mirror of
https://github.com/element-hq/synapse.git
synced 2026-03-29 15:20:16 +00:00
8ad7e8af81bd655deb2014a7df04cf218c8a829d
25606 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Eric Eastwood
|
8ad7e8af81 |
Add some light labels to the Processed request logs (#19548)
It's pretty hard to remember the order of all of these ambiguous numbers. I assume they're not totally labeled already to cut down on the length when scanning with your eyes. This just adds a few hints of what each grouping is. Spawning from [staring at some Synapse logs](https://github.com/element-hq/matrix-hosted/issues/10631) and cross-referencing the Synapse source code over and over. |
||
|
Andrew Ferrazzutti
|
8a6d9a8d45 |
Admin API docs: use consistent path param syntax (#19307)
Always use `/<param>` instead of sometimes using `/$param` ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) |
||
|
Eric Eastwood
|
c37a5bb4cd |
Restore localhost/complement-synapse change from #19523
See https://github.com/element-hq/synapse/pull/19523#discussion_r2944133700 |
||
|
Eric Eastwood
|
6254e009bb |
Fix Build and push complement image CI job pointing to non-existent image (#19523)
❌ https://github.com/element-hq/synapse/actions/runs/22609655282/job/65509315002#step:8:39 ``` Error response from daemon: No such image: complement-synapse:latest ``` Regressed in https://github.com/element-hq/synapse/pull/19475#discussion_r2823157623 where we updated `complement.sh` to build `localhost/complement-synapse` instead of `complement-synapse`. |
||
|
Olivier 'reivilibre
|
3aa948c50c |
When Matrix Authentication Service (MAS) integration is enabled, allow MAS to set the user locked status in Synapse. (#19554)
Companion PR: https://github.com/element-hq/matrix-authentication-service/pull/5550 to 1) send this flag and 2) provision users proactively when their lock status changes. --- Currently Synapse and MAS have two independent user lock implementations. This PR makes it so that MAS can push its lock status to Synapse when 'provisioning' the user. Having the lock status in Synapse is useful for removing users from the user directory when they are locked. There is otherwise no authentication requirement to have it in Synapse; the enforcement is done by MAS at token introspection time. --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org> |
||
|
dependabot[bot]
|
a71c468b04 |
Bump the patches group with 2 updates (#19536)
Bumps the patches group with 2 updates: [anyhow](https://github.com/dtolnay/anyhow) and [pyo3-log](https://github.com/vorner/pyo3-log). Updates `anyhow` from 1.0.101 to 1.0.102 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/anyhow/releases">anyhow's releases</a>.</em></p> <blockquote> <h2>1.0.102</h2> <ul> <li>Remove backtrace dependency (<a href="https://redirect.github.com/dtolnay/anyhow/issues/438">#438</a>, <a href="https://redirect.github.com/dtolnay/anyhow/issues/439">#439</a>, <a href="https://redirect.github.com/dtolnay/anyhow/issues/440">#440</a>, <a href="https://redirect.github.com/dtolnay/anyhow/issues/441">#441</a>, <a href="https://redirect.github.com/dtolnay/anyhow/issues/442">#442</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
cdd261b1c6 |
Bump pyopenssl from 25.3.0 to 26.0.0 (#19574)
Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 25.3.0 to 26.0.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst">pyopenssl's changelog</a>.</em></p> <blockquote> <h2>26.0.0 (2026-03-15)</h2> <p>Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^</p> <ul> <li>Dropped support for Python 3.7.</li> <li>The minimum <code>cryptography</code> version is now 46.0.0.</li> </ul> <p>Deprecations: ^^^^^^^^^^^^^</p> <p>Changes: ^^^^^^^^</p> <ul> <li>Added support for using aws-lc instead of OpenSSL.</li> <li>Properly raise an error if a DTLS cookie callback returned a cookie longer than <code>DTLS1_COOKIE_LENGTH</code> bytes. Previously this would result in a buffer-overflow. Credit to <strong>dark_haxor</strong> for reporting the issue. <strong>CVE-2026-27459</strong></li> <li>Added <code>OpenSSL.SSL.Connection.get_group_name</code> to determine which group name was negotiated.</li> <li><code>Context.set_tlsext_servername_callback</code> now handles exceptions raised in the callback by calling <code>sys.excepthook</code> and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to <strong>Leury Castillo</strong> for reporting this issue. <strong>CVE-2026-27448</strong></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
eedd4c8796 |
Bump pyjwt from 2.11.0 to 2.12.0 (#19560)
