Famedly release v1.128.0_1 by jason-famedly · Pull Request #61 · famedly/synapse

jason-famedly · 2025-07-17T17:50:41Z

New version of Synapse

`v1.127.0_10` -> `v1.128.0_1`

No Famedly additions in this version

@erikjohnston

…ance issue. (#18074) To address a performance problem due to the foreign key on the same column. cc @erikjohnston --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>

After the [recent supply chain attack](https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup) in `tj-actions/changed-files` and actions based on it, it's become clear that relying on git tags to pin our dependencies is not enough (as tags can simply be replaced). Therefore we need to switch to hashes. Dependabot should continue to update these dependencies for us. Best reviewed commit-by-commit. Though if CI passes, we're *probably* fine.

…8251)

This PR fixes #18154 to avoid de-deltaing state groups which resulted in DB size temporarily increasing until the DB was `VACUUM`'ed. As a result, less state groups will get deleted now. It also attempts to improve performance by not duplicating work when processing state groups it has already processed in previous iterations. ### Pull Request Checklist  * [X] Pull request is based on the develop branch * [X] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [X] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Erik Johnston <erikj@element.io>

@reivilibre

As shared by @reivilibre, element-hq/synapse#18261 (comment) Relevant Poetry issue around how this should be handled by them: python-poetry/poetry#10304

This background DB delta removes the old state group deletion background update from the `background_updates` table if it exists. The `delete_unreferenced_state_groups_bg_update` update should only exist in that table if a homeserver ran v1.126.0rc1/v1.126.0rc2, and rolled back or forward to any other version of Synapse before letting the update finish. ### Pull Request Checklist  * [X] Pull request is based on the develop branch * [X] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [X] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))

This PR makes a few radical changes to media. This now stores the SHA256 hash of each file stored in the database (excluding thumbnails, more on that later). If a set of media is quarantined, any additional uploads of the same file contents or any other files with the same hash will be quarantined at the same time. Currently this does NOT: - De-duplicate media, although a future extension could be to do that. - Run any background jobs to identify the hashes of older files. This could also be a future extension, though the value of doing so is limited to combat the abuse of recent media. - Hash thumbnails. It's assumed that thumbnails are parented to some form of media, so you'd likely be wanting to quarantine the media and the thumbnail at the same time.

