From 9de69bc53a48955ea8f6cd587b6086d58a465187 Mon Sep 17 00:00:00 2001
From: Neil <neil@nats.io>
Date: Fri, 16 May 2025 16:11:29 +0100
Subject: [PATCH 01/17] Fix ordering issues in requesting backfill (#3530)

Using a map means the events are processed in an indeterminate order,
which causes a lot of `/state_ids` requests as the `prev_events` are not
known when the order is lost.

Signed-off-by: Neil Alexander <git@neilalexander.dev>

---------

Signed-off-by: Neil Alexander <git@neilalexander.dev>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
---
 .golangci.yml                                 | 39 -------------------
 .../internal/perform/perform_backfill.go      | 14 +++----
 2 files changed, 7 insertions(+), 46 deletions(-)

diff --git a/.golangci.yml b/.golangci.yml
index 6f3fd362..2b280e1b 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -28,7 +28,6 @@ run:
   # the dependency descriptions in go.mod.
   #modules-download-mode: (release|readonly|vendor)
 
-
 # output configuration options
 output:
   # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number"
@@ -41,7 +40,6 @@ output:
   # print linter name in the end of issue text, default is true
   print-linter-name: true
 
-
 # all available settings of specific linters
 linters-settings:
   errcheck:
@@ -72,22 +70,12 @@ linters-settings:
           - (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf
           - (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf
           - (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
-  golint:
-    # minimal confidence for issues, default is 0.8
-    min-confidence: 0.8
   gofmt:
     # simplify code: gofmt with `-s` option, true by default
     simplify: true
-  goimports:
-    # put imports beginning with prefix after 3rd-party packages;
-    # it's a comma-separated list of prefixes
-    #local-prefixes: github.com/org/project
   gocyclo:
     # minimal code complexity to report, 30 by default (but we recommend 10-20)
     min-complexity: 25
-  maligned:
-    # print struct with more effective memory layout or not, false by default
-    suggest-new: true
   dupl:
     # tokens count to trigger issue, 150 by default
     threshold: 100
@@ -96,30 +84,17 @@ linters-settings:
     min-len: 3
     # minimal occurrences count to trigger, 3 by default
     min-occurrences: 3
-  depguard:
-    list-type: blacklist
-    include-go-root: false
-    packages:
-    #  - github.com/davecgh/go-spew/spew
   misspell:
     # Correct spellings using locale preferences for US or UK.
     # Default is to use a neutral variety of English.
     # Setting locale to US will correct the British spelling of 'colour' to 'color'.
     locale: UK
-    ignore-words:
-    #  - someword
   lll:
     # max line length, lines longer will be reported. Default is 120.
     # '\t' is counted as 1 character by default, and can be changed with the tab-width option
     line-length: 96
     # tab width in spaces. Default to 1.
     tab-width: 1
-  unused:
-    # treat code as a program (not a library) and report unused exported identifiers; default is false.
-    # XXX: if you enable this setting, unused will report a lot of false-positives in text editors:
-    # if it's called for subdir of a project it can't find funcs usages. All text editor integrations
-    # with golangci-lint call it on a directory with the changed file.
-    check-exported: false
   unparam:
     # Inspect exported functions, default is false. Set to true if no external program/library imports your code.
     # XXX: if you enable this setting, unparam will report a lot of false-positives in text editors:
@@ -167,7 +142,6 @@ linters:
     - gosimple
     - govet
     - ineffassign
-    - megacheck
     - misspell # Check code comments, whereas misspell in CI checks *.md files
     - nakedret
     - staticcheck
@@ -182,22 +156,16 @@ linters:
     - gochecknoinits
     - gocritic
     - gofmt
-    - golint
     - gosec # Should turn back on soon
-    - interfacer
     - lll
-    - maligned
     - prealloc # Should turn back on soon
-    - scopelint
     - stylecheck
     - typecheck # Should turn back on soon
     - unconvert # Should turn back on soon
     - goconst # Slightly annoying, as it reports "issues" in SQL statements
   disable-all: false
-  presets:
   fast: false
 
-
 issues:
   # which files to skip: they will be analyzed, but issues from them
   # won't be reported. Default value is empty list, but there is
@@ -217,13 +185,6 @@ issues:
     - bin
     - docs
 
-  # List of regexps of issue texts to exclude, empty list by default.
-  # But independently from this option we use default exclude patterns,
-  # it can be disabled by `exclude-use-default: false`. To list all
-  # excluded by default patterns execute `golangci-lint run --help`
-  exclude:
-  # - abcdef
-
   # Excluding configuration per-path, per-linter, per-text and per-source
   exclude-rules:
     # Exclude some linters from running on tests files.
diff --git a/roomserver/internal/perform/perform_backfill.go b/roomserver/internal/perform/perform_backfill.go
index 8ad255c2..e01b2488 100644
--- a/roomserver/internal/perform/perform_backfill.go
+++ b/roomserver/internal/perform/perform_backfill.go
@@ -128,9 +128,9 @@ func (r *Backfiller) backfillViaFederation(ctx context.Context, req *api.Perform
 	logrus.WithError(err).WithField("room_id", req.RoomID).Infof("backfilled %d events", len(events))
 
 	// persist these new events - auth checks have already been done
-	roomNID, backfilledEventMap := persistEvents(ctx, r.DB, r.Querier, events)
+	roomNID, storedEvents := persistEvents(ctx, r.DB, r.Querier, events)
 
-	for _, ev := range backfilledEventMap {
+	for _, ev := range storedEvents {
 		// now add state for these events
 		stateIDs, ok := requester.eventIDToBeforeStateIDs[ev.EventID()]
 		if !ok {
@@ -591,10 +591,10 @@ func joinEventsFromHistoryVisibility(
 	return evs, visibility, err
 }
 
-func persistEvents(ctx context.Context, db storage.Database, querier api.QuerySenderIDAPI, events []gomatrixserverlib.PDU) (types.RoomNID, map[string]types.Event) {
+func persistEvents(ctx context.Context, db storage.Database, querier api.QuerySenderIDAPI, events []gomatrixserverlib.PDU) (types.RoomNID, []types.Event) {
 	var roomNID types.RoomNID
 	var eventNID types.EventNID
-	backfilledEventMap := make(map[string]types.Event)
+	storedEvents := make([]types.Event, 0, len(events))
 	for j, ev := range events {
 		nidMap, err := db.EventNIDs(ctx, ev.AuthEventIDs())
 		if err != nil { // this shouldn't happen as RequestBackfill already found them
@@ -647,10 +647,10 @@ func persistEvents(ctx context.Context, db storage.Database, querier api.QuerySe
 			ev = redactedEvent
 			events[j] = ev
 		}
-		backfilledEventMap[ev.EventID()] = types.Event{
+		storedEvents = append(storedEvents, types.Event{
 			EventNID: eventNID,
 			PDU:      ev,
-		}
+		})
 	}
-	return roomNID, backfilledEventMap
+	return roomNID, storedEvents
 }

From 654fee9818e6d3af8280c60e4bee6905161e4225 Mon Sep 17 00:00:00 2001
From: Till <2353100+S7evinK@users.noreply.github.com>
Date: Fri, 16 May 2025 17:35:30 +0200
Subject: [PATCH 02/17] [notifications] Give each HTTP request its own context
 (#3569)

Give each HTTP request its own context to avoid timing out subsequent
notification requests if the first already times out.

### Pull Request Checklist

<!-- Please read
https://matrix-org.github.io/dendrite/development/contributing before
submitting your pull request -->

* [ ] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement) for this PR _or_ I have
justified why this PR doesn't need tests
* [x] Pull request includes a [sign off
below](https://element-hq.github.io/dendrite/development/contributing#sign-off)
_or_ I have already signed off privately

---------

Signed-off-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
---
 userapi/consumers/roomserver.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/userapi/consumers/roomserver.go b/userapi/consumers/roomserver.go
index a79441f3..3dbace2e 100644
--- a/userapi/consumers/roomserver.go
+++ b/userapi/consumers/roomserver.go
@@ -604,7 +604,9 @@ func (s *OutputRoomEventConsumer) notifyLocal(ctx context.Context, event *rstype
 	// ordering guarantees we must provide.
 	go func() {
 		// This background processing cannot be tied to a request.
-		ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+		// We're generous with the "global" timeout, each HTTP request gets its own context with
+		// at most 30 seconds below.
+		ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
 		defer cancel()
 
 		var rejected []*pushgateway.Device
@@ -621,7 +623,10 @@ func (s *OutputRoomEventConsumer) notifyLocal(ctx context.Context, event *rstype
 				// device, rather than per URL. For now, we must
 				// notify each one separately.
 				for _, dev := range devices {
-					rej, err := s.notifyHTTP(ctx, event, url, format, []*pushgateway.Device{dev}, mem.Localpart, roomName, int(userNumUnreadNotifs))
+					// Give each HTTP request its own context.
+					httpCtx, httpCancel := context.WithTimeout(ctx, 30*time.Second)
+					rej, err := s.notifyHTTP(httpCtx, event, url, format, []*pushgateway.Device{dev}, mem.Localpart, roomName, int(userNumUnreadNotifs))
+					httpCancel()
 					if err != nil {
 						log.WithFields(log.Fields{
 							"event_id":  event.EventID(),

From f0578a506d97c2d71f71a44393a825fc8ff9f852 Mon Sep 17 00:00:00 2001
From: Till <2353100+S7evinK@users.noreply.github.com>
Date: Fri, 16 May 2025 18:52:30 +0200
Subject: [PATCH 03/17] Update deps (#3580)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

⚠ This also bumps the required go version to 1.23.0

All in one dependabot updates:
https://github.com/element-hq/dendrite/pull/3507
https://github.com/element-hq/dendrite/pull/3559
https://github.com/element-hq/dendrite/pull/3560
https://github.com/element-hq/dendrite/pull/3561
https://github.com/element-hq/dendrite/pull/3573
https://github.com/element-hq/dendrite/pull/3574
https://github.com/element-hq/dendrite/pull/3575
https://github.com/element-hq/dendrite/pull/3576
https://github.com/element-hq/dendrite/pull/3577
https://github.com/element-hq/dendrite/pull/3579

### Pull Request Checklist

<!-- Please read
https://matrix-org.github.io/dendrite/development/contributing before
submitting your pull request -->

* [ ] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement) for this PR _or_ I have
justified why this PR doesn't need tests
* [ ] Pull request includes a [sign off
below](https://element-hq.github.io/dendrite/development/contributing#sign-off)
_or_ I have already signed off privately

Signed-off-by: `Your Name <your@email.example.org>`
---
 build/scripts/Complement.Dockerfile         |   2 +-
 build/scripts/ComplementLocal.Dockerfile    |   2 +-
 build/scripts/ComplementPostgres.Dockerfile |   2 +-
 cmd/dendrite-upgrade-tests/main.go          |   4 +-
 go.mod                                      |  62 +++++-----
 go.sum                                      | 120 ++++++++++----------
 6 files changed, 98 insertions(+), 94 deletions(-)

diff --git a/build/scripts/Complement.Dockerfile b/build/scripts/Complement.Dockerfile
index 660b84a4..e23aad8b 100644
--- a/build/scripts/Complement.Dockerfile
+++ b/build/scripts/Complement.Dockerfile
@@ -1,6 +1,6 @@
 #syntax=docker/dockerfile:1.2
 
-FROM golang:1.22-bookworm as build
+FROM golang:1.23-bookworm as build
 RUN apt-get update && apt-get install -y sqlite3
 WORKDIR /build
 
diff --git a/build/scripts/ComplementLocal.Dockerfile b/build/scripts/ComplementLocal.Dockerfile
index 8fc84765..c2af1649 100644
--- a/build/scripts/ComplementLocal.Dockerfile
+++ b/build/scripts/ComplementLocal.Dockerfile
@@ -8,7 +8,7 @@
 #
 # Use these mounts to make use of this dockerfile:
 # COMPLEMENT_HOST_MOUNTS='/your/local/dendrite:/dendrite:ro;/your/go/path:/go:ro'
-FROM golang:1.22-bookworm
+FROM golang:1.23-bookworm
 RUN apt-get update && apt-get install -y sqlite3
 
 ENV SERVER_NAME=localhost
diff --git a/build/scripts/ComplementPostgres.Dockerfile b/build/scripts/ComplementPostgres.Dockerfile
index 0026842d..48843eb0 100644
--- a/build/scripts/ComplementPostgres.Dockerfile
+++ b/build/scripts/ComplementPostgres.Dockerfile
@@ -1,6 +1,6 @@
 #syntax=docker/dockerfile:1.2
 
-FROM golang:1.22-bookworm as build
+FROM golang:1.23-bookworm as build
 RUN apt-get update && apt-get install -y postgresql
 WORKDIR /build
 
diff --git a/cmd/dendrite-upgrade-tests/main.go b/cmd/dendrite-upgrade-tests/main.go
index e1ac179a..519d5e47 100644
--- a/cmd/dendrite-upgrade-tests/main.go
+++ b/cmd/dendrite-upgrade-tests/main.go
@@ -55,7 +55,7 @@ var latest, _ = semver.NewVersion("v6.6.6") // Dummy version, used as "HEAD"
 // due to the error:
 // When using COPY with more than one source file, the destination must be a directory and end with a /
 // We need to run a postgres anyway, so use the dockerfile associated with Complement instead.
-const DockerfilePostgreSQL = `FROM golang:1.22-bookworm as build
+const DockerfilePostgreSQL = `FROM golang:1.23-bookworm as build
 RUN apt-get update && apt-get install -y postgresql
 WORKDIR /build
 ARG BINARY
@@ -99,7 +99,7 @@ ENV BINARY=dendrite
 EXPOSE 8008 8448
 CMD /build/run_dendrite.sh`
 
-const DockerfileSQLite = `FROM golang:1.22-bookworm as build
+const DockerfileSQLite = `FROM golang:1.23-bookworm as build
 RUN apt-get update && apt-get install -y postgresql
 WORKDIR /build
 ARG BINARY
diff --git a/go.mod b/go.mod
index b1fe33b7..4b09ae77 100644
--- a/go.mod
+++ b/go.mod
@@ -2,10 +2,10 @@ module github.com/element-hq/dendrite
 
