Commit graph

491 commits

Author SHA1 Message Date
Till
ad22d950dd
Remove bimg thumbnailer (#3522)
As it is most likely not used anyway. (It's not the default)
2025-02-03 13:18:52 +01:00
dependabot[bot]
8872299b43
Bump golang.org/x/image from 0.18.0 to 0.23.0 (#3518)
Bumps [golang.org/x/image](https://github.com/golang/image) from 0.18.0
to 0.23.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="941f2100a0"><code>941f210</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="3724ab8af5"><code>3724ab8</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="ec562a8fd9"><code>ec562a8</code></a>
README: don't recommend go get</li>
<li><a
href="931781a504"><code>931781a</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="c82123aa13"><code>c82123a</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="59aa0406c4"><code>59aa040</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="8bfd4fda75"><code>8bfd4fd</code></a>
colornames: update link to SVG spec</li>
<li><a
href="bad7eb8559"><code>bad7eb8</code></a>
LICENSE: update per Google Legal</li>
<li><a
href="9abbe108cb"><code>9abbe10</code></a>
draw: avoid FMA (Fused Multiply Add)</li>
<li>See full diff in <a
href="https://github.com/golang/image/compare/v0.18.0...v0.23.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/image&package-manager=go_modules&previous-version=0.18.0&new-version=0.23.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-29 19:38:10 +01:00
dependabot[bot]
6be7249368
Bump github.com/Masterminds/semver/v3 from 3.1.1 to 3.3.1 (#3519)
Bumps
[github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver)
from 3.1.1 to 3.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/Masterminds/semver/releases">github.com/Masterminds/semver/v3's
releases</a>.</em></p>
<blockquote>
<h2>v3.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix for allowing some version that were invalid by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/253">Masterminds/semver#253</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/Masterminds/semver/compare/v3.3.0...v3.3.1">https://github.com/Masterminds/semver/compare/v3.3.0...v3.3.1</a></p>
<h2>v3.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix: bad package in README by <a
href="https://github.com/sdelicata"><code>@​sdelicata</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/226">Masterminds/semver#226</a></li>
<li>Updating the GitHub Actions and versions of Go used by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/229">Masterminds/semver#229</a></li>
<li>Fix spelling in README by <a
href="https://github.com/robinschneider"><code>@​robinschneider</code></a>
in <a
href="https://redirect.github.com/Masterminds/semver/pull/222">Masterminds/semver#222</a></li>
<li>Adding go build cache to fuzz output by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/232">Masterminds/semver#232</a></li>
<li>Add caching to fuzz testing by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/234">Masterminds/semver#234</a></li>
<li>updating github actions by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/235">Masterminds/semver#235</a></li>
<li>feat: nil version equality by <a
href="https://github.com/KnutZuidema"><code>@​KnutZuidema</code></a> in
<a
href="https://redirect.github.com/Masterminds/semver/pull/213">Masterminds/semver#213</a></li>
<li>add &gt;= and &lt;= by <a
href="https://github.com/grosser"><code>@​grosser</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/238">Masterminds/semver#238</a></li>
<li>doc: hyphen range constraint without whitespace by <a
href="https://github.com/johnnychen94"><code>@​johnnychen94</code></a>
in <a
href="https://redirect.github.com/Masterminds/semver/pull/216">Masterminds/semver#216</a></li>
<li>Removing reference to vert by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/245">Masterminds/semver#245</a></li>
<li>simplify StrictNewVersion by <a
href="https://github.com/grosser"><code>@​grosser</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/241">Masterminds/semver#241</a></li>
<li>Updating the testing version of Go used by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/246">Masterminds/semver#246</a></li>
<li>bumping min version in go.mod based on what's tested by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/248">Masterminds/semver#248</a></li>
<li>Updating changelog for 3.3.0 by <a
href="https://github.com/mattfarina"><code>@​mattfarina</code></a> in <a
href="https://redirect.github.com/Masterminds/semver/pull/249">Masterminds/semver#249</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/sdelicata"><code>@​sdelicata</code></a>
made their first contribution in <a
href="https://redirect.github.com/Masterminds/semver/pull/226">Masterminds/semver#226</a></li>
<li><a
href="https://github.com/robinschneider"><code>@​robinschneider</code></a>
made their first contribution in <a
href="https://redirect.github.com/Masterminds/semver/pull/222">Masterminds/semver#222</a></li>
<li><a
href="https://github.com/KnutZuidema"><code>@​KnutZuidema</code></a>
made their first contribution in <a
href="https://redirect.github.com/Masterminds/semver/pull/213">Masterminds/semver#213</a></li>
<li><a href="https://github.com/grosser"><code>@​grosser</code></a> made
their first contribution in <a
href="https://redirect.github.com/Masterminds/semver/pull/238">Masterminds/semver#238</a></li>
<li><a
href="https://github.com/johnnychen94"><code>@​johnnychen94</code></a>
made their first contribution in <a
href="https://redirect.github.com/Masterminds/semver/pull/216">Masterminds/semver#216</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0">https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0</a></p>
<h2>v3.2.1</h2>
<h3>Changed</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/198">#198</a>:
Improved testing around pre-release names</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/200">#200</a>:
Improved code scanning with addition of CodeQL</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/201">#201</a>:
Testing now includes Go 1.20. Go 1.17 has been dropped</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/202">#202</a>:
Migrated Fuzz testing to Go built-in Fuzzing. CI runs daily</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/203">#203</a>:
Docs updated for security details</li>
</ul>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/199">#199</a>:
Fixed issue with range transformations</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/Masterminds/semver/compare/v3.2.0...v3.2.1">https://github.com/Masterminds/semver/compare/v3.2.0...v3.2.1</a></p>
<h2>v3.2.0</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Masterminds/semver/blob/master/CHANGELOG.md">github.com/Masterminds/semver/v3's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>3.3.0 (2024-08-27)</h2>
<h3>Added</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/238">#238</a>:
Add LessThanEqual and GreaterThanEqual functions (thanks <a
href="https://github.com/grosser"><code>@​grosser</code></a>)</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/213">#213</a>:
nil version equality checking (thanks <a
href="https://github.com/KnutZuidema"><code>@​KnutZuidema</code></a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/241">#241</a>:
Simplify StrictNewVersion parsing (thanks <a
href="https://github.com/grosser"><code>@​grosser</code></a>)</li>
<li>Testing support up through Go 1.23</li>
<li>Minimum version set to 1.21 as this is what's tested now</li>
<li>Fuzz testing now supports caching</li>
</ul>
<h2>3.2.1 (2023-04-10)</h2>
<h3>Changed</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/198">#198</a>:
Improved testing around pre-release names</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/200">#200</a>:
Improved code scanning with addition of CodeQL</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/201">#201</a>:
Testing now includes Go 1.20. Go 1.17 has been dropped</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/202">#202</a>:
Migrated Fuzz testing to Go built-in Fuzzing. CI runs daily</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/203">#203</a>:
Docs updated for security details</li>
</ul>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/199">#199</a>:
Fixed issue with range transformations</li>
</ul>
<h2>3.2.0 (2022-11-28)</h2>
<h3>Added</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/190">#190</a>:
Added text marshaling and unmarshaling</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/167">#167</a>:
Added JSON marshalling for constraints (thanks <a
href="https://github.com/SimonTheLeg"><code>@​SimonTheLeg</code></a>)</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/173">#173</a>:
Implement encoding.TextMarshaler and encoding.TextUnmarshaler on Version
(thanks <a
href="https://github.com/MarkRosemaker"><code>@​MarkRosemaker</code></a>)</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/179">#179</a>:
Added New() version constructor (thanks <a
href="https://github.com/kazhuravlev"><code>@​kazhuravlev</code></a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/182">#182</a>/<a
href="https://redirect.github.com/Masterminds/semver/issues/183">#183</a>:
Updated CI testing setup</li>
</ul>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/186">#186</a>:
Fixing issue where validation of constraint section gave false
positives</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/176">#176</a>:
Fix constraints check with *-0 (thanks <a
href="https://github.com/mtt0"><code>@​mtt0</code></a>)</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/181">#181</a>:
Fixed Caret operator (^) gives unexpected results when the minor version
in constraint is 0 (thanks <a
href="https://github.com/arshchimni"><code>@​arshchimni</code></a>)</li>
<li><a
href="https://redirect.github.com/Masterminds/semver/issues/161">#161</a>:
Fixed godoc (thanks <a
href="https://github.com/afirth"><code>@​afirth</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1558ca3488"><code>1558ca3</code></a>
Merge pull request <a
href="https://redirect.github.com/Masterminds/semver/issues/253">#253</a>
from mattfarina/fix-bad-versions</li>
<li><a
href="252dd61dd3"><code>252dd61</code></a>
Fix for allowing some version that were invalid</li>
<li><a
href="e6e3d4d3cb"><code>e6e3d4d</code></a>
Merge pull request <a
href="https://redirect.github.com/Masterminds/semver/issues/249">#249</a>
from mattfarina/update-changelog-3.3.0</li>
<li><a
href="e80c4ea723"><code>e80c4ea</code></a>
Updating changelog for 3.3.0</li>
<li><a
href="80427ad56e"><code>80427ad</code></a>
Merge pull request <a
href="https://redirect.github.com/Masterminds/semver/issues/248">#248</a>
from mattfarina/bump-min-version</li>
<li><a
href="b610837227"><code>b610837</code></a>
bumping min version in go.mod based on what's tested</li>
<li><a
href="a4cccd8ea5"><code>a4cccd8</code></a>
Merge pull request <a
href="https://redirect.github.com/Masterminds/semver/issues/246">#246</a>
from mattfarina/bump-go-1.23</li>
<li><a
href="7c178cf0c6"><code>7c178cf</code></a>
Updating the testing version of Go used</li>
<li><a
href="29f94c1119"><code>29f94c1</code></a>
Merge pull request <a
href="https://redirect.github.com/Masterminds/semver/issues/241">#241</a>
from grosser/grosser/validate</li>
<li><a
href="2cf1b16b95"><code>2cf1b16</code></a>
Merge pull request <a
href="https://redirect.github.com/Masterminds/semver/issues/245">#245</a>
from mattfarina/remove-vert</li>
<li>Additional commits viewable in <a
href="https://github.com/Masterminds/semver/compare/v3.1.1...v3.3.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/Masterminds/semver/v3&package-manager=go_modules&previous-version=3.1.1&new-version=3.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-28 16:58:14 +00:00
dependabot[bot]
1b8b88cd3d
Bump github.com/yggdrasil-network/yggdrasil-go from 0.5.11 to 0.5.12 (#3505)
Bumps
[github.com/yggdrasil-network/yggdrasil-go](https://github.com/yggdrasil-network/yggdrasil-go)
from 0.5.11 to 0.5.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/yggdrasil-network/yggdrasil-go/releases">github.com/yggdrasil-network/yggdrasil-go's
releases</a>.</em></p>
<blockquote>
<h2>Version 0.5.12</h2>
<ul>
<li>Go 1.22 is now required to build Yggdrasil</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>latency_ms</code> field in the admin socket
<code>getPeers</code> response has been renamed to
<code>latency</code></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>A timing regression which causes a higher level of idle protocol
traffic on each peering has been fixed</li>
<li>The <code>-user</code> flag now correctly detects an empty
user/group specification</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/yggdrasil-network/yggdrasil-go/blob/develop/CHANGELOG.md">github.com/yggdrasil-network/yggdrasil-go's
changelog</a>.</em></p>
<blockquote>
<h2>[0.5.12] - 2024-12-18</h2>
<ul>
<li>Go 1.22 is now required to build Yggdrasil</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>latency_ms</code> field in the admin socket
<code>getPeers</code> response has been renamed to
<code>latency</code></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>A timing regression which causes a higher level of idle protocol
traffic on each peering has been fixed</li>
<li>The <code>-user</code> flag now correctly detects an empty
user/group specification</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="213f72b840"><code>213f72b</code></a>
Yggdrasil 0.5.12</li>
<li><a
href="1fbcf3b3c2"><code>1fbcf3b</code></a>
Rename <code>latency_ms</code> to <code>latency</code> in
<code>getPeers</code> response since it isn't even m...</li>
<li><a
href="22bc9c44e2"><code>22bc9c4</code></a>
genkeys print the number of generated keys (<a
href="https://redirect.github.com/yggdrasil-network/yggdrasil-go/issues/1217">#1217</a>)</li>
<li><a
href="9c73bacab9"><code>9c73bac</code></a>
Update to Go 1.22, quic-go/quic-go@v0.48.2 (<a
href="https://redirect.github.com/yggdrasil-network/yggdrasil-go/issues/1218">#1218</a>)</li>
<li><a
href="04be129878"><code>04be129</code></a>
Update to Arceliar/ironwood@743fe2f</li>
<li><a
href="657f7e0db3"><code>657f7e0</code></a>
Fix empty user/group detection on <code>chuser</code></li>
<li>See full diff in <a
href="https://github.com/yggdrasil-network/yggdrasil-go/compare/v0.5.11...v0.5.12">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/yggdrasil-network/yggdrasil-go&package-manager=go_modules&previous-version=0.5.11&new-version=0.5.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>
2025-01-24 20:48:47 +00:00
dependabot[bot]
f43a426b78
Bump github.com/blevesearch/bleve/v2 from 2.4.0 to 2.4.4 (#3506)
Bumps
[github.com/blevesearch/bleve/v2](https://github.com/blevesearch/bleve)
from 2.4.0 to 2.4.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/blevesearch/bleve/releases">github.com/blevesearch/bleve/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.4</h2>
<h5>Bug Fixes</h5>
<ul>
<li>Identified root cause for <a
href="https://redirect.github.com/blevesearch/bleve/issues/1662">blevesearch/bleve#1662</a>
to be recycling of TermFieldReaders that was causing illegal/incorrect
access of several in-memory structures in certain scenarios. We've gone
ahead and disabled this feature with <a
href="https://redirect.github.com/blevesearch/bleve/pull/2117">blevesearch/bleve#2117</a>
+ <a
href="https://redirect.github.com/blevesearch/bleve/pull/2121">blevesearch/bleve#2121</a>
. Will work towards re-enabling in the near future once we've ironed out
the several associated wrinkles.</li>
<li>Introduced a guard rail with <a
href="https://redirect.github.com/blevesearch/zapx/pull/282">blevesearch/zapx#282</a>
while performing vector search queries with pre-filtering to avoid
hitting a panic when qualified docs do not hold valid vector
fields.</li>
<li>Fixed an issue while applying <code>ivf_max_codes_pct</code> in
vector search requests involving pre-filtering which can cause reduction
in recall - <a
href="https://redirect.github.com/blevesearch/go-faiss/pull/40">blevesearch/go-faiss#40</a></li>
</ul>
<p>Vector search continues to require same version of <code>faiss</code>
dynamic library (as with <a
href="https://github.com/blevesearch/bleve/releases/tag/v2.4.3">v2.4.3</a>)
to be built from <a
href="b747c55a93">blevesearch/faiss@b747c55a</a>
which is a modified version of <a
href="https://github.com/facebookresearch/faiss/releases/tag/v1.8.0">v1.8.0</a></p>
<h5>Milestone</h5>
<ul>
<li><a
href="https://github.com/blevesearch/bleve/milestone/25">v2.4.4</a></li>
</ul>
<h2>v2.4.3</h2>
<h5>Bug Fixes</h5>
<ul>
<li>Address a corner case with <code>ivf_nprobe_pct</code> query
parameter (<a
href="https://redirect.github.com/blevesearch/go-faiss/pull/34">blevesearch/go-faiss#34</a>)</li>
<li>Several guard rails put in place to avoid array-out-of-bounds-access
and divide-by-zero errors: (<a
href="https://redirect.github.com/blevesearch/zapx/pull/263">blevesearch/zapx#263</a>,
<a
href="https://redirect.github.com/blevesearch/zapx/pull/270">blevesearch/zapx#270</a>,
<a
href="https://redirect.github.com/blevesearch/zapx/pull/271">blevesearch/zapx#271</a>,
<a
href="https://redirect.github.com/blevesearch/zapx/pull/273">blevesearch/zapx#273</a>)
to overcome <a
href="https://redirect.github.com/blevesearch/bleve/issues/1662">blevesearch/bleve#1662</a></li>
<li>Handling early exits/optimization for boolean queries (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2065">blevesearch/bleve#2065</a>)</li>
</ul>
<h5>Improvements</h5>
<ul>
<li>Vector search requires <code>faiss</code> dynamic library to be
built from <a
href="b747c55a93">blevesearch/faiss@b747c55a</a>
which is a modified version of <a
href="https://github.com/facebookresearch/faiss/releases/tag/v1.8.0">v1.8.0</a></li>
<li>Support for cosine similarity distance metric to normalize vectors
before indexing/querying for nearest neighbor search (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2051">blevesearch/bleve#2051</a>)</li>
<li>Support for <a
href="https://github.com/blevesearch/bleve/blob/v2.4.3/docs/vectors.md#querying-with-filters-v243">selectivity
filters</a> as a pre-cursor to vector search (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2063">blevesearch/bleve#2063</a>)</li>
</ul>
<h5>Milestone</h5>
<ul>
<li><a
href="https://github.com/blevesearch/bleve/milestone/23">v2.4.3</a></li>
</ul>
<h2>v2.4.2</h2>
<h5>Bug Fixes</h5>
<ul>
<li>Set <code>MaxSegmentFileSize</code> for force merge when
<code>SingleSegmentMergePlanOptions</code> goes into use (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2050">#2050</a>)</li>
<li>Protect code against any bolt failures (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2043">#2043</a>)</li>
<li>Fix size estimation for various field types (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2052">#2052</a>)</li>
<li>Address an out-of-bounds panic that could occur with zapx/v16 in the
event of a single non-vector field (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2058">#2058</a>)
<ul>
<li><a
href="https://redirect.github.com/blevesearch/zapx/pull/252">blevesearch/zapx#252</a></li>
</ul>
</li>
</ul>
<h5>Improvements</h5>
<ul>
<li>Support new search params for vector search queries -
[<code>ivf_probe_pct</code>, <code>ivf_max_codes_pct</code>] (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2049">#2049</a>)</li>
</ul>
<h5>Milestone</h5>
<ul>
<li><a
href="https://github.com/blevesearch/bleve/milestone/22">v2.4.2</a></li>
</ul>
<h2>v2.4.1</h2>
<h5>Bug Fixes</h5>
<ul>
<li>Addressed a bug where <code>ClientContextID</code> was missing from
SearchRequest when library used with <code>vectors</code> (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2014">blevesearch/bleve#2014</a>)</li>
<li>Fix to a memory leak in vector query path (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2023">blevesearch/bleve#2023</a>)</li>
<li>Fix to issue <a
href="https://redirect.github.com/blevesearch/bleve/issues/2027">blevesearch/bleve#2027</a>,
error in parsing a certain datetime syntax (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2030">blevesearch/bleve#2030</a>)</li>
<li>Fix that mitigates a race between persister's stale segment removal
and index copy operations (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2032">blevesearch/bleve#2032</a>)</li>
<li>Nested field mapping determination was broken (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2031">blevesearch/bleve#2031</a>)</li>
</ul>
<h5>Improvements</h5>
<ul>
<li>Vector search requires the <em>faiss</em> dynamic library to be
built from <a
href="d9db66a385">blevesearch/faiss@d9db66a</a></li>
<li>Support for new data type - <code>vector_base64</code> which allows
for interpreting vector float32s encoded as base64 following
littleEndian byte ordering (<a
href="https://redirect.github.com/blevesearch/bleve/pull/2012">blevesearch/bleve#2012</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="137a21665e"><code>137a216</code></a>
MB-64513: Upgrade blevesearch/go-faiss, zapx/v16 for fix (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2123">#2123</a>)</li>
<li><a
href="5c53634221"><code>5c53634</code></a>
MB-64604: Remove unnecessary second map lookup (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2121">#2121</a>)</li>
<li><a
href="78cf78999e"><code>78cf789</code></a>
MB-64604: Fix interpreting scorch config:
&quot;fieldTFRCacheThreshold&quot; (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2117">#2117</a>)</li>
<li><a
href="7d627b9f2d"><code>7d627b9</code></a>
MB-64360 - Upgrade zapx v16 (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2107">#2107</a>)</li>
<li><a
href="e72f7c2f22"><code>e72f7c2</code></a>
MB-62230 - Pre-filtering Optimisation (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2098">#2098</a>)</li>
<li><a
href="902051d4d4"><code>902051d</code></a>
MB-62230, MB-63992: Upgrade zapx/v16 (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2095">#2095</a>)</li>
<li><a
href="cb1810f0d3"><code>cb1810f</code></a>
MB-63334: Fix race condition in NormalizeVector (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2094">#2094</a>)</li>
<li><a
href="bed244cefd"><code>bed244c</code></a>
MB-57871: Upgrade zapx v15 and v16 (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2092">#2092</a>)</li>
<li><a
href="ab10172e2c"><code>ab10172</code></a>
MB-57871, MB-62230: Upgrade to zapx/v16@v16.1.7 + go-faiss@v1.0.23 (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2088">#2088</a>)</li>
<li><a
href="02d37a4fbc"><code>02d37a4</code></a>
MB-57871: Upgrade zapx/v16 and zapx/v15 for fixes (<a
href="https://redirect.github.com/blevesearch/bleve/issues/2091">#2091</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/blevesearch/bleve/compare/v2.4.0...v2.4.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/blevesearch/bleve/v2&package-manager=go_modules&previous-version=2.4.0&new-version=2.4.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>
2025-01-24 19:10:21 +00:00
Neil
48fb3b923f
Update NATS to 2.10.25 (#3514)
Signed-off-by: Neil Alexander <git@neilalexander.dev>

