versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 08:28:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

chore: ⬆️ Upgrade Bun to 1.2.7

Browse source
This commit is contained in:
Jesse Wierzbinski 2025-03-27 14:41:43 +01:00
parent ebb0f52f1e
commit 5f8c57b3e1
No known key found for this signature in database
5 changed files with 160 additions and 160 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.devcontainer/Dockerfile
View file

@ -1,5 +1,5 @@
# Bun doesn't run well on Musl but this seems to work
FROM oven/bun:1.2.5-alpine as base
FROM oven/bun:1.2.7-alpine as base
# Switch to Bash by editing /etc/passwd
RUN apk add --no-cache libstdc++ git bash curl openssh cloc && \

170
CHANGELOG.md
View file

@ -10,33 +10,33 @@ Please see [Database Changes](#database-changes) and [New Configuration](#new-co
### Federation
- [x] 🦄 Updated to [`Versia 0.5`](https://versia.pub/changelog).
- [x] 📦 Added support for new Versia features:
- [x] [**Instance Messaging Extension**](https://versia.pub/extensions/instance-messaging)
- [x] [**Shared Inboxes**](https://versia.pub/federation#inboxes)
- [x] 🔗 Changed entity URIs to be more readable (`example.org/objects/:id` → `example.org/{notes,likes,...}/:id`)
- [x] 🦄 Updated to [`Versia 0.5`](https://versia.pub/changelog).
- [x] 📦 Added support for new Versia features:
- [x] [**Instance Messaging Extension**](https://versia.pub/extensions/instance-messaging)
- [x] [**Shared Inboxes**](https://versia.pub/federation#inboxes)
- [x] 🔗 Changed entity URIs to be more readable (`example.org/objects/:id` → `example.org/{notes,likes,...}/:id`)
### API
- [x] 📲 Added [Push Notifications](https://docs.joinmastodon.org/methods/push) support.
- [x] 📖 Overhauled OpenAPI schemas to match [Mastodon API docs](https://docs.joinmastodon.org)
- [x] 👷 Improved [**Roles API**](https://server.versia.pub/api/roles) to allow for full role control (create, update, delete, assign).
- [x] ✏️ `<div>` and `<span>` tags are now allowed in Markdown.
- [x] 📲 Added [Push Notifications](https://docs.joinmastodon.org/methods/push) support.
- [x] 📖 Overhauled OpenAPI schemas to match [Mastodon API docs](https://docs.joinmastodon.org)
- [x] 👷 Improved [**Roles API**](https://server.versia.pub/api/roles) to allow for full role control (create, update, delete, assign).
- [x] ✏️ `<div>` and `<span>` tags are now allowed in Markdown.
### CLI
- [x] ⌨️ New commands!
- [x] ✨️ `cli user token` to generate API tokens.
- [x] ✨️ `cli notes recalculate` to recalculate note attributes (such as emojis). Useful after deleting and reuploading emojis with the same name.
- [x] ⌨️ New commands!
- [x] ✨️ `cli user token` to generate API tokens.
- [x] ✨️ `cli notes recalculate` to recalculate note attributes (such as emojis). Useful after deleting and reuploading emojis with the same name.
### Backend
- [x] 🚀 Upgraded Bun to `1.2.5`
- [x] 🖼️ Simplified media pipeline: this will improve S3 performance
- [ ] 📈 It is now possible to disable media proxying for your CDN (offloading considerable bandwidth to your more optimized CDN).
- [x] 👷 Outbound federation, inbox processing, data fetching and media processing are now handled by a queue system.
- [x] 🌐 An administration panel is available at `/admin/queues` to monitor and manage queues.
- [x] 🔥 Removed support for **from-source** installations, as Versia Server is designed around containerization and maintaining support was a large burden.
- [x] 🚀 Upgraded Bun to `1.2.7`
- [x] 🖼️ Simplified media pipeline: this will improve S3 performance
- [ ] 📈 It is now possible to disable media proxying for your CDN (offloading considerable bandwidth to your more optimized CDN).
- [x] 👷 Outbound federation, inbox processing, data fetching and media processing are now handled by a queue system.
- [x] 🌐 An administration panel is available at `/admin/queues` to monitor and manage queues.
- [x] 🔥 Removed support for **from-source** installations, as Versia Server is designed around containerization and maintaining support was a large burden.
## New Configuration
@ -46,16 +46,16 @@ Configuration parsing and validation has been overhauled. Unfortunately, this me
Various media-related attributes have been merged into a single `Medias` table. This will require a migration in order to preserve the old data.
Since very few instances are running `0.7.0`, we have decided to "rawdog it" instead of making a proper migration script (as that would take a ton of *unpaid* time).
Since very few instances are running `0.7.0`, we have decided to "rawdog it" instead of making a proper migration script (as that would take a ton of _unpaid_ time).
In the case that you've been running secret instances in the shadows, let us know and we'll help you out.
## Bug Fixes
- 🐛 All URIs in custom Markdown text are now correctly proxied.
- 🐛 Fixed several issues with the [ActivityPub Federation Bridge](https://github.com/versia-pub/activitypub) preventing it from operating properly.
- 🐛 Fixed incorrect content-type on some media when using S3.
