathological inputs in #​730
• zip+json: performance improvements for pathological cases in #​732
• Fix integer overflow panic on 32bit architectures in #​733
• ci: add more linters and fix their warnings in #​734
• jar: manifest must be first in #​735
• rfc822: add support in #​740
• grib: add support in #​742
• zlib: add support in #​743

Full Changelog: gabriel-vasile/mimetype@v1.4.11...v1.4.12

v1.4.11: cpio, wordperfect support

Compare Source

What's Changed

• wordperfect: add support in #​707
• cpio: add support for binary version in #​709
• shebang: fix detection with args by @​scop in #​710
• shebang: support env -S by @​scop in #​712
• dxf: add support in #​720
• clone: stop cloning MIME when there is no charset in #​722
• aaf: remove individual node for aaf in #​724
• msoxml: match files and directories for first zip entry in #​729

Full Changelog: gabriel-vasile/mimetype@v1.4.10...v1.4.11

v1.4.10: perfomance inprovements, tests and new formats

Compare Source

This release adds support for XHTML, Lotus-1-2-3, KML, shell scripts, VSDX, OneNote, CHM and Netpbm file formats.
Changes were made to make mimetype behave more file linux $ file --mime utility.

https://github.com/gabriel-vasile/mimetype_tests repo is now used for running comparisons between mimetype and $ file --mime. It contains 50 000 samples and mimetype identifies the same format as $ file --mime for ~97% of them. Results are in the Actions tab.

What's Changed

• charset: remove dependency on x/net for parsing html in #​669
• CSV: replace stdlib reader with a parser that allocates less in #​672
• svg: make detection harder in #​674
• pdf: relax check to match file in #​677
• csv: stop mutating input byte slices; for #​680 in #​681
• charset: remove dependency on mime in #​684
• mso_office: increase limit of checked entries from 4 to 100 in #​685
• jar: replace application/jar with application/java-archive in #​686
• Zip container improvements in #​687
• Jar first entry inside a zip in #​688
• svg+html: better handling for comments in #​689
• xhtml: add support in #​690
• misc: behave more like file in #​691
• lotus-1-2-3: add support in #​695
• Add support for zipped KML files by @​dmlambea in #​693
• shell: add support by [@​scop]

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: from: protoc-3.7.1, to: protoc-3.20.3

Bootstrapping /home/ubuntu/.cache/hermit/pkg/hermit@stable/hermit from https://github.com/cashapp/hermit/releases/download/stable
Creating /home/ubuntu/.cache/hermit/pkg/hermit@stable
Downloading https://github.com/cashapp/hermit/releases/download/stable/hermit-linux-amd64.gz to /home/ubuntu/.cache/hermit/pkg/hermit@stable/hermit
Hermit installed as /home/ubuntu/.cache/hermit/pkg/hermit@stable/hermit
Found Hermit in /home/ubuntu/bin/hermit but it is a different distribution, not overwriting.
Hermit is installed as /home/ubuntu/bin/hermit-stable

See https://cashapp.github.io/hermit/usage/get-started/ for more information.

error:file:///#PWD/../packages/.git: Cloning into '/home/ubuntu/.cache/hermit/sources/f20ea07710435d2335a6d24aca10db13a814bfe509d2a70211a13b2c57bd5690-1607175824'...
fatal: '/#PWD/../packages/.git' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

fatal:hermit: git sync failed: git clone --depth=1 file:///#PWD/../packages/.git /home/ubuntu/.cache/hermit/sources/f20ea07710435d2335a6d24aca10db13a814bfe509d2a70211a13b2c57bd5690-1607175824 failed: exit status 128

[alecthomas]

We need to upgrade golangci-lint first.

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.