dandri/synapse
1
0
Fork 0
mirror of https://github.com/element-hq/synapse.git synced 2026-05-24 13:05:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
25,649 Commits 1,106 Branches 831 Tags
e1a429ae2ec72a3cdb074eec8988813937026e3d
Commit Graph

25649 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Eric Eastwood e1a429ae2e Run lint script to format Complement tests introduced in #19509 (#19636) 
Run `poetry run ./scripts-dev/lint.sh` which exposed some formatted
Complement tests that were introduced in
https://github.com/element-hq/synapse/pull/19509

There is no CI for this so it's easy to miss.
 2026-03-31 11:01:12 -05:00
Quentin Gliech 72711a3329 1.151.0rc1 v1.151.0rc1 2026-03-31 14:24:05 +02:00
Eric Eastwood b0fc0b7a61 Lower the database statement_timeout to 10m (#19604) 
Lower the database `statement_timeout` to 10m

Part of https://github.com/element-hq/backend-internal/issues/223

The `statement_timeout` was first introduced in
https://github.com/matrix-org/synapse/pull/15853 as a great sanity check
starting point (any timeout is better than no timeout).

This idea is spawning from [discussions on
2026-03-16](https://docs.google.com/document/d/12RZKPk3a4__JUSH9wYHODo9rRyKzsHg6BSCAcmqmbOU/edit?tab=t.0#bookmark=id.x9y4kx82lvaj)
about `matrix.org` performance and specifically room event search which
frequently causes long-running transactions that hold up vacuums and
causes things to go wibbly. It was brought up again today in another
`matrix.org` performance [discussion on
2026-03-25](https://docs.google.com/document/d/15h4901gAzGMAol2n1b71OAcesVMNhgQbPNb55xouluw/edit?tab=t.0#bookmark=id.b53a918ntk0j)
and was surprised nothing came of this yet.

### Some things may break

We expect that when/if things break, to add specific overrides where it
matters. For reference, we already have a couple of overrides in the
codebase:

- When using
[`create_index_in_background`](https://github.com/element-hq/synapse/blob/40d35a95e2ce56982f839f2d5f01bdad34e65453/synapse/storage/background_updates.py#L802-L804)
- When [purging
rooms](https://github.com/element-hq/synapse/blob/40d35a95e2ce56982f839f2d5f01bdad34e65453/synapse/storage/databases/main/purge_events.py#L166-L169)


### Going further

Ideally, we could go even further. The `statement_timeout` for any
database query coming from people's HTTP requests should be 60s or less
(or lower, no one wants to wait that long anyway). For now we'll take
this iterative step down to 10m. Another point of reference is that for
example on `matrix.org`, we even time out the whole HTTP request after
180s.

For reference, we also discussed propagating request cancellation to the
database query (cancelling statements when the user goes away) which is
a good additional thing we could do. @sandhose looked into this before
and it is only a recent libpq / Postgres / psycopg3 feature, not
available in psycopg2 (which we currently use). As an example of how
weird cancellation can get, `psql` will spawn a new connection to
`SELECT pg_cancel_backend(<pid>);` when you `Ctrl+C`, see
https://neon.com/blog/ctrl-c-in-psql-gives-me-the-heebie-jeebies


### Pull Request Checklist

<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->

* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
  - Use markdown where necessary, mostly for `code blocks`.
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct (run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
 2026-03-31 14:14:27 +02:00
dependabot[bot] 51aa319463 Bump once_cell from 1.21.3 to 1.21.4 in the patches group (#19623) 
Bumps the patches group with 1 update:
[once_cell](https://github.com/matklad/once_cell).

Updates `once_cell` from 1.21.3 to 1.21.4
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/matklad/once_cell/blob/master/CHANGELOG.md">once_cell's
changelog</a>.</em></p>
<blockquote>
<h2>1.21.4</h2>
<ul>
<li>
<p>Fix unsoundness in <code>OnceCell::wait</code> under
<code>--features=parking_lot</code>, <a
href="https://redirect.github.com/matklad/once_cell/pull/295">#295</a>.</p>
<p>If thread A calls <code>wait</code>, while thread B calls
<code>get_or_try_init(f)</code>, and, furthermore, <code>f</code>
panics,
the <code>wait</code> incorrectly returns and thread A observes
uninitialized memory.</p>
<p>Kudos to <a
href="https://github.com/meng-xu-cs"><code>@​meng-xu-cs</code></a> for a
nice find!</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/matklad/once_cell/commit/80fe900b21f6d76c1a2ed74d3343e8a3a88c46d0"><code>80fe900</code></a>
Merge pull request <a
href="https://redirect.github.com/matklad/once_cell/issues/296">#296</a>
from matklad/matklad/plfix</li>
<li><a
href="https://github.com/matklad/once_cell/commit/a5e09c971c23afb1a3be8ae32794e2dca940ccd4"><code>a5e09c9</code></a>
release 1.21.4</li>
<li><a
href="https://github.com/matklad/once_cell/commit/2426d45d85841879e71a880af543fd3d2be78db1"><code>2426d45</code></a>
Merge pull request <a
href="https://redirect.github.com/matklad/once_cell/issues/295">#295</a>
from matklad/matklad/plfix</li>
<li><a
href="https://github.com/matklad/once_cell/commit/a1441215db85adb6a47b0aa1062d1eea7c5fba65"><code>a144121</code></a>
Merge pull request <a
href="https://redirect.github.com/matklad/once_cell/issues/290">#290</a>
from alexanderkjall/run-tests-with-no-default-features</li>
<li><a
href="https://github.com/matklad/once_cell/commit/232a1a49b55154c0b6f12d662619000efd3aecd8"><code>232a1a4</code></a>
Merge pull request <a
href="https://redirect.github.com/matklad/once_cell/issues/292">#292</a>
from phil-opp/doc-fix</li>
<li><a
href="https://github.com/matklad/once_cell/commit/d31767bbcd33b03ee3360a9112eba41d1b278d3a"><code>d31767b</code></a>
fix OnceCell::wait with features=parking_lot</li>
<li><a
href="https://github.com/matklad/once_cell/commit/28d29ae1c1eb082617efb4eddb6dae3d0c607fdd"><code>28d29ae</code></a>
Fix: <code>sync::OnceCell::try_insert</code> docs should import
<code>sync</code> variant</li>
<li><a
href="https://github.com/matklad/once_cell/commit/0f78fb0d6d6a634fd76548f33fa38b250390e982"><code>0f78fb0</code></a>
make the command 'cargo test --no-default-features' work</li>
<li><a
href="https://github.com/matklad/once_cell/commit/fda60a6c70eb2e25a0c73bf515ec4779df3d2e6c"><code>fda60a6</code></a>
Merge pull request <a
href="https://redirect.github.com/matklad/once_cell/issues/287">#287</a>
from AbeZbm/add-tests</li>
<li><a
href="https://github.com/matklad/once_cell/commit/b5b98c09eb9c95376e150eb6bda8c7637bba5aa4"><code>b5b98c0</code></a>
Add tests for OnceRef</li>
<li>See full diff in <a
href="https://github.com/matklad/once_cell/compare/v1.21.3...v1.21.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=once_cell&package-manager=cargo&previous-version=1.21.3&new-version=1.21.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-31 11:45:52 +00:00
dependabot[bot] 0ac72bc55e Bump phonenumbers from 9.0.25 to 9.0.26 in the minor-and-patches group (#19627) 
Bumps the minor-and-patches group with 1 update:
[phonenumbers](https://github.com/daviddrysdale/python-phonenumbers).

