mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 15:57:32 +00:00
next
4176 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Max Peintner
|
44651b6e8d |
docs: improve readability of idps callback (#9793)
This PR improves the readability of the difference in the IDP callback of the new V2 login compared to the legacy login. |
||
|
Rajat Singh
|
8d28e727e1 |
docs: remove unused scopes/claims (#9786)
<!-- Please inform yourself about the contribution guidelines on submitting a PR here: https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr. Take note of how PR/commit titles should be written and replace the template texts in the sections below. Don't remove any of the sections. It is important that the commit history clearly shows what is changed and why. Important: By submitting a contribution you agree to the terms from our Licensing Policy as described here: https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions. --> # Which Problems Are Solved Removed the scopes/claims that were not used. # How the Problems Are Solved Made small changes in readme that fixes it. Signed-off-by: RAJAT SINGH <rajatsingh@RAJATs-MacBook-Pro.local> Co-authored-by: RAJAT SINGH <rajatsingh@RAJATs-MacBook-Pro.local> |
||
|
Max Peintner
|
ceaa73734d |
fix(console): list of unique v2 sessions (#9778)
This PR ensures that the list of recent sessions has no duplicate entries. To ensure the sessions are unique, we create a map using the loginName property. --------- Co-authored-by: conblem <mail@conblem.me> |
||
|
Ramon
|
56e0df67d5 |
feat: Actions V2 improvements in console (#9759)
# Which Problems Are Solved This PR allows one to edit the order of Actions V2 Targets in an Execution. Editing of Targets was also added back again. # How the Problems Are Solved One of the changes is the addition of the CorrectlyTypedExecution which restricts the Grpc types a bit more to make working with them easier. Some fields may be optional in the Grpc Protobuf but in reality are always set. Typings were generally improved to make them more accurate and safer to work with. # Additional Changes Removal of the Actions V2 Feature flag as it will be enabled by default anyways. # Additional Context This pr used some advanced Angular Signals logic which is very interesting for future PR's. - Part of the tasks from #7248 --------- Co-authored-by: Max Peintner <peintnerm@gmail.com> |
||
|
Zach Hirschtritt
|
aa9ef8b49e |
fix: Auto cleanup failed Setup steps if process is killed (#9736)
# Which Problems Are Solved When running a long-running Zitadel Setup, Kubernetes might decide to move a pod to a new node automatically. Currently, this puts any migrations into a broken state that an operator needs to manually run the "cleanup" command on - assuming they catch the error. The only super long running commands are typically projection pre-fill operations, which depending on the size of the event table for that projection, can take many hours - plenty of time for Kubernetes to make unexpected decisions, especially in a busy cluster. # How the Problems Are Solved This change listens on `os.Interrupt` and `syscall.SIGTERM`, cancels the current Setup context, and runs the `Cleanup` command. The logs then look something like this: ```shell ... INFO[0000] verify migration caller="/Users/zach/src/zitadel/internal/migration/migration.go:43" name=repeatable_delete_stale_org_fields INFO[0000] starting migration caller="/Users/zach/src/zitadel/internal/migration/migration.go:66" name=repeatable_delete_stale_org_fields INFO[0000] execute delete query caller="/Users/zach/src/zitadel/cmd/setup/39.go:37" instance_id=281297936179003398 migration=repeatable_delete_stale_org_fields progress=1/1 INFO[0000] verify migration caller="/Users/zach/src/zitadel/internal/migration/migration.go:43" name=repeatable_fill_fields_for_instance_domains INFO[0000] starting migration caller="/Users/zach/src/zitadel/internal/migration/migration.go:66" name=repeatable_fill_fields_for_instance_domains ----- SIGTERM signal issued ----- INFO[0000] received interrupt signal, shutting down: interrupt caller="/Users/zach/src/zitadel/cmd/setup/setup.go:121" INFO[0000] query failed caller="/Users/zach/src/zitadel/internal/eventstore/repository/sql/query.go:135" error="timeout: context already done: context canceled" DEBU[0000] filter eventstore failed caller="/Users/zach/src/zitadel/internal/eventstore/handler/v2/field_handler.go:155" error="ID=SQL-KyeAx Message=unable to filter events Parent=(timeout: context already done: context canceled)" projection=instance_domain_fields DEBU[0000] unable to rollback tx caller="/Users/zach/src/zitadel/internal/eventstore/handler/v2/field_handler.go:110" error="sql: transaction has already been committed or rolled back" projection=instance_domain_fields INFO[0000] process events failed caller="/Users/zach/src/zitadel/internal/eventstore/handler/v2/field_handler.go:72" error="ID=SQL-KyeAx Message=unable to filter events Parent=(timeout: context already done: context canceled)" projection=instance_domain_fields DEBU[0000] trigger iteration caller="/Users/zach/src/zitadel/internal/eventstore/handler/v2/field_handler.go:73" iteration=0 projection=instance_domain_fields ERRO[0000] migration failed caller="/Users/zach/src/zitadel/internal/migration/migration.go:68" error="ID=SQL-KyeAx