doc: Updated net/sniffnet to 1.1.0

(pin)

devel/hs-microlens-ghc: Update to 0.4.14.1

(I even did "make cce" but I somehow forgot to commit this.)

0.4.14
* New minor release (microlens-0.4.13.0).

(pho)

net/sniffnet: update to 1.1.0

[1.1.0] - 2023-02-07
- Added Custom Notifications to inform the user when defined network events
  occur:
    - data intensity exceeded a defined packets per second rate
    - data intensity exceeded a defined bytes per second rate
    - new data are exchanged from one of the favorite connections
- Added Settings pages to configure the state of the application (persistently
  stored in a configuration file):
    - customise notifications
    - choose between 4 different application styles
    - set the application language (this release introduces the Italian
      language �汞ｮ�汞ｹ, and more languages will be supported soon)
- Added Geolocation of the remote IP addresses (consult the README for more
  information)
- Implemented the possibility of marking a group of connections as favorites
  and added favorites view to the report
- Added modal to ask the user for confirmation before leaving the current
  analysis
- Added Tooltips to help the user better understand the function of some
  buttons
- Partially implemented support for broadcast IP addresses (still missing IPv4
  directed broadcast)
- The application window is now maximized after start
- All the GUI text fonts have been replaced with 'Inconsolata'
- Fixed issue #48 adding a horizontal scrollable to the report view

(pin)

devel/hs-deepseq-generics: Fix build with GHC 9.4

(pho)

converters/hs-base64: Fix build

An extra comma in HASKELL_UNRESTRICT_DEPENDENCIES was causing a problem.

(pho)

doc: Updated devel/tig to 2.5.8

(fcambus)

tig: update to 2.5.8.

tig-2.5.8
---------

Improvements:

- Update utf8proc to v2.8.0, supporting Unicode 15.
- Support editing from the pager and the log (-p) views. (#1243)
- Adjust build for native Apple Silicon.
- Autoscroll the pager view while loading. (#1223)
- Automatically show next diff in the status view. (#413, #469)
- Replace `Unknown` author with `Not Committed Yet`.
- Allow use of regular expressions for coloring. (#1249)
- Add support for option word-diff-regex. (#1252)
- Include original blob name in temporary filename. (#1254)

Bug fixes:

- Use %(file_old) for old filename in the blame view. (#1226)
- Correctly report which version of libncurses was linked. (#1240, #1241)
- Fix stage view closing when holding the ] key. (#1245)
- Make tests work from a path with symlinks.
- Fix encoding of very long lines. (#1227)
- Fix diffstat color for tig log -p.
- Clean IO before closing a view or quitting.

(fcambus)

doc: Updated security/heimdal to 7.8.0nb2

(wiz)

heimdal: add patch against CVE-2022-45142

Bump PKGREVISION.

(wiz)

doc: Updated net/bind918 to 9.18.11

(taca)

net/bind918: update to 9.18.11

Approved by MAINTAINER (sekiya@).

--- 9.18.11 released ---

6067. [security] Fix serve-stale crash when recursive clients soft quota
is reached. (CVE-2022-3924) [GL #3619]

6066. [security] Handle RRSIG lookups when serve-stale is active.
(CVE-2022-3736) [GL #3622]

6064. [security] An UPDATE message flood could cause named to exhaust all
available memory. This flaw was addressed by adding a
new "update-quota" statement that controls the number of
simultaneous UPDATE messages that can be processed or
forwarded. The default is 100. A stats counter has been
added to record events when the update quota is
exceeded, and the XML and JSON statistics version
numbers have been updated. (CVE-2022-3094) [GL #3523]

6062. [func] The DSCP implementation, which has been
nonfunctional for some time, is now marked as
obsolete and the implementation has been removed.
Configuring DSCP values in named.conf has no
effect, and a warning will be logged that
the feature should no longer be used. [GL #3773]

6061. [bug] Fix unexpected "Prohibited" extended DNS error
on allow-recursion. [GL #3743]

6060. [bug] Fix a use-after-free bug in dns_zonemgr_releasezone()
by detaching from the zone manager outside of the write
lock. [GL #3768]

6059. [bug] In some serve stale scenarios, like when following an
expired CNAME record, named could return SERVFAIL if the
previous request wasn't successful. Consider non-stale
data when in serve-stale mode. [GL #3678]

6058. [bug] Prevent named from crashing when "rndc delzone"
attempts to delete a zone added by a catalog zone.
[GL #3745]

6053. [bug] Fix an ADB quota management bug in resolver. [GL #3752]

6051. [bug] Improve thread safety in the dns_dispatch unit.
[GL #3178] [GL #3636]

6050. [bug] Changes to the RPZ response-policy min-update-interval
and add-soa options now take effect as expected when
named is reconfigured. [GL #3740]

6049. [bug] Exclude ABD hashtables from the ADB memory
overmem checks and don't clean ADB names
and ADB entries used in the last 10 seconds
(ADB_CACHE_MINIMUM). [GL #3739]

6048. [bug] Fix a log message error in dns_catz_update_from_db(),
where serials with values of 2^31 or larger were logged
incorrectly as negative numbers. [GL #3742]

6047. [bug] Try the next server instead of trying the same
server again on an outgoing query timeout.
[GL #3637]

6046. [bug] TLS session resumption might lead to handshake
failures when client certificates are used for
authentication (Mutual TLS).  This has been fixed.
[GL #3725]

6045. [cleanup] The list of supported DNSSEC algorithms changed log
level from "warning" to "notice" to match named's other
startup messages. [GL !7217]

6044. [bug] There was an "RSASHA236" typo in a log message.
[GL !7206]

5830. [func] Implement incremental resizing of isc_ht hash tables to
perform the rehashing gradually. The catalog zone
implementation has been optimized to work with hundreds
of thousands of member zones. [GL #3212] [GL #3744]

(taca)

Unlink temp file after using it to check for EA support.
Fixes GitHub issue #188

Patch from upstream

(hauke)

scapy: reflect test dependency on py-mock

(gutteridge)

doc: Updated www/grafana to 9.2.6

(triaxx)

commit.msg

(triaxx)

pbulk: more information for pbulk-build.1

(wiz)

doc: Updated misc/less to 608nb1

(wiz)

less: add upstream patch to avoid less -R escape.

(wiz)

hs-blaze-builder: unrestrict text dependency

Fixes build with ghc94.

(wiz)

doc: Updated converters/bdf2psf to 1.216

(fcambus)

bdf2psf: update to 1.216.

Nothing applying to bdf2psf in particular noted in the Changelog.

(fcambus)

doc: Updated x11/jolly to 0.2.0

(pin)

x11/jolly: update to 0.2.0

[0.2.0] - 2023-02-06
Added
- MSRV statement. Jolly will track latest stable rust
- Settings Support. Jolly now has ability to customize settings
- Theme Support. Jolly now has ability to specify the colors of its theme
- Packaging for NetBSD

(pin)

doc: Updated security/openssl to 1.1.1t

(jperkin)

openssl: Update to 1.1.1t.

Changes between 1.1.1s and 1.1.1t [7 Feb 2023]

*) Fixed X.400 address type confusion in X.509 GeneralName.

  There is a type confusion vulnerability relating to X.400 address processing
  inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
  but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
  vulnerability may allow an attacker who can provide a certificate chain and
  CRL (neither of which need have a valid signature) to pass arbitrary
  pointers to a memcmp call, creating a possible read primitive, subject to
  some constraints. Refer to the advisory for more information. Thanks to
  David Benjamin for discovering this issue. (CVE-2023-0286)

  This issue has been fixed by changing the public header file definition of
  GENERAL_NAME so that x400Address reflects the implementation. It was not
  possible for any existing application to successfully use the existing
  definition; however, if any application references the x400Address field
  (e.g. in dead code), note that the type of this field has changed. There is
  no ABI change.
  [Hugo Landau]

*) Fixed Use-after-free following BIO_new_NDEF.

  The public API function BIO_new_NDEF is a helper function used for
  streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
  to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
  be called directly by end user applications.

  The function receives a BIO from the caller, prepends a new BIO_f_asn1
  filter BIO onto the front of it to form a BIO chain, and then returns
  the new head of the BIO chain to the caller. Under certain conditions,
  for example if a CMS recipient public key is invalid, the new filter BIO
  is freed and the function returns a NULL result indicating a failure.
  However, in this case, the BIO chain is not properly cleaned up and the
  BIO passed by the caller still retains internal pointers to the previously
  freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
  then a use-after-free will occur. This will most likely result in a crash.
  (CVE-2023-0215)
  [Viktor Dukhovni, Matt Caswell]

*) Fixed Double free after calling PEM_read_bio_ex.

  The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
  decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
  data. If the function succeeds then the "name_out", "header" and "data"
  arguments are populated with pointers to buffers containing the relevant
  decoded data. The caller is responsible for freeing those buffers. It is
  possible to construct a PEM file that results in 0 bytes of payload data.
  In this case PEM_read_bio_ex() will return a failure code but will populate
  the header argument with a pointer to a buffer that has already been freed.
  If the caller also frees this buffer then a double free will occur. This
  will most likely lead to a crash.

  The functions PEM_read_bio() and PEM_read() are simple wrappers around
  PEM_read_bio_ex() and therefore these functions are also directly affected.

  These functions are also called indirectly by a number of other OpenSSL
  functions including PEM_X509_INFO_read_bio_ex() and
  SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
  internal uses of these functions are not vulnerable because the caller does
  not free the header argument if PEM_read_bio_ex() returns a failure code.
  (CVE-2022-4450)
  [Kurt Roeckx, Matt Caswell]

*) Fixed Timing Oracle in RSA Decryption.

  A timing based side channel exists in the OpenSSL RSA Decryption
  implementation which could be sufficient to recover a plaintext across
  a network in a Bleichenbacher style attack. To achieve a successful
  decryption an attacker would have to be able to send a very large number
  of trial messages for decryption. The vulnerability affects all RSA padding
  modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
  (CVE-2022-4304)
  [Dmitry Belyavsky, Hubert Kario]

(jperkin)

doc: Updated net/gnunet to 0.19.3

(nikita)

gnunet: Update to 0.19.3

ChangeLog:

v0.19.3:
  - We now detect MySQL's strange, version-dependent my_bool type on configure.
  - Add pkg-config definitions for gnunet messenger.

(nikita)

pbulk: document pbulk-build build_script and what arguments it gets

(wiz)

doc: Updated x11/modular-xorg-xephyr to 21.1.7

(wiz)

doc: Updated x11/modular-xorg-server to 21.1.7

(wiz)

modular-xorg-server: update to 21.1.7

This release contains the fix for CVE-2023-0494 in today's security
advisory: https://lists.x.org/archives/xorg-announce/2023-February/003320.html
It also fixes a second possible OOB access during EnqueueEvent and a
crasher caused by ResourceClientBits not correctly honouring the
MaxClients value in the configuration file.

Finally, a bunch of Xquartz updates including the ability to correctly detect
ssh-tunneled clients as remote.

