Update Sourcegraph Docker images - autoclosed

[renovate]

This PR contains the following updates:

Package	Update	Change
index.docker.io/sourcegraph/frontend	minor	3.8.0 -> 3.43.2
index.docker.io/sourcegraph/github-proxy	minor	3.8.0 -> 3.43.2
index.docker.io/sourcegraph/gitserver	minor	3.8.0 -> 3.43.2
index.docker.io/sourcegraph/grafana	patch	10.0.0 -> 10.0.13
index.docker.io/sourcegraph/lang-go	digest	9b2eb14 -> 9dcf87c
index.docker.io/sourcegraph/lang-typescript	digest	b1f85d6 -> 6715520
index.docker.io/sourcegraph/lsif-server	minor	3.8.0 -> 3.14.4
index.docker.io/sourcegraph/management-console	minor	3.8.0 -> 3.11.0-rc.1
index.docker.io/sourcegraph/pod-tmp-gc	digest	594b602 -> 5ebd7c8
index.docker.io/sourcegraph/prometheus	patch	10.0.0 -> 10.0.11
index.docker.io/sourcegraph/query-runner	minor	3.8.0 -> 3.34.2
index.docker.io/sourcegraph/replacer	minor	3.8.0 -> 3.18.0
index.docker.io/sourcegraph/repo-updater	minor	3.8.0 -> 3.43.2
index.docker.io/sourcegraph/searcher	minor	3.8.0 -> 3.43.2
index.docker.io/sourcegraph/symbols	minor	3.8.0 -> 3.43.2
index.docker.io/sourcegraph/zoekt-indexserver	patch	0.0.20190915225321-2890d2b -> 0.0.20200429072931-1a9304f
index.docker.io/sourcegraph/zoekt-webserver	patch	0.0.20190915225718-2890d2b -> 0.0.20200429072931-1a9304f

---

Release Notes

sourcegraph/sourcegraph

v3.43.2

Compare Source

Fixed

• Fixed an issue causing context cancel error dumps when updating a code host config manually. #​40857
• Fixed non-critical errors stopping the repo-syncing process for Bitbucket projectKeys. #​40897
• Fixed an issue marking accounts as expired when the supplied Account ID list has no entries. #​40860

v3.43.1

Compare Source

Fixed

• Fixed an infinite render loop on the batch changes detail page, causing the page to become unusable. #​40857
• Unable to pick the correct GitLab OAuth for user authentication and repository permissions syncing when the instance configures more than one GitLab OAuth authentication providers. #​40897

v3.43.0

Compare Source

Added

• Enforce 5-changeset limit for batch changes run server-side on an unlicensed instance. #​37834
• Changesets that are not associated with any batch changes can have a retention period set using the site configuration batchChanges.changesetsRetention. #​36188
• Added experimental support for exporting traces to an OpenTelemetry collector with "observability.tracing": { "type": "opentelemetry" } #​37984
• Added ROCKSKIP_MIN_REPO_SIZE_MB to automatically use Rockskip for repositories over a certain size. #​38192
• "observability.tracing": { "urlTemplate": "..." } can now be set to configure generated trace URLs (for example those generated via &trace=1). #​39765

Changed

• IMPORTANT: Search queries with patterns surrounded by /.../ will now be interpreted as regular expressions. Existing search links or code monitors are unaffected. In the rare event where older links rely on the literal meaning of /.../, the string will be automatically quoted it in a content filter, preserving the original meaning. If you happen to use an existing older link and want /.../ to work as a regular expression, add patterntype:standard to the query. New queries and code monitors will interpret /.../ as regular expressions. #​38141.
• The password policy has been updated and is now part of the standard featureset configurable by site-admins. #​39213.
• Replaced the ALLOW_DECRYPT_MIGRATION envvar with ALLOW_DECRYPTION. See updated documentation. #​39984
• Compute-powered insight now supports only one series custom colors for compute series bars 40038

Fixed

• Fix issue during code insight creation where selecting "Run your insight over all your repositories" reset the currently selected distance between data points. #​39261
• Fix issue where symbols in the side panel did not have file level permission filtering applied correctly. #​39592

