Merged
Conversation
…e used with the SBG (#19517) [Secure Border Gateway (SBG)](https://element.io/en/server-suite/secure-border-gateways) Spawning from [internal discussion](https://matrix.to/#/!mNoPShRlwEeyHAEJOe:element.io/$6eGip85OUKOmyK1VzqrFMc7eF7dON7Vs76O40kVbRRY?via=banzan.uk&via=element.io&via=jki.re) around integrating [Synapse Pro for small hosts](https://docs.element.io/latest/element-server-suite-pro/synapse-pro-for-small-hosts/overview) in the [Element Server Suite (ESS)](https://element.io/en/server-suite) stack and wanting it be compatible with the SBG. We know that the SBG works with monolith Synapse because that's what we have configured with the [Complement tests in the SBG repo](https://github.com/element-hq/sbg/blob/b76b05b53e40bf6890e51dd1b83cec3460274eb2/complement/configure_synapse_for_sbg.sh#L8-L10).
…patches group (#19514) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Instead of having info spread across a few places, consolidate and link to one spot.
MSC (recommended reading): matrix-org/matrix-spec-proposals#4370 ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: turt2live <1190097+turt2live@users.noreply.github.com> Co-authored-by: Olivier 'reivilibre' <oliverw@element.io>
Summary - drop the `systemd` extra from `pyproject.toml` and the `systemd-python` optional dependency - this means we don't ship the journald log handler, so it clarifies the docs how to install that in the venv - ensure the Debian virtualenv build keeps shipping `systemd-python>=231` in the venv, so the packaged log config can keep using `systemd.journal.JournalHandler` Context of this is the following: > Today in my 'how hard would it be to move to uv' journey: systemd/python-systemd#167 > > The gist of it is that uv really wants to create a universal lock file, which means it needs to be able to resolve the package metadata, even for packages locked for other platforms. In the case of systemd-python, they use mesonpy as build backend, which doesn't implement prepare_metadata_for_build_wheel, which means it needs to run meson to be able to resolve the package metadata. And it will hard-fail if libsystemd dev headers aren't available 😭 > > [*message in #synapse-dev:matrix.org*](https://matrix.to/#/!i5D5LLct_DYG-4hQprLzrxdbZ580U9UB6AEgFnk6rZQ/$OKLB3TJVXAwq43sAZFJ-_PvMMzl4P_lWmSAtlmsoMuM?via=element.io&via=matrix.org&via=beeper.com)
Follows: #19365 Part of: MSC4354 whose experimental feature tracking issue is #19409 Partially supersedes: #18968 --------- Signed-off-by: Olivier 'reivilibre' <oliverw@matrix.org>
… to not be removed from the user directory. (#19542) Fixes: #19540 Fixes: #16290 (side effect of the proposed fix) Closes: #12804 (side effect of the proposed fix) Introduced in: matrix-org/synapse#8932 --- This PR is a relatively simple simplification of the profile change on deactivation that appears to remove multiple bugs. This PR's **primary motivating fix** is #19540: when a user is deactivated and erased, they would be kept in the user directory. This bug appears to have been here since #8932 (previously matrix-org/synapse#8932) (v1.26.0). The root cause of this bug is that after removing the user from the user directory, we would immediately update their displayname and avatar to empty strings (one at a time), which re-inserts the user into the user directory. With this PR, we now delete the entire `profiles` row upon user erasure, which is cleaner (from a 'your database goes back to zero after deactivating and erasing a user' point of view) and only needs one database operation (instead of doing displayname then avatar). With this PR, we also no longer send the 2 (deferred) `m.room.member` `join` events to every room to propagate the displayname and avatar_url changes. This is good for two reasons: - the user is about to get parted from those rooms anyway, so this reduces the number of state events sent per room from 3 to 1. (More efficient for us in the moment and leaves less litter in the room DAG.) - it is possible for the displayname/avatar update to be sent **after** the user parting, which seems as though it could trigger the user to be re-joined to a public room. (With that said, although this sounds vaguely familiar in my lossy memory, I can't find a ticket that actually describes this bug, so this might be fictional. Edit: #16290 seems to describe this, although the title is misleading.) Additionally, as a side effect of the proposed fix (deleting the `profiles` row), this PR also now deletes custom profile fields