dendrite

mirror of https://github.com/element-hq/dendrite.git synced 2025-09-13 12:52:24 +03:00

Author	SHA1	Message	Date
Kegan Dougal	cba2a953d4	GMSL 'fix' to not take down the server on bad room state (#3636 ) Fixes https://github.com/element-hq/dendrite/issues/3629 Pulls in https://github.com/matrix-org/gomatrixserverlib/pull/460	2025-08-15 08:26:30 +01:00
Kegan Dougal	3197b09989	v0.15.1 (#3632 ) Some checks failed Dendrite / WASM build test (push) Has been cancelled Details Dendrite / Linting (push) Has been cancelled Details Dendrite / Unit tests (push) Has been cancelled Details Dendrite / Build for Linux (push) Has been cancelled Details Dendrite / Build for Windows (push) Has been cancelled Details Dendrite / Initial tests passed (push) Has been cancelled Details Dendrite / Integration tests (push) Has been cancelled Details Dendrite / Upgrade tests (push) Has been cancelled Details Dendrite / Upgrade tests from HEAD-2 (push) Has been cancelled Details Dendrite / Sytest (SQLite Cgo) (push) Has been cancelled Details Dendrite / Sytest (PostgreSQL) (push) Has been cancelled Details Dendrite / Sytest (SQLite native) (push) Has been cancelled Details Dendrite / Complement (PostgreSQL) (push) Has been cancelled Details Dendrite / Complement (SQLite native) (push) Has been cancelled Details Dendrite / Complement (SQLite Cgo) (push) Has been cancelled Details Dendrite / Integration tests passed (push) Has been cancelled Details Dendrite / Update Docker images (push) Has been cancelled Details To pull in https://github.com/element-hq/dendrite/pull/3630 Also pulls in a bunch of bug fixes on v12 rooms, which testing did not catch. `FAILURE: #655: Server rejects invalid JSON in a version 6 room` is an expected fail now.	2025-08-13 17:05:44 +01:00
Kegan Dougal	13fb97c1ab	Bump GMSL to pull in v12 sorting bugfix (#3633 ) Also keeps processing PDUs even if one of them was bad c.f https://github.com/element-hq/synapse/issues/7543 suspect moderation tooling is causing invalid PDUs to be sent, meaning this is now expected to fail: ``` FAILURE: #655: Server rejects invalid JSON in a version 6 room ```	2025-08-13 13:56:34 +01:00
dependabot[bot]	df748c5eae	Bump github.com/nats-io/nats-server/v2 from 2.11.3 to 2.11.7 (#3620 ) Bumps [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) from 2.11.3 to 2.11.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nats-io/nats-server/releases">github.com/nats-io/nats-server/v2's releases</a>.</em></p> <blockquote> <h2>Release v2.11.7</h2> <h2>Changelog</h2> <p>Refer to the <a href="https://docs.nats.io/release-notes/whats_new/whats_new_211">2.11 Upgrade Guide</a> for backwards compatibility notes with 2.10.x.</p> <h3>Go Version</h3> <ul> <li>1.24.5 (<a href="https://redirect.github.com/nats-io/nats-server/issues/7047">#7047</a>)</li> </ul> <h3>Dependencies</h3> <ul> <li>golang.org/x/crypto v0.40.0 (<a href="https://redirect.github.com/nats-io/nats-server/issues/7061">#7061</a>)</li> <li>golang.org/x/sys v0.34.0 (<a href="https://redirect.github.com/nats-io/nats-server/issues/7061">#7061</a>)</li> </ul> <h3>Added</h3> <p>General</p> <ul> <li>The <code>SubjectMatchesFilter</code> function is now available as an exported function for embedded use (<a href="https://redirect.github.com/nats-io/nats-server/issues/7051">#7051</a>)</li> <li>The <code>leafz</code> monitoring endpoint now includes the connection ID (<a href="https://redirect.github.com/nats-io/nats-server/issues/7063">#7063</a>)</li> <li>The monitoring endpoint index page now includes the endpoint names on hover (<a href="https://redirect.github.com/nats-io/nats-server/issues/7066">#7066</a>, <a href="https://redirect.github.com/nats-io/nats-server/issues/7087">#7087</a>)</li> </ul> <h3>Improved</h3> <p>JetStream</p> <ul> <li>Consumers with inactivity thresholds should no longer age out before processing acks (<a href="https://redirect.github.com/nats-io/nats-server/issues/7107">#7107</a>)</li> <li>The Raft layer will no longer request store state on each apply (<a href="https://redirect.github.com/nats-io/nats-server/issues/7109">#7109</a>)</li> <li>Tombstones in Raft log compactions will now be written asynchronously, similar to purges (<a href="https://redirect.github.com/nats-io/nats-server/issues/7109">#7109</a>)</li> <li>When enabling per-message TTLs on a stream, existing messages with the <code>Nats-TTL</code> header are now scanned and processed (<a href="https://redirect.github.com/nats-io/nats-server/issues/7117">#7117</a>)</li> </ul> <h3>Fixed</h3> <p>General</p> <ul> <li>Message header lookups with common prefixes will now return correctly in all cases, fixing a problem where the headers could be sensitive to ordering (<a href="https://redirect.github.com/nats-io/nats-server/issues/7065">#7065</a>)</li> <li>Validate that the <code>default_sentinel</code> JWT is a bearer token for auth callout (7074)</li> <li>The <code>$SYS.REQ.USER.INFO</code> endpoint should now only be answered by the local server, fixing cases where the endpoint may sometimes return without full connection details (<a href="https://redirect.github.com/nats-io/nats-server/issues/7089">#7089</a>)</li> </ul> <p>JetStream</p> <ul> <li>The Raft layer will require recovery and snapshot handling at startup before campaigning for a leadership election, fixing a situation where a node could continue with an outdated stream (<a href="https://redirect.github.com/nats-io/nats-server/issues/7040">#7040</a>)</li> <li>The Raft log will no longer be compacted until after a snapshot is written, improving crash resilience (<a href="https://redirect.github.com/nats-io/nats-server/issues/7043">#7043</a>)</li> <li>A race condition when shutting down Raft nodes which could result in no snapshot being written has been fixed (<a href="https://redirect.github.com/nats-io/nats-server/issues/7045">#7045</a>)</li> <li>Consumer pull requests that use <code>no_wait</code> or <code>expires</code> behaviour has been fixed with replicated consumers (<a href="https://redirect.github.com/nats-io/nats-server/issues/7046">#7046</a>)</li> <li>Pull consumers with an inactive threshold will now consider pending acks when determining inactivity, preventing the consumer from being deleted while messages are being processed (<a href="https://redirect.github.com/nats-io/nats-server/issues/7052">#7052</a>)</li> <li>Push consumers will now correctly error when trying to configure priority groups (<a href="https://redirect.github.com/nats-io/nats-server/issues/7053">#7053</a>)</li> <li>Committed entry objects will now be correctly returned to the pool on error, reducing allocations (<a href="https://redirect.github.com/nats-io/nats-server/issues/7064">#7064</a>)</li> <li>The time hash wheel used for per-message TTLs now correctly detects and expires messages with TTLs over an hour, previously it could take double the expected time (<a href="https://redirect.github.com/nats-io/nats-server/issues/7070">#7070</a>)</li> <li>A potential panic when selecting message blocks during TTL recovery has been fixed (<a href="https://redirect.github.com/nats-io/nats-server/issues/7072">#7072</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`df44964eb9`"><code>df44964</code></a> Release v2.11.7</li> <li><a href="`b76090aa47`"><code>b76090a</code></a> Cherry-picks for 2.11.7 (<a href="https://redirect.github.com/nats-io/nats-server/issues/7132">#7132</a>)</li> <li><a href="`2e4c373b4a`"><code>2e4c373</code></a> [FIXED] MaxBytes reservations underflow</li> <li><a href="`42af9b5ae8`"><code>42af9b5</code></a> Release v2.11.7-RC.3</li> <li><a href="`da4971cc4c`"><code>da4971c</code></a> Cherry-picks for 2.11.7-RC.3 (<a href="https://redirect.github.com/nats-io/nats-server/issues/7127">#7127</a>)</li> <li><a href="`abac833e87`"><code>abac833</code></a> [FIXED] Detect removed blocks with stale index.db</li> <li><a href="`29e0ee677f`"><code>29e0ee6</code></a> [IMPROVED] Recover TTL when enabled</li> <li><a href="`6bebdc0616`"><code>6bebdc0</code></a> Release v2.11.7-RC.2</li> <li><a href="`b3220a6ca0`"><code>b3220a6</code></a> Cherry-picks for 2.11.7-RC.2 (<a href="https://redirect.github.com/nats-io/nats-server/issues/7115">#7115</a>)</li> <li><a href="`6014f41659`"><code>6014f41</code></a> Fix typos in doc comments</li> <li>Additional commits viewable in <a href="https://github.com/nats-io/nats-server/compare/v2.11.3...v2.11.7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/nats-io/nats-server/v2&package-manager=go_modules&previous-version=2.11.3&new-version=2.11.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-12 13:08:29 +01:00
dependabot[bot]	4643eb89e1	Bump github.com/nats-io/nats.go from 1.42.0 to 1.44.0 (#3621 ) Some checks are pending Dendrite / WASM build test (push) Waiting to run Details Dendrite / Linting (push) Waiting to run Details Dendrite / Unit tests (push) Waiting to run Details Dendrite / Build for Linux (push) Waiting to run Details Dendrite / Build for Windows (push) Waiting to run Details Dendrite / Initial tests passed (push) Blocked by required conditions Details Dendrite / Integration tests (push) Blocked by required conditions Details Dendrite / Upgrade tests (push) Blocked by required conditions Details Dendrite / Upgrade tests from HEAD-2 (push) Blocked by required conditions Details Dendrite / Sytest (SQLite Cgo) (push) Blocked by required conditions Details Dendrite / Sytest (PostgreSQL) (push) Blocked by required conditions Details Dendrite / Sytest (SQLite native) (push) Blocked by required conditions Details Dendrite / Complement (PostgreSQL) (push) Blocked by required conditions Details Dendrite / Complement (SQLite native) (push) Blocked by required conditions Details Dendrite / Complement (SQLite Cgo) (push) Blocked by required conditions Details Dendrite / Integration tests passed (push) Blocked by required conditions Details Dendrite / Update Docker images (push) Blocked by required conditions Details Bumps [github.com/nats-io/nats.go](https://github.com/nats-io/nats.go) from 1.42.0 to 1.44.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nats-io/nats.go/releases">github.com/nats-io/nats.go's releases</a>.</em></p> <blockquote> <h2>Release v1.44.0</h2> <h2>Changelog</h2> <h2>Overview</h2> <p>This PR adds a <code>PushConsumer</code> implementation to <code>jetstream</code>, allowing easier migration to new API while maintaining usage of push consumers. For now it only supports the callback-based <code>Consume()</code>, more consuming options will be added in future releases.</p> <h3>ADDED</h3> <ul> <li>Core NATS: <ul> <li><code>UserCredentialBytes()</code> <code>Conn</code> option (<a href="https://redirect.github.com/nats-io/nats.go/issues/1877">#1877</a>)</li> </ul> </li> <li>JetStream: <ul> <li><code>PushConsumer</code> implementation in <code>jetstream</code> package</li> <li>Expose <code>ClientTrace</code> in <code>JetStreamOptions</code> (<a href="https://redirect.github.com/nats-io/nats.go/issues/1886">#1886</a>)</li> </ul> </li> <li>Service API: <ul> <li>Expose <code>WithEndpointPendingLimits</code> option (<a href="https://redirect.github.com/nats-io/nats.go/issues/1899">#1899</a>)</li> </ul> </li> <li>Legacy KeyValue: <ul> <li><code>Error()</code> method to <code>KeyLister</code> and <code>KeyWatcher</code> interfaces (<a href="https://redirect.github.com/nats-io/nats.go/issues/1889">#1889</a>)</li> </ul> </li> </ul> <h3>FIXED</h3> <ul> <li>Core NATS: <ul> <li>Fix timeoutWriter not recovering after first error (<a href="https://redirect.github.com/nats-io/nats.go/issues/1896">#1896</a>)</li> </ul> </li> <li>JetStream: <ul> <li><code>Consumer.Next()</code> hangs after connection is closed (<a href="https://redirect.github.com/nats-io/nats.go/issues/1883">#1883</a>)</li> <li>Fixed stream info request for strict mode (<a href="https://redirect.github.com/nats-io/nats.go/issues/1887">#1887</a>)</li> <li>Ordered consumer not closing on connection close (<a href="https://redirect.github.com/nats-io/nats.go/issues/1885">#1885</a>)</li> <li>Return a more appropriate error when Subject Transform is not supported (<a href="https://redirect.github.com/nats-io/nats.go/issues/1416">#1416</a>)</li> <li>Fix subject transform comparison. Thanks <a href="https://github.com/erikmansson"><code>@erikmansson</code></a> for the contribution (<a href="https://redirect.github.com/nats-io/nats.go/issues/1907">#1907</a>)</li> </ul> </li> <li>Legacy JetStream: <ul> <li>Use timeout from <code>JetStreamContext</code> if no deadline is set on ctx (<a href="https://redirect.github.com/nats-io/nats.go/issues/1909">#1909</a>)</li> </ul> </li> <li>KeyValue: <ul> <li><code>Keys()</code> and <code>ListKeys()</code> returning duplicates (<a href="https://redirect.github.com/nats-io/nats.go/issues/1884">#1884</a>)</li> <li>Fix subject prefix for the Create/Update operation in KV store. Thanks <a href="https://github.com/SalvaChiLlo"><code>@SalvaChiLlo</code></a> for the contribution (<a href="https://redirect.github.com/nats-io/nats.go/issues/1903">#1903</a>)</li> </ul> </li> </ul> <h3>CHANGED</h3> <ul> <li>Change <code>DefaultSubPendingMsgsLimit</code> (<a href="https://redirect.github.com/nats-io/nats.go/issues/998">#998</a>)</li> </ul> <h3>Complete Changes</h3> <p><a href="https://github.com/nats-io/nats.go/compare/v1.43.0...v1.44.0">https://github.com/nats-io/nats.go/compare/v1.43.0...v1.44.0</a></p> <h2>Release v1.43.0</h2> <h2>Changelog</h2> <h3>ADDED</h3> <ul> <li>Core NATS: <ul> <li>Add <code>nc.LocalAddr</code>, similar to <code>nc.ConnectedAddr</code> (<a href="https://redirect.github.com/nats-io/nats.go/issues/1877">#1877</a>)</li> </ul> </li> </ul> <h3>FIXED</h3> <ul> <li>Service API: <ul> <li>Fix stopping service not unsubscribing from all endpoints. Thanks <a href="https://github.com/arunsworld"><code>@arunsworld</code></a> for the contribution (<a href="https://redirect.github.com/nats-io/nats.go/issues/1872">#1872</a>)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`7a260b8b93`"><code>7a260b8</code></a> Release v1.44.0 (<a href="https://redirect.github.com/nats-io/nats.go/issues/1910">#1910</a>)</li> <li><a href="`dfcb02dcdc`"><code>dfcb02d</code></a> [FIXED] Use mirror-aware prefix when updating KV key (<a href="https://redirect.github.com/nats-io/nats.go/issues/1903">#1903</a>)</li> <li><a href="`0bba2a9842`"><code>0bba2a9</code></a> [ADDED] PushConsumer implementation in jetstream package (<a href="https://redirect.github.com/nats-io/nats.go/issues/1785">#1785</a>)</li> <li><a href="`627a9f63c2`"><code>627a9f6</code></a> [FIXED] KeyValue Keys() and ListKeys() returning duplicates (<a href="https://redirect.github.com/nats-io/nats.go/issues/1884">#1884</a>)</li> <li><a href="`9743171c2a`"><code>9743171</code></a> Merge pull request <a href="https://redirect.github.com/nats-io/nats.go/issues/1909">#1909</a> from nats-io/fix-watcher-timeout</li> <li><a href="`3bd15a8026`"><code>3bd15a8</code></a> [FIXED] Use timeout from JetStreamContext if no deadline is set on ctx</li> <li><a href="`0fc96b1daa`"><code>0fc96b1</code></a> [FIXED] Fix subject transform comparison (<a href="https://redirect.github.com/nats-io/nats.go/issues/1907">#1907</a>)</li> <li><a href="`ea3ef92823`"><code>ea3ef92</code></a> [IMPROVED] Change DefaultSubPendingMsgsLimit comment to reflect actual value ...</li> <li><a href="`f038fb4bee`"><code>f038fb4</code></a> [FIXED] Return a more appropriate error when subject transforms are not suppo...</li> <li><a href="`ad6e34e1ae`"><code>ad6e34e</code></a> [FIXED] Ordered consumer not closing on connection close (<a href="https://redirect.github.com/nats-io/nats.go/issues/1885">#1885</a>)</li> <li>Additional commits viewable in <a href="https://github.com/nats-io/nats.go/compare/v1.42.0...v1.44.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/nats-io/nats.go&package-manager=go_modules&previous-version=1.42.0&new-version=1.44.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-12 12:01:54 +01:00
Kegan Dougal	4d93d921be	Room version 12 (#3623 ) Some checks are pending Dendrite / Sytest (SQLite Cgo) (push) Blocked by required conditions Details Dendrite / WASM build test (push) Waiting to run Details Dendrite / Linting (push) Waiting to run Details Dendrite / Unit tests (push) Waiting to run Details Dendrite / Build for Linux (push) Waiting to run Details Dendrite / Build for Windows (push) Waiting to run Details Dendrite / Initial tests passed (push) Blocked by required conditions Details Dendrite / Integration tests (push) Blocked by required conditions Details Dendrite / Upgrade tests (push) Blocked by required conditions Details Dendrite / Upgrade tests from HEAD-2 (push) Blocked by required conditions Details Dendrite / Sytest (PostgreSQL) (push) Blocked by required conditions Details Dendrite / Sytest (SQLite native) (push) Blocked by required conditions Details Dendrite / Complement (PostgreSQL) (push) Blocked by required conditions Details Dendrite / Complement (SQLite native) (push) Blocked by required conditions Details Dendrite / Complement (SQLite Cgo) (push) Blocked by required conditions Details Dendrite / Integration tests passed (push) Blocked by required conditions Details Dendrite / Update Docker images (push) Blocked by required conditions Details	2025-08-11 20:59:47 +01:00
Till	c133596baf	Update dependencies, fix `/user/keys/query` requests (#3600 ) Contains updates from https://github.com/element-hq/dendrite/pull/3598 https://github.com/element-hq/dendrite/pull/3597 https://github.com/element-hq/dendrite/pull/3596 https://github.com/element-hq/dendrite/pull/3595 Updates GMSL to `904c8f0459` to fix issues with `/user/keys/query` requests. ### Pull Request Checklist <!-- Please read https://matrix-org.github.io/dendrite/development/contributing before submitting your pull request --> * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below](https://element-hq.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>	2025-06-19 07:58:55 +02:00
