Skip to content

chore(deps): update netbox #797

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update netbox #797

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 30, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change Age Confidence
ghcr.io/astral-sh/uv final patch 0.8.3 -> 0.8.15 age confidence
netbox-data-flows minor ==1.1.1 -> ==1.3.0 age confidence
netbox-initializers (changelog) minor ==4.3.0 -> ==4.4.0 age confidence
netbox-plugin-dns minor ==1.3.5 -> ==1.4.1 age confidence
netbox-secrets patch ==2.3.0 -> ==2.3.2 age confidence
quay.io/netboxcommunity/netbox minor v4.3.5 -> v4.4.0 age confidence
quay.io/netboxcommunity/netbox stage minor v4.3.5 -> v4.4.0 age confidence

Release Notes

astral-sh/uv (ghcr.io/astral-sh/uv)

v0.8.15

Compare Source

Python
Enhancements
  • Add uv auth commands for credential management (#​15570)
  • Add pyx support to uv auth commands (#​15636)
  • Add uv tree --show-sizes to show package sizes (#​15531)
  • Add --python-platform riscv64-unknown-linux (#​15630)
  • Add --python-platform to uv run and uv tool (#​15515)
  • Add uv publish --dry-run (#​15638)
  • Add zstandard support for wheels (#​15645)
  • Allow registries to pre-provide core metadata (#​15644)
  • Retry streaming Python and binary download errors (#​15567)
Bug fixes
  • Fix settings rendering for extra-build-dependencies (#​15622)
  • Skip non-existent directories in bytecode compilation (#​15608)
Error messages
  • Add error trace to invalid package format (#​15626)

v0.8.14

Compare Source

Python
  • Add managed CPython distributions for aarch64 musl
Enhancements
  • Add --python-platform to uv pip check (#​15486)
  • Add an environment variable for UV_ISOLATED (#​15428)
  • Add logging to the uv build backend (#​15533)
  • Allow more trailing null bytes in zip files (#​15452)
  • Allow pinning managed Python versions to specific build versions (#​15314)
  • Cache PyTorch wheels by default (#​15481)
  • Reject already-installed wheels that don't match the target platform (#​15484)
  • Add --no-install-local option to uv sync, uv add and uv export (#​15328)
  • Include cycle error message in uv pip CLI (#​15453)
Preview features
  • Fix format of {version} on uv format failure (#​15527)
  • Lock during installs in uv format to prevent races (#​15551)
  • Respect --project in uv format (#​15438)
  • Run uv format in the project root (#​15440)
Configuration
  • Add file-to-CLI overrides for build isolation configuration (#​15437)
  • Add file-to-CLI overrides for reinstall configuration (#​15426)
Performance
  • Cache WHEEL and METADATA reads in installed distributions (#​15489)
Bug fixes
  • Avoid erroring when creating venv in current working directory (#​15537)
  • Avoid introducing unnecessary system dependency on CUDA (#​15449)
  • Clear discovered site packages when creating virtual environment (#​15522)
  • Read index credentials from the environment during uv publish checks (#​15545)
  • Refuse to remove non-virtual environments in uv venv (#​15538)
  • Stop setting CLICOLOR_FORCE=1 when calling build backends (#​15472)
  • Support file or directory removal for Windows symlinks (#​15543)
Documentation
  • Fix GitHub guide highlight lines (#​15443)
  • Move Resolver to new Internals section in the Reference (#​15465)
  • Split the "Authentication" page into sections (#​15575)
  • Update uninstall docs to mention uvw.exe needs to be removed (#​15536)

v0.8.13

Compare Source

Enhancements
  • Add --no-install-* arguments to uv add (#​15375)
  • Initialize Git prior to reading author in uv init (#​15377)
  • Add CUDA 129 to available torch backends (#​15416)
  • Update Pyodide to 0.28.2 (#​15385)
Preview features
  • Add an experimental uv format command (#​15017)
  • Allow version specifiers in extra-build-dependencies if match-runtime is explicitly false (#​15420)
Bug fixes
  • Add triton to torch-backend manifest (#​15405)
  • Avoid panicking when resolver returns stale distributions (#​15389)
  • Fix uv_build wheel hashes (#​15400)
  • Treat --upgrade-package on the command-line as overriding upgrade = false in configuration (#​15395)
  • Restore DockerHub publishing (#​15381)

v0.8.12

Compare Source

Python
  • Add 3.13.7
  • Improve performance of zstd in Python 3.14

See the python-build-standalone release notes for details.