upon user erasure, which is a new feature/bugfix (not sure which) in its own right. I do not see a ticket that corresponds to this feature gap, possibly because custom profile fields are still a niche feature without mainstream support (to the best of my knowledge). Tests are included for the primary bugfix and for the cleanup of custom profile fields. ### `set_displayname` module API change This change includes a minor _technically_-breaking change to the module API. The change concerns `set_displayname` which is exposed to the module API with a `deactivation: bool = False` flag, matching the internal handler method it wraps. I suspect that this is a mistake caused by overly-faithfully piping through the args from the wrapped method (this Module API was introduced in https://github.com/matrix-org/synapse/pull/14629/changes#diff-0b449f6f95672437cf04f0b5512572b4a6a729d2759c438b7c206ea249619885R1592). The linked PR did the same for `by_admin` originally before it was changed. The `deactivation` flag's only purpose is to be piped through to other Module API callbacks when a module has registered to be notified about profile changes. My claim is that it makes no sense for the Module API to have this flag because it is not the one doing the deactivation, thus it should never be in a position to set this to `True`. My proposed change keeps the flag (for function signature compatibility), but turns it into a no-op (with a `ERROR` log when it's set to True by the module). The Module API callback notifying of the module-caused displayname change will therefore now always have `deactivation = False`. *Discussed in [`#synapse-dev:matrix.org`](https://matrix.to/#/!i5D5LLct_DYG-4hQprLzrxdbZ580U9UB6AEgFnk6rZQ/$1f8N6G_EJUI_I_LvplnVAF2UFZTw_FzgsPfB6pbcPKk?via=element.io&via=matrix.org&via=beeper.com)* --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
…it checkout (#19476) This way we actually detect problems like element-hq/synapse#19475 as they happen instead of being invisible until something breaks. Sanity check that Complement is testing against your code changes (whether it be local or from the PR in CI). ``` COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh --in-repo -run TestSynapseVersion ```
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.5.4 to 6.5.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst">tornado's changelog</a>.</em></p> <blockquote> <h1>Release notes</h1> <p>.. toctree:: :maxdepth: 2</p> <p>releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tornadoweb/tornado/commit/7d6465056ceb7a054b3f64cf1c18271753b10482"><code>7d64650</code></a> Merge pull request <a href="https://redirect.github.com/tornadoweb/tornado/issues/3586">#3586</a> from bdarnell/update-cibw</li> <li><a href="https://github.com/tornadoweb/tornado/commit/d05d59b8080a0d5d6a260994c7aad7049209d345"><code>d05d59b</code></a> build: Bump cibuildwheel to 3.4.0</li> <li><a href="https://github.com/tornadoweb/tornado/commit/c2f46732b0ad14bf0db4219c96a945f4b60205f5"><code>c2f4673</code></a> Merge pull request <a href="https://redirect.github.com/tornadoweb/tornado/issues/3585">#3585</a> from bdarnell/release-655</li> <li><a href="https://github.com/tornadoweb/tornado/commit/e5f1aa4b6fa2c16b29024830227838fcb0c79b6f"><code>e5f1aa4</code></a> Release notes and version bump for v6.5.5</li> <li><a href="https://github.com/tornadoweb/tornado/commit/78a046f99f89977dfc8ff5a1fe16d298afbeeaca"><code>78a046f</code></a> httputil: Add CRLF to _FORBIDDEN_HEADER_CHARS_RE</li> <li><a href="https://github.com/tornadoweb/tornado/commit/24a2d96ea115f663b223887deb0060f13974c104"><code>24a2d96</code></a> web: Validate characters in all cookie attributes.</li> <li><a href="https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839"><code>119a195</code></a> httputil: Add limits on multipart form data parsing</li> <li>See full diff in <a href="https://github.com/tornadoweb/tornado/compare/v6.5.4...v6.5.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/element-hq/synapse/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
`event_id` is a lazily-computed property on events, as it's a hash of the event content on room version 3 and later. The reason we do this is that it helps finding database inconsistencies by not trusting the event ID we got from the database. The thing is, when we clone events (to return them through /sync or /messages for example) we don't copy the computed hash if we already computed it, duplicating the work. This copies the internal `_event_id` property.
