dependabot[bot]
e5bede475c
Bump actions/upload-pages-artifact from 1 to 3 ( #3461 )
...
Bumps
[actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact )
from 1 to 3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-pages-artifact/releases ">actions/upload-pages-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.0</h2>
<h1>Changelog</h1>
<ul>
<li>Use <code>v4</code> upload-artifact tag <a
href="https://github.com/robherley "><code>@robherley</code></a> (<a
href="https://redirect.github.com/actions/upload-pages-artifact/issues/80 ">#80</a>)</li>
<li>Upload pages artifact with upload-artifact v4-beta <a
href="https://github.com/konradpabjan "><code>@konradpabjan</code></a>
(<a
href="https://redirect.github.com/actions/upload-pages-artifact/issues/78 ">#78</a>)</li>
</ul>
<p>To deploy a GitHub Pages site which has been uploaded with this
version of <code>actions/upload-pages-artifact</code>, you must also use
<code>actions/deploy-pages@v4</code> or newer.</p>
<p>⚠️ For use with products other than GitHub.com, such as GitHub
Enterprise Server, please be aware that this new Actions artifacts
service is not yet supported in the latest GHES release at this
time.</p>
<p>See details of <a
href="https://github.com/actions/upload-pages-artifact/compare/v2.0.0...v3.0.0 ">all
code changes</a> since previous release.</p>
<h2>v2.0.0</h2>
<h1>Changelog</h1>
<ul>
<li>⚠️ <strong>BREAKING CHANGE:</strong> Remove built-in
<code>chmod</code> commands for <code>v2</code> <a
href="https://github.com/JamesMGreene "><code>@JamesMGreene</code></a>
(<a
href="https://redirect.github.com/actions/upload-pages-artifact/issues/69 ">#69</a>)</li>
<li>Update README for <code>v2</code> <a
href="https://github.com/JamesMGreene "><code>@JamesMGreene</code></a>
(<a
href="https://redirect.github.com/actions/upload-pages-artifact/issues/70 ">#70</a>)</li>
</ul>
<p>See details of <a
href="https://github.com/actions/upload-pages-artifact/compare/v1.0.10...v2.0.0 ">all
code changes</a> since previous release.</p>
<h2>v1.0.10</h2>
<h1>Changelog</h1>
<ul>
<li>readme: fix/improve note about permissions <a
href="https://github.com/tshepang "><code>@tshepang</code></a> (<a
href="https://redirect.github.com/actions/upload-pages-artifact/issues/65 ">#65</a>)</li>
<li>Revert <code>chmod</code> removal for <code>v1</code> <a
href="https://github.com/JamesMGreene "><code>@JamesMGreene</code></a>
(<a
href="https://redirect.github.com/actions/upload-pages-artifact/issues/68 ">#68</a>)</li>
<li>Add file perms handling <a
href="https://github.com/tsusdere "><code>@tsusdere</code></a> (<a
href="https://redirect.github.com/actions/upload-pages-artifact/issues/64 ">#64</a>)</li>
</ul>
<p>See details of <a
href="https://github.com/actions/upload-pages-artifact/compare/v1.0.9...v1.0.10 ">all
code changes</a> since previous release.</p>
<h2>v1.0.9</h2>
<p>Removed <code>chmod</code> as we moved towards trusting correct file
permissions have been set. In the event this isn't the case then we
raise an error in the action related to the file permissions.</p>
<h2>v1.0.8</h2>
<h1>Changelog</h1>
<ul>
<li>Fail if no artifact file is found to upload <a
href="https://github.com/JamesMGreene "><code>@JamesMGreene</code></a>
(<a
href="https://redirect.github.com/actions/upload-pages-artifact/issues/55 ">#55</a>)</li>
<li>Fix link to releases in README <a
href="https://github.com/waldyrious "><code>@waldyrious</code></a> (<a
href="https://redirect.github.com/actions/upload-pages-artifact/issues/53 ">#53</a>)</li>
<li>Bump actions/publish-action from 0.2.1 to 0.2.2 <a
href="https://github.com/dependabot "><code>@dependabot</code></a> (<a
href="https://redirect.github.com/actions/upload-pages-artifact/issues/47 ">#47</a>)</li>
<li>Add Dependabot config for Actions usage updates <a
href="https://github.com/JamesMGreene "><code>@JamesMGreene</code></a>
(<a