Enhancements
  • Add an aarch64-pc-windows-msvc target for python-platform (#​15347)
  • Add fallback parent process detection to uv tool update-shell (#​15356)
  • Install non-build-isolation packages in a second phase (#​15306)
  • Add hint when virtual environments are included in source distributions (#​15202)
  • Add Docker images derived from buildpack-deps:trixie, debian:trixie-slim, alpine:3.22 (#​15351)
Bug fixes
  • Reject already-installed wheels built with outdated settings (#​15289)
  • Skip interpreters that are not found on query (#​15315)
  • Handle dotted package names in script path resolution (#​15300)
  • Reject match-runtime = true for dynamic packages (#​15292)
Documentation
  • Document improvements to build-isolation setups (#​15326)
  • Fix reference documentation recommendation to use uv cache clean instead of clear (#​15313)

v0.8.11

Compare Source

Python
  • Add Python 3.14.0rc2
  • Update Pyodide to 0.28.1
Enhancements
  • Add Debian 13 trixie to published Docker images (#​15269)
  • Add extra-build-dependencies hint for any missing module on build failure (#​15252)
  • Make 'v' prefix cyan in overlap warnings (#​15259)
Bug fixes
  • Fix missing uv version in extended Docker image tags (#​15263)
  • Persist cache info when re-installing cached wheels (#​15274)
Rust API
  • Allow passing custom reqwest clients to RegistryClient (#​15281)

v0.8.10

Compare Source

Python
  • Add support for installing Pyodide versions (#​14518)
Enhancements
  • Allow Python requests with missing segments, e.g., just aarch64 (#​14399)
Preview
  • Move warnings for conflicting modules into preview (#​15253)

v0.8.9

Compare Source

Enhancements
  • Add --reinstall flag to uv python upgrade (#​15194)
Bug fixes
  • Include build settings in cache key for registry source distribution lookups (#​15225)
  • Avoid creating bin links on uv python upgrade if they don't already exist (#​15192)
  • Respect system proxies on macOS and Windows (#​15221)
Documentation

v0.8.8

Compare Source

Bug fixes
  • Fix find_uv_bin compatibility with Python <3.10 (#​15177)

v0.8.7

Compare Source

Python
  • On Mac/Linux, libtcl, libtk, and _tkinter are built as separate shared objects, which fixes matplotlib's tkagg backend (the default on Linux), Pillow's PIL.ImageTk library, and other extension modules that need to use libtcl/libtk directly.
  • Tix is no longer provided on Linux. This is a deprecated Tk extension that appears to have been previously broken.

See the python-build-standalone release notes for details.

Enhancements
  • Do not update uv.lock when using --isolated (#​15154)
  • Add support for --prefix and --with installations in find_uv_bin (#​14184)
  • Add support for discovering base prefix installations in find_uv_bin (#​14181)
  • Improve error messages in find_uv_bin (#​14182)
  • Warn when two packages write to the same module (#​13437)
Preview features
  • Add support for package-level conflicts in workspaces (#​14906)
Configuration
  • Add UV_DEV and UV_NO_DEV environment variables (for --dev and --no-dev) (#​15010)
Bug fixes
  • Fix regression where --require-hashes applied to build dependencies in uv pip install (#​15153)
  • Ignore GraalPy devtags (#​15013)
  • Include all site packages directories in ephemeral environment overlays (#​15121)
  • Search in the user scheme scripts directory last in find_uv_bin (#​14191)
Documentation
  • Add missing periods (.) to list elements in Features docs page (#​15138)

v0.8.6

Compare Source

This release contains hardening measures to address differentials in behavior between uv and Python's built-in ZIP parser (CVE-2025-54368).

Prior to this release, attackers could construct ZIP files that would be extracted differently by pip, uv, and other tools. As a result, ZIPs could be constructed that would be considered harmless by (e.g.) scanners, but contain a malicious payload when extracted by uv. As of v0.8.6, uv now applies additional checks to reject such ZIPs.

Thanks to a triage effort with the Python Security Response Team and PyPI maintainers, we were able to determine that these differentials were not exploited via PyPI during the time they were present. The PyPI team has also implemented similar checks and now guards against these parsing differentials on upload.

Although the practical risk of exploitation is low, we take the hypothetical risk of parser differentials very seriously. Out of an abundance of caution, we have assigned this advisory a CVE identifier and have given it a "moderate" severity suggestion.