Bumps [quinn-proto](https://github.com/quinn-rs/quinn) from 0.11.12 to 0.11.14. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/quinn-rs/quinn/releases">quinn-proto's releases</a>.</em></p> <blockquote> <h2>quinn-proto 0.11.14</h2> <p><a href="https://github.com/jxs"><code>@jxs</code></a> reported a denial of service issue in quinn-proto 5 days ago:</p> <ul> <li><a href="https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98">https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98</a></li> </ul> <p>We coordinated with them to release this version to patch the issue. Unfortunately the maintainers missed these issues during code review and we did not have enough fuzzing coverage -- we regret the oversight and have added an additional fuzzing target.</p> <p>Organizations that want to participate in coordinated disclosure can contact us privately to discuss terms.</p> <h2>What's Changed</h2> <ul> <li>Fix over-permissive proto dependency edge by <a href="https://github.com/Ralith"><code>@Ralith</code></a> in <a href="https://redirect.github.com/quinn-rs/quinn/pull/2385">quinn-rs/quinn#2385</a></li> <li>0.11.x: avoid unwrapping VarInt decoding during parameter parsing by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/quinn-rs/quinn/pull/2559">quinn-rs/quinn#2559</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/quinn-rs/quinn/commit/2c315aa7f9c2a6c1db87f8f51f40623a427c78fd"><code>2c315aa</code></a> proto: bump version to 0.11.14</li> <li><a href="https://github.com/quinn-rs/quinn/commit/8ad47f431e7deb82c08b09c2e33ef85aa88fd212"><code>8ad47f4</code></a> Use newer rustls-pki-types PEM parser API</li> <li><a href="https://github.com/quinn-rs/quinn/commit/c81c0289abe30d8437ccbf9b6304e2bc9c707cea"><code>c81c028</code></a> ci: fix workflow syntax</li> <li><a href="https://github.com/quinn-rs/quinn/commit/0050172969f7e69e136c433181330da7790d8d73"><code>0050172</code></a> ci: pin wasm-bindgen-cli version</li> <li><a href="https://github.com/quinn-rs/quinn/commit/8a6f82c58d1c565eab78f986e614223e6ed76a85"><code>8a6f82c</code></a> Take semver-compatible dependency updates</li> <li><a href="https://github.com/quinn-rs/quinn/commit/e52db4ad8df0f9720e7b0e32ecc0e48c9a93de0f"><code>e52db4a</code></a> Apply suggestions from clippy 1.91</li> <li><a href="https://github.com/quinn-rs/quinn/commit/6df7275c582ca9b7225e0ccf9f9871a55eb73155"><code>6df7275</code></a> chore: Fix <code>unnecessary_unwrap</code> clippy</li> <li><a href="https://github.com/quinn-rs/quinn/commit/c8eefa07e087b06d8f2b78ff262ce8ac952994f1"><code>c8eefa0</code></a> proto: avoid unwrapping varint decoding during parameters parsing</li> <li><a href="https://github.com/quinn-rs/quinn/commit/9723a977754c8662001b0fef97aab8f3ddf1df92"><code>9723a97</code></a> fuzz: add fuzzing target for parsing transport parameters</li> <li><a href="https://github.com/quinn-rs/quinn/commit/eaf0ef30252cef4acec21f150427e604cd4271c9"><code>eaf0ef3</code></a> Fix over-permissive proto dependency edge (<a href="https://redirect.github.com/quinn-rs/quinn/issues/2385">#2385</a>)</li> <li>Additional commits viewable in <a href="https://github.com/quinn-rs/quinn/compare/quinn-proto-0.11.12...quinn-proto-0.11.14">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/element-hq/synapse/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Can be reviewed commit by commit. This sets caching headers on the /versions and /auth_metadata endpoints to: - allow clients to cache the response for up to 10 minutes (`max-age=600`) - allow proxies to cache the response for up to an hour (`s-maxage=3600`) - make proxies serve stale response for up to an hour (`s-maxage=3600`) but make them refresh their response after 10 minutes (`stale-while-revalidate=600`) so that we always have a snappy response to client, but also have fresh responses most of the time - only cache the response for unauthenticated requests on /versions (`Vary: Authorization`) I'm not too worried about the 1h TTL on the proxy side, as with the `stale-while-revalidate` directive, one just needs to do two requests after 10 minutes to get a fresh response from the cache. The reason we want this, is that clients usually load this right away, leading to a lot of traffic from people just loading the Element Web login screen with the default config. This is currently routed to `client_readers` on matrix.org (and ESS) which can be overwhelmed for other reasons, leading to slow response times on those endpoints (3s+). Overwhelmed workers shouldn't prevent people from logging in, and shouldn't result in a long loading spinner in clients. This PR allows caching proxies (like Cloudflare) to publicly cache the unauthenticated response of those two endpoints and make it load quicker, reducing server load as well.