- 🐛 All media content-type is now correctly fetched, instead of guessed from the file extension as before.
- 🐛 All URIs in custom Markdown text are now correctly proxied.
- 🐛 Fixed several issues with the [ActivityPub Federation Bridge](https://github.com/versia-pub/activitypub) preventing it from operating properly.
- 🐛 Fixed incorrect content-type on some media when using S3.
- 🐛 All media content-type is now correctly fetched, instead of guessed from the file extension as before.
# `0.7.0` • The Auth and APIs Update
@ -68,32 +68,32 @@ Versia Server `0.7.0` is backwards compatible with `0.6.0`. However, some new fe
## Features
- Upgraded Bun to `1.1.34`. This brings performance upgrades and better stability.
- Added support for the [ActivityPub Federation Bridge](https://github.com/versia-pub/activitypub).
- Added support for the [Sonic](https://github.com/valeriansaliou/sonic) search indexer.
- Note deletions are now federated.
- Note edits are now federated.
- Added support for [Sentry](https://sentry.io).
- Added option for more federation debug logging.
- Added [**Roles API**](https://server.versia.pub/api/roles).
- Added [**Permissions API**](https://server.versia.pub/api/roles) and enabled it for every route.
- Added [**TOS and Privacy Policy**](https://server.versia.pub/api/mastodon) endpoints.
- Added [**Challenge API**](https://server.versia.pub/api/challenges). (basically CAPTCHAS). This can be enabled/disabled by administrators. No `versia-fe` support yet.
- Added ability to refetch user data from remote instances.
- Added ability to change the `username` of a user. ([Mastodon API extension](https://server.versia.pub/api/mastodon#api-v1-accounts-update-credentials)).
- Added an endpoint to get a user by its username.
- Add OpenID Connect registration support. Admins can now disable username/password registration entirely and still allow users to sign up via OpenID Connect.
- Add option to never convert vector images to a raster format.
- Refactor logging system to be more robust and easier to use. Log files are now automatically rotated.
- Add support for HTTP proxies.
- Add support for serving Versia over a Tor hidden service.
- Add global server error handler, to properly return 500 error messages to clients.
- Sign all federation HTTP requests.
- Add JSON schema for configuration file.
- Rewrite federation stack
- Updated federation to Versia 0.4
- Implement OAuth2 token revocation
- Add new **Plugin API**
- Upgraded Bun to `1.1.34`. This brings performance upgrades and better stability.
- Added support for the [ActivityPub Federation Bridge](https://github.com/versia-pub/activitypub).
- Added support for the [Sonic](https://github.com/valeriansaliou/sonic) search indexer.
- Note deletions are now federated.
- Note edits are now federated.
- Added support for [Sentry](https://sentry.io).
- Added option for more federation debug logging.
- Added [**Roles API**](https://server.versia.pub/api/roles).
- Added [**Permissions API**](https://server.versia.pub/api/roles) and enabled it for every route.
- Added [**TOS and Privacy Policy**](https://server.versia.pub/api/mastodon) endpoints.
- Added [**Challenge API**](https://server.versia.pub/api/challenges). (basically CAPTCHAS). This can be enabled/disabled by administrators. No `versia-fe` support yet.
- Added ability to refetch user data from remote instances.
- Added ability to change the `username` of a user. ([Mastodon API extension](https://server.versia.pub/api/mastodon#api-v1-accounts-update-credentials)).
- Added an endpoint to get a user by its username.
- Add OpenID Connect registration support. Admins can now disable username/password registration entirely and still allow users to sign up via OpenID Connect.
- Add option to never convert vector images to a raster format.
- Refactor logging system to be more robust and easier to use. Log files are now automatically rotated.
- Add support for HTTP proxies.
- Add support for serving Versia over a Tor hidden service.
- Add global server error handler, to properly return 500 error messages to clients.
- Sign all federation HTTP requests.
- Add JSON schema for configuration file.
- Rewrite federation stack
- Updated federation to Versia 0.4
- Implement OAuth2 token revocation
- Add new **Plugin API**
## Plugin System
@ -105,50 +105,50 @@ A new plugin system for extending Versia Server has been added in this release!
Plugins using this framework support:
- [x] Plugin hotswapping and hotreloading
- [x] Manifest files (JSON, JSON5, JSONC supported) with metadata (JSON schema provided)
- [x] Installation by dropping a folder into the plugins/ directory
- [x] Support for plugins having their own NPM dependencies
- [x] Support for storing plugins' configuration in the main config.toml (single source of truth)
- [x] Schema-based strict config validation (plugins can specify their own schemas)
- [x] Full type-safety
- [x] Custom hooks
- [x] FFI compatibility (with `bun:ffi` or Node's FFI)
- [x] Custom API route registration or overriding or middlewaring
