mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/element-hq/dendrite.git synced 2025-09-13 12:52:24 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
3041 commits 13 branches 7 tags 48 MiB
Commit graph

501 commits

Author SHA1 Message Date
dependabot[bot]
df748c5eae
Bump github.com/nats-io/nats-server/v2 from 2.11.3 to 2.11.7 (#3620) 
Bumps
[github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server)
from 2.11.3 to 2.11.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nats-io/nats-server/releases">github.com/nats-io/nats-server/v2's
releases</a>.</em></p>
<blockquote>
<h2>Release v2.11.7</h2>
<h2>Changelog</h2>
<p>Refer to the <a
href="https://docs.nats.io/release-notes/whats_new/whats_new_211">2.11
Upgrade Guide</a> for backwards compatibility notes with 2.10.x.</p>
<h3>Go Version</h3>
<ul>
<li>1.24.5 (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7047">#7047</a>)</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>golang.org/x/crypto v0.40.0 (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7061">#7061</a>)</li>
<li>golang.org/x/sys v0.34.0 (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7061">#7061</a>)</li>
</ul>
<h3>Added</h3>
<p>General</p>
<ul>
<li>The <code>SubjectMatchesFilter</code> function is now available as
an exported function for embedded use (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7051">#7051</a>)</li>
<li>The <code>leafz</code> monitoring endpoint now includes the
connection ID (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7063">#7063</a>)</li>
<li>The monitoring endpoint index page now includes the endpoint names
on hover (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7066">#7066</a>,
<a
href="https://redirect.github.com/nats-io/nats-server/issues/7087">#7087</a>)</li>
</ul>
<h3>Improved</h3>
<p>JetStream</p>
<ul>
<li>Consumers with inactivity thresholds should no longer age out before
processing acks (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7107">#7107</a>)</li>
<li>The Raft layer will no longer request store state on each apply (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7109">#7109</a>)</li>
<li>Tombstones in Raft log compactions will now be written
asynchronously, similar to purges (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7109">#7109</a>)</li>
<li>When enabling per-message TTLs on a stream, existing messages with
the <code>Nats-TTL</code> header are now scanned and processed (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7117">#7117</a>)</li>
</ul>
<h3>Fixed</h3>
<p>General</p>
<ul>
<li>Message header lookups with common prefixes will now return
correctly in all cases, fixing a problem where the headers could be
sensitive to ordering (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7065">#7065</a>)</li>
<li>Validate that the <code>default_sentinel</code> JWT is a bearer
token for auth callout (7074)</li>
<li>The <code>$SYS.REQ.USER.INFO</code> endpoint should now only be
answered by the local server, fixing cases where the endpoint may
sometimes return without full connection details (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7089">#7089</a>)</li>
</ul>
<p>JetStream</p>
<ul>
<li>The Raft layer will require recovery and snapshot handling at
startup before campaigning for a leadership election, fixing a situation
where a node could continue with an outdated stream (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7040">#7040</a>)</li>
<li>The Raft log will no longer be compacted until after a snapshot is
written, improving crash resilience (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7043">#7043</a>)</li>
<li>A race condition when shutting down Raft nodes which could result in
no snapshot being written has been fixed (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7045">#7045</a>)</li>
<li>Consumer pull requests that use <code>no_wait</code> or
<code>expires</code> behaviour has been fixed with replicated consumers
(<a
href="https://redirect.github.com/nats-io/nats-server/issues/7046">#7046</a>)</li>
<li>Pull consumers with an inactive threshold will now consider pending
acks when determining inactivity, preventing the consumer from being
deleted while messages are being processed (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7052">#7052</a>)</li>
<li>Push consumers will now correctly error when trying to configure
priority groups (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7053">#7053</a>)</li>
<li>Committed entry objects will now be correctly returned to the pool
on error, reducing allocations (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7064">#7064</a>)</li>
<li>The time hash wheel used for per-message TTLs now correctly detects
and expires messages with TTLs over an hour, previously it could take
double the expected time (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7070">#7070</a>)</li>
<li>A potential panic when selecting message blocks during TTL recovery
has been fixed (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7072">#7072</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="df44964eb9"><code>df44964</code></a>
Release v2.11.7</li>
<li><a
href="b76090aa47"><code>b76090a</code></a>
Cherry-picks for 2.11.7 (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7132">#7132</a>)</li>
<li><a
href="2e4c373b4a"><code>2e4c373</code></a>
[FIXED] MaxBytes reservations underflow</li>
<li><a
href="42af9b5ae8"><code>42af9b5</code></a>
Release v2.11.7-RC.3</li>
<li><a
href="da4971cc4c"><code>da4971c</code></a>
Cherry-picks for 2.11.7-RC.3 (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7127">#7127</a>)</li>
<li><a
href="abac833e87"><code>abac833</code></a>
[FIXED] Detect removed blocks with stale index.db</li>
<li><a
href="29e0ee677f"><code>29e0ee6</code></a>
[IMPROVED] Recover TTL when enabled</li>
<li><a
href="6bebdc0616"><code>6bebdc0</code></a>
Release v2.11.7-RC.2</li>
<li><a
href="b3220a6ca0"><code>b3220a6</code></a>
Cherry-picks for 2.11.7-RC.2 (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7115">#7115</a>)</li>
<li><a
href="6014f41659"><code>6014f41</code></a>
Fix typos in doc comments</li>
<li>Additional commits viewable in <a
href="https://github.com/nats-io/nats-server/compare/v2.11.3...v2.11.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/nats-io/nats-server/v2&package-manager=go_modules&previous-version=2.11.3&new-version=2.11.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-12 13:08:29 +01:00
dependabot[bot]
4643eb89e1
Bump github.com/nats-io/nats.go from 1.42.0 to 1.44.0 (#3621)
Some checks are pending
Dendrite / WASM build test (push) Waiting to run
Details
Dendrite / Linting (push) Waiting to run
Details
Dendrite / Unit tests (push) Waiting to run
Details
Dendrite / Build for Linux (push) Waiting to run
Details
Dendrite / Build for Windows (push) Waiting to run
Details
Dendrite / Initial tests passed (push) Blocked by required conditions
Details
Dendrite / Integration tests (push) Blocked by required conditions
Details
Dendrite / Upgrade tests (push) Blocked by required conditions
Details
Dendrite / Upgrade tests from HEAD-2 (push) Blocked by required conditions
Details
Dendrite / Sytest (SQLite Cgo) (push) Blocked by required conditions
Details
Dendrite / Sytest (PostgreSQL) (push) Blocked by required conditions
Details
Dendrite / Sytest (SQLite native) (push) Blocked by required conditions
Details
Dendrite / Complement (PostgreSQL) (push) Blocked by required conditions
Details
Dendrite / Complement (SQLite native) (push) Blocked by required conditions
Details
Dendrite / Complement (SQLite Cgo) (push) Blocked by required conditions
Details
Dendrite / Integration tests passed (push) Blocked by required conditions
Details
Dendrite / Update Docker images (push) Blocked by required conditions
Details 
Bumps [github.com/nats-io/nats.go](https://github.com/nats-io/nats.go)
from 1.42.0 to 1.44.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nats-io/nats.go/releases">github.com/nats-io/nats.go's
releases</a>.</em></p>
<blockquote>
<h2>Release v1.44.0</h2>
<h2>Changelog</h2>
<h2>Overview</h2>
<p>This PR adds a <code>PushConsumer</code> implementation to
<code>jetstream</code>, allowing easier migration to new API while
maintaining usage of push consumers. For now it only supports the
callback-based <code>Consume()</code>, more consuming options will be
added in future releases.</p>
<h3>ADDED</h3>
<ul>
<li>Core NATS:
<ul>
<li><code>UserCredentialBytes()</code> <code>Conn</code> option (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1877">#1877</a>)</li>
</ul>
</li>
<li>JetStream:
<ul>
<li><code>PushConsumer</code> implementation in <code>jetstream</code>
package</li>
<li>Expose <code>ClientTrace</code> in <code>JetStreamOptions</code> (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1886">#1886</a>)</li>
</ul>
</li>
<li>Service API:
<ul>
<li>Expose <code>WithEndpointPendingLimits</code> option (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1899">#1899</a>)</li>
</ul>
</li>
<li>Legacy KeyValue:
<ul>
<li><code>Error()</code> method to <code>KeyLister</code> and
<code>KeyWatcher</code> interfaces (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1889">#1889</a>)</li>
</ul>
</li>
</ul>
<h3>FIXED</h3>
<ul>
<li>Core NATS:
<ul>
<li>Fix timeoutWriter not recovering after first error (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1896">#1896</a>)</li>
</ul>
</li>
<li>JetStream:
<ul>
<li><code>Consumer.Next()</code> hangs after connection is closed (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1883">#1883</a>)</li>
<li>Fixed stream info request for strict mode (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1887">#1887</a>)</li>
<li>Ordered consumer not closing on connection close (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1885">#1885</a>)</li>
<li>Return a more appropriate error when Subject Transform is not
supported (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1416">#1416</a>)</li>
<li>Fix subject transform comparison. Thanks <a
href="https://github.com/erikmansson"><code>@​erikmansson</code></a> for
the contribution (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1907">#1907</a>)</li>
</ul>
</li>
<li>Legacy JetStream:
<ul>
<li>Use timeout from <code>JetStreamContext</code> if no deadline is set
on ctx (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1909">#1909</a>)</li>
</ul>
</li>
<li>KeyValue:
<ul>
<li><code>Keys()</code> and <code>ListKeys()</code> returning duplicates
(<a
href="https://redirect.github.com/nats-io/nats.go/issues/1884">#1884</a>)</li>
<li>Fix subject prefix for the Create/Update operation in KV store.
Thanks <a
href="https://github.com/SalvaChiLlo"><code>@​SalvaChiLlo</code></a> for
the contribution (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1903">#1903</a>)</li>
</ul>
</li>
</ul>
<h3>CHANGED</h3>
<ul>
<li>Change <code>DefaultSubPendingMsgsLimit</code> (<a
href="https://redirect.github.com/nats-io/nats.go/issues/998">#998</a>)</li>
</ul>
<h3>Complete Changes</h3>
<p><a
href="https://github.com/nats-io/nats.go/compare/v1.43.0...v1.44.0">https://github.com/nats-io/nats.go/compare/v1.43.0...v1.44.0</a></p>
<h2>Release v1.43.0</h2>
<h2>Changelog</h2>
<h3>ADDED</h3>
<ul>
<li>Core NATS:
<ul>
<li>Add <code>nc.LocalAddr</code>, similar to
<code>nc.ConnectedAddr</code> (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1877">#1877</a>)</li>
</ul>
</li>
</ul>
<h3>FIXED</h3>
<ul>
<li>Service API:
<ul>
<li>Fix stopping service not unsubscribing from all endpoints. Thanks <a
href="https://github.com/arunsworld"><code>@​arunsworld</code></a> for
the contribution (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1872">#1872</a>)</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7a260b8b93"><code>7a260b8</code></a>
Release v1.44.0 (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1910">#1910</a>)</li>
<li><a
href="dfcb02dcdc"><code>dfcb02d</code></a>
[FIXED] Use mirror-aware prefix when updating KV key (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1903">#1903</a>)</li>
<li><a
href="0bba2a9842"><code>0bba2a9</code></a>
[ADDED] PushConsumer implementation in jetstream package (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1785">#1785</a>)</li>
<li><a
href="627a9f63c2"><code>627a9f6</code></a>
[FIXED] KeyValue Keys() and ListKeys() returning duplicates (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1884">#1884</a>)</li>
<li><a
href="9743171c2a"><code>9743171</code></a>
Merge pull request <a
href="https://redirect.github.com/nats-io/nats.go/issues/1909">#1909</a>
from nats-io/fix-watcher-timeout</li>
<li><a
href="3bd15a8026"><code>3bd15a8</code></a>
[FIXED] Use timeout from JetStreamContext if no deadline is set on
ctx</li>
<li><a
href="0fc96b1daa"><code>0fc96b1</code></a>
[FIXED] Fix subject transform comparison (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1907">#1907</a>)</li>
<li><a
href="ea3ef92823"><code>ea3ef92</code></a>
[IMPROVED] Change DefaultSubPendingMsgsLimit comment to reflect actual
value ...</li>
<li><a
href="f038fb4bee"><code>f038fb4</code></a>
[FIXED] Return a more appropriate error when subject transforms are not
suppo...</li>
<li><a
href="ad6e34e1ae"><code>ad6e34e</code></a>
[FIXED] Ordered consumer not closing on connection close (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1885">#1885</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/nats-io/nats.go/compare/v1.42.0...v1.44.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/nats-io/nats.go&package-manager=go_modules&previous-version=1.42.0&new-version=1.44.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-12 12:01:54 +01:00
Kegan Dougal
4d93d921be
Room version 12 (#3623)
Some checks are pending
Dendrite / Sytest (SQLite Cgo) (push) Blocked by required conditions
Details
Dendrite / WASM build test (push) Waiting to run
Details
Dendrite / Linting (push) Waiting to run
Details
Dendrite / Unit tests (push) Waiting to run
Details
Dendrite / Build for Linux (push) Waiting to run
Details
Dendrite / Build for Windows (push) Waiting to run
Details
Dendrite / Initial tests passed (push) Blocked by required conditions
Details
Dendrite / Integration tests (push) Blocked by required conditions
Details
Dendrite / Upgrade tests (push) Blocked by required conditions
Details
Dendrite / Upgrade tests from HEAD-2 (push) Blocked by required conditions
Details
Dendrite / Sytest (PostgreSQL) (push) Blocked by required conditions
Details
Dendrite / Sytest (SQLite native) (push) Blocked by required conditions
Details
Dendrite / Complement (PostgreSQL) (push) Blocked by required conditions
Details
Dendrite / Complement (SQLite native) (push) Blocked by required conditions
Details
Dendrite / Complement (SQLite Cgo) (push) Blocked by required conditions
Details
Dendrite / Integration tests passed (push) Blocked by required conditions
Details
Dendrite / Update Docker images (push) Blocked by required conditions
Details
2025-08-11 20:59:47 +01:00
Till
c133596baf
Update dependencies, fix /user/keys/query requests (#3600) 
Contains updates from
https://github.com/element-hq/dendrite/pull/3598
https://github.com/element-hq/dendrite/pull/3597
https://github.com/element-hq/dendrite/pull/3596
https://github.com/element-hq/dendrite/pull/3595

Updates GMSL to
904c8f0459
to fix issues with `/user/keys/query` requests.

### Pull Request Checklist

<!-- Please read
https://matrix-org.github.io/dendrite/development/contributing before
submitting your pull request -->

* [x] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement) for this PR _or_ I have
justified why this PR doesn't need tests
* [x] Pull request includes a [sign off
below](https://element-hq.github.io/dendrite/development/contributing#sign-off)
_or_ I have already signed off privately

