Overview
Security update for git-bug

This update for git-bug fixes the following issues:

- Revendor to include golang.org/x/net/html v 0.45.0 to prevent
possible DoS by various algorithms with quadratic complexity
when parsing HTML documents (boo#1251463, CVE-2025-47911 and
boo#1251664, CVE-2025-58190).

- Update to version 0.10.1:
- cli: ignore missing sections when removing configuration (ddb22a2f)

- Update to version 0.10.0:
- bridge: correct command used to create a new bridge (9942337b)
- web: simplify header navigation (7e95b169)
- webui: remark upgrade + gfm + syntax highlighting (6ee47b96)
- BREAKING CHANGE: dev-infra: remove gokart (89b880bd)

- Update to version 0.10.0
- bridge: correct command used to create a new bridge (9942337b)
- web: simplify header navigation (7e95b169)
- web: remark upgrade + gfm + syntax highlighting (6ee47b96)

- Update to version 0.9.0:
- completion: remove errata from string literal (aa102c91)
- tui: improve readability of the help bar (23be684a)

- Update to version 0.8.1+git.1746484874.96c7a111:
* docs: update install, contrib, and usage documentation (#1222)
* fix: resolve the remote URI using url.*.insteadOf (#1394)
* build(deps): bump the go_modules group across 1 directory with 3 updates (#1376)
* chore: gofmt simplify gitlab/export_test.go (#1392)
* fix: checkout repo before setting up go environment (#1390)
* feat: bump to go v1.24.2 (#1389)
* chore: update golang.org/x/net (#1379)
* fix: use -0700 when formatting time (#1388)
* fix: use correct url for gitlab PATs (#1384)
* refactor: remove depdendency on pnpm for auto-label action (#1383)
* feat: add action: auto-label (#1380)
* feat: remove lifecycle/frozen (#1377)
* build(deps): bump the npm_and_yarn group across 1 directory with 12 updates (#1378)
* feat: support new exclusion label: lifecycle/pinned (#1375)
* fix: refactor how gitlab title changes are detected (#1370)
* revert: "Create Dependabot config file" (#1374)
* refactor: rename //:git-bug.go to //:main.go (#1373)
* build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.16 to 2.5.25 (#1361)
* fix: set GitLastTag to an empty string when git-describe errors (#1355)
* chore: update go-git to v5@masterupdate_mods (#1284)
* refactor: Directly swap two variables to optimize code (#1272)
* Update README.md Matrix link to new room (#1275)

- Update to version 0.8.0+git.1742269202.0ab94c9:
* deps(crypto): bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337) (#1312)

Fixed bugs
bnc#1251664
VUL-0: CVE-2025-58190: git-bug: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input
CVE-2025-58190
bnc#1251463
VUL-0: CVE-2025-47911: git-bug: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents
CVE-2025-47911
Selected Binaries
openSUSE Build Service is sponsored by
Places