aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-04-09Version 0.13.7 (#3349)v0.13.7helm-dendrite-0.14.1Till
2024-04-09Don't attempt to send transactions if Dendrite is shutting down (#3356)Till
This should avoid confusions with logs like: ``` time="2024-04-08T08:38:45.104235081Z" level=error msg="Failed to set \"scs.ems.host\" as assumed offline" func="github.com/matrix-org/dendrite/federationapi/statistics.(*ServerStatistics).Failure" file="github.com/matrix-org/dendrite/federationapi/statistics/statistics.go:204" error="sqlutil.WithTransaction.Begin: sql: database is closed" time="2024-04-08T08:38:45.104239201Z" level=error msg="Failed to set \"obermui.de\" as assumed offline" func="github.com/matrix-org/dendrite/federationapi/statistics.(*ServerStatistics).Failure" file="github.com/matrix-org/dendrite/federationapi/statistics/statistics.go:204" error="sqlutil.WithTransaction.Begin: sql: database is closed" ``` or ``` time="2024-04-08T08:38:45.105235411Z" level=error msg="Failed to get pending EDUs for \"retro76.net\"" func="github.com/matrix-org/dendrite/federationapi/queue.(*destinationQueue).getPendingFromDatabase" file="github.com/matrix-org/dendritefederationapi/queue/destinationqueue.go:258" error="sqlutil.WithTransaction.Begin: sql: database is closed" ``` [skip ci]
2024-04-08Return correct Content-Type for unrecognized requests (#3355)Till
Fixes #3354
2024-03-28Fix spaces over federation (#3347)Till
Fixes #2504 A few issues with the previous iteration: - We never returned `inaccessible_children`, which (if I read the code correctly), made Synapse raise an error and thus not returning the requested rooms - For restricted rooms, we didn't return the list of allowed rooms
2024-03-22Add getting/deleting single event report (#3344)Till
Based on https://github.com/matrix-org/dendrite/pull/3342 Adds `GET /_synapse/admin/v1/event_reports/{reportID}` and `DELETE /_synapse/admin/v1/event_reports/{reportID}`
2024-03-22Reuse existing NATS connection (#3345)Till
If using external NATS, we opened unnecessary connections. This now re-uses existing connections. [skip ci]
2024-03-22Add `/_synapse/admin/v1/event_reports` endpoint (#3342)Till
Based on #3340 This adds a `/_synapse/admin/v1/event_reports` endpoint, the same Synapse has. This way existing tools also work with Dendrite. Given this is already getting huge (even though many test lines), splitting this into two PRs. (The next adds "getting one report" and "deleting reports") [skip ci]
2024-03-22Bump github.com/docker/docker from 24.0.7+incompatible to ↵dependabot[bot]
24.0.9+incompatible (#3341) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 24.0.9+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v24.0.9</h2> <h2>24.0.9</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.9">docker/cli, 24.0.9 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.9">moby/moby, 24.0.9 milestone</a></li> </ul> <h2>Security</h2> <p>This release contains security fixes for the following CVEs affecting Docker Engine and its components.</p> <table> <thead> <tr> <th>CVE</th> <th>Component</th> <th>Fix version</th> <th>Severity</th> </tr> </thead> <tbody> <tr> <td><a href="https://scout.docker.com/v/CVE-2024-21626">CVE-2024-21626</a></td> <td>runc</td> <td>1.1.12</td> <td>High, CVSS 8.6</td> </tr> <tr> <td><a href="https://scout.docker.com/v/CVE-2024-24557">CVE-2024-24557</a></td> <td>Docker Engine</td> <td>24.0.9</td> <td>Medium, CVSS 6.9</td> </tr> </tbody> </table> <blockquote> <p><strong>Important</strong> ⚠️</p> <p>Note that this release of Docker Engine doesn't include fixes for the following known vulnerabilities in BuildKit:</p> <ul> <li><a href="https://scout.docker.com/v/CVE-2024-23651">CVE-2024-23651</a></li> <li><a href="https://scout.docker.com/v/CVE-2024-23652">CVE-2024-23652</a></li> <li><a href="https://scout.docker.com/v/CVE-2024-23653">CVE-2024-23653</a></li> <li><a href="https://scout.docker.com/v/CVE-2024-23650">CVE-2024-23650</a></li> </ul> <p>To address these vulnerabilities, upgrade to <a href="https://github.com/docker/docker/blob/HEAD/25.0.md#2502">Docker Engine v25.0.2</a>.