kaslo/synapse
1
0
Fork 0
Code Wiki Activity
24,679 Commits 1,048 Branches 805 Tags
4097ada89fefe12e7ec6d2b7a3bfbc61e64e14a0
Commit Graph

24679 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Ferrazzutti 4097ada89f Optimize Dockerfile-workers (#18292) 
- Use a `uv:python` image for the first build layer, to reduce the
number of intermediate images required, as the
main Dockerfile uses that image already
- Use a cache mount for `apt` commands
- Skip a pointless install of `redis-server`, since the redis Docker
image is copied from instead
- Move some RUN steps out of the final image layer & into the build
layer

Depends on https://github.com/element-hq/synapse/pull/18275

### Pull Request Checklist

<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->

* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
  - Use markdown where necessary, mostly for `code blocks`.
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
 2025-04-30 15:54:30 +02:00
Kim Brose f79811ed80 Fix typo in docs about push (#18320) 2025-04-30 14:27:08 +01:00
Erik Johnston 4eaab31757 Minor performance improvements to notifier/replication (#18367) 
These are some improvements to `on_new_event` which is a hot path. Not
sure how much this will save, but maybe like ~5%?

Possibly easier to review commit-by-commit
 2025-04-29 14:08:32 +01:00
Erik Johnston ad140130cc Slight performance increase when using the ratelimiter (#18369) 
See the commits.
 2025-04-29 14:08:22 +01:00
Erik Johnston e47de2b32d Do not retry push during backoff period (#18363) 
This fixes a bug where if a pusher gets told about a new event to push
it will ignore the backoff and immediately retry sending any pending
push.
 2025-04-29 14:08:11 +01:00
dependabot[bot] 0384fd72ee Bump softprops/action-gh-release from 1 to 2 (#18264) 2025-04-29 10:08:20 +01:00
dependabot[bot] 75832f25b0 Bump types-jsonschema from 4.23.0.20240813 to 4.23.0.20241208 (#18305) 2025-04-29 10:07:49 +01:00
dependabot[bot] 7346760aed Bump pyopenssl from 24.3.0 to 25.0.0 (#18315) 2025-04-29 10:07:33 +01:00
dependabot[bot] b0795d0cb6 Bump types-psycopg2 from 2.9.21.20250121 to 2.9.21.20250318 (#18316) 
Bumps [types-psycopg2](https://github.com/python/typeshed) from
2.9.21.20250121 to 2.9.21.20250318.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/python/typeshed/commits">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-psycopg2&package-manager=pip&previous-version=2.9.21.20250121&new-version=2.9.21.20250318)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-29 10:07:15 +01:00
dependabot[bot] 2ef7824620 Bump pyo3-log from 0.12.2 to 0.12.3 (#18317) 2025-04-29 10:07:06 +01:00
dependabot[bot] 39e17856a3 Bump anyhow from 1.0.97 to 1.0.98 (#18336) 2025-04-29 10:06:36 +01:00
dependabot[bot] 4c958c679a Bump stefanzweifel/git-auto-commit-action from 5.1.0 to 5.2.0 (#18354) 2025-04-29 10:06:26 +01:00
dependabot[bot] a87981f673 Bump actions/download-artifact from 4.2.1 to 4.3.0 (#18364) 2025-04-29 10:06:13 +01:00
dependabot[bot] 2ff977a6c3 Bump actions/add-to-project from 280af8ae1f83a494cfad2cb10f02f6d13529caa9 to 5b1a254a3546aef88e0a7724a77a623fa2e47c36 (#18365) 2025-04-29 10:05:55 +01:00
dependabot[bot] 1482ad1917 Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 (#18366) 2025-04-29 10:05:43 +01:00
Erik Johnston 5b89c92643 Allow /rooms/ admin API to be on workers (#18360) 
Tested by https://github.com/matrix-org/sytest/pull/1400
 2025-04-25 15:18:22 +01:00
Erik Johnston 33824495ba Move GET /devices/ off main process (#18355) 
We can't move PUT/DELETE as they do need to happen on main process (due
to notification of device changes).

