From 14bf5303b94b14db6ca0632b7426fccbb4cf104d Mon Sep 17 00:00:00 2001
From: Brendan Kellam <brendan@sourcebot.dev>
Date: Mon, 8 Jun 2026 17:40:48 -0700
Subject: [PATCH 1/2] chore: bump zoekt submodule to upgrade go-git to v5.19.1

Advances the vendor/zoekt submodule to sourcebot-dev/zoekt#15, which upgrades
go-git v5.19.0 -> v5.19.1 (CVE-2026-45570, CVE-2026-45571, GHSA-w5pp-99ch-qj29).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 CHANGELOG.md | 1 +
 vendor/zoekt | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a2d2d5d90..ef1c3a015 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fixed GitLab MR inline review comments returning 400 Bad Request on context (unchanged) lines and renamed files. [#1149](https://github.com/sourcebot-dev/sourcebot/pull/1149)
 - Upgraded `ws` to `^8.20.1`. [#1286](https://github.com/sourcebot-dev/sourcebot/pull/1286)
 - Upgraded `hono` to `^4.12.24`. [#1289](https://github.com/sourcebot-dev/sourcebot/pull/1289)
+- Upgraded `go-git` to `v5.19.1` in the bundled zoekt search backend. [#1290](https://github.com/sourcebot-dev/sourcebot/pull/1290)
 
 ## [5.0.1] - 2026-06-04
 
diff --git a/vendor/zoekt b/vendor/zoekt
index 2566953f6..3d1f49a3e 160000
--- a/vendor/zoekt
+++ b/vendor/zoekt
@@ -1 +1 @@
-Subproject commit 2566953f662a5d992da336725ec97d83c8e67718
+Subproject commit 3d1f49a3e6d367e714da1a00450efad2fd1a318c

From 9363aacb4d29ab003b02f7079844c9cd4af2a513 Mon Sep 17 00:00:00 2001
From: Brendan Kellam <brendan@sourcebot.dev>
Date: Mon, 8 Jun 2026 17:42:04 -0700
Subject: [PATCH 2/2] Update CHANGELOG.md

---
 CHANGELOG.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ef1c3a015..a2d2d5d90 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,7 +17,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fixed GitLab MR inline review comments returning 400 Bad Request on context (unchanged) lines and renamed files. [#1149](https://github.com/sourcebot-dev/sourcebot/pull/1149)
 - Upgraded `ws` to `^8.20.1`. [#1286](https://github.com/sourcebot-dev/sourcebot/pull/1286)
 - Upgraded `hono` to `^4.12.24`. [#1289](https://github.com/sourcebot-dev/sourcebot/pull/1289)
-- Upgraded `go-git` to `v5.19.1` in the bundled zoekt search backend. [#1290](https://github.com/sourcebot-dev/sourcebot/pull/1290)
 
 ## [5.0.1] - 2026-06-04