</p> </blockquote> <p>For more information about the security issues addressed in this release, and the unaddressed vulnerabilities in BuildKit, refer to the <a href="https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/">blog post</a>. For details about each vulnerability, see the relevant security advisory:</p> <ul> <li><a href="https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv">CVE-2024-21626</a></li> <li><a href="https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc">CVE-2024-24557</a></li> </ul> <h3>Packaging updates</h3> <ul> <li>Upgrade runc to <a href="https://github.com/opencontainers/runc/releases/tag/v1.1.12">v1.1.12</a>. <a href="https://redirect.github.com/moby/moby/pull/47269">moby/moby#47269</a></li> <li>Upgrade containerd to <a href="https://github.com/containerd/containerd/releases/tag/v1.7.13">v1.7.13</a> (static binaries only). <a href="https://redirect.github.com/moby/moby/pull/47280">moby/moby#47280</a></li> </ul> <h2>v24.0.8</h2> <h2>24.0.8</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.8">docker/cli, 24.0.8 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.8">moby/moby, 24.0.8 milestone</a></li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>Live restore: Containers with auto remove (<code>docker run --rm</code>) are no longer forcibly removed on engine restart. <a href="https://redirect.github.com/moby/moby/pull/46869">moby/moby#46857</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/moby/moby/commit/fca702de7f71362c8d103073c7e4a1d0a467fadd"><code>fca702d</code></a> Merge pull request from GHSA-xw73-rw38-6vjc</li> <li><a href="https://github.com/moby/moby/commit/f78a7726d747847e443a5a5a4b4ad8ab31d87d78"><code>f78a772</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47281">#47281</a> from thaJeztah/24.0_backport_bump_containerd_binary...</li> <li><a href="https://github.com/moby/moby/commit/61afffeeb3d4264db7a697ca8bd3d25824bee182"><code>61afffe</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47270">#47270</a> from thaJeztah/24.0_backport_bump_runc_binary_1.1.12</li> <li><a href="https://github.com/moby/moby/commit/b38e74c4e095d584e21576e9cc43a355446e5b71"><code>b38e74c</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47276">#47276</a> from thaJeztah/24.0_backport_bump_runc_1.1.12</li> <li><a href="https://github.com/moby/moby/commit/dac56638adccd215bae6cc23146f29e4697e1e98"><code>dac5663</code></a> update containerd binary to v1.7.13</li> <li><a href="https://github.com/moby/moby/commit/20e1af361628a31afd1af58d25cd6ea4e495669f"><code>20e1af3</code></a> vendor: github.com/opencontainers/runc v1.1.12</li> <li><a href="https://github.com/moby/moby/commit/858919d39968c687de3afb0a0a3a212d60ef2a99"><code>858919d</code></a> update runc binary to v1.1.12</li> <li><a href="https://github.com/moby/moby/commit/141ad39e38a9a44b7487933d74815863c2c588e6"><code>141ad39</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47266">#47266</a> from vvoland/ci-fix-makeps1-templatefail-24</li> <li><a href="https://github.com/moby/moby/commit/db968c672bcd6eeed09a0ad35cac843a5ffe7e48"><code>db968c6</code></a> hack/make.ps1: Fix go list pattern</li> <li><a href="https://github.com/moby/moby/commit/61c51fbb5aeb648eb5f97704b8c75be3ccf1c9a0"><code>61c51fb</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/47221">#47221</a> from vvoland/pkg-pools-close-noop-24</li> <li>Additional commits viewable in <a href="https://github.com/docker/docker/compare/v24.0.7...v24.0.9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=24.0.7+incompatible&new-version=24.0.9+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-22Bump google.golang.org/protobuf from 1.30.0 to 1.33.0 (#3339)dependabot[bot]
Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/protobuf&package-manager=go_modules&previous-version=1.30.0&new-version=1.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21Add event reporting (#3340)Till
Part of #3216 and #3226 There will be a follow up PR which is going to add the same admin endpoints Synapse has, so existing tools also work for Dendrite.
2024-03-21Update golangci config (#3343)Till
`deadline` is now deprecated in favor of `timeout` and currently breaks CI. The other changes remove some warnings produced.