Jeremy Huddleston Sequoia (11):
      xquartz: Ignore SIGPIPE at process launch
      xquartz: Use xorg_backtrace() instead of rolling our own for debugging
      rootless: Add additional debug logging to help triage XQuartz fb/rootless/damage crashes
      xquartz: Fix building with autoconf
      xquartz: Update the about box copyright to 2023
      xquartz: Disable COMPOSITE at runtime
      Revert "meson: Don't build COMPOSITE for XQuartz"
      os: Update AllocNewConnection() debug logging to include whether or not the client is local
      os: Update GetLocalClientCreds to prefer getpeerucred() or SO_PEERCRED over getpeereid()
      os: Use LOCAL_PEERPID from sys/un.h if it is available to detemine the pid when falling back on getpeereids()
      darwin: Implement DetermineClientCmd for macOS

Mike Gorse (1):
      dix: Use CopyPartialInternalEvent in EnqueueEvent

Olivier Fourdan (1):
      dix: Fix overzealous caching of ResourceClientBits()

Peter Hutterer (2):
      Xi: fix potential use-after-free in DeepCopyPointerClasses
      xserver 21.1.7

(wiz)

Updated converters/py-simplejson, time/py-dateparser

(adam)

py-dateparser: updated to 1.1.7

1.1.7 (2023-02-02)
------------------
Improvements:
- Add an ���ago��� synonym for Arabic
- Improved date parsing for Czech
- Improved date parsing for Indonesian

1.1.6 (2023-01-12)
------------------
Improvements:
- Fix the bug where Monday is parsed as a month
- Prevent ReDoS in Spanish sentence splitting regex

(adam)

py-simplejson: updated to 3.18.3

Version 3.18.3 released 2023-02-05

* Fix regression in sdist archive
  https://github.com/simplejson/simplejson/pull/310

Version 3.18.2 released 2023-02-04

* Distribute a pure python wheel for Pyodide
  https://github.com/simplejson/simplejson/pull/308

(adam)

Updated devel/py-test-localserver, devel/py-plumbum

(adam)

py-plumbum: updated to 1.8.1

1.8.1
-----
* Accept path-like objects
* Move the build backend to hatchling and hatch-vcs. Users should be unaffected. Third-party packaging may need to adapt to the new build system.

(adam)

py-test-localserver: updated to 0.7.1

0.7.1 (2023-01-29)
------------------
Update SMTP server code to work with aiosmtpd >=1.4.3
Fix GitHub Actions configuration for Python 3.5 and 3.6
Add support for Python 3.11 (or at least, list it explicitly in the classifiers)
Update the AUTHORS file
Add a workflow to push packages to PyPI using GitHub Actions

(adam)

Updated net/py-cares, devel/py-types-ujson, devel/py-pyutil

(adam)

Run configure in the correct phase using HAS_CONFIGURE.
This is more inline with how it usualy works,
and the substitution framework is unneeded since the
configure script adheres to environment.
Set correct manpage install directory using env instead
of changing the configure file.
Sort buildlink3 includes.

(nros)

py-pyutil: updated to 3.3.2

3.3.2
removed duplicate target for strutil

3.3.1
updated versioneer

(adam)

py-types-ujson: updated to 5.7.0.0

5.7.0.0 (2023-01-07)
Bump ujson to 5.7.*

(adam)

py-cares: updated to 4.3.0

4.3.0
Bump cibuildwheel to build for Python 3.11 + CI total time speedups
Fix tests that depended on external sites
Complete the Python 3.11 support
Drop CPython 3.6
Improve test compatibility with pytest
Update c-ares submodule to 1.18.1

(adam)

Updated devel/py-path, textproc/py-xlsxwriter

(adam)

py-xlsxwriter: updated to 3.0.8

Release 3.0.8
* Fix for ``autofit()`` exception when user defined column width was ``None``.

(adam)

py-path: updated to 16.6.0

v16.6.0
- ``.mtime`` and ``.atime`` are now settable.

v16.5.0
- Refreshed packaging.
- Fixed default argument rendering in docs.
- Refactored ``write_lines`` to re-use open semantics.
  Deprecated the ``linesep`` parameter.

v16.4.0
- Added type hints and declare the library as typed.

(adam)

ghc94: Fix build with SunOS ld.

Some part of ar(1) support for "@" is leaking into LdHasFilelist, which while
set to no is still being called with "@" and breaking the build.  Just disable
ar "@" support for now, this is a regression in 9.4.x.

(jperkin)

ghc94: Fix SunOS bootstrap.

(jperkin)

doc: Updated devel/lua-busted to 2.1.1

(nia)

lua-busted: update to 2.1.1

v2.1.1

  Bug Fixes

    * Avoid GitHub marketplace namespace conflict

v2.1.0

  Bug Fixes

    * Refactor rockspec to dodge luarocks 3.1.3 bug
    * Fix caching the ffi.typeof function on luajit
    * Fix 'metatype' as a patched method on luajit
    * Report pending without function argument
    * Cache all outputter functions, use io.write not print
    * Exit when CLI specified helper fails
    * Restore globals set to nil in insulate block
    * Change rockspec URL to git+https
    * Fix error in gtest and utfhandlers if color was set

  Features

    * Add tooling so repository can be used as a GitHub action
    * Add Dockefile and publish to GHCR
    * Add function to locate relative fixtures
    * Add CLI support for setting luacov config path
    * Add helpers to read/load fixtures
    * Add Romanian translation
    * Enable color overrides for utf+gtest handlers

  Miscellaneous Tasks

    * Overhaul CI & add automatic publishing from rockspecs
    * Bump luassert/say deps
    * Update terra loader to use the global-injection of current Terra

(nia)

Updated net/dnsmasq, devel/tevent

(adam)

tevent: updated to 0.14.1

0.14.1
Bug fixes

(adam)

dnsmasq: updated to 2.89

version 2.89

Fix bug introduced in 2.88 (commit fe91134b) which can result
in corruption of the DNS cache internal data structures and
logging of "cache internal error". This has only been seen
in one place in the wild, and it took considerable effort
to even generate a test case to reproduce it, but there's
no way to be sure it won't strike, and the effect is to break
the cache badly. Installations with DNSSEC enabled are more
likely to see the problem, but not running DNSSEC does not
guarantee that it won't happen. Thanks to Timo van Roermund
for reporting the bug and for his great efforts in chasing
it down.

(adam)

lang/ghc94/hacks.mk: Forgot to insert a CVS tag

(pho)

revbump all the Haskell packages after modifying the runtime system of lang/ghc94

(pho)

lang/ghc94: Disable the use of timerfd on NetBSD 10.99

This is only a temporary workaround. It should be removed when the corresponding kernel bug is fixed.

(pho)

doc: Updated www/hugo to 0.110.0

(nikita)

hugo: update to version 0.110.0

ChangeLog:

v0.110.0
Note
    Make readFile return nil when file not found (note) 3c51625 @bep #9620
    Make hugo.toml the new config.toml f38a2fb @bep #8979

Bug fixes
    Fix permalinks issue with repeated sections 671f64b @bep #10377
    Fix HEAD method in resources.GetRemote f13531e @bep #10604
    Fix order when reading custom headers in resources.GetRemote b5d4850 @bep #10616
    resource: Fix Go Doc vs .Data.Integrity fbc3e08 @bep

Improvements
    related: Handly []any d595419 @bep #10624
    tpl/strings: Add findRESubmatch 2fb40ec @bep #10594
    config/security: Add GO\w+ (e.g. GOROOT) to the default allowed list c6b3887 @bep #10429
    Preserve front matter slice value types (e.g. int) 21af5b3 @bep #10624
    Make hugo.toml the new config.toml f38a2fb @bep #8979
    Add fill HTTP Response info into .Data in resources.GetRemote 6a579eb @bep #10604
    tpl/compare: Sort special float values as string f95fd57 @acclassic #10389
    tpl/diagrams: Move Goat to its own file e754d5c @bep
    Update CONTRIBUTING.md 002cd52 @bep
    Update CONTRIBUTING.md a76c405 @bep

Dependency Updates
    deps: Upgrade github.com/evanw/esbuild v0.15.18 => v0.17.0 6e9fa9e @bep #10536

Documentation
    dos: Regen CLI docs 19e9605 @bep
    docs: Regen docshelper 80e8bd3 @bep
    Update README.md c4f3a46 @bep
    Misc doc, code refactoring to improve documentation e402d91 @bep
    Update README.md c0a03a2 @bep

Build Setup
    Remove reference to Goreleaser in code comment dd6d0a6 @omarkohl

v0.109.0

Hugo v0.109.0 is the last release of 2022 – and with that we're wishing all of you a very merry Christmas and a prosperous new year1.
Notable new features
Pass variables to SCSS/SASS

Hugo has had great SCSS/SASS support, but passing variables (e.g. theme colours from config) down to the transpiler has been much harder than it should.

In Hugo v0.109.0 we added a new vars option and you can finally just do:

{{ $vars := dict "color1" "blue" "color2" "green" "font_size" "24px" }}
{{ $opts := (dict "transpiler" "dartsass" "outputStyle" "compressed" "vars" $vars ) }}
{{ $r := resources.Get "scss/main.scss" | toCSS $opts }}

And then in the SCSS file:

@use "hugo:vars" as v;

p {
    color: v.$color1;
    font-size: v.$font-size;
}

More examples here.
Hugo Module Workspaces

Workspace support was added in Go 1.18, and in this release Hugo finally gets solid support for it.

A common use case for a workspace is to simplify local development of a site with its theme modules.

A workspace can be configured in a *.work file and activated with the module.workspace setting, which for this use is commonly controlled via the HUGO_MODULE_WORKSPACE OS environment variable.

See the hugo.work file in the Hugo Docs repo for an example:

go 1.19

use .
use ../gohugoioTheme

Using the use directive, list all the modules you want to work on, pointing to its relative location. As in the example above, it's recommended to always include the main project (the ".") in the list.

With that you can start the Hugo server with that workspace enabled:

HUGO_MODULE_WORKSPACE=hugo.work hugo server --ignoreVendorPaths "**"

The --ignoreVendorPaths flag is added above to ignore any of the vendored dependencies inside _vendor. If you don't use vendoring, you don't need that flag. But now the server is set up watching the files and directories in the workspace and you can see your local edits reloaded.
Breadcrumbs

We have added a new .Ancestors method on Page that walks up the tree to the home page. With this, breadcrumbs templates can be greatly simplified:

<ol>
  <ul>
    {{- range .Ancestors.Reverse }}
      <li><a href="{{ .Permalink }}">{{ .Title }}</a></li>
    {{- end }}
    <li class="active" aria-current="page">
      <a href="{{ .Permalink }}">{{ .Title }}</a>
    </li>
  </ul>
</ol>

The path to /public now available in PostCSS

So you can do process.env.HUGO_PUBLISHDIR in your postcss.config.js to figure out where Hugo publishes
its files.

Note that the value will always be an absolute file path and will point to a directory on disk even when running hugo server in memory mode.

