summary refs log tree commit diff
Commit message (Collapse)AuthorAgeFilesLines
* Add bulk send events endpoint emma/patchesRory&2025-07-262-1/+119
|
* RequestRatelimiter: expose can_do_actionRory&2025-07-251-0/+75
|
* Devenv: use postgres 17Rory&2025-07-251-0/+1
|
* Fix gitignore to ignore .venvRory&2025-07-221-0/+1
|
* Fix nix flakeRory&2025-07-222-39/+29
|
* Fix pagination with large gaps of rejected eventsNicolas Werner2025-07-221-2/+11
|
* fix: Always recheck `/messages` pagination data if a backfill might have ↵Jason Little2025-07-222-37/+34
| | | | been needed (#28)
* Expose tombstone in room admin apiRory&2025-07-223-2/+40
|
* Use parse_boolean for unredacted contentRory&2025-07-221-3/+2
|
* Log policy server rejected eventsRory&2025-07-221-0/+7
|
* Log entire room if accessibility check failsRory&2025-07-221-0/+4
| | | | Signed-off-by: Rory& <root@rory.gay>
* Add too much logging to room summary over federationRory&2025-07-221-4/+36
| | | | Signed-off-by: Rory& <root@rory.gay>
* Hotfix: ignore rejected events in delayed_eventsRory&2025-07-221-1/+6
|
* Fast auth linksRory&2025-07-222-4/+47
|
* 1.134.0Erik Johnston2025-07-153-1/+14
|
* 1.134.0rc1Andrew Morgan2025-07-0927-25/+89
|
* Use native arm runners for building wheels (#18618)Quentin Gliech2025-07-083-27/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This takes down the CI time to build wheels from 50 minutes to <10 minutes. **It also fixes macOS ARM builds, and includes more ARM builds in general** (we were ignoring pypy and musl before). This doesn't cost much for us to do this, reasons for not doing this is 1. space on PyPI and 2. keeping them 'officially' supported? This is the list of wheels this built (`+` are the ones added): ```diff matrix_synapse-1.133.0-cp39-abi3-macosx_10_9_x86_64.whl + matrix_synapse-1.133.0-cp39-abi3-macosx_11_0_arm64.whl matrix_synapse-1.133.0-cp39-abi3-manylinux_2_28_aarch64.whl matrix_synapse-1.133.0-cp39-abi3-manylinux_2_28_x86_64.whl + matrix_synapse-1.133.0-cp39-abi3-musllinux_1_2_aarch64.whl matrix_synapse-1.133.0-cp39-abi3-musllinux_1_2_x86_64.whl matrix_synapse-1.133.0-pp310-pypy310_pp73-macosx_10_15_x86_64.whl + matrix_synapse-1.133.0-pp310-pypy310_pp73-macosx_11_0_arm64.whl + matrix_synapse-1.133.0-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl matrix_synapse-1.133.0-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl matrix_synapse-1.133.0-pp311-pypy311_pp73-macosx_10_15_x86_64.whl + matrix_synapse-1.133.0-pp311-pypy311_pp73-macosx_11_0_arm64.whl + matrix_synapse-1.133.0-pp311-pypy311_pp73-manylinux_2_28_aarch64.whl matrix_synapse-1.133.0-pp311-pypy311_pp73-manylinux_2_28_x86_64.whl ``` And the numbers aaaaare 🥁 - [before](https://github.com/element-hq/synapse/actions/runs/16072488018): 54 minutes - [after](https://github.com/element-hq/synapse/actions/runs/16004034949?pr=18618): 10 minutes **Revert [e43b0f9](https://github.com/element-hq/synapse/pull/18618/commits/e43b0f9bd18f6d4ec9f9e9d992ecdcceaaf10982) before merging**
* Add `.zed/` to `.gitignore` (#18623)Andrew Morgan2025-07-082-0/+2
|
* Speed up the building of Docker images using ARM CI workers (#18620)Quentin Gliech2025-07-083-45/+101
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This splits the building of docker images in 2 jobs, one for each platform, using the native ARM runners for arm64. The tricky part here is to get back a nice multi-arch manifest. Previously, you'd do that by pushing each platform image in two distinct tags, then referencing them in a multi-arch manifest. Nowadays, it's possible to push images by their digest only, then creating the manifest for those pushed digests separately This is inspired by the Docker docs on how to distribute multi-platform image builds: https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners `ghcr.io/element-hq/synapse:sha-c733dd6` is an example image that got built by this workflow (there is a temporary sha-* tag on workflow_dispatch runs to help trying out the workflow) I also had to make sure we sign the manifests correctly: ``` $ cosign verify --certificate-oidc-issuer https://token.actions.githubusercontent.com --certificate-identity-regexp 'https://github.com/element-hq/synapse/.github/workflows/docker.yml@.*' ghcr.io/element-hq/synapse:sha-c733dd6 Verification for ghcr.io/element-hq/synapse:sha-c733dd6 -- The following checks were performed on each of these signatures: - The cosign claims were validated - Existence of the claims in the transparency log was verified offline - The code-signing certificate was verified using trusted certificate authority certificates ``` And the numbers aaaaare 🥁 - [before](https://github.com/element-hq/synapse/actions/runs/16118229296/job/45477093703): 30 minutes - [after](https://github.com/element-hq/synapse/actions/runs/16021743575): 4 minutes --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Bump typing-extensions from 4.14.0 to 4.14.1 (#18668)dependabot[bot]2025-07-071-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [typing-extensions](https://github.com/python/typing_extensions) from 4.14.0 to 4.14.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python/typing_extensions/releases">typing-extensions's releases</a>.</em></p> <blockquote> <h2>4.14.1</h2> <h1>Release 4.14.1 (July 4, 2025)</h1> <ul> <li>Fix usage of <code>typing_extensions.TypedDict</code> nested inside other types (e.g., <code>typing.Type[typing_extensions.TypedDict]</code>). This is not allowed by the type system but worked on older versions, so we maintain support.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/typing_extensions/blob/main/CHANGELOG.md">typing-extensions's changelog</a>.</em></p> <blockquote> <h1>Release 4.14.1 (July 4, 2025)</h1> <ul> <li>Fix usage of <code>typing_extensions.TypedDict</code> nested inside other types (e.g., <code>typing.Type[typing_extensions.TypedDict]</code>). This is not allowed by the type system but worked on older versions, so we maintain support.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/typing_extensions/commit/42027aba3558c9d9133a90bca17f6fecaecc48d8"><code>42027ab</code></a> Prepare release 4.14.1 (<a href="https://redirect.github.com/python/typing_extensions/issues/620">#620</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/59d2c20858ac527516ebad5a89c05af514dac94a"><code>59d2c20</code></a> Fix off by one in pickle protocol tests (<a href="https://redirect.github.com/python/typing_extensions/issues/618">#618</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/40e22ebb2ca5747eaa9405b152c43a294ac3af37"><code>40e22eb</code></a> Do not use slots for <code>_TypedDictSpecialForm</code> (<a href="https://redirect.github.com/python/typing_extensions/issues/616">#616</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/d17c456d367e88adee4a4e3bef48f81f7e2df473"><code>d17c456</code></a> allow TypedDict as a type argument (<a href="https://redirect.github.com/python/typing_extensions/issues/614">#614</a>)</li> <li>See full diff in <a href="https://github.com/python/typing_extensions/compare/4.14.0...4.14.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typing-extensions&package-manager=pip&previous-version=4.14.0&new-version=4.14.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump tokio from 1.46.0 to 1.46.1 (#18667)dependabot[bot]2025-07-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.46.0 to 1.46.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tokio/releases">tokio's releases</a>.</em></p> <blockquote> <h2>Tokio v1.46.1</h2> <h1>1.46.1 (July 4th, 2025)</h1> <p>This release fixes incorrect spawn locations in runtime task hooks for tasks spawned using <code>tokio::spawn</code> rather than <code>Runtime::spawn</code>. This issue only effected the spawn location in <code>TaskMeta::spawned_at</code>, and did not effect task locations in Tracing events.</p> <h2>Unstable</h2> <ul> <li>runtime: add <code>TaskMeta::spawn_location</code> tracking where a task was spawned (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7440">#7440</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/tokio/issues/7440">#7440</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7440">tokio-rs/tokio#7440</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tokio-rs/tokio/commit/ab3ff69cf2258a8c696b2dca89a2cef4ff114c1c"><code>ab3ff69</code></a> chore: prepare to release v1.46.1 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7444">#7444</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/a0d5b8ab308bbeaa8090d411550d6c887d699096"><code>a0d5b8a</code></a> runtime(unstable): fix task hook spawn locations for <code>tokio::spawn</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7440">#7440</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/a1ee3ef218894f2441b5719812ab218ae0539c8d"><code>a1ee3ef</code></a> chore: fix some minor typos in the comments (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7442">#7442</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/171cd148a37da40dcbb8b06bf2c67634b2ba1f87"><code>171cd14</code></a> changelog: fix typo in <code>pipe::OpenOptions</code> for 1.46.0 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7439">#7439</a>)</li> <li>See full diff in <a href="https://github.com/tokio-rs/tokio/compare/tokio-1.46.0...tokio-1.46.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tokio&package-manager=cargo&previous-version=1.46.0&new-version=1.46.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump types-psycopg2 from 2.9.21.20250318 to 2.9.21.20250516 (#18658)dependabot[bot]2025-07-041-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [types-psycopg2](https://github.com/typeshed-internal/stub_uploader) from 2.9.21.20250318 to 2.9.21.20250516. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-psycopg2&package-manager=pip&previous-version=2.9.21.20250318&new-version=2.9.21.20250516)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump ruff from 0.12.1 to 0.12.2 (#18657)dependabot[bot]2025-07-042-21/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [ruff](https://github.com/astral-sh/ruff) from 0.12.1 to 0.12.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/releases">ruff's releases</a>.</em></p> <blockquote> <h2>0.12.2</h2> <h2>Release Notes</h2> <h3>Preview features</h3> <ul> <li>[<code>flake8-pyi</code>] Expand <code>Optional[A]</code> to <code>A | None</code> (<code>PYI016</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18572">#18572</a>)</li> <li>[<code>pyupgrade</code>] Mark <code>UP008</code> fix safe if no comments are in range (<a href="https://redirect.github.com/astral-sh/ruff/pull/18683">#18683</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>[<code>flake8-comprehensions</code>] Fix <code>C420</code> to prepend whitespace when needed (<a href="https://redirect.github.com/astral-sh/ruff/pull/18616">#18616</a>)</li> <li>[<code>perflint</code>] Fix <code>PERF403</code> panic on attribute or subscription loop variable (<a href="https://redirect.github.com/astral-sh/ruff/pull/19042">#19042</a>)</li> <li>[<code>pydocstyle</code>] Fix <code>D413</code> infinite loop for parenthesized docstring (<a href="https://redirect.github.com/astral-sh/ruff/pull/18930">#18930</a>)</li> <li>[<code>pylint</code>] Fix <code>PLW0108</code> autofix introducing a syntax error when the lambda's body contains an assignment expression (<a href="https://redirect.github.com/astral-sh/ruff/pull/18678">#18678</a>)</li> <li>[<code>refurb</code>] Fix false positive on empty tuples (<code>FURB168</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19058">#19058</a>)</li> <li>[<code>ruff</code>] Allow more <code>field</code> calls from <code>attrs</code> (<code>RUF009</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19021">#19021</a>)</li> <li>[<code>ruff</code>] Fix syntax error introduced for an empty string followed by a u-prefixed string (<code>UP025</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18899">#18899</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>[<code>flake8-executable</code>] Allow <code>uvx</code> in shebang line (<code>EXE003</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18967">#18967</a>)</li> <li>[<code>pandas</code>] Avoid flagging <code>PD002</code> if <code>pandas</code> is not imported (<a href="https://redirect.github.com/astral-sh/ruff/pull/18963">#18963</a>)</li> <li>[<code>pyupgrade</code>] Avoid PEP-604 unions with <code>typing.NamedTuple</code> (<code>UP007</code>, <code>UP045</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18682">#18682</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Document link between <code>import-outside-top-level (PLC0415)</code> and <code>lint.flake8-tidy-imports.banned-module-level-imports</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18733">#18733</a>)</li> <li>Fix description of the <code>format.skip-magic-trailing-comma</code> example (<a href="https://redirect.github.com/astral-sh/ruff/pull/19095">#19095</a>)</li> <li>[<code>airflow</code>] Make <code>AIR302</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18988">#18988</a>)</li> <li>[<code>airflow</code>] Make <code>AIR312</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18989">#18989</a>)</li> <li>[<code>flake8-annotations</code>] Make <code>ANN401</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18974">#18974</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC100</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18993">#18993</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC105</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19002">#19002</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC110</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18975">#18975</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC210</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18977">#18977</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC220</code>, <code>ASYNC221</code>, and <code>ASYNC222</code> examples error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18978">#18978</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC251</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18990">#18990</a>)</li> <li>[<code>flake8-bandit</code>] Make <code>S201</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19017">#19017</a>)</li> <li>[<code>flake8-bandit</code>] Make <code>S604</code> and <code>S609</code> examples error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19049">#19049</a>)</li> <li>[<code>flake8-bugbear</code>] Make <code>B028</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19054">#19054</a>)</li> <li>[<code>flake8-bugbear</code>] Make <code>B911</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19051">#19051</a>)</li> <li>[<code>flake8-datetimez</code>] Make <code>DTZ011</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19055">#19055</a>)</li> <li>[<code>flake8-datetimez</code>] Make <code>DTZ901</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19056">#19056</a>)</li> <li>[<code>flake8-pyi</code>] Make <code>PYI032</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19061">#19061</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI014</code>, <code>PYI015</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19097">#19097</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI042</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19101">#19101</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI059</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19080">#19080</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI062</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19079">#19079</a>)</li> <li>[<code>flake8-pytest-style</code>] Make example error out-of-the-box (<code>PT023</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19104">#19104</a>)</li> <li>[<code>flake8-pytest-style</code>] Make example error out-of-the-box (<code>PT030</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19105">#19105</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's changelog</a>.</em></p> <blockquote> <h2>0.12.2</h2> <h3>Preview features</h3> <ul> <li>[<code>flake8-pyi</code>] Expand <code>Optional[A]</code> to <code>A | None</code> (<code>PYI016</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18572">#18572</a>)</li> <li>[<code>pyupgrade</code>] Mark <code>UP008</code> fix safe if no comments are in range (<a href="https://redirect.github.com/astral-sh/ruff/pull/18683">#18683</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>[<code>flake8-comprehensions</code>] Fix <code>C420</code> to prepend whitespace when needed (<a href="https://redirect.github.com/astral-sh/ruff/pull/18616">#18616</a>)</li> <li>[<code>perflint</code>] Fix <code>PERF403</code> panic on attribute or subscription loop variable (<a href="https://redirect.github.com/astral-sh/ruff/pull/19042">#19042</a>)</li> <li>[<code>pydocstyle</code>] Fix <code>D413</code> infinite loop for parenthesized docstring (<a href="https://redirect.github.com/astral-sh/ruff/pull/18930">#18930</a>)</li> <li>[<code>pylint</code>] Fix <code>PLW0108</code> autofix introducing a syntax error when the lambda's body contains an assignment expression (<a href="https://redirect.github.com/astral-sh/ruff/pull/18678">#18678</a>)</li> <li>[<code>refurb</code>] Fix false positive on empty tuples (<code>FURB168</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19058">#19058</a>)</li> <li>[<code>ruff</code>] Allow more <code>field</code> calls from <code>attrs</code> (<code>RUF009</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19021">#19021</a>)</li> <li>[<code>ruff</code>] Fix syntax error introduced for an empty string followed by a u-prefixed string (<code>UP025</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18899">#18899</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>[<code>flake8-executable</code>] Allow <code>uvx</code> in shebang line (<code>EXE003</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18967">#18967</a>)</li> <li>[<code>pandas</code>] Avoid flagging <code>PD002</code> if <code>pandas</code> is not imported (<a href="https://redirect.github.com/astral-sh/ruff/pull/18963">#18963</a>)</li> <li>[<code>pyupgrade</code>] Avoid PEP-604 unions with <code>typing.NamedTuple</code> (<code>UP007</code>, <code>UP045</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18682">#18682</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Document link between <code>import-outside-top-level (PLC0415)</code> and <code>lint.flake8-tidy-imports.banned-module-level-imports</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18733">#18733</a>)</li> <li>Fix description of the <code>format.skip-magic-trailing-comma</code> example (<a href="https://redirect.github.com/astral-sh/ruff/pull/19095">#19095</a>)</li> <li>[<code>airflow</code>] Make <code>AIR302</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18988">#18988</a>)</li> <li>[<code>airflow</code>] Make <code>AIR312</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18989">#18989</a>)</li> <li>[<code>flake8-annotations</code>] Make <code>ANN401</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18974">#18974</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC100</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18993">#18993</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC105</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19002">#19002</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC110</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18975">#18975</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC210</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18977">#18977</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC220</code>, <code>ASYNC221</code>, and <code>ASYNC222</code> examples error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18978">#18978</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC251</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18990">#18990</a>)</li> <li>[<code>flake8-bandit</code>] Make <code>S201</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19017">#19017</a>)</li> <li>[<code>flake8-bandit</code>] Make <code>S604</code> and <code>S609</code> examples error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19049">#19049</a>)</li> <li>[<code>flake8-bugbear</code>] Make <code>B028</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19054">#19054</a>)</li> <li>[<code>flake8-bugbear</code>] Make <code>B911</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19051">#19051</a>)</li> <li>[<code>flake8-datetimez</code>] Make <code>DTZ011</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19055">#19055</a>)</li> <li>[<code>flake8-datetimez</code>] Make <code>DTZ901</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19056">#19056</a>)</li> <li>[<code>flake8-pyi</code>] Make <code>PYI032</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19061">#19061</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI014</code>, <code>PYI015</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19097">#19097</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI042</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19101">#19101</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI059</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19080">#19080</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI062</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19079">#19079</a>)</li> <li>[<code>flake8-pytest-style</code>] Make example error out-of-the-box (<code>PT023</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19104">#19104</a>)</li> <li>[<code>flake8-pytest-style</code>] Make example error out-of-the-box (<code>PT030</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19105">#19105</a>)</li> <li>[<code>flake8-quotes</code>] Make example error out-of-the-box (<code>Q003</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19106">#19106</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/astral-sh/ruff/commit/9bee8376a17401f9736b45fdefffb62edc2f1668"><code>9bee837</code></a> Bump 0.12.2 (<a href="https://redirect.github.com/astral-sh/ruff/issues/19126">#19126</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/1c6717b149ddfbcd4aa0aee2e160320474392da9"><code>1c6717b</code></a> Filter private symbols from stubs if they are internal types (<a href="https://redirect.github.com/astral-sh/ruff/issues/19121">#19121</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/1b813cd5f1933ab05ba7b96ace798199429c0bd6"><code>1b813cd</code></a> Fix description of the <code>format.skip-magic-trailing-comma</code> example (<a href="https://redirect.github.com/astral-sh/ruff/issues/19095">#19095</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/b00f68a23cedbd3a38fc25bac63638f0f11fc3f0"><code>b00f68a</code></a> [<code>ruff</code>] Allow more <code>field</code> calls from <code>attrs</code> (<code>RUF009</code>) (<a href="https://redirect.github.com/astral-sh/ruff/issues/19021">#19021</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/710c60f7135879b05f6c05a34085cd7af5c19e7f"><code>710c60f</code></a> [<code>flake8-pytest-style</code>] Make example error out-of-the-box (<code>PT023</code>) (<a href="https://redirect.github.com/astral-sh/ruff/issues/19104">#19104</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/811e25d16e22ca4ce124d9514232211c9a0b27a1"><code>811e25d</code></a> [<code>flake8-pytest-style</code>] Make example error out-of-the-box (<code>PT030</code>) (<a href="https://redirect.github.com/astral-sh/ruff/issues/19105">#19105</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/b78af2db4822dc55acbfb1024b30e69fe0262311"><code>b78af2d</code></a> [<code>flake8-quotes</code>] Make example error out-of-the-box (<code>Q003</code>) (<a href="https://redirect.github.com/astral-sh/ruff/issues/19106">#19106</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/4f36f0677f09b0ed1ba20f583b6f017c4f7d26c8"><code>4f36f06</code></a> Document link between <code>import-outside-top-level (PLC0415)</code> and `lint.flake8-t...</li> <li><a href="https://github.com/astral-sh/ruff/commit/2589a2938ee58a1ff1b54a9558807ecb000ccca3"><code>2589a29</code></a> [<code>flake8-simplify</code>] Make example error out-of-the-box (<code>SIM113</code>) (<a href="https://redirect.github.com/astral-sh/ruff/issues/19109">#19109</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/26bb8f7b7189558520bb386867579768b5a17347"><code>26bb8f7</code></a> [<code>flake8-simplify</code>] Make example error out-of-the-box (<code>SIM401</code>) (<a href="https://redirect.github.com/astral-sh/ruff/issues/19110">#19110</a>)</li> <li>Additional commits viewable in <a href="https://github.com/astral-sh/ruff/compare/0.12.1...0.12.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ruff&package-manager=pip&previous-version=0.12.1&new-version=0.12.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump setuptools-rust from 1.10.2 to 1.11.1 (#18655)dependabot[bot]2025-07-041-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [setuptools-rust](https://github.com/PyO3/setuptools-rust) from 1.10.2 to 1.11.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PyO3/setuptools-rust/releases">setuptools-rust's releases</a>.</em></p> <blockquote> <h2>v1.11.1</h2> <h3>Fixed</h3> <ul> <li>Fix finding cargo artifacts when filenames are empty. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/521">#521</a></li> </ul> <h2>v1.11.0</h2> <h3>Packaging</h3> <ul> <li>Drop support for Python 3.8. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/479">#479</a></li> <li>Support free-threaded Python. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/502">#502</a></li> <li>Support adding custom env vars. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/504">#504</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PyO3/setuptools-rust/blob/main/CHANGELOG.md">setuptools-rust's changelog</a>.</em></p> <blockquote> <h2>1.11.1 (2025-04-04)</h2> <h3>Fixed</h3> <ul> <li>Fix finding cargo artifacts when filenames are empty. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/521">#521</a></li> </ul> <h2>1.11.0 (2025-03-14)</h2> <h3>Packaging</h3> <ul> <li>Drop support for Python 3.8. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/479">#479</a></li> <li>Support free-threaded Python. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/502">#502</a></li> <li>Support adding custom env vars. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/504">#504</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PyO3/setuptools-rust/commit/cc5c23399393f04197d6e6ec92648c1f504d8deb"><code>cc5c233</code></a> release: 1.11.1 (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/529">#529</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/faa610deef49fb5c563f1624544908c0160aee6f"><code>faa610d</code></a> Fix finding cargo artifacts when <code>filenames</code> are empty (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/521">#521</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/a766bd503f8f0466d7bb4f034ed5dafab501d254"><code>a766bd5</code></a> use <code>SETUPTOOLS_RUST_CARGO_PROFILE=dev</code> for main matrix, document it (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/527">#527</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/229c49298456ed5ef7a105c452f6098bc1ca0159"><code>229c492</code></a> build(deps): bump the deps group across 5 directories with 1 update (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/522">#522</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/4141b0b4c81e5f762ad77d345f6f8fd63983674c"><code>4141b0b</code></a> build(deps): bump pypa/cibuildwheel from 2.22.0 to 2.23.2 (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/523">#523</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/fc4d72c6b925c86d627242be56532556525c123d"><code>fc4d72c</code></a> build(deps): bump pyo3 in /examples/hello-world-setuppy (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/524">#524</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/f20ba9c69c7652a4591fb8d55b7e715bf13eac7f"><code>f20ba9c</code></a> replace quansight-labs/setup-python with actions/setup-python (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/520">#520</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/1054e1c64518822c496ebd76ab0323e2d24936ff"><code>1054e1c</code></a> release: 1.11.0 (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/518">#518</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/d6817d765e9fc04305604d0c32901138fb2f106d"><code>d6817d7</code></a> Support adding custom env vars (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/504">#504</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/17980efa987f3a37526ece92b4b7d02494ed21e2"><code>17980ef</code></a> build(deps): bump the deps group across 3 directories with 1 update (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/516">#516</a>)</li> <li>Additional commits viewable in <a href="https://github.com/PyO3/setuptools-rust/compare/v1.10.2...v1.11.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=setuptools-rust&package-manager=pip&previous-version=1.10.2&new-version=1.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump typing-extensions from 4.12.2 to 4.14.0 (#18654)dependabot[bot]2025-07-031-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [typing-extensions](https://github.com/python/typing_extensions) from 4.12.2 to 4.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python/typing_extensions/releases">typing-extensions's releases</a>.</em></p> <blockquote> <h2>4.14.0</h2> <p>This release adds several new features, including experimental support for inline typed dictionaries (<a href="https://peps.python.org/pep-0764/">PEP 764</a>) and sentinels (<a href="https://peps.python.org/pep-0661/">PEP 661</a>), and support for changes in Python 3.14. In addition, Python 3.8 is no longer supported.</p> <p>Changes since 4.14.0rc1:</p> <ul> <li>Remove <code>__or__</code> and <code>__ror__</code> methods from <code>typing_extensions.Sentinel</code> on Python versions &lt;3.10. PEP 604 was introduced in Python 3.10, and <code>typing_extensions</code> does not generally attempt to backport PEP-604 methods to prior versions.</li> <li>Further update <code>typing_extensions.evaluate_forward_ref</code> with changes in Python 3.14.</li> </ul> <p>Changes included in 4.14.0rc1:</p> <ul> <li>Drop support for Python 3.8 (including PyPy-3.8). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Do not attempt to re-export names that have been removed from <code>typing</code>, anticipating the removal of <code>typing.no_type_check_decorator</code> in Python 3.15. Patch by Jelle Zijlstra.