Updates `phonenumbers` from 9.0.25 to 9.0.26
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/07e2c75b1dc1d94c806755e4842410e19cd1e17e"><code>07e2c75</code></a>
Prep for 9.0.26 release</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/55522da42bff8bd7eefd08b17c978971bc60e135"><code>55522da</code></a>
Generated files for metadata</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/8ca762b2309a1df12f2eadf601ce413bf3cd1826"><code>8ca762b</code></a>
Merge metadata changes from upstream 9.0.26</li>
<li>See full diff in <a
href="https://github.com/daviddrysdale/python-phonenumbers/compare/v9.0.25...v9.0.26">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=phonenumbers&package-manager=pip&previous-version=9.0.25&new-version=9.0.26)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-31 11:33:34 +00:00
dependabot[bot] df1752ee79 Bump cryptography from 46.0.5 to 46.0.6 (#19622) 
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5
to 46.0.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>46.0.6 - 2026-03-25</p>
<pre><code>
* **SECURITY ISSUE**: Fixed a bug where name constraints were not
applied
  to peer names during verification when the leaf certificate contains a
wildcard DNS SAN. Ordinary X.509 topologies are not affected by this
bug,
including those used by the Web PKI. Credit to **Oleh Konko (1seal)**
for
  reporting the issue. **CVE-2026-34073**
<p>.. _v46-0-5:<br />
</code></pre></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587"><code>91d7288</code></a>
Cherry-pick <a
href="https://redirect.github.com/pyca/cryptography/issues/14542">#14542</a>
(<a
href="https://redirect.github.com/pyca/cryptography/issues/14543">#14543</a>)</li>
<li>See full diff in <a
href="https://github.com/pyca/cryptography/compare/46.0.5...46.0.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=pip&previous-version=46.0.5&new-version=46.0.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/element-hq/synapse/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-31 10:21:37 +00:00
dependabot[bot] 84b3e5aa24 Bump dorny/paths-filter from 3.0.2 to 4.0.1 (#19625) 
Bumps [dorny/paths-filter](https://github.com/dorny/paths-filter) from
3.0.2 to 4.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dorny/paths-filter/releases">dorny/paths-filter's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Support merge queue by <a
href="https://github.com/masaru-iritani"><code>@​masaru-iritani</code></a>
in <a
href="https://redirect.github.com/dorny/paths-filter/pull/255">dorny/paths-filter#255</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/masaru-iritani"><code>@​masaru-iritani</code></a>
made their first contribution in <a
href="https://redirect.github.com/dorny/paths-filter/pull/255">dorny/paths-filter#255</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dorny/paths-filter/compare/v4.0.0...v4.0.1">https://github.com/dorny/paths-filter/compare/v4.0.0...v4.0.1</a></p>
<h2>v4.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: update action runtime to node24 by <a
href="https://github.com/saschabratton"><code>@​saschabratton</code></a>
in <a
href="https://redirect.github.com/dorny/paths-filter/pull/294">dorny/paths-filter#294</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/saschabratton"><code>@​saschabratton</code></a>
made their first contribution in <a
href="https://redirect.github.com/dorny/paths-filter/pull/294">dorny/paths-filter#294</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dorny/paths-filter/compare/v3.0.3...v4.0.0">https://github.com/dorny/paths-filter/compare/v3.0.3...v4.0.0</a></p>
<h2>v3.0.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Add missing predicate-quantifier by <a
href="https://github.com/wardpeet"><code>@​wardpeet</code></a> in <a
href="https://redirect.github.com/dorny/paths-filter/pull/279">dorny/paths-filter#279</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/wardpeet"><code>@​wardpeet</code></a>
made their first contribution in <a
href="https://redirect.github.com/dorny/paths-filter/pull/279">dorny/paths-filter#279</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dorny/paths-filter/compare/v3...v3.0.3">https://github.com/dorny/paths-filter/compare/v3...v3.0.3</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md">dorny/paths-filter's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v4.0.0</h2>
<ul>
<li><a
href="https://redirect.github.com/dorny/paths-filter/pull/294">Update
action runtime to node24</a></li>
</ul>
<h2>v3.0.3</h2>
<ul>
<li><a
href="https://redirect.github.com/dorny/paths-filter/pull/279">Add
missing predicate-quantifier</a></li>
</ul>
<h2>v3.0.2</h2>
<ul>
<li><a
href="https://redirect.github.com/dorny/paths-filter/pull/224">Add
config parameter for predicate quantifier</a></li>
</ul>
<h2>v3.0.1</h2>
<ul>
<li><a
href="https://redirect.github.com/dorny/paths-filter/pull/133">Compare
base and ref when token is empty</a></li>
</ul>
<h2>v3.0.0</h2>
<ul>
<li><a
href="https://redirect.github.com/dorny/paths-filter/pull/210">Update to
Node.js 20</a></li>
<li><a
href="https://redirect.github.com/dorny/paths-filter/pull/215">Update
all dependencies</a></li>
</ul>
<h2>v2.11.1</h2>
<ul>
<li><a
href="https://redirect.github.com/dorny/paths-filter/pull/167">Update
<code>@​actions/core</code> to v1.10.0 - Fixes warning about deprecated
set-output</a></li>
<li><a
href="https://redirect.github.com/dorny/paths-filter/pull/168">Document
need for pull-requests: read permission</a></li>
<li><a
href="https://redirect.github.com/dorny/paths-filter/pull/164">Updating
to actions/checkout@v3</a></li>
</ul>
<h2>v2.11.0</h2>
<ul>
<li><a
href="https://redirect.github.com/dorny/paths-filter/pull/157">Set
list-files input parameter as not required</a></li>
<li><a
href="https://redirect.github.com/dorny/paths-filter/pull/161">Update
Node.js</a></li>
<li><a
href="https://redirect.github.com/dorny/paths-filter/pull/162">Fix
incorrect handling of Unicode characters in exec()</a></li>
<li><a
href="https://redirect.github.com/dorny/paths-filter/pull/163">Use
Octokit pagination</a></li>
<li><a
href="https://redirect.github.com/dorny/paths-filter/pull/160">Updates
real world links</a></li>
</ul>
<h2>v2.10.2</h2>
<ul>
<li><a href="https://redirect.github.com/dorny/paths-filter/pull/91">Fix
getLocalRef() returns wrong ref</a></li>
</ul>
<h2>v2.10.1</h2>
<ul>
<li><a
href="https://redirect.github.com/dorny/paths-filter/pull/85">Improve
robustness of change detection</a></li>
</ul>
<h2>v2.10.0</h2>
<ul>
<li><a href="https://redirect.github.com/dorny/paths-filter/pull/82">Add
ref input parameter</a></li>
<li><a href="https://redirect.github.com/dorny/paths-filter/pull/83">Fix
change detection in PR when pullRequest.changed_files is
incorrect</a></li>
</ul>
<h2>v2.9.3</h2>
<ul>
<li><a href="https://redirect.github.com/dorny/paths-filter/pull/78">Fix
change detection when base is a tag</a></li>
</ul>
<h2>v2.9.2</h2>
<ul>
<li><a href="https://redirect.github.com/dorny/paths-filter/pull/75">Fix
fetching git history</a></li>
</ul>
<h2>v2.9.1</h2>
<ul>
<li><a href="https://redirect.github.com/dorny/paths-filter/pull/74">Fix
fetching git history + fallback to unshallow repo</a></li>
</ul>
<h2>v2.9.0</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dorny/paths-filter/commit/fbd0ab8f3e69293af611ebaee6363fc25e6d187d"><code>fbd0ab8</code></a>
