| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Bumps [actions/setup-python](https://github.com/actions/setup-python)
from 5.5.0 to 5.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-python/releases">actions/setup-python's
releases</a>.</em></p>
<blockquote>
<h2>v5.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Workflow updates related to Ubuntu 20.04 by <a
href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1065">actions/setup-python#1065</a></li>
<li>Fix for Candidate Not Iterable Error by <a
href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1082">actions/setup-python#1082</a></li>
<li>Upgrade semver and <code>@types/semver</code> by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1091">actions/setup-python#1091</a></li>
<li>Upgrade prettier from 2.8.8 to 3.5.3 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1046">actions/setup-python#1046</a></li>
<li>Upgrade ts-jest from 29.1.2 to 29.3.2 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1081">actions/setup-python#1081</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-python/compare/v5...v5.6.0">https://github.com/actions/setup-python/compare/v5...v5.6.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-python/commit/a26af69be951a213d495a4c3e4e4022e16d87065"><code>a26af69</code></a>
Bump ts-jest from 29.1.2 to 29.3.2 (<a
href="https://redirect.github.com/actions/setup-python/issues/1081">#1081</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/30eafe95483bd95135b7eda0c66a0369af9afdf1"><code>30eafe9</code></a>
Bump prettier from 2.8.8 to 3.5.3 (<a
href="https://redirect.github.com/actions/setup-python/issues/1046">#1046</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/5d95bc16d4bc83bb56202da9630d84c6f8a2d8f5"><code>5d95bc1</code></a>
Bump semver and <code>@types/semver</code> (<a
href="https://redirect.github.com/actions/setup-python/issues/1091">#1091</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/6ed2c67c8abe7646815dbd50364eea862d396fd9"><code>6ed2c67</code></a>
Fix for Candidate Not Iterable Error (<a
href="https://redirect.github.com/actions/setup-python/issues/1082">#1082</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/e348410e00f449ece8581cb8e88be8f0e7712da6"><code>e348410</code></a>
Remove Ubuntu 20.04 from workflows due to deprecation from 2025-04-15
(<a
href="https://redirect.github.com/actions/setup-python/issues/1065">#1065</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-python/compare/8d9ed9ac5c53483de85588cdf95a591a75ab9f55...a26af69be951a213d495a4c3e4e4022e16d87065">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
Co-authored-by: Andrew Morgan <andrew@amorgan.xyz>
|
|
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
|
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
|
Spawning from using this code elsewhere and not knowing why it's there.
Based on this article and @reivilibre's experience mentioning
`PYTHONUNBUFFERED=1`,
> #### programming languages where the default “print” statement buffers
>
> Also, here are a few programming language where the default print
statement will buffer output when writing to a pipe, and some ways to
disable buffering if you want:
>
> - Python (disable with `python -u`, or `PYTHONUNBUFFERED=1`, or
`sys.stdout.reconfigure(line_buffering=False)`, or `print(x,
flush=True)`)
>
> _--
https://jvns.ca/blog/2024/11/29/why-pipes-get-stuck-buffering/#programming-languages-where-the-default-print-statement-buffers_
|
|
Fix a couple type annotations in the `RootConfig`/`Config`. Discovered
while cribbing this code for another project.
It's really sucks that `mypy` type checking doesn't catch this. I assume
this is because we also have a `synapse/config/_base.pyi` that overrides
all of this. Still unclear to me why the `Iterable[str]` vs
`StrSequence` issue wasn't caught as that's what `ConfigError` expects.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
Fixes #17753
### Dev notes
The `sliding_sync_membership_snapshots` and `sliding_sync_joined_rooms`
database tables were added in
https://github.com/element-hq/synapse/pull/17512
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [X] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [X] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
---------
Co-authored-by: Erik Johnston <erik@matrix.org>
Co-authored-by: Olivier 'reivilibre <oliverw@matrix.org>
Co-authored-by: Eric Eastwood <erice@element.io>
|
|
(#18399)
Spawning from
https://github.com/element-hq/synapse/pull/18375#discussion_r2071768635,
This updates some sliding sync tests to use a higher level function in
order to move test coverage to cover both fallback & new tables.
Important when https://github.com/element-hq/synapse/pull/18375 is
merged.
In other words, adjust tests to target `compute_interested_room(...)`
(relevant to both new and fallback path) instead of the lower level
`get_room_membership_for_user_at_to_token(...)` that only applies to the
fallback path.
### Dev notes
```
SYNAPSE_TEST_LOG_LEVEL=INFO poetry run trial tests.handlers.test_sliding_sync.ComputeInterestedRoomsTestCase_new
```
```
SYNAPSE_TEST_LOG_LEVEL=INFO poetry run trial tests.rest.client.sliding_sync
```
```
SYNAPSE_POSTGRES=1 SYNAPSE_POSTGRES_USER=postgres SYNAPSE_TEST_LOG_LEVEL=INFO poetry run trial tests.handlers.test_sliding_sync.ComputeInterestedRoomsTestCase_new.test_display_name_changes_leave_after_token_range
```
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
---------
Co-authored-by: Eric Eastwood <erice@element.io>
|
|
|
|
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
|
authlib 1.5.2 now single-quotes error messages in the claims, causing
three tests to fail.
Replace the comparison with a regex that accepts both single or double
quotes.
This succeeds the tests with both authlib 1.5.1 and 1.5.2.
See https://github.com/NixOS/nixpkgs/pull/402797 for context.
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
|
|
Implements https://github.com/matrix-org/matrix-spec-proposals/pull/4178
If this would need tests, could you give some idea of what tests would
be needed and how best to add them?
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [ ] Pull request is based on the develop branch
* [ ] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [ ] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
|
|
(#18300)
This change adds a new configuration
`user_directory.exclude_remote_users`, which defaults to False.
When set to True, remote users will not appear in user directory search
results.
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
---------
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
|
This should be reviewed commit by commit.
It adds a few admin servlets that are used by MAS when in delegation
mode to workers
---------
Co-authored-by: Olivier 'reivilibre <oliverw@matrix.org>
Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
|
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
|
https://github.com/element-hq/synapse/pull/18374 did not pass linting
but was merged
|
|
use the access token (#18374)
Co-authored-by: Eric Eastwood <erice@element.io>
|
|
|
|
(#18181)
Since MAS 0.13.0, the provisionning of devices and users is done
synchronously and reliably enough that we don't need to auto-provision
on the Synapse side anymore.
It's important to remove this behaviour if we want to start caching
token introspection results.
|
|
|
|
|
|
endpoints (#18377)
|
|
|
|
Avoid calling external tools when shell builtins suffice.
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
---------
Co-authored-by: Quentin Gliech <quenting@element.io>
|
|
When generating scripts from templates, don't add a leading newline so
that their shebangs may be handled correctly.
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
---------
Co-authored-by: Quentin Gliech <quenting@element.io>
|
|
Use absolute path for python in script shebang, and invoke child python
processes with sys.executable. This is consistent with the absolute path
used to invoke python elsewhere (like in the supervisor config).
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
---------
Co-authored-by: Quentin Gliech <quenting@element.io>
|
|
- Use a `uv:python` image for the first build layer, to reduce the
number of intermediate images required, as the
main Dockerfile uses that image already
- Use a cache mount for `apt` commands
- Skip a pointless install of `redis-server`, since the redis Docker
image is copied from instead
- Move some RUN steps out of the final image layer & into the build
layer
Depends on https://github.com/element-hq/synapse/pull/18275
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
|
|
|
|
Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
|
|
|
Fixes #18356
|
|
See #18260
This is useful for anyone who tried Synapse v1.129.0rc1 out
Fixes #18349
To test:
- checkout v1.129.0rc1 and start
- check that the events table has the trigger (`\dS events` with
postgres)
- checkout this PR and start
- check that the events table doesn't have the trigger anymore
|
|
These are some improvements to `on_new_event` which is a hot path. Not
sure how much this will save, but maybe like ~5%?
Possibly easier to review commit-by-commit
|
|
See the commits.
|
|
This fixes a bug where if a pusher gets told about a new event to push
it will ignore the backoff and immediately retry sending any pending
push.
|
|
|
|
|
|
|
|
Bumps [types-psycopg2](https://github.com/python/typeshed) from
2.9.21.20250121 to 2.9.21.20250318.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/python/typeshed/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
5b1a254a3546aef88e0a7724a77a623fa2e47c36 (#18365)
|
|
|
|
Tested by https://github.com/matrix-org/sytest/pull/1400
|
|
We can't move PUT/DELETE as they do need to happen on main process (due
to notification of device changes).
---------
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
|
reporting" (#18346)
Reverts element-hq/synapse#18260
It is causing a failure when building release debs for `debian:bullseye`
with the following error:
```
sqlite3.OperationalError: near "RETURNING": syntax error
```
|
|
|
|
Follow on from #18068
Currently the subquery in `UPDATE` is pointless, as it will still just
update all `room_membership` rows. Instead, we should look at the
current membership event ID (which is easily retrieved from
`local_current_membership`). We also add a `AND NOT participant` to noop
the `UPDATE` when the `participant` flag is already set.
cc @H-Shay
|
|
|
|
|
|
|
|
|
|
This is a copy of what we do for internal auth, and we should figure out
a way to deduplicate some of this stuff:
https://github.com/element-hq/synapse/blob/dd05cc55eedbf086ae224a13c9ae9f0332d96b1f/synapse/api/auth/internal.py#L62-L110
|
|
is in use. (#18335)
The `ResponseCache` logs keys by default.
Let's not do that for access tokens.
---------
Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
|
|
reporting (#18260)
Co-authored-by: Eric Eastwood <erice@element.io>
|
|
We call these two functions for every authed request when using
delegated auth.
|
|
# Add passthrough_authorization_parameters support to OIDC configuration
This PR adds `the passthrough_authorization_parameters` option to OIDC
configuration, allowing specific query parameters (like `login_hint`) to
be passed from the redirect endpoint to the authorization grant URL.
This enables clients to provide additional context to identity providers
during authentication flows.
# Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
---------
Co-authored-by: Quentin Gliech <quenting@element.io>
|
|
|
|
|
|
The base postgres image already has the /var/run/postgresql directory,
and COPY can set file ownership with chown=, so COPY it instead of
making it from scratch & manually setting its ownership.
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
|
|
|
|
|
|
|
|
|
|
Bumps
[phonenumbers](https://github.com/daviddrysdale/python-phonenumbers)
from 8.13.50 to 9.0.2.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/73ef5e664b55ba941cd1a120497d8a0395e1076f"><code>73ef5e6</code></a>
Prep for 9.0.2 release</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/528a98bc757a2539bd969aee5bc75f22bb5a4d68"><code>528a98b</code></a>
Generated files for metadata</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/28f5958abd284b1a76a4bff3fb2ca0b043c93605"><code>28f5958</code></a>
Merge metadata changes from upstream 9.0.2</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/25ae49c1609bcbdec6cb25f0f08a3c0f3c112654"><code>25ae49c</code></a>
Prep for 9.0.1 release</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/b8a1459cef41649cba3cb6fa6f9ae868b1f67dd2"><code>b8a1459</code></a>
Generated files for metadata</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/f6cd2333593d27c5c6a004049f84fcf525f59911"><code>f6cd233</code></a>
Merge metadata changes from upstream 9.0.1</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/c46f1049ba5731ca27f3a47d13f07965c43a6cbd"><code>c46f104</code></a>
Prep for 9.0.0 release</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/d542ec2abcbd8c89560a632c7e5176e6b718a144"><code>d542ec2</code></a>
Generated files for metadata</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/a4da80e25217a71a7ee03cc6d90f16d6187cd38f"><code>a4da80e</code></a>
Merge metadata changes from upstream 9.0.0</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/45c822e887ab4eee6869af23096f385cdc4aeae1"><code>45c822e</code></a>
Prep for 8.13.55 release</li>
<li>Additional commits viewable in <a
href="https://github.com/daviddrysdale/python-phonenumbers/compare/v8.13.50...v9.0.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [authlib](https://github.com/lepture/authlib) from 1.4.1 to 1.5.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/lepture/authlib/releases">authlib's
releases</a>.</em></p>
<blockquote>
<h2>Version 1.5.1</h2>
<p>Released on Feb 28, 2025</p>
<ul>
<li>Fix RFC9207 iss parameter. <a
href="https://redirect.github.com/lepture/authlib/issues/715">#715</a></li>
</ul>
<h2>Version 1.5.0</h2>
<ul>
<li>Fix token introspection auth method for clients. <a
href="https://redirect.github.com/lepture/authlib/pull/662">#662</a></li>
<li>Optional typ claim in JWT tokens. <a
href="https://redirect.github.com/lepture/authlib/pull/696">#696</a></li>
<li>JWT validation leeway. <a
href="https://redirect.github.com/lepture/authlib/pull/689">#689</a></li>
<li>Implement server-side <a
href="https://datatracker.ietf.org/doc/html/rfc9207.html">RFC9207</a>.
<a
href="https://redirect.github.com/lepture/authlib/issues/700">#700</a>
<a
href="https://redirect.github.com/lepture/authlib/pull/701">#701</a></li>
<li>generate_id_token can take a kid parameter. <a
href="https://redirect.github.com/lepture/authlib/pull/702">#702</a></li>
<li>More detailed InvalidClientError. <a
href="https://redirect.github.com/lepture/authlib/pull/706">#706</a></li>
<li>OpenID Connect Dynamic Client Registration implementation. <a
href="https://redirect.github.com/lepture/authlib/pull/707">#707</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/lepture/authlib/blob/main/docs/changelog.rst">authlib's
changelog</a>.</em></p>
<blockquote>
<h2>Version 1.5.1</h2>
<p><strong>Released on Feb 28, 2025</strong></p>
<ul>
<li>Fix RFC9207 <code>iss</code> parameter. :pr:<code>715</code></li>
</ul>
<h2>Version 1.5.0</h2>
<p><strong>Released on Feb 25, 2025</strong></p>
<ul>
<li>Fix token introspection auth method for clients.
:pr:<code>662</code></li>
<li>Optional <code>typ</code> claim in JWT tokens.
:pr:<code>696</code></li>
<li>JWT validation leeway. :pr:<code>689</code></li>
<li>Implement server-side :rfc:<code>RFC9207 <9207></code>.
:issue:<code>700</code> :pr:<code>701</code></li>
<li><code>generate_id_token</code> can take a <code>kid</code>
parameter. :pr:<code>702</code></li>
<li>More detailed <code>InvalidClientError</code>.