Removed

• The experimental dependencies search feature has been removed, including the repo:deps(...) search predicate and the site configuration options codeIntelLockfileIndexing.enabled and experimentalFeatures.dependenciesSearch. #​39742

v3.42.2

Compare Source

Fixed

• Fix issue with capture group insights to fail immediately if they contain invalid queries. #​39842
• Fix issue during conversion of just in time code insights to start backfilling data from the current time instead of the date the insight was created. #​39923

v3.42.1

Compare Source

Fixed

• Reverted git version to avoid an issue with commit-graph that could cause repository corruptions #​39537
• Fixed an issue with symbols where they were not respecting sub-repository permissions #​39592

v3.42.0

Compare Source

Added

• Reattached changesets now display an action and factor into the stats when previewing batch changes. #​36359
• New site configuration option "permissions.syncUsersMaxConcurrency" to control the maximum number of user-centric permissions syncing jobs could be spawned concurrently. #​37918
• Added experimental support for exporting traces to an OpenTelemetry collector with "observability.tracing": { "type": "opentelemetry" } #​37984
• Code Insights over some repos now get 12 historic data points in addition to a current daily value and future points that align with the defined interval. #​37756
• A Kustomize overlay and Helm override file to apply envoy filter for networking error caused by service mesh. #​4150 & #​148
• Resource Estimator: Ability to export the estimated results as override file for Helm and Docker Compose. #​18
• A toggle to enable/disable a beta simplified UI has been added to the user menu. This new UI is still actively in development and any changes visible with the toggle enabled may not be stable are subject to change. #​38763
• Search query inputs are now backed by the CodeMirror library instead of Monaco. Monaco can be re-enabled by setting experimentalFeatures.editor to "monaco". 38584
• Better search-based code navigation for Python using tree-sitter #​38459
• Gitserver endpoint access logs can now be enabled by adding "log": { "gitserver.accessLogs": true } to the site config. #​38798
• Code Insights supports a new type of insight—compute-powered insight, currently under the experimental feature flag: codeInsightsCompute #​37857
• Cache execution result when mounting files in a batch spec. sourcegraph/src-cli#​795
• Batch Changes changesets open on archived repositories will now move into a Read-Only state. #​26820

Changed

• Updated minimum required veresion of git to 2.35.2 in gitserver and server Docker image. This addresses a few vulnerabilities announced by GitHub.
• Search: Pasting a query with line breaks into the main search query input will now replace them with spaces instead of removing them. #​37674
• Rewrite resource estimator using the latest metrics #​37869
• Selecting a line multiple times in the file view will only add a single browser history entry #​38204
• The panels on the homepage (recent searches, etc) are now turned off by default. They can be re-enabled by setting experimentalFeatures.showEnterpriseHomePanels to true. #​38431
• Log sampling is now enabled by default for Sourcegraph components that use the new internal logging library—the first 100 identical log entries per second will always be output, but thereafter only every 100th identical message will be output. It can be configured for each service using the environment variables SRC_LOG_SAMPLING_INITIAL and SRC_LOG_SAMPLING_THEREAFTER, and if SRC_LOG_SAMPLING_INITIAL is set to 0 or -1 the sampling will be disabled entirely. #​38451
• Deprecated experimentalFeatures.enableGitServerCommandExecFilter. Setting this value has no effect on the code any longer and the code to guard against unknown commands is always enabled.
• Zoekt now runs with GOGC=25 by default, helping to reduce the memory consumption of Sourcegraph. Previously it ran with GOGC=50, but we noticed a regression when we switched to go 1.18 which contained significant changes to the go garbage collector. #​38708
• Hide Publish action when working with imported changesets. #​37882