</li> <li>Update <code>typing_extensions.Format</code>, <code>typing_extensions.evaluate_forward_ref</code>, and <code>typing_extensions.TypedDict</code> to align with changes in Python 3.14. Patches by Jelle Zijlstra.</li> <li>Fix tests for Python 3.14 and 3.15. Patches by Jelle Zijlstra.</li> </ul> <p>New features:</p> <ul> <li>Add support for inline typed dictionaries (<a href="https://peps.python.org/pep-0764/">PEP 764</a>). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Add <code>typing_extensions.Reader</code> and <code>typing_extensions.Writer</code>. Patch by Sebastian Rittau.</li> <li>Add support for sentinels (<a href="https://peps.python.org/pep-0661/">PEP 661</a>). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> </ul> <h2>4.14.0rc1</h2> <p>Major changes:</p> <ul> <li>Drop support for Python 3.8 (including PyPy-3.8). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Do not attempt to re-export names that have been removed from <code>typing</code>, anticipating the removal of <code>typing.no_type_check_decorator</code> in Python 3.15. Patch by Jelle Zijlstra.</li> <li>Update <code>typing_extensions.Format</code>, <code>typing_extensions.evaluate_forward_ref</code>, and <code>typing_extensions.TypedDict</code> to align with changes in Python 3.14. Patches by Jelle Zijlstra.</li> <li>Fix tests for Python 3.14 and 3.15. Patches by Jelle Zijlstra.</li> </ul> <p>New features:</p> <ul> <li>Add support for inline typed dictionaries (<a href="https://peps.python.org/pep-0764/">PEP 764</a>). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Add <code>typing_extensions.Reader</code> and <code>typing_extensions.Writer</code>. Patch by Sebastian Rittau.</li> <li>Add support for sentinels (<a href="https://peps.python.org/pep-0661/">PEP 661</a>). Patch by</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/typing_extensions/blob/main/CHANGELOG.md">typing-extensions's changelog</a>.</em></p> <blockquote> <h1>Release 4.14.0 (June 2, 2025)</h1> <p>Changes since 4.14.0rc1:</p> <ul> <li>Remove <code>__or__</code> and <code>__ror__</code> methods from <code>typing_extensions.Sentinel</code> on Python versions &lt;3.10. PEP 604 was introduced in Python 3.10, and <code>typing_extensions</code> does not generally attempt to backport PEP-604 methods to prior versions.</li> <li>Further update <code>typing_extensions.evaluate_forward_ref</code> with changes in Python 3.14.</li> </ul> <h1>Release 4.14.0rc1 (May 24, 2025)</h1> <ul> <li>Drop support for Python 3.8 (including PyPy-3.8). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Do not attempt to re-export names that have been removed from <code>typing</code>, anticipating the removal of <code>typing.no_type_check_decorator</code> in Python 3.15. Patch by Jelle Zijlstra.</li> <li>Update <code>typing_extensions.Format</code>, <code>typing_extensions.evaluate_forward_ref</code>, and <code>typing_extensions.TypedDict</code> to align with changes in Python 3.14. Patches by Jelle Zijlstra.</li> <li>Fix tests for Python 3.14 and 3.15. Patches by Jelle Zijlstra.</li> </ul> <p>New features:</p> <ul> <li>Add support for inline typed dictionaries (<a href="https://peps.python.org/pep-0764/">PEP 764</a>). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Add <code>typing_extensions.Reader</code> and <code>typing_extensions.Writer</code>. Patch by Sebastian Rittau.</li> <li>Add support for sentinels (<a href="https://peps.python.org/pep-0661/">PEP 661</a>). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> </ul> <h1>Release 4.13.2 (April 10, 2025)</h1> <ul> <li>Fix <code>TypeError</code> when taking the union of <code>typing_extensions.TypeAliasType</code> and a <code>typing.TypeAliasType</code> on Python 3.12 and 3.13. Patch by <a href="https://github.com/jorenham">Joren Hammudoglu</a>.</li> <li>Backport from CPython PR <a href="https://redirect.github.com/python/cpython/pull/132160">#132160</a> to avoid having user arguments shadowed in generated <code>__new__</code> by <code>@typing_extensions.deprecated</code>. Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> </ul> <h1>Release 4.13.1 (April 3, 2025)</h1> <p>Bugfixes:</p> <ul> <li>Fix regression in 4.13.0 on Python 3.10.2 causing a <code>TypeError</code> when using <code>Concatenate</code>. Patch by <a href="https://github.com/Daraan">Daraan</a>.</li> <li>Fix <code>TypeError</code> when using <code>evaluate_forward_ref</code> on Python 3.10.1-2 and 3.9.8-10. Patch by <a href="https://github.com/Daraan">Daraan</a>.</li> </ul> <h1>Release 4.13.0 (March 25, 2025)</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/typing_extensions/commit/b07d24525615ba9377e47aaf5a26650a2517b2c4"><code>b07d245</code></a> Prepare release 4.14.0 (<a href="https://redirect.github.com/python/typing_extensions/issues/612">#612</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/fcf5265b3040337db1cfd6b786648a8ed0aeb0bf"><code>fcf5265</code></a> Backport evaluate_forward_ref() changes (<a href="https://redirect.github.com/python/typing_extensions/issues/611">#611</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/fadc1edbcfd942074007875007870c1df6acd4d0"><code>fadc1ed</code></a> Remove PEP-604 methods from <code>Sentinel</code> on Python &lt;3.10 (<a href="https://redirect.github.com/python/typing_extensions/issues/605">#605</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/44de568f73a93f29e52c2fc2d5f149305a4a3bae"><code>44de568</code></a> Add 3.14 to project classifiers and tox.ini (<a href="https://redirect.github.com/python/typing_extensions/issues/604">#604</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/36cc47605804318bf40ee26d765de2070741c25c"><code>36cc476</code></a> Prepare release 4.14.0rc1 (<a href="https://redirect.github.com/python/typing_extensions/issues/603">#603</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/ec1876c65000ac86faade29552245178918a7a69"><code>ec1876c</code></a> More fixes for 3.14 and 3.15 (<a href="https://redirect.github.com/python/typing_extensions/issues/602">#602</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/e89d789104978ba0f3abdb52b1592aa28fedd00f"><code>e89d789</code></a> Update <code>_caller()</code> implementation (<a href="https://redirect.github.com/python/typing_extensions/issues/598">#598</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/34bfd8423a22797619b14aa622ac0be82f6bf50d"><code>34bfd84</code></a> third party: fix typeguard (<a href="https://redirect.github.com/python/typing_extensions/issues/600">#600</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/479dae13d084c070301aa91265d1af278b181457"><code>479dae1</code></a> Add support for sentinels (PEP 661) (<a href="https://redirect.github.com/python/typing_extensions/issues/594">#594</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/f74a56a725e8d60727fccbeebe0dd71037bdf4bb"><code>f74a56a</code></a> Update PEP 649/749 implementation (<a href="https://redirect.github.com/python/typing_extensions/issues/596">#596</a>)</li> <li>Additional commits viewable in <a href="https://github.com/python/typing_extensions/compare/4.12.2...4.14.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typing-extensions&package-manager=pip&previous-version=4.12.2&new-version=4.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump phonenumbers from 9.0.2 to 9.0.8 (#18652)dependabot[bot]2025-07-031-3/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [phonenumbers](https://github.com/daviddrysdale/python-phonenumbers) from 9.0.2 to 9.0.8. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/9959754cdfca33facb25c1417c419f6f7251eb5c"><code>9959754</code></a> Prep for 9.0.8 release</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/6ffa6ffbec5297485a8a58e1d90a978bfaa595e4"><code>6ffa6ff</code></a> Generated files for metadata</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/4b028b4bd30b9d49a64feb4afb8e5a9ce136221a"><code>4b028b4</code></a> Merge metadata changes from upstream 9.0.8</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/6817dfb5ab6bb19a176c2c6bd4f5972736bd8d2f"><code>6817dfb</code></a> Prep for 9.0.7 release</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/e9a48434e2ba777bbc36d5d9f37e4a65bc00c576"><code>e9a4843</code></a> Generated files for metadata</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/8580645ba92ea2c2e0ae455b1aa2b89233881c80"><code>8580645</code></a> Merge metadata changes from upstream 9.0.7</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/e6d5f6270eae4e72c058c6b4cfa51f859ebf04b3"><code>e6d5f62</code></a> Prep for 9.0.6 release</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/e4e7dbec6c4e1d26e1b53792a221160654bef560"><code>e4e7dbe</code></a> Generated files for metadata</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/a8425e7a911e20a4bd6ee9076dcb8f463338f89d"><code>a8425e7</code></a> Merge metadata changes from upstream 9.0.6</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/e90d8ea1167ee6afa173822ce4fef0d7ac31be17"><code>e90d8ea</code></a> Prep for 9.0.5 release</li> <li>Additional commits viewable in <a href="https://github.com/daviddrysdale/python-phonenumbers/compare/v9.0.2...v9.0.8">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=phonenumbers&package-manager=pip&previous-version=9.0.2&new-version=9.0.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump attrs from 24.2.0 to 25.3.0 (#18649)dependabot[bot]2025-07-031-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [attrs](https://github.com/sponsors/hynek) from 24.2.0 to 25.3.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/sponsors/hynek/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=attrs&package-manager=pip&previous-version=24.2.0&new-version=25.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump authlib from 1.5.2 to 1.6.0 (#18642)dependabot[bot]2025-07-031-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [authlib](https://github.com/authlib/authlib) from 1.5.2 to 1.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/releases">authlib's releases</a>.</em></p> <blockquote> <h2>Version 1.6.0</h2> <ul> <li>Fix issue when <a href="https://datatracker.ietf.org/doc/html/rfc9207.html">RFC9207</a> is enabled and the authorization endpoint response is not a redirection. [pull request <a href="https://redirect.github.com/authlib/authlib/issues/733">#733</a>](<a href="https://redirect.github.com/authlib/authlib/pull/733">authlib/authlib#733</a>)</li> <li>Fix missing state parameter in authorization error responses. [issue <a href="https://redirect.github.com/authlib/authlib/issues/525">#525</a>](<a href="https://redirect.github.com/authlib/authlib/issues/525">authlib/authlib#525</a>)</li> <li>Support for acr and amr claims in id_token. [issue <a href="https://redirect.github.com/authlib/authlib/issues/734">#734</a>](<a href="https://redirect.github.com/authlib/authlib/issues/734">authlib/authlib#734</a>)</li> <li>Support for the none JWS algorithm.</li> <li>Fix response_types strict order during dynamic client registration. [issue <a href="https://redirect.github.com/authlib/authlib/issues/760">#760</a>](<a href="https://redirect.github.com/authlib/authlib/issues/760">authlib/authlib#760</a>)</li> <li>Implement <a href="https://datatracker.ietf.org/doc/html/rfc9101.html">RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)</a>. [issue <a href="https://redirect.github.com/authlib/authlib/issues/723">#723</a>](<a href="https://redirect.github.com/authlib/authlib/issues/723">authlib/authlib#723</a>)</li> <li>OIDC <a href="https://docs.authlib.org/en/latest/specs/oidc.html#authlib.oidc.core.UserInfoEndpoint">UserInfo endpoint</a> support. [issue <a href="https://redirect.github.com/authlib/authlib/issues/459">#459</a>](<a href="https://redirect.github.com/authlib/authlib/issues/459">authlib/authlib#459</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/blob/main/docs/changelog.rst">authlib's changelog</a>.</em></p> <blockquote> <h2>Version 1.6.0</h2> <p><strong>Released on May 22, 2025</strong></p> <ul> <li>Fix issue when :rfc:<code>RFC9207 &lt;9207&gt;</code> is enabled and the authorization endpoint response is not a redirection. :pr:<code>733</code></li> <li>Fix missing <code>state</code> parameter in authorization error responses. :issue:<code>525</code></li> <li>Support for <code>acr</code> and <code>amr</code> claims in <code>id_token</code>. :issue:<code>734</code></li> <li>Support for the <code>none</code> JWS algorithm.</li> <li>Fix <code>response_types</code> strict order during dynamic client registration. :issue:<code>760</code></li> <li>Implement :rfc:<code>RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) &lt;9101&gt;</code>. :issue:<code>723</code></li> <li>OIDC :class:<code>UserInfo endpoint &lt;authlib.oidc.core.userinfo.UserInfoEndpoint&gt;</code> support. :issue:<code>459</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/authlib/authlib/commit/fe87a117f941975793bf4063e9b08b90e88b230a"><code>fe87a11</code></a> chore: release version 1.6.0</li> <li><a href="https://github.com/authlib/authlib/commit/036a0b71532ada9371f0fc41f6bcd2287666bb20"><code>036a0b7</code></a> Merge pull request <a href="https://redirect.github.com/authlib/authlib/issues/774">#774</a> from azmeuk/459-userinfo</li> <li><a href="https://github.com/authlib/authlib/commit/449a1a24a42f5090f339dc60cab29ac89203e971"><code>449a1a2</code></a> feat: OIDC userinfo endpoint support</li> <li><a href="https://github.com/authlib/authlib/commit/d429c36717cfa1df8723139ca4c8d5939ed7fd73"><code>d429c36</code></a> Merge pull request <a href="https://redirect.github.com/authlib/authlib/issues/749">#749</a> from azmeuk/724-jar</li> <li><a href="https://github.com/authlib/authlib/commit/a524d23e95a1ef4e1fd0d4b4cdb0c0005cc74757"><code>a524d23</code></a> chore: move 1.7 deprecations to 1.8</li> <li><a href="https://github.com/authlib/authlib/commit/f37e60ec0cac660df3b1e4256883e77107aa5d78"><code>f37e60e</code></a> feat: implement rfc9101 JWT authorization request</li> <li><a href="https://github.com/authlib/authlib/commit/8a6c714fdbfd8ad574f51eb880590efdc6235912"><code>8a6c714</code></a> refactor: OAuth2 hook mechanism overhaul</li> <li><a href="https://github.com/authlib/authlib/commit/ff1b66bedc736a86ba596ad5d0344c5c2c2f03ad"><code>ff1b66b</code></a> refactor: extract OAuth2Payload from OAuth2Request</li> <li><a href="https://github.com/authlib/authlib/commit/98eebd14b99411235da75457a7aec21d473d448e"><code>98eebd1</code></a> refactor: remove uncovered code in OAuth2Request</li> <li><a href="https://github.com/authlib/authlib/commit/1b848e2a1e0aadc70762f4a707ab91e1b99f2300"><code>1b848e2</code></a> refactor: create_authorization_response can take an optional 'grant' arg</li> <li>Additional commits viewable in <a href="https://github.com/authlib/authlib/compare/v1.5.2...v1.6.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=authlib&package-manager=pip&previous-version=1.5.2&new-version=1.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump ijson from 3.3.0 to 3.4.0 (#18650)dependabot[bot]2025-07-031-96/+87
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [ijson](https://github.com/ICRAR/ijson) from 3.3.0 to 3.4.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ICRAR/ijson/blob/master/CHANGELOG.md">ijson's changelog</a>.</em></p> <blockquote> <h2>[3.4.0]</h2> <ul> <li>Added support for PEP 489 multi-phase initialisation and per-module state for our C extension, allowing us to support sub-interpreters with per-interpreter GIL.</li> <li>Advertise support for free-threading python mode.</li> <li>Removed support for Python &lt; 3.9.</li> <li>Enhanced generators so they yield all possible results to users before errors are raised (<a href="https://redirect.github.com/ICRAR/ijson/issues/123">#123</a>).</li> <li>Added <code>ijson.ALL_BACKENDS</code> constant listing all supported backends (which might or not be available at runtime).</li> <li>Added a <code>capabilities</code> constant to each backend describing which capabilities it supports.</li> <li>Exposing backend's name under <code>&lt;backend&gt;.backend_name</code>, and default backend's name under <code>ijson.backend_name</code>. This is similar to the already existing <code>name</code> constant, only slightly better named to hopefully avoid confusion.</li> <li>Restructured source code so all code lives under <code>src/</code>, and the <code>ijson.backends._yajl2</code> extension under <code>src/ijson/backends/ext/_yajl2</code>. This allows C backend tests to actually run on cibuildwheel.</li> <li>Improved performance of <code>parse</code> routine in C backend by ~4%.</li> <li>Fixed several potential stability issues in C backend around correct error handling.</li> <li>Fixed corner-case wrong behaviour of <code>yajl2_c</code> backend, which didn't work correctly with user-provided event names.</li> <li>Pointing to our own fork of yajl (for when we build it ourselves) that contains fixes for all known CVEs (<a href="https://redirect.github.com/ICRAR/ijson/issues/126">#126</a>).</li> <li>Removed leftover compatibility bits in the C backend.</li> <li>Fixed potential issue with <code>yajl</code> and <code>yajl2</code> backends where crashes could occur at interpreter shutdown.</li> <li>Removed tox.</li> <li>Moved static project metadata to <code>pyproject.toml</code>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ICRAR/ijson/commit/36701bed11497ec5fee22239f0a8c2e4a8358e78"><code>36701be</code></a> Release ijson 3.4.0</li> <li><a href="https://github.com/ICRAR/ijson/commit/cfb044a36fc1f1f6959e7680b7e79edc6a109828"><code>cfb044a</code></a> Modernize packaging (<a href="https://redirect.github.com/ICRAR/ijson/issues/138">#138</a>)</li> <li><a href="https://github.com/ICRAR/ijson/commit/044cf9b6b97f23bb1dffc0dadab5a08f509d29f8"><code>044cf9b</code></a> Bump pypa/cibuildwheel from 2.23.2 to 2.23.3 (<a href="https://redirect.github.com/ICRAR/ijson/issues/140">#140</a>)</li> <li><a href="https://github.com/ICRAR/ijson/commit/81e24b4045b8a9cc730ba67dce2d96d0c1884e31"><code>81e24b4</code></a> Allow building embedded yajl with cmake 4.0</li> <li><a href="https://github.com/ICRAR/ijson/commit/b3f9647a54acfae7472d615303a0974dbcd6f9fa"><code>b3f9647</code></a> Bump pypa/cibuildwheel from 2.23.1 to 2.23.2 (<a href="https://redirect.github.com/ICRAR/ijson/issues/137">#137</a>)</li> <li><a href="https://github.com/ICRAR/ijson/commit/d8fd6d2ef5646b8df58b3fb76921fe9368d05533"><code>d8fd6d2</code></a> Bump pypa/cibuildwheel from 2.23.0 to 2.23.1 (<a href="https://redirect.github.com/ICRAR/ijson/issues/134">#134</a>)</li> <li><a href="https://github.com/ICRAR/ijson/commit/caebc6fa38f0aeaee1f9705975c73b8b2d248ac1"><code>caebc6f</code></a> Bump pypa/cibuildwheel from 2.22.0 to 2.23.0 (<a href="https://redirect.github.com/ICRAR/ijson/issues/133">#133</a>)</li> <li><a href="https://github.com/ICRAR/ijson/commit/698b114e7cf780f7aedde57fd79d2f10d58b8e26"><code>698b114</code></a> Downgrade to ubuntu-22.04 to avoid gcc segfault</li> <li><a href="https://github.com/ICRAR/ijson/commit/9f28dc0d54d1273dbed15fd7f4a4fcd8a62b90b0"><code>9f28dc0</code></a> Allow certain branches to trigger a full CI build</li> <li><a href="https://github.com/ICRAR/ijson/commit/901fd3b3bda1120aa60efe9b23195536e3dd8bc9"><code>901fd3b</code></a> Add custom event name interning to yajl2_c</li> <li>Additional commits viewable in <a href="https://github.com/ICRAR/ijson/compare/v3.3.0...v3.4.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ijson&package-manager=pip&previous-version=3.3.0&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump msgpack from 1.1.0 to 1.1.1 (#18651)dependabot[bot]2025-07-031-65/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [msgpack](https://github.com/msgpack/msgpack-python) from 1.1.0 to 1.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/msgpack/msgpack-python/releases">msgpack's releases</a>.</em></p> <blockquote> <h2>v1.1.1</h2> <h2>What's Changed</h2> <ul> <li>Add Python 3.13 trove classifier by <a href="https://github.com/edgarrmondragon"><code>@​edgarrmondragon</code></a> in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/626">msgpack/msgpack-python#626</a></li> <li>update Cython to 3.1.1 by <a href="https://github.com/methane"><code>@​methane</code></a> in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/637">msgpack/msgpack-python#637</a></li> <li>update cibuildwheel to v2.23.3 by <a href="https://github.com/methane"><code>@​methane</code></a> in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/638">msgpack/msgpack-python#638</a></li> <li>upload to PyPI on create a release by <a href="https://github.com/methane"><code>@​methane</code></a> in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/639">msgpack/msgpack-python#639</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/edgarrmondragon"><code>@​edgarrmondragon</code></a> made their first contribution in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/626">msgpack/msgpack-python#626</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/msgpack/msgpack-python/compare/v1.1.0...v1.1.1">https://github.com/msgpack/msgpack-python/compare/v1.1.0...v1.1.1</a></p> <h2>v1.1.1rc1</h2> <h2>What's Changed</h2> <ul> <li>Add Python 3.13 trove classifier by <a href="https://github.com/edgarrmondragon"><code>@​edgarrmondragon</code></a> in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/626">msgpack/msgpack-python#626</a></li> <li>update Cython to 3.1.1 by <a href="https://github.com/methane"><code>@​methane</code></a> in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/637">msgpack/msgpack-python#637</a></li> <li>update cibuildwheel to v2.23.3 by <a href="https://github.com/methane"><code>@​methane</code></a> in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/638">msgpack/msgpack-python#638</a></li> <li>upload to PyPI on create a release by <a href="https://github.com/methane"><code>@​methane</code></a> in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/639">msgpack/msgpack-python#639</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/edgarrmondragon"><code>@​edgarrmondragon</code></a> made their first contribution in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/626">msgpack/msgpack-python#626</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/msgpack/msgpack-python/compare/v1.1.0...v1.1.1rc1">https://github.com/msgpack/msgpack-python/compare/v1.1.0...v1.1.1rc1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/msgpack/msgpack-python/blob/main/ChangeLog.rst">msgpack's changelog</a>.</em></p> <blockquote> <h1>1.1.1</h1> <p>Release Date: 2025-06-13</p> <ul> <li>No change from 1.1.1rc1.</li> </ul> <h1>1.1.1rc1</h1> <p>Release Date: 2025-06-06</p> <ul> <li>Update Cython to 3.1.1 and cibuildwheel to 2.23.3.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/msgpack/msgpack-python/commit/42f056f3cfaf2e3ec220db2f864e7613d433ad48"><code>42f056f</code></a> v1.1.1</li> <li><a href="https://github.com/msgpack/msgpack-python/commit/e6445d3b922ca0b9bc82695dd9d1c1529763095a"><code>e6445d3</code></a> v1.1.1rc1</li> <li><a href="https://github.com/msgpack/msgpack-python/commit/fe9e620a607702b31476f092ad01a387cff4cfbd"><code>fe9e620</code></a> upload to PyPI on create a release (<a href="https://redirect.github.com/msgpack/msgpack-python/issues/639">#639</a>)</li> <li><a href="https://github.com/msgpack/msgpack-python/commit/cdc764450370ff80e7c83edbe8d015f08f6fb9b3"><code>cdc7644</code></a> update cibuildwheel to v2.23.3 (<a href="https://redirect.github.com/msgpack/msgpack-python/issues/638">#638</a>)</li> <li><a href="https://github.com/msgpack/msgpack-python/commit/868aa2cd83f39237deb957c68ce7232422a5950b"><code>868aa2c</code></a> update Cython to 3.1.1 (<a href="https://redirect.github.com/msgpack/msgpack-python/issues/637">#637</a>)</li> <li><a href="https://github.com/msgpack/msgpack-python/commit/0eeabfb453844b441a4a77097b3d5aa0cb6645b6"><code>0eeabfb</code></a> Add Python 3.13 trove classifier (<a href="https://redirect.github.com/msgpack/msgpack-python/issues/626">#626</a>)</li> <li>See full diff in <a href="https://github.com/msgpack/msgpack-python/compare/v1.1.0...v1.1.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=msgpack&package-manager=pip&previous-version=1.1.0&new-version=1.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump types-setuptools from 75.2.0.20241019 to 80.9.0.20250529 (#18644)dependabot[bot]2025-07-031-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [types-setuptools](https://github.com/typeshed-internal/stub_uploader) from 75.2.0.20241019 to 80.9.0.20250529. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-setuptools&package-manager=pip&previous-version=75.2.0.20241019&new-version=80.9.0.20250529)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump ruff from 0.11.11 to 0.12.1 (#18645)dependabot[bot]2025-07-032-21/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [ruff](https://github.com/astral-sh/ruff) from 0.11.11 to 0.12.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/releases">ruff's releases</a>.</em></p> <blockquote> <h2>0.12.1</h2> <h2>Release Notes</h2> <h3>Preview features</h3> <ul> <li>[<code>flake8-errmsg</code>] Extend <code>EM101</code> to support byte strings (<a href="https://redirect.github.com/astral-sh/ruff/pull/18867">#18867</a>)</li> <li>[<code>flake8-use-pathlib</code>] Add autofix for <code>PTH202</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18763">#18763</a>)</li> <li>[<code>pygrep-hooks</code>] Add <code>AsyncMock</code> methods to <code>invalid-mock-access</code> (<code>PGH005</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18547">#18547</a>)</li> <li>[<code>pylint</code>] Ignore <code>__init__.py</code> files in (<code>PLC0414</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18400">#18400</a>)</li> <li>[<code>ruff</code>] Trigger <code>RUF037</code> for empty string and byte strings (<a href="https://redirect.github.com/astral-sh/ruff/pull/18862">#18862</a>)</li> <li>[formatter] Fix missing blank lines before decorated classes in <code>.pyi</code> files (<a href="https://redirect.github.com/astral-sh/ruff/pull/18888">#18888</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>Avoid generating diagnostics with per-file ignores (<a href="https://redirect.github.com/astral-sh/ruff/pull/18801">#18801</a>)</li> <li>Handle parenthesized arguments in <code>remove_argument</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18805">#18805</a>)</li> <li>[<code>flake8-logging</code>] Avoid false positive for <code>exc_info=True</code> outside <code>logger.exception</code> (<code>LOG014</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18737">#18737</a>)</li> <li>[<code>flake8-pytest-style</code>] Enforce <code>pytest</code> import for decorators (<a href="https://redirect.github.com/astral-sh/ruff/pull/18779">#18779</a>)</li> <li>[<code>flake8-pytest-style</code>] Mark autofix for <code>PT001</code> and <code>PT023</code> as unsafe if there's comments in the decorator (<a href="https://redirect.github.com/astral-sh/ruff/pull/18792">#18792</a>)</li> <li>[<code>flake8-pytest-style</code>] <code>PT001</code>/<code>PT023</code> fix makes syntax error on parenthesized decorator (<a href="https://redirect.github.com/astral-sh/ruff/pull/18782">#18782</a>)</li> <li>[<code>flake8-raise</code>] Make fix unsafe if it deletes comments (<code>RSE102</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18788">#18788</a>)</li> <li>[<code>flake8-simplify</code>] Fix <code>SIM911</code> autofix creating a syntax error (<a href="https://redirect.github.com/astral-sh/ruff/pull/18793">#18793</a>)</li> <li>[<code>flake8-simplify</code>] Fix false negatives for shadowed bindings (<code>SIM910</code>, <code>SIM911</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18794">#18794</a>)</li> <li>[<code>flake8-simplify</code>] Preserve original behavior for <code>except ()</code> and bare <code>except</code> (<code>SIM105</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18213">#18213</a>)</li> <li>[<code>flake8-pyi</code>] Fix <code>PYI041</code>'s fix causing <code>TypeError</code> with <code>None | None | ...</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18637">#18637</a>)</li> <li>[<code>perflint</code>] Fix <code>PERF101</code> autofix creating a syntax error and mark autofix as unsafe if there are comments in the <code>list</code> call expr (<a href="https://redirect.github.com/astral-sh/ruff/pull/18803">#18803</a>)</li> <li>[<code>perflint</code>] Fix false negative in <code>PERF401</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18866">#18866</a>)</li> <li>[<code>pylint</code>] Avoid flattening nested <code>min</code>/<code>max</code> when outer call has single argument (<code>PLW3301</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/16885">#16885</a>)</li> <li>[<code>pylint</code>] Fix <code>PLC2801</code> autofix creating a syntax error (<a href="https://redirect.github.com/astral-sh/ruff/pull/18857">#18857</a>)</li> <li>[<code>pylint</code>] Mark <code>PLE0241</code> autofix as unsafe if there's comments in the base classes (<a href="https://redirect.github.com/astral-sh/ruff/pull/18832">#18832</a>)</li> <li>[<code>pylint</code>] Suppress <code>PLE2510</code>/<code>PLE2512</code>/<code>PLE2513</code>/<code>PLE2514</code>/<code>PLE2515</code> autofix if the text contains an odd number of backslashes (<a href="https://redirect.github.com/astral-sh/ruff/pull/18856">#18856</a>)</li> <li>[<code>refurb</code>] Detect more exotic float literals in <code>FURB164</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18925">#18925</a>)</li> <li>[<code>refurb</code>] Fix <code>FURB163</code> autofix creating a syntax error for <code>yield</code> expressions (<a href="https://redirect.github.com/astral-sh/ruff/pull/18756">#18756</a>)</li> <li>[<code>refurb</code>] Mark <code>FURB129</code> autofix as unsafe if there's comments in the <code>readlines</code> call (<a href="https://redirect.github.com/astral-sh/ruff/pull/18858">#18858</a>)</li> <li>[<code>ruff</code>] Fix false positives and negatives in <code>RUF010</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18690">#18690</a>)</li> <li>Fix casing of <code>analyze.direction</code> variant names (<a href="https://redirect.github.com/astral-sh/ruff/pull/18892">#18892</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>Fix f-string interpolation escaping in generated fixes (<a href="https://redirect.github.com/astral-sh/ruff/pull/18882">#18882</a>)</li> <li>[<code>flake8-return</code>] Mark <code>RET501</code> fix unsafe if comments are inside (<a href="https://redirect.github.com/astral-sh/ruff/pull/18780">#18780</a>)</li> <li>[<code>flake8-async</code>] Fix detection for large integer sleep durations in <code>ASYNC116</code> rule (<a href="https://redirect.github.com/astral-sh/ruff/pull/18767">#18767</a>)</li> <li>[<code>flake8-async</code>] Mark autofix for <code>ASYNC115</code> as unsafe if the call expression contains comments (<a href="https://redirect.github.com/astral-sh/ruff/pull/18753">#18753</a>)</li> <li>[<code>flake8-bugbear</code>] Mark autofix for <code>B004</code> as unsafe if the <code>hasattr</code> call expr contains comments (<a href="https://redirect.github.com/astral-sh/ruff/pull/18755">#18755</a>)</li> <li>[<code>flake8-comprehension</code>] Mark autofix for <code>C420</code> as unsafe if there's comments inside the dict comprehension (<a href="https://redirect.github.com/astral-sh/ruff/pull/18768">#18768</a>)</li> <li>[<code>flake8-comprehensions</code>] Handle template strings for comprehension fixes (<a href="https://redirect.github.com/astral-sh/ruff/pull/18710">#18710</a>)</li> <li>[<code>flake8-future-annotations</code>] Add autofix (<code>FA100</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18903">#18903</a>)</li> <li>[<code>pyflakes</code>] Mark <code>F504</code>/<code>F522</code>/<code>F523</code> autofix as unsafe if there's a call with side effect (<a href="https://redirect.github.com/astral-sh/ruff/pull/18839">#18839</a>)</li> <li>[<code>pylint</code>] Allow fix with comments and document performance implications (<code>PLW3301</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18936">#18936</a>)</li> <li>[<code>pylint</code>] Detect more exotic <code>NaN</code> literals in <code>PLW0177</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18630">#18630</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's changelog</a>.