:pr:<code>706</code></li>
<li>OpenID Connect Dynamic Client Registration implementation.
:pr:<code>707</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/lepture/authlib/commit/4eafdc21891e78361f478479efe109ff0fb2f661"><code>4eafdc2</code></a>
chore: release 1.5.1</li>
<li><a
href="https://github.com/lepture/authlib/commit/0e7e3443447094e6c2c0835e2f110c15b14c853c"><code>0e7e344</code></a>
Merge pull request <a
href="https://redirect.github.com/lepture/authlib/issues/715">#715</a>
from azmeuk/rfc9207</li>
<li><a
href="https://github.com/lepture/authlib/commit/b57932bc7e2c0f7115b77f38dfd88a1443487593"><code>b57932b</code></a>
fix: RFC9207 iss parameter</li>
<li><a
href="https://github.com/lepture/authlib/commit/7833a887da396e285f9315dc361670abec22137d"><code>7833a88</code></a>
Merge pull request <a
href="https://redirect.github.com/lepture/authlib/issues/713">#713</a>
from geigerzaehler/full-entropy</li>
<li><a
href="https://github.com/lepture/authlib/commit/642dfa3264f0afe94c7f6ac7006007a7fd24fbe6"><code>642dfa3</code></a>
doc: fix an example import for rfc9207</li>
<li><a
href="https://github.com/lepture/authlib/commit/5c507a84733033bdbf3e9d884bba67f18ce8ba0a"><code>5c507a8</code></a>
fix: Use full entropy from specified oct key size</li>
<li><a
href="https://github.com/lepture/authlib/commit/2d0396e3fc49d53ab816bb43ec83fe42d527ca09"><code>2d0396e</code></a>
chore: release 1.5.0</li>
<li><a
href="https://github.com/lepture/authlib/commit/da87c8b2ec35af9ddd3b621e2e8245102018f878"><code>da87c8b</code></a>
doc: update changelog</li>
<li><a
href="https://github.com/lepture/authlib/commit/b79d868e7f14bffc9e6d381570cfaf90c941f872"><code>b79d868</code></a>
Merge pull request <a
href="https://redirect.github.com/lepture/authlib/issues/662">#662</a>
from AdamWill/oauth2-fix-introspect-endpoint</li>
<li><a
href="https://github.com/lepture/authlib/commit/24c2bd871825771bb3e0523cf070e2aab0cbe8c1"><code>24c2bd8</code></a>
chore: add a dependency group for the documentation</li>
<li>Additional commits viewable in <a
href="https://github.com/lepture/authlib/compare/v1.4.1...v1.5.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
- Explicitly use `mawk` instead of `awk`, since an extension of the
former is used
- Use `fflush` to reduce interleaving the output of different processes
& streams
- Move the `mawk` command to a shell function, instead of writing it
twice
- Look up the `SUPERVISOR_PROCESS_NAME` environment variable in `mawk`,
instead of reading it in the shell & using complex quoting to pass it to
`mawk`
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
---------
Co-authored-by: Quentin Gliech <quenting@element.io>
|
|
Service integration (MSC3861) more efficient. (#18231)
Evolution of
https://github.com/element-hq/synapse/commit/cd78f3d2ee15ccf3e8229a1f529e0e2c16e15c45
This cache does not have any explicit invalidation, but this is deemed
acceptable (see code comment).
We may still prefer to add it eventually, letting us bump up the
Time-To-Live (TTL) on the cache as we currently set a 2 minute expiry
to balance the fact that we have no explicit invalidation.
This cache makes several things more efficient:
- reduces number of outbound requests from Synapse, reducing CPU
utilisation + network I/O
- reduces request handling time in Synapse, which improves
client-visible latency
- reduces load on MAS and its database
---
Other than that, this PR also introduces support for `expires_in`
(seconds) on the introspection response.
This lets the cached responses expire at the proper expiry time of the
access token, whilst avoiding clock skew issues.
Corresponds to:
https://github.com/element-hq/matrix-authentication-service/pull/4241
---------
Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
|
|
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 4.6.1 to 4.6.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.6.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to use artifact 2.3.2 package & prepare for new
upload-artifact release by <a
href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.6.2">https://github.com/actions/upload-artifact/compare/v4...v4.6.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/ea165f8d65b6e75b540449e92b4886f43607fa02"><code>ea165f8</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/685">#685</a>
from salmanmkc/salmanmkc/3-new-upload-artifacts-release</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/08396203c179e13c71b9754ce3472ed71842eec0"><code>0839620</code></a>
Prepare for new release of actions/upload-artifact with new toolkit
cache ver...</li>
<li>See full diff in <a
href="https://github.com/actions/upload-artifact/compare/4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1...ea165f8d65b6e75b540449e92b4886f43607fa02">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
280af8ae1f83a494cfad2cb10f02f6d13529caa9 (#18303)
Bumps
[actions/add-to-project](https://github.com/actions/add-to-project) from
f5473ace9aeee8b97717b281e26980aa5097023f to
280af8ae1f83a494cfad2cb10f02f6d13529caa9.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/add-to-project/commit/280af8ae1f83a494cfad2cb10f02f6d13529caa9"><code>280af8a</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/add-to-project/issues/688">#688</a>
from actions/dependabot/npm_and_yarn/vercel/ncc-0.38.3</li>
<li><a
href="https://github.com/actions/add-to-project/commit/a5abfebda95cd4d848045f39facb11fc18e3391d"><code>a5abfeb</code></a>
Update licensed cache and dist/ directory</li>
<li><a
href="https://github.com/actions/add-to-project/commit/f30c2e67f81007061987663b4a219fe3cf01464f"><code>f30c2e6</code></a>
Bump <code>@vercel/ncc</code> from 0.38.1 to 0.38.3</li>
<li><a
href="https://github.com/actions/add-to-project/commit/81dd5ce97fc1878d6145108c0bf9330ff48f1230"><code>81dd5ce</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/add-to-project/issues/687">#687</a>
from actions/dependabot/npm_and_yarn/types/jest-29.5.14</li>
<li><a
href="https://github.com/actions/add-to-project/commit/122a80374266a5293832675e27cd679978f9f4ff"><code>122a803</code></a>
Bump <code>@types/jest</code> from 29.5.12 to 29.5.14</li>
<li><a
href="https://github.com/actions/add-to-project/commit/29c72ac92445aa8e7a5e6b1643cca32d78dbeea0"><code>29c72ac</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/add-to-project/issues/686">#686</a>
from actions/dependabot/npm_and_yarn/types/node-22.13.14</li>
<li><a
href="https://github.com/actions/add-to-project/commit/46316d9a20b27daa0bd6399be0faa3490859cc18"><code>46316d9</code></a>
Bump <code>@types/node</code> from 16.18.101 to 22.13.14</li>
<li><a
href="https://github.com/actions/add-to-project/commit/95df5ae4dbb6c1e60f2bcfa3459d2d5cbf98c6da"><code>95df5ae</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/add-to-project/issues/685">#685</a>
from actions/dependabot/npm_and_yarn/eslint-plugin-je...</li>
<li><a
href="https://github.com/actions/add-to-project/commit/f14f229b02cc2da1e86a231e565592a57f62b37e"><code>f14f229</code></a>
Bump eslint-plugin-jest from 28.6.0 to 28.11.0</li>
<li><a
href="https://github.com/actions/add-to-project/commit/cc696180afea0adc14ad0cfaea066a2e8f6fe5ae"><code>cc69618</code></a>
Exit without failure if nothing to commit</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/add-to-project/compare/f5473ace9aeee8b97717b281e26980aa5097023f...280af8ae1f83a494cfad2cb10f02f6d13529caa9">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.5 to 3.1.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/jinja/releases">jinja2's
releases</a>.</em></p>
<blockquote>
<h2>3.1.6</h2>
<p>This is the Jinja 3.1.6 security release, which fixes security issues
but does not otherwise change behavior and should not result in breaking
changes compared to the latest feature release.</p>
<p>PyPI: <a
href="https://pypi.org/project/Jinja2/3.1.6/">https://pypi.org/project/Jinja2/3.1.6/</a>
Changes: <a
href="https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6">https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6</a></p>
<ul>
<li>The <code>|attr</code> filter does not bypass the environment's
attribute lookup, allowing the sandbox to apply its checks. <a
href="https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7">https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/jinja/blob/main/CHANGES.rst">jinja2's
changelog</a>.</em></p>
<blockquote>
<h2>Version 3.1.6</h2>
<p>Released 2025-03-05</p>
<ul>
<li>The <code>|attr</code> filter does not bypass the environment's
attribute lookup,
allowing the sandbox to apply its checks.
:ghsa:<code>cpwx-vrp4-4pq7</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679"><code>1520688</code></a>
release version 3.1.6</li>
<li><a
href="https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403"><code>90457bb</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7"><code>065334d</code></a>
attr filter uses env.getattr</li>
<li><a
href="https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145"><code>033c200</code></a>
start version 3.1.6</li>
<li><a
href="https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35"><code>bc68d4e</code></a>
use global contributing guide (<a
href="https://redirect.github.com/pallets/jinja/issues/2070">#2070</a>)</li>
<li><a
href="https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486"><code>247de5e</code></a>
use global contributing guide</li>
<li><a
href="https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f"><code>ab8218c</code></a>
use project advisory link instead of global</li>
<li><a
href="https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2"><code>b4ffc8f</code></a>
release version 3.1.5 (<a
href="https://redirect.github.com/pallets/jinja/issues/2066">#2066</a>)</li>
<li>See full diff in <a
href="https://github.com/pallets/jinja/compare/3.1.5...3.1.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/element-hq/synapse/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
Use targeted COPY commands instead of rsync to avoid having a symlinked
/lib as the destination of a COPY (which buildkit does not support).
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
|
|
Bumps [actions/setup-python](https://github.com/actions/setup-python)
from 5.4.0 to 5.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-python/releases">actions/setup-python's
releases</a>.</em></p>
<blockquote>
<h2>v5.5.0</h2>
<h2>What's Changed</h2>
<h3>Enhancements:</h3>
<ul>
<li>Support free threaded Python versions like '3.13t' by <a
href="https://github.com/colesbury"><code>@colesbury</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/973">actions/setup-python#973</a></li>
<li>Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for
free threaded and Upgrade <code>@action/cache</code> from 4.0.0 to
4.0.3 by <a
href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1056">actions/setup-python#1056</a></li>
<li>Add support for .tool-versions file in setup-python by <a
href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1043">actions/setup-python#1043</a></li>
</ul>
<h3>Bug fixes:</h3>
<ul>
<li>Fix architecture for pypy on Linux ARM64 by <a
href="https://github.com/mayeut"><code>@mayeut</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1011">actions/setup-python#1011</a>
This update maps arm64 to aarch64 for Linux ARM64 PyPy
installations.</li>
</ul>
<h3>Dependency updates:</h3>
<ul>
<li>Upgrade <code>@vercel/ncc</code> from 0.38.1 to 0.38.3 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1016">actions/setup-python#1016</a></li>
<li>Upgrade <code>@actions/glob</code> from 0.4.0 to 0.5.0 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1015">actions/setup-python#1015</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/colesbury"><code>@colesbury</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/973">actions/setup-python#973</a></li>
<li><a
href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/1043">actions/setup-python#1043</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-python/compare/v5...v5.5.0">https://github.com/actions/setup-python/compare/v5...v5.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-python/commit/8d9ed9ac5c53483de85588cdf95a591a75ab9f55"><code>8d9ed9a</code></a>
Add e2e Testing for free threaded and Bump <code>@action/cache</code>
from 4.0.0 to 4.0.3 ...</li>
<li><a
href="https://github.com/actions/setup-python/commit/19e4675e06535f6b54e894da5c1f044400bb4996"><code>19e4675</code></a>
Add support for .tool-versions file in setup-python (<a
href="https://redirect.github.com/actions/setup-python/issues/1043">#1043</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/6fd11e170a18f6ae448d1080a4a63cc987aed84c"><code>6fd11e1</code></a>
Bump <code>@actions/glob</code> from 0.4.0 to 0.5.0 (<a
href="https://redirect.github.com/actions/setup-python/issues/1015">#1015</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/9e62be81b28222addecf85e47571213eb7680449"><code>9e62be8</code></a>
Support free threaded Python versions like '3.13t' (<a
href="https://redirect.github.com/actions/setup-python/issues/973">#973</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/6ca8e8598faa206f7140a65ba31b899bebe16f58"><code>6ca8e85</code></a>
Bump <code>@vercel/ncc</code> from 0.38.1 to 0.38.3 (<a
href="https://redirect.github.com/actions/setup-python/issues/1016">#1016</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/8039c45ed9a312fba91f3399cd0605ba2ebfe93c"><code>8039c45</code></a>
fix: install PyPy on Linux ARM64 (<a
href="https://redirect.github.com/actions/setup-python/issues/1011">#1011</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-python/compare/42375524e23c412d93fb67b49958b491fce71c38...8d9ed9ac5c53483de85588cdf95a591a75ab9f55">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [pyo3-log](https://github.com/vorner/pyo3-log) from 0.12.1 to
0.12.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vorner/pyo3-log/blob/main/CHANGELOG.md">pyo3-log's
changelog</a>.</em></p>
<blockquote>
<h1>0.12.2</h1>
<ul>
<li>Allow pyo3 0.24.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vorner/pyo3-log/commit/99ee890b2ba9cac31d5733c80df0fbe944170f2d"><code>99ee890</code></a>
Release 0.12.2</li>
<li><a
href="https://github.com/vorner/pyo3-log/commit/d1a27f574fbf5e4c45a109a543b92c308562c007"><code>d1a27f5</code></a>
Merge pull request <a
href="https://redirect.github.com/vorner/pyo3-log/issues/61">#61</a>
from gi0baro/pyo3-024</li>
<li><a
href="https://github.com/vorner/pyo3-log/commit/66fd9498c34cde58a7b4bf67abaac1e515768d89"><code>66fd949</code></a>
Allow PyO3 0.24</li>
<li>See full diff in <a
href="https://github.com/vorner/pyo3-log/compare/v0.12.1...v0.12.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Essentially document the change in behaviour in #18277
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
|
|
Bumps
[actions/download-artifact](https://github.com/actions/download-artifact)
from 4.2.0 to 4.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/download-artifact/releases">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Add unit tests by <a
href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/392">actions/download-artifact#392</a></li>
<li>Fix bug introduced in 4.2.0 by <a
href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/391">actions/download-artifact#391</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v4.2.0...v4.2.1">https://github.com/actions/download-artifact/compare/v4.2.0...v4.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/download-artifact/commit/95815c38cf2ff2164869cbab79da8d1f422bc89e"><code>95815c3</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/391">#391</a>
