security(gomod): π‘οΈ minor toolchain to v1.25.10#103
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
β Snyk checks have passed. No issues have been found so far.
π» Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
β Snyk checks have passed. No issues have been found so far.
π» Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
![renovate-approve[bot]](https://avatars.githubusercontent.com/in/7394?s=60&v=4){kind=small}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.22.5β1.25.10Stack exhaustion in all Parse functions in go/parser
BIT-golang-2024-34155 / CVE-2024-34155 / GO-2024-3105
More information
Details
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Stack exhaustion in Decoder.Decode in encoding/gob
BIT-golang-2024-34156 / CVE-2024-34156 / GO-2024-3106
More information
Details
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Stack exhaustion in Parse in go/build/constraint
BIT-golang-2024-34158 / CVE-2024-34158 / GO-2024-3107
More information
Details
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
BIT-golang-2024-45341 / CVE-2024-45341 / GO-2025-3373
More information
Details
A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain.
Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Sensitive headers incorrectly sent after cross-domain redirect in net/http
BIT-golang-2024-45336 / CVE-2024-45336 / GO-2025-3420
More information
Details
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com.
In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
BIT-golang-2025-22866 / CVE-2025-22866 / GO-2025-3447
More information
Details
Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
CVE-2025-22870 / GHSA-qxp5-gwg8-xv66 / GO-2025-3503
More information
Details
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Request smuggling due to acceptance of invalid chunked data in net/http
BIT-golang-2025-22871 / CVE-2025-22871 / GHSA-g9pc-8g42-g6vq / GO-2025-3563
More information
Details
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Improper access to parent directory of root in os
BIT-golang-2025-22873 / CVE-2025-22873 / GO-2026-4403
More information
Details
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall
BIT-golang-2025-0913 / CVE-2025-0913 / GO-2025-3750
More information
Details
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Sensitive headers not cleared on cross-origin redirect in net/http
BIT-golang-2025-4673 / CVE-2025-4673 / GO-2025-3751
More information
Details
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Incorrect results returned from Rows.Scan in database/sql
BIT-golang-2025-47907 / CVE-2025-47907 / GO-2025-3849
More information
Details
Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Unexpected paths returned from LookPath in os/exec
BIT-golang-2025-47906 / CVE-2025-47906 / GO-2025-3956
More information
Details
If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Excessive CPU consumption in ParseAddress in net/mail
BIT-golang-2025-61725 / CVE-2025-61725 / GO-2025-4006
More information
Details
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
ALPN negotiation error contains attacker controlled information in crypto/tls
BIT-golang-2025-58189 / CVE-2025-58189 / GO-2025-4008
More information
Details
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Quadratic complexity when parsing some invalid inputs in encoding/pem
BIT-golang-2025-61723 / CVE-2025-61723 / GO-2025-4009
More information
Details
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input.
This affects programs which parse untrusted PEM inputs.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Insufficient validation of bracketed IPv6 hostnames in net/url
BIT-golang-2025-47912 / CVE-2025-47912 / GO-2025-4010
More information
Details
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Parsing DER payload can cause memory exhaustion in encoding/asn1
BIT-golang-2025-58185 / CVE-2025-58185 / GO-2025-4011
More information
Details
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Lack of limit when parsing cookies can cause memory exhaustion in net/http
BIT-golang-2025-58186 / CVE-2025-58186 / GO-2025-4012
More information
Details
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Panic when validating certificates with DSA public keys in crypto/x509
BIT-golang-2025-58188 / CVE-2025-58188 / GO-2025-4013
More information
Details
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method.
This affects programs which validate arbitrary certificate chains.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Unbounded allocation when parsing GNU sparse map in archive/tar
BIT-golang-2025-58183 / CVE-2025-58183 / GO-2025-4014
More information
Details
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Excessive CPU consumption in Reader.ReadResponse in net/textproto
BIT-golang-2025-61724 / CVE-2025-61724 / GO-2025-4015
More information
Details
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Quadratic complexity when checking name constraints in crypto/x509
BIT-golang-2025-58187 / CVE-2025-58187 / GO-2025-4007
More information
Details
Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate.