</em></p> <blockquote> <h2>0.12.1</h2> <h3>Preview features</h3> <ul> <li>[<code>flake8-errmsg</code>] Extend <code>EM101</code> to support byte strings (<a href="https://redirect.github.com/astral-sh/ruff/pull/18867">#18867</a>)</li> <li>[<code>flake8-use-pathlib</code>] Add autofix for <code>PTH202</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18763">#18763</a>)</li> <li>[<code>pygrep-hooks</code>] Add <code>AsyncMock</code> methods to <code>invalid-mock-access</code> (<code>PGH005</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18547">#18547</a>)</li> <li>[<code>pylint</code>] Ignore <code>__init__.py</code> files in (<code>PLC0414</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18400">#18400</a>)</li> <li>[<code>ruff</code>] Trigger <code>RUF037</code> for empty string and byte strings (<a href="https://redirect.github.com/astral-sh/ruff/pull/18862">#18862</a>)</li> <li>[formatter] Fix missing blank lines before decorated classes in <code>.pyi</code> files (<a href="https://redirect.github.com/astral-sh/ruff/pull/18888">#18888</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>Avoid generating diagnostics with per-file ignores (<a href="https://redirect.github.com/astral-sh/ruff/pull/18801">#18801</a>)</li> <li>Handle parenthesized arguments in <code>remove_argument</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18805">#18805</a>)</li> <li>[<code>flake8-logging</code>] Avoid false positive for <code>exc_info=True</code> outside <code>logger.exception</code> (<code>LOG014</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18737">#18737</a>)</li> <li>[<code>flake8-pytest-style</code>] Enforce <code>pytest</code> import for decorators (<a href="https://redirect.github.com/astral-sh/ruff/pull/18779">#18779</a>)</li> <li>[<code>flake8-pytest-style</code>] Mark autofix for <code>PT001</code> and <code>PT023</code> as unsafe if there's comments in the decorator (<a href="https://redirect.github.com/astral-sh/ruff/pull/18792">#18792</a>)</li> <li>[<code>flake8-pytest-style</code>] <code>PT001</code>/<code>PT023</code> fix makes syntax error on parenthesized decorator (<a href="https://redirect.github.com/astral-sh/ruff/pull/18782">#18782</a>)</li> <li>[<code>flake8-raise</code>] Make fix unsafe if it deletes comments (<code>RSE102</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18788">#18788</a>)</li> <li>[<code>flake8-simplify</code>] Fix <code>SIM911</code> autofix creating a syntax error (<a href="https://redirect.github.com/astral-sh/ruff/pull/18793">#18793</a>)</li> <li>[<code>flake8-simplify</code>] Fix false negatives for shadowed bindings (<code>SIM910</code>, <code>SIM911</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18794">#18794</a>)</li> <li>[<code>flake8-simplify</code>] Preserve original behavior for <code>except ()</code> and bare <code>except</code> (<code>SIM105</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18213">#18213</a>)</li> <li>[<code>flake8-pyi</code>] Fix <code>PYI041</code>'s fix causing <code>TypeError</code> with <code>None | None | ...</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18637">#18637</a>)</li> <li>[<code>perflint</code>] Fix <code>PERF101</code> autofix creating a syntax error and mark autofix as unsafe if there are comments in the <code>list</code> call expr (<a href="https://redirect.github.com/astral-sh/ruff/pull/18803">#18803</a>)</li> <li>[<code>perflint</code>] Fix false negative in <code>PERF401</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18866">#18866</a>)</li> <li>[<code>pylint</code>] Avoid flattening nested <code>min</code>/<code>max</code> when outer call has single argument (<code>PLW3301</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/16885">#16885</a>)</li> <li>[<code>pylint</code>] Fix <code>PLC2801</code> autofix creating a syntax error (<a href="https://redirect.github.com/astral-sh/ruff/pull/18857">#18857</a>)</li> <li>[<code>pylint</code>] Mark <code>PLE0241</code> autofix as unsafe if there's comments in the base classes (<a href="https://redirect.github.com/astral-sh/ruff/pull/18832">#18832</a>)</li> <li>[<code>pylint</code>] Suppress <code>PLE2510</code>/<code>PLE2512</code>/<code>PLE2513</code>/<code>PLE2514</code>/<code>PLE2515</code> autofix if the text contains an odd number of backslashes (<a href="https://redirect.github.com/astral-sh/ruff/pull/18856">#18856</a>)</li> <li>[<code>refurb</code>] Detect more exotic float literals in <code>FURB164</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18925">#18925</a>)</li> <li>[<code>refurb</code>] Fix <code>FURB163</code> autofix creating a syntax error for <code>yield</code> expressions (<a href="https://redirect.github.com/astral-sh/ruff/pull/18756">#18756</a>)</li> <li>[<code>refurb</code>] Mark <code>FURB129</code> autofix as unsafe if there's comments in the <code>readlines</code> call (<a href="https://redirect.github.com/astral-sh/ruff/pull/18858">#18858</a>)</li> <li>[<code>ruff</code>] Fix false positives and negatives in <code>RUF010</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18690">#18690</a>)</li> <li>Fix casing of <code>analyze.direction</code> variant names (<a href="https://redirect.github.com/astral-sh/ruff/pull/18892">#18892</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>Fix f-string interpolation escaping in generated fixes (<a href="https://redirect.github.com/astral-sh/ruff/pull/18882">#18882</a>)</li> <li>[<code>flake8-return</code>] Mark <code>RET501</code> fix unsafe if comments are inside (<a href="https://redirect.github.com/astral-sh/ruff/pull/18780">#18780</a>)</li> <li>[<code>flake8-async</code>] Fix detection for large integer sleep durations in <code>ASYNC116</code> rule (<a href="https://redirect.github.com/astral-sh/ruff/pull/18767">#18767</a>)</li> <li>[<code>flake8-async</code>] Mark autofix for <code>ASYNC115</code> as unsafe if the call expression contains comments (<a href="https://redirect.github.com/astral-sh/ruff/pull/18753">#18753</a>)</li> <li>[<code>flake8-bugbear</code>] Mark autofix for <code>B004</code> as unsafe if the <code>hasattr</code> call expr contains comments (<a href="https://redirect.github.com/astral-sh/ruff/pull/18755">#18755</a>)</li> <li>[<code>flake8-comprehension</code>] Mark autofix for <code>C420</code> as unsafe if there's comments inside the dict comprehension (<a href="https://redirect.github.com/astral-sh/ruff/pull/18768">#18768</a>)</li> <li>[<code>flake8-comprehensions</code>] Handle template strings for comprehension fixes (<a href="https://redirect.github.com/astral-sh/ruff/pull/18710">#18710</a>)</li> <li>[<code>flake8-future-annotations</code>] Add autofix (<code>FA100</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18903">#18903</a>)</li> <li>[<code>pyflakes</code>] Mark <code>F504</code>/<code>F522</code>/<code>F523</code> autofix as unsafe if there's a call with side effect (<a href="https://redirect.github.com/astral-sh/ruff/pull/18839">#18839</a>)</li> <li>[<code>pylint</code>] Allow fix with comments and document performance implications (<code>PLW3301</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18936">#18936</a>)</li> <li>[<code>pylint</code>] Detect more exotic <code>NaN</code> literals in <code>PLW0177</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18630">#18630</a>)</li> <li>[<code>pylint</code>] Fix <code>PLC1802</code> autofix creating a syntax error and mark autofix as unsafe if there's comments in the <code>len</code> call (<a href="https://redirect.github.com/astral-sh/ruff/pull/18836">#18836</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/astral-sh/ruff/commit/32c54189cb45a9d0409a1140265ce6d5fcec214d"><code>32c5418</code></a> Bump 0.12.1 (<a href="https://redirect.github.com/astral-sh/ruff/issues/18969">#18969</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/b85c219283dcdae474642e9174352da5d9aee132"><code>b85c219</code></a> [<code>FastAPI</code>] Add fix safety section to <code>FAST002</code> (<a href="https://redirect.github.com/astral-sh/ruff/issues/18940">#18940</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/b1d1cf1d382acd745a57a391a7befb6c300f6c9a"><code>b1d1cf1</code></a> [ty] Add regression test for leading tab mis-alignment in diagnostic renderin...</li> <li><a href="https://github.com/astral-sh/ruff/commit/1dcdf7f41d80b819576b8e146c1af9e72b44d2da"><code>1dcdf7f</code></a> [ty] Resolve python environment in <code>Options::to_program_settings</code> (<a href="https://redirect.github.com/astral-sh/ruff/issues/18960">#18960</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/d00697621e2a772e9ad0b25c4c74f1572d72fd29"><code>d006976</code></a> [<code>ruff</code>] Fix false positives and negatives in <code>RUF010</code> (<a href="https://redirect.github.com/astral-sh/ruff/issues/18690">#18690</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/76619b96e504d63e574227e8d31d6ecfcd32d1c7"><code>76619b9</code></a> [ty] Fix rendering of long lines that are indented with tabs</li> <li><a href="https://github.com/astral-sh/ruff/commit/6e25cfba2b2fb607e16102cb5cd84cd775882d80"><code>6e25cfb</code></a> [ty] Add regression test for diagnostic rendering panic</li> <li><a href="https://github.com/astral-sh/ruff/commit/76387295a581ed5c665b685e1d69fe2751ad24b1"><code>7638729</code></a> [ty] Move venv and conda env discovery to <code>SearchPath::from_settings</code> (<a href="https://redirect.github.com/astral-sh/ruff/issues/18938">#18938</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/d04e63a6d9dbb5c751c99d113d7eaf98b765b426"><code>d04e63a</code></a> [ty] Add regression-benchmark for attribute-assignment hang (<a href="https://redirect.github.com/astral-sh/ruff/issues/18957">#18957</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/86fd9b634e5526d2093aeb5a37dc6f30cefc1925"><code>86fd9b6</code></a> [ty] Format conflicting types as an enumeration (<a href="https://redirect.github.com/astral-sh/ruff/issues/18956">#18956</a>)</li> <li>Additional commits viewable in <a href="https://github.com/astral-sh/ruff/compare/0.11.11...0.12.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ruff&package-manager=pip&previous-version=0.11.11&new-version=0.12.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update Cargo.lock (#18646)Andrew Morgan2025-07-032-28/+227
|
* Replace PyICU with Rust `icu_segmenter` crate (#18553)Andrew Morgan2025-07-0315-136/+70
| | | | | Co-authored-by: anoa's Codex Agent <codex@amorgan.xyz> Co-authored-by: Quentin Gliech <quenting@element.io>
* Bump types-pyyaml from 6.0.12.20241230 to 6.0.12.20250516 (#18643)dependabot[bot]2025-07-031-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [types-pyyaml](https://github.com/typeshed-internal/stub_uploader) from 6.0.12.20241230 to 6.0.12.20250516. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-pyyaml&package-manager=pip&previous-version=6.0.12.20241230&new-version=6.0.12.20250516)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Fix GET /_matrix/federation/v1/query/profile response (#18593)Alex Durham2025-07-032-4/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't send the fields `avatar_url` and `displayname` when they are not defined for the queried user. Before this change they would be sent and set to null in the JSON response object, which would violate the OpenAPI definitions (https://spec.matrix.org/v1.11/server-server-api/#get_matrixfederationv1queryprofile). Fixes: #18442 ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Quentin Gliech <quenting@element.io>
* Raise setuptools_rust version cap to 1.11.1 (#18576)V024602025-07-032-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Request to raise the defensive version cap for setuptools_rust from 1.10.2 to 1.11.1. ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
* Bump mypy-zope from 1.0.11 to 1.0.12 (#18640)dependabot[bot]2025-07-031-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [mypy-zope](https://github.com/Shoobx/mypy-zope) from 1.0.11 to 1.0.12. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Shoobx/mypy-zope/blob/master/CHANGELOG.md">mypy-zope's changelog</a>.</em></p> <blockquote> <h2>1.0.12 (2025-06-03)</h2> <hr /> <ul> <li>Support mypy-1.16</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Shoobx/mypy-zope/commit/fb4d6b3a5d41fc0a0d218edb343ae1e2faea39c6"><code>fb4d6b3</code></a> Preparing release 1.0.12</li> <li><a href="https://github.com/Shoobx/mypy-zope/commit/782aa68f7c7ec2305d73db29f57e01aa9c4123b8"><code>782aa68</code></a> Maintain changelog</li> <li><a href="https://github.com/Shoobx/mypy-zope/commit/dadddcf77cb83f5890192fbff4786bc8c941b1a3"><code>dadddcf</code></a> Merge pull request <a href="https://redirect.github.com/Shoobx/mypy-zope/issues/129">#129</a> from Shoobx/dependabot/pip/mypy-gte-1.0.0-and-lt-1.17.0</li> <li><a href="https://github.com/Shoobx/mypy-zope/commit/1c2e2299cfeb18b3465cf3e6b721449fef29ddc2"><code>1c2e229</code></a> Update mypy requirement from &lt;1.16.0,&gt;=1.0.0 to &gt;=1.0.0,&lt;1.17.0</li> <li><a href="https://github.com/Shoobx/mypy-zope/commit/77eb8fc78fa9237793f1987a65c3ded728d3eea1"><code>77eb8fc</code></a> Back to development: 1.0.12</li> <li>See full diff in <a href="https://github.com/Shoobx/mypy-zope/compare/1.0.11...1.0.12">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mypy-zope&package-manager=pip&previous-version=1.0.11&new-version=1.0.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump pydantic from 2.11.4 to 2.11.7 (#18639)dependabot[bot]2025-07-031-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.11.4 to 2.11.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pydantic/pydantic/releases">pydantic's releases</a>.</em></p> <blockquote> <h2>v2.11.7 2025-06-14</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>Fixes</h3> <ul> <li>Copy <code>FieldInfo</code> instance if necessary during <code>FieldInfo</code> build by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/11980">pydantic/pydantic#11980</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pydantic/pydantic/compare/v2.11.6...v2.11.7">https://github.com/pydantic/pydantic/compare/v2.11.6...v2.11.7</a></p> <h2>v2.11.6 2025-06-13</h2> <h2>v2.11.6 (2025-06-13)</h2> <h3>What's Changed</h3> <h4>Fixes</h4> <ul> <li>Rebuild dataclass fields before schema generation by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/11949">#11949</a></li> <li>Always store the original field assignment on <code>FieldInfo</code> by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/11946">#11946</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pydantic/pydantic/compare/v2.11.5...v2.11.6">https://github.com/pydantic/pydantic/compare/v2.11.5...v2.11.6</a></p> <h2>v2.11.5 2025-05-22</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>Fixes</h3> <ul> <li>Check if <code>FieldInfo</code> is complete after applying type variable map by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/11855">#11855</a></li> <li>Do not delete mock validator/serializer in <code>model_rebuild()</code> by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/11890">#11890</a></li> <li>Do not duplicate metadata on model rebuild by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/11902">#11902</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pydantic/pydantic/compare/v2.11.4...v2.11.5">https://github.com/pydantic/pydantic/compare/v2.11.4...v2.11.5</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pydantic/pydantic/blob/main/HISTORY.md">pydantic's changelog</a>.</em></p> <blockquote> <h2>v2.11.7 (2025-06-14)</h2> <p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.11.7">GitHub release</a></p> <h3>What's Changed</h3> <h4>Fixes</h4> <ul> <li>Copy <code>FieldInfo</code> instance if necessary during <code>FieldInfo</code> build by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/11898">#11898</a></li> </ul> <h2>v2.11.6 (2025-06-13)</h2> <p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.11.6">GitHub release</a></p> <h3>What's Changed</h3> <h4>Fixes</h4> <ul> <li>Rebuild dataclass fields before schema generation by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/11949">#11949</a></li> <li>Always store the original field assignment on <code>FieldInfo</code> by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/11946">#11946</a></li> </ul> <h2>v2.11.5 (2025-05-22)</h2> <p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.11.5">GitHub release</a></p> <h3>What's Changed</h3> <h4>Fixes</h4> <ul> <li>Check if <code>FieldInfo</code> is complete after applying type variable map by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/11855">#11855</a></li> <li>Do not delete mock validator/serializer in <code>model_rebuild()</code> by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/11890">#11890</a></li> <li>Do not duplicate metadata on model rebuild by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/11902">#11902</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pydantic/pydantic/commit/5f033e46c54fea1b59b6894d6527daf49475e690"><code>5f033e4</code></a> Prepare release v2.11.7</li> <li><a href="https://github.com/pydantic/pydantic/commit/c3368b83c411f421a7322959bc29f3bea4bd252a"><code>c3368b8</code></a> Copy <code>FieldInfo</code> instance if necessary during <code>FieldInfo</code> build (<a href="https://redirect.github.com/pydantic/pydantic/issues/11980">#11980</a>)</li> <li><a href="https://github.com/pydantic/pydantic/commit/3987b23db4b31ff35e9fa15c21c0c1d1c9808838"><code>3987b23</code></a> Prepare release v2.11.6</li> <li><a href="https://github.com/pydantic/pydantic/commit/dc7a9d20bee55a3a6e7397ee46abfcd9057b627b"><code>dc7a9d2</code></a> Always store the original field assignment on <code>FieldInfo</code></li> <li><a href="https://github.com/pydantic/pydantic/commit/c284c279a5b8c95d32ab5ec31d2511b3b27bfa87"><code>c284c27</code></a> Rebuild dataclass fields before schema generation</li> <li><a href="https://github.com/pydantic/pydantic/commit/5e6d1dc71fe9bd832635cb2e9b4af92286fd00b8"><code>5e6d1dc</code></a> Prepare release v2.11.5</li> <li><a href="https://github.com/pydantic/pydantic/commit/1b63218c42b515bd1f6b0dd323190236ead14bdb"><code>1b63218</code></a> Do not duplicate metadata on model rebuild (<a href="https://redirect.github.com/pydantic/pydantic/issues/11902">#11902</a>)</li> <li><a href="https://github.com/pydantic/pydantic/commit/5aefad873b3dfd60c419bd081ffaf0ac197c7b60"><code>5aefad8</code></a> Do not delete mock validator/serializer in <code>model_rebuild()</code></li> <li><a href="https://github.com/pydantic/pydantic/commit/8fbe6585f4d6179e5234ab61de00059c52e57975"><code>8fbe658</code></a> Check if <code>FieldInfo</code> is complete after applying type variable map</li> <li><a href="https://github.com/pydantic/pydantic/commit/12b371a0f7f800bf65daa3eaada1b4348348d9c4"><code>12b371a</code></a> Update documentation about <code>@dataclass_transform</code> support</li> <li>Additional commits viewable in <a href="https://github.com/pydantic/pydantic/compare/v2.11.4...v2.11.7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pydantic&package-manager=pip&previous-version=2.11.4&new-version=2.11.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump hiredis from 3.1.0 to 3.2.1 (#18638)dependabot[bot]2025-07-031-110/+110
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [hiredis](https://github.com/redis/hiredis-py) from 3.1.0 to 3.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/redis/hiredis-py/releases">hiredis's releases</a>.</em></p> <blockquote> <h2>3.2.1</h2> <h1>Changes</h1> <ul> <li>Fix assertion in reader.c (<a href="https://redirect.github.com/redis/hiredis-py/issues/212">#212</a>)</li> </ul> <h2>Contributors</h2> <p>We'd like to thank all the contributors who worked on this release!</p> <p><a href="https://github.com/uglide"><code>@​uglide</code></a></p> <h2>3.2.0</h2> <h1>Changes</h1> <ul> <li>Introduce new type for RESP3 PUSH notifications (<a href="https://redirect.github.com/redis/hiredis-py/issues/208">#208</a>)</li> <li>Run integration workflow on version branches (<a href="https://redirect.github.com/redis/hiredis-py/issues/210">#210</a>)</li> <li>Update hiredis to 1.3.0 (<a href="https://redirect.github.com/redis/hiredis-py/issues/203">#203</a>)</li> </ul> <h2>Contributors</h2> <p>We'd like to thank all the contributors who worked on this release!</p> <p><a href="https://github.com/uglide"><code>@​uglide</code></a></p> <h2>3.1.1</h2> <h2>Summary</h2> <p>This is a maintenance release that addresses issues in RESP3 parsing.</p> <h2>Changes</h2> <ul> <li>Fix memory leaks and segfaults in RESP3 map parsing (<a href="https://redirect.github.com/redis/hiredis-py/issues/204">#204</a>, <a href="https://redirect.github.com/redis/hiredis-py/issues/205">#205</a>, <a href="https://redirect.github.com/redis/hiredis-py/issues/206">#206</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/redis/hiredis-py/commit/c6febde98009b005ad35702c40aba5f926807754"><code>c6febde</code></a> Version 3.2.1</li> <li><a href="https://github.com/redis/hiredis-py/commit/bbfc3a6133c5e03152172d7f77415a0e1f0266f2"><code>bbfc3a6</code></a> Fix assertion in reader.c (<a href="https://redirect.github.com/redis/hiredis-py/issues/212">#212</a>)</li> <li><a href="https://github.com/redis/hiredis-py/commit/f715de2e7c636fd1649e9e038aaba80b05379df2"><code>f715de2</code></a> Version 3.2.0</li> <li><a href="https://github.com/redis/hiredis-py/commit/d5548270b6f2ac00be36d6c68403f1d94f81d086"><code>d554827</code></a> Introduce new type for RESP3 PUSH notifications (<a href="https://redirect.github.com/redis/hiredis-py/issues/208">#208</a>)</li> <li><a href="https://github.com/redis/hiredis-py/commit/58fe9603cd7bcb921de7ba3f43e1556f1df81e02"><code>58fe960</code></a> Run integration workflow on version branches (<a href="https://redirect.github.com/redis/hiredis-py/issues/210">#210</a>)</li> <li><a href="https://github.com/redis/hiredis-py/commit/86089654830a9c5f11d157173e84d7b5ba30eda4"><code>8608965</code></a> Update hiredis to 1.3.0 (<a href="https://redirect.github.com/redis/hiredis-py/issues/203">#203</a>)</li> <li><a href="https://github.com/redis/hiredis-py/commit/ac31d58c5f78090fdfb165f6ecef4e1a539c20a4"><code>ac31d58</code></a> Bump version to 3.2.0-dev (<a href="https://redirect.github.com/redis/hiredis-py/issues/207">#207</a>)</li> <li><a href="https://github.com/redis/hiredis-py/commit/7e77f22963e8889dea6165bd6ac26203645cfb04"><code>7e77f22</code></a> Fix memory leak in RESP3 map parsing (<a href="https://redirect.github.com/redis/hiredis-py/issues/204">#204</a>)</li> <li><a href="https://github.com/redis/hiredis-py/commit/5b34a0e2aade3f5669e92e06b843858aaea12c30"><code>5b34a0e</code></a> Use GitHub Releases to track changelogs (<a href="https://redirect.github.com/redis/hiredis-py/issues/202">#202</a>)</li> <li>See full diff in <a href="https://github.com/redis/hiredis-py/compare/v3.1.0...v3.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=hiredis&package-manager=pip&previous-version=3.1.0&new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump reqwest from 0.12.20 to 0.12.22 (#18627)dependabot[bot]2025-07-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.12.20 to 0.12.22. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/releases">reqwest's releases</a>.</em></p> <blockquote> <h2>v0.12.22</h2> <h2>tl;dr</h2> <ul> <li>Fix socks proxies when resolving IPv6 destinations.</li> </ul> <h2>What's Changed</h2> <ul> <li>fix(socks): bracket IPv6 addresses when formatting destination host by <a href="https://github.com/0x676e67"><code>@​0x676e67</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2753">seanmonstar/reqwest#2753</a></li> <li>Prepare v0.12.22 by <a href="https://github.com/seanmonstar"><code>@​seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2754">seanmonstar/reqwest#2754</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/seanmonstar/reqwest/compare/v0.12.21...v0.12.22">https://github.com/seanmonstar/reqwest/compare/v0.12.21...v0.12.22</a></p> <h2>v0.12.21</h2> <h2>tl;dr</h2> <ul> <li>Fix socks proxy to use <code>socks4a://</code> instead of <code>socks4h://</code>.</li> <li>Fix <code>Error::is_timeout()</code> to check for hyper and IO timeouts too.</li> <li>Fix request <code>Error</code> to again include URLs when possible.</li> <li>Fix socks connect error to include more context.</li> <li>(wasm) implement <code>Default</code> for <code>Body</code>.</li> </ul> <h2>What's Changed</h2> <ul> <li>chore: remove unused slab dep by <a href="https://github.com/seanmonstar"><code>@​seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2729">seanmonstar/reqwest#2729</a></li> <li>docs: mention requiring Tokio by <a href="https://github.com/seanmonstar"><code>@​seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2731">seanmonstar/reqwest#2731</a></li> <li>Fix Typos in Comments for Multipart and Redirect Tests by <a href="https://github.com/leopardracer"><code>@​leopardracer</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2738">seanmonstar/reqwest#2738</a></li> <li>fix: request errors should include url by <a href="https://github.com/seanmonstar"><code>@​seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2741">seanmonstar/reqwest#2741</a></li> <li>fix: consider timeout from hyper::Error by <a href="https://github.com/flisky"><code>@​flisky</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2742">seanmonstar/reqwest#2742</a></li> <li>feat: add Default impl for wasm::Body by <a href="https://github.com/jpopesculian"><code>@​jpopesculian</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2746">seanmonstar/reqwest#2746</a></li> <li>fix: Fix SOCKS4a proxy protocol matching by <a href="https://github.com/0x676e67"><code>@​0x676e67</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2732">seanmonstar/reqwest#2732</a></li> <li>fix: add more context and description to SOCKS errors by <a href="https://github.com/seanmonstar"><code>@​seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2750">seanmonstar/reqwest#2750</a></li> <li>Prepare v0.12.21 by <a href="https://github.com/seanmonstar"><code>@​seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2751">seanmonstar/reqwest#2751</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/leopardracer"><code>@​leopardracer</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2738">seanmonstar/reqwest#2738</a></li> <li><a href="https://github.com/jpopesculian"><code>@​jpopesculian</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2746">seanmonstar/reqwest#2746</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/seanmonstar/reqwest/compare/v0.12.20...v0.12.21">https://github.com/seanmonstar/reqwest/compare/v0.12.20...v0.12.21</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md">reqwest's changelog</a>.</em></p> <blockquote> <h2>v0.12.22</h2> <ul> <li>Fix socks proxies when resolving IPv6 destinations.</li> </ul> <h2>v0.12.21</h2> <ul> <li>Fix socks proxy to use <code>socks4a://</code> instead of <code>socks4h://</code>.</li> <li>Fix <code>Error::is_timeout()</code> to check for hyper and IO timeouts too.</li> <li>Fix request <code>Error</code> to again include URLs when possible.</li> <li>Fix socks connect error to include more context.</li> <li>(wasm) implement <code>Default</code> for <code>Body</code>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/seanmonstar/reqwest/commit/e6e2d8a25dfcdfae026946672d3aa015214a10c1"><code>e6e2d8a</code></a> v0.12.22</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/a9ab0fae3fa9901608aad70651e7affa61c063d5"><code>a9ab0fa</code></a> fix(socks): bracket IPv6 addresses when formatting destination host (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2753">#2753</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/b739726c4a2e47470346777062817af4f35feef2"><code>b739726</code></a> v0.12.21</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/d9ecdc19b3bac1733836bb3a0b37183002b77b16"><code>d9ecdc1</code></a> fix: add more context and description to SOCKS errors (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2750">#2750</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/d4c9eec3c2cff04cee246d1fb07da16695ed443c"><code>d4c9eec</code></a> fix: look for socks4a instead of socks4h (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2732">#2732</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/d793ed26232060d45f11c169d1d5b98edb6cb7e2"><code>d793ed2</code></a> (wasm) feat: add Default impl for wasm::Body (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2746">#2746</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/4cb2866cd4a3d242776d8c0ecea4d81ab78dc5c7"><code>4cb2866</code></a> fix: Error::is_timeout() checks for hyper::Error::is_timeout() (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2742">#2742</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/1794d997373c71e9521ada8d3e2f98f36b6aad59"><code>1794d99</code></a> fix: request errors should include url (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2741">#2741</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/9edbd2e00b9b752e851cac0374f7aa1034beca85"><code>9edbd2e</code></a> tests: fix typos in multipart and redirect tests (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2738">#2738</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/e03d6f4ec4d6ca214b04e5a5c524d70f3ba85f45"><code>e03d6f4</code></a> docs: mention requiring Tokio (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2731">#2731</a>)</li> <li>Additional commits viewable in <a href="https://github.com/seanmonstar/reqwest/compare/v0.12.20...v0.12.22">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=reqwest&package-manager=cargo&previous-version=0.12.20&new-version=0.12.22)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump types-bleach from 6.2.0.20241123 to 6.2.0.20250514 (#18634)dependabot[bot]2025-07-031-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [types-bleach](https://github.com/typeshed-internal/stub_uploader) from 6.2.0.20241123 to 6.2.0.20250514. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-bleach&package-manager=pip&previous-version=6.2.0.20241123&new-version=6.2.0.20250514)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump jsonschema from 4.23.0 to 4.24.0 (#18630)dependabot[bot]2025-07-031-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.23.0 to 4.24.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-jsonschema/jsonschema/releases">jsonschema's releases</a>.</em></p> <blockquote> <h2>v4.24.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>Fix calculation of evaluated properties by <a href="https://github.com/V02460"><code>@​V02460</code></a> in <a href="https://redirect.github.com/python-jsonschema/jsonschema/pull/1351">python-jsonschema/jsonschema#1351</a></li> <li>Support for Python 3.8 has been dropped, as it is end-of-life.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/bkueng"><code>@​bkueng</code></a> made their first contribution in <a href="https://redirect.github.com/python-jsonschema/jsonschema/pull/1326">python-jsonschema/jsonschema#1326</a></li> <li><a href="https://github.com/V02460"><code>@​V02460</code></a> made their first contribution in <a href="https://redirect.github.com/python-jsonschema/jsonschema/pull/1351">python-jsonschema/jsonschema#1351</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/python-jsonschema/jsonschema/compare/v4.23.0...v4.24.0">https://github.com/python-jsonschema/jsonschema/compare/v4.23.0...v4.24.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst">jsonschema's changelog</a>.</em></p> <blockquote> <h1>v4.24.0</h1> <ul> <li>Fix improper handling of <code>unevaluatedProperties</code> in the presence of <code>additionalProperties</code> (<a href="https://redirect.github.com/python-jsonschema/jsonschema/issues/1351">#1351</a>).</li> <li>Support for Python 3.8 has been dropped, as it is end-of-life.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/3e23ee5e695f84565f4175fb972073d787e1ab24"><code>3e23ee5</code></a> Add the bugfix to the changelog.</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/8917e85c6549b2b2a0dfcae48fd512aaaebae836"><code>8917e85</code></a> Stop running CIFuzz.</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/737e5ed536db806d97879ef3681f695ddc75a32d"><code>737e5ed</code></a> Rely on ruff in pre-commit.</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/57e5e034cb0c8662995494ed4a833febf9b581a4"><code>57e5e03</code></a> Test via PyPy 3.11.</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/d6c2ad7bbbdea0b2c3e627c304ad4dd325aaa254"><code>d6c2ad7</code></a> Add the zizmor setup here as well.</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/af9a8578767ca70380ca2a2f7f6c2311b702d663"><code>af9a857</code></a> Drop a dead pyproject section.</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/c64ef846095b9d790749152367c8b12bea69a116"><code>c64ef84</code></a> This is less true than it once was...</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/9ff926f4588f0e4a8f5726cb69529c05c7921cc6"><code>9ff926f</code></a> Merge branch 'additional-evaluated'</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/8290667beb239282529430b59e2d4ea51777b33e"><code>8290667</code></a> We still need to ditch pip-licenses...</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/6d973b543030be9b53a67739d08c6f8b19f45119"><code>6d973b5</code></a> Update pre-commit hooks.</li> <li>Additional commits viewable in <a href="https://github.com/python-jsonschema/jsonschema/compare/v4.23.0...v4.24.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jsonschema&package-manager=pip&previous-version=4.23.0&new-version=4.24.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump sentry-sdk from 2.22.0 to 2.32.0 (#18633)dependabot[bot]2025-07-031-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.22.0 to 2.32.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-python/releases">sentry-sdk's releases</a>.</em></p> <blockquote> <h2>2.32.0</h2> <h3>Various fixes &amp; improvements</h3> <ul> <li>feat(sessions): Add top-level start- and end session methods (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4474">#4474</a>) by <a href="https://github.com/szokeasaurusrex"><code>@​szokeasaurusrex</code></a></li> <li>feat(openai-agents): Set tool span to failed if an error is raised in the tool (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4527">#4527</a>) by <a href="https://github.com/antonpirker"><code>@​antonpirker</code></a></li> <li>fix(integrations/ray): Correctly pass keyword arguments to ray.remote function (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4430">#4430</a>) by <a href="https://github.com/svartalf"><code>@​svartalf</code></a></li> <li>fix(langchain): Make <code>span_map</code> an instance variable (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4476">#4476</a>) by <a href="https://github.com/szokeasaurusrex"><code>@​szokeasaurusrex</code></a></li> <li>fix(langchain): Ensure no duplicate <code>SentryLangchainCallback</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4485">#4485</a>) by <a href="https://github.com/szokeasaurusrex"><code>@​szokeasaurusrex</code></a></li> <li>fix(Litestar): Apply <code>failed_request_status_codes</code> to exceptions raised in middleware (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4074">#4074</a>) by <a href="https://github.com/vrslev"><code>@​vrslev</code></a></li> </ul> <h2>2.31.0</h2> <h3>Various fixes &amp; improvements</h3> <ul> <li> <p><strong>New Integration (BETA):</strong> Add support for <code>openai-agents</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4437">#4437</a>) by <a href="https://github.com/antonpirker"><code>@​antonpirker</code></a></p> <p>We can now instrument AI agents that are created with the <a href="https://openai.github.io/openai-agents-python/">OpenAI Agents SDK</a> out of the box.</p> </li> </ul> <pre lang="python"><code>import sentry_sdk from sentry_sdk.integrations.openai_agents import OpenAIAgentsIntegration <h1>Add the OpenAIAgentsIntegration to your sentry_sdk.init call:</h1> <p>sentry_sdk.init(<br /> dsn=&quot;...&quot;,<br /> integrations=[<br /> OpenAIAgentsIntegration(),<br /> ]<br /> )<br /> </code></pre></p> <p>For more information see the <a href="https://docs.sentry.io/platforms/python/integrations/openai-agents/">OpenAI Agents integrations documentation</a>.</p> <ul> <li>Logs: Add support for <code>dict</code> arguments (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4478">#4478</a>) by <a href="https://github.com/AbhiPrasad"><code>@​AbhiPrasad</code></a></li> <li>Add Cursor generated rules (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4493">#4493</a>) by <a href="https://github.com/sl0thentr0py"><code>@​sl0thentr0py</code></a></li> <li>Greatly simplify Langchain integrations <code>_wrap_configure</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4479">#4479</a>) by <a href="https://github.com/szokeasaurusrex"><code>@​szokeasaurusrex</code></a></li> <li>Fix(ci): Remove tracerite pin (almost) (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4504">#4504</a>) by <a href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li> <li>Fix(profiling): Ensure profiler thread exits when needed (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4497">#4497</a>) by <a href="https://github.com/Zylphrex"><code>@​Zylphrex</code></a></li> <li>Fix(ci): Do not install newest <code>tracerite</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4494">#4494</a>) by <a href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li> <li>Fix(scope): Handle token reset <code>LookupError</code>s gracefully (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4481">#4481</a>) by <a href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li> <li>Tests: Tox update (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4509">#4509</a>) by <a href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li> <li>Tests: Upper bound on fakeredis on old Python versions (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4482">#4482</a>) by <a href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li> <li>Tests: Regenerate tox (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4457">#4457</a>) by <a href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li> </ul> <h2>2.30.0</h2> <h3>Various fixes &amp; improvements</h3> <ul> <li> <p><strong>New beta feature:</strong> Sentry logs for Loguru (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4445">#4445</a>) by <a href="https://github.com/sentrivana"><code>@​sentrivana</code></a></p> <p>We can now capture Loguru logs and send them to Sentry.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md">sentry-sdk's changelog</a>.</em></p> <blockquote> <h2>2.32.0</h2> <h3>Various fixes &amp; improvements</h3> <ul> <li>feat(sessions): Add top-level start- and end session methods (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4474">#4474</a>) by <a href="https://github.com/szokeasaurusrex"><code>@​szokeasaurusrex</code></a></li> <li>feat(openai-agents): Set tool span to failed if an error is raised in the tool (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4527">#4527</a>) by <a href="https://github.com/antonpirker"><code>@​antonpirker</code></a></li> <li>fix(integrations/ray): Correctly pass keyword arguments to ray.remote function (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4430">#4430</a>) by <a href="https://github.com/svartalf"><code>@​svartalf</code></a></li> <li>fix(langchain): Make <code>span_map</code> an instance variable (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4476">#4476</a>) by <a href="https://github.com/szokeasaurusrex"><code>@​szokeasaurusrex</code></a></li> <li>fix(langchain): Ensure no duplicate <code>SentryLangchainCallback</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4485">#4485</a>) by <a href="https://github.com/szokeasaurusrex"><code>@​szokeasaurusrex</code></a></li> <li>fix(Litestar): Apply <code>failed_request_status_codes</code> to exceptions raised in middleware (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4074">#4074</a>) by <a href="https://github.com/vrslev"><code>@​vrslev</code></a></li> </ul> <h2>2.31.0</h2> <h3>Various fixes &amp; improvements</h3> <ul> <li> <p><strong>New Integration (BETA):</strong> Add support for <code>openai-agents</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4437">#4437</a>) by <a href="https://github.com/antonpirker"><code>@​antonpirker</code></a></p> <p>We can now instrument AI agents that are created with the <a href="https://openai.github.io/openai-agents-python/">OpenAI Agents SDK</a> out of the box.</p> </li> </ul> <pre lang="python"><code>import sentry_sdk from sentry_sdk.integrations.openai_agents import OpenAIAgentsIntegration <h1>Add the OpenAIAgentsIntegration to your sentry_sdk.init call:</h1> <p>sentry_sdk.init(<br /> dsn=&quot;...&quot;,<br /> integrations=[<br /> OpenAIAgentsIntegration(),<br /> ]<br /> )<br /> </code></pre></p> <p>For more information see the <a href="https://docs.sentry.io/platforms/python/integrations/openai-agents/">OpenAI Agents integrations documentation</a>.</p> <ul> <li>Logs: Add support for <code>dict</code> arguments (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4478">#4478</a>) by <a href="https://github.com/AbhiPrasad"><code>@​AbhiPrasad</code></a></li> <li>Add Cursor generated rules (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4493">#4493</a>) by <a href="https://github.com/sl0thentr0py"><code>@​sl0thentr0py</code></a></li> <li>Greatly simplify Langchain integrations <code>_wrap_configure</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4479">#4479</a>) by <a href="https://github.com/szokeasaurusrex"><code>@​szokeasaurusrex</code></a></li> <li>Fix(ci): Remove tracerite pin (almost) (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4504">#4504</a>) by <a href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li> <li>Fix(profiling): Ensure profiler thread exits when needed (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4497">#4497</a>) by <a href="https://github.com/Zylphrex"><code>@​Zylphrex</code></a></li> <li>Fix(ci): Do not install newest <code>tracerite</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4494">#4494</a>) by <a href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li> <li>Fix(scope): Handle token reset <code>LookupError</code>s gracefully (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4481">#4481</a>) by <a href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li> <li>Tests: Tox update (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4509">#4509</a>) by <a href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li> <li>Tests: Upper bound on fakeredis on old Python versions (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4482">#4482</a>) by <a href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li> <li>Tests: Regenerate tox (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4457">#4457</a>) by <a href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li> </ul> <h2>2.30.0</h2> <h3>Various fixes &amp; improvements</h3> <ul> <li><strong>New beta feature:</strong> Sentry logs for Loguru (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4445">#4445</a>) by <a href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/getsentry/sentry-python/commit/4b022dc731aa10e8cdb1cc8342c06374b226b6f4"><code>4b022dc</code></a> Merge branch 'master' into release/2.32.0</li> <li><a href="https://github.com/getsentry/sentry-python/commit/2634a523b3416748cf952bc517641594b9b40bac"><code>2634a52</code></a> Pin zope.event (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4531">#4531</a>)</li> <li><a href="https://github.com/getsentry/sentry-python/commit/c815a3245d10e45bebee5b47292deec438a4d4d2"><code>c815a32</code></a> updated changelog</li> <li><a href="https://github.com/getsentry/sentry-python/commit/bca8816ac1f84fe4304682bd6de173fbf0c005a3"><code>bca8816</code></a> release: 2.32.0</li> <li><a href="https://github.com/getsentry/sentry-python/commit/546ce1f71023b651860d6b576024b9d93b4c9ab8"><code>546ce1f</code></a> Set tool span to failed if an error is raised in the tool (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4527">#4527</a>)</li> <li><a href="https://github.com/getsentry/sentry-python/commit/ab2e3f08b600b22a95c3313eddd66f733e2d133c"><code>ab2e3f0</code></a> fix(integrations/ray): Correctly pass keyword arguments to ray.remote functio...</li> <li><a href="https://github.com/getsentry/sentry-python/commit/7804260fbf3ed8f797af95d2c0bdfcfeb85b0605"><code>7804260</code></a> fix(langchain): Make <code>span_map</code> an instance variable (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4476">#4476</a>)</li> <li><a href="https://github.com/getsentry/sentry-python/commit/0a2d8585f18f1d135d1f04624b702ef46fd119bb"><code>0a2d858</code></a> fix(langchain): Ensure no duplicate <code>SentryLangchainCallback</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/4485">#4485</a>)</li> <li><a href="https://github.com/getsentry/sentry-python/commit/dae02180dfb095cdbd8ed7e81544ef048482d70b"><code>dae0218</code></a> fix(Litestar): Apply <code>failed_request_status_codes</code> to exceptions raised in mi...</li> <li><a href="https://github.com/getsentry/sentry-python/commit/65d31af4ff9b93cddf12d043fe9d631e3c6c85a4"><code>65d31af</code></a> Merge branch 'release/2.31.0'</li> <li>Additional commits viewable in <a href="https://github.com/getsentry/sentry-python/compare/2.22.0...2.32.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sentry-sdk&package-manager=pip&previous-version=2.22.0&new-version=2.32.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update Rust in CI to v1.87.0 as well as `dtolnay/rust-toolchain` GitHub ↵Andrew Morgan2025-07-025-22/+64
| | | | Action pinned commit hash (#18596)
* Bump base64 from 0.21.7 to 0.22.1 (#18629)dependabot[bot]2025-07-021-10/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [base64](https://github.com/marshallpierce/rust-base64) from 0.21.7 to 0.22.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md">base64's changelog</a>.</em></p> <blockquote> <h1>0.22.1</h1> <ul> <li>Correct the symbols used for the predefined <code>alphabet::BIN_HEX</code>.</li> </ul> <h1>0.22.0</h1> <ul> <li><code>DecodeSliceError::OutputSliceTooSmall</code> is now conservative rather than precise. That is, the error will only occur if the decoded output <em>cannot</em> fit, meaning that <code>Engine::decode_slice</code> can now be used with exactly-sized output slices. As part of this, <code>Engine::internal_decode</code> now returns <code>DecodeSliceError</code> instead of <code>DecodeError</code>, but that is not expected to affect any external callers.</li> <li><code>DecodeError::InvalidLength</code> now refers specifically to the <em>number of valid symbols</em> being invalid (i.e. <code>len % 4 == 1</code>), rather than just the number of input bytes. This avoids confusing scenarios when based on interpretation you could make a case for either <code>InvalidLength</code> or <code>InvalidByte</code> being appropriate.</li> <li>Decoding is somewhat faster (5-10%)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/marshallpierce/rust-base64/commit/e14400697453bcc85997119b874bc03d9601d0af"><code>e144006</code></a> v0.22.1</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/64cca59ddbb4c43244a8f38629b59960ffe36bc0"><code>64cca59</code></a> Merge pull request <a href="https://redirect.github.com/marshallpierce/rust-base64/issues/271">#271</a> from JobanSD/patch-1</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/838355e0ac5fb8237ec9b96be5edb011bff00275"><code>838355e</code></a> Correct BinHex 4.0 alphabet according to specifications</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/bf15ccf30af8bb6b1f326fffa025d7b0aaa3342f"><code>bf15ccf</code></a> Merge pull request <a href="https://redirect.github.com/marshallpierce/rust-base64/issues/270">#270</a> from marshallpierce/mp/clippy</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/fc6aabee8afaf8b2f4cfb12df4cf461bcf9b003d"><code>fc6aabe</code></a> Appease clippy</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/9a518a2d5d028068d4bf83ebf437f7a3575e640e"><code>9a518a2</code></a> Merge pull request <a href="https://redirect.github.com/marshallpierce/rust-base64/issues/267">#267</a> from bdura/patch-1</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/d96c80f242e3080a03fd1c079730e17373ef0eb6"><code>d96c80f</code></a> Merge branch 'marshallpierce:master' into patch-1</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/5d70ba7576f9aafcbf02bd8acfcb9973411fb95f"><code>5d70ba7</code></a> Merge pull request <a href="https://redirect.github.com/marshallpierce/rust-base64/issues/269">#269</a> from marshallpierce/mp/decode-precisely</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/efb6c006c75ddbe60c084c2e3e0e084cd18b0122"><code>efb6c00</code></a> Release notes</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/2b91084a31ad11624acd81e06455ba0cbd21d4a8"><code>2b91084</code></a> Add some tests to boost coverage</li> <li>Additional commits viewable in <a href="https://github.com/marshallpierce/rust-base64/compare/v0.21.7...v0.22.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=base64&package-manager=cargo&previous-version=0.21.7&new-version=0.22.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump tokio from 1.45.1 to 1.46.0 (#18628)dependabot[bot]2025-07-021-2/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.45.1 to 1.46.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tokio/releases">tokio's releases</a>.</em></p> <blockquote> <h2>Tokio v1.46.0</h2> <h1>1.46.0 (July 2nd, 2025)</h1> <h3>Fixed</h3> <ul> <li>net: fixed <code>TcpStream::shutdown</code> incorrectly returning an error on macOS (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7290">#7290</a>)</li> </ul> <h2>Added</h2> <ul> <li>sync: <code>mpsc::OwnedPermit::{same_channel, same_channel_as_sender}</code> methods (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7389">#7389</a>)</li> <li>macros: <code>biased</code> option for <code>join!</code> and <code>try_join!</code>, similar to <code>select!</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7307">#7307</a>)</li> <li>net: support for cygwin (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7393">#7393</a>)</li> <li>net: support <code>pope::OpenOptions::read_write</code> on Android (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7426">#7426</a>)</li> <li>net: add <code>Clone</code> implementation for <code>net::unix::SocketAddr</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7422">#7422</a>)</li> </ul> <h2>Changed</h2> <ul> <li>runtime: eliminate unnecessary lfence while operating on <code>queue::Local&lt;T&gt;</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7340">#7340</a>)</li> <li>task: disallow blocking in <code>LocalSet::{poll,drop}</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7372">#7372</a>)</li> </ul> <h2>Unstable</h2> <ul> <li>runtime: add <code>TaskMeta::spawn_location</code> tracking where a task was spawned (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7417">#7417</a>)</li> <li>runtime: removed borrow from <code>LocalOptions</code> parameter to <code>runtime::Builder::build_local</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7346">#7346</a>)</li> </ul> <h2>Documented</h2> <ul> <li>io: clarify behavior of seeking when <code>start_seek</code> is not used (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7366">#7366</a>)</li> <li>io: document cancellation safety of <code>AsyncWriteExt::flush</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7364">#7364</a>)</li> <li>net: fix docs for <code>recv_buffer_size</code> method (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7336">#7336</a>)</li> <li>net: fix broken link of <code>RawFd</code> in <code>TcpSocket</code> docs (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7416">#7416</a>)</li> <li>net: update <code>AsRawFd</code> doc link to current Rust stdlib location (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7429">#7429</a>)</li> <li>readme: fix double period in reactor description (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7363">#7363</a>)</li> <li>runtime: add doc note that <code>on_*_task_poll</code> is unstable (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7311">#7311</a>)</li> <li>sync: update broadcast docs on allocation failure (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7352">#7352</a>)</li> <li>time: add a missing panic scenario of <code>time::advance</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7394">#7394</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/tokio/issues/7290">#7290</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7290">tokio-rs/tokio#7290</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7307">#7307</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7307">tokio-rs/tokio#7307</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7311">#7311</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7311">tokio-rs/tokio#7311</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7336">#7336</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7336">tokio-rs/tokio#7336</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7340">#7340</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7340">tokio-rs/tokio#7340</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7346">#7346</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7346">tokio-rs/tokio#7346</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7352">#7352</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7352">tokio-rs/tokio#7352</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7363">#7363</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7363">tokio-rs/tokio#7363</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7364">#7364</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7364">tokio-rs/tokio#7364</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7366">#7366</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7366">tokio-rs/tokio#7366</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7372">#7372</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7372">tokio-rs/tokio#7372</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7389">#7389</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7389">tokio-rs/tokio#7389</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7393">#7393</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7393">tokio-rs/tokio#7393</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tokio-rs/tokio/commit/3f1f268583a16c11560f8e310d5a35e9aa55b547"><code>3f1f268</code></a> chore: prepare Tokio v1.46.0 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7437">#7437</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/3e890cc0171ddb210acdcfec831b7c7bcbb0d2d9"><code>3e890cc</code></a> rt(unstable): add spawn <code>Location</code> to <code>TaskMeta</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7417">#7417</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/69290a64327a017fd9a0cedefaac60c4993c3b54"><code>69290a6</code></a> net: derive <code>Clone</code> for <code>net::unix::SocketAddr</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7422">#7422</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/e2b175848b2cb25e99cd3a0486e506f889379db5"><code>e2b1758</code></a> fuzz: cfg fuzz tests under cfg(test) (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7428">#7428</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/b7a75b5be349aab2cee9b224c0610d7cf4fea73e"><code>b7a75b5</code></a> net: update <code>AsRawFd</code> doc link to current Rust stdlib location (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7429">#7429</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/6b705b3053d2c777e05cb60c758202ff9d4b2e7d"><code>6b705b3</code></a> net: allow <code>pipe::OpenOptions::read_write</code> on Android (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7426">#7426</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/3636fd018ab6416fdfa3aab21e1e55966062dc3c"><code>3636fd0</code></a> net: fix broken link of <code>RawFd</code> in <code>TcpSocket</code> docs (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7416">#7416</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/2506c9fa9916a1bdffbc762f7eb2ae5c2fd23836"><code>2506c9f</code></a> benches: revert &quot;properly gate unix benches&quot; (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7412">#7412</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/b3a14483bf5efa1b5cf75af27f6ef0770f4c5689"><code>b3a1448</code></a> sync: improve docs of <code>tokio_util::sync::CancellationToken</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7408">#7408</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/013f323def73f85185e2633f1b5f8939cc841318"><code>013f323</code></a> docs: add a missing panic scenario of <code>time::advance</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7394">#7394</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tokio-rs/tokio/compare/tokio-1.45.1...tokio-1.46.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tokio&package-manager=cargo&previous-version=1.45.1&new-version=1.46.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump Swatinem/rust-cache from 2.7.8 to 2.8.0 (#18612)dependabot[bot]2025-07-024-19/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [Swatinem/rust-cache](https://github.com/swatinem/rust-cache) from 2.7.8 to 2.8.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/swatinem/rust-cache/releases">Swatinem/rust-cache's releases</a>.</em></p> <blockquote> <h2>v2.8.0</h2> <h2>What's Changed</h2> <ul> <li>Add cache-workspace-crates feature by <a href="https://github.com/jbransen"><code>@​jbransen</code></a> in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/246">Swatinem/rust-cache#246</a></li> <li>Feat: support warpbuild cache provider by <a href="https://github.com/stegaBOB"><code>@​stegaBOB</code></a> in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/247">Swatinem/rust-cache#247</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/jbransen"><code>@​jbransen</code></a> made their first contribution in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/246">Swatinem/rust-cache#246</a></li> <li><a href="https://github.com/stegaBOB"><code>@​stegaBOB</code></a> made their first contribution in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/247">Swatinem/rust-cache#247</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Swatinem/rust-cache/compare/v2.7.8...v2.8.0">https://github.com/Swatinem/rust-cache/compare/v2.7.8...v2.8.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Swatinem/rust-cache/blob/master/CHANGELOG.md">Swatinem/rust-cache's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>2.8.0</h2> <ul> <li>Add support for <code>warpbuild</code> cache provider</li> <li>Add new <code>cache-workspace-crates</code> feature</li> </ul> <h2>2.7.8</h2> <ul> <li>Include CPU arch in the cache key</li> </ul> <h2>2.7.7</h2> <ul> <li>Also cache <code>cargo install</code> metadata</li> </ul> <h2>2.7.6</h2> <ul> <li>Allow opting out of caching $CARGO_HOME/bin</li> <li>Add runner OS in cache key</li> <li>Adds an option to do lookup-only of the cache</li> </ul> <h2>2.7.5</h2> <ul> <li>Support Cargo.lock format cargo-lock v4</li> <li>Only run macOsWorkaround() on macOS</li> </ul> <h2>2.7.3</h2> <ul> <li>Work around upstream problem that causes cache saving to hang for minutes.