chore(deps): update dependency stateful/runme to v3.12.5

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
stateful/runme	patch	3.12.4 -> 3.12.5

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

stateful/runme (stateful/runme)

v3.12.5

Compare Source

Download

macOS:

• runme_darwin_x86_64.tar.gz
• runme_darwin_arm64.tar.gz

Linux

• runme_linux_x86_64.deb
• runme_linux_arm64.deb
• runme_linux_x86_64.rpm
• runme_linux_arm64.rpm
• runme_linux_x86_64.apk
• runme_linux_arm64.apk
• runme_linux_x86_64.tar.gz
• runme_linux_arm64.tar.tz

Windows

• runme_windows_x86_64.zip
• runme_windows_arm64.zip

Changelog

Full changelog

• 9c6f665: Dynamically calculate num of entries based on available pty rows (@​sourishkrout)
• 2f6a452: Don't cap explicitly set entries (@​sourishkrout)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/runme:3.12.5

📦 Image Reference ghcr.io/uniget-org/tools/runme:3.12.5

digest	sha256:54fd567332285d2f5d27c940e622c08fe366aaa46a630b7a7b5c79895f4c7df4
vulnerabilities
platform	linux/amd64
size	12 MB
packages	122

golang.org/x/oauth2 0.26.0 (golang) pkg:golang/golang.org/x/oauth2@0.26.0 Affected range <0.27.0 Fixed version 0.27.0 Description An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

golang.org/x/crypto 0.33.0 (golang) pkg:golang/golang.org/x/crypto@0.33.0 Affected range <0.35.0 Fixed version 0.35.0 Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github.com/cli/go-gh 1.2.1 (golang) pkg:golang/github.com/cli/go-gh@1.2.1 Exposure of Sensitive Information to an Unauthorized Actor Affected range <2.11.1 Fixed version Not Fixed CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L Description Summary A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. Details go-gh sources authentication tokens from different environment variables depending on the host involved: GITHUB_TOKEN, GH_TOKEN for GitHub.com and ghe.com GITHUB_ENTERPRISE_TOKEN, GH_ENTERPRISE_TOKEN for GitHub Enterprise Server Prior to 2.11.1, auth.TokenForHost could source a token from the GITHUB_TOKEN environment variable for a host other than GitHub.com or ghe.com when within a codespace. In 2.11.1, auth.TokenForHost will only source a token from the GITHUB_TOKEN environment variable for GitHub.com or ghe.com hosts. Impact Successful exploitation could send authentication token to an unintended host. Remediation and mitigation Upgrade go-gh to 2.11.1 Advise extension users to regenerate authentication tokens: Personal access tokens GitHub CLI OAuth app Advise extension users to review their personal security log and any relevant audit logs for actions associated with their account or enterprise

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/13732609948.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/13732609948.