docker

Update docker.io/gotenberg/gotenberg Docker tag to v8.34.0

No problems upgrading the Docker container with a Docker compose yaml file within Portainer and by means of Portainer DevOps resp. GitOps with dependency update facilitated by Mend's Renovate Bot.

This MR contains the following updates:

Package	Update	Change
docker.io/gotenberg/gotenberg	minor	`8.33.0` → `8.34.0`

Release Notes

gotenberg/gotenberg (docker.io/gotenberg/gotenberg)

`v8.34.0`: 8.34.0

Compare Source

Security Fixes ⚠️

Block content linked from untrusted locations in LibreOffice. An uploaded document could reference external (http(s)://) or local (file:///…) resources that LibreOffice resolved during conversion, giving blind SSRF and a limited local-file read. The soffice profile now sets BlockUntrustedRefererLinks, so soffice refuses to load any content a document links. Embedded content is unaffected; documents relying on linked resources no longer render them.

New Features

Factur-X / ZUGFeRD metadata (#1552). Conversions now inject the matching XMP metadata, and the API replaces the single facturx payload with dedicated form fields. Thanks @fank.
Owner-only encryption and permissions. A new ownerPassword, independent of userPassword, plus permission controls restrict what a viewer may do without locking the document open.
log-std-level-case (#1339). New flag to set the level field casing in standard output, lower (default) or upper. Thanks @Jaben.

Observability

Trace enrichment. New process.exec client spans, supervisor queue-wait and launch sub-spans, a Chromium print_to_pdf sub-span, backing-binary versions (Chromium, LibreOffice, qpdf, …) recorded on spans and captured at build time, and per-conversion I/O, network, and size attributes on Chromium and LibreOffice spans.
Error classification. Chromium and LibreOffice failures set an error.type from a bounded enum.
Richer resource and metrics. Process, OS, host, and container resource detectors, semconv aligned to v1.41.0, a trace-based exemplar filter, and conversions-since-restart and queue-depth gauges.

Bug Fixes

CSV conversions leaked the upload's UUID filename as a page header (#1568). Calc printed the sheet name, which was the UUID-based upload filename, as a centered page header. Now suppressed. Thanks @vapranav.
Webhook async lost trace context. The async delivery goroutine detached from the request context and dropped the trace, breaking span continuity. It now preserves the context via context.WithoutCancel.
ca-certificates missing in the chromium-only image. Outbound TLS could fail in the chromium-only build. The package is now installed. Thanks @osvein.
LibreOffice core-dump retries. Retries on ErrCoreDumped are now capped and observable, and the ErrRuntimeException message is corrected.

Chore

Updated Chromium to version 149.0.7827.102-1.
Updated Go dependencies.

Update docker.io/dbgate/dbgate Docker tag to v7.2.1

No problems automatically updating the Docker image and run the container by Watchtower with dependency update facilitated by Mend's Renovate Bot. This MR contains the following updates: Package Update Change docker.io/dbgate/dbgate patch 7.2.0 → 7.2.1 Release Notes dbgate/dbgate (docker.io/dbgate/

Update Helm release gitlab-runner to v0.90.0

No problems deploying GitLab Runner to K3s cluster via Helm Chart and Flux V2 reconciliation in a GitOps approach with dependency update facilitated by Mend's Renovate Bot. And also by means of Watchtower infrastructure to Docker host for Image Lifecycle Management with dependency update facilitated by Mend'

Update docker.io/gitlab/gitlab-ce Docker tag to v19.1.0

No problems automatically updating the monolithic Docker image and run the container by Watchtower with dependency update facilitated by Mend's Renovate Bot. GitLab 19.1 release notes This MR contains the following updates: Package Update Change docker.io/gitlab/gitlab-ce (changelog) minor 19.0.2-ce.0

Update docker.io/dependencytrack/frontend Docker tag to v5.0.2

No problems upgrading the frontend Docker container with a Docker compose yaml file within Portainer and by means of Portainer DevOps resp. GitOps with dependency update facilitated by Mend's Renovate Bot. This MR contains the following updates: Package Update Change docker.io/dependencytrack/frontend (source, changelog) patch 5.