Fixed

• Fix an issue where updating the title or body of a Bitbucket Cloud pull request opened by a batch change could fail when the pull request was not on a fork of the target repository. #​37585
• A bug where some complex repo: regexes only returned a subset of repository results. #​37925
• Fix a bug when selecting all the changesets on the Preview Batch Change Page only selected the recently loaded changesets. #​38041
• Fix a bug with bad code insights chart data points links. #​38102
• Code Insights: the commit indexer no longer errors when fetching commits from empty repositories and marks them as successfully indexed. #​39081
• The file view does not jump to the first selected line anymore when selecting multiple lines and the first selected line was out of view. #​38175
• Fixed an issue where multiple activations of the back button are required to navigate back to a previously selected line in a file #​38193
• Support timestamps with numeric timezone format from Gitlab's Webhook payload #​38250
• Fix regression in 3.41 where search-based Code Insights could have their queries wrongly parsed into regex patterns when containing quotes or parentheses. #​38400
• Fixed regression of mismatched From address when render emails. #​38589
• Fixed a bug with GitHub code hosts using "repositoryQuery":{"public"} where it wasn't respecting exclude archived. #​38839
• Fixed a bug with GitHub code hosts using repositoryQuery with custom queries, where it could potentially stall out searching for repos. #​38839
• Fixed an issue in Code Insights were duplicate points were sometimes being returned when displaying series data. #​38903
• Fix issue with Bitbucket Projects repository permissions sync regarding granting pending permissions. #​39013
• Fix issue with Bitbucket Projects repository permissions sync when BindID is username. #​39035
• Improve keyboard navigation for batch changes server-side execution flow. #​38601
• Fixed a bug with the WorkspacePreview panel glitching when it's resized. #​36470
• Handle special characters in search query when creating a batch change from search. #​38772
• Fixed bug when parsing numeric timezone offset in Gitlab webhook payload. #​38250
• Fixed setting unrestricted status on a repository when using the explicit permissions API. If the repository had never had explicit permissions before, previously this call would fail. #​39141

Removed

• The direct DataDog trace export integration has been removed. (#​37654)
• Removed the deprecated git exec forwarder. #​38092
• Browser and IDE extensions banners. #​38715

v3.41.1

Compare Source

Fixed

• Fix issue with Bitbucket Projects repository permissions sync when wrong repo IDs were used #​38637
• Fix perforce permissions interpretation for rules where there is a wildcard in the depot name #​37648

Added

• Allow directory read access for sub repo permissions #​38487

Changed

• p4-fusion version is upgraded to 1.10 #​38272

v3.41.0

Compare Source

Added

• Code Insights: Added toggle display of data series in line charts
• Code Insights: Added dashboard pills for the standalone insight page #​36341
• Extensions: Added site config parameter extensions.allowOnlySourcegraphAuthoredExtensions. When enabled only extensions authored by Sourcegraph will be able to be viewed and installed. For more information check out the docs. #​35054
• Batch Changes Credentials can now be manually validated. #​35948
• Zoekt-indexserver has a new debug landing page, /debug, which now exposes information about the queue, the list of indexed repositories, and the list of assigned repositories. Admins can reach the debug landing page by selecting Instrumentation > indexed-search-indexer from the site admin view. The debug page is linked at the top. #​346
• Extensions: Added enableExtensionsDecorationsColumnView user setting as experimental feature. When enabled decorations of the extensions supporting column decorations (currently only git-extras extension does: sourcegraph-git-extras/pull/276) will be displayed in separate columns on the blob page. #​36007
• SAML authentication provider has a new site configuration allowGroups that allows filtering users by group membership. #​36555
• A new templating variable, batch_change_link has been added for more control over where the "Created by Sourcegraph batch change ..." message appears in the published changeset description. #​491
• Batch specs can now mount local files in the Docker container when using Sourcegraph CLI. #​31790
• Code Monitoring: Notifications via Slack and generic webhooks are now enabled for everyone by default as a beta feature. #​37037
• Code Insights: Sort and limit filters have been added to capture group insights. This gives users more control over which series are displayed. #​34611
• Running batch changes server-side is now in beta! In addition to using src-cli to run batch changes locally, you can now run them server-side as well. This requires installing executors. While running server-side unlocks a new and improved UI experience, you can still use src-cli just like before.
• Code Monitoring: pings for new action types #​37288
• Better search-based code navigation for Java using tree-sitter #​34875

Changed

• Code Insights: Added warnings about adding context: and repo: filters in search query.
• Batch Changes: The credentials of the last applying user will now be used to sync changesets when available. If unavailable, then the previous behaviour of using a site or code host configuration credential is retained. #​33413
• Gitserver: we disable automatic git-gc for invocations of git-fetch to avoid corruption of repositories by competing git-gc processes. #​36274
• Commit and diff search: The hard limit of 50 repositories has been removed, and long-running searches will continue running until the timeout is hit. #​36486
• The Postgres DBs frontend and codeintel-db are now given 1 hour to begin accepting connections before Kubernetes restarts the containers. #​4136
• The internal git command forwarder has been deprecated and will be removed in 3.42 #​37320