2024-03-05Query rooms with ACLs instead of all rooms (#3338)Till
This now should actually speed up startup times. This is because _many_ rooms (like DMs) don't have room ACLs, this means that we had around 95% pointless DB queries. (as queried on d.m.org)
2024-02-29[Helm] Update Postgres image to 16.2.0, update readmehelm-dendrite-0.14.0Till Faelligen
2024-02-29[helm] Update postgresql chart to 14.2.3 (#3292)Varac
This change introduces a major Postgresql upgrade (from 15.1.0 to 16.1.0). From https://artifacthub.io/packages/helm/bitnami/postgresql/13.2.24#to-13-0-0: This major version changes the default PostgreSQL image from 15.x to 16.x. Follow the [official instructions](https://www.postgresql.org/docs/15/upgrading.html) to upgrade to 16.x. ### Pull Request Checklist <!-- Please read https://matrix-org.github.io/dendrite/development/contributing before submitting your pull request --> * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately This PR doesn't need a Go unit tests since it doesn't touch any code, only the helm chart is affected. Signed-off-by: Varac Anero <varac@varac.net> --------- Signed-off-by: Varac Anero <varac@varac.net> Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com> [skip ci]
2024-02-29Use port number instead of name for k8s service port (#3256)Alexandre Oliveira
I've found an issue when deploying Dendrite's Helm chart on my local cluster. The template for generating an Ingress resource tries to find the service port using a name (`http`), but the template that generates the Service resource, instead, identifies the resource with a port number. According to the [Kubernetes ServiceSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/), `ports.targetPort` can be either a number or a string; if it's the latter, it will be looked up as a named port in the pod's container ports. ### Pull Request Checklist <!-- Please read https://matrix-org.github.io/dendrite/development/contributing before submitting your pull request --> * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately [skip ci]
2024-02-29chore(helm): use empty/nil storageClass for helm-docs (#3245)helm-dendrite-0.13.8WrenIX
i believe that `nil` would be false in the if : ```yaml storageClass: ``` is still handled correct. --- In past ( #3191 ), will have the problem with an empty string `""`: ```yaml storageClass: "" ``` --- do you take another look @S7evinK ? Signed-off-by: WrenIX <dev.github@wrenix.eu>
2024-02-28fix(helm): change strategy to Recreate (#3325)WrenIX
Current dendrite needs an PVC and replica of 1 is forced, so best way of update and change of configuration is to stop and start (instatt of start multiple dendrite pod with deadlock of binding pvc) see: #3258 ### Pull Request Checklist <!-- Please read https://matrix-org.github.io/dendrite/development/contributing before submitting your pull request --> * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Your Name <your@email.example.org>` - [x] version bump of helm Chart Signed-off-by: WrenIX <dev.github@wrenix.eu> [skip ci]
2024-02-28Bump nokogiri from 1.14.3 to 1.16.2 in /docs (#3319)dependabot[bot]
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.14.3 to 1.16.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>v1.16.2 / 2024-02-04</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j">GHSA-xc9x-jj77-9p9j</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5">v2.12.5</a> from v2.12.4. (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d nokogiri-1.16.2-aarch64-linux.gem 6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57 nokogiri-1.16.2-arm-linux.gem c957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8 nokogiri-1.16.2-arm64-darwin.gem 122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310 nokogiri-1.16.2-java.gem 7344b5072ca69fc5bedb61cb01a3b765b93a27aae5a2a845c2ba7200e4345074 nokogiri-1.16.2-x64-mingw-ucrt.gem a2a5e184a424111a0d5b77947986484920ad708009c667f061e8d02035c562dd nokogiri-1.16.2-x64-mingw32.gem 833efddeb51a6c2c9f6356295623c2b2e0d50050d468695c59bd929162953323 nokogiri-1.16.2-x86-linux.gem e67fc0418dffaff9dc8b1dc65f0605282c3fee9488832d0223b620b4319e0b53 nokogiri-1.16.2-x86-mingw32.gem 5def799e5f139f21a79d7cf71172313a7b6fb0e4b2a31ab9bd5d4ad305994539 nokogiri-1.16.2-x86_64-darwin.gem 5b146240ac6ec6c40fd4367623e74442bca45a542bd3282b1d4d18b07b8e5dfe nokogiri-1.16.2-x86_64-linux.gem 68922ee5cde27497d995c46f2821957bae961947644eed2822d173daf7567f9c nokogiri-1.16.2.gem </code></pre> <h2>v1.16.1 / 2024-02-03</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.4">v2.12.4</a> from v2.12.3. (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] <code>XML::Reader</code> defaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2891">#2891</a> (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</li> <li>[CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3090">#3090</a> (<a href="https://github.com/adfoster-r7"><code>@​adfoster-r7</code></a>)</li> <li>[CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3116">#3116</a>] (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</li> <li>[CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3100">#3100</a>] (<a href="https://github.com/stevecheckoway"><code>@​stevecheckoway</code></a>)</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>a541f35e5b9798a0c97300f9ee18f4217da2a2945a6d5499e4123b9018f9cafc nokogiri-1.16.1-aarch64-linux.gem 6b82affd195000ab2f9c36cc08744ec2d2fcf6d8da88d59a2db67e83211f7c69 nokogiri-1.16.1-arm-linux.gem &lt;/tr&gt;&lt;/table&gt; </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>v1.16.2 / 2024-02-04</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j">GHSA-xc9x-jj77-9p9j</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5">v2.12.5</a> from v2.12.4. (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</li> </ul> <h2>v1.16.1 / 2024-02-03</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.4">v2.12.4</a> from v2.12.3. (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] <code>XML::Reader</code> defaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2891">#2891</a> (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</li> <li>[CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3090">#3090</a> (<a href="https://github.com/adfoster-r7"><code>@​adfoster-r7</code></a>)</li> <li>[CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3116">#3116</a>] (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</li> <li>[CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3100">#3100</a>] (<a href="https://github.com/stevecheckoway"><code>@​stevecheckoway</code></a>)</li> </ul> <h2>v1.16.0 / 2023-12-27</h2> <h3>Notable Changes</h3> <h4>Ruby</h4> <p>This release introduces native gem support for Ruby 3.3.