Signed-off-by: Neil Alexander <git@neilalexander.dev>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>
2025-01-24 18:37:39 +00:00
Neil
f4506a0d82
Refactor some JetStream helper code, add support for specifying JetStream domain (#3485)
This should gracefully handle some more potential errors that the
consumer fetches can return with retries, as well as setting some client
settings for reconnects etc when using an external NATS Server.

Also allow specifying the JetStream domain in case of a leafnode
scenario and better manage client reuse across Dendrite. And also update
NATS Server to 2.10.24 for good measure.

This code is backported from Harmony.

Signed-off-by: Neil Alexander <git@neilalexander.dev>

---------

Signed-off-by: Neil Alexander <git@neilalexander.dev>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
Co-authored-by: Till <2353100+S7evinK@users.noreply.github.com>
2025-01-19 09:09:58 +00:00
dependabot[bot]
9de3e84fff
Bump gotest.tools/v3 from 3.4.0 to 3.5.1 (#3478)
Bumps [gotest.tools/v3](https://github.com/gotestyourself/gotest.tools)
from 3.4.0 to 3.5.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gotestyourself/gotest.tools/releases">gotest.tools/v3's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Make assert and golden packages compatible with other golden
packages by <a
href="https://github.com/dnephin"><code>@​dnephin</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/271">gotestyourself/gotest.tools#271</a></li>
<li>Also remove cr from file by <a
href="https://github.com/filintod"><code>@​filintod</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/273">gotestyourself/gotest.tools#273</a></li>
<li>fs: add go doc links by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/275">gotestyourself/gotest.tools#275</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/filintod"><code>@​filintod</code></a>
made their first contribution in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/273">gotestyourself/gotest.tools#273</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gotestyourself/gotest.tools/compare/v3.5.0...v3.5.1">https://github.com/gotestyourself/gotest.tools/compare/v3.5.0...v3.5.1</a></p>
<h2>v3.5.0</h2>
<h2>What's Changed</h2>
<ul>
<li>go.mod: update dependencies and go version by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/248">gotestyourself/gotest.tools#248</a></li>
<li>Use Go1.20 by <a
href="https://github.com/dnephin"><code>@​dnephin</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/252">gotestyourself/gotest.tools#252</a></li>
<li>Fix couple of typos by <a
href="https://github.com/wallyqs"><code>@​wallyqs</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/253">gotestyourself/gotest.tools#253</a></li>
<li>Added WithStdout and WithStderr helpers by <a
href="https://github.com/ericfialkowski"><code>@​ericfialkowski</code></a>
in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/258">gotestyourself/gotest.tools#258</a></li>
<li>Moved cmdOperators handling from RunCmd to StartCmd by <a
href="https://github.com/ericfialkowski"><code>@​ericfialkowski</code></a>
in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/259">gotestyourself/gotest.tools#259</a></li>
<li>Deprecate assert.ErrorType by <a
href="https://github.com/dnephin"><code>@​dnephin</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/254">gotestyourself/gotest.tools#254</a></li>
<li>Remove outdated Dockerfile by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/261">gotestyourself/gotest.tools#261</a></li>
<li>env: add godoc links by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/263">gotestyourself/gotest.tools#263</a></li>
<li>poll: add godoc links by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/264">gotestyourself/gotest.tools#264</a></li>
<li>doc: add godoc links by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/262">gotestyourself/gotest.tools#262</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/wallyqs"><code>@​wallyqs</code></a> made
their first contribution in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/253">gotestyourself/gotest.tools#253</a></li>
<li><a
href="https://github.com/ericfialkowski"><code>@​ericfialkowski</code></a>
made their first contribution in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/258">gotestyourself/gotest.tools#258</a></li>
<li><a href="https://github.com/dolmen"><code>@​dolmen</code></a> made
their first contribution in <a
href="https://redirect.github.com/gotestyourself/gotest.tools/pull/261">gotestyourself/gotest.tools#261</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gotestyourself/gotest.tools/compare/v3.4.0...v3.5.0">https://github.com/gotestyourself/gotest.tools/compare/v3.4.0...v3.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="81cea1abc5"><code>81cea1a</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/275">#275</a>
from gotestyourself/fs-add-godoc-links</li>
<li><a
href="9af8f4ed6e"><code>9af8f4e</code></a>
fs: add go doc links</li>
<li><a
href="2891300d35"><code>2891300</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/273">#273</a>
from filintod/also-remove-cr-from-file</li>
<li><a
href="4ed73505b6"><code>4ed7350</code></a>
fix lint line length</li>
<li><a
href="7306428575"><code>7306428</code></a>
rebase/fix only doc</li>
<li><a
href="e15fa271c8"><code>e15fa27</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/271">#271</a>
from dnephin/gate-update-flag</li>
<li><a
href="56c31231b2"><code>56c3123</code></a>
Make assert and golden compatible with other golden packages</li>
<li><a
href="a80f057529"><code>a80f057</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/262">#262</a>
from dolmen-go/add-godoc-links</li>
<li><a
href="684bd43c42"><code>684bd43</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/264">#264</a>
from dolmen-go/poll-add-godoc-links</li>
<li><a
href="e2be4be0f7"><code>e2be4be</code></a>
Merge pull request <a
href="https://redirect.github.com/gotestyourself/gotest.tools/issues/263">#263</a>
from dolmen-go/env-add-godoc-links</li>
<li>Additional commits viewable in <a
href="https://github.com/gotestyourself/gotest.tools/compare/v3.4.0...v3.5.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gotest.tools/v3&package-manager=go_modules&previous-version=3.4.0&new-version=3.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

[skip CI]
2025-01-19 09:35:22 +01:00
dependabot[bot]
3e6835f073
Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.5 (#3495)
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[github.com/prometheus/client_golang](https://github.com/prometheus/client_golang)
from 1.19.1 to 1.20.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/prometheus/client_golang/releases">github.com/prometheus/client_golang's
releases</a>.</em></p>
<blockquote>
<h2>v1.20.5 / 2024-10-15</h2>
<p>We decided to revert <a
href="https://redirect.github.com/prometheus/client_golang/pull/1424">the
<code>testutil</code> change</a> that made our util functions less
error-prone, but created a lot of work for our downstream users.
Apologies for the pain! This revert should not cause any major breaking
change, even if you already did the work--unless you depend on the <a
href="https://redirect.github.com/grafana/mimir/pull/9624#issuecomment-2413401565">exact
error message</a>.</p>
<p>Going forward, we plan to reinforce our release testing strategy <a
href="https://redirect.github.com/prometheus/client_golang/issues/1646">[1]</a>,<a
href="https://redirect.github.com/prometheus/client_golang/issues/1648">[2]</a>
and deliver an enhanced <a
href="https://redirect.github.com/prometheus/client_golang/issues/1639"><code>testutil</code>
package/module</a> with more flexible and safer APIs.</p>
<p>Thanks to <a
href="https://github.com/dashpole"><code>@​dashpole</code></a> <a
href="https://github.com/dgrisonnet"><code>@​dgrisonnet</code></a> <a
href="https://github.com/kakkoyun"><code>@​kakkoyun</code></a> <a
href="https://github.com/ArthurSens"><code>@​ArthurSens</code></a> <a
href="https://github.com/vesari"><code>@​vesari</code></a> <a
href="https://github.com/logicalhan"><code>@​logicalhan</code></a> <a
href="https://github.com/krajorama"><code>@​krajorama</code></a> <a
href="https://github.com/bwplotka"><code>@​bwplotka</code></a> who
helped in this patch release! 🤗</p>
<h3>Changelog</h3>
<p>[BUGFIX] testutil: Reverted <a
href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a>;
functions using compareMetricFamilies are (again) only failing if
filtered metricNames are in the expected input. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1645">#1645</a></p>
<h2>v1.20.4</h2>
<ul>
<li>[BUGFIX] histograms: Fix a possible data race when appending
exemplars vs metrics gather. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1623">#1623</a></li>
</ul>
<h2>v1.20.3</h2>
<ul>
<li>[BUGFIX] histograms: Fix possible data race when appending
exemplars. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1608">#1608</a></li>
</ul>
<h2>v1.20.2</h2>
<ul>
<li>[BUGFIX] promhttp: Unset Content-Encoding header when data is
uncompressed. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1596">#1596</a></li>
</ul>
<h2>v1.20.1</h2>
<p>This release contains the critical fix for the <a
href="https://redirect.github.com/prometheus/client_golang/issues/1584">issue</a>.
Thanks to <a href="https://github.com/geberl"><code>@​geberl</code></a>,
<a
href="https://github.com/CubicrootXYZ"><code>@​CubicrootXYZ</code></a>,
<a href="https://github.com/zetaab"><code>@​zetaab</code></a> and <a
href="https://github.com/timofurrer"><code>@​timofurrer</code></a> for
helping us with the investigation!</p>
<ul>
<li>[BUGFIX] process-collector: Fixed unregistered descriptor error when
using process collector with PedanticRegistry on Linux machines. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1587">#1587</a></li>
</ul>
<h2>v1.20.0</h2>
<p>Thanks everyone for contributions!</p>
<p>⚠️ In this release we remove one (broken anyway, given Go
runtime changes) metric and add three new (representing GOGC, GOMEMLIMIT
and GOMAXPROCS flags) to the default
<code>collectors.NewGoCollector()</code> collector. Given its popular
usage, expect your binary to expose two additional metric.</p>
<h2>Changes</h2>
<ul>
<li>[CHANGE] ⚠️ go-collector: Remove
<code>go_memstat_lookups_total</code> metric which was always 0; Go
runtime stopped sharing pointer lookup statistics. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1577">#1577</a></li>
<li>[FEATURE] ⚠️ go-collector: Add 3 default metrics:
<code>go_gc_gogc_percent</code>, <code>go_gc_gomemlimit_bytes</code> and
<code>go_sched_gomaxprocs_threads</code> as those are recommended by the
Go team. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1559">#1559</a></li>
<li>[FEATURE] go-collector: Add more information to all metrics' HELP
e.g. the exact <code>runtime/metrics</code> sourcing each metric (if
relevant). <a
href="https://redirect.github.com/prometheus/client_golang/issues/1568">#1568</a>
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1578">#1578</a></li>
<li>[FEATURE] testutil: Add CollectAndFormat method. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1503">#1503</a></li>
<li>[FEATURE] histograms: Add support for exemplars in native
histograms. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1471">#1471</a></li>
<li>[FEATURE] promhttp: Add experimental support for <code>zstd</code>
on scrape, controlled by the request <code>Accept-Encoding</code>
header. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1496">#1496</a></li>
<li>[FEATURE] api/v1: Add <code>WithLimit</code> parameter to all API
methods that supports it. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1544">#1544</a></li>
<li>[FEATURE] prometheus: Add support for created timestamps in constant
histograms and constant summaries. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1537">#1537</a></li>
<li>[FEATURE] process-collectors: Add network usage metrics:
<code>process_network_receive_bytes_total</code> and
<code>process_network_transmit_bytes_total</code>. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1555">#1555</a></li>
<li>[FEATURE] promlint: Add duplicated metric lint rule. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1472">#1472</a></li>
<li>[BUGFIX] promlint: Relax metric type in name linter rule. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1455">#1455</a></li>
<li>[BUGFIX] promhttp: Make sure server
instrumentation wrapping supports new and future extra responseWriter
methods. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1480">#1480</a></li>
<li>[BUGFIX] testutil: Functions using compareMetricFamilies are now
failing if filtered metricNames are not in the input. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a></li>
</ul>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md">github.com/prometheus/client_golang's
changelog</a>.</em></p>
<blockquote>
<h2>1.20.5 / 2024-10-15</h2>
<ul>
<li>[BUGFIX] testutil: Reverted <a
href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a>;
functions using compareMetricFamilies are (again) only failing if
filtered metricNames are in the expected input.</li>
</ul>
<h2>1.20.4 / 2024-09-07</h2>
<ul>
<li>[BUGFIX] histograms: Fix possible data race when appending exemplars
vs metrics gather. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1623">#1623</a></li>
</ul>
<h2>1.20.3 / 2024-09-05</h2>
<ul>
<li>[BUGFIX] histograms: Fix possible data race when appending
exemplars. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1608">#1608</a></li>
</ul>
<h2>1.20.2 / 2024-08-23</h2>
<ul>
<li>[BUGFIX] promhttp: Unset Content-Encoding header when data is
uncompressed. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1596">#1596</a></li>
</ul>
<h2>1.20.1 / 2024-08-20</h2>
<ul>
<li>[BUGFIX] process-collector: Fixed unregistered descriptor error when
using process collector with <code>PedanticRegistry</code> on linux
machines. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1587">#1587</a></li>
</ul>
<h2>1.20.0 / 2024-08-14</h2>
<ul>
<li>[CHANGE] ⚠️ go-collector: Remove
<code>go_memstat_lookups_total</code> metric which was always 0; Go
runtime stopped sharing pointer lookup statistics. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1577">#1577</a></li>
<li>[FEATURE] ⚠️ go-collector: Add 3 default metrics:
<code>go_gc_gogc_percent</code>, <code>go_gc_gomemlimit_bytes</code> and
<code>go_sched_gomaxprocs_threads</code> as those are recommended by the
Go team. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1559">#1559</a></li>
<li>[FEATURE] go-collector: Add more information to all metrics' HELP
e.g. the exact <code>runtime/metrics</code> sourcing each metric (if
relevant). <a
href="https://redirect.github.com/prometheus/client_golang/issues/1568">#1568</a>
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1578">#1578</a></li>
<li>[FEATURE] testutil: Add CollectAndFormat method. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1503">#1503</a></li>
<li>[FEATURE] histograms: Add support for exemplars in native
histograms. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1471">#1471</a></li>
<li>[FEATURE] promhttp: Add experimental support for <code>zstd</code>
on scrape, controlled by the request <code>Accept-Encoding</code>
header. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1496">#1496</a></li>
<li>[FEATURE] api/v1: Add <code>WithLimit</code> parameter to all API
methods that supports it. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1544">#1544</a></li>
<li>[FEATURE] prometheus: Add support for created timestamps in constant
histograms and constant summaries. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1537">#1537</a></li>
<li>[FEATURE] process-collector: Add network usage metrics:
<code>process_network_receive_bytes_total</code> and
<code>process_network_transmit_bytes_total</code>. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1555">#1555</a></li>
<li>[FEATURE] promlint: Add duplicated metric lint rule. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1472">#1472</a></li>
<li>[BUGFIX] promlint: Relax metric type in name linter rule. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1455">#1455</a></li>
<li>[BUGFIX] promhttp: Make sure server instrumentation wrapping
supports new and future extra responseWriter methods. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1480">#1480</a></li>
<li>[BUGFIX] <strong>breaking</strong> testutil: Functions using
compareMetricFamilies are now failing if filtered metricNames are not in
the input. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a>
(reverted in 1.20.5)</li>
</ul>
<h2>1.19.0 / 2024-02-27</h2>
<p>The module <code>prometheus/common v0.48.0</code> introduced an
incompatibility when used together with client_golang (See <a
href="https://redirect.github.com/prometheus/client_golang/pull/1448">prometheus/client_golang#1448</a>
for more details). If your project uses client_golang and you want to
use <code>prometheus/common v0.48.0</code> or higher, please update
client_golang to v1.19.0.</p>
<ul>
<li>[CHANGE] Minimum required go version is now 1.20 (we also test
client_golang against new 1.22 version). <a
href="https://redirect.github.com/prometheus/client_golang/issues/1445">#1445</a>
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1449">#1449</a></li>
<li>[FEATURE] collectors: Add version collector. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1422">#1422</a>
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1427">#1427</a></li>
</ul>
<h2>1.18.0 / 2023-12-22</h2>
<ul>
<li>[FEATURE] promlint: Allow creation of custom metric validations. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1311">#1311</a></li>
<li>[FEATURE] Go programs using client_golang can be built in wasip1 OS.
<a
href="https://redirect.github.com/prometheus/client_golang/issues/1350">#1350</a></li>
<li>[BUGFIX] histograms: Add timer to reset ASAP after bucket limiting
has happened. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1367">#1367</a></li>
<li>[BUGFIX] testutil: Fix comparison of metrics with empty Help
strings. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1378">#1378</a></li>
<li>[ENHANCEMENT] Improved performance of
<code>MetricVec.WithLabelValues(...)</code>. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1360">#1360</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="48e12a1855"><code>48e12a1</code></a>
Merge pull request <a
href="https://redirect.github.com/prometheus/client_golang/issues/1645">#1645</a>
from prometheus/cut-1204-pr1424</li>
<li><a
href="504ad9bf5c"><code>504ad9b</code></a>
Cut 1.20.5; update comments.</li>
<li><a
href="584a7ce3d9"><code>584a7ce</code></a>
Revert &quot;testutil compareMetricFamilies: make less error-prone (<a
href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a>)&quot;</li>
<li><a
href="05fcde9fe4"><code>05fcde9</code></a>
Merge pull request <a
href="https://redirect.github.com/prometheus/client_golang/issues/1623">#1623</a>
from krajorama/data-race-in-histogram-write</li>
<li><a
href="209f4c041e"><code>209f4c0</code></a>
Add changelog</li>
<li><a
href="1e398ccb12"><code>1e398cc</code></a>
native histogram: Fix race between Write and addExemplar</li>
<li><a
href="ef2f87ea98"><code>ef2f87e</code></a>
Merge pull request <a
href="https://redirect.github.com/prometheus/client_golang/issues/1620">#1620</a>
from prometheus/arthursens/prepare-1.20.3</li>
<li><a
href="937ac63d3d"><code>937ac63</code></a>
Add changelog entry for 1.20.3</li>
<li><a
href="6e9914db5a"><code>6e9914d</code></a>
Merge pull request <a
href="https://redirect.github.com/prometheus/client_golang/issues/1608">#1608</a>
from krajorama/index-out-of-range-native-histogram-e...</li>
<li><a
href="d6b8c8925b"><code>d6b8c89</code></a>
Update comments with more explanations</li>
<li>Additional commits viewable in <a
href="https://github.com/prometheus/client_golang/compare/v1.19.1...v1.20.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/prometheus/client_golang&package-manager=go_modules&previous-version=1.19.1&new-version=1.20.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

