Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add changelog and version bump for SecureDrop 2.8.0-rc1 #7128

Merged
merged 1 commit into from Mar 2, 2024
Merged

Add changelog and version bump for SecureDrop 2.8.0-rc1 #7128

merged 1 commit into from Mar 2, 2024

Conversation

zenmonkeykstop
Copy link
Contributor

Status

Ready for review

Description of Changes

Towards #7121

Changes proposed in this pull request:

  • Updates version to 2.8.0-rc1
  • Adds changelog for 2.8.0 release

Testing

  • base is release/2.8.0
  • CI is passing
  • version incremented correctly
  • changelog looks good.

@zenmonkeykstop zenmonkeykstop requested a review from a team as a code owner March 1, 2024 22:36
legoktm
legoktm approved these changes Mar 2, 2024
View reviewed changes
Copy link
Member

@legoktm legoktm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm going to approve this so we can move forward with rc1, changelog can be updated later on.

changelog.md
* Dependency changes:
* openssl rust crate from 0.10.57 to 0.10.60 (#7083)
* cryptography from 41.0.3 to 41.0.7 (#7086)
* rustix rust crate from 0.38.18 to 0.38.21 (#7114)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the more important one is dba0af6, which upgraded is-terminal so that it no longer depends on rustix (which is now a dev-dep only).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

changelog.md

### Operations
* Updated copyright strings to reference 2024 (#7099)
* Removed deprecated mitigation for CVE-2019-3462 (#7053)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Removed deprecated mitigation for CVE-2019-3462 (#7053)
* Removed obsolete mitigation for CVE-2019-3462 (#7053)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

changelog.md
* Decreased cargo audit error threshold (#7083)
* Fixed hot reload functionality in dev environment (#7120)
* Dependency changes:
* MarkupSafe from 2.0.2 to 2.1.2 (#7006)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MarkupSafe and jinja2 are prod dependencies that should probably be in the above section?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, will add them for the next revision.

changelog.md
* jinja2 from 3.0.2 to 3.1.3 (#7107, #7109)
* peewee from 3.15.0 to 3.17.1 (#7112)
* diffoscope from 236 to 256 (#7125)
* Updated ignored safety alerts:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is that useful in the changelog, or just fold it into one line?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe - I think since we're having to add so many ignores lately there's value in making that explicit (either in the case where it highlights their triviality or where we silenced one that we shouldn't).

changelog.md
* Updated copyright strings to reference 2024 (#7099)
* Removed deprecated mitigation for CVE-2019-3462 (#7053)
* Improved logic for installing admin tool apt dependencies in Tails (#7088)
* Added support for Tails 6 to admin tools (#7116)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you want to list the various dependency updates that went into this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could - I've defaulted to listing updates with a specific PR but an exhaustive list wouldn't be hard to generate.

changelog.md
* Validate the submission key,disable Journalist and Source Interfaces if a weak key is found (#7059)
* Dependency changes:
* Update cryptography from 41.0.1 to 41.0.3 (#6940)
* Upgrade sequioa-openpgpg from 1.16.1 to 1.17.0 (#7041)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Upgrade sequioa-openpgpg from 1.16.1 to 1.17.0 (#7041)
* Upgrade sequoia-openpgp from 1.16.1 to 1.17.0 (#7041)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Always finding new ways to typo sequoia.

@legoktm legoktm merged commit a095f1d into release/2.8.0 Mar 2, 2024
22 checks passed
@legoktm legoktm deleted the update-280-rc1-bump branch March 2, 2024 00:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@legoktm legoktm legoktm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@zenmonkeykstop @legoktm