---------

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
 2025-04-25 15:08:33 +01:00
Devon Hudson 89cb613a4e Revert "Add total event, unencrypted message, and e2ee event counts to stats reporting" (#18346) 
Reverts element-hq/synapse#18260

It is causing a failure when building release debs for `debian:bullseye`
with the following error:
```
sqlite3.OperationalError: near "RETURNING": syntax error
```
 2025-04-16 16:41:41 +00:00
Erik Johnston c16a981f22 Fix query for room participation (#18345) 
Follow on from #18068

Currently the subquery in `UPDATE` is pointless, as it will still just
update all `room_membership` rows. Instead, we should look at the
current membership event ID (which is easily retrieved from
`local_current_membership`). We also add a `AND NOT participant` to noop
the `UPDATE` when the `participant` flag is already set.

cc @H-Shay
 2025-04-16 14:14:56 +01:00
Quentin Gliech 0046d7278b Fix ExternalIDReuse exception for concurrent transactions (#18342) 2025-04-16 07:34:58 +00:00
Quentin Gliech 2c7a61e311 Don't cache introspection failures (#18339) 2025-04-15 17:30:45 +02:00
Erik Johnston 45420b1d42 Fix force_tracing_for_users config when using MAS (#18334) 
This is a copy of what we do for internal auth, and we should figure out
a way to deduplicate some of this stuff:


https://github.com/element-hq/synapse/blob/dd05cc55eedbf086ae224a13c9ae9f0332d96b1f/synapse/api/auth/internal.py#L62-L110
 2025-04-15 16:02:27 +01:00
reivilibre 19b0e23c3d Fix the token introspection cache logging access tokens when MAS integration is in use. (#18335) 
The `ResponseCache` logs keys by default.

Let's not do that for access tokens.

---------

Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
 2025-04-15 15:58:30 +01:00
Andrew Morgan a832375bfb Add total event, unencrypted message, and e2ee event counts to stats reporting (#18260) 
Co-authored-by: Eric Eastwood <erice@element.io>
 2025-04-15 07:49:08 -07:00
Erik Johnston ae701e1709 Add caches to new hot path functions (#18337) 
We call these two functions for every authed request when using
delegated auth.
 2025-04-14 17:54:47 +01:00
Olivier D dd05cc55ee Add passthrough_authorization_parameters support to OIDC configuration (#18232) 
# Add passthrough_authorization_parameters support to OIDC configuration

This PR adds `the passthrough_authorization_parameters` option to OIDC
configuration, allowing specific query parameters (like `login_hint`) to
be passed from the redirect endpoint to the authorization grant URL.

This enables clients to provide additional context to identity providers
during authentication flows.

# Pull Request Checklist

<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->

* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
  - Use markdown where necessary, mostly for `code blocks`.
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))

---------

Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-04-10 13:39:27 +00:00
Erik Johnston 081f6ad50f Merge branch 'master' into develop 2025-04-08 15:31:57 +01:00
Erik Johnston b30fcb03cc 1.128.0 v1.128.0 2025-04-08 14:09:59 +01:00
Jason Little 0e3c0aeee8 Disable Postgres statement timeouts while purging room state (#18133) 2025-04-02 15:37:50 +01:00
Andrew Ferrazzutti 5c84f25809 complement-synapse: COPY existing dir from base (#18294) 
The base postgres image already has the /var/run/postgresql directory,
and COPY can set file ownership with chown=, so COPY it instead of
making it from scratch & manually setting its ownership.