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.11.0 to 2.12.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/releases">pyjwt's releases</a>.</em></p> <blockquote> <h2>2.12.0</h2> <h2>Security</h2> <ul> <li>Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by <a href="https://github.com/dmbs335"><code>@dmbs335</code></a> in <a href="https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f">GHSA-752w-5fwx-jx9f</a></li> </ul> <h2>What's Changed</h2> <ul> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1132">jpadilla/pyjwt#1132</a></li> <li>chore(docs): fix docs build by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1137">jpadilla/pyjwt#1137</a></li> <li>Annotate PyJWKSet.keys for pyright by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1134">jpadilla/pyjwt#1134</a></li> <li>fix: close HTTPError to prevent ResourceWarning on Python 3.14 by <a href="https://github.com/veeceey"><code>@veeceey</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1133">jpadilla/pyjwt#1133</a></li> <li>chore: remove superfluous constants by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1136">jpadilla/pyjwt#1136</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1135">jpadilla/pyjwt#1135</a></li> <li>chore(tests): enable mypy by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1138">jpadilla/pyjwt#1138</a></li> <li>Bump actions/download-artifact from 7 to 8 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1142">jpadilla/pyjwt#1142</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1141">jpadilla/pyjwt#1141</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1145">jpadilla/pyjwt#1145</a></li> <li>fix: do not store reference to algorithms dict on PyJWK by <a href="https://github.com/akx"><code>@akx</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1143">jpadilla/pyjwt#1143</a></li> <li>Use PyJWK algorithm when encoding without explicit algorithm by <a href="https://github.com/jpadilla"><code>@jpadilla</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1148">jpadilla/pyjwt#1148</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/tamird"><code>@tamird</code></a> made their first contribution in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1137">jpadilla/pyjwt#1137</a></li> <li><a href="https://github.com/veeceey"><code>@veeceey</code></a> made their first contribution in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1133">jpadilla/pyjwt#1133</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0">https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p> <blockquote> <h2><code>v2.12.0 <https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0></code>__</h2> <p>Fixed</p> <pre><code> - Annotate PyJWKSet.keys for pyright by @tamird in `[#1134](jpadilla/pyjwt#1134) <https://github.com/jpadilla/pyjwt/pull/1134>`__ - Close ``HTTPError`` response to prevent ``ResourceWarning`` on Python 3.14 by @veeceey in `[#1133](jpadilla/pyjwt#1133) <https://github.com/jpadilla/pyjwt/pull/1133>`__ - Do not keep ``algorithms`` dict in PyJWK instances by @akx in `[#1143](jpadilla/pyjwt#1143) <https://github.com/jpadilla/pyjwt/pull/1143>`__ - Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @dmbs335 in `GHSA-752w-5fwx-jx9f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f>`__ - Use PyJWK algorithm when encoding without explicit algorithm in `[#1148](jpadilla/pyjwt#1148) <https://github.com/jpadilla/pyjwt/pull/1148>`__ <p>Added </code></pre></p> <ul> <li>Docs: Add <code>PyJWKClient</code> API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jpadilla/pyjwt/commit/bd9700cca7f9258fadcc429c1034e508025931f2"><code>bd9700c</code></a> Use PyJWK algorithm when encoding without explicit algorithm (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1148">#1148</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/051ea341b5573fe3edcd53042f347929b92c2b92"><code>051ea34</code></a> Merge commit from fork</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/1451d70eca2059bc472703692f0bb0777bc0fe93"><code>1451d70</code></a> fix: do not store reference to algorithms dict on PyJWK (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1143">#1143</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/f3ba74c106df9ce10e272dfaad96acb4ab3ef5a5"><code>f3ba74c</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1145">#1145</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/0318ffa7b156b01600376e38952bf961382e0724"><code>0318ffa</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1141">#1141</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/a52753db3c1075ac01337fa8b7cc92b13a19ac09"><code>a52753d</code></a> Bump actions/download-artifact