Bump lodash from 4.17.21 to 4.17.23

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Retry verify
2026-01-28 22:00:51 +00:00 · 2026-01-26 01:37:38 +00:00 · 2026-01-24 11:55:32 -08:00 · 2026-01-24 11:47:17 -08:00 · 2026-01-24 11:35:45 -08:00 · 2026-01-24 11:11:25 -08:00
5 changed files with 28 additions and 39 deletions
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -482,14 +482,32 @@ jobs:
                      echo "==> cosign sign (key) --recursive ${REF}"
                      cosign sign --key env://COSIGN_PRIVATE_KEY --recursive "${REF}"

+                      # Retry wrapper for verification to handle registry propagation delays
+                      retry_verify() {
+                        local cmd="$1"
+                        local attempts=6
+                        local delay=5
+                        local i=1
+                        until eval "$cmd"; do
+                          if [ $i -ge $attempts ]; then
+                            echo "Verification failed after $attempts attempts"
+                            return 1
+                          fi
+                          echo "Verification not yet available. Retry $i/$attempts after ${delay}s..."
+                          sleep $delay
+                          i=$((i+1))
+                          delay=$((delay*2))
+                          # Cap the delay to avoid very long waits
+                          if [ $delay -gt 60 ]; then delay=60; fi
+                        done
+                        return 0
+                      }
+
                      echo "==> cosign verify (public key) ${REF}"
-                      cosign verify --key env://COSIGN_PUBLIC_KEY "${REF}" -o text
+                      retry_verify "cosign verify --key env://COSIGN_PUBLIC_KEY '${REF}' -o text"

                      echo "==> cosign verify (keyless policy) ${REF}"
-                      cosign verify \
-                        --certificate-oidc-issuer "${issuer}" \
-                        --certificate-identity-regexp "${id_regex}" \
-                        "${REF}" -o text
+                      retry_verify "cosign verify --certificate-oidc-issuer '${issuer}' --certificate-identity-regexp '${id_regex}' '${REF}' -o text"

                      echo "✓ Successfully signed and verified ${BASE_IMAGE}:${IMAGE_TAG}"
                    done
--- a/package-lock.json
+++ b/package-lock.json
@@ -13944,7 +13944,6 @@
            "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.32.0.tgz",
            "integrity": "sha512-whOE1HFo/qJDyX4SnXzP4N6zOWn79WhnCUY/iDR0mPfQZO8wcYE4JClzI2oZrhBnnMUCBCHZhO6VQyoBU95mZA==",
            "license": "MIT",
-            "peer": true,
            "dependencies": {
                "@rtsao/scc": "^1.1.0",
                "array-includes": "^3.1.9",
@@ -16336,9 +16335,9 @@
            }
        },
        "node_modules/lodash": {
-            "version": "4.17.21",
-            "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-            "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+            "version": "4.17.23",
+            "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
+            "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
            "license": "MIT"
        },
        "node_modules/lodash.defaults": {
--- a/server/private/routers/loginPage/upsertLoginPageBranding.ts
+++ b/server/private/routers/loginPage/upsertLoginPageBranding.ts
@@ -78,7 +78,7 @@ export async function upsertLoginPageBranding(
    next: NextFunction
 ): Promise<any> {
    try {
-        const parsedBody = bodySchema.safeParse(req.body);
+        const parsedBody = await bodySchema.safeParseAsync(req.body);
        if (!parsedBody.success) {
            return next(
                createHttpError(
--- a/server/routers/client/archiveClient.ts
+++ b/server/routers/client/archiveClient.ts
@@ -9,9 +9,6 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
-import { rebuildClientAssociationsFromClient } from "@server/lib/rebuildClientAssociations";
-import { sendTerminateClient } from "./terminate";
-import { OlmErrorCodes } from "../olm/error";

 const archiveClientSchema = z.strictObject({
    clientId: z.string().transform(Number).pipe(z.int().positive())
@@ -77,9 +74,6 @@ export async function archiveClient(
                .update(clients)
                .set({ archived: true })
                .where(eq(clients.clientId, clientId));
-
-            // Rebuild associations to clean up related data
-            await rebuildClientAssociationsFromClient(client, trx);
        });

        return response(res, {
--- a/server/routers/olm/archiveUserOlm.ts
+++ b/server/routers/olm/archiveUserOlm.ts
@@ -1,6 +1,6 @@
 import { NextFunction, Request, Response } from "express";
 import { db } from "@server/db";
-import { olms, clients } from "@server/db";
+import { olms } from "@server/db";
 import { eq } from "drizzle-orm";
 import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
@@ -8,9 +8,6 @@ import response from "@server/lib/response";
 import { z } from "zod";
 import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
-import { rebuildClientAssociationsFromClient } from "@server/lib/rebuildClientAssociations";
-import { sendTerminateClient } from "../client/terminate";
-import { OlmErrorCodes } from "./error";

 const paramsSchema = z
    .object({
@@ -37,26 +34,7 @@ export async function archiveUserOlm(

        const { olmId } = parsedParams.data;

-        // Archive the OLM and disconnect associated clients in a transaction
        await db.transaction(async (trx) => {
-            // Find all clients associated with this OLM
-            const associatedClients = await trx
-                .select()
-                .from(clients)
-                .where(eq(clients.olmId, olmId));
-
-            // Disconnect clients from the OLM (set olmId to null)
-            for (const client of associatedClients) {
-                await trx
-                    .update(clients)
-                    .set({ olmId: null })
-                    .where(eq(clients.clientId, client.clientId));
-
-                await rebuildClientAssociationsFromClient(client, trx);
-                await sendTerminateClient(client.clientId, OlmErrorCodes.TERMINATED_ARCHIVED, olmId);
-            }
-
-            // Archive the OLM (set archived to true)
            await trx
                .update(olms)
                .set({ archived: true })
Author	SHA1	Message	Date
dependabot[bot]	8c15855fc3	Bump lodash from 4.17.21 to 4.17.23 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-01-26 01:37:38 +00:00
Owen	37c4a7b690	Retry verify	2026-01-24 11:55:32 -08:00
Owen	b735e7c34d	Fix #2314	2026-01-24 11:47:17 -08:00
Owen	5f85c3b3b8	Remove extra rebuild command	2026-01-24 11:35:45 -08:00
miloschwartz	5d9cb9fa21	fix clear olmId from client on archive	2026-01-24 11:11:25 -08:00