aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-02-29chore(helm): use empty/nil storageClass for helm-docs (#3245)helm-dendrite-0.13.8WrenIX
i believe that `nil` would be false in the if : ```yaml storageClass: ``` is still handled correct. --- In past ( #3191 ), will have the problem with an empty string `""`: ```yaml storageClass: "" ``` --- do you take another look @S7evinK ? Signed-off-by: WrenIX <dev.github@wrenix.eu>
2024-02-28fix(helm): change strategy to Recreate (#3325)WrenIX
Current dendrite needs an PVC and replica of 1 is forced, so best way of update and change of configuration is to stop and start (instatt of start multiple dendrite pod with deadlock of binding pvc) see: #3258 ### Pull Request Checklist <!-- Please read https://matrix-org.github.io/dendrite/development/contributing before submitting your pull request --> * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Your Name <your@email.example.org>` - [x] version bump of helm Chart Signed-off-by: WrenIX <dev.github@wrenix.eu> [skip ci]
2024-02-28Bump nokogiri from 1.14.3 to 1.16.2 in /docs (#3319)dependabot[bot]
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.14.3 to 1.16.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>v1.16.2 / 2024-02-04</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j">GHSA-xc9x-jj77-9p9j</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5">v2.12.5</a> from v2.12.4. (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d nokogiri-1.16.2-aarch64-linux.gem 6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57 nokogiri-1.16.2-arm-linux.gem c957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8 nokogiri-1.16.2-arm64-darwin.gem 122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310 nokogiri-1.16.2-java.gem 7344b5072ca69fc5bedb61cb01a3b765b93a27aae5a2a845c2ba7200e4345074 nokogiri-1.16.2-x64-mingw-ucrt.gem a2a5e184a424111a0d5b77947986484920ad708009c667f061e8d02035c562dd nokogiri-1.16.2-x64-mingw32.gem 833efddeb51a6c2c9f6356295623c2b2e0d50050d468695c59bd929162953323 nokogiri-1.16.2-x86-linux.gem e67fc0418dffaff9dc8b1dc65f0605282c3fee9488832d0223b620b4319e0b53 nokogiri-1.16.2-x86-mingw32.gem 5def799e5f139f21a79d7cf71172313a7b6fb0e4b2a31ab9bd5d4ad305994539 nokogiri-1.16.2-x86_64-darwin.gem 5b146240ac6ec6c40fd4367623e74442bca45a542bd3282b1d4d18b07b8e5dfe nokogiri-1.16.2-x86_64-linux.gem 68922ee5cde27497d995c46f2821957bae961947644eed2822d173daf7567f9c nokogiri-1.16.2.gem </code></pre> <h2>v1.16.1 / 2024-02-03</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.4">v2.12.4</a> from v2.12.3. (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] <code>XML::Reader</code> defaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2891">#2891</a> (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</li> <li>[CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3090">#3090</a> (<a href="https://github.com/adfoster-r7"><code>@​adfoster-r7</code></a>)</li> <li>[CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3116">#3116</a>] (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</li> <li>[CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3100">#3100</a>] (<a href="https://github.com/stevecheckoway"><code>@​stevecheckoway</code></a>)</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>a541f35e5b9798a0c97300f9ee18f4217da2a2945a6d5499e4123b9018f9cafc nokogiri-1.16.1-aarch64-linux.gem 6b82affd195000ab2f9c36cc08744ec2d2fcf6d8da88d59a2db67e83211f7c69 nokogiri-1.16.1-arm-linux.gem &lt;/tr&gt;&lt;/table&gt; </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>v1.16.2 / 2024-02-04</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j">GHSA-xc9x-jj77-9p9j</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5">v2.12.5</a> from v2.12.4. (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</li> </ul> <h2>v1.16.1 / 2024-02-03</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.4">v2.12.4</a> from v2.12.3. (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] <code>XML::Reader</code> defaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2891">#2891</a> (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</li> <li>[CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3090">#3090</a> (<a href="https://github.com/adfoster-r7"><code>@​adfoster-r7</code></a>)</li> <li>[CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3116">#3116</a>] (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</li> <li>[CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3100">#3100</a>] (<a href="https://github.com/stevecheckoway"><code>@​stevecheckoway</code></a>)</li> </ul> <h2>v1.16.0 / 2023-12-27</h2> <h3>Notable Changes</h3> <h4>Ruby</h4> <p>This release introduces native gem support for Ruby 3.3.</p> <p>This release ends support for Ruby 2.7, for which <a href="https://www.ruby-lang.org/en/downloads/branches/">upstream support ended 2023-03-31</a>.