Merge d9d6cb22f6 into 0153abba82

chore(deps): lock file maintenance
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-01-12 05:33:11 +01:00 · 2026-01-08 13:18:17 +01:00 · 2026-01-05 00:34:42 +00:00
10 changed files with 39 additions and 360 deletions
--- a/.wordlist.txt
+++ b/.wordlist.txt
@ -1,4 +1,3 @@
 AKS
 AccessDenied
 AdditionalContainerArgs
 Akamai
@ -6,7 +5,6 @@ Azurite
 BarmanObjectStore
 BarmanObjectStoreConfiguration
 BarmanObjectStores
 CLI
 CNCF
 CRD
 CloudNativePG
@ -40,7 +38,6 @@ PITR
 PoR
 PostgreSQL
 Postgres
 PowerShell
 README
 RPO
 RTO
@ -48,7 +45,6 @@ RecoveryWindow
 ResourceRequirements
 RetentionPolicy
 SAS
 SDK
 SFO
 SPDX
 SPDX
--- a/config/crd/bases/barmancloud.cnpg.io_objectstores.yaml
+++ b/config/crd/bases/barmancloud.cnpg.io_objectstores.yaml
@ -108,11 +108,6 @@ spec:
                        - key
                        - name
                        type: object
                      useDefaultAzureCredentials:
                        description: |-
                          Use the default Azure authentication flow, which includes DefaultAzureCredential.
                          This allows authentication using environment variables and managed identities.
                        type: boolean
                    type: object
                  data:
                    description: |-
--- a/go.mod
+++ b/go.mod
@ -7,7 +7,7 @@ toolchain go1.25.5
 require (
 	github.com/cert-manager/cert-manager v1.19.2
 	github.com/cloudnative-pg/api v1.28.0
-	github.com/cloudnative-pg/barman-cloud v0.4.1-0.20260108104508-ced266c145f5
+	github.com/cloudnative-pg/barman-cloud v0.4.1-0.20251230211524-20b7e0e10b0f
 	github.com/cloudnative-pg/cloudnative-pg v1.28.0
 	github.com/cloudnative-pg/cnpg-i v0.3.1
 	github.com/cloudnative-pg/cnpg-i-machinery v0.4.2
--- a/go.sum
+++ b/go.sum
@ -18,8 +18,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cloudnative-pg/api v1.28.0 h1:xElzHliO0eKkVQafkfMhDJo0aIRCmB1ItEt+SGh6B58=
 github.com/cloudnative-pg/api v1.28.0/go.mod h1:puXJBOsEaJd8JLgvCtxgl2TO/ZANap/z7bPepKRUgrk=
-github.com/cloudnative-pg/barman-cloud v0.4.1-0.20260108104508-ced266c145f5 h1:wPB7VTNgTv6t9sl4QYOBakmVTqHnOdKUht7Q3aL+uns=
+github.com/cloudnative-pg/barman-cloud v0.4.1-0.20251230211524-20b7e0e10b0f h1:4/PwIQOwQSTIxuncGRn3pX2V9CRwl7zJNXOVWOMSCCU=
-github.com/cloudnative-pg/barman-cloud v0.4.1-0.20260108104508-ced266c145f5/go.mod h1:qD0NtJOllNQbRB0MaleuHsZjFYaXtXfdg0HbFTbuHn0=
+github.com/cloudnative-pg/barman-cloud v0.4.1-0.20251230211524-20b7e0e10b0f/go.mod h1:qD0NtJOllNQbRB0MaleuHsZjFYaXtXfdg0HbFTbuHn0=
 github.com/cloudnative-pg/cloudnative-pg v1.28.0 h1:vkv0a0ewDSfJOPJrsyUr4uczsxheReAWf/k171V0Dm0=
 github.com/cloudnative-pg/cloudnative-pg v1.28.0/go.mod h1:209fkRR6m0vXUVQ9Q498eAPQqN2UlXECbXXtpGsZz3I=
 github.com/cloudnative-pg/cnpg-i v0.3.1 h1:fKj8NoToWI11HUL2UWYJBpkVzmaTvbs3kDMo7wQF8RU=
--- a/internal/cnpgi/operator/specs/secrets.go
+++ b/internal/cnpgi/operator/specs/secrets.go
@ -37,17 +37,13 @@ func CollectSecretNamesFromCredentials(barmanCredentials *barmanapi.BarmanCreden
 		)
 	}
 	if barmanCredentials.Azure != nil {
-		// When using default Azure credentials or managed identity, no secrets are required
+		references = append(
-		if !barmanCredentials.Azure.UseDefaultAzureCredentials &&
+			references,
-			!barmanCredentials.Azure.InheritFromAzureAD {
+			barmanCredentials.Azure.ConnectionString,
-			references = append(
+			barmanCredentials.Azure.StorageAccount,
-				references,
+			barmanCredentials.Azure.StorageKey,
-				barmanCredentials.Azure.ConnectionString,
+			barmanCredentials.Azure.StorageSasToken,
-				barmanCredentials.Azure.StorageAccount,
+		)
 				barmanCredentials.Azure.StorageKey,
 				barmanCredentials.Azure.StorageSasToken,
 			)
 		}
 	}
 	if barmanCredentials.Google != nil {
 		references = append(