Riot is now known as element and Access token moved to Help & About

Bumps [actions/cache](https://github.com/actions/cache) from 4.2.2 to 4.2.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v4.2.3</h2> <h2>What's Changed</h2> <ul> <li>Update to use <code>@actions/cache</code> 4.0.3 package & prepare for new release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1577">actions/cache#1577</a> (SAS tokens for cache entries are now masked in debug logs)</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1577">actions/cache#1577</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v4.2.2...v4.2.3">https://github.com/actions/cache/compare/v4.2.2...v4.2.3</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h3>4.2.3</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.3 (obfuscates SAS token in debug logs for cache entries)</li> </ul> <h3>4.2.2</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.2</li> </ul> <h3>4.2.1</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.1</li> </ul> <h3>4.2.0</h3> <p>TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. <a href="https://github.com/actions/cache">actions/cache</a> now integrates with the new cache service (v2) APIs.</p> <p>The new service will gradually roll out as of <strong>February 1st, 2025</strong>. The legacy service will also be sunset on the same date. Changes in these release are <strong>fully backward compatible</strong>.</p> <p><strong>We are deprecating some versions of this action</strong>. We recommend upgrading to version <code>v4</code> or <code>v3</code> as soon as possible before <strong>February 1st, 2025.</strong> (Upgrade instructions below).</p> <p>If you are using pinned SHAs, please use the SHAs of versions <code>v4.2.0</code> or <code>v3.4.0</code></p> <p>If you do not upgrade, all workflow runs using any of the deprecated <a href="https://github.com/actions/cache">actions/cache</a> will fail.</p> <p>Upgrading to the recommended versions will not break your workflows.</p> <h3>4.1.2</h3> <ul> <li>Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - <a href="https://redirect.github.com/actions/cache/pull/1474">#1474</a></li> <li>Security fix: Bump braces from 3.0.2 to 3.0.3 - <a href="https://redirect.github.com/actions/cache/pull/1475">#1475</a></li> </ul> <h3>4.1.1</h3> <ul> <li>Restore original behavior of <code>cache-hit</code> output - <a href="https://redirect.github.com/actions/cache/pull/1467">#1467</a></li> </ul> <h3>4.1.0</h3> <ul> <li>Ensure <code>cache-hit</code> output is set when a cache is missed - <a href="https://redirect.github.com/actions/cache/pull/1404">#1404</a></li> <li>Deprecate <code>save-always</code> input - <a href="https://redirect.github.com/actions/cache/pull/1452">#1452</a></li> </ul> <h3>4.0.2</h3> <ul> <li>Fixed restore <code>fail-on-cache-miss</code> not working.</li> </ul> <h3>4.0.1</h3> <ul> <li>Updated <code>isGhes</code> check</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/5a3ec84eff668545956fd18022155c47e93e2684"><code>5a3ec84</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1577">#1577</a> from salmanmkc/salmanmkc/4-test</li> <li><a href="https://github.com/actions/cache/commit/7de21022a7b6824c106a9847befcbd8154b45b6a"><code>7de2102</code></a> Update releases.md</li> <li><a href="https://github.com/actions/cache/commit/76d40dd347779762a1c829bbeeda5da4d81ca8c1"><code>76d40dd</code></a> Update to use the latest version of the cache package to obfuscate the SAS</li> <li><a href="https://github.com/actions/cache/commit/76dd5eb692f606c28d4b7a4ea7cfdffc926ba06a"><code>76dd5eb</code></a> update cache with main</li> <li><a href="https://github.com/actions/cache/commit/8c80c27c5e4498d5675b05fb1eff96a56c593b06"><code>8c80c27</code></a> new package</li> <li><a href="https://github.com/actions/cache/commit/45cfd0e7fffd1869ea4d5bfb54a464d825c1f742"><code>45cfd0e</code></a> updates</li> <li><a href="https://github.com/actions/cache/commit/edd449b9cf39c2a20dc7c3d505ff6dc193c48a02"><code>edd449b</code></a> updated cache with latest changes</li> <li><a href="https://github.com/actions/cache/commit/0576707e373f92196b81695442ed3f80c347f9c7"><code>0576707</code></a> latest test before pr</li> <li><a href="https://github.com/actions/cache/commit/3105dc9754dd9cd935ffcf45c091ed2cadbf42b9"><code>3105dc9</code></a> update</li> <li><a href="https://github.com/actions/cache/commit/9450d42d15022999ad2fa60a8b91f01fc92a0563"><code>9450d42</code></a> mask</li> <li>Additional commits viewable in <a href="https://github.com/actions/cache/compare/d4323d4df104b026a6aa633fdb11d772146be0bf...5a3ec84eff668545956fd18022155c47e93e2684">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=4.2.2&new-version=4.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 8 to 9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dawidd6/action-download-artifact/releases">dawidd6/action-download-artifact's releases</a>.</em></p> <blockquote> <h2>v9</h2> <h2>What's Changed</h2> <ul> <li>add merge_multiple option by <a href="https://github.com/timostroehlein"><code>@timostroehlein</code></a> in <a href="https://redirect.github.com/dawidd6/action-download-artifact/pull/327">dawidd6/action-download-artifact#327</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/timostroehlein"><code>@timostroehlein</code></a> made their first contribution in <a href="https://redirect.github.com/dawidd6/action-download-artifact/pull/327">dawidd6/action-download-artifact#327</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dawidd6/action-download-artifact/compare/v8...v9">https://github.com/dawidd6/action-download-artifact/compare/v8...v9</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dawidd6/action-download-artifact/commit/07ab29fd4a977ae4d2b275087cf67563dfdf0295"><code>07ab29f</code></a> add merge_multiple option (<a href="https://redirect.github.com/dawidd6/action-download-artifact/issues/327">#327</a>)</li> <li>See full diff in <a href="https://github.com/dawidd6/action-download-artifact/compare/20319c5641d495c8a52e688b7dc5fada6c3a9fbc...07ab29fd4a977ae4d2b275087cf67563dfdf0295">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dawidd6/action-download-artifact&package-manager=github_actions&previous-version=8&new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [pygithub](https://github.com/pygithub/pygithub) from 2.5.0 to 2.6.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pygithub/pygithub/releases">pygithub's releases</a>.