- [x] Automatic OpenAPI schema generation for all installed plugins
- [x] End-to-end and unit testing supported
- [x] Automatic user input validation for API routes with schemas (specify a schema for the route and the server will take care of validating everything)
- [x] Access to internal database abstractions
- [x] Support for sending raw SQL to database (type-safe!)
- [x] Plugin autoload on startup with override controls (enable/disable)
- [x] Plugin hotswapping and hotreloading
- [x] Manifest files (JSON, JSON5, JSONC supported) with metadata (JSON schema provided)
- [x] Installation by dropping a folder into the plugins/ directory
- [x] Support for plugins having their own NPM dependencies
- [x] Support for storing plugins' configuration in the main config.toml (single source of truth)
- [x] Schema-based strict config validation (plugins can specify their own schemas)
- [x] Full type-safety
- [x] Custom hooks
- [x] FFI compatibility (with `bun:ffi` or Node's FFI)
- [x] Custom API route registration or overriding or middlewaring
- [x] Automatic OpenAPI schema generation for all installed plugins
- [x] End-to-end and unit testing supported
- [x] Automatic user input validation for API routes with schemas (specify a schema for the route and the server will take care of validating everything)
- [x] Access to internal database abstractions
- [x] Support for sending raw SQL to database (type-safe!)
- [x] Plugin autoload on startup with override controls (enable/disable)
As a demonstration of the power of this system and an effort to modularize the codebase further, OpenID functionality has been moved to a plugin. This plugin is required for login.
## Bug Fixes
- Fix favouriting/unfavouriting sometimes returning negative counts.
- Non-images will now properly be uploaded to object storage.
- Make account searches case-insensitive
- Fix image decoding error when passing media through proxy.
- OpenID Connect now correctly remembers and passes `state` parameter.
- OpenID Connect will not reject some correct but weird redirect URIs.
- Markdown posts will not have invisible anchor tags anymore (this messed up accessibility).
- Reverse proxies incorrectly reporting an HTTPS request as HTTP will now be handled correctly during OpenID Connect flows.
- API Relationships will now correctly return `requested_by`.
- Make process wait for Ctrl+C to exit on error, instead of exiting immediately. This fixes some issues with Docker restarting endlessly.
- Animated media will now stay animated when uploaded.
- Some instance metadata will no longer be missing from `/api/v2/instabnce` endpoint. In fact, it will now be more complete than Mastodon's implementation.
- The Origin HTTP header will no longer be used to determine the origin of a request. This was a security issue.
- New notes will no longer incorrectly be federated to *all* remote users at once.
- Fix [Elk Client](https://elk.zone/) not being able to log in.
- Fix favouriting/unfavouriting sometimes returning negative counts.
- Non-images will now properly be uploaded to object storage.
- Make account searches case-insensitive
- Fix image decoding error when passing media through proxy.
- OpenID Connect now correctly remembers and passes `state` parameter.
- OpenID Connect will not reject some correct but weird redirect URIs.
- Markdown posts will not have invisible anchor tags anymore (this messed up accessibility).
- Reverse proxies incorrectly reporting an HTTPS request as HTTP will now be handled correctly during OpenID Connect flows.
- API Relationships will now correctly return `requested_by`.
- Make process wait for Ctrl+C to exit on error, instead of exiting immediately. This fixes some issues with Docker restarting endlessly.
- Animated media will now stay animated when uploaded.
- Some instance metadata will no longer be missing from `/api/v2/instabnce` endpoint. In fact, it will now be more complete than Mastodon's implementation.
- The Origin HTTP header will no longer be used to determine the origin of a request. This was a security issue.
- New notes will no longer incorrectly be federated to _all_ remote users at once.
- Fix [Elk Client](https://elk.zone/) not being able to log in.
## Removals
- Remove old logging system, to be replaced by a new one.
- Removed Meilisearch support, in favor of Sonic. Follow instructions in the [installation guide](https://server.versia.pub/setup/installation) to set up Sonic.
- Removed explicit Glitch-FE support. Glitch-FE will still work, but must be hosted separately like any other frontend.
- Remove old logging system, to be replaced by a new one.
- Removed Meilisearch support, in favor of Sonic. Follow instructions in the [installation guide](https://server.versia.pub/setup/installation) to set up Sonic.
- Removed explicit Glitch-FE support. Glitch-FE will still work, but must be hosted separately like any other frontend.
## Miscellaneous
- Remove Node.js from Docker build.
- Update all dependencies.
- Remove Node.js from Docker build.
- Update all dependencies.