Fixed

• Unable to send emails through Google SMTP relay with mysterious error "EOF". #​35943
• A common source of searcher evictions on kubernetes when running large structural searches. #​34828
• An issue with permissions evaluation for saved searches
• An authorization check while Redis is down will now result in an internal server error, instead of clearing a valid session from the user's cookies. #​37016

Removed

v3.40.2

Compare Source

Fixed

• Fix issue with OAuth login using a Github code host by reverting gologin dependency update #​36685
• Fix issue with single-container docker image where codeinsights-db was being incorrectly created #​36678

v3.40.1

Compare Source

Fixed

• Support expiring OAuth tokens for GitLab which became the default in version 15.0. #​36003
• Fix external service resolver erroring when webhooks not supported. #​35932

v3.40.0

Compare Source

Added

• Code Insights: Added fuzzy search filter for dashboard select drop down
• Code Insights: You can share code insights through a shareable link. #​34965
• Search: path: is now a valid filter. It is an alias for the existing file: filter. #​34947
• Search: -language is a valid filter, but the web app displays it as invalid. The web app is fixed to reflect validity. #​34949
• Search-based code intelligence now recognizes local variables in Python, Java, JavaScript, TypeScript, C/C++, C#, Go, and Ruby. #​33689
• GraphQL API: Added support for async external service deletion. This should be used to delete an external service which cannot be deleted within 75 seconds timeout due to a large number of repos. Usage: add async boolean field to deleteExternalService mutation. Example: mutation deleteExternalService(externalService: "id", async: true) { alwaysNil }
• search.largeFiles now supports recursive globs. For example, it is now possible to specify a pattern like **/*.lock to match a lock file anywhere in a repository. #​35411
• Permissions: The setRepositoryPermissionsUnrestricted mutation was added, which allows explicitly marking a repo as available to all Sourcegraph users. #​35378
• The repo:deps(...) predicate can now search through the Python dependencies of your repositories. #​32659
• Batch Changes are now supported on Bitbucket Cloud. #​24199
• Pings for server-side batch changes #​34308
• Indexed search will detect when it is misconfigured and has multiple replicas writing to the same directory. #​35513
• A new token creation callback feature that sends a token back to a trusted program automatically after the user has signed in #​35339
• The Grafana dashboard now has a global container resource usage view to help site-admin quickly identify potential scaling issues. #​34808

Changed

• Sourcegraph's docker images are now based on Alpine Linux 3.14. #​34508
• Sourcegraph is now built with Go 1.18. #​34899
• Capture group Code Insights now use the Compute streaming endpoint. #​34905
• Code Insights will now automatically generate queries with a default value of fork:no and archived:no if these fields are not specified by the user. This removes the need to manually add these fields to have consistent behavior from historical to non-historical results. #​30204
• Search Code Insights now use the Search streaming endpoint. #​35286
• Deployment: Nginx ingress controller updated to v1.2.0

Fixed

• Code Insights: Fixed line chart data series hover effect. Now the active line will be rendered on top of the others.
• Code Insights: Fixed incorrect Line Chart size calculation in FireFox
• Unverified primary emails no longer breaks the Emails-page for users and Users-page for Site Admin. #​34312
• Button to download raw file in blob page is now working correctly. #​34558
• Searches containing or expressions are now optimized to evaluate natively on the backends that support it (#​34382), and both commit and diff search have been updated to run optimized and, or, and not queries. #​34595
• Carets in textareas in Firefox are now visible. #​34888
• Changesets to GitHub code hosts could fail with a confusing, non actionable error message. #​35048
• An issue causing search expressions to not work in conjunction with type:symbol. #​35126
• A non-descriptive error message that would be returned when using on.repository if it is not a valid repository path #​35023
• Reduced database load when viewing or previewing a batch change. #​35501
• Fixed a bug where Capture Group Code Insights generated just in time only returned data for the latest repository in the list. #​35624