Message=unable to filter events Parent=(timeout: context already done: context canceled)" name=repeatable_fill_fields_for_instance_domains ERRO[0000] migration finish failed caller="/Users/zach/src/zitadel/internal/migration/migration.go:71" error="context canceled" name=repeatable_fill_fields_for_instance_domains ----- Cleanup before exiting ----- INFO[0000] cleanup started caller="/Users/zach/src/zitadel/cmd/setup/cleanup.go:30" INFO[0000] cleanup migration caller="/Users/zach/src/zitadel/cmd/setup/cleanup.go:47" name=repeatable_fill_fields_for_instance_domains ``` # Additional Changes * `mustExecuteMigration` -> `executeMigration`: **must**Execute logged a Fatal error previously which calls os.Exit so no cleanup was possible. Instead, this PR returns an error and assigns it to a shared error in the Setup closure that defer can check. * `initProjections` now returns an error instead of exiting # Additional Context This behavior might be unwelcome or at least unexpected in some cases. Putting it behind a feature flag or config setting is likely a good followup. --------- Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com> |
||
|
Tim Möhlmann
|
658ca3606b |
feat(permissions): project member permission filter (#9757)
# Which Problems Are Solved Add the possibility to filter project resources based on project member roles. # How the Problems Are Solved Extend and refactor existing Pl/PgSQL functions to implement the following: - Solve O(n) complexity in returned resources IDs by returning a boolean filter for instance level permissions. - Individually permitted orgs are returned only if there was no instance permission - Individually permitted projects are returned only if there was no instance permission - Because of the multiple filter terms, use `INNER JOIN`s instead of `WHERE` clauses. # Additional Changes - system permission function no longer query the organization view and therefore can be `immutable`, giving big performance benefits for frequently reused system users. (like our hosted login in Zitadel cloud) - The permitted org and project functions are now defined as `stable` because the don't modify on-disk data. This might give a small performance gain - The Pl/PgSQL functions are now tested using Go unit tests. # Additional Context - Depends on https://github.com/zitadel/zitadel/pull/9677 - Part of https://github.com/zitadel/zitadel/issues/9188 - Closes https://github.com/zitadel/zitadel/issues/9190 |
||
|
Livio Spring
|
618143931b |
chore(ci): fix container build (#9765)
<!-- Please inform yourself about the contribution guidelines on submitting a PR here: https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr. Take note of how PR/commit titles should be written and replace the template texts in the sections below. Don't remove any of the sections. It is important that the commit history clearly shows what is changed and why. Important: By submitting a contribution you agree to the terms from our Licensing Policy as described here: https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions. --> # Which Problems Are Solved While creating a new release, the [pipeline failed](https://github.com/zitadel/zitadel/actions/runs/14509737111/job/40705906723) as GH sunset the old actions cache service: https://github.blog/changelog/2025-03-20-notification-of-upcoming-breaking-changes-in-github-actions/#decommissioned-cache-service-brownouts # How the Problems Are Solved The `driver-opts` parameter is removed from the buildx actions to use the latest stable image. ([new cache service is used by BuildKit >= v0.20.0](https://docs.docker.com/build/ci/github-actions/cache/#cache-backend-api)) # Additional Changes Updated docker/build-push-action to v6 in a first attempt to solve the issue, but kept it as it gave some more insights (incl. build summary) # Additional Context Since the containers are only built on workflow triggers, here's the corresponding pipeline run: https://github.com/zitadel/zitadel/actions/runs/14513926232 |
||
|
Livio Spring
|
d54b483590 | fix(console): upgrade zitadel proto and client version | ||
|
Kenta Yamaguchi
|
b2bf3cccae |
chore(i18n): add IAM_LOGIN_CLIENT (#9681)
# Which Problems Are Solved
The i18n element `IAM_LOGIN_CLIENT` is missing a translation.
# How the Problems Are Solved
Added translations for `IAM_LOGIN_CLIENT` in each language.
Please note that the translations were generated using Copilot, so they
may not be entirely accurate (I'm only confident that they are correct
for English and Japanese). I appreciate any corrections or improvements.
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
(cherry picked from commit
|
||
|
Trong Huu Nguyen
|
a0c847aa10 |
fix(console): correct count for users list, show create timestamp in user details (#9705)
This pull request fixes a couple of minor issues with the user list and
details pages in Console.
# Which Problems Are Solved
1. The total count in the users list was the total number of results
returned. This made the pagination not work when there were more than
`pageSize * 2` users.
2. The user details page did not show the created timestamp when viewing
a
user.
# How the Problems Are Solved
1. The response includes the total number calculated by the backend. Use
that instead.