feat: add merge_group event support</li>
<li><a
href="https://github.com/dorny/paths-filter/commit/efb1da7ce8d89bbc261191e5a2dc1453c3837339"><code>efb1da7</code></a>
feat: add dist/ freshness check to PR workflow</li>
<li><a
href="https://github.com/dorny/paths-filter/commit/d8f7b061b24c30a325ff314b76c37adb05b041ce"><code>d8f7b06</code></a>
Merge pull request <a
href="https://redirect.github.com/dorny/paths-filter/issues/302">#302</a>
from dorny/issue-299</li>
<li><a
href="https://github.com/dorny/paths-filter/commit/addbc147a95845176e1bc013a012fbf1d366389a"><code>addbc14</code></a>
Update README for v4</li>
<li><a
href="https://github.com/dorny/paths-filter/commit/9d7afb8d214ad99e78fbd4247752c4caed2b6e4c"><code>9d7afb8</code></a>
Update CHANGELOG for v4.0.0</li>
<li><a
href="https://github.com/dorny/paths-filter/commit/782470c5d953cae2693d643172b14e01bacb71f3"><code>782470c</code></a>
Merge branch 'releases/v3'</li>
<li><a
href="https://github.com/dorny/paths-filter/commit/d1c1ffe0248fe513906c8e24db8ea791d46f8590"><code>d1c1ffe</code></a>
Update CHANGELOG for v3.0.3</li>
<li><a
href="https://github.com/dorny/paths-filter/commit/ce10459c8b92cd8901166c0a222fbb033ef39365"><code>ce10459</code></a>
Merge pull request <a
href="https://redirect.github.com/dorny/paths-filter/issues/294">#294</a>
from saschabratton/master</li>
<li><a
href="https://github.com/dorny/paths-filter/commit/5f40380c5482e806c81cec080f5192e7234d8fe9"><code>5f40380</code></a>
feat: update action runtime to node24</li>
<li><a
href="https://github.com/dorny/paths-filter/commit/668c092af3649c4b664c54e4b704aa46782f6f7c"><code>668c092</code></a>
Merge pull request <a
href="https://redirect.github.com/dorny/paths-filter/issues/279">#279</a>
from wardpeet/patch-1</li>
<li>Additional commits viewable in <a
href="https://github.com/dorny/paths-filter/compare/de90cc6fb38fc0963ad72b210f1f284cd68cea36...fbd0ab8f3e69293af611ebaee6363fc25e6d187d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dorny/paths-filter&package-manager=github_actions&previous-version=3.0.2&new-version=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-31 10:20:36 +00:00
dependabot[bot] ec4b050bfb Bump requests from 2.32.5 to 2.33.0 (#19610) 
Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.33.0</h2>
<h2>2.33.0 (2026-03-25)</h2>
<p><strong>Announcements</strong></p>
<ul>
<li>📣 Requests is adding inline types. If you have a typed code base
that uses Requests, please take a look at <a
href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>.
Give it a try, and report any gaps or feedback you may have in the
issue. 📣</li>
</ul>
<p><strong>Security</strong></p>
<ul>
<li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now
extracts contents to a non-deterministic location to prevent malicious
file replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Migrated to a PEP 517 build system using setuptools. (<a
href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed an issue where an empty netrc entry could cause malformed
authentication to be applied to Requests on Python 3.11+. (<a
href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Dropped support for Python 3.9 following its end of support. (<a
href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li>
</ul>
<p><strong>Documentation</strong></p>
<ul>
<li>Various typo fixes and doc improvements.</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/M0d3v1"><code>@​M0d3v1</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li>
<li><a href="https://github.com/aminvakil"><code>@​aminvakil</code></a>
made their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li>
<li><a href="https://github.com/E8Price"><code>@​E8Price</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li>
<li><a href="https://github.com/mitre88"><code>@​mitre88</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li>
<li><a href="https://github.com/magsen"><code>@​magsen</code></a> made
their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li>
<li><a
href="https://github.com/Rohan5commit"><code>@​Rohan5commit</code></a>
made their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.33.0 (2026-03-25)</h2>
<p><strong>Announcements</strong></p>
<ul>
<li>📣 Requests is adding inline types. If you have a typed code base
that
uses Requests, please take a look at <a
href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>.
Give it a try, and report
any gaps or feedback you may have in the issue. 📣</li>
</ul>
<p><strong>Security</strong></p>
<ul>
<li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now
extracts
contents to a non-deterministic location to prevent malicious file
replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Migrated to a PEP 517 build system using setuptools. (<a
href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed an issue where an empty netrc entry could cause
malformed authentication to be applied to Requests on
Python 3.11+. (<a
href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Dropped support for Python 3.9 following its end of support. (<a
href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li>
</ul>
<p><strong>Documentation</strong></p>
<ul>
<li>Various typo fixes and doc improvements.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761"><code>bc04dfd</code></a>
v2.33.0</li>
<li><a
href="https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7"><code>66d21cb</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028"><code>8b9bc8f</code></a>
Move badges to top of README (<a
href="https://redirect.github.com/psf/requests/issues/7293">#7293</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286"><code>e331a28</code></a>
Remove unused extraction call (<a
href="https://redirect.github.com/psf/requests/issues/7292">#7292</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29"><code>753fd08</code></a>
docs: fix FAQ grammar in httplib2 example</li>
<li><a
href="https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71"><code>774a0b8</code></a>
docs(socks): same block as other sections</li>
<li><a
href="https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303"><code>9c72a41</code></a>
Bump github/codeql-action from 4.33.0 to 4.34.1</li>
<li><a
href="https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be"><code>ebf7190</code></a>
Bump github/codeql-action from 4.32.0 to 4.33.0</li>
<li><a
href="https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798"><code>0e4ae38</code></a>
docs: exclude Response.is_permanent_redirect from API docs (<a
href="https://redirect.github.com/psf/requests/issues/7244">#7244</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a"><code>d568f47</code></a>
docs: clarify Quickstart POST example (<a
href="https://redirect.github.com/psf/requests/issues/6960">#6960</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/requests/compare/v2.32.5...v2.33.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.32.5&new-version=2.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/element-hq/synapse/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-31 10:09:03 +00:00
dependabot[bot] 90449b915d Bump the minor-and-patches group with 2 updates (#19624) 
Bumps the minor-and-patches group with 2 updates:
[tailscale/github-action](https://github.com/tailscale/github-action)
and [Swatinem/rust-cache](https://github.com/swatinem/rust-cache).