</em></p> <blockquote> <h2>v2.6.1</h2> <h3>Bug Fixes</h3> <ul> <li>Fix broken pickle support for <code>Auth</code> classes by <a href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3211">PyGithub/PyGithub#3211</a></li> <li>Remove schema from <code>Deployment</code>, remove <code>message</code> attribute by <a href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3223">PyGithub/PyGithub#3223</a></li> <li>Fix incorrect deprecated import by <a href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3225">PyGithub/PyGithub#3225</a></li> <li>Add <code>CodeSecurityConfigRepository</code> returned by <code>get_repos_for_code_security_config</code> by <a href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3219">PyGithub/PyGithub#3219</a></li> <li>Make <code>GitTag.verification</code> return <code>GitCommitVerification</code> by <a href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3226">PyGithub/PyGithub#3226</a></li> </ul> <h3>Maintenance</h3> <ul> <li>Mention removal of <code>AppAuth.private_key</code> in changelog by <a href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3212">PyGithub/PyGithub#3212</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/PyGithub/PyGithub/compare/v2.6.0...v2.6.1">https://github.com/PyGithub/PyGithub/compare/v2.6.0...v2.6.1</a></p> <h2>v2.6.0</h2> <h3>Breaking Changes</h3> <ul> <li>Rework <code>Views</code> and <code>Clones</code> by <a href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3168">PyGithub/PyGithub#3168</a>: View and clones traffic information returned by <code>Repository.get_views_traffic</code> and <code>Repository.get_clones_traffic</code> now return proper PyGithub objects, instead of a <code>dict</code>, with all information that used to be provided by the <code>dict</code>:</li> </ul> <p>Code like</p> <pre lang="python"><code>repo.get_views_traffic().["views"].timestamp repo.get_clones_traffic().["clones"].timestamp </code></pre> <p>should be replaced with</p> <pre lang="python"><code>repo.get_views_traffic().views.timestamp repo.get_clones_traffic().clones.timestamp </code></pre> <ul> <li>Fix typos by <a href="https://github.com/kianmeng"><code>@kianmeng</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3086">PyGithub/PyGithub#3086</a>: Property <code>OrganizationCustomProperty.respository_id</code> renamed to <code>OrganizationCustomProperty.repository_id</code>.</li> </ul> <h3>New Features</h3> <ul> <li>Add capability for global laziness by <a href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/2746">PyGithub/PyGithub#2746</a></li> <li>Add Support for GitHub Copilot Seat Management in Organizations by <a href="https://github.com/pashafateev"><code>@pashafateev</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3082">PyGithub/PyGithub#3082</a></li> <li>Get branches where commit is head by <a href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3083">PyGithub/PyGithub#3083</a></li> <li>Support downloading a Release Asset by <a href="https://github.com/neel-m"><code>@neel-m</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3060">PyGithub/PyGithub#3060</a></li> <li>Add <code>Repository.merge_upstream</code> method by <a href="https://github.com/Felixoid"><code>@Felixoid</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3175">PyGithub/PyGithub#3175</a></li> <li>Support updating pull request draft status by <a href="https://github.com/didot"><code>@didot</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3104">PyGithub/PyGithub#3104</a></li> <li>Add transfer ownership method to Repository by <a href="https://github.com/tanannie22"><code>@tanannie22</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3091">PyGithub/PyGithub#3091</a></li> <li>Add enable and disable a Workflow by <a href="https://github.com/nickrmcclorey"><code>@nickrmcclorey</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3088">PyGithub/PyGithub#3088</a></li> <li>Add support for managing Code Security Configrations by <a href="https://github.com/billnapier"><code>@billnapier</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3095">PyGithub/PyGithub#3095</a></li> <li>Allow for private_key / sign function in AppAuth by <a href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3065">PyGithub/PyGithub#3065</a></li> </ul> <h3>Improvements</h3> <ul> <li>Update RateLimit object with all the new categories GitHub added. by <a href="https://github.com/billnapier"><code>@billnapier</code></a> in <a href="https://redirect.github.com/PyGithub/PyGithub/pull/3096">PyGithub/PyGithub#3096</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PyGithub/PyGithub/blob/v2.6.1/doc/changes.rst">pygithub's changelog</a>.</em></p> <blockquote> <h2>Version 2.6.1 (February 21, 2025)</h2> <p>Bug Fixes ^^^^^^^^^</p> <ul> <li>Fix broken pickle support for <code>Auth</code> classes (<code>[#3211](PyGithub/PyGithub#3211) <https://github.com/PyGithub/PyGithub/pull/3211></code><em>) (<code>f975552a <https://github.com/PyGithub/PyGithub/commit/f975552a></code></em>)</li> <li>Remove schema from <code>Deployment</code>, remove <code>message</code> attribute (<code>[#3223](PyGithub/PyGithub#3223) <https://github.com/PyGithub/PyGithub/pull/3223></code><em>) (<code>d12e7d4c <https://github.com/PyGithub/PyGithub/commit/d12e7d4c></code></em>)</li> <li>Fix incorrect deprecated import (<code>[#3225](PyGithub/PyGithub#3225) <https://github.com/PyGithub/PyGithub/pull/3225></code><em>) (<code>93297440 <https://github.com/PyGithub/PyGithub/commit/93297440></code></em>)</li> <li>Add <code>CodeSecurityConfigRepository</code> returned by <code>get_repos_for_code_security_config</code> (<code>[#3219](PyGithub/PyGithub#3219) <https://github.com/PyGithub/PyGithub/pull/3219></code><em>) (<code>f997a2f6 <https://github.com/PyGithub/PyGithub/commit/f997a2f6></code></em>)</li> <li>Make <code>GitTag.verification</code> return <code>GitCommitVerification</code> (<code>[#3226](PyGithub/PyGithub#3226) <https://github.com/PyGithub/PyGithub/pull/3226></code><em>) (<code>048a1a38 <https://github.com/PyGithub/PyGithub/commit/048a1a38></code></em>)</li> </ul> <p>Maintenance ^^^^^^^^^^^</p> <ul> <li>Mention removal of <code>AppAuth.private_key</code> in changelog (<code>[#3212](PyGithub/PyGithub#3212) <https://github.com/PyGithub/PyGithub/pull/3212></code><em>) (<code>f5dc1c76 <https://github.com/PyGithub/PyGithub/commit/f5dc1c76></code></em>)</li> </ul> <h2>Version 2.6.0 (February 15, 2025)</h2> <p>Breaking Changes ^^^^^^^^^^^^^^^^</p> <ul> <li> <p>Rework <code>Views</code> and <code>Clones</code> (<code>[#3168](PyGithub/PyGithub#3168) <https://github.com/PyGithub/PyGithub/pull/3168></code><em>) (<code>f7d52249 <https://github.com/PyGithub/PyGithub/commit/f7d52249></code></em>):</p> <p>View and clones traffic information returned by <code>Repository.get_views_traffic</code> and <code>Repository.get_clones_traffic</code> now return proper PyGithub objects, instead of a <code>dict</code>, with all information that used to be provided by the <code>dict</code>:</p> </li> </ul> <p>Code like</p> <p>.. code-block:: python</p> <p>repo.get_views_traffic().