[skip CI]
2025-01-19 09:30:45 +01:00
dependabot[bot]
60442bd059
Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#3479)
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify)
from 1.9.0 to 1.10.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stretchr/testify/releases">github.com/stretchr/testify's
releases</a>.</em></p>
<blockquote>
<h2>v1.10.0</h2>
<h2>What's Changed</h2>
<h3>Functional Changes</h3>
<ul>
<li>Add PanicAssertionFunc by <a
href="https://github.com/fahimbagar"><code>@​fahimbagar</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1337">stretchr/testify#1337</a></li>
<li>assert: deprecate CompareType by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1566">stretchr/testify#1566</a></li>
<li>assert: make YAML dependency pluggable via build tags by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1579">stretchr/testify#1579</a></li>
<li>assert: new assertion NotElementsMatch by <a
href="https://github.com/hendrywiranto"><code>@​hendrywiranto</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1600">stretchr/testify#1600</a></li>
<li>mock: in order mock calls by <a
href="https://github.com/ReyOrtiz"><code>@​ReyOrtiz</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1637">stretchr/testify#1637</a></li>
<li>Add assertion for NotErrorAs by <a
href="https://github.com/palsivertsen"><code>@​palsivertsen</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1129">stretchr/testify#1129</a></li>
<li>Record Return Arguments of a Call by <a
href="https://github.com/jayd3e"><code>@​jayd3e</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1636">stretchr/testify#1636</a></li>
<li>assert.EqualExportedValues: accepts everything by <a
href="https://github.com/redachl"><code>@​redachl</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1586">stretchr/testify#1586</a></li>
</ul>
<h3>Fixes</h3>
<ul>
<li>assert: make tHelper a type alias by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1562">stretchr/testify#1562</a></li>
<li>Do not get argument again unnecessarily in Arguments.Error() by <a
href="https://github.com/TomWright"><code>@​TomWright</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/820">stretchr/testify#820</a></li>
<li>Fix time.Time compare by <a
href="https://github.com/myxo"><code>@​myxo</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1582">stretchr/testify#1582</a></li>
<li>assert.Regexp: handle []byte array properly by <a
href="https://github.com/kevinburkesegment"><code>@​kevinburkesegment</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1587">stretchr/testify#1587</a></li>
<li>assert: collect.FailNow() should not panic by <a
href="https://github.com/marshall-lee"><code>@​marshall-lee</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1481">stretchr/testify#1481</a></li>
<li>mock: simplify implementation of FunctionalOptions by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1571">stretchr/testify#1571</a></li>
<li>mock: caller information for unexpected method call by <a
href="https://github.com/spirin"><code>@​spirin</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1644">stretchr/testify#1644</a></li>
<li>suite: fix test failures by <a
href="https://github.com/stevenh"><code>@​stevenh</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1421">stretchr/testify#1421</a></li>
<li>Fix issue <a
href="https://redirect.github.com/stretchr/testify/issues/1662">#1662</a>
(comparing infs should fail) by <a
href="https://github.com/ybrustin"><code>@​ybrustin</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1663">stretchr/testify#1663</a></li>
<li>NotSame should fail if args are not pointers <a
href="https://redirect.github.com/stretchr/testify/issues/1661">#1661</a>
by <a href="https://github.com/sikehish"><code>@​sikehish</code></a> in
<a
href="https://redirect.github.com/stretchr/testify/pull/1664">stretchr/testify#1664</a></li>
<li>Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in
CI by <a href="https://github.com/sikehish"><code>@​sikehish</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1667">stretchr/testify#1667</a></li>
<li>fix: compare functional option names for indirect calls by <a
href="https://github.com/arjun-1"><code>@​arjun-1</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1626">stretchr/testify#1626</a></li>
</ul>
<h3>Documantation, Build &amp; CI</h3>
<ul>
<li>.gitignore: ignore &quot;go test -c&quot; binaries by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1565">stretchr/testify#1565</a></li>
<li>mock: improve doc by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1570">stretchr/testify#1570</a></li>
<li>mock: fix FunctionalOptions docs by <a
href="https://github.com/snirye"><code>@​snirye</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1433">stretchr/testify#1433</a></li>
<li>README: link out to the excellent testifylint by <a
href="https://github.com/brackendawson"><code>@​brackendawson</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1568">stretchr/testify#1568</a></li>
<li>assert: fix typo in comment by <a
href="https://github.com/JohnEndson"><code>@​JohnEndson</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1580">stretchr/testify#1580</a></li>
<li>Correct the EventuallyWithT and EventuallyWithTf example by <a
href="https://github.com/JonCrowther"><code>@​JonCrowther</code></a> in
<a
href="https://redirect.github.com/stretchr/testify/pull/1588">stretchr/testify#1588</a></li>
<li>CI: bump softprops/action-gh-release from 1 to 2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1575">stretchr/testify#1575</a></li>
<li>mock: document more alternatives to deprecated
AnythingOfTypeArgument by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1569">stretchr/testify#1569</a></li>
<li>assert: Correctly document EqualValues behavior by <a
href="https://github.com/brackendawson"><code>@​brackendawson</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1593">stretchr/testify#1593</a></li>
<li>fix: grammar in godoc by <a
href="https://github.com/miparnisari"><code>@​miparnisari</code></a> in
<a
href="https://redirect.github.com/stretchr/testify/pull/1607">stretchr/testify#1607</a></li>
<li>.github/workflows: Run tests for Go 1.22 by <a
href="https://github.com/HaraldNordgren"><code>@​HaraldNordgren</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1629">stretchr/testify#1629</a></li>
<li>Document suite's lack of support for t.Parallel by <a
href="https://github.com/brackendawson"><code>@​brackendawson</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1645">stretchr/testify#1645</a></li>
<li>assert: fix typos in comments by <a
href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1650">stretchr/testify#1650</a></li>
<li>mock: fix doc comment for NotBefore by <a
href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1651">stretchr/testify#1651</a></li>
<li>Generate better comments for require package by <a
href="https://github.com/Neokil"><code>@​Neokil</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1610">stretchr/testify#1610</a></li>
<li>README: replace Testify V2 notice with <a
href="https://github.com/dolmen"><code>@​dolmen</code></a>'s V2
manifesto by <a
href="https://github.com/hendrywiranto"><code>@​hendrywiranto</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1518">stretchr/testify#1518</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/fahimbagar"><code>@​fahimbagar</code></a> made
their first contribution in <a
href="https://redirect.github.com/stretchr/testify/pull/1337">stretchr/testify#1337</a></li>
<li><a href="https://github.com/TomWright"><code>@​TomWright</code></a>
made their first contribution in <a
href="https://redirect.github.com/stretchr/testify/pull/820">stretchr/testify#820</a></li>
<li><a href="https://github.com/snirye"><code>@​snirye</code></a> made
their first contribution in <a
href="https://redirect.github.com/stretchr/testify/pull/1433">stretchr/testify#1433</a></li>
<li><a href="https://github.com/myxo"><code>@​myxo</code></a> made their
first contribution in <a
href="https://redirect.github.com/stretchr/testify/pull/1582">stretchr/testify#1582</a></li>
<li><a
href="https://github.com/JohnEndson"><code>@​JohnEndson</code></a> made
their first contribution in <a
href="https://redirect.github.com/stretchr/testify/pull/1580">stretchr/testify#1580</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="89cbdd9e7b"><code>89cbdd9</code></a>
Merge pull request <a
href="https://redirect.github.com/stretchr/testify/issues/1626">#1626</a>
from arjun-1/fix-functional-options-diff-indirect-calls</li>
<li><a
href="07bac606be"><code>07bac60</code></a>
Merge pull request <a
href="https://redirect.github.com/stretchr/testify/issues/1667">#1667</a>
from sikehish/flaky</li>
<li><a
href="716de8dff4"><code>716de8d</code></a>
Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in
CI</li>
<li><a
href="118fb83466"><code>118fb83</code></a>
NotSame should fail if args are not pointers <a
href="https://redirect.github.com/stretchr/testify/issues/1661">#1661</a>
(<a
href="https://redirect.github.com/stretchr/testify/issues/1664">#1664</a>)</li>
<li><a
href="7d99b2b43d"><code>7d99b2b</code></a>
attempt 2</li>
<li><a
href="05f87c0160"><code>05f87c0</code></a>
more similar</li>
<li><a
href="ea7129e006"><code>ea7129e</code></a>
better fmt</li>
<li><a
href="a1b9c9efe3"><code>a1b9c9e</code></a>
Merge pull request <a
href="https://redirect.github.com/stretchr/testify/issues/1663">#1663</a>
from ybrustin/master</li>
<li><a
href="8302de98b1"><code>8302de9</code></a>
Merge branch 'master' into master</li>
<li><a
href="89352f7958"><code>89352f7</code></a>
Merge pull request <a
href="https://redirect.github.com/stretchr/testify/issues/1518">#1518</a>
from hendrywiranto/adjust-readme-remove-v2</li>
<li>Additional commits viewable in <a
href="https://github.com/stretchr/testify/compare/v1.9.0...v1.10.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/stretchr/testify&package-manager=go_modules&previous-version=1.9.0&new-version=1.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

[skip CI]
2025-01-19 09:29:00 +01:00
dependabot[bot]
a41f9cc154
Bump modernc.org/sqlite from 1.34.2 to 1.34.5 (#3500)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.34.2
to 1.34.5.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="15818ab7fe"><code>15818ab</code></a>
move the vendor tool into a separate module, updates gc#3</li>
<li><a
href="d3e8a664e8"><code>d3e8a66</code></a>
retract v1.34.3</li>
<li><a
href="1fcc86e9d6"><code>1fcc86e</code></a>
fix accidentaly broken openbsd/amd64 build</li>
<li><a
href="7f15e6eb45"><code>7f15e6e</code></a>
linux/arm64: patch libc bug at runtime, updates <a
href="https://gitlab.com/cznic/sqlite/issues/199">#199</a></li>
<li>See full diff in <a
href="https://gitlab.com/cznic/sqlite/compare/v1.34.2...v1.34.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=modernc.org/sqlite&package-manager=go_modules&previous-version=1.34.2&new-version=1.34.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-16 23:22:19 +01:00
dependabot[bot]
315269d8f9
Bump golang.org/x/net from 0.32.0 to 0.33.0 (#3499)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.32.0 to
0.33.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dfc720dfe0"><code>dfc720d</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="8e66b04771"><code>8e66b04</code></a>
html: use strings.EqualFold instead of lowering ourselves</li>
<li><a
href="b935f7b5d7"><code>b935f7b</code></a>
html: avoid endless loop on error token</li>
<li><a
href="9af49ef148"><code>9af49ef</code></a>
route: remove unused sizeof* consts</li>
<li><a
href="6705db9a4d"><code>6705db9</code></a>
quic: clean up crypto streams when dropping packet protection keys</li>
<li><a
href="4ef7588d2b"><code>4ef7588</code></a>
quic: handle ACK frame in packet which drops number space</li>
<li><a
href="552d8ac903"><code>552d8ac</code></a>
Revert &quot;route: change from syscall to x/sys/unix&quot;</li>
<li><a
href="13a7c0108b"><code>13a7c01</code></a>
Revert &quot;route: remove unused sizeof* consts on freebsd&quot;</li>
<li>See full diff in <a
href="https://github.com/golang/net/compare/v0.32.0...v0.33.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/net&package-manager=go_modules&previous-version=0.32.0&new-version=0.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/element-hq/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