--- a/internal/cnpgi/operator/specs/secrets_test.go
+++ b/internal/cnpgi/operator/specs/secrets_test.go
@ -1,227 +0,0 @@
 /*
 Copyright © contributors to CloudNativePG, established as
 CloudNativePG a Series of LF Projects, LLC.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 SPDX-License-Identifier: Apache-2.0
 */
 package specs
 import (
 	barmanapi "github.com/cloudnative-pg/barman-cloud/pkg/api"
 	machineryapi "github.com/cloudnative-pg/machinery/pkg/api"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 var _ = Describe("CollectSecretNamesFromCredentials", func() {
 	Context("when collecting secrets from AWS credentials", func() {
 		It("should return secret names from S3 credentials", func() {
 			credentials := &barmanapi.BarmanCredentials{
 				AWS: &barmanapi.S3Credentials{
 					AccessKeyIDReference: &machineryapi.SecretKeySelector{
 						LocalObjectReference: machineryapi.LocalObjectReference{
 							Name: "aws-secret",
 						},
 						Key: "access-key-id",
 					},
 					SecretAccessKeyReference: &machineryapi.SecretKeySelector{
 						LocalObjectReference: machineryapi.LocalObjectReference{
 							Name: "aws-secret",
 						},
 						Key: "secret-access-key",
 					},
 				},
 			}
 			secrets := CollectSecretNamesFromCredentials(credentials)
 			Expect(secrets).To(ContainElement("aws-secret"))
 		})
 		It("should handle nil AWS credentials", func() {
 			credentials := &barmanapi.BarmanCredentials{}
 			secrets := CollectSecretNamesFromCredentials(credentials)
 			Expect(secrets).To(BeEmpty())
 		})
 	})
 	Context("when collecting secrets from Azure credentials", func() {
 		It("should return secret names when using explicit credentials", func() {
 			credentials := &barmanapi.BarmanCredentials{
 				Azure: &barmanapi.AzureCredentials{
 					ConnectionString: &machineryapi.SecretKeySelector{
 						LocalObjectReference: machineryapi.LocalObjectReference{
 							Name: "azure-secret",
 						},
 						Key: "connection-string",
 					},
 				},
 			}
 			secrets := CollectSecretNamesFromCredentials(credentials)
 			Expect(secrets).To(ContainElement("azure-secret"))
 		})
 		It("should return empty list when using UseDefaultAzureCredentials", func() {
 			credentials := &barmanapi.BarmanCredentials{
 				Azure: &barmanapi.AzureCredentials{
 					UseDefaultAzureCredentials: true,
 					ConnectionString: &machineryapi.SecretKeySelector{
 						LocalObjectReference: machineryapi.LocalObjectReference{
 							Name: "azure-secret",
 						},
 						Key: "connection-string",
 					},
 				},
 			}
 			secrets := CollectSecretNamesFromCredentials(credentials)
 			Expect(secrets).To(BeEmpty())
 		})
 		It("should return empty list when using InheritFromAzureAD", func() {
 			credentials := &barmanapi.BarmanCredentials{
 				Azure: &barmanapi.AzureCredentials{
 					InheritFromAzureAD: true,
 				},
 			}
 			secrets := CollectSecretNamesFromCredentials(credentials)
 			Expect(secrets).To(BeEmpty())
 		})
 		It("should return secret names for storage account and key", func() {
 			credentials := &barmanapi.BarmanCredentials{
 				Azure: &barmanapi.AzureCredentials{
 					StorageAccount: &machineryapi.SecretKeySelector{
 						LocalObjectReference: machineryapi.LocalObjectReference{
 							Name: "azure-storage",
 						},
 						Key: "account-name",
 					},
 					StorageKey: &machineryapi.SecretKeySelector{
 						LocalObjectReference: machineryapi.LocalObjectReference{
 							Name: "azure-storage",
 						},
 						Key: "account-key",
 					},
 				},
 			}
 			secrets := CollectSecretNamesFromCredentials(credentials)
 			Expect(secrets).To(ContainElement("azure-storage"))
 		})
 	})
 	Context("when collecting secrets from Google credentials", func() {
 		It("should return secret names from Google credentials", func() {
 			credentials := &barmanapi.BarmanCredentials{