This affects programs which validate arbitrary certificate chains.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Excessive resource consumption when printing error string for host certificate validation in crypto/x509
BIT-golang-2025-61729 / CVE-2025-61729 / GO-2025-4155
More information
Details
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
BIT-golang-2025-61727 / CVE-2025-61727 / GO-2025-4175
More information
Details
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Handshake messages may be processed at the incorrect encryption level in crypto/tls
BIT-golang-2025-61730 / CVE-2025-61730 / GO-2026-4340
More information
Details
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Memory exhaustion in query parameter parsing in net/url
BIT-golang-2025-61726 / CVE-2025-61726 / GO-2026-4341
More information
Details
The net/url package does not set a limit on the number of query parameters in a query.
While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Excessive CPU consumption when building archive index in archive/zip
BIT-golang-2025-61728 / CVE-2025-61728 / GO-2026-4342
More information
Details
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Unexpected session resumption in crypto/tls
BIT-golang-2025-68121 / CVE-2025-68121 / GO-2026-4337
More information
Details
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Incorrect parsing of IPv6 host literals in net/url
BIT-golang-2026-25679 / CVE-2026-25679 / GO-2026-4601
More information
Details
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
FileInfo can escape from a Root in os
BIT-golang-2026-27139 / CVE-2026-27139 / GO-2026-4602
More information
Details
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened.
The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
URLs in meta content attribute actions are not escaped in html/template
BIT-golang-2026-27142 / CVE-2026-27142 / GO-2026-4603
More information
Details
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh".
A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
BIT-golang-2026-32282 / CVE-2026-32282 / GO-2026-4864
More information
Details
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root.
The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
JsBraceDepth Context Tracking Bugs (XSS) in html/template
BIT-golang-2026-32289 / CVE-2026-32289 / GO-2026-4865
More information
Details
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied.
These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Unbounded allocation for old GNU sparse in archive/tar
BIT-golang-2026-32288 / CVE-2026-32288 / GO-2026-4869
More information
Details
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
BIT-golang-2026-32283 / CVE-2026-32283 / GO-2026-4870
More information
Details
If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service.
This only affects TLS 1.3.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Inefficient policy validation in crypto/x509
BIT-golang-2026-32281 / CVE-2026-32281 / GO-2026-4946
More information
Details
Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service.
This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Unexpected work during chain building in crypto/x509
BIT-golang-2026-32280 / CVE-2026-32280 / GO-2026-4947
More information
Details
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
BIT-golang-2026-33814 / CVE-2026-33814 / GO-2026-4918
More information
Details
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Panic in Dial and LookupPort when handling NUL byte on Windows in net
BIT-golang-2026-39836 / CVE-2026-39836 / GO-2026-4971
More information
Details
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
BIT-golang-2026-39825 / CVE-2026-39825 / GO-2026-4976
More information
Details
ReverseProxy can forward queries containing parameters not visible to Rewrite functions.
When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function.
For example, the query "a1=x&a2=x&...&a10000=x&hidden=y" can forward the parameter "hidden=y" while hiding it from the proxy's Rewrite function.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Quadratic string concatenation in consumePhrase in net/mail
BIT-golang-2026-42499 / CVE-2026-42499 / GO-2026-4977
More information
Details
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Escaper bypass leads to XSS in html/template
BIT-golang-2026-39826 / CVE-2026-39826 / GO-2026-4980
More information
Details
If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the <script> block.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Crash when handling long CNAME response in net
BIT-golang-2026-33811 / CVE-2026-33811 / GO-2026-4981
More information
Details
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Bypass of meta content URL escaping causes XSS in html/template
BIT-golang-2026-39823 / CVE-2026-39823 / GO-2026-4982
More information
Details
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Quadratic string concatentation in consumeComment in net/mail
BIT-golang-2026-39820 / CVE-2026-39820 / GO-2026-4986
More information
Details
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
Release Notes
golang/go (go)
v1.25.10v1.25.9v1.25.8v1.25.7v1.25.6v1.25.5v1.25.4v1.25.3v1.25.2v1.25.1v1.25.0v1.24.13v1.24.12v1.24.11v1.24.10v1.24.9v1.24.8v1.24.7v1.24.6v1.24.5v1.24.4v1.24.3v1.24.2v1.24.1v1.24.0v1.23.12v1.23.11v1.23.10v1.23.9v1.23.8v1.23.7v1.23.6v1.23.5v1.23.4v1.23.3v1.23.2v1.23.1v1.23.0v1.22.12v1.22.11v1.22.10v1.22.9v1.22.8v1.22.7v1.22.6Configuration
π Schedule: (in timezone America/Chicago)
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
π» Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.