</p> <p>This release ends support for Ruby 2.7, for which <a href="https://www.ruby-lang.org/en/downloads/branches/">upstream support ended 2023-03-31</a>.</p> <h4>Pattern matching</h4> <p>This version marks <em>official support</em> for the pattern matching API in <code>XML::Attr</code>, <code>XML::Document</code>, <code>XML::DocumentFragment</code>, <code>XML::Namespace</code>, <code>XML::Node</code>, and <code>XML::NodeSet</code> (and their subclasses), originally introduced as an experimental feature in v1.14.0. (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</p> <p>Documentation on what can be matched:</p> <ul> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Attr.html?h=deconstruct#method-i-deconstruct_keys"><code>XML::Attr#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Document.html?h=deconstruct#method-i-deconstruct_keys"><code>XML::Document#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Namespace.html?h=deconstruct+namespace#method-i-deconstruct_keys"><code>XML::Namespace#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Node.html?h=deconstruct#method-i-deconstruct_keys"><code>XML::Node#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/DocumentFragment.html?h=deconstruct#method-i-deconstruct"><code>XML::DocumentFragment#deconstruct</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/NodeSet.html?h=deconstruct#method-i-deconstruct"><code>XML::NodeSet#deconstruct</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sparklemotion/nokogiri/commit/673756fdd69d1036874b7d7250cc38a51fd4d7b8"><code>673756f</code></a> version bump to v1.16.2</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/74ffd67a8efb9972657e5c4625fd8419bbccbe06"><code>74ffd67</code></a> dep: update libxml to 2.12.5 (branch v1.16.x) (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3122">#3122</a>)</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/0d4018dc7009580659c101fc41efb3babcfec229"><code>0d4018d</code></a> dep: update libxml2 to v2.12.5</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/f33a25f4378df33912ebc6b4ebc0f9e8e80ddfa8"><code>f33a25f</code></a> dep: remove patch from <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3112">#3112</a> which has been released upstream</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/e99416896a182bc520a7940bbe286ec33597ab2b"><code>e994168</code></a> version bump to v1.16.1</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/77ea2f228c20e79c848ca2906813ea5b5010281b"><code>77ea2f2</code></a> dev: add files to manifest ignore list</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/756f27c6b7a23294d84bdcca5e03a639d0dd7421"><code>756f27c</code></a> build(deps): bump actions/{download,upload}-artifact from 3 to 4</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/464f8d41eb73ca9c6dae0b366afcf5f4e8bff342"><code>464f8d4</code></a> .gitignore: clangd-related files</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/2beeb960691df28dd5ebf828192c65b60250670f"><code>2beeb96</code></a> doc: update CHANGELOG</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/a26536d7a41fd40c52940e165bb5a4f6b4c39662"><code>a26536d</code></a> fix: apply upstream patch for in-context parsing (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3116">#3116</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.14.3...v1.16.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nokogiri&package-manager=bundler&previous-version=1.14.3&new-version=1.16.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> [skip ci]
2024-02-28FAQ.md: jetstream needs to be backed up too. (#3327)Anton Molyboha
In the section "What data needs to be kept if transferring/backing up Dendrite?" of the FAQ, add jetstream directory to the list. It seems to be a common mistake when moving dendrite to a different computer, that the jetstream directory is not copied. ### Pull Request Checklist <!-- Please read https://matrix-org.github.io/dendrite/development/contributing before submitting your pull request --> * [ ] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Anton Molyboha <anton.molyboha@gmail.com>`
2024-02-28Make usage of relays optional, avoid DB roundtrips (#3337)Till
This should avoid 2 additional DB roundtrips if we don't want to use relays. So instead of possibly doing roughly 20k trips to the DB, we are now "only" doing ~6600. --------- Co-authored-by: devonh <devon.dmytro@gmail.com>
2024-02-28Cache ACLs regexes (#3336)Till
Since #3334 didn't change much on d.m.org, this is another attempt to speed up startup. Given moderation bots like Mjolnir/Draupnir are in many rooms with quite often the same or similar ACLs, caching the compiled regexes _should_ reduce the startup time. Using a pointer to the `*regexp.Regex` ensures we only store _one_ instance of a regex in memory, instead of potentially storing it hundred of times. This should reduce memory consumption on servers with many rooms with ACLs drastically. (5.1MB vs 1.7MB with this change on my server with 8 ACL'd rooms [3 using the same ACLs]) [skip ci]
2024-02-21Speed up start up time by batch querying ACL events (#3334)Till
This should significantly speed up start up times on servers with many rooms.