from 7 to 8 (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1142">#1142</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/b85050f1d444c6828bb4618ee764443b0a3f5d18"><code>b85050f</code></a> chore(tests): enable mypy (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1138">#1138</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/1272b264779717cc481c8341f321a7fc8b3aaba6"><code>1272b26</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1135">#1135</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/99a87287c26cb97c94399084ee4186ee52207a7f"><code>99a8728</code></a> chore: remove superfluous constants (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1136">#1136</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/412cb67a93363812ae4029d6a95f5d4d40ab2609"><code>412cb67</code></a> fix: close HTTPError to prevent ResourceWarning on Python 3.14 (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/1133">#1133</a>)</li> <li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/element-hq/synapse/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 25.3.0 to 26.0.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst">pyopenssl's changelog</a>.</em></p> <blockquote> <h2>26.0.0 (2026-03-15)</h2> <p>Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^</p> <ul> <li>Dropped support for Python 3.7.</li> <li>The minimum <code>cryptography</code> version is now 46.0.0.</li> </ul> <p>Deprecations: ^^^^^^^^^^^^^</p> <p>Changes: ^^^^^^^^</p> <ul> <li>Added support for using aws-lc instead of OpenSSL.</li> <li>Properly raise an error if a DTLS cookie callback returned a cookie longer than <code>DTLS1_COOKIE_LENGTH</code> bytes. Previously this would result in a buffer-overflow. Credit to <strong>dark_haxor</strong> for reporting the issue. <strong>CVE-2026-27459</strong></li> <li>Added <code>OpenSSL.SSL.Connection.get_group_name</code> to determine which group name was negotiated.</li> <li><code>Context.set_tlsext_servername_callback</code> now handles exceptions raised in the callback by calling <code>sys.excepthook</code> and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to <strong>Leury Castillo</strong> for reporting this issue. <strong>CVE-2026-27448</strong></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3"><code>358cbf2</code></a> Prepare for 26.0.0 release (<a href="https://redirect.github.com/pyca/pyopenssl/issues/1487">#1487</a>)</li> <li><a href="https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b"><code>a8d28e7</code></a> Bump actions/cache from 4 to 5 (<a href="https://redirect.github.com/pyca/pyopenssl/issues/1486">#1486</a>)</li> <li><a href="https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e"><code>6fefff0</code></a> Add aws-lc compatibility to tests and CI (<a href="https://redirect.github.com/pyca/pyopenssl/issues/1476">#1476</a>)</li> <li><a href="https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75"><code>a739f96</code></a> Bump actions/download-artifact from 8.0.0 to 8.0.1 (<a href="https://redirect.github.com/pyca/pyopenssl/issues/1485">#1485</a>)</li> <li><a href="https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a"><code>8b4c66b</code></a> Bump actions/upload-artifact in /.github/actions/upload-coverage (<a href="https://redirect.github.com/pyca/pyopenssl/issues/1484">#1484</a>)</li> <li><a href="https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64"><code>02a5c78</code></a> Bump actions/upload-artifact from 6.0.0 to 7.0.0 (<a href="https://redirect.github.com/pyca/pyopenssl/issues/1483">#1483</a>)</li> <li><a href="https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443"><code>d973387</code></a> Bump actions/download-artifact from 7.0.0 to 8.0.0 (<a href="https://redirect.github.com/pyca/pyopenssl/issues/1482">#1482</a>)</li> <li><a href="https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"><code>57f09bb</code></a> Fix buffer overflow in DTLS cookie generation callback (<a href="https://redirect.github.com/pyca/pyopenssl/issues/1479">#1479</a>)</li> <li><a href="https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0"><code>d41a814</code></a> Handle exceptions in set_tlsext_servername_callback callbacks (<a href="https://redirect.github.com/pyca/pyopenssl/issues/1478">#1478</a>)</li> <li><a href="https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3"><code>7b29beb</code></a> Fix not using a cryptography wheel on uv (<a href="https://redirect.github.com/pyca/pyopenssl/issues/1475">#1475</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/element-hq/synapse/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the patches group with 2 updates: [anyhow](https://github.com/dtolnay/anyhow) and [pyo3-log](https://github.com/vorner/pyo3-log). Updates `anyhow` from 1.0.101 to 1.0.102 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/anyhow/releases">anyhow's releases</a>.