synapse

Author SHA1 Message Date

Author	SHA1	Message	Date
dependabot[bot]	1592afba8d	Bump github.com/docker/docker from 28.2.2+incompatible to 28.3.3+incompatible in /complement (#19436 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 28.2.2+incompatible to 28.3.3+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v28.3.3</h2> <h2>28.3.3</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.3.3">docker/cli, 28.3.3 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.3.3">moby/moby, 28.3.3 milestone</a></li> </ul> <h3>Security</h3> <p>This release fixes an issue where, after a firewalld reload, published container ports could be accessed directly from the local network, even when they were intended to be accessible only via a loopback address. <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54388">CVE-2025-54388</a> / <a href="https://github.com/moby/moby/security/advisories/GHSA-x4rx-4gw3-53p4">GHSA-x4rx-4gw3-53p4</a> / <a href="https://redirect.github.com/moby/moby/pull/50506">moby/moby#50506</a>.</p> <h3>Packaging updates</h3> <ul> <li>Update Buildx to <a href="https://github.com/docker/buildx/releases/tag/v0.26.1">v0.26.1</a>. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/1230">docker/docker-ce-packaging#1230</a></li> <li>Update Compose to <a href="https://github.com/docker/compose/releases/tag/v2.39.1">v2.39.1</a>. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/1234">docker/docker-ce-packaging#1234</a></li> <li>Update Docker Model CLI plugin to <a href="https://github.com/docker/model-cli/releases/tag/v0.1.36">v0.1.36</a>. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/1233">docker/docker-ce-packaging#1233</a></li> </ul> <h3>Go SDK</h3> <ul> <li>cli/command/formatter: add <code>TrunateID()</code> utility as alternative for <code>github.com/docker/docker/pkg/stringid.TrunateID()</code>. <a href="https://redirect.github.com/docker/cli/pull/6180">docker/cli#6180</a></li> </ul> <h2>28.3.2</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.3.2">docker/cli, 28.3.2 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.3.2">moby/moby, 28.3.2 milestone</a></li> <li>Deprecated and removed features, see <a href="https://github.com/docker/cli/blob/v28.3.2/docs/deprecated.md">Deprecated Features</a>.</li> <li>Changes to the Engine API, see <a href="https://github.com/moby/moby/blob/v28.3.2/docs/api/version-history.md">API version history</a>.</li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>Fix <code>--use-api-socket</code> not working correctly when targeting a remote daemon. <a href="https://redirect.github.com/docker/cli/pull/6157">docker/cli#6157</a></li> <li>Fix stray "otel error" logs being printed if debug logging is enabled. <a href="https://redirect.github.com/docker/cli/pull/6160">docker/cli#6160</a></li> <li>Quote SSH arguments when connecting to a remote daemon over an SSH connection to avoid unexpected expansion. <a href="https://redirect.github.com/docker/cli/pull/6147">docker/cli#6147</a></li> <li>Warn when <code>DOCKER_AUTH_CONFIG</code> is set during <code>docker login</code> and <code>docker logout</code>. <a href="https://redirect.github.com/docker/cli/pull/6163">docker/cli#6163</a></li> </ul> <h3>Packaging updates</h3> <ul> <li>Update Compose to <a href="https://github.com/docker/compose/releases/tag/v2.38.2">v2.38.2</a>. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/1225">docker/docker-ce-packaging#1225</a></li> <li>Update Docker Model CLI plugin to <a href="https://github.com/docker/model-cli/releases/tag/v0.1.33">v0.1.33</a>. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/1227">docker/docker-ce-packaging#1227</a></li> <li>Update Go runtime to 1.24.5. <a href="https://redirect.github.com/moby/moby/pull/50354">moby/moby#50354</a></li> </ul> <h2>28.3.1</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.3.1">docker/cli, 28.3.1 milestone</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`bea959c7b7`"><code>bea959c</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/50506">#50506</a> from robmry/backport-28.x/fix_firewalld_reload</li> <li><a href="`3e9ff78b94`"><code>3e9ff78</code></a> bridge: Reapply endpoint iptables rules on firewalld reload</li> <li><a href="`29ed80aa86`"><code>29ed80a</code></a> bridge: Trigger firewalld reload during bridge integration tests</li> <li><a href="`da489a11d4`"><code>da489a1</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/50478">#50478</a> from thaJeztah/28.x_backport_gha_bump_bk</li> <li><a href="`f173e45ae9`"><code>f173e45</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/50480">#50480</a> from austinvazquez/cherry-pick-ea29dffaa541289591aa...</li> <li><a href="`e4b1f89996`"><code>e4b1f89</code></a> daemon/server: remove compatibility with API v1.4 auth-config on push</li> <li><a href="`0c9e14dcce`"><code>0c9e14d</code></a> hack/buildkit-ref: temporarily bump BuildKit to head of v0.23 branch</li> <li><a href="`bf6d688157`"><code>bf6d688</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/50471">#50471</a> from austinvazquez/cherry-pick-b1ce0c89f0214cc6711c...</li> <li><a href="`4205776b85`"><code>4205776</code></a> client: always send (empty) body on push</li> <li><a href="`e77ff99ede`"><code>e77ff99</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/50354">#50354</a> from vvoland/50353-28.x</li> <li>Additional commits viewable in <a href="https://github.com/docker/docker/compare/v28.2.2...v28.3.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=28.2.2+incompatible&new-version=28.3.3+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/element-hq/synapse/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-17 13:58:10 +01:00
Eric Eastwood	46d235cd52	Add in-repo Complement tests (#19406 ) This is useful so we can test Synapse specific behaviors like our admin API. (see docs in PR, `complement/README.md`) ``` COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh --in-repo ``` Complement calls these ["out-of-repo"](`78c255edce/OUT-OF-REPO-TESTS.md`) tests but it's a bit of a misnomer once they're in your project. (just depends on the perspective) There has been [previous desire](https://github.com/element-hq/synapse/pull/19021#discussion_r2453442191) for this kind of thing but this is spawning from wanting to have some tests for our purge history admin API (https://github.com/element-hq/synapse-rust-apps/issues/430). There are some Sytest tests ([`matrix-org/sytest` -> `tests/48admin.pl#L91-L618`](`1be04cce46/tests/48admin.pl (L91-L618)`)) for this already but I'd much rather work in Complement instead of Sytest. I'm wanting these tests to ensure that our new `event-cache` rust app for Synapse Pro doesn't break these kind of erasure features (https://github.com/element-hq/synapse-rust-apps/issues/366 and https://github.com/element-hq/synapse-rust-apps/issues/153). Interestingly, there is already [`matrix-org/complement` -> `tests/csapi/admin_test.go`](`78c255edce/tests/csapi/admin_test.go`) (added in https://github.com/matrix-org/complement/pull/322) in the Complement repo iteslf that tests the `/_synapse/admin/v1/send_server_notice` endpoint but it's a bit of an interesting case as [Dendrite also supports this endpoint](https://github.com/matrix-org/dendrite/pull/2180). I don't think it's good practice to continually shove in more and more Synapse-specific behavior into the Complement repo itself. We already have success with other out-of-repo tests for projects like the [SBG](`b76b05b53e/complement_tests`), [TI-Messenger Proxy](`c8fa87fecc/complement`), and our [Synapse Pro for small hosts](`c2ea7eabf3/complement`).	2026-02-05 17:11:55 -06:00

dependabot[bot]

1592afba8d

Bump github.com/docker/docker from 28.2.2+incompatible to 28.3.3+incompatible in /complement (#19436 )

Bumps [github.com/docker/docker](https://github.com/docker/docker) from
28.2.2+incompatible to 28.3.3+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v28.3.3</h2>
<h2>28.3.3</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.3.3">docker/cli,
28.3.3 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.3.3">moby/moby,
28.3.3 milestone</a></li>
</ul>
<h3>Security</h3>
<p>This release fixes an issue where, after a firewalld reload,
published container ports could be accessed directly from the local
network, even when they were intended to be accessible only via a
loopback address. <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54388">CVE-2025-54388</a>
/ <a
href="https://github.com/moby/moby/security/advisories/GHSA-x4rx-4gw3-53p4">GHSA-x4rx-4gw3-53p4</a>
/ <a
href="https://redirect.github.com/moby/moby/pull/50506">moby/moby#50506</a>.</p>
<h3>Packaging updates</h3>
<ul>
<li>Update Buildx to <a
href="https://github.com/docker/buildx/releases/tag/v0.26.1">v0.26.1</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1230">docker/docker-ce-packaging#1230</a></li>
<li>Update Compose to <a
href="https://github.com/docker/compose/releases/tag/v2.39.1">v2.39.1</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1234">docker/docker-ce-packaging#1234</a></li>
<li>Update Docker Model CLI plugin to <a
href="https://github.com/docker/model-cli/releases/tag/v0.1.36">v0.1.36</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1233">docker/docker-ce-packaging#1233</a></li>
</ul>
<h3>Go SDK</h3>
<ul>
<li>cli/command/formatter: add <code>TrunateID()</code> utility as
alternative for
<code>github.com/docker/docker/pkg/stringid.TrunateID()</code>. <a
href="https://redirect.github.com/docker/cli/pull/6180">docker/cli#6180</a></li>
</ul>
<h2>28.3.2</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.3.2">docker/cli,
28.3.2 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.3.2">moby/moby,
28.3.2 milestone</a></li>
<li>Deprecated and removed features, see <a
href="https://github.com/docker/cli/blob/v28.3.2/docs/deprecated.md">Deprecated
Features</a>.</li>
<li>Changes to the Engine API, see <a
href="https://github.com/moby/moby/blob/v28.3.2/docs/api/version-history.md">API
version history</a>.</li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>Fix <code>--use-api-socket</code> not working correctly when
targeting a remote daemon. <a
href="https://redirect.github.com/docker/cli/pull/6157">docker/cli#6157</a></li>
<li>Fix stray &quot;otel error&quot; logs being printed if debug logging
is enabled. <a
href="https://redirect.github.com/docker/cli/pull/6160">docker/cli#6160</a></li>
<li>Quote SSH arguments when connecting to a remote daemon over an SSH
connection to avoid unexpected expansion. <a
href="https://redirect.github.com/docker/cli/pull/6147">docker/cli#6147</a></li>
<li>Warn when <code>DOCKER_AUTH_CONFIG</code> is set during <code>docker
login</code> and <code>docker logout</code>. <a
href="https://redirect.github.com/docker/cli/pull/6163">docker/cli#6163</a></li>
</ul>
<h3>Packaging updates</h3>
<ul>
<li>Update Compose to <a
href="https://github.com/docker/compose/releases/tag/v2.38.2">v2.38.2</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1225">docker/docker-ce-packaging#1225</a></li>
<li>Update Docker Model CLI plugin to <a
href="https://github.com/docker/model-cli/releases/tag/v0.1.33">v0.1.33</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1227">docker/docker-ce-packaging#1227</a></li>
<li>Update Go runtime to 1.24.5. <a
href="https://redirect.github.com/moby/moby/pull/50354">moby/moby#50354</a></li>
</ul>
<h2>28.3.1</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.3.1">docker/cli,
28.3.1 milestone</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bea959c7b7"><code>bea959c</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/50506">#50506</a>
from robmry/backport-28.x/fix_firewalld_reload</li>
<li><a
href="3e9ff78b94"><code>3e9ff78</code></a>
bridge: Reapply endpoint iptables rules on firewalld reload</li>
<li><a
href="29ed80aa86"><code>29ed80a</code></a>
bridge: Trigger firewalld reload during bridge integration tests</li>
<li><a
href="da489a11d4"><code>da489a1</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/50478">#50478</a>
from thaJeztah/28.x_backport_gha_bump_bk</li>
<li><a
href="f173e45ae9"><code>f173e45</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/50480">#50480</a>
from austinvazquez/cherry-pick-ea29dffaa541289591aa...</li>
<li><a
href="e4b1f89996"><code>e4b1f89</code></a>
daemon/server: remove compatibility with API v1.4 auth-config on
push</li>
<li><a
href="0c9e14dcce"><code>0c9e14d</code></a>
hack/buildkit-ref: temporarily bump BuildKit to head of v0.23
branch</li>
<li><a
href="bf6d688157"><code>bf6d688</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/50471">#50471</a>
from austinvazquez/cherry-pick-b1ce0c89f0214cc6711c...</li>
<li><a
href="4205776b85"><code>4205776</code></a>
client: always send (empty) body on push</li>
<li><a
href="e77ff99ede"><code>e77ff99</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/50354">#50354</a>
from vvoland/50353-28.x</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v28.2.2...v28.3.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=28.2.2+incompatible&new-version=28.3.3+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/element-hq/synapse/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

2026-02-17 13:58:10 +01:00

Eric Eastwood

46d235cd52

Add in-repo Complement tests (#19406 )

This is useful so we can test Synapse
specific behaviors like our admin API.

(see docs in PR, `complement/README.md`)
```
COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh --in-repo
```

Complement calls these
["out-of-repo"](78c255edce/OUT-OF-REPO-TESTS.md)
tests but it's a bit of a misnomer once they're in your project. (just
depends on the perspective)

There has been [previous
desire](https://github.com/element-hq/synapse/pull/19021#discussion_r2453442191)
for this kind of thing but this is spawning from wanting to have some
tests for our purge history admin API
(https://github.com/element-hq/synapse-rust-apps/issues/430). There are
some Sytest tests ([`matrix-org/sytest` ->
`tests/48admin.pl#L91-L618`](1be04cce46/tests/48admin.pl (L91-L618)))
for this already but I'd much rather work in Complement instead of
Sytest. I'm wanting these tests to ensure that our new `event-cache`
rust app for Synapse Pro doesn't break these kind of erasure features
(https://github.com/element-hq/synapse-rust-apps/issues/366 and
https://github.com/element-hq/synapse-rust-apps/issues/153).

Interestingly, there is already [`matrix-org/complement` ->
`tests/csapi/admin_test.go`](78c255edce/tests/csapi/admin_test.go)
(added in https://github.com/matrix-org/complement/pull/322) in the
Complement repo iteslf that tests the
`/_synapse/admin/v1/send_server_notice` endpoint but it's a bit of an
interesting case as [Dendrite also supports this
endpoint](https://github.com/matrix-org/dendrite/pull/2180). I don't
think it's good practice to continually shove in more and more
Synapse-specific behavior into the Complement repo itself.

We already have success with other out-of-repo tests for projects like
the
[SBG](b76b05b53e/complement_tests),
[TI-Messenger
Proxy](c8fa87fecc/complement),
and our [Synapse Pro for small
hosts](c2ea7eabf3/complement).

2026-02-05 17:11:55 -06:00

2 Commits