These changes have been validated against the top 15,000 PyPI packages; however, it's plausible that a non-malicious ZIP could be falsely rejected with this additional hardening. As an escape hatch, users who do encounter breaking changes can enable UV_INSECURE_NO_ZIP_VALIDATION to restore the previous behavior. If you encounter such a rejection, please file an issue in uv and to the upstream package.

For additional information, please refer to the following blog posts:

Security
  • Harden ZIP streaming to reject repeated entries and other malformed ZIP files (#​15136)
Python
  • Add CPython 3.13.6
Configuration
  • Add support for per-project build-time environment variables (#​15095)
Bug fixes
  • Avoid invalid simplification with conflict markers (#​15041)
  • Respect UV_HTTP_RETRIES in uv publish (#​15106)
  • Support UV_NO_EDITABLE where --no-editable is supported (#​15107)
  • Upgrade cargo-dist to add UV_INSTALLER_URL to PowerShell installer (#​15114)
  • Upgrade h2 again to avoid too_many_internal_resets errors (#​15111)
  • Consider pythonw when copying entry points in uv run (#​15134)
Documentation
  • Ensure symlink warning is shown (#​15126)

v0.8.5

Compare Source

Enhancements
  • Enable uv run with a GitHub Gist (#​15058)
  • Improve HTTP response caching log messages (#​15067)
  • Show wheel tag hints in install plan (#​15066)
  • Support installing additional executables in uv tool install (#​14014)
Preview features
  • Enable extra build dependencies to 'match runtime' versions (#​15036)
  • Remove duplicate extra-build-dependencies warnings for uv pip (#​15088)
  • Use "option" instead of "setting" in pylock warning (#​15089)
  • Respect extra build requires when reading from wheel cache (#​15030)
  • Preserve lowered extra build dependencies (#​15038)
Bug fixes
  • Add Python versions to markers implied from wheels (#​14913)
  • Ensure consistent indentation when adding dependencies (#​14991)
  • Fix handling of python-preference = system when managed interpreters are on the PATH (#​15059)
  • Fix symlink preservation in virtual environment creation (#​14933)
  • Gracefully handle entrypoint permission errors (#​15026)
  • Include wheel hashes from local Simple indexes (#​14993)
  • Prefer system Python installations over managed ones when --system is used (#​15061)
  • Remove retry wrapper when matching on error kind (#​14996)
  • Revert h2 upgrade (#​15079)
Documentation
  • Improve visibility of copy and line separator in dark mode (#​14987)

v0.8.4

Compare Source

Enhancements
  • Improve styling of warning cause chains (#​14934)
  • Extend wheel filtering to Android tags (#​14977)
  • Perform wheel lockfile filtering based on platform and OS intersection (#​14976)
  • Clarify messaging when a new resolution needs to be performed (#​14938)
Preview features
  • Add support for extending package's build dependencies with extra-build-dependencies (#​14735)
  • Split preview mode into separate feature flags (#​14823)
Configuration
  • Add support for package specific exclude-newer dates via exclude-newer-package (#​14489)
Bug fixes
  • Avoid invalidating lockfile when path or workspace dependencies define explicit indexes (#​14876)
  • Copy entrypoints that have a shebang that differs in python vs python3 (#​14970)
  • Fix incorrect file permissions in wheel packages (#​14930)
  • Update validation for environments and required-environments in uv.toml (#​14905)
Documentation
  • Show uv_build in projects documentation (#​14968)
  • Add UV_ prefix to installer environment variables (#​14964)
  • Un-hide uv from --build-backend options (#​14939)
  • Update documentation for preview flags (#​14902)
Alef-Burzmali/netbox-data-flows (netbox-data-flows)

v1.3.0

Compare Source

Feature release

New features

ICMP type support

You can now specify the ICMP types allowed by a data flow. The list of known types can be extended if necessary.

[!WARNING]
Existing ICMP dataflows will now be displayed as ICMPv4 only. You will need to create a new ICMPv6 dataflow if needed.
Source ports of ICMP dataflows are ignored (and removed when saved), the destination ports are interpreted as the list of ICMP types.

Application related objects

You can now link any NetBox object (e.g.: devices) to an application, via a custom field. See the documentation on how to configure it.

Compatibility

NetBox: >=4.2.0 (including 4.4.0)
Python: >=3.10

Only compatibility with versions 4.4.0, 4.3.7 and 4.2.9 was tested, although the plugin should support other patch versions of the same minors.