["views"].timestamp repo.get_clones_traffic().["clones"].timestamp</p> <p>should be replaced with</p> <p>.. code-block:: python</p> <p>repo.get_views_traffic().views.timestamp repo.get_clones_traffic().clones.timestamp</p> <ul> <li> <p>Add <code>GitCommitVerification</code> class (<code>[#3028](PyGithub/PyGithub#3028) <https://github.com/PyGithub/PyGithub/pull/3028></code><em>) (<code>822e6d71 <https://github.com/PyGithub/PyGithub/commit/822e6d71></code></em>):</p> <p>Changes the return value of <code>GitTag.verification</code> and <code>GitCommit.verification</code> from <code>dict</code> to <code>GitCommitVerification</code>.</p> <p>Code like</p> <p>.. code-block:: python</p> <p>tag.verification["reason"] commit.verification["reason"]</p> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PyGithub/PyGithub/commit/da30d6e793ffb4fbe70383b59d2eb7026fe2d8c7"><code>da30d6e</code></a> Releasing v2.6.1 (<a href="https://redirect.github.com/pygithub/pygithub/issues/3230">#3230</a>)</li> <li><a href="https://github.com/PyGithub/PyGithub/commit/f997a2f65308fb720503c7bda24a8859dad81e03"><code>f997a2f</code></a> Add <code>CodeSecurityConfigRepository</code> returned by `get_repos_for_code_security_c...</li> <li><a href="https://github.com/PyGithub/PyGithub/commit/048a1a3837e8ff4936ee547cd516ebf91613aa73"><code>048a1a3</code></a> Make <code>GitTag.verification</code> return <code>GitCommitVerification</code> (<a href="https://redirect.github.com/pygithub/pygithub/issues/3226">#3226</a>)</li> <li><a href="https://github.com/PyGithub/PyGithub/commit/93297440ce7911b8b32203287efb223c56384faa"><code>9329744</code></a> Fix incorrect deprecated import (<a href="https://redirect.github.com/pygithub/pygithub/issues/3225">#3225</a>)</li> <li><a href="https://github.com/PyGithub/PyGithub/commit/d12e7d4cb42b7e55812dbedaabb0642a9baf6e50"><code>d12e7d4</code></a> Remove schema from <code>Deployment</code>, remove <code>message</code> attribute (<a href="https://redirect.github.com/pygithub/pygithub/issues/3223">#3223</a>)</li> <li><a href="https://github.com/PyGithub/PyGithub/commit/f975552acd0a745b717523a52730214647d3d696"><code>f975552</code></a> Fix broken pickle support for <code>Auth</code> classes (<a href="https://redirect.github.com/pygithub/pygithub/issues/3211">#3211</a>)</li> <li><a href="https://github.com/PyGithub/PyGithub/commit/f5dc1c762ff2fa7d643a62d6358983da72f66ee4"><code>f5dc1c7</code></a> Mention removal of <code>AppAuth.private_key</code> in changelog (<a href="https://redirect.github.com/pygithub/pygithub/issues/3212">#3212</a>)</li> <li><a href="https://github.com/PyGithub/PyGithub/commit/e3e07d7466b4b1b9cae5b50f1a68c7db92e5cb8f"><code>e3e07d7</code></a> Fix PyPi upload (<a href="https://redirect.github.com/pygithub/pygithub/issues/3200">#3200</a>)</li> <li><a href="https://github.com/PyGithub/PyGithub/commit/620c83994af1201860b255e04ceb7821e0d2fe2d"><code>620c839</code></a> Fix PyPi upload (<a href="https://redirect.github.com/pygithub/pygithub/issues/3199">#3199</a>)</li> <li><a href="https://github.com/PyGithub/PyGithub/commit/bf98e178547db7d4e5e4c04d9deb63ff45b135d6"><code>bf98e17</code></a> Release 2.6.0 (<a href="https://redirect.github.com/pygithub/pygithub/issues/3198">#3198</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pygithub/pygithub/compare/v2.5.0...v2.6.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pygithub&package-manager=pip&previous-version=2.5.0&new-version=2.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.2.0 to 4.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p> <blockquote> <h2>v4.2.1</h2> <h2>What's Changed</h2> <ul> <li>Add unit tests by <a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/392">actions/download-artifact#392</a></li> <li>Fix bug introduced in 4.2.0 by <a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/391">actions/download-artifact#391</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v4.2.0...v4.2.1">https://github.com/actions/download-artifact/compare/v4.2.0...v4.2.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/download-artifact/commit/95815c38cf2ff2164869cbab79da8d1f422bc89e"><code>95815c3</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/391">#391</a> from GhadimiR/main</li> <li><a href="https://github.com/actions/download-artifact/commit/278fca438a0f334c0505181835b4796f2785949b"><code>278fca4</code></a> Move log statements</li> <li><a href="https://github.com/actions/download-artifact/commit/68909842a1073010f1cf920ed7f153e2948f9c16"><code>6890984</code></a> Merge branch 'main' into main</li> <li><a href="https://github.com/actions/download-artifact/commit/f9415c0ec30f02c18e075f091cafcfe4159168d0"><code>f9415c0</code></a> Run unit tests in CI</li> <li><a href="https://github.com/actions/download-artifact/commit/76a6eb5cbca98dccb5e14c0116e53f5df13b220d"><code>76a6eb5</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/392">#392</a> from GhadimiR/add_unit_tests</li> <li><a href="https://github.com/actions/download-artifact/commit/a2426d7c4522072f4d5824c9508d7ea97107cb8e"><code>a2426d7</code></a> Merge branch 'main' into add_unit_tests</li> <li><a href="https://github.com/actions/download-artifact/commit/3ffa694f6f7e3d53f63807f78267796f57911dd4"><code>3ffa694</code></a> lint</li> <li><a href="https://github.com/actions/download-artifact/commit/53f6aa5f93b626e252398abac720a28f6eb048ed"><code>53f6aa5</code></a> Add extra assertion to download single artifact test</li> <li><a href="https://github.com/actions/download-artifact/commit/b456700053c87aa7d6b31d212292755e1e6eb923"><code>b456700</code></a> lint</li> <li><a href="https://github.com/actions/download-artifact/commit/9eab798a9885c1be58a1c4381da1109644016e98"><code>9eab798</code></a> Configure tsconfig</li> <li>Additional commits viewable in <a href="https://github.com/actions/download-artifact/compare/b14cf4c92620c250e1c074ab0a5800e37df86765...95815c38cf2ff2164869cbab79da8d1f422bc89e">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/download-artifact&package-manager=github_actions&previous-version=4.2.0&new-version=4.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Essentially document the change in behaviour in #18277 ### Pull Request Checklist  * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))