If you write to this folder from PostCSS when running the server, you could run the server with one of these flags:

hugo server --renderToDisk
hugo server --renderStaticToDisk

Note
    modules: Make the module.workspace=off as default (note) 0d4b17d @bep #10553
    release: Add a note section in release notes 3afaca7 @bep
    helpers: Allow at signs in UnicodeSanitize (note) 2d217cb @jmooring #10548
    Also consider wrapped errors when checking for file IsNotExist errors ad20598 @bep #10534

Bug fixes
    If you use the legacy libsass transpiler in toCSS and uses the cached build
    to avoid having the extended version installed on the CI server, you need to
    rebuild those assets and commit them to source control (e.g. with hugo --gc).
    tpl/resources: Fix data race in ToCSS aa2c724 @bep #10542
    tocss: Fix unquote case with double quotes 5d5f0a2 @septs #10555
    resources/js: Fix some import discrepancies between Hugo and ESBuild b54de1b @bep #10527
    parser/metadecoders: Fix spelling e0e63f3 @lacamera

Improvements
    Adjust "you need the extended version" error message 180dfeb @bep
    resource/page: Slight adjustment of Page.Ancestors eb0c8f9 @bep #10567
    resource/page: Add Page.Ancestors 3a21618 @septs #10567
    Annotate test assertions 7183232 @jmooring
    hugolib: Exclude non-linkable pages from translations map 37ab1cf @jmooring #9073
    Add HUGO_PUBLISHDIR to the Node environment 59af05c @bep #10554
    Revert "tpl/tplimpl: Use https in sitemap templates" 4989da6 @jmooring
    tocss: Add some more test cases effa6a4 @bep #10555
    Allow "fast render mode" even if --disableLiveReload is set d20d265 @bep #10561
    tocss: Add vars option 41a080b @bep #10555
    modules: Improve "module workspace" not found error eda1e72 @bep
    modules: Adjust watch logic vs workspace use definitions 330fa89 @bep
    Add any configured Go Workspace file to the config watcher 6db5274 @bep #10556
    parser/metadecoders: Remove superflous cast in test 17055d1 @bep
    parser/metadecoders: Simplify nil check in Unmarshal 2a81a49 @bep
    parser/metadecoders: Add empty /data JSON file as empty map e30d711 @acclassic #8601
    tpl/openapi3: Wrap *kopenapi3.T 87e898a @bep
    github: Use ruby/setup-ruby d894269 @bep #10517
    tpl/tplimpl: Use https in sitemap templates 3fd0b78 @jmooring #10515

Dependency Updates
    build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 7874b96 @dependabot[bot]

Documentation
    docs: Regen docs helper JSON 10bb29d @bep
    tpl: Improve template funcs GoDoc cd1ed56 @bep

Build Setup
    github: Update to Dart Sass 1.56.2 c9354d5 @bep
    We're working on some bigger and even more exiting Hugo features that will
    be ready early next year. Stay tuned!

v0.108.0
With Hugo v0.108.0 you can render standalone Markdown images without a
surrounding paragraph. Both the HTML- and CommonMark-specification defines
image as an inline element. For Markdown, this has meant that if you put an
image on its own (not inlined in another paragraph), it would be wrapped
in <p></p> tags, even if you provide your own Render Hook Template.

Now you can get by this annoyance by setting markup.goldmark.parser.wrapStandAloneImageWithinParagraph = false

[markup]
  [markup.goldmark]
    [markup.goldmark.parser]
      wrapStandAloneImageWithinParagraph = false
      [markup.goldmark.parser.attribute]
        block = true

In the above we have also enabled attribute support for Markdown blocks to
illustrate another nice side effect of this; it's now possible to use Markdown
attributes (e.g. CSS classes) on standalone images:

This is an inline image: . Some more text.

{.blue}

The images in the above Markdown example would, given the hook template below, be rendered wrapped in a figure element with the blue CSS class applied in the latter example.

{{ if .IsBlock }}<figure class="{{ .Attributes.class }}"><img src="{{ .Destination | safeURL }}" alt="{{ .Text }}" /></figure>
{{ else }}<img src="{{ .Destination | safeURL }}" alt="{{ .Text }}" />{{ end }}

Two new fields are added to the render context passed to image render hooks:
    IsBlock: Returns true if this is a standalone image and the config option
    markup.goldmark.parser.wrapStandAloneImageWithinParagraph is disabled.
    Ordinal: Zero-based ordinal for all the images in the current document.

Bug fixes
    common/hugio: Fix multiWriteCloser.Close 5067775 @bep #10505
    tpl/collections: Fix some index cases where the indices given is a slice and be more lenient with nil inputs d373774 @bep #10489

Improvements
    Make the hugo env non verbose output slightly more verbose f97544a @bep
    Add dart-sass-embedded version info to hugo env -v d8efe08 @bep
    tpl/embedded: Make Open Graph's series optional b82b547 @razonyang
    dartsass: Add sourceMapIncludeSources option e93138d @bep
    github: Update Dart Sass Embedded to 1.56.1 7d16c3c @bep
    markup/goldmark: Add removeSurroundingParagraph for Markdown images 63126c6 @bep #8362 #10492 #10494 #10501
    tpl/tplimpl: Allow alternate comment syntax 0b976d2 @jmooring #10495
    resources: Increase timeout for http.Client a49e51f @dirtymew #10478
    config/security: Add CI env var to whitelist dc44bca @septs
    tpl: Use consistent delimiter spacing in examples b8d5c37 @jmooring

Dependency Updates
    deps: Upgrade github.com/bep/godartsass v0.15.0 => v0.16.0 f5b5b71 @bep
    build(deps): bump github.com/getkin/kin-openapi from 0.109.0 to 0.110.0 50549c8 @dependabot[bot]
    build(deps): bump github.com/evanw/esbuild from 0.15.16 to 0.15.18 535ea8c @dependabot[bot]
    build(deps): bump golang.org/x/text from 0.4.0 to 0.5.0 8bbec42 @dependabot[bot]
    build(deps): bump github.com/evanw/esbuild from 0.15.15 to 0.15.16 0bfa293 @dependabot[bot]
    deps: Upgrade github.com/bep/godartsass v0.14.0 => v0.15.0 83080df @bep

Documentation
    docs: Add basic doc for wrapStandAloneImageWithinParagraph etc. de9c554 @bep #10492
    tpl: Misco GoDoc improvements 7d5e3ab @bep
    docs: Regen docs helper 75f782a @bep

v0.107.0
This release is mostly interesting if you do code highlighting. We fixed a
bottle neck which should show a significant performance boost for sites using
code highlighting. Hugo's gohugo.io docs site builds ~20% faster. Also, Chroma,
the highlighting library, is upgraded to v2.4.0 with new lexers and lots of
improvements.

Bug fixes
    hugo/parser: Fix shortcode boolean param parsing 00fe7e0 @jmooring #10451

Improvements
    Add a cache for lexers.Get 7855b47 @bep
    markup/goldmark: Improve benchmark 34d1150 @bep
    commands: Create assets directory with new site 85e2ac1 @jmooring #10460

Dependency Updates
    build(deps): bump github.com/getkin/kin-openapi from 0.108.0 to 0.109.0 6a004b8 @dependabot[bot]
    build(deps): bump github.com/evanw/esbuild from 0.15.14 to 0.15.15 0923622 @dependabot[bot]
    build(deps): bump github.com/frankban/quicktest from 1.14.3 to 1.14.4 7477672 @dependabot[bot]
    build(deps): bump golang.org/x/tools from 0.2.0 to 0.3.0 63f7f0f @dependabot[bot]
    deps: Upgrade github.com/alecthomas/chroma/v2 v2.4.0 bcb62d8 @bep

v0.106.0
Bug fixes
    Fix taxonomy weight sort regression 52ea07d @bep #10406
    tlp/resources: resources.Get returns nil when given empty string db945a6 @shifterbit
    tpl/internal: Sync go_templates f6ab955 @bep #10411

Dependency Updates
    build(deps): bump github.com/pelletier/go-toml/v2 from 2.0.4 to 2.0.6 bafb389 @dependabot[bot]
    build(deps): bump github.com/evanw/esbuild from 0.15.13 to 0.15.14 cdd83bf @dependabot[bot]
    deps: Update the libweb version string e00220a @bep
    deps: Upgrade github.com/bep/gowebp v0.1.0 => v0.2.0 a662dda @bep
    build(deps): bump github.com/yuin/goldmark from 1.5.2 to 1.5.3 fe08d35 @dependabot[bot]
    build(deps): bump github.com/spf13/afero from 1.9.2 to 1.9.3 4b675dd @dependabot[bot]
    build(deps): bump github.com/getkin/kin-openapi from 0.107.0 to 0.108.0 24eaa29 @dependabot[bot]
    build(deps): bump github.com/clbanning/mxj/v2 from 2.5.6 to 2.5.7 58a98c7 @dependabot[bot]
    build(deps): bump golang.org/x/net from 0.1.0 to 0.2.0 900904f @dependabot[bot]
    build(deps): bump github.com/evanw/esbuild from 0.15.12 to 0.15.13 24eca0c @dependabot[bot]

Documentation
    docs: Regen CLI docs 0a019a1 @bep
    docs: Regenerate docs helper 9f7fb0a @bep
    Add Go 1.16+ install method to README 60e0e2c @vgnh
    readme: Update ToC 13adf3e @vgnh

v0.105.0
Bug fixes
    Avoid nilpointer when shortcode page content output nil e5d2a8f @davidejones #10391
    Revise the fix for shortcode vs output format nilpointer 631d768 @bep #10391

Improvements
    livereload: Use text/javascript here, too 00ff161 @bep
    media: Rename application/javascript, application/typescript to text/javascript etc. 588710a @bep
    Skip flakey server tests on GitHub Action on Windows 20ef6dc @bep
    github: Avoid duplicate test runs d1cd1db @bep
    tpl/encoding: Add noHTMLEscape option to jsonify 09e1011 @bep
    Don't use self-closing generator tag 01ebb6e @djibe
    github: Use SHA versions 1fd3320 @bep
    Resolve dependency-path not found error in workflow 0fb2b3d @jongwooo
    Use setup-go action to cache dependencies db05232 @jongwooo

Dependency Updates
    build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 f505854 @dependabot[bot]
    build(deps): bump github.com/getkin/kin-openapi from 0.106.0 to 0.107.0 2aedccc @dependabot[bot]
    build(deps): bump golang.org/x/text from 0.3.7 to 0.4.0 c109314 @dependabot[bot]
    build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.1 4732c47 @dependabot[bot]
    build(deps): bump github.com/getkin/kin-openapi from 0.103.0 to 0.106.0 62780ec @dependabot[bot]
    build(deps): bump github.com/tdewolff/minify/v2 from 2.12.1 to 2.12.4 351d6b0 @dependabot[bot]
    build(deps): bump github.com/yuin/goldmark from 1.4.15 to 1.5.2 ed930db @dependabot[bot]
    build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 05df964 @dependabot[bot]
    build(deps): bump github.com/magefile/mage from 1.13.0 to 1.14.0 9860e0e @dependabot[bot]
    build(deps): bump github.com/evanw/esbuild from 0.15.9 to 0.15.12 2ef60db @dependabot[bot]