 				Google: &barmanapi.GoogleCredentials{
 					ApplicationCredentials: &machineryapi.SecretKeySelector{
 						LocalObjectReference: machineryapi.LocalObjectReference{
 							Name: "google-secret",
 						},
 						Key: "credentials.json",
 					},
 				},
 			}
 			secrets := CollectSecretNamesFromCredentials(credentials)
 			Expect(secrets).To(ContainElement("google-secret"))
 		})
 	})
 	Context("when collecting secrets from multiple cloud providers", func() {
 		It("should return secret names from all providers", func() {
 			credentials := &barmanapi.BarmanCredentials{
 				AWS: &barmanapi.S3Credentials{
 					AccessKeyIDReference: &machineryapi.SecretKeySelector{
 						LocalObjectReference: machineryapi.LocalObjectReference{
 							Name: "aws-secret",
 						},
 						Key: "access-key-id",
 					},
 				},
 				Azure: &barmanapi.AzureCredentials{
 					ConnectionString: &machineryapi.SecretKeySelector{
 						LocalObjectReference: machineryapi.LocalObjectReference{
 							Name: "azure-secret",
 						},
 						Key: "connection-string",
 					},
 				},
 				Google: &barmanapi.GoogleCredentials{
 					ApplicationCredentials: &machineryapi.SecretKeySelector{
 						LocalObjectReference: machineryapi.LocalObjectReference{
 							Name: "google-secret",
 						},
 						Key: "credentials.json",
 					},
 				},
 			}
 			secrets := CollectSecretNamesFromCredentials(credentials)
 			Expect(secrets).To(ContainElements("aws-secret", "azure-secret", "google-secret"))
 		})
 		It("should skip Azure secrets when using UseDefaultAzureCredentials with other providers", func() {
 			credentials := &barmanapi.BarmanCredentials{
 				AWS: &barmanapi.S3Credentials{
 					AccessKeyIDReference: &machineryapi.SecretKeySelector{
 						LocalObjectReference: machineryapi.LocalObjectReference{
 							Name: "aws-secret",
 						},
 						Key: "access-key-id",
 					},
 				},
 				Azure: &barmanapi.AzureCredentials{
 					UseDefaultAzureCredentials: true,
 					ConnectionString: &machineryapi.SecretKeySelector{
 						LocalObjectReference: machineryapi.LocalObjectReference{
 							Name: "azure-secret",
 						},
 						Key: "connection-string",
 					},
 				},
 			}
 			secrets := CollectSecretNamesFromCredentials(credentials)
 			Expect(secrets).To(ContainElement("aws-secret"))
 			Expect(secrets).NotTo(ContainElement("azure-secret"))
 		})
 	})
 	Context("when handling nil references", func() {
 		It("should skip nil secret references", func() {
 			credentials := &barmanapi.BarmanCredentials{
 				AWS: &barmanapi.S3Credentials{
 					AccessKeyIDReference: &machineryapi.SecretKeySelector{
 						LocalObjectReference: machineryapi.LocalObjectReference{
 							Name: "aws-secret",
 						},
 						Key: "access-key-id",
 					},
 					SecretAccessKeyReference: nil,
 				},
 			}
 			secrets := CollectSecretNamesFromCredentials(credentials)
 			Expect(secrets).To(ContainElement("aws-secret"))
 			Expect(len(secrets)).To(Equal(1))
 		})
 	})
 })
--- a/internal/cnpgi/operator/specs/suite_test.go
+++ b/internal/cnpgi/operator/specs/suite_test.go
@ -1,32 +0,0 @@
 /*
 Copyright © contributors to CloudNativePG, established as
 CloudNativePG a Series of LF Projects, LLC.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 SPDX-License-Identifier: Apache-2.0
 */
 package specs
 import (
 	"testing"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 func TestSpecs(t *testing.T) {
 	RegisterFailHandler(Fail)
 	RunSpecs(t, "Specs Suite")
 }
--- a/manifest.yaml
+++ b/manifest.yaml
@ -107,11 +107,6 @@ spec:
                        - key
                        - name
                        type: object
                      useDefaultAzureCredentials:
                        description: |-
                          Use the default Azure authentication flow, which includes DefaultAzureCredential.