 require (
 	github.com/Arceliar/phony v0.0.0-20220903101357-530938a4b13d
-	github.com/DATA-DOG/go-sqlmock v1.5.0
+	github.com/DATA-DOG/go-sqlmock v1.5.2
 	github.com/MFAshby/stdemuxerhook v1.0.0
 	github.com/Masterminds/semver/v3 v3.3.1
-	github.com/blevesearch/bleve/v2 v2.4.4
+	github.com/blevesearch/bleve/v2 v2.5.1
 	github.com/codeclysm/extract v2.2.0+incompatible
 	github.com/coder/websocket v1.8.12
 	github.com/cretz/bine v0.2.0
@@ -16,7 +16,7 @@ require (
 	github.com/eyedeekay/onramp v0.33.8
 	github.com/getsentry/sentry-go v0.14.0
 	github.com/gologme/log v1.3.0
-	github.com/google/go-cmp v0.6.0
+	github.com/google/go-cmp v0.7.0
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/mux v1.8.0
 	github.com/gorilla/websocket v1.5.3
@@ -29,8 +29,8 @@ require (
 	github.com/matrix-org/pinecone v0.11.1-0.20230810010612-ea4c33717fd7
 	github.com/matrix-org/util v0.0.0-20221111132719-399730281e66
 	github.com/mattn/go-sqlite3 v1.14.24
-	github.com/nats-io/nats-server/v2 v2.10.25
-	github.com/nats-io/nats.go v1.38.0
+	github.com/nats-io/nats-server/v2 v2.11.3
+	github.com/nats-io/nats.go v1.42.0
 	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
 	github.com/opentracing/opentracing-go v1.2.0
 	github.com/patrickmn/go-cache v2.1.0+incompatible
@@ -45,12 +45,12 @@ require (
 	github.com/yggdrasil-network/yggdrasil-go v0.5.12
 	github.com/yggdrasil-network/yggquic v0.0.0-20241212194307-0d495106021f
 	go.uber.org/atomic v1.11.0
-	golang.org/x/crypto v0.32.0
+	golang.org/x/crypto v0.38.0
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
 	golang.org/x/image v0.23.0
 	golang.org/x/mobile v0.0.0-20240520174638-fa72addaaa1b
-	golang.org/x/sync v0.10.0
-	golang.org/x/term v0.28.0
+	golang.org/x/sync v0.14.0
+	golang.org/x/term v0.32.0
 	gopkg.in/yaml.v2 v2.4.0
 	gotest.tools/v3 v3.5.1
 	maunium.net/go/mautrix v0.15.1
@@ -61,27 +61,27 @@ require (
 	github.com/Arceliar/ironwood v0.0.0-20241213013129-743fe2fccbd3 // indirect
 	github.com/HdrHistogram/hdrhistogram-go v1.1.2 // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
-	github.com/RoaringBitmap/roaring v1.9.3 // indirect
+	github.com/RoaringBitmap/roaring/v2 v2.4.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/bits-and-blooms/bitset v1.13.0 // indirect
+	github.com/bits-and-blooms/bitset v1.22.0 // indirect
 	github.com/bits-and-blooms/bloom/v3 v3.7.0 // indirect
-	github.com/blevesearch/bleve_index_api v1.1.12 // indirect
-	github.com/blevesearch/geo v0.1.20 // indirect
-	github.com/blevesearch/go-faiss v1.0.24 // indirect
+	github.com/blevesearch/bleve_index_api v1.2.8 // indirect
+	github.com/blevesearch/geo v0.2.3 // indirect
+	github.com/blevesearch/go-faiss v1.0.25 // indirect
 	github.com/blevesearch/go-porterstemmer v1.0.3 // indirect
 	github.com/blevesearch/gtreap v0.1.1 // indirect
 	github.com/blevesearch/mmap-go v1.0.4 // indirect
-	github.com/blevesearch/scorch_segment_api/v2 v2.2.16 // indirect
+	github.com/blevesearch/scorch_segment_api/v2 v2.3.10 // indirect
 	github.com/blevesearch/segment v0.9.1 // indirect
 	github.com/blevesearch/snowballstem v0.9.0 // indirect
 	github.com/blevesearch/upsidedown_store_api v1.0.2 // indirect
-	github.com/blevesearch/vellum v1.0.10 // indirect
-	github.com/blevesearch/zapx/v11 v11.3.10 // indirect
-	github.com/blevesearch/zapx/v12 v12.3.10 // indirect
-	github.com/blevesearch/zapx/v13 v13.3.10 // indirect
-	github.com/blevesearch/zapx/v14 v14.3.10 // indirect
-	github.com/blevesearch/zapx/v15 v15.3.16 // indirect
-	github.com/blevesearch/zapx/v16 v16.1.9-0.20241217210638-a0519e7caf3b // indirect
+	github.com/blevesearch/vellum v1.1.0 // indirect
+	github.com/blevesearch/zapx/v11 v11.4.2 // indirect
+	github.com/blevesearch/zapx/v12 v12.4.2 // indirect
+	github.com/blevesearch/zapx/v13 v13.4.2 // indirect
+	github.com/blevesearch/zapx/v14 v14.4.2 // indirect
+	github.com/blevesearch/zapx/v15 v15.4.2 // indirect
+	github.com/blevesearch/zapx/v16 v16.2.3 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
@@ -95,15 +95,15 @@ require (
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/geo v0.0.0-20210211234256-740aa86cb551 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
+	github.com/google/go-tpm v0.9.3 // indirect
 	github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd // indirect
 	github.com/h2non/filetype v1.1.3 // indirect
 	github.com/hjson/hjson-go/v4 v4.4.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/juju/errors v1.0.0 // indirect
-	github.com/klauspost/compress v1.17.11 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/minio/highwayhash v1.0.3 // indirect
@@ -114,8 +114,8 @@ require (
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/mschoch/smat v0.2.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/nats-io/jwt/v2 v2.7.3 // indirect
-	github.com/nats-io/nkeys v0.4.9 // indirect
+	github.com/nats-io/jwt/v2 v2.7.4 // indirect
+	github.com/nats-io/nkeys v0.4.11 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
 	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/onsi/ginkgo/v2 v2.11.0 // indirect
@@ -132,7 +132,7 @@ require (
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/wlynxg/anet v0.0.5 // indirect
-	go.etcd.io/bbolt v1.3.7 // indirect
+	go.etcd.io/bbolt v1.4.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
 	go.opentelemetry.io/otel v1.32.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 // indirect
@@ -142,9 +142,9 @@ require (
 	go.uber.org/mock v0.4.0 // indirect
 	golang.org/x/mod v0.19.0 // indirect
 	golang.org/x/net v0.33.0 // indirect
-	golang.org/x/sys v0.29.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
-	golang.org/x/time v0.9.0 // indirect
+	golang.org/x/sys v0.33.0 // indirect
+	golang.org/x/text v0.25.0 // indirect
+	golang.org/x/time v0.11.0 // indirect
 	golang.org/x/tools v0.23.0 // indirect
 	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/macaroon.v2 v2.1.0 // indirect
@@ -156,6 +156,6 @@ require (
 	nhooyr.io/websocket v1.8.7 // indirect
 )
 
-go 1.22
+go 1.23.0
 
-toolchain go1.23.2
+toolchain go1.24.3
diff --git a/go.sum b/go.sum
index 0ff63744..a9675856 100644
--- a/go.sum
+++ b/go.sum
@@ -6,8 +6,8 @@ github.com/Arceliar/phony v0.0.0-20220903101357-530938a4b13d/go.mod h1:BCnxhRf47
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
-github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
+github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
+github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU=
 github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM=
 github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo=
 github.com/MFAshby/stdemuxerhook v1.0.0 h1:1XFGzakrsHMv76AeanPDL26NOgwjPl/OUxbGhJthwMc=
@@ -16,53 +16,55 @@ github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7r
 github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/RoaringBitmap/roaring v1.9.3 h1:t4EbC5qQwnisr5PrP9nt0IRhRTb9gMUgQF4t4S2OByM=
-github.com/RoaringBitmap/roaring v1.9.3/go.mod h1:6AXUsoIEzDTFFQCe1RbGA6uFONMhvejWj5rqITANK90=
+github.com/RoaringBitmap/roaring/v2 v2.4.5 h1:uGrrMreGjvAtTBobc0g5IrW1D5ldxDQYe2JW2gggRdg=
+github.com/RoaringBitmap/roaring/v2 v2.4.5/go.mod h1:FiJcsfkGje/nZBZgCu0ZxCPOKD/hVXDS2dXi7/eUFE0=
 github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw=
+github.com/antithesishq/antithesis-sdk-go v0.4.3-default-no-op h1:+OSa/t11TFhqfrX0EOSqQBDJ0YlpmK0rDSiB19dg9M0=
+github.com/antithesishq/antithesis-sdk-go v0.4.3-default-no-op/go.mod h1:IUpT2DPAKh6i/YhSbt6Gl3v2yvUZjmKncl7U91fup7E=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bits-and-blooms/bitset v1.10.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
 github.com/bits-and-blooms/bitset v1.12.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
-github.com/bits-and-blooms/bitset v1.13.0 h1:bAQ9OPNFYbGHV6Nez0tmNI0RiEu7/hxlYJRUA0wFAVE=
-github.com/bits-and-blooms/bitset v1.13.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
+github.com/bits-and-blooms/bitset v1.22.0 h1:Tquv9S8+SGaS3EhyA+up3FXzmkhxPGjQQCkcs2uw7w4=
+github.com/bits-and-blooms/bitset v1.22.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
 github.com/bits-and-blooms/bloom/v3 v3.7.0 h1:VfknkqV4xI+PsaDIsoHueyxVDZrfvMn56jeWUzvzdls=
 github.com/bits-and-blooms/bloom/v3 v3.7.0/go.mod h1:VKlUSvp0lFIYqxJjzdnSsZEw4iHb1kOL2tfHTgyJBHg=
-github.com/blevesearch/bleve/v2 v2.4.4 h1:RwwLGjUm54SwyyykbrZs4vc1qjzYic4ZnAnY9TwNl60=
-github.com/blevesearch/bleve/v2 v2.4.4/go.mod h1:fa2Eo6DP7JR+dMFpQe+WiZXINKSunh7WBtlDGbolKXk=
-github.com/blevesearch/bleve_index_api v1.1.12 h1:P4bw9/G/5rulOF7SJ9l4FsDoo7UFJ+5kexNy1RXfegY=
-github.com/blevesearch/bleve_index_api v1.1.12/go.mod h1:PbcwjIcRmjhGbkS/lJCpfgVSMROV6TRubGGAODaK1W8=
-github.com/blevesearch/geo v0.1.20 h1:paaSpu2Ewh/tn5DKn/FB5SzvH0EWupxHEIwbCk/QPqM=
-github.com/blevesearch/geo v0.1.20/go.mod h1:DVG2QjwHNMFmjo+ZgzrIq2sfCh6rIHzy9d9d0B59I6w=
-github.com/blevesearch/go-faiss v1.0.24 h1:K79IvKjoKHdi7FdiXEsAhxpMuns0x4fM0BO93bW5jLI=
-github.com/blevesearch/go-faiss v1.0.24/go.mod h1:OMGQwOaRRYxrmeNdMrXJPvVx8gBnvE5RYrr0BahNnkk=
+github.com/blevesearch/bleve/v2 v2.5.1 h1:cc/O++W2Hcjp1SU5ETHeE+QYWv2oV88ldYEPowdmg8M=
+github.com/blevesearch/bleve/v2 v2.5.1/go.mod h1:9g/wnbWKm9AgXrU8Ecqi+IDdqjUHWymwkQRDg+5tafU=
+github.com/blevesearch/bleve_index_api v1.2.8 h1:Y98Pu5/MdlkRyLM0qDHostYo7i+Vv1cDNhqTeR4Sy6Y=
+github.com/blevesearch/bleve_index_api v1.2.8/go.mod h1:rKQDl4u51uwafZxFrPD1R7xFOwKnzZW7s/LSeK4lgo0=
+github.com/blevesearch/geo v0.2.3 h1:K9/vbGI9ehlXdxjxDRJtoAMt7zGAsMIzc6n8zWcwnhg=
+github.com/blevesearch/geo v0.2.3/go.mod h1:K56Q33AzXt2YExVHGObtmRSFYZKYGv0JEN5mdacJJR8=
+github.com/blevesearch/go-faiss v1.0.25 h1:lel1rkOUGbT1CJ0YgzKwC7k+XH0XVBHnCVWahdCXk4U=
+github.com/blevesearch/go-faiss v1.0.25/go.mod h1:OMGQwOaRRYxrmeNdMrXJPvVx8gBnvE5RYrr0BahNnkk=
 github.com/blevesearch/go-porterstemmer v1.0.3 h1:GtmsqID0aZdCSNiY8SkuPJ12pD4jI+DdXTAn4YRcHCo=
 github.com/blevesearch/go-porterstemmer v1.0.3/go.mod h1:angGc5Ht+k2xhJdZi511LtmxuEf0OVpvUUNrwmM1P7M=
 github.com/blevesearch/gtreap v0.1.1 h1:2JWigFrzDMR+42WGIN/V2p0cUvn4UP3C4Q5nmaZGW8Y=
 github.com/blevesearch/gtreap v0.1.1/go.mod h1:QaQyDRAT51sotthUWAH4Sj08awFSSWzgYICSZ3w0tYk=
 github.com/blevesearch/mmap-go v1.0.4 h1:OVhDhT5B/M1HNPpYPBKIEJaD0F3Si+CrEKULGCDPWmc=
 github.com/blevesearch/mmap-go v1.0.4/go.mod h1:EWmEAOmdAS9z/pi/+Toxu99DnsbhG1TIxUoRmJw/pSs=
-github.com/blevesearch/scorch_segment_api/v2 v2.2.16 h1:uGvKVvG7zvSxCwcm4/ehBa9cCEuZVE+/zvrSl57QUVY=
-github.com/blevesearch/scorch_segment_api/v2 v2.2.16/go.mod h1:VF5oHVbIFTu+znY1v30GjSpT5+9YFs9dV2hjvuh34F0=
+github.com/blevesearch/scorch_segment_api/v2 v2.3.10 h1:Yqk0XD1mE0fDZAJXTjawJ8If/85JxnLd8v5vG/jWE/s=
+github.com/blevesearch/scorch_segment_api/v2 v2.3.10/go.mod h1:Z3e6ChN3qyN35yaQpl00MfI5s8AxUJbpTR/DL8QOQ+8=
 github.com/blevesearch/segment v0.9.1 h1:+dThDy+Lvgj5JMxhmOVlgFfkUtZV2kw49xax4+jTfSU=
 github.com/blevesearch/segment v0.9.1/go.mod h1:zN21iLm7+GnBHWTao9I+Au/7MBiL8pPFtJBJTsk6kQw=
 github.com/blevesearch/snowballstem v0.9.0 h1:lMQ189YspGP6sXvZQ4WZ+MLawfV8wOmPoD/iWeNXm8s=
 github.com/blevesearch/snowballstem v0.9.0/go.mod h1:PivSj3JMc8WuaFkTSRDW2SlrulNWPl4ABg1tC/hlgLs=
 github.com/blevesearch/upsidedown_store_api v1.0.2 h1:U53Q6YoWEARVLd1OYNc9kvhBMGZzVrdmaozG2MfoB+A=
 github.com/blevesearch/upsidedown_store_api v1.0.2/go.mod h1:M01mh3Gpfy56Ps/UXHjEO/knbqyQ1Oamg8If49gRwrQ=
-github.com/blevesearch/vellum v1.0.10 h1:HGPJDT2bTva12hrHepVT3rOyIKFFF4t7Gf6yMxyMIPI=
-github.com/blevesearch/vellum v1.0.10/go.mod h1:ul1oT0FhSMDIExNjIxHqJoGpVrBpKCdgDQNxfqgJt7k=
-github.com/blevesearch/zapx/v11 v11.3.10 h1:hvjgj9tZ9DeIqBCxKhi70TtSZYMdcFn7gDb71Xo/fvk=
-github.com/blevesearch/zapx/v11 v11.3.10/go.mod h1:0+gW+FaE48fNxoVtMY5ugtNHHof/PxCqh7CnhYdnMzQ=
-github.com/blevesearch/zapx/v12 v12.3.10 h1:yHfj3vXLSYmmsBleJFROXuO08mS3L1qDCdDK81jDl8s=
-github.com/blevesearch/zapx/v12 v12.3.10/go.mod h1:0yeZg6JhaGxITlsS5co73aqPtM04+ycnI6D1v0mhbCs=
-github.com/blevesearch/zapx/v13 v13.3.10 h1:0KY9tuxg06rXxOZHg3DwPJBjniSlqEgVpxIqMGahDE8=
-github.com/blevesearch/zapx/v13 v13.3.10/go.mod h1:w2wjSDQ/WBVeEIvP0fvMJZAzDwqwIEzVPnCPrz93yAk=
-github.com/blevesearch/zapx/v14 v14.3.10 h1:SG6xlsL+W6YjhX5N3aEiL/2tcWh3DO75Bnz77pSwwKU=
-github.com/blevesearch/zapx/v14 v14.3.10/go.mod h1:qqyuR0u230jN1yMmE4FIAuCxmahRQEOehF78m6oTgns=
-github.com/blevesearch/zapx/v15 v15.3.16 h1:Ct3rv7FUJPfPk99TI/OofdC+Kpb4IdyfdMH48sb+FmE=
-github.com/blevesearch/zapx/v15 v15.3.16/go.mod h1:Turk/TNRKj9es7ZpKK95PS7f6D44Y7fAFy8F4LXQtGg=
-github.com/blevesearch/zapx/v16 v16.1.9-0.20241217210638-a0519e7caf3b h1:ju9Az5YgrzCeK3M1QwvZIpxYhChkXp7/L0RhDYsxXoE=
-github.com/blevesearch/zapx/v16 v16.1.9-0.20241217210638-a0519e7caf3b/go.mod h1:BlrYNpOu4BvVRslmIG+rLtKhmjIaRhIbG8sb9scGTwI=
+github.com/blevesearch/vellum v1.1.0 h1:CinkGyIsgVlYf8Y2LUQHvdelgXr6PYuvoDIajq6yR9w=
+github.com/blevesearch/vellum v1.1.0/go.mod h1:QgwWryE8ThtNPxtgWJof5ndPfx0/YMBh+W2weHKPw8Y=
+github.com/blevesearch/zapx/v11 v11.4.2 h1:l46SV+b0gFN+Rw3wUI1YdMWdSAVhskYuvxlcgpQFljs=
+github.com/blevesearch/zapx/v11 v11.4.2/go.mod h1:4gdeyy9oGa/lLa6D34R9daXNUvfMPZqUYjPwiLmekwc=
+github.com/blevesearch/zapx/v12 v12.4.2 h1:fzRbhllQmEMUuAQ7zBuMvKRlcPA5ESTgWlDEoB9uQNE=
+github.com/blevesearch/zapx/v12 v12.4.2/go.mod h1:TdFmr7afSz1hFh/SIBCCZvcLfzYvievIH6aEISCte58=
+github.com/blevesearch/zapx/v13 v13.4.2 h1:46PIZCO/ZuKZYgxI8Y7lOJqX3Irkc3N8W82QTK3MVks=
+github.com/blevesearch/zapx/v13 v13.4.2/go.mod h1:knK8z2NdQHlb5ot/uj8wuvOq5PhDGjNYQQy0QDnopZk=
+github.com/blevesearch/zapx/v14 v14.4.2 h1:2SGHakVKd+TrtEqpfeq8X+So5PShQ5nW6GNxT7fWYz0=
+github.com/blevesearch/zapx/v14 v14.4.2/go.mod h1:rz0XNb/OZSMjNorufDGSpFpjoFKhXmppH9Hi7a877D8=
+github.com/blevesearch/zapx/v15 v15.4.2 h1:sWxpDE0QQOTjyxYbAVjt3+0ieu8NCE0fDRaFxEsp31k=
+github.com/blevesearch/zapx/v15 v15.4.2/go.mod h1:1pssev/59FsuWcgSnTa0OeEpOzmhtmr/0/11H0Z8+Nw=
+github.com/blevesearch/zapx/v16 v16.2.3 h1:7Y0r+a3diEvlazsncexq1qoFOcBd64xwMS7aDm4lo1s=
+github.com/blevesearch/zapx/v16 v16.2.3/go.mod h1:wVJ+GtURAaRG9KQAMNYyklq0egV+XJlGcXNCE0OFjjA=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
@@ -164,8 +166,6 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
-github.com/golang/geo v0.0.0-20210211234256-740aa86cb551 h1:gtexQ/VGyN+VVFRXSFiguSNcXmS6rkKT+X7FdIrTtfo=
-github.com/golang/geo v0.0.0-20210211234256-740aa86cb551/go.mod h1:QZ0nwyI2jOfgRAoBvP+ab5aRr7c9x7lhGEJrKvBwjWI=
 github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
@@ -179,8 +179,10 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
+github.com/google/go-tpm v0.9.3 h1:+yx0/anQuGzi+ssRqeD6WpXjW2L/V0dItUayO0i9sRc=
+github.com/google/go-tpm v0.9.3/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd h1:gbpYu9NMq8jhDVbvlGkMFWCjLFlqqEZjEmObmhUy6Vo=
 github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
@@ -209,9 +211,10 @@ github.com/kardianos/minwinsvc v1.0.2 h1:JmZKFJQrmTGa/WiW+vkJXKmfzdjabuEW4Tirj5l
 github.com/kardianos/minwinsvc v1.0.2/go.mod h1:LUZNYhNmxujx2tR7FbdxqYJ9XDDoCd3MQcl1o//FWl4=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/kisielk/sqlstruct v0.0.0-20201105191214-5f3e10d3ab46/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE=
 github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
-github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
@@ -268,14 +271,14 @@ github.com/mschoch/smat v0.2.0 h1:8imxQsjDm8yFEAVBe7azKmKSgzSkZXDuKkSq9374khM=
 github.com/mschoch/smat v0.2.0/go.mod h1:kc9mz7DoBKqDyiRL7VZN8KvXQMWeTaVnttLRXOlotKw=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/nats-io/jwt/v2 v2.7.3 h1:6bNPK+FXgBeAqdj4cYQ0F8ViHRbi7woQLq4W29nUAzE=
-github.com/nats-io/jwt/v2 v2.7.3/go.mod h1:GvkcbHhKquj3pkioy5put1wvPxs78UlZ7D/pY+BgZk4=
-github.com/nats-io/nats-server/v2 v2.10.25 h1:J0GWLDDXo5HId7ti/lTmBfs+lzhmu8RPkoKl0eSCqwc=
-github.com/nats-io/nats-server/v2 v2.10.25/go.mod h1:/YYYQO7cuoOBt+A7/8cVjuhWTaTUEAlZbJT+3sMAfFU=
-github.com/nats-io/nats.go v1.38.0 h1:A7P+g7Wjp4/NWqDOOP/K6hfhr54DvdDQUznt5JFg9XA=
-github.com/nats-io/nats.go v1.38.0/go.mod h1:IGUM++TwokGnXPs82/wCuiHS02/aKrdYUQkU8If6yjw=
-github.com/nats-io/nkeys v0.4.9 h1:qe9Faq2Gxwi6RZnZMXfmGMZkg3afLLOtrU+gDZJ35b0=
-github.com/nats-io/nkeys v0.4.9/go.mod h1:jcMqs+FLG+W5YO36OX6wFIFcmpdAns+w1Wm6D3I/evE=
+github.com/nats-io/jwt/v2 v2.7.4 h1:jXFuDDxs/GQjGDZGhNgH4tXzSUK6WQi2rsj4xmsNOtI=
+github.com/nats-io/jwt/v2 v2.7.4/go.mod h1:me11pOkwObtcBNR8AiMrUbtVOUGkqYjMQZ6jnSdVUIA=
+github.com/nats-io/nats-server/v2 v2.11.3 h1:AbGtXxuwjo0gBroLGGr/dE0vf24kTKdRnBq/3z/Fdoc=
+github.com/nats-io/nats-server/v2 v2.11.3/go.mod h1:6Z6Fd+JgckqzKig7DYwhgrE7bJ6fypPHnGPND+DqgMY=
+github.com/nats-io/nats.go v1.42.0 h1:ynIMupIOvf/ZWH/b2qda6WGKGNSjwOUutTpWRvAmhaM=
+github.com/nats-io/nats.go v1.42.0/go.mod h1:iRWIPokVIFbVijxuMQq4y9ttaBTMe0SFdlZfMDd+33g=
+github.com/nats-io/nkeys v0.4.11 h1:q44qGV008kYd9W1b1nEBkNzvnWxtRSQ7A8BoqRrcfa0=
+github.com/nats-io/nkeys v0.4.11/go.mod h1:szDimtgmfOi9n25JpfIdGw12tZFYXqhGxjhVxsatHVE=
 github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
 github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
@@ -364,8 +367,8 @@ github.com/yggdrasil-network/yggquic v0.0.0-20241212194307-0d495106021f h1:nqinj
 github.com/yggdrasil-network/yggquic v0.0.0-20241212194307-0d495106021f/go.mod h1:TVCKOUWiXR9cAqr3eDpKvXkVkTph38xwk0wjcvfrtKI=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
-go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
+go.etcd.io/bbolt v1.4.0 h1:TU77id3TnN/zKr7CO/uk+fBCwF2jGcMuw2B/FMAzYIk=
+go.etcd.io/bbolt v1.4.0/go.mod h1:AsD+OCi/qPN1giOX1aiLAha3o1U8rAz65bvN4j0sRuk=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg=
 go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U=
@@ -392,8 +395,8 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
-golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
-golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
+golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -425,8 +428,8 @@ golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
+golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -443,20 +446,20 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
-golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
+golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
-golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
+golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
+golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
+golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
-golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
+golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -497,6 +500,7 @@ gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU=