from GhadimiR/main</li>
<li><a
href="https://github.com/actions/download-artifact/commit/278fca438a0f334c0505181835b4796f2785949b"><code>278fca4</code></a>
Move log statements</li>
<li><a
href="https://github.com/actions/download-artifact/commit/68909842a1073010f1cf920ed7f153e2948f9c16"><code>6890984</code></a>
Merge branch 'main' into main</li>
<li><a
href="https://github.com/actions/download-artifact/commit/f9415c0ec30f02c18e075f091cafcfe4159168d0"><code>f9415c0</code></a>
Run unit tests in CI</li>
<li><a
href="https://github.com/actions/download-artifact/commit/76a6eb5cbca98dccb5e14c0116e53f5df13b220d"><code>76a6eb5</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/392">#392</a>
from GhadimiR/add_unit_tests</li>
<li><a
href="https://github.com/actions/download-artifact/commit/a2426d7c4522072f4d5824c9508d7ea97107cb8e"><code>a2426d7</code></a>
Merge branch 'main' into add_unit_tests</li>
<li><a
href="https://github.com/actions/download-artifact/commit/3ffa694f6f7e3d53f63807f78267796f57911dd4"><code>3ffa694</code></a>
lint</li>
<li><a
href="https://github.com/actions/download-artifact/commit/53f6aa5f93b626e252398abac720a28f6eb048ed"><code>53f6aa5</code></a>
Add extra assertion to download single artifact test</li>
<li><a
href="https://github.com/actions/download-artifact/commit/b456700053c87aa7d6b31d212292755e1e6eb923"><code>b456700</code></a>
lint</li>
<li><a
href="https://github.com/actions/download-artifact/commit/9eab798a9885c1be58a1c4381da1109644016e98"><code>9eab798</code></a>
Configure tsconfig</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/download-artifact/compare/b14cf4c92620c250e1c074ab0a5800e37df86765...95815c38cf2ff2164869cbab79da8d1f422bc89e">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [pygithub](https://github.com/pygithub/pygithub) from 2.5.0 to
2.6.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pygithub/pygithub/releases">pygithub's
releases</a>.</em></p>
<blockquote>
<h2>v2.6.1</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Fix broken pickle support for <code>Auth</code> classes by <a
href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3211">PyGithub/PyGithub#3211</a></li>
<li>Remove schema from <code>Deployment</code>, remove
<code>message</code> attribute by <a
href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3223">PyGithub/PyGithub#3223</a></li>
<li>Fix incorrect deprecated import by <a
href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3225">PyGithub/PyGithub#3225</a></li>
<li>Add <code>CodeSecurityConfigRepository</code> returned by
<code>get_repos_for_code_security_config</code> by <a
href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3219">PyGithub/PyGithub#3219</a></li>
<li>Make <code>GitTag.verification</code> return
<code>GitCommitVerification</code> by <a
href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3226">PyGithub/PyGithub#3226</a></li>
</ul>
<h3>Maintenance</h3>
<ul>
<li>Mention removal of <code>AppAuth.private_key</code> in changelog by
<a href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3212">PyGithub/PyGithub#3212</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/PyGithub/PyGithub/compare/v2.6.0...v2.6.1">https://github.com/PyGithub/PyGithub/compare/v2.6.0...v2.6.1</a></p>
<h2>v2.6.0</h2>
<h3>Breaking Changes</h3>
<ul>
<li>Rework <code>Views</code> and <code>Clones</code> by <a
href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3168">PyGithub/PyGithub#3168</a>:
View and clones traffic information returned by
<code>Repository.get_views_traffic</code> and
<code>Repository.get_clones_traffic</code>
now return proper PyGithub objects, instead of a <code>dict</code>, with
all information that used to be provided by the <code>dict</code>:</li>
</ul>
<p>Code like</p>
<pre
lang="python"><code>repo.get_views_traffic().["views"].timestamp
repo.get_clones_traffic().["clones"].timestamp
</code></pre>
<p>should be replaced with</p>
<pre lang="python"><code>repo.get_views_traffic().views.timestamp
repo.get_clones_traffic().clones.timestamp
</code></pre>
<ul>
<li>Fix typos by <a
href="https://github.com/kianmeng"><code>@kianmeng</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3086">PyGithub/PyGithub#3086</a>:
Property <code>OrganizationCustomProperty.respository_id</code> renamed
to <code>OrganizationCustomProperty.repository_id</code>.</li>
</ul>
<h3>New Features</h3>
<ul>
<li>Add capability for global laziness by <a
href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/2746">PyGithub/PyGithub#2746</a></li>
<li>Add Support for GitHub Copilot Seat Management in Organizations by
<a href="https://github.com/pashafateev"><code>@pashafateev</code></a>
in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3082">PyGithub/PyGithub#3082</a></li>
<li>Get branches where commit is head by <a
href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3083">PyGithub/PyGithub#3083</a></li>
<li>Support downloading a Release Asset by <a
href="https://github.com/neel-m"><code>@neel-m</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3060">PyGithub/PyGithub#3060</a></li>
<li>Add <code>Repository.merge_upstream</code> method by <a
href="https://github.com/Felixoid"><code>@Felixoid</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3175">PyGithub/PyGithub#3175</a></li>
<li>Support updating pull request draft status by <a
href="https://github.com/didot"><code>@didot</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3104">PyGithub/PyGithub#3104</a></li>
<li>Add transfer ownership method to Repository by <a
href="https://github.com/tanannie22"><code>@tanannie22</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3091">PyGithub/PyGithub#3091</a></li>
<li>Add enable and disable a Workflow by <a
href="https://github.com/nickrmcclorey"><code>@nickrmcclorey</code></a>
in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3088">PyGithub/PyGithub#3088</a></li>
<li>Add support for managing Code Security Configrations by <a
href="https://github.com/billnapier"><code>@billnapier</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3095">PyGithub/PyGithub#3095</a></li>
<li>Allow for private_key / sign function in AppAuth by <a
href="https://github.com/EnricoMi"><code>@EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3065">PyGithub/PyGithub#3065</a></li>
</ul>
<h3>Improvements</h3>
<ul>
<li>Update RateLimit object with all the new categories GitHub added. by
<a href="https://github.com/billnapier"><code>@billnapier</code></a> in
<a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3096">PyGithub/PyGithub#3096</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/PyGithub/PyGithub/blob/v2.6.1/doc/changes.rst">pygithub's
changelog</a>.</em></p>
<blockquote>
<h2>Version 2.6.1 (February 21, 2025)</h2>
<p>Bug Fixes
^^^^^^^^^</p>
<ul>
<li>Fix broken pickle support for <code>Auth</code> classes
(<code>[#3211](https://github.com/pygithub/pygithub/issues/3211)
<https://github.com/PyGithub/PyGithub/pull/3211></code><em>)
(<code>f975552a
<https://github.com/PyGithub/PyGithub/commit/f975552a></code></em>)</li>
<li>Remove schema from <code>Deployment</code>, remove
<code>message</code> attribute
(<code>[#3223](https://github.com/pygithub/pygithub/issues/3223)
<https://github.com/PyGithub/PyGithub/pull/3223></code><em>)
(<code>d12e7d4c
<https://github.com/PyGithub/PyGithub/commit/d12e7d4c></code></em>)</li>
<li>Fix incorrect deprecated import
(<code>[#3225](https://github.com/pygithub/pygithub/issues/3225)
<https://github.com/PyGithub/PyGithub/pull/3225></code><em>)
(<code>93297440
<https://github.com/PyGithub/PyGithub/commit/93297440></code></em>)</li>
<li>Add <code>CodeSecurityConfigRepository</code> returned by
<code>get_repos_for_code_security_config</code>
(<code>[#3219](https://github.com/pygithub/pygithub/issues/3219)
<https://github.com/PyGithub/PyGithub/pull/3219></code><em>)
(<code>f997a2f6
<https://github.com/PyGithub/PyGithub/commit/f997a2f6></code></em>)</li>
<li>Make <code>GitTag.verification</code> return
<code>GitCommitVerification</code>
(<code>[#3226](https://github.com/pygithub/pygithub/issues/3226)
<https://github.com/PyGithub/PyGithub/pull/3226></code><em>)
(<code>048a1a38
<https://github.com/PyGithub/PyGithub/commit/048a1a38></code></em>)</li>
</ul>
<p>Maintenance
^^^^^^^^^^^</p>
<ul>
<li>Mention removal of <code>AppAuth.private_key</code> in changelog
(<code>[#3212](https://github.com/pygithub/pygithub/issues/3212)
<https://github.com/PyGithub/PyGithub/pull/3212></code><em>)
(<code>f5dc1c76
<https://github.com/PyGithub/PyGithub/commit/f5dc1c76></code></em>)</li>
</ul>
<h2>Version 2.6.0 (February 15, 2025)</h2>
<p>Breaking Changes
^^^^^^^^^^^^^^^^</p>
<ul>
<li>
<p>Rework <code>Views</code> and <code>Clones</code>
(<code>[#3168](https://github.com/pygithub/pygithub/issues/3168)
<https://github.com/PyGithub/PyGithub/pull/3168></code><em>)
(<code>f7d52249
<https://github.com/PyGithub/PyGithub/commit/f7d52249></code></em>):</p>
<p>View and clones traffic information returned by
<code>Repository.get_views_traffic</code> and
<code>Repository.get_clones_traffic</code>
now return proper PyGithub objects, instead of a <code>dict</code>, with
all information that used to be provided by the <code>dict</code>:</p>
</li>
</ul>
<p>Code like</p>
<p>.. code-block:: python</p>
<p>repo.get_views_traffic().["views"].timestamp
repo.get_clones_traffic().["clones"].timestamp</p>
<p>should be replaced with</p>
<p>.. code-block:: python</p>
<p>repo.get_views_traffic().views.timestamp
repo.get_clones_traffic().clones.timestamp</p>
<ul>
<li>
<p>Add <code>GitCommitVerification</code> class
(<code>[#3028](https://github.com/pygithub/pygithub/issues/3028)
<https://github.com/PyGithub/PyGithub/pull/3028></code><em>)
(<code>822e6d71
<https://github.com/PyGithub/PyGithub/commit/822e6d71></code></em>):</p>
<p>Changes the return value of <code>GitTag.verification</code> and
<code>GitCommit.verification</code> from <code>dict</code> to
<code>GitCommitVerification</code>.</p>
<p>Code like</p>
<p>.. code-block:: python</p>
<p>tag.verification["reason"]
commit.verification["reason"]</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/da30d6e793ffb4fbe70383b59d2eb7026fe2d8c7"><code>da30d6e</code></a>
Releasing v2.6.1 (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3230">#3230</a>)</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/f997a2f65308fb720503c7bda24a8859dad81e03"><code>f997a2f</code></a>
Add <code>CodeSecurityConfigRepository</code> returned by
`get_repos_for_code_security_c...</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/048a1a3837e8ff4936ee547cd516ebf91613aa73"><code>048a1a3</code></a>
Make <code>GitTag.verification</code> return
<code>GitCommitVerification</code> (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3226">#3226</a>)</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/93297440ce7911b8b32203287efb223c56384faa"><code>9329744</code></a>
Fix incorrect deprecated import (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3225">#3225</a>)</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/d12e7d4cb42b7e55812dbedaabb0642a9baf6e50"><code>d12e7d4</code></a>
Remove schema from <code>Deployment</code>, remove <code>message</code>
attribute (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3223">#3223</a>)</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/f975552acd0a745b717523a52730214647d3d696"><code>f975552</code></a>
Fix broken pickle support for <code>Auth</code> classes (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3211">#3211</a>)</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/f5dc1c762ff2fa7d643a62d6358983da72f66ee4"><code>f5dc1c7</code></a>
Mention removal of <code>AppAuth.private_key</code> in changelog (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3212">#3212</a>)</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/e3e07d7466b4b1b9cae5b50f1a68c7db92e5cb8f"><code>e3e07d7</code></a>
Fix PyPi upload (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3200">#3200</a>)</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/620c83994af1201860b255e04ceb7821e0d2fe2d"><code>620c839</code></a>
Fix PyPi upload (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3199">#3199</a>)</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/bf98e178547db7d4e5e4c04d9deb63ff45b135d6"><code>bf98e17</code></a>
Release 2.6.0 (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3198">#3198</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pygithub/pygithub/compare/v2.5.0...v2.6.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps
[dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact)
from 8 to 9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dawidd6/action-download-artifact/releases">dawidd6/action-download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v9</h2>
<h2>What's Changed</h2>
<ul>
<li>add merge_multiple option by <a
href="https://github.com/timostroehlein"><code>@timostroehlein</code></a>
in <a
href="https://redirect.github.com/dawidd6/action-download-artifact/pull/327">dawidd6/action-download-artifact#327</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/timostroehlein"><code>@timostroehlein</code></a>
made their first contribution in <a
href="https://redirect.github.com/dawidd6/action-download-artifact/pull/327">dawidd6/action-download-artifact#327</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dawidd6/action-download-artifact/compare/v8...v9">https://github.com/dawidd6/action-download-artifact/compare/v8...v9</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dawidd6/action-download-artifact/commit/07ab29fd4a977ae4d2b275087cf67563dfdf0295"><code>07ab29f</code></a>
add merge_multiple option (<a
href="https://redirect.github.com/dawidd6/action-download-artifact/issues/327">#327</a>)</li>
<li>See full diff in <a
href="https://github.com/dawidd6/action-download-artifact/compare/20319c5641d495c8a52e688b7dc5fada6c3a9fbc...07ab29fd4a977ae4d2b275087cf67563dfdf0295">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [actions/cache](https://github.com/actions/cache) from 4.2.2 to
4.2.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v4.2.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to use <code>@actions/cache</code> 4.0.3 package &
prepare for new release by <a
href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1577">actions/cache#1577</a>
(SAS tokens for cache entries are now masked in debug logs)</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1577">actions/cache#1577</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v4.2.2...v4.2.3">https://github.com/actions/cache/compare/v4.2.2...v4.2.3</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>4.2.3</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.3 (obfuscates SAS token in
debug logs for cache entries)</li>
</ul>
<h3>4.2.2</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.2</li>
</ul>
<h3>4.2.1</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.1</li>
</ul>
<h3>4.2.0</h3>
<p>TLDR; The cache backend service has been rewritten from the ground up
for improved performance and reliability. <a
href="https://github.com/actions/cache">actions/cache</a> now integrates
with the new cache service (v2) APIs.</p>
<p>The new service will gradually roll out as of <strong>February 1st,
2025</strong>. The legacy service will also be sunset on the same date.