[skip ci]
2025-01-16 23:21:53 +01:00
dependabot[bot]
2ab4219ffc
Bump github.com/nats-io/nats.go from 1.37.0 to 1.38.0 (#3481)
Bumps [github.com/nats-io/nats.go](https://github.com/nats-io/nats.go)
from 1.37.0 to 1.38.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nats-io/nats.go/releases">github.com/nats-io/nats.go's
releases</a>.</em></p>
<blockquote>
<h2>v1.38.0</h2>
<h2>Changelog</h2>
<h3>Added</h3>
<ul>
<li>Core NATS:
<ul>
<li>Added <code>UserInfoHandler</code> for dynamically setting
user/password (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1713">#1713</a>)</li>
<li>Added <code>PermissionErrOnSubscribe</code> option, causing
<code>SubscribeSync</code> to return
<code>nats.ErrPermissionViolation</code> on <code>NextMsg()</code> if
there was a permission error (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1728">#1728</a>)</li>
<li>Added <code>Msgs()</code> method on <code>Subscription</code>,
returning an iterator (<code>iter.Seq2[*nats.Msg, error]</code>) for the
subscription. This method is only available for go version &gt;=1.23 (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1728">#1728</a>)</li>
</ul>
</li>
<li>KeyValue:</li>
<li>Added <code>WatchFiltered</code> method to watch for updates with
multiple filters (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1739">#1739</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Core NATS:
<ul>
<li>Fixed closing connections on max subscriptions exceeded (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1709">#1709</a>)</li>
<li>Removed redundant nil checks. Thanks <a
href="https://github.com/ramonberrutti"><code>@​ramonberrutti</code></a>
for the contribution (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1751">#1751</a>)</li>
<li>Add missing nats prefix to error (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1753">#1753</a>)</li>
</ul>
</li>
<li>JetStream:
<ul>
<li>Fixed <code>PublishAsync</code> not closing done and stall channels
after failed retries (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1719">#1719</a>)</li>
<li>Set valid fetch sequence in ordered consumer's <code>Fetch()</code>
and <code>Next()</code> after timeout (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1705">#1705</a>)</li>
<li>Do not overwrite ordered consumer deliver policy if start time is
set (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1742">#1742</a>)</li>
<li>Fixed race condition in <code>MessageBatch</code> (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1743">#1743</a>)</li>
</ul>
</li>
<li>Legacy JetStream:
<ul>
<li>Fixed race condition in <code>MessageBatch</code> (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1743">#1743</a>)</li>
</ul>
</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Legacy Jetstream:
<ul>
<li>Added client retry for jetstream async publish old API. Thanks <a
href="https://github.com/pranavmehta94"><code>@​pranavmehta94</code></a>
for the contribution (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1695">#1695</a>)</li>
</ul>
</li>
</ul>
<h3>Improved</h3>
<ul>
<li>Moved CI to github actions (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1623">#1623</a>,
<a
href="https://redirect.github.com/nats-io/nats.go/issues/1716">#1716</a>)</li>
<li>Use errors.New instead of fmt.Errorf to improve efficiency. Thanks
<a href="https://github.com/canack"><code>@​canack</code></a> for the
contribution (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1707">#1707</a>)</li>
<li>Fixed invalid schemas in Service API documentation (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1720">#1720</a>)</li>
<li>Added mention of TTL reset in <code>kv.Update</code> method. Thanks
<a
href="https://github.com/fmontorsi-equinix"><code>@​fmontorsi-equinix</code></a>
for the contribution (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1727">#1727</a>)</li>
<li>Updated installation commands in <code>README.md</code> (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1745">#1745</a>)</li>
<li>Bump <code>nkeys</code> to v0.4.9 (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1750">#1750</a>)</li>
</ul>
<h3>Complete Changes</h3>
<p><a
href="https://github.com/nats-io/nats.go/compare/v1.37.0...v1.38.0">https://github.com/nats-io/nats.go/compare/v1.37.0...v1.38.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="48391f1b8b"><code>48391f1</code></a>
Release v1.38.0 (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1754">#1754</a>)</li>
<li><a
href="6f4e85afdb"><code>6f4e85a</code></a>
[FIXED] Add missing nats prefix to error (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1753">#1753</a>)</li>
<li><a
href="074c819479"><code>074c819</code></a>
[FIXED] twice respMap nil check (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1751">#1751</a>)</li>
<li><a
href="d6eaa84a03"><code>d6eaa84</code></a>
[ADDED] Creating iterators for sync subscriptions (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1728">#1728</a>)</li>
<li><a
href="6bc41598cc"><code>6bc4159</code></a>
[FIXED] Race in MessageBatch (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1743">#1743</a>)</li>
<li><a
href="d05f24af9e"><code>d05f24a</code></a>
Bump nkeys to 0.4.7 (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1750">#1750</a>)</li>
<li><a
href="01fafde033"><code>01fafde</code></a>
[IMPROVED] Update installation commands (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1745">#1745</a>)</li>
<li><a
href="f563c66855"><code>f563c66</code></a>
[FIXED] Do not overwrite ordered consumer deliver policy if start time
is set...</li>
<li><a
href="e963b776f2"><code>e963b77</code></a>
[ADDED] WatchFiltered method on KV (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1739">#1739</a>)</li>
<li><a
href="4530ef6abf"><code>4530ef6</code></a>
[FIXED] Invalid fetch sequence in ordered consumer Fetch and Next after
timeo...</li>
<li>Additional commits viewable in <a
href="https://github.com/nats-io/nats.go/compare/v1.37.0...v1.38.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/nats-io/nats.go&package-manager=go_modules&previous-version=1.37.0&new-version=1.38.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-16 22:59:19 +01:00
Travis Ralston
e9cc37ac52
Merge commit from fork
* Support configuring allow/deny networks