</em></p> <blockquote> <h2>1.0.102</h2> <ul> <li>Remove backtrace dependency (<a href="https://redirect.github.com/dtolnay/anyhow/issues/438">#438</a>, <a href="https://redirect.github.com/dtolnay/anyhow/issues/439">#439</a>, <a href="https://redirect.github.com/dtolnay/anyhow/issues/440">#440</a>, <a href="https://redirect.github.com/dtolnay/anyhow/issues/441">#441</a>, <a href="https://redirect.github.com/dtolnay/anyhow/issues/442">#442</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dtolnay/anyhow/commit/5c657b32522023a9f7ef883fb08582fd8e656b1a"><code>5c657b3</code></a> Release 1.0.102</li> <li><a href="https://github.com/dtolnay/anyhow/commit/e737fb63918e8c71a3d0a968004a9c7ed7942283"><code>e737fb6</code></a> Merge pull request <a href="https://redirect.github.com/dtolnay/anyhow/issues/442">#442</a> from dtolnay/backtrace</li> <li><a href="https://github.com/dtolnay/anyhow/commit/7fe62b51c62804f8b84443affeacfb3810ed2516"><code>7fe62b5</code></a> Further simply backtrace conditional compilation</li> <li><a href="https://github.com/dtolnay/anyhow/commit/c8cb5cae23e57a2dbb87bf05cba04f1df1f1660b"><code>c8cb5ca</code></a> Merge pull request <a href="https://redirect.github.com/dtolnay/anyhow/issues/441">#441</a> from dtolnay/backtrace</li> <li><a href="https://github.com/dtolnay/anyhow/commit/de27df7e0f510d543c18e50a0736566b66e62baf"><code>de27df7</code></a> Delete CI use of --features=backtrace</li> <li><a href="https://github.com/dtolnay/anyhow/commit/9b67e5dd608658d805640cf1b6f6c9d091686ec1"><code>9b67e5d</code></a> Merge pull request <a href="https://redirect.github.com/dtolnay/anyhow/issues/440">#440</a> from dtolnay/backtrace</li> <li><a href="https://github.com/dtolnay/anyhow/commit/efdb11a259ca58a2e505ef50486cf2d6b5ddc42a"><code>efdb11a</code></a> Simplify <code>std_backtrace</code> conditional code</li> <li><a href="https://github.com/dtolnay/anyhow/commit/b8a9a707838969721a86b28e3c45ce27e279e981"><code>b8a9a70</code></a> Merge pull request <a href="https://redirect.github.com/dtolnay/anyhow/issues/439">#439</a> from dtolnay/backtrace</li> <li><a href="https://github.com/dtolnay/anyhow/commit/a42fc2c21846ba459df43a3f8b4996a2074909cb"><code>a42fc2c</code></a> Remove <code>feature = "backtrace"</code> conditional code</li> <li><a href="https://github.com/dtolnay/anyhow/commit/2a2a3ceb4cbc409fd99613ab5744b21e825e7908"><code>2a2a3ce</code></a> Re-word backtrace feature comment</li> <li>Additional commits viewable in <a href="https://github.com/dtolnay/anyhow/compare/1.0.101...1.0.102">compare view</a></li> </ul> </details> <br /> Updates `pyo3-log` from 0.13.2 to 0.13.3 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vorner/pyo3-log/blob/main/CHANGELOG.md">pyo3-log's changelog</a>.</em></p> <blockquote> <h1>0.13.3</h1> <ul> <li>Support for pyo3 0.28 (<a href="https://redirect.github.com/vorner/pyo3-log/issues/75">#75</a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vorner/pyo3-log/commit/a188f81c37844a0543410707296d79fe6b32cdf5"><code>a188f81</code></a> Release 0.13.3</li> <li><a href="https://github.com/vorner/pyo3-log/commit/3217bc89497492167ceae9f2f35e04acd889ec48"><code>3217bc8</code></a> Bump pyo3 to 0.28 (<a href="https://redirect.github.com/vorner/pyo3-log/issues/75">#75</a>)</li> <li>See full diff in <a href="https://github.com/vorner/pyo3-log/compare/v0.13.2...v0.13.3">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…w MAS to set the user locked status in Synapse. (#19554) Companion PR: element-hq/matrix-authentication-service#5550 to 1) send this flag and 2) provision users proactively when their lock status changes. --- Currently Synapse and MAS have two independent user lock implementations. This PR makes it so that MAS can push its lock status to Synapse when 'provisioning' the user. Having the lock status in Synapse is useful for removing users from the user directory when they are locked. There is otherwise no authentication requirement to have it in Synapse; the enforcement is done by MAS at token introspection time. --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
… image (#19523) ❌ https://github.com/element-hq/synapse/actions/runs/22609655282/job/65509315002#step:8:39 ``` Error response from daemon: No such image: complement-synapse:latest ``` Regressed in element-hq/synapse#19475 (comment) where we updated `complement.sh` to build `localhost/complement-synapse` instead of `complement-synapse`.