From 916676a45c58a0656eaddc79389bb1d50a03b76c Mon Sep 17 00:00:00 2001
From: Robert Metcalf <rmetcalf9@googlemail.com>
Date: Fri, 16 May 2025 19:00:39 +0100
Subject: [PATCH 04/17] Update 4_adminapi.md (#3552)

Link to create users page is broken. This fixes it.

### Pull Request Checklist

<!-- Please read
https://matrix-org.github.io/dendrite/development/contributing before
submitting your pull request -->

* [ ] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement) for this PR _or_ I have
justified why this PR doesn't need tests
* [x] Pull request includes a [sign off
below](https://element-hq.github.io/dendrite/development/contributing#sign-off)
_or_ I have already signed off privately

Note - no reason to change Go unit tests when I am just altering
documentation.

Signed-off-by: `Robert Metcalf <rmetcalf9@googlemail.com>`

Co-authored-by: Till <2353100+S7evinK@users.noreply.github.com>
---
 docs/administration/4_adminapi.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/administration/4_adminapi.md b/docs/administration/4_adminapi.md
index 40d02622..56b4fad5 100644
--- a/docs/administration/4_adminapi.md
+++ b/docs/administration/4_adminapi.md
@@ -101,7 +101,7 @@ If successfully sent, the API will return the following response:
 
 ## GET `/_synapse/admin/v1/register`
 
-Shared secret registration — please see the [user creation page](createusers) for
+Shared secret registration — please see the [user creation page](1_createusers.md) for
 guidance on configuring and using this endpoint.
 
 ## GET `/_matrix/client/v3/admin/whois/{userId}`

From 86358e1af640b2a055ec7cea834ce307ca44f767 Mon Sep 17 00:00:00 2001
From: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
Date: Sat, 17 May 2025 20:25:44 +0200
Subject: [PATCH 05/17] Bump golang.org/x/net

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 4b09ae77..ab56b1c3 100644
--- a/go.mod
+++ b/go.mod
@@ -141,7 +141,7 @@ require (
 	go.opentelemetry.io/otel/trace v1.32.0 // indirect
 	go.uber.org/mock v0.4.0 // indirect
 	golang.org/x/mod v0.19.0 // indirect
-	golang.org/x/net v0.33.0 // indirect
+	golang.org/x/net v0.40.0 // indirect
 	golang.org/x/sys v0.33.0 // indirect
 	golang.org/x/text v0.25.0 // indirect
 	golang.org/x/time v0.11.0 // indirect
diff --git a/go.sum b/go.sum
index a9675856..00733855 100644
--- a/go.sum
+++ b/go.sum
@@ -423,8 +423,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
-golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
+golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

From ee42cb48a4c05029bbe5d66c1092fd9ebc6969e7 Mon Sep 17 00:00:00 2001
From: Till <2353100+S7evinK@users.noreply.github.com>
Date: Sat, 17 May 2025 21:05:45 +0200
Subject: [PATCH 06/17] Bump go in docker images (#3582)

---
 Dockerfile                                  | 2 +-
 build/scripts/Complement.Dockerfile         | 2 +-
 build/scripts/ComplementLocal.Dockerfile    | 2 +-
 build/scripts/ComplementPostgres.Dockerfile | 2 +-
 cmd/dendrite-upgrade-tests/main.go          | 4 ++--
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 27e7b39a..6942fc1f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,7 +3,7 @@
 #
 # base installs required dependencies and runs go mod download to cache dependencies
 #
-FROM --platform=${BUILDPLATFORM} docker.io/golang:1.22-alpine AS base
+FROM --platform=${BUILDPLATFORM} docker.io/golang:1.24-alpine AS base
 RUN apk --update --no-cache add bash build-base curl git
 
 #
diff --git a/build/scripts/Complement.Dockerfile b/build/scripts/Complement.Dockerfile
index e23aad8b..d6880f5b 100644
--- a/build/scripts/Complement.Dockerfile
+++ b/build/scripts/Complement.Dockerfile
@@ -1,6 +1,6 @@
 #syntax=docker/dockerfile:1.2
 
-FROM golang:1.23-bookworm as build
+FROM golang:1.24-bookworm as build
 RUN apt-get update && apt-get install -y sqlite3
 WORKDIR /build
 
diff --git a/build/scripts/ComplementLocal.Dockerfile b/build/scripts/ComplementLocal.Dockerfile
index c2af1649..044a9809 100644
--- a/build/scripts/ComplementLocal.Dockerfile
+++ b/build/scripts/ComplementLocal.Dockerfile
@@ -8,7 +8,7 @@
 #
 # Use these mounts to make use of this dockerfile:
 # COMPLEMENT_HOST_MOUNTS='/your/local/dendrite:/dendrite:ro;/your/go/path:/go:ro'
-FROM golang:1.23-bookworm
+FROM golang:1.24-bookworm
 RUN apt-get update && apt-get install -y sqlite3
 
 ENV SERVER_NAME=localhost
diff --git a/build/scripts/ComplementPostgres.Dockerfile b/build/scripts/ComplementPostgres.Dockerfile
index 48843eb0..b81316d8 100644
--- a/build/scripts/ComplementPostgres.Dockerfile
+++ b/build/scripts/ComplementPostgres.Dockerfile
@@ -1,6 +1,6 @@
 #syntax=docker/dockerfile:1.2
 
-FROM golang:1.23-bookworm as build
+FROM golang:1.24-bookworm as build
 RUN apt-get update && apt-get install -y postgresql
 WORKDIR /build
 
diff --git a/cmd/dendrite-upgrade-tests/main.go b/cmd/dendrite-upgrade-tests/main.go
index 519d5e47..3da46941 100644
--- a/cmd/dendrite-upgrade-tests/main.go
+++ b/cmd/dendrite-upgrade-tests/main.go
@@ -55,7 +55,7 @@ var latest, _ = semver.NewVersion("v6.6.6") // Dummy version, used as "HEAD"
 // due to the error:
 // When using COPY with more than one source file, the destination must be a directory and end with a /
 // We need to run a postgres anyway, so use the dockerfile associated with Complement instead.
-const DockerfilePostgreSQL = `FROM golang:1.23-bookworm as build
+const DockerfilePostgreSQL = `FROM golang:1.24-bookworm as build
 RUN apt-get update && apt-get install -y postgresql
 WORKDIR /build
 ARG BINARY
@@ -99,7 +99,7 @@ ENV BINARY=dendrite
 EXPOSE 8008 8448
 CMD /build/run_dendrite.sh`
 
-const DockerfileSQLite = `FROM golang:1.23-bookworm as build
+const DockerfileSQLite = `FROM golang:1.24-bookworm as build
 RUN apt-get update && apt-get install -y postgresql
 WORKDIR /build
 ARG BINARY

From f8fba0c0de77135c43e3cf16ec37702029e5018e Mon Sep 17 00:00:00 2001
From: Till <2353100+S7evinK@users.noreply.github.com>
Date: Thu, 5 Jun 2025 20:45:15 +0200
Subject: [PATCH 07/17] Fix building Pinecone and Yggrasil docker images
 (#3592)

Fixes #3503

### Pull Request Checklist

<!-- Please read
https://matrix-org.github.io/dendrite/development/contributing before
submitting your pull request -->

* [x] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement) for this PR _or_ I have
justified why this PR doesn't need tests
* [x] Pull request includes a [sign off
below](https://element-hq.github.io/dendrite/development/contributing#sign-off)
_or_ I have already signed off privately

Signed-off-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
---
 build/docker/Dockerfile.demo-pinecone  | 2 +-
 build/docker/Dockerfile.demo-yggdrasil | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build/docker/Dockerfile.demo-pinecone b/build/docker/Dockerfile.demo-pinecone
index a23233a7..dee77a67 100644
--- a/build/docker/Dockerfile.demo-pinecone
+++ b/build/docker/Dockerfile.demo-pinecone
@@ -1,6 +1,6 @@
 #syntax=docker/dockerfile:1.2
 
-FROM --platform=${BUILDPLATFORM} ghcr.io/element-hq/dendrite-monolith:binaries AS build
+FROM --platform=${TARGETPLATFORM} ghcr.io/element-hq/dendrite-monolith:binaries AS build
 
 FROM alpine:latest
 RUN apk --update --no-cache add curl
diff --git a/build/docker/Dockerfile.demo-yggdrasil b/build/docker/Dockerfile.demo-yggdrasil
index 32a7db4d..8522e030 100644
--- a/build/docker/Dockerfile.demo-yggdrasil
+++ b/build/docker/Dockerfile.demo-yggdrasil
@@ -1,6 +1,6 @@
 #syntax=docker/dockerfile:1.2
 
-FROM --platform=${BUILDPLATFORM} ghcr.io/element-hq/dendrite-monolith:binaries AS build
+FROM --platform=${TARGETPLATFORM} ghcr.io/element-hq/dendrite-monolith:binaries AS build
 
 FROM alpine:latest
 LABEL org.opencontainers.image.title="Dendrite (Yggdrasil demo)"

From ad0d5caf4311da064795a854ee5517e8cbde1868 Mon Sep 17 00:00:00 2001
From: Michael Kohl <me@citizen428.net>
Date: Fri, 6 Jun 2025 01:51:38 +0700
Subject: [PATCH 08/17] Update documentation links for new domain (#3545)

This PR update relevant links (e.g. to installation instructions) in the
main README to point to https://element-hq.github.io/dendrite instead of
https://matrix-org.github.io/dendrite.

