chore(deps): update timothyjmiller/cloudflare-ddns docker tag to v2.0.2 #38

Open

jaskaran wants to merge 1 commit from renovate/timothyjmiller-cloudflare-ddns-2.x into main

pull from: renovate/timothyjmiller-cloudflare-ddns-2.x

merge into: jaskaran:main

jaskaran:main

jaskaran:renovate/renovatebot-renovate-43.x

jaskaran:renovate/postgres-18.x

jaskaran:renovate/mariadb-12.x

jaskaran:renovate/binwiederhier-ntfy-2.x

jaskaran:renovate/siderolabs-talos-1.x

Conversation 0 Commits 1 Files changed 1 +1 -1

jaskaran commented 2026-03-12 00:01:03 +00:00

Owner

Copy link

This PR contains the following updates:

Package	Update	Change
timothyjmiller/cloudflare-ddns	patch	2.0.0 → 2.0.2

---

Release Notes

timothymiller/cloudflare-ddns (timothyjmiller/cloudflare-ddns)

v2.0.2: — Fix Address Family Selection in Cloudflare Trace

Compare Source

🐛 Bug Fix: Address Family Mismatch on Dual-Stack Hosts

On dual-stack hosts (e.g. Docker with --net=host and IPv6 enabled), the primary Cloudflare Trace endpoint (api.cloudflare.com) could resolve via the wrong address family — for example, connecting over IPv6 when detecting an IPv4 address. This caused the trace endpoint to return the wrong IP.

What Changed

🔀 Literal IP trace URLs are now primary

Primary trace endpoints now use literal IPs per address family to guarantee correct address family selection:

• IPv4: https://1.0.0.1/cdn-cgi/trace
• IPv6: https://[2606:4700:4700::1001]/cdn-cgi/trace

This ensures the HTTP connection is made over the correct protocol, so the detected IP always matches the intended address family.

🛡️ Hostname-based fallback for WARP/Zero Trust

The api.cloudflare.com endpoint is retained as a fallback for environments where literal IP requests are intercepted (e.g. Cloudflare WARP or Zero Trust). Previously this was the primary endpoint.

⚙️ Upgrade Notes

• No configuration changes required — existing setups will automatically benefit from the fix.
• The IP4_PROVIDER and IP6_PROVIDER environment variables continue to work as before.

Full Changelog: https://github.com/timothymiller/cloudflare-ddns/compare/2.0.1...2.0.2

v2.0.1: — Rewritten in Rust

A feature-complete dynamic DNS client for Cloudflare, written in Rust.

Highlights

• Image size: ~1.9 MB — the smallest open-source Cloudflare DDNS Docker image available
• Runtime RAM: ~3.5 MB — the most memory-efficient in its class
• Smaller and leaner than Go-based alternatives
• Built as a fully static binary from scratch with zero runtime dependencies

🐛 Bug Fix: Incorrect IP Detection via Cloudflare Trace

Users behind certain network configurations could see Cloudflare infrastructure IPs (e.g. 104.18.x.x) set as their DNS record instead of their real public IP.

What Changed

🌐 Trace endpoint URL changed to api.cloudflare.com

Before: Requests went to literal IPs 1.1.1.1 and 1.0.0.1, which some ISPs and network equipment intercept.

After: Primary requests now go to https://api.cloudflare.com/cdn-cgi/trace, which resolves via standard DNS and avoids interception. Literal IP fallbacks are retained for environments where DNS is
unavailable.

🔀 Split dialer for address family isolation

IP detection now uses dedicated HTTP clients per address family — IPv4 detection binds to 0.0.0.0, IPv6 detection binds to ::. This prevents the system from connecting via the wrong protocol (e.g. reaching
Cloudflare over IPv6 when detecting your IPv4 address), which could return the wrong IP.

🛡️ Global unicast validation on all detected IPs

All remote IP detection providers (Cloudflare Trace, Cloudflare DoH, ipify, custom URL) now validate that detected addresses are global unicast before accepting them. Private, loopback, link-local, multicast,
documentation, and CGNAT addresses are rejected with a warning.

☁️ Default IPv4 provider changed to cloudflare.trace

Both IPv4 and IPv6 now default to cloudflare.trace, keeping IP detection within the Cloudflare ecosystem. Users can still override via IP4_PROVIDER and IP6_PROVIDER.