Documentation
    Update Go and Alpine version in Dockerfile 6275aad @wind0r

Build Setup
    build: Update to Go 1.19.2 a066e98 @bep

v0.104.3
What's Changed
Note that none of the fixes below are regressions from v0.104.*; the first one,
the GIF fix, comes from v0.101, back when we added support for processing
animated GIFs.

    resources/images: Fix 2 animated GIF resize issues 3a9cb7b @bep #10354
    server: Fix flaky TestServerPathEncodingIssues tests 0addb30 @anthonyfok #10332
    commands: Remove extraneous newline from result of convert toTOML b002d47 @jmooring #10351
    config/security: Fix filename e3f3135 @felicianotech

v0.104.2
Fix htimes /: operation not permitted error on config changes when running the
server. This regression was introduced in Hugo v0.104.1 4611b69 @bep

v0.104.1
What's Changed
    Fix /static performance regression from Hugo 0.103.0 29ccb36 @bep #10328

v0.104.0
Some bug fixes, dependency upgrades and a new $image.Colors method. This method
returns a slice of the most dominant colors in an image. The library we use is
implemented by @marekm4 and is both fast and accurate. One use case for this may
be to use as a placeholder before the image is loaded, as seen on this Hugo
gallery [theme source]. You need a slow enough internet connection to notice
this effect so you may want to try this with Chrome's dev console open and
throttle the network to slow 3G, which would make it look something like this.

Bug fixes
    hugofs: Fix glob case-sensitivity bug 281554e @satotake
    server: Fix 404 redirects on Windows f3560aa @bep #10314

Improvements
    Consolidate the glob case logic 5c41653 @bep
    Run go mod tidy 0171fb2 @bep
    resources/images: Add $image.Colors a402811 @bep #10307
    commands: Skip flaky test on CI 08f0984 @bep
    config/security: Allow proxy variables in subcommands 86653fa @sathieu

Dependency Updates
    build(deps): bump github.com/evanw/esbuild from 0.15.8 to 0.15.9 edf9038 @dependabot[bot]
    build(deps): bump github.com/yuin/goldmark from 1.4.14 to 1.4.15 78f49b4 @dependabot[bot]
    build(deps): bump github.com/getkin/kin-openapi from 0.100.0 to 0.103.0 fa4b77e @dependabot[bot]
    build(deps): bump github.com/alecthomas/chroma/v2 from 2.2.0 to 2.3.0 4d909d4 @dependabot[bot]
    build(deps): bump github.com/evanw/esbuild from 0.15.7 to 0.15.8 4eb6d97 @dependabot[bot]

Documentation
    docs: Regen docs helper 8377c3c @bep
    docs: Regenerate CLI docs 4f9cb4f @bep

v0.103.1
What's Changed
    server: Fix redirects when file path contains bytes > 0x80 or whitespace 6be6752 @bep #10287

v0.103.0
There are 3 main topics in this release:
    The hugo server finally comes with proper 404 support.
    You can now use PostProcess'ed resources in all file types (e.g. JSON), not
    just HTML.
    We have standardised the archive names for the release archives (as you can
    see further below). Hugo has since the first version used a rather odd and
    non-standard mixed case naming of the archive files
    (e.g. hugo_0.102.3_OpenBSD-64bit.tar.gz). We now use the standard
    GOOS/GOARCH values as-is, which makes it easier for people to script
    against. To avoid breakage when running on Netlify and similar, we create
    aliases for the most commonly downloaded Linux-archives on the old format
    and will continue to do so in the foreseeable future.

Bug fixes
    Fix usage description ab5ce59 @satotake
    scss: Handle single-file sourcemaps correctly 02c89a4 @toothrot #8174

Improvements
    Filter out any duplicate files to post process 8e77bcc @bep #10269
    Support PostProcess for all file types 74daca6 @bep #10269
    server: Add 404 support a5cda5c @bep
    Add --force to hugo new 7d40da8 @satotake #9243
    Update stale.yml 5e03de0 @sashashura

Dependency Updates
    build(deps): bump github.com/gobuffalo/flect from 0.2.5 to 0.3.0 1fd4c56 @dependabot[bot]
    build(deps): bump github.com/getkin/kin-openapi from 0.98.0 to 0.100.0 5e2b28d @dependabot[bot]
    build(deps): bump github.com/evanw/esbuild from 0.15.5 to 0.15.7 f2019f0 @dependabot[bot]
    build(deps): bump github.com/yuin/goldmark from 1.4.13 to 1.4.14 475638f @dependabot[bot]

Build Setup
    Use standard GOOS/GOARCH values in release archives 3f0b40f @bep #10073
    release: Bump Hugoreleaser version 06c3ac6 @bep

v0.102.3
What's Changed
    Fix shortcode parser regression with quoted param values 8e5044d @bep #10236

v0.102.2
What's Changed
    deps: Update github.com/tdewolff/minify/v2 v2.12.0 => v2.12.1 5046a6c @jmooring #10230

v0.102.1
What's Changed
    release: Fix the Deb archives 79932e7 @bep #10220

v0.102.0

Note: there were an issue with the Deb Linux binaries (see #10220), so those
are now removed; will create a patch release with a fresh set later today.

This release adds Linux ARM64 extended archives (see issue #8257). If you look
behind the scenes of this, you may say that "this looks like a lot of work for
one file", but the current serial build setup was already closing in on the
timeout limits of CircleCI (mostly because of the relatively resource-intensive
extended build with CGO/webp/libsass). So, we eventually had to do something.
This release is built using Hugoreleaser, a custom build tool that allows us to
partition the build step. The Linux ARM64 binaries are built in its own Docker
container, and we also get a general speedup of the entire build:

Notes
    The MacOS archives have been replaced with universal/fat binaries that
    works on all MacOS platforms, named *macOS-universal.tar.gz.
    These archives are removed: 32 bit Linux archives, Windows 32-bit and ARM,
    Linux ARM Deb. We may re-add some of these if enough people shout.

Bug fixes
    common/hugio: One more fix for non-OS fs f5ba6fd @bep
    common/hugio: Fix CopyDir when fs is not OS c4bbc1e @bep
    markup/goldmark/codeblock: Fix attributes when no language identifier in CodeBlock cbdaff2 @chick-p #10118
    commands: Fix embed in livereload.go 3fefea0 @yyqqing

Improvements
    license: Add copyright info c983484 @bep #10218
    github: Use GitHub's Choco-Install function to retry installs f7e00c0 @anthonyfok
    livereload: Inject script without head or body tag b017f7c @satotake #10105
    Externalise and embed livereload.js string 21562e3 @satotake
    Cache when not found in LookupLayout 9c24b86 @bep
    parser/pageparser: Don't store the byte slices 223bf28 @bep
    Make the baseline benchmark's test files stable 72b0ccd @bep
    Accept vendor-specified build date if .git/ is unavailable 8ebcaa5 @anthonyfok #10053
    Extract the baseline benchmark to a test d1278f6 @bep
    Add a baseline benchmark 92f31ae @bep

Dependency Updates
    build(deps): bump go.uber.org/atomic from 1.9.0 to 1.10.0 2de393c @dependabot[bot]
    build(deps): bump github.com/kyokomi/emoji/v2 from 2.2.9 to 2.2.10 7efb356 @dependabot[bot]
    build(deps): bump github.com/getkin/kin-openapi from 0.97.0 to 0.98.0 ddbcc67 @dependabot[bot]
    deps: Update github.com/pelletier/go-toml/v2 v2.0.2 => v2.0.4 fd75f12 @bep #10210
    build(deps): bump github.com/spf13/afero from 1.8.2 to 1.9.2 14878ca @dependabot[bot]
    build(deps): bump github.com/tdewolff/parse/v2 from 2.6.1 to 2.6.2 e88873b @dependabot[bot]
    build(deps): bump github.com/mattn/go-isatty from 0.0.14 to 0.0.16 4219993 @dependabot[bot]
    build(deps): bump github.com/rogpeppe/go-internal from 1.8.1 to 1.9.0 988e141 @dependabot[bot]
    build(deps): bump github.com/yuin/goldmark from 1.4.12 to 1.4.13 4252988 @dependabot[bot]
    build(deps): bump github.com/spf13/cobra from 1.4.0 to 1.5.0 45f1b1c @dependabot[bot]
    build(deps): bump github.com/tdewolff/minify/v2 from 2.11.10 to 2.12.0 369bdf2 @dependabot[bot]
    build(deps): bump github.com/evanw/esbuild from 0.14.43 to 0.15.5 d1b03a0 @dependabot[bot]

Build Setup
    releaser: Bump versions for release of 0.102.0 0ff4a93 @bep
    Add linux/arm64 extended to release setup 45e1084 @bep #8257
    snap: Delete obsolete custom x-nodejs plugins 0e0fb1b @anthonyfok
    releaser: Fat MacOS binaries 7fb2808 @bep #9131
    Update to Go 1.19 0cd1929 @bep #10145
    snap: Replace mage with "go build" and set VendorInfo=snap 2414819 @anthonyfok
    snap: Use interface names etc-gitconfig and gitconfig, Take 2 5caed8a @anthonyfok #6226
    snap: Use interface names etc-gitconfig and gitconfig fd3953c @anthonyfok #6226
    releaser: Prepare repository for 0.102.0-DEV 15463f8 @bep

Documentation
    readme: Add Golang URL to Go links 941c28a @reecerussell
    Update README.md ffbdcc7 @bep
    Update README.md 95d9764 @bep
    Update README.md b66f9f2 @bep
    Update README.md 5c48ba9 @bep #10136

(nikita)

go: Fix path for bootstrap kit

* Fix lang/go120 build.

(ryoon)

doc: Added devel/go-swagger version 0.30.4

(nikita)

devel/go-swagger: Import go-swagger version 0.30.4

Swagger is a simple yet powerful representation of your RESTful API and
go-swagger brings to the Go community a complete suite of fully-featured,
high-performance, API components to work with a Swagger API: server, client and
data model.

Swagger provides a Go implementation of Swagger 2.0 (also known as OpenAPI 2.0).

(nikita)

lbX11: fix build on NetBSD 9 with modular X

(wiz)

doc/TODO: + openttd-13.0.