Changes in these release are <strong>fully backward
compatible</strong>.</p>
<p><strong>We are deprecating some versions of this action</strong>. We
recommend upgrading to version <code>v4</code> or <code>v3</code> as
soon as possible before <strong>February 1st, 2025.</strong> (Upgrade
instructions below).</p>
<p>If you are using pinned SHAs, please use the SHAs of versions
<code>v4.2.0</code> or <code>v3.4.0</code></p>
<p>If you do not upgrade, all workflow runs using any of the deprecated
<a href="https://github.com/actions/cache">actions/cache</a> will
fail.</p>
<p>Upgrading to the recommended versions will not break your
workflows.</p>
<h3>4.1.2</h3>
<ul>
<li>Add GitHub Enterprise Cloud instances hostname filters to inform API
endpoint choices - <a
href="https://redirect.github.com/actions/cache/pull/1474">#1474</a></li>
<li>Security fix: Bump braces from 3.0.2 to 3.0.3 - <a
href="https://redirect.github.com/actions/cache/pull/1475">#1475</a></li>
</ul>
<h3>4.1.1</h3>
<ul>
<li>Restore original behavior of <code>cache-hit</code> output - <a
href="https://redirect.github.com/actions/cache/pull/1467">#1467</a></li>
</ul>
<h3>4.1.0</h3>
<ul>
<li>Ensure <code>cache-hit</code> output is set when a cache is missed -
<a
href="https://redirect.github.com/actions/cache/pull/1404">#1404</a></li>
<li>Deprecate <code>save-always</code> input - <a
href="https://redirect.github.com/actions/cache/pull/1452">#1452</a></li>
</ul>
<h3>4.0.2</h3>
<ul>
<li>Fixed restore <code>fail-on-cache-miss</code> not working.</li>
</ul>
<h3>4.0.1</h3>
<ul>
<li>Updated <code>isGhes</code> check</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/cache/commit/5a3ec84eff668545956fd18022155c47e93e2684"><code>5a3ec84</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1577">#1577</a>
from salmanmkc/salmanmkc/4-test</li>
<li><a
href="https://github.com/actions/cache/commit/7de21022a7b6824c106a9847befcbd8154b45b6a"><code>7de2102</code></a>
Update releases.md</li>
<li><a
href="https://github.com/actions/cache/commit/76d40dd347779762a1c829bbeeda5da4d81ca8c1"><code>76d40dd</code></a>
Update to use the latest version of the cache package to obfuscate the
SAS</li>
<li><a
href="https://github.com/actions/cache/commit/76dd5eb692f606c28d4b7a4ea7cfdffc926ba06a"><code>76dd5eb</code></a>
update cache with main</li>
<li><a
href="https://github.com/actions/cache/commit/8c80c27c5e4498d5675b05fb1eff96a56c593b06"><code>8c80c27</code></a>
new package</li>
<li><a
href="https://github.com/actions/cache/commit/45cfd0e7fffd1869ea4d5bfb54a464d825c1f742"><code>45cfd0e</code></a>
updates</li>
<li><a
href="https://github.com/actions/cache/commit/edd449b9cf39c2a20dc7c3d505ff6dc193c48a02"><code>edd449b</code></a>
updated cache with latest changes</li>
<li><a
href="https://github.com/actions/cache/commit/0576707e373f92196b81695442ed3f80c347f9c7"><code>0576707</code></a>
latest test before pr</li>
<li><a
href="https://github.com/actions/cache/commit/3105dc9754dd9cd935ffcf45c091ed2cadbf42b9"><code>3105dc9</code></a>
update</li>
<li><a
href="https://github.com/actions/cache/commit/9450d42d15022999ad2fa60a8b91f01fc92a0563"><code>9450d42</code></a>
mask</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/cache/compare/d4323d4df104b026a6aa633fdb11d772146be0bf...5a3ec84eff668545956fd18022155c47e93e2684">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Riot is now known as element and Access token moved to Help & About
|
|
This PR makes a few radical changes to media. This now stores the SHA256
hash of each file stored in the database (excluding thumbnails, more on
that later). If a set of media is quarantined, any additional uploads of
the same file contents or any other files with the same hash will be
quarantined at the same time.
Currently this does NOT:
- De-duplicate media, although a future extension could be to do that.
- Run any background jobs to identify the hashes of older files. This
could also be a future extension, though the value of doing so is
limited to combat the abuse of recent media.
- Hash thumbnails. It's assumed that thumbnails are parented to some
form of media, so you'd likely be wanting to quarantine the media and
the thumbnail at the same time.
|
|
This background DB delta removes the old state group deletion background
update from the `background_updates` table if it exists.
The `delete_unreferenced_state_groups_bg_update` update should only
exist in that table if a homeserver ran v1.126.0rc1/v1.126.0rc2, and
rolled back or forward to any other version of Synapse before letting
the update finish.
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [X] Pull request is based on the develop branch
* [X] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [X] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
|
|
|
|
As shared by @reivilibre,
https://github.com/element-hq/synapse/pull/18261#issuecomment-2754607816
Relevant Poetry issue around how this should be handled by them:
https://github.com/python-poetry/poetry/issues/10304
|
|
Fixes https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6
Federation denial of service via malformed events.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This PR fixes #18154 to avoid de-deltaing state groups which resulted in
DB size temporarily increasing until the DB was `VACUUM`'ed. As a
result, less state groups will get deleted now.
It also attempts to improve performance by not duplicating work when
processing state groups it has already processed in previous iterations.
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [X] Pull request is based on the develop branch
* [X] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [X] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
---------
Co-authored-by: Erik Johnston <erikj@element.io>
|
|
|
|
After the [recent supply chain attack](https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup)
in `tj-actions/changed-files` and actions based on it, it's become clear
that relying on git tags to pin our dependencies is not enough (as tags
can simply be replaced). Therefore we need to switch to hashes.
Dependabot should continue to update these dependencies for us.
Best reviewed commit-by-commit. Though if CI passes, we're *probably*
fine.
|
|
issue. (#18074)
To address a performance problem due to the foreign key on the same
column.
cc @erikjohnston
---------
Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
|
|
|
|
|
|
I got rid of the `SYNAPSE_USE_FROZEN_DICTS` environment variable because
it will be overridden by the Synapse worker apps anyway and if we want
to support `SYNAPSE_USE_FROZEN_DICTS`, it should be in
`synapse/config/server.py`. It's also not documented so I'm assuming no
one is using it anyway.
Spawning from looking at the frozen dict stuff during the review of
https://github.com/element-hq/synapse/pull/18103#discussion_r1935876168
|
|
|
|
|
|
When a user sends a state event, do not cancel their own delayed events
for the same piece of state.
For context, see [the relevant section in the
MSC](https://github.com/matrix-org/matrix-spec-proposals/blob/a09a883d9a013ac4b6ffddebd7ea87a827d211b9/proposals/4140-delayed-events-futures.md#delayed-state-events-are-cancelled-by-a-more-recent-state-event).
|
|
We do a few things in this PR to better support caching:
1. Change `Cache-Control` header to allow intermediary proxies to cache
media *only* if they revalidate on every request. This means that the
intermediary cache will still send the request to Synapse but with a
`If-None-Match` header, at which point Synapse can check auth and
respond with a 304 and empty content.
2. Add `ETag` response header to all media responses. We hardcode this
to `1` since all media is immutable (beyond being deleted).
3. Check for `If-None-Match` header (after checking for auth), and if it
matches then respond with a 304 and empty body.
---------
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
|
If one workflow is successful and one fails, currently that is reported
as success.
---------
Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
|
|
Closes: https://github.com/element-hq/synapse/issues/17926
|
|
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.96 to 1.0.97.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/anyhow/releases">anyhow's
releases</a>.</em></p>
<blockquote>
<h2>1.0.97</h2>
<ul>
<li>Documentation improvements</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dtolnay/anyhow/commit/bfb89ef244fa60af17fb844dc3bddf4b62e4ac9f"><code>bfb89ef</code></a>
Release 1.0.97</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/c7fca9b08627fe0c4034a3fd38595ffd7dcc8e0e"><code>c7fca9b</code></a>
Ignore elidable_lifetime_names pedantic clippy lint</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/427c0bb0f34d5da378112f6a19db9efebfd0e40a"><code>427c0bb</code></a>
Point standard library links to stable</li>
<li>See full diff in <a
href="https://github.com/dtolnay/anyhow/compare/1.0.96...1.0.97">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
introduced in v1.126.0rc1), due to a suspected issue that causes increased disk usage. (#18222)
Revert "Add background job to clear unreferenced state groups (#18154)"
This mechanism is suspected of inserting large numbers of rows into
`state_groups_state`,
thus unreasonably increasing disk usage.
See: https://github.com/element-hq/synapse/issues/18217
This reverts commit 5121f9210c989fcc909e78195133876dff3bc9b9 (#18154).
---------
Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
|
|
|
|
Follows: #18212
---------
Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
|
|
Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
|
|
|
|
|
|
|
|
|
|
The context for this is that the Matrix spec allows basically anything
in the device ID. With MSC3861, we're restricting this to strings that
can be represented as scopes.
Whilst this works well for next-gen auth sessions, compatibility/legacy
sessions still can have characters that can't be encoded (mainly spaces)
in them.
To work around that, we added in MAS a behaviour where the device_id is
given as an explicit property of the token introspection response, and
remove it from the scope.
Because we don't expect users to rollout new Synapse and MAS versions in
sync, we needed a way to 'advertise' support for this behaviour: the
easiest way to do that was through an extra header in the introspection
response.
On the longer term, I expect MAS and Synapse to move away from the
introspection endpoint, and instead define a specific API for Synapse ->
MAS communication.
PR on the MAS side:
https://github.com/element-hq/matrix-authentication-service/pull/4067
|
|
Allows overriding the `redirect_uri` parameter sent to both the
authorization and token endpoints of the IdP. Typically this parameter
is hardcoded to `<public_baseurl>/_synapse/client/oidc/callback`.
Yet it can be useful in certain contexts to allow a different callback
URL. For instance, if you would like to intercept the authorization code
returned from the IdP and do something with it, before eventually
calling Synapse's OIDC callback URL yourself.
This change enables enterprise use cases but does not change the default
behaviour.
---
Best reviewed commit-by-commit.
---------
Co-authored-by: Eric Eastwood <erice@element.io>
|
|
Workers now get their secrets from files, too! There are not many config
options left to pathify :) Includes documentation and unit tests.
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
---------
Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>
|
|
I [was
told](https://github.com/element-hq/synapse/pull/17983#issuecomment-2593370897)
about another config option with a secret, so I got `form_secret` a
companion: `form_secret_path`
This PR makes NixOS and Kubernetes users a little bit happy. Includes
docs and tests.
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
|
|
Bumps [pyo3-log](https://github.com/vorner/pyo3-log) from 0.12.0 to
0.12.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vorner/pyo3-log/blob/main/CHANGELOG.md">pyo3-log's
changelog</a>.</em></p>
<blockquote>
<h1>0.12.1</h1>
<ul>
<li>Pass-through exceptions (<a
href="https://redirect.github.com/vorner/pyo3-log/issues/57">#57</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vorner/pyo3-log/commit/835647f0baf76e0af28178f8a3a63df25849fdfb"><code>835647f</code></a>
Release 0.12.1</li>
<li><a
href="https://github.com/vorner/pyo3-log/commit/5765e3f10d93b9ffc8291c4050bcaeb4df756293"><code>5765e3f</code></a>
Stop swallowing exceptions (<a
href="https://redirect.github.com/vorner/pyo3-log/issues/58">#58</a>)</li>
<li>See full diff in <a
href="https://github.com/vorner/pyo3-log/compare/v0.12.0...v0.12.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>
Co-authored-by: Devon Hudson <devonhudson@librem.one>
|
|
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.217 to
1.0.218.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/serde-rs/serde/releases">serde's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.218</h2>
<ul>
<li>Documentation improvements</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/serde-rs/serde/commit/7bfd518dd44a3fcf17bb6d46345c23fe7e60e8e3"><code>7bfd518</code></a>
Release 1.0.218</li>
<li><a
href="https://github.com/serde-rs/serde/commit/723a9491e256486eb85ec0e7e6389c10e41d2eff"><code>723a949</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2895">#2895</a>
from dtolnay/stabledoc</li>
<li><a
href="https://github.com/serde-rs/serde/commit/2b44efb085aa219cb9f474983cb081731f4443d6"><code>2b44efb</code></a>
Point standard library links to stable</li>
<li><a
href="https://github.com/serde-rs/serde/commit/03dc0fc137675c4fd67b8828d18b92230ca2be2e"><code>03dc0fc</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/serde/issues/2894">#2894</a>
from dtolnay/doclink</li>
<li><a
href="https://github.com/serde-rs/serde/commit/85cb0c478e249e47b897dbfe59e5d271377e0bc3"><code>85cb0c4</code></a>
Convert html links to intra-doc links</li>
<li><a
href="https://github.com/serde-rs/serde/commit/abe71944803429f3ba160528237f66689a0440dd"><code>abe7194</code></a>
Update ui test suite to nightly-2025-02-12</li>
<li><a
href="https://github.com/serde-rs/serde/commit/aaccac7413fa44c74ca40c3b7d956a70bb144330"><code>aaccac7</code></a>
Unset doc-scrape-examples for lib target</li>
<li><a
href="https://github.com/serde-rs/serde/commit/7cd4d84cac270200ed2ab1adb3a2847fa54a3766"><code>7cd4d84</code></a>
Update ui test suite to nightly-2025-02-07</li>
<li><a
href="https://github.com/serde-rs/serde/commit/04ff3e8f950eb9862759781d85ec29d906917b70"><code>04ff3e8</code></a>
More precise gitignore patterns</li>
<li><a
href="https://github.com/serde-rs/serde/commit/dc3031b614eba65d8930bc90daabc45e627230d1"><code>dc3031b</code></a>
Remove *.sw[po] from gitignore</li>
<li>Additional commits viewable in <a
href="https://github.com/serde-rs/serde/compare/v1.0.217...v1.0.218">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Apply ratelimiting on delayed event management separately from messages.
