CI: renovate updates

- GHA: update actions/checkout action to v4
- GHA: update wolfSSL/wolfssh to v1.4.17
- GHA: update wolfSSL/wolfssl to v5.7.0
- Update the regex config in ren

CI: renovate updates

- GHA: update actions/checkout action to v4
- GHA: update wolfSSL/wolfssh to v1.4.17
- GHA: update wolfSSL/wolfssl to v5.7.0
- Update the regex config in renovate.json

Closes #13632
Closes #13641
Closes #13658
Closes #13659

show more ...

ci: fix renovate config for WolfSSL/WolfSSH tagging scheme

WolfSSL/WolfSSH use a different versioning scheme;
stable builds end with `-stable`. Renovate requires
some extra configura

ci: fix renovate config for WolfSSL/WolfSSH tagging scheme

WolfSSL/WolfSSH use a different versioning scheme;
stable builds end with `-stable`. Renovate requires
some extra configuration to extract the version
from these types of tags.

Closes #13644

show more ...

ci: set semantic type as CI and include digests as CI operations

Replace "chore" with "ci" for renovate's semantic
type, and include digests with "pin" and
"pinDigest" as ci operatio

ci: set semantic type as CI and include digests as CI operations

Replace "chore" with "ci" for renovate's semantic
type, and include digests with "pin" and
"pinDigest" as ci operations.

Closes #13644

show more ...

DEPRECATE.md: TLS libraries without 1.3 support

curl drops support for TLS libraries without TLS 1.3 capability after
May 2025.

It requires that a curl build using the library s

DEPRECATE.md: TLS libraries without 1.3 support

curl drops support for TLS libraries without TLS 1.3 capability after
May 2025.

It requires that a curl build using the library should be able to
negotiate and use TLS 1.3, or else it is not good enough. We support a
vast amount of other TLS libraries that are likely to satisfy users
better.

Closes #13544

show more ...

Revert "ci: update nghttp2/nghttp2 to v1.62.0"

This reverts commit 14f2c767555b7598d7783ccd9093670b84d28488.

We need to also upgrade the C++ compiler for that bump to work.

Revert "ci: update nghttp2/nghttp2 to v1.62.0"

This reverts commit 14f2c767555b7598d7783ccd9093670b84d28488.

We need to also upgrade the C++ compiler for that bump to work.

Closes #13656

show more ...

Dockerfile: update debian digest to 911821c

Closes #13629

ci: update gnutls/gnutls to v3.8.5

Closes #13640

ci: update awslabs/aws-lc to v1.26.0

Closes #13647

ci: update cloudflare/quiche to v0.21.0

Closes #13648

ci: update libressl-portable/portable to v3.9.2

Closes #13649

ci: update nghttp2/nghttp2 to v1.62.0

Closes #13650

ci: update ngtcp2/nghttp3 to v1.3.0

Closes #13651

ci: update ngtcp2/ngtcp2 to v1.5.0

Closes #13652

ci: handle git submodules for mbedTLS

ci: reconfigure renovate

- set prefix for github actions updates to be gha:
- set prefix for other renovate actions to be ci:
- disable debian updates in linux-old.yml

tidy-up: whitespace [ci skip]

warnless: delete orphan declarations

Follow-up to 358f7e757781857c4b498a68634726609fa3884a #11932
Closes #13639

BUG-BOUNTY.md: clarify the third party situation

We do not pay bounties for problems in other libraries.

Closes #13560

http tests: in CI skip test_02_23* for quiche

For unknown reasons, these tests fail in CI often, but run fine locally.
Skip them in CI to avoid unrelated PRs to have failures.

C

http tests: in CI skip test_02_23* for quiche

For unknown reasons, these tests fail in CI often, but run fine locally.
Skip them in CI to avoid unrelated PRs to have failures.

Closes #13638

show more ...

hsts: explicitly skip blank lines

Keep blank lines or lines containing only whitespace to make it all
the way to the more expensive sscanf call in hsts_add.

Closes: #13603
R

hsts: explicitly skip blank lines

Keep blank lines or lines containing only whitespace to make it all
the way to the more expensive sscanf call in hsts_add.

Closes: #13603
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

autotools: Only probe for SGI MIPS compilers on IRIX

MIPSPro and the predecessor compiler which was part of the IDO (IRIS
Development Option) were only ever shipped on the SGI IRIX opera

autotools: Only probe for SGI MIPS compilers on IRIX

MIPSPro and the predecessor compiler which was part of the IDO (IRIS
Development Option) were only ever shipped on the SGI IRIX operating
system (with MIPSPro on 6.0+ which was released in 1994). Limit the
autoconf check to IRIX when probing for these compilers to save some
cycles on other platforms.

Closes: #13611
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

tests: fix test 1167 to skip digit-only symbols

This avoids mistaking symbols with their numeric value when using
certain C preprocessors which output these numeric values at the
beg

tests: fix test 1167 to skip digit-only symbols

This avoids mistaking symbols with their numeric value when using
certain C preprocessors which output these numeric values at the
beginning of the line as part of an expression.

Seen on OpenBSD 7.5 + clang.

Example `test1167.pl -v` output, before this patch:
```
Source: cpp /home/runner/work/curl/curl/tests/../include/curl/curl.h
Symbol: 20000
Line #3835: 20000 + 142,
[...]
Bad symbols in public header files:
20000
[...]
```
Ref: https://github.com/curl/curl/actions/runs/9069136530/job/24918015357#step:3:7513

Ref: #13583
Closes #13634

show more ...

lib: call Curl_strntolower instead of doing crafted loops

Closes #13627

setopt: acknowledge errors proper for CURLOPT_COOKIEJAR

Error out on error, do not continue.

Closes #13624

vtls: remove duplicate assign

Curl_ssl_peer_cleanup() already clears the ->sni field, no point in
assigning it again.

Spotted by CodeSonar

Closes #13626