From 57efcd852da78180671212e166adf602e2d6fbab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 5 Dec 2025 04:12:33 +0000
Subject: [PATCH 1/7] build(deps): bump httpd in /Containers/apache

Bumps httpd from 2.4.65-alpine3.22 to 2.4.66-alpine3.22.

---
updated-dependencies:
- dependency-name: httpd
  dependency-version: 2.4.66-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Containers/apache/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
index d9602864..c844c364 100644
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -2,7 +2,7 @@
 FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.65-alpine3.22
+FROM httpd:2.4.66-alpine3.22
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 

From 238117ac47d879a3d51814d8919acc346da6a1e9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 8 Dec 2025 09:45:09 +0100
Subject: [PATCH 2/7] mastercontainer: fix docker api version check if
 DOCKER_API_VERSION was set globally

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 4ca193be..1002ef84 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -116,14 +116,14 @@ fi
 
 # Docker api version check
 # shellcheck disable=SC2001
-API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
+API_VERSION_NUMB="$(echo "$DOCKER_API_VERSION" | sed 's/\.//')"
 LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
 if [ -z "$LOCAL_API_VERSION_NUMB" ]; then
     LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data DOCKER_API_VERSION="$FALLBACK_DOCKER_API_VERSION" docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
 fi
 if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
     if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
-        print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
+        print_red "Docker API v$DOCKER_API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
         echo "Alternatively, set the DOCKER_API_VERSION environmental variable to a compatible version."
         echo "However please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO."
         echo "See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version"

From a9d462489c5fa7f568e8ced174177d565662430e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 8 Dec 2025 10:03:53 +0100
Subject: [PATCH 3/7] increase to 12.2.1

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 2b381c90..2432ab13 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.2.0</h1>
+            <h1>Nextcloud AIO v12.2.1</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From 19ad65966b24c93709dc521444b1783d7d0a7b22 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Dec 2025 12:16:55 +0000
Subject: [PATCH 4/7] build(deps): bump peter-evans/create-pull-request in
 /.github/workflows

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.9 to 7.0.11.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/84ae59a2cdc2258d6fa0732dd66352dddae2a412...22a9089034f40e5a961c8808d113e2c98fb63676)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 7.0.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/collabora.yml             | 2 +-
 .github/workflows/dependency-updates.yml    | 2 +-
 .github/workflows/imaginary-update.yml      | 2 +-
 .github/workflows/nextcloud-update.yml      | 2 +-
 .github/workflows/psalm-update-baseline.yml | 2 +-
 .github/workflows/talk.yml                  | 2 +-
 .github/workflows/update-helm.yml           | 2 +-
 .github/workflows/update-yaml.yml           | 2 +-
 .github/workflows/watchtower-update.yml     | 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index 816f57bf..37e974f7 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -18,7 +18,7 @@ jobs:
         mv cool-seccomp-profile.json php/
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: collabora-seccomp-update automated change
         signoff: true
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 12a11f1f..1b448139 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -44,7 +44,7 @@ jobs:
         )"
         sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: php dependency updates
         signoff: true
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 8b624e39..060b376e 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -22,7 +22,7 @@ jobs:
         sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: imaginary-update automated change
         signoff: true
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index d90d57e1..7fe5bbf9 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -79,7 +79,7 @@ jobs:
         fi
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: nextcloud-update automated change
         signoff: true
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index 99ba4e32..1bd47ac4 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -30,7 +30,7 @@ jobs:
         continue-on-error: true
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           commit-message: Update psalm baseline
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index 689e7e7e..f28ad9f2 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -45,7 +45,7 @@ jobs:
         sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: talk-update automated change
         signoff: true
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 06555a90..ee8e4669 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -23,7 +23,7 @@ jobs:
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
         with:
           commit-message: Helm Chart updates
           signoff: true
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index 9d9affce..ba92fd50 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -16,7 +16,7 @@ jobs:
         run: |
           sudo bash manual-install/update-yaml.sh
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
         with:
           commit-message: Yaml updates
           signoff: true
diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 69b1b14e..be929285 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -26,7 +26,7 @@ jobs:
         sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_version|" ./Containers/watchtower/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
+      uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
       with:
         commit-message: watchtower-update automated change
         signoff: true

From f5fbc591565d1a3538791d03463653d5d220d425 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Dec 2025 12:16:59 +0000
Subject: [PATCH 5/7] build(deps): bump astral-sh/setup-uv in
 /.github/workflows

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.1.4 to 7.1.5.
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](https://github.com/astral-sh/setup-uv/compare/1e862dfacbd1d6d858c55d9b792c756523627244...ed21f2f24f8dd64503750218de024bcf64c7250a)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 7.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint-yaml.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
index b91d8c63..542f38b8 100644
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -36,7 +36,7 @@ jobs:
             line-length: warning
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5
 
       - name: Check GitHub actions
         run: uvx zizmor --min-severity medium .github/workflows/*.yml

From 02b095040bd76c7f445fb2d197cef57da3478d76 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Dec 2025 12:17:02 +0000
Subject: [PATCH 6/7] build(deps): bump softprops/turnstyle in
 /.github/workflows

Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 3.2.1 to 3.2.2.
- [Release notes](https://github.com/softprops/turnstyle/releases)
- [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/turnstyle/compare/2e4451ef94c5969eee533c487092052d4d1a53af...15f9da4059166900981058ba251e0b652511c68f)

---
updated-dependencies:
- dependency-name: softprops/turnstyle
  dependency-version: 3.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/helm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index b4c32778..639b0785 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v6.0.1
 
       - name: Turnstyle
-        uses: softprops/turnstyle@2e4451ef94c5969eee533c487092052d4d1a53af # v2
+        uses: softprops/turnstyle@15f9da4059166900981058ba251e0b652511c68f # v2
         with:
           continue-after-seconds: 180
         env:

From cd8158c9f6463a018b3334bab10005ceb3e5a2c9 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 8 Dec 2025 14:42:30 +0100
Subject: [PATCH 7/7] fix excluding zizmor workflow in downstream repo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 zizmor.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/zizmor.yml b/zizmor.yml
index ee110b08..afc373cb 100644
--- a/zizmor.yml
+++ b/zizmor.yml
@@ -1,3 +1,6 @@
 rules:
   excessive-permissions:
     disable: true
+  dangerous-triggers:
+    ignore:
+      - build_images.yml