(wiz)

doc: Updated lang/gleam to 0.26.2

(nikita)

gleam: Update to version 0.26.2

ChangeLog:

v0.26.2 - 2023-02-03
    The formatter now wraps long | patterns in case clauses over multiple lines.
    Fixed a bug where unlabelled function arguments could be declared after
    labelled ones.
    A broken link was removed from the error messages.
    Fixed a bug where using a qualified imported record constructor function as
    a value would produce invalid Erlang code if the name of the record variant
    was an Erlang reserved word.

v0.26.1 - 2023-01-22
    New projects now require gleeunit v0.10.
    Rebar3 dependency projects are now compiled in-place. This fixes an issue
    where some NIF using projects would fail to boot due to some paths not
    being copied to the build directory.
    An error is now emitted if a list spread expression is written without a
    tail value.
    An error is now emitted when a function is defined with multiple arguments
    with the same name.
    The error message emitted when a let does not match all possible values has
    been improved.
    Fixed a bug where the language server wouldn't analyse test code.
    Fixed a bug where assert expressions can generate invalid Erlang.
    Fixed a bug where assert expressions can generate Erlang that emits a
    warning.
    Fixed a bug where arguments would be passed incorrectly to Deno.
    Fixed a bug where defining variables that shadow external functions could
    generate invalid JavaScript.

(nikita)

doc: Updated audio/spotify-player to 0.11.1

(pin)

audio/spotify-player: update to 0.11.1

What's Changed
- Fix playback_progress_bar component style not working in #121

(pin)

doc/TODO: sudo updated

- sudo-1.9.12p2.

(taca)

doc: Updated security/sudo to 1.9.12p2

(taca)

security/sudo: update to 1.9.12p2

1.9.12.p2 (2023-01-18)

* Fixed a compilation error on Linux/aarch64.  GitHub issue #197.

* Fixed a potential crash introduced in the fix for GitHub issue #134.
  If a user's sudoers entry did not have any RunAs user's set,
  running "sudo -U otheruser -l" would dereference a NULL pointer.

* Fixed a bug introduced in sudo 1.9.12 that could prevent sudo
  from creating a I/O files when the "iolog_file" sudoers setting
  contains six or more Xs.

* Fixed CVE-2023-22809, a flaw in sudo's -e option (aka sudoedit)
  that coud allow a malicious user with sudoedit privileges to
  edit arbitrary files.

(taca)

Updated www/py-websocket-client, net/rabbitmq-c

(adam)

rabbitmq-c: updated to 0.13.0

v0.13.0

Fixed missing option to not install static library
Missing pkgconfig version in v0.12.0 output
Correct return value from amqp_ssl_socket_set_key_buffer

Changed

Remove OpenSSL code no longer needed when used with OpenSSL >= 1.1.0.

Added

Integration with OSS-Fuzz

(adam)

py-websocket-client: updated to 1.5.1

1.5.1
- Fix logic bug that can cause disconnects

1.5.0
- Refactor and improve ping/pong logic to resolve several issues, including an infinite loop issue during reconnect
- Fix issue where `skip_utf8_validation = True` is ignored
- Fix issue where sslopt `is_ssl` is ignored
- Downgrade "websocket connected" message from logging.warning to logging.info
- Update github actions to newer versions (669fe1b)

1.4.2
- create_dispatcher is determined by URL ws/wss, NOT by presence of sslopt args, to maintain consistency
- Remove redundant key generation line
- Updated docs to fix old links and updated CI to include Python 3.11

1.4.1
- Fix stack growth bug when `run_forever` reconnects
- Add doctest CI for sphinx docs code examples (d150099)
- General docs improvements

1.4.0
- Fix automatic reconnect with `run_forever`
- Allow a timeout to be set when using a proxy

(adam)

doc: Updated security/flawfinder to 2.0.19

(nros)

Update flawfinder to version 2.0.19

The reason for the update is to get this package to work,
version 1.31 crashed when I tried it, version 2.0.19 works.

Changes from changelog:

2021-08-29 David A. Wheeler
* Version 2.0.19
* Fix so we send error messages to stderr instead of stdout.
  Originally we sent some to stdout by mistake, which could
  mess up results since the error messages would be mixed up
  with the results.

2021-06-24 David A. Wheeler
* Version 2.0.18
* Fix SARIF output. SARIF output is new to flawfinder, and
  there was a subtle error in its generation that causes GitHub
  to reject the SARIF file.

2021-06-02 David A. Wheeler
* Version 2.0.17
* Fix the distributed tarball, which didn't include the
  key source file due to the earlier file restructure.
* Minor code style fix, which simplifies the code slightly.
* Update date in manual page to 2021. That's important because
  the documentation now includes information on `--sarif`.

2021-05-31 David A. Wheeler
* Version 2.0.16
* The distributed source file is now flawfinder.py, not flawfinder.
  This is part of a change that improves
  improve cross-platform ease-of-use by using entry_points.
  That said, "make install" will still
  install it as "flawfinder" (so those who install it via
  "make install" will see no change). Many thanks to Ben Spoor!
* Added support for generating SARIF output, use --sarif.
  A big thanks to Yong Yan for this work!
* Track curly brace level to reduce some problems, my thanks to
  Greg Myers for the work!
* Improved handling of Git patch format, thanks to
  Robin Geffroy.

2021-01-11 David A. Wheeler
* Version 2.0.15
* Fixed some release problems in 2.0.14.
* Improved handling of LoadLibraryEx; flawfinderr no longer complains
  about certain constructs that are known to be safe (eliminating
  some false positives).

2021-01-09 David A. Wheeler
* Version 2.0.14
* If there are >0 hits, tell users how to ignore them as part of the
  tool output.
* Various Windows improvments.
  Ignore LoadLibraryEx if its third parameter is
  LOAD_LIBRARY_SEARCH_SYSTEM32, as this is safe, and
  remove the rule for InitialCriticalSection
  (this is no longer a vulnerability on current widely-used versions
  of Windows)
* Various C++ improvements.  Add .hpp support for C++,
  ignore "system::" to reduce false positives,
  treat ' as digit separator when file extension is a C++ file
  (for C++14).
* I had some release problems; this is identified as 2.0.14
  (skipping a few minor numbers) to ensure that the version
  number uniquely identifies a specific release.

2020-02-17 David A. Wheeler
* Version 2.0.11
* Provide a much more detailed error report, including recommended
  solutions, when character encoding problems hit.
  As Python3 has slowly gained in popularity, its failure to provide
  useful built-ins to handle real-world character encoding problems
  hurts more people. (E.g., many files don't comply with *any*
  character set encoding standard, and Python3 can't read them
  without enabling options that are wrong for others.)
  We can at least provide much more detailed feedback to help
  explain the various options available.

2019-06-22 David A. Wheeler
* Version 2.0.10
* Use binary mode when reading a diffhitlist.
  My thanks to Michał Górny, who both reported the problem
  and provided the patch!

2019-05-19 David A. Wheeler
* Version 2.0.9
* Fixes a serious defect in --diffhitlist

2019-05-17 Labidurie Jerome
* Fixed a serious defect in --diffhitlist option and added a unit test

2019-01-21 David A. Wheeler <dwheeler, at, dwheeler.com>
* Version 2.0.8
* Don't warn if memcpy call includes sizeof(first arg).
  Thanks to Michael Clark for this improvement!
* Bugfix (banned function _ftcsat should be _ftcscat).
  Thanks to Lucas Ramage for reporting this!
* Documentation tweaks. Make it clear that GitHub issues and
  pull requests are supported, and use ~~~~ in markdown
  to ease copy-and-paste from documentation.

2018-09-30 David A. Wheeler <dwheeler, at, dwheeler.com>
* Incorporate many small improvements from nickthetait
* Fix a number of bugs reported by philipp
* Update URLs for www.dwheeler.com -> dwheeler.com

2018-04-04 David A. Wheeler <dwheeler, at, dwheeler.com>
* Version 2.0.6

2018-01-26 David A. Wheeler <dwheeler, at, dwheeler.com>
* Small fixes
* Update cwe.mitre.org URLs to use https

2017-11-16 David A. Wheeler <dwheeler, at, dwheeler.com>
* add detection of crypt_r function
* add detection of errant equal, mismatch, and is_permutation
* update CWE, risk, and discussion for C++14 STL functions
* Always report hit counts correctly, even if ignored using -m
* Update www.dwheeler.com URLs to use https

2017-09-02 David A. Wheeler <dwheeler, at, dwheeler.com>
* Version 2.0.4
* Switch from distutils to setuptools
* Directly support "pip" installs

2017-08-26 David A. Wheeler <dwheeler, at, dwheeler.com>
* Version 2.0.2
* Flawfinder can now run on either Python 2.7 or 3
* Added more tests
* Implemented additional code cleanups recommended by Pylint
* Modified documentation in various ways to clarify things

2017-08-13 David A. Wheeler <dwheeler, at, dwheeler.com>
* Version 2.0.1
* Tranform many internal constructs to work on Python 2 or 3,
          with the eventual goal of making it run on either.

2017-07-29 David A. Wheeler <dwheeler, at, dwheeler.com>
* Version 2.0.0
* Change version numbers to use Semantic Versioning (x.y.z)
* Add support for generating CSV (comma-separated value) format,
  to make this tool easier to integrate into larger toolsuites.
* Fixed a number of issues - and even a few bugs - found by the
  Python static analysis tool pylint.
* Document in CONTRIBUTING.md how to contribute to the project.
* Change version number to 2.0.0, because we have a subtle
  interface change that won't affect most people but it
  *may* affect those who use postprocess
  flawfinder data on CWEs. The fundamental issue is that
  in some cases a hit corresponds to multiple CWEs. As a result,
  in some cases flawfinder will list a sequence of CWEs
  in the format "more-general/more-specific", where the CWE actually
  being mapped is followed by a "!".
  This is always done whenever a flaw is not mapped directly to
  a top 25 CWE, but the mapping is related to such a CWE.
  So "CWE-119!/CWE-120" means that the vulnerability is mapped
  to CWE-119 and that CWE-120 is a subset of CWE-119.
  In contrast, "CWE-362/CWE-367!" means that the hit is mapped to
  CWE-367, a subset of CWE-362.
  Note that this is a subtle syntax change from flawfinder
  version 1.31; in flawfinder version 1.31,
  the form "more-general:more-specific" meant what is now listed as
  "more-general!/more-specific", while
  "more-general/more-specific" meant "more-general/more-specific!".
  Tools can handle both the version 1.31 and the current format,
  if they wish, by noting that the older format did not use "!" at all.
  These mapping mechanisms simplify searching for certain CWEs.