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.11.0 to 2.12.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/releases">pyjwt's releases</a>.</em></p> <blockquote> <h2>2.12.0</h2> <h2>Security</h2> <ul> <li>Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by <a href="https://github.com/dmbs335"><code>@dmbs335</code></a> in <a href="https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f">GHSA-752w-5fwx-jx9f</a></li> </ul> <h2>What's Changed</h2> <ul> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1132">jpadilla/pyjwt#1132</a></li> <li>chore(docs): fix docs build by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1137">jpadilla/pyjwt#1137</a></li> <li>Annotate PyJWKSet.keys for pyright by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1134">jpadilla/pyjwt#1134</a></li> <li>fix: close HTTPError to prevent ResourceWarning on Python 3.14 by <a href="https://github.com/veeceey"><code>@veeceey</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1133">jpadilla/pyjwt#1133</a></li> <li>chore: remove superfluous constants by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1136">jpadilla/pyjwt#1136</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1135">jpadilla/pyjwt#1135</a></li> <li>chore(tests): enable mypy by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1138">jpadilla/pyjwt#1138</a></li> <li>Bump actions/download-artifact from 7 to 8 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1142">jpadilla/pyjwt#1142</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1141">jpadilla/pyjwt#1141</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1145">jpadilla/pyjwt#1145</a></li> <li>fix: do not store reference to algorithms dict on PyJWK by <a href="https://github.com/akx"><code>@akx</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1143">jpadilla/pyjwt#1143</a></li> <li>Use PyJWK algorithm when encoding without explicit algorithm by <a href="https://github.com/jpadilla"><code>@jpadilla</code></a> in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1148">jpadilla/pyjwt#1148</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/tamird"><code>@tamird</code></a> made their first contribution in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1137">jpadilla/pyjwt#1137</a></li> <li><a href="https://github.com/veeceey"><code>@veeceey</code></a> made their first contribution in <a href="https://redirect.github.com/jpadilla/pyjwt/pull/1133">jpadilla/pyjwt#1133</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0">https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p> <blockquote> <h2><code>v2.12.0 <https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0></code>__</h2> <p>Fixed</p> <pre><code> - Annotate PyJWKSet.keys for pyright by @tamird in `[#1134](https://github.com/jpadilla/pyjwt/issues/1134) <https://github.com/jpadilla/pyjwt/pull/1134>`__ - Close ``HTTPError`` response to prevent ``ResourceWarning`` on Python 3.14 by @veeceey in `[#1133](https://github.com/jpadilla/pyjwt/issues/1133) <https://github.com/jpadilla/pyjwt/pull/1133>`__ - Do not keep ``algorithms`` dict in PyJWK instances by @akx in `[#1143](https://github.com/jpadilla/pyjwt/issues/1143) <https://github.com/jpadilla/pyjwt/pull/1143>`__ - Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @dmbs335 in `GHSA-752w-5fwx-jx9f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f>`__ - Use PyJWK algorithm when encoding without explicit algorithm in `[#1148](https://github.com/jpadilla/pyjwt/issues/1148) <https://github.com/jpadilla/pyjwt/pull/1148>`__ <p>Added </code></pre></p> <ul> <li>Docs: Add <code>PyJWKClient</code> API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Andrew Ferrazzutti
|
c0924fbbd8 |
MSC4140: put delay_id in unsigned data for sender (#19479)
Implements
|
||
|
Quentin Gliech
|
4c475dcd7a |
Allow the caching of the /versions and /auth_metadata endpoints (#19530)
Can be reviewed commit by commit. This sets caching headers on the /versions and /auth_metadata endpoints to: - allow clients to cache the response for up to 10 minutes (`max-age=600`) - allow proxies to cache the response for up to an hour (`s-maxage=3600`) - make proxies serve stale response for up to an hour (`s-maxage=3600`) but make them refresh their response after 10 minutes (`stale-while-revalidate=600`) so that we always have a snappy response to client, but also have fresh responses most of the time - only cache the response for unauthenticated requests on /versions (`Vary: Authorization`) I'm not too worried about the 1h TTL on the proxy side, as with the `stale-while-revalidate` directive, one just needs to do two requests after 10 minutes to get a fresh response from the cache. The reason we want this, is that clients usually load this right away, leading to a lot of traffic from people just loading the Element Web login screen with the default config. This is currently routed to `client_readers` on matrix.org (and ESS) which can be overwhelmed for other reasons, leading to slow response times on those endpoints (3s+). Overwhelmed workers shouldn't prevent people from logging in, and shouldn't result in a long loading spinner in clients. This PR allows caching proxies (like Cloudflare) to publicly cache the unauthenticated response of those two endpoints and make it load quicker, reducing server load as well. |
||
|
dependabot[bot]
|
3ce5508c7e |
Bump quinn-proto from 0.11.12 to 0.11.14 (#19544)