### Pull Request Checklist

<!-- Please read
https://matrix-org.github.io/dendrite/development/contributing before
submitting your pull request -->

* [X] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement) for this PR _or_ I have
justified why this PR doesn't need tests
* [X] Pull request includes a [sign off
below](https://element-hq.github.io/dendrite/development/contributing#sign-off)
_or_ I have already signed off privately

Signed-off-by: `Michael Kohl <me@citizen428.net>`
---
 README.md | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index b3796000..b9e53ced 100644
--- a/README.md
+++ b/README.md
@@ -33,7 +33,7 @@ If you have further questions, please take a look at [our FAQ](docs/FAQ.md) or j
 
 ## Requirements
 
-See the [Planning your Installation](https://matrix-org.github.io/dendrite/installation/planning) page for
+See the [Planning your Installation](https://element-hq.github.io/dendrite/installation/planning) page for
 more information on requirements.
 
 To build Dendrite, you will need Go 1.21 or later.
@@ -53,7 +53,7 @@ The [Federation Tester](https://federationtester.matrix.org) can be used to veri
 
 ## Get started
 
-If you wish to build a fully-federating Dendrite instance, see [the Installation documentation](https://matrix-org.github.io/dendrite/installation). For running in Docker, see [build/docker](build/docker).
+If you wish to build a fully-federating Dendrite instance, see [the Installation documentation](https://element-hq.github.io/dendrite/installation). For running in Docker, see [build/docker](build/docker).
 
 The following instructions are enough to get Dendrite started as a non-federating test deployment using self-signed certificates and SQLite databases:
 
@@ -121,7 +121,7 @@ all have related Sytests which need to pass in order for the issue to be closed.
 code, you can quickly run Sytest to ensure that the test names are now passing.
 
 If you're new to the project, see our
-[Contributing page](https://matrix-org.github.io/dendrite/development/contributing) to get up to speed, then
+[Contributing page](https://element-hq.github.io/dendrite/development/contributing) to get up to speed, then
 look for [Good First Issues](https://github.com/element-hq/dendrite/labels/good%20first%20issue). If you're
 familiar with the project, look for [Help Wanted](https://github.com/element-hq/dendrite/labels/help-wanted)
 issues.
@@ -130,12 +130,11 @@ issues.
 
 Copyright 2017 OpenMarket Ltd
 Copyright 2017 Vector Creations Ltd
-Copyright 2017-2025 New Vector Ltd 
+Copyright 2017-2025 New Vector Ltd
 
 This software is dual-licensed by New Vector Ltd (Element). It can be used either:
-  
+
 (1) for free under the terms of the GNU Affero General Public License (as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version); OR
-  
+
 (2) under the terms of a paid-for Element Commercial License agreement between you and Element (the terms of which may vary depending on what you and Element have agreed to).
 Unless required by applicable law or agreed to in writing, software distributed under the Licenses is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licenses for the specific language governing permissions and limitations under the Licenses.
-

From 0ca63e06500ed3210395bcd3c310b965ea70c7c9 Mon Sep 17 00:00:00 2001
From: Till <2353100+S7evinK@users.noreply.github.com>
Date: Thu, 5 Jun 2025 21:07:24 +0200
Subject: [PATCH 09/17] Fix filtering issue (#3593)

Fixes #3489

### Pull Request Checklist

<!-- Please read
https://matrix-org.github.io/dendrite/development/contributing before
submitting your pull request -->

* [x] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement) for this PR _or_ I have
justified why this PR doesn't need tests
* [x] Pull request includes a [sign off
below](https://element-hq.github.io/dendrite/development/contributing#sign-off)
_or_ I have already signed off privately

---------

Signed-off-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
---
 syncapi/storage/sqlite3/filtering.go |   4 +-
 syncapi/syncapi_test.go              | 142 ++++++++++++++-------------
 2 files changed, 78 insertions(+), 68 deletions(-)

diff --git a/syncapi/storage/sqlite3/filtering.go b/syncapi/storage/sqlite3/filtering.go
index 50cdd537..2f0e4ed1 100644
--- a/syncapi/storage/sqlite3/filtering.go
+++ b/syncapi/storage/sqlite3/filtering.go
@@ -46,7 +46,7 @@ func prepareWithFilters(
 				params, offset = append(params, v), offset+1
 			}
 		} else {
-			query += ` AND sender NOT = ""`
+			query += ` AND sender != ""`
 		}
 	}
 	if types != nil {
@@ -66,7 +66,7 @@ func prepareWithFilters(
 				params, offset = append(params, v), offset+1
 			}
 		} else {
-			query += ` AND type NOT = ""`
+			query += ` AND type != ""`
 		}
 	}
 	if containsURL != nil {
diff --git a/syncapi/syncapi_test.go b/syncapi/syncapi_test.go
index 4e1fa7df..f8461390 100644
--- a/syncapi/syncapi_test.go
+++ b/syncapi/syncapi_test.go
@@ -548,6 +548,13 @@ func testHistoryVisibility(t *testing.T, dbType test.DBType) {
 		DisplayName: "BOB",
 	}
 
+	filters := []string{
+		// check that lazy loading doesn't break history visibility
+		`{"lazy_load_members":true}`,
+		// Test all kind of filters, including "bad" ones
+		`{"lazy_load_members":true,"types":null,"not_types":[],"rooms":null,"not_rooms":[],"senders":null,"not_senders":[],"contains_url":null,"io.element.relation_senders":[],"io.element.relation_types":["io.element.thread"]}`,
+	}
+
 	ctx := context.Background()
 	// check guest and normal user accounts
 	for _, accType := range []userapi.AccountType{userapi.AccountTypeGuest, userapi.AccountTypeUser} {
@@ -614,79 +621,82 @@ func testHistoryVisibility(t *testing.T, dbType test.DBType) {
 		for _, tc := range testCases {
 			testname := fmt.Sprintf("%s - %s", tc.historyVisibility, userType)
 			t.Run(testname, func(t *testing.T) {
-				// create a room with the given visibility
-				room := test.NewRoom(t, alice, test.RoomHistoryVisibility(tc.historyVisibility))
+				for _, filter := range filters {
+					t.Logf("Using filter: %s", filter)
+					// create a room with the given visibility
+					room := test.NewRoom(t, alice, test.RoomHistoryVisibility(tc.historyVisibility))
 
-				// send the events/messages to NATS to create the rooms
-				beforeJoinBody := fmt.Sprintf("Before invite in a %s room", tc.historyVisibility)
-				beforeJoinEv := room.CreateAndInsert(t, alice, "m.room.message", map[string]interface{}{"body": beforeJoinBody})
-				eventsToSend := append(room.Events(), beforeJoinEv)
-				if err := api.SendEvents(ctx, rsAPI, api.KindNew, eventsToSend, "test", "test", "test", nil, false); err != nil {
-					t.Fatalf("failed to send events: %v", err)
-				}
-				syncUntil(t, routers, aliceDev.AccessToken, false,
-					func(syncBody string) bool {
-						path := fmt.Sprintf(`rooms.join.%s.timeline.events.#(content.body=="%s")`, room.ID, beforeJoinBody)
-						return gjson.Get(syncBody, path).Exists()
-					},
-				)
+					// send the events/messages to NATS to create the rooms
+					beforeJoinBody := fmt.Sprintf("Before invite in a %s room", tc.historyVisibility)
+					beforeJoinEv := room.CreateAndInsert(t, alice, "m.room.message", map[string]interface{}{"body": beforeJoinBody})
+					eventsToSend := append(room.Events(), beforeJoinEv)
+					if err := api.SendEvents(ctx, rsAPI, api.KindNew, eventsToSend, "test", "test", "test", nil, false); err != nil {
+						t.Fatalf("failed to send events: %v", err)
+					}
+					syncUntil(t, routers, aliceDev.AccessToken, false,
+						func(syncBody string) bool {
+							path := fmt.Sprintf(`rooms.join.%s.timeline.events.#(content.body=="%s")`, room.ID, beforeJoinBody)
+							return gjson.Get(syncBody, path).Exists()
+						},
+					)
 
-				// There is only one event, we expect only to be able to see this, if the room is world_readable
-				w := httptest.NewRecorder()
-				routers.Client.ServeHTTP(w, test.NewRequest(t, "GET", fmt.Sprintf("/_matrix/client/v3/rooms/%s/messages", room.ID), test.WithQueryParams(map[string]string{
-					"access_token": bobDev.AccessToken,
-					"dir":          "b",
-					"filter":       `{"lazy_load_members":true}`, // check that lazy loading doesn't break history visibility
-				})))
-				if w.Code != 200 {
-					t.Logf("%s", w.Body.String())
-					t.Fatalf("got HTTP %d want %d", w.Code, 200)
-				}
-				// We only care about the returned events at this point
-				var res struct {
-					Chunk []synctypes.ClientEvent `json:"chunk"`
-				}
-				if err := json.NewDecoder(w.Body).Decode(&res); err != nil {
-					t.Errorf("failed to decode response body: %s", err)
-				}
+					// There is only one event, we expect only to be able to see this, if the room is world_readable
+					w := httptest.NewRecorder()
+					routers.Client.ServeHTTP(w, test.NewRequest(t, "GET", fmt.Sprintf("/_matrix/client/v3/rooms/%s/messages", room.ID), test.WithQueryParams(map[string]string{
+						"access_token": bobDev.AccessToken,
+						"dir":          "b",
+						"filter":       filter,
+					})))
+					if w.Code != 200 {
+						t.Logf("%s", w.Body.String())
+						t.Fatalf("got HTTP %d want %d", w.Code, 200)
+					}
+					// We only care about the returned events at this point
+					var res struct {
+						Chunk []synctypes.ClientEvent `json:"chunk"`
+					}
+					if err := json.NewDecoder(w.Body).Decode(&res); err != nil {
+						t.Errorf("failed to decode response body: %s", err)
+					}
 
-				verifyEventVisible(t, tc.wantResult.seeWithoutJoin, beforeJoinEv, res.Chunk)
+					verifyEventVisible(t, tc.wantResult.seeWithoutJoin, beforeJoinEv, res.Chunk)
 
-				// Create invite, a message, join the room and create another message.
-				inviteEv := room.CreateAndInsert(t, alice, "m.room.member", map[string]interface{}{"membership": "invite"}, test.WithStateKey(bob.ID))
-				afterInviteEv := room.CreateAndInsert(t, alice, "m.room.message", map[string]interface{}{"body": fmt.Sprintf("After invite in a %s room", tc.historyVisibility)})
-				joinEv := room.CreateAndInsert(t, bob, "m.room.member", map[string]interface{}{"membership": "join"}, test.WithStateKey(bob.ID))
-				afterJoinBody := fmt.Sprintf("After join in a %s room", tc.historyVisibility)
-				msgEv := room.CreateAndInsert(t, alice, "m.room.message", map[string]interface{}{"body": afterJoinBody})
+					// Create invite, a message, join the room and create another message.
+					inviteEv := room.CreateAndInsert(t, alice, "m.room.member", map[string]interface{}{"membership": "invite"}, test.WithStateKey(bob.ID))
+					afterInviteEv := room.CreateAndInsert(t, alice, "m.room.message", map[string]interface{}{"body": fmt.Sprintf("After invite in a %s room", tc.historyVisibility)})
+					joinEv := room.CreateAndInsert(t, bob, "m.room.member", map[string]interface{}{"membership": "join"}, test.WithStateKey(bob.ID))
+					afterJoinBody := fmt.Sprintf("After join in a %s room", tc.historyVisibility)
+					msgEv := room.CreateAndInsert(t, alice, "m.room.message", map[string]interface{}{"body": afterJoinBody})
 
-				eventsToSend = append([]*rstypes.HeaderedEvent{}, inviteEv, afterInviteEv, joinEv, msgEv)
+					eventsToSend = append([]*rstypes.HeaderedEvent{}, inviteEv, afterInviteEv, joinEv, msgEv)
 
-				if err := api.SendEvents(ctx, rsAPI, api.KindNew, eventsToSend, "test", "test", "test", nil, false); err != nil {
-					t.Fatalf("failed to send events: %v", err)
+					if err := api.SendEvents(ctx, rsAPI, api.KindNew, eventsToSend, "test", "test", "test", nil, false); err != nil {
+						t.Fatalf("failed to send events: %v", err)
+					}
+					syncUntil(t, routers, aliceDev.AccessToken, false,
+						func(syncBody string) bool {
+							path := fmt.Sprintf(`rooms.join.%s.timeline.events.#(content.body=="%s")`, room.ID, afterJoinBody)
+							return gjson.Get(syncBody, path).Exists()
+						},
+					)
+
+					// Verify the messages after/before invite are visible or not
+					w = httptest.NewRecorder()
+					routers.Client.ServeHTTP(w, test.NewRequest(t, "GET", fmt.Sprintf("/_matrix/client/v3/rooms/%s/messages", room.ID), test.WithQueryParams(map[string]string{
+						"access_token": bobDev.AccessToken,
+						"dir":          "b",
+					})))
+					if w.Code != 200 {
+						t.Logf("%s", w.Body.String())
+						t.Fatalf("got HTTP %d want %d", w.Code, 200)
+					}
+					if err := json.NewDecoder(w.Body).Decode(&res); err != nil {
+						t.Errorf("failed to decode response body: %s", err)
+					}
+					// verify results
+					verifyEventVisible(t, tc.wantResult.seeBeforeJoin, beforeJoinEv, res.Chunk)
+					verifyEventVisible(t, tc.wantResult.seeAfterInvite, afterInviteEv, res.Chunk)
 				}
-				syncUntil(t, routers, aliceDev.AccessToken, false,
-					func(syncBody string) bool {
-						path := fmt.Sprintf(`rooms.join.%s.timeline.events.#(content.body=="%s")`, room.ID, afterJoinBody)
-						return gjson.Get(syncBody, path).Exists()
-					},
-				)
-
-				// Verify the messages after/before invite are visible or not
-				w = httptest.NewRecorder()
-				routers.Client.ServeHTTP(w, test.NewRequest(t, "GET", fmt.Sprintf("/_matrix/client/v3/rooms/%s/messages", room.ID), test.WithQueryParams(map[string]string{
-					"access_token": bobDev.AccessToken,
-					"dir":          "b",
-				})))
-				if w.Code != 200 {
-					t.Logf("%s", w.Body.String())
-					t.Fatalf("got HTTP %d want %d", w.Code, 200)
-				}
-				if err := json.NewDecoder(w.Body).Decode(&res); err != nil {
-					t.Errorf("failed to decode response body: %s", err)
-				}
-				// verify results
-				verifyEventVisible(t, tc.wantResult.seeBeforeJoin, beforeJoinEv, res.Chunk)
-				verifyEventVisible(t, tc.wantResult.seeAfterInvite, afterInviteEv, res.Chunk)
 			})
 		}
 	}

From 518697fd87f781a72bec8d76300b6fe410c54a83 Mon Sep 17 00:00:00 2001
From: Till <2353100+S7evinK@users.noreply.github.com>
Date: Thu, 5 Jun 2025 21:07:37 +0200
Subject: [PATCH 10/17] Return correct error message when sending server
 notices (#3594)

Fixes #3502

### Pull Request Checklist

<!-- Please read
https://matrix-org.github.io/dendrite/development/contributing before
submitting your pull request -->

* [x] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement) for this PR _or_ I have
justified why this PR doesn't need tests
* [x] Pull request includes a [sign off
below](https://element-hq.github.io/dendrite/development/contributing#sign-off)
_or_ I have already signed off privately

Signed-off-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
---
 clientapi/routing/server_notices.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clientapi/routing/server_notices.go b/clientapi/routing/server_notices.go
index 84615867..f8779182 100644
--- a/clientapi/routing/server_notices.go
+++ b/clientapi/routing/server_notices.go
@@ -100,7 +100,7 @@ func SendServerNotice(
 	for _, membership := range []string{"join", "invite", "leave"} {
 		userRooms, queryErr := rsAPI.QueryRoomsForUser(ctx, *userID, membership)
 		if queryErr != nil {
-			return util.ErrorResponse(err)
+			return util.ErrorResponse(queryErr)
 		}
 		allUserRooms = append(allUserRooms, userRooms...)
 	}