⚙️ Upgrade Notes

• No configuration changes required — existing setups will automatically benefit from the new trace URL and split dialer.
• Users who had switched to ipify as a workaround for incorrect IP detection can switch back to cloudflare.trace if desired.
• The IP4_PROVIDER and IP6_PROVIDER environment variables continue to work as before.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [timothyjmiller/cloudflare-ddns](https://github.com/timothymiller/cloudflare-ddns) | patch | `2.0.0` → `2.0.2` | --- ### Release Notes <details> <summary>timothymiller/cloudflare-ddns (timothyjmiller/cloudflare-ddns)</summary> ### [`v2.0.2`](https://github.com/timothymiller/cloudflare-ddns/releases/tag/2.0.2): — Fix Address Family Selection in Cloudflare Trace [Compare Source](https://github.com/timothymiller/cloudflare-ddns/compare/2.0.1...2.0.2) #### 🐛 Bug Fix: Address Family Mismatch on Dual-Stack Hosts On dual-stack hosts (e.g. Docker with `--net=host` and IPv6 enabled), the primary Cloudflare Trace endpoint (`api.cloudflare.com`) could resolve via the wrong address family — for example, connecting over IPv6 when detecting an IPv4 address. This caused the trace endpoint to return the wrong IP. ##### What Changed ##### 🔀 Literal IP trace URLs are now primary Primary trace endpoints now use literal IPs per address family to **guarantee correct address family selection**: - **IPv4:** `https://1.0.0.1/cdn-cgi/trace` - **IPv6:** `https://[2606:4700:4700::1001]/cdn-cgi/trace` This ensures the HTTP connection is made over the correct protocol, so the detected IP always matches the intended address family. ##### 🛡️ Hostname-based fallback for WARP/Zero Trust The `api.cloudflare.com` endpoint is retained as a **fallback** for environments where literal IP requests are intercepted (e.g. Cloudflare WARP or Zero Trust). Previously this was the primary endpoint. ##### ⚙️ Upgrade Notes - **No configuration changes required** — existing setups will automatically benefit from the fix. - The `IP4_PROVIDER` and `IP6_PROVIDER` environment variables continue to work as before. **Full Changelog**: <https://github.com/timothymiller/cloudflare-ddns/compare/2.0.1...2.0.2> ### [`v2.0.1`](https://github.com/timothymiller/cloudflare-ddns/releases/tag/2.0.1): — Rewritten in Rust A feature-complete dynamic DNS client for Cloudflare, written in Rust. ### Highlights - Image size: **\~1.9 MB** — the smallest open-source Cloudflare DDNS Docker image available - Runtime RAM: **\~3.5 MB** — the most memory-efficient in its class - Smaller and leaner than Go-based alternatives - Built as a fully static binary from scratch with zero runtime dependencies #### 🐛 Bug Fix: Incorrect IP Detection via Cloudflare Trace Users behind certain network configurations could see Cloudflare infrastructure IPs (e.g. `104.18.x.x`) set as their DNS record instead of their real public IP. ##### What Changed ##### 🌐 Trace endpoint URL changed to `api.cloudflare.com` **Before:** Requests went to literal IPs `1.1.1.1` and `1.0.0.1`, which some ISPs and network equipment intercept. **After:** Primary requests now go to `https://api.cloudflare.com/cdn-cgi/trace`, which resolves via standard DNS and avoids interception. Literal IP fallbacks are retained for environments where DNS is unavailable. ##### 🔀 Split dialer for address family isolation IP detection now uses dedicated HTTP clients per address family — IPv4 detection binds to `0.0.0.0`, IPv6 detection binds to `::`. This prevents the system from connecting via the wrong protocol (e.g. reaching Cloudflare over IPv6 when detecting your IPv4 address), which could return the wrong IP. ##### 🛡️ Global unicast validation on all detected IPs All remote IP detection providers (Cloudflare Trace, Cloudflare DoH, ipify, custom URL) now validate that detected addresses are global unicast before accepting them. Private, loopback, link-local, multicast, documentation, and CGNAT addresses are rejected with a warning. ##### ☁️ Default IPv4 provider changed to `cloudflare.trace` Both IPv4 and IPv6 now default to `cloudflare.trace`, keeping IP detection within the Cloudflare ecosystem. Users can still override via `IP4_PROVIDER` and `IP6_PROVIDER`. ##### ⚙️ Upgrade Notes - No configuration changes required — existing setups will automatically benefit from the new trace URL and split dialer. - Users who had switched to `ipify` as a workaround for incorrect IP detection can switch back to `cloudflare.trace` if desired. - The `IP4_PROVIDER` and `IP6_PROVIDER` environment variables continue to work as before. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42MS42IiwidXBkYXRlZEluVmVyIjoiNDMuNjEuNiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwicmVub3ZhdGUiXX0=-->

jaskaran added 1 commit 2026-03-12 00:01:03 +00:00

chore(deps): update timothyjmiller/cloudflare-ddns docker tag to v2.0.1 d6580c8efd

jaskaran changed title from chore(deps): update timothyjmiller/cloudflare-ddns docker tag to v2.0.1 to chore(deps): update timothyjmiller/cloudflare-ddns docker tag to v2.0.2 2026-03-14 00:01:22 +00:00

jaskaran force-pushed renovate/timothyjmiller-cloudflare-ddns-2.x from d6580c8efd to c6c5dfcb21 2026-03-14 00:01:22 +00:00 Compare

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/timothyjmiller-cloudflare-ddns-2.x:renovate/timothyjmiller-cloudflare-ddns-2.x

git switch renovate/timothyjmiller-cloudflare-ddns-2.x

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main

git merge --no-ff renovate/timothyjmiller-cloudflare-ddns-2.x

git switch renovate/timothyjmiller-cloudflare-ddns-2.x

git rebase main

git switch main

git merge --ff-only renovate/timothyjmiller-cloudflare-ddns-2.x

git switch renovate/timothyjmiller-cloudflare-ddns-2.x

git rebase main

git switch main

git merge --no-ff renovate/timothyjmiller-cloudflare-ddns-2.x

git switch main

git merge --squash renovate/timothyjmiller-cloudflare-ddns-2.x

git switch main

git merge --ff-only renovate/timothyjmiller-cloudflare-ddns-2.x

git switch main

git merge renovate/timothyjmiller-cloudflare-ddns-2.x

git push origin main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

jaskaran/homelab!38

No description provided.