2024-02-20Limit filter to `limit/2` for before/after events on `/context` (#3332)Till
Part of https://github.com/matrix-org/dendrite/issues/3224
2024-02-19Remove unused `token` (#3331)Till
Part of https://github.com/matrix-org/dendrite/issues/3225
2024-02-13Fix `/createRoom` and `/invite` containing displayname/avatarURL of inviter ↵Till
(#3326) Fixes #3324
2024-02-08Update all the CI actions (#3323)Till
Also adds a job for the scheduled CI run to only run if there has been a commit in the last 24h ([StackOverflow](https://stackoverflow.com/questions/63014786/how-to-schedule-a-github-actions-nightly-build-but-run-it-only-when-there-where)) [skip ci]
2024-02-07Disable Element Web tests, only run csapi and federation testsTill Faelligen
2024-02-03Modernize appservice paths and authentication (#3316)Tulir Asokan
This brings Dendrite's appservice spec support up to v1.4, from the previous level of pre-release-spec support only (even r0.1.0 wasn't supported for pushing transactions 🙃). There are config options to revert to the old behavior, but the default is v1.4+ only. [Synapse also does that](https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#use_appservice_legacy_authorization) mautrix bridges will drop support for legacy paths and authentication soon (and possibly also require matrix v1.4 to be advertised, but I might add some workaround to not require that for dendrite) Signed-off-by: Tulir Asokan <tulir@maunium.net>
2024-01-29Fix x86 tests (#3317)Till
x86 tests broke with #3298 (Not exactly the tests modified here, but `TestMessageHistoryVisibility`)
2024-01-26Version 0.13.6 (#3315)v0.13.6helm-dendrite-0.13.7Till
2024-01-25Move `/joined_members` back to the clientapi/roomserver (#3312)Till
Partly reverts #2827 by moving `/joined_members` back to the clientAPI/roomserver
2024-01-25Allow + in MIDs as per MSC4009 (#3313)Matthew Strapp
This PR adds `+` to the username regex, per MSC4009. ### Pull Request Checklist <!-- Please read https://matrix-org.github.io/dendrite/development/contributing before submitting your pull request --> * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Matt Strapp <matt@mattstrapp.net>`
2024-01-25Only fetch events once for all rooms (#3311)Joakim Recht
This refactors `PDUStreamProvider` a bit so that it doesn't trigger a database query per room, but instead utilizes the fact that it's possible to bulk query. This improves sync performance significantly when you have 1000s of rooms. ### Pull Request Checklist <!-- Please read https://matrix-org.github.io/dendrite/development/contributing before submitting your pull request --> * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Joakim Recht <joakim@beyondwork.ai>`
2024-01-24Update sentry reporting (#3305)Till
This hopefully reduces the garbage we currently produce. (Using [GlitchTip](https://glitchtip.com/) on my personal instance, this seems to look better)