2
Dockerfile
View file

@ -26,7 +26,7 @@ RUN bun run build
WORKDIR /temp/dist
# Copy production dependencies and source code into final image
FROM oven/bun:1.2.5-alpine
FROM oven/bun:1.2.7-alpine
# Install libstdc++ for Bun and create app directory
RUN apk add --no-cache libstdc++ && \

2
Worker.Dockerfile
View file

@ -26,7 +26,7 @@ RUN bun run build:worker
WORKDIR /temp/dist
# Copy production dependencies and source code into final image
FROM oven/bun:1.2.5-alpine
FROM oven/bun:1.2.7-alpine
# Install libstdc++ for Bun and create app directory
RUN apk add --no-cache libstdc++ && \

144
bun.lock
View file

@ -4,82 +4,82 @@
"": {
"name": "versia-server",
"dependencies": {
"@bull-board/api": "latest",
"@bull-board/hono": "latest",
"@clerc/plugin-completions": "latest",
"@clerc/plugin-friendly-error": "latest",
"@clerc/plugin-help": "latest",
"@clerc/plugin-not-found": "latest",
"@clerc/plugin-version": "latest",
"@hackmd/markdown-it-task-lists": "latest",
"@hono/prometheus": "latest",
"@hono/zod-openapi": "latest",
"@hono/zod-validator": "latest",
"@inquirer/confirm": "latest",
"@logtape/file": "latest",
"@logtape/logtape": "latest",
"@scalar/hono-api-reference": "latest",
"@sentry/bun": "latest",
"@bull-board/api": "^6.7.10",
"@bull-board/hono": "^6.7.10",
"@clerc/plugin-completions": "^0.44.0",
"@clerc/plugin-friendly-error": "^0.44.0",
"@clerc/plugin-help": "^0.44.0",
"@clerc/plugin-not-found": "^0.44.0",
"@clerc/plugin-version": "^0.44.0",
"@hackmd/markdown-it-task-lists": "^2.1.4",
"@hono/prometheus": "^1.0.1",
"@hono/zod-openapi": "0.19.2",
"@hono/zod-validator": "^0.4.3",
"@inquirer/confirm": "^5.1.8",
"@logtape/file": "^0.9.0",
"@logtape/logtape": "^0.9.0",
"@scalar/hono-api-reference": "^0.7.3",
"@sentry/bun": "^9.9.0",
"@versia/client": "workspace:*",
"@versia/federation": "latest",
"@versia/federation": "^0.2.1",
"@versia/kit": "workspace:*",
"altcha-lib": "latest",
"blurhash": "latest",
"bullmq": "latest",
"c12": "latest",
"chalk": "latest",
"clerc": "latest",
"confbox": "latest",
"drizzle-orm": "latest",
"hono": "latest",
"html-to-text": "latest",
"ioredis": "latest",
"ip-matching": "latest",
"iso-639-1": "latest",
"jose": "latest",
"linkify-html": "latest",
"linkify-string": "latest",
"linkifyjs": "latest",
"magic-regexp": "latest",
"markdown-it": "latest",
"markdown-it-anchor": "latest",
"markdown-it-container": "latest",