                          This allows authentication using environment variables and managed identities.
                        type: boolean
                    type: object
                  data:
                    description: |-
--- a/web/docs/object_stores.md
+++ b/web/docs/object_stores.md
@ -29,16 +29,6 @@ the specific object storage provider you are using.
 The following sections detail the setup for each.
 :::note Authentication Methods
 The Barman Cloud Plugin does not independently test all authentication methods
 supported by `barman-cloud`. The plugin's responsibility is limited to passing
 the provided credentials to `barman-cloud`, which then handles authentication
 according to its own implementation. Users should refer to the
 [Barman Cloud documentation](https://docs.pgbarman.org/release/latest/) to
 verify that their chosen authentication method is supported and properly
 configured.
 :::
 ---
 ## AWS S3
@ -240,18 +230,14 @@ is Microsoft’s cloud-based object storage solution.
 Barman Cloud supports the following authentication methods:
 - [Connection String](https://learn.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string)
- Storage Account Name + [Storage Account Access Key](https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage)
+- Storage Account Name + [Access Key](https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage)
- Storage Account Name + [Storage Account SAS Token](https://learn.microsoft.com/en-us/azure/storage/blobs/sas-service-create)
+- Storage Account Name + [SAS Token](https://learn.microsoft.com/en-us/azure/storage/blobs/sas-service-create)
- [Azure AD Managed Identity](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview)
+- [Azure AD Workload Identity](https://azure.github.io/azure-workload-identity/docs/introduction.html)
 - [Default Azure Credentials](https://learn.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet)
-### Azure AD Managed Identity
+### Azure AD Workload Identity
-This method avoids storing credentials in Kubernetes by enabling the
+This method avoids storing credentials in Kubernetes via the
-usage of [Azure Managed Identities](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview) authentication mechanism.
+`.spec.configuration.inheritFromAzureAD` option:
 This can be enabled by setting the `inheritFromAzureAD` option to `true`.
 Managed Identity can be configured for the AKS Cluster by following
 the [Azure documentation](https://learn.microsoft.com/en-us/azure/aks/use-managed-identity?pivots=system-assigned).
 ```yaml
 apiVersion: barmancloud.cnpg.io/v1
@ -266,36 +252,6 @@ spec:
  [...]
 ```
 ### Default Azure Credentials
 The `useDefaultAzureCredentials` option enables the default Azure credentials
 flow, which uses [`DefaultAzureCredential`](https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.defaultazurecredential)
 to automatically discover and use available credentials in the following order:
 1. **Environment Variables** — `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, and `AZURE_TENANT_ID` for Service Principal authentication
 2. **Managed Identity** — Uses the managed identity assigned to the pod
 3. **Azure CLI** — Uses credentials from the Azure CLI if available
 4. **Azure PowerShell** — Uses credentials from Azure PowerShell if available
 This approach is particularly useful for getting started with development and testing; it allows
 the SDK to attempt multiple authentication mechanisms seamlessly across different environments.
 However, this is not recommended for production. Please refer to the
 [official Azure guidance](https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication/credential-chains?tabs=dac#usage-guidance-for-defaultazurecredential)
 for a comprehensive understanding of `DefaultAzureCredential`.