From 7cea2d8eeff56b08299a1188e4cf6441140a9f8a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Jun 2025 22:00:12 +0200
Subject: [PATCH 11/17] Bump cypress-io/github-action from 6.7.10 to 6.10.0
 (#3591)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[cypress-io/github-action](https://github.com/cypress-io/github-action)
from 6.7.10 to 6.10.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cypress-io/github-action/releases">cypress-io/github-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.10.0</h2>
<h1><a
href="https://github.com/cypress-io/github-action/compare/v6.9.2...v6.10.0">6.10.0</a>
(2025-06-02)</h1>
<h3>Features</h3>
<ul>
<li><strong>deps:</strong> remove node.js 23 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1479">#1479</a>)
(<a
href="https://github.com/cypress-io/github-action/commit/615dcf65299b63c35268d795f4dfb79532388f64">615dcf6</a>)</li>
</ul>
<h2>v6.9.2</h2>
<h2><a
href="https://github.com/cypress-io/github-action/compare/v6.9.1...v6.9.2">6.9.2</a>
(2025-05-16)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>ci:</strong> update semantic-version to 24.2.3 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1465">#1465</a>)
(<a
href="https://github.com/cypress-io/github-action/commit/be1bab96b388bbd9ce3887e397d373c8557e15af">be1bab9</a>)</li>
</ul>
<h2>v6.9.1</h2>
<h2><a
href="https://github.com/cypress-io/github-action/compare/v6.9.0...v6.9.1">6.9.1</a>
(2025-05-16)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> update undici transitive dependency (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1463">#1463</a>)
(<a
href="https://github.com/cypress-io/github-action/commit/a04b1ce84e46e159fbd84a3f9d759e1e2ae8401e">a04b1ce</a>)</li>
</ul>
<h2>v6.9.0</h2>
<h1><a
href="https://github.com/cypress-io/github-action/compare/v6.8.0...v6.9.0">6.9.0</a>
(2025-05-01)</h1>
<h3>Features</h3>
<ul>
<li>validate other parameters against command parameter when used (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1445">#1445</a>)
(<a
href="https://github.com/cypress-io/github-action/commit/0ee1130f05f69098ab5c560bd198fecf5a14d75b">0ee1130</a>)</li>
</ul>
<h2>v6.8.0</h2>
<h1><a
href="https://github.com/cypress-io/github-action/compare/v6.7.16...v6.8.0">6.8.0</a>
(2025-04-30)</h1>
<h3>Features</h3>
<ul>
<li><strong>deps:</strong> remove node.js 18 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1446">#1446</a>)
(<a
href="https://github.com/cypress-io/github-action/commit/6d4f8f59600b4259fe501be43a99bfc6c05c5927">6d4f8f5</a>)</li>
</ul>
<h2>v6.7.16</h2>
<h2><a
href="https://github.com/cypress-io/github-action/compare/v6.7.15...v6.7.16">6.7.16</a>
(2025-03-10)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>pass baseUrl into Octokit constructor (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1395">#1395</a>)
(<a
href="https://github.com/cypress-io/github-action/commit/108b8684ae52e735ff7891524cbffbcd4be5b19f">108b868</a>)</li>
</ul>
<h2>v6.7.15</h2>
<h2><a
href="https://github.com/cypress-io/github-action/compare/v6.7.14...v6.7.15">6.7.15</a>
(2025-03-07)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cypress-io/github-action/blob/master/CHANGELOG.md">cypress-io/github-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>This document gives an overview of changes to the Cypress GitHub
JavaScript Action <a
href="https://github.com/cypress-io/github-action">cypress-io/github-action</a>.</p>
<p>See <a
href="https://github.com/cypress-io/github-action/releases">Releases</a>
for full details of changes.</p>
<table>
<thead>
<tr>
<th>Version</th>
<th>Changes</th>
</tr>
</thead>
<tbody>
<tr>
<td>v6.10.0</td>
<td>Examples remove Node.js 23. End of support for Node.js 23.</td>
</tr>
<tr>
<td>v6.9.0</td>
<td>Add parameter validation for <code>command</code></td>
</tr>
<tr>
<td>v6.8.0</td>
<td>Examples remove Node.js 18. End of support for Node.js 18.</td>
</tr>
<tr>
<td>v6.7.10</td>
<td>Examples updated to Cypress 14</td>
</tr>
<tr>
<td>v6.7.9</td>
<td>Migrate to <code>@​actions/cache</code><a
href="https://github.com/4"><code>@​4</code></a>.0.0 for continued
access to GitHub Actions caching services</td>
</tr>
<tr>
<td>v6.7.0</td>
<td>Examples remove Node.js 21. End of support for Node.js 21.</td>
</tr>
<tr>
<td>v6.6.0</td>
<td>Add parameter <code>summary-title</code></td>
</tr>
<tr>
<td>v6.5.0</td>
<td>Examples remove Node.js 16. End of support for Node.js 16.</td>
</tr>
<tr>
<td>v6.4.0</td>
<td>Action adds PR number and URL if available when recording</td>
</tr>
<tr>
<td>v6.3.0</td>
<td>v6 is recommended action version</td>
</tr>
<tr>
<td>v6.2.0</td>
<td>Examples updated to Cypress 13</td>
</tr>
<tr>
<td>v6.1.0</td>
<td>Examples for Cypress 9 archived in action's <a
href="https://github.com/cypress-io/github-action/tree/v5">v5</a>
branch</td>
</tr>
<tr>
<td>v6.0.0</td>
<td>Action runs under Node.js 20 instead of Node.js 16</td>
</tr>
<tr>
<td>v5.8.1</td>
<td>Examples remove Node.js 19. End of support for Node.js 19</td>
</tr>
<tr>
<td>v5.8.0</td>
<td>Add GitHub step output <code>resultsUrl</code>. Deprecate
<code>dashboardUrl</code>.</td>
</tr>
<tr>
<td>v5.7.0</td>
<td>Add basic Yarn Modern Plug'n'Play support</td>
</tr>
<tr>
<td>v5.6.2</td>
<td>Examples add Node.js 20. End of support and removal of Node.js 14
examples.</td>
</tr>
<tr>
<td>v5.6.0</td>
<td>Add check for lockfile presence</td>
</tr>
<tr>
<td>v5.5.0</td>
<td>Examples add Yarn Modern</td>
</tr>
<tr>
<td>v5.4.0</td>
<td>Examples add Yarn Classic</td>
</tr>
<tr>
<td>v5.3.0</td>
<td>Add parameter <code>publish-summary</code> (default
<code>true</code>)</td>
</tr>
<tr>
<td>v5.2.0</td>
<td>Examples add Node.js 19</td>
</tr>
<tr>
<td>v5.1.0</td>
<td>Add parameter <code>auto-cancel-after-failures</code></td>
</tr>
<tr>
<td>v5.0.0</td>
<td>Examples add Node.js 18 and remove Node.js 12</td>
</tr>
<tr>
<td>v4.2.2</td>
<td>Dependency on GitHub <code>set-output</code> workflow command
removed</td>
</tr>
<tr>
<td>v4.2.0</td>
<td>Support for <code>pnpm</code> added</td>
</tr>
<tr>
<td>v4.0.0</td>
<td>Support for Cypress 10 and later versions added</td>
</tr>
<tr>
<td>v3</td>
<td>Action runs under Node.js 16 instead of Node.js 12</td>
</tr>
<tr>
<td>v2</td>
<td>Cypress runs using the <a
href="https://on.cypress.io/module-api">Module API</a></td>
</tr>
<tr>
<td>v1</td>
<td><em>This version is no longer runnable in GitHub due to security
changes.</em></td>
</tr>
</tbody>
</table>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cypress-io/github-action/commit/615dcf65299b63c35268d795f4dfb79532388f64"><code>615dcf6</code></a>
feat(deps): remove node.js 23 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1479">#1479</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/8d783c7ece2bd1021870cd072eaec7a7153a8d06"><code>8d783c7</code></a>
chore(deps): update cypress/browsers docker tag to v22.16.0 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1471">#1471</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/4e70d9ac4a45e96c1ebbe223ff58b04aeafcf9fe"><code>4e70d9a</code></a>
chore(deps): update dependency <code>@​stylistic/eslint-plugin</code> to
v4.4.0 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1472">#1472</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/e1b75428f7959e9d98b9d8d14b37260f0298d45f"><code>e1b7542</code></a>
docs: min action version v6.7.9 needed for caching (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1474">#1474</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/035ed6581299dd73e8b846ad42ea0eeb997c619b"><code>035ed65</code></a>
chore(deps): update cypress to 14.4.0 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1470">#1470</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/ca758af8d6a2717941969c5196de6be5857c0073"><code>ca758af</code></a>
chore(deps): update dependency node to v20.19.2 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1467">#1467</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/8d0844994c5add4a1ac4f32050a716506fed4b6d"><code>8d08449</code></a>
chore(deps): update cypress/browsers docker tag to v22.15.1 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1466">#1466</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/be1bab96b388bbd9ce3887e397d373c8557e15af"><code>be1bab9</code></a>
fix(ci): update semantic-version to 24.2.3 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1465">#1465</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/a04b1ce84e46e159fbd84a3f9d759e1e2ae8401e"><code>a04b1ce</code></a>
fix(deps): update undici transitive dependency (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1463">#1463</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/448ce622fccd5e4aea0d44c9443bc45c2122cb48"><code>448ce62</code></a>
chore(deps): update eslint monorepo to v9.26.0 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1410">#1410</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/cypress-io/github-action/compare/v6.7.10...v6.10.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cypress-io/github-action&package-manager=github_actions&previous-version=6.7.10&new-version=6.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/schedules.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/schedules.yaml b/.github/workflows/schedules.yaml
index ae4c9339..28db6186 100644
--- a/.github/workflows/schedules.yaml
+++ b/.github/workflows/schedules.yaml
@@ -272,7 +272,7 @@ jobs:
         run: |
           sed -i '/HOMESERVER/c\        HOMESERVER: "dendrite",' cypress.config.ts
       - name: "Run cypress tests"
-        uses: cypress-io/github-action@v6.7.10
+        uses: cypress-io/github-action@v6.10.0
         with:
           browser: chrome
           start: npx serve -p 8080 ./element-web/webapp
@@ -312,7 +312,7 @@ jobs:
         run: |
           sed -i '/HOMESERVER/c\        HOMESERVER: "dendritePinecone",' cypress.config.ts
       - name: "Run cypress tests"
-        uses: cypress-io/github-action@v6.7.10
+        uses: cypress-io/github-action@v6.10.0
         with:
           browser: chrome
           start: npx serve -p 8080 ./element-web/webapp

From a8c18b3a0ae116962c07361f91d7112284d6c9a7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Jun 2025 22:00:22 +0200
Subject: [PATCH 12/17] Bump golang.org/x/image from 0.23.0 to 0.27.0 (#3585)

Bumps [golang.org/x/image](https://github.com/golang/image) from 0.23.0
to 0.27.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/image/commit/64815fb89304513c3b9fc56084dab6fac053702e"><code>64815fb</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/image/commit/0aed5e29b6991be91ccd8c7b739f820182e5d534"><code>0aed5e2</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/image/commit/e7e23ba50196f0b209e707121bd3fdfab8e7eea5"><code>e7e23ba</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/image/commit/58efddcdbffb077b01a1cfd5978e2d77f876a65e"><code>58efddc</code></a>
all: use a more straightforward return value</li>
<li><a
href="https://github.com/golang/image/commit/ef6c1ab6fef58f6d0dd4dfeb34f9efa4e8200753"><code>ef6c1ab</code></a>
all: upgrade go directive to at least 1.23.0 [generated]</li>
<li><a
href="https://github.com/golang/image/commit/45df02f8a1c234d7257a619ebae89037d8aaf9f1"><code>45df02f</code></a>
go.mod: update golang.org/x dependencies</li>
<li>See full diff in <a
href="https://github.com/golang/image/compare/v0.23.0...v0.27.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/image&package-manager=go_modules&previous-version=0.23.0&new-version=0.27.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index ab56b1c3..9421a1d6 100644
--- a/go.mod
+++ b/go.mod
@@ -47,7 +47,7 @@ require (
 	go.uber.org/atomic v1.11.0
 	golang.org/x/crypto v0.38.0
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
-	golang.org/x/image v0.23.0
+	golang.org/x/image v0.27.0
 	golang.org/x/mobile v0.0.0-20240520174638-fa72addaaa1b
 	golang.org/x/sync v0.14.0
 	golang.org/x/term v0.32.0
diff --git a/go.sum b/go.sum
index 00733855..7b6c33c9 100644
--- a/go.sum
+++ b/go.sum
@@ -407,8 +407,8 @@ golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbR
 golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.23.0 h1:HseQ7c2OpPKTPVzNjG5fwJsOTCiiwS4QdsYi5XU6H68=
-golang.org/x/image v0.23.0/go.mod h1:wJJBTdLfCCf3tiHa1fNxpZmUI4mmoZvwMCPP0ddoNKY=
+golang.org/x/image v0.27.0 h1:C8gA4oWU/tKkdCfYT6T2u4faJu3MeNS5O8UPWlPF61w=
+golang.org/x/image v0.27.0/go.mod h1:xbdrClrAUway1MUTEZDq9mz/UpRwYAkFFNUslZtcB+g=
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mobile v0.0.0-20240520174638-fa72addaaa1b h1:WX7nnnLfCEXg+FmdYZPai2XuP3VqCP1HZVMST0n9DF0=
 golang.org/x/mobile v0.0.0-20240520174638-fa72addaaa1b/go.mod h1:EiXZlVfUTaAyySFVJb9rsODuiO+WXu8HrUuySb7nYFw=