Updates `tailscale/github-action` from 4.1.1 to 4.1.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tailscale/github-action/releases">tailscale/github-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.2</h2>
<h2>What's Changed</h2>
<ul>
<li>.github/workflows: fix check to skip integration test for PRs from
forks by <a
href="https://github.com/mpminardi"><code>@​mpminardi</code></a> in <a
href="https://redirect.github.com/tailscale/github-action/pull/260">tailscale/github-action#260</a></li>
<li>fix: Windows MSI download on self-hosted runners by <a
href="https://github.com/doringeman"><code>@​doringeman</code></a> in <a
href="https://redirect.github.com/tailscale/github-action/pull/259">tailscale/github-action#259</a></li>
<li>Bump actions/checkout from 6.0.1 to 6.0.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tailscale/github-action/pull/265">tailscale/github-action#265</a></li>
<li>Bump actions/setup-node from 6.1.0 to 6.2.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tailscale/github-action/pull/262">tailscale/github-action#262</a></li>
<li><code>fix: add missing parentheses to core.isDebug()</code> by <a
href="https://github.com/git-mracek"><code>@​git-mracek</code></a> in <a
href="https://redirect.github.com/tailscale/github-action/pull/268">tailscale/github-action#268</a></li>
<li>.github/workflows: run integration test if event is a push by <a
href="https://github.com/mpminardi"><code>@​mpminardi</code></a> in <a
href="https://redirect.github.com/tailscale/github-action/pull/270">tailscale/github-action#270</a></li>
<li>store tailscale.tgz and tailscaled.pid in XDG cache/runtime by <a
href="https://github.com/fbrv"><code>@​fbrv</code></a> in <a
href="https://redirect.github.com/tailscale/github-action/pull/273">tailscale/github-action#273</a></li>
<li>action,dist,src: bump default version to 1.94.2 by <a
href="https://github.com/mpminardi"><code>@​mpminardi</code></a> in <a
href="https://redirect.github.com/tailscale/github-action/pull/274">tailscale/github-action#274</a></li>
<li>Bump actions/setup-node from 6.2.0 to 6.3.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tailscale/github-action/pull/269">tailscale/github-action#269</a></li>
<li>Bump <code>@​actions/core</code> from 2.0.1 to 2.0.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tailscale/github-action/pull/258">tailscale/github-action#258</a></li>
<li>Bump <code>@​actions/github</code> from 6.0.1 to 7.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tailscale/github-action/pull/257">tailscale/github-action#257</a></li>
<li>Bump <code>@​actions/tool-cache</code> from 2.0.2 to 3.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tailscale/github-action/pull/256">tailscale/github-action#256</a></li>
<li>Bump <code>@​actions/cache</code> from 5.0.1 to 5.0.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tailscale/github-action/pull/255">tailscale/github-action#255</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/doringeman"><code>@​doringeman</code></a> made
their first contribution in <a
href="https://redirect.github.com/tailscale/github-action/pull/259">tailscale/github-action#259</a></li>
<li><a
href="https://github.com/git-mracek"><code>@​git-mracek</code></a> made
their first contribution in <a
href="https://redirect.github.com/tailscale/github-action/pull/268">tailscale/github-action#268</a></li>
<li><a href="https://github.com/fbrv"><code>@​fbrv</code></a> made their
first contribution in <a
href="https://redirect.github.com/tailscale/github-action/pull/273">tailscale/github-action#273</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tailscale/github-action/compare/v4.1.1...v4.1.2">https://github.com/tailscale/github-action/compare/v4.1.1...v4.1.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/tailscale/github-action/commit/306e68a486fd2350f2bfc3b19fcd143891a4a2d8"><code>306e68a</code></a>
Bump <code>@​actions/cache</code> from 5.0.1 to 5.0.2</li>
<li><a
href="https://github.com/tailscale/github-action/commit/989d9be101606d756046b6c34b8a11541de0157e"><code>989d9be</code></a>
Bump <code>@​actions/tool-cache</code> from 2.0.2 to 3.0.0</li>
<li><a
href="https://github.com/tailscale/github-action/commit/69584d71aecc8128e4b0fd3fd06ff4a8998c6430"><code>69584d7</code></a>
Bump <code>@​actions/github</code> from 6.0.1 to 7.0.0</li>
<li><a
href="https://github.com/tailscale/github-action/commit/cda17d523f21452f46ede1819918ad582662c078"><code>cda17d5</code></a>
Bump <code>@​actions/core</code> from 2.0.1 to 2.0.2</li>
<li><a
href="https://github.com/tailscale/github-action/commit/81231eb3b2a76c9ededb9b95ebde0c0205f609f6"><code>81231eb</code></a>
Bump actions/setup-node from 6.2.0 to 6.3.0</li>
<li><a
href="https://github.com/tailscale/github-action/commit/48c6d0317a1f8ac4c13c0679c2f17adc61ddc827"><code>48c6d03</code></a>
action,dist,src: bump default version to 1.94.2</li>
<li><a
href="https://github.com/tailscale/github-action/commit/cfed5b8999ac8d0ac83e4d12d56f142b96231c2b"><code>cfed5b8</code></a>
store tailscale.tgz and tailscaled.pid in XDG cache/runtime dirs instead
of t...</li>
<li><a
href="https://github.com/tailscale/github-action/commit/31d93e60e2d8b8941c12ec9bd2b58ccc6c6d3f13"><code>31d93e6</code></a>
.github/workflows: run integration test if event is a push</li>
<li><a
href="https://github.com/tailscale/github-action/commit/564fe381c8a09ced277dfc55386a7a00ff064b73"><code>564fe38</code></a>
chore: run make build to resolve linter error</li>
<li><a
href="https://github.com/tailscale/github-action/commit/127daded2689d2b194000d5a363b9754a774986d"><code>127dade</code></a>
<code>fix: add missing parentheses to core.isDebug()</code></li>
<li>Additional commits viewable in <a
href="https://github.com/tailscale/github-action/compare/53acf823325fe9ca47f4cdaa951f90b4b0de5bb9...306e68a486fd2350f2bfc3b19fcd143891a4a2d8">compare
view</a></li>
</ul>
</details>
<br />