### Pull Request Checklist

<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->

* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
  - Use markdown where necessary, mostly for `code blocks`.
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
 2025-04-01 15:51:00 +00:00
Quentin Gliech 770768614b Merge changelog entries v1.128.0rc1 2025-04-01 16:49:19 +02:00
Quentin Gliech b8b3896b1d Fix rendering of the changelog 2025-04-01 16:45:11 +02:00
Quentin Gliech 01efc49554 1.128.0rc1 2025-04-01 16:41:42 +02:00
Quentin Gliech fa53a8512a Make sure media hashes are not queried until the index is up (#18302) 2025-04-01 14:21:35 +00:00
dependabot[bot] fdbcb821ff Bump phonenumbers from 8.13.50 to 9.0.2 (#18299) 
Bumps
[phonenumbers](https://github.com/daviddrysdale/python-phonenumbers)
from 8.13.50 to 9.0.2.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/73ef5e664b55ba941cd1a120497d8a0395e1076f"><code>73ef5e6</code></a>
Prep for 9.0.2 release</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/528a98bc757a2539bd969aee5bc75f22bb5a4d68"><code>528a98b</code></a>
Generated files for metadata</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/28f5958abd284b1a76a4bff3fb2ca0b043c93605"><code>28f5958</code></a>
Merge metadata changes from upstream 9.0.2</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/25ae49c1609bcbdec6cb25f0f08a3c0f3c112654"><code>25ae49c</code></a>
Prep for 9.0.1 release</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/b8a1459cef41649cba3cb6fa6f9ae868b1f67dd2"><code>b8a1459</code></a>
Generated files for metadata</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/f6cd2333593d27c5c6a004049f84fcf525f59911"><code>f6cd233</code></a>
Merge metadata changes from upstream 9.0.1</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/c46f1049ba5731ca27f3a47d13f07965c43a6cbd"><code>c46f104</code></a>
Prep for 9.0.0 release</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/d542ec2abcbd8c89560a632c7e5176e6b718a144"><code>d542ec2</code></a>
Generated files for metadata</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/a4da80e25217a71a7ee03cc6d90f16d6187cd38f"><code>a4da80e</code></a>
Merge metadata changes from upstream 9.0.0</li>
<li><a
href="https://github.com/daviddrysdale/python-phonenumbers/commit/45c822e887ab4eee6869af23096f385cdc4aeae1"><code>45c822e</code></a>
Prep for 8.13.55 release</li>
<li>Additional commits viewable in <a
href="https://github.com/daviddrysdale/python-phonenumbers/compare/v8.13.50...v9.0.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=phonenumbers&package-manager=pip&previous-version=8.13.50&new-version=9.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 13:56:32 +00:00
dependabot[bot] 8eb991b746 Bump authlib from 1.4.1 to 1.5.1 (#18306) 
Bumps [authlib](https://github.com/lepture/authlib) from 1.4.1 to 1.5.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/lepture/authlib/releases">authlib's
releases</a>.</em></p>
<blockquote>
<h2>Version 1.5.1</h2>
<p>Released on Feb 28, 2025</p>
<ul>
<li>Fix RFC9207 iss parameter. <a
href="https://redirect.github.com/lepture/authlib/issues/715">#715</a></li>
</ul>
<h2>Version 1.5.0</h2>
<ul>
<li>Fix token introspection auth method for clients. <a
href="https://redirect.github.com/lepture/authlib/pull/662">#662</a></li>
<li>Optional typ claim in JWT tokens. <a
href="https://redirect.github.com/lepture/authlib/pull/696">#696</a></li>
<li>JWT validation leeway. <a
href="https://redirect.github.com/lepture/authlib/pull/689">#689</a></li>
<li>Implement server-side <a
href="https://datatracker.ietf.org/doc/html/rfc9207.html">RFC9207</a>.
<a
href="https://redirect.github.com/lepture/authlib/issues/700">#700</a>
<a
href="https://redirect.github.com/lepture/authlib/pull/701">#701</a></li>
<li>generate_id_token can take a kid parameter. <a
href="https://redirect.github.com/lepture/authlib/pull/702">#702</a></li>