Removed

• The experimental API Docs feature released on our Cloud instance since 3.30.0 has been removed from the product entirely. This product functionality is being superseded by doctree. #​34798

v3.39.1

Compare Source

Fixed

• Code Insights: Fixed bug that caused line rendering issues when series data is returned out of order by date.
• Code Insights: Fixed bug that caused before and after parameters to be switched when clicking in to the diff view from an insight.
• Fixed an issue with notebooks that caused the cursor to behave erratically in markdown blocks. #​34227
• Batch Changes on docker compose installations were failing due to a missing environment variable #​813.

v3.39.0

Compare Source

Added

• Added support for LSIF upload authentication against GitLab.com on Sourcegraph Cloud. #​33254
• Add "getting started/quick start checklist for authenticated users" #​32882
• A redesigned repository page is now available under the new-repo-page feature flag. #​33319
• Pings now include notebooks usage metrics. #​30087
• Notebooks are now enabled by default. #​33706
• The Code Insights GraphQL API now accepts Search Contexts as a filter and will extract the expressions embedded the repo and -repo search query fields from the contexts to apply them as filters on the insight. #​33866
• The Code Insights commit indexer can now index commits in smaller batches. Set the number of days per batch in the site setting insights.commit.indexer.windowDuration. A value of 0 (default) will disable batching. #​33666
• Support account lockout after consecutive failed sign-in attempts for builtin authentication provider (i.e. username and password), new config options are added to the site configuration under "auth.lockout" to customize the threshold, length of lockout and consecutive periods. #​33999
• pgsql-exporter for Code Insights has been added to docker-compose and Kubernetes deployments to gather database-level metrics. #​780, #​4111
• repo:dependencies(...) predicate can now search through the Go dependencies of your repositories. #​32658
• Added a site config value defaultRateLimit to optionally configure a global default rate limit for external services.

Changed

• Code Insights: Replaced native window confirmation dialog with branded modal. #​33637
• Code Insights: Series data is now sorted by semantic version then alphabetically.
• Code Insights: Added locked insights overlays for frozen insights while in limited access mode. Restricted insight editing save change button for frozen insights. #​33062
• Code Insights: A global dashboard will now be automatically created while in limited access mode to provide consistent visibility for unlocked insights. This dashboard cannot be deleted or modified while in limited access mode. #​32992
• Update "getting started checklist for visitors" to a new design [TODO:]
• Update "getting started/quick start checklist for visitors" to a new design #​32882
• Code Insights: Capture group values are now restricted to 100 characters. #​32828
• Repositories for which gitserver's janitor job "sg maintenance" fails will eventually be re-cloned if "DisableAutoGitUpdates" is set to false (default) in site configuration. #​33432
• The Code Insights database is now based on Postgres 12, removing the dependency on TimescaleDB. #​32697

Fixed

• Fixed create insight button being erroneously disabled.
• Fixed an issue where a Warning: Sourcegraph cannot send emails! banner would appear for all users instead of just site admins (introduced in v3.38).
• Fixed reading search pattern type from settings #​32989
• Display a tooltip and truncate the title of a search result when content overflows #​32904
• Search patterns containing and and not expressions are now optimized to evaluate natively on the Zoekt backend for indexed code content and symbol search wherever possible. These kinds of queries are now typically an order of magnitude faster. Previous cases where no results were returned for expensive search expressions should now work and return results quickly. #​33308
• Fail to log extension activation event will no longer block extension from activating [#​33300][https://github.com/sourcegraph/sourcegraph/pull/33300](https://togithub.com/sourcegraph/sourcegraph/pull/33300)0]
• Fixed out-ouf-memory events for gitserver's janitor job "sg maintenance". #​33353
• Setting the publication state for changesets when previewing a batch spec now works correctly if all changesets are selected and there is more than one page of changesets. #​33619