Updates `Swatinem/rust-cache` from 2.8.2 to 2.9.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/swatinem/rust-cache/releases">Swatinem/rust-cache's
releases</a>.</em></p>
<blockquote>
<h2>v2.9.1</h2>
<p>Fix regression in hash calculation</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/Swatinem/rust-cache/compare/v2.9.0...v2.9.1">https://github.com/Swatinem/rust-cache/compare/v2.9.0...v2.9.1</a></p>
<h2>v2.9.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add support for running rust-cache commands from within a Nix shell
by <a href="https://github.com/marc0246"><code>@​marc0246</code></a> in
<a
href="https://redirect.github.com/Swatinem/rust-cache/pull/290">Swatinem/rust-cache#290</a></li>
<li>Bump taiki-e/install-action from 2.62.57 to 2.62.60 in the actions
group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/Swatinem/rust-cache/pull/291">Swatinem/rust-cache#291</a></li>
<li>Bump the actions group across 1 directory with 5 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/Swatinem/rust-cache/pull/296">Swatinem/rust-cache#296</a></li>
<li>Bump the prd-major group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/Swatinem/rust-cache/pull/294">Swatinem/rust-cache#294</a></li>
<li>Bump <code>@​types/node</code> from 24.10.1 to 25.0.2 in the
dev-major group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/Swatinem/rust-cache/pull/295">Swatinem/rust-cache#295</a></li>
<li>Consider all installed toolchains in cache key by <a
href="https://github.com/tamird"><code>@​tamird</code></a> in <a
href="https://redirect.github.com/Swatinem/rust-cache/pull/293">Swatinem/rust-cache#293</a></li>
<li>Compare case-insenitively for full cache key match by <a
href="https://github.com/kbriggs"><code>@​kbriggs</code></a> in <a
href="https://redirect.github.com/Swatinem/rust-cache/pull/303">Swatinem/rust-cache#303</a></li>
<li>Migrate to <code>node24</code> runner by <a
href="https://github.com/rhysd"><code>@​rhysd</code></a> in <a
href="https://redirect.github.com/Swatinem/rust-cache/pull/314">Swatinem/rust-cache#314</a></li>
<li>Bump the actions group across 1 directory with 7 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/Swatinem/rust-cache/pull/312">Swatinem/rust-cache#312</a></li>
<li>Bump the prd-minor group across 1 directory with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/Swatinem/rust-cache/pull/307">Swatinem/rust-cache#307</a></li>
<li>Bump <code>@​types/node</code> from 25.0.2 to 25.2.2 in the
dev-minor group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/Swatinem/rust-cache/pull/309">Swatinem/rust-cache#309</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/marc0246"><code>@​marc0246</code></a>
made their first contribution in <a
href="https://redirect.github.com/Swatinem/rust-cache/pull/290">Swatinem/rust-cache#290</a></li>
<li><a href="https://github.com/tamird"><code>@​tamird</code></a> made
their first contribution in <a
href="https://redirect.github.com/Swatinem/rust-cache/pull/293">Swatinem/rust-cache#293</a></li>
<li><a href="https://github.com/kbriggs"><code>@​kbriggs</code></a> made
their first contribution in <a
href="https://redirect.github.com/Swatinem/rust-cache/pull/303">Swatinem/rust-cache#303</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/Swatinem/rust-cache/compare/v2.8.2...v2.9.0">https://github.com/Swatinem/rust-cache/compare/v2.8.2...v2.9.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Swatinem/rust-cache/blob/master/CHANGELOG.md">Swatinem/rust-cache's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>2.9.1</h2>
<ul>
<li>Fix regression in hash calculation</li>
</ul>
<h2>2.9.0</h2>
<ul>
<li>Update to <code>node24</code></li>
<li>Support running from within a <code>nix</code> shell</li>
<li>Consider all installed toolchains for cache key</li>
<li>Use case-insensitive comparison to determine exact cache hit</li>
</ul>
<h2>2.8.2</h2>
<ul>
<li>Don't overwrite env for cargo-metadata call</li>
</ul>
<h2>2.8.1</h2>
<ul>
<li>Set empty <code>CARGO_ENCODED_RUSTFLAGS</code> when retrieving
metadata</li>
<li>Various dependency updates</li>
</ul>
<h2>2.8.0</h2>
<ul>
<li>Add support for <code>warpbuild</code> cache provider</li>
<li>Add new <code>cache-workspace-crates</code> feature</li>
</ul>
<h2>2.7.8</h2>
<ul>
<li>Include CPU arch in the cache key</li>
</ul>
<h2>2.7.7</h2>
<ul>
<li>Also cache <code>cargo install</code> metadata</li>
</ul>
<h2>2.7.6</h2>
<ul>
<li>Allow opting out of caching $CARGO_HOME/bin</li>
<li>Add runner OS in cache key</li>
<li>Adds an option to do lookup-only of the cache</li>
</ul>
<h2>2.7.5</h2>
<ul>
<li>Support Cargo.lock format cargo-lock v4</li>
<li>Only run macOsWorkaround() on macOS</li>
</ul>
<h2>2.7.3</h2>
<ul>
<li>Work around upstream problem that causes cache saving to hang for
minutes.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Swatinem/rust-cache/commit/c19371144df3bb44fab255c43d04cbc2ab54d1c4"><code>c193711</code></a>
2.9.1</li>
<li><a
href="https://github.com/Swatinem/rust-cache/commit/781e8d91ab29deb65464798965e49853f963b561"><code>781e8d9</code></a>
try reverting pipeline change</li>
<li><a
href="https://github.com/Swatinem/rust-cache/commit/3d1fa4654a5786f5537b1d31acd0f35e56de9924"><code>3d1fa46</code></a>
add changelog</li>
<li><a
href="https://github.com/Swatinem/rust-cache/commit/c676846f29d98ff6b0106d3608c7ffd4048af17b"><code>c676846</code></a>
2.9.0</li>
<li><a
href="https://github.com/Swatinem/rust-cache/commit/bf71d02c11df9d5253618f39943e9dd59f7fd5a9"><code>bf71d02</code></a>
bump dependencies and rebuild</li>
<li><a
href="https://github.com/Swatinem/rust-cache/commit/8a02ed5e290d8afc7e587930243f3016b3223f50"><code>8a02ed5</code></a>
Bump <code>@​types/node</code> from 25.0.2 to 25.2.2 in the dev-minor
group (<a
href="https://redirect.github.com/swatinem/rust-cache/issues/309">#309</a>)</li>
<li><a
href="https://github.com/Swatinem/rust-cache/commit/390157d4874246aff722dd7f77e641fcae197678"><code>390157d</code></a>
Bump the prd-minor group across 1 directory with 2 updates (<a
href="https://redirect.github.com/swatinem/rust-cache/issues/307">#307</a>)</li>
<li><a
href="https://github.com/Swatinem/rust-cache/commit/68500c182e89a3f56d9b1de095d7e62f0ea5b8bf"><code>68500c1</code></a>
Bump the actions group across 1 directory with 7 updates (<a
href="https://redirect.github.com/swatinem/rust-cache/issues/312">#312</a>)</li>
<li><a
href="https://github.com/Swatinem/rust-cache/commit/1a8384176d7ed15c323a201c65073983cdb5a5be"><code>1a83841</code></a>
Migrate to <code>node24</code> runner (<a
href="https://redirect.github.com/swatinem/rust-cache/issues/314">#314</a>)</li>
<li><a
href="https://github.com/Swatinem/rust-cache/commit/11da8522bc3856a8fbc565f1d1530989c793d67d"><code>11da852</code></a>
Compare case-insenitively for full cache key match (<a
href="https://redirect.github.com/swatinem/rust-cache/issues/303">#303</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/swatinem/rust-cache/compare/779680da715d629ac1d338a641029a2f4372abb5...c19371144df3bb44fab255c43d04cbc2ab54d1c4">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-31 11:47:55 +02:00
dependabot[bot] 4fc1b92853 Bump actions/download-artifact from 7.0.0 to 8.0.1 (#19626) 
Bumps
[actions/download-artifact](https://github.com/actions/download-artifact)
from 7.0.0 to 8.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/download-artifact/releases">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v8.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Support for CJK characters in the artifact name by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/download-artifact/pull/471">actions/download-artifact#471</a></li>
<li>Add a regression test for artifact name + content-type mismatches by
<a href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a>
in <a
href="https://redirect.github.com/actions/download-artifact/pull/472">actions/download-artifact#472</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v8...v8.0.1">https://github.com/actions/download-artifact/compare/v8...v8.0.1</a></p>
<h2>v8.0.0</h2>
<h2>v8 - What's new</h2>
<blockquote>
<p>[!IMPORTANT]
actions/download-artifact@v8 has been migrated to an ESM module. This
should be transparent to the caller but forks might need to make
significant changes.</p>
</blockquote>
<blockquote>
<p>[!IMPORTANT]
Hash mismatches will now error by default. Users can override this
behavior with a setting change (see below).</p>
</blockquote>
<h3>Direct downloads</h3>
<p>To support direct uploads in <code>actions/upload-artifact</code>,
the action will no longer attempt to unzip all downloaded files.
Instead, the action checks the <code>Content-Type</code> header ahead of
unzipping and skips non-zipped files. Callers wishing to download a
zipped file as-is can also set the new <code>skip-decompress</code>
parameter to <code>true</code>.</p>
<h3>Enforced checks (breaking)</h3>
<p>A previous release introduced digest checks on the download. If a
download hash didn't match the expected hash from the server, the action
would log a warning. Callers can now configure the behavior on mismatch
with the <code>digest-mismatch</code> parameter. To be secure by
default, we are now defaulting the behavior to <code>error</code> which
will fail the workflow run.</p>
<h3>ESM</h3>
<p>To support new versions of the @actions/* packages, we've upgraded
the package to ESM.</p>
<h2>What's Changed</h2>
<ul>
<li>Don't attempt to un-zip non-zipped downloads by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/download-artifact/pull/460">actions/download-artifact#460</a></li>
<li>Add a setting to specify what to do on hash mismatch and default it
to <code>error</code> by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/download-artifact/pull/461">actions/download-artifact#461</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v7...v8.0.0">https://github.com/actions/download-artifact/compare/v7...v8.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/download-artifact/commit/3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c"><code>3e5f45b</code></a>
Add regression tests for CJK characters (<a
href="https://redirect.github.com/actions/download-artifact/issues/471">#471</a>)</li>
<li><a
href="https://github.com/actions/download-artifact/commit/e6d03f67377d4412c7aa56a8e2e4988e6ec479dd"><code>e6d03f6</code></a>
Add a regression test for artifact name + content-type mismatches (<a
href="https://redirect.github.com/actions/download-artifact/issues/472">#472</a>)</li>
<li><a
href="https://github.com/actions/download-artifact/commit/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3"><code>70fc10c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/461">#461</a>
from actions/danwkennedy/digest-mismatch-behavior</li>
<li><a
href="https://github.com/actions/download-artifact/commit/f258da9a506b755b84a09a531814700b86ccfc62"><code>f258da9</code></a>
Add change docs</li>
<li><a
href="https://github.com/actions/download-artifact/commit/ccc058e5fbb0bb2352213eaec3491e117cbc4a5c"><code>ccc058e</code></a>
Fix linting issues</li>
<li><a
href="https://github.com/actions/download-artifact/commit/bd7976ba57ecea96e6f3df575eb922d11a12a9fd"><code>bd7976b</code></a>
Add a setting to specify what to do on hash mismatch and default it to
<code>error</code></li>
<li><a
href="https://github.com/actions/download-artifact/commit/ac21fcf45e0aaee541c0f7030558bdad38d77d6c"><code>ac21fcf</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/460">#460</a>
from actions/danwkennedy/download-no-unzip</li>
<li><a
href="https://github.com/actions/download-artifact/commit/15999bff51058bc7c19b50ebbba518eaef7c26c0"><code>15999bf</code></a>
Add note about package bumps</li>
<li><a
href="https://github.com/actions/download-artifact/commit/974686ed5098c7f9c9289ec946b9058e496a2561"><code>974686e</code></a>
Bump the version to <code>v8</code> and add release notes</li>
<li><a
href="https://github.com/actions/download-artifact/commit/fbe48b1d2756394be4cd4358ed3bc1343b330e75"><code>fbe48b1</code></a>
Update test names to make it clearer what they do</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/download-artifact/compare/37930b1c2abaa49bbe596cd826c3c89aef350131...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/download-artifact&package-manager=github_actions&previous-version=7.0.0&new-version=8.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-31 11:47:08 +02:00
Cadence Ember 582f976d40 Unprefix room_version & encryption from hierarchy API (#19576) 
These seem to work properly in the hierarchy API so I figured I'd
unprefix them and remove the flag requirement. This should [better align
with the
spec](https://spec.matrix.org/latest/client-server-api/#get_matrixclientv1roomsroomidhierarchy_response-200_spacehierarchyroomschunk)
and Matrix v1.15 (via
[MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266)),
which says these properties are available and named like this.

