chore(deps): update dependency f1bonacc1/process-compose to v1.46.0

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
F1bonacc1/process-compose	minor	1.40.1 -> 1.46.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

F1bonacc1/process-compose (F1bonacc1/process-compose)

v1.46.0

Compare Source

What Changed

• Added ability to extrapolate the working directory based on the location of the extended file. Issue #​278
• Process Compose process names colors will be repeatable and predictable. The same process will always be colored the same.
• Added ability to detach (and reattach) from the TUI if started with --detached-with-tui flag. Issue #​275
• Added ability to follow log from multiple processes. Issue #​279
• Added PC_REPLICA_NUM template variable to each process. See documentation.
• Added global Environment Variables filled by commands. See documentation.

Bug Fixes

• Now dependencies check runs even in a non strict mode. Issue #​261. Thanks @​j-chmielewski
• Nix build now produces a static library. Issue #​265
• Fix scenarios in which project update unit-test might hang.
• Fix wrong error message for skipped processes that exited too quickly. Issue #​274. Thanks @​secobarbital
• Prevent EOF error on process-compose down
• Prevent down command hanging with daemon Launching scenario. Issue #​258. Thanks @​Lagoja for repro steps.
• Fixed race condition for stopping killed daemons.
• Fixed an issue in which a stop to restarting processes would be ignored for the next run. Issue #​258. Thanks @​mprimi for repro steps.

Changelog

• 78d5125 Bump nix to v1.40.1
• 6a1799e bump nix to v1.46.0
• 962432e dep: Updated golang.org/x/net to v0.33.0
• c0e29e4 deps: dependencies update (tview, gopsutil, term)
• 6b9ce00 feat #​275: Allow detaching from TUI
• c1cc4af feat #​278: Support working dirs relative to extended compose.yaml
• 53351d5 feat #​279: Add multi process logging
• 05fa613 feat: Add Environment Commands
• d7e0380 feat: Add PC_REPLICA_NUM variable to each process
• a7e6c06 feat: Better duration to human string
• b479893 fix #​280: Stuck in shutting down when target of process_started skipped
• c510677 fix #​283: Update to consider PC_CONFIG_FILES env var
• 404d571 fix #​284: Set default processes map if not specified
• 1505127 fix: Fix selection mode style to match the theme
• 7317c7b fix: Remove unnecessary conversion
• ad61f77 internal: Added announce to bluesky

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/process-compose:1.46.0

📦 Image Reference ghcr.io/uniget-org/tools/process-compose:1.46.0

digest	sha256:64ffe2a6fb484c358c26be5a0945538c993c5631007af236120994e4e22c002d
vulnerabilities
platform	linux/amd64
size	9.5 MB
packages	58

stdlib 1.22.2 (golang) pkg:golang/[email protected] Affected range >=1.22.0-0 <1.22.4 Fixed version 1.22.4 Description The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. Affected range <1.22.7 Fixed version 1.22.7 Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.3 Fixed version 1.22.3 Description A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. Affected range >=1.22.0-0 <1.22.4 Fixed version 1.22.4 Description The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. Affected range <1.22.7 Fixed version 1.22.7 Description Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/12441157993.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/12441157993.