Removed

v3.38.1

Compare Source

Fixed

• An issue introduced in 3.38 that caused alerts to not be delivered #​33398

v3.38.0

Compare Source

Added

• Added new "Getting started onboarding tour" for not authenticated users on Sourcegraph.com instead of "Search onboarding tour" #​32263
• Pings now include code host integration usage metrics #​31379
• Added PRECISE_CODE_INTEL_UPLOAD_AWS_USE_EC2_ROLE_CREDENTIALS environment variable to enable EC2 metadata API authentication to an external S3 bucket storing precise code intelligence uploads. #​31820
• LSIF upload pages now include a section listing the reasons and retention policies resulting in an upload being retained and not expired. #​30864
• Timestamps in the history panel can now be formatted as absolute timestamps by using user setting history.preferAbsoluteTimestamps
• Timestamps in the history panel can now be formatted as absolute timestamps by using user setting history.preferAbsoluteTimestamps #​31837
• Notebooks from private enterprise instances can now be embedded in external sites by enabling the enable-embed-route feature flag. #​31628
• Pings now include IDE extensions usage metrics #​32000
• New EventSource type: IDEEXTENSION for IDE extensions-related events #​32000
• Code Monitoring now has a Logs tab enabled as a beta feature. This lets you see recent runs of your code monitors and determine if any notifications were sent or if there were any errors during the run. #​32292
• Code Monitoring creation and editing now supports syntax highlighting and autocomplete on the search box. #​32536
• New repo:dependencies(...) predicate allows you to search through the dependencies of your repositories. This feature is currently in beta and only npm package repositories are supported with dependencies from package-lock.json and yarn.lock files. #​32405
• Site config has a new experimental feature called gitServerPinnedRepos that allows admins to pin specific repositories to particular gitserver instances. #​32831.
• Added Rockskip, a scalable symbol service backend for a fast symbol sidebar and search-based code intelligence on monorepos.
• Code monitor email notifications can now optionally include the content of new search results. This is disabled by default but can be enabled by editing the code monitor's email action and toggling on "Include search results in sent message". #​32097

Changed

• Searching for the pattern // with regular expression search is now interpreted literally and will search for //. Previously, the // pattern was interpreted as our regular expression syntax /<regexp>/ which would in turn be intrpreted as the empty string. Since searching for an empty string offers little practically utility, we now instead interpret // to search for its literal meaning in regular expression search. #​31520
• Timestamps in the webapp will now display local time on hover instead of UTC time #​31672
• Updated Postgres version from 12.6 to 12.7 #​31933
• Code Insights will now periodically clean up data series that are not in use. There is a 1 hour grace period where the series can be reattached to a view, after which all of the time series data and metadata will be deleted. #​32094
• Code Insights critical telemetry total count now only includes insights that are not frozen (limited by trial mode restrictions). #​32529
• The Phabricator integration with Gitolite code hosts has been deprecated, the fields have been kept to not break existing systems, but the integration does not work anymore
• The SSH library used to push Batch Change branches to code hosts has been updated to prevent issues pushing to github.com or GitHub Enterprise releases after March 15, 2022. #​32641
• Bumped the minimum supported version of Docker Compose from 1.22.0 to 1.29.0. #​32631
• Code host API rate limit configuration no longer based on code host URLs but only takes effect on each individual external services. To enforce API rate limit, please add configuration to all external services that are intended to be rate limited. #​32768

Fixed

• Viewing or previewing a batch change is now more resilient when transient network or server errors occur. #​29859
• Search: select:file and select:file.directory now properly deduplicates results. #​32469
• Security: Patch container images against CVE 2022-0778 #​32679
• When closing a batch change, draft changesets that will be closed are now also shown. #​32481

Removed

• The deprecated GraphQL field SearchResults.resultCount has been removed in favor of its replacement, matchCount. #​31573
• The deprecated site-config field UseJaeger has been removed. Use "observability.tracing": { "sampling": "all" } instead #​31294

v3.37.0

Compare Source

Added

• Code in search results is now selectable (e.g. for copying). Just clicking on the code continues to open the corresponding file as it did before. #​30033
• Search Notebooks now support importing and exporting Markdown-formatted files. #​28586
• Added standalone migrator service that can be used to run database migrations independently of an upgrade. For more detail see the standalone migrator docs and the docker-compose or kubernetes upgrade docs.