Related to #18731.

This doesn't affect the stability or experimental flags of the room
summary API, just the hierarchy API.
 2026-03-30 21:36:16 -05:00
Travis Ralston 70c6796b98 Increase timeout for policy server requests (#19629) 
This is to accommodate media scanning and checking. Currently, a 3s
timeout means we make 2-5 requests before a media item is successfully
scanned.

Number chosen based on vibes and light real world testing.

Fixes https://github.com/matrix-org/policyserv/issues/108

### Pull Request Checklist

<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->

* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
  - Use markdown where necessary, mostly for `code blocks`.
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct (run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
 2026-03-30 15:11:36 -06:00
Christian González f772fad1cd Fix small comment typo in config output from the demo/start.sh script (#19538) 2026-03-30 11:14:25 -05:00
Erik Johnston 0549307198 Revert "Limit outgoing to_device EDU size to 65536" (#19614) 
Reverts element-hq/synapse#18416


Unfortunately, this causes failures on `/sendToDevice` endpoint in
normal circumstances. If a single user has, say, a hundred devices then
we easily go over the limit. This blocks message sending entirely in
encrypted rooms.

cc @MadLittleMods @MatMaul
 2026-03-27 10:53:16 +00:00
Erik Johnston 539f708f32 Remove redacted_because from internal unsigned. (#19581) 
This is a simplification so that `unsigned` only includes "simple"
values, to make it easier to port to Rust.

Reviewable commit-by-commit

Summary:

1. **Add `recheck` column to `redactions` table**
   
A new boolean `recheck` column (default true) is added to the
`redactions` table. This captures whether a redaction needs its sender
domain checked at read time — required for room v3+ where redactions are
accepted speculatively and later validated. When persisting a new
redaction, `recheck` is set directly from
`event.internal_metadata.need_to_check_redaction()`.
     
It's fine if initially we recheck all redactions, as it only results in
a little more CPU overhead (as we always pull out the redaction event
regardless).
                                                      
2. **Backfill `recheck` via background update**
   
A background update (`redactions_recheck`) backfills the new column for
existing rows by reading `recheck_redaction` from each event's
`internal_metadata` JSON. This avoids loading full event objects by
reading `event_json` directly via a SQL JOIN.
                              
3. **Don't fetch confirmed redaction events from the DB**
                              
Previously, when loading events, Synapse recursively fetched all
redaction events regardless of whether they needed domain rechecking.
Now `_fetch_event_rows` reads the `recheck` column and splits redactions
into two lists:
        - `unconfirmed_redactions` — need fetching and domain validation
- `confirmed_redactions` — already validated, applied directly without
fetching the event
      
This avoids unnecessary DB reads for the common case of
already-confirmed redactions.
4. **Move `redacted_because` population to `EventClientSerializer`**
Previously, `redacted_because` (the full redaction event object) was
stored in `event.unsigned` at DB fetch time, coupling storage-layer code
to client serialization concerns. This is removed from
`_maybe_redact_event_row` and moved into
`EventClientSerializer.serialize_event`, which fetches the redaction
event on demand. The storage layer now only sets
`unsigned["redacted_by"]` (the redaction event ID).
5. **Always use `EventClientSerializer`**
   
The standalone `serialize_event` function was made private
(`_serialize_event`). All external callers — `rest/client/room.py`,
`rest/admin/events.py, appservice/api.py`, and `tests` — were updated to
use `EventClientSerializer.serialize_event` / `serialize_events`,
ensuring
  `redacted_because` is always populated correctly via the serializer.
6. **Batch-fetch redaction events in `serialize_events`**
   
`serialize_events` now collects all `redacted_by` IDs from the event
batch upfront and fetches them in a single `get_events` call, passing
the result as a `redaction_map` to each `serialize_event` call. This
reduces N individual DB round-trips to one when serializing a batch of
events that includes redacted events.

---------

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-26 09:18:08 +00:00
Erik Johnston f545aa4f33 Port RoomVersion to Rust (#19589) 
Principally so that we can share the same room version configuration
between Python and Rust.

For the most part, this is a direct port. Some special handling has had
to go into `KNOWN_ROOM_VERSIONS` so that it can be sensibly shared
between Python and Rust, since we do update it during config parsing.

---------

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-26 09:17:31 +00:00
Eric Eastwood f2b325f86c Demystify and deprecate HomeserverTestCase.pump() (Twisted reactor/clock) (#19602) 
Spawning from
https://github.com/element-hq/synapse/pull/18416#discussion_r2967619735
 2026-03-25 15:33:17 -05:00
dependabot[bot] 40d35a95e2 Bump tokio from 1.49.0 to 1.50.0 (#19596) 2026-03-25 13:21:38 +00:00
Olivier 'reivilibre 6c7e05fe20 Allow Synapse to start up even when discovery fails for an OpenID Connect provider. (#19509) 
Fixes: #8088

Previously we would perform OIDC discovery on startup,
which involves making HTTP requests to the identity provider(s).

If that took a long time, we would block startup.

If that failed, we would crash startup.

This commit:

- makes the loading happen in the background on startup
- makes an error in the 'preload' non-fatal (though it logs at CRITICAL
for visibility)
- adds a templated error page to show on failed redirects (for
unavailable providers), as otherwise you get a JSON response in your
navigator.
- This involves introducing 2 new exception types to mark other
exceptions and keep the error handling fine-grained.

The machinery was already there to load-on-demand the discovery config,
so when the identity provider
comes back up, the discovery is reattempted and login can succeed.

Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
 2026-03-24 17:39:21 +00:00
Mathieu Velten 7fad50fd76 Limit outgoing to_device EDU size to 65536 (#18416) 
If a set of messages exceeds this limit, the messages are split
across several EDUs.

Fix #17035 (should)

There is currently [no official specced limit for
EDUs](https://github.com/matrix-org/matrix-spec/issues/807), but the
consensus seems to be that it would be useful to have one to avoid this
bug by bounding the transaction size.

As a side effect it also limits the size of a single to-device message
to a bit less than 65536.