Bumps [quinn-proto](https://github.com/quinn-rs/quinn) from 0.11.12 to 0.11.14. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/quinn-rs/quinn/releases">quinn-proto's releases</a>.</em></p> <blockquote> <h2>quinn-proto 0.11.14</h2> <p><a href="https://github.com/jxs"><code>@jxs</code></a> reported a denial of service issue in quinn-proto 5 days ago:</p> <ul> <li><a href="https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98">https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98</a></li> </ul> <p>We coordinated with them to release this version to patch the issue. Unfortunately the maintainers missed these issues during code review and we did not have enough fuzzing coverage -- we regret the oversight and have added an additional fuzzing target.</p> <p>Organizations that want to participate in coordinated disclosure can contact us privately to discuss terms.</p> <h2>What's Changed</h2> <ul> <li>Fix over-permissive proto dependency edge by <a href="https://github.com/Ralith"><code>@Ralith</code></a> in <a href="https://redirect.github.com/quinn-rs/quinn/pull/2385">quinn-rs/quinn#2385</a></li> <li>0.11.x: avoid unwrapping VarInt decoding during parameter parsing by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/quinn-rs/quinn/pull/2559">quinn-rs/quinn#2559</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Quentin Gliech
|
8d03a4df11 |
Avoid re-computing the event ID when cloning events. (#19527)
`event_id` is a lazily-computed property on events, as it's a hash of the event content on room version 3 and later. The reason we do this is that it helps finding database inconsistencies by not trusting the event ID we got from the database. The thing is, when we clone events (to return them through /sync or /messages for example) we don't copy the computed hash if we already computed it, duplicating the work. This copies the internal `_event_id` property. |
||
|
dependabot[bot]
|
18f717d717 |
Bump tornado from 6.5.4 to 6.5.5 (#19551)
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.5.4 to 6.5.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst">tornado's changelog</a>.</em></p> <blockquote> <h1>Release notes</h1> <p>.. toctree:: :maxdepth: 2</p> <p>releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Eric Eastwood
|
e30001883c |
Add in-repo Complement test to sanity check Synapse version matches git checkout (#19476)
This way we actually detect problems like https://github.com/element-hq/synapse/pull/19475 as they happen instead of being invisible until something breaks. Sanity check that Complement is testing against your code changes (whether it be local or from the PR in CI). ``` COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh --in-repo -run TestSynapseVersion ``` |
||
|
Olivier 'reivilibre
|
ae239280cb |
Fix a bug introduced in v1.26.0 that caused deactivated, erased users to not be removed from the user directory. (#19542)
Fixes: #19540 Fixes: #16290 (side effect of the proposed fix) Closes: #12804 (side effect of the proposed fix) Introduced in: https://github.com/matrix-org/synapse/pull/8932 --- This PR is a relatively simple simplification of the profile change on deactivation that appears to remove multiple bugs. This PR's **primary motivating fix** is #19540: when a user is deactivated and erased, they would be kept in the user directory. This bug appears to have been here since #8932 (previously https://github.com/matrix-org/synapse/pull/8932) (v1.26.0). The root cause of this bug is that after removing the user from the user directory, we would immediately update their displayname and avatar to empty strings (one at a time), which re-inserts the user into the user directory. With this PR, we now delete the entire `profiles` row upon user erasure, which is cleaner (from a 'your database goes back to zero after deactivating and erasing a user' point of view) and only needs one database operation (instead of doing displayname then avatar). With this PR, we also no longer send the 2 (deferred) `m.room.member` `join` events to every room to propagate the displayname and avatar_url changes. This is good for two reasons: - the user is about to get parted from those rooms anyway, so this reduces the number of state events sent per room from 3 to 1. (More efficient for us in the moment and leaves less litter in the room DAG.) - it is possible for the displayname/avatar update to be sent **after** the user parting, which seems as though it could trigger the user to be re-joined to a public room. (With that said, although this sounds vaguely familiar in my lossy memory, I can't find a ticket that actually describes this bug, so this might be fictional. Edit: #16290 seems to describe this, although the title is misleading.) Additionally, as a side effect of the proposed fix (deleting the `profiles` row), this PR also now deletes custom profile fields upon user erasure, which is a new feature/bugfix (not sure which) in its own right. I do not see a ticket that corresponds to this feature gap, possibly because custom profile fields are still a niche feature without mainstream support (to the best of my knowledge). Tests are included for the primary bugfix and for the cleanup of custom profile fields. ### `set_displayname` module