<li>More detailed InvalidClientError. <a
href="https://redirect.github.com/lepture/authlib/pull/706">#706</a></li>
<li>OpenID Connect Dynamic Client Registration implementation. <a
href="https://redirect.github.com/lepture/authlib/pull/707">#707</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/lepture/authlib/blob/main/docs/changelog.rst">authlib's
changelog</a>.</em></p>
<blockquote>
<h2>Version 1.5.1</h2>
<p><strong>Released on Feb 28, 2025</strong></p>
<ul>
<li>Fix RFC9207 <code>iss</code> parameter. :pr:<code>715</code></li>
</ul>
<h2>Version 1.5.0</h2>
<p><strong>Released on Feb 25, 2025</strong></p>
<ul>
<li>Fix token introspection auth method for clients.
:pr:<code>662</code></li>
<li>Optional <code>typ</code> claim in JWT tokens.
:pr:<code>696</code></li>
<li>JWT validation leeway. :pr:<code>689</code></li>
<li>Implement server-side :rfc:<code>RFC9207 &lt;9207&gt;</code>.
:issue:<code>700</code> :pr:<code>701</code></li>
<li><code>generate_id_token</code> can take a <code>kid</code>
parameter. :pr:<code>702</code></li>
<li>More detailed <code>InvalidClientError</code>.
:pr:<code>706</code></li>
<li>OpenID Connect Dynamic Client Registration implementation.
:pr:<code>707</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/lepture/authlib/commit/4eafdc21891e78361f478479efe109ff0fb2f661"><code>4eafdc2</code></a>
chore: release 1.5.1</li>
<li><a
href="https://github.com/lepture/authlib/commit/0e7e3443447094e6c2c0835e2f110c15b14c853c"><code>0e7e344</code></a>
Merge pull request <a
href="https://redirect.github.com/lepture/authlib/issues/715">#715</a>
from azmeuk/rfc9207</li>
<li><a
href="https://github.com/lepture/authlib/commit/b57932bc7e2c0f7115b77f38dfd88a1443487593"><code>b57932b</code></a>
fix: RFC9207 iss parameter</li>
<li><a
href="https://github.com/lepture/authlib/commit/7833a887da396e285f9315dc361670abec22137d"><code>7833a88</code></a>
Merge pull request <a
href="https://redirect.github.com/lepture/authlib/issues/713">#713</a>
from geigerzaehler/full-entropy</li>
<li><a
href="https://github.com/lepture/authlib/commit/642dfa3264f0afe94c7f6ac7006007a7fd24fbe6"><code>642dfa3</code></a>
doc: fix an example import for rfc9207</li>
<li><a
href="https://github.com/lepture/authlib/commit/5c507a84733033bdbf3e9d884bba67f18ce8ba0a"><code>5c507a8</code></a>
fix: Use full entropy from specified oct key size</li>
<li><a
href="https://github.com/lepture/authlib/commit/2d0396e3fc49d53ab816bb43ec83fe42d527ca09"><code>2d0396e</code></a>
chore: release 1.5.0</li>
<li><a
href="https://github.com/lepture/authlib/commit/da87c8b2ec35af9ddd3b621e2e8245102018f878"><code>da87c8b</code></a>
doc: update changelog</li>
<li><a
href="https://github.com/lepture/authlib/commit/b79d868e7f14bffc9e6d381570cfaf90c941f872"><code>b79d868</code></a>
Merge pull request <a
href="https://redirect.github.com/lepture/authlib/issues/662">#662</a>
from AdamWill/oauth2-fix-introspect-endpoint</li>
<li><a
href="https://github.com/lepture/authlib/commit/24c2bd871825771bb3e0523cf070e2aab0cbe8c1"><code>24c2bd8</code></a>
chore: add a dependency group for the documentation</li>
<li>Additional commits viewable in <a
href="https://github.com/lepture/authlib/compare/v1.4.1...v1.5.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=authlib&package-manager=pip&previous-version=1.4.1&new-version=1.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 15:36:25 +02:00
Andrew Ferrazzutti 87d374c639 Tweaks to prefix-log (#18274) 
- Explicitly use `mawk` instead of `awk`, since an extension of the
former is used
- Use `fflush` to reduce interleaving the output of different processes
& streams
- Move the `mawk` command to a shell function, instead of writing it
twice
- Look up the `SUPERVISOR_PROCESS_NAME` environment variable in `mawk`,
instead of reading it in the shell & using complex quoting to pass it to
`mawk`