Signed-off-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
 2025-06-19 07:58:55 +02:00
dependabot[bot]
0b3ffd6e12
Bump github.com/coder/websocket from 1.8.12 to 1.8.13 (#3584) 
Bumps [github.com/coder/websocket](https://github.com/coder/websocket)
from 1.8.12 to 1.8.13.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/coder/websocket/releases">github.com/coder/websocket's
releases</a>.</em></p>
<blockquote>
<h2>v1.8.13</h2>
<h2>Changes</h2>
<ul>
<li>Use new atomic types from Go 1.19 by <a
href="https://github.com/Jacalz"><code>@​Jacalz</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/444">coder/websocket#444</a></li>
<li>Fix coverage by <a
href="https://github.com/mafredri"><code>@​mafredri</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/466">coder/websocket#466</a></li>
<li>Clean out env passed to wasmbrowsertest in TestWasm by <a
href="https://github.com/mafredri"><code>@​mafredri</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/469">coder/websocket#469</a></li>
<li>Sunset the dev branch by <a
href="https://github.com/mafredri"><code>@​mafredri</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/471">coder/websocket#471</a></li>
<li>Replace filepath.Match with path.Match by <a
href="https://github.com/KianYang-Lee"><code>@​KianYang-Lee</code></a>
in <a
href="https://redirect.github.com/coder/websocket/pull/452">coder/websocket#452</a></li>
<li>internal/bpool: add New function by <a
href="https://github.com/bestgopher"><code>@​bestgopher</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/465">coder/websocket#465</a></li>
<li>accept: Add unwrapping for hijack like http.ResponseController by <a
href="https://github.com/mafredri"><code>@​mafredri</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/472">coder/websocket#472</a></li>
<li>docs: Fix docs and examples related to r.Context() usage by <a
href="https://github.com/mafredri"><code>@​mafredri</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/477">coder/websocket#477</a></li>
<li>Fix a typo in chat_test.go by <a
href="https://github.com/henrybear327"><code>@​henrybear327</code></a>
in <a
href="https://redirect.github.com/coder/websocket/pull/491">coder/websocket#491</a></li>
<li>fix: avoid writing messages after close and improve handshake by <a
href="https://github.com/FrauElster"><code>@​FrauElster</code></a> and
<a href="https://github.com/mafredri"><code>@​mafredri</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/476">coder/websocket#476</a></li>
<li>Disable AppArmor in CI to allow chrome sandbox by <a
href="https://github.com/igolaizola"><code>@​igolaizola</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/511">coder/websocket#511</a></li>
<li>ci: disable AppArmor on daily and static workflows by <a
href="https://github.com/igolaizola"><code>@​igolaizola</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/513">coder/websocket#513</a></li>
<li>Fix build with Go 1.24 by <a
href="https://github.com/flyn-org"><code>@​flyn-org</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/508">coder/websocket#508</a></li>
<li>Add ping and pong received callbacks by <a
href="https://github.com/igolaizola"><code>@​igolaizola</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/509">coder/websocket#509</a></li>
<li>ci: update wasmbrowsertest to a specific commit by <a
href="https://github.com/igolaizola"><code>@​igolaizola</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/514">coder/websocket#514</a></li>
<li>ci: lock down staticcheck and govulncheck in lint.sh by <a
href="https://github.com/mafredri"><code>@​mafredri</code></a> in <a
href="https://redirect.github.com/coder/websocket/pull/523">coder/websocket#523</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/coder/websocket/compare/v1.8.12...v1.8.13">https://github.com/coder/websocket/compare/v1.8.12...v1.8.13</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="64d7449933"><code>64d7449</code></a>
ci: lock down versions in lint.sh and fix ci (<a
href="https://redirect.github.com/coder/websocket/issues/523">#523</a>)</li>
<li><a
href="d1468a75ee"><code>d1468a7</code></a>
ci: update wasmbrowsertest to a specific commit (<a
href="https://redirect.github.com/coder/websocket/issues/514">#514</a>)</li>
<li><a
href="703784f077"><code>703784f</code></a>
feat: add ping and pong received callbacks (<a
href="https://redirect.github.com/coder/websocket/issues/509">#509</a>)</li>
<li><a
href="aec630d59c"><code>aec630d</code></a>
fix: conform to stricter printf usage in Go 1.24 (<a
href="https://redirect.github.com/coder/websocket/issues/508">#508</a>)</li>
<li><a
href="497ac50c0a"><code>497ac50</code></a>
ci: disable AppArmor on daily and static workflows (<a
href="https://redirect.github.com/coder/websocket/issues/513">#513</a>)</li>
<li><a
href="3e183a987f"><code>3e183a9</code></a>
ci: disable AppArmor to allow Chrome sandbox (<a
href="https://redirect.github.com/coder/websocket/issues/511">#511</a>)</li>
<li><a
href="11bda985bf"><code>11bda98</code></a>
fix: avoid writing messages after close and improve handshake (<a
href="https://redirect.github.com/coder/websocket/issues/476">#476</a>)</li>
<li><a
href="1253b774ea"><code>1253b77</code></a>
chore: bump the internal-deps group across 2 directories with 5 updates
(<a
href="https://redirect.github.com/coder/websocket/issues/500">#500</a>)</li>
<li><a
href="d67767c5d2"><code>d67767c</code></a>
chore(.github): group dependabot PRs and reduce frequency (<a
href="https://redirect.github.com/coder/websocket/issues/499">#499</a>)</li>
<li><a
href="02080e979f"><code>02080e9</code></a>
Fix a typo in chat_test.go (<a
href="https://redirect.github.com/coder/websocket/issues/491">#491</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/coder/websocket/compare/v1.8.12...v1.8.13">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/coder/websocket&package-manager=go_modules&previous-version=1.8.12&new-version=1.8.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-05 22:21:01 +02:00
dependabot[bot]
7427fc21d0
Bump github.com/prometheus/client_golang from 1.20.5 to 1.22.0 (#3586) 
Bumps
[github.com/prometheus/client_golang](https://github.com/prometheus/client_golang)
from 1.20.5 to 1.22.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/prometheus/client_golang/releases">github.com/prometheus/client_golang's
releases</a>.</em></p>
<blockquote>
<h2>v1.22.0 - 2025-04-07</h2>
<p>⚠️ This release contains potential breaking change if you use
experimental <code>zstd</code> support introduce in <a
href="https://redirect.github.com/prometheus/client_golang/issues/1496">#1496</a>
⚠️</p>
<p>Experimental support for <code>zstd</code> on scrape was added,
controlled by the request <code>Accept-Encoding</code> header.
It was enabled by default since version 1.20, but now you need to add a
blank import to enable it.
The decision to make it opt-in by default was originally made because
the Go standard library was expected to have default zstd support added
soon,
<a
href="https://redirect.github.com/golang/go/issues/62513">golang/go#62513</a>
however, the work took longer than anticipated and it will be postponed
to upcoming major Go versions.</p>
<p>e.g.:</p>
<blockquote>
<pre lang="go"><code>import (
_
&quot;github.com/prometheus/client_golang/prometheus/promhttp/zstd&quot;
)
</code></pre>
</blockquote>
<ul>
<li>[FEATURE] prometheus: Add new CollectorFunc utility <a
href="https://redirect.github.com/prometheus/client_golang/issues/1724">#1724</a></li>
<li>[CHANGE] Minimum required Go version is now 1.22 (we also test
client_golang against latest go version - 1.24) <a
href="https://redirect.github.com/prometheus/client_golang/issues/1738">#1738</a></li>
<li>[FEATURE] api: <code>WithLookbackDelta</code> and
<code>WithStats</code> options have been added to API client. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1743">#1743</a></li>
<li>[CHANGE] ⚠️ promhttp: Isolate zstd support and
klauspost/compress library use to promhttp/zstd package. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1765">#1765</a></li>
</ul>
<!-- raw HTML omitted -->
<ul>
<li>build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1720">prometheus/client_golang#1720</a></li>
<li>build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.3
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1719">prometheus/client_golang#1719</a></li>
<li>Update RELEASE.md by <a
href="https://github.com/bwplotka"><code>@​bwplotka</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1721">prometheus/client_golang#1721</a></li>
<li>chore(docs): Add links for the upstream PRs by <a
href="https://github.com/kakkoyun"><code>@​kakkoyun</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1722">prometheus/client_golang#1722</a></li>
<li>Added tips on releasing client and checking with k8s. by <a
href="https://github.com/bwplotka"><code>@​bwplotka</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1723">prometheus/client_golang#1723</a></li>
<li>feat: Add new CollectorFunc utility by <a
href="https://github.com/Saumya40-codes"><code>@​Saumya40-codes</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1724">prometheus/client_golang#1724</a></li>
<li>build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1725">prometheus/client_golang#1725</a></li>
<li>build(deps): bump the github-actions group with 5 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1726">prometheus/client_golang#1726</a></li>
<li>Synchronize common files from prometheus/prometheus by <a
href="https://github.com/prombot"><code>@​prombot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1727">prometheus/client_golang#1727</a></li>
<li>Synchronize common files from prometheus/prometheus by <a
href="https://github.com/prombot"><code>@​prombot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1731">prometheus/client_golang#1731</a></li>
<li>build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1739">prometheus/client_golang#1739</a></li>
<li>build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1740">prometheus/client_golang#1740</a></li>
<li>Cleanup dependabot config by <a
href="https://github.com/SuperQ"><code>@​SuperQ</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1741">prometheus/client_golang#1741</a></li>
<li>Upgrade Golang version v1.24 by <a
href="https://github.com/dongjiang1989"><code>@​dongjiang1989</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1738">prometheus/client_golang#1738</a></li>
<li>build(deps): bump the github-actions group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1742">prometheus/client_golang#1742</a></li>
<li>Merging 1.21 release back to main. by <a
href="https://github.com/bwplotka"><code>@​bwplotka</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1744">prometheus/client_golang#1744</a></li>
<li>Synchronize common files from prometheus/prometheus by <a
href="https://github.com/prombot"><code>@​prombot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1745">prometheus/client_golang#1745</a></li>
<li>Add support for undocumented query options for API by <a
href="https://github.com/mahendrapaipuri"><code>@​mahendrapaipuri</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1743">prometheus/client_golang#1743</a></li>
<li>exp/api: Add experimental exp module; Add remote API with write
client and handler. by <a
href="https://github.com/bwplotka"><code>@​bwplotka</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1658">prometheus/client_golang#1658</a></li>
<li>exp/api: Add accepted msg type validation to handler by <a
href="https://github.com/saswatamcode"><code>@​saswatamcode</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1750">prometheus/client_golang#1750</a></li>
<li>build(deps): bump the github-actions group with 5 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1751">prometheus/client_golang#1751</a></li>
<li>build(deps): bump github.com/klauspost/compress from 1.17.11 to
1.18.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1752">prometheus/client_golang#1752</a></li>
<li>build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1753">prometheus/client_golang#1753</a></li>
<li>exp: Reset snappy buf by <a
href="https://github.com/saswatamcode"><code>@​saswatamcode</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1756">prometheus/client_golang#1756</a></li>
<li>Merge release 1.21.1 to main. by <a
href="https://github.com/bwplotka"><code>@​bwplotka</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1762">prometheus/client_golang#1762</a></li>
<li>exp: Add dependabot config by <a
href="https://github.com/saswatamcode"><code>@​saswatamcode</code></a>
in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1754">prometheus/client_golang#1754</a></li>
<li>build(deps): bump peter-evans/create-pull-request from 7.0.7 to
7.0.8 in the github-actions group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/prometheus/client_golang/pull/1764">prometheus/client_golang#1764</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md">github.com/prometheus/client_golang's
changelog</a>.</em></p>
<blockquote>
<h2>1.22.0 / 2025-04-07</h2>
<p>⚠️ This release contains potential breaking change if you use
experimental <code>zstd</code> support introduce in <a
href="https://redirect.github.com/prometheus/client_golang/issues/1496">#1496</a>
⚠️</p>
<p>Experimental support for <code>zstd</code> on scrape was added,
controlled by the request <code>Accept-Encoding</code> header.
It was enabled by default since version 1.20, but now you need to add a
blank import to enable it.
The decision to make it opt-in by default was originally made because
the Go standard library was expected to have default zstd support added
soon,
<a
href="https://redirect.github.com/golang/go/issues/62513">golang/go#62513</a>
however, the work took longer than anticipated and it will be postponed
to upcoming major Go versions.</p>
<p>e.g.:</p>
<blockquote>
<pre lang="go"><code>import (
_
&quot;github.com/prometheus/client_golang/prometheus/promhttp/zstd&quot;
)
</code></pre>
</blockquote>
<ul>
<li>[FEATURE] prometheus: Add new CollectorFunc utility <a
href="https://redirect.github.com/prometheus/client_golang/issues/1724">#1724</a></li>
<li>[CHANGE] Minimum required Go version is now 1.22 (we also test
client_golang against latest go version - 1.24) <a
href="https://redirect.github.com/prometheus/client_golang/issues/1738">#1738</a></li>
<li>[FEATURE] api: <code>WithLookbackDelta</code> and
<code>WithStats</code> options have been added to API client. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1743">#1743</a></li>
<li>[CHANGE] ⚠️ promhttp: Isolate zstd support and
klauspost/compress library use to promhttp/zstd package. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1765">#1765</a></li>
</ul>
<h2>1.21.1 / 2025-03-04</h2>
<ul>
<li>[BUGFIX] prometheus: Revert of <code>Inc</code>, <code>Add</code>
and <code>Observe</code> cumulative metric CAS optimizations (<a
href="https://redirect.github.com/prometheus/client_golang/issues/1661">#1661</a>),
causing regressions on low contention cases.</li>
<li>[BUGFIX] prometheus: Fix GOOS=ios build, broken due to
process_collector_* wrong build tags.</li>
</ul>
<h2>1.21.0 / 2025-02-17</h2>
<p>⚠️ This release contains potential breaking change if you
upgrade <code>github.com/prometheus/common</code> to 0.62+ together with
client_golang. ⚠️</p>
<p>New common version <a
href="https://redirect.github.com/prometheus/common/pull/724">changes
<code>model.NameValidationScheme</code> global variable</a>, which
relaxes the validation of label names and metric name, allowing all
UTF-8 characters. Typically, this should not break any user, unless your
test or usage expects strict certain names to panic/fail on
client_golang metric registration, gathering or scrape. In case of
problems change <code>model.NameValidationScheme</code> to old
<code>model.LegacyValidation</code> value in your project
<code>init</code> function.</p>
<ul>
<li>[BUGFIX] gocollector: Fix help message for runtime/metric metrics.
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1583">#1583</a></li>
<li>[BUGFIX] prometheus: Fix <code>Desc.String()</code> method for no
labels case. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1687">#1687</a></li>
<li>[ENHANCEMENT] prometheus: Optimize popular
<code>prometheus.BuildFQName</code> function; now up to 30% faster. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1665">#1665</a></li>
<li>[ENHANCEMENT] prometheus: Optimize <code>Inc</code>,
<code>Add</code> and <code>Observe</code> cumulative metrics; now up to
50% faster under high concurrent contention. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1661">#1661</a></li>
<li>[CHANGE] Upgrade prometheus/common to 0.62.0 which changes
<code>model.NameValidationScheme</code> global variable. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1712">#1712</a></li>
<li>[CHANGE] Add support for Go 1.23. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1602">#1602</a></li>
<li>[FEATURE] process_collector: Add support for Darwin systems. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1600">#1600</a>
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1616">#1616</a>
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1625">#1625</a>
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1675">#1675</a>
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1715">#1715</a></li>
<li>[FEATURE] api: Add ability to invoke
<code>CloseIdleConnections</code> on api.Client using
<code>api.Client.(CloseIdler).CloseIdleConnections()</code> casting. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1513">#1513</a></li>
<li>[FEATURE] promhttp: Add
<code>promhttp.HandlerOpts.EnableOpenMetricsTextCreatedSamples</code>
option to create OpenMetrics _created lines. Not recommended unless you
want to use opt-in Created Timestamp feature. Community works on
OpenMetrics 2.0 format that should make those lines obsolete (they
increase cardinality significantly). <a
href="https://redirect.github.com/prometheus/client_golang/issues/1408">#1408</a></li>
<li>[FEATURE] prometheus: Add <code>NewConstNativeHistogram</code>
function. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1654">#1654</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d50be25511"><code>d50be25</code></a>
Cut 1.22.0 (<a
href="https://redirect.github.com/prometheus/client_golang/issues/1793">#1793</a>)</li>
<li><a
href="1043db7cb8"><code>1043db7</code></a>
Cut 1.22.0-rc.0 (<a
href="https://redirect.github.com/prometheus/client_golang/issues/1768">#1768</a>)</li>
<li><a
href="e575c9c04e"><code>e575c9c</code></a>
promhttp: Isolate zstd support and klauspost/compress library use to
promhttp...</li>
<li><a
href="f2276aa7d4"><code>f2276aa</code></a>
Merge pull request <a
href="https://redirect.github.com/prometheus/client_golang/issues/1764">#1764</a>
from prometheus/dependabot/github_actions/github-act...</li>
<li><a
href="9df772cc5f"><code>9df772c</code></a>
build(deps): bump peter-evans/create-pull-request</li>
<li><a
href="a3548c5aa8"><code>a3548c5</code></a>
Merge pull request <a
href="https://redirect.github.com/prometheus/client_golang/issues/1754">#1754</a>
from saswatamcode/exp-eh</li>
<li><a
href="60fd2b0490"><code>60fd2b0</code></a>
Remove go.work file for now</li>
<li><a
href="8f9d0de689"><code>8f9d0de</code></a>
exp: Add dependabot config</li>
<li><a
href="c5cf981312"><code>c5cf981</code></a>
Merge pull request <a
href="https://redirect.github.com/prometheus/client_golang/issues/1762">#1762</a>
from prometheus/release-1.21</li>
<li><a
href="8a42da3e4b"><code>8a42da3</code></a>
Fix ios build. (<a
href="https://redirect.github.com/prometheus/client_golang/issues/1758">#1758</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/prometheus/client_golang/compare/v1.20.5...v1.22.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/prometheus/client_golang&package-manager=go_modules&previous-version=1.20.5&new-version=1.22.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-05 22:20:50 +02:00
dependabot[bot]
545e96ea3b
Bump gotest.tools/v3 from 3.5.1 to 3.5.2 (#3587) 
Bumps [gotest.tools/v3](https://github.com/gotestyourself/gotest.tools)
from 3.5.1 to 3.5.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gotestyourself/gotest.tools/releases">gotest.tools/v3's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.2</h2>
<h2>What's Changed</h2>
<ul>
<li>assert: ensure message is always displayed &amp; fix under bazel by
<a href="https://github.com/cstrahan"><code>@​cstrahan</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/276">gotestyourself/gotest.tools#276</a></li>
<li>go.mod: golang.org/x/tools v0.13.0 for go1.22+ compatibility by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/282">gotestyourself/gotest.tools#282</a></li>
<li>poll: Continue(): use format.Message for formatting by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/279">gotestyourself/gotest.tools#279</a></li>
<li>fix TestFromDirSymlink on Windows due to missing drive-letter by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/283">gotestyourself/gotest.tools#283</a></li>
<li>Fix various linting issues and minor bugs by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/280">gotestyourself/gotest.tools#280</a></li>
<li>fix badges in readme, gofmt, and minor linting fix by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/284">gotestyourself/gotest.tools#284</a></li>
<li>circleci: add go1.21, go1.22, go1.23, and update golangci-lint to
v1.60.3 by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/285">gotestyourself/gotest.tools#285</a></li>
<li>assert, assert/cmp: un-deprecate assert.ErrorType for now by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/286">gotestyourself/gotest.tools#286</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/cstrahan"><code>@​cstrahan</code></a>
made their first contribution in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/276">gotestyourself/gotest.tools#276</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gotestyourself/gotest.tools/compare/v3.5.1...v3.5.2">https://github.com/gotestyourself/gotest.tools/compare/v3.5.1...v3.5.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0b81523ff2"><code>0b81523</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/286">#286</a>
from thaJeztah/undeprecate_ErrorType</li>
<li><a
href="c5dad8f46d"><code>c5dad8f</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/285">#285</a>
from thaJeztah/update_go_versions</li>
<li><a
href="160ab0edaf"><code>160ab0e</code></a>
Remove go1.18 and go1.19</li>
<li><a
href="8569bbc4e1"><code>8569bbc</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/284">#284</a>
from thaJeztah/cleanup_readme</li>
<li><a
href="4256834a5f"><code>4256834</code></a>
assert, assert/cmp: un-deprecate assert.ErrorType for now</li>
<li><a
href="eb321863ba"><code>eb32186</code></a>
circleci: update golangci-lint to v1.60.3</li>
<li><a
href="5fc84733cf"><code>5fc8473</code></a>
circleci: add go1.21, go1.22, go1.23</li>
<li><a
href="6f26df9681"><code>6f26df9</code></a>
circleci: test generics on go1.20 and windows as well</li>
<li><a
href="732dfcf754"><code>732dfcf</code></a>
internal/difflib: rename funcs that collided with built-ins</li>
<li><a
href="7d95f55d2c"><code>7d95f55</code></a>
internal/difflib: gofmt</li>
<li>Additional commits viewable in <a
href="https://github.com/gotestyourself/gotest.tools/compare/v3.5.1...v3.5.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gotest.tools/v3&package-manager=go_modules&previous-version=3.5.1&new-version=3.5.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-05 22:00:35 +02:00
dependabot[bot]
a8c18b3a0a
Bump golang.org/x/image from 0.23.0 to 0.27.0 (#3585) 
Bumps [golang.org/x/image](https://github.com/golang/image) from 0.23.0
to 0.27.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="64815fb893"><code>64815fb</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="0aed5e29b6"><code>0aed5e2</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="e7e23ba501"><code>e7e23ba</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="58efddcdbf"><code>58efddc</code></a>
all: use a more straightforward return value</li>
<li><a
href="ef6c1ab6fe"><code>ef6c1ab</code></a>
all: upgrade go directive to at least 1.23.0 [generated]</li>
<li><a
href="45df02f8a1"><code>45df02f</code></a>
go.mod: update golang.org/x dependencies</li>
<li>See full diff in <a
href="https://github.com/golang/image/compare/v0.23.0...v0.27.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/image&package-manager=go_modules&previous-version=0.23.0&new-version=0.27.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-05 22:00:22 +02:00
Till Faelligen
86358e1af6
Bump golang.org/x/net 2025-05-17 20:25:44 +02:00
Till
f0578a506d
Update deps (#3580) 
⚠ This also bumps the required go version to 1.23.0

All in one dependabot updates:
https://github.com/element-hq/dendrite/pull/3507
https://github.com/element-hq/dendrite/pull/3559
https://github.com/element-hq/dendrite/pull/3560
https://github.com/element-hq/dendrite/pull/3561
https://github.com/element-hq/dendrite/pull/3573
https://github.com/element-hq/dendrite/pull/3574
https://github.com/element-hq/dendrite/pull/3575
https://github.com/element-hq/dendrite/pull/3576
https://github.com/element-hq/dendrite/pull/3577
https://github.com/element-hq/dendrite/pull/3579