dependabot[bot]	0b3ffd6e12	Bump github.com/coder/websocket from 1.8.12 to 1.8.13 (#3584 ) Bumps [github.com/coder/websocket](https://github.com/coder/websocket) from 1.8.12 to 1.8.13. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/coder/websocket/releases">github.com/coder/websocket's releases</a>.</em></p> <blockquote> <h2>v1.8.13</h2> <h2>Changes</h2> <ul> <li>Use new atomic types from Go 1.19 by <a href="https://github.com/Jacalz"><code>@Jacalz</code></a> in <a href="https://redirect.github.com/coder/websocket/pull/444">coder/websocket#444</a></li> <li>Fix coverage by <a href="https://github.com/mafredri"><code>@mafredri</code></a> in <a href="https://redirect.github.com/coder/websocket/pull/466">coder/websocket#466</a></li> <li>Clean out env passed to wasmbrowsertest in TestWasm by <a href="https://github.com/mafredri"><code>@mafredri</code></a> in <a href="https://redirect.github.com/coder/websocket/pull/469">coder/websocket#469</a></li> <li>Sunset the dev branch by <a href="https://github.com/mafredri"><code>@mafredri</code></a> in <a href="https://redirect.github.com/coder/websocket/pull/471">coder/websocket#471</a></li> <li>Replace filepath.Match with path.Match by <a href="https://github.com/KianYang-Lee"><code>@KianYang-Lee</code></a> in <a href="https://redirect.github.com/coder/websocket/pull/452">coder/websocket#452</a></li> <li>internal/bpool: add New function by <a href="https://github.com/bestgopher"><code>@bestgopher</code></a> in <a href="https://redirect.github.com/coder/websocket/pull/465">coder/websocket#465</a></li> <li>accept: Add unwrapping for hijack like http.ResponseController by <a href="https://github.com/mafredri"><code>@mafredri</code></a> in <a href="https://redirect.github.com/coder/websocket/pull/472">coder/websocket#472</a></li> <li>docs: Fix docs and examples related to r.Context() usage by <a href="https://github.com/mafredri"><code>@mafredri</code></a> in <a href="https://redirect.github.com/coder/websocket/pull/477">coder/websocket#477</a></li> <li>Fix a typo in chat_test.go by <a href="https://github.com/henrybear327"><code>@henrybear327</code></a> in <a href="https://redirect.github.com/coder/websocket/pull/491">coder/websocket#491</a></li> <li>fix: avoid writing messages after close and improve handshake by <a href="https://github.com/FrauElster"><code>@FrauElster</code></a> and <a href="https://github.com/mafredri"><code>@mafredri</code></a> in <a href="https://redirect.github.com/coder/websocket/pull/476">coder/websocket#476</a></li> <li>Disable AppArmor in CI to allow chrome sandbox by <a href="https://github.com/igolaizola"><code>@igolaizola</code></a> in <a href="https://redirect.github.com/coder/websocket/pull/511">coder/websocket#511</a></li> <li>ci: disable AppArmor on daily and static workflows by <a href="https://github.com/igolaizola"><code>@igolaizola</code></a> in <a href="https://redirect.github.com/coder/websocket/pull/513">coder/websocket#513</a></li> <li>Fix build with Go 1.24 by <a href="https://github.com/flyn-org"><code>@flyn-org</code></a> in <a href="https://redirect.github.com/coder/websocket/pull/508">coder/websocket#508</a></li> <li>Add ping and pong received callbacks by <a href="https://github.com/igolaizola"><code>@igolaizola</code></a> in <a href="https://redirect.github.com/coder/websocket/pull/509">coder/websocket#509</a></li> <li>ci: update wasmbrowsertest to a specific commit by <a href="https://github.com/igolaizola"><code>@igolaizola</code></a> in <a href="https://redirect.github.com/coder/websocket/pull/514">coder/websocket#514</a></li> <li>ci: lock down staticcheck and govulncheck in lint.sh by <a href="https://github.com/mafredri"><code>@mafredri</code></a> in <a href="https://redirect.github.com/coder/websocket/pull/523">coder/websocket#523</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/coder/websocket/compare/v1.8.12...v1.8.13">https://github.com/coder/websocket/compare/v1.8.12...v1.8.13</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`64d7449933`"><code>64d7449</code></a> ci: lock down versions in lint.sh and fix ci (<a href="https://redirect.github.com/coder/websocket/issues/523">#523</a>)</li> <li><a href="`d1468a75ee`"><code>d1468a7</code></a> ci: update wasmbrowsertest to a specific commit (<a href="https://redirect.github.com/coder/websocket/issues/514">#514</a>)</li> <li><a href="`703784f077`"><code>703784f</code></a> feat: add ping and pong received callbacks (<a href="https://redirect.github.com/coder/websocket/issues/509">#509</a>)</li> <li><a href="`aec630d59c`"><code>aec630d</code></a> fix: conform to stricter printf usage in Go 1.24 (<a href="https://redirect.github.com/coder/websocket/issues/508">#508</a>)</li> <li><a href="`497ac50c0a`"><code>497ac50</code></a> ci: disable AppArmor on daily and static workflows (<a href="https://redirect.github.com/coder/websocket/issues/513">#513</a>)</li> <li><a href="`3e183a987f`"><code>3e183a9</code></a> ci: disable AppArmor to allow Chrome sandbox (<a href="https://redirect.github.com/coder/websocket/issues/511">#511</a>)</li> <li><a href="`11bda985bf`"><code>11bda98</code></a> fix: avoid writing messages after close and improve handshake (<a href="https://redirect.github.com/coder/websocket/issues/476">#476</a>)</li> <li><a href="`1253b774ea`"><code>1253b77</code></a> chore: bump the internal-deps group across 2 directories with 5 updates (<a href="https://redirect.github.com/coder/websocket/issues/500">#500</a>)</li> <li><a href="`d67767c5d2`"><code>d67767c</code></a> chore(.github): group dependabot PRs and reduce frequency (<a href="https://redirect.github.com/coder/websocket/issues/499">#499</a>)</li> <li><a href="`02080e979f`"><code>02080e9</code></a> Fix a typo in chat_test.go (<a href="https://redirect.github.com/coder/websocket/issues/491">#491</a>)</li> <li>Additional commits viewable in <a href="https://github.com/coder/websocket/compare/v1.8.12...v1.8.13">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/coder/websocket&package-manager=go_modules&previous-version=1.8.12&new-version=1.8.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-06-05 22:21:01 +02:00
dependabot[bot]	7427fc21d0	Bump github.com/prometheus/client_golang from 1.20.5 to 1.22.0 (#3586 ) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.20.5 to 1.22.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/prometheus/client_golang/releases">github.com/prometheus/client_golang's releases</a>.</em></p> <blockquote> <h2>v1.22.0 - 2025-04-07</h2> <p>⚠️ This release contains potential breaking change if you use experimental <code>zstd</code> support introduce in <a href="https://redirect.github.com/prometheus/client_golang/issues/1496">#1496</a> ⚠️</p> <p>Experimental support for <code>zstd</code> on scrape was added, controlled by the request <code>Accept-Encoding</code> header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, <a href="https://redirect.github.com/golang/go/issues/62513">golang/go#62513</a> however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.</p> <p>e.g.:</p> <blockquote> <pre lang="go"><code>import ( _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd" ) </code></pre> </blockquote> <ul> <li>[FEATURE] prometheus: Add new CollectorFunc utility <a href="https://redirect.github.com/prometheus/client_golang/issues/1724">#1724</a></li> <li>[CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) <a href="https://redirect.github.com/prometheus/client_golang/issues/1738">#1738</a></li> <li>[FEATURE] api: <code>WithLookbackDelta</code> and <code>WithStats</code> options have been added to API client. <a href="https://redirect.github.com/prometheus/client_golang/issues/1743">#1743</a></li> <li>[CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. <a href="https://redirect.github.com/prometheus/client_golang/issues/1765">#1765</a></li> </ul> <!-- raw HTML omitted --> <ul> <li>build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1720">prometheus/client_golang#1720</a></li> <li>build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1719">prometheus/client_golang#1719</a></li> <li>Update RELEASE.md by <a href="https://github.com/bwplotka"><code>@bwplotka</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1721">prometheus/client_golang#1721</a></li> <li>chore(docs): Add links for the upstream PRs by <a href="https://github.com/kakkoyun"><code>@kakkoyun</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1722">prometheus/client_golang#1722</a></li> <li>Added tips on releasing client and checking with k8s. by <a href="https://github.com/bwplotka"><code>@bwplotka</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1723">prometheus/client_golang#1723</a></li> <li>feat: Add new CollectorFunc utility by <a href="https://github.com/Saumya40-codes"><code>@Saumya40-codes</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1724">prometheus/client_golang#1724</a></li> <li>build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1725">prometheus/client_golang#1725</a></li> <li>build(deps): bump the github-actions group with 5 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1726">prometheus/client_golang#1726</a></li> <li>Synchronize common files from prometheus/prometheus by <a href="https://github.com/prombot"><code>@prombot</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1727">prometheus/client_golang#1727</a></li> <li>Synchronize common files from prometheus/prometheus by <a href="https://github.com/prombot"><code>@prombot</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1731">prometheus/client_golang#1731</a></li> <li>build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1739">prometheus/client_golang#1739</a></li> <li>build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1740">prometheus/client_golang#1740</a></li> <li>Cleanup dependabot config by <a href="https://github.com/SuperQ"><code>@SuperQ</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1741">prometheus/client_golang#1741</a></li> <li>Upgrade Golang version v1.24 by <a href="https://github.com/dongjiang1989"><code>@dongjiang1989</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1738">prometheus/client_golang#1738</a></li> <li>build(deps): bump the github-actions group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1742">prometheus/client_golang#1742</a></li> <li>Merging 1.21 release back to main. by <a href="https://github.com/bwplotka"><code>@bwplotka</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1744">prometheus/client_golang#1744</a></li> <li>Synchronize common files from prometheus/prometheus by <a href="https://github.com/prombot"><code>@prombot</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1745">prometheus/client_golang#1745</a></li> <li>Add support for undocumented query options for API by <a href="https://github.com/mahendrapaipuri"><code>@mahendrapaipuri</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1743">prometheus/client_golang#1743</a></li> <li>exp/api: Add experimental exp module; Add remote API with write client and handler. by <a href="https://github.com/bwplotka"><code>@bwplotka</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1658">prometheus/client_golang#1658</a></li> <li>exp/api: Add accepted msg type validation to handler by <a href="https://github.com/saswatamcode"><code>@saswatamcode</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1750">prometheus/client_golang#1750</a></li> <li>build(deps): bump the github-actions group with 5 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1751">prometheus/client_golang#1751</a></li> <li>build(deps): bump github.com/klauspost/compress from 1.17.11 to 1.18.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1752">prometheus/client_golang#1752</a></li> <li>build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1753">prometheus/client_golang#1753</a></li> <li>exp: Reset snappy buf by <a href="https://github.com/saswatamcode"><code>@saswatamcode</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1756">prometheus/client_golang#1756</a></li> <li>Merge release 1.21.1 to main. by <a href="https://github.com/bwplotka"><code>@bwplotka</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1762">prometheus/client_golang#1762</a></li> <li>exp: Add dependabot config by <a href="https://github.com/saswatamcode"><code>@saswatamcode</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1754">prometheus/client_golang#1754</a></li> <li>build(deps): bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 in the github-actions group by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/prometheus/client_golang/pull/1764">prometheus/client_golang#1764</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md">github.com/prometheus/client_golang's changelog</a>.</em></p> <blockquote> <h2>1.22.0 / 2025-04-07</h2> <p>⚠️ This release contains potential breaking change if you use experimental <code>zstd</code> support introduce in <a href="https://redirect.github.com/prometheus/client_golang/issues/1496">#1496</a> ⚠️</p> <p>Experimental support for <code>zstd</code> on scrape was added, controlled by the request <code>Accept-Encoding</code> header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, <a href="https://redirect.github.com/golang/go/issues/62513">golang/go#62513</a> however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.</p> <p>e.g.:</p> <blockquote> <pre lang="go"><code>import ( _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd" ) </code></pre> </blockquote> <ul> <li>[FEATURE] prometheus: Add new CollectorFunc utility <a href="https://redirect.github.com/prometheus/client_golang/issues/1724">#1724</a></li> <li>[CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) <a href="https://redirect.github.com/prometheus/client_golang/issues/1738">#1738</a></li> <li>[FEATURE] api: <code>WithLookbackDelta</code> and <code>WithStats</code> options have been added to API client. <a href="https://redirect.github.com/prometheus/client_golang/issues/1743">#1743</a></li> <li>[CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. <a href="https://redirect.github.com/prometheus/client_golang/issues/1765">#1765</a></li> </ul> <h2>1.21.1 / 2025-03-04</h2> <ul> <li>[BUGFIX] prometheus: Revert of <code>Inc</code>, <code>Add</code> and <code>Observe</code> cumulative metric CAS optimizations (<a href="https://redirect.github.com/prometheus/client_golang/issues/1661">#1661</a>), causing regressions on low contention cases.</li> <li>[BUGFIX] prometheus: Fix GOOS=ios build, broken due to process_collector_* wrong build tags.</li> </ul> <h2>1.21.0 / 2025-02-17</h2> <p>⚠️ This release contains potential breaking change if you upgrade <code>github.com/prometheus/common</code> to 0.62+ together with client_golang. ⚠️</p> <p>New common version <a href="https://redirect.github.com/prometheus/common/pull/724">changes <code>model.NameValidationScheme</code> global variable</a>, which relaxes the validation of label names and metric name, allowing all UTF-8 characters. Typically, this should not break any user, unless your test or usage expects strict certain names to panic/fail on client_golang metric registration, gathering or scrape. In case of problems change <code>model.NameValidationScheme</code> to old <code>model.LegacyValidation</code> value in your project <code>init</code> function.</p> <ul> <li>[BUGFIX] gocollector: Fix help message for runtime/metric metrics. <a href="https://redirect.github.com/prometheus/client_golang/issues/1583">#1583</a></li> <li>[BUGFIX] prometheus: Fix <code>Desc.String()</code> method for no labels case. <a href="https://redirect.github.com/prometheus/client_golang/issues/1687">#1687</a></li> <li>[ENHANCEMENT] prometheus: Optimize popular <code>prometheus.BuildFQName</code> function; now up to 30% faster. <a href="https://redirect.github.com/prometheus/client_golang/issues/1665">#1665</a></li> <li>[ENHANCEMENT] prometheus: Optimize <code>Inc</code>, <code>Add</code> and <code>Observe</code> cumulative metrics; now up to 50% faster under high concurrent contention. <a href="https://redirect.github.com/prometheus/client_golang/issues/1661">#1661</a></li> <li>[CHANGE] Upgrade prometheus/common to 0.62.0 which changes <code>model.NameValidationScheme</code> global variable. <a href="https://redirect.github.com/prometheus/client_golang/issues/1712">#1712</a></li> <li>[CHANGE] Add support for Go 1.23. <a href="https://redirect.github.com/prometheus/client_golang/issues/1602">#1602</a></li> <li>[FEATURE] process_collector: Add support for Darwin systems. <a href="https://redirect.github.com/prometheus/client_golang/issues/1600">#1600</a> <a href="https://redirect.github.com/prometheus/client_golang/issues/1616">#1616</a> <a href="https://redirect.github.com/prometheus/client_golang/issues/1625">#1625</a> <a href="https://redirect.github.com/prometheus/client_golang/issues/1675">#1675</a> <a href="https://redirect.github.com/prometheus/client_golang/issues/1715">#1715</a></li> <li>[FEATURE] api: Add ability to invoke <code>CloseIdleConnections</code> on api.Client using <code>api.Client.(CloseIdler).CloseIdleConnections()</code> casting. <a href="https://redirect.github.com/prometheus/client_golang/issues/1513">#1513</a></li> <li>[FEATURE] promhttp: Add <code>promhttp.HandlerOpts.EnableOpenMetricsTextCreatedSamples</code> option to create OpenMetrics _created lines. Not recommended unless you want to use opt-in Created Timestamp feature. Community works on OpenMetrics 2.0 format that should make those lines obsolete (they increase cardinality significantly). <a href="https://redirect.github.com/prometheus/client_golang/issues/1408">#1408</a></li> <li>[FEATURE] prometheus: Add <code>NewConstNativeHistogram</code> function. <a href="https://redirect.github.com/prometheus/client_golang/issues/1654">#1654</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`d50be25511`"><code>d50be25</code></a> Cut 1.22.0 (<a href="https://redirect.github.com/prometheus/client_golang/issues/1793">#1793</a>)</li> <li><a href="`1043db7cb8`"><code>1043db7</code></a> Cut 1.22.0-rc.0 (<a href="https://redirect.github.com/prometheus/client_golang/issues/1768">#1768</a>)</li> <li><a href="`e575c9c04e`"><code>e575c9c</code></a> promhttp: Isolate zstd support and klauspost/compress library use to promhttp...</li> <li><a href="`f2276aa7d4`"><code>f2276aa</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/client_golang/issues/1764">#1764</a> from prometheus/dependabot/github_actions/github-act...</li> <li><a href="`9df772cc5f`"><code>9df772c</code></a> build(deps): bump peter-evans/create-pull-request</li> <li><a href="`a3548c5aa8`"><code>a3548c5</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/client_golang/issues/1754">#1754</a> from saswatamcode/exp-eh</li> <li><a href="`60fd2b0490`"><code>60fd2b0</code></a> Remove go.work file for now</li> <li><a href="`8f9d0de689`"><code>8f9d0de</code></a> exp: Add dependabot config</li> <li><a href="`c5cf981312`"><code>c5cf981</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/client_golang/issues/1762">#1762</a> from prometheus/release-1.21</li> <li><a href="`8a42da3e4b`"><code>8a42da3</code></a> Fix ios build. (<a href="https://redirect.github.com/prometheus/client_golang/issues/1758">#1758</a>)</li> <li>Additional commits viewable in <a href="https://github.com/prometheus/client_golang/compare/v1.20.5...v1.22.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/prometheus/client_golang&package-manager=go_modules&previous-version=1.20.5&new-version=1.22.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-06-05 22:20:50 +02:00
dependabot[bot]	545e96ea3b	Bump gotest.tools/v3 from 3.5.1 to 3.5.2 (#3587 ) Bumps [gotest.tools/v3](https://github.com/gotestyourself/gotest.tools) from 3.5.1 to 3.5.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gotestyourself/gotest.tools/releases">gotest.tools/v3's releases</a>.</em></p> <blockquote> <h2>v3.5.2</h2> <h2>What's Changed</h2> <ul> <li>assert: ensure message is always displayed & fix under bazel by <a href="https://github.com/cstrahan"><code>@cstrahan</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/276">gotestyourself/gotest.tools#276</a></li> <li>go.mod: golang.org/x/tools v0.13.0 for go1.22+ compatibility by <a href="https://github.com/thaJeztah"><code>@thaJeztah</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/282">gotestyourself/gotest.tools#282</a></li> <li>poll: Continue(): use format.Message for formatting by <a href="https://github.com/thaJeztah"><code>@thaJeztah</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/279">gotestyourself/gotest.tools#279</a></li> <li>fix TestFromDirSymlink on Windows due to missing drive-letter by <a href="https://github.com/thaJeztah"><code>@thaJeztah</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/283">gotestyourself/gotest.tools#283</a></li> <li>Fix various linting issues and minor bugs by <a href="https://github.com/thaJeztah"><code>@thaJeztah</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/280">gotestyourself/gotest.tools#280</a></li> <li>fix badges in readme, gofmt, and minor linting fix by <a href="https://github.com/thaJeztah"><code>@thaJeztah</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/284">gotestyourself/gotest.tools#284</a></li> <li>circleci: add go1.21, go1.22, go1.23, and update golangci-lint to v1.60.3 by <a href="https://github.com/thaJeztah"><code>@thaJeztah</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/285">gotestyourself/gotest.tools#285</a></li> <li>assert, assert/cmp: un-deprecate assert.ErrorType for now by <a href="https://github.com/thaJeztah"><code>@thaJeztah</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/286">gotestyourself/gotest.tools#286</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/cstrahan"><code>@cstrahan</code></a> made their first contribution in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/276">gotestyourself/gotest.tools#276</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gotestyourself/gotest.tools/compare/v3.5.1...v3.5.2">https://github.com/gotestyourself/gotest.tools/compare/v3.5.1...v3.5.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`0b81523ff2`"><code>0b81523</code></a> Merge pull request <a href="https://redirect.github.com/gotestyourself/gotest.tools/issues/286">#286</a> from thaJeztah/undeprecate_ErrorType</li> <li><a href="`c5dad8f46d`"><code>c5dad8f</code></a> Merge pull request <a href="https://redirect.github.com/gotestyourself/gotest.tools/issues/285">#285</a> from thaJeztah/update_go_versions</li> <li><a href="`160ab0edaf`"><code>160ab0e</code></a> Remove go1.18 and go1.19</li> <li><a href="`8569bbc4e1`"><code>8569bbc</code></a> Merge pull request <a href="https://redirect.github.com/gotestyourself/gotest.tools/issues/284">#284</a> from thaJeztah/cleanup_readme</li> <li><a href="`4256834a5f`"><code>4256834</code></a> assert, assert/cmp: un-deprecate assert.ErrorType for now</li> <li><a href="`eb321863ba`"><code>eb32186</code></a> circleci: update golangci-lint to v1.60.3</li> <li><a href="`5fc84733cf`"><code>5fc8473</code></a> circleci: add go1.21, go1.22, go1.23</li> <li><a href="`6f26df9681`"><code>6f26df9</code></a> circleci: test generics on go1.20 and windows as well</li> <li><a href="`732dfcf754`"><code>732dfcf</code></a> internal/difflib: rename funcs that collided with built-ins</li> <li><a href="`7d95f55d2c`"><code>7d95f55</code></a> internal/difflib: gofmt</li> <li>Additional commits viewable in <a href="https://github.com/gotestyourself/gotest.tools/compare/v3.5.1...v3.5.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gotest.tools/v3&package-manager=go_modules&previous-version=3.5.1&new-version=3.5.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-06-05 22:00:35 +02:00
