Chewing_Bever/homelab

Fork 0

Update dependency restic/rest-server to v0.14.0 #11

Open

Renovate Bot wants to merge 2 commits from renovate/restic-rest-server-0.x into main

Renovate Bot commented

2026-04-20 20:31:22 +02:00

Collaborator

This PR contains the following updates:

Package	Update	Change
restic/rest-server	minor	`0.12.1` → `0.14.0`

Release Notes

restic/rest-server (restic/rest-server)

Changelog for rest-server 0.14.0 (2025-05-31)

The following sections list the changes in rest-server 0.14.0 relevant to users. The changes are ordered by importance.

Summary

Sec #318: Fix world-readable permissions on new .htpasswd files
Chg #322: Update dependencies and require Go 1.23 or newer
Enh #174: Support proxy-based authentication
Enh #189: Support group accessible repositories
Enh #295: Output status of append-only mode on startup
Enh #315: Hardened tls settings
Enh #321: Add zip archive format for Windows releases

Details

Security #318: Fix world-readable permissions on new .htpasswd files

On startup the rest-server Docker container creates an empty .htpasswd file if none exists yet. This file was world-readable by default, which can be a security risk, even though the file only contains hashed passwords.

This has been fixed such that new .htpasswd files are no longer world-readabble.

The permissions of existing .htpasswd files must be manually changed if relevant in your setup.

#318 #340
Change #322: Update dependencies and require Go 1.23 or newer

All dependencies have been updated. Rest-server now requires Go 1.23 or newer to build.

This also disables support for TLS versions older than TLS 1.2. On Windows, rest-server now requires at least Windows 10 or Windows Server 2016. On macOS, rest-server now requires at least macOS 11 Big Sur.

#322 #338
Enhancement #174: Support proxy-based authentication

Rest-server now supports authentication via HTTP proxy headers. This feature can be enabled by specifying the username header using the --proxy-auth-username option (e.g., --proxy-auth-username=X-Forwarded-User).

When enabled, the server authenticates users based on the specified header and disables Basic Auth. Note that proxy authentication is disabled when --no-auth is set.

#174 #307
Enhancement #189: Support group accessible repositories

Rest-server now supports making repositories accessible to the filesystem group by setting the --group-accessible-repos option. Note that permissions of existing files are not modified. To allow the group to read and write file, use a umask of 007. To only grant read access use 027. To make an existing repository group-accessible, use chmod -R g+rwX /path/to/repo.

#189 #308
Enhancement #295: Output status of append-only mode on startup

Rest-server now displays the status of append-only mode during startup.

#295
Enhancement #315: Hardened tls settings

Rest-server now uses a secure TLS cipher suite set by default. The minimum TLS version is now TLS 1.2 and can be further increased using the new --tls-min-ver option, allowing users to enforce stricter security requirements.

#315
Enhancement #321: Add zip archive format for Windows releases

Windows users can now download rest-server binaries in zip archive format (.zip) in addition to the existing tar.gz archives.

#321 #346

Changelog for rest-server 0.13.0 (2024-07-26)

The following sections list the changes in rest-server 0.13.0 relevant to users. The changes are ordered by importance.

Summary

Chg #267: Update dependencies and require Go 1.18 or newer
Chg #273: Shut down cleanly on TERM and INT signals
Enh #271: Print listening address after start-up
Enh #272: Support listening on a unix socket

Details

Change #267: Update dependencies and require Go 1.18 or newer

Most dependencies have been updated. Since some libraries require newer language features, support for Go 1.17 has been dropped, which means that rest-server now requires at least Go 1.18 to build.

#267
Change #273: Shut down cleanly on TERM and INT signals

Rest-server now listens for TERM and INT signals and cleanly closes down the http.Server and listener when receiving either of them.

This is particularly useful when listening on a unix socket, as the server will now remove the socket file when it shuts down.

#273
Enhancement #271: Print listening address after start-up

When started with --listen :0, rest-server would print start server on :0

The message now also includes the actual address listened on, for example start server on 0.0.0.0:37333. This is useful when starting a server with an auto-allocated free port number (port 0).