(nros)

doc: Updated emulators/mgba to 0.10.1

(nia)

mgba: update to 0.10.1

0.10.1: (2022-01-10)
Emulation fixes:
- GB Audio: Fix channels 1/2 not playing when resetting volume (fixes mgba.io/i/2614)
- GB Audio: Fix channel 3 volume being changed between samples (fixes mgba.io/i/1896)
- GB Audio: Fix up boot sequence
- GB Audio: Fix updating channels other than 2 when writing NR5x
- GB BIOS: Include timing in degenerate ArcTan2 cases (fixes mgba.io/i/2763)
- GB Memory: Actually, HDMAs should start when LCD is off (fixes mgba.io/i/2662)
- GB Serialize: Don't write BGP/OBP when loading SCGB state (fixes mgba.io/i/2694)
- GB SIO: Further fix bidirectional transfer starting
- GBA: Fix resetting key IRQ state (fixes mgba.io/i/2716)
- GBA Video: Ignore disabled backgrounds as OBJ blend target (fixes mgba.io/i/2489)
Other fixes:
- GBA: Fix forceskip BIOS logic for multiboot ROMs (fixes mgba.io/i/2753)
- GBA Cheats: Fix issues detecting unencrypted cheats (fixes mgba.io/i/2724)
- Qt: Manually split filename to avoid overzealous splitting (fixes mgba.io/i/2681)
- Qt: Fix scanning specific e-Reader dotcodes (fixes mgba.io/i/2693)
- Qt: Don't re-enable sync if GBA link modes aren't the same (fixes mgba.io/i/2044)
- Qt: Improve handling of multiplayer syncing (fixes mgba.io/i/2720)
- Qt: Fix initializing update revision info
- Qt: Redo stable branch detection heuristic (fixes mgba.io/i/2679)
- Res: Fix species name location in Ruby/Sapphire revs 1/2 (fixes mgba.io/i/2685)
- VFS: Fix minizip write returning 0 on success instead of size
Misc:
- macOS: Add category to plist (closes mgba.io/i/2691)
- macOS: Fix modern build with libepoxy (fixes mgba.io/i/2700)
- Qt: Keep track of current palette preset name (fixes mgba.io/i/2680)
- Qt: Move OpenGL proxy onto its own thread (fixes mgba.io/i/2493)

(nia)

doc: Updated audio/spek to 0.8.5

(wiz)

spek: update to 0.8.5.

New Features And Enhancements

New features since 0.8.2:

    Upgrade to FFmpeg 5.1
    Add 2 more palettes and change the default.
    Allow changing the DFT window size and function.
    Allow switching between audio streams and channels.
    Add translations for 14 additional languages.

Enhancements:

    Remove dependency on intltool.
    Fix FFmpeg build warnings.
    Detect AR tool.
    Use Homebrew for macOS dependencies.
    Improve test coverage.
    Use XDG_CONFIG_HOME on Unix systems.

Bugfixes:

    Remove association with .mod and MIDI files.
    Fix autoconf errors.
    Fix an AVX-related crash.

(wiz)

Updated misc/py-platformdirs

(adam)

py-platformdirs: updated to 2.6.2

platformdirs 2.6.2 (2022-12-28)

Fix missing typing-extensions dependency.

platformdirs 2.6.1 (2022-12-28)

Add detection of $PREFIX for android.

platformdirs 2.6.0 (2022-12-06)

BREAKING Correct the log directory on Linux/Unix from XDG_CACHE_HOME to XDG_STATE_HOME per the XDG spec

(adam)

doc: Updated chat/matrix-synapse to 1.76.0

(js)

Update chat/matrix-synapse to 1.76.0

Synapse 1.76.0 (2023-01-31)
===========================

The 1.76 release is the first to enable faster joins ([MSC3706](https://github.com/matrix-org/matrix-spec-proposals/pull/3706) and [MSC3902](https://github.com/matrix-org/matrix-spec-proposals/pull/3902)) by default. Admins can opt-out: see [the upgrade notes](https://github.com/matrix-org/synapse/blob/release-v1.76/docs/upgrade.md#faster-joins-are-enabled-by-default) for more details.

The upgrade from 1.75 to 1.76 changes the account data replication streams in a backwards-incompatible manner. Server operators running a multi-worker deployment should consult [the upgrade notes](https://github.com/matrix-org/synapse/blob/release-v1.76/docs/upgrade.md#changes-to-the-account-data-replication-streams).

Those who are `poetry install`ing from source using our lockfile should ensure their poetry version is 1.3.2 or higher; [see upgrade notes](https://github.com/matrix-org/synapse/blob/release-v1.76/docs/upgrade.md#minimum-version-of-poetry-is-now-132).

Notes on faster joins
---------------------

The faster joins project sees the most benefit when joining a room with a large number of members (joined or historical). We expect it to be particularly useful for joining large public rooms like the [Matrix HQ](https://matrix.to/#/#matrix:matrix.org) or [Synapse Admins](https://matrix.to/#/#synapse:matrix.org) rooms.

After a faster join, Synapse considers that room "partially joined". In this state, you should be able to

- read incoming messages;
- see incoming state changes, e.g. room topic changes; and
- send messages, if the room is unencrypted.

Synapse has to spend more effort to complete the join in the background. Once this finishes, you will be able to

- send messages, if the room is in encrypted;
- retrieve room history from before your join, if permitted by the room settings; and
- access the full list of room members.

Improved Documentation
----------------------

- Describe the ideas and the internal machinery behind faster joins. ([\#14677](https://github.com/matrix-org/synapse/issues/14677))

Synapse 1.76.0rc2 (2023-01-27)
==============================

Bugfixes
--------

- Faster joins: Fix a bug introduced in Synapse 1.69 where device list EDUs could fail to be handled after a restart when a faster join sync is in progress. ([\#14914](https://github.com/matrix-org/synapse/issues/14914))

Internal Changes
----------------

- Faster joins: Improve performance of looking up partial-state status of rooms. ([\#14917](https://github.com/matrix-org/synapse/issues/14917))

Synapse 1.76.0rc1 (2023-01-25)
==============================

Features
--------

- Update the default room version to [v10](https://spec.matrix.org/v1.5/rooms/v10/) ([MSC 3904](https://github.com/matrix-org/matrix-spec-proposals/pull/3904)). Contributed by @FSG-Cat. ([\#14111](https://github.com/matrix-org/synapse/issues/14111))
- Add a `set_displayname()` method to the module API for setting a user's display name. ([\#14629](https://github.com/matrix-org/synapse/issues/14629))
- Add a dedicated listener configuration for `health` endpoint. ([\#14747](https://github.com/matrix-org/synapse/issues/14747))
- Implement support for [MSC3890](https://github.com/matrix-org/matrix-spec-proposals/pull/3890): Remotely silence local notifications. ([\#14775](https://github.com/matrix-org/synapse/issues/14775))
- Implement experimental support for [MSC3930](https://github.com/matrix-org/matrix-spec-proposals/pull/3930): Push rules for ([MSC3381](https://github.com/matrix-org/matrix-spec-proposals/pull/3381)) Polls. ([\#14787](https://github.com/matrix-org/synapse/issues/14787))
- Per [MSC3925](https://github.com/matrix-org/matrix-spec-proposals/pull/3925), bundle the whole of the replacement with any edited events, and optionally inhibit server-side replacement. ([\#14811](https://github.com/matrix-org/synapse/issues/14811))
- Faster joins: always serve a partial join response to servers that request it with the stable query param. ([\#14839](https://github.com/matrix-org/synapse/issues/14839))
- Faster joins: allow non-lazy-loading ("eager") syncs to complete after a partial join by omitting partial state rooms until they become fully stated. ([\#14870](https://github.com/matrix-org/synapse/issues/14870))
- Faster joins: request partial joins by default. Admins can opt-out of this for the time being---see the upgrade notes. ([\#14905](https://github.com/matrix-org/synapse/issues/14905))

Bugfixes
--------

- Add index to improve performance of the `/timestamp_to_event` endpoint used for jumping to a specific date in the timeline of a room. ([\#14799](https://github.com/matrix-org/synapse/issues/14799))
- Fix a long-standing bug where Synapse would exhaust the stack when processing many federation requests where the remote homeserver has disconencted early. ([\#14812](https://github.com/matrix-org/synapse/issues/14812), [\#14842](https://github.com/matrix-org/synapse/issues/14842))
- Fix rare races when using workers. ([\#14820](https://github.com/matrix-org/synapse/issues/14820))
- Fix a bug introduced in Synapse 1.64.0 when using room version 10 with frozen events enabled. ([\#14864](https://github.com/matrix-org/synapse/issues/14864))
- Fix a long-standing bug where the `populate_room_stats` background job could fail on broken rooms. ([\#14873](https://github.com/matrix-org/synapse/issues/14873))
- Faster joins: Fix a bug in worker deployments where the room stats and user directory would not get updated when finishing a fast join until another event is sent or received. ([\#14874](https://github.com/matrix-org/synapse/issues/14874))
- Faster joins: Fix incompatibility with joins into restricted rooms where no local users have the ability to invite. ([\#14882](https://github.com/matrix-org/synapse/issues/14882))
- Fix a regression introduced in Synapse 1.69.0 which can result in database corruption when database migrations are interrupted on sqlite. ([\#14910](https://github.com/matrix-org/synapse/issues/14910))

Updates to the Docker image
---------------------------

- Bump default Python version in the Dockerfile from 3.9 to 3.11. ([\#14875](https://github.com/matrix-org/synapse/issues/14875))

Improved Documentation
----------------------

- Include `x_forwarded` entry in the HTTP listener example configs and remove the remaining `worker_main_http_uri` entries. ([\#14667](https://github.com/matrix-org/synapse/issues/14667))
- Remove duplicate commands from the Code Style documentation page; point to the Contributing Guide instead. ([\#14773](https://github.com/matrix-org/synapse/issues/14773))
- Add missing documentation for `tag` to `listeners` section. ([\#14803](https://github.com/matrix-org/synapse/issues/14803))
- Updated documentation in configuration manual for `user_directory.search_all_users`. ([\#14818](https://github.com/matrix-org/synapse/issues/14818))
- Add `worker_manhole` to configuration manual. ([\#14824](https://github.com/matrix-org/synapse/issues/14824))
- Fix the example config missing the `id` field in [application service documentation](https://matrix-org.github.io/synapse/latest/application_services.html). ([\#14845](https://github.com/matrix-org/synapse/issues/14845))
- Minor corrections to the logging configuration documentation. ([\#14868](https://github.com/matrix-org/synapse/issues/14868))
- Document the export user data command. Contributed by @thezaidbintariq. ([\#14883](https://github.com/matrix-org/synapse/issues/14883))

Deprecations and Removals
-------------------------

- Poetry 1.3.2 or higher is now required when `poetry install`ing from source. ([\#14860](https://github.com/matrix-org/synapse/issues/14860))