### Pull Request Checklist

<!-- Please read
https://matrix-org.github.io/dendrite/development/contributing before
submitting your pull request -->

* [ ] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement) for this PR _or_ I have
justified why this PR doesn't need tests
* [ ] Pull request includes a [sign off
below](https://element-hq.github.io/dendrite/development/contributing#sign-off)
_or_ I have already signed off privately

Signed-off-by: `Your Name <your@email.example.org>`
 2025-05-16 18:52:30 +02:00
Till
ad22d950dd
Remove bimg thumbnailer (#3522) 
As it is most likely not used anyway. (It's not the default)
 2025-02-03 13:18:52 +01:00
dependabot[bot]
8872299b43
Bump golang.org/x/image from 0.18.0 to 0.23.0 (#3518) 
Bumps [golang.org/x/image](https://github.com/golang/image) from 0.18.0
to 0.23.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="941f2100a0"><code>941f210</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="3724ab8af5"><code>3724ab8</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="ec562a8fd9"><code>ec562a8</code></a>
README: don't recommend go get</li>
<li><a
href="931781a504"><code>931781a</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="c82123aa13"><code>c82123a</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="59aa0406c4"><code>59aa040</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="8bfd4fda75"><code>8bfd4fd</code></a>
colornames: update link to SVG spec</li>
<li><a
href="bad7eb8559"><code>bad7eb8</code></a>
LICENSE: update per Google Legal</li>
<li><a
href="9abbe108cb"><code>9abbe10</code></a>
draw: avoid FMA (Fused Multiply Add)</li>
<li>See full diff in <a
href="https://github.com/golang/image/compare/v0.18.0...v0.23.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/image&package-manager=go_modules&previous-version=0.18.0&new-version=0.23.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-29 19:38:10 +01:00
dependabot[bot]
6be7249368
Bump github.com/Masterminds/semver/v3 from 3.1.1 to 3.3.1 (#3519) 
Bumps
[github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver)
from 3.1.1 to 3.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/Masterminds/semver/releases">github.com/Masterminds/semver/v3's
releases</a>.</em></p>
<blockquote>
<h2>v3.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix for allowing some version that were invalid by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/253">Masterminds/semver#253</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/Masterminds/semver/compare/v3.3.0...v3.3.1">https://github.com/Masterminds/semver/compare/v3.3.0...v3.3.1</a></p>
<h2>v3.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix: bad package in README by <a
href="https://github.com/sdelicata"><code>@​sdelicata</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/226">Masterminds/semver#226</a></li>
<li>Updating the GitHub Actions and versions of Go used by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/229">Masterminds/semver#229</a></li>
<li>Fix spelling in README by <a
href="https://github.com/robinschneider"><code>@​robinschneider</code></a>
in <a
href="https://redirect.github.com/Masterminds/semver/pull/222">Masterminds/semver#222</a></li>
<li>Adding go build cache to fuzz output by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/232">Masterminds/semver#232</a></li>
<li>Add caching to fuzz testing by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/234">Masterminds/semver#234</a></li>
<li>updating github actions by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/235">Masterminds/semver#235</a></li>
<li>feat: nil version equality by <a
href="https://github.com/KnutZuidema"><code>@​KnutZuidema</code></a> in
<a
href="https://redirect.github.com/Masterminds/semver/pull/213">Masterminds/semver#213</a></li>
<li>add &gt;= and &lt;= by <a
href="https://github.com/grosser"><code>@​grosser</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/238">Masterminds/semver#238</a></li>
<li>doc: hyphen range constraint without whitespace by <a
href="https://github.com/johnnychen94"><code>@​johnnychen94</code></a>
in <a
href="https://redirect.github.com/Masterminds/semver/pull/216">Masterminds/semver#216</a></li>
<li>Removing reference to vert by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/245">Masterminds/semver#245</a></li>
<li>simplify StrictNewVersion by <a
href="https://github.com/grosser"><code>@​grosser</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/241">Masterminds/semver#241</a></li>
<li>Updating the testing version of Go used by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/246">Masterminds/semver#246</a></li>
<li>bumping min version in go.mod based on what's tested by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/248">Masterminds/semver#248</a></li>
<li>Updating changelog for 3.3.0 by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/249">Masterminds/semver#249</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/sdelicata"><code>@​sdelicata</code></a>
made their first contribution in <a
href="https://redirect.github.com/Masterminds/semver/pull/226">Masterminds/semver#226</a></li>
<li><a
href="https://github.com/robinschneider"><code>@​robinschneider</code></a>
made their first contribution in <a
href="https://redirect.github.com/Masterminds/semver/pull/222">Masterminds/semver#222</a></li>
<li><a
href="https://github.com/KnutZuidema"><code>@​KnutZuidema</code></a>
made their first contribution in <a
href="https://redirect.github.com/Masterminds/semver/pull/213">Masterminds/semver#213</a></li>
<li><a href="https://github.com/grosser"><code>@​grosser</code></a> made
their first contribution in <a
href="https://redirect.github.com/Masterminds/semver/pull/238">Masterminds/semver#238</a></li>
<li><a
href="https://github.com/johnnychen94"><code>@​johnnychen94</code></a>
made their first contribution in <a
href="https://redirect.github.com/Masterminds/semver/pull/216">Masterminds/semver#216</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0">https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0</a></p>
<h2>v3.2.1</h2>
<h3>Changed</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/198">#198</a>:
Improved testing around pre-release names</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/200">#200</a>:
Improved code scanning with addition of CodeQL</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/201">#201</a>:
Testing now includes Go 1.20. Go 1.17 has been dropped</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/202">#202</a>:
Migrated Fuzz testing to Go built-in Fuzzing. CI runs daily</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/203">#203</a>:
Docs updated for security details</li>
</ul>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/199">#199</a>:
Fixed issue with range transformations</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/Masterminds/semver/compare/v3.2.0...v3.2.1">https://github.com/Masterminds/semver/compare/v3.2.0...v3.2.1</a></p>
<h2>v3.2.0</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Masterminds/semver/blob/master/CHANGELOG.md">github.com/Masterminds/semver/v3's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>3.3.0 (2024-08-27)</h2>
<h3>Added</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/238">#238</a>:
Add LessThanEqual and GreaterThanEqual functions (thanks <a
href="https://github.com/grosser"><code>@​grosser</code></a>)</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/213">#213</a>:
nil version equality checking (thanks <a
href="https://github.com/KnutZuidema"><code>@​KnutZuidema</code></a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/241">#241</a>:
Simplify StrictNewVersion parsing (thanks <a
href="https://github.com/grosser"><code>@​grosser</code></a>)</li>
<li>Testing support up through Go 1.23</li>
<li>Minimum version set to 1.21 as this is what's tested now</li>
<li>Fuzz testing now supports caching</li>
</ul>
<h2>3.2.1 (2023-04-10)</h2>
<h3>Changed</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/198">#198</a>:
Improved testing around pre-release names</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/200">#200</a>:
Improved code scanning with addition of CodeQL</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/201">#201</a>:
Testing now includes Go 1.20. Go 1.17 has been dropped</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/202">#202</a>:
Migrated Fuzz testing to Go built-in Fuzzing. CI runs daily</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/203">#203</a>:
Docs updated for security details</li>
</ul>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/199">#199</a>:
Fixed issue with range transformations</li>
</ul>
<h2>3.2.0 (2022-11-28)</h2>
<h3>Added</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/190">#190</a>:
Added text marshaling and unmarshaling</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/167">#167</a>:
Added JSON marshalling for constraints (thanks <a
href="https://github.com/SimonTheLeg"><code>@​SimonTheLeg</code></a>)</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/173">#173</a>:
Implement encoding.TextMarshaler and encoding.TextUnmarshaler on Version
(thanks <a
href="https://github.com/MarkRosemaker"><code>@​MarkRosemaker</code></a>)</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/179">#179</a>:
Added New() version constructor (thanks <a
href="https://github.com/kazhuravlev"><code>@​kazhuravlev</code></a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/182">#182</a>/<a
href="https://redirect.github.com/Masterminds/semver/issues/183">#183</a>:
Updated CI testing setup</li>
</ul>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/186">#186</a>:
Fixing issue where validation of constraint section gave false
positives</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/176">#176</a>:
Fix constraints check with *-0 (thanks <a
href="https://github.com/mtt0"><code>@​mtt0</code></a>)</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/181">#181</a>:
Fixed Caret operator (^) gives unexpected results when the minor version
in constraint is 0 (thanks <a
href="https://github.com/arshchimni"><code>@​arshchimni</code></a>)</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/161">#161</a>:
Fixed godoc (thanks <a
href="https://github.com/afirth"><code>@​afirth</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1558ca3488"><code>1558ca3</code></a>
Merge pull request <a
href="https://redirect.github.com/Masterminds/semver/issues/253">#253</a>
from mattfarina/fix-bad-versions</li>
<li><a
href="252dd61dd3"><code>252dd61</code></a>
Fix for allowing some version that were invalid</li>
<li><a
href="e6e3d4d3cb"><code>e6e3d4d</code></a>
Merge pull request <a
href="https://redirect.github.com/Masterminds/semver/issues/249">#249</a>
from mattfarina/update-changelog-3.3.0</li>
<li><a
href="e80c4ea723"><code>e80c4ea</code></a>
Updating changelog for 3.3.0</li>
<li><a
href="80427ad56e"><code>80427ad</code></a>
Merge pull request <a
href="https://redirect.github.com/Masterminds/semver/issues/248">#248</a>
from mattfarina/bump-min-version</li>
<li><a
href="b610837227"><code>b610837</code></a>
bumping min version in go.mod based on what's tested</li>
<li><a
href="a4cccd8ea5"><code>a4cccd8</code></a>
Merge pull request <a
href="https://redirect.github.com/Masterminds/semver/issues/246">#246</a>
from mattfarina/bump-go-1.23</li>
<li><a
href="7c178cf0c6"><code>7c178cf</code></a>
Updating the testing version of Go used</li>
<li><a
href="29f94c1119"><code>29f94c1</code></a>
Merge pull request <a
href="https://redirect.github.com/Masterminds/semver/issues/241">#241</a>
from grosser/grosser/validate</li>
<li><a
href="2cf1b16b95"><code>2cf1b16</code></a>
Merge pull request <a
href="https://redirect.github.com/Masterminds/semver/issues/245">#245</a>
from mattfarina/remove-vert</li>
<li>Additional commits viewable in <a
href="https://github.com/Masterminds/semver/compare/v3.1.1...v3.3.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/Masterminds/semver/v3&package-manager=go_modules&previous-version=3.1.1&new-version=3.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-28 16:58:14 +00:00
dependabot[bot]
1b8b88cd3d
Bump github.com/yggdrasil-network/yggdrasil-go from 0.5.11 to 0.5.12 (#3505) 
Bumps
[github.com/yggdrasil-network/yggdrasil-go](https://github.com/yggdrasil-network/yggdrasil-go)
from 0.5.11 to 0.5.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/yggdrasil-network/yggdrasil-go/releases">github.com/yggdrasil-network/yggdrasil-go's
releases</a>.</em></p>
<blockquote>
<h2>Version 0.5.12</h2>
<ul>
<li>Go 1.22 is now required to build Yggdrasil</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>latency_ms</code> field in the admin socket
<code>getPeers</code> response has been renamed to
<code>latency</code></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>A timing regression which causes a higher level of idle protocol
traffic on each peering has been fixed</li>
<li>The <code>-user</code> flag now correctly detects an empty
user/group specification</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/yggdrasil-network/yggdrasil-go/blob/develop/CHANGELOG.md">github.com/yggdrasil-network/yggdrasil-go's
changelog</a>.</em></p>
<blockquote>
<h2>[0.5.12] - 2024-12-18</h2>
<ul>
<li>Go 1.22 is now required to build Yggdrasil</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>latency_ms</code> field in the admin socket
<code>getPeers</code> response has been renamed to
<code>latency</code></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>A timing regression which causes a higher level of idle protocol
traffic on each peering has been fixed</li>
<li>The <code>-user</code> flag now correctly detects an empty
user/group specification</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="213f72b840"><code>213f72b</code></a>
Yggdrasil 0.5.12</li>
<li><a
href="1fbcf3b3c2"><code>1fbcf3b</code></a>
Rename <code>latency_ms</code> to <code>latency</code> in
<code>getPeers</code> response since it isn't even m...</li>
<li><a
href="22bc9c44e2"><code>22bc9c4</code></a>
genkeys print the number of generated keys (<a
href="https://redirect.github.com/yggdrasil-network/yggdrasil-go/issues/1217">#1217</a>)</li>
<li><a
href="9c73bacab9"><code>9c73bac</code></a>
Update to Go 1.22, quic-go/quic-go@v0.48.2 (<a
href="https://redirect.github.com/yggdrasil-network/yggdrasil-go/issues/1218">#1218</a>)</li>
<li><a
href="04be129878"><code>04be129</code></a>
Update to Arceliar/ironwood@743fe2f</li>
<li><a
href="657f7e0db3"><code>657f7e0</code></a>
Fix empty user/group detection on <code>chuser</code></li>
<li>See full diff in <a
href="https://github.com/yggdrasil-network/yggdrasil-go/compare/v0.5.11...v0.5.12">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/yggdrasil-network/yggdrasil-go&package-manager=go_modules&previous-version=0.5.11&new-version=0.5.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>
 2025-01-24 20:48:47 +00:00
dependabot[bot]
f43a426b78
Bump github.com/blevesearch/bleve/v2 from 2.4.0 to 2.4.4 (#3506) 
Bumps
[github.com/blevesearch/bleve/v2](https://github.com/blevesearch/bleve)
from 2.4.0 to 2.4.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/blevesearch/bleve/releases">github.com/blevesearch/bleve/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.4</h2>
<h5>Bug Fixes</h5>
<ul>
<li>Identified root cause for <a
href="https://redirect.github.com/blevesearch/bleve/issues/1662">blevesearch/bleve#1662</a>
to be recycling of TermFieldReaders that was causing illegal/incorrect
access of several in-memory structures in certain scenarios. We've gone
ahead and disabled this feature with <a
href="https://redirect.github.com/blevesearch/bleve/pull/2117">blevesearch/bleve#2117</a>
+ <a
href="https://redirect.github.com/blevesearch/bleve/pull/2121">blevesearch/bleve#2121</a>
. Will work towards re-enabling in the near future once we've ironed out
the several associated wrinkles.</li>
<li>Introduced a guard rail with <a
href="https://redirect.github.com/blevesearch/zapx/pull/282">blevesearch/zapx#282</a>
while performing vector search queries with pre-filtering to avoid
hitting a panic when qualified docs do not hold valid vector
fields.</li>
<li>Fixed an issue while applying <code>ivf_max_codes_pct</code> in
vector search requests involving pre-filtering which can cause reduction
in recall - <a
href="https://redirect.github.com/blevesearch/go-faiss/pull/40">blevesearch/go-faiss#40</a></li>
</ul>
<p>Vector search continues to require same version of <code>faiss</code>
dynamic library (as with <a
href="https://github.com/blevesearch/bleve/releases/tag/v2.4.3">v2.4.3</a>)
to be built from <a
href="b747c55a93">blevesearch/faiss@b747c55a</a>
which is a modified version of <a
href="https://github.com/facebookresearch/faiss/releases/tag/v1.8.0">v1.8.0</a></p>
<h5>Milestone</h5>
<ul>
<li><a
href="https://github.com/blevesearch/bleve/milestone/25">v2.4.4</a></li>
</ul>
<h2>v2.4.3</h2>
<h5>Bug Fixes</h5>
<ul>
<li>Address a corner case with <code>ivf_nprobe_pct</code> query
parameter (<a
href="https://redirect.github.com/blevesearch/go-faiss/pull/34">blevesearch/go-faiss#34</a>)</li>
<li>Several guard rails put in place to avoid array-out-of-bounds-access
and divide-by-zero errors: (<a
href="https://redirect.github.com/blevesearch/zapx/pull/263">blevesearch/zapx#263</a>,
<a
href="https://redirect.github.com/blevesearch/zapx/pull/270">blevesearch/zapx#270</a>,
<a
href="https://redirect.github.com/blevesearch/zapx/pull/271">blevesearch/zapx#271</a>,
<a
href="https://redirect.github.com/blevesearch/zapx/pull/273">blevesearch/zapx#273</a>)
to overcome <a
href="https://redirect.github.com/blevesearch/bleve/issues/1662">blevesearch/bleve#1662</a></li>
<li>Handling early exits/optimization for boolean queries (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2065">blevesearch/bleve#2065</a>)</li>
</ul>
<h5>Improvements</h5>
<ul>
<li>Vector search requires <code>faiss</code> dynamic library to be
built from <a
href="b747c55a93">blevesearch/faiss@b747c55a</a>
which is a modified version of <a
href="https://github.com/facebookresearch/faiss/releases/tag/v1.8.0">v1.8.0</a></li>
<li>Support for cosine similarity distance metric to normalize vectors
before indexing/querying for nearest neighbor search (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2051">blevesearch/bleve#2051</a>)</li>
<li>Support for <a
href="https://github.com/blevesearch/bleve/blob/v2.4.3/docs/vectors.md#querying-with-filters-v243">selectivity
filters</a> as a pre-cursor to vector search (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2063">blevesearch/bleve#2063</a>)</li>
</ul>
<h5>Milestone</h5>
<ul>
<li><a
href="https://github.com/blevesearch/bleve/milestone/23">v2.4.3</a></li>
</ul>
<h2>v2.4.2</h2>
<h5>Bug Fixes</h5>
<ul>
<li>Set <code>MaxSegmentFileSize</code> for force merge when
<code>SingleSegmentMergePlanOptions</code> goes into use (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2050">#2050</a>)</li>
<li>Protect code against any bolt failures (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2043">#2043</a>)</li>
<li>Fix size estimation for various field types (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2052">#2052</a>)</li>
<li>Address an out-of-bounds panic that could occur with zapx/v16 in the
event of a single non-vector field (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2058">#2058</a>)
<ul>
<li><a
href="https://redirect.github.com/blevesearch/zapx/pull/252">blevesearch/zapx#252</a></li>
</ul>
</li>
</ul>
<h5>Improvements</h5>
<ul>
<li>Support new search params for vector search queries -
[<code>ivf_probe_pct</code>, <code>ivf_max_codes_pct</code>] (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2049">#2049</a>)</li>
</ul>
<h5>Milestone</h5>
<ul>
<li><a
href="https://github.com/blevesearch/bleve/milestone/22">v2.4.2</a></li>
</ul>
<h2>v2.4.1</h2>
<h5>Bug Fixes</h5>
<ul>
<li>Addressed a bug where <code>ClientContextID</code> was missing from
SearchRequest when library used with <code>vectors</code> (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2014">blevesearch/bleve#2014</a>)</li>
<li>Fix to a memory leak in vector query path (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2023">blevesearch/bleve#2023</a>)</li>
<li>Fix to issue <a
href="https://redirect.github.com/blevesearch/bleve/issues/2027">blevesearch/bleve#2027</a>,
error in parsing a certain datetime syntax (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2030">blevesearch/bleve#2030</a>)</li>
<li>Fix that mitigates a race between persister's stale segment removal
and index copy operations (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2032">blevesearch/bleve#2032</a>)</li>
<li>Nested field mapping determination was broken (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2031">blevesearch/bleve#2031</a>)</li>
</ul>
<h5>Improvements</h5>
<ul>
<li>Vector search requires the <em>faiss</em> dynamic library to be
built from <a
href="d9db66a385">blevesearch/faiss@d9db66a</a></li>
<li>Support for new data type - <code>vector_base64</code> which allows
for interpreting vector float32s encoded as base64 following
littleEndian byte ordering (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2012">blevesearch/bleve#2012</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="137a21665e"><code>137a216</code></a>
MB-64513: Upgrade blevesearch/go-faiss, zapx/v16 for fix (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2123">#2123</a>)</li>
<li><a
href="5c53634221"><code>5c53634</code></a>
MB-64604: Remove unnecessary second map lookup (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2121">#2121</a>)</li>
<li><a
href="78cf78999e"><code>78cf789</code></a>
MB-64604: Fix interpreting scorch config:
&quot;fieldTFRCacheThreshold&quot; (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2117">#2117</a>)</li>
<li><a
href="7d627b9f2d"><code>7d627b9</code></a>
MB-64360 - Upgrade zapx v16 (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2107">#2107</a>)</li>
<li><a
href="e72f7c2f22"><code>e72f7c2</code></a>
MB-62230 - Pre-filtering Optimisation (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2098">#2098</a>)</li>
<li><a
href="902051d4d4"><code>902051d</code></a>
MB-62230, MB-63992: Upgrade zapx/v16 (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2095">#2095</a>)</li>
<li><a
href="cb1810f0d3"><code>cb1810f</code></a>
MB-63334: Fix race condition in NormalizeVector (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2094">#2094</a>)</li>
<li><a
href="bed244cefd"><code>bed244c</code></a>
MB-57871: Upgrade zapx v15 and v16 (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2092">#2092</a>)</li>
<li><a
href="ab10172e2c"><code>ab10172</code></a>
MB-57871, MB-62230: Upgrade to zapx/v16@v16.1.7 + go-faiss@v1.0.23 (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2088">#2088</a>)</li>
<li><a
href="02d37a4fbc"><code>02d37a4</code></a>
MB-57871: Upgrade zapx/v16 and zapx/v15 for fixes (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2091">#2091</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/blevesearch/bleve/compare/v2.4.0...v2.4.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/blevesearch/bleve/v2&package-manager=go_modules&previous-version=2.4.0&new-version=2.4.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>
 2025-01-24 19:10:21 +00:00
Neil
48fb3b923f
Update NATS to 2.10.25 (#3514) 
Signed-off-by: Neil Alexander <git@neilalexander.dev>