* Make the DNS cache aware of the allow/deny networks

* Allow all networks in CI

* Update GMSL

* Add missed file

---------

Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
2025-01-16 19:35:50 +01:00
dependabot[bot]
285d065e02
Bump nhooyr.io/websocket from 1.8.7 to 1.8.17 (#3456)
Bumps [nhooyr.io/websocket](https://github.com/nhooyr/websocket-old)
from 1.8.7 to 1.8.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nhooyr/websocket-old/releases">nhooyr.io/websocket's
releases</a>.</em></p>
<blockquote>
<h2>v1.8.17</h2>
<ul>
<li>This library is now deprecated. Please do not use this library any
longer at the <code>nhooyr.io/websocket</code> import path. It will not
receive any further updates.
Coder is now maintaining it at <a
href="https://github.com/coder/websocket">https://github.com/coder/websocket</a>
under the <code>github.com/coder/websocket</code> import path.</li>
</ul>
<h2>v1.8.16</h2>
<ul>
<li>Please do not use this library any longer at the
<code>nhooyr.io/websocket</code> import path as it is deprecated. It
will not receive any maintenance updates.
Coder is maintaining it now at <a
href="https://github.com/coder/websocket">https://github.com/coder/websocket</a>
under the <code>github.com/coder/websocket</code> import path.</li>
</ul>
<h2>v1.8.15</h2>
<ul>
<li>Please do not use this library any longer at the
<code>nhooyr.io/websocket</code> import path as it is deprecated. It
will not receive any maintenance updates.
Coder is maintaining it now at <a
href="https://github.com/coder/websocket">https://github.com/coder/websocket</a>
under the <code>github.com/coder/websocket</code> import path.</li>
</ul>
<h2>v1.8.14</h2>
<ul>
<li>Please do not use this library any longer at the
<code>nhooyr.io/websocket</code> import path as it is deprecated. It
will not receive any maintenance updates.
Coder is maintaining it now at <a
href="https://github.com/coder/websocket">https://github.com/coder/websocket</a>
under the <code>github.com/coder/websocket</code> import path.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/nhooyr/websocket-old/commits/v1.8.17">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nhooyr.io/websocket&package-manager=go_modules&previous-version=1.8.7&new-version=1.8.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
2024-12-18 08:01:41 +01:00
dependabot[bot]
97706ffa28
Bump github.com/gorilla/websocket from 1.5.0 to 1.5.3 (#3455)
Bumps
[github.com/gorilla/websocket](https://github.com/gorilla/websocket)
from 1.5.0 to 1.5.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gorilla/websocket/releases">github.com/gorilla/websocket's
releases</a>.</em></p>
<blockquote>
<h2>v1.5.3</h2>
<h2>Important change</h2>
<p>This reverts the websockets package back to <a
href="931041c5ee</a></p>
<h2>What's Changed</h2>
<ul>
<li>Fixes subprotocol selection (aling with rfc6455) by <a
href="https://github.com/KSDaemon"><code>@​KSDaemon</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/823">gorilla/websocket#823</a></li>
<li>Update README.md, replace master to main by <a
href="https://github.com/mstmdev"><code>@​mstmdev</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/862">gorilla/websocket#862</a></li>
<li>Use status code constant by <a
href="https://github.com/mstmdev"><code>@​mstmdev</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/864">gorilla/websocket#864</a></li>
<li>conn.go: default close handler should not return ErrCloseSent. by <a
href="https://github.com/pnx"><code>@​pnx</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/865">gorilla/websocket#865</a></li>
<li>fix: replace ioutil.readfile with os.readfile by <a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/868">gorilla/websocket#868</a></li>
<li>fix: add comment for the readBufferSize and writeBufferSize by <a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/869">gorilla/websocket#869</a></li>
<li>Remove noisy printf in NextReader() and beginMessage() by <a
href="https://github.com/bcreane"><code>@​bcreane</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/878">gorilla/websocket#878</a></li>
<li>docs(echoreadall): fix function echoReadAll comment by <a
href="https://github.com/XdpCs"><code>@​XdpCs</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/881">gorilla/websocket#881</a></li>
<li>make tests parallel by <a
href="https://github.com/ninedraft"><code>@​ninedraft</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/872">gorilla/websocket#872</a></li>
<li>Upgrader.Upgrade: use http.ResposnseController by <a
href="https://github.com/ninedraft"><code>@​ninedraft</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/871">gorilla/websocket#871</a></li>
<li>Do not handle network error in <code>SetCloseHandler()</code> by <a
href="https://github.com/nak3"><code>@​nak3</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/863">gorilla/websocket#863</a></li>
<li>perf: reduce timer in write_control by <a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/879">gorilla/websocket#879</a></li>
<li>fix: lint example code by <a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/890">gorilla/websocket#890</a></li>
<li>feat: format message type by <a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/889">gorilla/websocket#889</a></li>
<li>Remove hideTempErr to allow downstream users to check for errors
like net.ErrClosed by <a
href="https://github.com/UnAfraid"><code>@​UnAfraid</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/894">gorilla/websocket#894</a></li>
<li>Do not timeout when WriteControl deadline is zero in <a
href="https://redirect.github.com/gorilla/websocket/pull/898">gorilla/websocket#898</a></li>
<li>Excludes errchecks linter by <a
href="https://github.com/apoorvajagtap"><code>@​apoorvajagtap</code></a>
in <a
href="https://redirect.github.com/gorilla/websocket/pull/904">gorilla/websocket#904</a></li>
<li>Return errors instead of printing to logs by <a
href="https://github.com/apoorvajagtap"><code>@​apoorvajagtap</code></a>
in <a
href="https://redirect.github.com/gorilla/websocket/pull/897">gorilla/websocket#897</a></li>
<li>Revert &quot; Update go version &amp; add verification/testing tools
(<a
href="https://redirect.github.com/gorilla/websocket/issues/840">#840</a>)&quot;
by <a
href="https://github.com/apoorvajagtap"><code>@​apoorvajagtap</code></a>
in <a
href="https://redirect.github.com/gorilla/websocket/pull/908">gorilla/websocket#908</a></li>
<li>Fixes broken random value generation by <a
href="https://github.com/apoorvajagtap"><code>@​apoorvajagtap</code></a>
in <a
href="https://redirect.github.com/gorilla/websocket/pull/926">gorilla/websocket#926</a></li>
<li>Reverts back to v1.5.0 by <a
href="https://github.com/apoorvajagtap"><code>@​apoorvajagtap</code></a>
in <a
href="https://redirect.github.com/gorilla/websocket/pull/929">gorilla/websocket#929</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/KSDaemon"><code>@​KSDaemon</code></a>
made their first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/823">gorilla/websocket#823</a></li>
<li><a href="https://github.com/mstmdev"><code>@​mstmdev</code></a> made
their first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/862">gorilla/websocket#862</a></li>
<li><a href="https://github.com/pnx"><code>@​pnx</code></a> made their
first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/865">gorilla/websocket#865</a></li>
<li><a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> made
their first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/868">gorilla/websocket#868</a></li>
<li><a href="https://github.com/bcreane"><code>@​bcreane</code></a> made
their first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/878">gorilla/websocket#878</a></li>
<li><a href="https://github.com/XdpCs"><code>@​XdpCs</code></a> made
their first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/881">gorilla/websocket#881</a></li>
<li><a href="https://github.com/ninedraft"><code>@​ninedraft</code></a>
made their first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/872">gorilla/websocket#872</a></li>
<li><a href="https://github.com/nak3"><code>@​nak3</code></a> made their
first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/863">gorilla/websocket#863</a></li>
<li><a href="https://github.com/UnAfraid"><code>@​UnAfraid</code></a>
made their first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/894">gorilla/websocket#894</a></li>
<li><a
href="https://github.com/apoorvajagtap"><code>@​apoorvajagtap</code></a>
made their first contribution in <a
href="https://redirect.github.com/gorilla/websocket/pull/904">gorilla/websocket#904</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gorilla/websocket/compare/v1.5.1...v1.5.3">https://github.com/gorilla/websocket/compare/v1.5.1...v1.5.3</a></p>
<h2>v1.5.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Fixes subprotocol selection (aling with rfc6455) by <a
href="https://github.com/KSDaemon"><code>@​KSDaemon</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/823">gorilla/websocket#823</a></li>
<li>Update README.md, replace master to main by <a
href="https://github.com/mstmdev"><code>@​mstmdev</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/862">gorilla/websocket#862</a></li>
<li>Use status code constant by <a
href="https://github.com/mstmdev"><code>@​mstmdev</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/864">gorilla/websocket#864</a></li>
<li>conn.go: default close handler should not return ErrCloseSent. by <a
href="https://github.com/pnx"><code>@​pnx</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/865">gorilla/websocket#865</a></li>
<li>fix: replace ioutil.readfile with os.readfile by <a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/868">gorilla/websocket#868</a></li>
<li>fix: add comment for the readBufferSize and writeBufferSize by <a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/869">gorilla/websocket#869</a></li>
<li>Remove noisy printf in NextReader() and beginMessage() by <a
href="https://github.com/bcreane"><code>@​bcreane</code></a> in <a
href="https://redirect.github.com/gorilla/websocket/pull/878">gorilla/websocket#878</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ce903f6d1d"><code>ce903f6</code></a>
Reverts to v1.5.0</li>
<li><a
href="9ec25ca502"><code>9ec25ca</code></a>
fixes broken random value generation</li>
<li><a
href="1bddf2e0db"><code>1bddf2e</code></a>
bumps go version &amp; removes deprecated module usage</li>
<li><a
href="750bf92096"><code>750bf92</code></a>
adds GHA &amp; Makefile configs</li>
<li><a
href="b2c246b2ec"><code>b2c246b</code></a>
Revert &quot; Update go version &amp; add verification/testing tools (<a
href="https://redirect.github.com/gorilla/websocket/issues/840">#840</a>)&quot;</li>
<li><a
href="09a6bab466"><code>09a6bab</code></a>
removing error handling while closing connections</li>
<li><a
href="58af150309"><code>58af150</code></a>
return errors instead of printing to logs</li>
<li><a
href="e5f1a0aad0"><code>e5f1a0a</code></a>
excludes errchecks linter</li>
<li><a
href="b2a86a1744"><code>b2a86a1</code></a>
Do not timeout when WriteControl deadline is zero</li>
<li><a
href="695e9095ce"><code>695e909</code></a>
Remove hideTempErr to allow downstream users to check for errors like
net.Err...</li>
<li>Additional commits viewable in <a
href="https://github.com/gorilla/websocket/compare/v1.5.0...v1.5.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gorilla/websocket&package-manager=go_modules&previous-version=1.5.0&new-version=1.5.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-17 21:44:13 +00:00
dependabot[bot]
3be22065a6
Bump github.com/docker/go-connections from 0.4.0 to 0.5.0 (#3465)
Bumps
[github.com/docker/go-connections](https://github.com/docker/go-connections)
from 0.4.0 to 0.5.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fa09c952e3"><code>fa09c95</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/go-connections/issues/108">#108</a>
from thaJeztah/carry_6</li>
<li><a
href="7a67a58690"><code>7a67a58</code></a>
Swap CloseRead and CloseWrite</li>
<li><a
href="481d3d26b3"><code>481d3d2</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/go-connections/issues/107">#107</a>
from thaJeztah/drop_legacy_go</li>
<li><a
href="9548f9f7bd"><code>9548f9f</code></a>
tlsconfig: remove deprecated io/ioutil</li>
<li><a
href="c564c210e1"><code>c564c21</code></a>
drop support for go1.17 and older</li>
<li><a
href="7cbebcf931"><code>7cbebcf</code></a>
gha: update actions</li>
<li><a
href="2cf423f0ad"><code>2cf423f</code></a>
tlsconfig: move allTLSVersions var</li>
<li><a
href="dca283b665"><code>dca283b</code></a>
tlsconfig: drop support for go1.12 and older</li>
<li><a
href="21876c5afd"><code>21876c5</code></a>
tlsconfig: drop support for go1.6 and older</li>
<li><a
href="4d174dba22"><code>4d174db</code></a>
tlsconfig: drop support for go1.4 and older</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/go-connections/compare/v0.4.0...v0.5.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/go-connections&package-manager=go_modules&previous-version=0.4.0&new-version=0.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-17 22:00:10 +01:00
dependabot[bot]
19cc831fdd
Bump github.com/docker/docker from 26.1.0+incompatible to 26.1.5+incompatible (#3466)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from
26.1.0+incompatible to 26.1.5+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v26.1.5</h2>
<h2>26.1.5</h2>
<h3>Security</h3>
<p>This release contains a fix for <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110">CVE-2024-41110</a>
/ <a
href="https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq">GHSA-v23v-6jw2-98fq</a>
that impacted setups using <a
href="https://docs.docker.com/engine/extend/plugins_authorization/">authorization
plugins (AuthZ)</a>
for access control. No other changes are included in this release, and
this
release is otherwise identical for users not using AuthZ plugins.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/moby/moby/compare/v26.1.4...v26.1.5">https://github.com/moby/moby/compare/v26.1.4...v26.1.5</a></p>
<h2>v26.1.4</h2>
<h2>26.1.4</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A26.1.4">docker/cli,
26.1.4 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A26.1.4">moby/moby,
26.1.4 milestone</a></li>
<li>Deprecated and removed features, see <a
href="https://github.com/docker/cli/blob/v26.1.4/docs/deprecated.md">Deprecated
Features</a>.</li>
<li>Changes to the Engine API, see <a
href="https://github.com/moby/moby/blob/v26.1.4/docs/api/version-history.md">API
version history</a>.</li>
</ul>
<h3>Security</h3>
<p>This release updates the Go runtime to 1.21.11 which contains
security fixes for:</p>
<ul>
<li><a
href="https://redirect.github.com/golang/go/issues/66869">CVE-2024-24789</a></li>
<li><a
href="https://redirect.github.com/golang/go/issues/67680">CVE-2024-24790</a></li>
<li>A symlink time of check to time of use race condition during
directory removal reported by Addison Crump (<a
href="https://github.com/addisoncrump"><code>@​addisoncrump</code></a>).</li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>Fixed an issue where promoting a node immediately after another node
was demoted could cause the promotion to fail. <a
href="https://redirect.github.com/moby/moby/pull/47870">moby/moby#47870</a></li>
<li>Prevent the daemon log from being spammed with <code>superfluous
response.WriteHeader call ...</code> messages.. <a
href="https://redirect.github.com/moby/moby/pull/47843">moby/moby#47843</a></li>
<li>Don't show empty hints when plugins return an empty hook message. <a
href="https://redirect.github.com/docker/cli/pull/5083">docker/cli#5083</a></li>
<li>Added <code>ContextType: &quot;moby&quot;</code> to the context
list/inspect output to address a compatibility issue with Visual Studio
Container Tools. <a
href="https://redirect.github.com/docker/cli/pull/5095">docker/cli#5095</a></li>
<li>Fix a compatibility issue with Visual Studio Container Tools. <a
href="https://redirect.github.com/docker/cli/pull/5095">docker/cli#5095</a></li>
</ul>
<h3>Packaging updates</h3>
<ul>
<li>Update containerd (static binaries only) to <a
href="https://github.com/containerd/containerd/releases/tag/v1.7.17">v1.7.17</a>.
<a
href="https://redirect.github.com/moby/moby/pull/47841">moby/moby#47841</a></li>
<li><a
href="https://redirect.github.com/golang/go/issues/66869">CVE-2024-24789</a>,
<a
href="https://redirect.github.com/golang/go/issues/67680">CVE-2024-24790</a>:
Update Go runtime to 1.21.11. <a
href="https://redirect.github.com/moby/moby/pull/47904">moby/moby#47904</a></li>
<li>Update Compose to <a
href="https://github.com/docker/compose/releases/tag/v2.27.1">v2.27.1</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1022">docker/docker-ce-packages#1022</a></li>
<li>Update Buildx to <a
href="https://github.com/docker/buildx/releases/tag/v0.14.1">v0.14.1</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1021">docker/docker-ce-packages#1021</a></li>
</ul>
<h2>v26.1.3</h2>
<h2>26.1.3</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="411e817ddf"><code>411e817</code></a>
Merge commit from fork</li>
<li><a
href="9cc85eaef1"><code>9cc85ea</code></a>
If url includes scheme, urlPath will drop hostname, which would not
match the...</li>
<li><a
href="820cab90bc"><code>820cab9</code></a>
Authz plugin security fixes for 0-length content and path
validation</li>
<li><a
href="6bc49067a6"><code>6bc4906</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48123">#48123</a>
from vvoland/v26.1-48120</li>
<li><a
href="6fbdce4b94"><code>6fbdce4</code></a>
update to go1.21.12</li>
<li><a
href="f5334644ec"><code>f533464</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/47986">#47986</a>
from vvoland/v26.1-47985</li>
<li><a
href="c1d4587d76"><code>c1d4587</code></a>
builder/mobyexporter: Add missing nil check</li>
<li><a
href="d6428049a5"><code>d642804</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/47940">#47940</a>
from thaJeztah/26.1_backport_api_remove_container_c...</li>
<li><a
href="daba2462f5"><code>daba246</code></a>
docs: api: image inspect: remove Container and ContainerConfig</li>
<li><a
href="de5c9cf0b9"><code>de5c9cf</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/47912">#47912</a>
from thaJeztah/26.1_backport_vendor_containerd_1.7.18</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v26.1.0...v26.1.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=26.1.0+incompatible&new-version=26.1.5+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/element-hq/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-17 21:42:08 +01:00
dependabot[bot]
f8ef6118c7
Bump github.com/docker/docker from 25.0.6+incompatible to 27.4.0+incompatible (#3458)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from
25.0.6+incompatible to 27.4.0+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v27.4.0</h2>
<h2>27.4.0</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A27.4.0">docker/cli,
27.4.0 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A27.4.0">moby/moby,
27.4.0 milestone</a></li>
</ul>
<h3>API</h3>
<ul>
<li><code>GET /images/json</code> with the <code>manifests</code> option
enabled now preserves the original order in which manifests appeared in
the manifest-index. <a
href="https://redirect.github.com/moby/moby/pull/48712">moby/moby#48712</a></li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>When reading logs with the <code>jsonfile</code> or
<code>local</code> log drivers, any errors while trying to read or parse
underlying log files will cause the rest of the file to be skipped and
move to the next log file (if one exists) rather than returning an error
to the client and closing the stream. The errors are viewable in the
Docker Daemon logs and exported to traces when tracing is configured. <a
href="https://redirect.github.com/moby/moby/pull/48842">moby/moby#48842</a></li>
<li>When reading log files, compressed log files are now only
decompressed when needed rather than decompressing all files before
starting the log stream. <a
href="https://redirect.github.com/moby/moby/pull/48842">moby/moby#48842</a></li>
<li>Fix an issue that meant published ports from one container on a
bridge network were not accessible from another container on the same
network with <code>userland-proxy</code> disabled, if the kernel's
<code>br_netfilter</code> module was not loaded and enabled. The daemon
will now attempt to load the module and enable
<code>bridge-nf-call-iptables</code> or
<code>bridge-nf-call-ip6tables</code> when creating a network with the
userland proxy disabled. <a
href="https://redirect.github.com/moby/moby/pull/48685">moby/moby#48685</a></li>
<li>Fix loading of <code>bridge</code> and <code>br_netfilter</code>
kernel modules. <a
href="https://redirect.github.com/moby/moby/pull/48966">moby/moby#48966</a></li>
<li>containerd image store: Fix Docker daemon failing to fully start
with a &quot;context deadline exceeded error&quot; with containerd
snapshotter and many builds/images. <a
href="https://redirect.github.com/moby/moby/pull/48954">moby/moby#48954</a></li>
<li>containerd image-store: Fix partially pulled images not being
garbage-collected. <a
href="https://redirect.github.com/moby/moby/pull/48910">moby#48910</a>,
<a
href="https://redirect.github.com/moby/moby/pull/48957">moby/moby#48957</a></li>
<li>containerd image store: Fix <code>docker image inspect</code>
outputting duplicate references in <code>RepoDigests</code>. <a
href="https://redirect.github.com/moby/moby/pull/48785">moby/moby#48785</a></li>
<li>containerd image store: Fix not being able to connect to some
insecure registries in cases where the HTTPS request failed due to a
non-TLS related error. <a
href="https://redirect.github.com/moby/moby/pull/48758">moby/moby#48758</a></li>
<li>containerd image store: Remove a confusing warning log when tagging
a non-dangling image. <a
href="https://redirect.github.com/moby/moby/pull/49010">moby/moby#49010</a></li>
<li>dockerd-rootless-setuptool.sh: let --force ignore smoke test errors
<a
href="https://redirect.github.com/moby/moby/pull/48695">moby/moby#48695</a></li>
<li>Disable IPv6 Duplicate Address Detection (DAD) for addresses
assigned to the bridges belonging to bridge networks. <a
href="https://redirect.github.com/moby/moby/pull/48684">moby/moby#48684</a></li>
<li>Remove BuildKit init timeout. <a
href="https://redirect.github.com/moby/moby/pull/48963">moby/moby#48963</a></li>
<li>Ignore &quot;dataset does not exist&quot; error when removing
dataset on ZFS. <a
href="https://redirect.github.com/moby/moby/pull/48968">moby/moby#48968</a></li>
<li>Client: Prevent idle connections leaking FDs. <a
href="https://redirect.github.com/moby/moby/pull/48764">moby/moby#48764</a></li>
<li>Fix anonymous volumes being created through the <code>--mount</code>
option not being marked as anonymous. <a
href="https://redirect.github.com/moby/moby/pull/48755">moby/moby#48755</a></li>
<li>After a daemon restart with live-restore, ensure an iptables jump to
the <code>DOCKER-USER</code> chain is placed before other rules. <a
href="https://redirect.github.com/moby/moby/pull/48714">moby/moby#48714</a></li>
<li>Fix a possible memory leak caused by OTel meters. <a
href="https://redirect.github.com/moby/moby/pull/48693">moby/moby#48693</a></li>
<li>Create distinct build history db for each store. <a
href="https://redirect.github.com/moby/moby/pull/48688">moby/moby#48688</a></li>
<li>Fix an issue that caused excessive memory usage when DNS resolution
was made in a tight loop. <a
href="https://redirect.github.com/moby/moby/pull/48840">moby/moby#48840</a></li>
<li>containerd image store: Do not underline names in <code>docker image
ls --tree</code>. <a
href="https://redirect.github.com/docker/cli/pull/5519">docker/cli#5519</a></li>
<li>containerd image store: Change name of <code>USED</code> column in
<code>docker image ls --tree</code> to <code>IN USE</code>. <a
href="https://redirect.github.com/docker/cli/pull/5518">docker/cli#5518</a></li>
<li>Fix a bug preventing image pulls from being cancelled during
<code>docker run</code>. <a
href="https://redirect.github.com/docker/cli/pull/5654">docker/cli#5654</a></li>
<li>Port some completions from the bash completion to the new cobra
based completion. <a
href="https://redirect.github.com/docker/cli/pull/5618">docker/cli#5618</a></li>
<li>The <code>docker login</code> and <code>docker logout</code> command
no longer update the configuration file if the credentials didn't
change. <a
href="https://redirect.github.com/docker/cli/pull/5569">docker/cli#5569</a></li>
<li>Optimise <code>docker stats</code> to reduce flickering issues. <a
href="https://redirect.github.com/docker/cli/pull/5588">docker/cli#5588</a>,
<a
href="https://redirect.github.com/docker/cli/pull/5635">docker/cli#5635</a></li>
<li>Fix inaccessible plugins paths preventing plugins from being
detected. <a
href="https://redirect.github.com/docker/cli/pull/5652">docker/cli#5652</a></li>
<li>Add support for <code>events --filter</code> in cobra generated
shell completions. <a
href="https://redirect.github.com/docker/cli/pull/5614">docker/cli#5614</a></li>
<li>Fix bash completion for <code>events --filter daemon=</code>. <a
href="https://redirect.github.com/docker/cli/pull/5563">docker/cli#5563</a></li>
<li>Improve shell-completion of containers for <code>docker rm</code>.
<a
href="https://redirect.github.com/docker/cli/pull/5540">docker/cli#5540</a></li>
<li>Add shell-completion for <code>--platform</code> flags. <a
href="https://redirect.github.com/docker/cli/pull/5540">docker/cli#5540</a></li>
<li>rootless: Make <code>/etc/cdi</code> and <code>/var/run/cdi</code>
accessible by the Container Device Interface (CDI) integration. <a
href="https://redirect.github.com/moby/moby/pull/49027">moby/moby#49027</a></li>
</ul>
<h3>Removed</h3>
<ul>
<li>Deprecate <code>Daemon.Exists()</code> and
<code>Daemon.IsPaused()</code>. These functions are no longer used and
will be removed in the next release. <a
href="https://redirect.github.com/moby/moby/pull/48719">moby/moby#48719</a></li>
<li>Deprecate <code>container.ErrNameReserved</code> and
<code>container.ErrNameNotReserved</code>. <a
href="https://redirect.github.com/moby/moby/pull/48697">moby/moby#48697</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="92a83937d0"><code>92a8393</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/49027">#49027</a>
from thaJeztah/27.x_backport_cdi-rootless</li>
<li><a
href="9163aa379a"><code>9163aa3</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/49026">#49026</a>
from thaJeztah/27.x_update_go_1.22.10</li>
<li><a
href="4775621ab6"><code>4775621</code></a>
Dockerd rootless: make {/etc,/var/run}/cdi available</li>
<li><a
href="0176f4a5c3"><code>0176f4a</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/49024">#49024</a>
from thaJeztah/27.x_vendor_buildkit_0.17.3</li>
<li><a
href="0e34b3956b"><code>0e34b39</code></a>
update to go1.22.10</li>
<li><a
href="7919b806e7"><code>7919b80</code></a>
[27.x] vendor: github.com/moby/buildkit v0.17.3</li>
<li><a
href="a92d4c5a57"><code>a92d4c5</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/49013">#49013</a>
from vvoland/49006-27.x</li>
<li><a
href="1cc127466d"><code>1cc1274</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/49010">#49010</a>
from vvoland/49009-27.x</li>
<li><a
href="525b929947"><code>525b929</code></a>
registry: deprecate RepositoryInfo.Class</li>
<li><a
href="d6d43b2912"><code>d6d43b2</code></a>
c8d/tag: Don't log a warning if the source image is not dangling</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v25.0.6...v27.4.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=25.0.6+incompatible&new-version=27.4.0+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
2024-12-17 20:39:04 +00:00
dependabot[bot]
bed4abf229
Bump github.com/dgraph-io/ristretto from 0.1.1 to 0.2.0 (#3457)
Bumps
[github.com/dgraph-io/ristretto](https://github.com/dgraph-io/ristretto)
from 0.1.1 to 0.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dgraph-io/ristretto/releases">github.com/dgraph-io/ristretto's
releases</a>.</em></p>
<blockquote>
<h2>v0.2.0</h2>
<h2>What's Changed</h2>
<p>*`docs(readme): Use new Wait method by <a
href="https://github.com/angadn"><code>@​angadn</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/327">dgraph-io/ristretto#327</a></p>
<ul>
<li>docs: format example on readme by <a
href="https://github.com/rfyiamcool"><code>@​rfyiamcool</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/339">dgraph-io/ristretto#339</a></li>
<li>Fix flakes in TestDropUpdates by <a
href="https://github.com/evanj"><code>@​evanj</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/334">dgraph-io/ristretto#334</a></li>
<li>docs(Cache): document Wait, clarify Get by <a
href="https://github.com/evanj"><code>@​evanj</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/333">dgraph-io/ristretto#333</a></li>
<li>chore: fix typo error by <a
href="https://github.com/proost"><code>@​proost</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/341">dgraph-io/ristretto#341</a></li>
<li>fix: support compilation to wasip1 by <a
href="https://github.com/achille-roussel"><code>@​achille-roussel</code></a>
in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/344">dgraph-io/ristretto#344</a></li>
<li>remove glog dependency by <a
href="https://github.com/jhawk28"><code>@​jhawk28</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/350">dgraph-io/ristretto#350</a></li>
<li>add config for cleanup ticker duration by <a
href="https://github.com/singhvikash11"><code>@​singhvikash11</code></a>
in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/342">dgraph-io/ristretto#342</a></li>
<li>fix(OnEvict): Set missing Expiration field on evicted items by <a
href="https://github.com/0x1ee7"><code>@​0x1ee7</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/345">dgraph-io/ristretto#345</a></li>
<li>uint32 -&gt; uint64 in slice methods by <a
href="https://github.com/mocurin"><code>@​mocurin</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/323">dgraph-io/ristretto#323</a></li>
<li>fix: cleanupTicker not being stopped by <a
href="https://github.com/IlyaFloppy"><code>@​IlyaFloppy</code></a> in <a
href="https://redirect.github.com/dgraph-io/ristretto/pull/343">dgraph-io/ristretto#343</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0">https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/dgraph-io/ristretto/blob/main/CHANGELOG.md">github.com/dgraph-io/ristretto's
changelog</a>.</em></p>
<blockquote>
<h2>[v0.2.0] - 2024-10-06</h2>
<h3>Added</h3>
<ul>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/344"><code>fix:
support compilation to wasip1 by @​achille-roussel</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/342"><code>add
config for cleanup ticker duration by @​singhvikash11</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/327"><code>docs(readme):
Use new Wait method by @​angadn</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/339"><code>docs:
format example on readme by @​rfyiamcool</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/334"><code>Fix
flakes in TestDropUpdates by @​evanj</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/333"><code>docs(Cache):
document Wait, clarify Get by @​evanj</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/341"><code>chore:
fix typo error by @​proost</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/350"><code>remove
glog dependency by @​jhawk28</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/345"><code>fix(OnEvict):
Set missing Expiration field on evicted items by
@​0x1ee7</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/323"><code>uint32
-&gt; uint64 in slice methods by @​mocurin</code></a></li>
<li><a
href="https://redirect.github.com/dgraph-io/ristretto/pull/343"><code>fix:
cleanupTicker not being stopped by @​IlyaFloppy</code></a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0">https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1854617567"><code>1854617</code></a>
minor repo cleanup (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/352">#352</a>)</li>
<li><a
href="91446626cc"><code>9144662</code></a>
stop cleanupTicker while closing cache (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/343">#343</a>)</li>
<li><a
href="c00b3525a6"><code>c00b352</code></a>
uint32 to uint64 in slice methods (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/323">#323</a>)</li>
<li><a
href="e6d62cbfa0"><code>e6d62cb</code></a>
chore(ci): separate out coverage report workflow (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/353">#353</a>)</li>
<li><a
href="f0e70276b9"><code>f0e7027</code></a>
set missing Expiration field on evicted items (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/345">#345</a>)</li>
<li><a
href="e8dc5b0073"><code>e8dc5b0</code></a>
add config for cleanup ticker duration (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/342">#342</a>)</li>
<li><a
href="c5789d66fd"><code>c5789d6</code></a>
update golangci config and cleanup repo (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/351">#351</a>)</li>
<li><a
href="bdcf5e99ac"><code>bdcf5e9</code></a>
remove glog dependency (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/350">#350</a>)</li>
<li><a
href="3f6b44a609"><code>3f6b44a</code></a>
fix: support compilation to wasip1 (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/344">#344</a>)</li>
<li><a
href="c73d585ee6"><code>c73d585</code></a>
chore: fix typo error (<a
href="https://redirect.github.com/dgraph-io/ristretto/issues/341">#341</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/dgraph-io/ristretto/compare/v0.1.1...v0.2.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/dgraph-io/ristretto&package-manager=go_modules&previous-version=0.1.1&new-version=0.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-17 21:02:03 +01:00
Neil
72039f651e
Update dependencies (#3449)
Signed-off-by: Neil Alexander <git@neilalexander.dev>