 ```yaml
 apiVersion: barmancloud.cnpg.io/v1
 kind: ObjectStore
 metadata:
  name: azure-store
 spec:
  configuration:
    destinationPath: "<destination path here>"
    azureCredentials:
      useDefaultAzureCredentials: true
  [...]
 ```
 ### Access Key, SAS Token, or Connection String
 Store credentials in a Kubernetes secret:
--- a/web/yarn.lock
+++ b/web/yarn.lock
@ -28,12 +28,12 @@
    json-schema "^0.4.0"
 "@ai-sdk/react@^2.0.30":
-  version "2.0.120"
+  version "2.0.119"
-  resolved "https://registry.yarnpkg.com/@ai-sdk/react/-/react-2.0.120.tgz#c48b732dd3cf4c533ea1f93b3e0ea1754080d78e"
+  resolved "https://registry.yarnpkg.com/@ai-sdk/react/-/react-2.0.119.tgz#8b1c4d849e59d0462b182f3ca3dc0cd4cda95242"
-  integrity sha512-x7Oa2LDRURc8uRnAdcEfydbHLSXGYjNaFlQrGuxZAMfqhLJQ+7x4K8Z6O5vnLt414mrPaVvgirfRqsP/nsxtnw==
+  integrity sha512-kl4CDAnKJ1z+Fc9cjwMQXLRqH5/gHhg8Jn9qW7sZ0LgL8VpiDmW+x+s8e588nE3eC88aL1OxOVyOE6lFYfWprw==
  dependencies:
    "@ai-sdk/provider-utils" "3.0.20"
-    ai "5.0.118"
+    ai "5.0.117"
    swr "^2.2.5"
    throttleit "2.1.0"
@ -3057,10 +3057,10 @@ aggregate-error@^3.0.0:
    clean-stack "^2.0.0"
    indent-string "^4.0.0"
-ai@5.0.118, ai@^5.0.30:
+ai@5.0.117, ai@^5.0.30:
-  version "5.0.118"
+  version "5.0.117"
-  resolved "https://registry.yarnpkg.com/ai/-/ai-5.0.118.tgz#c56676c5561aba7a9b7885d04ab55be3a57047e5"
+  resolved "https://registry.yarnpkg.com/ai/-/ai-5.0.117.tgz#8c6445f27eed52548f72cab22fc9327cfb80827a"
-  integrity sha512-sKJHfhJkvAyq5NC3yJJ4R8Z3tn4pSHF760/jInKAtmLwPLWTHfGo293DSO4un8QUAgJOagHd09VSXOXv+STMNQ==
+  integrity sha512-uE6HNkdSwxbeHGKP/YbvapwD8fMOpj87wyfT9Z00pbzOh2fpnw5acak/4kzU00SX2vtI9K0uuy+9Tf9ytw5RwA==
  dependencies:
    "@ai-sdk/gateway" "2.0.24"
    "@ai-sdk/provider" "2.0.1"
@ -3275,9 +3275,9 @@ balanced-match@^1.0.0:
  integrity sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==
 baseline-browser-mapping@^2.9.0:
-  version "2.9.13"
+  version "2.9.11"
-  resolved "https://registry.yarnpkg.com/baseline-browser-mapping/-/baseline-browser-mapping-2.9.13.tgz#e1d39147f6a7492438131476026e705d816b10cb"
+  resolved "https://registry.yarnpkg.com/baseline-browser-mapping/-/baseline-browser-mapping-2.9.11.tgz#53724708c8db5f97206517ecfe362dbe5181deea"
-  integrity sha512-WhtvB2NG2wjr04+h77sg3klAIwrgOqnjS49GGudnUPGFFgg7G17y7Qecqp+2Dr5kUDxNRBca0SK7cG8JwzkWDQ==
+  integrity sha512-Sg0xJUNDU1sJNGdfGWhVHX0kkZ+HWcvmVymJbj6NSgZZmW/8S9Y2HQ5euytnIgakgxN6papOAWiwDo1ctFDcoQ==
 batch@0.6.1:
  version "0.6.1"
@ -3479,9 +3479,9 @@ caniuse-api@^3.0.0:
    lodash.uniq "^4.5.0"
 caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001759, caniuse-lite@^1.0.30001760:
-  version "1.0.30001763"