dependabot[bot]	a8c18b3a0a	Bump golang.org/x/image from 0.23.0 to 0.27.0 (#3585 ) Bumps [golang.org/x/image](https://github.com/golang/image) from 0.23.0 to 0.27.0. <details> <summary>Commits</summary> <ul> <li><a href="`64815fb893`"><code>64815fb</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="`0aed5e29b6`"><code>0aed5e2</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="`e7e23ba501`"><code>e7e23ba</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="`58efddcdbf`"><code>58efddc</code></a> all: use a more straightforward return value</li> <li><a href="`ef6c1ab6fe`"><code>ef6c1ab</code></a> all: upgrade go directive to at least 1.23.0 [generated]</li> <li><a href="`45df02f8a1`"><code>45df02f</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/image/compare/v0.23.0...v0.27.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/image&package-manager=go_modules&previous-version=0.23.0&new-version=0.27.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-06-05 22:00:22 +02:00
Till Faelligen	86358e1af6	Bump golang.org/x/net	2025-05-17 20:25:44 +02:00
Till	f0578a506d	Update deps (#3580 ) ⚠ This also bumps the required go version to 1.23.0 All in one dependabot updates: https://github.com/element-hq/dendrite/pull/3507 https://github.com/element-hq/dendrite/pull/3559 https://github.com/element-hq/dendrite/pull/3560 https://github.com/element-hq/dendrite/pull/3561 https://github.com/element-hq/dendrite/pull/3573 https://github.com/element-hq/dendrite/pull/3574 https://github.com/element-hq/dendrite/pull/3575 https://github.com/element-hq/dendrite/pull/3576 https://github.com/element-hq/dendrite/pull/3577 https://github.com/element-hq/dendrite/pull/3579 ### Pull Request Checklist <!-- Please read https://matrix-org.github.io/dendrite/development/contributing before submitting your pull request --> * [ ] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [ ] Pull request includes a [sign off below](https://element-hq.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Your Name <your@email.example.org>`	2025-05-16 18:52:30 +02:00
Till	ad22d950dd	Remove `bimg` thumbnailer (#3522 ) As it is most likely not used anyway. (It's not the default)	2025-02-03 13:18:52 +01:00
dependabot[bot]	8872299b43	Bump golang.org/x/image from 0.18.0 to 0.23.0 (#3518 ) Bumps [golang.org/x/image](https://github.com/golang/image) from 0.18.0 to 0.23.0. <details> <summary>Commits</summary> <ul> <li><a href="`941f2100a0`"><code>941f210</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="`3724ab8af5`"><code>3724ab8</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="`ec562a8fd9`"><code>ec562a8</code></a> README: don't recommend go get</li> <li><a href="`931781a504`"><code>931781a</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="`c82123aa13`"><code>c82123a</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="`59aa0406c4`"><code>59aa040</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="`8bfd4fda75`"><code>8bfd4fd</code></a> colornames: update link to SVG spec</li> <li><a href="`bad7eb8559`"><code>bad7eb8</code></a> LICENSE: update per Google Legal</li> <li><a href="`9abbe108cb`"><code>9abbe10</code></a> draw: avoid FMA (Fused Multiply Add)</li> <li>See full diff in <a href="https://github.com/golang/image/compare/v0.18.0...v0.23.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/image&package-manager=go_modules&previous-version=0.18.0&new-version=0.23.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-01-29 19:38:10 +01:00
dependabot[bot]	6be7249368	Bump github.com/Masterminds/semver/v3 from 3.1.1 to 3.3.1 (#3519 ) Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) from 3.1.1 to 3.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Masterminds/semver/releases">github.com/Masterminds/semver/v3's releases</a>.</em></p> <blockquote> <h2>v3.3.1</h2> <h2>What's Changed</h2> <ul> <li>Fix for allowing some version that were invalid by <a href="https://github.com/mattfarina"><code>@mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/253">Masterminds/semver#253</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Masterminds/semver/compare/v3.3.0...v3.3.1">https://github.com/Masterminds/semver/compare/v3.3.0...v3.3.1</a></p> <h2>v3.3.0</h2> <h2>What's Changed</h2> <ul> <li>Fix: bad package in README by <a href="https://github.com/sdelicata"><code>@sdelicata</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/226">Masterminds/semver#226</a></li> <li>Updating the GitHub Actions and versions of Go used by <a href="https://github.com/mattfarina"><code>@mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/229">Masterminds/semver#229</a></li> <li>Fix spelling in README by <a href="https://github.com/robinschneider"><code>@robinschneider</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/222">Masterminds/semver#222</a></li> <li>Adding go build cache to fuzz output by <a href="https://github.com/mattfarina"><code>@mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/232">Masterminds/semver#232</a></li> <li>Add caching to fuzz testing by <a href="https://github.com/mattfarina"><code>@mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/234">Masterminds/semver#234</a></li> <li>updating github actions by <a href="https://github.com/mattfarina"><code>@mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/235">Masterminds/semver#235</a></li> <li>feat: nil version equality by <a href="https://github.com/KnutZuidema"><code>@KnutZuidema</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/213">Masterminds/semver#213</a></li> <li>add >= and <= by <a href="https://github.com/grosser"><code>@grosser</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/238">Masterminds/semver#238</a></li> <li>doc: hyphen range constraint without whitespace by <a href="https://github.com/johnnychen94"><code>@johnnychen94</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/216">Masterminds/semver#216</a></li> <li>Removing reference to vert by <a href="https://github.com/mattfarina"><code>@mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/245">Masterminds/semver#245</a></li> <li>simplify StrictNewVersion by <a href="https://github.com/grosser"><code>@grosser</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/241">Masterminds/semver#241</a></li> <li>Updating the testing version of Go used by <a href="https://github.com/mattfarina"><code>@mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/246">Masterminds/semver#246</a></li> <li>bumping min version in go.mod based on what's tested by <a href="https://github.com/mattfarina"><code>@mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/248">Masterminds/semver#248</a></li> <li>Updating changelog for 3.3.0 by <a href="https://github.com/mattfarina"><code>@mattfarina</code></a> in <a href="https://redirect.github.com/Masterminds/semver/pull/249">Masterminds/semver#249</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/sdelicata"><code>@sdelicata</code></a> made their first contribution in <a href="https://redirect.github.com/Masterminds/semver/pull/226">Masterminds/semver#226</a></li> <li><a href="https://github.com/robinschneider"><code>@robinschneider</code></a> made their first contribution in <a href="https://redirect.github.com/Masterminds/semver/pull/222">Masterminds/semver#222</a></li> <li><a href="https://github.com/KnutZuidema"><code>@KnutZuidema</code></a> made their first contribution in <a href="https://redirect.github.com/Masterminds/semver/pull/213">Masterminds/semver#213</a></li> <li><a href="https://github.com/grosser"><code>@grosser</code></a> made their first contribution in <a href="https://redirect.github.com/Masterminds/semver/pull/238">Masterminds/semver#238</a></li> <li><a href="https://github.com/johnnychen94"><code>@johnnychen94</code></a> made their first contribution in <a href="https://redirect.github.com/Masterminds/semver/pull/216">Masterminds/semver#216</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0">https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0</a></p> <h2>v3.2.1</h2> <h3>Changed</h3> <ul> <li><a href="https://redirect.github.com/Masterminds/semver/issues/198">#198</a>: Improved testing around pre-release names</li> <li><a href="https://redirect.github.com/Masterminds/semver/issues/200">#200</a>: Improved code scanning with addition of CodeQL</li> <li><a href="https://redirect.github.com/Masterminds/semver/issues/201">#201</a>: Testing now includes Go 1.20. Go 1.17 has been dropped</li> <li><a href="https://redirect.github.com/Masterminds/semver/issues/202">#202</a>: Migrated Fuzz testing to Go built-in Fuzzing. CI runs daily</li> <li><a href="https://redirect.github.com/Masterminds/semver/issues/203">#203</a>: Docs updated for security details</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/Masterminds/semver/issues/199">#199</a>: Fixed issue with range transformations</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Masterminds/semver/compare/v3.2.0...v3.2.1">https://github.com/Masterminds/semver/compare/v3.2.0...v3.2.1</a></p> <h2>v3.2.0</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Masterminds/semver/blob/master/CHANGELOG.md">github.com/Masterminds/semver/v3's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>3.3.0 (2024-08-27)</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/Masterminds/semver/issues/238">#238</a>: Add LessThanEqual and GreaterThanEqual functions (thanks <a href="https://github.com/grosser"><code>@grosser</code></a>)</li> <li><a href="https://redirect.github.com/Masterminds/semver/issues/213">#213</a>: nil version equality checking (thanks <a href="https://github.com/KnutZuidema"><code>@KnutZuidema</code></a>)</li> </ul> <h3>Changed</h3> <ul> <li><a href="https://redirect.github.com/Masterminds/semver/issues/241">#241</a>: Simplify StrictNewVersion parsing (thanks <a href="https://github.com/grosser"><code>@grosser</code></a>)</li> <li>Testing support up through Go 1.23</li> <li>Minimum version set to 1.21 as this is what's tested now</li> <li>Fuzz testing now supports caching</li> </ul> <h2>3.2.1 (2023-04-10)</h2> <h3>Changed</h3> <ul> <li><a href="https://redirect.github.com/Masterminds/semver/issues/198">#198</a>: Improved testing around pre-release names</li> <li><a href="https://redirect.github.com/Masterminds/semver/issues/200">#200</a>: Improved code scanning with addition of CodeQL</li> <li><a href="https://redirect.github.com/Masterminds/semver/issues/201">#201</a>: Testing now includes Go 1.20. Go 1.17 has been dropped</li> <li><a href="https://redirect.github.com/Masterminds/semver/issues/202">#202</a>: Migrated Fuzz testing to Go built-in Fuzzing. CI runs daily</li> <li><a href="https://redirect.github.com/Masterminds/semver/issues/203">#203</a>: Docs updated for security details</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/Masterminds/semver/issues/199">#199</a>: Fixed issue with range transformations</li> </ul> <h2>3.2.0 (2022-11-28)</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/Masterminds/semver/issues/190">#190</a>: Added text marshaling and unmarshaling</li> <li><a href="https://redirect.github.com/Masterminds/semver/issues/167">#167</a>: Added JSON marshalling for constraints (thanks <a href="https://github.com/SimonTheLeg"><code>@SimonTheLeg</code></a>)</li> <li><a href="https://redirect.github.com/Masterminds/semver/issues/173">#173</a>: Implement encoding.TextMarshaler and encoding.TextUnmarshaler on Version (thanks <a href="https://github.com/MarkRosemaker"><code>@MarkRosemaker</code></a>)</li> <li><a href="https://redirect.github.com/Masterminds/semver/issues/179">#179</a>: Added New() version constructor (thanks <a href="https://github.com/kazhuravlev"><code>@kazhuravlev</code></a>)</li> </ul> <h3>Changed</h3> <ul> <li><a href="https://redirect.github.com/Masterminds/semver/issues/182">#182</a>/<a href="https://redirect.github.com/Masterminds/semver/issues/183">#183</a>: Updated CI testing setup</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/Masterminds/semver/issues/186">#186</a>: Fixing issue where validation of constraint section gave false positives</li> <li><a href="https://redirect.github.com/Masterminds/semver/issues/176">#176</a>: Fix constraints check with *-0 (thanks <a href="https://github.com/mtt0"><code>@mtt0</code></a>)</li> <li><a href="https://redirect.github.com/Masterminds/semver/issues/181">#181</a>: Fixed Caret operator (^) gives unexpected results when the minor version in constraint is 0 (thanks <a href="https://github.com/arshchimni"><code>@arshchimni</code></a>)</li> <li><a href="https://redirect.github.com/Masterminds/semver/issues/161">#161</a>: Fixed godoc (thanks <a href="https://github.com/afirth"><code>@afirth</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`1558ca3488`"><code>1558ca3</code></a> Merge pull request <a href="https://redirect.github.com/Masterminds/semver/issues/253">#253</a> from mattfarina/fix-bad-versions</li> <li><a href="`252dd61dd3`"><code>252dd61</code></a> Fix for allowing some version that were invalid</li> <li><a href="`e6e3d4d3cb`"><code>e6e3d4d</code></a> Merge pull request <a href="https://redirect.github.com/Masterminds/semver/issues/249">#249</a> from mattfarina/update-changelog-3.3.0</li> <li><a href="`e80c4ea723`"><code>e80c4ea</code></a> Updating changelog for 3.3.0</li> <li><a href="`80427ad56e`"><code>80427ad</code></a> Merge pull request <a href="https://redirect.github.com/Masterminds/semver/issues/248">#248</a> from mattfarina/bump-min-version</li> <li><a href="`b610837227`"><code>b610837</code></a> bumping min version in go.mod based on what's tested</li> <li><a href="`a4cccd8ea5`"><code>a4cccd8</code></a> Merge pull request <a href="https://redirect.github.com/Masterminds/semver/issues/246">#246</a> from mattfarina/bump-go-1.23</li> <li><a href="`7c178cf0c6`"><code>7c178cf</code></a> Updating the testing version of Go used</li> <li><a href="`29f94c1119`"><code>29f94c1</code></a> Merge pull request <a href="https://redirect.github.com/Masterminds/semver/issues/241">#241</a> from grosser/grosser/validate</li> <li><a href="`2cf1b16b95`"><code>2cf1b16</code></a> Merge pull request <a href="https://redirect.github.com/Masterminds/semver/issues/245">#245</a> from mattfarina/remove-vert</li> <li>Additional commits viewable in <a href="https://github.com/Masterminds/semver/compare/v3.1.1...v3.3.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/Masterminds/semver/v3&package-manager=go_modules&previous-version=3.1.1&new-version=3.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-01-28 16:58:14 +00:00
dependabot[bot]	1b8b88cd3d	Bump github.com/yggdrasil-network/yggdrasil-go from 0.5.11 to 0.5.12 (#3505 ) Bumps [github.com/yggdrasil-network/yggdrasil-go](https://github.com/yggdrasil-network/yggdrasil-go) from 0.5.11 to 0.5.12. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/yggdrasil-network/yggdrasil-go/releases">github.com/yggdrasil-network/yggdrasil-go's releases</a>.</em></p> <blockquote> <h2>Version 0.5.12</h2> <ul> <li>Go 1.22 is now required to build Yggdrasil</li> </ul> <h3>Changed</h3> <ul> <li>The <code>latency_ms</code> field in the admin socket <code>getPeers</code> response has been renamed to <code>latency</code></li> </ul> <h3>Fixed</h3> <ul> <li>A timing regression which causes a higher level of idle protocol traffic on each peering has been fixed</li> <li>The <code>-user</code> flag now correctly detects an empty user/group specification</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/yggdrasil-network/yggdrasil-go/blob/develop/CHANGELOG.md">github.com/yggdrasil-network/yggdrasil-go's changelog</a>.</em></p> <blockquote> <h2>[0.5.12] - 2024-12-18</h2> <ul> <li>Go 1.22 is now required to build Yggdrasil</li> </ul> <h3>Changed</h3> <ul> <li>The <code>latency_ms</code> field in the admin socket <code>getPeers</code> response has been renamed to <code>latency</code></li> </ul> <h3>Fixed</h3> <ul> <li>A timing regression which causes a higher level of idle protocol traffic on each peering has been fixed</li> <li>The <code>-user</code> flag now correctly detects an empty user/group specification</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`213f72b840`"><code>213f72b</code></a> Yggdrasil 0.5.12</li> <li><a href="`1fbcf3b3c2`"><code>1fbcf3b</code></a> Rename <code>latency_ms</code> to <code>latency</code> in <code>getPeers</code> response since it isn't even m...</li> <li><a href="`22bc9c44e2`"><code>22bc9c4</code></a> genkeys print the number of generated keys (<a href="https://redirect.github.com/yggdrasil-network/yggdrasil-go/issues/1217">#1217</a>)</li> <li><a href="`9c73bacab9`"><code>9c73bac</code></a> Update to Go 1.22, quic-go/quic-go@v0.48.2 (<a href="https://redirect.github.com/yggdrasil-network/yggdrasil-go/issues/1218">#1218</a>)</li> <li><a href="`04be129878`"><code>04be129</code></a> Update to Arceliar/ironwood@743fe2f</li> <li><a href="`657f7e0db3`"><code>657f7e0</code></a> Fix empty user/group detection on <code>chuser</code></li> <li>See full diff in <a href="https://github.com/yggdrasil-network/yggdrasil-go/compare/v0.5.11...v0.5.12">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/yggdrasil-network/yggdrasil-go&package-manager=go_modules&previous-version=0.5.11&new-version=0.5.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>	2025-01-24 20:48:47 +00:00
