-
Notifications
You must be signed in to change notification settings - Fork 3
Famedly release v1.153 #260
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 40 commits
Commits
Show all changes
41 commits
Select commit
Hold shift + click to select a range
93e0497
Avoid a `M_FORBIDDEN` response when a user tries to erase their accou…
jason-famedly 213b5a0
Bump python-multipart from 0.0.22 to 0.0.26 (#19700)
dependabot[bot] 2691d0b
Send a SSS response immediately if the config has changed and there a…
bnjbvr a6b5320
Bump rustls-webpki from 0.103.10 to 0.103.13 (#19717)
dependabot[bot] 7fc937b
Stabilize MSC3266, support stable room_summary endpoint (#19720)
dasha-uwu 107029d
Bump the minor-and-patches group across 1 directory with 2 updates (#…
dependabot[bot] ae242fd
Do not mutate power levels on upgrade to v12 room (#19727)
erikjohnston 22e1643
Add warning about known problems when configuring `use_frozen_dicts` …
MadLittleMods 3a26806
Ignore received EDUs if origin server in room ACL (MSC4163) (#18475)
devonh 811e69b
Bump go.opentelemetry.io/otel from 1.36.0 to 1.41.0 in /complement (#…
dependabot[bot] 2e9d6f7
Bump attrs from 25.4.0 to 26.1.0 (#19684)
dependabot[bot] 449b1a4
MSC4311: invites and knocks should contain the create event (#19722)
FrenchGithubUser 5e7cbfe
Merge branch 'master' into develop
reivilibre 76b4fdc
Add a canonical JSON impl (#19739)
erikjohnston ed3cafd
Partially revert "Bump authlib from 1.6.9 to 1.6.11 (#19703)" (#19742)
OlegGirko c376cdd
Configure Dependabot to only update Python dependencies in the lockfi…
reivilibre 8fc23aa
Bump pillow from 12.1.1 to 12.2.0 (#19686)
dependabot[bot] 2e7019e
Expose tombstone status in room details (#19737)
RamReso b8d7324
Bump the minor-and-patches group across 1 directory with 3 updates (#…
dependabot[bot] 697ef33
Bump gitpython from 3.1.46 to 3.1.47 (#19731)
dependabot[bot] 6100f6e
Backfill from nearby points past pagination token (#19611)
MadLittleMods 3f58bc5
fix: Cap `WorkerLock` timeout intervals to 60 seconds (#19394)
jason-famedly 3e6bf10
Port `Event.signatures` field to Rust (#19706)
erikjohnston 23b8fcf
Port `Event.unsigned` field to Rust (#19708)
erikjohnston 92b985c
Merge branch 'master' into develop
reivilibre 2829a14
Reduce `WORKER_LOCK_MAX_RETRY_INTERVAL` to 5 seconds (#19755)
MadLittleMods 4911296
Force keyword-only args for `Duration` (prevent footgun) (#19756)
MadLittleMods 8dbbc40
Commit stray Rust change that keeps popping up (`rust/src/canonical_j…
MadLittleMods 0e508ba
1.153.0rc1
reivilibre eb2ae9d
Tweak changelog
reivilibre 5efeac4
Handle arbitrary sized integers in `unsigned`. (#19769)
erikjohnston f109c25
1.153.0rc2
reivilibre 16c17f3
Add CVE IDs to changelog for 1.152.1. (#19778)
dkasak 4eaee2b
Merge branch 'release-v1.152' into release-v1.153
reivilibre 71e1da9
Revert "Send a SSS response immediately if the config has changed and…
reivilibre 0ff5072
1.153.0rc3
reivilibre 7b1c4da
1.153.0
reivilibre 51e9f52
Merge remote-tracking branch 'upstream/release-v1.153' into famedly-r…
FrenchGithubUser a709b20
chore: bump `fcs` module version to `0.0.4`
FrenchGithubUser 6a47a53
chore: `poetry lock`
FrenchGithubUser 8de0109
chore: comment about why we skipped a fcs release in the modpacks
FrenchGithubUser File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,93 @@ | ||
| version: 2 | ||
| # As dependabot is currently only run on a weekly basis, we raise the | ||
| # open-pull-requests-limit to 10 (from the default of 5) to better ensure we | ||
| # don't continuously grow a backlog of updates. | ||
| updates: | ||
| - # "pip" is the correct setting for poetry, per https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem | ||
| package-ecosystem: "pip" | ||
| directory: "/" | ||
| open-pull-requests-limit: 10 | ||
| versioning-strategy: "increase-if-necessary" | ||
| schedule: | ||
| interval: "weekly" | ||
| # Group patch updates to packages together into a single PR, as they rarely | ||
| # if ever contain breaking changes that need to be reviewed separately. | ||
| # | ||
| # Less PRs means a streamlined review process. | ||
| # | ||
| # Python packages follow semantic versioning, and tend to only introduce | ||
| # breaking changes in major version bumps. Thus, we'll group minor and patch | ||
| # versions together. | ||
| groups: | ||
| minor-and-patches: | ||
| applies-to: version-updates | ||
| patterns: | ||
| - "*" | ||
| update-types: | ||
| - "minor" | ||
| - "patch" | ||
| # Prevent pulling packages that were recently updated to help mitigate | ||
| # supply chain attacks. 14 days was taken from the recommendation at | ||
| # https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns | ||
| # where the author noted that 9/10 attacks would have been mitigated by a | ||
| # two week cooldown. | ||
| # | ||
| # The cooldown only applies to general updates; security updates will still | ||
| # be pulled in as soon as possible. | ||
| cooldown: | ||
| default-days: 14 | ||
|
|
||
| - package-ecosystem: "docker" | ||
| directory: "/docker" | ||
| open-pull-requests-limit: 10 | ||
| schedule: | ||
| interval: "weekly" | ||
| # For container versions, breaking changes are also typically only introduced in major | ||
| # package bumps. | ||
| groups: | ||
| minor-and-patches: | ||
| applies-to: version-updates | ||
| patterns: | ||
| - "*" | ||
| update-types: | ||
| - "minor" | ||
| - "patch" | ||
| cooldown: | ||
| default-days: 14 | ||
|
|
||
| - package-ecosystem: "github-actions" | ||
| directory: "/" | ||
| open-pull-requests-limit: 10 | ||
| schedule: | ||
| interval: "weekly" | ||
| # Similarly for GitHub Actions, breaking changes are typically only introduced in major | ||
| # package bumps. | ||
| groups: | ||
| minor-and-patches: | ||
| applies-to: version-updates | ||
| patterns: | ||
| - "*" | ||
| update-types: | ||
| - "minor" | ||
| - "patch" | ||
| cooldown: | ||
| default-days: 14 | ||
|
|
||
| - package-ecosystem: "cargo" | ||
| directory: "/" | ||
| open-pull-requests-limit: 10 | ||
| versioning-strategy: "lockfile-only" | ||
| schedule: | ||
| interval: "weekly" | ||
| # The Rust ecosystem is special in that breaking changes are often introduced | ||
| # in minor version bumps, as packages typically stay pre-1.0 for a long time. | ||
| # Thus we specifically keep minor version bumps separate in their own PRs. | ||
| groups: | ||
| patches: | ||
| applies-to: version-updates | ||
| patterns: | ||
| - "*" | ||
| update-types: | ||
| - "patch" | ||
| cooldown: | ||
| default-days: 14 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.