2024-01-20Optimize `PrevEventIDs` when getting thousands of backwards extremeties (#3308)Till
Changes how many `PrevEventIDs` we send to other servers when backfilling, capped to 100 events. Unsure about how representative this benchmark is.. ``` goos: linux goarch: amd64 pkg: github.com/matrix-org/dendrite/roomserver/api cpu: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz │ old.txt │ new.txt │ │ sec/op │ sec/op vs base │ PrevEventIDs/Original1-8 264.9n ± 5% 237.4n ± 7% -10.36% (p=0.000 n=10) PrevEventIDs/Original10-8 3.101µ ± 4% 1.590µ ± 2% -48.72% (p=0.000 n=10) PrevEventIDs/Original100-8 44.32µ ± 2% 12.80µ ± 4% -71.11% (p=0.000 n=10) PrevEventIDs/Original500-8 263.835µ ± 4% 7.907µ ± 4% -97.00% (p=0.000 n=10) PrevEventIDs/Original1000-8 578.798µ ± 2% 7.620µ ± 2% -98.68% (p=0.000 n=10) PrevEventIDs/Original2000-8 1272.039µ ± 2% 8.241µ ± 9% -99.35% (p=0.000 n=10) geomean 43.81µ 3.659µ -91.65% │ old.txt │ new.txt │ │ B/op │ B/op vs base │ PrevEventIDs/Original1-8 72.00 ± 0% 48.00 ± 0% -33.33% (p=0.000 n=10) PrevEventIDs/Original10-8 1512.0 ± 0% 500.0 ± 0% -66.93% (p=0.000 n=10) PrevEventIDs/Original100-8 11.977Ki ± 0% 7.023Ki ± 0% -41.36% (p=0.000 n=10) PrevEventIDs/Original500-8 67.227Ki ± 0% 7.023Ki ± 0% -89.55% (p=0.000 n=10) PrevEventIDs/Original1000-8 163.227Ki ± 0% 7.023Ki ± 0% -95.70% (p=0.000 n=10) PrevEventIDs/Original2000-8 347.227Ki ± 0% 7.023Ki ± 0% -97.98% (p=0.000 n=10) geomean 12.96Ki 1.954Ki -84.92% │ old.txt │ new.txt │ │ allocs/op │ allocs/op vs base │ PrevEventIDs/Original1-8 2.000 ± 0% 1.000 ± 0% -50.00% (p=0.000 n=10) PrevEventIDs/Original10-8 6.000 ± 0% 2.000 ± 0% -66.67% (p=0.000 n=10) PrevEventIDs/Original100-8 9.000 ± 0% 3.000 ± 0% -66.67% (p=0.000 n=10) PrevEventIDs/Original500-8 12.000 ± 0% 3.000 ± 0% -75.00% (p=0.000 n=10) PrevEventIDs/Original1000-8 14.000 ± 0% 3.000 ± 0% -78.57% (p=0.000 n=10) PrevEventIDs/Original2000-8 16.000 ± 0% 3.000 ± 0% -81.25% (p=0.000 n=10) geomean 8.137 2.335 -71.31% ```
2024-01-20Don't send device list updates upon registration (#3307)Till
Fixes https://github.com/matrix-org/dendrite/issues/3273 As we otherwise send down device list updates which are merely useful for the user and causes tests to be flakey: ``` ❌ TestPushSync/Adding_a_push_rule_wakes_up_an_incremental_/sync (10ms) push_test.go:57: no pushrules found in sync response: {"next_batch":"s0_0_0_0_0_1_1_0_1","device_lists":{"changed":["@user-1:hs1"]}} ``` What this does: If a `PerformDeviceCreation` request is coming from registering an account, it does **not** send device list updates, as they are merely useful (no joined rooms, no one to inform) . In all other cases, the behavior is unchanged and device list updates are sent as usual.
2024-01-17Add login fallback (#3302)Till
Part of https://github.com/matrix-org/dendrite/issues/3216 The files are basically copied from Synapse, with minor changes to the called endpoints. We never seem to have had the `/_matrix/static/client/login/` endpoint, this adds it.