</p> <h4>Pattern matching</h4> <p>This version marks <em>official support</em> for the pattern matching API in <code>XML::Attr</code>, <code>XML::Document</code>, <code>XML::DocumentFragment</code>, <code>XML::Namespace</code>, <code>XML::Node</code>, and <code>XML::NodeSet</code> (and their subclasses), originally introduced as an experimental feature in v1.14.0. (<a href="https://github.com/flavorjones"><code>@​flavorjones</code></a>)</p> <p>Documentation on what can be matched:</p> <ul> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Attr.html?h=deconstruct#method-i-deconstruct_keys"><code>XML::Attr#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Document.html?h=deconstruct#method-i-deconstruct_keys"><code>XML::Document#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Namespace.html?h=deconstruct+namespace#method-i-deconstruct_keys"><code>XML::Namespace#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Node.html?h=deconstruct#method-i-deconstruct_keys"><code>XML::Node#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/DocumentFragment.html?h=deconstruct#method-i-deconstruct"><code>XML::DocumentFragment#deconstruct</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/NodeSet.html?h=deconstruct#method-i-deconstruct"><code>XML::NodeSet#deconstruct</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sparklemotion/nokogiri/commit/673756fdd69d1036874b7d7250cc38a51fd4d7b8"><code>673756f</code></a> version bump to v1.16.2</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/74ffd67a8efb9972657e5c4625fd8419bbccbe06"><code>74ffd67</code></a> dep: update libxml to 2.12.5 (branch v1.16.x) (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3122">#3122</a>)</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/0d4018dc7009580659c101fc41efb3babcfec229"><code>0d4018d</code></a> dep: update libxml2 to v2.12.5</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/f33a25f4378df33912ebc6b4ebc0f9e8e80ddfa8"><code>f33a25f</code></a> dep: remove patch from <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3112">#3112</a> which has been released upstream</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/e99416896a182bc520a7940bbe286ec33597ab2b"><code>e994168</code></a> version bump to v1.16.1</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/77ea2f228c20e79c848ca2906813ea5b5010281b"><code>77ea2f2</code></a> dev: add files to manifest ignore list</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/756f27c6b7a23294d84bdcca5e03a639d0dd7421"><code>756f27c</code></a> build(deps): bump actions/{download,upload}-artifact from 3 to 4</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/464f8d41eb73ca9c6dae0b366afcf5f4e8bff342"><code>464f8d4</code></a> .gitignore: clangd-related files</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/2beeb960691df28dd5ebf828192c65b60250670f"><code>2beeb96</code></a> doc: update CHANGELOG</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/a26536d7a41fd40c52940e165bb5a4f6b4c39662"><code>a26536d</code></a> fix: apply upstream patch for in-context parsing (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3116">#3116</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.14.3...v1.16.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nokogiri&package-manager=bundler&previous-version=1.14.3&new-version=1.16.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> [skip ci]
2024-02-28FAQ.md: jetstream needs to be backed up too. (#3327)Anton Molyboha
In the section "What data needs to be kept if transferring/backing up Dendrite?" of the FAQ, add jetstream directory to the list. It seems to be a common mistake when moving dendrite to a different computer, that the jetstream directory is not copied. ### Pull Request Checklist <!-- Please read https://matrix-org.github.io/dendrite/development/contributing before submitting your pull request --> * [ ] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Anton Molyboha <anton.molyboha@gmail.com>`
2024-02-28Make usage of relays optional, avoid DB roundtrips (#3337)Till
This should avoid 2 additional DB roundtrips if we don't want to use relays. So instead of possibly doing roughly 20k trips to the DB, we are now "only" doing ~6600. --------- Co-authored-by: devonh <devon.dmytro@gmail.com>
2024-02-28Cache ACLs regexes (#3336)Till
Since #3334 didn't change much on d.m.org, this is another attempt to speed up startup. Given moderation bots like Mjolnir/Draupnir are in many rooms with quite often the same or similar ACLs, caching the compiled regexes _should_ reduce the startup time. Using a pointer to the `*regexp.Regex` ensures we only store _one_ instance of a regex in memory, instead of potentially storing it hundred of times. This should reduce memory consumption on servers with many rooms with ACLs drastically. (5.1MB vs 1.7MB with this change on my server with 8 ACL'd rooms [3 using the same ACLs]) [skip ci]
2024-02-21Speed up start up time by batch querying ACL events (#3334)Till
This should significantly speed up start up times on servers with many rooms.