Bumps [pyo3-log](https://github.com/vorner/pyo3-log) from 0.12.1 to 0.12.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vorner/pyo3-log/blob/main/CHANGELOG.md">pyo3-log's changelog</a>.</em></p> <blockquote> <h1>0.12.2</h1> <ul> <li>Allow pyo3 0.24.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vorner/pyo3-log/commit/99ee890b2ba9cac31d5733c80df0fbe944170f2d"><code>99ee890</code></a> Release 0.12.2</li> <li><a href="https://github.com/vorner/pyo3-log/commit/d1a27f574fbf5e4c45a109a543b92c308562c007"><code>d1a27f5</code></a> Merge pull request <a href="https://redirect.github.com/vorner/pyo3-log/issues/61">#61</a> from gi0baro/pyo3-024</li> <li><a href="https://github.com/vorner/pyo3-log/commit/66fd9498c34cde58a7b4bf67abaac1e515768d89"><code>66fd949</code></a> Allow PyO3 0.24</li> <li>See full diff in <a href="https://github.com/vorner/pyo3-log/compare/v0.12.1...v0.12.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyo3-log&package-manager=cargo&previous-version=0.12.1&new-version=0.12.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.4.0 to 5.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-python/releases">actions/setup-python's releases</a>.</em></p> <blockquote> <h2>v5.5.0</h2> <h2>What's Changed</h2> <h3>Enhancements:</h3> <ul> <li>Support free threaded Python versions like '3.13t' by <a href="https://github.com/colesbury"><code>@colesbury</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/973">actions/setup-python#973</a></li> <li>Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade <code>@action/cache</code> from 4.0.0 to 4.0.3 by <a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1056">actions/setup-python#1056</a></li> <li>Add support for .tool-versions file in setup-python by <a href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1043">actions/setup-python#1043</a></li> </ul> <h3>Bug fixes:</h3> <ul> <li>Fix architecture for pypy on Linux ARM64 by <a href="https://github.com/mayeut"><code>@mayeut</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1011">actions/setup-python#1011</a> This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.</li> </ul> <h3>Dependency updates:</h3> <ul> <li>Upgrade <code>@vercel/ncc</code> from 0.38.1 to 0.38.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1016">actions/setup-python#1016</a></li> <li>Upgrade <code>@actions/glob</code> from 0.4.0 to 0.5.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1015">actions/setup-python#1015</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/colesbury"><code>@colesbury</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/973">actions/setup-python#973</a></li> <li><a href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/1043">actions/setup-python#1043</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-python/compare/v5...v5.5.0">https://github.com/actions/setup-python/compare/v5...v5.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-python/commit/8d9ed9ac5c53483de85588cdf95a591a75ab9f55"><code>8d9ed9a</code></a> Add e2e Testing for free threaded and Bump <code>@action/cache</code> from 4.0.0 to 4.0.3 ...</li> <li><a href="https://github.com/actions/setup-python/commit/19e4675e06535f6b54e894da5c1f044400bb4996"><code>19e4675</code></a> Add support for .tool-versions file in setup-python (<a href="https://redirect.github.com/actions/setup-python/issues/1043">#1043</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/6fd11e170a18f6ae448d1080a4a63cc987aed84c"><code>6fd11e1</code></a> Bump <code>@actions/glob</code> from 0.4.0 to 0.5.0 (<a href="https://redirect.github.com/actions/setup-python/issues/1015">#1015</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/9e62be81b28222addecf85e47571213eb7680449"><code>9e62be8</code></a> Support free threaded Python versions like '3.13t' (<a href="https://redirect.github.com/actions/setup-python/issues/973">#973</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/6ca8e8598faa206f7140a65ba31b899bebe16f58"><code>6ca8e85</code></a> Bump <code>@vercel/ncc</code> from 0.38.1 to 0.38.3 (<a href="https://redirect.github.com/actions/setup-python/issues/1016">#1016</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/8039c45ed9a312fba91f3399cd0605ba2ebfe93c"><code>8039c45</code></a> fix: install PyPy on Linux ARM64 (<a href="https://redirect.github.com/actions/setup-python/issues/1011">#1011</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-python/compare/42375524e23c412d93fb67b49958b491fce71c38...8d9ed9ac5c53483de85588cdf95a591a75ab9f55">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=5.4.0&new-version=5.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Use targeted COPY commands instead of rsync to avoid having a symlinked /lib as the destination of a COPY (which buildkit does not support). ### Pull Request Checklist  * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))

Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.5 to 3.1.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/releases">jinja2's releases</a>.</em></p> <blockquote> <h2>3.1.6</h2> <p>This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.</p> <p>PyPI: <a href="https://pypi.org/project/Jinja2/3.1.6/">https://pypi.org/project/Jinja2/3.1.6/</a> Changes: <a href="https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6">https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6</a></p> <ul> <li>The <code>|attr</code> filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. <a href="https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7">https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/blob/main/CHANGES.rst">jinja2's changelog</a>.</em></p> <blockquote> <h2>Version 3.1.6</h2> <p>Released 2025-03-05</p> <ul> <li>The <code>|attr</code> filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:<code>cpwx-vrp4-4pq7</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679"><code>1520688</code></a> release version 3.1.6</li> <li><a href="https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403"><code>90457bb</code></a> Merge commit from fork</li> <li><a href="https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7"><code>065334d</code></a> attr filter uses env.getattr</li> <li><a href="https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145"><code>033c200</code></a> start version 3.1.6</li> <li><a href="https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35"><code>bc68d4e</code></a> use global contributing guide (<a href="https://redirect.github.com/pallets/jinja/issues/2070">#2070</a>)</li> <li><a href="https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486"><code>247de5e</code></a> use global contributing guide</li> <li><a href="https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f"><code>ab8218c</code></a> use project advisory link instead of global</li> <li><a href="https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2"><code>b4ffc8f</code></a> release version 3.1.5 (<a href="https://redirect.github.com/pallets/jinja/issues/2066">#2066</a>)</li> <li>See full diff in <a href="https://github.com/pallets/jinja/compare/3.1.5...3.1.6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jinja2&package-manager=pip&previous-version=3.1.5&new-version=3.1.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/element-hq/synapse/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…023f to 280af8ae1f83a494cfad2cb10f02f6d13529caa9 (#18303) Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from f5473ace9aeee8b97717b281e26980aa5097023f to 280af8ae1f83a494cfad2cb10f02f6d13529caa9. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/add-to-project/commit/280af8ae1f83a494cfad2cb10f02f6d13529caa9"><code>280af8a</code></a> Merge pull request <a href="https://redirect.github.com/actions/add-to-project/issues/688">#688</a> from actions/dependabot/npm_and_yarn/vercel/ncc-0.38.3</li> <li><a href="https://github.com/actions/add-to-project/commit/a5abfebda95cd4d848045f39facb11fc18e3391d"><code>a5abfeb</code></a> Update licensed cache and dist/ directory</li> <li><a href="https://github.com/actions/add-to-project/commit/f30c2e67f81007061987663b4a219fe3cf01464f"><code>f30c2e6</code></a> Bump <code>@vercel/ncc</code> from 0.38.1 to 0.38.3</li> <li><a href="https://github.com/actions/add-to-project/commit/81dd5ce97fc1878d6145108c0bf9330ff48f1230"><code>81dd5ce</code></a> Merge pull request <a href="https://redirect.github.com/actions/add-to-project/issues/687">#687</a> from actions/dependabot/npm_and_yarn/types/jest-29.5.14</li> <li><a href="https://github.com/actions/add-to-project/commit/122a80374266a5293832675e27cd679978f9f4ff"><code>122a803</code></a> Bump <code>@types/jest</code> from 29.5.12 to 29.5.14</li> <li><a href="https://github.com/actions/add-to-project/commit/29c72ac92445aa8e7a5e6b1643cca32d78dbeea0"><code>29c72ac</code></a> Merge pull request <a href="https://redirect.github.com/actions/add-to-project/issues/686">#686</a> from actions/dependabot/npm_and_yarn/types/node-22.13.14</li> <li><a href="https://github.com/actions/add-to-project/commit/46316d9a20b27daa0bd6399be0faa3490859cc18"><code>46316d9</code></a> Bump <code>@types/node</code> from 16.18.101 to 22.13.14</li> <li><a href="https://github.com/actions/add-to-project/commit/95df5ae4dbb6c1e60f2bcfa3459d2d5cbf98c6da"><code>95df5ae</code></a> Merge pull request <a href="https://redirect.github.com/actions/add-to-project/issues/685">#685</a> from actions/dependabot/npm_and_yarn/eslint-plugin-je...</li> <li><a href="https://github.com/actions/add-to-project/commit/f14f229b02cc2da1e86a231e565592a57f62b37e"><code>f14f229</code></a> Bump eslint-plugin-jest from 28.6.0 to 28.11.0</li> <li><a href="https://github.com/actions/add-to-project/commit/cc696180afea0adc14ad0cfaea066a2e8f6fe5ae"><code>cc69618</code></a> Exit without failure if nothing to commit</li> <li>Additional commits viewable in <a href="https://github.com/actions/add-to-project/compare/f5473ace9aeee8b97717b281e26980aa5097023f...280af8ae1f83a494cfad2cb10f02f6d13529caa9">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.1 to 4.6.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v4.6.2</h2> <h2>What's Changed</h2> <ul> <li>Update to use artifact 2.3.2 package & prepare for new upload-artifact release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.6.2">https://github.com/actions/upload-artifact/compare/v4...v4.6.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/upload-artifact/commit/ea165f8d65b6e75b540449e92b4886f43607fa02"><code>ea165f8</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/685">#685</a> from salmanmkc/salmanmkc/3-new-upload-artifacts-release</li> <li><a href="https://github.com/actions/upload-artifact/commit/08396203c179e13c71b9754ce3472ed71842eec0"><code>0839620</code></a> Prepare for new release of actions/upload-artifact with new toolkit cache ver...</li> <li>See full diff in <a href="https://github.com/actions/upload-artifact/compare/4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1...ea165f8d65b6e75b540449e92b4886f43607fa02">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=4.6.1&new-version=4.6.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