dependabot[bot]	f43a426b78	Bump github.com/blevesearch/bleve/v2 from 2.4.0 to 2.4.4 (#3506 ) Bumps [github.com/blevesearch/bleve/v2](https://github.com/blevesearch/bleve) from 2.4.0 to 2.4.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/blevesearch/bleve/releases">github.com/blevesearch/bleve/v2's releases</a>.</em></p> <blockquote> <h2>v2.4.4</h2> <h5>Bug Fixes</h5> <ul> <li>Identified root cause for <a href="https://redirect.github.com/blevesearch/bleve/issues/1662">blevesearch/bleve#1662</a> to be recycling of TermFieldReaders that was causing illegal/incorrect access of several in-memory structures in certain scenarios. We've gone ahead and disabled this feature with <a href="https://redirect.github.com/blevesearch/bleve/pull/2117">blevesearch/bleve#2117</a> + <a href="https://redirect.github.com/blevesearch/bleve/pull/2121">blevesearch/bleve#2121</a> . Will work towards re-enabling in the near future once we've ironed out the several associated wrinkles.</li> <li>Introduced a guard rail with <a href="https://redirect.github.com/blevesearch/zapx/pull/282">blevesearch/zapx#282</a> while performing vector search queries with pre-filtering to avoid hitting a panic when qualified docs do not hold valid vector fields.</li> <li>Fixed an issue while applying <code>ivf_max_codes_pct</code> in vector search requests involving pre-filtering which can cause reduction in recall - <a href="https://redirect.github.com/blevesearch/go-faiss/pull/40">blevesearch/go-faiss#40</a></li> </ul> <p>Vector search continues to require same version of <code>faiss</code> dynamic library (as with <a href="https://github.com/blevesearch/bleve/releases/tag/v2.4.3">v2.4.3</a>) to be built from <a href="`b747c55a93`">blevesearch/faiss@b747c55a</a> which is a modified version of <a href="https://github.com/facebookresearch/faiss/releases/tag/v1.8.0">v1.8.0</a></p> <h5>Milestone</h5> <ul> <li><a href="https://github.com/blevesearch/bleve/milestone/25">v2.4.4</a></li> </ul> <h2>v2.4.3</h2> <h5>Bug Fixes</h5> <ul> <li>Address a corner case with <code>ivf_nprobe_pct</code> query parameter (<a href="https://redirect.github.com/blevesearch/go-faiss/pull/34">blevesearch/go-faiss#34</a>)</li> <li>Several guard rails put in place to avoid array-out-of-bounds-access and divide-by-zero errors: (<a href="https://redirect.github.com/blevesearch/zapx/pull/263">blevesearch/zapx#263</a>, <a href="https://redirect.github.com/blevesearch/zapx/pull/270">blevesearch/zapx#270</a>, <a href="https://redirect.github.com/blevesearch/zapx/pull/271">blevesearch/zapx#271</a>, <a href="https://redirect.github.com/blevesearch/zapx/pull/273">blevesearch/zapx#273</a>) to overcome <a href="https://redirect.github.com/blevesearch/bleve/issues/1662">blevesearch/bleve#1662</a></li> <li>Handling early exits/optimization for boolean queries (<a href="https://redirect.github.com/blevesearch/bleve/pull/2065">blevesearch/bleve#2065</a>)</li> </ul> <h5>Improvements</h5> <ul> <li>Vector search requires <code>faiss</code> dynamic library to be built from <a href="`b747c55a93`">blevesearch/faiss@b747c55a</a> which is a modified version of <a href="https://github.com/facebookresearch/faiss/releases/tag/v1.8.0">v1.8.0</a></li> <li>Support for cosine similarity distance metric to normalize vectors before indexing/querying for nearest neighbor search (<a href="https://redirect.github.com/blevesearch/bleve/pull/2051">blevesearch/bleve#2051</a>)</li> <li>Support for <a href="https://github.com/blevesearch/bleve/blob/v2.4.3/docs/vectors.md#querying-with-filters-v243">selectivity filters</a> as a pre-cursor to vector search (<a href="https://redirect.github.com/blevesearch/bleve/pull/2063">blevesearch/bleve#2063</a>)</li> </ul> <h5>Milestone</h5> <ul> <li><a href="https://github.com/blevesearch/bleve/milestone/23">v2.4.3</a></li> </ul> <h2>v2.4.2</h2> <h5>Bug Fixes</h5> <ul> <li>Set <code>MaxSegmentFileSize</code> for force merge when <code>SingleSegmentMergePlanOptions</code> goes into use (<a href="https://redirect.github.com/blevesearch/bleve/issues/2050">#2050</a>)</li> <li>Protect code against any bolt failures (<a href="https://redirect.github.com/blevesearch/bleve/issues/2043">#2043</a>)</li> <li>Fix size estimation for various field types (<a href="https://redirect.github.com/blevesearch/bleve/issues/2052">#2052</a>)</li> <li>Address an out-of-bounds panic that could occur with zapx/v16 in the event of a single non-vector field (<a href="https://redirect.github.com/blevesearch/bleve/issues/2058">#2058</a>) <ul> <li><a href="https://redirect.github.com/blevesearch/zapx/pull/252">blevesearch/zapx#252</a></li> </ul> </li> </ul> <h5>Improvements</h5> <ul> <li>Support new search params for vector search queries - [<code>ivf_probe_pct</code>, <code>ivf_max_codes_pct</code>] (<a href="https://redirect.github.com/blevesearch/bleve/issues/2049">#2049</a>)</li> </ul> <h5>Milestone</h5> <ul> <li><a href="https://github.com/blevesearch/bleve/milestone/22">v2.4.2</a></li> </ul> <h2>v2.4.1</h2> <h5>Bug Fixes</h5> <ul> <li>Addressed a bug where <code>ClientContextID</code> was missing from SearchRequest when library used with <code>vectors</code> (<a href="https://redirect.github.com/blevesearch/bleve/pull/2014">blevesearch/bleve#2014</a>)</li> <li>Fix to a memory leak in vector query path (<a href="https://redirect.github.com/blevesearch/bleve/pull/2023">blevesearch/bleve#2023</a>)</li> <li>Fix to issue <a href="https://redirect.github.com/blevesearch/bleve/issues/2027">blevesearch/bleve#2027</a>, error in parsing a certain datetime syntax (<a href="https://redirect.github.com/blevesearch/bleve/pull/2030">blevesearch/bleve#2030</a>)</li> <li>Fix that mitigates a race between persister's stale segment removal and index copy operations (<a href="https://redirect.github.com/blevesearch/bleve/pull/2032">blevesearch/bleve#2032</a>)</li> <li>Nested field mapping determination was broken (<a href="https://redirect.github.com/blevesearch/bleve/pull/2031">blevesearch/bleve#2031</a>)</li> </ul> <h5>Improvements</h5> <ul> <li>Vector search requires the <em>faiss</em> dynamic library to be built from <a href="`d9db66a385`">blevesearch/faiss@d9db66a</a></li> <li>Support for new data type - <code>vector_base64</code> which allows for interpreting vector float32s encoded as base64 following littleEndian byte ordering (<a href="https://redirect.github.com/blevesearch/bleve/pull/2012">blevesearch/bleve#2012</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`137a21665e`"><code>137a216</code></a> MB-64513: Upgrade blevesearch/go-faiss, zapx/v16 for fix (<a href="https://redirect.github.com/blevesearch/bleve/issues/2123">#2123</a>)</li> <li><a href="`5c53634221`"><code>5c53634</code></a> MB-64604: Remove unnecessary second map lookup (<a href="https://redirect.github.com/blevesearch/bleve/issues/2121">#2121</a>)</li> <li><a href="`78cf78999e`"><code>78cf789</code></a> MB-64604: Fix interpreting scorch config: "fieldTFRCacheThreshold" (<a href="https://redirect.github.com/blevesearch/bleve/issues/2117">#2117</a>)</li> <li><a href="`7d627b9f2d`"><code>7d627b9</code></a> MB-64360 - Upgrade zapx v16 (<a href="https://redirect.github.com/blevesearch/bleve/issues/2107">#2107</a>)</li> <li><a href="`e72f7c2f22`"><code>e72f7c2</code></a> MB-62230 - Pre-filtering Optimisation (<a href="https://redirect.github.com/blevesearch/bleve/issues/2098">#2098</a>)</li> <li><a href="`902051d4d4`"><code>902051d</code></a> MB-62230, MB-63992: Upgrade zapx/v16 (<a href="https://redirect.github.com/blevesearch/bleve/issues/2095">#2095</a>)</li> <li><a href="`cb1810f0d3`"><code>cb1810f</code></a> MB-63334: Fix race condition in NormalizeVector (<a href="https://redirect.github.com/blevesearch/bleve/issues/2094">#2094</a>)</li> <li><a href="`bed244cefd`"><code>bed244c</code></a> MB-57871: Upgrade zapx v15 and v16 (<a href="https://redirect.github.com/blevesearch/bleve/issues/2092">#2092</a>)</li> <li><a href="`ab10172e2c`"><code>ab10172</code></a> MB-57871, MB-62230: Upgrade to zapx/v16@v16.1.7 + go-faiss@v1.0.23 (<a href="https://redirect.github.com/blevesearch/bleve/issues/2088">#2088</a>)</li> <li><a href="`02d37a4fbc`"><code>02d37a4</code></a> MB-57871: Upgrade zapx/v16 and zapx/v15 for fixes (<a href="https://redirect.github.com/blevesearch/bleve/issues/2091">#2091</a>)</li> <li>Additional commits viewable in <a href="https://github.com/blevesearch/bleve/compare/v2.4.0...v2.4.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/blevesearch/bleve/v2&package-manager=go_modules&previous-version=2.4.0&new-version=2.4.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>	2025-01-24 19:10:21 +00:00
Neil	48fb3b923f	Update NATS to 2.10.25 (#3514 ) Signed-off-by: Neil Alexander <git@neilalexander.dev> Signed-off-by: Neil Alexander <git@neilalexander.dev> Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com> Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>	2025-01-24 18:37:39 +00:00
Neil	f4506a0d82	Refactor some JetStream helper code, add support for specifying JetStream domain (#3485 ) This should gracefully handle some more potential errors that the consumer fetches can return with retries, as well as setting some client settings for reconnects etc when using an external NATS Server. Also allow specifying the JetStream domain in case of a leafnode scenario and better manage client reuse across Dendrite. And also update NATS Server to 2.10.24 for good measure. This code is backported from Harmony. Signed-off-by: Neil Alexander <git@neilalexander.dev> --------- Signed-off-by: Neil Alexander <git@neilalexander.dev> Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com> Co-authored-by: Till <2353100+S7evinK@users.noreply.github.com>	2025-01-19 09:09:58 +00:00
dependabot[bot]	9de3e84fff	Bump gotest.tools/v3 from 3.4.0 to 3.5.1 (#3478 ) Bumps [gotest.tools/v3](https://github.com/gotestyourself/gotest.tools) from 3.4.0 to 3.5.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gotestyourself/gotest.tools/releases">gotest.tools/v3's releases</a>.</em></p> <blockquote> <h2>v3.5.1</h2> <h2>What's Changed</h2> <ul> <li>Make assert and golden packages compatible with other golden packages by <a href="https://github.com/dnephin"><code>@dnephin</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/271">gotestyourself/gotest.tools#271</a></li> <li>Also remove cr from file by <a href="https://github.com/filintod"><code>@filintod</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/273">gotestyourself/gotest.tools#273</a></li> <li>fs: add go doc links by <a href="https://github.com/dolmen"><code>@dolmen</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/275">gotestyourself/gotest.tools#275</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/filintod"><code>@filintod</code></a> made their first contribution in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/273">gotestyourself/gotest.tools#273</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gotestyourself/gotest.tools/compare/v3.5.0...v3.5.1">https://github.com/gotestyourself/gotest.tools/compare/v3.5.0...v3.5.1</a></p> <h2>v3.5.0</h2> <h2>What's Changed</h2> <ul> <li>go.mod: update dependencies and go version by <a href="https://github.com/thaJeztah"><code>@thaJeztah</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/248">gotestyourself/gotest.tools#248</a></li> <li>Use Go1.20 by <a href="https://github.com/dnephin"><code>@dnephin</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/252">gotestyourself/gotest.tools#252</a></li> <li>Fix couple of typos by <a href="https://github.com/wallyqs"><code>@wallyqs</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/253">gotestyourself/gotest.tools#253</a></li> <li>Added WithStdout and WithStderr helpers by <a href="https://github.com/ericfialkowski"><code>@ericfialkowski</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/258">gotestyourself/gotest.tools#258</a></li> <li>Moved cmdOperators handling from RunCmd to StartCmd by <a href="https://github.com/ericfialkowski"><code>@ericfialkowski</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/259">gotestyourself/gotest.tools#259</a></li> <li>Deprecate assert.ErrorType by <a href="https://github.com/dnephin"><code>@dnephin</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/254">gotestyourself/gotest.tools#254</a></li> <li>Remove outdated Dockerfile by <a href="https://github.com/dolmen"><code>@dolmen</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/261">gotestyourself/gotest.tools#261</a></li> <li>env: add godoc links by <a href="https://github.com/dolmen"><code>@dolmen</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/263">gotestyourself/gotest.tools#263</a></li> <li>poll: add godoc links by <a href="https://github.com/dolmen"><code>@dolmen</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/264">gotestyourself/gotest.tools#264</a></li> <li>doc: add godoc links by <a href="https://github.com/dolmen"><code>@dolmen</code></a> in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/262">gotestyourself/gotest.tools#262</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/wallyqs"><code>@wallyqs</code></a> made their first contribution in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/253">gotestyourself/gotest.tools#253</a></li> <li><a href="https://github.com/ericfialkowski"><code>@ericfialkowski</code></a> made their first contribution in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/258">gotestyourself/gotest.tools#258</a></li> <li><a href="https://github.com/dolmen"><code>@dolmen</code></a> made their first contribution in <a href="https://redirect.github.com/gotestyourself/gotest.tools/pull/261">gotestyourself/gotest.tools#261</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gotestyourself/gotest.tools/compare/v3.4.0...v3.5.0">https://github.com/gotestyourself/gotest.tools/compare/v3.4.0...v3.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`81cea1abc5`"><code>81cea1a</code></a> Merge pull request <a href="https://redirect.github.com/gotestyourself/gotest.tools/issues/275">#275</a> from gotestyourself/fs-add-godoc-links</li> <li><a href="`9af8f4ed6e`"><code>9af8f4e</code></a> fs: add go doc links</li> <li><a href="`2891300d35`"><code>2891300</code></a> Merge pull request <a href="https://redirect.github.com/gotestyourself/gotest.tools/issues/273">#273</a> from filintod/also-remove-cr-from-file</li> <li><a href="`4ed73505b6`"><code>4ed7350</code></a> fix lint line length</li> <li><a href="`7306428575`"><code>7306428</code></a> rebase/fix only doc</li> <li><a href="`e15fa271c8`"><code>e15fa27</code></a> Merge pull request <a href="https://redirect.github.com/gotestyourself/gotest.tools/issues/271">#271</a> from dnephin/gate-update-flag</li> <li><a href="`56c31231b2`"><code>56c3123</code></a> Make assert and golden compatible with other golden packages</li> <li><a href="`a80f057529`"><code>a80f057</code></a> Merge pull request <a href="https://redirect.github.com/gotestyourself/gotest.tools/issues/262">#262</a> from dolmen-go/add-godoc-links</li> <li><a href="`684bd43c42`"><code>684bd43</code></a> Merge pull request <a href="https://redirect.github.com/gotestyourself/gotest.tools/issues/264">#264</a> from dolmen-go/poll-add-godoc-links</li> <li><a href="`e2be4be0f7`"><code>e2be4be</code></a> Merge pull request <a href="https://redirect.github.com/gotestyourself/gotest.tools/issues/263">#263</a> from dolmen-go/env-add-godoc-links</li> <li>Additional commits viewable in <a href="https://github.com/gotestyourself/gotest.tools/compare/v3.4.0...v3.5.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gotest.tools/v3&package-manager=go_modules&previous-version=3.4.0&new-version=3.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> [skip CI]	2025-01-19 09:35:22 +01:00
dependabot[bot]	3e6835f073	Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.5 (#3495 ) [//]: # (dependabot-start) ⚠️ Dependabot is rebasing this PR ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.19.1 to 1.20.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/prometheus/client_golang/releases">github.com/prometheus/client_golang's releases</a>.</em></p> <blockquote> <h2>v1.20.5 / 2024-10-15</h2> <p>We decided to revert <a href="https://redirect.github.com/prometheus/client_golang/pull/1424">the <code>testutil</code> change</a> that made our util functions less error-prone, but created a lot of work for our downstream users. Apologies for the pain! This revert should not cause any major breaking change, even if you already did the work--unless you depend on the <a href="https://redirect.github.com/grafana/mimir/pull/9624#issuecomment-2413401565">exact error message</a>.</p> <p>Going forward, we plan to reinforce our release testing strategy <a href="https://redirect.github.com/prometheus/client_golang/issues/1646">[1]</a>,<a href="https://redirect.github.com/prometheus/client_golang/issues/1648">[2]</a> and deliver an enhanced <a href="https://redirect.github.com/prometheus/client_golang/issues/1639"><code>testutil</code> package/module</a> with more flexible and safer APIs.</p> <p>Thanks to <a href="https://github.com/dashpole"><code>@dashpole</code></a> <a href="https://github.com/dgrisonnet"><code>@dgrisonnet</code></a> <a href="https://github.com/kakkoyun"><code>@kakkoyun</code></a> <a href="https://github.com/ArthurSens"><code>@ArthurSens</code></a> <a href="https://github.com/vesari"><code>@vesari</code></a> <a href="https://github.com/logicalhan"><code>@logicalhan</code></a> <a href="https://github.com/krajorama"><code>@krajorama</code></a> <a href="https://github.com/bwplotka"><code>@bwplotka</code></a> who helped in this patch release! 🤗</p> <h3>Changelog</h3> <p>[BUGFIX] testutil: Reverted <a href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a>; functions using compareMetricFamilies are (again) only failing if filtered metricNames are in the expected input. <a href="https://redirect.github.com/prometheus/client_golang/issues/1645">#1645</a></p> <h2>v1.20.4</h2> <ul> <li>[BUGFIX] histograms: Fix a possible data race when appending exemplars vs metrics gather. <a href="https://redirect.github.com/prometheus/client_golang/issues/1623">#1623</a></li> </ul> <h2>v1.20.3</h2> <ul> <li>[BUGFIX] histograms: Fix possible data race when appending exemplars. <a href="https://redirect.github.com/prometheus/client_golang/issues/1608">#1608</a></li> </ul> <h2>v1.20.2</h2> <ul> <li>[BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. <a href="https://redirect.github.com/prometheus/client_golang/issues/1596">#1596</a></li> </ul> <h2>v1.20.1</h2> <p>This release contains the critical fix for the <a href="https://redirect.github.com/prometheus/client_golang/issues/1584">issue</a>. Thanks to <a href="https://github.com/geberl"><code>@geberl</code></a>, <a href="https://github.com/CubicrootXYZ"><code>@CubicrootXYZ</code></a>, <a href="https://github.com/zetaab"><code>@zetaab</code></a> and <a href="https://github.com/timofurrer"><code>@timofurrer</code></a> for helping us with the investigation!</p> <ul> <li>[BUGFIX] process-collector: Fixed unregistered descriptor error when using process collector with PedanticRegistry on Linux machines. <a href="https://redirect.github.com/prometheus/client_golang/issues/1587">#1587</a></li> </ul> <h2>v1.20.0</h2> <p>Thanks everyone for contributions!</p> <p>⚠️ In this release we remove one (broken anyway, given Go runtime changes) metric and add three new (representing GOGC, GOMEMLIMIT and GOMAXPROCS flags) to the default <code>collectors.NewGoCollector()</code> collector. Given its popular usage, expect your binary to expose two additional metric.</p> <h2>Changes</h2> <ul> <li>[CHANGE] ⚠️ go-collector: Remove <code>go_memstat_lookups_total</code> metric which was always 0; Go runtime stopped sharing pointer lookup statistics. <a href="https://redirect.github.com/prometheus/client_golang/issues/1577">#1577</a></li> <li>[FEATURE] ⚠️ go-collector: Add 3 default metrics: <code>go_gc_gogc_percent</code>, <code>go_gc_gomemlimit_bytes</code> and <code>go_sched_gomaxprocs_threads</code> as those are recommended by the Go team. <a href="https://redirect.github.com/prometheus/client_golang/issues/1559">#1559</a></li> <li>[FEATURE] go-collector: Add more information to all metrics' HELP e.g. the exact <code>runtime/metrics</code> sourcing each metric (if relevant). <a href="https://redirect.github.com/prometheus/client_golang/issues/1568">#1568</a> <a href="https://redirect.github.com/prometheus/client_golang/issues/1578">#1578</a></li> <li>[FEATURE] testutil: Add CollectAndFormat method. <a href="https://redirect.github.com/prometheus/client_golang/issues/1503">#1503</a></li> <li>[FEATURE] histograms: Add support for exemplars in native histograms. <a href="https://redirect.github.com/prometheus/client_golang/issues/1471">#1471</a></li> <li>[FEATURE] promhttp: Add experimental support for <code>zstd</code> on scrape, controlled by the request <code>Accept-Encoding</code> header. <a href="https://redirect.github.com/prometheus/client_golang/issues/1496">#1496</a></li> <li>[FEATURE] api/v1: Add <code>WithLimit</code> parameter to all API methods that supports it. <a href="https://redirect.github.com/prometheus/client_golang/issues/1544">#1544</a></li> <li>[FEATURE] prometheus: Add support for created timestamps in constant histograms and constant summaries. <a href="https://redirect.github.com/prometheus/client_golang/issues/1537">#1537</a></li> <li>[FEATURE] process-collectors: Add network usage metrics: <code>process_network_receive_bytes_total</code> and <code>process_network_transmit_bytes_total</code>. <a href="https://redirect.github.com/prometheus/client_golang/issues/1555">#1555</a></li> <li>[FEATURE] promlint: Add duplicated metric lint rule. <a href="https://redirect.github.com/prometheus/client_golang/issues/1472">#1472</a></li> <li>[BUGFIX] promlint: Relax metric type in name linter rule. <a href="https://redirect.github.com/prometheus/client_golang/issues/1455">#1455</a></li> <li>[BUGFIX] promhttp: Make sure server instrumentation wrapping supports new and future extra responseWriter methods. <a href="https://redirect.github.com/prometheus/client_golang/issues/1480">#1480</a></li> <li>[BUGFIX] testutil: Functions using compareMetricFamilies are now failing if filtered metricNames are not in the input. <a href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a></li> </ul> <!-- raw HTML omitted --> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md">github.com/prometheus/client_golang's changelog</a>.</em></p> <blockquote> <h2>1.20.5 / 2024-10-15</h2> <ul> <li>[BUGFIX] testutil: Reverted <a href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a>; functions using compareMetricFamilies are (again) only failing if filtered metricNames are in the expected input.