API change This change includes a minor _technically_-breaking change to the module API. The change concerns `set_displayname` which is exposed to the module API with a `deactivation: bool = False` flag, matching the internal handler method it wraps. I suspect that this is a mistake caused by overly-faithfully piping through the args from the wrapped method (this Module API was introduced in https://github.com/matrix-org/synapse/pull/14629/changes#diff-0b449f6f95672437cf04f0b5512572b4a6a729d2759c438b7c206ea249619885R1592). The linked PR did the same for `by_admin` originally before it was changed. The `deactivation` flag's only purpose is to be piped through to other Module API callbacks when a module has registered to be notified about profile changes. My claim is that it makes no sense for the Module API to have this flag because it is not the one doing the deactivation, thus it should never be in a position to set this to `True`. My proposed change keeps the flag (for function signature compatibility), but turns it into a no-op (with a `ERROR` log when it's set to True by the module). The Module API callback notifying of the module-caused displayname change will therefore now always have `deactivation = False`. *Discussed in [`#synapse-dev:matrix.org`](https://matrix.to/#/!i5D5LLct_DYG-4hQprLzrxdbZ580U9UB6AEgFnk6rZQ/$1f8N6G_EJUI_I_LvplnVAF2UFZTw_FzgsPfB6pbcPKk?via=element.io&via=matrix.org&via=beeper.com)* --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org> |
||
|
Quentin Gliech
|
59c9e92aed | Merge branch 'master' into develop | ||
|
Quentin Gliech
|
b99a58719b | 1.149.1 v1.149.1 | ||
|
Andrew Morgan
|
f37a30d7c5 |
Bump matrix-synapse-ldap3 to v0.4.0 in poetry.lock (#19543)
To address https://github.com/element-hq/synapse/issues/19541 ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) |
||
|
Quentin Gliech
|
1caa602960 | Merge branch 'master' into develop | ||
|
Quentin Gliech
|
86dc38621f | 1.149.0 v1.149.0 | ||
|
Olivier 'reivilibre
|
6e1ac551f4 |
Expose MSC4354 Sticky Events over the legacy (v3) /sync API. (#19487)
Follows: #19365 Part of: MSC4354 whose experimental feature tracking issue is #19409 Partially supersedes: #18968 --------- Signed-off-by: Olivier 'reivilibre' <oliverw@matrix.org> |
||
|
Quentin Gliech
|
16125cecd2 |
Remove the optional systemd-python dependency (#19491)
Summary - drop the `systemd` extra from `pyproject.toml` and the `systemd-python` optional dependency - this means we don't ship the journald log handler, so it clarifies the docs how to install that in the venv - ensure the Debian virtualenv build keeps shipping `systemd-python>=231` in the venv, so the packaged log config can keep using `systemd.journal.JournalHandler` Context of this is the following: > Today in my 'how hard would it be to move to uv' journey: https://github.com/systemd/python-systemd/issues/167 > > The gist of it is that uv really wants to create a universal lock file, which means it needs to be able to resolve the package metadata, even for packages locked for other platforms. In the case of systemd-python, they use mesonpy as build backend, which doesn't implement prepare_metadata_for_build_wheel, which means it needs to run meson to be able to resolve the package metadata. And it will hard-fail if libsystemd dev headers aren't available 😭 > > [*message in #synapse-dev:matrix.org*](https://matrix.to/#/!i5D5LLct_DYG-4hQprLzrxdbZ580U9UB6AEgFnk6rZQ/$OKLB3TJVXAwq43sAZFJ-_PvMMzl4P_lWmSAtlmsoMuM?via=element.io&via=matrix.org&via=beeper.com) |
||
|
Travis Ralston
|
6e21f9c12b |
Add unstable federation API for MSC4370 GET /extremities (#19314)
MSC (recommended reading): https://github.com/matrix-org/matrix-spec-proposals/pull/4370 ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: turt2live <1190097+turt2live@users.noreply.github.com> Co-authored-by: Olivier 'reivilibre' <oliverw@element.io> |
||
|
Mathieu Velten
|
699a898b30 | Backgrounds membership updates when changing the avatar or the display name (#19311) | ||
|
Eric Eastwood
|
46c6e0ae1e |
Unify Complement developer docs (#19518)
Instead of having info spread across a few places, consolidate and link to one spot. |
||
|
dependabot[bot]
|
c2c05879bb |
Bump docker/build-push-action from 6.18.0 to 6.19.2 in the minor-and-patches group (#19514)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Quentin Gliech
|
fd61b8eeb0 | Merge branch 'release-v1.149' into develop | ||
|
Eric Eastwood
|
51048b8e36 |
Update docs to clarify outbound_federation_restricted_to can also be used with the SBG (#19517)
[Secure Border Gateway (SBG)](https://element.io/en/server-suite/secure-border-gateways)
Spawning from [internal
discussion](https://matrix.to/#/!mNoPShRlwEeyHAEJOe:element.io/$6eGip85OUKOmyK1VzqrFMc7eF7dON7Vs76O40kVbRRY?via=banzan.uk&via=element.io&via=jki.re)
around integrating [Synapse Pro for small
hosts](https://docs.element.io/latest/element-server-suite-pro/synapse-pro-for-small-hosts/overview)
in the [Element Server Suite (ESS)](https://element.io/en/server-suite)
stack and wanting it be compatible with the SBG.