### Pull Request Checklist

<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->

* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
  - Use markdown where necessary, mostly for `code blocks`.
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))

---------

Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-04-01 15:36:13 +02:00
reivilibre 1709234311 Add an access token introspection cache to make Matrix Authentication Service integration (MSC3861) more efficient. (#18231) 
Evolution of
https://github.com/element-hq/synapse/commit/cd78f3d2ee15ccf3e8229a1f529e0e2c16e15c45

This cache does not have any explicit invalidation, but this is deemed
acceptable (see code comment).

We may still prefer to add it eventually, letting us bump up the
Time-To-Live (TTL) on the cache as we currently set a 2 minute expiry
to balance the fact that we have no explicit invalidation.


This cache makes several things more efficient:

- reduces number of outbound requests from Synapse, reducing CPU
utilisation + network I/O
- reduces request handling time in Synapse, which improves
client-visible latency
- reduces load on MAS and its database


---

Other than that, this PR also introduces support for `expires_in`
(seconds) on the introspection response.
This lets the cached responses expire at the proper expiry time of the
access token, whilst avoiding clock skew issues.

Corresponds to:
https://github.com/element-hq/matrix-authentication-service/pull/4241

---------

Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
 2025-04-01 14:31:19 +01:00
dependabot[bot] 80b62d7903 Bump actions/upload-artifact from 4.6.1 to 4.6.2 (#18304) 
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 4.6.1 to 4.6.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.6.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to use artifact 2.3.2 package &amp; prepare for new
upload-artifact release by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.6.2">https://github.com/actions/upload-artifact/compare/v4...v4.6.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/ea165f8d65b6e75b540449e92b4886f43607fa02"><code>ea165f8</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/685">#685</a>
from salmanmkc/salmanmkc/3-new-upload-artifacts-release</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/08396203c179e13c71b9754ce3472ed71842eec0"><code>0839620</code></a>
Prepare for new release of actions/upload-artifact with new toolkit
cache ver...</li>
<li>See full diff in <a
href="https://github.com/actions/upload-artifact/compare/4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1...ea165f8d65b6e75b540449e92b4886f43607fa02">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=4.6.1&new-version=4.6.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 13:30:44 +00:00
dependabot[bot] 7ace290f07 Bump actions/add-to-project from f5473ace9aeee8b97717b281e26980aa5097023f to 280af8ae1f83a494cfad2cb10f02f6d13529caa9 (#18303) 
Bumps
[actions/add-to-project](https://github.com/actions/add-to-project) from
f5473ace9aeee8b97717b281e26980aa5097023f to
280af8ae1f83a494cfad2cb10f02f6d13529caa9.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/add-to-project/commit/280af8ae1f83a494cfad2cb10f02f6d13529caa9"><code>280af8a</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/add-to-project/issues/688">#688</a>
from actions/dependabot/npm_and_yarn/vercel/ncc-0.38.3</li>
<li><a
href="https://github.com/actions/add-to-project/commit/a5abfebda95cd4d848045f39facb11fc18e3391d"><code>a5abfeb</code></a>
Update licensed cache and dist/ directory</li>
<li><a
href="https://github.com/actions/add-to-project/commit/f30c2e67f81007061987663b4a219fe3cf01464f"><code>f30c2e6</code></a>
Bump <code>@​vercel/ncc</code> from 0.38.1 to 0.38.3</li>
<li><a
href="https://github.com/actions/add-to-project/commit/81dd5ce97fc1878d6145108c0bf9330ff48f1230"><code>81dd5ce</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/add-to-project/issues/687">#687</a>
from actions/dependabot/npm_and_yarn/types/jest-29.5.14</li>
<li><a
href="https://github.com/actions/add-to-project/commit/122a80374266a5293832675e27cd679978f9f4ff"><code>122a803</code></a>
Bump <code>@​types/jest</code> from 29.5.12 to 29.5.14</li>
<li><a
href="https://github.com/actions/add-to-project/commit/29c72ac92445aa8e7a5e6b1643cca32d78dbeea0"><code>29c72ac</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/add-to-project/issues/686">#686</a>
from actions/dependabot/npm_and_yarn/types/node-22.13.14</li>
<li><a
href="https://github.com/actions/add-to-project/commit/46316d9a20b27daa0bd6399be0faa3490859cc18"><code>46316d9</code></a>
Bump <code>@​types/node</code> from 16.18.101 to 22.13.14</li>
<li><a
href="https://github.com/actions/add-to-project/commit/95df5ae4dbb6c1e60f2bcfa3459d2d5cbf98c6da"><code>95df5ae</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/add-to-project/issues/685">#685</a>
from actions/dependabot/npm_and_yarn/eslint-plugin-je...</li>
<li><a
href="https://github.com/actions/add-to-project/commit/f14f229b02cc2da1e86a231e565592a57f62b37e"><code>f14f229</code></a>
Bump eslint-plugin-jest from 28.6.0 to 28.11.0</li>
<li><a
href="https://github.com/actions/add-to-project/commit/cc696180afea0adc14ad0cfaea066a2e8f6fe5ae"><code>cc69618</code></a>
Exit without failure if nothing to commit</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/add-to-project/compare/f5473ace9aeee8b97717b281e26980aa5097023f...280af8ae1f83a494cfad2cb10f02f6d13529caa9">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 13:13:58 +00:00
dependabot[bot] 2f812c2eb6 Bump jinja2 from 3.1.5 to 3.1.6 (#18223) 
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.5 to 3.1.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/jinja/releases">jinja2's
releases</a>.</em></p>
<blockquote>
<h2>3.1.6</h2>
<p>This is the Jinja 3.1.6 security release, which fixes security issues
but does not otherwise change behavior and should not result in breaking
changes compared to the latest feature release.</p>
<p>PyPI: <a
href="https://pypi.org/project/Jinja2/3.1.6/">https://pypi.org/project/Jinja2/3.1.6/</a>
Changes: <a
href="https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6">https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6</a></p>
<ul>
<li>The <code>|attr</code> filter does not bypass the environment's
attribute lookup, allowing the sandbox to apply its checks. <a
href="https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7">https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/jinja/blob/main/CHANGES.rst">jinja2's
changelog</a>.</em></p>
<blockquote>
<h2>Version 3.1.6</h2>
<p>Released 2025-03-05</p>
<ul>
<li>The <code>|attr</code> filter does not bypass the environment's
attribute lookup,
allowing the sandbox to apply its checks.
:ghsa:<code>cpwx-vrp4-4pq7</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679"><code>1520688</code></a>
release version 3.1.6</li>
<li><a
href="https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403"><code>90457bb</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7"><code>065334d</code></a>
attr filter uses env.getattr</li>
<li><a
href="https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145"><code>033c200</code></a>
start version 3.1.6</li>
<li><a
href="https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35"><code>bc68d4e</code></a>
use global contributing guide (<a
href="https://redirect.github.com/pallets/jinja/issues/2070">#2070</a>)</li>
<li><a
href="https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486"><code>247de5e</code></a>
use global contributing guide</li>
<li><a
href="https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f"><code>ab8218c</code></a>
use project advisory link instead of global</li>
<li><a
href="https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2"><code>b4ffc8f</code></a>
release version 3.1.5 (<a
href="https://redirect.github.com/pallets/jinja/issues/2066">#2066</a>)</li>
<li>See full diff in <a
href="https://github.com/pallets/jinja/compare/3.1.5...3.1.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jinja2&package-manager=pip&previous-version=3.1.5&new-version=3.1.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/element-hq/synapse/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 12:42:01 +00:00
Andrew Ferrazzutti 90f346183a Use uv pip to install supervisor in workers image (#18275) 2025-04-01 12:32:56 +00:00
Andrew Ferrazzutti f638a76ba4 Avoid relying on rsync during Docker build (#18287) 
Use targeted COPY commands instead of rsync to avoid having a symlinked
/lib as the destination of a COPY (which buildkit does not support).