From 545e96ea3bd4a14e68db2e5614d951a5f80fef6a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Jun 2025 22:00:35 +0200
Subject: [PATCH 13/17] Bump gotest.tools/v3 from 3.5.1 to 3.5.2 (#3587)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [gotest.tools/v3](https://github.com/gotestyourself/gotest.tools)
from 3.5.1 to 3.5.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gotestyourself/gotest.tools/releases">gotest.tools/v3's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.2</h2>
<h2>What's Changed</h2>
<ul>
<li>assert: ensure message is always displayed &amp; fix under bazel by
<a href="https://github.com/cstrahan"><code>@​cstrahan</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/276">gotestyourself/gotest.tools#276</a></li>
<li>go.mod: golang.org/x/tools v0.13.0 for go1.22+ compatibility by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/282">gotestyourself/gotest.tools#282</a></li>
<li>poll: Continue(): use format.Message for formatting by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/279">gotestyourself/gotest.tools#279</a></li>
<li>fix TestFromDirSymlink on Windows due to missing drive-letter by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/283">gotestyourself/gotest.tools#283</a></li>
<li>Fix various linting issues and minor bugs by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/280">gotestyourself/gotest.tools#280</a></li>
<li>fix badges in readme, gofmt, and minor linting fix by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/284">gotestyourself/gotest.tools#284</a></li>
<li>circleci: add go1.21, go1.22, go1.23, and update golangci-lint to
v1.60.3 by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/285">gotestyourself/gotest.tools#285</a></li>
<li>assert, assert/cmp: un-deprecate assert.ErrorType for now by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/286">gotestyourself/gotest.tools#286</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/cstrahan"><code>@​cstrahan</code></a>
made their first contribution in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/276">gotestyourself/gotest.tools#276</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gotestyourself/gotest.tools/compare/v3.5.1...v3.5.2">https://github.com/gotestyourself/gotest.tools/compare/v3.5.1...v3.5.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/gotestyourself/gotest.tools/commit/0b81523ff268a1f1b0baf4a5da67e42fbb86880b"><code>0b81523</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/286">#286</a>
from thaJeztah/undeprecate_ErrorType</li>
<li><a
href="https://github.com/gotestyourself/gotest.tools/commit/c5dad8f46d9147674b5aac2c1207acdbb6e44cbc"><code>c5dad8f</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/285">#285</a>
from thaJeztah/update_go_versions</li>
<li><a
href="https://github.com/gotestyourself/gotest.tools/commit/160ab0edaf37dd48cb0bcda12a713b2eda21254e"><code>160ab0e</code></a>
Remove go1.18 and go1.19</li>
<li><a
href="https://github.com/gotestyourself/gotest.tools/commit/8569bbc4e11f8a77c32795751b309c618f001bcc"><code>8569bbc</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/284">#284</a>
from thaJeztah/cleanup_readme</li>
<li><a
href="https://github.com/gotestyourself/gotest.tools/commit/4256834a5f656a2b6d8b8ee1e05ac7048b3028a0"><code>4256834</code></a>
assert, assert/cmp: un-deprecate assert.ErrorType for now</li>
<li><a
href="https://github.com/gotestyourself/gotest.tools/commit/eb321863bacc768e4f24e8ec7c0efc1f6144bcc4"><code>eb32186</code></a>
circleci: update golangci-lint to v1.60.3</li>
<li><a
href="https://github.com/gotestyourself/gotest.tools/commit/5fc84733cf3804f0e6267370df3d83b582f44b13"><code>5fc8473</code></a>
circleci: add go1.21, go1.22, go1.23</li>
<li><a
href="https://github.com/gotestyourself/gotest.tools/commit/6f26df9681dce743fd0c5c0e8e5d9810a4d47f3c"><code>6f26df9</code></a>
circleci: test generics on go1.20 and windows as well</li>
<li><a
href="https://github.com/gotestyourself/gotest.tools/commit/732dfcf754771fd19a3f374355bdad313b47d4c0"><code>732dfcf</code></a>
internal/difflib: rename funcs that collided with built-ins</li>
<li><a
href="https://github.com/gotestyourself/gotest.tools/commit/7d95f55d2ce979847b6207fedd071831fe7c39dc"><code>7d95f55</code></a>
internal/difflib: gofmt</li>
<li>Additional commits viewable in <a
href="https://github.com/gotestyourself/gotest.tools/compare/v3.5.1...v3.5.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gotest.tools/v3&package-manager=go_modules&previous-version=3.5.1&new-version=3.5.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 9421a1d6..3b0b66b5 100644
--- a/go.mod
+++ b/go.mod
@@ -52,7 +52,7 @@ require (
 	golang.org/x/sync v0.14.0
 	golang.org/x/term v0.32.0
 	gopkg.in/yaml.v2 v2.4.0
-	gotest.tools/v3 v3.5.1
+	gotest.tools/v3 v3.5.2
 	maunium.net/go/mautrix v0.15.1
 	modernc.org/sqlite v1.34.5
 )
diff --git a/go.sum b/go.sum
index 7b6c33c9..8a5249e5 100644
--- a/go.sum
+++ b/go.sum
@@ -503,8 +503,8 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU=
-gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
+gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
+gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
 maunium.net/go/maulogger/v2 v2.4.1 h1:N7zSdd0mZkB2m2JtFUsiGTQQAdP0YeFWT7YMc80yAL8=
 maunium.net/go/maulogger/v2 v2.4.1/go.mod h1:omPuYwYBILeVQobz8uO3XC8DIRuEb5rXYlQSuqrbCho=
 maunium.net/go/mautrix v0.15.1 h1:pmCtMjYRpd83+2UL+KTRFYQo5to0373yulimvLK+1k0=

From f16558d2e273edc61f60d1b468988c38f77f95d5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Jun 2025 22:20:39 +0200
Subject: [PATCH 14/17] Bump nokogiri from 1.16.2 to 1.18.8 in /docs (#3567)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.2
to 1.18.8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's
releases</a>.</em></p>
<blockquote>
<h2>v1.18.8 / 2025-04-21</h2>
<h3>Security</h3>
<ul>
<li>[CRuby] Vendored libxml2 is updated to <a
href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8">v2.13.8</a>
to address CVE-2025-32414 and CVE-2025-32415. See <a
href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc">GHSA-5w6v-399v-w3cc</a>
for more information.</li>
</ul>
<!-- raw HTML omitted -->

<pre><code>36badd2eb281fca6214a5188e24a34399b15d89730639a068d12931e2adc210e
nokogiri-1.18.8-aarch64-linux-gnu.gem
664e0f9a77a7122a66d6c03abba7641ca610769a4728db55ee1706a0838b78a2
nokogiri-1.18.8-aarch64-linux-musl.gem
483b5b9fb33653f6f05cbe00d09ea315f268f0e707cfc809aa39b62993008212
nokogiri-1.18.8-arm64-darwin.gem
17de01ca3adf9f8e187883ed73c672344d3dbb3c260f88ffa1008e8dc255a28e
nokogiri-1.18.8-arm-linux-gnu.gem
6e6d7e71fc39572bd613a82d528cf54392c3de1ba5ce974f05c832b8187a040b
nokogiri-1.18.8-arm-linux-musl.gem
8c7464875d9ca7f71080c24c0db7bcaa3940e8be3c6fc4bcebccf8b9a0016365
nokogiri-1.18.8.gem
41002596960ff854198a20aaeb34cff0d445406d5ad85ba7ca9c3fd0c8f03de0
nokogiri-1.18.8-java.gem
11ab0f76772c5f2d718fb253fca5b74c6ef7628b72bbf8deba6ab1ffc93344cf
nokogiri-1.18.8-x64-mingw-ucrt.gem
024cdfe7d9ae3466bba6c06f348fb2a8395d9426b66a3c82f1961b907945cc0c
nokogiri-1.18.8-x86_64-darwin.gem
4a747875db873d18a2985ee2c320a6070c4a414ad629da625fbc58d1a20e5ecc
nokogiri-1.18.8-x86_64-linux-gnu.gem
ddd735fba49475a395b9ea793bb6474e3a3125b89960339604d08a5397de1165
nokogiri-1.18.8-x86_64-linux-musl.gem
</code></pre>
<h2>v1.18.7 / 2025-03-31</h2>
<h3>Dependencies</h3>
<ul>
<li>[CRuby] Vendored libxml2 is updated to <a
href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.7">v2.13.7</a>,
which is a bugfix release.</li>
</ul>
<!-- raw HTML omitted -->

<pre><code>57a064ab5440814a69a0e040817bd8154adea68a30d2ff2b3aa515a6a06dbb5f
nokogiri-1.18.7-aarch64-linux-gnu.gem
3e442dc5b69376e84288295fe37cbb890a21ad816a7e571e5e9967b3c1e30cd3
nokogiri-1.18.7-aarch64-linux-musl.gem
083abb2e9ed2646860f6b481a981485a658c6064caafaa81bf1cda1bada2e9d5
nokogiri-1.18.7-arm64-darwin.gem
337d9149deb5ae01022dff7c90f97bed81715fd586aacab0c5809ef933994c5e
nokogiri-1.18.7-arm-linux-gnu.gem
97a26edcc975f780a0822aaf7f7d7427c561067c1c9ee56bd3542960f0c28a6e
nokogiri-1.18.7-arm-linux-musl.gem
6b63ff5defe48f30d1d3b3122f65255ca91df2caf5378c6e0482ce73ff46fb31
nokogiri-1.18.7.gem
2cb83666f35619ec59d24d831bf492e49cfe27b112c222330ee929737f42f2eb
nokogiri-1.18.7-java.gem
681148fbc918aa5d54933d8b48aeb9462ab708d23409797ed750af961107f72b
nokogiri-1.18.7-x64-mingw-ucrt.gem
081d1aa517454ba3415304e2ea51fe411d6a3a809490d0c4aa42799cada417b7
nokogiri-1.18.7-x86_64-darwin.gem
3a0bf946eb2defde13d760f869b61bc8b0c18875afdd3cffa96543cfa3a18005
nokogiri-1.18.7-x86_64-linux-gnu.gem
9d83f8ec1fc37a305fa835d7ee61a4f37899e6ccc6dcb05be6645fa9797605af
nokogiri-1.18.7-x86_64-linux-musl.gem
</code></pre>
<h2>v1.18.6 / 2025-03-24</h2>
<h3>Fixed</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's
changelog</a>.</em></p>
<blockquote>
<h2>v1.18.8 / 2025-04-21</h2>
<h3>Security</h3>
<ul>
<li>[CRuby] Vendored libxml2 is updated to <a
href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8">v2.13.8</a>
to address CVE-2025-32414 and CVE-2025-32415. See <a
href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc">GHSA-5w6v-399v-w3cc</a>
for more information.</li>
</ul>
<h2>v1.18.7 / 2025-03-31</h2>
<h3>Dependencies</h3>
<ul>
<li>[CRuby] Vendored libxml2 is updated to <a
href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.7">v2.13.7</a>,
which is a bugfix release.</li>
</ul>
<h2>v1.18.6 / 2025-03-24</h2>
<h3>Fixed</h3>
<ul>
<li>[JRuby] In HTML documents, <code>Node#attribute</code> now returns
the correct attribute. This has been broken, and returning
<code>nil</code>, since v1.17.0. (<a
href="https://redirect.github.com/sparklemotion/nokogiri/issues/3487">#3487</a>)
<a
href="https://github.com/flavorjones"><code>@​flavorjones</code></a></li>
</ul>
<h2>v1.18.5 / 2025-03-19</h2>
<h3>Fixed</h3>
<ul>
<li>[JRuby] Update JRuby's XML serialization so it outputs namespaces
exactly like CRuby. (<a
href="https://redirect.github.com/sparklemotion/nokogiri/issues/3455">#3455</a>,
<a
href="https://redirect.github.com/sparklemotion/nokogiri/issues/3456">#3456</a>)
<a
href="https://github.com/johnnyshields"><code>@​johnnyshields</code></a></li>
</ul>
<h2>v1.18.4 / 2025-03-14</h2>
<h3>Security</h3>
<ul>
<li>[CRuby] Vendored libxslt is updated to <a
href="https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.43">v1.1.43</a>
to address CVE-2025-24855 and CVE-2024-55549. See <a
href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-mrxw-mxhj-p664">GHSA-mrxw-mxhj-p664</a>
for more information.</li>
</ul>
<h2>v1.18.3 / 2025-02-18</h2>
<h3>Security</h3>
<ul>
<li>[CRuby] Vendored libxml2 is updated <a
href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6">v2.13.6</a>
to address CVE-2025-24928 and CVE-2024-56171. See <a
href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m">GHSA-vvfq-8hwr-qm4m</a>
for more information.</li>
</ul>
<h2>v1.18.2 / 2024-01-19</h2>
<h3>Fixed</h3>
<ul>
<li>When performing a CSS selector query, an XML document's root
namespace declarations should not be applied to wildcard selectors
(<code>&quot;*&quot;</code>). Fixes a bug introduced in v1.17.0. (<a
href="https://redirect.github.com/sparklemotion/nokogiri/issues/3411">#3411</a>)
<a
href="https://github.com/flavorjones"><code>@​flavorjones</code></a></li>
</ul>
<h2>v1.18.1 / 2024-12-29</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sparklemotion/nokogiri/commit/9187f4af0dc3cc7ea439bd4957a2fbfab18f6665"><code>9187f4a</code></a>
version bump to v1.18.8</li>
<li><a
href="https://github.com/sparklemotion/nokogiri/commit/1deea041e3f359ccef67abadf19f0d634bf473dd"><code>1deea04</code></a>
dep: libxml2 to v2.13.8 (branch <code>v1.18.x</code>) (<a
href="https://redirect.github.com/sparklemotion/nokogiri/issues/3509">#3509</a>)</li>
<li><a
href="https://github.com/sparklemotion/nokogiri/commit/6457fe639359edda9f8817994bc4935abae3e81e"><code>6457fe6</code></a>
dep: libxml2 to v2.13.8</li>
<li><a
href="https://github.com/sparklemotion/nokogiri/commit/13e8aa4ef52f39d1273d2435bd6bfa98982471ef"><code>13e8aa4</code></a>
version bump to v1.18.7</li>
<li><a
href="https://github.com/sparklemotion/nokogiri/commit/605699d271ee5d7f58ab29c4550fad42b9cc3d69"><code>605699d</code></a>
dep: bump libxml2 to 2.13.7 (v1.18.x backport) (<a
href="https://redirect.github.com/sparklemotion/nokogiri/issues/3495">#3495</a>)</li>
<li><a
href="https://github.com/sparklemotion/nokogiri/commit/804e59038c4318ebe7ba0dc08105cff2030df415"><code>804e590</code></a>
dep: bump libxml2 to 2.13.7</li>
<li><a
href="https://github.com/sparklemotion/nokogiri/commit/52bf15b62d4e576292e21ac948030783333f9e0b"><code>52bf15b</code></a>
dep(dev): drop Rubocop from JRuby deps</li>
<li><a
href="https://github.com/sparklemotion/nokogiri/commit/189769d72627da5f272c7ffcc14cce49d60b9b5a"><code>189769d</code></a>
version bump to v1.18.6</li>
<li><a
href="https://github.com/sparklemotion/nokogiri/commit/de4982f0cc39995570f5d15d753577bede5804dc"><code>de4982f</code></a>
fix(jruby): Node#attribute in HTML documents (v1.18.x) (<a
href="https://redirect.github.com/sparklemotion/nokogiri/issues/3492">#3492</a>)</li>
<li><a
href="https://github.com/sparklemotion/nokogiri/commit/7d95b0f10cf33c505f11fd7d68d7de8943dda2cd"><code>7d95b0f</code></a>
fix(jruby): Node#attribute in HTML documents</li>
<li>Additional commits viewable in <a
href="https://github.com/sparklemotion/nokogiri/compare/v1.16.2...v1.18.8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nokogiri&package-manager=bundler&previous-version=1.16.2&new-version=1.18.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/element-hq/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 docs/Gemfile.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock
index bf123b16..7c9a430b 100644
--- a/docs/Gemfile.lock
+++ b/docs/Gemfile.lock
@@ -231,9 +231,9 @@ GEM
       jekyll-seo-tag (~> 2.1)
     minitest (5.17.0)
     multipart-post (2.1.1)
-    nokogiri (1.16.2-arm64-darwin)
+    nokogiri (1.18.8-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.2-x86_64-linux)
+    nokogiri (1.18.8-x86_64-linux-gnu)
       racc (~> 1.4)
     octokit (4.22.0)
       faraday (>= 0.9)
@@ -241,7 +241,7 @@ GEM
     pathutil (0.16.2)
       forwardable-extended (~> 2.6)
     public_suffix (4.0.7)
-    racc (1.7.3)
+    racc (1.8.1)
     rb-fsevent (0.11.1)
     rb-inotify (0.10.1)
       ffi (~> 1.0)