2024-02-20Limit filter to `limit/2` for before/after events on `/context` (#3332)Till
Part of https://github.com/matrix-org/dendrite/issues/3224
2024-02-19Remove unused `token` (#3331)Till
Part of https://github.com/matrix-org/dendrite/issues/3225
2024-02-13Fix `/createRoom` and `/invite` containing displayname/avatarURL of inviter ↵Till
(#3326) Fixes #3324
2024-02-08Update all the CI actions (#3323)Till
Also adds a job for the scheduled CI run to only run if there has been a commit in the last 24h ([StackOverflow](https://stackoverflow.com/questions/63014786/how-to-schedule-a-github-actions-nightly-build-but-run-it-only-when-there-where)) [skip ci]
2024-02-07Disable Element Web tests, only run csapi and federation testsTill Faelligen
2024-02-03Modernize appservice paths and authentication (#3316)Tulir Asokan
This brings Dendrite's appservice spec support up to v1.4, from the previous level of pre-release-spec support only (even r0.1.0 wasn't supported for pushing transactions 🙃). There are config options to revert to the old behavior, but the default is v1.4+ only. [Synapse also does that](https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#use_appservice_legacy_authorization) mautrix bridges will drop support for legacy paths and authentication soon (and possibly also require matrix v1.4 to be advertised, but I might add some workaround to not require that for dendrite) Signed-off-by: Tulir Asokan <tulir@maunium.net>
2024-01-29Fix x86 tests (#3317)Till
x86 tests broke with #3298 (Not exactly the tests modified here, but `TestMessageHistoryVisibility`)
2024-01-26Version 0.13.6 (#3315)v0.13.6helm-dendrite-0.13.7Till
2024-01-25Move `/joined_members` back to the clientapi/roomserver (#3312)Till
Partly reverts #2827 by moving `/joined_members` back to the clientAPI/roomserver
2024-01-25Allow + in MIDs as per MSC4009 (#3313)Matthew Strapp
This PR adds `+` to the username regex, per MSC4009. ### Pull Request Checklist <!-- Please read https://matrix-org.github.io/dendrite/development/contributing before submitting your pull request --> * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Matt Strapp <matt@mattstrapp.net>`
2024-01-25Only fetch events once for all rooms (#3311)Joakim Recht
This refactors `PDUStreamProvider` a bit so that it doesn't trigger a database query per room, but instead utilizes the fact that it's possible to bulk query. This improves sync performance significantly when you have 1000s of rooms. ### Pull Request Checklist <!-- Please read https://matrix-org.github.io/dendrite/development/contributing before submitting your pull request --> * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Joakim Recht <joakim@beyondwork.ai>`
2024-01-24Update sentry reporting (#3305)Till
This hopefully reduces the garbage we currently produce. (Using [GlitchTip](https://glitchtip.com/) on my personal instance, this seems to look better)
2024-01-20Optimize `PrevEventIDs` when getting thousands of backwards extremeties (#3308)Till
Changes how many `PrevEventIDs` we send to other servers when backfilling, capped to 100 events. Unsure about how representative this benchmark is.. ``` goos: linux goarch: amd64 pkg: github.com/matrix-org/dendrite/roomserver/api cpu: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz │ old.txt │ new.txt │ │ sec/op │ sec/op vs base │ PrevEventIDs/Original1-8 264.9n ± 5% 237.4n ± 7% -10.36% (p=0.000 n=10) PrevEventIDs/Original10-8 3.101µ ± 4% 1.590µ ± 2% -48.72% (p=0.000 n=10) PrevEventIDs/Original100-8 44.32µ ± 2% 12.80µ ± 4% -71.11% (p=0.000 n=10) PrevEventIDs/Original500-8 263.835µ ± 4% 7.907µ ± 4% -97.00% (p=0.000 n=10) PrevEventIDs/Original1000-8 578.798µ ± 2% 7.620µ ± 2% -98.68% (p=0.000 n=10) PrevEventIDs/Original2000-8 1272.039µ ± 2% 8.241µ ± 9% -99.35% (p=0.000 n=10) geomean 43.81µ 3.659µ -91.65% │ old.txt │ new.txt │ │ B/op │ B/op vs base │ PrevEventIDs/Original1-8 72.00 ± 0% 48.00 ± 0% -33.33% (p=0.000 n=10) PrevEventIDs/Original10-8 1512.0 ± 0% 500.0 ± 0% -66.93% (p=0.000 n=10) PrevEventIDs/Original100-8 11.977Ki ± 0% 7.023Ki ± 0% -41.36% (p=0.000 n=10) PrevEventIDs/Original500-8 67.227Ki ± 0% 7.023Ki ± 0% -89.55% (p=0.000 n=10) PrevEventIDs/Original1000-8 163.227Ki ± 0% 7.023Ki ± 0% -95.70% (p=0.000 n=10) PrevEventIDs/Original2000-8 347.227Ki ± 0% 7.023Ki ± 0% -97.98% (p=0.000 n=10) geomean 12.96Ki 1.954Ki -84.92% │ old.txt │ new.txt │ │ allocs/op │ allocs/op vs base │ PrevEventIDs/Original1-8 2.000 ± 0% 1.000 ± 0% -50.00% (p=0.000 n=10) PrevEventIDs/Original10-8 6.000 ± 0% 2.000 ± 0% -66.67% (p=0.000 n=10) PrevEventIDs/Original100-8 9.000 ± 0% 3.000 ± 0% -66.67% (p=0.000 n=10) PrevEventIDs/Original500-8 12.000 ± 0% 3.000 ± 0% -75.00% (p=0.000 n=10) PrevEventIDs/Original1000-8 14.000 ± 0% 3.000 ± 0% -78.57% (p=0.000 n=10) PrevEventIDs/Original2000-8 16.000 ± 0% 3.000 ± 0% -81.25% (p=0.000 n=10) geomean 8.137 2.335 -71.31% ```