2. Inverse the ternary returning the creation date.
# Additional Changes
None
# Additional Context
None
---------
Co-authored-by: Thomas Krampl <thomas.siegfried.krampl@nav.no>
(cherry picked from commit
|
||
|
Tim Möhlmann
|
a2f60f2e7a |
perf(query): org permission function for resources (#9677)
# Which Problems Are Solved Classic permission checks execute for every returned row on resource based search APIs. Complete background and problem definition can be found here: https://github.com/zitadel/zitadel/issues/9188 # How the Problems Are Solved - PermissionClause function now support dynamic query building, so it supports multiple cases. - PermissionClause is applied to all list resources which support org level permissions. - Wrap permission logic into wrapper functions so we keep the business logic clean. # Additional Changes - Handle org ID optimization in the query package, so it is reusable for all resources, instead of extracting the filter in the API. - Cleanup and test system user conversion in the authz package. (context middleware) - Fix: `core_integration_db_up` make recipe was missing the postgres service. # Additional Context - Related to https://github.com/zitadel/zitadel/issues/9190 |
||
|
Kenta Yamaguchi
|
3b8a2ab811 |
chore(i18n): add IAM_LOGIN_CLIENT (#9681)
# Which Problems Are Solved The i18n element `IAM_LOGIN_CLIENT` is missing a translation. # How the Problems Are Solved Added translations for `IAM_LOGIN_CLIENT` in each language. Please note that the translations were generated using Copilot, so they may not be entirely accurate (I'm only confident that they are correct for English and Japanese). I appreciate any corrections or improvements. Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> |
||
|
Trong Huu Nguyen
|
bb59192e3e |
fix(console): correct count for users list, show create timestamp in user details (#9705)
This pull request fixes a couple of minor issues with the user list and details pages in Console. # Which Problems Are Solved 1. The total count in the users list was the total number of results returned. This made the pagination not work when there were more than `pageSize * 2` users. 2. The user details page did not show the created timestamp when viewing a user. # How the Problems Are Solved 1. The response includes the total number calculated by the backend. Use that instead. 2. Inverse the ternary returning the creation date. # Additional Changes None # Additional Context None --------- Co-authored-by: Thomas Krampl <thomas.siegfried.krampl@nav.no> |
||
|
Elio Bischof
|
88493dd2a0 |
docs: strikethrough deprecated APIs (#9740)
# Which Problems Are Solved The docs overview pages and navs don't visually distinguish between deprecated and GA APIs. This makes it hard to find the right methods for the job already. As we are implementing the resource API and continously deprecate obsolete APIs, this only gets worse. # How the Problems Are Solved The UI items in docs overview pages are striked through and pushed to the bottom of the list. This applies to side navs as well as card lists. For example, [see management user methods](https://docs-git-strikethrough-deprecated-apis-zitadel.vercel.app/docs/apis/resources/mgmt/users):  A method is considered deprecated if it has this option set in the protos rpc definition: ```protobuf option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { deprecated: true; } ``` # Additional Changes None # Additional Context - Relates to #9680 --------- Co-authored-by: David Skewis <david@zitadel.com> |
||
|
dependabot[bot]
|
4e3da63b67 |
chore(deps): bump @babel/runtime from 7.24.7 to 7.26.10 in /docs (#9575)
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.24.7 to 7.26.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/babel/babel/releases"><code>@babel/runtime</code>'s releases</a>.</em></p> <blockquote> <h2>v7.26.10 (2025-03-11)</h2> <p>Thanks <a href="https://github.com/jordan-choi"><code>@jordan-choi</code></a> and <a href="https://github.com/mmmsssttt404"><code>@mmmsssttt404</code></a> for your first PRs!</p> <p>This release includes a fix for <a href="https://github.com/babel/babel/security/advisories/GHSA-968p-4wvh-cqc8">https://github.com/babel/babel/security/advisories/GHSA-968p-4wvh-cqc8</a>, a security vulnerability which affects the <code>.replace</code> method of transpiled regular expressions that use named capturing groups.</p> <h4>👓 Spec Compliance</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17159">#17159</a> Disallow decorator in array pattern (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-parser</code>, <code>babel-template</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17164">#17164</a> Fix: always initialize ExportDeclaration attributes (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17142">#17142</a> fix: "Map maximum size exceeded" in deepClone (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-parser</code>, <code>babel-plugin-transform-typescript</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17154">#17154</a> Update typescript parser tests (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-traverse</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17151">#17151</a> fix: Should not evaluate vars in child scope (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-generator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17153">#17153</a> fix: Correctly generate <code>abstract override</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17107">#17107</a> Fix source type detection when parsing TypeScript (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-helpers</code>, <code>babel-runtime</code>, <code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17173">#17173</a> Fix processing of replacement pattern with named capture groups (<a href="https://github.com/%5Bmmmsssttt404%5D(https://github.com/mmmsssttt404)"><code>@mmmsssttt404</code></a>)</li> </ul> </li> </ul> <h4>💅 Polish</h4> <ul> <li><code>babel-standalone</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17158">#17158</a> Avoid warnings when re-bundling <code>@babel/standalone</code> with webpack (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <h4>🏠 Internal</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17160">#17160</a> Left-value parsing cleanup (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>Committers: 6</h4> <ul> <li>Babel Bot (<a href="https://github.com/babel-bot"><code>@babel-bot</code></a>)</li> <li>Huáng Jùnliàng (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> <li>Nicolò Ribaudo (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> <li>Yunyoung Jordan Choi (<a href="https://github.com/jordan-choi"><code>@jordan-choi</code></a>)</li> <li><a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a></li> <li><a href="https://github.com/mmmsssttt404"><code>@mmmsssttt404</code></a></li> </ul> <h2>v7.26.9 (2025-02-14)</h2> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17103">#17103</a> fix: Definition for <code>TSPropertySignature.kind</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-generator</code>, <code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17062">#17062</a> Print TypeScript optional/definite in ClassPrivateProperty (<a href="https://github.com/jamiebuilds-signal"><code>@jamiebuilds-signal</code></a>)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/babel/babel/blob/main/CHANGELOG.md"><code>@babel/runtime</code>'s changelog</a>.