+  version "1.0.30001762"
-  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001763.tgz#9397446dd110b1aeadb0df249c41b2ece7f90f09"
+  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001762.tgz#e4dbfeda63d33258cdde93e53af2023a13ba27d4"
-  integrity sha512-mh/dGtq56uN98LlNX9qdbKnzINhX0QzhiWBFEkFfsFO4QyCvL8YegrJAazCwXIeqkIob8BlZPGM3xdnY+sgmvQ==
+  integrity sha512-PxZwGNvH7Ak8WX5iXzoK1KPZttBXNPuaOvI2ZYU7NrlM+d9Ov+TUvlLOBNGzVXAntMSMMlJPd+jY6ovrVjSmUw==
 ccount@^2.0.0:
  version "2.0.1"
@ -8116,9 +8116,9 @@ safe-buffer@~5.1.0, safe-buffer@~5.1.1:
  integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
 sax@^1.2.4:
-  version "1.4.4"
+  version "1.4.3"
-  resolved "https://registry.yarnpkg.com/sax/-/sax-1.4.4.tgz#f29c2bba80ce5b86f4343b4c2be9f2b96627cf8b"
+  resolved "https://registry.yarnpkg.com/sax/-/sax-1.4.3.tgz#fcebae3b756cdc8428321805f4b70f16ec0ab5db"
-  integrity sha512-1n3r/tGXO6b6VXMdFT54SHzT9ytu9yr7TaELowdYpMqY/Ao7EnlQGmAQ1+RatX7Tkkdm6hONI2owqNx2aZj5Sw==
+  integrity sha512-yqYn1JhPczigF94DMS+shiDMjDowYO6y9+wB/4WgO0Y19jWYk0lQ4tuG5KI7kj4FTp1wxPj5IFfcrz/s1c3jjQ==
 scheduler@^0.27.0:
  version "0.27.0"
@ -8768,9 +8768,9 @@ undici-types@~7.16.0:
  integrity sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==
 undici@^7.12.0:
-  version "7.18.2"
+  version "7.16.0"
-  resolved "https://registry.yarnpkg.com/undici/-/undici-7.18.2.tgz#6cf724ef799a67d94fd55adf66b1e184176efcdf"
+  resolved "https://registry.yarnpkg.com/undici/-/undici-7.16.0.tgz#cb2a1e957726d458b536e3f076bf51f066901c1a"
-  integrity sha512-y+8YjDFzWdQlSE9N5nzKMT3g4a5UBX1HKowfdXh0uvAnTaqqwqB92Jt4UXBAeKekDs5IaDKyJFR4X1gYVCgXcw==
+  integrity sha512-QEg3HPMll0o3t2ourKwOeUAZ159Kn9mx5pnzHRQO8+Wixmh88YdZRiIwat0iNzNNXn0yoEtXJqFpyW7eM8BV7g==
 unicode-canonical-property-names-ecmascript@^2.0.0:
  version "2.0.1"
@ -9214,9 +9214,9 @@ ws@^7.3.1:
  integrity sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==
 ws@^8.18.0:
-  version "8.19.0"
+  version "8.18.3"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-8.19.0.tgz#ddc2bdfa5b9ad860204f5a72a4863a8895fd8c8b"
+  resolved "https://registry.yarnpkg.com/ws/-/ws-8.18.3.tgz#b56b88abffde62791c639170400c93dcb0c95472"
-  integrity sha512-blAT2mjOEIi0ZzruJfIhb3nps74PRWTCz1IjglWEEpQl5XS/UNama6u2/rjFkDDouqr4L67ry+1aGIALViWjDg==
+  integrity sha512-PEIGCY5tSlUt50cqyMXfCzX+oOPqN0vuGqWzbcJ2xvnkzkq46oOpz7dQaTDBdfICb4N14+GARUDw2XV2N4tvzg==
 wsl-utils@^0.1.0:
  version "0.1.0"
Author	SHA1	Message	Date
renovate[bot]	3b55aca2d6	Merge `d9d6cb22f6` into `0153abba82`	2026-01-08 13:18:17 +01:00
renovate[bot]	d9d6cb22f6	chore(deps): lock file maintenance Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-01-05 00:34:42 +00:00