Always use `/<param>` instead of sometimes using `/$param` ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
It's pretty hard to remember the order of all of these ambiguous numbers. I assume they're not totally labeled already to cut down on the length when scanning with your eyes. This just adds a few hints of what each grouping is. Spawning from [staring at some Synapse logs](element-hq/matrix-hosted#10631) and cross-referencing the Synapse source code over and over.
This moves the dev dependencies to PEP 735 dependency groups, to help us move to standard project metadata, which will help us moving to `uv` (#19566) This requires poetry 2.2.0
jason-famedly
force-pushed
the
famedly-release/v1.150
branch
from
42b3841 to
d84a2a5
Compare
jason-famedly
force-pushed
the
famedly-release/v1.150
branch
from
d84a2a5 to
e2d4fbc
Compare
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## master #248 +/- ##
==========================================
+ Coverage 80.14% 80.18% +0.04%
==========================================
Files 501 501
Lines 71549 71674 +125
Branches 10751 10774 +23
==========================================
+ Hits 57342 57475 +133
+ Misses 10947 10936 -11
- Partials 3260 3263 +3
... and 5 files with indirect coverage changes Continue to review full report in Codecov by Sentry.
🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
Release bump to Synapse v1.150.0 (Famedly packaging) incorporating upstream changes and Famedly-specific build/dependency adjustments for the published Docker images.
Changes:
- Add/adjust experimental and API behaviors: sticky events in
/sync(MSC4354), delayed eventsdelay_idexposure (MSC4140), and unstable federation extremities endpoint (MSC4370). - Refactor profile propagation and deactivation erasure behavior (including custom profile fields) and improve cache-control behavior for select public endpoints.
- Update build/packaging/tooling: Poetry 2.2.1 + PEP 735 dependency groups, remove
systemdextra, add version-string override plumbing for Docker/Complement.
Reviewed changes
Copilot reviewed 64 out of 67 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/rest/synapse/mas/test_users.py | Add coverage for MAS provision user lock/unlock and deactivation behaviors. |
| tests/rest/client/test_third_party_rules.py | Update expectations for profile update callback count on deactivation. |
| tests/rest/client/test_sync_sticky_events.py | New tests for sticky events behavior in legacy /sync (MSC4354). |
| tests/rest/client/test_delayed_events.py | Add /sync assertions for delayed events delay_id exposure (MSC4140). |
| tests/rest/client/test_account.py | Update erase/deactivate tests to match new profile deletion semantics. |
| tests/handlers/test_profile.py | Add tests for background/resumable join-state updates on profile changes. |
| tests/federation/test_federation_server.py | Add tests for unstable MSC4370 extremities federation endpoint. |
| synapse/util/task_scheduler.py | Treat cancelled scheduled tasks as CANCELLED rather than generic failure. |
| synapse/util/init.py | Allow overriding Synapse version string via env var. |
| synapse/synapse_rust/events.pyi | Add delay_id field to event internal metadata typing stub. |
| synapse/storage/databases/main/sticky_events.py | Add query to fetch sticky events per-room for /sync. |
| synapse/storage/databases/main/profile.py | Add store helper to delete an entire profile row (incl. custom fields). |
| synapse/rest/synapse/mas/users.py | Allow MAS provision endpoint to set local locked status. |
| synapse/rest/client/versions.py | Add cache headers for unauthenticated /versions responses + Vary auth. |
| synapse/rest/client/sync.py | Emit msc4354_sticky section in /sync responses when present. |
| synapse/rest/client/profile.py | Update calls to profile handler to use keyword-only admin flag. |
| synapse/rest/client/auth_metadata.py | Add cache headers for unauthenticated auth metadata endpoints. |
| synapse/rest/admin/users.py | Update profile handler calls to use keyword-only admin flag. |
| synapse/module_api/init.py | Deprecate deactivation param in Module API set_displayname. |
| synapse/http/site.py | Update request log format string (adds ru= and db= labels). |
| synapse/http/server.py | Only set default Cache-Control if servlet didn’t already set it. |
| synapse/handlers/sync.py | Add sticky-event fetching/deduplication and adjust short-circuit logic. |
| synapse/handlers/sso.py | Update profile handler call signature for displayname updates. |
| synapse/handlers/room_member.py | Thread delay_id through membership event creation path. |
| synapse/handlers/profile.py | Background/resumable task for join-state updates; new deactivation profile deletion API; keyword-only admin flags. |