Signed-off-by: Neil Alexander <git@neilalexander.dev>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>
 2025-01-24 18:37:39 +00:00
Neil
f4506a0d82
Refactor some JetStream helper code, add support for specifying JetStream domain (#3485) 
This should gracefully handle some more potential errors that the
consumer fetches can return with retries, as well as setting some client
settings for reconnects etc when using an external NATS Server.

Also allow specifying the JetStream domain in case of a leafnode
scenario and better manage client reuse across Dendrite. And also update
NATS Server to 2.10.24 for good measure.

This code is backported from Harmony.

Signed-off-by: Neil Alexander <git@neilalexander.dev>

---------

Signed-off-by: Neil Alexander <git@neilalexander.dev>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
Co-authored-by: Till <2353100+S7evinK@users.noreply.github.com>
 2025-01-19 09:09:58 +00:00
dependabot[bot]
9de3e84fff
Bump gotest.tools/v3 from 3.4.0 to 3.5.1 (#3478) 
Bumps [gotest.tools/v3](https://github.com/gotestyourself/gotest.tools)
from 3.4.0 to 3.5.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gotestyourself/gotest.tools/releases">gotest.tools/v3's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Make assert and golden packages compatible with other golden
packages by <a
href="https://github.com/dnephin"><code>@​dnephin</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/271">gotestyourself/gotest.tools#271</a></li>
<li>Also remove cr from file by <a
href="https://github.com/filintod"><code>@​filintod</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/273">gotestyourself/gotest.tools#273</a></li>
<li>fs: add go doc links by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/275">gotestyourself/gotest.tools#275</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/filintod"><code>@​filintod</code></a>
made their first contribution in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/273">gotestyourself/gotest.tools#273</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gotestyourself/gotest.tools/compare/v3.5.0...v3.5.1">https://github.com/gotestyourself/gotest.tools/compare/v3.5.0...v3.5.1</a></p>
<h2>v3.5.0</h2>
<h2>What's Changed</h2>
<ul>
<li>go.mod: update dependencies and go version by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/248">gotestyourself/gotest.tools#248</a></li>
<li>Use Go1.20 by <a
href="https://github.com/dnephin"><code>@​dnephin</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/252">gotestyourself/gotest.tools#252</a></li>
<li>Fix couple of typos by <a
href="https://github.com/wallyqs"><code>@​wallyqs</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/253">gotestyourself/gotest.tools#253</a></li>
<li>Added WithStdout and WithStderr helpers by <a
href="https://github.com/ericfialkowski"><code>@​ericfialkowski</code></a>
in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/258">gotestyourself/gotest.tools#258</a></li>
<li>Moved cmdOperators handling from RunCmd to StartCmd by <a
href="https://github.com/ericfialkowski"><code>@​ericfialkowski</code></a>
in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/259">gotestyourself/gotest.tools#259</a></li>
<li>Deprecate assert.ErrorType by <a
href="https://github.com/dnephin"><code>@​dnephin</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/254">gotestyourself/gotest.tools#254</a></li>
<li>Remove outdated Dockerfile by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/261">gotestyourself/gotest.tools#261</a></li>
<li>env: add godoc links by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/263">gotestyourself/gotest.tools#263</a></li>
<li>poll: add godoc links by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/264">gotestyourself/gotest.tools#264</a></li>
<li>doc: add godoc links by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/262">gotestyourself/gotest.tools#262</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/wallyqs"><code>@​wallyqs</code></a> made
their first contribution in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/253">gotestyourself/gotest.tools#253</a></li>
<li><a
href="https://github.com/ericfialkowski"><code>@​ericfialkowski</code></a>
made their first contribution in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/258">gotestyourself/gotest.tools#258</a></li>
<li><a href="https://github.com/dolmen"><code>@​dolmen</code></a> made
their first contribution in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/261">gotestyourself/gotest.tools#261</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gotestyourself/gotest.tools/compare/v3.4.0...v3.5.0">https://github.com/gotestyourself/gotest.tools/compare/v3.4.0...v3.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="81cea1abc5"><code>81cea1a</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/275">#275</a>
from gotestyourself/fs-add-godoc-links</li>
<li><a
href="9af8f4ed6e"><code>9af8f4e</code></a>
fs: add go doc links</li>
<li><a
href="2891300d35"><code>2891300</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/273">#273</a>
from filintod/also-remove-cr-from-file</li>
<li><a
href="4ed73505b6"><code>4ed7350</code></a>
fix lint line length</li>
<li><a
href="7306428575"><code>7306428</code></a>
rebase/fix only doc</li>
<li><a
href="e15fa271c8"><code>e15fa27</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/271">#271</a>
from dnephin/gate-update-flag</li>
<li><a
href="56c31231b2"><code>56c3123</code></a>
Make assert and golden compatible with other golden packages</li>
<li><a
href="a80f057529"><code>a80f057</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/262">#262</a>
from dolmen-go/add-godoc-links</li>
<li><a
href="684bd43c42"><code>684bd43</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/264">#264</a>
from dolmen-go/poll-add-godoc-links</li>
<li><a
href="e2be4be0f7"><code>e2be4be</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/263">#263</a>
from dolmen-go/env-add-godoc-links</li>
<li>Additional commits viewable in <a
href="https://github.com/gotestyourself/gotest.tools/compare/v3.4.0...v3.5.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gotest.tools/v3&package-manager=go_modules&previous-version=3.4.0&new-version=3.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

[skip CI]
 2025-01-19 09:35:22 +01:00
dependabot[bot]
3e6835f073
Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.5 (#3495) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[github.com/prometheus/client_golang](https://github.com/prometheus/client_golang)
from 1.19.1 to 1.20.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/prometheus/client_golang/releases">github.com/prometheus/client_golang's
releases</a>.</em></p>
<blockquote>
<h2>v1.20.5 / 2024-10-15</h2>
<p>We decided to revert <a
href="https://redirect.github.com/prometheus/client_golang/pull/1424">the
<code>testutil</code> change</a> that made our util functions less
error-prone, but created a lot of work for our downstream users.
Apologies for the pain! This revert should not cause any major breaking
change, even if you already did the work--unless you depend on the <a
href="https://redirect.github.com/grafana/mimir/pull/9624#issuecomment-2413401565">exact
error message</a>.</p>
<p>Going forward, we plan to reinforce our release testing strategy <a
href="https://redirect.github.com/prometheus/client_golang/issues/1646">[1]</a>,<a
href="https://redirect.github.com/prometheus/client_golang/issues/1648">[2]</a>
and deliver an enhanced <a
href="https://redirect.github.com/prometheus/client_golang/issues/1639"><code>testutil</code>
package/module</a> with more flexible and safer APIs.</p>
<p>Thanks to <a
href="https://github.com/dashpole"><code>@​dashpole</code></a> <a
href="https://github.com/dgrisonnet"><code>@​dgrisonnet</code></a> <a
href="https://github.com/kakkoyun"><code>@​kakkoyun</code></a> <a
href="https://github.com/ArthurSens"><code>@​ArthurSens</code></a> <a
href="https://github.com/vesari"><code>@​vesari</code></a> <a
href="https://github.com/logicalhan"><code>@​logicalhan</code></a> <a
href="https://github.com/krajorama"><code>@​krajorama</code></a> <a
href="https://github.com/bwplotka"><code>@​bwplotka</code></a> who
helped in this patch release! 🤗</p>
<h3>Changelog</h3>
<p>[BUGFIX] testutil: Reverted <a
href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a>;
functions using compareMetricFamilies are (again) only failing if
filtered metricNames are in the expected input. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1645">#1645</a></p>
<h2>v1.20.4</h2>
<ul>
<li>[BUGFIX] histograms: Fix a possible data race when appending
exemplars vs metrics gather. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1623">#1623</a></li>
</ul>
<h2>v1.20.3</h2>
<ul>
<li>[BUGFIX] histograms: Fix possible data race when appending
exemplars. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1608">#1608</a></li>
</ul>
<h2>v1.20.2</h2>
<ul>
<li>[BUGFIX] promhttp: Unset Content-Encoding header when data is
uncompressed. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1596">#1596</a></li>
</ul>
<h2>v1.20.1</h2>
<p>This release contains the critical fix for the <a
href="https://redirect.github.com/prometheus/client_golang/issues/1584">issue</a>.
Thanks to <a href="https://github.com/geberl"><code>@​geberl</code></a>,
<a
href="https://github.com/CubicrootXYZ"><code>@​CubicrootXYZ</code></a>,
<a href="https://github.com/zetaab"><code>@​zetaab</code></a> and <a
href="https://github.com/timofurrer"><code>@​timofurrer</code></a> for
helping us with the investigation!</p>
<ul>
<li>[BUGFIX] process-collector: Fixed unregistered descriptor error when
using process collector with PedanticRegistry on Linux machines. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1587">#1587</a></li>
</ul>
<h2>v1.20.0</h2>
<p>Thanks everyone for contributions!</p>
<p>⚠️ In this release we remove one (broken anyway, given Go
runtime changes) metric and add three new (representing GOGC, GOMEMLIMIT
and GOMAXPROCS flags) to the default
<code>collectors.NewGoCollector()</code> collector. Given its popular
usage, expect your binary to expose two additional metric.</p>
<h2>Changes</h2>
<ul>
<li>[CHANGE] ⚠️ go-collector: Remove
<code>go_memstat_lookups_total</code> metric which was always 0; Go
runtime stopped sharing pointer lookup statistics. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1577">#1577</a></li>
<li>[FEATURE] ⚠️ go-collector: Add 3 default metrics:
<code>go_gc_gogc_percent</code>, <code>go_gc_gomemlimit_bytes</code> and
<code>go_sched_gomaxprocs_threads</code> as those are recommended by the
Go team. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1559">#1559</a></li>
<li>[FEATURE] go-collector: Add more information to all metrics' HELP
e.g. the exact <code>runtime/metrics</code> sourcing each metric (if
relevant). <a
href="https://redirect.github.com/prometheus/client_golang/issues/1568">#1568</a>
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1578">#1578</a></li>
<li>[FEATURE] testutil: Add CollectAndFormat method. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1503">#1503</a></li>
<li>[FEATURE] histograms: Add support for exemplars in native
histograms. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1471">#1471</a></li>
<li>[FEATURE] promhttp: Add experimental support for <code>zstd</code>
on scrape, controlled by the request <code>Accept-Encoding</code>
header. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1496">#1496</a></li>
<li>[FEATURE] api/v1: Add <code>WithLimit</code> parameter to all API
methods that supports it. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1544">#1544</a></li>
<li>[FEATURE] prometheus: Add support for created timestamps in constant
histograms and constant summaries. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1537">#1537</a></li>
<li>[FEATURE] process-collectors: Add network usage metrics:
<code>process_network_receive_bytes_total</code> and
<code>process_network_transmit_bytes_total</code>. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1555">#1555</a></li>
<li>[FEATURE] promlint: Add duplicated metric lint rule. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1472">#1472</a></li>
<li>[BUGFIX] promlint: Relax metric type in name linter rule. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1455">#1455</a></li>
<li>[BUGFIX] promhttp: Make sure server
instrumentation wrapping supports new and future extra responseWriter
methods. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1480">#1480</a></li>
<li>[BUGFIX] testutil: Functions using compareMetricFamilies are now
failing if filtered metricNames are not in the input. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a></li>
</ul>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md">github.com/prometheus/client_golang's
changelog</a>.</em></p>
<blockquote>
<h2>1.20.5 / 2024-10-15</h2>
<ul>
<li>[BUGFIX] testutil: Reverted <a
href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a>;
functions using compareMetricFamilies are (again) only failing if
filtered metricNames are in the expected input.</li>
</ul>
<h2>1.20.4 / 2024-09-07</h2>
<ul>
<li>[BUGFIX] histograms: Fix possible data race when appending exemplars
vs metrics gather. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1623">#1623</a></li>
</ul>
<h2>1.20.3 / 2024-09-05</h2>
<ul>
<li>[BUGFIX] histograms: Fix possible data race when appending
exemplars. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1608">#1608</a></li>
</ul>
<h2>1.20.2 / 2024-08-23</h2>
<ul>
<li>[BUGFIX] promhttp: Unset Content-Encoding header when data is
uncompressed. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1596">#1596</a></li>
</ul>
<h2>1.20.1 / 2024-08-20</h2>
<ul>
<li>[BUGFIX] process-collector: Fixed unregistered descriptor error when
using process collector with <code>PedanticRegistry</code> on linux
machines. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1587">#1587</a></li>
</ul>
<h2>1.20.0 / 2024-08-14</h2>
<ul>
<li>[CHANGE] ⚠️ go-collector: Remove
<code>go_memstat_lookups_total</code> metric which was always 0; Go
runtime stopped sharing pointer lookup statistics. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1577">#1577</a></li>
<li>[FEATURE] ⚠️ go-collector: Add 3 default metrics:
<code>go_gc_gogc_percent</code>, <code>go_gc_gomemlimit_bytes</code> and
<code>go_sched_gomaxprocs_threads</code> as those are recommended by the
Go team. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1559">#1559</a></li>
<li>[FEATURE] go-collector: Add more information to all metrics' HELP
e.g. the exact <code>runtime/metrics</code> sourcing each metric (if
relevant). <a
href="https://redirect.github.com/prometheus/client_golang/issues/1568">#1568</a>
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1578">#1578</a></li>
<li>[FEATURE] testutil: Add CollectAndFormat method. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1503">#1503</a></li>
<li>[FEATURE] histograms: Add support for exemplars in native
histograms. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1471">#1471</a></li>
<li>[FEATURE] promhttp: Add experimental support for <code>zstd</code>
on scrape, controlled by the request <code>Accept-Encoding</code>
header. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1496">#1496</a></li>
<li>[FEATURE] api/v1: Add <code>WithLimit</code> parameter to all API
methods that supports it. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1544">#1544</a></li>
<li>[FEATURE] prometheus: Add support for created timestamps in constant
histograms and constant summaries. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1537">#1537</a></li>
<li>[FEATURE] process-collector: Add network usage metrics:
<code>process_network_receive_bytes_total</code> and
<code>process_network_transmit_bytes_total</code>. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1555">#1555</a></li>
<li>[FEATURE] promlint: Add duplicated metric lint rule. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1472">#1472</a></li>
<li>[BUGFIX] promlint: Relax metric type in name linter rule. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1455">#1455</a></li>
<li>[BUGFIX] promhttp: Make sure server instrumentation wrapping
supports new and future extra responseWriter methods. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1480">#1480</a></li>
<li>[BUGFIX] <strong>breaking</strong> testutil: Functions using
compareMetricFamilies are now failing if filtered metricNames are not in
the input. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a>
(reverted in 1.20.5)</li>
</ul>
<h2>1.19.0 / 2024-02-27</h2>
<p>The module <code>prometheus/common v0.48.0</code> introduced an
incompatibility when used together with client_golang (See <a
href="https://redirect.github.com/prometheus/client_golang/pull/1448">prometheus/client_golang#1448</a>
for more details). If your project uses client_golang and you want to
use <code>prometheus/common v0.48.0</code> or higher, please update
client_golang to v1.19.0.</p>
<ul>
<li>[CHANGE] Minimum required go version is now 1.20 (we also test
client_golang against new 1.22 version). <a
href="https://redirect.github.com/prometheus/client_golang/issues/1445">#1445</a>
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1449">#1449</a></li>
<li>[FEATURE] collectors: Add version collector. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1422">#1422</a>
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1427">#1427</a></li>
</ul>
<h2>1.18.0 / 2023-12-22</h2>
<ul>
<li>[FEATURE] promlint: Allow creation of custom metric validations. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1311">#1311</a></li>
<li>[FEATURE] Go programs using client_golang can be built in wasip1 OS.
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1350">#1350</a></li>
<li>[BUGFIX] histograms: Add timer to reset ASAP after bucket limiting
has happened. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1367">#1367</a></li>
<li>[BUGFIX] testutil: Fix comparison of metrics with empty Help
strings. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1378">#1378</a></li>
<li>[ENHANCEMENT] Improved performance of
<code>MetricVec.WithLabelValues(...)</code>. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1360">#1360</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="48e12a1855"><code>48e12a1</code></a>
Merge pull request <a
href="https://redirect.github.com/prometheus/client_golang/issues/1645">#1645</a>
from prometheus/cut-1204-pr1424</li>
<li><a
href="504ad9bf5c"><code>504ad9b</code></a>
Cut 1.20.5; update comments.</li>
<li><a
href="584a7ce3d9"><code>584a7ce</code></a>
Revert &quot;testutil compareMetricFamilies: make less error-prone (<a
href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a>)&quot;</li>
<li><a
href="05fcde9fe4"><code>05fcde9</code></a>
Merge pull request <a
href="https://redirect.github.com/prometheus/client_golang/issues/1623">#1623</a>
from krajorama/data-race-in-histogram-write</li>
<li><a
href="209f4c041e"><code>209f4c0</code></a>
Add changelog</li>
<li><a
href="1e398ccb12"><code>1e398cc</code></a>
native histogram: Fix race between Write and addExemplar</li>
<li><a
href="ef2f87ea98"><code>ef2f87e</code></a>
Merge pull request <a
href="https://redirect.github.com/prometheus/client_golang/issues/1620">#1620</a>
from prometheus/arthursens/prepare-1.20.3</li>
<li><a
href="937ac63d3d"><code>937ac63</code></a>
Add changelog entry for 1.20.3</li>
<li><a
href="6e9914db5a"><code>6e9914d</code></a>
Merge pull request <a
href="https://redirect.github.com/prometheus/client_golang/issues/1608">#1608</a>
from krajorama/index-out-of-range-native-histogram-e...</li>
<li><a
href="d6b8c8925b"><code>d6b8c89</code></a>
Update comments with more explanations</li>
<li>Additional commits viewable in <a
href="https://github.com/prometheus/client_golang/compare/v1.19.1...v1.20.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/prometheus/client_golang&package-manager=go_modules&previous-version=1.19.1&new-version=1.20.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