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [ ] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
---------
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
|
(#18152)
Previously it was in the middle of the parameter definitions.
|
|
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.95 to 1.0.96.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/anyhow/releases">anyhow's
releases</a>.</em></p>
<blockquote>
<h2>1.0.96</h2>
<ul>
<li>Documentation improvements</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dtolnay/anyhow/commit/f0aa0d367f7545827d4034c9fe4394b9ce9069c3"><code>f0aa0d3</code></a>
Release 1.0.96</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/bc33c24bd29029e2e609c94f59b67dec489bb325"><code>bc33c24</code></a>
Convert html links to intra-doc links</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/1cff785c761491ea42f41e8981d81042945e5952"><code>1cff785</code></a>
Unset doc-scrape-examples for lib target</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/d71c806e972e27004121337813fe54beefc661ba"><code>d71c806</code></a>
More precise gitignore patterns</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/3e409755ce450b19ba42f620f0db0d102e41bb92"><code>3e40975</code></a>
Remove **/*.rs.bk from project-specific gitignore</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/b880dd050e98417ad2b47472b71e47c788126faf"><code>b880dd0</code></a>
Ignore Cargo-generated tests/crate/target directory</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/8891ce34b4552f14ab243162ecfb6e8bf62bce16"><code>8891ce3</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/anyhow/issues/404">#404</a>
from dtolnay/missingabi</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/51a173ee6894f01a1cb720406b42e6bc799260bf"><code>51a173e</code></a>
Ignore missing_abi lint in nightly-2025-01-16</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/4d71a84097b67307dff20f489621b015388cccc6"><code>4d71a84</code></a>
Ignore double_ended_iterator_last clippy lint</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/af0937ef72fbaf9784a6c991e029738728d025e2"><code>af0937e</code></a>
Update ui test suite to nightly-2025-01-02</li>
<li>Additional commits viewable in <a
href="https://github.com/dtolnay/anyhow/compare/1.0.95...1.0.96">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [click](https://github.com/pallets/click) from 8.1.7 to 8.1.8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/click/releases">click's
releases</a>.</em></p>
<blockquote>
<h2>8.1.8</h2>
<p>This is the Click 8.1.8 fix release, which fixes bugs but does not
otherwise change behavior and should not result in breaking changes
compared to the latest feature release.</p>
<p>PyPI: <a
href="https://pypi.org/project/click/8.1.8/">https://pypi.org/project/click/8.1.8/</a>
Changes: <a
href="https://click.palletsprojects.com/en/stable/changes/#version-8-1-8">https://click.palletsprojects.com/en/stable/changes/#version-8-1-8</a>
Milestone <a
href="https://github.com/pallets/click/milestones/23?closed=1">https://github.com/pallets/click/milestones/23?closed=1</a></p>
<ul>
<li>Fix an issue with type hints for <code>click.open_file()</code>. <a
href="https://redirect.github.com/pallets/click/issues/2717">#2717</a></li>
<li>Fix issue where error message for invalid <code>click.Path</code>
displays on
multiple lines. <a
href="https://redirect.github.com/pallets/click/issues/2697">#2697</a></li>
<li>Fixed issue that prevented a default value of
<code>""</code> from being displayed in
the help for an option. <a
href="https://redirect.github.com/pallets/click/issues/2500">#2500</a></li>
<li>The test runner handles stripping color consistently on Windows. <a
href="https://redirect.github.com/pallets/click/issues/2705">#2705</a></li>
<li>Show correct value for flag default when using
<code>default_map</code>. <a
href="https://redirect.github.com/pallets/click/issues/2632">#2632</a></li>
<li>Fix <code>click.echo(color=...)</code> passing <code>color</code> to
coloroma so it can be
forced on Windows. <a
href="https://redirect.github.com/pallets/click/issues/2606">#2606</a>.</li>
<li>More robust bash version check, fixing problem on Windows with
git-bash. <a
href="https://redirect.github.com/pallets/click/issues/2638">#2638</a></li>
<li>Cache the help option generated by the
<code>help_option_names</code> setting to
respect its eagerness. <a
href="https://redirect.github.com/pallets/click/issues/2811">#2811</a></li>
<li>Replace uses of <code>os.system</code> with
<code>subprocess.Popen</code>. <a
href="https://redirect.github.com/pallets/click/issues/1476">#1476</a></li>
<li>Exceptions generated during a command will use the context's
<code>color</code>
setting when being displayed. <a
href="https://redirect.github.com/pallets/click/issues/2193">#2193</a></li>
<li>Error message when defining option with invalid name is more
descriptive. <a
href="https://redirect.github.com/pallets/click/issues/2452">#2452</a></li>
<li>Refactor code generating default <code>--help</code> option to
deduplicate code. <a
href="https://redirect.github.com/pallets/click/issues/2563">#2563</a></li>
<li>Test <code>CLIRunner</code> resets patched
<code>_compat.should_strip_ansi</code>. <a
href="https://redirect.github.com/pallets/click/issues/2732">#2732</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/click/blob/main/CHANGES.rst">click's
changelog</a>.</em></p>
<blockquote>
<h2>Version 8.1.8</h2>
<p>Unreleased</p>
<ul>
<li>Fix an issue with type hints for <code>click.open_file()</code>.
:issue:<code>2717</code></li>
<li>Fix issue where error message for invalid <code>click.Path</code>
displays on
multiple lines. :issue:<code>2697</code></li>
<li>Fixed issue that prevented a default value of
<code>""</code> from being displayed in
the help for an option. :issue:<code>2500</code></li>
<li>The test runner handles stripping color consistently on Windows.
:issue:<code>2705</code></li>
<li>Show correct value for flag default when using
<code>default_map</code>.
:issue:<code>2632</code></li>
<li>Fix <code>click.echo(color=...)</code> passing <code>color</code> to
coloroma so it can be
forced on Windows. :issue:<code>2606</code>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pallets/click/commit/934813e4d421071a1b3db3973c02fe2721359a6e"><code>934813e</code></a>
release version 8.1.8</li>
<li><a
href="https://github.com/pallets/click/commit/c23223b13c847ae472faa258907ffb5c27b504fa"><code>c23223b</code></a>
Add links to third-party projects enhancing Click (<a
href="https://redirect.github.com/pallets/click/issues/2815">#2815</a>)</li>
<li><a
href="https://github.com/pallets/click/commit/822d4fd0bcfcd0ab22c9eec550ee2dae2a3d260c"><code>822d4fd</code></a>
Add links to third-party projects</li>
<li><a
href="https://github.com/pallets/click/commit/8e7bed0466fd49acf8bcf1399f54d7dc783fd6a1"><code>8e7bed0</code></a>
Break up arguments section (<a
href="https://redirect.github.com/pallets/click/issues/2586">#2586</a>)</li>
<li><a
href="https://github.com/pallets/click/commit/3241541fc89fe9c79908a6099fa2235dd20016e8"><code>3241541</code></a>
Remove some typing hints.</li>
<li><a
href="https://github.com/pallets/click/commit/bed037717d5f39cf875d83df4025e62beebc77f4"><code>bed0377</code></a>
remove test pypi</li>
<li><a
href="https://github.com/pallets/click/commit/653459007a15e4d75187acc5a1e1a08cbd787814"><code>6534590</code></a>
update dev dependencies</li>
<li><a
href="https://github.com/pallets/click/commit/b1e392e69b2a32566550aa41c38875e9cafe2456"><code>b1e392e</code></a>
fix typos</li>
<li><a
href="https://github.com/pallets/click/commit/fdc6b020465751d26f9e74a707f2c058b0dd251f"><code>fdc6b02</code></a>
Fix missing reset in isolation function (<a
href="https://redirect.github.com/pallets/click/issues/2733">#2733</a>)</li>
<li><a
href="https://github.com/pallets/click/commit/ffd43e9dc3b90bd698088fc7ebac9dbc6a4444b2"><code>ffd43e9</code></a>
Fixed missing reset on _compat.should_strip_ansi.</li>
<li>Additional commits viewable in <a
href="https://github.com/pallets/click/compare/8.1.7...8.1.8">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [authlib](https://github.com/lepture/authlib) from 1.4.0 to 1.4.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/lepture/authlib/releases">authlib's
releases</a>.</em></p>
<blockquote>
<h2>Version 1.4.1</h2>
<ul>
<li>Improve garbage collection on OAuth clients. <a
href="https://redirect.github.com/lepture/authlib/issues/698">#698</a></li>
<li>Fix client parameters for httpx. <a
href="https://redirect.github.com/lepture/authlib/issues/694">#694</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/lepture/authlib/blob/main/docs/changelog.rst">authlib's
changelog</a>.</em></p>
<blockquote>
<h2>Version 1.4.1</h2>
<p><strong>Released on Jan 28, 2025</strong></p>
<ul>
<li>Improve garbage collection on OAuth clients.
:issue:<code>698</code></li>
<li>Fix client parameters for httpx. :issue:<code>694</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/lepture/authlib/commit/0e8f480e9c9a91ab3dc8017de70f59014e66664d"><code>0e8f480</code></a>
chore: release 1.4.1</li>
<li><a
href="https://github.com/lepture/authlib/commit/c46e939c38c507438dee039440e74e8f97f8ef9d"><code>c46e939</code></a>
fix(client): improve garbage collection for oauth clients</li>
<li><a
href="https://github.com/lepture/authlib/commit/9188e21283e52f42b0e495d978d255715d6fae7b"><code>9188e21</code></a>
fix(httpx): remove compact code for httpx</li>
<li><a
href="https://github.com/lepture/authlib/commit/c7e2d9f76f7c780d7dce538e55d2d0a279d64e02"><code>c7e2d9f</code></a>
fix(httpx): update test cases for httpx</li>
<li><a
href="https://github.com/lepture/authlib/commit/ce1405dd14795e20c9429757780cf2e5c74bd011"><code>ce1405d</code></a>
fix: improve garbage collection via <a
href="https://redirect.github.com/lepture/authlib/issues/698">#698</a></li>
<li><a
href="https://github.com/lepture/authlib/commit/532cce618b07dd15843437da0b18f04ceb36b0a4"><code>532cce6</code></a>
fix: update httpx client kwargs <a
href="https://redirect.github.com/lepture/authlib/issues/694">#694</a></li>
<li><a
href="https://github.com/lepture/authlib/commit/fe12a578854fb64c8a3906676ba7d2a2b9579459"><code>fe12a57</code></a>
chore: update readme</li>
<li>See full diff in <a
href="https://github.com/lepture/authlib/compare/v1.4.0...v1.4.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [log](https://github.com/rust-lang/log) from 0.4.25 to 0.4.26.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/log/releases">log's
releases</a>.</em></p>
<blockquote>
<h2>0.4.26</h2>
<h2>What's Changed</h2>
<ul>
<li>Derive <code>Clone</code> for <code>kv::Value</code> by <a
href="https://github.com/SpriteOvO"><code>@SpriteOvO</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/668">rust-lang/log#668</a></li>
<li>Add <code>spdlog-rs</code> link to crate doc by <a
href="https://github.com/SpriteOvO"><code>@SpriteOvO</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/669">rust-lang/log#669</a></li>
<li>Prepare for 0.4.26 release by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/670">rust-lang/log#670</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rust-lang/log/compare/0.4.25...0.4.26">https://github.com/rust-lang/log/compare/0.4.25...0.4.26</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/log/blob/master/CHANGELOG.md">log's
changelog</a>.</em></p>
<blockquote>
<h2>[0.4.26] - 2025-02-18</h2>
<h2>What's Changed</h2>
<ul>
<li>Derive <code>Clone</code> for <code>kv::Value</code> by <a
href="https://github.com/SpriteOvO"><code>@SpriteOvO</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/668">rust-lang/log#668</a></li>
<li>Add <code>spdlog-rs</code> link to crate doc by <a
href="https://github.com/SpriteOvO"><code>@SpriteOvO</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/669">rust-lang/log#669</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rust-lang/log/compare/0.4.25...0.4.26">https://github.com/rust-lang/log/compare/0.4.25...0.4.26</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/rust-lang/log/commit/5a915548178b06f16049e3a4d0de79251bdf9603"><code>5a91554</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/log/issues/670">#670</a>
from rust-lang/cargo/0.4.26</li>
<li><a
href="https://github.com/rust-lang/log/commit/5aba0c2290067bf527bbff762cf5414096502446"><code>5aba0c2</code></a>
prepare for 0.4.26 release</li>
<li><a
href="https://github.com/rust-lang/log/commit/0551261bb4588b7f8afc8be05640347c97b67e10"><code>0551261</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/log/issues/669">#669</a>
from SpriteOvO/crate-doc-update</li>
<li><a
href="https://github.com/rust-lang/log/commit/3ff3bdcbd79e9e36c3d6c318d3a6d56a97d3b119"><code>3ff3bdc</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/log/issues/668">#668</a>
from SpriteOvO/value-clone</li>
<li><a
href="https://github.com/rust-lang/log/commit/931d8832d0c60d062ee61d228def4044efcbd8c0"><code>931d883</code></a>
Add <code>spdlog-rs</code> link to crate doc</li>
<li><a
href="https://github.com/rust-lang/log/commit/310c9b43ffe767dec16531c7839861b28f709ee9"><code>310c9b4</code></a>
Derive <code>Clone</code> for <code>kv::Value</code></li>
<li>See full diff in <a
href="https://github.com/rust-lang/log/compare/0.4.25...0.4.26">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.138 to
1.0.139.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/serde-rs/json/releases">serde_json's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.139</h2>
<ul>
<li>Documentation improvements</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/serde-rs/json/commit/4d4f53c3b7de3259b6a8a15ef4d5f4edb47af32f"><code>4d4f53c</code></a>
Release 1.0.139</li>
<li><a
href="https://github.com/serde-rs/json/commit/5d6b32f3786e93e0c73a497bd1a900ae256f7f13"><code>5d6b32f</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1242">#1242</a>
from dtolnay/writefloat</li>
<li><a
href="https://github.com/serde-rs/json/commit/e5bb8bd38fe3b347655429b79d21ed89b366b706"><code>e5bb8bd</code></a>
Document behavior of write_f32/f64 on non-finite floats</li>
<li><a
href="https://github.com/serde-rs/json/commit/7a797810d2bedb9255ecef720112623ddb356805"><code>7a79781</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1241">#1241</a>
from dtolnay/doclink</li>
<li><a
href="https://github.com/serde-rs/json/commit/13591f1dd4baf2d510e56138599906815e9d798a"><code>13591f1</code></a>
Convert html links to intra-doc links</li>
<li><a
href="https://github.com/serde-rs/json/commit/1d7378e8ee87e9225da28094329e06345b76cd99"><code>1d7378e</code></a>
Unset doc-scrape-examples for lib target</li>
<li><a
href="https://github.com/serde-rs/json/commit/1174c5f57db44c26460951b525c6ede50984b655"><code>1174c5f</code></a>
Resolve unnecessary_semicolon pedantic clippy lint</li>
<li>See full diff in <a
href="https://github.com/serde-rs/json/compare/v1.0.138...v1.0.139">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Adds the `--no-secrets-in-config` command line option that makes Synapse
reject all configurations containing keys with in-line secret values.
