New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add changelog and version bump for SecureDrop 2.8.0-rc1 #7128
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm going to approve this so we can move forward with rc1, changelog can be updated later on.
* Dependency changes: | ||
* openssl rust crate from 0.10.57 to 0.10.60 (#7083) | ||
* cryptography from 41.0.3 to 41.0.7 (#7086) | ||
* rustix rust crate from 0.38.18 to 0.38.21 (#7114) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the more important one is dba0af6, which upgraded is-terminal so that it no longer depends on rustix (which is now a dev-dep only).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
|
||
### Operations | ||
* Updated copyright strings to reference 2024 (#7099) | ||
* Removed deprecated mitigation for CVE-2019-3462 (#7053) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* Removed deprecated mitigation for CVE-2019-3462 (#7053) | |
* Removed obsolete mitigation for CVE-2019-3462 (#7053) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
* Decreased cargo audit error threshold (#7083) | ||
* Fixed hot reload functionality in dev environment (#7120) | ||
* Dependency changes: | ||
* MarkupSafe from 2.0.2 to 2.1.2 (#7006) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
MarkupSafe and jinja2 are prod dependencies that should probably be in the above section?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup, will add them for the next revision.
* jinja2 from 3.0.2 to 3.1.3 (#7107, #7109) | ||
* peewee from 3.15.0 to 3.17.1 (#7112) | ||
* diffoscope from 236 to 256 (#7125) | ||
* Updated ignored safety alerts: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this is that useful in the changelog, or just fold it into one line?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe - I think since we're having to add so many ignores lately there's value in making that explicit (either in the case where it highlights their triviality or where we silenced one that we shouldn't).
* Updated copyright strings to reference 2024 (#7099) | ||
* Removed deprecated mitigation for CVE-2019-3462 (#7053) | ||
* Improved logic for installing admin tool apt dependencies in Tails (#7088) | ||
* Added support for Tails 6 to admin tools (#7116) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you want to list the various dependency updates that went into this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could - I've defaulted to listing updates with a specific PR but an exhaustive list wouldn't be hard to generate.
* Validate the submission key,disable Journalist and Source Interfaces if a weak key is found (#7059) | ||
* Dependency changes: | ||
* Update cryptography from 41.0.1 to 41.0.3 (#6940) | ||
* Upgrade sequioa-openpgpg from 1.16.1 to 1.17.0 (#7041) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* Upgrade sequioa-openpgpg from 1.16.1 to 1.17.0 (#7041) | |
* Upgrade sequoia-openpgp from 1.16.1 to 1.17.0 (#7041) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Always finding new ways to typo sequoia.
Status
Ready for review
Description of Changes
Towards #7121
Changes proposed in this pull request:
Testing
release/2.8.0