2024-01-20Don't send device list updates upon registration (#3307)Till
Fixes https://github.com/matrix-org/dendrite/issues/3273 As we otherwise send down device list updates which are merely useful for the user and causes tests to be flakey: ``` ❌ TestPushSync/Adding_a_push_rule_wakes_up_an_incremental_/sync (10ms) push_test.go:57: no pushrules found in sync response: {"next_batch":"s0_0_0_0_0_1_1_0_1","device_lists":{"changed":["@user-1:hs1"]}} ``` What this does: If a `PerformDeviceCreation` request is coming from registering an account, it does **not** send device list updates, as they are merely useful (no joined rooms, no one to inform) . In all other cases, the behavior is unchanged and device list updates are sent as usual.
2024-01-17Add login fallback (#3302)Till
Part of https://github.com/matrix-org/dendrite/issues/3216 The files are basically copied from Synapse, with minor changes to the called endpoints. We never seem to have had the `/_matrix/static/client/login/` endpoint, this adds it.
2024-01-15Update GMSL (#3303)Till
If I didn't miss anything, this should add fixes from: https://github.com/matrix-org/gomatrixserverlib/pull/424 https://github.com/matrix-org/gomatrixserverlib/pull/426 https://github.com/matrix-org/gomatrixserverlib/pull/427 https://github.com/matrix-org/gomatrixserverlib/pull/428 https://github.com/matrix-org/gomatrixserverlib/pull/429 https://github.com/matrix-org/gomatrixserverlib/pull/430
2024-01-10Bump github.com/quic-go/quic-go from 0.37.4 to 0.37.7 (#3300)dependabot[bot]
Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.37.4 to 0.37.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/quic-go/quic-go/releases">github.com/quic-go/quic-go's releases</a>.</em></p> <blockquote> <h2>v0.37.7</h2> <p>This release contains fixes for the Honeybadger vulnerability (CVE-2023-49295):</p> <ul> <li>limit the number of queued PATH_RESPONSE frames to 256 (<a href="https://redirect.github.com/quic-go/quic-go/issues/4199">#4199</a>)</li> <li>don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (<a href="https://redirect.github.com/quic-go/quic-go/issues/4200">#4200</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/quic-go/quic-go/compare/v0.37.6...v0.37.7">https://github.com/quic-go/quic-go/compare/v0.37.6...v0.37.7</a></p> <h2>v0.37.6</h2> <p>This patch release contains a backport of <a href="https://redirect.github.com/quic-go/quic-go/pull/4038">quic-go/quic-go#4038</a>.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/quic-go/quic-go/compare/v0.37.5...v0.37.6">https://github.com/quic-go/quic-go/compare/v0.37.5...v0.37.6</a></p> <h2>v0.37.5</h2> <p>This patch release contains the backport of 3 fixes:</p> <ul> <li>fix handshake failure if <code>tls.Config.SessionTicketDisabled = false</code>, but <code>tls.Config.GetConfigForClient</code> returns a config that disables session tickets: <a href="https://redirect.github.com/quic-go/quic-go/issues/4030">#4030</a></li> <li>use the correct hash function for TLS_AES_256_GCM_SHA384: <a href="https://redirect.github.com/quic-go/quic-go/issues/4031">#4031</a></li> <li>automatically set the <code>tls.Config.ServerName</code>: <a href="https://redirect.github.com/quic-go/quic-go/issues/4032">#4032</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.5">https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.5</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/quic-go/quic-go/commit/21609ddfeff93668c7625a85eb09f1541fdad965"><code>21609dd</code></a> don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (<a href="https://redirect.github.com/quic-go/quic-go/issues/4200">#4200</a>)</li> <li><a