</em></p> <blockquote> <h2>v7.26.10 (2025-03-11)</h2> <h4>👓 Spec Compliance</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17159">#17159</a> Disallow decorator in array pattern (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-parser</code>, <code>babel-template</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17164">#17164</a> Fix: always initialize ExportDeclaration attributes (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17142">#17142</a> fix: "Map maximum size exceeded" in deepClone (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-parser</code>, <code>babel-plugin-transform-typescript</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17154">#17154</a> Update typescript parser tests (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-traverse</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17151">#17151</a> fix: Should not evaluate vars in child scope (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-generator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17153">#17153</a> fix: Correctly generate <code>abstract override</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17107">#17107</a> Fix source type detection when parsing TypeScript (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-helpers</code>, <code>babel-runtime</code>, <code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17173">#17173</a> Fix processing of replacement pattern with named capture groups (<a href="https://github.com/%5Bmmmsssttt404%5D(https://github.com/mmmsssttt404)"><code>@mmmsssttt404</code></a>)</li> </ul> </li> </ul> <h4>💅 Polish</h4> <ul> <li><code>babel-standalone</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17158">#17158</a> Avoid warnings when re-bundling <code>@babel/standalone</code> with webpack (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <h4>🏠 Internal</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17160">#17160</a> Left-value parsing cleanup (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h2>v7.26.9 (2025-02-14)</h2> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17103">#17103</a> fix: Definition for <code>TSPropertySignature.kind</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-generator</code>, <code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17062">#17062</a> Print TypeScript optional/definite in ClassPrivateProperty (<a href="https://github.com/jamiebuilds-signal"><code>@jamiebuilds-signal</code></a>)</li> </ul> </li> </ul> <h4>🏠 Internal</h4> <ul> <li><code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17130">#17130</a> Use <code>.ts</code> files with explicit reexports to solve name conflicts (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17127">#17127</a> Do not depend on <code>@types/gensync</code> in Babel 7 (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> </li> </ul> <h2>v7.26.7 (2025-01-24)</h2> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-helpers</code>, <code>babel-preset-env</code>, <code>babel-runtime-corejs3</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17086">#17086</a> Make "object without properties" helpers ES6-compatible (<a href="https://github.com/tquetano-netflix"><code>@tquetano-netflix</code></a>)</li> </ul> </li> <li><code>babel-plugin-transform-typeof-symbol</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17085">#17085</a> fix: Correctly handle <code>typeof</code> in arrow functions (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
f365cee732 |
chore(deps): bump @babel/helpers from 7.24.7 to 7.26.10 in /docs (#9576)
Bumps [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) from 7.24.7 to 7.26.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/babel/babel/releases"><code>@babel/helpers</code>'s releases</a>.</em></p> <blockquote> <h2>v7.26.10 (2025-03-11)</h2> <p>Thanks <a href="https://github.com/jordan-choi"><code>@jordan-choi</code></a> and <a href="https://github.com/mmmsssttt404"><code>@mmmsssttt404</code></a> for your first PRs!</p> <p>This release includes a fix for <a href="https://github.com/babel/babel/security/advisories/GHSA-968p-4wvh-cqc8">https://github.com/babel/babel/security/advisories/GHSA-968p-4wvh-cqc8</a>, a security vulnerability which affects the <code>.replace</code> method of transpiled regular expressions that use named capturing groups.</p> <h4>👓 Spec Compliance</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17159">#17159</a> Disallow decorator in array pattern (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-parser</code>, <code>babel-template</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17164">#17164</a> Fix: always initialize ExportDeclaration attributes (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17142">#17142</a> fix: "Map maximum size exceeded" in deepClone (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-parser</code>, <code>babel-plugin-transform-typescript</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17154">#17154</a> Update typescript parser tests (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-traverse</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17151">#17151</a> fix: Should not evaluate vars in child scope (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-generator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17153">#17153</a> fix: Correctly generate <code>abstract override</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17107">#17107</a> Fix source type detection when parsing TypeScript (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-helpers</code>, <code>babel-runtime</code>, <code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17173">#17173</a> Fix processing of replacement pattern with named capture groups (<a href="https://github.com/%5Bmmmsssttt404%5D(https://github.com/mmmsssttt404)"><code>@mmmsssttt404</code></a>)</li> </ul> </li> </ul> <h4>💅 Polish</h4> <ul> <li><code>babel-standalone</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17158">#17158</a> Avoid warnings when re-bundling <code>@babel/standalone</code> with webpack (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <h4>🏠 