From 7427fc21d06773d6675b7c920f7f7ed9e24e7bb3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Jun 2025 22:20:50 +0200
Subject: [PATCH 15/17] Bump github.com/prometheus/client_golang from 1.20.5 to
 1.22.0 (#3586)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[github.com/prometheus/client_golang](https://github.com/prometheus/client_golang)
from 1.20.5 to 1.22.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/prometheus/client_golang/releases">github.com/prometheus/client_golang's
releases</a>.</em></p>
<blockquote>
<h2>v1.22.0 - 2025-04-07</h2>
<p>:warning: This release contains potential breaking change if you use
experimental <code>zstd</code> support introduce in <a
href="https://redirect.github.com/prometheus/client_golang/issues/1496">#1496</a>
:warning:</p>
<p>Experimental support for <code>zstd</code> on scrape was added,
controlled by the request <code>Accept-Encoding</code> header.
It was enabled by default since version 1.20, but now you need to add a
blank import to enable it.
The decision to make it opt-in by default was originally made because
the Go standard library was expected to have default zstd support added
soon,
<a
href="https://redirect.github.com/golang/go/issues/62513">golang/go#62513</a>
however, the work took longer than anticipated and it will be postponed
to upcoming major Go versions.</p>
<p>e.g.:</p>
<blockquote>
<pre lang="go"><code>import (
_
&quot;github.com/prometheus/client_golang/prometheus/promhttp/zstd&quot;
)
</code></pre>
</blockquote>
<ul>
<li>[FEATURE] prometheus: Add new CollectorFunc utility <a
href="https://redirect.github.com/prometheus/client_golang/issues/1724">#1724</a></li>
<li>[CHANGE] Minimum required Go version is now 1.22 (we also test
client_golang against latest go version - 1.24) <a
href="https://redirect.github.com/prometheus/client_golang/issues/1738">#1738</a></li>
<li>[FEATURE] api: <code>WithLookbackDelta</code> and
<code>WithStats</code> options have been added to API client. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1743">#1743</a></li>
<li>[CHANGE] :warning: promhttp: Isolate zstd support and
klauspost/compress library use to promhttp/zstd package. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1765">#1765</a></li>
</ul>
<!-- raw HTML omitted -->
<ul>
<li>build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1720">prometheus/client_golang#1720</a></li>
<li>build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.3
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1719">prometheus/client_golang#1719</a></li>
<li>Update RELEASE.md by <a
href="https://github.com/bwplotka"><code>@​bwplotka</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1721">prometheus/client_golang#1721</a></li>
<li>chore(docs): Add links for the upstream PRs by <a
href="https://github.com/kakkoyun"><code>@​kakkoyun</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1722">prometheus/client_golang#1722</a></li>
<li>Added tips on releasing client and checking with k8s. by <a
href="https://github.com/bwplotka"><code>@​bwplotka</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1723">prometheus/client_golang#1723</a></li>
<li>feat: Add new CollectorFunc utility by <a
href="https://github.com/Saumya40-codes"><code>@​Saumya40-codes</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1724">prometheus/client_golang#1724</a></li>
<li>build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1725">prometheus/client_golang#1725</a></li>
<li>build(deps): bump the github-actions group with 5 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1726">prometheus/client_golang#1726</a></li>
<li>Synchronize common files from prometheus/prometheus by <a
href="https://github.com/prombot"><code>@​prombot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1727">prometheus/client_golang#1727</a></li>
<li>Synchronize common files from prometheus/prometheus by <a
href="https://github.com/prombot"><code>@​prombot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1731">prometheus/client_golang#1731</a></li>
<li>build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1739">prometheus/client_golang#1739</a></li>
<li>build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1740">prometheus/client_golang#1740</a></li>
<li>Cleanup dependabot config by <a
href="https://github.com/SuperQ"><code>@​SuperQ</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1741">prometheus/client_golang#1741</a></li>
<li>Upgrade Golang version v1.24 by <a
href="https://github.com/dongjiang1989"><code>@​dongjiang1989</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1738">prometheus/client_golang#1738</a></li>
<li>build(deps): bump the github-actions group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1742">prometheus/client_golang#1742</a></li>
<li>Merging 1.21 release back to main. by <a
href="https://github.com/bwplotka"><code>@​bwplotka</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1744">prometheus/client_golang#1744</a></li>
<li>Synchronize common files from prometheus/prometheus by <a
href="https://github.com/prombot"><code>@​prombot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1745">prometheus/client_golang#1745</a></li>
<li>Add support for undocumented query options for API by <a
href="https://github.com/mahendrapaipuri"><code>@​mahendrapaipuri</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1743">prometheus/client_golang#1743</a></li>
<li>exp/api: Add experimental exp module; Add remote API with write
client and handler. by <a
href="https://github.com/bwplotka"><code>@​bwplotka</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1658">prometheus/client_golang#1658</a></li>
<li>exp/api: Add accepted msg type validation to handler by <a
href="https://github.com/saswatamcode"><code>@​saswatamcode</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1750">prometheus/client_golang#1750</a></li>
<li>build(deps): bump the github-actions group with 5 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1751">prometheus/client_golang#1751</a></li>
<li>build(deps): bump github.com/klauspost/compress from 1.17.11 to
1.18.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1752">prometheus/client_golang#1752</a></li>
<li>build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1753">prometheus/client_golang#1753</a></li>
<li>exp: Reset snappy buf by <a
href="https://github.com/saswatamcode"><code>@​saswatamcode</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1756">prometheus/client_golang#1756</a></li>
<li>Merge release 1.21.1 to main. by <a
href="https://github.com/bwplotka"><code>@​bwplotka</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1762">prometheus/client_golang#1762</a></li>
<li>exp: Add dependabot config by <a
href="https://github.com/saswatamcode"><code>@​saswatamcode</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1754">prometheus/client_golang#1754</a></li>
<li>build(deps): bump peter-evans/create-pull-request from 7.0.7 to
7.0.8 in the github-actions group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1764">prometheus/client_golang#1764</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md">github.com/prometheus/client_golang's
changelog</a>.</em></p>
<blockquote>
<h2>1.22.0 / 2025-04-07</h2>
<p>:warning: This release contains potential breaking change if you use
experimental <code>zstd</code> support introduce in <a
href="https://redirect.github.com/prometheus/client_golang/issues/1496">#1496</a>
:warning:</p>
<p>Experimental support for <code>zstd</code> on scrape was added,
controlled by the request <code>Accept-Encoding</code> header.
It was enabled by default since version 1.20, but now you need to add a
blank import to enable it.
The decision to make it opt-in by default was originally made because
the Go standard library was expected to have default zstd support added
soon,
<a
href="https://redirect.github.com/golang/go/issues/62513">golang/go#62513</a>
however, the work took longer than anticipated and it will be postponed
to upcoming major Go versions.</p>
<p>e.g.:</p>
<blockquote>
<pre lang="go"><code>import (
_
&quot;github.com/prometheus/client_golang/prometheus/promhttp/zstd&quot;
)
</code></pre>
</blockquote>
<ul>
<li>[FEATURE] prometheus: Add new CollectorFunc utility <a
href="https://redirect.github.com/prometheus/client_golang/issues/1724">#1724</a></li>
<li>[CHANGE] Minimum required Go version is now 1.22 (we also test
client_golang against latest go version - 1.24) <a
href="https://redirect.github.com/prometheus/client_golang/issues/1738">#1738</a></li>
<li>[FEATURE] api: <code>WithLookbackDelta</code> and
<code>WithStats</code> options have been added to API client. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1743">#1743</a></li>
<li>[CHANGE] :warning: promhttp: Isolate zstd support and
klauspost/compress library use to promhttp/zstd package. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1765">#1765</a></li>
</ul>
<h2>1.21.1 / 2025-03-04</h2>
<ul>
<li>[BUGFIX] prometheus: Revert of <code>Inc</code>, <code>Add</code>
and <code>Observe</code> cumulative metric CAS optimizations (<a
href="https://redirect.github.com/prometheus/client_golang/issues/1661">#1661</a>),
causing regressions on low contention cases.</li>
<li>[BUGFIX] prometheus: Fix GOOS=ios build, broken due to
process_collector_* wrong build tags.</li>
</ul>
<h2>1.21.0 / 2025-02-17</h2>
<p>:warning: This release contains potential breaking change if you
upgrade <code>github.com/prometheus/common</code> to 0.62+ together with
client_golang. :warning:</p>
<p>New common version <a
href="https://redirect.github.com/prometheus/common/pull/724">changes
<code>model.NameValidationScheme</code> global variable</a>, which
relaxes the validation of label names and metric name, allowing all
UTF-8 characters. Typically, this should not break any user, unless your
test or usage expects strict certain names to panic/fail on
client_golang metric registration, gathering or scrape. In case of
problems change <code>model.NameValidationScheme</code> to old
<code>model.LegacyValidation</code> value in your project
<code>init</code> function.</p>
<ul>
<li>[BUGFIX] gocollector: Fix help message for runtime/metric metrics.
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1583">#1583</a></li>
<li>[BUGFIX] prometheus: Fix <code>Desc.String()</code> method for no
labels case. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1687">#1687</a></li>
<li>[ENHANCEMENT] prometheus: Optimize popular
<code>prometheus.BuildFQName</code> function; now up to 30% faster. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1665">#1665</a></li>
<li>[ENHANCEMENT] prometheus: Optimize <code>Inc</code>,
<code>Add</code> and <code>Observe</code> cumulative metrics; now up to
50% faster under high concurrent contention. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1661">#1661</a></li>
<li>[CHANGE] Upgrade prometheus/common to 0.62.0 which changes
<code>model.NameValidationScheme</code> global variable. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1712">#1712</a></li>
<li>[CHANGE] Add support for Go 1.23. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1602">#1602</a></li>
<li>[FEATURE] process_collector: Add support for Darwin systems. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1600">#1600</a>
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1616">#1616</a>
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1625">#1625</a>
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1675">#1675</a>
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1715">#1715</a></li>
<li>[FEATURE] api: Add ability to invoke
<code>CloseIdleConnections</code> on api.Client using
<code>api.Client.(CloseIdler).CloseIdleConnections()</code> casting. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1513">#1513</a></li>
<li>[FEATURE] promhttp: Add
<code>promhttp.HandlerOpts.EnableOpenMetricsTextCreatedSamples</code>
option to create OpenMetrics _created lines. Not recommended unless you
want to use opt-in Created Timestamp feature. Community works on
OpenMetrics 2.0 format that should make those lines obsolete (they
increase cardinality significantly). <a
href="https://redirect.github.com/prometheus/client_golang/issues/1408">#1408</a></li>
<li>[FEATURE] prometheus: Add <code>NewConstNativeHistogram</code>
function. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1654">#1654</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/prometheus/client_golang/commit/d50be25511d790f4c166d68ce7d046c2977d148b"><code>d50be25</code></a>
Cut 1.22.0 (<a
href="https://redirect.github.com/prometheus/client_golang/issues/1793">#1793</a>)</li>
<li><a
href="https://github.com/prometheus/client_golang/commit/1043db7cb8735186b341bbff6ae45d7ff56018dd"><code>1043db7</code></a>
Cut 1.22.0-rc.0 (<a
href="https://redirect.github.com/prometheus/client_golang/issues/1768">#1768</a>)</li>
<li><a
href="https://github.com/prometheus/client_golang/commit/e575c9c04e40fe0784d4fee7f1f56c1a66ef090d"><code>e575c9c</code></a>
promhttp: Isolate zstd support and klauspost/compress library use to
promhttp...</li>
<li><a
href="https://github.com/prometheus/client_golang/commit/f2276aa7d4b6e6526e0011762d0e4070513cf9cd"><code>f2276aa</code></a>
Merge pull request <a
href="https://redirect.github.com/prometheus/client_golang/issues/1764">#1764</a>
from prometheus/dependabot/github_actions/github-act...</li>
<li><a
href="https://github.com/prometheus/client_golang/commit/9df772cc5f399a2946a9158e57fd0aff66daf7d1"><code>9df772c</code></a>
build(deps): bump peter-evans/create-pull-request</li>
<li><a
href="https://github.com/prometheus/client_golang/commit/a3548c5aa811a0a52d1d723c3dfb3b01930481fb"><code>a3548c5</code></a>
Merge pull request <a
href="https://redirect.github.com/prometheus/client_golang/issues/1754">#1754</a>
from saswatamcode/exp-eh</li>
<li><a
href="https://github.com/prometheus/client_golang/commit/60fd2b0490db6e7c74e623651031feae93c7ebc1"><code>60fd2b0</code></a>
Remove go.work file for now</li>
<li><a
href="https://github.com/prometheus/client_golang/commit/8f9d0de6893dd7a470cdb1cffc5d98d1b5d7b50d"><code>8f9d0de</code></a>
exp: Add dependabot config</li>
<li><a
href="https://github.com/prometheus/client_golang/commit/c5cf981312d510414c209927e4f9e888d6776b5c"><code>c5cf981</code></a>
Merge pull request <a
href="https://redirect.github.com/prometheus/client_golang/issues/1762">#1762</a>
from prometheus/release-1.21</li>
<li><a
href="https://github.com/prometheus/client_golang/commit/8a42da3e4bfdc7ea408fcd886064dffc4daffb22"><code>8a42da3</code></a>
Fix ios build. (<a
href="https://redirect.github.com/prometheus/client_golang/issues/1758">#1758</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/prometheus/client_golang/compare/v1.20.5...v1.22.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/prometheus/client_golang&package-manager=go_modules&previous-version=1.20.5&new-version=1.22.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 3b0b66b5..848fd7fd 100644
--- a/go.mod
+++ b/go.mod
@@ -35,7 +35,7 @@ require (
 	github.com/opentracing/opentracing-go v1.2.0
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.20.5
+	github.com/prometheus/client_golang v1.22.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/stretchr/testify v1.10.0
 	github.com/tidwall/gjson v1.18.0
@@ -123,7 +123,7 @@ require (
 	github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/common v0.62.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/quic-go/quic-go v0.48.2 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
@@ -146,7 +146,7 @@ require (
 	golang.org/x/text v0.25.0 // indirect
 	golang.org/x/time v0.11.0 // indirect
 	golang.org/x/tools v0.23.0 // indirect
-	google.golang.org/protobuf v1.35.1 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/macaroon.v2 v2.1.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	maunium.net/go/maulogger/v2 v2.4.1 // indirect
diff --git a/go.sum b/go.sum
index 8a5249e5..8e30a7c9 100644
--- a/go.sum
+++ b/go.sum
@@ -307,12 +307,12 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
-github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
+github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
+github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
 github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
 github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
-github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
-github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
+github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
+github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/quic-go/quic-go v0.48.2 h1:wsKXZPeGWpMpCGSWqOcqpW2wZYic/8T3aqiOID0/KWE=
@@ -485,8 +485,8 @@ google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
 google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
-google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
+google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=