href="https://github.com/quic-go/quic-go/commit/d7aa627ebde91cf799ada2a07443faa9b1e5abb8"><code>d7aa627</code></a> limit the number of queued PATH_RESPONSE frames to 256 (<a href="https://redirect.github.com/quic-go/quic-go/issues/4199">#4199</a>)</li> <li><a href="https://github.com/quic-go/quic-go/commit/e2c360ceec4689af76720ce79d3c2aeb1569694f"><code>e2c360c</code></a> reassemble post-handshake TLS messages before passing them to crypto/tls (<a href="https://redirect.github.com/quic-go/quic-go/issues/4038">#4038</a>)</li> <li><a href="https://github.com/quic-go/quic-go/commit/e9f7f460bc7941a4cee7e516098ba44d5a98471c"><code>e9f7f46</code></a> automatically set the tls.Config.ServerName if unset (<a href="https://redirect.github.com/quic-go/quic-go/issues/4032">#4032</a>)</li> <li><a href="https://github.com/quic-go/quic-go/commit/12d84c419609571bed143ca5174b23986efee1a4"><code>12d84c4</code></a> handshake: use the correct hash function for TLS_AES_256_GCM_SHA384 (<a href="https://redirect.github.com/quic-go/quic-go/issues/4031">#4031</a>)</li> <li><a href="https://github.com/quic-go/quic-go/commit/b1635df2f55e0b75548ba7a1a42ec7f181e0e14c"><code>b1635df</code></a> ignore QUICConn.SendSessionTicket error if session tickets are disabled (<a href="https://redirect.github.com/quic-go/quic-go/issues/4030">#4030</a>)</li> <li>See full diff in <a href="https://github.com/quic-go/quic-go/compare/v0.37.4...v0.37.7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/quic-go/quic-go&package-manager=go_modules&previous-version=0.37.4&new-version=0.37.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-10Add CORP header to `/download` and `/thumbnail` (#3299)Till
Part of #3222 https://github.com/matrix-org/matrix-spec-proposals/pull/3828
2024-01-09Handle empty from in /messages as per MSC3567 (#3298)devonh
2024-01-09Return `M_INVALID_PARAM` instead of `M_BAD_JSON` when setting aliases (#3297)Till
Part of https://github.com/matrix-org/dendrite/issues/3223 (https://github.com/matrix-org/matrix-spec/pull/1286) (For `DELETE` we don't validate the alias, but just return a 404 if we can't find it)
2024-01-08Fix notary keys requests for all keys (#3296)Till
This should be more spec compliant: > If no key IDs are given to be queried, the notary server should query for all keys.
2023-12-30Fix panic if unable to assign a state key NID (#3294)Till
2023-12-19Bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#3290)dependabot[bot]
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"><code>9d2ee97</code></a> ssh: implement strict KEX protocol changes</li> <li><a href="https://github.com/golang/crypto/commit/4e5a26183ecb4f9a0f85c8f8dbe7982885435436"><code>4e5a261</code></a> ssh: close net.Conn on all NewServerConn errors</li> <li><a href="https://github.com/golang/crypto/commit/152cdb1503ebc13bc0fbb68f92ee189ebf9e3d00"><code>152cdb1</code></a> x509roots/fallback: update bundle</li> <li><a href="https://github.com/golang/crypto/commit/fdfe1f8531a1adcc300c8eba98cb372044826d62"><code>fdfe1f8</code></a> ssh: defer channel window adjustment</li> <li><a href="https://github.com/golang/crypto/commit/b8ffc16e10063067bac0e15c6d7f7995937503ce"><code>b8ffc16</code></a> blake2b: drop Go 1.6, Go 1.8 compatibility</li> <li><a href="https://github.com/golang/crypto/commit/7e6fbd82c804e1760feb603fe21caecb0af0a124"><code>7e6fbd8</code></a> ssh: wrap errors from client handshake</li> <li><a href="https://github.com/golang/crypto/commit/bda2f3f5cfce3f27039acccd823693f6d67c2a74"><code>bda2f3f</code></a> argon2: avoid clobbering BP</li> <li><a href="https://github.com/golang/crypto/commit/325b735346247f48971d2b37d24dd180a35f391f"><code>325b735</code></a> ssh/test: skip TestSSHCLIAuth on Windows</li> <li><a href="https://github.com/golang/crypto/commit/1eadac50a566dfaa1b603ca15e8ad3cbd1c77b20"><code>1eadac5</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/b2d7c26edb17864f117d8b0ee73c1843bcc6090f"><code>b2d7c26</code></a> ssh: add (*Client).DialContext method</li> <li>Additional commits viewable in <a href="https://github.com/golang/crypto/compare/v0.14.0...v0.17.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/crypto&package-manager=go_modules&previous-version=0.14.0&new-version=0.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-19Use `AckExplicitPolicy` instead of `AckAllPolicy` (#3288)Till