| synapse/handlers/message.py | Thread delay_id through event creation/sending for delayed events. |
| synapse/handlers/delayed_events.py | Pass delay_id when persisting delayed events. |
| synapse/handlers/deactivate_account.py | Erase profile via store-level delete (incl. custom fields) on deactivation. |
| synapse/federation/transport/server/federation.py | Add servlet for unstable MSC4370 extremities endpoint. |
| synapse/federation/transport/server/init.py | Register MSC4370 servlet only when experimental flag enabled. |
| synapse/federation/federation_server.py | Implement handler for MSC4370 extremities endpoint with ACL checks. |
| synapse/events/utils.py | Preserve cached event-id on clone; include delay_id in unsigned when appropriate; update comments. |
| synapse/config/experimental.py | Add config flag for MSC4370 enablement. |
| scripts-dev/complement.sh | Ensure local Complement images use checkout’s version string; add build-arg support. |
| schema/synapse-config.schema.yaml | Bump schema $id and clarify outbound federation restriction docs. |
| rust/src/events/internal_metadata.rs | Add delay_id to internal metadata serialization/deserialization. |
| pyproject.toml | Bump version to 1.150.0; migrate dev deps to dependency groups; remove systemd extra; require Poetry >=2.2.0. |
| poetry.lock | Refresh lockfile for Poetry 2.2.1 / dependency group changes and updated deps. |
| mypy.ini | Update docs reference to dependency-groups location. |
| docs/usage/configuration/logging_sample_config.md | Clarify systemd-python requirement for JournalHandler configs. |
| docs/usage/configuration/config_documentation.md | Clarify outbound federation restriction includes SBG. |
| docs/usage/administration/request_log.md | Update examples to match new request log format labels. |
| docs/upgrade.md | Add v1.150.0 upgrade notes (systemd extra removal, Module API deprecation, log format change). |
| docs/setup/installation.md | Document systemd-python manual install requirement for journald logging. |
| docs/development/dependencies.md | Update minimum Poetry version guidance. |
| docs/development/contributing_guide.md | Point Complement usage docs to in-repo Complement docs. |
| docs/admin_api/user_admin_api.md | Document custom profile field removal on erase; normalize path param formatting. |
| docker/README-testing.md | Update Complement testing doc pointers. |
| docker/Dockerfile | Bump Poetry version; add version string build arg/env for runtime version reporting. |
| debian/changelog | Add Debian packaging entries for 1.150.0 / rc1. |
| debian/build_virtualenv | Bump Poetry; remove systemd extra export; explicitly include systemd-python in packaged venv. |
| contrib/systemd/log_config.yaml | Note runtime requirement for systemd-python. |
| contrib/systemd/README.md | Document journald logging dependency requirement. |
| complement/tests/synapse_version_check_test.go | New Complement test to ensure image version matches current checkout. |
| complement/go.sum | Update Go dependency checksums for new/updated indirect deps. |
| complement/go.mod | Add missing indirect dependency entry. |
| complement/README.md | Unify Complement runner documentation and troubleshooting guidance. |
| Cargo.lock | Update Rust dependency lock versions. |
| CHANGES.md | Add upstream 1.150.0 and rc1 changelog entries. |
| .github/workflows/twisted_trunk.yml | Bump Poetry version in CI. |
| .github/workflows/tests.yml | Bump Poetry version; add Complement image sanity-check step. |
| .github/workflows/push_complement_image.yml | Fix tag source image name to match locally built Complement image. |
| .github/workflows/latest_deps.yml | Bump Poetry version in CI job. |
| .github/workflows/fix_lint.yaml | Bump Poetry version in lint-fix workflow. |
| .github/workflows/famedly-tests.yml | Bump Poetry version; ensure Poetry available for Complement runner. |
| .github/workflows/docker.yml | Bump docker/build-push-action version pin. |
| .ci/scripts/calculate_builds.py | Update mod pack build matrix to mod024/mod025. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The 'deactivation' argument was removed from the profile handler setting methods. Will have to use another method Keeping the tests
And refactor a test helper that was mostly duplicated code
jason-famedly
force-pushed
the
famedly-release/v1.150
branch
from
d58be3c to
e2bb843
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 64 out of 67 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Famedly Synapse release v1.150.0_1
Docker image tags available:
v1.150.0_1-mod024v1.150.0_1-mod025Famedly additions for v1.150.0_1
Notes for Famedly:
delay_idin the event'sunsignedsection in/syncresponses to the event sender.