Internal Changes
----------------

- Faster remote room joins (worker mode): do not populate external hosts-in-room cache when sending events as this requires blocking for full state. ([\#14749](https://github.com/matrix-org/synapse/issues/14749))
- Enable Complement tests for Faster Remote Room Joins against worker-mode Synapse. ([\#14752](https://github.com/matrix-org/synapse/issues/14752))
- Add some clarifying comments and refactor a portion of the `Keyring` class for readability. ([\#14804](https://github.com/matrix-org/synapse/issues/14804))
- Add local poetry config files (`poetry.toml`) to `.gitignore`. ([\#14807](https://github.com/matrix-org/synapse/issues/14807))
- Add missing type hints. ([\#14816](https://github.com/matrix-org/synapse/issues/14816), [\#14885](https://github.com/matrix-org/synapse/issues/14885), [\#14889](https://github.com/matrix-org/synapse/issues/14889))
- Refactor push tests. ([\#14819](https://github.com/matrix-org/synapse/issues/14819))
- Re-enable some linting that was disabled when we switched to ruff. ([\#14821](https://github.com/matrix-org/synapse/issues/14821))
- Add `cargo fmt` and `cargo clippy` to the lint script. ([\#14822](https://github.com/matrix-org/synapse/issues/14822))
- Drop unused table `presence`. ([\#14825](https://github.com/matrix-org/synapse/issues/14825))
- Merge the two account data and the two device list replication streams. ([\#14826](https://github.com/matrix-org/synapse/issues/14826), [\#14833](https://github.com/matrix-org/synapse/issues/14833))
- Faster joins: use stable identifiers from [MSC3706](https://github.com/matrix-org/matrix-spec-proposals/pull/3706). ([\#14832](https://github.com/matrix-org/synapse/issues/14832), [\#14841](https://github.com/matrix-org/synapse/issues/14841))
- Add a parameter to control whether the federation client performs a partial state join. ([\#14843](https://github.com/matrix-org/synapse/issues/14843))
- Add check to avoid starting duplicate partial state syncs. ([\#14844](https://github.com/matrix-org/synapse/issues/14844))
- Add an early return when handling no-op presence updates. ([\#14855](https://github.com/matrix-org/synapse/issues/14855))
- Fix `wait_for_stream_position` to correctly wait for the right instance to advance its token. ([\#14856](https://github.com/matrix-org/synapse/issues/14856), [\#14872](https://github.com/matrix-org/synapse/issues/14872))
- Always notify replication when a stream advances automatically. ([\#14877](https://github.com/matrix-org/synapse/issues/14877))
- Reduce max time we wait for stream positions. ([\#14881](https://github.com/matrix-org/synapse/issues/14881))
- Faster joins: allow the resync process more time to fetch `/state` ids. ([\#14912](https://github.com/matrix-org/synapse/issues/14912))
- Bump regex from 1.7.0 to 1.7.1. ([\#14848](https://github.com/matrix-org/synapse/issues/14848))
- Bump peaceiris/actions-gh-pages from 3.9.1 to 3.9.2. ([\#14861](https://github.com/matrix-org/synapse/issues/14861))
- Bump ruff from 0.0.215 to 0.0.224. ([\#14862](https://github.com/matrix-org/synapse/issues/14862))
- Bump types-pillow from 9.4.0.0 to 9.4.0.3. ([\#14863](https://github.com/matrix-org/synapse/issues/14863))
- Bump types-opentracing from 2.4.10 to 2.4.10.1. ([\#14896](https://github.com/matrix-org/synapse/issues/14896))
- Bump ruff from 0.0.224 to 0.0.230. ([\#14897](https://github.com/matrix-org/synapse/issues/14897))
- Bump types-requests from 2.28.11.7 to 2.28.11.8. ([\#14899](https://github.com/matrix-org/synapse/issues/14899))
- Bump types-psycopg2 from 2.9.21.2 to 2.9.21.4. ([\#14900](https://github.com/matrix-org/synapse/issues/14900))
- Bump types-commonmark from 0.9.2 to 0.9.2.1. ([\#14901](https://github.com/matrix-org/synapse/issues/14901))

Synapse 1.75.0 (2023-01-17)
===========================

No significant changes since 1.75.0rc2.

Synapse 1.75.0rc2 (2023-01-12)
==============================

Bugfixes
--------

- Fix a bug introduced in Synapse 1.75.0rc1 where device lists could be miscalculated with some sync filters. ([\#14810](https://github.com/matrix-org/synapse/issues/14810))
- Fix race where calling `/members` or `/state` with an `at` parameter could fail for newly created rooms, when using multiple workers. ([\#14817](https://github.com/matrix-org/synapse/issues/14817))

Synapse 1.75.0rc1 (2023-01-10)
==============================

Features
--------

- Add a `cached` function to `synapse.module_api` that returns a decorator to cache return values of functions. ([\#14663](https://github.com/matrix-org/synapse/issues/14663))
- Add experimental support for [MSC3391](https://github.com/matrix-org/matrix-spec-proposals/pull/3391) (removing account data). ([\#14714](https://github.com/matrix-org/synapse/issues/14714))
- Support [RFC7636](https://datatracker.ietf.org/doc/html/rfc7636) Proof Key for Code Exchange for OAuth single sign-on. ([\#14750](https://github.com/matrix-org/synapse/issues/14750))
- Support non-OpenID compliant userinfo claims for subject and picture. ([\#14753](https://github.com/matrix-org/synapse/issues/14753))
- Improve performance of `/sync` when filtering all rooms, message types, or senders. ([\#14786](https://github.com/matrix-org/synapse/issues/14786))
- Improve performance of the `/hierarchy` endpoint. ([\#14263](https://github.com/matrix-org/synapse/issues/14263))

Bugfixes
--------

- Fix the *MAU Limits* section of the Grafana dashboard relying on a specific `job` name for the workers of a Synapse deployment. ([\#14644](https://github.com/matrix-org/synapse/issues/14644))
- Fix a bug introduced in Synapse 1.70.0 which could cause spurious `UNIQUE constraint failed` errors in the `rotate_notifs` background job. ([\#14669](https://github.com/matrix-org/synapse/issues/14669))
- Ensure stream IDs are always updated after caches get invalidated with workers. Contributed by Nick @ Beeper (@fizzadar). ([\#14723](https://github.com/matrix-org/synapse/issues/14723))
- Remove the unspecced `device` field from `/pushrules` responses. ([\#14727](https://github.com/matrix-org/synapse/issues/14727))
- Fix a bug introduced in Synapse 1.73.0 where the `picture_claim` configured under `oidc_providers` was unused (the default value of `"picture"` was used instead). ([\#14751](https://github.com/matrix-org/synapse/issues/14751))
- Unescape HTML entities in URL preview titles making use of oEmbed responses. ([\#14781](https://github.com/matrix-org/synapse/issues/14781))
- Disable sending confirmation email when 3pid is disabled. ([\#14725](https://github.com/matrix-org/synapse/issues/14725))

Improved Documentation
----------------------

- Declare support for Python 3.11. ([\#14673](https://github.com/matrix-org/synapse/issues/14673))
- Fix `target_memory_usage` being used in the description for the actual `cache_autotune` sub-option `target_cache_memory_usage`. ([\#14674](https://github.com/matrix-org/synapse/issues/14674))
- Move `email` to Server section in config file documentation. ([\#14730](https://github.com/matrix-org/synapse/issues/14730))
- Fix broken links in the Synapse documentation. ([\#14744](https://github.com/matrix-org/synapse/issues/14744))
- Add missing worker settings to shared configuration documentation. ([\#14748](https://github.com/matrix-org/synapse/issues/14748))
- Document using Twitter as a OAuth 2.0 authentication provider. ([\#14778](https://github.com/matrix-org/synapse/issues/14778))
- Fix Synapse 1.74 upgrade notes to correctly explain how to install pyICU when installing Synapse from PyPI. ([\#14797](https://github.com/matrix-org/synapse/issues/14797))
- Update link to towncrier in contribution guide. ([\#14801](https://github.com/matrix-org/synapse/issues/14801))
- Use `htmltest` to check links in the Synapse documentation. ([\#14743](https://github.com/matrix-org/synapse/issues/14743))

Internal Changes
----------------

- Faster remote room joins: stream the un-partial-stating of events over replication. ([\#14545](https://github.com/matrix-org/synapse/issues/14545), [\#14546](https://github.com/matrix-org/synapse/issues/14546))
- Use [ruff](https://github.com/charliermarsh/ruff/) instead of flake8. ([\#14633](https://github.com/matrix-org/synapse/issues/14633), [\#14741](https://github.com/matrix-org/synapse/issues/14741))
- Change `handle_new_client_event` signature so that a 429 does not reach clients on `PartialStateConflictError`, and internally retry when needed instead. ([\#14665](https://github.com/matrix-org/synapse/issues/14665))
- Remove dependency on jQuery on reCAPTCHA page. ([\#14672](https://github.com/matrix-org/synapse/issues/14672))
- Faster joins: make `compute_state_after_events` consistent with other state-fetching functions that take a `StateFilter`. ([\#14676](https://github.com/matrix-org/synapse/issues/14676))
- Add missing type hints. ([\#14680](https://github.com/matrix-org/synapse/issues/14680), [\#14681](https://github.com/matrix-org/synapse/issues/14681), [\#14687](https://github.com/matrix-org/synapse/issues/14687))
- Improve type annotations for the helper methods on a `CachedFunction`. ([\#14685](https://github.com/matrix-org/synapse/issues/14685))
- Check that the SQLite database file exists before porting to PostgreSQL. ([\#14692](https://github.com/matrix-org/synapse/issues/14692))
- Add `.direnv/` directory to .gitignore to prevent local state generated by the [direnv](https://direnv.net/) development tool from being committed. ([\#14707](https://github.com/matrix-org/synapse/issues/14707))
- Batch up replication requests to request the resyncing of remote users's devices. ([\#14716](https://github.com/matrix-org/synapse/issues/14716))
- If debug logging is enabled, log the `msgid`s of any to-device messages that are returned over `/sync`. ([\#14724](https://github.com/matrix-org/synapse/issues/14724))
- Change GHA CI job to follow best practices. ([\#14772](https://github.com/matrix-org/synapse/issues/14772))
- Switch to our fork of `dh-virtualenv` to work around an upstream Python 3.11 incompatibility. ([\#14774](https://github.com/matrix-org/synapse/issues/14774))
- Skip testing built wheels for PyPy 3.7 on Linux x86_64 as we lack new required dependencies in the build environment. ([\#14802](https://github.com/matrix-org/synapse/issues/14802))