Currently this rejects
- `turn_shared_secret`
- `registration_shared_secret`
- `macaroon_secret_key`
- `recaptcha_private_key`
- `recaptcha_public_key`
- `experimental_features.msc3861.client_secret`
- `experimental_features.msc3861.jwk`
- `experimental_features.msc3861.admin_token`
- `form_secret`
- `redis.password`
- `worker_replication_secret`
> [!TIP]
> Hey, you! Yes, you! 😊 If you think this list is missing an item,
please leave a comment below. Thanks :)
This PR complements my other PRs[^1] that add the corresponding `_path`
variants for this class of config options. It enables admins to enforce
a policy of no secrets in configuration files and guards against
accident and malice.
Because I consider the flag `--no-secrets-in-config` to be
security-relevant, I did not add a corresponding `--secrets-in-config`
flag; this way, if Synapse command line options are appended at various
places, there is no way to weaken the once-set setting with a succeeding
flag.
[^1]: [#17690](https://github.com/element-hq/synapse/pull/17690),
[#17717](https://github.com/element-hq/synapse/pull/17717),
[#17983](https://github.com/element-hq/synapse/pull/17983),
[#17984](https://github.com/element-hq/synapse/pull/17984),
[#18004](https://github.com/element-hq/synapse/pull/18004),
[#18090](https://github.com/element-hq/synapse/pull/18090)
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
|
|
Fixes #18150
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [X] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [X] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
---------
Co-authored-by: Erik Johnston <erikj@element.io>
|
|
|
|
Synapse (#18178)
MSC4108 relies on ETag to determine if something has changed on the
rendez-vous channel.
Strong and correct ETag comparison works if the response body is
bit-for-bit identical, which isn't the case if a proxy in the middle
compresses the response on the fly.
This adds a `no-transform` directive to the `Cache-Control` header,
which tells proxies not to transform the response body.
Additionally, some proxies (nginx) will switch to `Transfer-Encoding:
chunked` if it doesn't know the Content-Length of the response, and
'weakening' the ETag if that's the case. I've added `Content-Length`
headers to all responses, to hopefully solve that.
This basically fixes QR-code login when nginx or cloudflare is involved,
with gzip/zstd/deflate compression enabled.
|
|
Bumps [types-psycopg2](https://github.com/python/typeshed) from
2.9.21.20241019 to 2.9.21.20250121.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/python/typeshed/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 3.8.0 to 3.8.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v3.8.1</h2>
<h2>What's Changed</h2>
<ul>
<li>use cosign 2.4.3 and other updates by <a
href="https://github.com/cpanato"><code>@cpanato</code></a> in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/182">sigstore/cosign-installer#182</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v3...v3.8.1">https://github.com/sigstore/cosign-installer/compare/v3...v3.8.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sigstore/cosign-installer/commit/d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a"><code>d7d6bc7</code></a>
use cosign 2.4.3 and other updates (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/182">#182</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v3.8.0...v3.8.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
This is in line with our general policy of ensuring that the default
config is reasonably locked down.
SyTest PR to fix tests: https://github.com/matrix-org/sytest/pull/1396
|
|
Missed in the first round.
|
|
OpenID identity provider (#18177)
Normally, when `discovery` is enabled,
`id_token_signing_alg_values_supported` comes from the OpenID Discovery
Document (`/.well-known/openid-configuration`). If nothing was
specified, we default to supporting `RS256` in the downstream usage.
This PR just adds support for adding a default/overriding the the
discovered value [just like we do for other things like the
`token_endpoint`](https://github.com/element-hq/synapse/blob/1525a3b4d48a0f5657d61423e1f205bff9a77948/docs/usage/configuration/config_documentation.md#oidc_providers),
etc.
|
|
Missed in the transition from experimental to stable.
Fixes #18160
|
|
This is a split off #18033
This uses a few tricks to speed up the building of docker images:
- This switches to use `uv pip install` instead of `pip install`. This
saves a bunch of time, especially when cross-compiling
- I then looked at what packages were not using binary wheels: I
upgraded MarkupSafe to have binaries for py3.12, and got back to Python
3.12 because hiredis didn't have builds for py3.13 with the version we
were using
- The generation of the requirements.txt is arch-agnostic, so I've
switched this one to run on the build architecture, so that both arch
can share it
- The download of runtime depdendencies can be done on the build
architecture through manual `apt-get download` plus `dpkg --extract`
- We were using -slim images, but still installed a bunch of -dev
dependencies. Turns out, all the dev dependencies were already installed
in the non-slim image, which saves a bunch of time as well
|
|
This has been a problem with Element Web, as it will proble /register
with an empty body, which gave this error:
```
curl -d '{}' -HContent-Type:application/json /_matrix/client/v3/register
{"errcode": "M_UNKNOWN",
"error": "Invalid username"}
```
And Element Web would choke on it. This changes that so we reply
instead:
```
{"errcode": "M_FORBIDDEN",
"error": "Registration has been disabled. Only m.login.application_service registrations are allowed."}
```
Also adds a test for this.
See https://github.com/element-hq/element-web/issues/27993
---------
Co-authored-by: Andrew Morgan <andrew@amorgan.xyz>
|
|
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
|
|
|
|
|
|
- Add `get_current_time_msec()` method to the [module
API](https://matrix-org.github.io/synapse/latest/modules/writing_a_module.html)
for sound time comparisons with Synapse.
- Fixes #18104
Signed-off-by: Ahmed Qashlan <ahmedelqashlan@gmail.com>
Co-authored-by: Eric Eastwood <madlittlemods@gmail.com>
Co-authored-by: Erik Johnston <erikj@jki.re>
|
|
Adds new environment variables that can be used with the Docker image
(`SYNAPSE_HTTP_PROXY`/`SYNAPSE_HTTPS_PROXY`/`SYNAPSE_NO_PROXY`)
Useful for things like the [Secure Border
Gateway](https://element.io/server-suite/secure-border-gateways)
### Why is this necessary?
You can already configure the `HTTP_PROXY`/`HTTPS_PROXY` environment
variables to proxy outbound requests but setting this globally in the
Docker image affects all processes which isn't always desirable or
workable in the case where the proxy is running in the Docker image
itself (because the Debian packages will fail to download because the
proxy isn't up and running yet) . Adding Synapse specific environment
variables
(`SYNAPSE_HTTP_PROXY`/`SYNAPSE_HTTPS_PROXY`/`SYNAPSE_NO_PROXY`) makes
things much more targetable.
|
|
If a user search has many words we can end up creating really large
queries that take a long time for the database to process. Generally,
such searches don't return any results anyway (due to limits on user ID
and display name length).
We "fix" this by cheating and only searching for the first ten words.
|
|
Document consequences of replacing secrets. The covered config options
are `registration_shared_secret`, `macaroon_secret_key`, `form_secret`
and `worker_replication_secret`.
Even though I looked at the source code to check the added documentation
is right, I would appreciate additional verification of the statements
made.
In an hand-wavy attempt at classifying how bad the consequences of
secret replacement are, I added some explanations as warnings and others
as regular paragraphs.
Closes #17971
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
|
|
|
|
|
|
|
|
|
|
I was looking into the `USE_FROZEN_DICTS` option during the review of
https://github.com/element-hq/synapse/pull/18103#discussion_r1935876168
and noticed that there are several other server config options that
aren't in the docs.
|
|
This is to help track down a possible, but very rare, worker deadlock
that was seen on matrix.org.
In theory, you could work back from an instance of these new logs to the
approximate time when the lock was obtained and focus the diagnostic
efforts there.
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
|
|
When updating 3pid for a user email from admin api and sending invalid
email the server throws 500 internal server error.
changed to 400 Bad request and returned the error message
Signed-off-by: qashlan <ahmedelqashlan@gmail.com>
Signed-off-by: Ahmed Qashlan <ahmedelqashlan@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Missed in https://github.com/element-hq/synapse/pull/18000
|
|
|
|
Some small cleanups after Python3.8 became EOL.
- Move some type imports from `typing_extensions` to `typing`
- Remove the `abi3-py38` feature from pyo3
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
---------
Co-authored-by: Quentin Gliech <quenting@element.io>
|
|
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
---------
Co-authored-by: Quentin Gliech <quenting@element.io>
|
|
separation (#17949)
In the current `attribute_requirements` implementation it is only
possible to allow exact matching attribute values. Multiple allowed
values for one attribute are not possible as described in #13238.
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
---------
Co-authored-by: Sebastian Neuser <pzkz@infra.run>
Co-authored-by: Quentin Gliech <quenting@element.io>
|
|
We log incorrect ones as we want to catch bugs where Synapse returns bad
tokens. However, sometimes clients just send tokens that are e.g. empty.
---------
Co-authored-by: Eric Eastwood <erice@element.io>
|
|
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [X] Pull request is based on the develop branch
* [X] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [X] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
I forgot the guide applies to Oracle Linux as well. In fact, I ran a
small homeserver on OEL a few months back.
I did minimal installations on Rocky and OEL on VirtualBox and noticed
Codeready/Powertools repos aren't required, so I removed those commands
from the guide. I switched `RHEL`-references to `EL`.
#17423 was merged before I remembered about OEL but a new PR shouldn't
hurt :)
---------
Co-authored-by: Quentin Gliech <quenting@element.io>
|
|
|
|
Regressed as part of https://github.com/element-hq/synapse/pull/18107
This does two things:
1. Only check if the state groups have been deleted when calculating the
event context (as that's when we will insert them). This avoids lots of
checks for read operations.
2. Don't lock the `state_groups` rows when doing the check. This adds
overhead, and it doesn't prevent any races.
|
|
|
|
Introduced in #18107
`UniqueViolation: duplicate key value violates unique constraint
"state_groups_persisting_pkey"`
|
|
Update readme & LICENSE files to make it explicit that you can buy a
commercial license as an AGPL alternative from Element.
|
|
c.f. #18121
---------
Co-authored-by: Quentin Gliech <quenting@element.io>
|
|
Broke in #17916, as the signature inspection incorrectly looks at the
wrapper function. We fix this by setting the signature on the wrapper
function to that of the wrapped function via `@functools.wraps`.
|
|
Another PR on my quest to a `*_path` variant for every secret. Adds two
config options `admin_token_path` and `client_secret_path` to the
experimental config under `experimental_features.msc3861`. Also includes
tests.
I tried to be a good citizen here by following `attrs` conventions and
not rewriting the corresponding non-path variants in the class, but
instead adding methods to retrieve the value.
Reading secrets from files has the security advantage of separating the
secrets from the config. It also simplifies secrets management in
Kubernetes. Also useful to NixOS users.
|
|
|
|
(#18131)
When purging history, we try and delete any state groups that become
unreferenced (i.e. there are no longer any events that directly
reference them). When we delete a state group that is referenced by
another state group, we "de-delta" that state group so that it no longer
refers to the state group that is deleted.
There are two bugs with this approach that we fix here:
1. There is a common pattern where we end up storing two state groups
when persisting a state event: the state before and after the new state
event, where the latter is stored as a delta to the former. When
deleting state groups we only deleted the "new" state and left (and
potentially de-deltaed) the old state. This was due to a bug/typo when
trying to find referenced state groups.
2. There are times where we store unreferenced state groups in the DB,
during the purging of history these would not get rechecked and instead
always de-deltaed. Instead, we should check for this case and delete any
unreferenced state groups rather than de-deltaing them.
The effect of the above bugs is that when purging history we'd end up
with lots of unreferenced state groups that had been de-deltaed (i.e.
stored as the full state). This can lead to dramatic increases in
storage space used.
|
|
This actually makes it so that deleting state groups goes via the new
mechanism.
c.f. #18107
|
|
Currently we don't really have anything that stops us from deleting
state groups when an in-flight event references it. This is a fairly
rare race currently, but we want to be able to more aggressively delete
state groups so it is important to address this to ensure that the
database remains valid.
This implements the locking, but doesn't actually use it.
See the class docstring of the new data store for an explanation for how
this works.
---------
Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>
|
|
This is so workers can call these functions.
This was preventing the [Delete Room Admin
API](https://element-hq.github.io/synapse/latest/admin_api/rooms.html#version-2-new-version)
from succeeding when `block: true` was specified. This was because we
had `run_background_tasks_on` configured to run on a separate worker.
As workers weren't able to call the `block_room` storage function before
this PR, the (delete room) task failed when taken off the queue by the
worker.
|
|
string (#18112)
Previously, a value like `5q` would be interpreted as 5 milliseconds. We
should just raise an error instead of letting someone run with a
misconfiguration.
|
|
|
|
This PR changes the logic so that deactivated users are always ignored.
Suspended users were already effectively ignored as Synapse forbids a
join while suspended.