Internal</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17160">#17160</a> Left-value parsing cleanup (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>Committers: 6</h4> <ul> <li>Babel Bot (<a href="https://github.com/babel-bot"><code>@babel-bot</code></a>)</li> <li>Huáng Jùnliàng (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> <li>Nicolò Ribaudo (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> <li>Yunyoung Jordan Choi (<a href="https://github.com/jordan-choi"><code>@jordan-choi</code></a>)</li> <li><a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a></li> <li><a href="https://github.com/mmmsssttt404"><code>@mmmsssttt404</code></a></li> </ul> <h2>v7.26.9 (2025-02-14)</h2> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17103">#17103</a> fix: Definition for <code>TSPropertySignature.kind</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-generator</code>, <code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17062">#17062</a> Print TypeScript optional/definite in ClassPrivateProperty (<a href="https://github.com/jamiebuilds-signal"><code>@jamiebuilds-signal</code></a>)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/babel/babel/blob/main/CHANGELOG.md"><code>@babel/helpers</code>'s changelog</a>.</em></p> <blockquote> <h2>v7.26.10 (2025-03-11)</h2> <h4>👓 Spec Compliance</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17159">#17159</a> Disallow decorator in array pattern (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-parser</code>, <code>babel-template</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17164">#17164</a> Fix: always initialize ExportDeclaration attributes (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17142">#17142</a> fix: "Map maximum size exceeded" in deepClone (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-parser</code>, <code>babel-plugin-transform-typescript</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17154">#17154</a> Update typescript parser tests (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-traverse</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17151">#17151</a> fix: Should not evaluate vars in child scope (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-generator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17153">#17153</a> fix: Correctly generate <code>abstract override</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17107">#17107</a> Fix source type detection when parsing TypeScript (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-helpers</code>, <code>babel-runtime</code>, <code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17173">#17173</a> Fix processing of replacement pattern with named capture groups (<a href="https://github.com/%5Bmmmsssttt404%5D(https://github.com/mmmsssttt404)"><code>@mmmsssttt404</code></a>)</li> </ul> </li> </ul> <h4>💅 Polish</h4> <ul> <li><code>babel-standalone</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17158">#17158</a> Avoid warnings when re-bundling <code>@babel/standalone</code> with webpack (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <h4>🏠 Internal</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17160">#17160</a> Left-value parsing cleanup (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h2>v7.26.9 (2025-02-14)</h2> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17103">#17103</a> fix: Definition for <code>TSPropertySignature.kind</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-generator</code>, <code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17062">#17062</a> Print TypeScript optional/definite in ClassPrivateProperty (<a href="https://github.com/jamiebuilds-signal"><code>@jamiebuilds-signal</code></a>)</li> </ul> </li> </ul> <h4>🏠 Internal</h4> <ul> <li><code>babel-types</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17130">#17130</a> Use <code>.ts</code> files with explicit reexports to solve name conflicts (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17127">#17127</a> Do not depend on <code>@types/gensync</code> in Babel 7 (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> </li> </ul> <h2>v7.26.7 (2025-01-24)</h2> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-helpers</code>, <code>babel-preset-env</code>, <code>babel-runtime-corejs3</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17086">#17086</a> Make "object without properties" helpers ES6-compatible (<a href="https://github.com/tquetano-netflix"><code>@tquetano-netflix</code></a>)</li> </ul> </li> <li><code>babel-plugin-transform-typeof-symbol</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17085">#17085</a> fix: Correctly handle <code>typeof</code> in arrow functions (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Tim Möhlmann
|
efe9815105 |
chore(deps): backport go depency upgrades (#9732)
# Which Problems Are Solved Outdated dependency with a published security advisory. # How the Problems Are Solved - Backported https://github.com/zitadel/zitadel/pull/9601 - Backported https://github.com/zitadel/zitadel/pull/9614 # Additional Changes - Downgrade github.com/zitadel/saml to v0.3.3, as v0.3.4 resulted in a compilation error (breaking change). Does not influence the required upgrades for the advisory. # Additional Context Reported on https://discord.com/channels/927474939156643850/1356202194990399540 --------- Co-authored-by: Livio Spring <livio.a@gmail.com> |
||
|
Stefan Benz
|
57b08dcf10 | Merge remote-tracking branch 'origin/main' into next-rc | ||
|
Livio Spring
|
29890087ba |
fix(mirror): initialize meter to prevent panic (#9712)
# Which Problems Are Solved With the change of #9561, the `mirror` command panics as there's no metrics provider configured. # How the Problems Are Solved Correctly initialize the provider (no-op by default) for the mirror command. # Additional Changes None # Additional Context relates to #9561 -> needs backports to 2.66.x - 2.71.x and 3.0.0-rc Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> |
||
|
Livio Spring
|
0df399ac1f |
fix(login): handle requests without auth request correctly (#9713)
# Which Problems Are Solved We found some paths in the login UI, where requests without any `AuthRequest` were not handled correctly and could potentially panic. This also includes providing the `AuthRequest` as part of `ctx` object in actions V1. # How the Problems Are Solved - Check for the existance of an `AuthRequest` were needed and return an error otherwise. - Provide correct state of the `AuthRequest` for actions V1 # Additional Changes None # Additional Context - Noticed as part of a support request - requires backport to at least 2.70.x Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> |
||
|
Stefan Benz
|
8fdd58f506 |
docs: add actions v2 docs (#9652)