#271
Enhancement #272: Support listening on a unix socket

It is now possible to make rest-server listen on a unix socket by prefixing the socket filename with unix: and passing it to the --listen option, for example --listen unix:/tmp/foo.

This is useful in combination with remote port forwarding to enable a remote server to backup locally, e.g.:
```
rest-server --listen unix:/tmp/foo &
ssh -R /tmp/foo:/tmp/foo user@host restic -r rest:http+unix:///tmp/foo:/repo backup
```
#272

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [restic/rest-server](https://github.com/restic/rest-server) | minor | `0.12.1` → `0.14.0` | --- ### Release Notes <details> <summary>restic/rest-server (restic/rest-server)</summary> ### [`v0.14.0`](https://github.com/restic/rest-server/releases/tag/v0.14.0) [Compare Source](https://github.com/restic/rest-server/compare/v0.13.0...v0.14.0) # Changelog for rest-server 0.14.0 (2025-05-31) The following sections list the changes in rest-server 0.14.0 relevant to users. The changes are ordered by importance. ## Summary - Sec [#318](https://github.com/restic/rest-server/issues/318): Fix world-readable permissions on new `.htpasswd` files - Chg [#322](https://github.com/restic/rest-server/pull/322): Update dependencies and require Go 1.23 or newer - Enh [#174](https://github.com/restic/rest-server/issues/174): Support proxy-based authentication - Enh [#189](https://github.com/restic/rest-server/issues/189): Support group accessible repositories - Enh [#295](https://github.com/restic/rest-server/pull/295): Output status of append-only mode on startup - Enh [#315](https://github.com/restic/rest-server/pull/315): Hardened tls settings - Enh [#321](https://github.com/restic/rest-server/issues/321): Add zip archive format for Windows releases ## Details - Security [#318](https://github.com/restic/rest-server/issues/318): Fix world-readable permissions on new `.htpasswd` files On startup the rest-server Docker container creates an empty `.htpasswd` file if none exists yet. This file was world-readable by default, which can be a security risk, even though the file only contains hashed passwords. This has been fixed such that new `.htpasswd` files are no longer world-readabble. The permissions of existing `.htpasswd` files must be manually changed if relevant in your setup. [#318](https://github.com/restic/rest-server/issues/318) [#340](https://github.com/restic/rest-server/pull/340) - Change [#322](https://github.com/restic/rest-server/issues/322): Update dependencies and require Go 1.23 or newer All dependencies have been updated. Rest-server now requires Go 1.23 or newer to build. This also disables support for TLS versions older than TLS 1.2. On Windows, rest-server now requires at least Windows 10 or Windows Server 2016. On macOS, rest-server now requires at least macOS 11 Big Sur. [#322](https://github.com/restic/rest-server/pull/322) [#338](https://github.com/restic/rest-server/pull/338) - Enhancement [#174](https://github.com/restic/rest-server/issues/174): Support proxy-based authentication Rest-server now supports authentication via HTTP proxy headers. This feature can be enabled by specifying the username header using the `--proxy-auth-username` option (e.g., `--proxy-auth-username=X-Forwarded-User`). When enabled, the server authenticates users based on the specified header and disables Basic Auth. Note that proxy authentication is disabled when `--no-auth` is set. [#174](https://github.com/restic/rest-server/issues/174) [#307](https://github.com/restic/rest-server/pull/307) - Enhancement [#189](https://github.com/restic/rest-server/issues/189): Support group accessible repositories Rest-server now supports making repositories accessible to the filesystem group by setting the `--group-accessible-repos` option. Note that permissions of existing files are not modified. To allow the group to read and write file, use a umask of `007`. To only grant read access use `027`. To make an existing repository group-accessible, use `chmod -R g+rwX /path/to/repo`. [#189](https://github.com/restic/rest-server/issues/189) [#308](https://github.com/restic/rest-server/pull/308) - Enhancement [#295](https://github.com/restic/rest-server/issues/295): Output status of append-only mode on startup Rest-server now displays the status of append-only mode during startup. [#295](https://github.com/restic/rest-server/pull/295) - Enhancement [#315](https://github.com/restic/rest-server/issues/315): Hardened tls settings Rest-server now uses a secure TLS cipher suite set by default. The minimum TLS version is now TLS 1.2 and can be further increased using the new `--tls-min-ver` option, allowing users to enforce stricter security requirements. [#315](https://github.com/restic/rest-server/pull/315) - Enhancement [#321](https://github.com/restic/rest-server/issues/321): Add zip archive format for Windows releases Windows users can now download rest-server binaries in zip archive format (.zip) in addition to the existing tar.gz archives. [#321](https://github.com/restic/rest-server/issues/321) [#346](https://github.com/restic/rest-server/pull/346) ### [`v0.13.0`](https://github.com/restic/rest-server/releases/tag/v0.13.0) [Compare Source](https://github.com/restic/rest-server/compare/v0.12.1...v0.13.0) # Changelog for rest-server 0.13.0 (2024-07-26) The following sections list the changes in rest-server 0.13.0 relevant to users. The changes are ordered by importance. ## Summary - Chg [#267](https://github.com/restic/rest-server/pull/267): Update dependencies and require Go 1.18 or newer - Chg [#273](https://github.com/restic/rest-server/pull/273): Shut down cleanly on TERM and INT signals - Enh [#271](https://github.com/restic/rest-server/pull/271): Print listening address after start-up - Enh [#272](https://github.com/restic/rest-server/pull/272): Support listening on a unix socket ## Details - Change [#267](https://github.com/restic/rest-server/issues/267): Update dependencies and require Go 1.18 or newer Most dependencies have been updated. Since some libraries require newer language features, support for Go 1.17 has been dropped, which means that rest-server now requires at least Go 1.18 to build. [#267](https://github.com/restic/rest-server/pull/267) - Change [#273](https://github.com/restic/rest-server/issues/273): Shut down cleanly on TERM and INT signals Rest-server now listens for TERM and INT signals and cleanly closes down the http.Server and listener when receiving either of them. This is particularly useful when listening on a unix socket, as the server will now remove the socket file when it shuts down. [#273](https://github.com/restic/rest-server/pull/273) - Enhancement [#271](https://github.com/restic/rest-server/issues/271): Print listening address after start-up When started with `--listen :0`, rest-server would print `start server on :0` The message now also includes the actual address listened on, for example `start server on 0.0.0.0:37333`. This is useful when starting a server with an auto-allocated free port number (port 0). [#271](https://github.com/restic/rest-server/pull/271) - Enhancement [#272](https://github.com/restic/rest-server/issues/272): Support listening on a unix socket It is now possible to make rest-server listen on a unix socket by prefixing the socket filename with `unix:` and passing it to the `--listen` option, for example `--listen unix:/tmp/foo`. This is useful in combination with remote port forwarding to enable a remote server to backup locally, e.g.: ``` rest-server --listen unix:/tmp/foo & ssh -R /tmp/foo:/tmp/foo user@host restic -r rest:http+unix:///tmp/foo:/repo backup ``` [#272](https://github.com/restic/rest-server/pull/272) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