</li> </ul> <h2>1.20.4 / 2024-09-07</h2> <ul> <li>[BUGFIX] histograms: Fix possible data race when appending exemplars vs metrics gather. <a href="https://redirect.github.com/prometheus/client_golang/issues/1623">#1623</a></li> </ul> <h2>1.20.3 / 2024-09-05</h2> <ul> <li>[BUGFIX] histograms: Fix possible data race when appending exemplars. <a href="https://redirect.github.com/prometheus/client_golang/issues/1608">#1608</a></li> </ul> <h2>1.20.2 / 2024-08-23</h2> <ul> <li>[BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. <a href="https://redirect.github.com/prometheus/client_golang/issues/1596">#1596</a></li> </ul> <h2>1.20.1 / 2024-08-20</h2> <ul> <li>[BUGFIX] process-collector: Fixed unregistered descriptor error when using process collector with <code>PedanticRegistry</code> on linux machines. <a href="https://redirect.github.com/prometheus/client_golang/issues/1587">#1587</a></li> </ul> <h2>1.20.0 / 2024-08-14</h2> <ul> <li>[CHANGE] ⚠️ go-collector: Remove <code>go_memstat_lookups_total</code> metric which was always 0; Go runtime stopped sharing pointer lookup statistics. <a href="https://redirect.github.com/prometheus/client_golang/issues/1577">#1577</a></li> <li>[FEATURE] ⚠️ go-collector: Add 3 default metrics: <code>go_gc_gogc_percent</code>, <code>go_gc_gomemlimit_bytes</code> and <code>go_sched_gomaxprocs_threads</code> as those are recommended by the Go team. <a href="https://redirect.github.com/prometheus/client_golang/issues/1559">#1559</a></li> <li>[FEATURE] go-collector: Add more information to all metrics' HELP e.g. the exact <code>runtime/metrics</code> sourcing each metric (if relevant). <a href="https://redirect.github.com/prometheus/client_golang/issues/1568">#1568</a> <a href="https://redirect.github.com/prometheus/client_golang/issues/1578">#1578</a></li> <li>[FEATURE] testutil: Add CollectAndFormat method. <a href="https://redirect.github.com/prometheus/client_golang/issues/1503">#1503</a></li> <li>[FEATURE] histograms: Add support for exemplars in native histograms. <a href="https://redirect.github.com/prometheus/client_golang/issues/1471">#1471</a></li> <li>[FEATURE] promhttp: Add experimental support for <code>zstd</code> on scrape, controlled by the request <code>Accept-Encoding</code> header. <a href="https://redirect.github.com/prometheus/client_golang/issues/1496">#1496</a></li> <li>[FEATURE] api/v1: Add <code>WithLimit</code> parameter to all API methods that supports it. <a href="https://redirect.github.com/prometheus/client_golang/issues/1544">#1544</a></li> <li>[FEATURE] prometheus: Add support for created timestamps in constant histograms and constant summaries. <a href="https://redirect.github.com/prometheus/client_golang/issues/1537">#1537</a></li> <li>[FEATURE] process-collector: Add network usage metrics: <code>process_network_receive_bytes_total</code> and <code>process_network_transmit_bytes_total</code>. <a href="https://redirect.github.com/prometheus/client_golang/issues/1555">#1555</a></li> <li>[FEATURE] promlint: Add duplicated metric lint rule. <a href="https://redirect.github.com/prometheus/client_golang/issues/1472">#1472</a></li> <li>[BUGFIX] promlint: Relax metric type in name linter rule. <a href="https://redirect.github.com/prometheus/client_golang/issues/1455">#1455</a></li> <li>[BUGFIX] promhttp: Make sure server instrumentation wrapping supports new and future extra responseWriter methods. <a href="https://redirect.github.com/prometheus/client_golang/issues/1480">#1480</a></li> <li>[BUGFIX] <strong>breaking</strong> testutil: Functions using compareMetricFamilies are now failing if filtered metricNames are not in the input. <a href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a> (reverted in 1.20.5)</li> </ul> <h2>1.19.0 / 2024-02-27</h2> <p>The module <code>prometheus/common v0.48.0</code> introduced an incompatibility when used together with client_golang (See <a href="https://redirect.github.com/prometheus/client_golang/pull/1448">prometheus/client_golang#1448</a> for more details). If your project uses client_golang and you want to use <code>prometheus/common v0.48.0</code> or higher, please update client_golang to v1.19.0.</p> <ul> <li>[CHANGE] Minimum required go version is now 1.20 (we also test client_golang against new 1.22 version). <a href="https://redirect.github.com/prometheus/client_golang/issues/1445">#1445</a> <a href="https://redirect.github.com/prometheus/client_golang/issues/1449">#1449</a></li> <li>[FEATURE] collectors: Add version collector. <a href="https://redirect.github.com/prometheus/client_golang/issues/1422">#1422</a> <a href="https://redirect.github.com/prometheus/client_golang/issues/1427">#1427</a></li> </ul> <h2>1.18.0 / 2023-12-22</h2> <ul> <li>[FEATURE] promlint: Allow creation of custom metric validations. <a href="https://redirect.github.com/prometheus/client_golang/issues/1311">#1311</a></li> <li>[FEATURE] Go programs using client_golang can be built in wasip1 OS. <a href="https://redirect.github.com/prometheus/client_golang/issues/1350">#1350</a></li> <li>[BUGFIX] histograms: Add timer to reset ASAP after bucket limiting has happened. <a href="https://redirect.github.com/prometheus/client_golang/issues/1367">#1367</a></li> <li>[BUGFIX] testutil: Fix comparison of metrics with empty Help strings. <a href="https://redirect.github.com/prometheus/client_golang/issues/1378">#1378</a></li> <li>[ENHANCEMENT] Improved performance of <code>MetricVec.WithLabelValues(...)</code>. <a href="https://redirect.github.com/prometheus/client_golang/issues/1360">#1360</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`48e12a1855`"><code>48e12a1</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/client_golang/issues/1645">#1645</a> from prometheus/cut-1204-pr1424</li> <li><a href="`504ad9bf5c`"><code>504ad9b</code></a> Cut 1.20.5; update comments.</li> <li><a href="`584a7ce3d9`"><code>584a7ce</code></a> Revert "testutil compareMetricFamilies: make less error-prone (<a href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a>)"</li> <li><a href="`05fcde9fe4`"><code>05fcde9</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/client_golang/issues/1623">#1623</a> from krajorama/data-race-in-histogram-write</li> <li><a href="`209f4c041e`"><code>209f4c0</code></a> Add changelog</li> <li><a href="`1e398ccb12`"><code>1e398cc</code></a> native histogram: Fix race between Write and addExemplar</li> <li><a href="`ef2f87ea98`"><code>ef2f87e</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/client_golang/issues/1620">#1620</a> from prometheus/arthursens/prepare-1.20.3</li> <li><a href="`937ac63d3d`"><code>937ac63</code></a> Add changelog entry for 1.20.3</li> <li><a href="`6e9914db5a`"><code>6e9914d</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/client_golang/issues/1608">#1608</a> from krajorama/index-out-of-range-native-histogram-e...</li> <li><a href="`d6b8c8925b`"><code>d6b8c89</code></a> Update comments with more explanations</li> <li>Additional commits viewable in <a href="https://github.com/prometheus/client_golang/compare/v1.19.1...v1.20.5">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/prometheus/client_golang&package-manager=go_modules&previous-version=1.19.1&new-version=1.20.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> [skip CI]	2025-01-19 09:30:45 +01:00
dependabot[bot]	60442bd059	Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#3479 ) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.9.0 to 1.10.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stretchr/testify/releases">github.com/stretchr/testify's releases</a>.</em></p> <blockquote> <h2>v1.10.0</h2> <h2>What's Changed</h2> <h3>Functional Changes</h3> <ul> <li>Add PanicAssertionFunc by <a href="https://github.com/fahimbagar"><code>@fahimbagar</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1337">stretchr/testify#1337</a></li> <li>assert: deprecate CompareType by <a href="https://github.com/dolmen"><code>@dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1566">stretchr/testify#1566</a></li> <li>assert: make YAML dependency pluggable via build tags by <a href="https://github.com/dolmen"><code>@dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1579">stretchr/testify#1579</a></li> <li>assert: new assertion NotElementsMatch by <a href="https://github.com/hendrywiranto"><code>@hendrywiranto</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1600">stretchr/testify#1600</a></li> <li>mock: in order mock calls by <a href="https://github.com/ReyOrtiz"><code>@ReyOrtiz</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1637">stretchr/testify#1637</a></li> <li>Add assertion for NotErrorAs by <a href="https://github.com/palsivertsen"><code>@palsivertsen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1129">stretchr/testify#1129</a></li> <li>Record Return Arguments of a Call by <a href="https://github.com/jayd3e"><code>@jayd3e</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1636">stretchr/testify#1636</a></li> <li>assert.EqualExportedValues: accepts everything by <a href="https://github.com/redachl"><code>@redachl</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1586">stretchr/testify#1586</a></li> </ul> <h3>Fixes</h3> <ul> <li>assert: make tHelper a type alias by <a href="https://github.com/dolmen"><code>@dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1562">stretchr/testify#1562</a></li> <li>Do not get argument again unnecessarily in Arguments.Error() by <a href="https://github.com/TomWright"><code>@TomWright</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/820">stretchr/testify#820</a></li> <li>Fix time.Time compare by <a href="https://github.com/myxo"><code>@myxo</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1582">stretchr/testify#1582</a></li> <li>assert.Regexp: handle []byte array properly by <a href="https://github.com/kevinburkesegment"><code>@kevinburkesegment</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1587">stretchr/testify#1587</a></li> <li>assert: collect.FailNow() should not panic by <a href="https://github.com/marshall-lee"><code>@marshall-lee</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1481">stretchr/testify#1481</a></li> <li>mock: simplify implementation of FunctionalOptions by <a href="https://github.com/dolmen"><code>@dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1571">stretchr/testify#1571</a></li> <li>mock: caller information for unexpected method call by <a href="https://github.com/spirin"><code>@spirin</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1644">stretchr/testify#1644</a></li> <li>suite: fix test failures by <a href="https://github.com/stevenh"><code>@stevenh</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1421">stretchr/testify#1421</a></li> <li>Fix issue <a href="https://redirect.github.com/stretchr/testify/issues/1662">#1662</a> (comparing infs should fail) by <a href="https://github.com/ybrustin"><code>@ybrustin</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1663">stretchr/testify#1663</a></li> <li>NotSame should fail if args are not pointers <a href="https://redirect.github.com/stretchr/testify/issues/1661">#1661</a> by <a href="https://github.com/sikehish"><code>@sikehish</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1664">stretchr/testify#1664</a></li> <li>Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in CI by <a href="https://github.com/sikehish"><code>@sikehish</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1667">stretchr/testify#1667</a></li> <li>fix: compare functional option names for indirect calls by <a href="https://github.com/arjun-1"><code>@arjun-1</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1626">stretchr/testify#1626</a></li> </ul> <h3>Documantation, Build & CI</h3> <ul> <li>.gitignore: ignore "go test -c" binaries by <a href="https://github.com/dolmen"><code>@dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1565">stretchr/testify#1565</a></li> <li>mock: improve doc by <a href="https://github.com/dolmen"><code>@dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1570">stretchr/testify#1570</a></li> <li>mock: fix FunctionalOptions docs by <a href="https://github.com/snirye"><code>@snirye</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1433">stretchr/testify#1433</a></li> <li>README: link out to the excellent testifylint by <a href="https://github.com/brackendawson"><code>@brackendawson</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1568">stretchr/testify#1568</a></li> <li>assert: fix typo in comment by <a href="https://github.com/JohnEndson"><code>@JohnEndson</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1580">stretchr/testify#1580</a></li> <li>Correct the EventuallyWithT and EventuallyWithTf example by <a href="https://github.com/JonCrowther"><code>@JonCrowther</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1588">stretchr/testify#1588</a></li> <li>CI: bump softprops/action-gh-release from 1 to 2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1575">stretchr/testify#1575</a></li> <li>mock: document more alternatives to deprecated AnythingOfTypeArgument by <a href="https://github.com/dolmen"><code>@dolmen</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1569">stretchr/testify#1569</a></li> <li>assert: Correctly document EqualValues behavior by <a href="https://github.com/brackendawson"><code>@brackendawson</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1593">stretchr/testify#1593</a></li> <li>fix: grammar in godoc by <a href="https://github.com/miparnisari"><code>@miparnisari</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1607">stretchr/testify#1607</a></li> <li>.github/workflows: Run tests for Go 1.22 by <a href="https://github.com/HaraldNordgren"><code>@HaraldNordgren</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1629">stretchr/testify#1629</a></li> <li>Document suite's lack of support for t.Parallel by <a href="https://github.com/brackendawson"><code>@brackendawson</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1645">stretchr/testify#1645</a></li> <li>assert: fix typos in comments by <a href="https://github.com/alexandear"><code>@alexandear</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1650">stretchr/testify#1650</a></li> <li>mock: fix doc comment for NotBefore by <a href="https://github.com/alexandear"><code>@alexandear</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1651">stretchr/testify#1651</a></li> <li>Generate better comments for require package by <a href="https://github.com/Neokil"><code>@Neokil</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1610">stretchr/testify#1610</a></li> <li>README: replace Testify V2 notice with <a href="https://github.com/dolmen"><code>@dolmen</code></a>'s V2 manifesto by <a href="https://github.com/hendrywiranto"><code>@hendrywiranto</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1518">stretchr/testify#1518</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/fahimbagar"><code>@fahimbagar</code></a> made their first contribution in <a href="https://redirect.github.com/stretchr/testify/pull/1337">stretchr/testify#1337</a></li> <li><a href="https://github.com/TomWright"><code>@TomWright</code></a> made their first contribution in <a href="https://redirect.github.com/stretchr/testify/pull/820">stretchr/testify#820</a></li> <li><a href="https://github.com/snirye"><code>@snirye</code></a> made their first contribution in <a href="https://redirect.github.com/stretchr/testify/pull/1433">stretchr/testify#1433</a></li> <li><a href="https://github.com/myxo"><code>@myxo</code></a> made their first contribution in <a href="https://redirect.github.com/stretchr/testify/pull/1582">stretchr/testify#1582</a></li> <li><a href="https://github.com/JohnEndson"><code>@JohnEndson</code></a> made their first contribution in <a href="https://redirect.github.com/stretchr/testify/pull/1580">stretchr/testify#1580</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`89cbdd9e7b`"><code>89cbdd9</code></a> Merge pull request <a href="https://redirect.github.com/stretchr/testify/issues/1626">#1626</a> from arjun-1/fix-functional-options-diff-indirect-calls</li> <li><a href="`07bac606be`"><code>07bac60</code></a> Merge pull request <a href="https://redirect.github.com/stretchr/testify/issues/1667">#1667</a> from sikehish/flaky</li> <li><a href="`716de8dff4`"><code>716de8d</code></a> Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in CI</li> <li><a href="`118fb83466`"><code>118fb83</code></a> NotSame should fail if args are not pointers <a href="https://redirect.github.com/stretchr/testify/issues/1661">#1661</a> (<a href="https://redirect.github.com/stretchr/testify/issues/1664">#1664</a>)</li> <li><a href="`7d99b2b43d`"><code>7d99b2b</code></a> attempt 2</li> <li><a href="`05f87c0160`"><code>05f87c0</code></a> more similar</li> <li><a href="`ea7129e006`"><code>ea7129e</code></a> better fmt</li> <li><a href="`a1b9c9efe3`"><code>a1b9c9e</code></a> Merge pull request <a href="https://redirect.github.com/stretchr/testify/issues/1663">#1663</a> from ybrustin/master</li> <li><a href="`8302de98b1`"><code>8302de9</code></a> Merge branch 'master' into master</li> <li><a href="`89352f7958`"><code>89352f7</code></a> Merge pull request <a href="https://redirect.github.com/stretchr/testify/issues/1518">#1518</a> from hendrywiranto/adjust-readme-remove-v2</li> <li>Additional commits viewable in <a href="https://github.com/stretchr/testify/compare/v1.9.0...v1.10.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/stretchr/testify&package-manager=go_modules&previous-version=1.9.0&new-version=1.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> [skip CI]	2025-01-19 09:29:00 +01:00
dependabot[bot]	a41f9cc154	Bump modernc.org/sqlite from 1.34.2 to 1.34.5 (#3500 ) Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.34.2 to 1.34.5. <details> <summary>Commits</summary> <ul> <li><a href="`15818ab7fe`"><code>15818ab</code></a> move the vendor tool into a separate module, updates gc#3</li> <li><a href="`d3e8a664e8`"><code>d3e8a66</code></a> retract v1.34.3</li> <li><a href="`1fcc86e9d6`"><code>1fcc86e</code></a> fix accidentaly broken openbsd/amd64 build</li> <li><a href="`7f15e6eb45`"><code>7f15e6e</code></a> linux/arm64: patch libc bug at runtime, updates <a href="https://gitlab.com/cznic/sqlite/issues/199">#199</a></li> <li>See full diff in <a href="https://gitlab.com/cznic/sqlite/compare/v1.34.2...v1.34.5">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=modernc.org/sqlite&package-manager=go_modules&previous-version=1.34.2&new-version=1.34.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-01-16 23:22:19 +01:00
dependabot[bot]	315269d8f9	Bump golang.org/x/net from 0.32.0 to 0.33.0 (#3499 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.32.0 to 0.33.0. <details> <summary>Commits</summary> <ul> <li><a href="`dfc720dfe0`"><code>dfc720d</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="`8e66b04771`"><code>8e66b04</code></a> html: use strings.EqualFold instead of lowering ourselves</li> <li><a href="`b935f7b5d7`"><code>b935f7b</code></a> html: avoid endless loop on error token</li> <li><a href="`9af49ef148`"><code>9af49ef</code></a> route: remove unused sizeof* consts</li> <li><a href="`6705db9a4d`"><code>6705db9</code></a> quic: clean up crypto streams when dropping packet protection keys</li> <li><a href="`4ef7588d2b`"><code>4ef7588</code></a> quic: handle ACK frame in packet which drops number space</li> <li><a href="`552d8ac903`"><code>552d8ac</code></a> Revert "route: change from syscall to x/sys/unix"</li> <li><a href="`13a7c0108b`"><code>13a7c01</code></a> Revert "route: remove unused sizeof* consts on freebsd"</li> <li>See full diff in <a href="https://github.com/golang/net/compare/v0.32.0...v0.33.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/net&package-manager=go_modules&previous-version=0.32.0&new-version=0.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/element-hq/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> [skip ci]	2025-01-16 23:21:53 +01:00