---------
Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>
|
|
Bumps [python-multipart](https://github.com/Kludex/python-multipart)
from 0.0.18 to 0.0.20.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/Kludex/python-multipart/releases">python-multipart's
releases</a>.</em></p>
<blockquote>
<h2>Version 0.0.20</h2>
<h2>What's Changed</h2>
<ul>
<li>Handle messages containing only end boundary, fixes <a
href="https://redirect.github.com/Kludex/python-multipart/issues/38">#38</a>
by <a href="https://github.com/jhnstrk"><code>@jhnstrk</code></a> in <a
href="https://redirect.github.com/Kludex/python-multipart/pull/142">Kludex/python-multipart#142</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/Mr-Sunglasses"><code>@Mr-Sunglasses</code></a>
made their first contribution in <a
href="https://redirect.github.com/Kludex/python-multipart/pull/185">Kludex/python-multipart#185</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/Kludex/python-multipart/compare/0.0.19...0.0.20">https://github.com/Kludex/python-multipart/compare/0.0.19...0.0.20</a></p>
<h2>Version 0.0.19</h2>
<h2>What's Changed</h2>
<ul>
<li>Don't warn when CRLF is found after last boundary by <a
href="https://github.com/Kludex"><code>@Kludex</code></a> in <a
href="https://redirect.github.com/Kludex/python-multipart/pull/193">Kludex/python-multipart#193</a></li>
</ul>
<hr />
<p><strong>Full Changelog</strong>: <a
href="https://github.com/Kludex/python-multipart/compare/0.0.18...0.0.19">https://github.com/Kludex/python-multipart/compare/0.0.18...0.0.19</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md">python-multipart's
changelog</a>.</em></p>
<blockquote>
<h2>0.0.20 (2024-12-16)</h2>
<ul>
<li>Handle messages containing only end boundary <a
href="https://redirect.github.com/Kludex/python-multipart/pull/142">#142</a>.</li>
</ul>
<h2>0.0.19 (2024-11-30)</h2>
<ul>
<li>Don't warn when CRLF is found after last boundary on
<code>MultipartParser</code> <a
href="https://redirect.github.com/Kludex/python-multipart/pull/193">#193</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Kludex/python-multipart/commit/b083cef4d6c68cf036bae1d9c68a986c6e1e3cc4"><code>b083cef</code></a>
Version 0.0.20 (<a
href="https://redirect.github.com/Kludex/python-multipart/issues/197">#197</a>)</li>
<li><a
href="https://github.com/Kludex/python-multipart/commit/04d3cf5ef58c8ac8d28d36ea410fba131f5eff3f"><code>04d3cf5</code></a>
Handle messages containing only end boundary, fixes <a
href="https://redirect.github.com/Kludex/python-multipart/issues/38">#38</a>
(<a
href="https://redirect.github.com/Kludex/python-multipart/issues/142">#142</a>)</li>
<li><a
href="https://github.com/Kludex/python-multipart/commit/f1c5a2821b24786f418ae535aa2fbb5ae4c60d6c"><code>f1c5a28</code></a>
feat: Add python 3.13 in CI matrix. (<a
href="https://redirect.github.com/Kludex/python-multipart/issues/185">#185</a>)</li>
<li><a
href="https://github.com/Kludex/python-multipart/commit/4bffa0c7c6c836ace85486b95c1e144e340059d8"><code>4bffa0c</code></a>
doc: A file parameter is not a field (<a
href="https://redirect.github.com/Kludex/python-multipart/issues/127">#127</a>)</li>
<li><a
href="https://github.com/Kludex/python-multipart/commit/6f3295bc79a1f8decdb23ce1720a6428908d8e33"><code>6f3295b</code></a>
Bump astral-sh/setup-uv from 3 to 4 in the github-actions group (<a
href="https://redirect.github.com/Kludex/python-multipart/issues/194">#194</a>)</li>
<li><a
href="https://github.com/Kludex/python-multipart/commit/c4fe4d3cebc08c660e57dd709af1ffa7059b3177"><code>c4fe4d3</code></a>
Don't warn when CRLF is found after last boundary (<a
href="https://redirect.github.com/Kludex/python-multipart/issues/193">#193</a>)</li>
<li>See full diff in <a
href="https://github.com/Kludex/python-multipart/compare/0.0.18...0.0.20">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.135 to
1.0.137.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/serde-rs/json/releases">serde_json's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.137</h2>
<ul>
<li>Turn on "float_roundtrip" and "unbounded_depth"
features for serde_json in play.rust-lang.org (<a
href="https://redirect.github.com/serde-rs/json/issues/1231">#1231</a>)</li>
</ul>
<h2>v1.0.136</h2>
<ul>
<li>Optimize serde_json::value::Serializer::serialize_map by using
Map::with_capacity (<a
href="https://redirect.github.com/serde-rs/json/issues/1230">#1230</a>,
thanks <a
href="https://github.com/goffrie"><code>@goffrie</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/serde-rs/json/commit/eb49e28204c45faa692e0ca5485958b3bdc6f310"><code>eb49e28</code></a>
Release 1.0.137</li>
<li><a
href="https://github.com/serde-rs/json/commit/51c48ab3b07979b648643cff70cd430217539481"><code>51c48ab</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1231">#1231</a>
from dtolnay/playground</li>
<li><a
href="https://github.com/serde-rs/json/commit/7d8f15b96351d9414e17c9ec4c095f51b259872e"><code>7d8f15b</code></a>
Enable "float_roundtrip" and "unbounded_depth"
features in playground</li>
<li><a
href="https://github.com/serde-rs/json/commit/a46f14cf2e92054bdb2c11dd86f4c1b5069f7f81"><code>a46f14c</code></a>
Release 1.0.136</li>
<li><a
href="https://github.com/serde-rs/json/commit/eb9f3f6387e62508854298b10e68aee8250f7f6b"><code>eb9f3f6</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1230">#1230</a>
from goffrie/patch-1</li>
<li><a
href="https://github.com/serde-rs/json/commit/513e5b2f74eb4697e5b0ed3952b1e3cf60ac6f0b"><code>513e5b2</code></a>
Use Map::with_capacity in value::Serializer::serialize_map</li>
<li>See full diff in <a
href="https://github.com/serde-rs/json/compare/v1.0.135...v1.0.137">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [types-bleach](https://github.com/python/typeshed) from
6.1.0.20240331 to 6.2.0.20241123.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/python/typeshed/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
This also happens for rejecting an invite. Basically, any out-of-band membership transition where we first get the membership as an `outlier` and then rely on federation filling us in to de-outlier it.
This PR mainly addresses automated test flakiness, bots/scripts, and options within Synapse like [`auto_accept_invites`](https://element-hq.github.io/synapse/v1.122/usage/configuration/config_documentation.html#auto_accept_invites) that are able to react quickly (before federation is able to push us events), but also helps in generic scenarios where federation is lagging.
I initially thought this might be a Synapse consistency issue (see issues labeled with [`Z-Read-After-Write`](https://github.com/matrix-org/synapse/labels/Z-Read-After-Write)) but it seems to be an event auth logic problem. Workers probably do increase the number of possible race condition scenarios that make this visible though (replication and cache invalidation lag).
Fix https://github.com/element-hq/synapse/issues/15012
(probably fixes https://github.com/matrix-org/synapse/issues/15012 (https://github.com/element-hq/synapse/issues/15012))
Related to https://github.com/matrix-org/matrix-spec/issues/2062
Problems:
1. We don't consider [out-of-band membership](https://github.com/element-hq/synapse/blob/develop/docs/development/room-dag-concepts.md#out-of-band-membership-events) (outliers) in our `event_auth` logic even though we expose them in `/sync`.
1. (This PR doesn't address this point) Perhaps we should consider authing events in the persistence queue as events already in the queue could allow subsequent events to be allowed (events come through many channels: federation transaction, remote invite, remote join, local send). But this doesn't save us in the case where the event is more delayed over federation.
### What happened before?
I wrote some Complement test that stresses this exact scenario and reproduces the problem: https://github.com/matrix-org/complement/pull/757
```
COMPLEMENT_ALWAYS_PRINT_SERVER_LOGS=1 COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh -run TestSynapseConsistency
```
We have `hs1` and `hs2` running in monolith mode (no workers):
1. `@charlie1:hs2` is invited and joins the room:
1. `hs1` invites `@charlie1:hs2` to a room which we receive on `hs2` as `PUT /_matrix/federation/v1/invite/{roomId}/{eventId}` (`on_invite_request(...)`) and the invite membership is persisted as an outlier. The `room_memberships` and `local_current_membership` database tables are also updated which means they are visible down `/sync` at this point.
1. `@charlie1:hs2` decides to join because it saw the invite down `/sync`. Because `hs2` is not yet in the room, this happens as a remote join `make_join`/`send_join` which comes back with all of the auth events needed to auth successfully and now `@charlie1:hs2` is successfully joined to the room.
1. `@charlie2:hs2` is invited and and tries to join the room:
1. `hs1` invites `@charlie2:hs2` to the room which we receive on `hs2` as `PUT /_matrix/federation/v1/invite/{roomId}/{eventId}` (`on_invite_request(...)`) and the invite membership is persisted as an outlier. The `room_memberships` and `local_current_membership` database tables are also updated which means they are visible down `/sync` at this point.
1. Because `hs2` is already participating in the room, we also see the invite come over federation in a transaction and we start processing it (not done yet, see below)
1. `@charlie2:hs2` decides to join because it saw the invite down `/sync`. Because `hs2`, is already in the room, this happens as a local join but we deny the event because our `event_auth` logic thinks that we have no membership in the room :x: (expected to be able to join because we saw the invite down `/sync`)
1. We finally finish processing the `@charlie2:hs2` invite event from and de-outlier it.
- If this finished before we tried to join we would have been fine but this is the race condition that makes this situation visible.
Logs for `hs2`:
```
🗳️ on_invite_request: handling event <FrozenEventV3 event_id=$PRPCvdXdcqyjdUKP_NxGF2CcukmwOaoK0ZR1WiVOZVk, type=m.room.member, state_key=@user-2-charlie1:hs2, membership=invite, outlier=False>
🔦 _store_room_members_txn update room_memberships: <FrozenEventV3 event_id=$PRPCvdXdcqyjdUKP_NxGF2CcukmwOaoK0ZR1WiVOZVk, type=m.room.member, state_key=@user-2-charlie1:hs2, membership=invite, outlier=True>
🔦 _store_room_members_txn update local_current_membership: <FrozenEventV3 event_id=$PRPCvdXdcqyjdUKP_NxGF2CcukmwOaoK0ZR1WiVOZVk, type=m.room.member, state_key=@user-2-charlie1:hs2, membership=invite, outlier=True>
📨 Notifying about new event <FrozenEventV3 event_id=$PRPCvdXdcqyjdUKP_NxGF2CcukmwOaoK0ZR1WiVOZVk, type=m.room.member, state_key=@user-2-charlie1:hs2, membership=invite, outlier=True>
✅ on_invite_request: handled event <FrozenEventV3 event_id=$PRPCvdXdcqyjdUKP_NxGF2CcukmwOaoK0ZR1WiVOZVk, type=m.room.member, state_key=@user-2-charlie1:hs2, membership=invite, outlier=True>
🧲 do_invite_join for @user-2-charlie1:hs2 in !sfZVBdLUezpPWetrol:hs1
🔦 _store_room_members_txn update room_memberships: <FrozenEventV3 event_id=$bwv8LxFnqfpsw_rhR7OrTjtz09gaJ23MqstKOcs7ygA, type=m.room.member, state_key=@user-1-alice:hs1, membership=join, outlier=True>
🔦 _store_room_members_txn update room_memberships: <FrozenEventV3 event_id=$oju1ts3G3pz5O62IesrxX5is4LxAwU3WPr4xvid5ijI, type=m.room.member, state_key=@user-2-charlie1:hs2, membership=join, outlier=False>
📨 Notifying about new event <FrozenEventV3 event_id=$oju1ts3G3pz5O62IesrxX5is4LxAwU3WPr4xvid5ijI, type=m.room.member, state_key=@user-2-charlie1:hs2, membership=join, outlier=False>
...
🗳️ on_invite_request: handling event <FrozenEventV3 event_id=$O_54j7O--6xMsegY5EVZ9SA-mI4_iHJOIoRwYyeWIPY, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=invite, outlier=False>
🔦 _store_room_members_txn update room_memberships: <FrozenEventV3 event_id=$O_54j7O--6xMsegY5EVZ9SA-mI4_iHJOIoRwYyeWIPY, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=invite, outlier=True>
🔦 _store_room_members_txn update local_current_membership: <FrozenEventV3 event_id=$O_54j7O--6xMsegY5EVZ9SA-mI4_iHJOIoRwYyeWIPY, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=invite, outlier=True>
📨 Notifying about new event <FrozenEventV3 event_id=$O_54j7O--6xMsegY5EVZ9SA-mI4_iHJOIoRwYyeWIPY, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=invite, outlier=True>
✅ on_invite_request: handled event <FrozenEventV3 event_id=$O_54j7O--6xMsegY5EVZ9SA-mI4_iHJOIoRwYyeWIPY, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=invite, outlier=True>
📬 handling received PDU in room !sfZVBdLUezpPWetrol:hs1: <FrozenEventV3 event_id=$O_54j7O--6xMsegY5EVZ9SA-mI4_iHJOIoRwYyeWIPY, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=invite, outlier=False>
📮 handle_new_client_event: handling <FrozenEventV3 event_id=$WNVDTQrxy5tCdPQHMyHyIn7tE4NWqKsZ8Bn8R4WbBSA, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=join, outlier=False>
❌ Denying new event <FrozenEventV3 event_id=$WNVDTQrxy5tCdPQHMyHyIn7tE4NWqKsZ8Bn8R4WbBSA, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=join, outlier=False> because 403: You are not invited to this room.
synapse.http.server - 130 - INFO - POST-16 - <SynapseRequest at 0x7f460c91fbf0 method='POST' uri='/_matrix/client/v3/join/%21sfZVBdLUezpPWetrol:hs1?server_name=hs1' clientproto='HTTP/1.0' site='8080'> SynapseError: 403 - You are not invited to this room.