# Which Problems Are Solved There is no documentation yet for Actions v2 regarding the different usable types and for migrating from Actions v1 to v2. # How the Problems Are Solved Add documentation for all use-cases. # Additional Changes None # Additional Context Closes #9456 --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com> Co-authored-by: Ramon <mail@conblem.me> Co-authored-by: Elio Bischof <elio@zitadel.com> Co-authored-by: Kenta Yamaguchi <56732734+KEY60228@users.noreply.github.com> Co-authored-by: Harsha Reddy <harsha.reddy@klaviyo.com> Co-authored-by: Livio Spring <livio@zitadel.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Iraq <66622793+kkrime@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Livio Spring
|
a7a5124643 |
fix(mirror): initialize meter to prevent panic (#9712)
# Which Problems Are Solved With the change of #9561, the `mirror` command panics as there's no metrics provider configured. # How the Problems Are Solved Correctly initialize the provider (no-op by default) for the mirror command. # Additional Changes None # Additional Context relates to #9561 -> needs backports to 2.66.x - 2.71.x and 3.0.0-rc Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> |
||
|
Livio Spring
|
79a5585f91 |
fix(login): handle requests without auth request correctly (#9713)
# Which Problems Are Solved We found some paths in the login UI, where requests without any `AuthRequest` were not handled correctly and could potentially panic. This also includes providing the `AuthRequest` as part of `ctx` object in actions V1. # How the Problems Are Solved - Check for the existance of an `AuthRequest` were needed and return an error otherwise. - Provide correct state of the `AuthRequest` for actions V1 # Additional Changes None # Additional Context - Noticed as part of a support request - requires backport to at least 2.70.x Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> |
||
|
Emanuel Vintilă
|
7a5d1d67ba |
docs: fix typo in default-settings.mdx (#9719)
# Which Problems Are Solved
Typo in `default-settings.mdx`
# How the Problems Are Solved
Corrects the typo 🙂
# Additional Changes
None
# Additional Context
None
|
||
|
dependabot[bot]
|
c815ff2a35 |
chore(deps): bump image-size from 1.1.1 to 1.2.1 in /docs (#9700)
Bumps [image-size](https://github.com/image-size/image-size) from 1.1.1 to 1.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/image-size/image-size/releases">image-size's releases</a>.</em></p> <blockquote> <h2>v1.2.1</h2> <h2>Fixes</h2> <ul> <li>fix potential Denial of Service via specially crafted payloads in <a href=" |
||
|
Livio Spring
|
0f0a55ca18 |
chore!: ensure breaking change
create commit to ensure breaking change BREAKING CHANGE: breaking change for v3 |
||
|
Fabienne Bühler
|
07ce3b6905 |
chore!: Introduce ZITADEL v3 (#9645)
This PR summarizes multiple changes specifically only available with ZITADEL v3: - feat: Web Keys management (https://github.com/zitadel/zitadel/pull/9526) - fix(cmd): ensure proper working of mirror (https://github.com/zitadel/zitadel/pull/9509) - feat(Authz): system user support for permission check v2 (https://github.com/zitadel/zitadel/pull/9640) - chore(license): change from Apache to AGPL (https://github.com/zitadel/zitadel/pull/9597) - feat(console): list v2 sessions (https://github.com/zitadel/zitadel/pull/9539) - fix(console): add loginV2 feature flag (https://github.com/zitadel/zitadel/pull/9682) - fix(feature flags): allow reading "own" flags (https://github.com/zitadel/zitadel/pull/9649) - feat(console): add Actions V2 UI (https://github.com/zitadel/zitadel/pull/9591) BREAKING CHANGE - feat(webkey): migrate to v2beta API (https://github.com/zitadel/zitadel/pull/9445) - chore!: remove CockroachDB Support (https://github.com/zitadel/zitadel/pull/9444) - feat(actions): migrate to v2beta API (https://github.com/zitadel/zitadel/pull/9489) --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com> Co-authored-by: Ramon <mail@conblem.me> Co-authored-by: Elio Bischof <elio@zitadel.com> Co-authored-by: Kenta Yamaguchi <56732734+KEY60228@users.noreply.github.com> Co-authored-by: Harsha Reddy <harsha.reddy@klaviyo.com> Co-authored-by: Livio Spring <livio@zitadel.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Iraq <66622793+kkrime@users.noreply.github.com> Co-authored-by: Florian Forster <florian@zitadel.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Max Peintner <peintnerm@gmail.com> |
||
|
Elio Bischof
|
d14a23ae7e |
chore(deps): group easily mergable dependabot PRs (#9689)
# Which Problems Are Solved
Dependabot creates a PR for each individual dependency update. This is
noisy and toil.
# How the Problems Are Solved
The easily mergable updates are grouped into fewer PRs.
Major updates and security updates are not grouped, as they might need
special attention.
For the github-actions updates, also the major updates are grouped, as
we have immediate and good enough feedback from the pipeline if a new
major doesn't work.
# Additional Changes
The e2e dependencies are also auto-updated.
# Additional Context
- We aggreed on grouping the dependabot PRs in todays Scrum daily.
- I don't know how to test the config. We might just have to merge it
and look how it goes 🤷♂️
|
||
|
Livio Spring
|
4fde7822d8 |
fix(oauth): check key expiry on JWT Profile Grant
# Which Problems Are Solved
ZITADEL allows the use of JSON Web Token (JWT) Profile OAuth 2.0 for Authorization Grants in machine-to-machine (M2M) authentication. Multiple keys can be managed for a single machine account (service user), each with an individual expiry.
A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to obtain valid access tokens.
This vulnerability does not affect the use of JWT Profile for OAuth 2.0 Client Authentication on the Token and Introspection endpoints, which correctly reject expired keys.
# How the Problems Are Solved
Added proper validation of the expiry of the stored public key.
# Additional Changes
None
# Additional Context
None
(cherry picked from commit
|
||
|
Livio Spring
|
ae1e86ed9a |
fix(login): remove normalization to prevent username enumeration
# Which Problems Are Solved
The username entered by the user was resp. replaced by the stored user's username. This provided a possibility to enumerate usernames as unknown usernames were not normalized.
# How the Problems Are Solved
- Store and display the username as entered by the user.
- Removed the part where the loginname was always set to the user's loginname when retrieving the `nextSteps`
# Additional Changes
None
# Additional Context
None
(cherry picked from commit
|
||
|
Stefan Benz
|
11facd7e6f |
fix(migration): check if ldap2 already exists (#9674)
# Which Problems Are Solved
With v2.71.0 the `idp_templates6_ldap3` projection was created but never
filled, as it was a subtable. To fix this we altered the
`idp_templates6_ldap3` to `idp_templates6_ldap2` with v2.71.5.