---------

Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2024-12-15 11:27:27 +01:00
Till Faelligen
3ca9dae95a
Fix missed matrix-org bits, run go mod tidy 2024-11-14 13:32:24 +01:00
Quentin Gliech
6e6c3de0a6
Rename the go package
github.com/matrix-org/dendrite to github.com/element-hq/dendrite
2024-10-17 17:33:45 +02:00
idk
6cd1285ca0
Adds support for listening on and connecting to I2P and Onion services securely (#3293)
This PR adds 2 `dendrite-demo` main's, each designed expressly to serve
a Hidden Service/Overlay network.

The first, `dendrite-demo-i2p` add self-configuration for use of
dendrite as an I2P hidden service(eepsite) and to connect to I2P
services(federate) as an I2P client. It further disables the `dendrite`
server from communicating with non-anonymous servers by
federation(because I2P does not canonically have the ability to exit, we
rely on donors for exit traffic), and enables the use of self-signed TLS
certificates([because I2P services are self-authenticating but TLS is
still required for other aspects of the system to work
reliably](https://tor.stackexchange.com/questions/13887/registering-onion-with-certificate-authority)).
This demo turns the system into an "pseudonymous" homeserver which
people can connect to using an I2P-enabled Matrix client(I like `cinny`
and it's what I tested with).

The second, `dendrite-demo-tor` adds self-configuration for the use of
dendrite as an Onion service and to connect to other onion services and
non-anonymous web sites using Tor to obfuscate it's physical location
and providing, optionally, pseudonymity. It also enables the use of
self-signed TLS certificates, for the same reason as with I2P, because
onion services aren't typically eligible for TLS certificates. It has
also been tested with `cinny`.

These services are both pseudonymous like myself, not anonymous. I will
be meeting members of the element team at the CCC assembly shortly to
discuss contributing under my pseudonym.

As none of the other `dendrite-demo` have unit tests I did not add them
to these checkins.

* [*] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement) for this PR _or_ I have
justified why this PR doesn't need tests

---------

Co-authored-by: eyedeekay <idk@mulder>
Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
2024-09-23 19:28:28 +02:00
Till
002fed3cb9
Bump GMSL (#3419)
Adds
https://github.com/matrix-org/gomatrixserverlib/pull/436
https://github.com/matrix-org/gomatrixserverlib/pull/438
https://github.com/matrix-org/gomatrixserverlib/pull/432
2024-09-10 19:45:31 +00:00
Neil
117ed66037
Update NATS to 2.10.20, use SyncAlways (#3418)
The internal NATS instance is definitely convenient but it does have one
problem: its lifecycle is tied to the Dendrite process. That means if
Dendrite panics or OOMs, it takes out NATS with it. I suspect this is
sometimes contributing to what people see with stuck streams, as some
operations or state might not be written to disk fully before it gets
interrupted.

Using `SyncAlways` means that NATS will effectively use `O_SYNC` and
block writes on flushes, which should improve resiliency against this
kind of failure considerably. It might affect performance a little but
shouldn't be significant.

Also updates NATS to 2.10.20 as there have been all sorts of fixes since
2.10.7, including better `SyncAlways` handling.

Signed-off-by: Neil Alexander <git@neilalexander.dev>

---------

Signed-off-by: Neil Alexander <git@neilalexander.dev>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2024-09-10 20:54:38 +02:00
Till
7a4ef240fc
Implement MSC3916 (#3397)
Needs https://github.com/matrix-org/gomatrixserverlib/pull/437
2024-08-16 12:37:59 +02:00
Till
4d116ff0db
Bump yggdrasil (#3407) 2024-08-03 20:26:28 +02:00
dependabot[bot]
c876790f08
Bump github.com/docker/docker from 24.0.9+incompatible to 25.0.6+incompatible (#3405)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from
24.0.9+incompatible to 25.0.6+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v25.0.6</h2>
<h2>25.0.6</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.6">docker/cli,
25.0.6 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.6">moby/moby,
25.0.6 milestone</a></li>
<li>Deprecated and removed features, see <a
href="https://github.com/docker/cli/blob/v25.0.6/docs/deprecated.md">Deprecated
Features</a>.</li>
<li>Changes to the Engine API, see <a
href="https://github.com/moby/moby/blob/v25.0.6/docs/api/version-history.md">API
version history</a>.</li>
</ul>
<h3>Security</h3>
<p>This release contains a fix for <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110">CVE-2024-41110</a>
/ <a
href="https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq">GHSA-v23v-6jw2-98fq</a>
that impacted setups using <a
href="https://docs.docker.com/engine/extend/plugins_authorization/">authorization
plugins (AuthZ)</a> for access control.</p>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>[25.0] remove erroneous <code>platform</code> from image
<code>config</code> OCI descriptor in <code>docker save</code> output.
<a
href="https://redirect.github.com/moby/moby/pull/47695">moby/moby#47695</a></li>
<li>[25.0 backport] Fix a nil dereference when getting image history for
images having layers without the <code>Created</code> value set. <a
href="https://redirect.github.com/moby/moby/pull/47759">moby/moby#47759</a></li>
<li>[25.0 backport] apparmor: Allow confined runc to kill containers. <a
href="https://redirect.github.com/moby/moby/pull/47830">moby/moby#47830</a></li>
<li>[25.0 backport] Fix an issue where rapidly promoting a Swarm node
after another node was demoted could cause the promoted node to fail its
promotion. <a
href="https://redirect.github.com/moby/moby/pull/47869">moby/moby#47869</a></li>
<li>[25.0 backport] don't depend on containerd platform.Parse to return
a typed error. <a
href="https://redirect.github.com/moby/moby/pull/47890">moby/moby#47890</a></li>
<li>[25.0 backport] builder/mobyexporter: Add missing nil check <a
href="https://redirect.github.com/moby/moby/pull/47987">moby/moby#47987</a></li>
</ul>
<h3>Packaging updates</h3>
<ul>
<li>Update AWS SDK Go v2 to v1.24.1 for AWS CloudWatch logging driver.
<a
href="https://redirect.github.com/moby/moby/pull/47724">moby/moby#47724</a></li>
<li>Update Go runtime to 1.21.12, which contains security fixes for <a
href="https://github.com/advisories/GHSA-hw49-2p59-3mhj">CVE-2024-24791</a>
<a
href="https://redirect.github.com/moby/moby/pull/48146">moby/moby#48146</a></li>
<li>Update Containerd (static binaries only) to <a
href="https://github.com/containerd/containerd/releases/tag/v1.7.20">v1.7.20</a>.
<a
href="https://redirect.github.com/moby/moby/pull/48199">moby/moby#48199</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/moby/moby/compare/v25.0.5...v25.0.6">https://github.com/moby/moby/compare/v25.0.5...v25.0.6</a></p>
<h2>v25.0.5</h2>
<h2>25.0.5</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.5">docker/cli,
25.0.5 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.5">moby/moby,
25.0.5 milestone</a></li>
<li>Deprecated and removed features, see <a
href="https://github.com/docker/cli/blob/v25.0.5/docs/deprecated.md">Deprecated
Features</a>.</li>
<li>Changes to the Engine API, see <a
href="https://github.com/moby/moby/blob/v25.0.5/docs/api/version-history.md">API
version history</a>.</li>
</ul>
<h3>Security</h3>
<p>This release contains a security fix for <a
href="https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx">CVE-2024-29018</a>,
a potential data exfiltration from 'internal' networks via authoritative
DNS servers.</p>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>
<p><a
href="https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx">CVE-2024-29018</a>:
Do not forward requests to external DNS servers for a container that is
only connected to an 'internal' network. Previously, requests were
forwarded if the host's DNS server was running on a loopback address,
like systemd's 127.0.0.53. <a
href="https://redirect.github.com/moby/moby/pull/47589">moby/moby#47589</a></p>
</li>
<li>
<p>plugin: fix mounting /etc/hosts when running in UserNS. <a
href="https://redirect.github.com/moby/moby/pull/47588">moby/moby#47588</a></p>
</li>
<li>
<p>rootless: fix <code>open /etc/docker/plugins: permission
denied</code>. <a
href="https://redirect.github.com/moby/moby/pull/47587">moby/moby#47587</a></p>
</li>
<li>
<p>Fix multiple parallel <code>docker build</code> runs leaking disk
space. <a
href="https://redirect.github.com/moby/moby/pull/47527">moby/moby#47527</a></p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b08a51fe16"><code>b08a51f</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48231">#48231</a>
from austinvazquez/backport-vendor-otel-v0.46.1-to-...</li>
<li><a
href="d151b0f87f"><code>d151b0f</code></a>
vendor: OTEL v0.46.1 / v1.21.0</li>
<li><a
href="c6ba9a5124"><code>c6ba9a5</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48225">#48225</a>
from austinvazquez/backport-workflow-artifact-reten...</li>
<li><a
href="4673a3ca2c"><code>4673a3c</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48227">#48227</a>
from austinvazquez/backport-backport-branch-check-t...</li>
<li><a
href="30f8908102"><code>30f8908</code></a>
github/ci: Check if backport is opened against the expected branch</li>
<li><a
href="7454d6a2e6"><code>7454d6a</code></a>
ci: update workflow artifacts retention</li>
<li><a
href="65cc597cea"><code>65cc597</code></a>
Merge commit from fork</li>
<li><a
href="b722836927"><code>b722836</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48199">#48199</a>
from austinvazquez/update-containerd-binary-to-1.7.20</li>
<li><a
href="e8ecb9c76d"><code>e8ecb9c</code></a>
update containerd binary to v1.7.20</li>
<li><a
href="e6cae1f237"><code>e6cae1f</code></a>
update containerd binary to v1.7.19</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v24.0.9...v25.0.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=24.0.9+incompatible&new-version=25.0.6+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
2024-08-02 08:56:24 +02:00
Till
a37d317958
Bump go to 1.21 (#3360) 2024-08-02 08:35:38 +02:00
dependabot[bot]
7d8516838d
Bump golang.org/x/image from 0.10.0 to 0.18.0 (#3390)
Bumps [golang.org/x/image](https://github.com/golang/image) from 0.10.0
to 0.18.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3bbf4a659e"><code>3bbf4a6</code></a>
tiff: Validate palette indices when parsing palette-color images</li>
<li><a
href="6c5fa462eb"><code>6c5fa46</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="55c4ab6bd6"><code>55c4ab6</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="0057a939a5"><code>0057a93</code></a>
tiff: fix function name in comment</li>
<li><a
href="9e190ae4a3"><code>9e190ae</code></a>
webp: disallow multiple VP8X chunks</li>
<li><a
href="445ab0e75e"><code>445ab0e</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="240a51ac9f"><code>240a51a</code></a>
font/sfnt: support early version 0 OS/2 tables</li>
<li><a
href="c20bbc3713"><code>c20bbc3</code></a>
draw: simplify some calls to fmt.Fprintf</li>
<li><a
href="491771c681"><code>491771c</code></a>
draw: merge draw_go117.go into draw.go</li>
<li><a
href="4aa0222fac"><code>4aa0222</code></a>
go.mod: update go directive to 1.18</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/image/compare/v0.10.0...v0.18.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/image&package-manager=go_modules&previous-version=0.10.0&new-version=0.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-27 20:49:18 +02:00
dependabot[bot]
5547bf8ca6
Bump golang.org/x/net from 0.21.0 to 0.23.0 (#3365)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to
0.23.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c48da13158"><code>c48da13</code></a>
http2: fix TestServerContinuationFlood flakes</li>
<li><a
href="762b58d1cf"><code>762b58d</code></a>
http2: fix tipos in comment</li>
<li><a
href="ba872109ef"><code>ba87210</code></a>
http2: close connections when receiving too many headers</li>
<li><a
href="ebc8168ac8"><code>ebc8168</code></a>
all: fix some typos</li>
<li><a
href="3678185f8a"><code>3678185</code></a>
http2: make TestCanonicalHeaderCacheGrowth faster</li>
<li><a
href="448c44f928"><code>448c44f</code></a>
http2: remove clientTester</li>
<li><a
href="c7877ac421"><code>c7877ac</code></a>
http2: convert the remaining clientTester tests to testClientConn</li>
<li><a
href="d8870b0bf2"><code>d8870b0</code></a>
http2: use synthetic time in TestIdleConnTimeout</li>
<li><a
href="d73acffdc9"><code>d73acff</code></a>
http2: only set up deadline when Server.IdleTimeout is positive</li>
<li><a
href="89f602b7bb"><code>89f602b</code></a>
http2: validate client/outgoing trailers</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/net/compare/v0.21.0...v0.23.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/net&package-manager=go_modules&previous-version=0.21.0&new-version=0.23.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-30 23:12:52 +00:00
Till
14a6c10097
Version 0.13.7 (#3349) 2024-04-09 10:24:27 +02:00
Till
b732eede27
Fix spaces over federation (#3347)
Fixes #2504