We know that the SBG works with monolith Synapse because that's what we
have configured with the [Complement tests in the SBG
repo](
|
||
|
Quentin Gliech
|
639922e835 | 1.149.0rc1 v1.149.0rc1 | ||
|
Eric Eastwood
|
160d9788c0 |
Simplify Rust HTTP client response streaming and limiting (#19510)
*As suggested by @sandhose in https://github.com/element-hq/synapse/pull/19498#discussion_r2865607737,* Simplify Rust HTTP client response streaming and limiting ### Dev notes Synapse's Rust HTTP client was introduced in https://github.com/element-hq/synapse/pull/18357 ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) |
||
|
Eric Eastwood
|
c3af44339c |
Fix /sync missing membership in state_after (re-introduce) (#19460)
*This PR was originally only to enable [MSC4222](https://github.com/matrix-org/matrix-spec-proposals/pull/4222) Complement tests (`/sync` `state_after`) but after merging the [fix PR](https://github.com/element-hq/synapse/pull/19463), we discovered that while the tests pass locally, [fail in CI](https://github.com/element-hq/synapse/pull/19460#discussion_r2818080879). To unblock the RC, we decided to revert the fix PR (see https://github.com/element-hq/synapse/pull/19474#discussion_r2818061001 for more info). To better ensure tests actually pass in CI, we're re-introducing the fix here in the same PR that we enable the tests in.* --- Fix `/sync` missing membership in `state_after`. This applies to any scenario where the first membership has a different `sender` compared to the `state_key` and then the second membership has the same `sender`/`state_key`. Like someone inviting another person and then them joining. Or someone being kicked and then they leave. This bug has been present since the MSC4222 implementation was introduced into the codebase (https://github.com/element-hq/synapse/pull/17888). --- Fix https://github.com/element-hq/synapse/issues/19455 Fix https://github.com/element-hq/customer-success/issues/656 I have a feeling, this might also fix these issues (will close and see how people report back): Fix https://github.com/element-hq/synapse/issues/18182 Fix https://github.com/element-hq/synapse/issues/19478 ### Testing strategy Complement tests: https://github.com/matrix-org/complement/pull/842 We will need https://github.com/element-hq/synapse/pull/19460 to merge in order to enable the Complement tests in Synapse but this PR should be merged first so they pass in the first place. I've tested locally that the Complement tests pass with this fix. ### Dev notes [MSC4222](https://github.com/matrix-org/matrix-spec-proposals/pull/4222) has already been merged into the spec and is already part of Matrix v1.16 but we haven't [stabilized support in Synapse yet](https://github.com/element-hq/synapse/issues/19414). --- In the same ballpark: - https://github.com/element-hq/synapse/issues/19455 - https://github.com/element-hq/synapse/issues/17050 - https://github.com/element-hq/synapse/issues/17430 - https://github.com/element-hq/synapse/issues/16940 - https://github.com/element-hq/synapse/issues/18182 - https://github.com/element-hq/synapse/issues/18793 - https://github.com/element-hq/synapse/issues/19478 --- Docker builds preferring remote image over the local image we just built, https://github.com/element-hq/synapse/pull/19460#discussion_r2818080879 `containerd` image store (storage driver, driver type) -> https://github.com/element-hq/synapse/pull/19475 ### Todo - [x] Wait for https://github.com/element-hq/synapse/pull/19463 to merge so the Complement tests all pass - [x] Wait for https://github.com/element-hq/synapse/pull/19475 to merge ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Andrew Ferrazzutti <andrewf@element.io> |
||
|
Quentin Gliech
|
094a48efb5 |
Bump all locked dependencies to their latest versions. (#19519)
This is a manual lock bump, as it looks like Dependabot is currently timing out updating dependencies. This should hopefully unlock it, as it will have fewer dependencies to update. Two outstanding exceptions: - pympler upgrade adds a pywin32 deps, which is missing sdist (so CI is complaining) - pysaml2 for some unknown reason pinned the MAX version of pyopenssl, which duplicates pyopenssl and cryptography, which obviously breaks stuff |
||
|
dependabot[bot]
|
2deeef4118 |
Bump futures from 0.3.31 to 0.3.32 in the patches group (#19513)
Bumps the patches group with 1 update: [futures](https://github.com/rust-lang/futures-rs). Updates `futures` from 0.3.31 to 0.3.32 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/futures-rs/releases">futures's releases</a>.</em></p> <blockquote> <h2>0.3.32</h2> <ul> <li>Bump MSRV of utility crates to 1.71. (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2989">#2989</a>)</li> <li>Soft-deprecate <code>ready!</code> macro in favor of <code>std::task::ready!</code> added in Rust 1.64 (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2925">#2925</a>)</li> <li>Soft-deprecate <code>pin_mut!</code> macro in favor of <code>std::pin::pin!