2024-01-15Update GMSL (#3303)Till
If I didn't miss anything, this should add fixes from: https://github.com/matrix-org/gomatrixserverlib/pull/424 https://github.com/matrix-org/gomatrixserverlib/pull/426 https://github.com/matrix-org/gomatrixserverlib/pull/427 https://github.com/matrix-org/gomatrixserverlib/pull/428 https://github.com/matrix-org/gomatrixserverlib/pull/429 https://github.com/matrix-org/gomatrixserverlib/pull/430
2024-01-10Bump github.com/quic-go/quic-go from 0.37.4 to 0.37.7 (#3300)dependabot[bot]
Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.37.4 to 0.37.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/quic-go/quic-go/releases">github.com/quic-go/quic-go's releases</a>.</em></p> <blockquote> <h2>v0.37.7</h2> <p>This release contains fixes for the Honeybadger vulnerability (CVE-2023-49295):</p> <ul> <li>limit the number of queued PATH_RESPONSE frames to 256 (<a href="https://redirect.github.com/quic-go/quic-go/issues/4199">#4199</a>)</li> <li>don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (<a href="https://redirect.github.com/quic-go/quic-go/issues/4200">#4200</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/quic-go/quic-go/compare/v0.37.6...v0.37.7">https://github.com/quic-go/quic-go/compare/v0.37.6...v0.37.7</a></p> <h2>v0.37.6</h2> <p>This patch release contains a backport of <a href="https://redirect.github.com/quic-go/quic-go/pull/4038">quic-go/quic-go#4038</a>.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/quic-go/quic-go/compare/v0.37.5...v0.37.6">https://github.com/quic-go/quic-go/compare/v0.37.5...v0.37.6</a></p> <h2>v0.37.5</h2> <p>This patch release contains the backport of 3 fixes:</p> <ul> <li>fix handshake failure if <code>tls.Config.SessionTicketDisabled = false</code>, but <code>tls.Config.GetConfigForClient</code> returns a config that disables session tickets: <a href="https://redirect.github.com/quic-go/quic-go/issues/4030">#4030</a></li> <li>use the correct hash function for TLS_AES_256_GCM_SHA384: <a href="https://redirect.github.com/quic-go/quic-go/issues/4031">#4031</a></li> <li>automatically set the <code>tls.Config.ServerName</code>: <a href="https://redirect.github.com/quic-go/quic-go/issues/4032">#4032</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.5">https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.5</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/quic-go/quic-go/commit/21609ddfeff93668c7625a85eb09f1541fdad965"><code>21609dd</code></a> don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (<a href="https://redirect.github.com/quic-go/quic-go/issues/4200">#4200</a>)</li> <li><a href="https://github.com/quic-go/quic-go/commit/d7aa627ebde91cf799ada2a07443faa9b1e5abb8"><code>d7aa627</code></a> limit the number of queued PATH_RESPONSE frames to 256 (<a href="https://redirect.github.com/quic-go/quic-go/issues/4199">#4199</a>)</li> <li><a href="https://github.com/quic-go/quic-go/commit/e2c360ceec4689af76720ce79d3c2aeb1569694f"><code>e2c360c</code></a> reassemble post-handshake TLS messages before passing them to crypto/tls (<a href="https://redirect.github.com/quic-go/quic-go/issues/4038">#4038</a>)</li> <li><a href="https://github.com/quic-go/quic-go/commit/e9f7f460bc7941a4cee7e516098ba44d5a98471c"><code>e9f7f46</code></a> automatically set the tls.Config.ServerName if unset (<a href="https://redirect.github.com/quic-go/quic-go/issues/4032">#4032</a>)</li> <li><a href="https://github.com/quic-go/quic-go/commit/12d84c419609571bed143ca5174b23986efee1a4"><code>12d84c4</code></a> handshake: use the correct hash function for TLS_AES_256_GCM_SHA384 (<a href="https://redirect.github.com/quic-go/quic-go/issues/4031">#4031</a>)</li> <li><a href="https://github.com/quic-go/quic-go/commit/b1635df2f55e0b75548ba7a1a42ec7f181e0e14c"><code>b1635df</code></a> ignore QUICConn.SendSessionTicket error if session tickets are disabled (<a href="https://redirect.github.com/quic-go/quic-go/issues/4030">#4030</a>)</li> <li>See full diff in <a href="https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/quic-go/quic-go&package-manager=go_modules&previous-version=0.37.4&new-version=0.37.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-10Add CORP header to `/download` and `/thumbnail` (#3299)Till
Part of #3222 https://github.com/matrix-org/matrix-spec-proposals/pull/3828
2024-01-09Handle empty from in /messages as per MSC3567 (#3298)devonh
2024-01-09Return `M_INVALID_PARAM` instead of `M_BAD_JSON` when setting aliases (#3297)Till
Part of https://github.com/matrix-org/dendrite/issues/3223 (https://github.com/matrix-org/matrix-spec/pull/1286) (For `DELETE` we don't validate the alias, but just return a 404 if we can't find it)
2024-01-08Fix notary keys requests for all keys (#3296)Till
This should be more spec compliant: > If no key IDs are given to be queried, the notary server should query for all keys.