Changed

• Syntax highlighting for JSON now uses a distinct color for strings in object key positions. #​30105
• GraphQL API: The order of events returned by MonitorTriggerEventConnection has been reversed so newer events are returned first. The after parameter has been modified accordingly to return events older the one specified, to allow for pagination. 31219
• Query based search contexts are now enabled by default as a beta feature. #​30888
• The symbols sidebar loads much faster on old commits (after processing it) when scoped to a subdirectory in a big repository. #​31300

Fixed

• Links generated by editor endpoint will render image preview correctly. #​30767
• Fixed a race condition in the precise code intel upload expirer process that prematurely expired new uploads. #​30546
• Pushing changesets from Batch Changes to code hosts with self-signed TLS certificates has been fixed. #​31010
• Fixed LSIF uploads not being expired according to retention policies when the repository contained tags and branches with the same name but pointing to different commits. #​31108
• Service discovery for the symbols service can transition from no endpoints to endpoints. Previously we always returned an error after the first empty state. #​31225
• Fixed performance issue in LSIF upload processing, reducing the latency between uploading an LSIF index and accessing precise code intel in the UI. (#​30978, #​31143)
• Fixed symbols not appearing when no files changed between commits. #​31295
• Fixed symbols not appearing when too many files changed between commits. #​31110
• Fixed runaway disk usage in the symbols service. #​30647

Removed

• Removed experimentalFeature.showCodeMonitoringTestEmailButton. Test emails can still be sent by editing the code monitor and expanding the "Send email notification" section. #​29953

v3.36.3

Compare Source

Fixed

• Fix Code Monitor permissions. For more detail see our security advisory #​30547

v3.36.2

Compare Source

Removed

• The TOS consent screen which would appear for all users upon signing into Sourcegraph. We had some internal miscommunication on this onboarding flow and it didn’t turn out the way we intended, this effectively reverts that change.

v3.36.1

Compare Source

Fixed

• Fix broken 'src lsif upload' inside executor due to basic auth removal. #​30023

v3.36.0

Compare Source

Added

• Search contexts can now be defined with a restricted search query as an alternative to a specific list of repositories and revisions. This feature is beta and may change in the following releases. Allowed filters: repo, rev, file, lang, case, fork, visibility. OR, AND expressions are also allowed. To enable this feature to all users, set experimentalFeatures.searchContextsQuery to true in global settings. You'll then see a "Create context" button from the search results page and a "Query" input field in the search contexts form. If you want revisions specified in these query based search contexts to be indexed, set experimentalFeatures.search.index.query.contexts to true in site configuration. #​29327
• More explicit Terms of Service and Privacy Policy consent has been added to Sourcegraph Server. #​28716
• Batch changes will be created on forks of the upstream repository if the new batchChanges.enforceForks site setting is enabled. #​17879
• Symbolic links are now searchable. Previously it was possible to navigate to symbolic links in the repository tree view, however the symbolic links were ignored during searches. #​29567, #​237
• Maximum number of references/definitions shown in panel can be adjusted in settings with codeIntelligence.maxPanelResults. If not set, a hardcoded limit of 500 was used. #​29629
• Search notebooks are now fully persistable. You can create notebooks through the WYSIWYG editor and share them via a unique URL. We support two visibility modes: private (only the creator can view the notebook) and public (everyone can view the notebook). This feature is beta and may change in the following releases. #​27384
• Code Insights that are run over all repositories now have data points with links that lead to the search page. #​29587
• Code Insights creation UI query field now supports different syntax highlight modes based on patterntype filter. #​29733
• Code Insights creation UI query field now has live-preview button that leads to the search page with predefined query value. #​29698
• Code Insights creation UI detect and track patterns can now search across all repositories. #​29906
• Pings now contain aggregated CTA metrics. #​29966
• Pings now contain aggregated CTA metrics. #​29966 and #​31389

Changed

• Sourcegraph's API (streaming search, GraphQL, etc.) may now be used from any domain when using an access token for authentication, or with no authentication in the case of Sourcegraph.com. #​28775
• The endpoint /search/stream will be retired in favor of /.api/search/stream. This requires no action unless you have developed custom code against /search/stream. We will support both endpoints for a short period of time before removing /search/stream. Please refer to the documentation for more information.
• When displaying the content of symbolic links in the repository tree view, we will show the relative path to the link's target instead of the target's content. This behavior is consistent with how we display symbolic links in search results. #​29687
• A new janitor job, "sg maintenance" was added to gitserver. The new job replaces "garbage collect" with the goal to optimize the performance of git operations for large repositories. You can choose to enable "garbage collect" again by setting the environment variables "SRC_ENABLE_GC_AUTO" to "true" and "SRC_ENABLE_SG_MAINTENANCE" to "false" for gitserver. Note that you must not enable both options at the same time. #​28224.
• Search results across repositories are now ordered by repository rank by default. By default the rank is the number of stars a repository has. An administrator can inflate the rank of a repository via experimentalFeatures.ranking.repoScores. If you notice increased latency in results, you can disable this feature by setting experimentalFeatures.ranking.maxReorderQueueSize to 0. #​29856
• Search results within the same file are now ordered by relevance instead of line number. To order by line number, update the setting experimentalFeatures.clientSearchResultRanking: "by-line-number". #​29046
• Bumped the symbols processing timeout from 20 minutes to 2 hours and made it configurable. #​29891