</li> </ul> <h2>2.7.2</h2> <ul> <li>Only key by <code>Cargo.toml</code> and <code>Cargo.lock</code> files of workspace members.</li> </ul> <h2>2.7.1</h2> <ul> <li>Update toml parser to fix parsing errors.</li> </ul> <h2>2.7.0</h2> <ul> <li>Properly cache <code>trybuild</code> tests.</li> </ul> <h2>2.6.2</h2> <ul> <li>Fix <code>toml</code> parsing.</li> </ul> <h2>2.6.1</h2> <ul> <li>Fix hash contributions of <code>Cargo.lock</code>/<code>Cargo.toml</code> files.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Swatinem/rust-cache/commit/98c8021b550208e191a6a3145459bfc9fb29c4c0"><code>98c8021</code></a> 2.8.0</li> <li><a href="https://github.com/Swatinem/rust-cache/commit/14d3bc39c43eec8ca2cd08dd0805a32ee0cb3666"><code>14d3bc3</code></a> update Changelog</li> <li><a href="https://github.com/Swatinem/rust-cache/commit/52ea1434f87f7081841d430fb7b1235754488e51"><code>52ea143</code></a> support warpbuild cache provider (<a href="https://redirect.github.com/swatinem/rust-cache/issues/247">#247</a>)</li> <li><a href="https://github.com/Swatinem/rust-cache/commit/eaa85be6b1bfdc6616fd14d8916fc5aa0435e435"><code>eaa85be</code></a> Add cache-workspace-crates feature (<a href="https://redirect.github.com/swatinem/rust-cache/issues/246">#246</a>)</li> <li><a href="https://github.com/Swatinem/rust-cache/commit/901019c0f83889e6f8eaa395f97093151c05c4b0"><code>901019c</code></a> Update the test lockfiles</li> <li>See full diff in <a href="https://github.com/swatinem/rust-cache/compare/9d47c6ad4b02e050fd481d890b2ea34778fd09d6...98c8021b550208e191a6a3145459bfc9fb29c4c0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Swatinem/rust-cache&package-manager=github_actions&previous-version=2.7.8&new-version=2.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump treq from 24.9.1 to 25.5.0 (#18610)dependabot[bot]2025-07-021-7/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [treq](https://github.com/twisted/treq) from 24.9.1 to 25.5.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/twisted/treq/blob/trunk/CHANGELOG.rst">treq's changelog</a>.</em></p> <blockquote> <h1>25.5.0 (2025-05-31)</h1> <h2>Features</h2> <ul> <li>treq is packaged with Hatchling, and consequently no longer directly depends on setuptools. (<code>[#388](https://github.com/twisted/treq/issues/388) &lt;https://github.com/twisted/treq/issues/388&gt;</code>__)</li> </ul> <h2>Improved Documentation</h2> <ul> <li>Update documentation to use <code>async</code>/<code>await</code> syntax (<code>[#409](https://github.com/twisted/treq/issues/409) &lt;https://github.com/twisted/treq/issues/409&gt;</code>__)</li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>Support for Python 3.8, which has reached end of support, is deprecated. This is the last release with support for Python 3.8. (<code>[#407](https://github.com/twisted/treq/issues/407) &lt;https://github.com/twisted/treq/issues/407&gt;</code>__)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/twisted/treq/commit/6869fa5d09f306e2fa225428516f947da0b8fae7"><code>6869fa5</code></a> Merge pull request <a href="https://redirect.github.com/twisted/treq/issues/410">#410</a> from twisted/release-25.5.0</li> <li><a href="https://github.com/twisted/treq/commit/56266566cfa71fc2a92ba5c9ace90c43ac774170"><code>5626656</code></a> Test with Python 3.13 final</li> <li><a href="https://github.com/twisted/treq/commit/f10185e4da4b404fa7592a7d948b6d573a9819da"><code>f10185e</code></a> Generate the changelog</li> <li><a href="https://github.com/twisted/treq/commit/4b846664f18261a666ad1bd6de4b59dd67db1fc5"><code>4b84666</code></a> Version 25.5.0</li> <li><a href="https://github.com/twisted/treq/commit/72a4441f599ac93c6a6a78a398366c103db6fb05"><code>72a4441</code></a> Merge pull request <a href="https://redirect.github.com/twisted/treq/issues/409">#409</a> from twisted/rtd-shiny</li> <li><a href="https://github.com/twisted/treq/commit/0a814edd8a6927e1c5288500ac98ee457cb53a9e"><code>0a814ed</code></a> Add changefragment</li> <li><a href="https://github.com/twisted/treq/commit/993cc47df5ae415dcb361f1215d9c50c31be6983"><code>993cc47</code></a> Fix changelog warnings</li> <li><a href="https://github.com/twisted/treq/commit/3992177456df67811d0960160ce0c343d1969926"><code>3992177</code></a> Link to CookieJar</li> <li><a href="https://github.com/twisted/treq/commit/cff43d93b6fbb6ce68f7721938906573b6ba55ad"><code>cff43d9</code></a> Update source_suffix conf</li> <li><a href="https://github.com/twisted/treq/commit/e39c8511b12c0cf809c6bc3e22f031597ad27067"><code>e39c851</code></a> async def print_response</li> <li>Additional commits viewable in <a href="https://github.com/twisted/treq/compare/treq-24.9.1...treq-25.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=treq&package-manager=pip&previous-version=24.9.1&new-version=25.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump prometheus-client from 0.21.0 to 0.22.1 (#18609)dependabot[bot]2025-07-021-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [prometheus-client](https://github.com/prometheus/client_python) from 0.21.0 to 0.22.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/prometheus/client_python/releases">prometheus-client's releases</a>.</em></p> <blockquote> <h2>v0.22.1</h2> <h2>What's Changed</h2> <ul> <li>BugFix: Skip validating and parsing comment lines early (<a href="https://redirect.github.com/prometheus/client_python/issues/1108">#1108</a>) by <a href="https://github.com/wissamir"><code>@​wissamir</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1109">prometheus/client_python#1109</a></li> <li>Use License Expressions in pyproject.toml by <a href="https://github.com/csmarchbanks"><code>@​csmarchbanks</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1111">prometheus/client_python#1111</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/prometheus/client_python/compare/v0.22.0...v0.22.1">https://github.com/prometheus/client_python/compare/v0.22.0...v0.22.1</a></p> <h2>v0.22.0</h2> <h2>What's Changed</h2> <ul> <li>Add support for native histograms in OM parser by <a href="https://github.com/vesari"><code>@​vesari</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1040">prometheus/client_python#1040</a></li> <li>Add exemplar support to CounterMetricFamily [Fix <a href="https://redirect.github.com/prometheus/client_python/issues/1062">#1062</a>] by <a href="https://github.com/lod"><code>@​lod</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1063">prometheus/client_python#1063</a></li> <li>Fix <code>write_to_textfile</code> leaves back temp files on errors by <a href="https://github.com/ethanschen"><code>@​ethanschen</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1066">prometheus/client_python#1066</a></li> <li>Support UTF-8 in metric creation, parsing, and exposition by <a href="https://github.com/ywwg"><code>@​ywwg</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1070">prometheus/client_python#1070</a></li> <li>Fix incorrect use of reentrant locks by <a href="https://github.com/suligap"><code>@​suligap</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1076">prometheus/client_python#1076</a></li> <li>Remove Python 3.8 support by <a href="https://github.com/kajinamit"><code>@​kajinamit</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1075">prometheus/client_python#1075</a></li> <li>Check if labelvalues is in _metrics before deletion in MetricWrapperBase.remove() by <a href="https://github.com/GlorifiedPig"><code>@​GlorifiedPig</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1077">prometheus/client_python#1077</a></li> <li>Add support for Python 3.13 by <a href="https://github.com/Pliner"><code>@​Pliner</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1080">prometheus/client_python#1080</a></li> <li>Correct nh sample span structure and parsing by <a href="https://github.com/vesari"><code>@​vesari</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1082">prometheus/client_python#1082</a></li> <li>Migrate from setup.py to pyproject.toml by <a href="https://github.com/csmarchbanks"><code>@​csmarchbanks</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1084">prometheus/client_python#1084</a></li> <li>Changed pushgateway.md by <a href="https://github.com/mallika-mur"><code>@​mallika-mur</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1083">prometheus/client_python#1083</a></li> <li>Fix order-dependent flaky tests related to UTF-8 support by <a href="https://github.com/dg98"><code>@​dg98</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1093">prometheus/client_python#1093</a></li> <li>Update versions for docs Github actions by <a href="https://github.com/csmarchbanks"><code>@​csmarchbanks</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1096">prometheus/client_python#1096</a></li> <li>Documentation Updates by <a href="https://github.com/ethanschen"><code>@​ethanschen</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1097">prometheus/client_python#1097</a></li> <li>Add note on gauge.set_function not working with multiprocessing by <a href="https://github.com/aapeliv"><code>@​aapeliv</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1098">prometheus/client_python#1098</a></li> <li>Don't send an empty HTTP header for /favicon.ico by <a href="https://github.com/noselasd"><code>@​noselasd</code></a> in <a href="https://redirect.github.com/prometheus/client_python/pull/1101">prometheus/client_python#1101</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/prometheus/client_python/compare/v0.21.0...v0.22.0">https://github.com/prometheus/client_python/compare/v0.21.0...v0.22.0</a></p> <h2>0.21.1 / 2024-12-03</h2> <h2>What's Changed</h2> <p>[BUGFIX] Revert incorrect use of reentrant locks. <a href="https://redirect.github.com/prometheus/client_python/issues/1076">#1076</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/prometheus/client_python/commit/d24220a6c477eef2dfeb12a312e0da66539095e1"><code>d24220a</code></a> Release 0.22.1</li> <li><a href="https://github.com/prometheus/client_python/commit/f294cbbf1dd24ae8936808923d30fafe0a7e519b"><code>f294cbb</code></a> Use License Expressions in pyproject.toml (<a href="https://redirect.github.com/prometheus/client_python/issues/1111">#1111</a>)</li> <li><a href="https://github.com/prometheus/client_python/commit/938b73e0bc2851d30246d572d5cefecf57b02041"><code>938b73e</code></a> BugFix: Skip validating and parsing comment lines early (<a href="https://redirect.github.com/prometheus/client_python/issues/1108">#1108</a>) (<a href="https://redirect.github.com/prometheus/client_python/issues/1109">#1109</a>)</li> <li><a href="https://github.com/prometheus/client_python/commit/8dfa10e5ff5cedd15300f7a13387d646c3010314"><code>8dfa10e</code></a> Release 0.22.0</li> <li><a href="https://github.com/prometheus/client_python/commit/e3902ea45b4bfbaf6ff1d10c3889107e6c8f51fc"><code>e3902ea</code></a> Don't send an empty HTTP header. (<a href="https://redirect.github.com/prometheus/client_python/issues/1101">#1101</a>)</li> <li><a href="https://github.com/prometheus/client_python/commit/23ab8264ceb7b094c65d30c35ff19491e6d38cd9"><code>23ab826</code></a> Add note on gauge.set_function not working with mp, see <a href="https://redirect.github.com/prometheus/client_python/issues/504">#504</a> (<a href="https://redirect.github.com/prometheus/client_python/issues/1098">#1098</a>)</li> <li><a href="https://github.com/prometheus/client_python/commit/c1ff3b28d32ff78a1a6ec0ddd8f81b70ca365b3f"><code>c1ff3b2</code></a> Update docs (<a href="https://redirect.github.com/prometheus/client_python/issues/1097">#1097</a>)</li> <li><a href="https://github.com/prometheus/client_python/commit/e3bfa1f10195b6959c5f49503762d07a47e1654c"><code>e3bfa1f</code></a> Update versions for docs Github actions (<a href="https://redirect.github.com/prometheus/client_python/issues/1096">#1096</a>)</li> <li><a href="https://github.com/prometheus/client_python/commit/de8bb4adf7ebbb73eb50ed4ae9e941ed2f961d0f"><code>de8bb4a</code></a> Fix order-dependent flaky tests related to UTF-8 support (<a href="https://redirect.github.com/prometheus/client_python/issues/1093">#1093</a>)</li> <li><a href="https://github.com/prometheus/client_python/commit/46eae7bae88f76951f7246d9f359f2dd5eeff110"><code>46eae7b</code></a> Changed pushgateway.md (<a href="https://redirect.github.com/prometheus/client_python/issues/1083">#1083</a>)</li> <li>Additional commits viewable in <a href="https://github.com/prometheus/client_python/compare/v0.21.0...v0.22.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=prometheus-client&package-manager=pip&previous-version=0.21.0&new-version=0.22.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump pillow from 11.2.1 to 11.3.0 (#18624)dependabot[bot]2025-07-021-84/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [pillow](https://github.com/python-pillow/Pillow) from 11.2.1 to 11.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow's releases</a>.</em></p> <blockquote> <h2>11.3.0</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/11.3.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/11.3.0.html</a></p> <h2>Deprecations</h2> <ul> <li>Deprecate fromarray mode argument <a href="https://redirect.github.com/python-pillow/Pillow/issues/9018">#9018</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Deprecate saving I mode images as PNG <a href="https://redirect.github.com/python-pillow/Pillow/issues/9023">#9023</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> </ul> <h2>Documentation</h2> <ul> <li>Added release notes for <a href="https://redirect.github.com/python-pillow/Pillow/issues/9041">#9041</a> <a href="https://redirect.github.com/python-pillow/Pillow/issues/9042">#9042</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Add release notes for <a href="https://redirect.github.com/python-pillow/Pillow/issues/8912">#8912</a> and <a href="https://redirect.github.com/python-pillow/Pillow/issues/8969">#8969</a> <a href="https://redirect.github.com/python-pillow/Pillow/issues/9019">#9019</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>ImageFont does not handle multiline text <a href="https://redirect.github.com/python-pillow/Pillow/issues/9000">#9000</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Updated Ubuntu CI targets <a href="https://redirect.github.com/python-pillow/Pillow/issues/8988">#8988</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Update MinGW package names <a href="https://redirect.github.com/python-pillow/Pillow/issues/8987">#8987</a> [<a href="https://github.com/H4M5TER"><code>@​H4M5TER</code></a>]</li> <li>Updated docstring <a href="https://redirect.github.com/python-pillow/Pillow/issues/8943">#8943</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Mention that tobytes() with the raw encoder uses Pack.c <a href="https://redirect.github.com/python-pillow/Pillow/issues/8878">#8878</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Refactor docs <code>Makefile</code> <a href="https://redirect.github.com/python-pillow/Pillow/issues/8933">#8933</a> [<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li> <li>Add template for quarterly release issue <a href="https://redirect.github.com/python-pillow/Pillow/issues/8932">#8932</a> [<a href="https://github.com/aclark4life"><code>@​aclark4life</code></a>]</li> <li>Add list of third party plugins <a href="https://redirect.github.com/python-pillow/Pillow/issues/8910">#8910</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Update redirected URL <a href="https://redirect.github.com/python-pillow/Pillow/issues/8919">#8919</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Docs: use sentence case for headers <a href="https://redirect.github.com/python-pillow/Pillow/issues/8914">#8914</a> [<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li> <li>Docs: remove unused Makefile targets <a href="https://redirect.github.com/python-pillow/Pillow/issues/8917">#8917</a> [<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li> <li>Remove indentation from lists <a href="https://redirect.github.com/python-pillow/Pillow/issues/8915">#8915</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Python 3.13 is tested on Arch <a href="https://redirect.github.com/python-pillow/Pillow/issues/8894">#8894</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Move XV Thumbnails to read only section <a href="https://redirect.github.com/python-pillow/Pillow/issues/8893">#8893</a> [<a href="https://github.com/aclark4life"><code>@​aclark4life</code></a>]</li> <li>Updated macOS tested Pillow versions <a href="https://redirect.github.com/python-pillow/Pillow/issues/8890">#8890</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> </ul> <h2>Dependencies</h2> <ul> <li>Add AVIF to wheels using only aomenc and dav1d AVIF codecs for reduced size <a href="https://redirect.github.com/python-pillow/Pillow/issues/8858">#8858</a> [<a href="https://github.com/fdintino"><code>@​fdintino</code></a>]</li> <li>Use same AVIF URL when fetching dependency <a href="https://redirect.github.com/python-pillow/Pillow/issues/8871">#8871</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Update dependency mypy to v1.16.1 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9026">#9026</a> [@<a href="https://github.com/apps/renovate">renovate[bot]</a>]</li> <li>Update libpng to 1.6.49 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9014">#9014</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Update dependency cibuildwheel to v3 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9010">#9010</a> [@<a href="https://github.com/apps/renovate">renovate[bot]</a>]</li> <li>Updated libjpeg-turbo to 3.1.1 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9009">#9009</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Update dependency mypy to v1.16.0 <a href="https://redirect.github.com/python-pillow/Pillow/issues/8991">#8991</a> [@<a href="https://github.com/apps/renovate">renovate[bot]</a>]</li> <li>Updated libpng to 1.6.48 <a href="https://redirect.github.com/python-pillow/Pillow/issues/8940">#8940</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Updated Ghostscript to 10.5.1 <a href="https://redirect.github.com/python-pillow/Pillow/issues/8939">#8939</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Updated harfbuzz to 11.2.1 <a href="https://redirect.github.com/python-pillow/Pillow/issues/8937">#8937</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Updated libavif to 1.3.0 <a href="https://redirect.github.com/python-pillow/Pillow/issues/8949">#8949</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Update dependency cibuildwheel to v2.23.3 <a href="https://redirect.github.com/python-pillow/Pillow/issues/8931">#8931</a> [@<a href="https://github.com/apps/renovate">renovate[bot]</a>]</li> <li>Updated harfbuzz to 11.1.0 <a href="https://redirect.github.com/python-pillow/Pillow/issues/8904">#8904</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> </ul> <h2>Testing</h2> <ul> <li>Add <code>match</code> parameter to <code>pytest.warns()</code> <a href="https://redirect.github.com/python-pillow/Pillow/issues/9038">#9038</a> [<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li> <li>Increase pytest verbosity <a href="https://redirect.github.com/python-pillow/Pillow/issues/9040">#9040</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Improve SgiImagePlugin test coverage <a href="https://redirect.github.com/python-pillow/Pillow/issues/8896">#8896</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Update ruff pre-commit ID <a href="https://redirect.github.com/python-pillow/Pillow/issues/8994">#8994</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-pillow/Pillow/commit/89f1f4626a2aaf5f3d5ca6437f41def2998fbe09"><code>89f1f46</code></a> 11.3.0 version bump</li> <li><a href="https://github.com/python-pillow/Pillow/commit/f2de251c769ed76acfe94b54cc87c2aee77bdadf"><code>f2de251</code></a> Updated check script paths (<a href="https://redirect.github.com/python-pillow/Pillow/issues/9052">#9052</a>)</li> <li><a href="https://github.com/python-pillow/Pillow/commit/84855d11c8fd790d89507ac1c51a5e393178477a"><code>84855d1</code></a> Raise FileNotFoundError when opening an empty path (<a href="https://redirect.github.com/python-pillow/Pillow/issues/9048">#9048</a>)</li> <li><a href="https://github.com/python-pillow/Pillow/commit/204d11d4da15879946c1120c43e6f75b2a338d5b"><code>204d11d</code></a> Raise FileNotFoundError when opening an empty path</li> <li><a href="https://github.com/python-pillow/Pillow/commit/2b39f7581e9637a7262c070d5cebb12fa70f2c86"><code>2b39f75</code></a> Handle IPTC TIFF tags with incorrect type (<a href="https://redirect.github.com/python-pillow/Pillow/issues/8925">#8925</a>)</li> <li><a href="https://github.com/python-pillow/Pillow/commit/e7a53ba19b477cc30d35ef9e7aab4b79e5bba172"><code>e7a53ba</code></a> Do not update palette for L mode GIF frame (<a href="https://redirect.github.com/python-pillow/Pillow/issues/8924">#8924</a>)</li> <li><a href="https://github.com/python-pillow/Pillow/commit/c22230b761254f3abf4af774d02b18b4b5eb6c71"><code>c22230b</code></a> Use save parameters as encoderinfo defaults (<a href="https://redirect.github.com/python-pillow/Pillow/issues/9001">#9001</a>)</li> <li><a href="https://github.com/python-pillow/Pillow/commit/da10ed1cf3c4123a98a2f765d3beaf830d47d113"><code>da10ed1</code></a> Add support for iOS (<a href="https://redirect.github.com/python-pillow/Pillow/issues/9030">#9030</a>)</li> <li><a href="https://github.com/python-pillow/Pillow/commit/be2b4e78644fdc85e63f08a22514e4d32072439f"><code>be2b4e7</code></a> Fix qtables and quality scaling (<a href="https://redirect.github.com/python-pillow/Pillow/issues/8879">#8879</a>)</li> <li><a href="https://github.com/python-pillow/Pillow/commit/d4162f85056223098fef0ba3f87e58519ba2955f"><code>d4162f8</code></a> Updated return type</li> <li>Additional commits viewable in <a href="https://github.com/python-pillow/Pillow/compare/11.2.1...11.3.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pillow&package-manager=pip&previous-version=11.2.1&new-version=11.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/element-hq/synapse/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump types-jsonschema from 4.23.0.20250516 to 4.24.0.20250528 (#18611)dependabot[bot]2025-07-021-27/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [types-jsonschema](https://github.com/typeshed-internal/stub_uploader) from 4.23.0.20250516 to 4.24.0.20250528. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-jsonschema&package-manager=pip&previous-version=4.23.0.20250516&new-version=4.24.0.20250528)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump sigstore/cosign-installer from 3.9.0 to 3.9.1 (#18608)dependabot[bot]2025-07-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.9.0 to 3.9.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v3.9.1</h2> <h2>What's Changed</h2> <ul> <li>default action install to use release v2.5.1 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/193">sigstore/cosign-installer#193</a></li> <li>default cosign to v2.5.2 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/194">sigstore/cosign-installer#194</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v3.9.0...v3.9.1">https://github.com/sigstore/cosign-installer/compare/v3.9.0...v3.9.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign-installer/commit/398d4b0eeef1380460a10c8013a76f728fb906ac"><code>398d4b0</code></a> default cosign to v2.5.2 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/194">#194</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/84f54a2bcd1ecf70e51a05388183dce4e1487230"><code>84f54a2</code></a> default action install to use release v2.5.1 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/193">#193</a>)</li> <li>See full diff in <a href="https://github.com/sigstore/cosign-installer/compare/fb28c2b6339dcd94da6e4cbcbc5e888961f6f8c3...398d4b0eeef1380460a10c8013a76f728fb906ac">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=3.9.0&new-version=3.9.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump stefanzweifel/git-auto-commit-action from 5.2.0 to 6.0.1 (#18607)dependabot[bot]2025-07-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 5.2.0 to 6.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's releases</a>.</em></p> <blockquote> <h2>v6.0.1</h2> <h2>Fixed</h2> <ul> <li>Disable Check if Repo is in Detached State (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/379">#379</a>) <a href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li> </ul> <h2>v6.0.0</h2> <h2>Added</h2> <ul> <li>Throw error early if repository is in a detached state (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/357">#357</a>)</li> </ul> <h2>Fixed</h2> <ul> <li>Fix PAT instructions with Dependabot (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/376">#376</a>) <a href="https://github.com/@Dreamsorcerer"><code>@​Dreamsorcerer</code></a></li> </ul> <h2>Removed</h2> <ul> <li>Remove support for <code>create_branch</code>, <code>skip_checkout</code>, <code>skip_Fetch</code> (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/314">#314</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a> and this project adheres to <a href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v6.0.1...HEAD">Unreleased</a></h2> <blockquote> <p>TBD</p> </blockquote> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v6.0.0...v6.0.1">v6.0.1</a> - 2025-06-11</h2> <h3>Fixed</h3> <ul> <li>Disable Check if Repo is in Detached State (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/379">#379</a>) <a href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.2.0...v6.0.0">v6.0.0</a> - 2025-06-10</h2> <h3>Added</h3> <ul> <li>Throw error early if repository is in a detached state (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/357">#357</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Fix PAT instructions with Dependabot (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/376">#376</a>) <a href="https://github.com/@Dreamsorcerer"><code>@​Dreamsorcerer</code></a></li> </ul> <h3>Removed</h3> <ul> <li>Remove support for <code>create_branch</code>, <code>skip_checkout</code>, <code>skip_Fetch</code> (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/314">#314</a>)</li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.1.0...v5.2.0">v5.2.0</a> - 2025-04-19</h2> <h3>Added</h3> <ul> <li>Add <code>create_git_tag_only</code> option to skip commiting and always create a git-tag. (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/364">#364</a>) <a href="https://github.com/@zMynxx"><code>@​zMynxx</code></a></li> <li>Add Test for <code>create_git_tag_only</code> feature (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/367">#367</a>) <a href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li> </ul> <h3>Fixed</h3> <ul> <li>docs: Update README.md per <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/354">#354</a> (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/361">#361</a>) <a href="https://github.com/@rasa"><code>@​rasa</code></a></li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.0.1...v5.1.0">v5.1.0</a> - 2025-01-11</h2> <h3>Changed</h3> <ul> <li>Include <code>github.actor_id</code> in default <code>commit_author</code> (<a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/354">#354</a>) <a href="https://github.com/@parkerbxyz"><code>@​parkerbxyz</code></a></li> </ul> <h3>Fixed</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/778341af668090896ca464160c2def5d1d1a3eb0"><code>778341a</code></a> Merge pull request <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/379">#379</a> from stefanzweifel/disable-detached-state-check</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/33b203d92a47ab2370a88ce03d9825cdb52cc98c"><code>33b203d</code></a> Disable Check if Repo is in Detached State</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/a82d80a75f85e7feb8d2777704c545af1c7affd9"><code>a82d80a</code></a> Update CHANGELOG</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/3cc016cfc892e0844046da36fc68da4e525e081f"><code>3cc016c</code></a> Merge pull request <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/375">#375</a> from stefanzweifel/v6-next</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/ddb7ae415961225797e0234a7018a30ba1e66bb3"><code>ddb7ae4</code></a> Merge pull request <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/376">#376</a> from Dreamsorcerer/patch-1</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/b001e5f0ff05d7297c0101f4b44e861799e417dd"><code>b001e5f</code></a> Apply suggestions from code review</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/6494dc61d3e663a9f5166a099d9736ceefc5a3aa"><code>6494dc6</code></a> Fix PAT instructions with Dependabot</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/76180511d9f2354bb712ec6338ce79d4f2061bfe"><code>7618051</code></a> Add deprecated inputs to fix unbound variable issue</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/ae114628ea78fd141aa4fa7730f70c984b29c391"><code>ae11462</code></a> Merge pull request <a href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/371">#371</a> from stefanzweifel/dependabot/npm_and_yarn/bats-1.12.0</li> <li><a href="https://github.com/stefanzweifel/git-auto-commit-action/commit/3058f91afb4f03b73d38f33c35023fb22cf546b8"><code>3058f91</code></a> Bump bats from 1.11.1 to 1.12.0</li> <li>Additional commits viewable in <a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/b863ae1933cb653a53c021fe36dbb774e1fb9403...778341af668090896ca464160c2def5d1d1a3eb0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=5.2.0&new-version=6.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Forbid locked users from using `POST /login` (#18594)Andrew Ferrazzutti2025-07-025-12/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Discussed in the [Synapse Dev room](https://matrix.to/#/!vcyiEtMVHIhWXcJAfl:sw1v.org/$K4UojQtvaSpxSe35TWFXtKWGoAuHwHFcKo8qn2lwxSs?via=matrix.org&via=element.io&via=envs.net) ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
* Raise poetry-core version cap to 2.1.3 (#18575)V024602025-07-022-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Request to raise the defensive version cap for poetry-core from 1.9.1 to 2.1.3. My understanding is that the major version bump of poetry signals the transition to standardized pyproject.toml metadata, but does not affect backwards compatibility. This is a subset of the changes in #18432 Fixes #18200 ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
* Log the room ID we're purging state for (#18625)Erik Johnston2025-07-022-0/+8
| | | So we can see what we're deleting.