Fixes https://github.com/matrix-org/dendrite/issues/3240 and potentially a root cause for state resets. While testing, I've had added some more debug logging: ``` time="2023-12-16T18:13:11.319458084Z" level=warning msg="already processed event" event_id="$qFYMl_F2vb1N0yxmvlFAMhqhGhLKq4kA-o_YCQKH7tQ" kind=KindNew times=2 time="2023-12-16T18:13:14.537389126Z" level=warning msg="already processed event" event_id="$EU-LTsKErT6Mt1k12-p_3xOHfiLaK6gtwVDlZ35lSuo" kind=KindNew times=5 time="2023-12-16T18:13:16.789551206Z" level=warning msg="already processed event" event_id="$dIPuAfTL5x0VyG873LKPslQeljCSxFT1WKxUtjIMUGE" kind=KindNew times=5 time="2023-12-16T18:13:17.383838767Z" level=warning msg="already processed event" event_id="$7noSZiCkzerpkz_UBO3iatpRnaOiPx-3IXc0GPDQVGE" kind=KindNew times=2 time="2023-12-16T18:13:22.091946597Z" level=warning msg="already processed event" event_id="$3Lvo3Wbi2ol9-nNbQ93N-E2MuGQCJZo5397KkFH-W6E" kind=KindNew times=1 time="2023-12-16T18:13:23.026417446Z" level=warning msg="already processed event" event_id="$lj1xS46zsLBCChhKOLJEG-bu7z-_pq9i_Y2DUIjzGy4" kind=KindNew times=4 ``` So we did receive the same event over and over again. Given they are `KindNew`, we don't short circuit if we already processed them, which potentially caused the state to be calculated with a now wrong state snapshot. Also fixes the back pressure metric. We now correctly increment the counter once we sent the message to NATS and decrement it once we actually processed an event.
2023-12-12Also pin Pinecone and Yggdrasil demoTill Faelligen
2023-12-12Version 0.13.5 (#3285)v0.13.5helm-dendrite-0.13.6Till
2023-12-12Introduce a new stream for the appservice consumer (#3277)Till
This introduces a new stream the syncAPI produces to once it processed a `OutputRoomEvent` and the appservices consumes. This is to work around a race condition where appservices receive an event before the syncAPI has handled it, this can result in e.g. calls to `/joined_members` returning a wrong membership list.
2023-12-12Allow some content types to be inlined (#3274)Till
"Shamelessly" stolen from https://github.com/matrix-org/synapse/pull/15988
2023-11-25added a warning log , for well_known_server_name,well_known_server_name ↵Joseph Alvarenga Beech
when they dont have prefix (#3205) closing this https://github.com/matrix-org/dendrite/issues/3180 added a warning log when either well_known_server_name, well_known_server_name: dont have a prefix in them josephalvarengabeech@pm.me --------- Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
2023-11-25Added Docker commands for Windows (#3267)Cat
### Pull Request Checklist * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately No tests were added due to it being a small documentation addition Signed-off-by: `Cat Catry <denperidge@gmail.com>`
2023-11-25Update GMSL to avoid logging unnecessary messagesTill Faelligen
2023-11-24Appservice Login (2nd attempt) (#3078)KuhnChris
Rebase of #2936 as @vijfhoek wrote he got no time to work on this, and I kind of needed it for my experiments. I checked the tests, and it is working with my example code (i.e. impersonating, registering, creating channel, invite people, write messages). I'm not a huge `go` pro, and still learning, but I tried to fix and/or integrate the changes as best as possible with the current `main` branch changes. If there is anything left, let me know and I'll try to figure it out. Signed-off-by: `Kuhn Christopher <kuhnchris+git@kuhnchris.eu>` --------- Signed-off-by: Sijmen <me@sijman.nl> Signed-off-by: Sijmen Schoon <me@sijman.nl> Co-authored-by: Sijmen Schoon <me@sijman.nl> Co-authored-by: Sijmen Schoon <me@vijf.life> Co-authored-by: Till <2353100+S7evinK@users.noreply.github.com>
2023-11-22Update ACLs when received as outliers (#3008)Till
This should fix #3004 by making sure we also update our in-memory ACLs after joining a new room. Also makes use of more caching in `GetStateEvent` Bonus: Adds some tests, as I was about to use `GetBulkStateContent`, but turns out that `GetStateEvent` is basically doing the same, just that it only gets the `eventTypeNID`/`eventStateKeyNID` once and not for every call.