 A few issues with the previous iteration:
- We never returned `inaccessible_children`, which (if I read the code
correctly), made Synapse raise an error and thus not returning the
requested rooms
- For restricted rooms, we didn't return the list of allowed rooms
2024-03-28 20:40:45 +01:00
dependabot[bot]
1bdf0cc541
Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible (#3341)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from
24.0.7+incompatible to 24.0.9+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v24.0.9</h2>
<h2>24.0.9</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.9">docker/cli,
24.0.9 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.9">moby/moby,
24.0.9 milestone</a></li>
</ul>
<h2>Security</h2>
<p>This release contains security fixes for the following CVEs affecting
Docker Engine and its components.</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Component</th>
<th>Fix version</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="https://scout.docker.com/v/CVE-2024-21626">CVE-2024-21626</a></td>
<td>runc</td>
<td>1.1.12</td>
<td>High, CVSS 8.6</td>
</tr>
<tr>
<td><a
href="https://scout.docker.com/v/CVE-2024-24557">CVE-2024-24557</a></td>
<td>Docker Engine</td>
<td>24.0.9</td>
<td>Medium, CVSS 6.9</td>
</tr>
</tbody>
</table>
<blockquote>
<p><strong>Important</strong> ⚠️</p>
<p>Note that this release of Docker Engine doesn't include fixes for the
following known vulnerabilities in BuildKit:</p>
<ul>
<li><a
href="https://scout.docker.com/v/CVE-2024-23651">CVE-2024-23651</a></li>
<li><a
href="https://scout.docker.com/v/CVE-2024-23652">CVE-2024-23652</a></li>
<li><a
href="https://scout.docker.com/v/CVE-2024-23653">CVE-2024-23653</a></li>
<li><a
href="https://scout.docker.com/v/CVE-2024-23650">CVE-2024-23650</a></li>
</ul>
<p>To address these vulnerabilities, upgrade to <a
href="https://github.com/docker/docker/blob/HEAD/25.0.md#2502">Docker
Engine v25.0.2</a>.</p>
</blockquote>
<p>For more information about the security issues addressed in this
release, and the unaddressed vulnerabilities in BuildKit, refer to the
<a
href="https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/">blog
post</a>. For details about each vulnerability, see the relevant
security advisory:</p>
<ul>
<li><a
href="https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv">CVE-2024-21626</a></li>
<li><a
href="https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc">CVE-2024-24557</a></li>
</ul>
<h3>Packaging updates</h3>
<ul>
<li>Upgrade runc to <a
href="https://github.com/opencontainers/runc/releases/tag/v1.1.12">v1.1.12</a>.
<a
href="https://redirect.github.com/moby/moby/pull/47269">moby/moby#47269</a></li>
<li>Upgrade containerd to <a
href="https://github.com/containerd/containerd/releases/tag/v1.7.13">v1.7.13</a>
(static binaries only). <a
href="https://redirect.github.com/moby/moby/pull/47280">moby/moby#47280</a></li>
</ul>
<h2>v24.0.8</h2>
<h2>24.0.8</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.8">docker/cli,
24.0.8 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.8">moby/moby,
24.0.8 milestone</a></li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>Live restore: Containers with auto remove (<code>docker run
--rm</code>) are no longer forcibly removed on engine restart. <a
href="https://redirect.github.com/moby/moby/pull/46869">moby/moby#46857</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fca702de7f"><code>fca702d</code></a>
Merge pull request from GHSA-xw73-rw38-6vjc</li>
<li><a
href="f78a7726d7"><code>f78a772</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/47281">#47281</a>
from thaJeztah/24.0_backport_bump_containerd_binary...</li>
<li><a
href="61afffeeb3"><code>61afffe</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/47270">#47270</a>
from thaJeztah/24.0_backport_bump_runc_binary_1.1.12</li>
<li><a
href="b38e74c4e0"><code>b38e74c</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/47276">#47276</a>
from thaJeztah/24.0_backport_bump_runc_1.1.12</li>
<li><a
href="dac56638ad"><code>dac5663</code></a>
update containerd binary to v1.7.13</li>
<li><a
href="20e1af3616"><code>20e1af3</code></a>
vendor: github.com/opencontainers/runc v1.1.12</li>
<li><a
href="858919d399"><code>858919d</code></a>
update runc binary to v1.1.12</li>
<li><a
href="141ad39e38"><code>141ad39</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/47266">#47266</a>
from vvoland/ci-fix-makeps1-templatefail-24</li>
<li><a
href="db968c672b"><code>db968c6</code></a>
hack/make.ps1: Fix go list pattern</li>
<li><a
href="61c51fbb5a"><code>61c51fb</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/47221">#47221</a>
from vvoland/pkg-pools-close-noop-24</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v24.0.7...v24.0.9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=24.0.7+incompatible&new-version=24.0.9+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-22 22:30:28 +01:00
dependabot[bot]
a00b976a00
Bump google.golang.org/protobuf from 1.30.0 to 1.33.0 (#3339)
Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/protobuf&package-manager=go_modules&previous-version=1.30.0&new-version=1.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-22 22:29:53 +01:00
Till
dae1ef2e46
Update GMSL (#3303)
If I didn't miss anything, this should add fixes from:
https://github.com/matrix-org/gomatrixserverlib/pull/424
https://github.com/matrix-org/gomatrixserverlib/pull/426
https://github.com/matrix-org/gomatrixserverlib/pull/427
https://github.com/matrix-org/gomatrixserverlib/pull/428
https://github.com/matrix-org/gomatrixserverlib/pull/429
https://github.com/matrix-org/gomatrixserverlib/pull/430
2024-01-15 20:12:34 +00:00
dependabot[bot]
3a4b5f49ac
Bump github.com/quic-go/quic-go from 0.37.4 to 0.37.7 (#3300)
Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go)
from 0.37.4 to 0.37.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/quic-go/quic-go/releases">github.com/quic-go/quic-go's
releases</a>.</em></p>
<blockquote>
<h2>v0.37.7</h2>
<p>This release contains fixes for the Honeybadger vulnerability
(CVE-2023-49295):</p>
<ul>
<li>limit the number of queued PATH_RESPONSE frames to 256 (<a
href="https://redirect.github.com/quic-go/quic-go/issues/4199">#4199</a>)</li>
<li>don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (<a
href="https://redirect.github.com/quic-go/quic-go/issues/4200">#4200</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/quic-go/quic-go/compare/v0.37.6...v0.37.7">https://github.com/quic-go/quic-go/compare/v0.37.6...v0.37.7</a></p>
<h2>v0.37.6</h2>
<p>This patch release contains a backport of <a
href="https://redirect.github.com/quic-go/quic-go/pull/4038">quic-go/quic-go#4038</a>.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/quic-go/quic-go/compare/v0.37.5...v0.37.6">https://github.com/quic-go/quic-go/compare/v0.37.5...v0.37.6</a></p>
<h2>v0.37.5</h2>
<p>This patch release contains the backport of 3 fixes:</p>
<ul>
<li>fix handshake failure if <code>tls.Config.SessionTicketDisabled =
false</code>, but <code>tls.Config.GetConfigForClient</code> returns a
config that disables session tickets: <a
href="https://redirect.github.com/quic-go/quic-go/issues/4030">#4030</a></li>
<li>use the correct hash function for TLS_AES_256_GCM_SHA384: <a
href="https://redirect.github.com/quic-go/quic-go/issues/4031">#4031</a></li>
<li>automatically set the <code>tls.Config.ServerName</code>: <a
href="https://redirect.github.com/quic-go/quic-go/issues/4032">#4032</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.5">https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="21609ddfef"><code>21609dd</code></a>
don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (<a
href="https://redirect.github.com/quic-go/quic-go/issues/4200">#4200</a>)</li>
<li><a
href="d7aa627ebd"><code>d7aa627</code></a>
limit the number of queued PATH_RESPONSE frames to 256 (<a
href="https://redirect.github.com/quic-go/quic-go/issues/4199">#4199</a>)</li>
<li><a
href="e2c360ceec"><code>e2c360c</code></a>
reassemble post-handshake TLS messages before passing them to crypto/tls
(<a
href="https://redirect.github.com/quic-go/quic-go/issues/4038">#4038</a>)</li>
<li><a
href="e9f7f460bc"><code>e9f7f46</code></a>
automatically set the tls.Config.ServerName if unset (<a
href="https://redirect.github.com/quic-go/quic-go/issues/4032">#4032</a>)</li>
<li><a
href="12d84c4196"><code>12d84c4</code></a>
handshake: use the correct hash function for TLS_AES_256_GCM_SHA384 (<a
href="https://redirect.github.com/quic-go/quic-go/issues/4031">#4031</a>)</li>
<li><a
href="b1635df2f5"><code>b1635df</code></a>
ignore QUICConn.SendSessionTicket error if session tickets are disabled
(<a
href="https://redirect.github.com/quic-go/quic-go/issues/4030">#4030</a>)</li>
<li>See full diff in <a
href="https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/quic-go/quic-go&package-manager=go_modules&previous-version=0.37.4&new-version=0.37.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-10 18:55:35 +01:00
dependabot[bot]
9a5a56718e
Bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#3290)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from
0.14.0 to 0.17.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9d2ee975ef"><code>9d2ee97</code></a>
ssh: implement strict KEX protocol changes</li>
<li><a
href="4e5a26183e"><code>4e5a261</code></a>
ssh: close net.Conn on all NewServerConn errors</li>
<li><a
href="152cdb1503"><code>152cdb1</code></a>
x509roots/fallback: update bundle</li>
<li><a
href="fdfe1f8531"><code>fdfe1f8</code></a>
ssh: defer channel window adjustment</li>
<li><a
href="b8ffc16e10"><code>b8ffc16</code></a>
blake2b: drop Go 1.6, Go 1.8 compatibility</li>
<li><a
href="7e6fbd82c8"><code>7e6fbd8</code></a>
ssh: wrap errors from client handshake</li>
<li><a
href="bda2f3f5cf"><code>bda2f3f</code></a>
argon2: avoid clobbering BP</li>
<li><a
href="325b735346"><code>325b735</code></a>
ssh/test: skip TestSSHCLIAuth on Windows</li>
<li><a
href="1eadac50a5"><code>1eadac5</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="b2d7c26edb"><code>b2d7c26</code></a>
ssh: add (*Client).DialContext method</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/crypto/compare/v0.14.0...v0.17.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/crypto&package-manager=go_modules&previous-version=0.14.0&new-version=0.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-19 08:39:22 +01:00
Till
f93d1c4790
Use AckExplicitPolicy instead of AckAllPolicy (#3288)
Fixes https://github.com/matrix-org/dendrite/issues/3240 and potentially
a root cause for state resets.

While testing, I've had added some more debug logging:
```
time="2023-12-16T18:13:11.319458084Z" level=warning msg="already processed event" event_id="$qFYMl_F2vb1N0yxmvlFAMhqhGhLKq4kA-o_YCQKH7tQ" kind=KindNew times=2
time="2023-12-16T18:13:14.537389126Z" level=warning msg="already processed event" event_id="$EU-LTsKErT6Mt1k12-p_3xOHfiLaK6gtwVDlZ35lSuo" kind=KindNew times=5
time="2023-12-16T18:13:16.789551206Z" level=warning msg="already processed event" event_id="$dIPuAfTL5x0VyG873LKPslQeljCSxFT1WKxUtjIMUGE" kind=KindNew times=5
time="2023-12-16T18:13:17.383838767Z" level=warning msg="already processed event" event_id="$7noSZiCkzerpkz_UBO3iatpRnaOiPx-3IXc0GPDQVGE" kind=KindNew times=2
time="2023-12-16T18:13:22.091946597Z" level=warning msg="already processed event" event_id="$3Lvo3Wbi2ol9-nNbQ93N-E2MuGQCJZo5397KkFH-W6E" kind=KindNew times=1
time="2023-12-16T18:13:23.026417446Z" level=warning msg="already processed event" event_id="$lj1xS46zsLBCChhKOLJEG-bu7z-_pq9i_Y2DUIjzGy4" kind=KindNew times=4
```

So we did receive the same event over and over again. Given they are
`KindNew`, we don't short circuit if we already processed them, which
potentially caused the state to be calculated with a now wrong state
snapshot.