href="https://redirect.github.com/actions/upload-pages-artifact/issues/46 ">#46</a>)</li>
</ul>
<p>See details of <a
href="https://github.com/actions/upload-pages-artifact/compare/v1.0.7...v1.0.8 ">all
code changes</a> since previous release.</p>
<h2>v1.0.7</h2>
<h1>Changelog</h1>
<ul>
<li>Don't change file permissions of other files <a
href="https://github.com/KyeRussell "><code>@KyeRussell</code></a> (<a
href="https://redirect.github.com/actions/upload-pages-artifact/issues/44 ">#44</a>)</li>
</ul>
<p>See details of <a
href="https://github.com/actions/upload-pages-artifact/compare/v1.0.6...v1.0.7 ">all
code changes</a> since previous release.</p>
<h2>v1.0.6</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="56afc609e7https://redirect.github.com/actions/upload-pages-artifact/issues/94 ">#94</a>
from SilverRainZ/main</li>
<li><a
href="d12fdfb149aef5542762https://redirect.github.com/actions/upload-pages-artifact/issues/88 ">#88</a>
from uiolee/patch-1</li>
<li><a
href="29cedd75fca69c22e32ehttps://redirect.github.com/actions/upload-pages-artifact/issues/92 ">#92</a>
from actions/dependabot/github_actions/non-breaking-ch...</li>
<li><a
href="794e304fb314007f64640191170de1https://redirect.github.com/actions/upload-pages-artifact/issues/91 ">#91</a>
from actions/dependabot-grouping</li>
<li><a
href="0e7832dab21a6d9fac9ahttps://github.com/actions/upload-pages-artifact/compare/v1...v3 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-18 08:05:47 +01:00
dependabot[bot]
a1387e6c06
Bump actions/setup-go from 4 to 5 ( #3462 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4 to
5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases ">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<p>In scope of this release, we change Nodejs runtime from node16 to
node20 (<a
href="https://redirect.github.com/actions/setup-go/pull/421 ">actions/setup-go#421</a>).
Moreover, we update some dependencies to the latest versions (<a
href="https://redirect.github.com/actions/setup-go/pull/445 ">actions/setup-go#445</a>).</p>
<p>Besides, this release contains such changes as:</p>
<ul>
<li>Fix hosted tool cache usage on windows by <a
href="https://github.com/galargh "><code>@galargh</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/411 ">actions/setup-go#411</a></li>
<li>Improve documentation regarding dependencies caching by <a
href="https://github.com/artemgavrilov "><code>@artemgavrilov</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/417 ">actions/setup-go#417</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/galargh "><code>@galargh</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/411 ">actions/setup-go#411</a></li>
<li><a
href="https://github.com/artemgavrilov "><code>@artemgavrilov</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/417 ">actions/setup-go#417</a></li>
<li><a
href="https://github.com/chenrui333 "><code>@chenrui333</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/421 ">actions/setup-go#421</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v4...v5.0.0 ">https://github.com/actions/setup-go/compare/v4...v5.0.0 </a></p>
<h2>v4.1.0</h2>
<h2>What's Changed</h2>
<p>In scope of this release, slow installation on Windows was fixed by
<a href="https://github.com/dsame "><code>@dsame</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/393 ">actions/setup-go#393</a>
and OS version was added to <code>primaryKey</code> for Ubuntu runners
to avoid conflicts (<a
href="https://redirect.github.com/actions/setup-go/pull/383 ">actions/setup-go#383</a>)</p>
<p>This release also includes the following changes:</p>
<ul>
<li>Remove implicit dependencies by <a
href="https://github.com/nikolai-laevskii "><code>@nikolai-laevskii</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/378 ">actions/setup-go#378</a></li>
<li>Update action.yml by <a
href="https://github.com/mkelly "><code>@mkelly</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/379 ">actions/setup-go#379</a></li>
<li>Added a description that go-version should be specified as a string
type by <a href="https://github.com/n3xem "><code>@n3xem</code></a> in
<a
href="https://redirect.github.com/actions/setup-go/pull/367 ">actions/setup-go#367</a></li>
<li>Add note about YAML parsing versions by <a
href="https://github.com/dmitry-shibanov "><code>@dmitry-shibanov</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/382 ">actions/setup-go#382</a></li>
<li>Automatic update of configuration files from 05/23/2023 by <a
href="https://github.com/github-actions "><code>@github-actions</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/377 ">actions/setup-go#377</a></li>
<li>Bump tough-cookie and <code>@azure/ms-rest-js</code> by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/392 ">actions/setup-go#392</a></li>
<li>Bump word-wrap from 1.2.3 to 1.2.4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/397 ">actions/setup-go#397</a></li>
<li>Bump semver from 6.3.0 to 6.3.1 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/396 ">actions/setup-go#396</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/mkelly "><code>@mkelly</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/379 ">actions/setup-go#379</a></li>
<li><a href="https://github.com/n3xem "><code>@n3xem</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/367 ">actions/setup-go#367</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v4...v4.1.0 ">https://github.com/actions/setup-go/compare/v4...v4.1.0 </a></p>
<h2>v4.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update documentation for <code>v4</code> by <a
href="https://github.com/dsame "><code>@dsame</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/354 ">actions/setup-go#354</a></li>
<li>Fix glob bug in the package.json scripts section by <a
href="https://github.com/IvanZosimov "><code>@IvanZosimov</code></a> in
<a
href="https://redirect.github.com/actions/setup-go/pull/359 ">actions/setup-go#359</a></li>
<li>Bump <code>xml2js</code> dependency by <a
href="https://github.com/dmitry-shibanov "><code>@dmitry-shibanov</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/370 ">actions/setup-go#370</a></li>
<li>Bump <code>@actions/cache</code> dependency to v3.2.1 by <a
href="https://github.com/nikolai-laevskii "><code>@nikolai-laevskii</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/374 ">actions/setup-go#374</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/nikolai-laevskii "><code>@nikolai-laevskii</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/374 ">actions/setup-go#374</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v4...v4.0.1 ">https://github.com/actions/setup-go/compare/v4...v4.0.1 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3041bf56c9https://redirect.github.com/actions/setup-go/issues/496 ">#496</a>)</li>
<li><a
href="41dfa10badhttps://redirect.github.com/actions/setup-go/issues/510 ">#510</a>)</li>
<li><a
href="941977282chttps://redirect.github.com/actions/setup-go/issues/511 ">#511</a>)</li>
<li><a
href="d60b41a563https://redirect.github.com/actions/setup-go/issues/502 ">#502</a>
from actions/Jcambass-patch-1</li>
<li><a
href="e09f57f6a9df1a11710ehttps://redirect.github.com/actions/setup-go/issues/500 ">#500</a>
from actions/Jcambass-patch-1</li>
<li><a
href="49582f6476b26d40294fhttps://redirect.github.com/actions/setup-go/issues/493 ">#493</a>)</li>
<li><a
href="0a12ed9d6ahttps://redirect.github.com/actions/setup-go/issues/487 ">#487</a>)</li>
<li><a
href="4ab57d7ea2https://redirect.github.com/actions/setup-go/issues/479 ">#479</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/setup-go/compare/v4...v5 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-18 08:04:23 +01:00
Till
00e7f848c8
Add GHA dependabot config, bump codecov action ( #3459 )
2024-12-17 19:19:35 +00:00
Till
c3d7a34c15
Add dependabot config ( #3450 )
...
[skip ci]
2024-12-17 19:18:28 +01:00
Till
23e097c3f0
Add temporary repository flag ( #3453 )
...
As long as we don't have any releases in this organization, upgrade
tests are going to fail.
This adds a `repository` flag which allows overwriting the repository to
pull old version archives from.
2024-12-17 11:51:57 +01:00
Neil
72039f651e
Update dependencies ( #3449 )
...
Signed-off-by: Neil Alexander <git@neilalexander.dev>
---------
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2024-12-15 11:27:27 +01:00
Till Faelligen
7cc7ebb46f
Update GHCR_NAME space to element-hq
2024-11-14 17:02:10 +01:00
Quentin Gliech
da92fd3f29
Update the CODEOWNERS to use @element-hq/dendrite-core
2024-10-18 16:14:40 +02:00
Quentin Gliech
891950f7b6
Replace references to the repository
2024-10-17 17:34:12 +02:00
Rhea Danzey
40dd2c0400
Use chart-releaser-action tag v1.6.0 ( #3429 )
...
Context:
https://github.com/matrix-org/dendrite/pull/3427#issuecomment-2359139622
Try tagged version of chart-releaser-action now that mark_latest option
is available
### Pull Request Checklist
<!-- Please read
https://matrix-org.github.io/dendrite/development/contributing before
submitting your pull request -->
* [x] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement ) for this PR _or_ I have
justified why this PR doesn't need tests
* [x] Pull request includes a [sign off below using a legally
identifiable
name](https://matrix-org.github.io/dendrite/development/contributing#sign-off )
_or_ I have already signed off privately
Signed-off-by: `Rhea Danzey <rdanzey@element.io>`
2024-09-18 21:41:22 +02:00
dependabot[bot]
c876790f08
Bump github.com/docker/docker from 24.0.9+incompatible to 25.0.6+incompatible ( #3405 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from
24.0.9+incompatible to 25.0.6+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases ">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v25.0.6</h2>
<h2>25.0.6</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.6 ">docker/cli,
25.0.6 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.6 ">moby/moby,
25.0.6 milestone</a></li>
<li>Deprecated and removed features, see <a
href="https://github.com/docker/cli/blob/v25.0.6/docs/deprecated.md ">Deprecated
Features</a>.</li>
<li>Changes to the Engine API, see <a
href="https://github.com/moby/moby/blob/v25.0.6/docs/api/version-history.md ">API
version history</a>.</li>
</ul>
<h3>Security</h3>
<p>This release contains a fix for <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110 ">CVE-2024-41110</a>
/ <a
href="https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq ">GHSA-v23v-6jw2-98fq</a>
that impacted setups using <a
href="https://docs.docker.com/engine/extend/plugins_authorization/ ">authorization
plugins (AuthZ)</a> for access control.</p>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>[25.0] remove erroneous <code>platform</code> from image
<code>config</code> OCI descriptor in <code>docker save</code> output.
<a
href="https://redirect.github.com/moby/moby/pull/47695 ">moby/moby#47695</a></li>
<li>[25.0 backport] Fix a nil dereference when getting image history for
images having layers without the <code>Created</code> value set. <a
href="https://redirect.github.com/moby/moby/pull/47759 ">moby/moby#47759</a></li>
<li>[25.0 backport] apparmor: Allow confined runc to kill containers. <a
href="https://redirect.github.com/moby/moby/pull/47830 ">moby/moby#47830</a></li>
<li>[25.0 backport] Fix an issue where rapidly promoting a Swarm node
after another node was demoted could cause the promoted node to fail its
promotion. <a
href="https://redirect.github.com/moby/moby/pull/47869 ">moby/moby#47869</a></li>
<li>[25.0 backport] don't depend on containerd platform.Parse to return
a typed error. <a
href="https://redirect.github.com/moby/moby/pull/47890 ">moby/moby#47890</a></li>
<li>[25.0 backport] builder/mobyexporter: Add missing nil check <a
href="https://redirect.github.com/moby/moby/pull/47987 ">moby/moby#47987</a></li>
</ul>
<h3>Packaging updates</h3>
<ul>
<li>Update AWS SDK Go v2 to v1.24.1 for AWS CloudWatch logging driver.
<a
href="https://redirect.github.com/moby/moby/pull/47724 ">moby/moby#47724</a></li>
<li>Update Go runtime to 1.21.12, which contains security fixes for <a
href="https://github.com/advisories/GHSA-hw49-2p59-3mhj ">CVE-2024-24791</a>
<a
href="https://redirect.github.com/moby/moby/pull/48146 ">moby/moby#48146</a></li>
<li>Update Containerd (static binaries only) to <a
href="https://github.com/containerd/containerd/releases/tag/v1.7.20 ">v1.7.20</a>.
<a
href="https://redirect.github.com/moby/moby/pull/48199 ">moby/moby#48199</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/moby/moby/compare/v25.0.5...v25.0.6 ">https://github.com/moby/moby/compare/v25.0.5...v25.0.6 </a></p>
<h2>v25.0.5</h2>
<h2>25.0.5</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.5 ">docker/cli,
25.0.5 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.5 ">moby/moby,
25.0.5 milestone</a></li>
<li>Deprecated and removed features, see <a
href="https://github.com/docker/cli/blob/v25.0.5/docs/deprecated.md ">Deprecated
Features</a>.</li>
<li>Changes to the Engine API, see <a
href="https://github.com/moby/moby/blob/v25.0.5/docs/api/version-history.md ">API
version history</a>.</li>
</ul>
<h3>Security</h3>
<p>This release contains a security fix for <a
href="https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx ">CVE-2024-29018</a>,
a potential data exfiltration from 'internal' networks via authoritative
DNS servers.</p>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>
<p><a
href="https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx ">CVE-2024-29018</a>:
Do not forward requests to external DNS servers for a container that is
only connected to an 'internal' network. Previously, requests were
forwarded if the host's DNS server was running on a loopback address,
like systemd's 127.0.0.53. <a
href="https://redirect.github.com/moby/moby/pull/47589 ">moby/moby#47589</a></p>
</li>
<li>
<p>plugin: fix mounting /etc/hosts when running in UserNS. <a
href="https://redirect.github.com/moby/moby/pull/47588 ">moby/moby#47588</a></p>
</li>
<li>
<p>rootless: fix <code>open /etc/docker/plugins: permission
denied</code>. <a
href="https://redirect.github.com/moby/moby/pull/47587 ">moby/moby#47587</a></p>
</li>
<li>
<p>Fix multiple parallel <code>docker build</code> runs leaking disk
space. <a
href="https://redirect.github.com/moby/moby/pull/47527 ">moby/moby#47527</a></p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b08a51fe16https://redirect.github.com/docker/docker/issues/48231 ">#48231</a>
from austinvazquez/backport-vendor-otel-v0.46.1-to-...</li>
<li><a
href="d151b0f87fc6ba9a5124https://redirect.github.com/docker/docker/issues/48225 ">#48225</a>
from austinvazquez/backport-workflow-artifact-reten...</li>
<li><a
href="4673a3ca2chttps://redirect.github.com/docker/docker/issues/48227 ">#48227</a>
from austinvazquez/backport-backport-branch-check-t...</li>
<li><a
href="30f89081027454d6a2e665cc597ceab722836927https://redirect.github.com/docker/docker/issues/48199 ">#48199</a>
from austinvazquez/update-containerd-binary-to-1.7.20</li>
<li><a
href="e8ecb9c76de6cae1f237https://github.com/docker/docker/compare/v24.0.9...v25.0.6 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts ).
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
2024-08-02 08:56:24 +02:00
Till
e9deb5244e
Fix /createRoom and /invite containing displayname/avatarURL of inviter ( #3326 )
...
Fixes #3324
2024-02-13 19:28:52 +01:00
Till
be0c27e688
Update all the CI actions ( #3323 )
...
Also adds a job for the scheduled CI run to only run if there has been a
commit in the last 24h
([StackOverflow](https://stackoverflow.com/questions/63014786/how-to-schedule-a-github-actions-nightly-build-but-run-it-only-when-there-where ))
[skip ci]
2024-02-08 09:58:59 +01:00
Till Faelligen
436773ab71
Disable Element Web tests, only run csapi and federation tests
2024-02-07 10:28:10 +01:00
Till
87f028db27
Version 0.13.6 ( #3315 )
2024-01-26 14:41:34 +01:00
Till
d357615452
Don't send device list updates upon registration ( #3307 )
...
Fixes https://github.com/matrix-org/dendrite/issues/3273
As we otherwise send down device list updates which are merely useful
for the user and causes tests to be flakey:
```
❌ TestPushSync/Adding_a_push_rule_wakes_up_an_incremental_/sync (10ms)
push_test.go:57: no pushrules found in sync response: {"next_batch":"s0_0_0_0_0_1_1_0_1","device_lists":{"changed":["@user-1:hs1"]}}
```
What this does: If a `PerformDeviceCreation` request is coming from
registering an account, it does **not** send device list updates, as
they are merely useful (no joined rooms, no one to inform) . In all
other cases, the behavior is unchanged and device list updates are sent
as usual.
2024-01-20 21:20:37 +01:00
Till
317b1018a3
Version 0.13.4 ( #3244 )
...
If I didn't mess up the workflow, this should remove some ugliness from
the version string (e.g. 0.13.2+57ddbe0.57ddbe0, dupe commit hash, as a
result of https://github.com/matrix-org/dendrite/pull/3147 )
2023-10-25 13:53:40 +02:00
devonh
933ae2db91
Update bug report to reflect current team members ( #3234 )
2023-10-12 18:03:06 +00:00
kegsay
5888329b13
Update Complement to match new public API shape ( #3232 )
...
Sister PR to matrix-org/complement#666
Context:
https://github.com/matrix-org/complement/issues/654#issuecomment-1746613495
2023-10-11 17:41:12 +01:00
Till
b341a66152
Version 0.13.3 ( #3213 )
2023-09-28 12:06:21 +02:00
Till Faelligen
11fd2f019b
Fix Complement scheduled CI
...
[skip CI]
2023-08-30 07:37:14 +02:00
Till
e3a7039c81
Fix CI, upgrade image used for upgrade tests ( #3151 )
2023-08-28 13:28:22 +02:00
Till
57ddbe015d
Version 0.13.2 ( #3187 )
2023-08-23 16:24:16 +02:00
Till Faelligen
9f7e14e4d0
Back to the original version for now
2023-07-06 10:44:11 +02:00
Till
f956a8c1d9
Docs restructure ( #2953 )
...
Needs to be merged into `gh-pages` later on.
2023-05-30 10:02:53 +02:00
Till
c6457cd4e5
Add CS API /keys tests ( #3069 )
...
This is slightly cheating, as the heavy lifting, with regards to key
generation, is done using `mautrix/go`.
2023-04-27 16:43:28 +02:00
kegsay
e093005bc2
ci: don't use go get, use go install ( #3048 )
...
Otherwise CI can fail with:
```
go: go.mod file not found in current directory or any parent directory.
'go get' is no longer supported outside a module.
To build and install a command, use 'go install' with a version,
like 'go install example.com/cmd@latest'
For more information, see https://golang.org/doc/go-get-install-deprecation
or run 'go help get' or 'go help install'.
```
2023-04-05 14:35:55 +01:00
Till Faelligen
675926967d
Update Helm README
...
[skip ci]
2023-04-03 09:08:36 +02:00
Devon Hudson
69e3bd82a9
Add dendrite-demo-pinecone cypress tests
2023-03-27 07:57:30 -06:00
Till Faelligen
e2d2482ca6
Get the logs for dendrite when installing the chart
2023-03-27 11:07:30 +02:00
Till Faelligen
cb18ba0230
Upload covdatafiles for each server
2023-03-22 17:36:33 +01:00
Till Faelligen
14085d30ac
Update workflow to not use commas when joining names
2023-03-22 16:01:12 +01:00
Till Faelligen
a4400bdd76
Sytest coverage file
2023-03-22 14:58:36 +01:00
Till Faelligen
b741d38e10
Update Workflow
2023-03-22 14:51:18 +01:00
Till Faelligen
6948d16527
Update Go, use go tool covdata for coverage files?
2023-03-22 14:50:21 +01:00
Till
c7303cbf76
Update dependencies ( #3006 )
...
In preparation for a new release, let's also update a few dependencies.
2023-03-10 10:32:50 +01:00
Till Faelligen
f1ccfcf150
Only run CI if there are changes to go files or the workflow [skip ci]
2023-02-28 15:35:53 +01:00
Till Faelligen
086e205eba
Deploy on gh-pages push
2023-02-28 15:15:19 +01:00
Till Faelligen
c8ca23acdb
Fix building Element web in CI
2023-02-20 15:28:45 +01:00
Till
11d9b9db0e
Remove polylith/API mode ( #2967 )
...
This removes most of the code used for polylith/API mode.
This removes the `/api` internal endpoints entirely.
Binary size change roughly 5%:
```
51437560 Feb 13 10:15 dendrite-monolith-server # old
48759008 Feb 13 10:15 dendrite-monolith-server # new
```
2023-02-14 12:47:47 +01:00
Till
cc59879faa
Version 0.11.1 ( #2966 )
2023-02-10 18:36:59 +01:00
Till
baf118b08c
Add Sytest/Complement coverage to scheduled runs ( #2962 )
...
This adds Sytest and Complement coverage reporting to the nightly
scheduled CI runs.
Fixes a few API mode related issues as well, since we seemingly never
really ran them with Complement.
Also fixes a bug related to device list changes: When we pass in an
empty `newlyLeftRooms` slice, we got a list of all currently joined
rooms with the corresponding members. When we then got the
`newlyJoinedRooms`, we wouldn't update the `changed` slice, because we
already got the user from the `newlyLeftRooms` query. This is fixed by
simply ignoring empty `newlyLeftRooms`.
2023-02-03 13:42:35 +01:00
Devon Hudson
25dfbc6ec3
Extend cypress test timeout in ci
2023-01-11 10:47:37 -07:00
Devon Hudson
6ae1dd565c
Revert "Add cypress cloud recording"
...
This reverts commit b297ea7379
2023-01-11 10:46:52 -07:00
Devon Hudson
b297ea7379
Add cypress cloud recording
2023-01-11 10:40:38 -07:00
Devon Hudson
8fef692741
Edit cypress config before running tests
2023-01-11 10:10:24 -07:00
Devon Hudson
11a07d855d
Initial attempt at adding cypress tests to ci
2023-01-11 09:52:58 -07:00
Till
d579ddb8e7
Add simplified helm chart ( #2905 )
...
As discussed yesterday, a simplified version of [my
helm](https://github.com/S7evinK/dendrite-helm ) which deploys a monolith
with internal NATS and an optionally enabled PostgreSQL server. If the
PostgreSQL dependency is not enabled, a user specified connection string
is constructed.
Co-authored-by: kegsay <kegan@matrix.org>
2023-01-06 15:44:10 +01:00
Till
f762ce1050
Add clientapi tests ( #2916 )
...
This PR
- adds several tests for the clientapi, mostly around `/register` and
auth fallback.
- removes the now deprecated `homeserver` field from responses to
`/register` and `/login`
- slightly refactors auth fallback handling
2022-12-23 14:11:11 +01:00
Till Faelligen
aaf4e5c865
Use older sytest-dendrite image
2022-12-09 18:45:42 +01:00