</code> added in Rust 1.68 (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2929">#2929</a>)</li> <li>Add <code>FuturesOrdered::clear</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2927">#2927</a>)</li> <li>Add <code>mpsc::*Receiver::recv</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2947">#2947</a>)</li> <li>Add <code>mpsc::*Receiver::try_recv</code> and deprecate <code>mpsc::*Receiver::::try_next</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2944">#2944</a>)</li> <li>Implement <code>FusedStream</code> for <code>sink::With</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2948">#2948</a>)</li> <li>Add <code>no_std</code> support for <code>shared</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2868">#2868</a>)</li> <li>Make <code>Mutex::new()</code> const (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2956">#2956</a>)</li> <li>Add <code>#[clippy::has_significant_drop]</code> to guards (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2967">#2967</a>)</li> <li>Remove dependency to <code>pin-utils</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2929">#2929</a>)</li> <li>Remove dependency on <code>num_cpus</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2946">#2946</a>)</li> <li>Performance improvements (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2983">#2983</a>)</li> <li>Documentation improvements (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2925">#2925</a>, <a href="https://redirect.github.com/rust-lang/futures-rs/issues/2926">#2926</a>, <a href="https://redirect.github.com/rust-lang/futures-rs/issues/2940">#2940</a>, <a href="https://redirect.github.com/rust-lang/futures-rs/issues/2971">#2971</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/futures-rs/blob/master/CHANGELOG.md">futures's changelog</a>.</em></p> <blockquote> <h1>0.3.32 - 2026-02-15</h1> <ul> <li>Bump MSRV of utility crates to 1.71. (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2989">#2989</a>)</li> <li>Soft-deprecate <code>ready!</code> macro in favor of <code>std::task::ready!</code> added in Rust 1.64 (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2925">#2925</a>)</li> <li>Soft-deprecate <code>pin_mut!</code> macro in favor of <code>std::pin::pin!</code> added in Rust 1.68 (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2929">#2929</a>)</li> <li>Add <code>FuturesOrdered::clear</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2927">#2927</a>)</li> <li>Add <code>mpsc::*Receiver::recv</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2947">#2947</a>)</li> <li>Add <code>mpsc::*Receiver::try_recv</code> and deprecate <code>mpsc::*Receiver::::try_next</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2944">#2944</a>)</li> <li>Implement <code>FusedStream</code> for <code>sink::With</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2948">#2948</a>)</li> <li>Add <code>no_std</code> support for <code>shared</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2868">#2868</a>)</li> <li>Make <code>Mutex::new()</code> const (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2956">#2956</a>)</li> <li>Add <code>#[clippy::has_significant_drop]</code> to guards (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2967">#2967</a>)</li> <li>Remove dependency to <code>pin-utils</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2929">#2929</a>)</li> <li>Remove dependency on <code>num_cpus</code> (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2946">#2946</a>)</li> <li>Performance improvements (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2983">#2983</a>)</li> <li>Documentation improvements (<a href="https://redirect.github.com/rust-lang/futures-rs/issues/2925">#2925</a>, <a href="https://redirect.github.com/rust-lang/futures-rs/issues/2926">#2926</a>, <a href="https://redirect.github.com/rust-lang/futures-rs/issues/2940">#2940</a>, <a href="https://redirect.github.com/rust-lang/futures-rs/issues/2971">#2971</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Olivier 'reivilibre
|
825f3087bf |
Replace deprecated collection import locations with current locations. (#19515)
Use non-deprecated imports for collections Other than being deprecated, these legacy imports also don't seem to be compatible with [Ty](https://github.com/astral-sh/ty) --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org> |
||
|
Erik Johnston
|
0d3e42f21f |
Yield to reactor in large loops (#19507)
When a worker gets very busy some of these loops can get large and end up taking hundreds of ms to complete. To help keep the reactor tick times reasonable we add a periodic yield into these loops. These were found by doing a `py-spy` and speedscope.net (in time order) to see where we were spending blocks of time |
||
|
Eric Eastwood
|
979566ed8f |
Pre-allocate the buffer based on the expected Content-Length with the Rust HTTP client (#19498)
Spawning from [looking](https://matrix.to/#/!cnVVNLKqgUzNTOFQkz:matrix.org/$XOVFm5mjCzzmhUaGc202zGdSq8eWgjr00MJqNSfzHiA?via=element.io&via=matrix.org&via=one.ems.host) at some traces and seeing the Synapse Rust HTTP client taking way longer than what the Synapse Pro Event Cache claims it was able to respond in (added some [better tracing](https://github.com/element-hq/synapse-pro-modules/pull/38) for that). I don't think this specific change will have a meaningful impact but just something I saw (pre-optimization). |
||
|
Richard van der Hoff
|
b9ea2285b3 |
Add stable support for MSC4380 invite blocking. (#19431)
MSC4380 has now completed FCP, so we can add stable support for it. Co-authored-by: Quentin Gliech <quenting@element.io> |