* Fix documentation of the Delete Room Admin API's status field. (#18519)reivilibre2025-07-012-4/+5
| | | | | | | Fixes: #18502 --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
* Merge branch 'master' into developQuentin Gliech2025-07-014-3/+27
|\
| * Add a note in the changelog about the manylinux wheelsQuentin Gliech2025-07-011-0/+9
| |
| * 1.133.0Quentin Gliech2025-07-014-2/+16
| |
| * Bump cibuildwheel to 3.0.0 to fix the building of wheels (#18615)Quentin Gliech2025-07-012-2/+3
| | | | | | | | | | | | | | | | | | | | Fixes https://github.com/element-hq/synapse/issues/18614 This upgrade CIBW to 3.0, which now builds using the manylinux_2_28 image, as the previous image is EOL and not supported by some of our dependencies anymore. This also updates the job to use the `ubuntu-24.04` base image instead of `ubuntu-22.04`
* | Stop sending or processing the `origin` field in PDUs (#18418)Andrew Morgan2025-07-0111-32/+18
| | | | | | | | | | Co-authored-by: Quentin Gliech <quenting@element.io> Co-authored-by: Eric Eastwood <erice@element.io>
* | Add `via` param to hierarchy enpoint (#18070)Krishan2025-06-305-3/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ### Pull Request Checklist Implementation of [MSC4235](https://github.com/matrix-org/matrix-spec-proposals/pull/4235) as per suggestion in [pull request 17750](https://github.com/element-hq/synapse/pull/17750#issuecomment-2411248598). <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Quentin Gliech <quenting@element.io>
* | Speed up device deletion (#18602)Erik Johnston2025-06-307-84/+225
| | | | | | | | | | | | | | | | | | This is to handle the case of deleting lots of "bot" devices at once. Reviewable commit-by-commit --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* | Skip processing policy server events through policy server (#18605)Travis Ralston2025-06-302-0/+4
| | | | | | | | Co-authored-by: Andrew Morgan <andrew@amorgan.xyz>
* | Improve performance of device deletion by adding missing index. (#18582)reivilibre2025-06-303-0/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <ol> <li> Reorder columns in `event_txn_id_device_id_txn_id` index \ This now satisfies the foreign key on `(user_id, device_id)` making reverse lookups, as needed for device deletions, more efficient. This improves device deletion performance by on the order of 8 to 10× on matrix.org. </li> </ol> Rationale: ## On the `event_txn_id_device_id` table: We currently have this index: ```sql -- This ensures that there is only one mapping per (room_id, user_id, device_id, txn_id) tuple. CREATE UNIQUE INDEX IF NOT EXISTS event_txn_id_device_id_txn_id ON event_txn_id_device_id(room_id, user_id, device_id, txn_id); ``` The main way we use this table is ```python return await self.db_pool.simple_select_one_onecol( table="event_txn_id_device_id", keyvalues={ "room_id": room_id, "user_id": user_id, "device_id": device_id, "txn_id": txn_id, }, retcol="event_id", allow_none=True, desc="get_event_id_from_transaction_id_and_device_id", ) ``` But this foreign key is relatively unsupported, making deletions in the devices table inefficient (full index scan on the above index): ```sql FOREIGN KEY (user_id, device_id) REFERENCES devices (user_id, device_id) ON DELETE CASCADE ``` I propose re-ordering the columns in that index to: `(user_id, device_id, room_id, txn_id)` (by replacing it). That way the foreign key back-check can rely on the prefix of this index, but it's still useful for the original purpose it was made for. It doesn't take any extra disk space and does not harm write performance (because the same amount of writing work needs to be performed). --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
* | Improve docstring on `simple_upsert_many`. (#18573)reivilibre2025-06-302-4/+43
| | | | | | | | | | | | | | | | | | It came up that this was somewhat confusing and an example might help. So here's an example :) --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
* | Add `forget_forced_upon_leave` capability as per MSC4267 (#18196)Johannes Marbach2025-06-275-1/+50
| | | | | | | | | | | | | | This adds the capability from https://github.com/matrix-org/matrix-spec-proposals/pull/4267 under an experimental feature. Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
* | Fix backwards compat for `DirectServeJsonResource` (#18600)Erik Johnston2025-06-2619-29/+56
| | | | | | | | | | As that appears in the module API. Broke in #18595.
* | Add `federated_user_may_invite` spam checker callback (#18241)Tulir Asokan2025-06-265-2/+99
| | | | | | | | | | Co-authored-by: Sebastian Spaeth <Sebastian@SSpaeth.de> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* | Bump base64 from 0.21.7 to 0.22.1 (#18589)dependabot[bot]2025-06-251-10/+4
| | | | | | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* | Bump docker/build-push-action from 6.17.0 to 6.18.0 (#18497)dependabot[bot]2025-06-251-1/+1
| | | | | | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* | Bump pyasn1-modules from 0.4.1 to 0.4.2 (#18495)dependabot[bot]2025-06-251-4/+4
| | | | | | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* | Bump urllib3 from 2.2.2 to 2.5.0 (#18572)dependabot[bot]2025-06-251-4/+4
| |
* | Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 (#18588)dependabot[bot]2025-06-251-1/+1
| |
* | Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 (#18587)dependabot[bot]2025-06-252-2/+2
| |
* | Bump reqwest from 0.12.15 to 0.12.20 (#18590)dependabot[bot]2025-06-251-129/+49
| |
* | Lift pausing on ratelimited requests to http layer (#18595)Erik Johnston2025-06-2521-34/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a request gets ratelimited we (optionally) wait ~500ms before returning to mitigate clients that like to tightloop on request failures. However, this is currently implemented by pausing request processing when we check for ratelimits, which might be deep within request processing, and e.g. while locks are held. Instead, let's hoist the pause to the very top of the HTTP handler. Hopefully, this mitigates the issue where a user sending lots of events to a single room can see their requests time out due to the combination of the linearizer and the pausing of the request. Instead, they should see the requests 429 after ~500ms. The first commit is a refactor to pass the `Clock` to `AsyncResource`, the second commit is the behavioural change.
* | Fix registering of background updates for split main/state db (#18509)Patrick Cloke2025-06-255-32/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The background updates are being registered on an object that is for the _state_ database, but the actual tables are on the _main_ database. This just moves them to a different store that can access the right stuff. I noticed this when trying to do a full schema dump cause I was curious what has changed since the last one. Fixes #16054 ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
* | Bump types-opentracing from 2.4.10.6 to 2.4.10.20250622 (#18586)dependabot[bot]2025-06-241-4/+4
|/ | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* 1.133.0rc1Andrew Morgan2025-06-2420-18/+47
|
* Unbreak unit tests with Twisted `25.5.0` by add `parsePOSTFormSubmission` ↵Andrew Morgan2025-06-2410-78/+110
| | | | | | arg to `FakeSite` (#18577) Co-authored-by: anoa's Codex Agent <codex@amorgan.xyz>
* Update PyO3 to version 0.25 (#18578)V024602025-06-233-16/+16
| | | | | | Updates `pyo3` to version 0.25.1 and, accordingly, `pyo3-log` to v0.12.4 and `pythonize` to v0.25.0. PyO3 v0.25 enables Python 3.14 support.
* Add report user API from MSC4260 (#18120)Travis Ralston2025-06-2010-0/+335
| | | | | Co-authored-by: turt2live <1190097+turt2live@users.noreply.github.com> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Fixup generated config documentation (#18568)Erik Johnston2025-06-182-1/+2
| | | Somehow its got out of sync, picked up by CI on develop.
* Clean up old `device_federation_inbox` rows (#18546)Erik Johnston2025-06-185-1/+250
| | | Fixes https://github.com/element-hq/synapse/issues/17370
* Merge branch 'master' into developErik Johnston2025-06-174-2/+16
|\
| * 1.132.0Erik Johnston2025-06-174-2/+16
| |
* | Bump dawidd6/action-download-artifact from 9 to 11 (#18556)dependabot[bot]2025-06-171-1/+1
| | | | | | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* | Bump types-requests from 2.32.0.20250328 to 2.32.4.20250611 (#18558)dependabot[bot]2025-06-171-3/+3
| | | | | | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* | Bump actions/setup-python from 5.5.0 to 5.6.0 (#18555)dependabot[bot]2025-06-171-2/+2
| | | | | | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* | Fix Cargo.lock after bad merge (#18561)Erik Johnston2025-06-172-3/+4
| | | | | | Broke in #18357
* | Always run schema workflow on develop (#18551)Erik Johnston2025-06-172-0/+4
| | | | | | | | ... and release branches, so that we catch any problems that slip trough PR review.
* | Speed up MAS token introspection (#18357)Erik Johnston2025-06-1611-293/+1820
| | | | | | | | | | | | | | | | | | | | We do this by shoving it into Rust. We believe our python http client is a bit slow. Also bumps minimum rust version to 1.81.0, released last September (over six months ago) To allow for async Rust, includes some adapters between Tokio in Rust and the Twisted reactor in Python.
* | Bump base64 from 0.21.7 to 0.22.1 (#18559)dependabot[bot]2025-06-161-8/+2
| | | | | | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* | bugfix: assert we always pass the create event to get_user_power_level (#18545)Kegan Dougal2025-06-136-31/+66
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The create event is required if there is no PL event, in which case the creator gets PL100. ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* | bugfix: calculate the PL for non-creators correctly in v11 rooms (#18547)Kegan Dougal2025-06-133-18/+41
| | | | | | | | Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* | Fix typo of Math.pow, `^` -> `**` (#18543)Andrew Morgan2025-06-134-5/+25
| |
* | Bump requests from 2.32.2 to 2.32.4 (#18533)dependabot[bot]2025-06-131-4/+4
| |
* | Fix bug where sliding sync ignored `room_id_to_include` option (#18535)Erik Johnston2025-06-135-40/+336
| | | | | | | | | | | | | | | | This was correctly handled for the "fallback" case where the background updates hadn't finished --------- Co-authored-by: Eric Eastwood <erice@element.io>
* | Enable `flake8-logging` and `flake8-logging-format` rules in Ruff and fix ↵Quentin Gliech2025-06-1352-122/+164
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | related issues throughout the codebase (#18542) This can be reviewed commit by commit. This enables the `flake8-logging` and `flake8-logging-format` rules in Ruff, as well as logging exception stack traces in a few places where it makes sense - https://docs.astral.sh/ruff/rules/#flake8-logging-log - https://docs.astral.sh/ruff/rules/#flake8-logging-format-g ### Linting to avoid pre-formatting log messages See [`adamchainz/flake8-logging` -> *LOG011 avoid pre-formatting log messages*](https://github.com/adamchainz/flake8-logging/blob/152db2f167355fb23e401bf68046c57cb128a2ae/README.rst#log011-avoid-pre-formatting-log-messages) Practically, this means prefer placeholders (`%s`) over f-strings for logging. This is because placeholders are passed as args to loggers, so they can do special handling of them. For example, Sentry will record the args separately in their logging integration: https://github.com/getsentry/sentry-python/blob/c15b390dfe1ca5c01b30dd56b35d693bb50b413c/sentry_sdk/integrations/logging.py#L280-L284 One theoretical small perf benefit is that log levels that aren't enabled won't get formatted, so it doesn't unnecessarily create formatted strings
* | Log user deactivations (#18541)Will Hunt2025-06-122-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | One liner to give us more clarity when auditing deactivations of user accounts. ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [ ] Pull request is based on the develop branch * [ ] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [ ] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
* | bugfix: ensure _get_power_level_for_sender works when there is no PL event ↵Kegan Dougal2025-06-103-1/+132
| | | | | | | | (#18534)
* | Bump headers from 0.4.0 to 0.4.1 (#18529)dependabot[bot]2025-06-101-4/+10
| | | | | | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* | Merge branch 'release-v1.132' into developAndrew Morgan2025-06-1022-20/+43
|\|
| * Add config doc generation command to lint.sh and add missing config schema. ↵reivilibre2025-06-104-9/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#18522) Follows: #17892, #18456 <ol> <li> Add config doc generation command to lint.sh </li> <li> Add missing `user_types` config schema </li> </ol> --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
| * 1.132.0rc1Andrew Morgan2025-06-1022-20/+43
| |
* | Config schema documentation CI: fix not failing when it should (#18528)reivilibre2025-06-102-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Follows: #17892 <!-- --> <ol> <li> Config documentation CI: fix not failing if changes are outstanding </li> </ol> Shown to work at : https://github.com/element-hq/synapse/actions/runs/15532406886/job/43724019104?pr=18528 --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
* | Add config doc generation command to lint.sh and add missing config schema. ↵reivilibre2025-06-104-9/+32
|/ | | | | | | | | | | | | | | | | | | | | | (#18522) Follows: #17892, #18456 <ol> <li> Add config doc generation command to lint.sh </li> <li> Add missing `user_types` config schema </li> </ol> --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
* Mark new module APIs as experimental (#18536)Andrew Morgan2025-06-104-0/+21
|
* Default to `public` join rule in remote summary (#18493)nexy75742025-06-092-1/+2
| | | See: https://github.com/element-hq/synapse/issues/18358#issuecomment-2866119550
* Migrate to assertEqual (#18488)Emmanuel Ferdman2025-06-061-6/+6
| | | | | | | | | This small PR migrates from `unittest.assertEquals` to `unittest.assertEqual` which is deprecated from Python2.7: ```python DeprecationWarning: Please use assertEqual instead. ``` Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
* Don't allow users to ignore themselves. (#18508)Will Hunt2025-06-063-0/+20
| | | | | | | | | | | Fixes the self-ignore issues we've being seeing of reports of by ignoring bad requests from clients. Fixes https://github.com/element-hq/synapse/issues/11963 Fix https://github.com/element-hq/element-web/issues/29969 although this should also be fixed on the client to avoid confusing errors popping up while rejecting invites. Related to https://github.com/matrix-org/matrix-rust-sdk/issues/5073
* Recover an appservice if a successful ping occurs. (#18521)Will Hunt2025-06-064-4/+77
| | | | | | | | | | | | | | Fixes https://github.com/element-hq/synapse/issues/14240 This scratches an itch that i've had for years. We regularly run into the issue where (especially in development) appservices can go down for a period and them come back up. The ping endpoint was introduced some time ago which means Synapse can determine if an AS is up more or less immediately, so we might as well use that to schedule transaction redelivery. I believe transaction scheduling logic is largely implementation specific, so we should be in the clear to do this without any spec changes.
* Remove destinations from sending if not whitelisted (#18484)Devon Hudson2025-06-063-8/+71
| | | | Co-authored-by: Andrew Morgan <andrew@amorgan.xyz>
* Export RatelimitOverride from ModuleApi (#18513)Hugh Nimmo-Smith2025-06-067-6/+28
|
* Distinguish all vs local events being persisted in the "Event Send Time ↵Eric Eastwood2025-06-052-31/+66
| | | | | | | | | Quantiles" graph (#18510) (Applies to the Grafana graphs) As discovered by @devonh, we use `synapse_storage_events_persisted_events_total` (which tracks *all* persisted events) for the "Events" rate in the "Event Send Time Quantiles" graph. This is pretty misleading as I would expect it to be the rate of events being sent given the graph title, "Event Send Time Quantiles". Since the event persistence queues are shared for local and remote events from federation and will block local events being sent, I think it does still make sense to have the event persist rate. I've updated the graph to include the rate of "Local events being persisted" and the rate of "All events being persisted". I think this properly disambiguates and clarifies what the graph is trying to show.
* docs: render missing docs for scheduled tasks admin api (#18516)Dirk Klimpel2025-06-052-0/+2
| | | | Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Reduce disk wastage by cleaning up `received_transactions` older than 1 day, ↵reivilibre2025-06-052-2/+3
| | | | | | | | | | | | rather than 30 days. (#18310) Clean up `received_transactions` older than 1 day, rather than 30 days \ Reduces disk waste by homeservers Closes #6437 --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
* Add support for MSC4155 Invite filtering (#18288)Will Hunt2025-06-0517-5/+542
| | | | | | | | | | This implements https://github.com/matrix-org/matrix-spec-proposals/pull/4155, which adds support for a new account data type that blocks an invite based on some conditions in the event contents. --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Propose `CAP_NET_BIND_SERVICE` instead running Synapse with root (#18408)Mateusz Reszka2025-06-042-4/+5
| | | | | There are alternative ways to use low numbered ports besides root. Users might be mislead into thinking they should run Synapse with root privileges.
* Add ratelimit callbacks to module API to allow dynamic ratelimiting (#18458)Hugh Nimmo-Smith2025-06-0410-4/+197
|
* Add user_may_send_state_event callback to spam checker module API (#18455)Hugh Nimmo-Smith2025-06-046-0/+200
|
* Add media repository callbacks to module API to control media upload size ↵Hugh Nimmo-Smith2025-06-0411-9/+291
| | | | | | | | (#18457) Adds new callbacks for media related functionality: - `get_media_config_for_user` - `is_user_allowed_to_upload_media_of_size`
* Pass room_config argument to user_may_create_room spam checker module ↵Hugh Nimmo-Smith2025-06-046-30/+230
| | | | | | | | | | | | | | callback (#18486) This PR adds an additional `room_config` argument to the `user_may_create_room` spam checker module API callback. It will continue to work with implementations of `user_may_create_room` that do not expect the additional parameter. A side affect is that on a room upgrade the spam checker callback is called *after* doing some work to calculate the state rather than before. However, I hope that this is acceptable given the relative infrequency of room upgrades.