This was unfortunately without a check that the `idp_templates_ldap2`was
already existing, which resulted in an error in the setup step.
# How the Problems Are Solved
Add check if `idp_templates6_ldap2` is already existing, before renaming
`idp_templates6_ldap3` -> `idp_templates6_ldap2`.
# Additional Changes
None
# Additional Context
Closes #9669
(cherry picked from commit
|
||
|
Livio Spring
|
315503beab | Merge commit from fork | ||
|
Livio Spring
|
14de8ecac2 | Merge commit from fork | ||
|
Stefan Benz
|
2eb187f141 |
fix(migration): check if ldap2 already exists (#9674)
# Which Problems Are Solved With v2.71.0 the `idp_templates6_ldap3` projection was created but never filled, as it was a subtable. To fix this we altered the `idp_templates6_ldap3` to `idp_templates6_ldap2` with v2.71.5. This was unfortunately without a check that the `idp_templates_ldap2`was already existing, which resulted in an error in the setup step. # How the Problems Are Solved Add check if `idp_templates6_ldap2` is already existing, before renaming `idp_templates6_ldap3` -> `idp_templates6_ldap2`. # Additional Changes None # Additional Context Closes #9669 |
||
|
Silvan
|
817670f1f7 |
perf: improve scalability of session api (#9635)
This pull request improves the scalability of the session API by enhancing middleware tracing and refining SQL query behavior for user authentication methods. # Which Problems Are Solved - Eventstore subscriptions locked each other during they wrote the events to the event channels of the subscribers in push. - `ListUserAuthMethodTypesRequired` query used `Bitmap heap scan` to join the tables needed. - The auth and oidc package triggered projections often when data were read. - The session API triggered the user projection each time a user was searched to write the user check command. # How the Problems Are Solved - the `sync.Mutex` was replaced with `sync.RWMutex` to allow parallel read of the map - The query was refactored to use index scans only - if the data should already be up-to-date `shouldTriggerBulk` is set to false - as the user should already exist for some time the trigger was removed. # Additional Changes - refactoring of `tracing#Span.End` calls # Additional Context - part of https://github.com/zitadel/zitadel/issues/9239 --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> |
||
|
dependabot[bot]
|
e68d0e456e |
chore(deps): bump axios from 1.7.4 to 1.8.3 in /e2e (#9572)
Bumps [axios](https://github.com/axios/axios) from 1.7.4 to 1.8.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>Release v1.8.3</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li>add missing type for allowAbsoluteUrls (<a href="https://redirect.github.com/axios/axios/issues/6818">#6818</a>) (<a href=" |
||
|
dependabot[bot]
|
749539a43f |
chore(deps): bump nanoid from 3.3.7 to 3.3.8 in /docs (#9057)
Bumps [nanoid](https://github.com/ai/nanoid) from 3.3.7 to 3.3.8. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ai/nanoid/blob/main/CHANGELOG.md">nanoid's changelog</a>.</em></p> <blockquote> <h2>3.3.8</h2> <ul> <li>Fixed a way to break Nano ID by passing non-integer size (by <a href="https://github.com/myndzi"><code>@myndzi</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Zach Hirschtritt
|
61ddecee31 |
fix: add prometheus metrics on projection handlers (#9561)
# Which Problems Are Solved
With current provided telemetry it's difficult to predict when a
projection handler is under increased load until it's too late and
causes downstream issues. Importantly, projection updating is in the
critical path for many login flows and increased latency there can
result in system downtime for users.
# How the Problems Are Solved
This PR adds three new prometheus-style metrics:
1. **projection_events_processed** (_labels: projection, success_) -
This metric gives us a counter of the number of events processed per
projection update run and whether they we're processed without error. A
high number of events being processed can let us know how busy a
particular projection handler is.
2. **projection_handle_timer** _(labels: projection)_ - This is the time
it takes to process a projection update given a batch of events - time
to take the current_states lock, query for new events, reduce,
update_the projection, and update current_states.
3. **projection_state_latency** _(labels: projection)_ - This is the
time from the last event processed in the current_states table for a
given projection. It tells us how old was the last event you processed?
Or, how far behind are you running for this projection? Higher latencies
could mean high load or stalled projection handling.
# Additional Changes
I also had to initialize the global otel metrics provider (`metrics.M`)
in the `setup` step additionally to `start` since projection handlers
are initialized at setup. The initialization checks if a metrics
provider is already set (in case of `start-from-setup` or
`start-from-init` to prevent overwriting, which causes the otel metrics
provider to stop working.
# Additional Context
## Example Dashboards
---------
Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
(cherry picked from commit
|
||
|
Stefan Benz
|
12b78e5a36 |
fix: rename idp_templates6_ldap3 to ldap2 if necessary (#9565)
# Which Problems Are Solved
Zitadel setup with v2.71.0 could result in errors regarding the
idp_templates6_ldap3 subtable.
# How the Problems Are Solved
Rename the subtable idp_templates6_ldap3 to idp_templates6_ldap2 if no
idp_templates6_ldap2 is existing and rename column `rootCA` to
`root_ca`.