||
|
dependabot[bot]
|
9de28df7a2 |
Bump docker/login-action from 3.6.0 to 3.7.0 in the minor-and-patches group (#19493)
Bumps the minor-and-patches group with 1 update: [docker/login-action](https://github.com/docker/login-action). Updates `docker/login-action` from 3.6.0 to 3.7.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v3.7.0</h2> <ul> <li>Add <code>scope</code> input to set scopes for the authentication token by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/912">docker/login-action#912</a></li> <li>Add support for AWS European Sovereign Cloud ECR by <a href="https://github.com/dphi"><code>@dphi</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/914">docker/login-action#914</a></li> <li>Ensure passwords are redacted with <code>registry-auth</code> input by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/911">docker/login-action#911</a></li> <li>build(deps): bump lodash from 4.17.21 to 4.17.23 in <a href="https://redirect.github.com/docker/login-action/pull/915">docker/login-action#915</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.6.0...v3.7.0">https://github.com/docker/login-action/compare/v3.6.0...v3.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Erik Johnston
|
2c73e8daef | Allow long lived syncs to be cancelled if client has gone away (#19499) | ||
|
Hugh Nimmo-Smith
|
f78d011df1 |
Experimental implementation of unstable MSC4388 for Sign in with QR (#19127)
Co-authored-by: Olivier 'reivilibre' <oliverw@element.io> |
||
|
Eric Eastwood
|
ac3a115511 |
Log if we ever gc.freeze() (#19440)
Spawning from
https://github.com/element-hq/synapse-small-hosts/issues/348 where some
test appears to be flaky because some homeserver objects are frozen in
the garbage collector.
We set
[`freeze=False`](
|
||
|
Brad Murray
|
bc15ed3c62 |
DeviceHandler: Add a log line when we delete a device (#19496)
Deleting devices should be fairly rare, and if someone gets logged out it's helpful to grep logs for a user id or device id and see where it died. |
||
|
Quentin Gliech
|
3d30735e79 | Merge branch 'master' into develop | ||
|
Quentin Gliech
|
b30607ccaf | 1.148.0 v1.148.0 | ||
|
Olivier 'reivilibre
|
16245f0550 |
Fix the 'Login as a user' Admin API not checking if the user exists before issuing an access token. (#18518)
Fixes: #18503 --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org> Co-authored-by: Quentin Gliech <quenting@element.io> |
||
|
Olivier 'reivilibre
|
4500652459 |
Rename the test_disconnect test helper so that pytest doesn't see it as a test. (#19486)
This fixes one of the 2 blockers to using pytest instead of Trial (which is not formally-motivated, but sometimes seems like an interesting idea because pytest has seen a lot of developer experience features that Trial hasn't. It would also removes one more coupling to the Twisted framework.) --- The `test_` prefix to this test helper makes it appear as a test to pytest. We *can* set a `__test__ = False` attribute on the test, but it felt cleaner to just rename it (as I also thought it would be a test from that name!). This was previously reported as: https://github.com/element-hq/synapse/issues/18665 --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org> |
||
|
dependabot[bot]
|
9b738d2ec5 |
Bump the patches group with 2 updates (#19488)
Bumps the patches group with 2 updates: [anyhow](https://github.com/dtolnay/anyhow) and [regex](https://github.com/rust-lang/regex). Updates `anyhow` from 1.0.100 to 1.0.101 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/anyhow/releases">anyhow's releases</a>.</em></p> <blockquote> <h2>1.0.101</h2> <ul> <li>Add #[inline] to anyhow::Ok helper (<a href="https://redirect.github.com/dtolnay/anyhow/issues/437">#437</a>, thanks <a href="https://github.com/Ibitier"><code>@Ibitier</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0ac772f082 |
Bump pillow from 12.0.0 to 12.1.1 (#19454)
Bumps [pillow](https://github.com/python-pillow/Pillow) from 12.0.0 to 12.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow's releases</a>.</em></p> <blockquote> <h2>12.1.1</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html</a></p> <h2>Dependencies</h2> <ul> <li>Patch libavif for svt-av1 4.0 compatibility <a href="https://redirect.github.com/python-pillow/Pillow/issues/9413">#9413</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li> </ul> <h2>Other changes</h2> <ul> <li>Fix OOB Write with invalid tile extents <a href="https://redirect.github.com/python-pillow/Pillow/issues/9427">#9427</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> </ul> <h2>12.1.0</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html</a></p> <h2>Deprecations</h2> <ul> <li>Deprecate getdata(), in favour of new get_flattened_data() <a href="https://redirect.github.com/python-pillow/Pillow/issues/9292">#9292</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> </ul> <h2>Documentation</h2> <ul> <li>Specify APNG duration type when opening <a href="https://redirect.github.com/python-pillow/Pillow/issues/9368">#9368</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Added release notes for <a href="https://redirect.github.com/python-pillow/Pillow/issues/9350">#9350</a> <a href="https://redirect.github.com/python-pillow/Pillow/issues/9366">#9366</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update