2023-11-22Allow users to kick themselves (#3157)BtbN
As per the spec: https://spec.matrix.org/v1.7/rooms/v10/#authorization-rules "If membership is leave" -> "If the sender matches state_key, allow if and only if that user’s current membership state is invite, join, or knock." I.e. a user can kick themselves. Bridges use this to make a user leave while giving a reason. Some recent change (likely https://github.com/matrix-org/dendrite/commit/8ea1a11105ea7e66aa459537bcbef0de606147cd but I'm not 100% sure) changed that behaviour, resulting in heisenbridge being unable to make users leave while giving a reason. This works fine on Synapse. Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org> Co-authored-by: kegsay <7190048+kegsay@users.noreply.github.com>
2023-11-22Refactor registration tests, remove hard-coded username validation (#3138)CicadaCinema
### Pull Request Checklist * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] I have already signed off privately This PR is in preparation for #3137 and removes the hard-coded username validation (previously only dependent on `forceEmpty`). --------- Co-authored-by: kegsay <7190048+kegsay@users.noreply.github.com>
2023-11-22Add `keydb_server_keys` table tests (#3270)Till
Also moves some of the variable declarations out of the loop to, hopefully, reduce allocations.
2023-11-22Fix broken links in FAQ.md (#3259)notassigned
The links to CONTRUBITING.md and 4_adminapi.md were broken. ### Pull Request Checklist <!-- Please read https://matrix-org.github.io/dendrite/development/contributing before submitting your pull request --> * [ X] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [X ] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: <Private> Co-authored-by: kegsay <kegan@matrix.org>
2023-11-22fix typo (#3266)Nikolai Patrick
Fix a tiny spelling mistake in the Grafana dashboard. Literally a 1 character commit lol ### Pull Request Checklist <!-- Please read https://matrix-org.github.io/dendrite/development/contributing before submitting your pull request --> * [x ] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [ x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Nikolai Patrick nikolaipatrick@wws.sa.edu.au`
2023-11-09Use `IsBlacklistedOrBackingOff` to determine if we should try to fetch ↵Till
devices (#3254) Use `IsBlacklistedOrBackingOff` from the federation API to check if we should fetch devices. To reduce back pressure, we now only queue retrying servers if there's space in the channel.
2023-11-09More `rows.Close()` and `rows.Err()` (#3262)Till
Looks like we missed some `rows.Close()` Even though `rows.Err()` is mostly not necessary, we should be more consistent in the DB layer. [skip ci]
2023-11-08Fix potential connection leak (#3247)Till
We didn't rollback/commit after getting events, now we're rolling back since we didn't change anything.
2023-11-08Fix panic in `QueryNextRoomHierarchyPage` (#3253)Till
Sentry reported the following panic: ``` time="2023-11-01T01:33:56.220583478Z" level=error msg="Request panicked! goroutine 43763845 [running]: runtime/debug.Stack() runtime/debug/stack.go:24 +0x5e github.com/matrix-org/dendrite/internal/httputil.MakeExternalAPI.MakeJSONAPI.Protect.func3.1() github.com/matrix-org/util@v0.0.0-20221111132719-399730281e66/json.go:98 +0x13e panic({0x15b5540?, 0x2453560?}) runtime/panic.go:914 +0x21f github.com/matrix-org/dendrite/internal/httputil.MakeAuthAPI.func1.1() github.com/matrix-org/dendrite/internal/httputil/httpapi.go:91 +0x4a panic({0x15b5540?, 0x2453560?}) runtime/panic.go:914 +0x21f github.com/matrix-org/dendrite/roomserver/internal/query.(*Queryer).QueryNextRoomHierarchyPage(0x413185?, {0x1a576e0, 0xc0436705a0}, {{{0xc01e5fd260, 0x1f}, {0xc01e5fd261, 0x12}, {0xc01e5fd274, 0xb}}, {0xc145cb5200, ...}, ...}, ...) github.com/matrix-org/dendrite/roomserver/internal/query/query_room_hierarchy.go:116 +0xbfe github.com/matrix-org/dendrite/clientapi/routing.QueryRoomHierarchy(0xc0be13b200, 0xc144e65dd0, {0xc01e5fd260?, 0x6?