[skip CI]
 2025-01-19 09:30:45 +01:00
dependabot[bot]
60442bd059
Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#3479) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify)
from 1.9.0 to 1.10.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stretchr/testify/releases">github.com/stretchr/testify's
releases</a>.</em></p>
<blockquote>
<h2>v1.10.0</h2>
<h2>What's Changed</h2>
<h3>Functional Changes</h3>
<ul>
<li>Add PanicAssertionFunc by <a
href="https://github.com/fahimbagar"><code>@​fahimbagar</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1337">stretchr/testify#1337</a></li>
<li>assert: deprecate CompareType by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1566">stretchr/testify#1566</a></li>
<li>assert: make YAML dependency pluggable via build tags by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1579">stretchr/testify#1579</a></li>
<li>assert: new assertion NotElementsMatch by <a
href="https://github.com/hendrywiranto"><code>@​hendrywiranto</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1600">stretchr/testify#1600</a></li>
<li>mock: in order mock calls by <a
href="https://github.com/ReyOrtiz"><code>@​ReyOrtiz</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1637">stretchr/testify#1637</a></li>
<li>Add assertion for NotErrorAs by <a
href="https://github.com/palsivertsen"><code>@​palsivertsen</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1129">stretchr/testify#1129</a></li>
<li>Record Return Arguments of a Call by <a
href="https://github.com/jayd3e"><code>@​jayd3e</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1636">stretchr/testify#1636</a></li>
<li>assert.EqualExportedValues: accepts everything by <a
href="https://github.com/redachl"><code>@​redachl</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1586">stretchr/testify#1586</a></li>
</ul>
<h3>Fixes</h3>
<ul>
<li>assert: make tHelper a type alias by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1562">stretchr/testify#1562</a></li>
<li>Do not get argument again unnecessarily in Arguments.Error() by <a
href="https://github.com/TomWright"><code>@​TomWright</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/820">stretchr/testify#820</a></li>
<li>Fix time.Time compare by <a
href="https://github.com/myxo"><code>@​myxo</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1582">stretchr/testify#1582</a></li>
<li>assert.Regexp: handle []byte array properly by <a
href="https://github.com/kevinburkesegment"><code>@​kevinburkesegment</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1587">stretchr/testify#1587</a></li>
<li>assert: collect.FailNow() should not panic by <a
href="https://github.com/marshall-lee"><code>@​marshall-lee</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1481">stretchr/testify#1481</a></li>
<li>mock: simplify implementation of FunctionalOptions by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1571">stretchr/testify#1571</a></li>
<li>mock: caller information for unexpected method call by <a
href="https://github.com/spirin"><code>@​spirin</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1644">stretchr/testify#1644</a></li>
<li>suite: fix test failures by <a
href="https://github.com/stevenh"><code>@​stevenh</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1421">stretchr/testify#1421</a></li>
<li>Fix issue <a
href="https://redirect.github.com/stretchr/testify/issues/1662">#1662</a>
(comparing infs should fail) by <a
href="https://github.com/ybrustin"><code>@​ybrustin</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1663">stretchr/testify#1663</a></li>
<li>NotSame should fail if args are not pointers <a
href="https://redirect.github.com/stretchr/testify/issues/1661">#1661</a>
by <a href="https://github.com/sikehish"><code>@​sikehish</code></a> in
<a
href="https://redirect.github.com/stretchr/testify/pull/1664">stretchr/testify#1664</a></li>
<li>Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in
CI by <a href="https://github.com/sikehish"><code>@​sikehish</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1667">stretchr/testify#1667</a></li>
<li>fix: compare functional option names for indirect calls by <a
href="https://github.com/arjun-1"><code>@​arjun-1</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1626">stretchr/testify#1626</a></li>
</ul>
<h3>Documantation, Build &amp; CI</h3>
<ul>
<li>.gitignore: ignore &quot;go test -c&quot; binaries by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1565">stretchr/testify#1565</a></li>
<li>mock: improve doc by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1570">stretchr/testify#1570</a></li>
<li>mock: fix FunctionalOptions docs by <a
href="https://github.com/snirye"><code>@​snirye</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1433">stretchr/testify#1433</a></li>
<li>README: link out to the excellent testifylint by <a
href="https://github.com/brackendawson"><code>@​brackendawson</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1568">stretchr/testify#1568</a></li>
<li>assert: fix typo in comment by <a
href="https://github.com/JohnEndson"><code>@​JohnEndson</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1580">stretchr/testify#1580</a></li>
<li>Correct the EventuallyWithT and EventuallyWithTf example by <a
href="https://github.com/JonCrowther"><code>@​JonCrowther</code></a> in
<a
href="https://redirect.github.com/stretchr/testify/pull/1588">stretchr/testify#1588</a></li>
<li>CI: bump softprops/action-gh-release from 1 to 2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1575">stretchr/testify#1575</a></li>
<li>mock: document more alternatives to deprecated
AnythingOfTypeArgument by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1569">stretchr/testify#1569</a></li>
<li>assert: Correctly document EqualValues behavior by <a
href="https://github.com/brackendawson"><code>@​brackendawson</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1593">stretchr/testify#1593</a></li>
<li>fix: grammar in godoc by <a
href="https://github.com/miparnisari"><code>@​miparnisari</code></a> in
<a
href="https://redirect.github.com/stretchr/testify/pull/1607">stretchr/testify#1607</a></li>
<li>.github/workflows: Run tests for Go 1.22 by <a
href="https://github.com/HaraldNordgren"><code>@​HaraldNordgren</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1629">stretchr/testify#1629</a></li>
<li>Document suite's lack of support for t.Parallel by <a
href="https://github.com/brackendawson"><code>@​brackendawson</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1645">stretchr/testify#1645</a></li>
<li>assert: fix typos in comments by <a
href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1650">stretchr/testify#1650</a></li>
<li>mock: fix doc comment for NotBefore by <a
href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1651">stretchr/testify#1651</a></li>
<li>Generate better comments for require package by <a
href="https://github.com/Neokil"><code>@​Neokil</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1610">stretchr/testify#1610</a></li>
<li>README: replace Testify V2 notice with <a
href="https://github.com/dolmen"><code>@​dolmen</code></a>'s V2
manifesto by <a
href="https://github.com/hendrywiranto"><code>@​hendrywiranto</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1518">stretchr/testify#1518</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/fahimbagar"><code>@​fahimbagar</code></a> made
their first contribution in <a
href="https://redirect.github.com/stretchr/testify/pull/1337">stretchr/testify#1337</a></li>
<li><a href="https://github.com/TomWright"><code>@​TomWright</code></a>
made their first contribution in <a
href="https://redirect.github.com/stretchr/testify/pull/820">stretchr/testify#820</a></li>
<li><a href="https://github.com/snirye"><code>@​snirye</code></a> made
their first contribution in <a
href="https://redirect.github.com/stretchr/testify/pull/1433">stretchr/testify#1433</a></li>
<li><a href="https://github.com/myxo"><code>@​myxo</code></a> made their
first contribution in <a
href="https://redirect.github.com/stretchr/testify/pull/1582">stretchr/testify#1582</a></li>
<li><a
href="https://github.com/JohnEndson"><code>@​JohnEndson</code></a> made
their first contribution in <a
href="https://redirect.github.com/stretchr/testify/pull/1580">stretchr/testify#1580</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="89cbdd9e7b"><code>89cbdd9</code></a>
Merge pull request <a
href="https://redirect.github.com/stretchr/testify/issues/1626">#1626</a>
from arjun-1/fix-functional-options-diff-indirect-calls</li>
<li><a
href="07bac606be"><code>07bac60</code></a>
Merge pull request <a
href="https://redirect.github.com/stretchr/testify/issues/1667">#1667</a>
from sikehish/flaky</li>
<li><a
href="716de8dff4"><code>716de8d</code></a>
Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in
CI</li>
<li><a
href="118fb83466"><code>118fb83</code></a>
NotSame should fail if args are not pointers <a
href="https://redirect.github.com/stretchr/testify/issues/1661">#1661</a>
(<a
href="https://redirect.github.com/stretchr/testify/issues/1664">#1664</a>)</li>
<li><a
href="7d99b2b43d"><code>7d99b2b</code></a>
attempt 2</li>
<li><a
href="05f87c0160"><code>05f87c0</code></a>
more similar</li>
<li><a
href="ea7129e006"><code>ea7129e</code></a>
better fmt</li>
<li><a
href="a1b9c9efe3"><code>a1b9c9e</code></a>
Merge pull request <a
href="https://redirect.github.com/stretchr/testify/issues/1663">#1663</a>
from ybrustin/master</li>
<li><a
href="8302de98b1"><code>8302de9</code></a>
Merge branch 'master' into master</li>
<li><a
href="89352f7958"><code>89352f7</code></a>
Merge pull request <a
href="https://redirect.github.com/stretchr/testify/issues/1518">#1518</a>
from hendrywiranto/adjust-readme-remove-v2</li>
<li>Additional commits viewable in <a
href="https://github.com/stretchr/testify/compare/v1.9.0...v1.10.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/stretchr/testify&package-manager=go_modules&previous-version=1.9.0&new-version=1.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

[skip CI]
 2025-01-19 09:29:00 +01:00
dependabot[bot]
a41f9cc154
Bump modernc.org/sqlite from 1.34.2 to 1.34.5 (#3500) 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.34.2
to 1.34.5.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="15818ab7fe"><code>15818ab</code></a>
move the vendor tool into a separate module, updates gc#3</li>
<li><a
href="d3e8a664e8"><code>d3e8a66</code></a>
retract v1.34.3</li>
<li><a
href="1fcc86e9d6"><code>1fcc86e</code></a>
fix accidentaly broken openbsd/amd64 build</li>
<li><a
href="7f15e6eb45"><code>7f15e6e</code></a>
linux/arm64: patch libc bug at runtime, updates <a
href="https://gitlab.com/cznic/sqlite/issues/199">#199</a></li>
<li>See full diff in <a
href="https://gitlab.com/cznic/sqlite/compare/v1.34.2...v1.34.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=modernc.org/sqlite&package-manager=go_modules&previous-version=1.34.2&new-version=1.34.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-16 23:22:19 +01:00
dependabot[bot]
315269d8f9
Bump golang.org/x/net from 0.32.0 to 0.33.0 (#3499) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.32.0 to
0.33.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dfc720dfe0"><code>dfc720d</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="8e66b04771"><code>8e66b04</code></a>
html: use strings.EqualFold instead of lowering ourselves</li>
<li><a
href="b935f7b5d7"><code>b935f7b</code></a>
html: avoid endless loop on error token</li>
<li><a
href="9af49ef148"><code>9af49ef</code></a>
route: remove unused sizeof* consts</li>
<li><a
href="6705db9a4d"><code>6705db9</code></a>
quic: clean up crypto streams when dropping packet protection keys</li>
<li><a
href="4ef7588d2b"><code>4ef7588</code></a>
quic: handle ACK frame in packet which drops number space</li>
<li><a
href="552d8ac903"><code>552d8ac</code></a>
Revert &quot;route: change from syscall to x/sys/unix&quot;</li>
<li><a
href="13a7c0108b"><code>13a7c01</code></a>
Revert &quot;route: remove unused sizeof* consts on freebsd&quot;</li>
<li>See full diff in <a
href="https://github.com/golang/net/compare/v0.32.0...v0.33.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/net&package-manager=go_modules&previous-version=0.32.0&new-version=0.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/element-hq/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

[skip ci]
 2025-01-16 23:21:53 +01:00
dependabot[bot]
2ab4219ffc
Bump github.com/nats-io/nats.go from 1.37.0 to 1.38.0 (#3481) 
Bumps [github.com/nats-io/nats.go](https://github.com/nats-io/nats.go)
from 1.37.0 to 1.38.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nats-io/nats.go/releases">github.com/nats-io/nats.go's
releases</a>.</em></p>
<blockquote>
<h2>v1.38.0</h2>
<h2>Changelog</h2>
<h3>Added</h3>
<ul>
<li>Core NATS:
<ul>
<li>Added <code>UserInfoHandler</code> for dynamically setting
user/password (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1713">#1713</a>)</li>
<li>Added <code>PermissionErrOnSubscribe</code> option, causing
<code>SubscribeSync</code> to return
<code>nats.ErrPermissionViolation</code> on <code>NextMsg()</code> if
there was a permission error (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1728">#1728</a>)</li>
<li>Added <code>Msgs()</code> method on <code>Subscription</code>,
returning an iterator (<code>iter.Seq2[*nats.Msg, error]</code>) for the
subscription. This method is only available for go version &gt;=1.23 (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1728">#1728</a>)</li>
</ul>
</li>
<li>KeyValue:</li>
<li>Added <code>WatchFiltered</code> method to watch for updates with
multiple filters (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1739">#1739</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Core NATS:
<ul>
<li>Fixed closing connections on max subscriptions exceeded (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1709">#1709</a>)</li>
<li>Removed redundant nil checks. Thanks <a
href="https://github.com/ramonberrutti"><code>@​ramonberrutti</code></a>
for the contribution (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1751">#1751</a>)</li>
<li>Add missing nats prefix to error (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1753">#1753</a>)</li>
</ul>
</li>
<li>JetStream:
<ul>
<li>Fixed <code>PublishAsync</code> not closing done and stall channels
after failed retries (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1719">#1719</a>)</li>
<li>Set valid fetch sequence in ordered consumer's <code>Fetch()</code>
and <code>Next()</code> after timeout (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1705">#1705</a>)</li>
<li>Do not overwrite ordered consumer deliver policy if start time is
set (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1742">#1742</a>)</li>
<li>Fixed race condition in <code>MessageBatch</code> (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1743">#1743</a>)</li>
</ul>
</li>
<li>Legacy JetStream:
<ul>
<li>Fixed race condition in <code>MessageBatch</code> (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1743">#1743</a>)</li>
</ul>
</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Legacy Jetstream:
<ul>
<li>Added client retry for jetstream async publish old API. Thanks <a
href="https://github.com/pranavmehta94"><code>@​pranavmehta94</code></a>
for the contribution (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1695">#1695</a>)</li>
</ul>
</li>
</ul>
<h3>Improved</h3>
<ul>
<li>Moved CI to github actions (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1623">#1623</a>,
<a
href="https://redirect.github.com/nats-io/nats.go/issues/1716">#1716</a>)</li>
<li>Use errors.New instead of fmt.Errorf to improve efficiency. Thanks
<a href="https://github.com/canack"><code>@​canack</code></a> for the
contribution (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1707">#1707</a>)</li>
<li>Fixed invalid schemas in Service API documentation (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1720">#1720</a>)</li>
<li>Added mention of TTL reset in <code>kv.Update</code> method. Thanks
<a
href="https://github.com/fmontorsi-equinix"><code>@​fmontorsi-equinix</code></a>
for the contribution (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1727">#1727</a>)</li>
<li>Updated installation commands in <code>README.md</code> (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1745">#1745</a>)</li>
<li>Bump <code>nkeys</code> to v0.4.9 (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1750">#1750</a>)</li>
</ul>
<h3>Complete Changes</h3>
<p><a
href="https://github.com/nats-io/nats.go/compare/v1.37.0...v1.38.0">https://github.com/nats-io/nats.go/compare/v1.37.0...v1.38.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="48391f1b8b"><code>48391f1</code></a>
Release v1.38.0 (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1754">#1754</a>)</li>
<li><a
href="6f4e85afdb"><code>6f4e85a</code></a>
[FIXED] Add missing nats prefix to error (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1753">#1753</a>)</li>
<li><a
href="074c819479"><code>074c819</code></a>
[FIXED] twice respMap nil check (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1751">#1751</a>)</li>
<li><a
href="d6eaa84a03"><code>d6eaa84</code></a>
[ADDED] Creating iterators for sync subscriptions (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1728">#1728</a>)</li>
<li><a
href="6bc41598cc"><code>6bc4159</code></a>
[FIXED] Race in MessageBatch (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1743">#1743</a>)</li>
<li><a
href="d05f24af9e"><code>d05f24a</code></a>
Bump nkeys to 0.4.7 (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1750">#1750</a>)</li>
<li><a
href="01fafde033"><code>01fafde</code></a>
[IMPROVED] Update installation commands (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1745">#1745</a>)</li>
<li><a
href="f563c66855"><code>f563c66</code></a>
[FIXED] Do not overwrite ordered consumer deliver policy if start time
is set...</li>
<li><a
href="e963b776f2"><code>e963b77</code></a>
[ADDED] WatchFiltered method on KV (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1739">#1739</a>)</li>
<li><a
href="4530ef6abf"><code>4530ef6</code></a>
[FIXED] Invalid fetch sequence in ordered consumer Fetch and Next after
timeo...</li>
<li>Additional commits viewable in <a
href="https://github.com/nats-io/nats.go/compare/v1.37.0...v1.38.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/nats-io/nats.go&package-manager=go_modules&previous-version=1.37.0&new-version=1.38.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-16 22:59:19 +01:00
Travis Ralston
e9cc37ac52
Merge commit from fork 
* Support configuring allow/deny networks