Update procedure

  • Run NetBox's upgrade.sh, and restart NetBox

Check the documentation for further instructions.

What's Changed

Full Changelog: Alef-Burzmali/netbox-data-flows@v1.2.1...v1.3.0

v1.2.1

Compare Source

Minor release.

  • Tentatively add compatibility with NetBox 4.4.x and clarify which versions are supported.
  • Add a inherited tags field on data flows and data flow groups in the REST API.

Compatibility

NetBox: >=4.2.0 (including 4.4.0-beta1)
Python: >=3.10

The test suite is run on the latest patch version of the current minor version of NetBox, and on the previous minor.

Update procedure

  • Run NetBox's upgrade.sh, and restart NetBox

Check the documentation for further instructions.

What's Changed

Full Changelog: Alef-Burzmali/netbox-data-flows@v1.2.0...v1.2.1

v1.2.0

Compare Source

Minor release

Add support for Tenants in Applications, Data Flows and Data Flow Groups and fix some bugs.

Support for NetBox <4.2.0 officially dropped, as it was probably already buggy in previous releases.
Only v4.2.9 (the latest patch) is tested in the v4.2.x minor.

Compatibility

NetBox: >=4.2.0 (<4.4.0-beta1)
Python: >=3.10

The test suite is run on all patch versions of the current minor version of NetBox, but only on the latest patch versions of older minors.

Update procedure

  • Run NetBox's upgrade.sh, and restart NetBox

Check the documentation for further instructions.

What's Changed

Full Changelog: Alef-Burzmali/netbox-data-flows@v1.1.1...v1.2.0

tobiasge/netbox-initializers (netbox-initializers)

v4.4.0: Version 4.4.0

Compare Source

What's Changed

Full Changelog: tobiasge/netbox-initializers@v4.3.0...v4.4.0

peteeckel/netbox-plugin-dns (netbox-plugin-dns)

v1.4.1: Bugfix Release 1.4.1

Compare Source

What's Changed

Full Changelog: peteeckel/netbox-plugin-dns@1.4.0...1.4.1

v1.4.0: Feature Release 1.4.0

Compare Source

What's Changed

Full Changelog: peteeckel/netbox-plugin-dns@1.3.6...1.4.0

v1.3.6: Bugfix Release 1.3.6

Compare Source

What's Changed

  • Fixed verbose messages for orphaned record cleanup (f-string) by @​peteeckel in #​683
  • Modified the CNAME target and CNAME source tables to only display active records by @​peteeckel in #​684
  • Added a data migration to set disable_ptr to False for non-address records by @​peteeckel in #​685
  • Fixed CF based view filters not being observed when an address record needs to be removed by @​peteeckel in #​687

Full Changelog: peteeckel/netbox-plugin-dns@1.3.5...1.3.6

Onemind-Services-LLC/netbox-secrets (netbox-secrets)

v2.3.2

Compare Source

What's Changed

Full Changelog: Onemind-Services-LLC/netbox-secrets@v2.3.1...v2.3.2

v2.3.1

Compare Source

What's Changed

Full Changelog: Onemind-Services-LLC/netbox-secrets@v2.3.0...v2.3.1

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the renovate label Jul 30, 2025
@renovate renovate bot force-pushed the renovate/netbox branch from b8484b7 to 6e32c8d Compare August 3, 2025 22:10
@renovate renovate bot changed the title chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.8.4 chore(deps): update netbox Aug 3, 2025
@renovate renovate bot force-pushed the renovate/netbox branch 5 times, most recently from cdd45a5 to af2f1c8 Compare August 12, 2025 05:51
@renovate renovate bot force-pushed the renovate/netbox branch 6 times, most recently from 043edde to 44d3ea7 Compare August 18, 2025 22:58
@renovate renovate bot force-pushed the renovate/netbox branch 3 times, most recently from bcc9830 to 129b310 Compare August 27, 2025 17:43
@renovate renovate bot force-pushed the renovate/netbox branch 5 times, most recently from 5f8e386 to 786af88 Compare September 4, 2025 10:01
@renovate renovate bot force-pushed the renovate/netbox branch from 786af88 to ba16926 Compare September 5, 2025 09:36
@renovate
chore(deps): update netbox
607f776 
Signed-off-by: Renovate Bot <[email protected]>
@renovate renovate bot force-pushed the renovate/netbox branch from ba16926 to 607f776 Compare September 5, 2025 18:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
renovate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants