mirror of
https://github.com/element-hq/synapse.git
synced 2026-05-18 03:16:08 +00:00
edfcb539cac06ce5cd732fdcf26ea385fd932169
25663 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 Eric Eastwood
|
edfcb539ca | Align existing test | ||
|
Eric Eastwood
|
154b41d0fe | Add tests | ||
|
Eric Eastwood
|
ff5402f414 |
Fix condition
See https://github.com/element-hq/synapse/pull/19644#discussion_r3030326143 Example test failure: ```shell $ SYNAPSE_TEST_LOG_LEVEL=INFO poetry run trial tests.handlers.test_sync.SyncTestCase_state.test_wait_for_invalid_future_sync_token_ROOM tests.handlers.test_sync SyncTestCase_state test_wait_for_invalid_future_sync_token_ROOM ... [FAIL] =============================================================================== [FAIL] Traceback (most recent call last): File "/home/eric/.cache/pypoetry/virtualenvs/matrix-synapse-xCtC9ulO-py3.14/lib/python3.14/site-packages/parameterized/parameterized.py", line 620, in standalone_func return func(*(a + p.args), **p.kwargs, **kw) File "/home/eric/Documents/github/element/synapse/tests/handlers/test_sync.py", line 1115, in test_wait_for_invalid_future_sync_token self.get_success(sync_d) File "/home/eric/Documents/github/element/synapse/tests/unittest.py", line 742, in get_success return self.successResultOf(deferred) File "/home/eric/.cache/pypoetry/virtualenvs/matrix-synapse-xCtC9ulO-py3.14/lib/python3.14/site-packages/twisted/trial/_synctest.py", line 723, in successResultOf self.fail( twisted.trial.unittest.FailTest: Success result expected on <Deferred at 0x7f7579165b50>, found no result instead tests.handlers.test_sync.SyncTestCase_state.test_wait_for_invalid_future_sync_token_ROOM ------------------------------------------------------------------------------- Ran 1 tests in 0.163s FAILED (failures=1) ``` |
||
|
Eric Eastwood
|
4ba64fc35a | Explain intentional scenario | ||
|
Eric Eastwood
|
22d879c404 | Add changelog | ||
|
Eric Eastwood
|
2945a02006 | Better explain | ||
|
Eric Eastwood
|
03e5f47bf4 | Revert stray changes | ||
|
Eric Eastwood
|
f61d795c3d |
Separate out bounding
Previously, we would wait for the bounded token and then still use the unbounded `since_token` for all of the queries (flawed). |
||
|
Eric Eastwood
|
6eda7661cd | More refinement | ||
|
Eric Eastwood
|
dc3d205ffc |
Better wait_for_multi_writer_stream_token
|
||
|
Eric Eastwood
|
2bdafecfea |
Start of wait_for_multi_writer_stream_token
|
||
|
Neil Johnson
|
62f23fed27 |
include workaround for macos (#19615)
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> |
||
|
dependabot[bot]
|
cb6989514e |
Bump pygments from 2.19.2 to 2.20.0 (#19632)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Eric Eastwood
|
2e9b8202f0 |
Document context for why increase timeout for policy server requests (#19633)
See https://github.com/element-hq/synapse/pull/19629#discussion_r3011377886 |
||
|
Eric Eastwood
|
e1a429ae2e |
Run lint script to format Complement tests introduced in #19509 (#19636)
Run `poetry run ./scripts-dev/lint.sh` which exposed some formatted Complement tests that were introduced in https://github.com/element-hq/synapse/pull/19509 There is no CI for this so it's easy to miss. |
||
|
Quentin Gliech
|
72711a3329 | 1.151.0rc1 v1.151.0rc1 | ||
|
Eric Eastwood
|
b0fc0b7a61 |
Lower the database statement_timeout to 10m (#19604)
Lower the database `statement_timeout` to 10m Part of https://github.com/element-hq/backend-internal/issues/223 The `statement_timeout` was first introduced in https://github.com/matrix-org/synapse/pull/15853 as a great sanity check starting point (any timeout is better than no timeout). This idea is spawning from [discussions on 2026-03-16](https://docs.google.com/document/d/12RZKPk3a4__JUSH9wYHODo9rRyKzsHg6BSCAcmqmbOU/edit?tab=t.0#bookmark=id.x9y4kx82lvaj) about `matrix.org` performance and specifically room event search which frequently causes long-running transactions that hold up vacuums and causes things to go wibbly. It was brought up again today in another `matrix.org` performance [discussion on 2026-03-25](https://docs.google.com/document/d/15h4901gAzGMAol2n1b71OAcesVMNhgQbPNb55xouluw/edit?tab=t.0#bookmark=id.b53a918ntk0j) and was surprised nothing came of this yet. ### Some things may break We expect that when/if things break, to add specific overrides where it matters. For reference, we already have a couple of overrides in the codebase: - When using [`create_index_in_background`](https://github.com/element-hq/synapse/blob/40d35a95e2ce56982f839f2d5f01bdad34e65453/synapse/storage/background_updates.py#L802-L804) - When [purging rooms](https://github.com/element-hq/synapse/blob/40d35a95e2ce56982f839f2d5f01bdad34e65453/synapse/storage/databases/main/purge_events.py#L166-L169) ### Going further Ideally, we could go even further. The `statement_timeout` for any database query coming from people's HTTP requests should be 60s or less (or lower, no one wants to wait that long anyway). For now we'll take this iterative step down to 10m. Another point of reference is that for example on `matrix.org`, we even time out the whole HTTP request after 180s. For reference, we also discussed propagating request cancellation to the database query (cancelling statements when the user goes away) which is a good additional thing we could do. @sandhose looked into this before and it is only a recent libpq / Postgres / psycopg3 feature, not available in psycopg2 (which we currently use). As an example of how weird cancellation can get, `psql` will spawn a new connection to `SELECT pg_cancel_backend(<pid>);` when you `Ctrl+C`, see https://neon.com/blog/ctrl-c-in-psql-gives-me-the-heebie-jeebies ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) |
||
|
dependabot[bot]
|
51aa319463 |
Bump once_cell from 1.21.3 to 1.21.4 in the patches group (#19623)
Bumps the patches group with 1 update: [once_cell](https://github.com/matklad/once_cell). Updates `once_cell` from 1.21.3 to 1.21.4 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/matklad/once_cell/blob/master/CHANGELOG.md">once_cell's changelog</a>.</em></p> <blockquote> <h2>1.21.4</h2> <ul> <li> <p>Fix unsoundness in <code>OnceCell::wait</code> under <code>--features=parking_lot</code>, <a href="https://redirect.github.com/matklad/once_cell/pull/295">#295</a>.</p> <p>If thread A calls <code>wait</code>, while thread B calls <code>get_or_try_init(f)</code>, and, furthermore, <code>f</code> panics, the <code>wait</code> incorrectly returns and thread A observes uninitialized memory.</p> <p>Kudos to <a href="https://github.com/meng-xu-cs"><code>@meng-xu-cs</code></a> for a nice find!</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/matklad/once_cell/commit/80fe900b21f6d76c1a2ed74d3343e8a3a88c46d0"><code>80fe900</code></a> Merge pull request <a href="https://redirect.github.com/matklad/once_cell/issues/296">#296</a> from matklad/matklad/plfix</li> <li><a href="https://github.com/matklad/once_cell/commit/a5e09c971c23afb1a3be8ae32794e2dca940ccd4"><code>a5e09c9</code></a> release 1.21.4</li> <li><a href="https://github.com/matklad/once_cell/commit/2426d45d85841879e71a880af543fd3d2be78db1"><code>2426d45</code></a> Merge pull request <a href="https://redirect.github.com/matklad/once_cell/issues/295">#295</a> from matklad/matklad/plfix</li> <li><a href="https://github.com/matklad/once_cell/commit/a1441215db85adb6a47b0aa1062d1eea7c5fba65"><code>a144121</code></a> Merge pull request <a href="https://redirect.github.com/matklad/once_cell/issues/290">#290</a> from alexanderkjall/run-tests-with-no-default-features</li> <li><a href="https://github.com/matklad/once_cell/commit/232a1a49b55154c0b6f12d662619000efd3aecd8"><code>232a1a4</code></a> Merge pull request <a href="https://redirect.github.com/matklad/once_cell/issues/292">#292</a> from phil-opp/doc-fix</li> <li><a href="https://github.com/matklad/once_cell/commit/d31767bbcd33b03ee3360a9112eba41d1b278d3a"><code>d31767b</code></a> fix OnceCell::wait with features=parking_lot</li> <li><a href="https://github.com/matklad/once_cell/commit/28d29ae1c1eb082617efb4eddb6dae3d0c607fdd"><code>28d29ae</code></a> Fix: <code>sync::OnceCell::try_insert</code> docs should import <code>sync</code> variant</li> <li><a href="https://github.com/matklad/once_cell/commit/0f78fb0d6d6a634fd76548f33fa38b250390e982"><code>0f78fb0</code></a> make the command 'cargo test --no-default-features' work</li> <li><a href="https://github.com/matklad/once_cell/commit/fda60a6c70eb2e25a0c73bf515ec4779df3d2e6c"><code>fda60a6</code></a> Merge pull request <a href="https://redirect.github.com/matklad/once_cell/issues/287">#287</a> from AbeZbm/add-tests</li> <li><a href="https://github.com/matklad/once_cell/commit/b5b98c09eb9c95376e150eb6bda8c7637bba5aa4"><code>b5b98c0</code></a> Add tests for OnceRef</li> <li>See full diff in <a href="https://github.com/matklad/once_cell/compare/v1.21.3...v1.21.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
0ac72bc55e |
Bump phonenumbers from 9.0.25 to 9.0.26 in the minor-and-patches group (#19627)
Bumps the minor-and-patches group with 1 update: [phonenumbers](https://github.com/daviddrysdale/python-phonenumbers). Updates `phonenumbers` from 9.0.25 to 9.0.26 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/07e2c75b1dc1d94c806755e4842410e19cd1e17e"><code>07e2c75</code></a> Prep for 9.0.26 release</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/55522da42bff8bd7eefd08b17c978971bc60e135"><code>55522da</code></a> Generated files for metadata</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/8ca762b2309a1df12f2eadf601ce413bf3cd1826"><code>8ca762b</code></a> Merge metadata changes from upstream 9.0.26</li> <li>See full diff in <a href="https://github.com/daviddrysdale/python-phonenumbers/compare/v9.0.25...v9.0.26">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
df1752ee79 |
Bump cryptography from 46.0.5 to 46.0.6 (#19622)
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>46.0.6 - 2026-03-25</p> <pre><code> * **SECURITY ISSUE**: Fixed a bug where name constraints were not applied to peer names during verification when the leaf certificate contains a wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug, including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for reporting the issue. **CVE-2026-34073** <p>.. _v46-0-5:<br /> </code></pre></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587"><code>91d7288</code></a> Cherry-pick <a href="https://redirect.github.com/pyca/cryptography/issues/14542">#14542</a> (<a href="https://redirect.github.com/pyca/cryptography/issues/14543">#14543</a>)</li> <li>See full diff in <a href="https://github.com/pyca/cryptography/compare/46.0.5...46.0.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/element-hq/synapse/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
84b3e5aa24 |
Bump dorny/paths-filter from 3.0.2 to 4.0.1 (#19625)
Bumps [dorny/paths-filter](https://github.com/dorny/paths-filter) from 3.0.2 to 4.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dorny/paths-filter/releases">dorny/paths-filter's releases</a>.</em></p> <blockquote> <h2>v4.0.1</h2> <h2>What's Changed</h2> <ul> <li>Support merge queue by <a href="https://github.com/masaru-iritani"><code>@masaru-iritani</code></a> in <a href="https://redirect.github.com/dorny/paths-filter/pull/255">dorny/paths-filter#255</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/masaru-iritani"><code>@masaru-iritani</code></a> made their first contribution in <a href="https://redirect.github.com/dorny/paths-filter/pull/255">dorny/paths-filter#255</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dorny/paths-filter/compare/v4.0.0...v4.0.1">https://github.com/dorny/paths-filter/compare/v4.0.0...v4.0.1</a></p> <h2>v4.0.0</h2> <h2>What's Changed</h2> <ul> <li>feat: update action runtime to node24 by <a href="https://github.com/saschabratton"><code>@saschabratton</code></a> in <a href="https://redirect.github.com/dorny/paths-filter/pull/294">dorny/paths-filter#294</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/saschabratton"><code>@saschabratton</code></a> made their first contribution in <a href="https://redirect.github.com/dorny/paths-filter/pull/294">dorny/paths-filter#294</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dorny/paths-filter/compare/v3.0.3...v4.0.0">https://github.com/dorny/paths-filter/compare/v3.0.3...v4.0.0</a></p> <h2>v3.0.3</h2> <h2>What's Changed</h2> <ul> <li>Add missing predicate-quantifier by <a href="https://github.com/wardpeet"><code>@wardpeet</code></a> in <a href="https://redirect.github.com/dorny/paths-filter/pull/279">dorny/paths-filter#279</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/wardpeet"><code>@wardpeet</code></a> made their first contribution in <a href="https://redirect.github.com/dorny/paths-filter/pull/279">dorny/paths-filter#279</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dorny/paths-filter/compare/v3...v3.0.3">https://github.com/dorny/paths-filter/compare/v3...v3.0.3</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md">dorny/paths-filter's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v4.0.0</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/294">Update action runtime to node24</a></li> </ul> <h2>v3.0.3</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/279">Add missing predicate-quantifier</a></li> </ul> <h2>v3.0.2</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/224">Add config parameter for predicate quantifier</a></li> </ul> <h2>v3.0.1</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/133">Compare base and ref when token is empty</a></li> </ul> <h2>v3.0.0</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/210">Update to Node.js 20</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/215">Update all dependencies</a></li> </ul> <h2>v2.11.1</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/167">Update <code>@actions/core</code> to v1.10.0 - Fixes warning about deprecated set-output</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/168">Document need for pull-requests: read permission</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/164">Updating to actions/checkout@v3</a></li> </ul> <h2>v2.11.0</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/157">Set list-files input parameter as not required</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/161">Update Node.js</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/162">Fix incorrect handling of Unicode characters in exec()</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/163">Use Octokit pagination</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/160">Updates real world links</a></li> </ul> <h2>v2.10.2</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/91">Fix getLocalRef() returns wrong ref</a></li> </ul> <h2>v2.10.1</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/85">Improve robustness of change detection</a></li> </ul> <h2>v2.10.0</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/82">Add ref input parameter</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/83">Fix change detection in PR when pullRequest.changed_files is incorrect</a></li> </ul> <h2>v2.9.3</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/78">Fix change detection when base is a tag</a></li> </ul> <h2>v2.9.2</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/75">Fix fetching git history</a></li> </ul> <h2>v2.9.1</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/74">Fix fetching git history + fallback to unshallow repo</a></li> </ul> <h2>v2.9.0</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dorny/paths-filter/commit/fbd0ab8f3e69293af611ebaee6363fc25e6d187d"><code>fbd0ab8</code></a> feat: add merge_group event support</li> <li><a href="https://github.com/dorny/paths-filter/commit/efb1da7ce8d89bbc261191e5a2dc1453c3837339"><code>efb1da7</code></a> feat: add dist/ freshness check to PR workflow</li> <li><a href="https://github.com/dorny/paths-filter/commit/d8f7b061b24c30a325ff314b76c37adb05b041ce"><code>d8f7b06</code></a> Merge pull request <a href="https://redirect.github.com/dorny/paths-filter/issues/302">#302</a> from dorny/issue-299</li> <li><a href="https://github.com/dorny/paths-filter/commit/addbc147a95845176e1bc013a012fbf1d366389a"><code>addbc14</code></a> Update README for v4</li> <li><a href="https://github.com/dorny/paths-filter/commit/9d7afb8d214ad99e78fbd4247752c4caed2b6e4c"><code>9d7afb8</code></a> Update CHANGELOG for v4.0.0</li> <li><a href="https://github.com/dorny/paths-filter/commit/782470c5d953cae2693d643172b14e01bacb71f3"><code>782470c</code></a> Merge branch 'releases/v3'</li> <li><a href="https://github.com/dorny/paths-filter/commit/d1c1ffe0248fe513906c8e24db8ea791d46f8590"><code>d1c1ffe</code></a> Update CHANGELOG for v3.0.3</li> <li><a href="https://github.com/dorny/paths-filter/commit/ce10459c8b92cd8901166c0a222fbb033ef39365"><code>ce10459</code></a> Merge pull request <a href="https://redirect.github.com/dorny/paths-filter/issues/294">#294</a> from saschabratton/master</li> <li><a href="https://github.com/dorny/paths-filter/commit/5f40380c5482e806c81cec080f5192e7234d8fe9"><code>5f40380</code></a> feat: update action runtime to node24</li> <li><a href="https://github.com/dorny/paths-filter/commit/668c092af3649c4b664c54e4b704aa46782f6f7c"><code>668c092</code></a> Merge pull request <a href="https://redirect.github.com/dorny/paths-filter/issues/279">#279</a> from wardpeet/patch-1</li> <li>Additional commits viewable in <a href="https://github.com/dorny/paths-filter/compare/de90cc6fb38fc0963ad72b210f1f284cd68cea36...fbd0ab8f3e69293af611ebaee6363fc25e6d187d">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
ec4b050bfb |
Bump requests from 2.32.5 to 2.33.0 (#19610)
Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.33.0</h2> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/M0d3v1"><code>@M0d3v1</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li> <li><a href="https://github.com/aminvakil"><code>@aminvakil</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li> <li><a href="https://github.com/E8Price"><code>@E8Price</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li> <li><a href="https://github.com/mitre88"><code>@mitre88</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li> <li><a href="https://github.com/magsen"><code>@magsen</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li> <li><a href="https://github.com/Rohan5commit"><code>@Rohan5commit</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761"><code>bc04dfd</code></a> v2.33.0</li> <li><a href="https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7"><code>66d21cb</code></a> Merge commit from fork</li> <li><a href="https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028"><code>8b9bc8f</code></a> Move badges to top of README (<a href="https://redirect.github.com/psf/requests/issues/7293">#7293</a>)</li> <li><a href="https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286"><code>e331a28</code></a> Remove unused extraction call (<a href="https://redirect.github.com/psf/requests/issues/7292">#7292</a>)</li> <li><a href="https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29"><code>753fd08</code></a> docs: fix FAQ grammar in httplib2 example</li> <li><a href="https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71"><code>774a0b8</code></a> docs(socks): same block as other sections</li> <li><a href="https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303"><code>9c72a41</code></a> Bump github/codeql-action from 4.33.0 to 4.34.1</li> <li><a href="https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be"><code>ebf7190</code></a> Bump github/codeql-action from 4.32.0 to 4.33.0</li> <li><a href="https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798"><code>0e4ae38</code></a> docs: exclude Response.is_permanent_redirect from API docs (<a href="https://redirect.github.com/psf/requests/issues/7244">#7244</a>)</li> <li><a href="https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a"><code>d568f47</code></a> docs: clarify Quickstart POST example (<a href="https://redirect.github.com/psf/requests/issues/6960">#6960</a>)</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.32.5...v2.33.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/element-hq/synapse/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
90449b915d |
Bump the minor-and-patches group with 2 updates (#19624)
Bumps the minor-and-patches group with 2 updates: [tailscale/github-action](https://github.com/tailscale/github-action) and [Swatinem/rust-cache](https://github.com/swatinem/rust-cache). Updates `tailscale/github-action` from 4.1.1 to 4.1.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tailscale/github-action/releases">tailscale/github-action's releases</a>.</em></p> <blockquote> <h2>v4.1.2</h2> <h2>What's Changed</h2> <ul> <li>.github/workflows: fix check to skip integration test for PRs from forks by <a href="https://github.com/mpminardi"><code>@mpminardi</code></a> in <a href="https://redirect.github.com/tailscale/github-action/pull/260">tailscale/github-action#260</a></li> <li>fix: Windows MSI download on self-hosted runners by <a href="https://github.com/doringeman"><code>@doringeman</code></a> in <a href="https://redirect.github.com/tailscale/github-action/pull/259">tailscale/github-action#259</a></li> <li>Bump actions/checkout from 6.0.1 to 6.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tailscale/github-action/pull/265">tailscale/github-action#265</a></li> <li>Bump actions/setup-node from 6.1.0 to 6.2.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tailscale/github-action/pull/262">tailscale/github-action#262</a></li> <li><code>fix: add missing parentheses to core.isDebug()</code> by <a href="https://github.com/git-mracek"><code>@git-mracek</code></a> in <a href="https://redirect.github.com/tailscale/github-action/pull/268">tailscale/github-action#268</a></li> <li>.github/workflows: run integration test if event is a push by <a href="https://github.com/mpminardi"><code>@mpminardi</code></a> in <a href="https://redirect.github.com/tailscale/github-action/pull/270">tailscale/github-action#270</a></li> <li>store tailscale.tgz and tailscaled.pid in XDG cache/runtime by <a href="https://github.com/fbrv"><code>@fbrv</code></a> in <a href="https://redirect.github.com/tailscale/github-action/pull/273">tailscale/github-action#273</a></li> <li>action,dist,src: bump default version to 1.94.2 by <a href="https://github.com/mpminardi"><code>@mpminardi</code></a> in <a href="https://redirect.github.com/tailscale/github-action/pull/274">tailscale/github-action#274</a></li> <li>Bump actions/setup-node from 6.2.0 to 6.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tailscale/github-action/pull/269">tailscale/github-action#269</a></li> <li>Bump <code>@actions/core</code> from 2.0.1 to 2.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tailscale/github-action/pull/258">tailscale/github-action#258</a></li> <li>Bump <code>@actions/github</code> from 6.0.1 to 7.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tailscale/github-action/pull/257">tailscale/github-action#257</a></li> <li>Bump <code>@actions/tool-cache</code> from 2.0.2 to 3.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tailscale/github-action/pull/256">tailscale/github-action#256</a></li> <li>Bump <code>@actions/cache</code> from 5.0.1 to 5.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tailscale/github-action/pull/255">tailscale/github-action#255</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/doringeman"><code>@doringeman</code></a> made their first contribution in <a href="https://redirect.github.com/tailscale/github-action/pull/259">tailscale/github-action#259</a></li> <li><a href="https://github.com/git-mracek"><code>@git-mracek</code></a> made their first contribution in <a href="https://redirect.github.com/tailscale/github-action/pull/268">tailscale/github-action#268</a></li> <li><a href="https://github.com/fbrv"><code>@fbrv</code></a> made their first contribution in <a href="https://redirect.github.com/tailscale/github-action/pull/273">tailscale/github-action#273</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tailscale/github-action/compare/v4.1.1...v4.1.2">https://github.com/tailscale/github-action/compare/v4.1.1...v4.1.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tailscale/github-action/commit/306e68a486fd2350f2bfc3b19fcd143891a4a2d8"><code>306e68a</code></a> Bump <code>@actions/cache</code> from 5.0.1 to 5.0.2</li> <li><a href="https://github.com/tailscale/github-action/commit/989d9be101606d756046b6c34b8a11541de0157e"><code>989d9be</code></a> Bump <code>@actions/tool-cache</code> from 2.0.2 to 3.0.0</li> <li><a href="https://github.com/tailscale/github-action/commit/69584d71aecc8128e4b0fd3fd06ff4a8998c6430"><code>69584d7</code></a> Bump <code>@actions/github</code> from 6.0.1 to 7.0.0</li> <li><a href="https://github.com/tailscale/github-action/commit/cda17d523f21452f46ede1819918ad582662c078"><code>cda17d5</code></a> Bump <code>@actions/core</code> from 2.0.1 to 2.0.2</li> <li><a href="https://github.com/tailscale/github-action/commit/81231eb3b2a76c9ededb9b95ebde0c0205f609f6"><code>81231eb</code></a> Bump actions/setup-node from 6.2.0 to 6.3.0</li> <li><a href="https://github.com/tailscale/github-action/commit/48c6d0317a1f8ac4c13c0679c2f17adc61ddc827"><code>48c6d03</code></a> action,dist,src: bump default version to 1.94.2</li> <li><a href="https://github.com/tailscale/github-action/commit/cfed5b8999ac8d0ac83e4d12d56f142b96231c2b"><code>cfed5b8</code></a> store tailscale.tgz and tailscaled.pid in XDG cache/runtime dirs instead of t...</li> <li><a href="https://github.com/tailscale/github-action/commit/31d93e60e2d8b8941c12ec9bd2b58ccc6c6d3f13"><code>31d93e6</code></a> .github/workflows: run integration test if event is a push</li> <li><a href="https://github.com/tailscale/github-action/commit/564fe381c8a09ced277dfc55386a7a00ff064b73"><code>564fe38</code></a> chore: run make build to resolve linter error</li> <li><a href="https://github.com/tailscale/github-action/commit/127daded2689d2b194000d5a363b9754a774986d"><code>127dade</code></a> <code>fix: add missing parentheses to core.isDebug()</code></li> <li>Additional commits viewable in <a href="https://github.com/tailscale/github-action/compare/53acf823325fe9ca47f4cdaa951f90b4b0de5bb9...306e68a486fd2350f2bfc3b19fcd143891a4a2d8">compare view</a></li> </ul> </details> <br /> Updates `Swatinem/rust-cache` from 2.8.2 to 2.9.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/swatinem/rust-cache/releases">Swatinem/rust-cache's releases</a>.</em></p> <blockquote> <h2>v2.9.1</h2> <p>Fix regression in hash calculation</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/Swatinem/rust-cache/compare/v2.9.0...v2.9.1">https://github.com/Swatinem/rust-cache/compare/v2.9.0...v2.9.1</a></p> <h2>v2.9.0</h2> <h2>What's Changed</h2> <ul> <li>Add support for running rust-cache commands from within a Nix shell by <a href="https://github.com/marc0246"><code>@marc0246</code></a> in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/290">Swatinem/rust-cache#290</a></li> <li>Bump taiki-e/install-action from 2.62.57 to 2.62.60 in the actions group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/291">Swatinem/rust-cache#291</a></li> <li>Bump the actions group across 1 directory with 5 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/296">Swatinem/rust-cache#296</a></li> <li>Bump the prd-major group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/294">Swatinem/rust-cache#294</a></li> <li>Bump <code>@types/node</code> from 24.10.1 to 25.0.2 in the dev-major group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/295">Swatinem/rust-cache#295</a></li> <li>Consider all installed toolchains in cache key by <a href="https://github.com/tamird"><code>@tamird</code></a> in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/293">Swatinem/rust-cache#293</a></li> <li>Compare case-insenitively for full cache key match by <a href="https://github.com/kbriggs"><code>@kbriggs</code></a> in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/303">Swatinem/rust-cache#303</a></li> <li>Migrate to <code>node24</code> runner by <a href="https://github.com/rhysd"><code>@rhysd</code></a> in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/314">Swatinem/rust-cache#314</a></li> <li>Bump the actions group across 1 directory with 7 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/312">Swatinem/rust-cache#312</a></li> <li>Bump the prd-minor group across 1 directory with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/307">Swatinem/rust-cache#307</a></li> <li>Bump <code>@types/node</code> from 25.0.2 to 25.2.2 in the dev-minor group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/309">Swatinem/rust-cache#309</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/marc0246"><code>@marc0246</code></a> made their first contribution in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/290">Swatinem/rust-cache#290</a></li> <li><a href="https://github.com/tamird"><code>@tamird</code></a> made their first contribution in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/293">Swatinem/rust-cache#293</a></li> <li><a href="https://github.com/kbriggs"><code>@kbriggs</code></a> made their first contribution in <a href="https://redirect.github.com/Swatinem/rust-cache/pull/303">Swatinem/rust-cache#303</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Swatinem/rust-cache/compare/v2.8.2...v2.9.0">https://github.com/Swatinem/rust-cache/compare/v2.8.2...v2.9.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Swatinem/rust-cache/blob/master/CHANGELOG.md">Swatinem/rust-cache's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>2.9.1</h2> <ul> <li>Fix regression in hash calculation</li> </ul> <h2>2.9.0</h2> <ul> <li>Update to <code>node24</code></li> <li>Support running from within a <code>nix</code> shell</li> <li>Consider all installed toolchains for cache key</li> <li>Use case-insensitive comparison to determine exact cache hit</li> </ul> <h2>2.8.2</h2> <ul> <li>Don't overwrite env for cargo-metadata call</li> </ul> <h2>2.8.1</h2> <ul> <li>Set empty <code>CARGO_ENCODED_RUSTFLAGS</code> when retrieving metadata</li> <li>Various dependency updates</li> </ul> <h2>2.8.0</h2> <ul> <li>Add support for <code>warpbuild</code> cache provider</li> <li>Add new <code>cache-workspace-crates</code> feature</li> </ul> <h2>2.7.8</h2> <ul> <li>Include CPU arch in the cache key</li> </ul> <h2>2.7.7</h2> <ul> <li>Also cache <code>cargo install</code> metadata</li> </ul> <h2>2.7.6</h2> <ul> <li>Allow opting out of caching $CARGO_HOME/bin</li> <li>Add runner OS in cache key</li> <li>Adds an option to do lookup-only of the cache</li> </ul> <h2>2.7.5</h2> <ul> <li>Support Cargo.lock format cargo-lock v4</li> <li>Only run macOsWorkaround() on macOS</li> </ul> <h2>2.7.3</h2> <ul> <li>Work around upstream problem that causes cache saving to hang for minutes.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Swatinem/rust-cache/commit/c19371144df3bb44fab255c43d04cbc2ab54d1c4"><code>c193711</code></a> 2.9.1</li> <li><a href="https://github.com/Swatinem/rust-cache/commit/781e8d91ab29deb65464798965e49853f963b561"><code>781e8d9</code></a> try reverting pipeline change</li> <li><a href="https://github.com/Swatinem/rust-cache/commit/3d1fa4654a5786f5537b1d31acd0f35e56de9924"><code>3d1fa46</code></a> add changelog</li> <li><a href="https://github.com/Swatinem/rust-cache/commit/c676846f29d98ff6b0106d3608c7ffd4048af17b"><code>c676846</code></a> 2.9.0</li> <li><a href="https://github.com/Swatinem/rust-cache/commit/bf71d02c11df9d5253618f39943e9dd59f7fd5a9"><code>bf71d02</code></a> bump dependencies and rebuild</li> <li><a href="https://github.com/Swatinem/rust-cache/commit/8a02ed5e290d8afc7e587930243f3016b3223f50"><code>8a02ed5</code></a> Bump <code>@types/node</code> from 25.0.2 to 25.2.2 in the dev-minor group (<a href="https://redirect.github.com/swatinem/rust-cache/issues/309">#309</a>)</li> <li><a href="https://github.com/Swatinem/rust-cache/commit/390157d4874246aff722dd7f77e641fcae197678"><code>390157d</code></a> Bump the prd-minor group across 1 directory with 2 updates (<a href="https://redirect.github.com/swatinem/rust-cache/issues/307">#307</a>)</li> <li><a href="https://github.com/Swatinem/rust-cache/commit/68500c182e89a3f56d9b1de095d7e62f0ea5b8bf"><code>68500c1</code></a> Bump the actions group across 1 directory with 7 updates (<a href="https://redirect.github.com/swatinem/rust-cache/issues/312">#312</a>)</li> <li><a href="https://github.com/Swatinem/rust-cache/commit/1a8384176d7ed15c323a201c65073983cdb5a5be"><code>1a83841</code></a> Migrate to <code>node24</code> runner (<a href="https://redirect.github.com/swatinem/rust-cache/issues/314">#314</a>)</li> <li><a href="https://github.com/Swatinem/rust-cache/commit/11da8522bc3856a8fbc565f1d1530989c793d67d"><code>11da852</code></a> Compare case-insenitively for full cache key match (<a href="https://redirect.github.com/swatinem/rust-cache/issues/303">#303</a>)</li> <li>Additional commits viewable in <a href="https://github.com/swatinem/rust-cache/compare/779680da715d629ac1d338a641029a2f4372abb5...c19371144df3bb44fab255c43d04cbc2ab54d1c4">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
4fc1b92853 |
Bump actions/download-artifact from 7.0.0 to 8.0.1 (#19626)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7.0.0 to 8.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p> <blockquote> <h2>v8.0.1</h2> <h2>What's Changed</h2> <ul> <li>Support for CJK characters in the artifact name by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/471">actions/download-artifact#471</a></li> <li>Add a regression test for artifact name + content-type mismatches by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/472">actions/download-artifact#472</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v8...v8.0.1">https://github.com/actions/download-artifact/compare/v8...v8.0.1</a></p> <h2>v8.0.0</h2> <h2>v8 - What's new</h2> <blockquote> <p>[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.</p> </blockquote> <blockquote> <p>[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).</p> </blockquote> <h3>Direct downloads</h3> <p>To support direct uploads in <code>actions/upload-artifact</code>, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the <code>Content-Type</code> header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new <code>skip-decompress</code> parameter to <code>true</code>.</p> <h3>Enforced checks (breaking)</h3> <p>A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the <code>digest-mismatch</code> parameter. To be secure by default, we are now defaulting the behavior to <code>error</code> which will fail the workflow run.</p> <h3>ESM</h3> <p>To support new versions of the @actions/* packages, we've upgraded the package to ESM.</p> <h2>What's Changed</h2> <ul> <li>Don't attempt to un-zip non-zipped downloads by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/460">actions/download-artifact#460</a></li> <li>Add a setting to specify what to do on hash mismatch and default it to <code>error</code> by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/461">actions/download-artifact#461</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v7...v8.0.0">https://github.com/actions/download-artifact/compare/v7...v8.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/download-artifact/commit/3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c"><code>3e5f45b</code></a> Add regression tests for CJK characters (<a href="https://redirect.github.com/actions/download-artifact/issues/471">#471</a>)</li> <li><a href="https://github.com/actions/download-artifact/commit/e6d03f67377d4412c7aa56a8e2e4988e6ec479dd"><code>e6d03f6</code></a> Add a regression test for artifact name + content-type mismatches (<a href="https://redirect.github.com/actions/download-artifact/issues/472">#472</a>)</li> <li><a href="https://github.com/actions/download-artifact/commit/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3"><code>70fc10c</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/461">#461</a> from actions/danwkennedy/digest-mismatch-behavior</li> <li><a href="https://github.com/actions/download-artifact/commit/f258da9a506b755b84a09a531814700b86ccfc62"><code>f258da9</code></a> Add change docs</li> <li><a href="https://github.com/actions/download-artifact/commit/ccc058e5fbb0bb2352213eaec3491e117cbc4a5c"><code>ccc058e</code></a> Fix linting issues</li> <li><a href="https://github.com/actions/download-artifact/commit/bd7976ba57ecea96e6f3df575eb922d11a12a9fd"><code>bd7976b</code></a> Add a setting to specify what to do on hash mismatch and default it to <code>error</code></li> <li><a href="https://github.com/actions/download-artifact/commit/ac21fcf45e0aaee541c0f7030558bdad38d77d6c"><code>ac21fcf</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/460">#460</a> from actions/danwkennedy/download-no-unzip</li> <li><a href="https://github.com/actions/download-artifact/commit/15999bff51058bc7c19b50ebbba518eaef7c26c0"><code>15999bf</code></a> Add note about package bumps</li> <li><a href="https://github.com/actions/download-artifact/commit/974686ed5098c7f9c9289ec946b9058e496a2561"><code>974686e</code></a> Bump the version to <code>v8</code> and add release notes</li> <li><a href="https://github.com/actions/download-artifact/commit/fbe48b1d2756394be4cd4358ed3bc1343b330e75"><code>fbe48b1</code></a> Update test names to make it clearer what they do</li> <li>Additional commits viewable in <a href="https://github.com/actions/download-artifact/compare/37930b1c2abaa49bbe596cd826c3c89aef350131...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Cadence Ember
|
582f976d40 |
Unprefix room_version & encryption from hierarchy API (#19576)
These seem to work properly in the hierarchy API so I figured I'd unprefix them and remove the flag requirement. This should [better align with the spec](https://spec.matrix.org/latest/client-server-api/#get_matrixclientv1roomsroomidhierarchy_response-200_spacehierarchyroomschunk) and Matrix v1.15 (via [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266)), which says these properties are available and named like this. Related to #18731. This doesn't affect the stability or experimental flags of the room summary API, just the hierarchy API. |
||
|
Travis Ralston
|
70c6796b98 |
Increase timeout for policy server requests (#19629)
This is to accommodate media scanning and checking. Currently, a 3s timeout means we make 2-5 requests before a media item is successfully scanned. Number chosen based on vibes and light real world testing. Fixes https://github.com/matrix-org/policyserv/issues/108 ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) |
||
|
Christian González
|
f772fad1cd |
Fix small comment typo in config output from the demo/start.sh script (#19538)
|
||
|
Erik Johnston
|
0549307198 |
Revert "Limit outgoing to_device EDU size to 65536" (#19614)
Reverts element-hq/synapse#18416 Unfortunately, this causes failures on `/sendToDevice` endpoint in normal circumstances. If a single user has, say, a hundred devices then we easily go over the limit. This blocks message sending entirely in encrypted rooms. cc @MadLittleMods @MatMaul |
||
|
Erik Johnston
|
539f708f32 |
Remove redacted_because from internal unsigned. (#19581)
This is a simplification so that `unsigned` only includes "simple"
values, to make it easier to port to Rust.
Reviewable commit-by-commit
Summary:
1. **Add `recheck` column to `redactions` table**
A new boolean `recheck` column (default true) is added to the
`redactions` table. This captures whether a redaction needs its sender
domain checked at read time — required for room v3+ where redactions are
accepted speculatively and later validated. When persisting a new
redaction, `recheck` is set directly from
`event.internal_metadata.need_to_check_redaction()`.
It's fine if initially we recheck all redactions, as it only results in
a little more CPU overhead (as we always pull out the redaction event
regardless).
2. **Backfill `recheck` via background update**
A background update (`redactions_recheck`) backfills the new column for
existing rows by reading `recheck_redaction` from each event's
`internal_metadata` JSON. This avoids loading full event objects by
reading `event_json` directly via a SQL JOIN.
3. **Don't fetch confirmed redaction events from the DB**
Previously, when loading events, Synapse recursively fetched all
redaction events regardless of whether they needed domain rechecking.
Now `_fetch_event_rows` reads the `recheck` column and splits redactions
into two lists:
- `unconfirmed_redactions` — need fetching and domain validation
- `confirmed_redactions` — already validated, applied directly without
fetching the event
This avoids unnecessary DB reads for the common case of
already-confirmed redactions.
4. **Move `redacted_because` population to `EventClientSerializer`**
Previously, `redacted_because` (the full redaction event object) was
stored in `event.unsigned` at DB fetch time, coupling storage-layer code
to client serialization concerns. This is removed from
`_maybe_redact_event_row` and moved into
`EventClientSerializer.serialize_event`, which fetches the redaction
event on demand. The storage layer now only sets
`unsigned["redacted_by"]` (the redaction event ID).
5. **Always use `EventClientSerializer`**
The standalone `serialize_event` function was made private
(`_serialize_event`). All external callers — `rest/client/room.py`,
`rest/admin/events.py, appservice/api.py`, and `tests` — were updated to
use `EventClientSerializer.serialize_event` / `serialize_events`,
ensuring
`redacted_because` is always populated correctly via the serializer.
6. **Batch-fetch redaction events in `serialize_events`**
`serialize_events` now collects all `redacted_by` IDs from the event
batch upfront and fetches them in a single `get_events` call, passing
the result as a `redaction_map` to each `serialize_event` call. This
reduces N individual DB round-trips to one when serializing a batch of
events that includes redacted events.