* Make the DNS cache aware of the allow/deny networks

* Allow all networks in CI

* Update GMSL

* Add missed file

---------

Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
 2025-01-16 19:35:50 +01:00
dependabot[bot]
285d065e02
Bump nhooyr.io/websocket from 1.8.7 to 1.8.17 (#3456) 
Bumps [nhooyr.io/websocket](https://github.com/nhooyr/websocket-old)
from 1.8.7 to 1.8.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nhooyr/websocket-old/releases">nhooyr.io/websocket's
releases</a>.</em></p>
<blockquote>
<h2>v1.8.17</h2>
<ul>
<li>This library is now deprecated. Please do not use this library any
longer at the <code>nhooyr.io/websocket</code> import path. It will not
receive any further updates.
Coder is now maintaining it at <a
href="https://github.com/coder/websocket">https://github.com/coder/websocket</a>
under the <code>github.com/coder/websocket</code> import path.</li>
</ul>
<h2>v1.8.16</h2>
<ul>
<li>Please do not use this library any longer at the
<code>nhooyr.io/websocket</code> import path as it is deprecated. It
will not receive any maintenance updates.
Coder is maintaining it now at <a
href="https://github.com/coder/websocket">https://github.com/coder/websocket</a>
under the <code>github.com/coder/websocket</code> import path.</li>
</ul>
<h2>v1.8.15</h2>
<ul>
<li>Please do not use this library any longer at the
<code>nhooyr.io/websocket</code> import path as it is deprecated. It
will not receive any maintenance updates.
Coder is maintaining it now at <a
href="https://github.com/coder/websocket">https://github.com/coder/websocket</a>
under the <code>github.com/coder/websocket</code> import path.</li>
</ul>
<h2>v1.8.14</h2>
<ul>
<li>Please do not use this library any longer at the
<code>nhooyr.io/websocket</code> import path as it is deprecated. It
will not receive any maintenance updates.
Coder is maintaining it now at <a
href="https://github.com/coder/websocket">https://github.com/coder/websocket</a>
under the <code>github.com/coder/websocket</code> import path.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/nhooyr/websocket-old/commits/v1.8.17">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nhooyr.io/websocket&package-manager=go_modules&previous-version=1.8.7&new-version=1.8.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
 2024-12-18 08:01:41 +01:00
dependabot[bot]
97706ffa28
Bump github.com/gorilla/websocket from 1.5.0 to 1.5.3 (#3455) 
Bumps
[github.com/gorilla/websocket](https://github.com/gorilla/websocket)
from 1.5.0 to 1.5.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gorilla/websocket/releases">github.com/gorilla/websocket's
releases</a>.</em></p>
<blockquote>
<h2>v1.5.3</h2>
<h2>Important change</h2>
<p>This reverts the websockets package back to <a
href="931041c5ee</a></p>
<h2>What's Changed</h2>
<ul>
<li>Fixes subprotocol selection (aling with rfc6455) by <a
href="https://github.com/KSDaemon"><code>@​KSDaemon</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/823">gorilla/websocket#823</a></li>
<li>Update README.md, replace master to main by <a
href="https://github.com/mstmdev"><code>@​mstmdev</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/862">gorilla/websocket#862</a></li>
<li>Use status code constant by <a
href="https://github.com/mstmdev"><code>@​mstmdev</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/864">gorilla/websocket#864</a></li>
<li>conn.go: default close handler should not return ErrCloseSent. by <a
href="https://github.com/pnx"><code>@​pnx</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/865">gorilla/websocket#865</a></li>
<li>fix: replace ioutil.readfile with os.readfile by <a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/868">gorilla/websocket#868</a></li>
<li>fix: add comment for the readBufferSize and writeBufferSize by <a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/869">gorilla/websocket#869</a></li>
<li>Remove noisy printf in NextReader() and beginMessage() by <a
href="https://github.com/bcreane"><code>@​bcreane</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/878">gorilla/websocket#878</a></li>
<li>docs(echoreadall): fix function echoReadAll comment by <a
href="https://github.com/XdpCs"><code>@​XdpCs</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/881">gorilla/websocket#881</a></li>
<li>make tests parallel by <a
href="https://github.com/ninedraft"><code>@​ninedraft</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/872">gorilla/websocket#872</a></li>
<li>Upgrader.Upgrade: use http.ResposnseController by <a
href="https://github.com/ninedraft"><code>@​ninedraft</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/871">gorilla/websocket#871</a></li>
<li>Do not handle network error in <code>SetCloseHandler()</code> by <a
href="https://github.com/nak3"><code>@​nak3</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/863">gorilla/websocket#863</a></li>
<li>perf: reduce timer in write_control by <a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/879">gorilla/websocket#879</a></li>
<li>fix: lint example code by <a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/890">gorilla/websocket#890</a></li>
<li>feat: format message type by <a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/889">gorilla/websocket#889</a></li>
<li>Remove hideTempErr to allow downstream users to check for errors
like net.ErrClosed by <a
href="https://github.com/UnAfraid"><code>@​UnAfraid</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/894">gorilla/websocket#894</a></li>
<li>Do not timeout when WriteControl deadline is zero in <a
href="https://redirect.github.com/gorilla/websocket/pull/898">gorilla/websocket#898</a></li>
<li>Excludes errchecks linter by <a
href="https://github.com/apoorvajagtap"><code>@​apoorvajagtap</code></a>
in <a
href="https://redirect.github.com/gorilla/websocket/pull/904">gorilla/websocket#904</a></li>
<li>Return errors instead of printing to logs by <a
href="https://github.com/apoorvajagtap"><code>@​apoorvajagtap</code></a>
in <a
href="https://redirect.github.com/gorilla/websocket/pull/897">gorilla/websocket#897</a></li>
<li>Revert &quot; Update go version &amp; add verification/testing tools
(<a
href="https://redirect.github.com/gorilla/websocket/issues/840">#840</a>)&quot;
by <a
href="https://github.com/apoorvajagtap"><code>@​apoorvajagtap</code></a>
in <a
href="https://redirect.github.com/gorilla/websocket/pull/908">gorilla/websocket#908</a></li>
<li>Fixes broken random value generation by <a
href="https://github.com/apoorvajagtap"><code>@​apoorvajagtap</code></a>
in <a
href="https://redirect.github.com/gorilla/websocket/pull/926">gorilla/websocket#926</a></li>
<li>Reverts back to v1.5.0 by <a
href="https://github.com/apoorvajagtap"><code>@​apoorvajagtap</code></a>
in <a
href="https://redirect.github.com/gorilla/websocket/pull/929">gorilla/websocket#929</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/KSDaemon"><code>@​KSDaemon</code></a>
made their first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/823">gorilla/websocket#823</a></li>
<li><a href="https://github.com/mstmdev"><code>@​mstmdev</code></a> made
their first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/862">gorilla/websocket#862</a></li>
<li><a href="https://github.com/pnx"><code>@​pnx</code></a> made their
first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/865">gorilla/websocket#865</a></li>
<li><a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> made
their first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/868">gorilla/websocket#868</a></li>
<li><a href="https://github.com/bcreane"><code>@​bcreane</code></a> made
their first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/878">gorilla/websocket#878</a></li>
<li><a href="https://github.com/XdpCs"><code>@​XdpCs</code></a> made
their first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/881">gorilla/websocket#881</a></li>
<li><a href="https://github.com/ninedraft"><code>@​ninedraft</code></a>
made their first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/872">gorilla/websocket#872</a></li>
<li><a href="https://github.com/nak3"><code>@​nak3</code></a> made their
first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/863">gorilla/websocket#863</a></li>
<li><a href="https://github.com/UnAfraid"><code>@​UnAfraid</code></a>
made their first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/894">gorilla/websocket#894</a></li>
<li><a
href="https://github.com/apoorvajagtap"><code>@​apoorvajagtap</code></a>
made their first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/904">gorilla/websocket#904</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gorilla/websocket/compare/v1.5.1...v1.5.3">https://github.com/gorilla/websocket/compare/v1.5.1...v1.5.3</a></p>
<h2>v1.5.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Fixes subprotocol selection (aling with rfc6455) by <a
href="https://github.com/KSDaemon"><code>@​KSDaemon</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/823">gorilla/websocket#823</a></li>
<li>Update README.md, replace master to main by <a
href="https://github.com/mstmdev"><code>@​mstmdev</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/862">gorilla/websocket#862</a></li>
<li>Use status code constant by <a
href="https://github.com/mstmdev"><code>@​mstmdev</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/864">gorilla/websocket#864</a></li>
<li>conn.go: default close handler should not return ErrCloseSent. by <a
href="https://github.com/pnx"><code>@​pnx</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/865">gorilla/websocket#865</a></li>
<li>fix: replace ioutil.readfile with os.readfile by <a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/868">gorilla/websocket#868</a></li>
<li>fix: add comment for the readBufferSize and writeBufferSize by <a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/869">gorilla/websocket#869</a></li>
<li>Remove noisy printf in NextReader() and beginMessage() by <a
href="https://github.com/bcreane"><code>@​bcreane</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/878">gorilla/websocket#878</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ce903f6d1d"><code>ce903f6</code></a>
Reverts to v1.5.0</li>
<li><a
href="9ec25ca502"><code>9ec25ca</code></a>
fixes broken random value generation</li>
<li><a
href="1bddf2e0db"><code>1bddf2e</code></a>
bumps go version &amp; removes deprecated module usage</li>
<li><a
href="750bf92096"><code>750bf92</code></a>
adds GHA &amp; Makefile configs</li>
<li><a
href="b2c246b2ec"><code>b2c246b</code></a>
Revert &quot; Update go version &amp; add verification/testing tools (<a
href="https://redirect.github.com/gorilla/websocket/issues/840">#840</a>)&quot;</li>
<li><a
href="09a6bab466"><code>09a6bab</code></a>
removing error handling while closing connections</li>
<li><a
href="58af150309"><code>58af150</code></a>
return errors instead of printing to logs</li>
<li><a
href="e5f1a0aad0"><code>e5f1a0a</code></a>
excludes errchecks linter</li>
<li><a
href="b2a86a1744"><code>b2a86a1</code></a>
Do not timeout when WriteControl deadline is zero</li>
<li><a
href="695e9095ce"><code>695e909</code></a>
Remove hideTempErr to allow downstream users to check for errors like
net.Err...</li>
<li>Additional commits viewable in <a
href="https://github.com/gorilla/websocket/compare/v1.5.0...v1.5.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gorilla/websocket&package-manager=go_modules&previous-version=1.5.0&new-version=1.5.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-17 21:44:13 +00:00
dependabot[bot]
3be22065a6
Bump github.com/docker/go-connections from 0.4.0 to 0.5.0 (#3465) 
Bumps
[github.com/docker/go-connections](https://github.com/docker/go-connections)
from 0.4.0 to 0.5.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fa09c952e3"><code>fa09c95</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/go-connections/issues/108">#108</a>
from thaJeztah/carry_6</li>
<li><a
href="7a67a58690"><code>7a67a58</code></a>
Swap CloseRead and CloseWrite</li>
<li><a
href="481d3d26b3"><code>481d3d2</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/go-connections/issues/107">#107</a>
from thaJeztah/drop_legacy_go</li>
<li><a
href="9548f9f7bd"><code>9548f9f</code></a>
tlsconfig: remove deprecated io/ioutil</li>
<li><a
href="c564c210e1"><code>c564c21</code></a>
drop support for go1.17 and older</li>
<li><a
href="7cbebcf931"><code>7cbebcf</code></a>
gha: update actions</li>
<li><a
href="2cf423f0ad"><code>2cf423f</code></a>
tlsconfig: move allTLSVersions var</li>
<li><a
href="dca283b665"><code>dca283b</code></a>
tlsconfig: drop support for go1.12 and older</li>
<li><a
href="21876c5afd"><code>21876c5</code></a>
tlsconfig: drop support for go1.6 and older</li>
<li><a
href="4d174dba22"><code>4d174db</code></a>
tlsconfig: drop support for go1.4 and older</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/go-connections/compare/v0.4.0...v0.5.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/go-connections&package-manager=go_modules&previous-version=0.4.0&new-version=0.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-17 22:00:10 +01:00
dependabot[bot]
19cc831fdd
Bump github.com/docker/docker from 26.1.0+incompatible to 26.1.5+incompatible (#3466) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from
26.1.0+incompatible to 26.1.5+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v26.1.5</h2>
<h2>26.1.5</h2>
<h3>Security</h3>
<p>This release contains a fix for <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110">CVE-2024-41110</a>
/ <a
href="https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq">GHSA-v23v-6jw2-98fq</a>
that impacted setups using <a
href="https://docs.docker.com/engine/extend/plugins_authorization/">authorization
plugins (AuthZ)</a>
for access control. No other changes are included in this release, and
this
release is otherwise identical for users not using AuthZ plugins.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/moby/moby/compare/v26.1.4...v26.1.5">https://github.com/moby/moby/compare/v26.1.4...v26.1.5</a></p>
<h2>v26.1.4</h2>
<h2>26.1.4</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A26.1.4">docker/cli,
26.1.4 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A26.1.4">moby/moby,
26.1.4 milestone</a></li>
<li>Deprecated and removed features, see <a
href="https://github.com/docker/cli/blob/v26.1.4/docs/deprecated.md">Deprecated
Features</a>.</li>
<li>Changes to the Engine API, see <a
href="https://github.com/moby/moby/blob/v26.1.4/docs/api/version-history.md">API
version history</a>.</li>
</ul>
<h3>Security</h3>
<p>This release updates the Go runtime to 1.21.11 which contains
security fixes for:</p>
<ul>
<li><a
href="https://redirect.github.com/golang/go/issues/66869">CVE-2024-24789</a></li>
<li><a
href="https://redirect.github.com/golang/go/issues/67680">CVE-2024-24790</a></li>
<li>A symlink time of check to time of use race condition during
directory removal reported by Addison Crump (<a
href="https://github.com/addisoncrump"><code>@​addisoncrump</code></a>).</li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>Fixed an issue where promoting a node immediately after another node
was demoted could cause the promotion to fail. <a
href="https://redirect.github.com/moby/moby/pull/47870">moby/moby#47870</a></li>
<li>Prevent the daemon log from being spammed with <code>superfluous
response.WriteHeader call ...</code> messages.. <a
href="https://redirect.github.com/moby/moby/pull/47843">moby/moby#47843</a></li>
<li>Don't show empty hints when plugins return an empty hook message. <a
href="https://redirect.github.com/docker/cli/pull/5083">docker/cli#5083</a></li>
<li>Added <code>ContextType: &quot;moby&quot;</code> to the context
list/inspect output to address a compatibility issue with Visual Studio
Container Tools. <a
href="https://redirect.github.com/docker/cli/pull/5095">docker/cli#5095</a></li>
<li>Fix a compatibility issue with Visual Studio Container Tools. <a
href="https://redirect.github.com/docker/cli/pull/5095">docker/cli#5095</a></li>
</ul>
<h3>Packaging updates</h3>
<ul>
<li>Update containerd (static binaries only) to <a
href="https://github.com/containerd/containerd/releases/tag/v1.7.17">v1.7.17</a>.
<a
href="https://redirect.github.com/moby/moby/pull/47841">moby/moby#47841</a></li>
<li><a
href="https://redirect.github.com/golang/go/issues/66869">CVE-2024-24789</a>,
<a
href="https://redirect.github.com/golang/go/issues/67680">CVE-2024-24790</a>:
Update Go runtime to 1.21.11. <a
href="https://redirect.github.com/moby/moby/pull/47904">moby/moby#47904</a></li>
<li>Update Compose to <a
href="https://github.com/docker/compose/releases/tag/v2.27.1">v2.27.1</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1022">docker/docker-ce-packages#1022</a></li>
<li>Update Buildx to <a
href="https://github.com/docker/buildx/releases/tag/v0.14.1">v0.14.1</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1021">docker/docker-ce-packages#1021</a></li>
</ul>
<h2>v26.1.3</h2>
<h2>26.1.3</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="411e817ddf"><code>411e817</code></a>
Merge commit from fork</li>
<li><a
href="9cc85eaef1"><code>9cc85ea</code></a>
If url includes scheme, urlPath will drop hostname, which would not
match the...</li>
<li><a
href="820cab90bc"><code>820cab9</code></a>
Authz plugin security fixes for 0-length content and path
validation</li>
<li><a
href="6bc49067a6"><code>6bc4906</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48123">#48123</a>
from vvoland/v26.1-48120</li>
<li><a
href="6fbdce4b94"><code>6fbdce4</code></a>
update to go1.21.12</li>
<li><a
href="f5334644ec"><code>f533464</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/47986">#47986</a>
from vvoland/v26.1-47985</li>
<li><a
href="c1d4587d76"><code>c1d4587</code></a>
builder/mobyexporter: Add missing nil check</li>
<li><a
href="d6428049a5"><code>d642804</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/47940">#47940</a>
from thaJeztah/26.1_backport_api_remove_container_c...</li>
<li><a
href="daba2462f5"><code>daba246</code></a>
docs: api: image inspect: remove Container and ContainerConfig</li>
<li><a
href="de5c9cf0b9"><code>de5c9cf</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/47912">#47912</a>
from thaJeztah/26.1_backport_vendor_containerd_1.7.18</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v26.1.0...v26.1.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=26.1.0+incompatible&new-version=26.1.5+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/element-hq/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-17 21:42:08 +01:00
dependabot[bot]
f8ef6118c7
Bump github.com/docker/docker from 25.0.6+incompatible to 27.4.0+incompatible (#3458) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from
25.0.6+incompatible to 27.4.0+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v27.4.0</h2>
<h2>27.4.0</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A27.4.0">docker/cli,
27.4.0 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A27.4.0">moby/moby,
27.4.0 milestone</a></li>
</ul>
<h3>API</h3>
<ul>
<li><code>GET /images/json</code> with the <code>manifests</code> option
enabled now preserves the original order in which manifests appeared in
the manifest-index. <a
href="https://redirect.github.com/moby/moby/pull/48712">moby/moby#48712</a></li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>When reading logs with the <code>jsonfile</code> or
<code>local</code> log drivers, any errors while trying to read or parse
underlying log files will cause the rest of the file to be skipped and
move to the next log file (if one exists) rather than returning an error
to the client and closing the stream. The errors are viewable in the
Docker Daemon logs and exported to traces when tracing is configured. <a
href="https://redirect.github.com/moby/moby/pull/48842">moby/moby#48842</a></li>
<li>When reading log files, compressed log files are now only
decompressed when needed rather than decompressing all files before
starting the log stream. <a
href="https://redirect.github.com/moby/moby/pull/48842">moby/moby#48842</a></li>
<li>Fix an issue that meant published ports from one container on a
bridge network were not accessible from another container on the same
network with <code>userland-proxy</code> disabled, if the kernel's
<code>br_netfilter</code> module was not loaded and enabled. The daemon
will now attempt to load the module and enable
<code>bridge-nf-call-iptables</code> or
<code>bridge-nf-call-ip6tables</code> when creating a network with the
userland proxy disabled. <a
href="https://redirect.github.com/moby/moby/pull/48685">moby/moby#48685</a></li>
<li>Fix loading of <code>bridge</code> and <code>br_netfilter</code>
kernel modules. <a
href="https://redirect.github.com/moby/moby/pull/48966">moby/moby#48966</a></li>
<li>containerd image store: Fix Docker daemon failing to fully start
with a &quot;context deadline exceeded error&quot; with containerd
snapshotter and many builds/images. <a
href="https://redirect.github.com/moby/moby/pull/48954">moby/moby#48954</a></li>
<li>containerd image-store: Fix partially pulled images not being
garbage-collected. <a
href="https://redirect.github.com/moby/moby/pull/48910">moby#48910</a>,
<a
href="https://redirect.github.com/moby/moby/pull/48957">moby/moby#48957</a></li>
<li>containerd image store: Fix <code>docker image inspect</code>
outputting duplicate references in <code>RepoDigests</code>. <a
href="https://redirect.github.com/moby/moby/pull/48785">moby/moby#48785</a></li>
<li>containerd image store: Fix not being able to connect to some
insecure registries in cases where the HTTPS request failed due to a
non-TLS related error. <a
href="https://redirect.github.com/moby/moby/pull/48758">moby/moby#48758</a></li>
<li>containerd image store: Remove a confusing warning log when tagging
a non-dangling image. <a
href="https://redirect.github.com/moby/moby/pull/49010">moby/moby#49010</a></li>
<li>dockerd-rootless-setuptool.sh: let --force ignore smoke test errors
<a
href="https://redirect.github.com/moby/moby/pull/48695">moby/moby#48695</a></li>
<li>Disable IPv6 Duplicate Address Detection (DAD) for addresses
assigned to the bridges belonging to bridge networks. <a
href="https://redirect.github.com/moby/moby/pull/48684">moby/moby#48684</a></li>
<li>Remove BuildKit init timeout. <a
href="https://redirect.github.com/moby/moby/pull/48963">moby/moby#48963</a></li>
<li>Ignore &quot;dataset does not exist&quot; error when removing
dataset on ZFS. <a
href="https://redirect.github.com/moby/moby/pull/48968">moby/moby#48968</a></li>
<li>Client: Prevent idle connections leaking FDs. <a
href="https://redirect.github.com/moby/moby/pull/48764">moby/moby#48764</a></li>
<li>Fix anonymous volumes being created through the <code>--mount</code>
option not being marked as anonymous. <a
href="https://redirect.github.com/moby/moby/pull/48755">moby/moby#48755</a></li>
<li>After a daemon restart with live-restore, ensure an iptables jump to
the <code>DOCKER-USER</code> chain is placed before other rules. <a
href="https://redirect.github.com/moby/moby/pull/48714">moby/moby#48714</a></li>
<li>Fix a possible memory leak caused by OTel meters. <a
href="https://redirect.github.com/moby/moby/pull/48693">moby/moby#48693</a></li>
<li>Create distinct build history db for each store. <a
href="https://redirect.github.com/moby/moby/pull/48688">moby/moby#48688</a></li>
<li>Fix an issue that caused excessive memory usage when DNS resolution
was made in a tight loop. <a
href="https://redirect.github.com/moby/moby/pull/48840">moby/moby#48840</a></li>
<li>containerd image store: Do not underline names in <code>docker image
ls --tree</code>. <a
href="https://redirect.github.com/docker/cli/pull/5519">docker/cli#5519</a></li>
<li>containerd image store: Change name of <code>USED</code> column in
<code>docker image ls --tree</code> to <code>IN USE</code>. <a
href="https://redirect.github.com/docker/cli/pull/5518">docker/cli#5518</a></li>
<li>Fix a bug preventing image pulls from being cancelled during
<code>docker run</code>. <a
href="https://redirect.github.com/docker/cli/pull/5654">docker/cli#5654</a></li>
<li>Port some completions from the bash completion to the new cobra
based completion. <a
href="https://redirect.github.com/docker/cli/pull/5618">docker/cli#5618</a></li>
<li>The <code>docker login</code> and <code>docker logout</code> command
no longer update the configuration file if the credentials didn't
change. <a
href="https://redirect.github.com/docker/cli/pull/5569">docker/cli#5569</a></li>
<li>Optimise <code>docker stats</code> to reduce flickering issues. <a
href="https://redirect.github.com/docker/cli/pull/5588">docker/cli#5588</a>,
<a
href="https://redirect.github.com/docker/cli/pull/5635">docker/cli#5635</a></li>
<li>Fix inaccessible plugins paths preventing plugins from being
detected. <a
href="https://redirect.github.com/docker/cli/pull/5652">docker/cli#5652</a></li>
<li>Add support for <code>events --filter</code> in cobra generated
shell completions. <a
href="https://redirect.github.com/docker/cli/pull/5614">docker/cli#5614</a></li>
<li>Fix bash completion for <code>events --filter daemon=</code>. <a
href="https://redirect.github.com/docker/cli/pull/5563">docker/cli#5563</a></li>
<li>Improve shell-completion of containers for <code>docker rm</code>.
<a
href="https://redirect.github.com/docker/cli/pull/5540">docker/cli#5540</a></li>
<li>Add shell-completion for <code>--platform</code> flags. <a
href="https://redirect.github.com/docker/cli/pull/5540">docker/cli#5540</a></li>
<li>rootless: Make <code>/etc/cdi</code> and <code>/var/run/cdi</code>
accessible by the Container Device Interface (CDI) integration. <a
href="https://redirect.github.com/moby/moby/pull/49027">moby/moby#49027</a></li>
</ul>
<h3>Removed</h3>
<ul>
<li>Deprecate <code>Daemon.Exists()</code> and
<code>Daemon.IsPaused()</code>. These functions are no longer used and
will be removed in the next release. <a
href="https://redirect.github.com/moby/moby/pull/48719">moby/moby#48719</a></li>
<li>Deprecate <code>container.ErrNameReserved</code> and
<code>container.ErrNameNotReserved</code>. <a
href="https://redirect.github.com/moby/moby/pull/48697">moby/moby#48697</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="92a83937d0"><code>92a8393</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/49027">#49027</a>
from thaJeztah/27.x_backport_cdi-rootless</li>
<li><a
href="9163aa379a"><code>9163aa3</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/49026">#49026</a>
from thaJeztah/27.x_update_go_1.22.10</li>
<li><a
href="4775621ab6"><code>4775621</code></a>
Dockerd rootless: make {/etc,/var/run}/cdi available</li>
<li><a
href="0176f4a5c3"><code>0176f4a</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/49024">#49024</a>
from thaJeztah/27.x_vendor_buildkit_0.17.3</li>
<li><a
href="0e34b3956b"><code>0e34b39</code></a>
update to go1.22.10</li>
<li><a
href="7919b806e7"><code>7919b80</code></a>
[27.x] vendor: github.com/moby/buildkit v0.17.3</li>
<li><a
href="a92d4c5a57"><code>a92d4c5</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/49013">#49013</a>
from vvoland/49006-27.x</li>
<li><a
href="1cc127466d"><code>1cc1274</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/49010">#49010</a>
from vvoland/49009-27.x</li>
<li><a
href="525b929947"><code>525b929</code></a>
registry: deprecate RepositoryInfo.Class</li>
<li><a
href="d6d43b2912"><code>d6d43b2</code></a>
c8d/tag: Don't log a warning if the source image is not dangling</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v25.0.6...v27.4.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=25.0.6+incompatible&new-version=27.4.0+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
 2024-12-17 20:39:04 +00:00
dependabot[bot]
bed4abf229
Bump github.com/dgraph-io/ristretto from 0.1.1 to 0.2.0 (#3457) 
Bumps
[github.com/dgraph-io/ristretto](https://github.com/dgraph-io/ristretto)
from 0.1.1 to 0.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dgraph-io/ristretto/releases">github.com/dgraph-io/ristretto's
releases</a>.</em></p>
<blockquote>
<h2>v0.2.0</h2>
<h2>What's Changed</h2>
<p>*`docs(readme): Use new Wait method by <a
href="https://github.com/angadn"><code>@​angadn</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/327">dgraph-io/ristretto#327</a></p>
<ul>
<li>docs: format example on readme by <a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/339">dgraph-io/ristretto#339</a></li>
<li>Fix flakes in TestDropUpdates by <a
href="https://github.com/evanj"><code>@​evanj</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/334">dgraph-io/ristretto#334</a></li>
<li>docs(Cache): document Wait, clarify Get by <a
href="https://github.com/evanj"><code>@​evanj</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/333">dgraph-io/ristretto#333</a></li>
<li>chore: fix typo error by <a
href="https://github.com/proost"><code>@​proost</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/341">dgraph-io/ristretto#341</a></li>
<li>fix: support compilation to wasip1 by <a
href="https://github.com/achille-roussel"><code>@​achille-roussel</code></a>
in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/344">dgraph-io/ristretto#344</a></li>
<li>remove glog dependency by <a
href="https://github.com/jhawk28"><code>@​jhawk28</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/350">dgraph-io/ristretto#350</a></li>
<li>add config for cleanup ticker duration by <a
href="https://github.com/singhvikash11"><code>@​singhvikash11</code></a>
in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/342">dgraph-io/ristretto#342</a></li>
<li>fix(OnEvict): Set missing Expiration field on evicted items by <a
href="https://github.com/0x1ee7"><code>@​0x1ee7</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/345">dgraph-io/ristretto#345</a></li>
<li>uint32 -&gt; uint64 in slice methods by <a
href="https://github.com/mocurin"><code>@​mocurin</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/323">dgraph-io/ristretto#323</a></li>
<li>fix: cleanupTicker not being stopped by <a
href="https://github.com/IlyaFloppy"><code>@​IlyaFloppy</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/343">dgraph-io/ristretto#343</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0">https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/dgraph-io/ristretto/blob/main/CHANGELOG.md">github.com/dgraph-io/ristretto's
changelog</a>.</em></p>
<blockquote>
<h2>[v0.2.0] - 2024-10-06</h2>
<h3>Added</h3>
<ul>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/344"><code>fix:
support compilation to wasip1 by @​achille-roussel</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/342"><code>add
config for cleanup ticker duration by @​singhvikash11</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/327"><code>docs(readme):
Use new Wait method by @​angadn</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/339"><code>docs:
format example on readme by @​rfyiamcool</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/334"><code>Fix
flakes in TestDropUpdates by @​evanj</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/333"><code>docs(Cache):
document Wait, clarify Get by @​evanj</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/341"><code>chore:
fix typo error by @​proost</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/350"><code>remove
glog dependency by @​jhawk28</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/345"><code>fix(OnEvict):
Set missing Expiration field on evicted items by
@​0x1ee7</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/323"><code>uint32
-&gt; uint64 in slice methods by @​mocurin</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/343"><code>fix:
cleanupTicker not being stopped by @​IlyaFloppy</code></a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0">https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1854617567"><code>1854617</code></a>
minor repo cleanup (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/352">#352</a>)</li>
<li><a
href="91446626cc"><code>9144662</code></a>
stop cleanupTicker while closing cache (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/343">#343</a>)</li>
<li><a
href="c00b3525a6"><code>c00b352</code></a>
uint32 to uint64 in slice methods (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/323">#323</a>)</li>
<li><a
href="e6d62cbfa0"><code>e6d62cb</code></a>
chore(ci): separate out coverage report workflow (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/353">#353</a>)</li>
<li><a
href="f0e70276b9"><code>f0e7027</code></a>
set missing Expiration field on evicted items (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/345">#345</a>)</li>
<li><a
href="e8dc5b0073"><code>e8dc5b0</code></a>
add config for cleanup ticker duration (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/342">#342</a>)</li>
<li><a
href="c5789d66fd"><code>c5789d6</code></a>
update golangci config and cleanup repo (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/351">#351</a>)</li>
<li><a
href="bdcf5e99ac"><code>bdcf5e9</code></a>
remove glog dependency (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/350">#350</a>)</li>
<li><a
href="3f6b44a609"><code>3f6b44a</code></a>
fix: support compilation to wasip1 (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/344">#344</a>)</li>
<li><a
href="c73d585ee6"><code>c73d585</code></a>
chore: fix typo error (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/341">#341</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/dgraph-io/ristretto&package-manager=go_modules&previous-version=0.1.1&new-version=0.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-17 21:02:03 +01:00
Neil
72039f651e
Update dependencies (#3449) 
Signed-off-by: Neil Alexander <git@neilalexander.dev>