* Merge branch 'master' into developOlivier 'reivilibre2025-06-0324-22/+67
|\
| * 1.131.0 v1.131.0Olivier 'reivilibre2025-06-033-1/+11
| |
| * Changelog fixes v1.131.0rc1Quentin Gliech2025-05-281-1/+1
| | | | | | | | Co-Authored-By: Andrew Morgan <andrew@amorgan.xyz>
| * 1.131.0rc1Quentin Gliech2025-05-2824-22/+57
| |
* | Make user_type extensible and allow default user_type to be set (#18456)Hugh Nimmo-Smith2025-06-0312-34/+293
| |
* | Machine-readable config description (#17892)V024602025-06-0312-2424/+8301
| |
* | Mark dehydrated devices in admin get devices endpoint (#18252)Hubert Chathi2025-05-284-5/+78
|/ | | | Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Bump lxml from 5.3.0 to 5.4.0 (#18480)dependabot[bot]2025-05-281-141/+135
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [lxml](https://github.com/lxml/lxml) from 5.3.0 to 5.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lxml/lxml/releases">lxml's releases</a>.</em></p> <blockquote> <h2>lxml-5.4.0</h2> <h1>5.4.0 (2025-04-22)</h1> <h2>Bugs fixed</h2> <ul> <li>LP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs. (Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.) Issue found by Anatoly Katyushin, see <a href="https://bugs.launchpad.net/lxml/+bug/2107279">https://bugs.launchpad.net/lxml/+bug/2107279</a></li> </ul> <h2>lxml-5.3.2</h2> <p>No release notes provided.</p> <h2>lxml-5.3.1</h2> <p>No release notes provided.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/lxml/lxml/blob/master/CHANGES.txt">lxml's changelog</a>.</em></p> <blockquote> <h1>5.4.0 (2025-04-22)</h1> <h2>Bugs fixed</h2> <ul> <li>LP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs. (Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.) Issue found by Anatoly Katyushin.</li> </ul> <h1>5.3.2 (2025-04-05)</h1> <p>This release resolves CVE-2025-24928 as described in <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/847">https://gitlab.gnome.org/GNOME/libxml2/-/issues/847</a></p> <h2>Bugs fixed</h2> <ul> <li> <p>Binary wheels use libxml2 2.12.10 and libxslt 1.1.42.</p> </li> <li> <p>Binary wheels for Windows use a patched libxml2 2.11.9 and libxslt 1.1.39.</p> </li> </ul> <h1>5.3.1 (2025-02-09)</h1> <h2>Bugs fixed</h2> <ul> <li> <p>GH#440: Some tests were adapted for libxml2 2.14.0. Patch by Nick Wellnhofer.</p> </li> <li> <p>LP#2097175: <code>DTD(external_id=&quot;…&quot;)</code> erroneously required a byte string as ID value.</p> </li> <li> <p>GH#450: <code>iterparse()</code> internally triggered the `DeprecationWarning`` added in lxml 5.3.0 when parsing HTML.</p> </li> </ul> <h2>Other changes</h2> <ul> <li>GH#442: Binary wheels for macOS no longer use the linker flag <code>-flat_namespace</code>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lxml/lxml/commit/6e76d57af83d59d7a0456fd5889e392a7b366b43"><code>6e76d57</code></a> Build: Exclude slow Py3.9 wheel builds for s390/ppc and Py3.7 for ARM64.</li> <li><a href="https://github.com/lxml/lxml/commit/ee10c02bb771be22e6e3c36a90f3b66e5ce87752"><code>ee10c02</code></a> Prepare release of lxml 5.4.0.</li> <li><a href="https://github.com/lxml/lxml/commit/0e4f3c33723bb2b4d9565046a24a896c36fb5602"><code>0e4f3c3</code></a> Prepare release of lxml 5.3.3.</li> <li><a href="https://github.com/lxml/lxml/commit/b4703fc2e74296a1bcb44ba050d856ceab21d87f"><code>b4703fc</code></a> Update changelog.</li> <li><a href="https://github.com/lxml/lxml/commit/db723bb3b9140f9f313f4b638790a69e82eae2a3"><code>db723bb</code></a> Build: Use libxslt 1.1.43 instead of 1.1.42 to resolve some CVEs.</li> <li><a href="https://github.com/lxml/lxml/commit/a664877bde77d4d649fb8475e8bfb2bc2693ac26"><code>a664877</code></a> Build: Use libxml2 2.13.8 instead of 2.12.x to resolve some CVEs.</li> <li><a href="https://github.com/lxml/lxml/commit/df4633e7a919f0a4d42df310f17477b5ab51e403"><code>df4633e</code></a> Remove appveyor usage.</li> <li><a href="https://github.com/lxml/lxml/commit/820db896be83f72f1cb653981362c682c8fc0d1f"><code>820db89</code></a> CI: Allow Py3.14 jobs to fail.</li> <li><a href="https://github.com/lxml/lxml/commit/93ad02aad6caa1a7a4b2f595c2973644709cb5f9"><code>93ad02a</code></a> docs: Add a note about C compiler installation to error message (<a href="https://redirect.github.com/lxml/lxml/issues/454">GH-454</a>)</li> <li><a href="https://github.com/lxml/lxml/commit/16878dac7075903c7b6e412f5f770ce43e942509"><code>16878da</code></a> Add some hints to the documentation on how to build lxml (<a href="https://redirect.github.com/lxml/lxml/issues/453">GH-453</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lxml/lxml/compare/lxml-5.3.0...lxml-5.4.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lxml&package-manager=pip&previous-version=5.3.0&new-version=5.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump ruff from 0.11.10 to 0.11.11 (#18482)dependabot[bot]2025-05-282-21/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [ruff](https://github.com/astral-sh/ruff) from 0.11.10 to 0.11.11. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/releases">ruff's releases</a>.</em></p> <blockquote> <h2>0.11.11</h2> <h2>Release Notes</h2> <h3>Preview features</h3> <ul> <li>[<code>airflow</code>] Add autofixes for <code>AIR302</code> and <code>AIR312</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/17942">#17942</a>)</li> <li>[<code>airflow</code>] Move rules from <code>AIR312</code> to <code>AIR302</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/17940">#17940</a>)</li> <li>[<code>airflow</code>] Update <code>AIR301</code> and <code>AIR311</code> with the latest Airflow implementations (<a href="https://redirect.github.com/astral-sh/ruff/pull/17985">#17985</a>)</li> <li>[<code>flake8-simplify</code>] Enable fix in preview mode (<code>SIM117</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18208">#18208</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>Fix inconsistent formatting of match-case on <code>[]</code> and <code>_</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18147">#18147</a>)</li> <li>[<code>pylint</code>] Fix <code>PLW1514</code> not recognizing the <code>encoding</code> positional argument of <code>codecs.open</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18109">#18109</a>)</li> </ul> <h3>CLI</h3> <ul> <li>Add full option name in formatter warning (<a href="https://redirect.github.com/astral-sh/ruff/pull/18217">#18217</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Fix rendering of admonition in docs (<a href="https://redirect.github.com/astral-sh/ruff/pull/18163">#18163</a>)</li> <li>[<code>flake8-print</code>] Improve print/pprint docs for <code>T201</code> and <code>T203</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18130">#18130</a>)</li> <li>[<code>flake8-simplify</code>] Add fix safety section (<code>SIM110</code>,<code>SIM210</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18114">#18114</a>,<a href="https://redirect.github.com/astral-sh/ruff/pull/18100">#18100</a>)</li> <li>[<code>pylint</code>] Fix docs example that produced different output (<code>PLW0603</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18216">#18216</a>)</li> </ul> <h2>Contributors</h2> <ul> <li><a href="https://github.com/AlexWaygood"><code>@​AlexWaygood</code></a></li> <li><a href="https://github.com/BradonZhang"><code>@​BradonZhang</code></a></li> <li><a href="https://github.com/BurntSushi"><code>@​BurntSushi</code></a></li> <li><a href="https://github.com/CodeMan62"><code>@​CodeMan62</code></a></li> <li><a href="https://github.com/InSyncWithFoo"><code>@​InSyncWithFoo</code></a></li> <li><a href="https://github.com/LaBatata101"><code>@​LaBatata101</code></a></li> <li><a href="https://github.com/Lee-W"><code>@​Lee-W</code></a></li> <li><a href="https://github.com/Mathemmagician"><code>@​Mathemmagician</code></a></li> <li><a href="https://github.com/MatthewMckee4"><code>@​MatthewMckee4</code></a></li> <li><a href="https://github.com/MichaReiser"><code>@​MichaReiser</code></a></li> <li><a href="https://github.com/TomerBin"><code>@​TomerBin</code></a></li> <li><a href="https://github.com/VascoSch92"><code>@​VascoSch92</code></a></li> <li><a href="https://github.com/adamaaronson"><code>@​adamaaronson</code></a></li> <li><a href="https://github.com/brainwane"><code>@​brainwane</code></a></li> <li><a href="https://github.com/brandtbucher"><code>@​brandtbucher</code></a></li> <li><a href="https://github.com/carljm"><code>@​carljm</code></a></li> <li><a href="https://github.com/dcreager"><code>@​dcreager</code></a></li> <li><a href="https://github.com/dhruvmanila"><code>@​dhruvmanila</code></a></li> <li><a href="https://github.com/dragon-dxw"><code>@​dragon-dxw</code></a></li> <li><a href="https://github.com/felixscherz"><code>@​felixscherz</code></a></li> <li><a href="https://github.com/kiran-4444"><code>@​kiran-4444</code></a></li> <li><a href="https://github.com/maxmynter"><code>@​maxmynter</code></a></li> <li><a href="https://github.com/ntBre"><code>@​ntBre</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's changelog</a>.</em></p> <blockquote> <h2>0.11.11</h2> <h3>Preview features</h3> <ul> <li>[<code>airflow</code>] Add autofixes for <code>AIR302</code> and <code>AIR312</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/17942">#17942</a>)</li> <li>[<code>airflow</code>] Move rules from <code>AIR312</code> to <code>AIR302</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/17940">#17940</a>)</li> <li>[<code>airflow</code>] Update <code>AIR301</code> and <code>AIR311</code> with the latest Airflow implementations (<a href="https://redirect.github.com/astral-sh/ruff/pull/17985">#17985</a>)</li> <li>[<code>flake8-simplify</code>] Enable fix in preview mode (<code>SIM117</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18208">#18208</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>Fix inconsistent formatting of match-case on <code>[]</code> and <code>_</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18147">#18147</a>)</li> <li>[<code>pylint</code>] Fix <code>PLW1514</code> not recognizing the <code>encoding</code> positional argument of <code>codecs.open</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18109">#18109</a>)</li> </ul> <h3>CLI</h3> <ul> <li>Add full option name in formatter warning (<a href="https://redirect.github.com/astral-sh/ruff/pull/18217">#18217</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Fix rendering of admonition in docs (<a href="https://redirect.github.com/astral-sh/ruff/pull/18163">#18163</a>)</li> <li>[<code>flake8-print</code>] Improve print/pprint docs for <code>T201</code> and <code>T203</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18130">#18130</a>)</li> <li>[<code>flake8-simplify</code>] Add fix safety section (<code>SIM110</code>,<code>SIM210</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18114">#18114</a>,<a href="https://redirect.github.com/astral-sh/ruff/pull/18100">#18100</a>)</li> <li>[<code>pylint</code>] Fix docs example that produced different output (<code>PLW0603</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18216">#18216</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/astral-sh/ruff/commit/0397682f1f50c9c1cc29293ac870f7720b0eda33"><code>0397682</code></a> Bump 0.11.11 (<a href="https://redirect.github.com/astral-sh/ruff/issues/18259">#18259</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/bcefa459f4069970bc9776575e2f776b8d130dc9"><code>bcefa45</code></a> [ty] Rename <code>call-possibly-unbound-method</code> to `possibly-unbound-implicit-call...</li> <li><a href="https://github.com/astral-sh/ruff/commit/91b7a570c2bd1c9e1cab894ded866e885f28946a"><code>91b7a57</code></a> [ty] Implement Python's floor division semantics for <code>Literal</code> <code>int</code>s (<a href="https://redirect.github.com/astral-sh/ruff/issues/18249">#18249</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/98da200d45b040401bc5c1ff04fd678d37d3dd3e"><code>98da200</code></a> [ty] Fix server panic when calling <code>system_mut</code> (<a href="https://redirect.github.com/astral-sh/ruff/issues/18252">#18252</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/029085fa7239eb25f9b60b6aff56aa54945becaf"><code>029085f</code></a> [ty] Clarify <code>ty check</code> output default in documentation. (<a href="https://redirect.github.com/astral-sh/ruff/issues/18246">#18246</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/6df10c638e3afed4a3fd9145d0353861e29d6acc"><code>6df10c6</code></a> [<code>pylint</code>] Fix docs example that produced different output (<code>PLW0603</code>) (<a href="https://redirect.github.com/astral-sh/ruff/issues/18216">#18216</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/bdf488462a5a5c0d4e104eff4e299829019b657d"><code>bdf4884</code></a> Preserve tuple parentheses in case patterns (<a href="https://redirect.github.com/astral-sh/ruff/issues/18147">#18147</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/01eeb2f0d6894f413048ff8fc8980453bf17acab"><code>01eeb2f</code></a> [ty] Support frozen dataclasses (<a href="https://redirect.github.com/astral-sh/ruff/issues/17974">#17974</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/cb04343b3b5e7a8a0841c73537733fa5aac482a2"><code>cb04343</code></a> [ty] Split <code>invalid-base</code> error code into two error codes (<a href="https://redirect.github.com/astral-sh/ruff/issues/18245">#18245</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/02394b8049b52836ae7daca7132fab93031d1162"><code>02394b8</code></a> [ty] Improve <code>invalid-type-form</code> diagnostic where a module-literal type is us...</li> <li>Additional commits viewable in <a href="https://github.com/astral-sh/ruff/compare/0.11.10...0.11.11">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ruff&package-manager=pip&previous-version=0.11.10&new-version=0.11.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump types-jsonschema from 4.23.0.20241208 to 4.23.0.20250516 (#18481)dependabot[bot]2025-05-281-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [types-jsonschema](https://github.com/typeshed-internal/stub_uploader) from 4.23.0.20241208 to 4.23.0.20250516. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-jsonschema&package-manager=pip&previous-version=4.23.0.20241208&new-version=4.23.0.20250516)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add option to limit key queries to users sharing rooms as per MSC4263 (#18180)Johannes Marbach2025-05-285-6/+255
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This implements https://github.com/matrix-org/matrix-spec-proposals/pull/4263. ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
* Increase timeout for test_lock_contention on RISC-V (#18430)gui-yue2025-05-272-5/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR addresses a test failure for `tests.handlers.test_worker_lock.WorkerLockTestCase.test_lock_contention` which consistently times out on the RISC-V (specifically `riscv64`) architecture. The test simulates high lock contention and has a default timeout of 5 seconds, which seems sufficient for architectures like x86_64 but proves too short for current RISC-V hardware/environment performance characteristics, leading to spurious `tests.utils.TestTimeout` failures. This fix introduces architecture detection using `platform.machine()`. If a RISC-V architecture is detected: * The timeout for this specific test is increased (e.g., to 15 seconds ). The original, stricter timeout (5 seconds) and lock count (500) are maintained for all other architectures to avoid masking potential performance regressions elsewhere. This change has been tested locally on RISC-V, where the test now passes reliably, and on x86_64, where it continues to pass with the original constraints. --- ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [X] Pull request is based on the develop branch *(Assuming you based it correctly)* * [X] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). *(See below)* * [X] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) *(Please run linters locally)*
* fix(device-handler): make _maybe_retry_device_resync thread-safe (#18391)3nprob2025-05-262-8/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | A race-condition may render concurrent retry loops. Use an actual `Lock` for guarding single access of device resyncing retrying. ### Pull Request Checklist * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
* Don't move invited users to new room when shutting down room (#18471)Shay2025-05-233-11/+54
| | | This is confusing to users who received unwanted invites.
* Bump Tornado from 6.4.2 to 6.5.0 (#18459)Andrew Morgan2025-05-212-13/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps tornado 6.5.0 to mitigate [CVE-2025-47287](https://nvd.nist.gov/vuln/detail/CVE-2025-47287). This dependency is only used indirectly through our sentry dependency. ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [ ] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
* Bump pyo3 from 0.23.5 to 0.24.2 (#18460)Andrew Morgan2025-05-213-16/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also bump pythonize from 0.23.0 to 0.24.0, otherwise we couldn't compile as pythonize 0.23.0 required pyo3 "^0.23.0". Addresses [RUSTSEC-2025-0020](https://rustsec.org/advisories/RUSTSEC-2025-0020), although Synapse is not affected as we don't make use of `PyString::from_object`. [pyo3 0.24.x](https://github.com/PyO3/pyo3/releases/tag/v0.24.0) include some performance optimisations apparently, and no breaking changes. ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
* Policy server part 1: Actually call the policy server (#18387)Travis Ralston2025-05-219-1/+469
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Roughly reviewable commit-by-commit. This is the first part of adding policy server support to Synapse. Other parts (unordered), which may or may not be bundled into fewer PRs, include: * Implementation of a bulk API * Supporting a moderation server config (the `fallback_*` options of https://github.com/element-hq/policyserv_spam_checker ) * Adding an "early event hook" for appservices to receive federation transactions *before* events are processed formally * Performance and stability improvements ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: turt2live <1190097+turt2live@users.noreply.github.com> Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>
* Include room ID in room deletion status response (#18318)Dagfinn Ilmari Mannsåker2025-05-204-1/+15
| | | | When querying by `delete_id` it's handy to see which room the delete pertains to.
* Merge branch 'master' into developDevon Hudson2025-05-209-4/+284
|\
| * Tweak changelog v1.130.0Devon Hudson2025-05-201-1/+1
| |
| * 1.130.0Devon Hudson2025-05-205-3/+17
| |
| * Fix up the topological ordering for events above `MAX_DEPTH` (#18447)Erik Johnston2025-05-195-1/+258
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse previously did not correctly cap the max depth of an event to the max canonical json int. This can cause ordering issues for any events that were sent locally at the time. This background update goes and correctly caps the topological ordering to the new `MAX_DEPTH`. c.f. GHSA-v56r-hwv5-mxg6 --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
| * Move index creation to background update (#18439)Erik Johnston2025-05-153-2/+11
| | | | | | | | | | | | | | | | Follow on from #18375. This prevents blocking startup on creating the index, which can take a while --------- Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>
* | Add a unit test for the phone home stats (#18463)Andrew Morgan2025-05-204-7/+296
| |
* | Bump ruff from 0.7.3 to 0.11.10 (#18451)dependabot[bot]2025-05-2060-206/+178
| | | | | | | | | | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrew Morgan <andrew@amorgan.xyz> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* | Update postgres.md (#18445)Strac Consulting Engineers Pty Ltd2025-05-202-0/+9
| |
* | Bump setuptools from 72.1.0 to 78.1.1 (#18461)dependabot[bot]2025-05-201-7/+11
| | | | | | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* | Allow only requiring a field be present in an SSO response, rather than ↵Andrew Morgan2025-05-194-9/+86
| | | | | | | | specifying a required value (#18454)
* | Bump docker/build-push-action from 6.16.0 to 6.17.0 (#18449)dependabot[bot]2025-05-191-1/+1
| | | | | | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* | Bump pyopenssl from 25.0.0 to 25.1.0 (#18450)dependabot[bot]2025-05-191-4/+4
| | | | | | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* | Bump authlib from 1.5.1 to 1.5.2 (#18452)dependabot[bot]2025-05-191-27/+28
| | | | | | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* | Bump pyo3-log from 0.12.3 to 0.12.4 (#18453)dependabot[bot]2025-05-191-2/+2
| | | | | | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* | Check for `CREATE/DROP INDEX` in schema deltas (#18440)Erik Johnston2025-05-192-29/+99
| | | | | | As these should be background updates.
* | Bump docker/build-push-action from 6.15.0 to 6.16.0 (#18397)dependabot[bot]2025-05-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.15.0 to 6.16.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/build-push-action/releases">docker/build-push-action's releases</a>.</em></p> <blockquote> <h2>v6.16.0</h2> <ul> <li>Handle no default attestations env var by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1343">docker/build-push-action#1343</a></li> <li>Only print secret keys in build summary output by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1353">docker/build-push-action#1353</a></li> <li>Bump <code>@​docker/actions-toolkit</code> from 0.56.0 to 0.59.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1352">docker/build-push-action#1352</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.15.0...v6.16.0">https://github.com/docker/build-push-action/compare/v6.15.0...v6.16.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/build-push-action/commit/14487ce63c7a62a4a324b0bfb37086795e31c6c1"><code>14487ce</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1343">#1343</a> from crazy-max/fix-no-default-attest</li> <li><a href="https://github.com/docker/build-push-action/commit/0ec91264d895acf7dfe05d54d8a3cc28f95b6346"><code>0ec9126</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1366">#1366</a> from crazy-max/pr-assign-author</li> <li><a href="https://github.com/docker/build-push-action/commit/b749522b90af1b517f52d8c1e67b2a965cea5eae"><code>b749522</code></a> pr-assign-author workflow</li> <li><a href="https://github.com/docker/build-push-action/commit/c566248492c912e39910ac79e2f05a82260233a8"><code>c566248</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1363">#1363</a> from crazy-max/fix-codecov</li> <li><a href="https://github.com/docker/build-push-action/commit/13275dd76e44afdffdd61da8b8ae8e26ee11671f"><code>13275dd</code></a> ci: fix missing source for codecov</li> <li><a href="https://github.com/docker/build-push-action/commit/67dc78bbaf388b3265f7e1c880e681f4b90d5f48"><code>67dc78b</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1361">#1361</a> from mschoettle/patch-1</li> <li><a href="https://github.com/docker/build-push-action/commit/0760504437ba8d0d98e7d5b625560bdede11b3b5"><code>0760504</code></a> docs: add validating build configuration example</li> <li><a href="https://github.com/docker/build-push-action/commit/1c198f4467ce458288d816cabd773cd574f16977"><code>1c198f4</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/288d9e2e4a70c24711ba959b94c2209b9205347e"><code>288d9e2</code></a> handle no default attestations env var</li> <li><a href="https://github.com/docker/build-push-action/commit/88844b95d8cbbb41035fa9c94e5967a33b92db78"><code>88844b9</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1353">#1353</a> from crazy-max/summary-secret-keys</li> <li>Additional commits viewable in <a href="https://github.com/docker/build-push-action/compare/471d1dc4e07e5cdedd4c2171150001c434f0b7a4...14487ce63c7a62a4a324b0bfb37086795e31c6c1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/build-push-action&package-manager=github_actions&previous-version=6.15.0&new-version=6.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* | Bump actions/setup-python from 5.5.0 to 5.6.0 (#18398)dependabot[bot]2025-05-196-14/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.5.0 to 5.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-python/releases">actions/setup-python's releases</a>.</em></p> <blockquote> <h2>v5.6.0</h2> <h2>What's Changed</h2> <ul> <li>Workflow updates related to Ubuntu 20.04 by <a href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1065">actions/setup-python#1065</a></li> <li>Fix for Candidate Not Iterable Error by <a href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1082">actions/setup-python#1082</a></li> <li>Upgrade semver and <code>@​types/semver</code> by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1091">actions/setup-python#1091</a></li> <li>Upgrade prettier from 2.8.8 to 3.5.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1046">actions/setup-python#1046</a></li> <li>Upgrade ts-jest from 29.1.2 to 29.3.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1081">actions/setup-python#1081</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-python/compare/v5...v5.6.0">https://github.com/actions/setup-python/compare/v5...v5.6.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-python/commit/a26af69be951a213d495a4c3e4e4022e16d87065"><code>a26af69</code></a> Bump ts-jest from 29.1.2 to 29.3.2 (<a href="https://redirect.github.com/actions/setup-python/issues/1081">#1081</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/30eafe95483bd95135b7eda0c66a0369af9afdf1"><code>30eafe9</code></a> Bump prettier from 2.8.8 to 3.5.3 (<a href="https://redirect.github.com/actions/setup-python/issues/1046">#1046</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/5d95bc16d4bc83bb56202da9630d84c6f8a2d8f5"><code>5d95bc1</code></a> Bump semver and <code>@​types/semver</code> (<a href="https://redirect.github.com/actions/setup-python/issues/1091">#1091</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/6ed2c67c8abe7646815dbd50364eea862d396fd9"><code>6ed2c67</code></a> Fix for Candidate Not Iterable Error (<a href="https://redirect.github.com/actions/setup-python/issues/1082">#1082</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/e348410e00f449ece8581cb8e88be8f0e7712da6"><code>e348410</code></a> Remove Ubuntu 20.04 from workflows due to deprecation from 2025-04-15 (<a href="https://redirect.github.com/actions/setup-python/issues/1065">#1065</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-python/compare/8d9ed9ac5c53483de85588cdf95a591a75ab9f55...a26af69be951a213d495a4c3e4e4022e16d87065">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=5.5.0&new-version=5.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* | Fix admin redaction endpoint not redacting encrypted messages (#18434)Shay2025-05-193-2/+56
| |
* | remove room without listeners from Notifier.room_to_user_streams (#18380)Stanislav Kazantsev2025-05-152-0/+4
| | | | | | | | Co-authored-by: Andrew Morgan <andrew@amorgan.xyz>
* | Add option to allow registrations that begin with '_' (#18262)_2025-05-155-1/+46
| | | | | | | | Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* | Fix room_list_publication_rules docs for v1.126.0 (#18286)Kim Brose2025-05-142-7/+9
| | | | | | | | Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* | Explain why we `flush_buffer()` for Python `print(...)` output (#18420)Eric Eastwood2025-05-133-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Spawning from using this code elsewhere and not knowing why it's there. Based on this article and @reivilibre's experience mentioning `PYTHONUNBUFFERED=1`, > #### programming languages where the default “print” statement buffers > > Also, here are a few programming language where the default print statement will buffer output when writing to a pipe, and some ways to disable buffering if you want: > > - Python (disable with `python -u`, or `PYTHONUNBUFFERED=1`, or `sys.stdout.reconfigure(line_buffering=False)`, or `print(x, flush=True)`) > > _-- https://jvns.ca/blog/2024/11/29/why-pipes-get-stuck-buffering/#programming-languages-where-the-default-print-statement-buffers_
* | Fix a couple type annotations in the `RootConfig`/`Config` (#18409)Eric Eastwood2025-05-1313-26/+37
| | | | | | | | | | | | | | | | | | Fix a couple type annotations in the `RootConfig`/`Config`. Discovered while cribbing this code for another project. It's really sucks that `mypy` type checking doesn't catch this. I assume this is because we also have a `synapse/config/_base.pyi` that overrides all of this. Still unclear to me why the `Iterable[str]` vs `StrSequence` issue wasn't caught as that's what `ConfigError` expects.