dependabot[bot]	2ab4219ffc	Bump github.com/nats-io/nats.go from 1.37.0 to 1.38.0 (#3481 ) Bumps [github.com/nats-io/nats.go](https://github.com/nats-io/nats.go) from 1.37.0 to 1.38.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nats-io/nats.go/releases">github.com/nats-io/nats.go's releases</a>.</em></p> <blockquote> <h2>v1.38.0</h2> <h2>Changelog</h2> <h3>Added</h3> <ul> <li>Core NATS: <ul> <li>Added <code>UserInfoHandler</code> for dynamically setting user/password (<a href="https://redirect.github.com/nats-io/nats.go/issues/1713">#1713</a>)</li> <li>Added <code>PermissionErrOnSubscribe</code> option, causing <code>SubscribeSync</code> to return <code>nats.ErrPermissionViolation</code> on <code>NextMsg()</code> if there was a permission error (<a href="https://redirect.github.com/nats-io/nats.go/issues/1728">#1728</a>)</li> <li>Added <code>Msgs()</code> method on <code>Subscription</code>, returning an iterator (<code>iter.Seq2[*nats.Msg, error]</code>) for the subscription. This method is only available for go version >=1.23 (<a href="https://redirect.github.com/nats-io/nats.go/issues/1728">#1728</a>)</li> </ul> </li> <li>KeyValue:</li> <li>Added <code>WatchFiltered</code> method to watch for updates with multiple filters (<a href="https://redirect.github.com/nats-io/nats.go/issues/1739">#1739</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Core NATS: <ul> <li>Fixed closing connections on max subscriptions exceeded (<a href="https://redirect.github.com/nats-io/nats.go/issues/1709">#1709</a>)</li> <li>Removed redundant nil checks. Thanks <a href="https://github.com/ramonberrutti"><code>@ramonberrutti</code></a> for the contribution (<a href="https://redirect.github.com/nats-io/nats.go/issues/1751">#1751</a>)</li> <li>Add missing nats prefix to error (<a href="https://redirect.github.com/nats-io/nats.go/issues/1753">#1753</a>)</li> </ul> </li> <li>JetStream: <ul> <li>Fixed <code>PublishAsync</code> not closing done and stall channels after failed retries (<a href="https://redirect.github.com/nats-io/nats.go/issues/1719">#1719</a>)</li> <li>Set valid fetch sequence in ordered consumer's <code>Fetch()</code> and <code>Next()</code> after timeout (<a href="https://redirect.github.com/nats-io/nats.go/issues/1705">#1705</a>)</li> <li>Do not overwrite ordered consumer deliver policy if start time is set (<a href="https://redirect.github.com/nats-io/nats.go/issues/1742">#1742</a>)</li> <li>Fixed race condition in <code>MessageBatch</code> (<a href="https://redirect.github.com/nats-io/nats.go/issues/1743">#1743</a>)</li> </ul> </li> <li>Legacy JetStream: <ul> <li>Fixed race condition in <code>MessageBatch</code> (<a href="https://redirect.github.com/nats-io/nats.go/issues/1743">#1743</a>)</li> </ul> </li> </ul> <h3>Changed</h3> <ul> <li>Legacy Jetstream: <ul> <li>Added client retry for jetstream async publish old API. Thanks <a href="https://github.com/pranavmehta94"><code>@pranavmehta94</code></a> for the contribution (<a href="https://redirect.github.com/nats-io/nats.go/issues/1695">#1695</a>)</li> </ul> </li> </ul> <h3>Improved</h3> <ul> <li>Moved CI to github actions (<a href="https://redirect.github.com/nats-io/nats.go/issues/1623">#1623</a>, <a href="https://redirect.github.com/nats-io/nats.go/issues/1716">#1716</a>)</li> <li>Use errors.New instead of fmt.Errorf to improve efficiency. Thanks <a href="https://github.com/canack"><code>@canack</code></a> for the contribution (<a href="https://redirect.github.com/nats-io/nats.go/issues/1707">#1707</a>)</li> <li>Fixed invalid schemas in Service API documentation (<a href="https://redirect.github.com/nats-io/nats.go/issues/1720">#1720</a>)</li> <li>Added mention of TTL reset in <code>kv.Update</code> method. Thanks <a href="https://github.com/fmontorsi-equinix"><code>@fmontorsi-equinix</code></a> for the contribution (<a href="https://redirect.github.com/nats-io/nats.go/issues/1727">#1727</a>)</li> <li>Updated installation commands in <code>README.md</code> (<a href="https://redirect.github.com/nats-io/nats.go/issues/1745">#1745</a>)</li> <li>Bump <code>nkeys</code> to v0.4.9 (<a href="https://redirect.github.com/nats-io/nats.go/issues/1750">#1750</a>)</li> </ul> <h3>Complete Changes</h3> <p><a href="https://github.com/nats-io/nats.go/compare/v1.37.0...v1.38.0">https://github.com/nats-io/nats.go/compare/v1.37.0...v1.38.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`48391f1b8b`"><code>48391f1</code></a> Release v1.38.0 (<a href="https://redirect.github.com/nats-io/nats.go/issues/1754">#1754</a>)</li> <li><a href="`6f4e85afdb`"><code>6f4e85a</code></a> [FIXED] Add missing nats prefix to error (<a href="https://redirect.github.com/nats-io/nats.go/issues/1753">#1753</a>)</li> <li><a href="`074c819479`"><code>074c819</code></a> [FIXED] twice respMap nil check (<a href="https://redirect.github.com/nats-io/nats.go/issues/1751">#1751</a>)</li> <li><a href="`d6eaa84a03`"><code>d6eaa84</code></a> [ADDED] Creating iterators for sync subscriptions (<a href="https://redirect.github.com/nats-io/nats.go/issues/1728">#1728</a>)</li> <li><a href="`6bc41598cc`"><code>6bc4159</code></a> [FIXED] Race in MessageBatch (<a href="https://redirect.github.com/nats-io/nats.go/issues/1743">#1743</a>)</li> <li><a href="`d05f24af9e`"><code>d05f24a</code></a> Bump nkeys to 0.4.7 (<a href="https://redirect.github.com/nats-io/nats.go/issues/1750">#1750</a>)</li> <li><a href="`01fafde033`"><code>01fafde</code></a> [IMPROVED] Update installation commands (<a href="https://redirect.github.com/nats-io/nats.go/issues/1745">#1745</a>)</li> <li><a href="`f563c66855`"><code>f563c66</code></a> [FIXED] Do not overwrite ordered consumer deliver policy if start time is set...</li> <li><a href="`e963b776f2`"><code>e963b77</code></a> [ADDED] WatchFiltered method on KV (<a href="https://redirect.github.com/nats-io/nats.go/issues/1739">#1739</a>)</li> <li><a href="`4530ef6abf`"><code>4530ef6</code></a> [FIXED] Invalid fetch sequence in ordered consumer Fetch and Next after timeo...</li> <li>Additional commits viewable in <a href="https://github.com/nats-io/nats.go/compare/v1.37.0...v1.38.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/nats-io/nats.go&package-manager=go_modules&previous-version=1.37.0&new-version=1.38.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-01-16 22:59:19 +01:00
Travis Ralston	e9cc37ac52	Merge commit from fork * Support configuring allow/deny networks * Make the DNS cache aware of the allow/deny networks * Allow all networks in CI * Update GMSL * Add missed file --------- Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>	2025-01-16 19:35:50 +01:00
dependabot[bot]	97706ffa28	Bump github.com/gorilla/websocket from 1.5.0 to 1.5.3 (#3455 ) Bumps [github.com/gorilla/websocket](https://github.com/gorilla/websocket) from 1.5.0 to 1.5.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gorilla/websocket/releases">github.com/gorilla/websocket's releases</a>.</em></p> <blockquote> <h2>v1.5.3</h2> <h2>Important change</h2> <p>This reverts the websockets package back to <a href="`931041c5ee`</a></p> <h2>What's Changed</h2> <ul> <li>Fixes subprotocol selection (aling with rfc6455) by <a href="https://github.com/KSDaemon"><code>@KSDaemon</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/823">gorilla/websocket#823</a></li> <li>Update README.md, replace master to main by <a href="https://github.com/mstmdev"><code>@mstmdev</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/862">gorilla/websocket#862</a></li> <li>Use status code constant by <a href="https://github.com/mstmdev"><code>@mstmdev</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/864">gorilla/websocket#864</a></li> <li>conn.go: default close handler should not return ErrCloseSent. by <a href="https://github.com/pnx"><code>@pnx</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/865">gorilla/websocket#865</a></li> <li>fix: replace ioutil.readfile with os.readfile by <a href="https://github.com/rfyiamcool"><code>@rfyiamcool</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/868">gorilla/websocket#868</a></li> <li>fix: add comment for the readBufferSize and writeBufferSize by <a href="https://github.com/rfyiamcool"><code>@rfyiamcool</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/869">gorilla/websocket#869</a></li> <li>Remove noisy printf in NextReader() and beginMessage() by <a href="https://github.com/bcreane"><code>@bcreane</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/878">gorilla/websocket#878</a></li> <li>docs(echoreadall): fix function echoReadAll comment by <a href="https://github.com/XdpCs"><code>@XdpCs</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/881">gorilla/websocket#881</a></li> <li>make tests parallel by <a href="https://github.com/ninedraft"><code>@ninedraft</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/872">gorilla/websocket#872</a></li> <li>Upgrader.Upgrade: use http.ResposnseController by <a href="https://github.com/ninedraft"><code>@ninedraft</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/871">gorilla/websocket#871</a></li> <li>Do not handle network error in <code>SetCloseHandler()</code> by <a href="https://github.com/nak3"><code>@nak3</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/863">gorilla/websocket#863</a></li> <li>perf: reduce timer in write_control by <a href="https://github.com/rfyiamcool"><code>@rfyiamcool</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/879">gorilla/websocket#879</a></li> <li>fix: lint example code by <a href="https://github.com/rfyiamcool"><code>@rfyiamcool</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/890">gorilla/websocket#890</a></li> <li>feat: format message type by <a href="https://github.com/rfyiamcool"><code>@rfyiamcool</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/889">gorilla/websocket#889</a></li> <li>Remove hideTempErr to allow downstream users to check for errors like net.ErrClosed by <a href="https://github.com/UnAfraid"><code>@UnAfraid</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/894">gorilla/websocket#894</a></li> <li>Do not timeout when WriteControl deadline is zero in <a href="https://redirect.github.com/gorilla/websocket/pull/898">gorilla/websocket#898</a></li> <li>Excludes errchecks linter by <a href="https://github.com/apoorvajagtap"><code>@apoorvajagtap</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/904">gorilla/websocket#904</a></li> <li>Return errors instead of printing to logs by <a href="https://github.com/apoorvajagtap"><code>@apoorvajagtap</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/897">gorilla/websocket#897</a></li> <li>Revert " Update go version & add verification/testing tools (<a href="https://redirect.github.com/gorilla/websocket/issues/840">#840</a>)" by <a href="https://github.com/apoorvajagtap"><code>@apoorvajagtap</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/908">gorilla/websocket#908</a></li> <li>Fixes broken random value generation by <a href="https://github.com/apoorvajagtap"><code>@apoorvajagtap</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/926">gorilla/websocket#926</a></li> <li>Reverts back to v1.5.0 by <a href="https://github.com/apoorvajagtap"><code>@apoorvajagtap</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/929">gorilla/websocket#929</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/KSDaemon"><code>@KSDaemon</code></a> made their first contribution in <a href="https://redirect.github.com/gorilla/websocket/pull/823">gorilla/websocket#823</a></li> <li><a href="https://github.com/mstmdev"><code>@mstmdev</code></a> made their first contribution in <a href="https://redirect.github.com/gorilla/websocket/pull/862">gorilla/websocket#862</a></li> <li><a href="https://github.com/pnx"><code>@pnx</code></a> made their first contribution in <a href="https://redirect.github.com/gorilla/websocket/pull/865">gorilla/websocket#865</a></li> <li><a href="https://github.com/rfyiamcool"><code>@rfyiamcool</code></a> made their first contribution in <a href="https://redirect.github.com/gorilla/websocket/pull/868">gorilla/websocket#868</a></li> <li><a href="https://github.com/bcreane"><code>@bcreane</code></a> made their first contribution in <a href="https://redirect.github.com/gorilla/websocket/pull/878">gorilla/websocket#878</a></li> <li><a href="https://github.com/XdpCs"><code>@XdpCs</code></a> made their first contribution in <a href="https://redirect.github.com/gorilla/websocket/pull/881">gorilla/websocket#881</a></li> <li><a href="https://github.com/ninedraft"><code>@ninedraft</code></a> made their first contribution in <a href="https://redirect.github.com/gorilla/websocket/pull/872">gorilla/websocket#872</a></li> <li><a href="https://github.com/nak3"><code>@nak3</code></a> made their first contribution in <a href="https://redirect.github.com/gorilla/websocket/pull/863">gorilla/websocket#863</a></li> <li><a href="https://github.com/UnAfraid"><code>@UnAfraid</code></a> made their first contribution in <a href="https://redirect.github.com/gorilla/websocket/pull/894">gorilla/websocket#894</a></li> <li><a href="https://github.com/apoorvajagtap"><code>@apoorvajagtap</code></a> made their first contribution in <a href="https://redirect.github.com/gorilla/websocket/pull/904">gorilla/websocket#904</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gorilla/websocket/compare/v1.5.1...v1.5.3">https://github.com/gorilla/websocket/compare/v1.5.1...v1.5.3</a></p> <h2>v1.5.2</h2> <h2>What's Changed</h2> <ul> <li>Fixes subprotocol selection (aling with rfc6455) by <a href="https://github.com/KSDaemon"><code>@KSDaemon</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/823">gorilla/websocket#823</a></li> <li>Update README.md, replace master to main by <a href="https://github.com/mstmdev"><code>@mstmdev</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/862">gorilla/websocket#862</a></li> <li>Use status code constant by <a href="https://github.com/mstmdev"><code>@mstmdev</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/864">gorilla/websocket#864</a></li> <li>conn.go: default close handler should not return ErrCloseSent. by <a href="https://github.com/pnx"><code>@pnx</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/865">gorilla/websocket#865</a></li> <li>fix: replace ioutil.readfile with os.readfile by <a href="https://github.com/rfyiamcool"><code>@rfyiamcool</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/868">gorilla/websocket#868</a></li> <li>fix: add comment for the readBufferSize and writeBufferSize by <a href="https://github.com/rfyiamcool"><code>@rfyiamcool</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/869">gorilla/websocket#869</a></li> <li>Remove noisy printf in NextReader() and beginMessage() by <a href="https://github.com/bcreane"><code>@bcreane</code></a> in <a href="https://redirect.github.com/gorilla/websocket/pull/878">gorilla/websocket#878</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`ce903f6d1d`"><code>ce903f6</code></a> Reverts to v1.5.0</li> <li><a href="`9ec25ca502`"><code>9ec25ca</code></a> fixes broken random value generation</li> <li><a href="`1bddf2e0db`"><code>1bddf2e</code></a> bumps go version & removes deprecated module usage</li> <li><a href="`750bf92096`"><code>750bf92</code></a> adds GHA & Makefile configs</li> <li><a href="`b2c246b2ec`"><code>b2c246b</code></a> Revert " Update go version & add verification/testing tools (<a href="https://redirect.github.com/gorilla/websocket/issues/840">#840</a>)"</li> <li><a href="`09a6bab466`"><code>09a6bab</code></a> removing error handling while closing connections</li> <li><a href="`58af150309`"><code>58af150</code></a> return errors instead of printing to logs</li> <li><a href="`e5f1a0aad0`"><code>e5f1a0a</code></a> excludes errchecks linter</li> <li><a href="`b2a86a1744`"><code>b2a86a1</code></a> Do not timeout when WriteControl deadline is zero</li> <li><a href="`695e9095ce`"><code>695e909</code></a> Remove hideTempErr to allow downstream users to check for errors like net.Err...</li> <li>Additional commits viewable in <a href="https://github.com/gorilla/websocket/compare/v1.5.0...v1.5.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gorilla/websocket&package-manager=go_modules&previous-version=1.5.0&new-version=1.5.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-12-17 21:44:13 +00:00
dependabot[bot]	3be22065a6	Bump github.com/docker/go-connections from 0.4.0 to 0.5.0 (#3465 ) Bumps [github.com/docker/go-connections](https://github.com/docker/go-connections) from 0.4.0 to 0.5.0. <details> <summary>Commits</summary> <ul> <li><a href="`fa09c952e3`"><code>fa09c95</code></a> Merge pull request <a href="https://redirect.github.com/docker/go-connections/issues/108">#108</a> from thaJeztah/carry_6</li> <li><a href="`7a67a58690`"><code>7a67a58</code></a> Swap CloseRead and CloseWrite</li> <li><a href="`481d3d26b3`"><code>481d3d2</code></a> Merge pull request <a href="https://redirect.github.com/docker/go-connections/issues/107">#107</a> from thaJeztah/drop_legacy_go</li> <li><a href="`9548f9f7bd`"><code>9548f9f</code></a> tlsconfig: remove deprecated io/ioutil</li> <li><a href="`c564c210e1`"><code>c564c21</code></a> drop support for go1.17 and older</li> <li><a href="`7cbebcf931`"><code>7cbebcf</code></a> gha: update actions</li> <li><a href="`2cf423f0ad`"><code>2cf423f</code></a> tlsconfig: move allTLSVersions var</li> <li><a href="`dca283b665`"><code>dca283b</code></a> tlsconfig: drop support for go1.12 and older</li> <li><a href="`21876c5afd`"><code>21876c5</code></a> tlsconfig: drop support for go1.6 and older</li> <li><a href="`4d174dba22`"><code>4d174db</code></a> tlsconfig: drop support for go1.4 and older</li> <li>Additional commits viewable in <a href="https://github.com/docker/go-connections/compare/v0.4.0...v0.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/go-connections&package-manager=go_modules&previous-version=0.4.0&new-version=0.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-12-17 22:00:10 +01:00
dependabot[bot]	19cc831fdd	Bump github.com/docker/docker from 26.1.0+incompatible to 26.1.5+incompatible (#3466 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.0+incompatible to 26.1.5+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v26.1.5</h2> <h2>26.1.5</h2> <h3>Security</h3> <p>This release contains a fix for <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110">CVE-2024-41110</a> / <a href="https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq">GHSA-v23v-6jw2-98fq</a> that impacted setups using <a href="https://docs.docker.com/engine/extend/plugins_authorization/">authorization plugins (AuthZ)</a> for access control. No other changes are included in this release, and this release is otherwise identical for users not using AuthZ plugins.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/moby/moby/compare/v26.1.4...v26.1.5">https://github.com/moby/moby/compare/v26.1.4...v26.1.5</a></p> <h2>v26.1.4</h2> <h2>26.1.4</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A26.1.4">docker/cli, 26.1.4 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A26.1.4">moby/moby, 26.1.4 milestone</a></li> <li>Deprecated and removed features, see <a href="https://github.com/docker/cli/blob/v26.1.4/docs/deprecated.md">Deprecated Features</a>.</li> <li>Changes to the Engine API, see <a href="https://github.com/moby/moby/blob/v26.1.4/docs/api/version-history.md">API version history</a>.</li> </ul> <h3>Security</h3> <p>This release updates the Go runtime to 1.21.11 which contains security fixes for:</p> <ul> <li><a href="https://redirect.github.com/golang/go/issues/66869">CVE-2024-24789</a></li> <li><a href="https://redirect.github.com/golang/go/issues/67680">CVE-2024-24790</a></li> <li>A symlink time of check to time of use race condition during directory removal reported by Addison Crump (<a href="https://github.com/addisoncrump"><code>@addisoncrump</code></a>).</li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>Fixed an issue where promoting a node immediately after another node was demoted could cause the promotion to fail. <a href="https://redirect.github.com/moby/moby/pull/47870">moby/moby#47870</a></li> <li>Prevent the daemon log from being spammed with <code>superfluous response.WriteHeader call ...</code> messages.. <a href="https://redirect.github.com/moby/moby/pull/47843">moby/moby#47843</a></li> <li>Don't show empty hints when plugins return an empty hook message. <a href="https://redirect.github.com/docker/cli/pull/5083">docker/cli#5083</a></li> <li>Added <code>ContextType: "moby"</code> to the context list/inspect output to address a compatibility issue with Visual Studio Container Tools. <a href="https://redirect.github.com/docker/cli/pull/5095">docker/cli#5095</a></li> <li>Fix a compatibility issue with Visual Studio Container Tools. <a href="https://redirect.github.com/docker/cli/pull/5095">docker/cli#5095</a></li> </ul> <h3>Packaging updates</h3> <ul> <li>Update containerd (static binaries only) to <a href="https://github.com/containerd/containerd/releases/tag/v1.7.17">v1.7.17</a>. <a href="https://redirect.github.com/moby/moby/pull/47841">moby/moby#47841</a></li> <li><a href="https://redirect.github.com/golang/go/issues/66869">CVE-2024-24789</a>, <a href="https://redirect.github.com/golang/go/issues/67680">CVE-2024-24790</a>: Update Go runtime to 1.21.11. <a href="https://redirect.github.com/moby/moby/pull/47904">moby/moby#47904</a></li> <li>Update Compose to <a href="https://github.com/docker/compose/releases/tag/v2.27.1">v2.27.1</a>. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/1022">docker/docker-ce-packages#1022</a></li> <li>Update Buildx to <a href="https://github.com/docker/buildx/releases/tag/v0.14.1">v0.14.1</a>. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/1021">docker/docker-ce-packages#1021</a></li> </ul> <h2>v26.1.3</h2> <h2>26.1.3</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`411e817ddf`"><code>411e817</code></a> Merge commit from fork</li> <li><a href="`9cc85eaef1`"><code>9cc85ea</code></a> If url includes scheme, urlPath will drop hostname, which would not match the...</li> <li><a href="`820cab90bc`"><code>820cab9</code></a> Authz plugin security fixes for 0-length content and path validation</li> <li><a href="`6bc49067a6`"><code>6bc4906</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/48123">#48123</a> from vvoland/v26.1-48120</li> <li><a href="`6fbdce4b94`"><code>6fbdce4</code></a> update to go1.21.12</li> <li><a href="`f5334644ec`"><code>f533464</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47986">#47986</a> from vvoland/v26.1-47985</li> <li><a href="`c1d4587d76`"><code>c1d4587</code></a> builder/mobyexporter: Add missing nil check</li> <li><a href="`d6428049a5`"><code>d642804</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47940">#47940</a> from thaJeztah/26.1_backport_api_remove_container_c...</li> <li><a href="`daba2462f5`"><code>daba246</code></a> docs: api: image inspect: remove Container and ContainerConfig</li> <li><a href="`de5c9cf0b9`"><code>de5c9cf</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47912">#47912</a> from thaJeztah/26.1_backport_vendor_containerd_1.7.18</li> <li>Additional commits viewable in <a href="https://github.com/docker/docker/compare/v26.1.0...v26.1.5">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=26.1.0+incompatible&new-version=26.1.5+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/element-hq/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-12-17 21:42:08 +01:00