---------
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
||
|
Erik Johnston
|
f545aa4f33 |
Port RoomVersion to Rust (#19589)
Principally so that we can share the same room version configuration between Python and Rust. For the most part, this is a direct port. Some special handling has had to go into `KNOWN_ROOM_VERSIONS` so that it can be sensibly shared between Python and Rust, since we do update it during config parsing. --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Eric Eastwood
|
f2b325f86c |
Demystify and deprecate HomeserverTestCase.pump() (Twisted reactor/clock) (#19602)
Spawning from https://github.com/element-hq/synapse/pull/18416#discussion_r2967619735 |
||
|
dependabot[bot]
|
40d35a95e2 | Bump tokio from 1.49.0 to 1.50.0 (#19596) | ||
|
Olivier 'reivilibre
|
6c7e05fe20 |
Allow Synapse to start up even when discovery fails for an OpenID Connect provider. (#19509)
Fixes: #8088 Previously we would perform OIDC discovery on startup, which involves making HTTP requests to the identity provider(s). If that took a long time, we would block startup. If that failed, we would crash startup. This commit: - makes the loading happen in the background on startup - makes an error in the 'preload' non-fatal (though it logs at CRITICAL for visibility) - adds a templated error page to show on failed redirects (for unavailable providers), as otherwise you get a JSON response in your navigator. - This involves introducing 2 new exception types to mark other exceptions and keep the error handling fine-grained. The machinery was already there to load-on-demand the discovery config, so when the identity provider comes back up, the discovery is reattempted and login can succeed. Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org> |
||
|
Mathieu Velten
|
7fad50fd76 |
Limit outgoing to_device EDU size to 65536 (#18416)
If a set of messages exceeds this limit, the messages are split across several EDUs. Fix #17035 (should) There is currently [no official specced limit for EDUs](https://github.com/matrix-org/matrix-spec/issues/807), but the consensus seems to be that it would be useful to have one to avoid this bug by bounding the transaction size. As a side effect it also limits the size of a single to-device message to a bit less than 65536. This should probably be added to the spec similarly to the [message size limit.](https://spec.matrix.org/v1.14/client-server-api/#size-limits) Spec PR: https://github.com/matrix-org/matrix-spec/pull/2340 --------- Co-authored-by: mcalinghee <mcalinghee.dev@gmail.com> Co-authored-by: Eric Eastwood <madlittlemods@gmail.com> |
||
|
Quentin Gliech
|
8c3daff244 | Merge branch 'master' into develop | ||
|
Quentin Gliech
|
33d47f43e4 | 1.150.0 v1.150.0 | ||
|
dependabot[bot]
|
4b19411445 | Bump rustls-webpki from 0.103.4 to 0.103.10 (#19594) | ||
|
dependabot[bot]
|
57ef7b9192 | Bump docker/login-action from 3.7.0 to 4.0.0 (#19597) | ||
|
dependabot[bot]
|
71092aa584 | Bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (#19598) | ||
|
dependabot[bot]
|
e0b08da42e | Bump docker/build-push-action from 6.19.2 to 7.0.0 (#19599) | ||
|
dependabot[bot]
|
963fc9e55a | Bump docker/metadata-action from 5.10.0 to 6.0.0 (#19600) | ||
|
Andrew Morgan
|
713aa7ebf0 |
Hide successful, skipped Complement tests in the CI (#19590)
Co-authored-by: Eric Eastwood <erice@element.io> |
||
|
Travis Ralston
|
40d699b1d4 |
Stable support for MSC4284 policy servers (#19503)
Fixes https://github.com/element-hq/synapse/issues/19494 MSC4284 policy servers This: * removes the old `/check` (recommendation) support because it's from an older design. Policy servers should have updated to `/sign` by now. We also remove optionality around the policy server's public key because it was only optional to support `/check`. * supports the stable `m.room.policy` state event and `/sign` endpoints, falling back to unstable if required. Note the changes between unstable and stable: * Stable `/sign` uses errors instead of an empty signatures block to indicate refusal. * Stable `m.room.policy` nests the public key in an object with explicit key algorithm (always ed25519 for now) * does *not* introduce tests that the above fallback to unstable works. If it breaks, we're not going to be sad about an early transition. Tests can be added upon request, though. * fixes a bug where the policy server was asked to sign policy server state events (the events were correctly skipped in `is_event_allowed`, but `ask_policy_server_to_sign_event` didn't do the same). * fixes a bug where the original event sender's signature can be deleted if the sending server is the same as the policy server. * proxies Matrix-shaped errors from the policy server to the Client-Server API as `SynapseError`s (a new capability of the stable API). Membership event handling (from the issue) is expected to be a different PR due to the size of changes involved (tracked by https://github.com/element-hq/synapse/issues/19587). ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: turt2live <1190097+turt2live@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: Eric Eastwood <madlittlemods@gmail.com> |
||
|
Hugh Nimmo-Smith
|
b4282b82d0 | Updates for experimental MSC4388 support (sign-in with QR code) (#19573) | ||
|
Andrew Morgan
|
2c412ba24a |
complement.sh: ensure old complement checkout files are deleted; remove -N wget flag (#19592)
|
||
|
Andrew Morgan
|
9edbf56969 | Prevent sending registration emails if registration is disabled (#19585) | ||
|
dependabot[bot]
|
f490c49c85 |
Bump pyasn1 from 0.6.2 to 0.6.3 (#19584)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
9fe7cbfe7f |
Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#19565)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
90697637a8 |
Bump actions/setup-go from 6.2.0 to 6.3.0 in the minor-and-patches group (#19564)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Quentin Gliech
|
edf5ce277a | Allow using HTTP/2 over plaintext when introspecting tokens with MAS (#19586) |