Also fixes the back pressure metric. We now correctly increment the
counter once we sent the message to NATS and decrement it once we
actually processed an event.
2023-12-19 08:25:47 +01:00
Till
b7054f4274
Version 0.13.5 (#3285) 2023-12-12 16:55:03 +01:00
Till Faelligen
210bce9938
Update GMSL to avoid logging unnecessary messages 2023-11-25 19:12:21 +01:00
dependabot[bot]
5c67eb99b3
Bump golang.org/x/image from 0.5.0 to 0.10.0 (#3257)
Bumps [golang.org/x/image](https://github.com/golang/image) from 0.5.0
to 0.10.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cb227cd2c9"><code>cb227cd</code></a>
tiff: limit work when decoding malicious images</li>
<li><a
href="a5392f068b"><code>a5392f0</code></a>
bmp: support to decode 8-bit format with up to 256 color palette</li>
<li><a
href="f9550b04a5"><code>f9550b0</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="81c166c49c"><code>81c166c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="ed5dba0ea2"><code>ed5dba0</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="08ca817286"><code>08ca817</code></a>
font: have Glyph return !ok for U+FFFD substitute</li>
<li><a
href="b6ac75bc59"><code>b6ac75b</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="1b7441254c"><code>1b74412</code></a>
font/sfnt: set type for all NameID constants</li>
<li><a
href="f632f7f87c"><code>f632f7f</code></a>
tiff, tiff/lzw, vector: use single space in comments</li>
<li>See full diff in <a
href="https://github.com/golang/image/compare/v0.5.0...v0.10.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/image&package-manager=go_modules&previous-version=0.5.0&new-version=0.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-03 08:13:34 +01:00
dependabot[bot]
8b4043473c
Bump github.com/nats-io/nkeys from 0.4.4 to 0.4.6 (#3252)
Bumps [github.com/nats-io/nkeys](https://github.com/nats-io/nkeys) from
0.4.4 to 0.4.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nats-io/nkeys/releases">github.com/nats-io/nkeys's
releases</a>.</em></p>
<blockquote>
<h2>v0.4.5</h2>
<h2>What's Changed</h2>
<ul>
<li>[CI] bump staticcheck GHAction by <a
href="https://github.com/philpennock"><code>@​philpennock</code></a> in
<a
href="https://redirect.github.com/nats-io/nkeys/pull/49">nats-io/nkeys#49</a></li>
<li>[FIX] added windows binary by <a
href="https://github.com/aricart"><code>@​aricart</code></a> in <a
href="https://redirect.github.com/nats-io/nkeys/pull/51">nats-io/nkeys#51</a></li>
<li>[FIX] YAML Enginering: quote go-version string by <a
href="https://github.com/philpennock"><code>@​philpennock</code></a> in
<a
href="https://redirect.github.com/nats-io/nkeys/pull/53">nats-io/nkeys#53</a></li>
<li>[FEAT] Use readKeyFile to read both seed file and public key file by
<a href="https://github.com/nanjj"><code>@​nanjj</code></a> in <a
href="https://redirect.github.com/nats-io/nkeys/pull/54">nats-io/nkeys#54</a></li>
<li>[FEAT] Made <code>decode</code> a little fast by <a
href="https://github.com/nanjj"><code>@​nanjj</code></a> in <a
href="https://redirect.github.com/nats-io/nkeys/pull/55">nats-io/nkeys#55</a></li>
<li>[REPO] Add issue forms by <a
href="https://github.com/bruth"><code>@​bruth</code></a> in <a
href="https://redirect.github.com/nats-io/nkeys/pull/56">nats-io/nkeys#56</a></li>
<li>[FIX] added binaries to match nats-server by <a
href="https://github.com/aricart"><code>@​aricart</code></a> in <a
href="https://redirect.github.com/nats-io/nkeys/pull/58">nats-io/nkeys#58</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/nats-io/nkeys/compare/v0.4.4...v0.4.5">https://github.com/nats-io/nkeys/compare/v0.4.4...v0.4.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="62e5d8c7c4"><code>62e5d8c</code></a>
Merge pull request <a
href="https://redirect.github.com/nats-io/nkeys/issues/60">#60</a> from
nats-io/0_4_6</li>
<li><a
href="f63761b84d"><code>f63761b</code></a>
[BUMP] release version and dependencies</li>
<li><a
href="d2e442ebad"><code>d2e442e</code></a>
Merge pull request <a
href="https://redirect.github.com/nats-io/nkeys/issues/59">#59</a> from
nats-io/empty</li>
<li><a
href="58fb9d69f4"><code>58fb9d6</code></a>
Make sure to use byte slice to receive proper copy, otherwise empty
public ke...</li>
<li><a
href="3e454c8ca1"><code>3e454c8</code></a>
Merge pull request <a
href="https://redirect.github.com/nats-io/nkeys/issues/58">#58</a> from
nats-io/arch-bins</li>
<li><a
href="53c0777667"><code>53c0777</code></a>
bump go to 1.21.x</li>
<li><a
href="d935834966"><code>d935834</code></a>
bump version number</li>
<li><a
href="6b488b3078"><code>6b488b3</code></a>
[FIX] added binaries to match nats-server</li>
<li><a
href="9fb41511a9"><code>9fb4151</code></a>
Merge pull request <a
href="https://redirect.github.com/nats-io/nkeys/issues/56">#56</a> from
nats-io/add-issue-forms</li>
<li><a
href="4647ec0912"><code>4647ec0</code></a>
Fix issue config discussions link</li>
<li>Additional commits viewable in <a
href="https://github.com/nats-io/nkeys/compare/v0.4.4...v0.4.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/nats-io/nkeys&package-manager=go_modules&previous-version=0.4.4&new-version=0.4.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-01 12:00:59 +01:00
dependabot[bot]
32f7c4b166
Bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible (#3250)
Bumps [github.com/docker/docker](https://github.com/docker/docker) from
24.0.5+incompatible to 24.0.7+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v24.0.7</h2>
<h2>24.0.7</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.7">docker/cli,
24.0.7 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.7">moby/moby,
24.0.7 milestone</a></li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>Write overlay2 layer metadata atomically. <a
href="https://redirect.github.com/moby/moby/pull/46703">moby/moby#46703</a></li>
<li>Fix &quot;Rootful-in-Rootless&quot; Docker-in-Docker on systemd
version 250 and later. <a
href="https://redirect.github.com/moby/moby/pull/46626">moby/moby#46626</a></li>
<li>Fix <code>dockerd-rootless-setuptools.sh</code> when username
contains a backslash. <a
href="https://redirect.github.com/moby/moby/pull/46407">moby/moby#46407</a></li>
<li>Fix a bug that would prevent network sandboxes to be fully deleted
when stopping containers with no network attachments and when
<code>dockerd --bridge=none</code> is used. <a
href="https://redirect.github.com/moby/moby/pull/46702">moby/moby#46702</a></li>
<li>Fix a bug where cancelling an API request could interrupt container
restart. <a
href="https://redirect.github.com/moby/moby/pull/46697">moby/moby#46697</a></li>
<li>Fix an issue where containers would fail to start when providing
<code>--ip-range</code> with a range larger than the subnet. <a
href="https://redirect.github.com/docker/for-mac/issues/6870">docker/for-mac#6870</a></li>
<li>Fix data corruption with zstd output. <a
href="https://redirect.github.com/moby/moby/pull/46709">moby/moby#46709</a></li>
<li>Fix the conditions under which the container's MAC address is
applied. <a
href="https://redirect.github.com/moby/moby/pull/46478">moby/moby#46478</a></li>
<li>Improve the performance of the stats collector. <a
href="https://redirect.github.com/moby/moby/pull/46448">moby/moby#46448</a></li>
<li>Fix an issue with source policy rules ending up in the wrong order.
<a
href="https://redirect.github.com/moby/moby/pull/46441">moby/moby#46441</a></li>
</ul>
<h3>Packaging updates</h3>
<ul>
<li>Add support for Fedora 39 and Ubuntu 23.10. <a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/940">docker/docker-ce-packaging#940</a>,
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/955">docker/docker-ce-packaging#955</a></li>
<li>Fix <code>docker.socket</code> not getting disabled when
uninstalling the <code>docker-ce</code> RPM package. <a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/852">docker/docker-ce-packaging#852</a></li>
<li>Upgrade Go to <code>go1.20.10</code>. <a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/951">docker/docker-ce-packaging#951</a></li>
<li>Upgrade containerd to <code>v1.7.6</code> (static binaries only). <a
href="https://redirect.github.com/moby/moby/pull/46103">moby/moby#46103</a></li>
<li>Upgrade the <code>containerd.io</code> package to <a
href="https://github.com/containerd/containerd/releases/tag/v1.6.24"><code>v1.6.24</code></a>.</li>
</ul>
<h3>Security</h3>
<ul>
<li>Deny containers access to <code>/sys/devices/virtual/powercap</code>
by default. This change hardens against <a
href="https://scout.docker.com/v/CVE-2020-8694">CVE-2020-8694</a>, <a
href="https://scout.docker.com/v/CVE-2020-8695">CVE-2020-8695</a>, and
<a href="https://scout.docker.com/v/CVE-2020-12912">CVE-2020-12912</a>,
and an attack known as <a href="https://platypusattack.com/">the
PLATYPUS attack</a>. For more details, see <a
href="https://github.com/moby/moby/security/advisories/GHSA-jq35-85cj-fj4p">advisory</a>,
<a
href="c9ccbfad11">commit</a>.</li>
</ul>
<h2>v24.0.6</h2>
<h2>24.0.6</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.6">docker/cli,
24.0.6 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.6">moby/moby,
24.0.6 milestone</a></li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>containerd storage backend: Fix <code>docker ps</code> failing when
a container image is no longer present in the content store. <a
href="https://redirect.github.com/moby/moby/pull/46095">moby/moby#46095</a></li>
<li>containerd storage backend: Fix <code>docker ps -s -a</code> and
<code>docker container prune</code> failing when a container image
config is no longer present in the content store. <a
href="https://redirect.github.com/moby/moby/pull/46097">moby/moby#46097</a></li>
<li>containerd storage backend: Fix <code>docker inspect</code> failing
when a container image config is no longer (or was never) present in the
content store. <a
href="https://redirect.github.com/moby/moby/pull/46244">moby/moby#46244</a></li>
<li>containerd storage backend: Fix diff and export with the
<code>overlayfs</code> snapshotter by using reference-counted rootfs
mounts. <a
href="https://redirect.github.com/moby/moby/pull/46266">moby/moby#46266</a></li>
<li>containerd storage backend: Fix a misleading error message when the
image platforms available locally do not match the desired platform. <a
href="https://redirect.github.com/moby/moby/pull/46300">moby/moby#46300</a></li>
<li>containerd storage backend: Fix the <code>FROM scratch</code>
Dockerfile instruction with the classic builder. <a
href="https://redirect.github.com/moby/moby/pull/46302">moby/moby#46302</a></li>
<li>containerd storage backend: Fix <code>mismatched image rootfs and
manifest layers</code> errors with the classic builder. <a
href="https://redirect.github.com/moby/moby/pull/46310">moby/moby#46310</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="311b9ff0aa"><code>311b9ff</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/46697">#46697</a>
from thaJeztah/24.0_backport_restart_nocancel</li>
<li><a
href="af608045ee"><code>af60804</code></a>
Merge pull request from GHSA-jq35-85cj-fj4p</li>
<li><a
href="3cf363e1ee"><code>3cf363e</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/46709">#46709</a>
from thaJeztah/24.0_backport_bump_compress</li>
<li><a
href="05d7386665"><code>05d7386</code></a>
daemon: daemon.containerRestart: don't cancel restart on context
cancel</li>
<li><a
href="649c9440f2"><code>649c944</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/46703">#46703</a>
from thaJeztah/24.0_backport_atomic-layer-data-write</li>
<li><a
href="9b20b1a5fe"><code>9b20b1a</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/46702">#46702</a>
from thaJeztah/24.0_backport_releaseNetwork_Network...</li>
<li><a
href="dd37b0b960"><code>dd37b0b</code></a>
vendor: github.com/klauspost/compress v1.17.2</li>
<li><a
href="7058c0d24d"><code>7058c0d</code></a>
vendor: github.com/klauspost/compress v1.16.5</li>
<li><a
href="57bd388582"><code>57bd388</code></a>
daemon: overlay2: Write layer metadata atomically</li>
<li><a
href="05d95fd503"><code>05d95fd</code></a>
daemon: release sandbox even when NetworkDisabled</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v24.0.5...v24.0.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=24.0.5+incompatible&new-version=24.0.7+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-31 07:59:19 +01:00
Till
4fa8512d57
Check event is not rejected (#3243)
Companion PR to https://github.com/matrix-org/gomatrixserverlib/pull/421
2023-10-25 09:47:21 +02:00
dependabot[bot]
c1d6b9aa8e
Bump github.com/nats-io/nats-server/v2 from 2.9.19 to 2.9.23 (#3238)
Bumps
[github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server)
from 2.9.19 to 2.9.23.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nats-io/nats-server/releases">github.com/nats-io/nats-server/v2's
releases</a>.</em></p>
<blockquote>
<h2>Release v2.9.23</h2>
<h2>Changelog</h2>
<h3>Go Version</h3>
<ul>
<li>1.20.10</li>
</ul>
<h3>Fixed</h3>
<p>Accounts</p>
<ul>
<li>Prevent bypassing authorization block when enabling system account
access in accounts block (<a
href="https://redirect.github.com/nats-io/nats-server/issues/4605">#4605</a>).
Backport from v2.10.2</li>
</ul>
<p>Leafnodes</p>
<ul>
<li>Prevent a leafnode cluster from receiving a message multiple times
in a queue subscription (<a
href="https://redirect.github.com/nats-io/nats-server/issues/4578">#4578</a>).
Backport from v2.10.2</li>
</ul>
<p>JetStream</p>
<ul>
<li>Hold lock when calculating the first message for subject in a
message block (<a
href="https://redirect.github.com/nats-io/nats-server/issues/4531">#4531</a>).
Backport from v2.10.0</li>
<li>Add self-healing mechanism to detect and delete orphaned Raft groups
(<a
href="https://redirect.github.com/nats-io/nats-server/issues/4647">#4647</a>).
Backport from v2.10.0</li>
<li>Prevent forward proposals in consumers after scaling down a stream
(<a
href="https://redirect.github.com/nats-io/nats-server/issues/4647">#4647</a>).
Backport from v2.10.0</li>
<li>Fix race condition during leader failover scenarios resulting in
potential duplicate messages being sourced (<a
href="https://redirect.github.com/nats-io/nats-server/issues/4592">#4592</a>).
Backport from v2.10.2</li>
</ul>
<h3>Complete Changes</h3>
<p><a
href="https://github.com/nats-io/nats-server/compare/v2.9.22...v2.9.23">https://github.com/nats-io/nats-server/compare/v2.9.22...v2.9.23</a></p>
<h2>Release v2.9.22</h2>
<h2>Changelog</h2>
<h3>Go Version</h3>
<ul>
<li>1.20.8 (updated out-of-cycle since Go 1.19 is now EOL)</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>github.com/nats-io/jwt/v2 v2.5.0</li>
<li>golang.org/x/crypto v0.12.0</li>
<li>golang.org/x/sys v0.11.0</li>
</ul>
<h3>Improved</h3>
<p>Monitoring</p>
<ul>
<li>CORS Allow-Origin passthrough for monitoring server (<a
href="https://redirect.github.com/nats-io/nats-server/issues/4423">#4423</a>)
Thanks to <a href="https://github.com/mdawar"><code>@​mdawar</code></a>
for the contribution!</li>
</ul>
<p>JetStream</p>
<ul>
<li>Improve consumer scaling reliability with filters and cluster
restart (<a
href="https://redirect.github.com/nats-io/nats-server/issues/4404">#4404</a>)</li>
<li>Send event on lame duck mode (LDM) to avoid placing assets on
shutting down nodes (<a
href="https://redirect.github.com/nats-io/nats-server/issues/4405">#4405</a>)</li>
<li>Skip filestore tombstones if downgrade from 2.10 occurs (<a
href="https://redirect.github.com/nats-io/nats-server/issues/4452">#4452</a>)</li>
<li>Adjust delivered and waiting count when consumer message delivery
fails (<a
href="https://redirect.github.com/nats-io/nats-server/issues/4472">#4472</a>)</li>
</ul>
<h3>Fixed</h3>
<p>Config</p>
<ul>
<li>Allow empty configs and fix JSON compatibility (<a
href="https://redirect.github.com/nats-io/nats-server/issues/4394">#4394</a>,
<a
href="https://redirect.github.com/nats-io/nats-server/issues/4418">#4418</a>)</li>
<li>Remove TLS OCSP debug log on reload (<a
href="https://redirect.github.com/nats-io/nats-server/issues/4453">#4453</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="45436e1e50"><code>45436e1</code></a>
Release v2.9.23 (<a
href="https://redirect.github.com/nats-io/nats-server/issues/4652">#4652</a>)</li>
<li><a
href="72ffa38b05"><code>72ffa38</code></a>
Release v2.9.23</li>
<li><a
href="05fe77fd08"><code>05fe77f</code></a>
Backport <a
href="https://redirect.github.com/nats-io/nats-server/issues/4592">#4592</a>
to 2.9 (<a
href="https://redirect.github.com/nats-io/nats-server/issues/4651">#4651</a>)</li>
<li><a
href="6a73e6824a"><code>6a73e68</code></a>
[2.9.x] Bump Travis Go version to 1.20.10 (<a
href="https://redirect.github.com/nats-io/nats-server/issues/4650">#4650</a>)</li>
<li><a
href="8b981a2621"><code>8b981a2</code></a>
Backports from v2.10 for v2.9.23 release (<a
href="https://redirect.github.com/nats-io/nats-server/issues/4647">#4647</a>)</li>
<li><a
href="28eb7c0ac2"><code>28eb7c0</code></a>
Only setup auto no-auth for $G account iff no authorization block was
defined.</li>
<li><a
href="9f16edd431"><code>9f16edd</code></a>
Make sure to not forward a message across a route for dq sub when we are
a sp...</li>
<li><a
href="0ac7895b98"><code>0ac7895</code></a>
Add in utility to detect and delete any NRG orphans.</li>
<li><a
href="50722e9ec1"><code>50722e9</code></a>
When scaling a consumer down make sure to pop the
loopAndForwardProposals go ...</li>
<li><a
href="770cf2edd6"><code>770cf2e</code></a>
Backport JetStream benchmarks improvements to 2.9.x (<a
href="https://redirect.github.com/nats-io/nats-server/issues/4644">#4644</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/nats-io/nats-server/compare/v2.9.19...v2.9.23">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/nats-io/nats-server/v2&package-manager=go_modules&previous-version=2.9.19&new-version=2.9.23)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Till <2353100+S7evinK@users.noreply.github.com>
2023-10-24 09:11:58 +02:00
Till
8b3adaf244
Fix state resets (#3231)
Needs https://github.com/matrix-org/gomatrixserverlib/pull/419

May fix: https://github.com/matrix-org/dendrite/issues/2508,
https://github.com/matrix-org/dendrite/issues/1760
2023-10-23 15:17:21 +02:00
dependabot[bot]
fe2955a4db
Bump golang.org/x/net from 0.14.0 to 0.17.0 (#3233)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to
0.17.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b225e7ca6d"><code>b225e7c</code></a>
http2: limit maximum handler goroutines to MaxConcurrentStreams</li>
<li><a
href="88194ad8ab"><code>88194ad</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="2b60a61f1e"><code>2b60a61</code></a>
quic: fix several bugs in flow control accounting</li>
<li><a
href="73d82efb96"><code>73d82ef</code></a>
quic: handle DATA_BLOCKED frames</li>
<li><a
href="5d5a036a50"><code>5d5a036</code></a>
quic: handle streams moving from the data queue to the meta queue</li>
<li><a
href="350aad2603"><code>350aad2</code></a>
quic: correctly extend peer's flow control window after MAX_DATA</li>
<li><a
href="21814e71db"><code>21814e7</code></a>
quic: validate connection id transport parameters</li>
<li><a
href="a600b3518e"><code>a600b35</code></a>
quic: avoid redundant MAX_DATA updates</li>
<li><a
href="ea633599b5"><code>ea63359</code></a>
http2: check stream body is present on read timeout</li>
<li><a
href="ddd8598e56"><code>ddd8598</code></a>
quic: version negotiation</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/net/compare/v0.14.0...v0.17.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/net&package-manager=go_modules&previous-version=0.14.0&new-version=0.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/matrix-org/dendrite/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-23 09:40:21 +02:00
Till
b341a66152
Version 0.13.3 (#3213) 2023-09-28 12:06:21 +02:00