This should probably be added to the spec similarly to the [message size
limit.](https://spec.matrix.org/v1.14/client-server-api/#size-limits)

Spec PR: https://github.com/matrix-org/matrix-spec/pull/2340

---------

Co-authored-by: mcalinghee <mcalinghee.dev@gmail.com>
Co-authored-by: Eric Eastwood <madlittlemods@gmail.com>
 2026-03-24 11:22:11 -05:00
Quentin Gliech 8c3daff244 Merge branch 'master' into develop 2026-03-24 15:52:46 +01:00
Quentin Gliech 33d47f43e4 1.150.0 v1.150.0 2026-03-24 15:17:23 +01:00
dependabot[bot] 4b19411445 Bump rustls-webpki from 0.103.4 to 0.103.10 (#19594) 2026-03-24 10:20:24 +00:00
dependabot[bot] 57ef7b9192 Bump docker/login-action from 3.7.0 to 4.0.0 (#19597) 2026-03-24 10:17:30 +00:00
dependabot[bot] 71092aa584 Bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (#19598) 2026-03-24 10:17:14 +00:00
dependabot[bot] e0b08da42e Bump docker/build-push-action from 6.19.2 to 7.0.0 (#19599) 2026-03-24 10:16:50 +00:00
dependabot[bot] 963fc9e55a Bump docker/metadata-action from 5.10.0 to 6.0.0 (#19600) 2026-03-24 10:16:28 +00:00
Andrew Morgan 713aa7ebf0 Hide successful, skipped Complement tests in the CI (#19590) 
Co-authored-by: Eric Eastwood <erice@element.io>
 2026-03-23 15:16:23 +00:00
Travis Ralston 40d699b1d4 Stable support for MSC4284 policy servers (#19503) 
Fixes https://github.com/element-hq/synapse/issues/19494

MSC4284 policy servers

This:
* removes the old `/check` (recommendation) support because it's from an
older design. Policy servers should have updated to `/sign` by now. We
also remove optionality around the policy server's public key because it
was only optional to support `/check`.
* supports the stable `m.room.policy` state event and `/sign` endpoints,
falling back to unstable if required. Note the changes between unstable
and stable:
* Stable `/sign` uses errors instead of an empty signatures block to
indicate refusal.
* Stable `m.room.policy` nests the public key in an object with explicit
key algorithm (always ed25519 for now)
* does *not* introduce tests that the above fallback to unstable works.
If it breaks, we're not going to be sad about an early transition. Tests
can be added upon request, though.
* fixes a bug where the policy server was asked to sign policy server
state events (the events were correctly skipped in `is_event_allowed`,
but `ask_policy_server_to_sign_event` didn't do the same).
* fixes a bug where the original event sender's signature can be deleted
if the sending server is the same as the policy server.
* proxies Matrix-shaped errors from the policy server to the
Client-Server API as `SynapseError`s (a new capability of the stable
API).


Membership event handling (from the issue) is expected to be a different
PR due to the size of changes involved (tracked by
https://github.com/element-hq/synapse/issues/19587).



### Pull Request Checklist

<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->

* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
  - Use markdown where necessary, mostly for `code blocks`.
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct (run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))

---------

Co-authored-by: turt2live <1190097+turt2live@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Eric Eastwood <madlittlemods@gmail.com>
 2026-03-20 19:34:26 +00:00
Hugh Nimmo-Smith b4282b82d0 Updates for experimental MSC4388 support (sign-in with QR code) (#19573) 2026-03-20 16:33:43 +00:00
Andrew Morgan 2c412ba24a complement.sh: ensure old complement checkout files are deleted; remove -N wget flag (#19592) 2026-03-20 16:30:03 +00:00
Andrew Morgan 9edbf56969 Prevent sending registration emails if registration is disabled (#19585) 2026-03-19 12:52:40 +00:00
dependabot[bot] f490c49c85 Bump pyasn1 from 0.6.2 to 0.6.3 (#19584) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-19 10:54:04 +00:00
dependabot[bot] 9fe7cbfe7f Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#19565) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-18 19:24:28 +00:00
dependabot[bot] 90697637a8 Bump actions/setup-go from 6.2.0 to 6.3.0 in the minor-and-patches group (#19564) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-18 19:16:14 +00:00
Quentin Gliech edf5ce277a Allow using HTTP/2 over plaintext when introspecting tokens with MAS (#19586) 2026-03-18 19:47:17 +01:00
Travis Ralston 261bfb786f Fix zeroing out remote quarantined media count (#19559) 
Just something I noticed while working on
https://github.com/element-hq/synapse/pull/19558

We start the function by setting `total_media_quarantined` to zero, then
we do work on the `media_ids`, add the number affected, zero it out
(**bug**), do work on `hashes`, add the number of affected rows, then
return `total_media_quarantined`.

### Pull Request Checklist

<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->

* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
  - Use markdown where necessary, mostly for `code blocks`.
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct (run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
 2026-03-18 09:50:09 -06:00
Tulir Asokan 8201e58767 Update and stabilize mutual rooms support (MSC2666) (#19511) 
Updates the error codes to match MSC2666 changes (user ID query param
validation + proper errcode for requesting rooms with self), added the
new `count` field, and stabilized the endpoint.
 2026-03-18 14:29:36 +00:00
Eric Eastwood 3d960d88b3 Add MSC3820 comment context to RoomVersion attributes (#19577) 
Spawning from
https://github.com/element-hq/synapse/pull/19424#discussion_r2855303614
 2026-03-18 07:53:13 -05:00
Olivier 'reivilibre 0d4accb0a6 Remove support for MSC3852: Expose user agent information on Device as the MSC was closed. (#19430) 
Fixes: #14836

Discovered whilst looking at the state of MSCs in Synapse.

---------

Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
 2026-03-17 17:08:04 +00:00
Eric Eastwood d65ef848eb Fix Build and push complement image CI job not having Poetry for complement.sh (#19578) 
 `Build and push complement image`,
https://github.com/element-hq/synapse/actions/runs/23176317296/job/67339146082
```
scripts-dev/complement.sh: line 227: poetry: command not found
```

Follow-up to https://github.com/element-hq/synapse/pull/19523

This regressed in https://github.com/element-hq/synapse/pull/19476


### Testing strategy

1. Visit
https://github.com/element-hq/synapse/actions/workflows/push_complement_image.yml
 1. **Run workflow**:
- **Use workflow from:**
`madlittlemods/fix-complement-push-image-ci-job-poetry`
     - **Branch:** `develop`
 1. Wait for CI to run and pass
2026-03-17 10:51:53 -05:00
Quentin Gliech 7d8e8747ea 1.150.0rc1 v1.150.0rc1 2026-03-17 15:56:55 +01:00
Quentin Gliech 6a63f0dcd7 Migrate dev dependencies to PEP 735 dependency groups (#19490) 
This moves the dev dependencies to PEP 735 dependency groups, to help us
move to standard project metadata, which will help us moving to `uv`
(#19566)

This requires poetry 2.2.0
 2026-03-17 14:45:28 +00:00
Eric Eastwood 8ad7e8af81 Add some light labels to the Processed request logs (#19548) 
It's pretty hard to remember the order of all of these ambiguous
numbers. I assume they're not totally labeled already to cut down on the
length when scanning with your eyes. This just adds a few hints of what
each grouping is.

Spawning from [staring at some Synapse
logs](https://github.com/element-hq/matrix-hosted/issues/10631) and
cross-referencing the Synapse source code over and over.
 2026-03-17 09:43:05 -05:00
Andrew Ferrazzutti 8a6d9a8d45 Admin API docs: use consistent path param syntax (#19307) 
Always use `/<param>` instead of sometimes using `/$param`

### Pull Request Checklist

<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->

* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
  - Use markdown where necessary, mostly for `code blocks`.
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct (run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
 2026-03-17 15:36:07 +01:00
Eric Eastwood c37a5bb4cd Restore localhost/complement-synapse change from #19523 
See https://github.com/element-hq/synapse/pull/19523#discussion_r2944133700
 2026-03-16 22:20:56 -05:00
Eric Eastwood 6254e009bb Fix Build and push complement image CI job pointing to non-existent image (#19523) 

https://github.com/element-hq/synapse/actions/runs/22609655282/job/65509315002#step:8:39
```
Error response from daemon: No such image: complement-synapse:latest
```

Regressed in
https://github.com/element-hq/synapse/pull/19475#discussion_r2823157623
where we updated `complement.sh` to build `localhost/complement-synapse`
instead of `complement-synapse`.
 2026-03-16 21:56:16 -05:00
Olivier 'reivilibre 3aa948c50c When Matrix Authentication Service (MAS) integration is enabled, allow MAS to set the user locked status in Synapse. (#19554) 
Companion PR:
https://github.com/element-hq/matrix-authentication-service/pull/5550
to 1) send this flag
and 2) provision users proactively when their lock status changes.