📨 Notifying about new event <FrozenEventV3 event_id=$O_54j7O--6xMsegY5EVZ9SA-mI4_iHJOIoRwYyeWIPY, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=invite, outlier=False>
✅ handled received PDU in room !sfZVBdLUezpPWetrol:hs1: <FrozenEventV3 event_id=$O_54j7O--6xMsegY5EVZ9SA-mI4_iHJOIoRwYyeWIPY, type=m.room.member, state_key=@user-3-charlie2:hs2, membership=invite, outlier=False>
```
|
|
Bumps [log](https://github.com/rust-lang/log) from 0.4.22 to 0.4.25.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/log/releases">log's
releases</a>.</em></p>
<blockquote>
<h2>0.4.25</h2>
<h2>What's Changed</h2>
<ul>
<li>Revert loosening of kv cargo features by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/662">rust-lang/log#662</a></li>
<li>Prepare for 0.4.25 release by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/663">rust-lang/log#663</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rust-lang/log/compare/0.4.24...0.4.25">https://github.com/rust-lang/log/compare/0.4.24...0.4.25</a></p>
<h2>0.4.24 (yanked)</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix up kv feature activation by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/659">rust-lang/log#659</a></li>
<li>Prepare for 0.4.24 release by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/660">rust-lang/log#660</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rust-lang/log/compare/0.4.23...0.4.24">https://github.com/rust-lang/log/compare/0.4.23...0.4.24</a></p>
<h2>0.4.23 (yanked)</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix some typos by <a
href="https://github.com/Kleinmarb"><code>@Kleinmarb</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/637">rust-lang/log#637</a></li>
<li>Add logforth to implementation by <a
href="https://github.com/tisonkun"><code>@tisonkun</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/638">rust-lang/log#638</a></li>
<li>Add <code>spdlog-rs</code> link to README by <a
href="https://github.com/SpriteOvO"><code>@SpriteOvO</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/639">rust-lang/log#639</a></li>
<li>Add correct lifetime to kv::Value::to_borrowed_str by <a
href="https://github.com/stevenroose"><code>@stevenroose</code></a> in
<a
href="https://redirect.github.com/rust-lang/log/pull/643">rust-lang/log#643</a></li>
<li>docs: Add logforth as an impl by <a
href="https://github.com/tisonkun"><code>@tisonkun</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/642">rust-lang/log#642</a></li>
<li>Add clang_log implementation by <a
href="https://github.com/DDAN-17"><code>@DDAN-17</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/646">rust-lang/log#646</a></li>
<li>Bind lifetimes of &str returned from Key by the lifetime of 'k
rather than the lifetime of the Key struct by <a
href="https://github.com/gbbosak"><code>@gbbosak</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/648">rust-lang/log#648</a>
(reverted)</li>
<li>Fix up key lifetimes and add method to try get a borrowed key by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/653">rust-lang/log#653</a></li>
<li>Add Ftail implementation by <a
href="https://github.com/tjardoo"><code>@tjardoo</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/652">rust-lang/log#652</a></li>
<li>Relax feature flag for value's std_support by <a
href="https://github.com/tisonkun"><code>@tisonkun</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/657">rust-lang/log#657</a></li>
<li>Prepare for 0.4.23 release by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/656">rust-lang/log#656</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Kleinmarb"><code>@Kleinmarb</code></a>
made their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/637">rust-lang/log#637</a></li>
<li><a href="https://github.com/tisonkun"><code>@tisonkun</code></a>
made their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/638">rust-lang/log#638</a></li>
<li><a href="https://github.com/SpriteOvO"><code>@SpriteOvO</code></a>
made their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/639">rust-lang/log#639</a></li>
<li><a
href="https://github.com/stevenroose"><code>@stevenroose</code></a>
made their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/643">rust-lang/log#643</a></li>
<li><a href="https://github.com/DDAN-17"><code>@DDAN-17</code></a> made
their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/646">rust-lang/log#646</a></li>
<li><a href="https://github.com/gbbosak"><code>@gbbosak</code></a> made
their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/648">rust-lang/log#648</a></li>
<li><a href="https://github.com/tjardoo"><code>@tjardoo</code></a> made
their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/652">rust-lang/log#652</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rust-lang/log/compare/0.4.22...0.4.23">https://github.com/rust-lang/log/compare/0.4.22...0.4.23</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/log/blob/master/CHANGELOG.md">log's
changelog</a>.</em></p>
<blockquote>
<h2>[0.4.25] - 2025-01-14</h2>
<h2>What's Changed</h2>
<ul>
<li>Revert loosening of kv cargo features by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/662">rust-lang/log#662</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rust-lang/log/compare/0.4.24...0.4.25">https://github.com/rust-lang/log/compare/0.4.24...0.4.25</a></p>
<h2>[0.4.24] - 2025-01-11</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix up kv feature activation by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/659">rust-lang/log#659</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rust-lang/log/compare/0.4.23...0.4.24">https://github.com/rust-lang/log/compare/0.4.23...0.4.24</a></p>
<h2>[0.4.23] - 2025-01-10 (yanked)</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix some typos by <a
href="https://github.com/Kleinmarb"><code>@Kleinmarb</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/637">rust-lang/log#637</a></li>
<li>Add logforth to implementation by <a
href="https://github.com/tisonkun"><code>@tisonkun</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/638">rust-lang/log#638</a></li>
<li>Add <code>spdlog-rs</code> link to README by <a
href="https://github.com/SpriteOvO"><code>@SpriteOvO</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/639">rust-lang/log#639</a></li>
<li>Add correct lifetime to kv::Value::to_borrowed_str by <a
href="https://github.com/stevenroose"><code>@stevenroose</code></a> in
<a
href="https://redirect.github.com/rust-lang/log/pull/643">rust-lang/log#643</a></li>
<li>docs: Add logforth as an impl by <a
href="https://github.com/tisonkun"><code>@tisonkun</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/642">rust-lang/log#642</a></li>
<li>Add clang_log implementation by <a
href="https://github.com/DDAN-17"><code>@DDAN-17</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/646">rust-lang/log#646</a></li>
<li>Bind lifetimes of &str returned from Key by the lifetime of 'k
rather than the lifetime of the Key struct by <a
href="https://github.com/gbbosak"><code>@gbbosak</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/648">rust-lang/log#648</a></li>
<li>Fix up key lifetimes and add method to try get a borrowed key by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/653">rust-lang/log#653</a></li>
<li>Add Ftail implementation by <a
href="https://github.com/tjardoo"><code>@tjardoo</code></a> in <a
href="https://redirect.github.com/rust-lang/log/pull/652">rust-lang/log#652</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Kleinmarb"><code>@Kleinmarb</code></a>
made their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/637">rust-lang/log#637</a></li>
<li><a href="https://github.com/tisonkun"><code>@tisonkun</code></a>
made their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/638">rust-lang/log#638</a></li>
<li><a href="https://github.com/SpriteOvO"><code>@SpriteOvO</code></a>
made their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/639">rust-lang/log#639</a></li>
<li><a
href="https://github.com/stevenroose"><code>@stevenroose</code></a>
made their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/643">rust-lang/log#643</a></li>
<li><a href="https://github.com/DDAN-17"><code>@DDAN-17</code></a> made
their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/646">rust-lang/log#646</a></li>
<li><a href="https://github.com/gbbosak"><code>@gbbosak</code></a> made
their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/648">rust-lang/log#648</a></li>
<li><a href="https://github.com/tjardoo"><code>@tjardoo</code></a> made
their first contribution in <a
href="https://redirect.github.com/rust-lang/log/pull/652">rust-lang/log#652</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rust-lang/log/compare/0.4.22...0.4.23">https://github.com/rust-lang/log/compare/0.4.22...0.4.23</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/rust-lang/log/commit/22be810729014e1e43267fc62fe6df0d7a29aaf7"><code>22be810</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/log/issues/663">#663</a>
from rust-lang/cargo/0.4.25</li>
<li><a
href="https://github.com/rust-lang/log/commit/02797301236d45a8d6049fa20f803aacdb49f693"><code>0279730</code></a>
prepare for 0.4.25 release</li>
<li><a
href="https://github.com/rust-lang/log/commit/4099bcb35761161d5bb2566cc956e05ca89bb351"><code>4099bcb</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/log/issues/662">#662</a>
from rust-lang/fix/cargo-features</li>
<li><a
href="https://github.com/rust-lang/log/commit/36e7e3f69636c484c94048bf5f56590a80d4c728"><code>36e7e3f</code></a>
revert loosening of kv cargo features</li>
<li><a
href="https://github.com/rust-lang/log/commit/2282191854fa90a5769a5bd139614313f6dbe0b0"><code>2282191</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/log/issues/660">#660</a>
from rust-lang/cargo/0.4.24</li>
<li><a
href="https://github.com/rust-lang/log/commit/2994f0a62c1f479ca1fff2a2100fe07c8fb7bd29"><code>2994f0a</code></a>
prepare for 0.4.24 release</li>
<li><a
href="https://github.com/rust-lang/log/commit/5fcb50eccd6913bab5ba2ff70b1d90617fba0c09"><code>5fcb50e</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/log/issues/659">#659</a>
from rust-lang/fix/feature-builds</li>
<li><a
href="https://github.com/rust-lang/log/commit/29fe9e60ff2e0239c1350394066a1871a9d9b9f3"><code>29fe9e6</code></a>
fix up feature activation</li>
<li><a
href="https://github.com/rust-lang/log/commit/b1824f2c28bb1973b0b39f4bbd506a1803424b0a"><code>b1824f2</code></a>
use cargo hack in CI to test all feature combinations</li>
<li><a
href="https://github.com/rust-lang/log/commit/e6b643d591597deaaa572b00bfd8176d4e6d4578"><code>e6b643d</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/log/issues/656">#656</a>
from rust-lang/cargo/0.4.23</li>
<li>Additional commits viewable in <a
href="https://github.com/rust-lang/log/compare/0.4.22...0.4.25">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps
[dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact)
from 7 to 8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dawidd6/action-download-artifact/releases">dawidd6/action-download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v8</h2>
<h2>New features</h2>
<ul>
<li><code>use_unzip</code> boolean input (defaulting to false) - if set
to true, the action will use system provided <code>unzip</code> utility
for unpacking downloaded artifact(s) (note that the action will first
download the .zip artifact file, then unpack it and remove the .zip
file)</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>README: v7 by <a
href="https://github.com/haines"><code>@haines</code></a> in <a
href="https://redirect.github.com/dawidd6/action-download-artifact/pull/318">dawidd6/action-download-artifact#318</a></li>
<li>Unzip by <a
href="https://github.com/dawidd6"><code>@dawidd6</code></a> in <a
href="https://redirect.github.com/dawidd6/action-download-artifact/pull/325">dawidd6/action-download-artifact#325</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/haines"><code>@haines</code></a> made
their first contribution in <a
href="https://redirect.github.com/dawidd6/action-download-artifact/pull/318">dawidd6/action-download-artifact#318</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dawidd6/action-download-artifact/compare/v7...v8">https://github.com/dawidd6/action-download-artifact/compare/v7...v8</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dawidd6/action-download-artifact/commit/20319c5641d495c8a52e688b7dc5fada6c3a9fbc"><code>20319c5</code></a>
README: v8</li>
<li><a
href="https://github.com/dawidd6/action-download-artifact/commit/e58a9e5d14231715ece082f2068a0bd148cb72e6"><code>e58a9e5</code></a>
Unzip (<a
href="https://redirect.github.com/dawidd6/action-download-artifact/issues/325">#325</a>)</li>
<li><a
href="https://github.com/dawidd6/action-download-artifact/commit/6d05268723e4080b84fe8d5c0c5cd83226a81e5f"><code>6d05268</code></a>
node_modules: update</li>
<li><a
href="https://github.com/dawidd6/action-download-artifact/commit/c03fb0c92813d0d9b088539572090518f7797df4"><code>c03fb0c</code></a>
README: v7 (<a
href="https://redirect.github.com/dawidd6/action-download-artifact/issues/318">#318</a>)</li>
<li>See full diff in <a
href="https://github.com/dawidd6/action-download-artifact/compare/80620a5d27ce0ae443b965134db88467fc607b43...20319c5641d495c8a52e688b7dc5fada6c3a9fbc">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
|
|
|
|
|
|
|
See the updated MSC2965
---------
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
|
Implementation of
[MSC4133](https://github.com/matrix-org/matrix-spec-proposals/pull/4133)
to support custom profile fields. It is behind an experimental flag and
includes tests.
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
---------
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
|
`instance_map` (#18064)
|
|
Otherwise these can race with other long running queries and lock out
all other queries.
This caused problems in v1.22.0 as we added an index to `events` table
in #17948, but that got interrupted and so next time we ran the
background update we needed to delete the half-finished index. However,
that got blocked behind some long running queries and then locked other
queries out (stopping workers from even starting).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
It's possible to run into `SynapseError: 429 - Too Many Requests (rc_invites.per_issuer)`
`rc_invites.per_issuer` originally introduced in
https://github.com/matrix-org/synapse/pull/13125
|
|
This is particularly a problem in a state reset scenario where the membership
might change without a corresponding event.
This PR is targeting a scenario where a state reset happens which causes
room membership to change. Previously, the cache would just hold onto
stale data and now we properly bust the cache in this scenario.
We have a few tests for these scenarios which you can see are now fixed
because we can remove the `FIXME` where we were previously manually
busting the cache in the test itself.
This is a general Synapse thing so by it's nature it helps out Sliding
Sync.
Fix https://github.com/element-hq/synapse/issues/17368
Prerequisite for https://github.com/element-hq/synapse/issues/17929
---
Match when are busting `_curr_state_delta_stream_cache`
|
|
|
|
(#18035)
Adds a query param `type` to `/_synapse/admin/v1/rooms/{room_id}/state`
that filters the state event query by state event type.
---------
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
|
It's been rotated out of known clients, and should be safe for removal
now.
Fixes https://github.com/element-hq/synapse/issues/17373
### Pull Request Checklist
<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
- Use markdown where necessary, mostly for `code blocks`.
- End with either a period (.) or an exclamation mark (!).
- Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
|
|
|
|
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
|
|
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
|
|
Currently purging a complex room can lead to a lot of orphaned rows left
behind in the state groups tables.
It seems it is because we are loosing track of state groups sometimes.
This change uses the `room_id` indexed column of `state_groups` table to
decide what to delete instead of doing an indirection through
`event_to_state_groups`.
Related to https://github.com/element-hq/synapse/issues/3364.
### Pull Request Checklist
* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
---------
Co-authored-by: Erik Johnston <erikj@jki.re>
|
|
Refactor `get_profile` to avoid returning "empty" (`None` / `null`)
fields. Currently this is not very important, but will be more useful
once #17488 lands. It does update the servlet to use this now which has
a minor change in behavior: additional fields served over federation
will now be properly sent back to clients.
It also adds constants for `avatar_url` / `displayname` although I did
not attempt to use it everywhere possible.
|
|
redaction endpoint if requester is admin in room (#18043)
|
|
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
|