"markdown-it-toc-done-right": "latest",
"mime-types": "latest",
"mitata": "latest",
"oauth4webapi": "latest",
"ora": "latest",
"pg": "latest",
"qs": "latest",
"sharp": "latest",
"sonic-channel": "latest",
"string-comparison": "latest",
"stringify-entities": "latest",
"uqr": "latest",
"web-push": "latest",
"xss": "latest",
"zod": "latest",
"zod-validation-error": "latest",
"altcha-lib": "^1.2.0",
"blurhash": "^2.0.5",
"bullmq": "^5.44.4",
"c12": "^3.0.2",
"chalk": "^5.4.1",
"clerc": "^0.44.0",
"confbox": "^0.2.1",
"drizzle-orm": "^0.41.0",
"hono": "^4.7.5",
"html-to-text": "^9.0.5",
"ioredis": "^5.6.0",
"ip-matching": "^2.1.2",
"iso-639-1": "^3.1.5",
"jose": "^6.0.10",
"linkify-html": "^4.2.0",
"linkify-string": "^4.2.0",
"linkifyjs": "^4.2.0",
"magic-regexp": "^0.8.0",
"markdown-it": "^14.1.0",
"markdown-it-anchor": "^9.2.0",
"markdown-it-container": "^4.0.0",
"markdown-it-toc-done-right": "^4.2.0",
"mime-types": "^3.0.1",
"mitata": "^1.0.34",
"oauth4webapi": "^3.3.1",
"ora": "^8.2.0",
"pg": "^8.14.1",
"qs": "^6.14.0",
"sharp": "^0.33.5",
"sonic-channel": "^1.3.1",
"string-comparison": "^1.3.0",
"stringify-entities": "^4.0.4",
"uqr": "^0.1.2",
"web-push": "^3.6.7",
"xss": "^1.0.15",
"zod": "^3.24.2",
"zod-validation-error": "^3.4.0",
},
"devDependencies": {
"@biomejs/biome": "latest",
"@types/bun": "latest",
"@types/html-to-text": "latest",
"@types/markdown-it-container": "latest",
"@types/mime-types": "latest",
"@types/pg": "latest",
"@types/qs": "latest",
"@types/web-push": "latest",
"drizzle-kit": "latest",
"markdown-it-image-figures": "latest",
"markdown-it-mathjax3": "latest",
"ts-prune": "latest",
"typescript": "latest",
"vitepress": "latest",
"vitepress-plugin-tabs": "latest",
"vitepress-sidebar": "latest",
"vue": "latest",
"zod-to-json-schema": "latest",
"@biomejs/biome": "^1.9.4",
"@types/bun": "^1.2.7",
"@types/html-to-text": "^9.0.4",
"@types/markdown-it-container": "^2.0.10",
"@types/mime-types": "^2.1.4",
"@types/pg": "^8.11.11",
"@types/qs": "^6.9.18",
"@types/web-push": "^3.6.4",
"drizzle-kit": "^0.30.6",
"markdown-it-image-figures": "^2.1.1",
"markdown-it-mathjax3": "^4.3.2",
"ts-prune": "^0.10.3",
"typescript": "^5.8.2",
"vitepress": "^1.6.3",
"vitepress-plugin-tabs": "^0.6.0",
"vitepress-sidebar": "^1.31.1",
"vue": "^3.5.13",
"zod-to-json-schema": "^3.24.5",
},
"peerDependencies": {
"typescript": "^5.7.2",