---

Currently Synapse and MAS have two independent user lock
implementations. This PR makes it so that MAS can push its lock status
to Synapse when 'provisioning' the user.

Having the lock status in Synapse is useful for removing users from the
user directory
when they are locked.

There is otherwise no authentication requirement to have it in Synapse;
the enforcement is done
by MAS at token introspection time.

---------

Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
 2026-03-16 18:27:54 +00:00
dependabot[bot] a71c468b04 Bump the patches group with 2 updates (#19536) 
Bumps the patches group with 2 updates:
[anyhow](https://github.com/dtolnay/anyhow) and
[pyo3-log](https://github.com/vorner/pyo3-log).

Updates `anyhow` from 1.0.101 to 1.0.102
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/anyhow/releases">anyhow's
releases</a>.</em></p>
<blockquote>
<h2>1.0.102</h2>
<ul>
<li>Remove backtrace dependency (<a
href="https://redirect.github.com/dtolnay/anyhow/issues/438">#438</a>,
<a
href="https://redirect.github.com/dtolnay/anyhow/issues/439">#439</a>,
<a
href="https://redirect.github.com/dtolnay/anyhow/issues/440">#440</a>,
<a
href="https://redirect.github.com/dtolnay/anyhow/issues/441">#441</a>,
<a
href="https://redirect.github.com/dtolnay/anyhow/issues/442">#442</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dtolnay/anyhow/commit/5c657b32522023a9f7ef883fb08582fd8e656b1a"><code>5c657b3</code></a>
Release 1.0.102</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/e737fb63918e8c71a3d0a968004a9c7ed7942283"><code>e737fb6</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/anyhow/issues/442">#442</a>
from dtolnay/backtrace</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/7fe62b51c62804f8b84443affeacfb3810ed2516"><code>7fe62b5</code></a>
Further simply backtrace conditional compilation</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/c8cb5cae23e57a2dbb87bf05cba04f1df1f1660b"><code>c8cb5ca</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/anyhow/issues/441">#441</a>
from dtolnay/backtrace</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/de27df7e0f510d543c18e50a0736566b66e62baf"><code>de27df7</code></a>
Delete CI use of --features=backtrace</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/9b67e5dd608658d805640cf1b6f6c9d091686ec1"><code>9b67e5d</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/anyhow/issues/440">#440</a>
from dtolnay/backtrace</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/efdb11a259ca58a2e505ef50486cf2d6b5ddc42a"><code>efdb11a</code></a>
Simplify <code>std_backtrace</code> conditional code</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/b8a9a707838969721a86b28e3c45ce27e279e981"><code>b8a9a70</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/anyhow/issues/439">#439</a>
from dtolnay/backtrace</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/a42fc2c21846ba459df43a3f8b4996a2074909cb"><code>a42fc2c</code></a>
Remove <code>feature = &quot;backtrace&quot;</code> conditional
code</li>
<li><a
href="https://github.com/dtolnay/anyhow/commit/2a2a3ceb4cbc409fd99613ab5744b21e825e7908"><code>2a2a3ce</code></a>
Re-word backtrace feature comment</li>
<li>Additional commits viewable in <a
href="https://github.com/dtolnay/anyhow/compare/1.0.101...1.0.102">compare
view</a></li>
</ul>
</details>
<br />

Updates `pyo3-log` from 0.13.2 to 0.13.3
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vorner/pyo3-log/blob/main/CHANGELOG.md">pyo3-log's
changelog</a>.</em></p>
<blockquote>
<h1>0.13.3</h1>
<ul>
<li>Support for pyo3 0.28 (<a
href="https://redirect.github.com/vorner/pyo3-log/issues/75">#75</a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vorner/pyo3-log/commit/a188f81c37844a0543410707296d79fe6b32cdf5"><code>a188f81</code></a>
Release 0.13.3</li>
<li><a
href="https://github.com/vorner/pyo3-log/commit/3217bc89497492167ceae9f2f35e04acd889ec48"><code>3217bc8</code></a>
Bump pyo3 to 0.28 (<a
href="https://redirect.github.com/vorner/pyo3-log/issues/75">#75</a>)</li>
<li>See full diff in <a
href="https://github.com/vorner/pyo3-log/compare/v0.13.2...v0.13.3">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 17:52:13 +00:00
dependabot[bot] cdd261b1c6 Bump pyopenssl from 25.3.0 to 26.0.0 (#19574) 
Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 25.3.0 to
26.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst">pyopenssl's
changelog</a>.</em></p>
<blockquote>
<h2>26.0.0 (2026-03-15)</h2>
<p>Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^</p>
<ul>
<li>Dropped support for Python 3.7.</li>
<li>The minimum <code>cryptography</code> version is now 46.0.0.</li>
</ul>
<p>Deprecations:
^^^^^^^^^^^^^</p>
<p>Changes:
^^^^^^^^</p>
<ul>
<li>Added support for using aws-lc instead of OpenSSL.</li>
<li>Properly raise an error if a DTLS cookie callback returned a cookie
longer than <code>DTLS1_COOKIE_LENGTH</code> bytes. Previously this
would result in a buffer-overflow. Credit to <strong>dark_haxor</strong>
for reporting the issue. <strong>CVE-2026-27459</strong></li>
<li>Added <code>OpenSSL.SSL.Connection.get_group_name</code> to
determine which group name was negotiated.</li>
<li><code>Context.set_tlsext_servername_callback</code> now handles
exceptions raised in the callback by calling <code>sys.excepthook</code>
and returning a fatal TLS alert. Previously, exceptions were silently
swallowed and the handshake would proceed as if the callback had
succeeded. Credit to <strong>Leury Castillo</strong> for reporting this
issue. <strong>CVE-2026-27448</strong></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3"><code>358cbf2</code></a>
Prepare for 26.0.0 release (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1487">#1487</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b"><code>a8d28e7</code></a>
Bump actions/cache from 4 to 5 (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1486">#1486</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e"><code>6fefff0</code></a>
Add aws-lc compatibility to tests and CI (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1476">#1476</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75"><code>a739f96</code></a>
Bump actions/download-artifact from 8.0.0 to 8.0.1 (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1485">#1485</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a"><code>8b4c66b</code></a>
Bump actions/upload-artifact in /.github/actions/upload-coverage (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1484">#1484</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64"><code>02a5c78</code></a>
Bump actions/upload-artifact from 6.0.0 to 7.0.0 (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1483">#1483</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443"><code>d973387</code></a>
Bump actions/download-artifact from 7.0.0 to 8.0.0 (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1482">#1482</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"><code>57f09bb</code></a>
Fix buffer overflow in DTLS cookie generation callback (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1479">#1479</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0"><code>d41a814</code></a>
Handle exceptions in set_tlsext_servername_callback callbacks (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1478">#1478</a>)</li>
<li><a
href="https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3"><code>7b29beb</code></a>
Fix not using a cryptography wheel on uv (<a
href="https://redirect.github.com/pyca/pyopenssl/issues/1475">#1475</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyopenssl&package-manager=pip&previous-version=25.3.0&new-version=26.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/element-hq/synapse/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 17:35:35 +00:00