… Service integration (MSC3861) more efficient. (#18231) Evolution of element-hq/synapse@cd78f3d This cache does not have any explicit invalidation, but this is deemed acceptable (see code comment). We may still prefer to add it eventually, letting us bump up the Time-To-Live (TTL) on the cache as we currently set a 2 minute expiry to balance the fact that we have no explicit invalidation. This cache makes several things more efficient: - reduces number of outbound requests from Synapse, reducing CPU utilisation + network I/O - reduces request handling time in Synapse, which improves client-visible latency - reduces load on MAS and its database --- Other than that, this PR also introduces support for `expires_in` (seconds) on the introspection response. This lets the cached responses expire at the proper expiry time of the access token, whilst avoiding clock skew issues. Corresponds to: element-hq/matrix-authentication-service#4241 --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>

- Explicitly use `mawk` instead of `awk`, since an extension of the former is used - Use `fflush` to reduce interleaving the output of different processes & streams - Move the `mawk` command to a shell function, instead of writing it twice - Look up the `SUPERVISOR_PROCESS_NAME` environment variable in `mawk`, instead of reading it in the shell & using complex quoting to pass it to `mawk` ### Pull Request Checklist  * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Quentin Gliech <quenting@element.io>

Bumps [authlib](https://github.com/lepture/authlib) from 1.4.1 to 1.5.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lepture/authlib/releases">authlib's releases</a>.</em></p> <blockquote> <h2>Version 1.5.1</h2> <p>Released on Feb 28, 2025</p> <ul> <li>Fix RFC9207 iss parameter. <a href="https://redirect.github.com/lepture/authlib/issues/715">#715</a></li> </ul> <h2>Version 1.5.0</h2> <ul> <li>Fix token introspection auth method for clients. <a href="https://redirect.github.com/lepture/authlib/pull/662">#662</a></li> <li>Optional typ claim in JWT tokens. <a href="https://redirect.github.com/lepture/authlib/pull/696">#696</a></li> <li>JWT validation leeway. <a href="https://redirect.github.com/lepture/authlib/pull/689">#689</a></li> <li>Implement server-side <a href="https://datatracker.ietf.org/doc/html/rfc9207.html">RFC9207</a>. <a href="https://redirect.github.com/lepture/authlib/issues/700">#700</a> <a href="https://redirect.github.com/lepture/authlib/pull/701">#701</a></li> <li>generate_id_token can take a kid parameter. <a href="https://redirect.github.com/lepture/authlib/pull/702">#702</a></li> <li>More detailed InvalidClientError. <a href="https://redirect.github.com/lepture/authlib/pull/706">#706</a></li> <li>OpenID Connect Dynamic Client Registration implementation. <a href="https://redirect.github.com/lepture/authlib/pull/707">#707</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/lepture/authlib/blob/main/docs/changelog.rst">authlib's changelog</a>.</em></p> <blockquote> <h2>Version 1.5.1</h2> <p><strong>Released on Feb 28, 2025</strong></p> <ul> <li>Fix RFC9207 <code>iss</code> parameter. :pr:<code>715</code></li> </ul> <h2>Version 1.5.0</h2> <p><strong>Released on Feb 25, 2025</strong></p> <ul> <li>Fix token introspection auth method for clients. :pr:<code>662</code></li> <li>Optional <code>typ</code> claim in JWT tokens. :pr:<code>696</code></li> <li>JWT validation leeway. :pr:<code>689</code></li> <li>Implement server-side :rfc:<code>RFC9207 <9207></code>. :issue:<code>700</code> :pr:<code>701</code></li> <li><code>generate_id_token</code> can take a <code>kid</code> parameter. :pr:<code>702</code></li> <li>More detailed <code>InvalidClientError</code>. :pr:<code>706</code></li> <li>OpenID Connect Dynamic Client Registration implementation. :pr:<code>707</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lepture/authlib/commit/4eafdc21891e78361f478479efe109ff0fb2f661"><code>4eafdc2</code></a> chore: release 1.5.1</li> <li><a href="https://github.com/lepture/authlib/commit/0e7e3443447094e6c2c0835e2f110c15b14c853c"><code>0e7e344</code></a> Merge pull request <a href="https://redirect.github.com/lepture/authlib/issues/715">#715</a> from azmeuk/rfc9207</li> <li><a href="https://github.com/lepture/authlib/commit/b57932bc7e2c0f7115b77f38dfd88a1443487593"><code>b57932b</code></a> fix: RFC9207 iss parameter</li> <li><a href="https://github.com/lepture/authlib/commit/7833a887da396e285f9315dc361670abec22137d"><code>7833a88</code></a> Merge pull request <a href="https://redirect.github.com/lepture/authlib/issues/713">#713</a> from geigerzaehler/full-entropy</li> <li><a href="https://github.com/lepture/authlib/commit/642dfa3264f0afe94c7f6ac7006007a7fd24fbe6"><code>642dfa3</code></a> doc: fix an example import for rfc9207</li> <li><a href="https://github.com/lepture/authlib/commit/5c507a84733033bdbf3e9d884bba67f18ce8ba0a"><code>5c507a8</code></a> fix: Use full entropy from specified oct key size</li> <li><a href="https://github.com/lepture/authlib/commit/2d0396e3fc49d53ab816bb43ec83fe42d527ca09"><code>2d0396e</code></a> chore: release 1.5.0</li> <li><a href="https://github.com/lepture/authlib/commit/da87c8b2ec35af9ddd3b621e2e8245102018f878"><code>da87c8b</code></a> doc: update changelog</li> <li><a href="https://github.com/lepture/authlib/commit/b79d868e7f14bffc9e6d381570cfaf90c941f872"><code>b79d868</code></a> Merge pull request <a href="https://redirect.github.com/lepture/authlib/issues/662">#662</a> from AdamWill/oauth2-fix-introspect-endpoint</li> <li><a href="https://github.com/lepture/authlib/commit/24c2bd871825771bb3e0523cf070e2aab0cbe8c1"><code>24c2bd8</code></a> chore: add a dependency group for the documentation</li> <li>Additional commits viewable in <a href="https://github.com/lepture/authlib/compare/v1.4.1...v1.5.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=authlib&package-manager=pip&previous-version=1.4.1&new-version=1.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [phonenumbers](https://github.com/daviddrysdale/python-phonenumbers) from 8.13.50 to 9.0.2. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/73ef5e664b55ba941cd1a120497d8a0395e1076f"><code>73ef5e6</code></a> Prep for 9.0.2 release</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/528a98bc757a2539bd969aee5bc75f22bb5a4d68"><code>528a98b</code></a> Generated files for metadata</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/28f5958abd284b1a76a4bff3fb2ca0b043c93605"><code>28f5958</code></a> Merge metadata changes from upstream 9.0.2</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/25ae49c1609bcbdec6cb25f0f08a3c0f3c112654"><code>25ae49c</code></a> Prep for 9.0.1 release</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/b8a1459cef41649cba3cb6fa6f9ae868b1f67dd2"><code>b8a1459</code></a> Generated files for metadata</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/f6cd2333593d27c5c6a004049f84fcf525f59911"><code>f6cd233</code></a> Merge metadata changes from upstream 9.0.1</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/c46f1049ba5731ca27f3a47d13f07965c43a6cbd"><code>c46f104</code></a> Prep for 9.0.0 release</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/d542ec2abcbd8c89560a632c7e5176e6b718a144"><code>d542ec2</code></a> Generated files for metadata</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/a4da80e25217a71a7ee03cc6d90f16d6187cd38f"><code>a4da80e</code></a> Merge metadata changes from upstream 9.0.0</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/45c822e887ab4eee6869af23096f385cdc4aeae1"><code>45c822e</code></a> Prep for 8.13.55 release</li> <li>Additional commits viewable in <a href="https://github.com/daviddrysdale/python-phonenumbers/compare/v8.13.50...v9.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=phonenumbers&package-manager=pip&previous-version=8.13.50&new-version=9.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

jason-famedly · 2025-07-17T18:20:20Z

The Complement failure at: https://github.com/famedly/synapse/actions/runs/16352263682 appears to be because of a new feature being tested that will not appear in Synapse until v1.135.0, element-hq/synapse#18195

The Sytest failures in the same run require features not available until Synapse v1.130.0, element-hq/synapse#18355

Neither of these situations were unknown

jason-famedly · 2025-07-17T21:06:05Z

What would you like me to do with the changes that would have been put into the CHANGES.md file at this stage? They look like:

### Famedly additions for v1.128.0_1

- chore: Bump SIC to v0.4.6 (Jason Little)
- fix: Missed two '$' symbols to process github contexts (Jason Little)
- chore: Split docker image production into a base Synapse and a Famedly specific layer (Jason Little)
- chore(opentelemetry): use released versions instead of git versions (Lukas Lihotzki)
- feat: explicit soft logout (Nicolas Werner)
- chore: Remove unused auto-accept-invite module (Nicolas Werner)
- chore: Bump invite checker to 0.4.5 (Nicolas Werner)
- fix: Adjust some tests to account for higher than expected load when ran concurrently (Jason Little)
- fix: Adding a thirdparty event callback leaves events frozen (Nicolas Werner)
- chore: Re-enable multiple job runners for unit tests (#38) (Jason Little)
- fix: Add 'branches' and 'tags' event filters to on.push trigger to avoid double testing in CI when any change is made to a pull request (#31) (Jason Little)
- feat: Allow disabling the faster_join/partial_state room joining mechanism (#35) (Jason Little)
- chore: Bump SIC to v0.4.4 (Jason Little)
- chore: Bump SIC to v0.4.3 (Emelie Graven)
- chore: Bump SIC to v0.4.2 (#29) (Jason Little)
- fix: Always recheck `/messages` pagination data if a backfill might have been needed (#28) (Jason Little)
- fix(opentelemetry): fix and simplify ci (Lukas Lihotzki)
- feat(opentelemetry): add tracing backend and logging handler (Lukas Lihotzki)
- chore: Bump STA to v0.11.0 (#26) (Jason Little)
- chore: Bump invite checker to 0.4.1 (Nicolas Werner)
- fix: Add is_requester_admin parameter to upgrade room callback (#21) (Nicolas Werner)
- bump: Update STA to v0.9.0 (#20) (Matheus Zaniolo)
- ci: Basic code coverage setup (Nicolas Werner)
- chore: Make matrix-team the primary codeowners (Nicolas Werner)
- chore: add on_upgrade_room() to third_party_event_rules ModuleApi (Jason Little)
- chore: allow specifying a max for custom refresh token durations (#17) (Nicolas Werner)
- bump: Update STA to v0.8.1 (Emelie Graven)
- chore: Use modern docker template (Nicolas Werner)
- refactor: merge pip install invocations (Lukas Lihotzki)
- feat: add matrix-synapse-ldap3 module (Lukas Lihotzki)
- chore: update to newest sta version (Niklas Zender)
- Allow clients to configure when a refresh token expires (Nicolas Werner)
- chore: add famedly docker workflow (Jan Christian Grünhage)
- add CI for container image building and testing (Jan Christian Grünhage)
- add make_release script (Marcus Hoffmann)
- exclude some users from usage_stats (Marcus Hoffmann)
- feat: add synapse modules required by famedly (Jan Christian Grünhage)
- doc: explain how to maintain the fork, including CI (transcaffeine)

Perhaps just logically break them down into most important things, or would you like me to try and go back and hand edit them into approximately where they would go?

H-Shay and others added 30 commits March 18, 2025 17:59

Add a column participant to room_memberships table (#18068)

4b8dbe2

Add index to sliding sync membership snapshot table, to fix a perform…

47e295b

…ance issue. (#18074) To address a performance problem due to the foreign key on the same column. cc @erikjohnston --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>

Update Poetry to 2.1.1, including updating the lock file version. (#1…

33bcef9

…8251)

Correct typo "SAML" -> SSO in mapping providers docs (#18276)

d8fef72

Merge branch 'master' into develop

2719bd1

Docker: Use an ARG for debian version more often (#18272)

92a29dc

Dockerfile: set package arch via APT config option (#18271)

bd08a01

Pass args to start_for_complement.sh (#18273)

a227d20

Bump log from 0.4.26 to 0.4.27 (#18267)

5e83434

Add docs for how to clear out the Poetry wheel cache (#18283)

31110f3

As shared by @reivilibre, element-hq/synapse#18261 (comment) Relevant Poetry issue around how this should be handled by them: python-poetry/poetry#10304

Merge branch 'master' into develop

2830013

Update admin_faq - Fix how to obtain access token (#18225)

3c18823

Riot is now known as element and Access token moved to Help & About

Use uv pip to install supervisor in workers image (#18275)

90f3461

dependabot bot and others added 10 commits April 1, 2025 15:36

Make sure media hashes are not queried until the index is up (#18302)

fa53a85

1.128.0rc1

01efc49

Fix rendering of the changelog

b8b3896

Merge changelog entries

7707686

1.128.0

b30fcb0

Famedly v1.128

380d225

Update poetry.lock file

7b8ba6f

Update famedly-tests.yml workflow for new Poetry version

f26edcd

jason-famedly marked this pull request as ready for review July 18, 2025 09:53

jason-famedly requested a review from a team as a code owner July 18, 2025 09:53

nico-famedly approved these changes Jul 18, 2025

View reviewed changes

jason-famedly merged commit f26edcd into master Jul 21, 2025
17 of 22 checks passed

jason-famedly deleted the famedly-release/v1.128 branch July 21, 2025 10:32

jason-famedly restored the famedly-release/v1.128 branch July 21, 2025 11:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Famedly release v1.128.0_1#61

Famedly release v1.128.0_1#61
jason-famedly merged 40 commits intomasterfrom
famedly-release/v1.128

jason-famedly commented Jul 17, 2025 •

edited

Loading

Uh oh!

jason-famedly commented Jul 17, 2025

Uh oh!

jason-famedly commented Jul 17, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

12 participants

Conversation

jason-famedly commented Jul 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

New version of Synapse

v1.127.0_10 -> v1.128.0_1

Uh oh!

jason-famedly commented Jul 17, 2025

Uh oh!

jason-famedly commented Jul 17, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

12 participants

jason-famedly commented Jul 17, 2025 •

edited

Loading

`v1.127.0_10` -> `v1.128.0_1`