---------

Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
 2024-12-15 11:27:27 +01:00
Till Faelligen
3ca9dae95a
Fix missed matrix-org bits, run go mod tidy 2024-11-14 13:32:24 +01:00
Quentin Gliech
6e6c3de0a6
Rename the go package 
github.com/matrix-org/dendrite to github.com/element-hq/dendrite
 2024-10-17 17:33:45 +02:00
idk
6cd1285ca0
Adds support for listening on and connecting to I2P and Onion services securely (#3293) 
This PR adds 2 `dendrite-demo` main's, each designed expressly to serve
a Hidden Service/Overlay network.

The first, `dendrite-demo-i2p` add self-configuration for use of
dendrite as an I2P hidden service(eepsite) and to connect to I2P
services(federate) as an I2P client. It further disables the `dendrite`
server from communicating with non-anonymous servers by
federation(because I2P does not canonically have the ability to exit, we
rely on donors for exit traffic), and enables the use of self-signed TLS
certificates([because I2P services are self-authenticating but TLS is
still required for other aspects of the system to work
reliably](https://tor.stackexchange.com/questions/13887/registering-onion-with-certificate-authority)).
This demo turns the system into an "pseudonymous" homeserver which
people can connect to using an I2P-enabled Matrix client(I like `cinny`
and it's what I tested with).

The second, `dendrite-demo-tor` adds self-configuration for the use of
dendrite as an Onion service and to connect to other onion services and
non-anonymous web sites using Tor to obfuscate it's physical location
and providing, optionally, pseudonymity. It also enables the use of
self-signed TLS certificates, for the same reason as with I2P, because
onion services aren't typically eligible for TLS certificates. It has
also been tested with `cinny`.

These services are both pseudonymous like myself, not anonymous. I will
be meeting members of the element team at the CCC assembly shortly to
discuss contributing under my pseudonym.

As none of the other `dendrite-demo` have unit tests I did not add them
to these checkins.

* [*] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement) for this PR _or_ I have
justified why this PR doesn't need tests

---------

Co-authored-by: eyedeekay <idk@mulder>
Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
 2024-09-23 19:28:28 +02:00
Till
002fed3cb9
Bump GMSL (#3419) 
Adds
https://github.com/matrix-org/gomatrixserverlib/pull/436
https://github.com/matrix-org/gomatrixserverlib/pull/438
https://github.com/matrix-org/gomatrixserverlib/pull/432
 2024-09-10 19:45:31 +00:00
Neil
117ed66037
Update NATS to 2.10.20, use SyncAlways (#3418) 
The internal NATS instance is definitely convenient but it does have one
problem: its lifecycle is tied to the Dendrite process. That means if
Dendrite panics or OOMs, it takes out NATS with it. I suspect this is
sometimes contributing to what people see with stuck streams, as some
operations or state might not be written to disk fully before it gets
interrupted.

Using `SyncAlways` means that NATS will effectively use `O_SYNC` and
block writes on flushes, which should improve resiliency against this
kind of failure considerably. It might affect performance a little but
shouldn't be significant.

Also updates NATS to 2.10.20 as there have been all sorts of fixes since
2.10.7, including better `SyncAlways` handling.