}, {0x7faf140639c8, 0xc00059af20}, 0xc08adca000?) github.com/matrix-org/dendrite/clientapi/routing/room_hierarchy.go:141 +0x68b github.com/matrix-org/dendrite/clientapi/routing.Setup.func35(0xc03e7d5c20?, 0x17c3a57?) github.com/matrix-org/dendrite/clientapi/routing/routing.go:534 +0xbe github.com/matrix-org/dendrite/internal/httputil.MakeAuthAPI.func1(0xc0bd097300) github.com/matrix-org/dendrite/internal/httputil/httpapi.go:108 +0x5ed github.com/matrix-org/util.(*jsonRequestHandlerWrapper).OnIncomingRequest(0xc0bd097200?, 0xc13b7d6fc0?) github.com/matrix-org/util@v0.0.0-20221111132719-399730281e66/json.go:79 +0x19 github.com/matrix-org/dendrite/internal/httputil.MakeExternalAPI.MakeJSONAPI.func2({0x1a54880, 0xc138f28b60}, 0xc0bd097200?) github.com/matrix-org/util@v0.0.0-20221111132719-399730281e66/json.go:141 +0xaa github.com/matrix-org/dendrite/internal/httputil.MakeExternalAPI.MakeJSONAPI.Protect.func3({0x1a54880?, 0xc138f28b60?}, 0x17c01d9?) github.com/matrix-org/util@v0.0.0-20221111132719-399730281e66/json.go:103 +0x63 net/http.HandlerFunc.ServeHTTP(...) net/http/server.go:2136 github.com/matrix-org/dendrite/internal/httputil.MakeExternalAPI.func1({0x1a54880?, 0xc138f28b60?}, 0xc0bd097100) github.com/matrix-org/dendrite/internal/httputil/httpapi.go:191 +0x411 net/http.HandlerFunc.ServeHTTP(0xc0bd097000?, {0x1a54880?, 0xc138f28b60?}, 0xbe1348905308878e?) net/http/server.go:2136 +0x29 github.com/gorilla/mux.(*Router).ServeHTTP(0xc000000000, {0x1a54880, 0xc138f28b60}, 0xc0bd096f00) github.com/gorilla/mux@v1.8.0/mux.go:210 +0x1c5 github.com/matrix-org/dendrite/setup/base.SetupAndServeHTTP.(*Handler).Handle.(*Handler).handle.func5({0x1a54880, 0xc138f28b60}, 0xc0bd096e00) github.com/getsentry/sentry-go@v0.14.0/http/sentryhttp.go:103 +0x298 net/http.HandlerFunc.ServeHTTP(0xc0bd096a00?, {0x1a54880?, 0xc138f28b60?}, 0x7fae6812f5d0?) net/http/server.go:2136 +0x29 github.com/gorilla/mux.(*Router).ServeHTTP(0xc000000a80, {0x1a54880, 0xc138f28b60}, 0xc0bd096900) github.com/gorilla/mux@v1.8.0/mux.go:210 +0x1c5 net/http.serverHandler.ServeHTTP({0xc02884c4e0?}, {0x1a54880?, 0xc138f28b60?}, 0x6?) net/http/server.go:2938 +0x8e net/http.(*conn).serve(0xc1926922d0, {0x1a576e0, 0xc024a6ec90}) net/http/server.go:2009 +0x5f4 created by net/http.(*Server).Serve in goroutine 16979 net/http/server.go:3086 +0x5cb " context=missing panic="runtime error: invalid memory address or nil pointer dereference" ``` [skip ci]
2023-11-03Bump golang.org/x/image from 0.5.0 to 0.10.0 (#3257)dependabot[bot]
Bumps [golang.org/x/image](https://github.com/golang/image) from 0.5.0 to 0.10.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/image/commit/cb227cd2c919b27c6206fe0c1041a8bcc677949d"><code>cb227cd</code></a> tiff: limit work when decoding malicious images</li> <li><a href="https://github.com/golang/image/commit/a5392f068b20c5126e356d1987f3eb74fffe1af2"><code>a5392f0</code></a> bmp: support to decode 8-bit format with up to 256 color palette</li> <li><a href="https://github.com/golang/image/commit/f9550b04a5344792f1e5e5f9fbe8f5e87423f19e"><code>f9550b0</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/image/commit/81c166c49c1d18a6e9a5f659b646eb300013ccd0"><code>81c166c</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/image/commit/ed5dba0ea28f9438e4dac0320f7d9bb2fddd9737"><code>ed5dba0</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/image/commit/08ca817286cef4a50486ff2dc212ec148ff956ae"><code>08ca817</code></a> font: have Glyph return !ok for U+FFFD substitute</li> <li><a href="https://github.com/golang/image/commit/b6ac75bc5918c3a0a2200faa20aedebc76d5b349"><code>b6ac75b</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/image/commit/1b7441254c9a43adda43ffcf12d7add0f1df0191"><code>1b74412</code></a> font/sfnt: set type for all NameID constants</li> <li><a href="https://github.com/golang/image/commit/f632f7f87ca2653b091bcaab6d048f5799b841c9"><code>f632f7f</code></a> tiff, tiff/lzw, vector: use single space in comments</li> <li>See full diff in <a href="https://github.com/golang/image/compare/v0.5.0...v0.10.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/image&package-manager=go_modules&previous-version=0.5.0&new-version=0.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>