2023-12-30Fix panic if unable to assign a state key NID (#3294)Till
2023-12-19Bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#3290)dependabot[bot]
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"><code>9d2ee97</code></a> ssh: implement strict KEX protocol changes</li> <li><a href="https://github.com/golang/crypto/commit/4e5a26183ecb4f9a0f85c8f8dbe7982885435436"><code>4e5a261</code></a> ssh: close net.Conn on all NewServerConn errors</li> <li><a href="https://github.com/golang/crypto/commit/152cdb1503ebc13bc0fbb68f92ee189ebf9e3d00"><code>152cdb1</code></a> x509roots/fallback: update bundle</li> <li><a href="https://github.com/golang/crypto/commit/fdfe1f8531a1adcc300c8eba98cb372044826d62"><code>fdfe1f8</code></a> ssh: defer channel window adjustment</li> <li><a href="https://github.com/golang/crypto/commit/b8ffc16e10063067bac0e15c6d7f7995937503ce"><code>b8ffc16</code></a> blake2b: drop Go 1.6, Go 1.8 compatibility</li> <li><a href="https://github.com/golang/crypto/commit/7e6fbd82c804e1760feb603fe21caecb0af0a124"><code>7e6fbd8</code></a> ssh: wrap errors from client handshake</li> <li><a href="https://github.com/golang/crypto/commit/bda2f3f5cfce3f27039acccd823693f6d67c2a74"><code>bda2f3f</code></a> argon2: avoid clobbering BP</li> <li><a href="https://github.com/golang/crypto/commit/325b735346247f48971d2b37d24dd180a35f391f"><code>325b735</code></a> ssh/test: skip TestSSHCLIAuth on Windows</li> <li><a href="https://github.com/golang/crypto/commit/1eadac50a566dfaa1b603ca15e8ad3cbd1c77b20"><code>1eadac5</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/b2d7c26edb17864f117d8b0ee73c1843bcc6090f"><code>b2d7c26</code></a> ssh: add (*Client).DialContext method</li> <li>Additional commits viewable in <a href="https://github.com/golang/crypto/compare/v0.14.0...v0.17.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/crypto&package-manager=go_modules&previous-version=0.14.0&new-version=0.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-19Use `AckExplicitPolicy` instead of `AckAllPolicy` (#3288)Till
Fixes https://github.com/matrix-org/dendrite/issues/3240 and potentially a root cause for state resets. While testing, I've had added some more debug logging: ``` time="2023-12-16T18:13:11.319458084Z" level=warning msg="already processed event" event_id="$qFYMl_F2vb1N0yxmvlFAMhqhGhLKq4kA-o_YCQKH7tQ" kind=KindNew times=2 time="2023-12-16T18:13:14.537389126Z" level=warning msg="already processed event" event_id="$EU-LTsKErT6Mt1k12-p_3xOHfiLaK6gtwVDlZ35lSuo" kind=KindNew times=5 time="2023-12-16T18:13:16.789551206Z" level=warning msg="already processed event" event_id="$dIPuAfTL5x0VyG873LKPslQeljCSxFT1WKxUtjIMUGE" kind=KindNew times=5 time="2023-12-16T18:13:17.383838767Z" level=warning msg="already processed event" event_id="$7noSZiCkzerpkz_UBO3iatpRnaOiPx-3IXc0GPDQVGE" kind=KindNew times=2 time="2023-12-16T18:13:22.091946597Z" level=warning msg="already processed event" event_id="$3Lvo3Wbi2ol9-nNbQ93N-E2MuGQCJZo5397KkFH-W6E" kind=KindNew times=1 time="2023-12-16T18:13:23.026417446Z" level=warning msg="already processed event" event_id="$lj1xS46zsLBCChhKOLJEG-bu7z-_pq9i_Y2DUIjzGy4" kind=KindNew times=4 ``` So we did receive the same event over and over again. Given they are `KindNew`, we don't short circuit if we already processed them, which potentially caused the state to be calculated with a now wrong state snapshot. Also fixes the back pressure metric. We now correctly increment the counter once we sent the message to NATS and decrement it once we actually processed an event.
2023-12-12Also pin Pinecone and Yggdrasil demoTill Faelligen
2023-12-12Version 0.13.5 (#3285)v0.13.5helm-dendrite-0.13.6Till
2023-12-12Introduce a new stream for the appservice consumer (#3277)Till
This introduces a new stream the syncAPI produces to once it processed a `OutputRoomEvent` and the appservices consumes. This is to work around a race condition where appservices receive an event before the syncAPI has handled it, this can result in e.g. calls to `/joined_members` returning a wrong membership list.
2023-12-12Allow some content types to be inlined (#3274)Till
"Shamelessly" stolen from https://github.com/matrix-org/synapse/pull/15988