* | Explicitly enable pypy for cibuildwheel (#18417)Andrew Morgan2025-05-133-25/+28
| |
* | Remove newline from final bullet point of PR template (#18419)Andrew Morgan2025-05-132-2/+2
| |
* | Bump types-requests from 2.32.0.20241016 to 2.32.0.20250328 (#18427)dependabot[bot]2025-05-131-4/+4
| |
* | Bump mypy-zope from 1.0.9 to 1.0.11 (#18428)dependabot[bot]2025-05-131-4/+4
|/
* Fix up changelog v1.130.0rc1Erik Johnston2025-05-131-4/+4
|
* 1.130.0rc1Erik Johnston2025-05-1329-27/+70
|
* Bump pillow from 11.1.0 to 11.2.1 (#18429)dependabot[bot]2025-05-131-73/+84
| | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump actions/setup-go from 5.4.0 to 5.5.0 (#18426)dependabot[bot]2025-05-133-3/+3
| | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump pydantic from 2.10.3 to 2.11.4 (#18394)dependabot[bot]2025-05-091-107/+122
|
* Bump packaging from 24.2 to 25.0 (#18393)dependabot[bot]2025-05-091-3/+3
|
* Bump txredisapi from 1.4.10 to 1.4.11 (#18392)dependabot[bot]2025-05-091-3/+3
|
* Bump sha2 from 0.10.8 to 0.10.9 (#18395)dependabot[bot]2025-05-091-2/+2
|
* Pass leave from remote invite rejection down Sliding Sync (#18375)Devon Hudson2025-05-087-1/+360
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #17753 ### Dev notes The `sliding_sync_membership_snapshots` and `sliding_sync_joined_rooms` database tables were added in https://github.com/element-hq/synapse/pull/17512 ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [X] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [X] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Erik Johnston <erik@matrix.org> Co-authored-by: Olivier 'reivilibre <oliverw@matrix.org> Co-authored-by: Eric Eastwood <erice@element.io>
* Convert Sliding Sync tests to use higher-level `compute_interested_rooms` ↵Devon Hudson2025-05-077-437/+1238
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#18399) Spawning from https://github.com/element-hq/synapse/pull/18375#discussion_r2071768635, This updates some sliding sync tests to use a higher level function in order to move test coverage to cover both fallback & new tables. Important when https://github.com/element-hq/synapse/pull/18375 is merged. In other words, adjust tests to target `compute_interested_room(...)` (relevant to both new and fallback path) instead of the lower level `get_room_membership_for_user_at_to_token(...)` that only applies to the fallback path. ### Dev notes ``` SYNAPSE_TEST_LOG_LEVEL=INFO poetry run trial tests.handlers.test_sliding_sync.ComputeInterestedRoomsTestCase_new ``` ``` SYNAPSE_TEST_LOG_LEVEL=INFO poetry run trial tests.rest.client.sliding_sync ``` ``` SYNAPSE_POSTGRES=1 SYNAPSE_POSTGRES_USER=postgres SYNAPSE_TEST_LOG_LEVEL=INFO poetry run trial tests.handlers.test_sliding_sync.ComputeInterestedRoomsTestCase_new.test_display_name_changes_leave_after_token_range ``` ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Eric Eastwood <erice@element.io>
* Merge branch 'master' into developAndrew Morgan2025-05-0618-103/+122
|\
| * 1.129.0 v1.129.0Andrew Morgan2025-05-063-1/+14
| |
| * Adjust changelog v1.129.0rc2Quentin Gliech2025-04-301-0/+2
| | | | | | | | Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
| * 1.129.0rc2Quentin Gliech2025-04-305-3/+17
| |
| * Unschedule the background update scheduled in #18068. (#18372)Quentin Gliech2025-04-304-92/+19
| | | | | | Fixes #18356
| * Remove the trigger added in #18260 and then reverted (#18373)Quentin Gliech2025-04-304-1/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | See #18260 This is useful for anyone who tried Synapse v1.129.0rc1 out Fixes #18349 To test: - checkout v1.129.0rc1 and start - check that the events table has the trigger (`\dS events` with postgres) - checkout this PR and start - check that the events table doesn't have the trigger anymore
| * Merge commit '89cb613a4e' into release-v1.129Quentin Gliech2025-04-299-906/+10
| |\
| * | Update changelog v1.129.0rc1Devon Hudson2025-04-163-2/+2
| | |
| * | Merge branch 'develop' into release-v1.129Devon Hudson2025-04-164-18/+33
| |\ \
| * | | Changelog tweaksDevon Hudson2025-04-151-1/+1
| | | |
| * | | 1.129.0rc1Devon Hudson2025-04-1511-9/+32
| | | |
* | | | Ensure the url previewer also hashes and quarantines media (#18297)Will Hunt2025-05-063-4/+15
| | | | | | | | | | | | | | | | Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* | | | make tests tolerant to authlib 1.5.2 error messages (#18390)Florian Klink2025-05-052-10/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | authlib 1.5.2 now single-quotes error messages in the claims, causing three tests to fail. Replace the comparison with a regex that accepts both single or double quotes. This succeeds the tests with both authlib 1.5.1 and 1.5.2. See https://github.com/NixOS/nixpkgs/pull/402797 for context. ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
* | | | Return specific error code when email / phone not supported (#17578)David Baker2025-05-054-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implements https://github.com/matrix-org/matrix-spec-proposals/pull/4178 If this would need tests, could you give some idea of what tests would be needed and how best to add them? ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [ ] Pull request is based on the develop branch * [ ] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [ ] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
* | | | Add the ability to exclude remote users in user directory search results ↵Will Lewis2025-05-026-4/+84
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#18300) This change adds a new configuration `user_directory.exclude_remote_users`, which defaults to False. When set to True, remote users will not appear in user directory search results. ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* | | | Allow a few admin APIs used by MAS to run on workers (#18313)Quentin Gliech2025-05-0210-200/+249
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This should be reviewed commit by commit. It adds a few admin servlets that are used by MAS when in delegation mode to workers --------- Co-authored-by: Olivier 'reivilibre <oliverw@matrix.org> Co-authored-by: Devon Hudson <devon.dmytro@gmail.com> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* | | | Apply `should_drop_federated_event` to federation invites (#18330)Shay2025-05-023-0/+9
| | | | | | | | | | | | Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* | | | Fix lint which broke in #18374 (#18385)Quentin Gliech2025-05-022-1/+2
| | | | | | | | | | | | | | | | https://github.com/element-hq/synapse/pull/18374 did not pass linting but was merged
* | | | Don't check the `at_hash` (access token hash) in OIDC ID Tokens if we don't ↵Andrew Morgan2025-05-024-4/+89
| | | | | | | | | | | | | | | | | | | | | | | | use the access token (#18374) Co-authored-by: Eric Eastwood <erice@element.io>
* | | | Fix typo in doc for Scheduled Tasks Admin API (#18384)Shay2025-05-022-1/+2
| | | |
* | | | Do not auto-provision missing users & devices when delegating auth to MAS ↵Quentin Gliech2025-05-023-28/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#18181) Since MAS 0.13.0, the provisionning of devices and users is done synchronously and reliably enough that we don't need to auto-provision on the Synapse side anymore. It's important to remove this behaviour if we want to start caching token introspection results.
* | | | Readme tweaks (#18218)Andrew Ferrazzutti2025-05-022-5/+8
| | | |
* | | | Add an Admin API endpoint to fetch scheduled tasks (#18214)Shay2025-05-015-0/+319
| | | |
* | | | docs/workers.md: Add ^/_matrix/federation/v1/event/ to list of delegatable ↵Sebastian Spaeth2025-05-014-0/+13
| | | | | | | | | | | | | | | | endpoints (#18377)
* | | | Added Pocket ID to openid.md (#18237)Martin Lavén2025-04-302-0/+28
| | | |
* | | | start_for_complement.sh: use more shell builtins (#18293)Andrew Ferrazzutti2025-04-302-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Avoid calling external tools when shell builtins suffice. ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Quentin Gliech <quenting@element.io>
* | | | docker: use shebangs to invoke generated scripts (#18295)Andrew Ferrazzutti2025-04-304-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When generating scripts from templates, don't add a leading newline so that their shebangs may be handled correctly. ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Quentin Gliech <quenting@element.io>
* | | | configure_workers_and_start.py: unify python path (#18291)Andrew Ferrazzutti2025-04-302-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use absolute path for python in script shebang, and invoke child python processes with sys.executable. This is consistent with the absolute path used to invoke python elsewhere (like in the supervisor config). ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Quentin Gliech <quenting@element.io>
* | | | Optimize `Dockerfile-workers` (#18292)Andrew Ferrazzutti2025-04-302-23/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Use a `uv:python` image for the first build layer, to reduce the number of intermediate images required, as the main Dockerfile uses that image already - Use a cache mount for `apt` commands - Skip a pointless install of `redis-server`, since the redis Docker image is copied from instead - Move some RUN steps out of the final image layer & into the build layer Depends on https://github.com/element-hq/synapse/pull/18275 ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
* | | | Fix typo in docs about `push` (#18320)Kim Brose2025-04-302-1/+2
| | | |
* | | | Minor performance improvements to notifier/replication (#18367)Erik Johnston2025-04-292-30/+32
| | | | | | | | | | | | | | | | | | | | | | | | These are some improvements to `on_new_event` which is a hot path. Not sure how much this will save, but maybe like ~5%? Possibly easier to review commit-by-commit
* | | | Slight performance increase when using the ratelimiter (#18369)Erik Johnston2025-04-294-18/+13
| | | | | | | | | | | | See the commits.
* | | | Do not retry push during backoff period (#18363)Erik Johnston2025-04-293-0/+85
| | | | | | | | | | | | | | | | | | | | This fixes a bug where if a pusher gets told about a new event to push it will ignore the backoff and immediately retry sending any pending push.
* | | | Bump softprops/action-gh-release from 1 to 2 (#18264)dependabot[bot]2025-04-291-1/+1
| | | |
* | | | Bump types-jsonschema from 4.23.0.20240813 to 4.23.0.20241208 (#18305)dependabot[bot]2025-04-291-3/+3
| | | |
* | | | Bump pyopenssl from 24.3.0 to 25.0.0 (#18315)dependabot[bot]2025-04-291-3/+4
| | | |
* | | | Bump types-psycopg2 from 2.9.21.20250121 to 2.9.21.20250318 (#18316)dependabot[bot]2025-04-291-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [types-psycopg2](https://github.com/python/typeshed) from 2.9.21.20250121 to 2.9.21.20250318. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/python/typeshed/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-psycopg2&package-manager=pip&previous-version=2.9.21.20250121&new-version=2.9.21.20250318)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* | | | Bump pyo3-log from 0.12.2 to 0.12.3 (#18317)dependabot[bot]2025-04-291-2/+2
| | | |
* | | | Bump anyhow from 1.0.97 to 1.0.98 (#18336)dependabot[bot]2025-04-291-2/+2
| | | |
* | | | Bump stefanzweifel/git-auto-commit-action from 5.1.0 to 5.2.0 (#18354)dependabot[bot]2025-04-291-1/+1
| | | |
* | | | Bump actions/download-artifact from 4.2.1 to 4.3.0 (#18364)dependabot[bot]2025-04-291-1/+1
| | | |
* | | | Bump actions/add-to-project from 280af8ae1f83a494cfad2cb10f02f6d13529caa9 to ↵dependabot[bot]2025-04-291-1/+1
| | | | | | | | | | | | | | | | 5b1a254a3546aef88e0a7724a77a623fa2e47c36 (#18365)
* | | | Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 (#18366)dependabot[bot]2025-04-291-1/+1
| | | |
* | | | Allow /rooms/ admin API to be on workers (#18360)Erik Johnston2025-04-254-3/+7
| | | | | | | | | | | | Tested by https://github.com/matrix-org/sytest/pull/1400
* | | | Move GET /devices/ off main process (#18355)Erik Johnston2025-04-253-2/+20
| |_|/ |/| | | | | | | | | | | | | | | | | | | | We can't move PUT/DELETE as they do need to happen on main process (due to notification of device changes). --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* | | Revert "Add total event, unencrypted message, and e2ee event counts to stats ↵Devon Hudson2025-04-1610-907/+10
| |/ |/| | | | | | | | | | | | | | | | | | | reporting" (#18346) Reverts element-hq/synapse#18260 It is causing a failure when building release debs for `debian:bullseye` with the following error: ``` sqlite3.OperationalError: near "RETURNING": syntax error ```
* | Fix query for room participation (#18345)Erik Johnston2025-04-162-12/+9
| | | | | | | | | | | | | | | | | | | | | | Follow on from #18068 Currently the subquery in `UPDATE` is pointless, as it will still just update all `room_membership` rows. Instead, we should look at the current membership event ID (which is easily retrieved from `local_current_membership`). We also add a `AND NOT participant` to noop the `UPDATE` when the `participant` flag is already set. cc @H-Shay
* | Fix ExternalIDReuse exception for concurrent transactions (#18342)Quentin Gliech2025-04-162-6/+24
|/
* Don't cache introspection failures (#18339)Quentin Gliech2025-04-152-3/+10
|
* Fix `force_tracing_for_users` config when using MAS (#18334)Erik Johnston2025-04-152-0/+52
| | | | | | | This is a copy of what we do for internal auth, and we should figure out a way to deduplicate some of this stuff: https://github.com/element-hq/synapse/blob/dd05cc55eedbf086ae224a13c9ae9f0332d96b1f/synapse/api/auth/internal.py#L62-L110
* Fix the token introspection cache logging access tokens when MAS integration ↵reivilibre2025-04-153-10/+26
| | | | | | | | | | | is in use. (#18335) The `ResponseCache` logs keys by default. Let's not do that for access tokens. --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
* Add total event, unencrypted message, and e2ee event counts to stats ↵Andrew Morgan2025-04-1510-10/+907
| | | | | | reporting (#18260) Co-authored-by: Eric Eastwood <erice@element.io>
* Add caches to new hot path functions (#18337)Erik Johnston2025-04-144-15/+23
| | | | We call these two functions for every authed request when using delegated auth.
* Add passthrough_authorization_parameters support to OIDC configuration (#18232)Olivier D2025-04-105-1/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | # Add passthrough_authorization_parameters support to OIDC configuration This PR adds `the passthrough_authorization_parameters` option to OIDC configuration, allowing specific query parameters (like `login_hint`) to be passed from the redirect endpoint to the authorization grant URL. This enables clients to provide additional context to identity providers during authentication flows. # Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Quentin Gliech <quenting@element.io>
* Merge branch 'master' into developErik Johnston2025-04-083-1/+14
|\
| * 1.128.0 v1.128.0Erik Johnston2025-04-083-1/+14
| |
* | Disable Postgres statement timeouts while purging room state (#18133)Jason Little2025-04-022-0/+8
| |
* | complement-synapse: COPY existing dir from base (#18294)Andrew Ferrazzutti2025-04-012-1/+2
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The base postgres image already has the /var/run/postgresql directory, and COPY can set file ownership with chown=, so COPY it instead of making it from scratch & manually setting its ownership. ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
* Merge changelog entries v1.128.0rc1Quentin Gliech2025-04-011-2/+1
|
* Fix rendering of the changelogQuentin Gliech2025-04-011-1/+1
|
* 1.128.0rc1Quentin Gliech2025-04-0122-22/+56
|
* Make sure media hashes are not queried until the index is up (#18302)Quentin Gliech2025-04-013-3/+20
|
* Bump phonenumbers from 8.13.50 to 9.0.2 (#18299)dependabot[bot]2025-04-011-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [phonenumbers](https://github.com/daviddrysdale/python-phonenumbers) from 8.13.50 to 9.0.2. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/73ef5e664b55ba941cd1a120497d8a0395e1076f"><code>73ef5e6</code></a> Prep for 9.0.2 release</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/528a98bc757a2539bd969aee5bc75f22bb5a4d68"><code>528a98b</code></a> Generated files for metadata</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/28f5958abd284b1a76a4bff3fb2ca0b043c93605"><code>28f5958</code></a> Merge metadata changes from upstream 9.0.2</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/25ae49c1609bcbdec6cb25f0f08a3c0f3c112654"><code>25ae49c</code></a> Prep for 9.0.1 release</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/b8a1459cef41649cba3cb6fa6f9ae868b1f67dd2"><code>b8a1459</code></a> Generated files for metadata</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/f6cd2333593d27c5c6a004049f84fcf525f59911"><code>f6cd233</code></a> Merge metadata changes from upstream 9.0.1</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/c46f1049ba5731ca27f3a47d13f07965c43a6cbd"><code>c46f104</code></a> Prep for 9.0.0 release</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/d542ec2abcbd8c89560a632c7e5176e6b718a144"><code>d542ec2</code></a> Generated files for metadata</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/a4da80e25217a71a7ee03cc6d90f16d6187cd38f"><code>a4da80e</code></a> Merge metadata changes from upstream 9.0.0</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/45c822e887ab4eee6869af23096f385cdc4aeae1"><code>45c822e</code></a> Prep for 8.13.55 release</li> <li>Additional commits viewable in <a href="https://github.com/daviddrysdale/python-phonenumbers/compare/v8.13.50...v9.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=phonenumbers&package-manager=pip&previous-version=8.13.50&new-version=9.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump authlib from 1.4.1 to 1.5.1 (#18306)dependabot[bot]2025-04-011-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [authlib](https://github.com/lepture/authlib) from 1.4.1 to 1.5.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lepture/authlib/releases">authlib's releases</a>.</em></p> <blockquote> <h2>Version 1.5.1</h2> <p>Released on Feb 28, 2025</p> <ul> <li>Fix RFC9207 iss parameter. <a href="https://redirect.github.com/lepture/authlib/issues/715">#715</a></li> </ul> <h2>Version 1.5.0</h2> <ul> <li>Fix token introspection auth method for clients. <a href="https://redirect.github.com/lepture/authlib/pull/662">#662</a></li> <li>Optional typ claim in JWT tokens. <a href="https://redirect.github.com/lepture/authlib/pull/696">#696</a></li> <li>JWT validation leeway. <a href="https://redirect.github.com/lepture/authlib/pull/689">#689</a></li> <li>Implement server-side <a href="https://datatracker.ietf.org/doc/html/rfc9207.html">RFC9207</a>. <a href="https://redirect.github.com/lepture/authlib/issues/700">#700</a> <a href="https://redirect.github.com/lepture/authlib/pull/701">#701</a></li> <li>generate_id_token can take a kid parameter. <a href="https://redirect.github.com/lepture/authlib/pull/702">#702</a></li> <li>More detailed InvalidClientError. <a href="https://redirect.github.com/lepture/authlib/pull/706">#706</a></li> <li>OpenID Connect Dynamic Client Registration implementation. <a href="https://redirect.github.com/lepture/authlib/pull/707">#707</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/lepture/authlib/blob/main/docs/changelog.rst">authlib's changelog</a>.</em></p> <blockquote> <h2>Version 1.5.1</h2> <p><strong>Released on Feb 28, 2025</strong></p> <ul> <li>Fix RFC9207 <code>iss</code> parameter. :pr:<code>715</code></li> </ul> <h2>Version 1.5.0</h2> <p><strong>Released on Feb 25, 2025</strong></p> <ul> <li>Fix token introspection auth method for clients. :pr:<code>662</code></li> <li>Optional <code>typ</code> claim in JWT tokens. :pr:<code>696</code></li> <li>JWT validation leeway. :pr:<code>689</code></li> <li>Implement server-side :rfc:<code>RFC9207 &lt;9207&gt;</code>. :issue:<code>700</code> :pr:<code>701</code></li> <li><code>generate_id_token</code> can take a <code>kid</code> parameter. :pr:<code>702</code></li> <li>More detailed <code>InvalidClientError</code>. :pr:<code>706</code></li> <li>OpenID Connect Dynamic Client Registration implementation. :pr:<code>707</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lepture/authlib/commit/4eafdc21891e78361f478479efe109ff0fb2f661"><code>4eafdc2</code></a> chore: release 1.5.1</li> <li><a href="https://github.com/lepture/authlib/commit/0e7e3443447094e6c2c0835e2f110c15b14c853c"><code>0e7e344</code></a> Merge pull request <a href="https://redirect.github.com/lepture/authlib/issues/715">#715</a> from azmeuk/rfc9207</li> <li><a href="https://github.com/lepture/authlib/commit/b57932bc7e2c0f7115b77f38dfd88a1443487593"><code>b57932b</code></a> fix: RFC9207 iss parameter</li> <li><a href="https://github.com/lepture/authlib/commit/7833a887da396e285f9315dc361670abec22137d"><code>7833a88</code></a> Merge pull request <a href="https://redirect.github.com/lepture/authlib/issues/713">#713</a> from geigerzaehler/full-entropy</li> <li><a href="https://github.com/lepture/authlib/commit/642dfa3264f0afe94c7f6ac7006007a7fd24fbe6"><code>642dfa3</code></a> doc: fix an example import for rfc9207</li> <li><a href="https://github.com/lepture/authlib/commit/5c507a84733033bdbf3e9d884bba67f18ce8ba0a"><code>5c507a8</code></a> fix: Use full entropy from specified oct key size</li> <li><a href="https://github.com/lepture/authlib/commit/2d0396e3fc49d53ab816bb43ec83fe42d527ca09"><code>2d0396e</code></a> chore: release 1.5.0</li> <li><a href="https://github.com/lepture/authlib/commit/da87c8b2ec35af9ddd3b621e2e8245102018f878"><code>da87c8b</code></a> doc: update changelog</li> <li><a href="https://github.com/lepture/authlib/commit/b79d868e7f14bffc9e6d381570cfaf90c941f872"><code>b79d868</code></a> Merge pull request <a href="https://redirect.github.com/lepture/authlib/issues/662">#662</a> from AdamWill/oauth2-fix-introspect-endpoint</li> <li><a href="https://github.com/lepture/authlib/commit/24c2bd871825771bb3e0523cf070e2aab0cbe8c1"><code>24c2bd8</code></a> chore: add a dependency group for the documentation</li> <li>Additional commits viewable in <a href="https://github.com/lepture/authlib/compare/v1.4.1...v1.5.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=authlib&package-manager=pip&previous-version=1.4.1&new-version=1.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Tweaks to prefix-log (#18274)Andrew Ferrazzutti2025-04-012-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Explicitly use `mawk` instead of `awk`, since an extension of the former is used - Use `fflush` to reduce interleaving the output of different processes & streams - Move the `mawk` command to a shell function, instead of writing it twice - Look up the `SUPERVISOR_PROCESS_NAME` environment variable in `mawk`, instead of reading it in the shell & using complex quoting to pass it to `mawk` ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Quentin Gliech <quenting@element.io>
* Add an access token introspection cache to make Matrix Authentication ↵reivilibre2025-04-013-17/+135
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Service integration (MSC3861) more efficient. (#18231) Evolution of https://github.com/element-hq/synapse/commit/cd78f3d2ee15ccf3e8229a1f529e0e2c16e15c45 This cache does not have any explicit invalidation, but this is deemed acceptable (see code comment). We may still prefer to add it eventually, letting us bump up the Time-To-Live (TTL) on the cache as we currently set a 2 minute expiry to balance the fact that we have no explicit invalidation. This cache makes several things more efficient: - reduces number of outbound requests from Synapse, reducing CPU utilisation + network I/O - reduces request handling time in Synapse, which improves client-visible latency - reduces load on MAS and its database --- Other than that, this PR also introduces support for `expires_in` (seconds) on the introspection response. This lets the cached responses expire at the proper expiry time of the access token, whilst avoiding clock skew issues. Corresponds to: https://github.com/element-hq/matrix-authentication-service/pull/4241 --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
* Bump actions/upload-artifact from 4.6.1 to 4.6.2 (#18304)dependabot[bot]2025-04-015-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.1 to 4.6.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v4.6.2</h2> <h2>What's Changed</h2> <ul> <li>Update to use artifact 2.3.2 package &amp; prepare for new upload-artifact release by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.6.2">https://github.com/actions/upload-artifact/compare/v4...v4.6.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/upload-artifact/commit/ea165f8d65b6e75b540449e92b4886f43607fa02"><code>ea165f8</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/685">#685</a> from salmanmkc/salmanmkc/3-new-upload-artifacts-release</li> <li><a href="https://github.com/actions/upload-artifact/commit/08396203c179e13c71b9754ce3472ed71842eec0"><code>0839620</code></a> Prepare for new release of actions/upload-artifact with new toolkit cache ver...</li> <li>See full diff in <a href="https://github.com/actions/upload-artifact/compare/4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1...ea165f8d65b6e75b540449e92b4886f43607fa02">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=4.6.1&new-version=4.6.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump actions/add-to-project from f5473ace9aeee8b97717b281e26980aa5097023f to ↵dependabot[bot]2025-04-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 280af8ae1f83a494cfad2cb10f02f6d13529caa9 (#18303) Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from f5473ace9aeee8b97717b281e26980aa5097023f to 280af8ae1f83a494cfad2cb10f02f6d13529caa9. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/add-to-project/commit/280af8ae1f83a494cfad2cb10f02f6d13529caa9"><code>280af8a</code></a> Merge pull request <a href="https://redirect.github.com/actions/add-to-project/issues/688">#688</a> from actions/dependabot/npm_and_yarn/vercel/ncc-0.38.3</li> <li><a href="https://github.com/actions/add-to-project/commit/a5abfebda95cd4d848045f39facb11fc18e3391d"><code>a5abfeb</code></a> Update licensed cache and dist/ directory</li> <li><a href="https://github.com/actions/add-to-project/commit/f30c2e67f81007061987663b4a219fe3cf01464f"><code>f30c2e6</code></a> Bump <code>@​vercel/ncc</code> from 0.38.1 to 0.38.3</li> <li><a href="https://github.com/actions/add-to-project/commit/81dd5ce97fc1878d6145108c0bf9330ff48f1230"><code>81dd5ce</code></a> Merge pull request <a href="https://redirect.github.com/actions/add-to-project/issues/687">#687</a> from actions/dependabot/npm_and_yarn/types/jest-29.5.14</li> <li><a href="https://github.com/actions/add-to-project/commit/122a80374266a5293832675e27cd679978f9f4ff"><code>122a803</code></a> Bump <code>@​types/jest</code> from 29.5.12 to 29.5.14</li> <li><a href="https://github.com/actions/add-to-project/commit/29c72ac92445aa8e7a5e6b1643cca32d78dbeea0"><code>29c72ac</code></a> Merge pull request <a href="https://redirect.github.com/actions/add-to-project/issues/686">#686</a> from actions/dependabot/npm_and_yarn/types/node-22.13.14</li> <li><a href="https://github.com/actions/add-to-project/commit/46316d9a20b27daa0bd6399be0faa3490859cc18"><code>46316d9</code></a> Bump <code>@​types/node</code> from 16.18.101 to 22.13.14</li> <li><a href="https://github.com/actions/add-to-project/commit/95df5ae4dbb6c1e60f2bcfa3459d2d5cbf98c6da"><code>95df5ae</code></a> Merge pull request <a href="https://redirect.github.com/actions/add-to-project/issues/685">#685</a> from actions/dependabot/npm_and_yarn/eslint-plugin-je...</li> <li><a href="https://github.com/actions/add-to-project/commit/f14f229b02cc2da1e86a231e565592a57f62b37e"><code>f14f229</code></a> Bump eslint-plugin-jest from 28.6.0 to 28.11.0</li> <li><a href="https://github.com/actions/add-to-project/commit/cc696180afea0adc14ad0cfaea066a2e8f6fe5ae"><code>cc69618</code></a> Exit without failure if nothing to commit</li> <li>Additional commits viewable in <a href="https://github.com/actions/add-to-project/compare/f5473ace9aeee8b97717b281e26980aa5097023f...280af8ae1f83a494cfad2cb10f02f6d13529caa9">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump jinja2 from 3.1.5 to 3.1.6 (#18223)dependabot[bot]2025-04-011-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.5 to 3.1.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/releases">jinja2's releases</a>.</em></p> <blockquote> <h2>3.1.6</h2> <p>This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.</p> <p>PyPI: <a href="https://pypi.org/project/Jinja2/3.1.6/">https://pypi.org/project/Jinja2/3.1.6/</a> Changes: <a href="https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6">https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6</a></p> <ul> <li>The <code>|attr</code> filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. <a href="https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7">https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/blob/main/CHANGES.rst">jinja2's changelog</a>.</em></p> <blockquote> <h2>Version 3.1.6</h2> <p>Released 2025-03-05</p> <ul> <li>The <code>|attr</code> filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:<code>cpwx-vrp4-4pq7</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679"><code>1520688</code></a> release version 3.1.6</li> <li><a href="https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403"><code>90457bb</code></a> Merge commit from fork</li> <li><a href="https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7"><code>065334d</code></a> attr filter uses env.getattr</li> <li><a href="https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145"><code>033c200</code></a> start version 3.1.6</li> <li><a href="https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35"><code>bc68d4e</code></a> use global contributing guide (<a href="https://redirect.github.com/pallets/jinja/issues/2070">#2070</a>)</li> <li><a href="https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486"><code>247de5e</code></a> use global contributing guide</li> <li><a href="https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f"><code>ab8218c</code></a> use project advisory link instead of global</li> <li><a href="https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2"><code>b4ffc8f</code></a> release version 3.1.5 (<a href="https://redirect.github.com/pallets/jinja/issues/2066">#2066</a>)</li> <li>See full diff in <a href="https://github.com/pallets/jinja/compare/3.1.5...3.1.6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jinja2&package-manager=pip&previous-version=3.1.5&new-version=3.1.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/element-hq/synapse/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-08-11 14:53:52 +0000