# Additional Changes
None
# Additional Context
Related PR #9292
---------
Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
(cherry picked from commit
|
||
|
Livio Spring
|
7e4887058f |
chore(workflow): run jobs on public runners (#9643)
# Which Problems Are Solved
Build and test workflows are currently running on specific GitHub hosted
runners. These is not needed for most worklfows and just costs more.
# How the Problems Are Solved
Moved all the steps apart from integration-tests to public runners.
# Additional Changes
None
# Additional Context
None
(cherry picked from commit
|
||
|
Ramon
|
4c90e78b19 |
fix: update console deps (#9628)
# Which Problems Are Solved
Closes most of the dependabot alerts
# How the Problems Are Solved
Updating Versions as much as possible. Angular upgrade was left out on
purpose.
# Additional Changes
Some refactoring of unused code, which I stumbled upon looking at our
used deps.
(cherry picked from commit
|
||
|
Livio Spring
|
611e2f30db |
fix(actions): correctly handle api.v1.appendUserGrant (#9598)
# Which Problems Are Solved
It was not possible to use the `api.v1.appendUserGrant` function in the
`postCreation` trigger action as documented.
# How the Problems Are Solved
- Correctly initialize the javascript / Goja function
- Added `projectID` and `projectGrantID` (as documented), but kept
`projectId` and `projectGrantId` (for backwards compatibility) when
mapping the object in the `appendUserGrant` function
# Additional Changes
None
# Additional Context
- A customer reached out to support regarding this issue.
- requires back port to 2.70.x
(cherry picked from commit
|
||
|
Iraq
|
14754e8edc |
chore: updating go to 1.24 (#9507)
# Which Problems Are Solved
Updating go to 1.24
---------
Co-authored-by: Iraq Jaber <IraqJaber@gmail.com>
(cherry picked from commit
|
||
|
Livio Spring
|
c6e27183c1 |
fix: correct event type for permission removed (#9626)
# Which Problems Are Solved
When we recently changed some permission for the `SYSTEM_OWNER` role on
QA, we noticed that there we multiple `permission.added` even when we
removed specific permissions.
# How the Problems Are Solved
Fixed the event type when removing permissions.
# Additional Changes
None
# Additional Context
Noticed when rolling out some changes on QA
(cherry picked from commit
|
||
|
Livio Spring
|
7f954afab7 |
fix(console): pass verification code for phone verification (#9616)
# Which Problems Are Solved
While testing totally unrelated issues, I noticed that the phone
verification in Console didn't work anymore.
# How the Problems Are Solved
Pass the verification `code` entered by the user to the API.
# Additional Changes
None
# Additional Context
probably relates to https://github.com/zitadel/zitadel/pull/9312
(cherry picked from commit
|
||
|
Ramon
|
d869e21939 |
fix: allow native applications to use https:// on loopback redirect addresses (#9073)
# Which Problems Are Solved
- The current validation for native redirect URIs does not allow HTTPS
loopback addresses.
# How the Problems Are Solved
- Enhanced the validation logic to permit HTTPS loopback addresses,
ensuring that developers can use these addresses without encountering
validation errors.
- Updated zitadel/oidc to latest version
# Additional Context
- Closes #4091
- This pr need to be closed first in our OIDC lib:
https://github.com/zitadel/oidc/pull/691
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
(cherry picked from commit
|
||
|
Harsha Reddy
|
113a4ed817 |
fix: Make service name configurable for Metrics and Tracing (#9563)
# Which Problems Are Solved
The service name is hardcoded in the metrics code. Making the service
name to be configurable helps when running multiple instances of
Zitadel.
The defaults remain unchanged, the service name will be defaulted to
ZITADEL.
# How the Problems Are Solved
Add a config option to override the name in defaults.yaml and pass it
down to the corresponding metrics or tracing module (google or otel)
# Additional Changes
NA
# Additional Context
NA
(cherry picked from commit
|
||
|
Stefan Benz
|
3f329e8459 |
fix: milestone multiple results per instance domain instead of primary instance domain (#9564)
# Which Problems Are Solved
The milestones query returns multiple results for every milestone for
every instance domain.
# How the Problems Are Solved
Corrected where condition on milestone query.
# Additional Changes
None
# Additional Context
None
Co-authored-by: Livio Spring <livio.a@gmail.com>
(cherry picked from commit
|
||
|
Stefan Benz
|
0337a861ba |
test: correct notifications integration test with eventual consistency (#9569)
# Which Problems Are Solved
Quota notification integration test failed sometimes due to eventual
consistency issues, which resulted in calls which should have been
counted to the quota not being added. This resulted in flaky integration
tests as the expected API calls to be limited were executed normally.
# How the Problems Are Solved
As there is no API call to query the currently applied Quota, there was
a sleep added as a last effort, to give some time that the event gets
processed into the projection.
# Additional Changes
None
# Additional Context
Related to
https://github.com/zitadel/zitadel/actions/runs/13922326003/job/38959595055
Co-authored-by: Livio Spring <livio.a@gmail.com>
(cherry picked from commit
|
||
|
dependabot[bot]
|
79d1e7d434 |
chore(deps): bump axios from 1.7.4 to 1.8.3 in /e2e (#9572)
Bumps [axios](https://github.com/axios/axios) from 1.7.4 to 1.8.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>Release v1.8.3</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li>add missing type for allowAbsoluteUrls (<a href="https://redirect.github.com/axios/axios/issues/6818">#6818</a>) (<a href=" |