From 0b3ffd6e124e9e0f4b56b9fda6ad03f43f38c958 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Jun 2025 22:21:01 +0200
Subject: [PATCH 16/17] Bump github.com/coder/websocket from 1.8.12 to 1.8.13
 (#3584)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [github.com/coder/websocket](https://github.com/coder/websocket)
from 1.8.12 to 1.8.13.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/coder/websocket/releases">github.com/coder/websocket's
releases</a>.</em></p>
<blockquote>
<h2>v1.8.13</h2>
<h2>Changes</h2>
<ul>
<li>Use new atomic types from Go 1.19 by <a
href="https://github.com/Jacalz"><code>@​Jacalz</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/444">coder/websocket#444</a></li>
<li>Fix coverage by <a
href="https://github.com/mafredri"><code>@​mafredri</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/466">coder/websocket#466</a></li>
<li>Clean out env passed to wasmbrowsertest in TestWasm by <a
href="https://github.com/mafredri"><code>@​mafredri</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/469">coder/websocket#469</a></li>
<li>Sunset the dev branch by <a
href="https://github.com/mafredri"><code>@​mafredri</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/471">coder/websocket#471</a></li>
<li>Replace filepath.Match with path.Match by <a
href="https://github.com/KianYang-Lee"><code>@​KianYang-Lee</code></a>
in <a
href="https://redirect.github.com/coder/websocket/pull/452">coder/websocket#452</a></li>
<li>internal/bpool: add New function by <a
href="https://github.com/bestgopher"><code>@​bestgopher</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/465">coder/websocket#465</a></li>
<li>accept: Add unwrapping for hijack like http.ResponseController by <a
href="https://github.com/mafredri"><code>@​mafredri</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/472">coder/websocket#472</a></li>
<li>docs: Fix docs and examples related to r.Context() usage by <a
href="https://github.com/mafredri"><code>@​mafredri</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/477">coder/websocket#477</a></li>
<li>Fix a typo in chat_test.go by <a
href="https://github.com/henrybear327"><code>@​henrybear327</code></a>
in <a
href="https://redirect.github.com/coder/websocket/pull/491">coder/websocket#491</a></li>
<li>fix: avoid writing messages after close and improve handshake by <a
href="https://github.com/FrauElster"><code>@​FrauElster</code></a> and
<a href="https://github.com/mafredri"><code>@​mafredri</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/476">coder/websocket#476</a></li>
<li>Disable AppArmor in CI to allow chrome sandbox by <a
href="https://github.com/igolaizola"><code>@​igolaizola</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/511">coder/websocket#511</a></li>
<li>ci: disable AppArmor on daily and static workflows by <a
href="https://github.com/igolaizola"><code>@​igolaizola</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/513">coder/websocket#513</a></li>
<li>Fix build with Go 1.24 by <a
href="https://github.com/flyn-org"><code>@​flyn-org</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/508">coder/websocket#508</a></li>
<li>Add ping and pong received callbacks by <a
href="https://github.com/igolaizola"><code>@​igolaizola</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/509">coder/websocket#509</a></li>
<li>ci: update wasmbrowsertest to a specific commit by <a
href="https://github.com/igolaizola"><code>@​igolaizola</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/514">coder/websocket#514</a></li>
<li>ci: lock down staticcheck and govulncheck in lint.sh by <a
href="https://github.com/mafredri"><code>@​mafredri</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/523">coder/websocket#523</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/coder/websocket/compare/v1.8.12...v1.8.13">https://github.com/coder/websocket/compare/v1.8.12...v1.8.13</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/coder/websocket/commit/64d7449933124ed1f0d779c477a9e9145bbdac38"><code>64d7449</code></a>
ci: lock down versions in lint.sh and fix ci (<a
href="https://redirect.github.com/coder/websocket/issues/523">#523</a>)</li>
<li><a
href="https://github.com/coder/websocket/commit/d1468a75eee5525d183123766fbf288dca1eed9b"><code>d1468a7</code></a>
ci: update wasmbrowsertest to a specific commit (<a
href="https://redirect.github.com/coder/websocket/issues/514">#514</a>)</li>
<li><a
href="https://github.com/coder/websocket/commit/703784f0773aed414ec8e081a8fb0f0134ca631e"><code>703784f</code></a>
feat: add ping and pong received callbacks (<a
href="https://redirect.github.com/coder/websocket/issues/509">#509</a>)</li>
<li><a
href="https://github.com/coder/websocket/commit/aec630d59c74431ffd33ada5a75acf564d27863f"><code>aec630d</code></a>
fix: conform to stricter printf usage in Go 1.24 (<a
href="https://redirect.github.com/coder/websocket/issues/508">#508</a>)</li>
<li><a
href="https://github.com/coder/websocket/commit/497ac50c0ad739cc13ffe4dc3d6ecc9ecbb97b5f"><code>497ac50</code></a>
ci: disable AppArmor on daily and static workflows (<a
href="https://redirect.github.com/coder/websocket/issues/513">#513</a>)</li>
<li><a
href="https://github.com/coder/websocket/commit/3e183a987fd3d73a937df5461883fcf963e3a11a"><code>3e183a9</code></a>
ci: disable AppArmor to allow Chrome sandbox (<a
href="https://redirect.github.com/coder/websocket/issues/511">#511</a>)</li>
<li><a
href="https://github.com/coder/websocket/commit/11bda985bf5f0a7169f973913a52ca7f39ab9d99"><code>11bda98</code></a>
fix: avoid writing messages after close and improve handshake (<a
href="https://redirect.github.com/coder/websocket/issues/476">#476</a>)</li>
<li><a
href="https://github.com/coder/websocket/commit/1253b774ead7f405475f98e331a6b389c604020c"><code>1253b77</code></a>
chore: bump the internal-deps group across 2 directories with 5 updates
(<a
href="https://redirect.github.com/coder/websocket/issues/500">#500</a>)</li>
<li><a
href="https://github.com/coder/websocket/commit/d67767c5d20fa855f3a4aa94710b260ee13af122"><code>d67767c</code></a>
chore(.github): group dependabot PRs and reduce frequency (<a
href="https://redirect.github.com/coder/websocket/issues/499">#499</a>)</li>
<li><a
href="https://github.com/coder/websocket/commit/02080e979f93f767ea2af94dcd7ca1b4630d749d"><code>02080e9</code></a>
Fix a typo in chat_test.go (<a
href="https://redirect.github.com/coder/websocket/issues/491">#491</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/coder/websocket/compare/v1.8.12...v1.8.13">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/coder/websocket&package-manager=go_modules&previous-version=1.8.12&new-version=1.8.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 848fd7fd..4f2319c3 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/Masterminds/semver/v3 v3.3.1
 	github.com/blevesearch/bleve/v2 v2.5.1
 	github.com/codeclysm/extract v2.2.0+incompatible
-	github.com/coder/websocket v1.8.12
+	github.com/coder/websocket v1.8.13
 	github.com/cretz/bine v0.2.0
 	github.com/dgraph-io/ristretto v0.2.0
 	github.com/docker/docker v26.1.5+incompatible
diff --git a/go.sum b/go.sum
index 8e30a7c9..596a44cf 100644
--- a/go.sum
+++ b/go.sum
@@ -71,8 +71,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/codeclysm/extract v2.2.0+incompatible h1:q3wyckoA30bhUSiwdQezMqVhwd8+WGE64/GL//LtUhI=
 github.com/codeclysm/extract v2.2.0+incompatible/go.mod h1:2nhFMPHiU9At61hz+12bfrlpXSUrOnK+wR+KlGO4Uks=
-github.com/coder/websocket v1.8.12 h1:5bUXkEPPIbewrnkU8LTCLVaxi4N4J8ahufH2vlo4NAo=
-github.com/coder/websocket v1.8.12/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
+github.com/coder/websocket v1.8.13 h1:f3QZdXy7uGVz+4uCJy2nTZyM0yTBj8yANEHhqlXZ9FE=
+github.com/coder/websocket v1.8.13/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=

From c133596baf1345849e584e1dc8cd853c0597762d Mon Sep 17 00:00:00 2001
From: Till <2353100+S7evinK@users.noreply.github.com>
Date: Thu, 19 Jun 2025 07:58:55 +0200
Subject: [PATCH 17/17] Update dependencies, fix `/user/keys/query` requests
 (#3600)

Contains updates from
https://github.com/element-hq/dendrite/pull/3598
https://github.com/element-hq/dendrite/pull/3597
https://github.com/element-hq/dendrite/pull/3596
https://github.com/element-hq/dendrite/pull/3595

Updates GMSL to
https://github.com/matrix-org/gomatrixserverlib/commit/904c8f04597e5dbec6365788c52a2e4eb7e2ddab
to fix issues with `/user/keys/query` requests.

### Pull Request Checklist

<!-- Please read
https://matrix-org.github.io/dendrite/development/contributing before
submitting your pull request -->

* [x] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement) for this PR _or_ I have
justified why this PR doesn't need tests
* [x] Pull request includes a [sign off
below](https://element-hq.github.io/dendrite/development/contributing#sign-off)
_or_ I have already signed off privately

Signed-off-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
---
 go.mod | 18 +++++++++---------
 go.sum | 44 ++++++++++++++++++++++----------------------
 2 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/go.mod b/go.mod
index 4f2319c3..58649ed3 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ require (
 	github.com/DATA-DOG/go-sqlmock v1.5.2
 	github.com/MFAshby/stdemuxerhook v1.0.0
 	github.com/Masterminds/semver/v3 v3.3.1
-	github.com/blevesearch/bleve/v2 v2.5.1
+	github.com/blevesearch/bleve/v2 v2.5.2
 	github.com/codeclysm/extract v2.2.0+incompatible
 	github.com/coder/websocket v1.8.13
 	github.com/cretz/bine v0.2.0
@@ -25,10 +25,10 @@ require (
 	github.com/matrix-org/dugong v0.0.0-20210921133753-66e6b1c67e2e
 	github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91
 	github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530
-	github.com/matrix-org/gomatrixserverlib v0.0.0-20250116181547-c4f1e01eab0d
+	github.com/matrix-org/gomatrixserverlib v0.0.0-20250619052822-904c8f04597e
 	github.com/matrix-org/pinecone v0.11.1-0.20230810010612-ea4c33717fd7
 	github.com/matrix-org/util v0.0.0-20221111132719-399730281e66
-	github.com/mattn/go-sqlite3 v1.14.24
+	github.com/mattn/go-sqlite3 v1.14.28
 	github.com/nats-io/nats-server/v2 v2.11.3
 	github.com/nats-io/nats.go v1.42.0
 	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
@@ -45,11 +45,11 @@ require (
 	github.com/yggdrasil-network/yggdrasil-go v0.5.12
 	github.com/yggdrasil-network/yggquic v0.0.0-20241212194307-0d495106021f
 	go.uber.org/atomic v1.11.0
-	golang.org/x/crypto v0.38.0
+	golang.org/x/crypto v0.39.0
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
 	golang.org/x/image v0.27.0
 	golang.org/x/mobile v0.0.0-20240520174638-fa72addaaa1b
-	golang.org/x/sync v0.14.0
+	golang.org/x/sync v0.15.0
 	golang.org/x/term v0.32.0
 	gopkg.in/yaml.v2 v2.4.0
 	gotest.tools/v3 v3.5.2
@@ -81,7 +81,7 @@ require (
 	github.com/blevesearch/zapx/v13 v13.4.2 // indirect
 	github.com/blevesearch/zapx/v14 v14.4.2 // indirect
 	github.com/blevesearch/zapx/v15 v15.4.2 // indirect
-	github.com/blevesearch/zapx/v16 v16.2.3 // indirect
+	github.com/blevesearch/zapx/v16 v16.2.4 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
@@ -140,12 +140,12 @@ require (
 	go.opentelemetry.io/otel/sdk v1.32.0 // indirect
 	go.opentelemetry.io/otel/trace v1.32.0 // indirect
 	go.uber.org/mock v0.4.0 // indirect
-	golang.org/x/mod v0.19.0 // indirect
+	golang.org/x/mod v0.25.0 // indirect
 	golang.org/x/net v0.40.0 // indirect
 	golang.org/x/sys v0.33.0 // indirect
-	golang.org/x/text v0.25.0 // indirect
+	golang.org/x/text v0.26.0 // indirect
 	golang.org/x/time v0.11.0 // indirect
-	golang.org/x/tools v0.23.0 // indirect
+	golang.org/x/tools v0.33.0 // indirect
 	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/macaroon.v2 v2.1.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/go.sum b/go.sum
index 596a44cf..35c17476 100644
--- a/go.sum
+++ b/go.sum
@@ -29,8 +29,8 @@ github.com/bits-and-blooms/bitset v1.22.0 h1:Tquv9S8+SGaS3EhyA+up3FXzmkhxPGjQQCk
 github.com/bits-and-blooms/bitset v1.22.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
 github.com/bits-and-blooms/bloom/v3 v3.7.0 h1:VfknkqV4xI+PsaDIsoHueyxVDZrfvMn56jeWUzvzdls=
 github.com/bits-and-blooms/bloom/v3 v3.7.0/go.mod h1:VKlUSvp0lFIYqxJjzdnSsZEw4iHb1kOL2tfHTgyJBHg=
-github.com/blevesearch/bleve/v2 v2.5.1 h1:cc/O++W2Hcjp1SU5ETHeE+QYWv2oV88ldYEPowdmg8M=
-github.com/blevesearch/bleve/v2 v2.5.1/go.mod h1:9g/wnbWKm9AgXrU8Ecqi+IDdqjUHWymwkQRDg+5tafU=
+github.com/blevesearch/bleve/v2 v2.5.2 h1:Ab0r0MODV2C5A6BEL87GqLBySqp/s9xFgceCju6BQk8=
+github.com/blevesearch/bleve/v2 v2.5.2/go.mod h1:5Dj6dUQxZM6aqYT3eutTD/GpWKGFSsV8f7LDidFbwXo=
 github.com/blevesearch/bleve_index_api v1.2.8 h1:Y98Pu5/MdlkRyLM0qDHostYo7i+Vv1cDNhqTeR4Sy6Y=
 github.com/blevesearch/bleve_index_api v1.2.8/go.mod h1:rKQDl4u51uwafZxFrPD1R7xFOwKnzZW7s/LSeK4lgo0=
 github.com/blevesearch/geo v0.2.3 h1:K9/vbGI9ehlXdxjxDRJtoAMt7zGAsMIzc6n8zWcwnhg=
@@ -63,8 +63,8 @@ github.com/blevesearch/zapx/v14 v14.4.2 h1:2SGHakVKd+TrtEqpfeq8X+So5PShQ5nW6GNxT
 github.com/blevesearch/zapx/v14 v14.4.2/go.mod h1:rz0XNb/OZSMjNorufDGSpFpjoFKhXmppH9Hi7a877D8=
 github.com/blevesearch/zapx/v15 v15.4.2 h1:sWxpDE0QQOTjyxYbAVjt3+0ieu8NCE0fDRaFxEsp31k=
 github.com/blevesearch/zapx/v15 v15.4.2/go.mod h1:1pssev/59FsuWcgSnTa0OeEpOzmhtmr/0/11H0Z8+Nw=
-github.com/blevesearch/zapx/v16 v16.2.3 h1:7Y0r+a3diEvlazsncexq1qoFOcBd64xwMS7aDm4lo1s=
-github.com/blevesearch/zapx/v16 v16.2.3/go.mod h1:wVJ+GtURAaRG9KQAMNYyklq0egV+XJlGcXNCE0OFjjA=
+github.com/blevesearch/zapx/v16 v16.2.4 h1:tGgfvleXTAkwsD5mEzgM3zCS/7pgocTCnO1oyAUjlww=
+github.com/blevesearch/zapx/v16 v16.2.4/go.mod h1:Rti/REtuuMmzwsI8/C/qIzRaEoSK/wiFYw5e5ctUKKs=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
@@ -109,8 +109,8 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
 github.com/frankban/quicktest v1.0.0/go.mod h1:R98jIehRai+d1/3Hv2//jOVCTJhW1VBavT6B6CuGq2k=
-github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
-github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=
+github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
+github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/getlantern/context v0.0.0-20190109183933-c447772a6520/go.mod h1:L+mq6/vvYHKjCX2oez0CgEAJmbq1fbb/oNJIWQkBybY=
 github.com/getlantern/errors v1.0.1/go.mod h1:l+xpFBrCtDLpK9qNjxs+cHU6+BAdlBaxHqikB6Lku3A=
 github.com/getlantern/fdcount v0.0.0-20210503151800-5decd65b3731/go.mod h1:XZwE+iIlAgr64OFbXKFNCllBwV4wEipPx8Hlo2gZdbM=
@@ -235,8 +235,8 @@ github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91 h1:s7fexw
 github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91/go.mod h1:e+cg2q7C7yE5QnAXgzo512tgFh1RbQLC0+jozuegKgo=
 github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530 h1:kHKxCOLcHH8r4Fzarl4+Y3K5hjothkVW5z7T1dUM11U=
 github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530/go.mod h1:/gBX06Kw0exX1HrwmoBibFA98yBk/jxKpGVeyQbff+s=
-github.com/matrix-org/gomatrixserverlib v0.0.0-20250116181547-c4f1e01eab0d h1:c3Dkci0GDH/6cGGt8zGIiJMP+UOdtX0DPY6dxiJvtZM=
-github.com/matrix-org/gomatrixserverlib v0.0.0-20250116181547-c4f1e01eab0d/go.mod h1:qil34SWn6VB6gO5312rzziCUcZtgROPjrLE+4ly/0os=
+github.com/matrix-org/gomatrixserverlib v0.0.0-20250619052822-904c8f04597e h1:SWediqisy1Eoumr06sjGaA6gt6gS4FtXe00VB6fSNZw=
+github.com/matrix-org/gomatrixserverlib v0.0.0-20250619052822-904c8f04597e/go.mod h1:61LpEsWAroRfdVh2dnr6fQ+K3MmRgD5I35GVvF4FpXQ=
 github.com/matrix-org/pinecone v0.11.1-0.20230810010612-ea4c33717fd7 h1:6t8kJr8i1/1I5nNttw6nn1ryQJgzVlBmSGgPiiaTdw4=
 github.com/matrix-org/pinecone v0.11.1-0.20230810010612-ea4c33717fd7/go.mod h1:ReWMS/LoVnOiRAdq9sNUC2NZnd1mZkMNB52QhpTRWjg=
 github.com/matrix-org/util v0.0.0-20221111132719-399730281e66 h1:6z4KxomXSIGWqhHcfzExgkH3Z3UkIXry4ibJS4Aqz2Y=
@@ -249,10 +249,10 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM=
-github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
-github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
-github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
+github.com/mattn/go-sqlite3 v1.14.28 h1:ThEiQrnbtumT+QMknw63Befp/ce/nUPgBPMlRFEum7A=
+github.com/mattn/go-sqlite3 v1.14.28/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/miekg/dns v1.1.66 h1:FeZXOS3VCVsKnEAd+wBkjMC3D2K+ww66Cq3VnCINuJE=
+github.com/miekg/dns v1.1.66/go.mod h1:jGFzBsSNbJw6z1HYut1RKBKHA9PBdxeHrZG8J+gC2WE=
 github.com/minio/highwayhash v1.0.3 h1:kbnuUMoHYyVl7szWjSxJnxw11k2U709jqFPPmIUyD6Q=
 github.com/minio/highwayhash v1.0.3/go.mod h1:GGYsuwP/fPD6Y9hMiXuapVvlIUEhFhMTh0rxU3ik1LQ=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
@@ -395,8 +395,8 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
-golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
-golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
+golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
+golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -415,8 +415,8 @@ golang.org/x/mobile v0.0.0-20240520174638-fa72addaaa1b/go.mod h1:EiXZlVfUTaAyySF
 golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
-golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
+golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -428,8 +428,8 @@ golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
-golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
+golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -455,8 +455,8 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
-golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
+golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
+golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
 golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
@@ -467,8 +467,8 @@ golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
-golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
+golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc=
+golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=