Renovate Bot added 1 commit 2026-04-20 20:31:22 +02:00

Update dependency restic/rest-server to v0.14.0 9487898a97

Renovate Bot commented

2026-04-20 21:45:27 +02:00

Author

Collaborator

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

### Edited/Blocked Notification Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. ⚠️ **Warning**: custom changes will be lost.

This pull request has changes conflicting with the target branch.

plays/emma.yml
renovate.json

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/restic-rest-server-0.x:renovate/restic-rest-server-0.x

git checkout renovate/restic-rest-server-0.x

Merge

Merge the changes and update on Forgejo.

git checkout main

git merge --no-ff renovate/restic-rest-server-0.x

git checkout renovate/restic-rest-server-0.x

git rebase main

git checkout main

git merge --ff-only renovate/restic-rest-server-0.x

git checkout renovate/restic-rest-server-0.x

git rebase main

git checkout main

git merge --no-ff renovate/restic-rest-server-0.x

git checkout main

git merge --squash renovate/restic-rest-server-0.x

git checkout main

git merge --ff-only renovate/restic-rest-server-0.x

git checkout main

git merge renovate/restic-rest-server-0.x

git push origin main

No reviewers

No labels

issue/monica

service

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Chewing_Bever/homelab#11

No description provided.

Rows
Columns