dependabot[bot]	f8ef6118c7	Bump github.com/docker/docker from 25.0.6+incompatible to 27.4.0+incompatible (#3458 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.6+incompatible to 27.4.0+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v27.4.0</h2> <h2>27.4.0</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A27.4.0">docker/cli, 27.4.0 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A27.4.0">moby/moby, 27.4.0 milestone</a></li> </ul> <h3>API</h3> <ul> <li><code>GET /images/json</code> with the <code>manifests</code> option enabled now preserves the original order in which manifests appeared in the manifest-index. <a href="https://redirect.github.com/moby/moby/pull/48712">moby/moby#48712</a></li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>When reading logs with the <code>jsonfile</code> or <code>local</code> log drivers, any errors while trying to read or parse underlying log files will cause the rest of the file to be skipped and move to the next log file (if one exists) rather than returning an error to the client and closing the stream. The errors are viewable in the Docker Daemon logs and exported to traces when tracing is configured. <a href="https://redirect.github.com/moby/moby/pull/48842">moby/moby#48842</a></li> <li>When reading log files, compressed log files are now only decompressed when needed rather than decompressing all files before starting the log stream. <a href="https://redirect.github.com/moby/moby/pull/48842">moby/moby#48842</a></li> <li>Fix an issue that meant published ports from one container on a bridge network were not accessible from another container on the same network with <code>userland-proxy</code> disabled, if the kernel's <code>br_netfilter</code> module was not loaded and enabled. The daemon will now attempt to load the module and enable <code>bridge-nf-call-iptables</code> or <code>bridge-nf-call-ip6tables</code> when creating a network with the userland proxy disabled. <a href="https://redirect.github.com/moby/moby/pull/48685">moby/moby#48685</a></li> <li>Fix loading of <code>bridge</code> and <code>br_netfilter</code> kernel modules. <a href="https://redirect.github.com/moby/moby/pull/48966">moby/moby#48966</a></li> <li>containerd image store: Fix Docker daemon failing to fully start with a "context deadline exceeded error" with containerd snapshotter and many builds/images. <a href="https://redirect.github.com/moby/moby/pull/48954">moby/moby#48954</a></li> <li>containerd image-store: Fix partially pulled images not being garbage-collected. <a href="https://redirect.github.com/moby/moby/pull/48910">moby#48910</a>, <a href="https://redirect.github.com/moby/moby/pull/48957">moby/moby#48957</a></li> <li>containerd image store: Fix <code>docker image inspect</code> outputting duplicate references in <code>RepoDigests</code>. <a href="https://redirect.github.com/moby/moby/pull/48785">moby/moby#48785</a></li> <li>containerd image store: Fix not being able to connect to some insecure registries in cases where the HTTPS request failed due to a non-TLS related error. <a href="https://redirect.github.com/moby/moby/pull/48758">moby/moby#48758</a></li> <li>containerd image store: Remove a confusing warning log when tagging a non-dangling image. <a href="https://redirect.github.com/moby/moby/pull/49010">moby/moby#49010</a></li> <li>dockerd-rootless-setuptool.sh: let --force ignore smoke test errors <a href="https://redirect.github.com/moby/moby/pull/48695">moby/moby#48695</a></li> <li>Disable IPv6 Duplicate Address Detection (DAD) for addresses assigned to the bridges belonging to bridge networks. <a href="https://redirect.github.com/moby/moby/pull/48684">moby/moby#48684</a></li> <li>Remove BuildKit init timeout. <a href="https://redirect.github.com/moby/moby/pull/48963">moby/moby#48963</a></li> <li>Ignore "dataset does not exist" error when removing dataset on ZFS. <a href="https://redirect.github.com/moby/moby/pull/48968">moby/moby#48968</a></li> <li>Client: Prevent idle connections leaking FDs. <a href="https://redirect.github.com/moby/moby/pull/48764">moby/moby#48764</a></li> <li>Fix anonymous volumes being created through the <code>--mount</code> option not being marked as anonymous. <a href="https://redirect.github.com/moby/moby/pull/48755">moby/moby#48755</a></li> <li>After a daemon restart with live-restore, ensure an iptables jump to the <code>DOCKER-USER</code> chain is placed before other rules. <a href="https://redirect.github.com/moby/moby/pull/48714">moby/moby#48714</a></li> <li>Fix a possible memory leak caused by OTel meters. <a href="https://redirect.github.com/moby/moby/pull/48693">moby/moby#48693</a></li> <li>Create distinct build history db for each store. <a href="https://redirect.github.com/moby/moby/pull/48688">moby/moby#48688</a></li> <li>Fix an issue that caused excessive memory usage when DNS resolution was made in a tight loop. <a href="https://redirect.github.com/moby/moby/pull/48840">moby/moby#48840</a></li> <li>containerd image store: Do not underline names in <code>docker image ls --tree</code>. <a href="https://redirect.github.com/docker/cli/pull/5519">docker/cli#5519</a></li> <li>containerd image store: Change name of <code>USED</code> column in <code>docker image ls --tree</code> to <code>IN USE</code>. <a href="https://redirect.github.com/docker/cli/pull/5518">docker/cli#5518</a></li> <li>Fix a bug preventing image pulls from being cancelled during <code>docker run</code>. <a href="https://redirect.github.com/docker/cli/pull/5654">docker/cli#5654</a></li> <li>Port some completions from the bash completion to the new cobra based completion. <a href="https://redirect.github.com/docker/cli/pull/5618">docker/cli#5618</a></li> <li>The <code>docker login</code> and <code>docker logout</code> command no longer update the configuration file if the credentials didn't change. <a href="https://redirect.github.com/docker/cli/pull/5569">docker/cli#5569</a></li> <li>Optimise <code>docker stats</code> to reduce flickering issues. <a href="https://redirect.github.com/docker/cli/pull/5588">docker/cli#5588</a>, <a href="https://redirect.github.com/docker/cli/pull/5635">docker/cli#5635</a></li> <li>Fix inaccessible plugins paths preventing plugins from being detected. <a href="https://redirect.github.com/docker/cli/pull/5652">docker/cli#5652</a></li> <li>Add support for <code>events --filter</code> in cobra generated shell completions. <a href="https://redirect.github.com/docker/cli/pull/5614">docker/cli#5614</a></li> <li>Fix bash completion for <code>events --filter daemon=</code>. <a href="https://redirect.github.com/docker/cli/pull/5563">docker/cli#5563</a></li> <li>Improve shell-completion of containers for <code>docker rm</code>. <a href="https://redirect.github.com/docker/cli/pull/5540">docker/cli#5540</a></li> <li>Add shell-completion for <code>--platform</code> flags. <a href="https://redirect.github.com/docker/cli/pull/5540">docker/cli#5540</a></li> <li>rootless: Make <code>/etc/cdi</code> and <code>/var/run/cdi</code> accessible by the Container Device Interface (CDI) integration. <a href="https://redirect.github.com/moby/moby/pull/49027">moby/moby#49027</a></li> </ul> <h3>Removed</h3> <ul> <li>Deprecate <code>Daemon.Exists()</code> and <code>Daemon.IsPaused()</code>. These functions are no longer used and will be removed in the next release. <a href="https://redirect.github.com/moby/moby/pull/48719">moby/moby#48719</a></li> <li>Deprecate <code>container.ErrNameReserved</code> and <code>container.ErrNameNotReserved</code>. <a href="https://redirect.github.com/moby/moby/pull/48697">moby/moby#48697</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`92a83937d0`"><code>92a8393</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/49027">#49027</a> from thaJeztah/27.x_backport_cdi-rootless</li> <li><a href="`9163aa379a`"><code>9163aa3</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/49026">#49026</a> from thaJeztah/27.x_update_go_1.22.10</li> <li><a href="`4775621ab6`"><code>4775621</code></a> Dockerd rootless: make {/etc,/var/run}/cdi available</li> <li><a href="`0176f4a5c3`"><code>0176f4a</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/49024">#49024</a> from thaJeztah/27.x_vendor_buildkit_0.17.3</li> <li><a href="`0e34b3956b`"><code>0e34b39</code></a> update to go1.22.10</li> <li><a href="`7919b806e7`"><code>7919b80</code></a> [27.x] vendor: github.com/moby/buildkit v0.17.3</li> <li><a href="`a92d4c5a57`"><code>a92d4c5</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/49013">#49013</a> from vvoland/49006-27.x</li> <li><a href="`1cc127466d`"><code>1cc1274</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/49010">#49010</a> from vvoland/49009-27.x</li> <li><a href="`525b929947`"><code>525b929</code></a> registry: deprecate RepositoryInfo.Class</li> <li><a href="`d6d43b2912`"><code>d6d43b2</code></a> c8d/tag: Don't log a warning if the source image is not dangling</li> <li>Additional commits viewable in <a href="https://github.com/docker/docker/compare/v25.0.6...v27.4.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=25.0.6+incompatible&new-version=27.4.0+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>	2024-12-17 20:39:04 +00:00
dependabot[bot]	bed4abf229	Bump github.com/dgraph-io/ristretto from 0.1.1 to 0.2.0 (#3457 ) Bumps [github.com/dgraph-io/ristretto](https://github.com/dgraph-io/ristretto) from 0.1.1 to 0.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dgraph-io/ristretto/releases">github.com/dgraph-io/ristretto's releases</a>.</em></p> <blockquote> <h2>v0.2.0</h2> <h2>What's Changed</h2> <p>*`docs(readme): Use new Wait method by <a href="https://github.com/angadn"><code>@angadn</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/327">dgraph-io/ristretto#327</a></p> <ul> <li>docs: format example on readme by <a href="https://github.com/rfyiamcool"><code>@rfyiamcool</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/339">dgraph-io/ristretto#339</a></li> <li>Fix flakes in TestDropUpdates by <a href="https://github.com/evanj"><code>@evanj</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/334">dgraph-io/ristretto#334</a></li> <li>docs(Cache): document Wait, clarify Get by <a href="https://github.com/evanj"><code>@evanj</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/333">dgraph-io/ristretto#333</a></li> <li>chore: fix typo error by <a href="https://github.com/proost"><code>@proost</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/341">dgraph-io/ristretto#341</a></li> <li>fix: support compilation to wasip1 by <a href="https://github.com/achille-roussel"><code>@achille-roussel</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/344">dgraph-io/ristretto#344</a></li> <li>remove glog dependency by <a href="https://github.com/jhawk28"><code>@jhawk28</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/350">dgraph-io/ristretto#350</a></li> <li>add config for cleanup ticker duration by <a href="https://github.com/singhvikash11"><code>@singhvikash11</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/342">dgraph-io/ristretto#342</a></li> <li>fix(OnEvict): Set missing Expiration field on evicted items by <a href="https://github.com/0x1ee7"><code>@0x1ee7</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/345">dgraph-io/ristretto#345</a></li> <li>uint32 -> uint64 in slice methods by <a href="https://github.com/mocurin"><code>@mocurin</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/323">dgraph-io/ristretto#323</a></li> <li>fix: cleanupTicker not being stopped by <a href="https://github.com/IlyaFloppy"><code>@IlyaFloppy</code></a> in <a href="https://redirect.github.com/dgraph-io/ristretto/pull/343">dgraph-io/ristretto#343</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0">https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dgraph-io/ristretto/blob/main/CHANGELOG.md">github.com/dgraph-io/ristretto's changelog</a>.</em></p> <blockquote> <h2>[v0.2.0] - 2024-10-06</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/344"><code>fix: support compilation to wasip1 by @achille-roussel</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/342"><code>add config for cleanup ticker duration by @singhvikash11</code></a></li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/327"><code>docs(readme): Use new Wait method by @angadn</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/339"><code>docs: format example on readme by @rfyiamcool</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/334"><code>Fix flakes in TestDropUpdates by @evanj</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/333"><code>docs(Cache): document Wait, clarify Get by @evanj</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/341"><code>chore: fix typo error by @proost</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/350"><code>remove glog dependency by @jhawk28</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/345"><code>fix(OnEvict): Set missing Expiration field on evicted items by @0x1ee7</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/323"><code>uint32 -> uint64 in slice methods by @mocurin</code></a></li> <li><a href="https://redirect.github.com/dgraph-io/ristretto/pull/343"><code>fix: cleanupTicker not being stopped by @IlyaFloppy</code></a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0">https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`1854617567`"><code>1854617</code></a> minor repo cleanup (<a href="https://redirect.github.com/dgraph-io/ristretto/issues/352">#352</a>)</li> <li><a href="`91446626cc`"><code>9144662</code></a> stop cleanupTicker while closing cache (<a href="https://redirect.github.com/dgraph-io/ristretto/issues/343">#343</a>)</li> <li><a href="`c00b3525a6`"><code>c00b352</code></a> uint32 to uint64 in slice methods (<a href="https://redirect.github.com/dgraph-io/ristretto/issues/323">#323</a>)</li> <li><a href="`e6d62cbfa0`"><code>e6d62cb</code></a> chore(ci): separate out coverage report workflow (<a href="https://redirect.github.com/dgraph-io/ristretto/issues/353">#353</a>)</li> <li><a href="`f0e70276b9`"><code>f0e7027</code></a> set missing Expiration field on evicted items (<a href="https://redirect.github.com/dgraph-io/ristretto/issues/345">#345</a>)</li> <li><a href="`e8dc5b0073`"><code>e8dc5b0</code></a> add config for cleanup ticker duration (<a href="https://redirect.github.com/dgraph-io/ristretto/issues/342">#342</a>)</li> <li><a href="`c5789d66fd`"><code>c5789d6</code></a> update golangci config and cleanup repo (<a href="https://redirect.github.com/dgraph-io/ristretto/issues/351">#351</a>)</li> <li><a href="`bdcf5e99ac`"><code>bdcf5e9</code></a> remove glog dependency (<a href="https://redirect.github.com/dgraph-io/ristretto/issues/350">#350</a>)</li> <li><a href="`3f6b44a609`"><code>3f6b44a</code></a> fix: support compilation to wasip1 (<a href="https://redirect.github.com/dgraph-io/ristretto/issues/344">#344</a>)</li> <li><a href="`c73d585ee6`"><code>c73d585</code></a> chore: fix typo error (<a href="https://redirect.github.com/dgraph-io/ristretto/issues/341">#341</a>)</li> <li>Additional commits viewable in <a href="https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/dgraph-io/ristretto&package-manager=go_modules&previous-version=0.1.1&new-version=0.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-12-17 21:02:03 +01:00
Neil	72039f651e	Update dependencies (#3449 ) Signed-off-by: Neil Alexander <git@neilalexander.dev> --------- Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>	2024-12-15 11:27:27 +01:00
Till Faelligen	3ca9dae95a	Fix missed matrix-org bits, run go mod tidy	2024-11-14 13:32:24 +01:00
idk	6cd1285ca0	Adds support for listening on and connecting to I2P and Onion services securely (#3293 ) This PR adds 2 `dendrite-demo` main's, each designed expressly to serve a Hidden Service/Overlay network. The first, `dendrite-demo-i2p` add self-configuration for use of dendrite as an I2P hidden service(eepsite) and to connect to I2P services(federate) as an I2P client. It further disables the `dendrite` server from communicating with non-anonymous servers by federation(because I2P does not canonically have the ability to exit, we rely on donors for exit traffic), and enables the use of self-signed TLS certificates([because I2P services are self-authenticating but TLS is still required for other aspects of the system to work reliably](https://tor.stackexchange.com/questions/13887/registering-onion-with-certificate-authority)). This demo turns the system into an "pseudonymous" homeserver which people can connect to using an I2P-enabled Matrix client(I like `cinny` and it's what I tested with). The second, `dendrite-demo-tor` adds self-configuration for the use of dendrite as an Onion service and to connect to other onion services and non-anonymous web sites using Tor to obfuscate it's physical location and providing, optionally, pseudonymity. It also enables the use of self-signed TLS certificates, for the same reason as with I2P, because onion services aren't typically eligible for TLS certificates. It has also been tested with `cinny`. These services are both pseudonymous like myself, not anonymous. I will be meeting members of the element team at the CCC assembly shortly to discuss contributing under my pseudonym. As none of the other `dendrite-demo` have unit tests I did not add them to these checkins. * [*] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests --------- Co-authored-by: eyedeekay <idk@mulder> Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>	2024-09-23 19:28:28 +02:00
Till	002fed3cb9	Bump GMSL (#3419 ) Adds https://github.com/matrix-org/gomatrixserverlib/pull/436 https://github.com/matrix-org/gomatrixserverlib/pull/438 https://github.com/matrix-org/gomatrixserverlib/pull/432	2024-09-10 19:45:31 +00:00
Neil	117ed66037	Update NATS to 2.10.20, use `SyncAlways` (#3418 ) The internal NATS instance is definitely convenient but it does have one problem: its lifecycle is tied to the Dendrite process. That means if Dendrite panics or OOMs, it takes out NATS with it. I suspect this is sometimes contributing to what people see with stuck streams, as some operations or state might not be written to disk fully before it gets interrupted. Using `SyncAlways` means that NATS will effectively use `O_SYNC` and block writes on flushes, which should improve resiliency against this kind of failure considerably. It might affect performance a little but shouldn't be significant. Also updates NATS to 2.10.20 as there have been all sorts of fixes since 2.10.7, including better `SyncAlways` handling. Signed-off-by: Neil Alexander <git@neilalexander.dev> --------- Signed-off-by: Neil Alexander <git@neilalexander.dev> Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>	2024-09-10 20:54:38 +02:00
