Bump lodash from 4.17.21 to 4.17.23

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Retry verify
2026-01-28 22:00:51 +00:00 · 2026-01-26 01:37:38 +00:00 · 2026-01-24 11:55:32 -08:00 · 2026-01-24 11:47:17 -08:00 · 2026-01-24 11:35:45 -08:00
4 changed files with 27 additions and 16 deletions
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -482,14 +482,32 @@ jobs:
                      echo "==> cosign sign (key) --recursive ${REF}"
                      cosign sign --key env://COSIGN_PRIVATE_KEY --recursive "${REF}"

+                      # Retry wrapper for verification to handle registry propagation delays
+                      retry_verify() {
+                        local cmd="$1"
+                        local attempts=6
+                        local delay=5
+                        local i=1
+                        until eval "$cmd"; do
+                          if [ $i -ge $attempts ]; then
+                            echo "Verification failed after $attempts attempts"
+                            return 1
+                          fi
+                          echo "Verification not yet available. Retry $i/$attempts after ${delay}s..."
+                          sleep $delay
+                          i=$((i+1))
+                          delay=$((delay*2))
+                          # Cap the delay to avoid very long waits
+                          if [ $delay -gt 60 ]; then delay=60; fi
+                        done
+                        return 0
+                      }
+
                      echo "==> cosign verify (public key) ${REF}"
-                      cosign verify --key env://COSIGN_PUBLIC_KEY "${REF}" -o text
+                      retry_verify "cosign verify --key env://COSIGN_PUBLIC_KEY '${REF}' -o text"

                      echo "==> cosign verify (keyless policy) ${REF}"
-                      cosign verify \
-                        --certificate-oidc-issuer "${issuer}" \
-                        --certificate-identity-regexp "${id_regex}" \
-                        "${REF}" -o text
+                      retry_verify "cosign verify --certificate-oidc-issuer '${issuer}' --certificate-identity-regexp '${id_regex}' '${REF}' -o text"

                      echo "✓ Successfully signed and verified ${BASE_IMAGE}:${IMAGE_TAG}"
                    done
--- a/package-lock.json
+++ b/package-lock.json
@@ -13944,7 +13944,6 @@
            "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.32.0.tgz",
            "integrity": "sha512-whOE1HFo/qJDyX4SnXzP4N6zOWn79WhnCUY/iDR0mPfQZO8wcYE4JClzI2oZrhBnnMUCBCHZhO6VQyoBU95mZA==",
            "license": "MIT",
-            "peer": true,
            "dependencies": {
                "@rtsao/scc": "^1.1.0",
                "array-includes": "^3.1.9",
@@ -16336,9 +16335,9 @@
            }
        },
        "node_modules/lodash": {
-            "version": "4.17.21",
-            "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-            "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+            "version": "4.17.23",
+            "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
+            "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
            "license": "MIT"
        },
        "node_modules/lodash.defaults": {
--- a/server/private/routers/loginPage/upsertLoginPageBranding.ts
+++ b/server/private/routers/loginPage/upsertLoginPageBranding.ts
@@ -78,7 +78,7 @@ export async function upsertLoginPageBranding(
    next: NextFunction
 ): Promise<any> {
    try {
-        const parsedBody = bodySchema.safeParse(req.body);
+        const parsedBody = await bodySchema.safeParseAsync(req.body);
        if (!parsedBody.success) {
            return next(
                createHttpError(
--- a/server/routers/client/archiveClient.ts
+++ b/server/routers/client/archiveClient.ts
@@ -9,9 +9,6 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
-import { rebuildClientAssociationsFromClient } from "@server/lib/rebuildClientAssociations";
-import { sendTerminateClient } from "./terminate";
-import { OlmErrorCodes } from "../olm/error";

 const archiveClientSchema = z.strictObject({
    clientId: z.string().transform(Number).pipe(z.int().positive())
@@ -77,9 +74,6 @@ export async function archiveClient(
                .update(clients)
                .set({ archived: true })
                .where(eq(clients.clientId, clientId));
-
-            // Rebuild associations to clean up related data
-            await rebuildClientAssociationsFromClient(client, trx);
        });

        return response(res, {
Author	SHA1	Message	Date
dependabot[bot]	8c15855fc3	Bump lodash from 4.17.21 to 4.17.23 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-01-26 01:37:38 +00:00
Owen	37c4a7b690	Retry verify	2026-01-24 11:55:32 -08:00
Owen	b735e7c34d	Fix #2314	2026-01-24 11:47:17 -08:00
Owen	5f85c3b3b8	Remove extra rebuild command	2026-01-24 11:35:45 -08:00