ImageMorph documentation <a href="https://redirect.github.com/python-pillow/Pillow/issues/9349">#9349</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Docs: update major bump cadence <a href="https://redirect.github.com/python-pillow/Pillow/issues/9334">#9334</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li> <li>Add release notes for <a href="https://redirect.github.com/python-pillow/Pillow/issues/9070">#9070</a> <a href="https://redirect.github.com/python-pillow/Pillow/issues/9320">#9320</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Updated Ubuntu version <a href="https://redirect.github.com/python-pillow/Pillow/issues/9306">#9306</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update macOS tested Pillow versions <a href="https://redirect.github.com/python-pillow/Pillow/issues/9265">#9265</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> </ul> <h2>Dependencies</h2> <ul> <li>Update harfbuzz to 12.3.0 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9355">#9355</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update xz to 5.8.2 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9343">#9343</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Updated libjpeg-turbo to 3.1.3 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9333">#9333</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Updated zlib-ng to 2.3.2 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9324">#9324</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Updated libpng to 1.6.53 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9325">#9325</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update actions/checkout action to v6 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9323">#9323</a> [@<a href="https://github.com/apps/renovate">renovate[bot]</a>]</li> <li>Update dependency mypy to v1.19.0 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9322">#9322</a> [@<a href="https://github.com/apps/renovate">renovate[bot]</a>]</li> <li>Updated libpng to 1.6.51 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9305">#9305</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Updated brotli to 1.2.0 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9284">#9284</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update libimagequant to 4.4.1 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9301">#9301</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update zlib-ng to 2.3.1, except on manylinux2014 aarch64 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9312">#9312</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Updated harfbuzz to 12.2.0 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9289">#9289</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Update github-actions <a href="https://redirect.github.com/python-pillow/Pillow/issues/9277">#9277</a> [@<a href="https://github.com/apps/renovate">renovate[bot]</a>]</li> </ul> <h2>Testing</h2> <ul> <li>Replace pre-commit with prek <a href="https://redirect.github.com/python-pillow/Pillow/issues/9360">#9360</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li> <li>Test PyQt6 on Python 3.14 on Windows <a href="https://redirect.github.com/python-pillow/Pillow/issues/9353">#9353</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Test 32-bit Windows on Windows Server 2022 <a href="https://redirect.github.com/python-pillow/Pillow/issues/9345">#9345</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Correct variable type <a href="https://redirect.github.com/python-pillow/Pillow/issues/9335">#9335</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Eric Eastwood
|
04206aebdf |
Log docker system info in CI (#19480)
Follow-up to https://github.com/element-hq/synapse/pull/19460#discussion_r2819139638 and https://github.com/element-hq/synapse/pull/19475 |
||
|
Eric Eastwood
|
b2778dae70 |
Fix Complement CI not running against the code from our PRs (remote images being chosen over local) (#19475)
Fix remote images being chosen over the local ones we just built with
Complement in CI (any Docker environment using the `containerd` image
store). This problem means that Complement jobs in CI don't actually
test against the code from the PR (since 2026-02-10).
This PR approaches the problem the same way that @AndrewFerr proposed in
https://github.com/element-hq/synapse/pull/18210. This is better than
the alternative listed below as we can just make our code compatible
with whatever image store is being used.
### Problem
Spawning from
https://github.com/element-hq/synapse/pull/19460#discussion_r2818760635
where we found that our Complement jobs in CI don't actually test
against the code from the PR at the moment.
This is caused by a change in Docker Engine 29.0.0:
> `containerd` image store is now the default for **fresh installs**.
This doesn't apply to daemons configured with `userns-remap` (see
[moby#47377](https://github.com/moby/moby/issues/47377)).
>
> *-- 29.0.0 (2025-11-10),
https://docs.docker.com/engine/release-notes/29/#2900*
And our `ubuntu-latest` GitHub runner (`Current runner version:
'2.331.0'`)
[points](https://github.com/actions/runner-images/blob/ubuntu24/20260209.23/images/ubuntu/Ubuntu2404-Readme.md)
to using Docker client/server `29.1.5` 🎯
This Docker version bump happened on
|