### Dependabot updates

<details>

- Bump JasonEtco/create-an-issue from 2.8.1 to 2.8.2. ([\#14693](https://github.com/matrix-org/synapse/issues/14693))
- Bump anyhow from 1.0.66 to 1.0.68. ([\#14694](https://github.com/matrix-org/synapse/issues/14694))
- Bump blake2 from 0.10.5 to 0.10.6. ([\#14695](https://github.com/matrix-org/synapse/issues/14695))
- Bump serde_json from 1.0.89 to 1.0.91. ([\#14696](https://github.com/matrix-org/synapse/issues/14696))
- Bump serde from 1.0.150 to 1.0.151. ([\#14697](https://github.com/matrix-org/synapse/issues/14697))
- Bump lxml from 4.9.1 to 4.9.2. ([\#14698](https://github.com/matrix-org/synapse/issues/14698))
- Bump types-jsonschema from 4.17.0.1 to 4.17.0.2. ([\#14700](https://github.com/matrix-org/synapse/issues/14700))
- Bump sentry-sdk from 1.11.1 to 1.12.0. ([\#14701](https://github.com/matrix-org/synapse/issues/14701))
- Bump types-setuptools from 65.6.0.1 to 65.6.0.2. ([\#14702](https://github.com/matrix-org/synapse/issues/14702))
- Bump minimum PyYAML to 3.13. ([\#14720](https://github.com/matrix-org/synapse/issues/14720))
- Bump JasonEtco/create-an-issue from 2.8.2 to 2.9.1. ([\#14731](https://github.com/matrix-org/synapse/issues/14731))
- Bump towncrier from 22.8.0 to 22.12.0. ([\#14732](https://github.com/matrix-org/synapse/issues/14732))
- Bump isort from 5.10.1 to 5.11.4. ([\#14733](https://github.com/matrix-org/synapse/issues/14733))
- Bump attrs from 22.1.0 to 22.2.0. ([\#14734](https://github.com/matrix-org/synapse/issues/14734))
- Bump black from 22.10.0 to 22.12.0. ([\#14735](https://github.com/matrix-org/synapse/issues/14735))
- Bump sentry-sdk from 1.12.0 to 1.12.1. ([\#14736](https://github.com/matrix-org/synapse/issues/14736))
- Bump setuptools from 65.3.0 to 65.5.1. ([\#14738](https://github.com/matrix-org/synapse/issues/14738))
- Bump serde from 1.0.151 to 1.0.152. ([\#14758](https://github.com/matrix-org/synapse/issues/14758))
- Bump ruff from 0.0.189 to 0.0.206. ([\#14759](https://github.com/matrix-org/synapse/issues/14759))
- Bump pydantic from 1.10.2 to 1.10.4. ([\#14760](https://github.com/matrix-org/synapse/issues/14760))
- Bump gitpython from 3.1.29 to 3.1.30. ([\#14761](https://github.com/matrix-org/synapse/issues/14761))
- Bump pillow from 9.3.0 to 9.4.0. ([\#14762](https://github.com/matrix-org/synapse/issues/14762))
- Bump types-requests from 2.28.11.5 to 2.28.11.7. ([\#14763](https://github.com/matrix-org/synapse/issues/14763))
- Bump dawidd6/action-download-artifact from 2.24.2 to 2.24.3. ([\#14779](https://github.com/matrix-org/synapse/issues/14779))
- Bump peaceiris/actions-gh-pages from 3.9.0 to 3.9.1. ([\#14791](https://github.com/matrix-org/synapse/issues/14791))
- Bump types-pillow from 9.3.0.4 to 9.4.0.0. ([\#14792](https://github.com/matrix-org/synapse/issues/14792))
- Bump pyopenssl from 22.1.0 to 23.0.0. ([\#14793](https://github.com/matrix-org/synapse/issues/14793))
- Bump types-setuptools from 65.6.0.2 to 65.6.0.3. ([\#14794](https://github.com/matrix-org/synapse/issues/14794))
- Bump importlib-metadata from 4.2.0 to 6.0.0. ([\#14795](https://github.com/matrix-org/synapse/issues/14795))
- Bump ruff from 0.0.206 to 0.0.215. ([\#14796](https://github.com/matrix-org/synapse/issues/14796))
</details>

Synapse 1.74.0 (2022-12-20)
===========================

Improved Documentation
----------------------

- Add release note and update documentation regarding optional ICU support in user search. ([\#14712](https://github.com/matrix-org/synapse/issues/14712))

Synapse 1.74.0rc1 (2022-12-13)
==============================

Features
--------

- Improve user search for international display names. ([\#14464](https://github.com/matrix-org/synapse/issues/14464))
- Stop using deprecated `keyIds` parameter when calling `/_matrix/key/v2/server`. ([\#14490](https://github.com/matrix-org/synapse/issues/14490), [\#14525](https://github.com/matrix-org/synapse/issues/14525))
- Add new `push.enabled` config option to allow opting out of push notification calculation. ([\#14551](https://github.com/matrix-org/synapse/issues/14551), [\#14619](https://github.com/matrix-org/synapse/issues/14619))
- Advertise support for Matrix 1.5 on `/_matrix/client/versions`. ([\#14576](https://github.com/matrix-org/synapse/issues/14576))
- Improve opentracing and logging for to-device message handling. ([\#14598](https://github.com/matrix-org/synapse/issues/14598))
- Allow selecting "prejoin" events by state keys in addition to event types. ([\#14642](https://github.com/matrix-org/synapse/issues/14642))

Bugfixes
--------

- Fix a long-standing bug where a device list update might not be sent to clients in certain circumstances. ([\#14435](https://github.com/matrix-org/synapse/issues/14435), [\#14592](https://github.com/matrix-org/synapse/issues/14592), [\#14604](https://github.com/matrix-org/synapse/issues/14604))
- Suppress a spurious warning when `POST /rooms/<room_id>/<membership>/`, `POST /join/<room_id_or_alias`, or the unspecced `PUT /join/<room_id_or_alias>/<txn_id>` receive an empty HTTP request body. ([\#14600](https://github.com/matrix-org/synapse/issues/14600))
- Return spec-compliant JSON errors when unknown endpoints are requested. ([\#14620](https://github.com/matrix-org/synapse/issues/14620), [\#14621](https://github.com/matrix-org/synapse/issues/14621))
- Update html templates to load images over HTTPS. Contributed by @ashfame. ([\#14625](https://github.com/matrix-org/synapse/issues/14625))
- Fix a long-standing bug where the user directory would return 1 more row than requested. ([\#14631](https://github.com/matrix-org/synapse/issues/14631))
- Reject invalid read receipt requests with empty room or event IDs. Contributed by Nick @ Beeper (@fizzadar). ([\#14632](https://github.com/matrix-org/synapse/issues/14632))
- Fix a bug introduced in Synapse 1.67.0 where not specifying a config file or a server URL would lead to the `register_new_matrix_user` script failing. ([\#14637](https://github.com/matrix-org/synapse/issues/14637))
- Fix a long-standing bug where the user directory and room/user stats might be out of sync. ([\#14639](https://github.com/matrix-org/synapse/issues/14639), [\#14643](https://github.com/matrix-org/synapse/issues/14643))
- Fix a bug introduced in Synapse 1.72.0 where the background updates to add non-thread unique indexes on receipts would fail if they were previously interrupted. ([\#14650](https://github.com/matrix-org/synapse/issues/14650))
- Improve validation of field size limits in events. ([\#14664](https://github.com/matrix-org/synapse/issues/14664))
- Fix bugs introduced in Synapse 1.55.0 and 1.69.0 where application services would not be notified of events in the correct rooms, due to stale caches. ([\#14670](https://github.com/matrix-org/synapse/issues/14670))

Improved Documentation
----------------------

- Update worker settings for `pusher` and `federation_sender` functionality. ([\#14493](https://github.com/matrix-org/synapse/issues/14493))
- Add links to third party package repositories, and point to the bug which highlights Ubuntu's out-of-date packages. ([\#14517](https://github.com/matrix-org/synapse/issues/14517))
- Remove old, incorrect minimum postgres version note and replace with a link to the [Dependency Deprecation Policy](https://matrix-org.github.io/synapse/v1.73/deprecation_policy.html). ([\#14590](https://github.com/matrix-org/synapse/issues/14590))
- Add Single-Sign On setup instructions for Mastodon-based instances. ([\#14594](https://github.com/matrix-org/synapse/issues/14594))
- Change `turn_allow_guests` example value to lowercase `true`. ([\#14634](https://github.com/matrix-org/synapse/issues/14634))

Internal Changes
----------------

- Optimise push badge count calculations. Contributed by Nick @ Beeper (@fizzadar). ([\#14255](https://github.com/matrix-org/synapse/issues/14255))
- Faster remote room joins: stream the un-partial-stating of rooms over replication. ([\#14473](https://github.com/matrix-org/synapse/issues/14473), [\#14474](https://github.com/matrix-org/synapse/issues/14474))
- Share the `ClientRestResource` for both workers and the main process. ([\#14528](https://github.com/matrix-org/synapse/issues/14528))
- Add `--editable` flag to `complement.sh` which uses an editable install of Synapse for faster turn-around times whilst developing iteratively. ([\#14548](https://github.com/matrix-org/synapse/issues/14548))
- Faster joins: use servers list approximation to send read receipts when in partial state instead of waiting for the full state of the room. ([\#14549](https://github.com/matrix-org/synapse/issues/14549))
- Modernize unit tests configuration related to workers. ([\#14568](https://github.com/matrix-org/synapse/issues/14568))
- Bump jsonschema from 4.17.0 to 4.17.3. ([\#14591](https://github.com/matrix-org/synapse/issues/14591))
- Fix Rust lint CI. ([\#14602](https://github.com/matrix-org/synapse/issues/14602))
- Bump JasonEtco/create-an-issue from 2.5.0 to 2.8.1. ([\#14607](https://github.com/matrix-org/synapse/issues/14607))
- Alter some unit test environment parameters to decrease time spent running tests. ([\#14610](https://github.com/matrix-org/synapse/issues/14610))
- Switch to Go recommended installation method for `gotestfmt` template in CI. ([\#14611](https://github.com/matrix-org/synapse/issues/14611))
- Bump phonenumbers from 8.13.0 to 8.13.1. ([\#14612](https://github.com/matrix-org/synapse/issues/14612))
- Bump types-setuptools from 65.5.0.3 to 65.6.0.1. ([\#14613](https://github.com/matrix-org/synapse/issues/14613))
- Bump twine from 4.0.1 to 4.0.2. ([\#14614](https://github.com/matrix-org/synapse/issues/14614))
- Bump types-requests from 2.28.11.2 to 2.28.11.5. ([\#14615](https://github.com/matrix-org/synapse/issues/14615))
- Bump cryptography from 38.0.3 to 38.0.4. ([\#14616](https://github.com/matrix-org/synapse/issues/14616))
- Remove useless cargo install with apt from Dockerfile. ([\#14636](https://github.com/matrix-org/synapse/issues/14636))
- Bump certifi from 2021.10.8 to 2022.12.7. ([\#14645](https://github.com/matrix-org/synapse/issues/14645))
- Bump flake8-bugbear from 22.10.27 to 22.12.6. ([\#14656](https://github.com/matrix-org/synapse/issues/14656))
- Bump packaging from 21.3 to 22.0. ([\#14657](https://github.com/matrix-org/synapse/issues/14657))
- Bump types-pillow from 9.3.0.1 to 9.3.0.4. ([\#14658](https://github.com/matrix-org/synapse/issues/14658))
- Bump serde from 1.0.148 to 1.0.150. ([\#14659](https://github.com/matrix-org/synapse/issues/14659))
- Bump phonenumbers from 8.13.1 to 8.13.2. ([\#14660](https://github.com/matrix-org/synapse/issues/14660))
- Bump authlib from 1.1.0 to 1.2.0. ([\#14661](https://github.com/matrix-org/synapse/issues/14661))
- Move `StateFilter` to `synapse.types`. ([\#14668](https://github.com/matrix-org/synapse/issues/14668))
- Improve type hints. ([\#14597](https://github.com/matrix-org/synapse/issues/14597), [\#14646](https://github.com/matrix-org/synapse/issues/14646), [\#14671](https://github.com/matrix-org/synapse/issues/14671))

(js)