Fixed

• Issue preventing searches from completing when certain patterns contain @. #​29489
• The grafana dashboard for "successful search request duration" reports the time for streaming search which is used by the browser. Previously it reported the GraphQL time which the browser no longer uses. #​29625
• A regression introduced in 3.35 causing Code Insights that are run over all repositories to not query against repositories that have permissions enabled. (Restricted repositories are and remain filtered based on user permissions when a user views a chart, not at query time.) This may cause global Insights to undercount for data points generated after upgrading to 3.35 and before upgrading to 3.36.
• Renaming repositories now removes the old indexes on Zoekt's disks. This did not affect search results, only wasted disk space. This was a regression introduced in Sourcegraph 3.33. #​29685

Removed

• Removed unused backend service from Kubernetes deployments. #​4050

v3.35.2

Compare Source

Fixed

• Fix Code Monitor permissions. For more detail see our security advisory #​30547

v3.35.1

Compare Source

⚠️ Due to issues related to Code Insights in the 3.35.0 release, users are advised to upgrade directly to 3.35.1.

Fixed

• Skipped migrations caused existing Code Insights to not appear. #​29395
• Enterprise-only out-of-band migrations failed to execute due to missing enterprise configuration flag. #​29426

v3.35.0

Compare Source

⚠️ Due to issues related to Code Insights on this release, users are advised to upgrade directly to 3.35.1.

Added

• Individual batch changes can publish multiple changesets to the same repository by specifying multiple target branches using the on.branches attribute. #​25228
• Low resource overlay a

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[guardrails]

⚠️ We detected 16 security issues in this pull request:

Mode: paranoid | Total findings: 16 | Considered vulnerability: 16

Insecure Access Control (16)

Docs	Details
💡	Title: DROP All Capabilities, Severity: Low File: configure/lang/typescript/lang-typescript.Deployment.yaml
💡	Title: DROP All Capabilities, Severity: Low File: configure/lang/go/lang-go.Deployment.yaml
💡	Title: DROP Capabilities, Severity: Low File: base/searcher/searcher.Deployment.yaml
💡	Title: DROP Capabilities, Severity: Low File: base/query-runner/query-runner.Deployment.yaml
💡	Title: DROP Capabilities, Severity: Low File: base/github-proxy/github-proxy.Deployment.yaml
💡	Title: DROP Capabilities, Severity: Low File: base/frontend/sourcegraph-frontend.Deployment.yaml
💡	Title: DROP Capabilities, Severity: Low File: base/management-console/management-console.Deployment.yaml
💡	Title: DROP Capabilities, Severity: Low File: base/repo-updater/repo-updater.Deployment.yaml
💡	Title: DROP Capabilities, Severity: Low File: base/gitserver/gitserver.StatefulSet.yaml
💡	Title: DROP Capabilities, Severity: Low File: base/symbols/symbols.Deployment.yaml
💡	Title: DROP Capabilities, Severity: Low File: base/grafana/grafana.Deployment.yaml
💡	Title: DROP Capabilities, Severity: Low File: base/replacer/replacer.Deployment.yaml
💡	Title: DROP Capabilities, Severity: Low File: base/prometheus/prometheus.Deployment.yaml
💡	Title: DROP Capabilities, Severity: Low File: base/indexed-search/indexed-search.Deployment.yaml
💡	Title: DROP Capabilities, Severity: Low File: base/lsif-server/lsif-server.Deployment.yaml
💡	Title: DROP Capabilities, Severity: Low File: configure/ssd/pod-tmp-gc.DaemonSet.yaml

More info on how to fix Insecure Access Control in Kubernetes.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.