Signed-off-by: Neil Alexander <git@neilalexander.dev>

---------

Signed-off-by: Neil Alexander <git@neilalexander.dev>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
 2024-09-10 20:54:38 +02:00
Till
7a4ef240fc
Implement MSC3916 (#3397) 
Needs https://github.com/matrix-org/gomatrixserverlib/pull/437
 2024-08-16 12:37:59 +02:00
Till
4d116ff0db
Bump yggdrasil (#3407) 2024-08-03 20:26:28 +02:00
dependabot[bot]
c876790f08
Bump github.com/docker/docker from 24.0.9+incompatible to 25.0.6+incompatible (#3405) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from
24.0.9+incompatible to 25.0.6+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v25.0.6</h2>
<h2>25.0.6</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.6">docker/cli,
25.0.6 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.6">moby/moby,
25.0.6 milestone</a></li>
<li>Deprecated and removed features, see <a
href="https://github.com/docker/cli/blob/v25.0.6/docs/deprecated.md">Deprecated
Features</a>.</li>
<li>Changes to the Engine API, see <a
href="https://github.com/moby/moby/blob/v25.0.6/docs/api/version-history.md">API
version history</a>.</li>
</ul>
<h3>Security</h3>
<p>This release contains a fix for <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110">CVE-2024-41110</a>
/ <a
href="https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq">GHSA-v23v-6jw2-98fq</a>
that impacted setups using <a
href="https://docs.docker.com/engine/extend/plugins_authorization/">authorization
plugins (AuthZ)</a> for access control.</p>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>[25.0] remove erroneous <code>platform</code> from image
<code>config</code> OCI descriptor in <code>docker save</code> output.
<a
href="https://redirect.github.com/moby/moby/pull/47695">moby/moby#47695</a></li>
<li>[25.0 backport] Fix a nil dereference when getting image history for
images having layers without the <code>Created</code> value set. <a
href="https://redirect.github.com/moby/moby/pull/47759">moby/moby#47759</a></li>
<li>[25.0 backport] apparmor: Allow confined runc to kill containers. <a
href="https://redirect.github.com/moby/moby/pull/47830">moby/moby#47830</a></li>
<li>[25.0 backport] Fix an issue where rapidly promoting a Swarm node
after another node was demoted could cause the promoted node to fail its
promotion. <a
href="https://redirect.github.com/moby/moby/pull/47869">moby/moby#47869</a></li>
<li>[25.0 backport] don't depend on containerd platform.Parse to return
a typed error. <a
href="https://redirect.github.com/moby/moby/pull/47890">moby/moby#47890</a></li>
<li>[25.0 backport] builder/mobyexporter: Add missing nil check <a
href="https://redirect.github.com/moby/moby/pull/47987">moby/moby#47987</a></li>
</ul>
<h3>Packaging updates</h3>
<ul>
<li>Update AWS SDK Go v2 to v1.24.1 for AWS CloudWatch logging driver.
<a
href="https://redirect.github.com/moby/moby/pull/47724">moby/moby#47724</a></li>
<li>Update Go runtime to 1.21.12, which contains security fixes for <a
href="https://github.com/advisories/GHSA-hw49-2p59-3mhj">CVE-2024-24791</a>
<a
href="https://redirect.github.com/moby/moby/pull/48146">moby/moby#48146</a></li>
<li>Update Containerd (static binaries only) to <a
href="https://github.com/containerd/containerd/releases/tag/v1.7.20">v1.7.20</a>.
<a
href="https://redirect.github.com/moby/moby/pull/48199">moby/moby#48199</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/moby/moby/compare/v25.0.5...v25.0.6">https://github.com/moby/moby/compare/v25.0.5...v25.0.6</a></p>
<h2>v25.0.5</h2>
<h2>25.0.5</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.5">docker/cli,
25.0.5 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.5">moby/moby,
25.0.5 milestone</a></li>
<li>Deprecated and removed features, see <a
href="https://github.com/docker/cli/blob/v25.0.5/docs/deprecated.md">Deprecated
Features</a>.</li>
<li>Changes to the Engine API, see <a
href="https://github.com/moby/moby/blob/v25.0.5/docs/api/version-history.md">API
version history</a>.</li>
</ul>
<h3>Security</h3>
<p>This release contains a security fix for <a
href="https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx">CVE-2024-29018</a>,
a potential data exfiltration from 'internal' networks via authoritative
DNS servers.</p>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>
<p><a
href="https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx">CVE-2024-29018</a>:
Do not forward requests to external DNS servers for a container that is
only connected to an 'internal' network. Previously, requests were
forwarded if the host's DNS server was running on a loopback address,
like systemd's 127.0.0.53. <a
href="https://redirect.github.com/moby/moby/pull/47589">moby/moby#47589</a></p>
</li>
<li>
<p>plugin: fix mounting /etc/hosts when running in UserNS. <a
href="https://redirect.github.com/moby/moby/pull/47588">moby/moby#47588</a></p>
</li>
<li>
<p>rootless: fix <code>open /etc/docker/plugins: permission
denied</code>. <a
href="https://redirect.github.com/moby/moby/pull/47587">moby/moby#47587</a></p>
</li>
<li>
<p>Fix multiple parallel <code>docker build</code> runs leaking disk
space. <a
href="https://redirect.github.com/moby/moby/pull/47527">moby/moby#47527</a></p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b08a51fe16"><code>b08a51f</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48231">#48231</a>
from austinvazquez/backport-vendor-otel-v0.46.1-to-...</li>
<li><a
href="d151b0f87f"><code>d151b0f</code></a>
vendor: OTEL v0.46.1 / v1.21.0</li>
<li><a
href="c6ba9a5124"><code>c6ba9a5</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48225">#48225</a>
from austinvazquez/backport-workflow-artifact-reten...</li>
<li><a
href="4673a3ca2c"><code>4673a3c</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48227">#48227</a>
from austinvazquez/backport-backport-branch-check-t...</li>
<li><a
href="30f8908102"><code>30f8908</code></a>
github/ci: Check if backport is opened against the expected branch</li>
<li><a
href="7454d6a2e6"><code>7454d6a</code></a>
ci: update workflow artifacts retention</li>
<li><a
href="65cc597cea"><code>65cc597</code></a>
Merge commit from fork</li>
<li><a
href="b722836927"><code>b722836</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48199">#48199</a>
from austinvazquez/update-containerd-binary-to-1.7.20</li>
<li><a
href="e8ecb9c76d"><code>e8ecb9c</code></a>
update containerd binary to v1.7.20</li>
<li><a
href="e6cae1f237"><code>e6cae1f</code></a>
update containerd binary to v1.7.19</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v24.0.9...v25.0.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=24.0.9+incompatible&new-version=25.0.6+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
 2024-08-02 08:56:24 +02:00
Till
a37d317958
Bump go to 1.21 (#3360) 2024-08-02 08:35:38 +02:00
dependabot[bot]
7d8516838d
Bump golang.org/x/image from 0.10.0 to 0.18.0 (#3390) 
Bumps [golang.org/x/image](https://github.com/golang/image) from 0.10.0
to 0.18.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3bbf4a659e"><code>3bbf4a6</code></a>
tiff: Validate palette indices when parsing palette-color images</li>
<li><a
href="6c5fa462eb"><code>6c5fa46</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="55c4ab6bd6"><code>55c4ab6</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="0057a939a5"><code>0057a93</code></a>
tiff: fix function name in comment</li>
<li><a
href="9e190ae4a3"><code>9e190ae</code></a>
webp: disallow multiple VP8X chunks</li>
<li><a
href="445ab0e75e"><code>445ab0e</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="240a51ac9f"><code>240a51a</code></a>
font/sfnt: support early version 0 OS/2 tables</li>
<li><a
href="c20bbc3713"><code>c20bbc3</code></a>
draw: simplify some calls to fmt.Fprintf</li>
<li><a
href="491771c681"><code>491771c</code></a>
draw: merge draw_go117.go into draw.go</li>
<li><a
href="4aa0222fac"><code>4aa0222</code></a>
go.mod: update go directive to 1.18</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/image/compare/v0.10.0...v0.18.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/image&package-manager=go_modules&previous-version=0.10.0&new-version=0.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-27 20:49:18 +02:00
dependabot[bot]
5547bf8ca6
Bump golang.org/x/net from 0.21.0 to 0.23.0 (#3365) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to
0.23.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c48da13158"><code>c48da13</code></a>
http2: fix TestServerContinuationFlood flakes</li>
<li><a
href="762b58d1cf"><code>762b58d</code></a>
http2: fix tipos in comment</li>
<li><a
href="ba872109ef"><code>ba87210</code></a>
http2: close connections when receiving too many headers</li>
<li><a
href="ebc8168ac8"><code>ebc8168</code></a>
all: fix some typos</li>
<li><a
href="3678185f8a"><code>3678185</code></a>
http2: make TestCanonicalHeaderCacheGrowth faster</li>
<li><a
href="448c44f928"><code>448c44f</code></a>
http2: remove clientTester</li>
<li><a
href="c7877ac421"><code>c7877ac</code></a>
http2: convert the remaining clientTester tests to testClientConn</li>
<li><a
href="d8870b0bf2"><code>d8870b0</code></a>
http2: use synthetic time in TestIdleConnTimeout</li>
<li><a
href="d73acffdc9"><code>d73acff</code></a>
http2: only set up deadline when Server.IdleTimeout is positive</li>
<li><a
href="89f602b7bb"><code>89f602b</code></a>
http2: validate client/outgoing trailers</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/net/compare/v0.21.0...v0.23.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/net&package-manager=go_modules&previous-version=0.21.0&new-version=0.23.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-30 23:12:52 +00:00
Till
14a6c10097
Version 0.13.7 (#3349) 2024-04-09 10:24:27 +02:00
Till
b732eede27
Fix spaces over federation (#3347) 
Fixes #2504

 A few issues with the previous iteration:
- We never returned `inaccessible_children`, which (if I read the code
correctly), made Synapse raise an error and thus not returning the
requested rooms
- For restricted rooms, we didn't return the list of allowed rooms
 2024-03-28 20:40:45 +01:00
dependabot[bot]
1bdf0cc541
Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible (#3341) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from
24.0.7+incompatible to 24.0.9+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v24.0.9</h2>
<h2>24.0.9</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.9">docker/cli,
24.0.9 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.9">moby/moby,
24.0.9 milestone</a></li>
</ul>
<h2>Security</h2>
<p>This release contains security fixes for the following CVEs affecting
Docker Engine and its components.</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Component</th>
<th>Fix version</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="https://scout.docker.com/v/CVE-2024-21626">CVE-2024-21626</a></td>
<td>runc</td>
<td>1.1.12</td>
<td>High, CVSS 8.6</td>
</tr>
<tr>
<td><a
href="https://scout.docker.com/v/CVE-2024-24557">CVE-2024-24557</a></td>
<td>Docker Engine</td>
<td>24.0.9</td>
<td>Medium, CVSS 6.9</td>
</tr>
</tbody>
</table>
<blockquote>
<p><strong>Important</strong> ⚠️</p>
<p>Note that this release of Docker Engine doesn't include fixes for the
following known vulnerabilities in BuildKit:</p>
<ul>
<li><a
href="https://scout.docker.com/v/CVE-2024-23651">CVE-2024-23651</a></li>
<li><a
href="https://scout.docker.com/v/CVE-2024-23652">CVE-2024-23652</a></li>
<li><a
href="https://scout.docker.com/v/CVE-2024-23653">CVE-2024-23653</a></li>
<li><a
href="https://scout.docker.com/v/CVE-2024-23650">CVE-2024-23650</a></li>
</ul>
<p>To address these vulnerabilities, upgrade to <a
href="https://github.com/docker/docker/blob/HEAD/25.0.md#2502">Docker
Engine v25.0.2</a>.</p>
</blockquote>
<p>For more information about the security issues addressed in this
release, and the unaddressed vulnerabilities in BuildKit, refer to the
<a
href="https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/">blog
post</a>. For details about each vulnerability, see the relevant
security advisory:</p>
<ul>
<li><a
href="https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv">CVE-2024-21626</a></li>
<li><a
href="https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc">CVE-2024-24557</a></li>
</ul>
<h3>Packaging updates</h3>
<ul>
<li>Upgrade runc to <a
href="https://github.com/opencontainers/runc/releases/tag/v1.1.12">v1.1.12</a>.
<a
href="https://redirect.github.com/moby/moby/pull/47269">moby/moby#47269</a></li>
<li>Upgrade containerd to <a
href="https://github.com/containerd/containerd/releases/tag/v1.7.13">v1.7.13</a>
(static binaries only). <a
href="https://redirect.github.com/moby/moby/pull/47280">moby/moby#47280</a></li>
</ul>
<h2>v24.0.8</h2>
<h2>24.0.8</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.8">docker/cli,
24.0.8 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.8">moby/moby,
24.0.8 milestone</a></li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>Live restore: Containers with auto remove (<code>docker run
--rm</code>) are no longer forcibly removed on engine restart. <a
href="https://redirect.github.com/moby/moby/pull/46869">moby/moby#46857</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fca702de7f"><code>fca702d</code></a>
Merge pull request from GHSA-xw73-rw38-6vjc</li>
<li><a
href="f78a7726d7"><code>f78a772</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/47281">#47281</a>
from thaJeztah/24.0_backport_bump_containerd_binary...</li>
<li><a
href="61afffeeb3"><code>61afffe</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/47270">#47270</a>
from thaJeztah/24.0_backport_bump_runc_binary_1.1.12</li>
<li><a
href="b38e74c4e0"><code>b38e74c</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/47276">#47276</a>
from thaJeztah/24.0_backport_bump_runc_1.1.12</li>
<li><a
href="dac56638ad"><code>dac5663</code></a>
update containerd binary to v1.7.13</li>
<li><a
href="20e1af3616"><code>20e1af3</code></a>
vendor: github.com/opencontainers/runc v1.1.12</li>
<li><a
href="858919d399"><code>858919d</code></a>
update runc binary to v1.1.12</li>
<li><a
href="141ad39e38"><code>141ad39</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/47266">#47266</a>
from vvoland/ci-fix-makeps1-templatefail-24</li>
<li><a
href="db968c672b"><code>db968c6</code></a>
hack/make.ps1: Fix go list pattern</li>
<li><a
href="61c51fbb5a"><code>61c51fb</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/47221">#47221</a>
from vvoland/pkg-pools-close-noop-24</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v24.0.7...v24.0.9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=24.0.7+incompatible&new-version=24.0.9+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-22 22:30:28 +01:00
dependabot[bot]
a00b976a00
Bump google.golang.org/protobuf from 1.30.0 to 1.33.0 (#3339) 
Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/protobuf&package-manager=go_modules&previous-version=1.30.0&new-version=1.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-22 22:29:53 +01:00
Till
dae1ef2e46
Update GMSL (#3303) 
If I didn't miss anything, this should add fixes from:
https://github.com/matrix-org/gomatrixserverlib/pull/424
https://github.com/matrix-org/gomatrixserverlib/pull/426
https://github.com/matrix-org/gomatrixserverlib/pull/427
https://github.com/matrix-org/gomatrixserverlib/pull/428
https://github.com/matrix-org/gomatrixserverlib/pull/429
https://github.com/matrix-org/gomatrixserverlib/pull/430
 2024-01-15 20:12:34 +00:00
dependabot[bot]
3a4b5f49ac
Bump github.com/quic-go/quic-go from 0.37.4 to 0.37.7 (#3300) 
Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go)
from 0.37.4 to 0.37.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/quic-go/quic-go/releases">github.com/quic-go/quic-go's
releases</a>.</em></p>
<blockquote>
<h2>v0.37.7</h2>
<p>This release contains fixes for the Honeybadger vulnerability
(CVE-2023-49295):</p>
<ul>
<li>limit the number of queued PATH_RESPONSE frames to 256 (<a
href="https://redirect.github.com/quic-go/quic-go/issues/4199">#4199</a>)</li>
<li>don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (<a
href="https://redirect.github.com/quic-go/quic-go/issues/4200">#4200</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/quic-go/quic-go/compare/v0.37.6...v0.37.7">https://github.com/quic-go/quic-go/compare/v0.37.6...v0.37.7</a></p>
<h2>v0.37.6</h2>
<p>This patch release contains a backport of <a
href="https://redirect.github.com/quic-go/quic-go/pull/4038">quic-go/quic-go#4038</a>.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/quic-go/quic-go/compare/v0.37.5...v0.37.6">https://github.com/quic-go/quic-go/compare/v0.37.5...v0.37.6</a></p>
<h2>v0.37.5</h2>
<p>This patch release contains the backport of 3 fixes:</p>
<ul>
<li>fix handshake failure if <code>tls.Config.SessionTicketDisabled =
false</code>, but <code>tls.Config.GetConfigForClient</code> returns a
config that disables session tickets: <a
href="https://redirect.github.com/quic-go/quic-go/issues/4030">#4030</a></li>
<li>use the correct hash function for TLS_AES_256_GCM_SHA384: <a
href="https://redirect.github.com/quic-go/quic-go/issues/4031">#4031</a></li>
<li>automatically set the <code>tls.Config.ServerName</code>: <a
href="https://redirect.github.com/quic-go/quic-go/issues/4032">#4032</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.5">https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="21609ddfef"><code>21609dd</code></a>
don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (<a
href="https://redirect.github.com/quic-go/quic-go/issues/4200">#4200</a>)</li>
<li><a
href="d7aa627ebd"><code>d7aa627</code></a>
limit the number of queued PATH_RESPONSE frames to 256 (<a
href="https://redirect.github.com/quic-go/quic-go/issues/4199">#4199</a>)</li>
<li><a
href="e2c360ceec"><code>e2c360c</code></a>
reassemble post-handshake TLS messages before passing them to crypto/tls
(<a
href="https://redirect.github.com/quic-go/quic-go/issues/4038">#4038</a>)</li>
<li><a
href="e9f7f460bc"><code>e9f7f46</code></a>
automatically set the tls.Config.ServerName if unset (<a
href="https://redirect.github.com/quic-go/quic-go/issues/4032">#4032</a>)</li>
<li><a
href="12d84c4196"><code>12d84c4</code></a>
handshake: use the correct hash function for TLS_AES_256_GCM_SHA384 (<a
href="https://redirect.github.com/quic-go/quic-go/issues/4031">#4031</a>)</li>
<li><a
href="b1635df2f5"><code>b1635df</code></a>
ignore QUICConn.SendSessionTicket error if session tickets are disabled
(<a
href="https://redirect.github.com/quic-go/quic-go/issues/4030">#4030</a>)</li>
<li>See full diff in <a
href="https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/quic-go/quic-go&package-manager=go_modules&previous-version=0.37.4&new-version=0.37.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-10 18:55:35 +01:00
dependabot[bot]
9a5a56718e
Bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#3290) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from
0.14.0 to 0.17.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9d2ee975ef"><code>9d2ee97</code></a>
ssh: implement strict KEX protocol changes</li>
<li><a
href="4e5a26183e"><code>4e5a261</code></a>
ssh: close net.Conn on all NewServerConn errors</li>
<li><a
href="152cdb1503"><code>152cdb1</code></a>
x509roots/fallback: update bundle</li>
<li><a
href="fdfe1f8531"><code>fdfe1f8</code></a>
ssh: defer channel window adjustment</li>
<li><a
href="b8ffc16e10"><code>b8ffc16</code></a>
blake2b: drop Go 1.6, Go 1.8 compatibility</li>
<li><a
href="7e6fbd82c8"><code>7e6fbd8</code></a>
ssh: wrap errors from client handshake</li>
<li><a
href="bda2f3f5cf"><code>bda2f3f</code></a>
argon2: avoid clobbering BP</li>
<li><a
href="325b735346"><code>325b735</code></a>
ssh/test: skip TestSSHCLIAuth on Windows</li>
<li><a
href="1eadac50a5"><code>1eadac5</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="b2d7c26edb"><code>b2d7c26</code></a>
ssh: add (*Client).DialContext method</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/crypto/compare/v0.14.0...v0.17.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/crypto&package-manager=go_modules&previous-version=0.14.0&new-version=0.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-19 08:39:22 +01:00
Till
f93d1c4790
Use AckExplicitPolicy instead of AckAllPolicy (#3288) 
Fixes https://github.com/matrix-org/dendrite/issues/3240 and potentially
a root cause for state resets.

While testing, I've had added some more debug logging:
```
time="2023-12-16T18:13:11.319458084Z" level=warning msg="already processed event" event_id="$qFYMl_F2vb1N0yxmvlFAMhqhGhLKq4kA-o_YCQKH7tQ" kind=KindNew times=2
time="2023-12-16T18:13:14.537389126Z" level=warning msg="already processed event" event_id="$EU-LTsKErT6Mt1k12-p_3xOHfiLaK6gtwVDlZ35lSuo" kind=KindNew times=5
time="2023-12-16T18:13:16.789551206Z" level=warning msg="already processed event" event_id="$dIPuAfTL5x0VyG873LKPslQeljCSxFT1WKxUtjIMUGE" kind=KindNew times=5
time="2023-12-16T18:13:17.383838767Z" level=warning msg="already processed event" event_id="$7noSZiCkzerpkz_UBO3iatpRnaOiPx-3IXc0GPDQVGE" kind=KindNew times=2
time="2023-12-16T18:13:22.091946597Z" level=warning msg="already processed event" event_id="$3Lvo3Wbi2ol9-nNbQ93N-E2MuGQCJZo5397KkFH-W6E" kind=KindNew times=1
time="2023-12-16T18:13:23.026417446Z" level=warning msg="already processed event" event_id="$lj1xS46zsLBCChhKOLJEG-bu7z-_pq9i_Y2DUIjzGy4" kind=KindNew times=4
```

So we did receive the same event over and over again. Given they are
`KindNew`, we don't short circuit if we already processed them, which
potentially caused the state to be calculated with a now wrong state
snapshot.

Also fixes the back pressure metric. We now correctly increment the
counter once we sent the message to NATS and decrement it once we
actually processed an event.
 2023-12-19 08:25:47 +01:00