Till	7a4ef240fc	Implement MSC3916 (#3397 ) Needs https://github.com/matrix-org/gomatrixserverlib/pull/437	2024-08-16 12:37:59 +02:00
Till	4d116ff0db	Bump yggdrasil (#3407 )	2024-08-03 20:26:28 +02:00
dependabot[bot]	c876790f08	Bump github.com/docker/docker from 24.0.9+incompatible to 25.0.6+incompatible (#3405 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.9+incompatible to 25.0.6+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v25.0.6</h2> <h2>25.0.6</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.6">docker/cli, 25.0.6 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.6">moby/moby, 25.0.6 milestone</a></li> <li>Deprecated and removed features, see <a href="https://github.com/docker/cli/blob/v25.0.6/docs/deprecated.md">Deprecated Features</a>.</li> <li>Changes to the Engine API, see <a href="https://github.com/moby/moby/blob/v25.0.6/docs/api/version-history.md">API version history</a>.</li> </ul> <h3>Security</h3> <p>This release contains a fix for <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110">CVE-2024-41110</a> / <a href="https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq">GHSA-v23v-6jw2-98fq</a> that impacted setups using <a href="https://docs.docker.com/engine/extend/plugins_authorization/">authorization plugins (AuthZ)</a> for access control.</p> <h3>Bug fixes and enhancements</h3> <ul> <li>[25.0] remove erroneous <code>platform</code> from image <code>config</code> OCI descriptor in <code>docker save</code> output. <a href="https://redirect.github.com/moby/moby/pull/47695">moby/moby#47695</a></li> <li>[25.0 backport] Fix a nil dereference when getting image history for images having layers without the <code>Created</code> value set. <a href="https://redirect.github.com/moby/moby/pull/47759">moby/moby#47759</a></li> <li>[25.0 backport] apparmor: Allow confined runc to kill containers. <a href="https://redirect.github.com/moby/moby/pull/47830">moby/moby#47830</a></li> <li>[25.0 backport] Fix an issue where rapidly promoting a Swarm node after another node was demoted could cause the promoted node to fail its promotion. <a href="https://redirect.github.com/moby/moby/pull/47869">moby/moby#47869</a></li> <li>[25.0 backport] don't depend on containerd platform.Parse to return a typed error. <a href="https://redirect.github.com/moby/moby/pull/47890">moby/moby#47890</a></li> <li>[25.0 backport] builder/mobyexporter: Add missing nil check <a href="https://redirect.github.com/moby/moby/pull/47987">moby/moby#47987</a></li> </ul> <h3>Packaging updates</h3> <ul> <li>Update AWS SDK Go v2 to v1.24.1 for AWS CloudWatch logging driver. <a href="https://redirect.github.com/moby/moby/pull/47724">moby/moby#47724</a></li> <li>Update Go runtime to 1.21.12, which contains security fixes for <a href="https://github.com/advisories/GHSA-hw49-2p59-3mhj">CVE-2024-24791</a> <a href="https://redirect.github.com/moby/moby/pull/48146">moby/moby#48146</a></li> <li>Update Containerd (static binaries only) to <a href="https://github.com/containerd/containerd/releases/tag/v1.7.20">v1.7.20</a>. <a href="https://redirect.github.com/moby/moby/pull/48199">moby/moby#48199</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/moby/moby/compare/v25.0.5...v25.0.6">https://github.com/moby/moby/compare/v25.0.5...v25.0.6</a></p> <h2>v25.0.5</h2> <h2>25.0.5</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.5">docker/cli, 25.0.5 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.5">moby/moby, 25.0.5 milestone</a></li> <li>Deprecated and removed features, see <a href="https://github.com/docker/cli/blob/v25.0.5/docs/deprecated.md">Deprecated Features</a>.</li> <li>Changes to the Engine API, see <a href="https://github.com/moby/moby/blob/v25.0.5/docs/api/version-history.md">API version history</a>.</li> </ul> <h3>Security</h3> <p>This release contains a security fix for <a href="https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx">CVE-2024-29018</a>, a potential data exfiltration from 'internal' networks via authoritative DNS servers.</p> <h3>Bug fixes and enhancements</h3> <ul> <li> <p><a href="https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx">CVE-2024-29018</a>: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. <a href="https://redirect.github.com/moby/moby/pull/47589">moby/moby#47589</a></p> </li> <li> <p>plugin: fix mounting /etc/hosts when running in UserNS. <a href="https://redirect.github.com/moby/moby/pull/47588">moby/moby#47588</a></p> </li> <li> <p>rootless: fix <code>open /etc/docker/plugins: permission denied</code>. <a href="https://redirect.github.com/moby/moby/pull/47587">moby/moby#47587</a></p> </li> <li> <p>Fix multiple parallel <code>docker build</code> runs leaking disk space. <a href="https://redirect.github.com/moby/moby/pull/47527">moby/moby#47527</a></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`b08a51fe16`"><code>b08a51f</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/48231">#48231</a> from austinvazquez/backport-vendor-otel-v0.46.1-to-...</li> <li><a href="`d151b0f87f`"><code>d151b0f</code></a> vendor: OTEL v0.46.1 / v1.21.0</li> <li><a href="`c6ba9a5124`"><code>c6ba9a5</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/48225">#48225</a> from austinvazquez/backport-workflow-artifact-reten...</li> <li><a href="`4673a3ca2c`"><code>4673a3c</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/48227">#48227</a> from austinvazquez/backport-backport-branch-check-t...</li> <li><a href="`30f8908102`"><code>30f8908</code></a> github/ci: Check if backport is opened against the expected branch</li> <li><a href="`7454d6a2e6`"><code>7454d6a</code></a> ci: update workflow artifacts retention</li> <li><a href="`65cc597cea`"><code>65cc597</code></a> Merge commit from fork</li> <li><a href="`b722836927`"><code>b722836</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/48199">#48199</a> from austinvazquez/update-containerd-binary-to-1.7.20</li> <li><a href="`e8ecb9c76d`"><code>e8ecb9c</code></a> update containerd binary to v1.7.20</li> <li><a href="`e6cae1f237`"><code>e6cae1f</code></a> update containerd binary to v1.7.19</li> <li>Additional commits viewable in <a href="https://github.com/docker/docker/compare/v24.0.9...v25.0.6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=24.0.9+incompatible&new-version=25.0.6+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>	2024-08-02 08:56:24 +02:00
Till	a37d317958	Bump go to 1.21 (#3360 )	2024-08-02 08:35:38 +02:00
dependabot[bot]	7d8516838d	Bump golang.org/x/image from 0.10.0 to 0.18.0 (#3390 ) Bumps [golang.org/x/image](https://github.com/golang/image) from 0.10.0 to 0.18.0. <details> <summary>Commits</summary> <ul> <li><a href="`3bbf4a659e`"><code>3bbf4a6</code></a> tiff: Validate palette indices when parsing palette-color images</li> <li><a href="`6c5fa462eb`"><code>6c5fa46</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="`55c4ab6bd6`"><code>55c4ab6</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="`0057a939a5`"><code>0057a93</code></a> tiff: fix function name in comment</li> <li><a href="`9e190ae4a3`"><code>9e190ae</code></a> webp: disallow multiple VP8X chunks</li> <li><a href="`445ab0e75e`"><code>445ab0e</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="`240a51ac9f`"><code>240a51a</code></a> font/sfnt: support early version 0 OS/2 tables</li> <li><a href="`c20bbc3713`"><code>c20bbc3</code></a> draw: simplify some calls to fmt.Fprintf</li> <li><a href="`491771c681`"><code>491771c</code></a> draw: merge draw_go117.go into draw.go</li> <li><a href="`4aa0222fac`"><code>4aa0222</code></a> go.mod: update go directive to 1.18</li> <li>Additional commits viewable in <a href="https://github.com/golang/image/compare/v0.10.0...v0.18.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/image&package-manager=go_modules&previous-version=0.10.0&new-version=0.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-07-27 20:49:18 +02:00
dependabot[bot]	5547bf8ca6	Bump golang.org/x/net from 0.21.0 to 0.23.0 (#3365 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.23.0. <details> <summary>Commits</summary> <ul> <li><a href="`c48da13158`"><code>c48da13</code></a> http2: fix TestServerContinuationFlood flakes</li> <li><a href="`762b58d1cf`"><code>762b58d</code></a> http2: fix tipos in comment</li> <li><a href="`ba872109ef`"><code>ba87210</code></a> http2: close connections when receiving too many headers</li> <li><a href="`ebc8168ac8`"><code>ebc8168</code></a> all: fix some typos</li> <li><a href="`3678185f8a`"><code>3678185</code></a> http2: make TestCanonicalHeaderCacheGrowth faster</li> <li><a href="`448c44f928`"><code>448c44f</code></a> http2: remove clientTester</li> <li><a href="`c7877ac421`"><code>c7877ac</code></a> http2: convert the remaining clientTester tests to testClientConn</li> <li><a href="`d8870b0bf2`"><code>d8870b0</code></a> http2: use synthetic time in TestIdleConnTimeout</li> <li><a href="`d73acffdc9`"><code>d73acff</code></a> http2: only set up deadline when Server.IdleTimeout is positive</li> <li><a href="`89f602b7bb`"><code>89f602b</code></a> http2: validate client/outgoing trailers</li> <li>Additional commits viewable in <a href="https://github.com/golang/net/compare/v0.21.0...v0.23.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/net&package-manager=go_modules&previous-version=0.21.0&new-version=0.23.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-04-30 23:12:52 +00:00
Till	14a6c10097	Version 0.13.7 (#3349 )	2024-04-09 10:24:27 +02:00
Till	b732eede27	Fix spaces over federation (#3347 ) Fixes #2504 A few issues with the previous iteration: - We never returned `inaccessible_children`, which (if I read the code correctly), made Synapse raise an error and thus not returning the requested rooms - For restricted rooms, we didn't return the list of allowed rooms	2024-03-28 20:40:45 +01:00
dependabot[bot]	1bdf0cc541	Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible (#3341 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 24.0.9+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v24.0.9</h2> <h2>24.0.9</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.9">docker/cli, 24.0.9 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.9">moby/moby, 24.0.9 milestone</a></li> </ul> <h2>Security</h2> <p>This release contains security fixes for the following CVEs affecting Docker Engine and its components.</p> <table> <thead> <tr> <th>CVE</th> <th>Component</th> <th>Fix version</th> <th>Severity</th> </tr> </thead> <tbody> <tr> <td><a href="https://scout.docker.com/v/CVE-2024-21626">CVE-2024-21626</a></td> <td>runc</td> <td>1.1.12</td> <td>High, CVSS 8.6</td> </tr> <tr> <td><a href="https://scout.docker.com/v/CVE-2024-24557">CVE-2024-24557</a></td> <td>Docker Engine</td> <td>24.0.9</td> <td>Medium, CVSS 6.9</td> </tr> </tbody> </table> <blockquote> <p><strong>Important</strong> ⚠️</p> <p>Note that this release of Docker Engine doesn't include fixes for the following known vulnerabilities in BuildKit:</p> <ul> <li><a href="https://scout.docker.com/v/CVE-2024-23651">CVE-2024-23651</a></li> <li><a href="https://scout.docker.com/v/CVE-2024-23652">CVE-2024-23652</a></li> <li><a href="https://scout.docker.com/v/CVE-2024-23653">CVE-2024-23653</a></li> <li><a href="https://scout.docker.com/v/CVE-2024-23650">CVE-2024-23650</a></li> </ul> <p>To address these vulnerabilities, upgrade to <a href="https://github.com/docker/docker/blob/HEAD/25.0.md#2502">Docker Engine v25.0.2</a>.</p> </blockquote> <p>For more information about the security issues addressed in this release, and the unaddressed vulnerabilities in BuildKit, refer to the <a href="https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/">blog post</a>. For details about each vulnerability, see the relevant security advisory:</p> <ul> <li><a href="https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv">CVE-2024-21626</a></li> <li><a href="https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc">CVE-2024-24557</a></li> </ul> <h3>Packaging updates</h3> <ul> <li>Upgrade runc to <a href="https://github.com/opencontainers/runc/releases/tag/v1.1.12">v1.1.12</a>. <a href="https://redirect.github.com/moby/moby/pull/47269">moby/moby#47269</a></li> <li>Upgrade containerd to <a href="https://github.com/containerd/containerd/releases/tag/v1.7.13">v1.7.13</a> (static binaries only). <a href="https://redirect.github.com/moby/moby/pull/47280">moby/moby#47280</a></li> </ul> <h2>v24.0.8</h2> <h2>24.0.8</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.8">docker/cli, 24.0.8 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.8">moby/moby, 24.0.8 milestone</a></li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>Live restore: Containers with auto remove (<code>docker run --rm</code>) are no longer forcibly removed on engine restart. <a href="https://redirect.github.com/moby/moby/pull/46869">moby/moby#46857</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`fca702de7f`"><code>fca702d</code></a> Merge pull request from GHSA-xw73-rw38-6vjc</li> <li><a href="`f78a7726d7`"><code>f78a772</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47281">#47281</a> from thaJeztah/24.0_backport_bump_containerd_binary...</li> <li><a href="`61afffeeb3`"><code>61afffe</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47270">#47270</a> from thaJeztah/24.0_backport_bump_runc_binary_1.1.12</li> <li><a href="`b38e74c4e0`"><code>b38e74c</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47276">#47276</a> from thaJeztah/24.0_backport_bump_runc_1.1.12</li> <li><a href="`dac56638ad`"><code>dac5663</code></a> update containerd binary to v1.7.13</li> <li><a href="`20e1af3616`"><code>20e1af3</code></a> vendor: github.com/opencontainers/runc v1.1.12</li> <li><a href="`858919d399`"><code>858919d</code></a> update runc binary to v1.1.12</li> <li><a href="`141ad39e38`"><code>141ad39</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47266">#47266</a> from vvoland/ci-fix-makeps1-templatefail-24</li> <li><a href="`db968c672b`"><code>db968c6</code></a> hack/make.ps1: Fix go list pattern</li> <li><a href="`61c51fbb5a`"><code>61c51fb</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47221">#47221</a> from vvoland/pkg-pools-close-noop-24</li> <li>Additional commits viewable in <a href="https://github.com/docker/docker/compare/v24.0.7...v24.0.9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=24.0.7+incompatible&new-version=24.0.9+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-03-22 22:30:28 +01:00
dependabot[bot]	a00b976a00	Bump google.golang.org/protobuf from 1.30.0 to 1.33.0 (#3339 ) Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/protobuf&package-manager=go_modules&previous-version=1.30.0&new-version=1.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-03-22 22:29:53 +01:00
Till	dae1ef2e46	Update GMSL (#3303 ) If I didn't miss anything, this should add fixes from: https://github.com/matrix-org/gomatrixserverlib/pull/424 https://github.com/matrix-org/gomatrixserverlib/pull/426 https://github.com/matrix-org/gomatrixserverlib/pull/427 https://github.com/matrix-org/gomatrixserverlib/pull/428 https://github.com/matrix-org/gomatrixserverlib/pull/429 https://github.com/matrix-org/gomatrixserverlib/pull/430	2024-01-15 20:12:34 +00:00
dependabot[bot]	3a4b5f49ac	Bump github.com/quic-go/quic-go from 0.37.4 to 0.37.7 (#3300 ) Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.37.4 to 0.37.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/quic-go/quic-go/releases">github.com/quic-go/quic-go's releases</a>.</em></p> <blockquote> <h2>v0.37.7</h2> <p>This release contains fixes for the Honeybadger vulnerability (CVE-2023-49295):</p> <ul> <li>limit the number of queued PATH_RESPONSE frames to 256 (<a href="https://redirect.github.com/quic-go/quic-go/issues/4199">#4199</a>)</li> <li>don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (<a href="https://redirect.github.com/quic-go/quic-go/issues/4200">#4200</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/quic-go/quic-go/compare/v0.37.6...v0.37.7">https://github.com/quic-go/quic-go/compare/v0.37.6...v0.37.7</a></p> <h2>v0.37.6</h2> <p>This patch release contains a backport of <a href="https://redirect.github.com/quic-go/quic-go/pull/4038">quic-go/quic-go#4038</a>.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/quic-go/quic-go/compare/v0.37.5...v0.37.6">https://github.com/quic-go/quic-go/compare/v0.37.5...v0.37.6</a></p> <h2>v0.37.5</h2> <p>This patch release contains the backport of 3 fixes:</p> <ul> <li>fix handshake failure if <code>tls.Config.SessionTicketDisabled = false</code>, but <code>tls.Config.GetConfigForClient</code> returns a config that disables session tickets: <a href="https://redirect.github.com/quic-go/quic-go/issues/4030">#4030</a></li> <li>use the correct hash function for TLS_AES_256_GCM_SHA384: <a href="https://redirect.github.com/quic-go/quic-go/issues/4031">#4031</a></li> <li>automatically set the <code>tls.Config.ServerName</code>: <a href="https://redirect.github.com/quic-go/quic-go/issues/4032">#4032</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.5">https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.5</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`21609ddfef`"><code>21609dd</code></a> don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (<a href="https://redirect.github.com/quic-go/quic-go/issues/4200">#4200</a>)</li> <li><a href="`d7aa627ebd`"><code>d7aa627</code></a> limit the number of queued PATH_RESPONSE frames to 256 (<a href="https://redirect.github.com/quic-go/quic-go/issues/4199">#4199</a>)</li> <li><a href="`e2c360ceec`"><code>e2c360c</code></a> reassemble post-handshake TLS messages before passing them to crypto/tls (<a href="https://redirect.github.com/quic-go/quic-go/issues/4038">#4038</a>)</li> <li><a href="`e9f7f460bc`"><code>e9f7f46</code></a> automatically set the tls.Config.ServerName if unset (<a href="https://redirect.github.com/quic-go/quic-go/issues/4032">#4032</a>)</li> <li><a href="`12d84c4196`"><code>12d84c4</code></a> handshake: use the correct hash function for TLS_AES_256_GCM_SHA384 (<a href="https://redirect.github.com/quic-go/quic-go/issues/4031">#4031</a>)</li> <li><a href="`b1635df2f5`"><code>b1635df</code></a> ignore QUICConn.SendSessionTicket error if session tickets are disabled (<a href="https://redirect.github.com/quic-go/quic-go/issues/4030">#4030</a>)</li> <li>See full diff in <a href="https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/quic-go/quic-go&package-manager=go_modules&previous-version=0.37.4&new-version=0.37.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-10 18:55:35 +01:00
dependabot[bot]	9a5a56718e	Bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#3290 ) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. <details> <summary>Commits</summary> <ul> <li><a href="`9d2ee975ef`"><code>9d2ee97</code></a> ssh: implement strict KEX protocol changes</li> <li><a href="`4e5a26183e`"><code>4e5a261</code></a> ssh: close net.Conn on all NewServerConn errors</li> <li><a href="`152cdb1503`"><code>152cdb1</code></a> x509roots/fallback: update bundle</li> <li><a href="`fdfe1f8531`"><code>fdfe1f8</code></a> ssh: defer channel window adjustment</li> <li><a href="`b8ffc16e10`"><code>b8ffc16</code></a> blake2b: drop Go 1.6, Go 1.8 compatibility</li> <li><a href="`7e6fbd82c8`"><code>7e6fbd8</code></a> ssh: wrap errors from client handshake</li> <li><a href="`bda2f3f5cf`"><code>bda2f3f</code></a> argon2: avoid clobbering BP</li> <li><a href="`325b735346`"><code>325b735</code></a> ssh/test: skip TestSSHCLIAuth on Windows</li> <li><a href="`1eadac50a5`"><code>1eadac5</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="`b2d7c26edb`"><code>b2d7c26</code></a> ssh: add (*Client).DialContext method</li> <li>Additional commits viewable in <a href="https://github.com/golang/crypto/compare/v0.14.0...v0.17.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/crypto&package-manager=go_modules&previous-version=0.14.0&new-version=0.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-19 08:39:22 +01:00

1 2 3 4 5 ...

489 commits