### Pull Request Checklist

<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->

* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
  - Use markdown where necessary, mostly for `code blocks`.
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
 2025-04-01 12:32:34 +00:00
dependabot[bot] cf02b8fea5 Bump actions/setup-python from 5.4.0 to 5.5.0 (#18298) 
Bumps [actions/setup-python](https://github.com/actions/setup-python)
from 5.4.0 to 5.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-python/releases">actions/setup-python's
releases</a>.</em></p>
<blockquote>
<h2>v5.5.0</h2>
<h2>What's Changed</h2>
<h3>Enhancements:</h3>
<ul>
<li>Support free threaded Python versions like '3.13t' by <a
href="https://github.com/colesbury"><code>@​colesbury</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/973">actions/setup-python#973</a></li>
<li>Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for
free threaded and Upgrade <code>@​action/cache</code> from 4.0.0 to
4.0.3 by <a
href="https://github.com/priya-kinthali"><code>@​priya-kinthali</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1056">actions/setup-python#1056</a></li>
<li>Add support for .tool-versions file in setup-python by <a
href="https://github.com/mahabaleshwars"><code>@​mahabaleshwars</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1043">actions/setup-python#1043</a></li>
</ul>
<h3>Bug fixes:</h3>
<ul>
<li>Fix architecture for pypy on Linux ARM64 by <a
href="https://github.com/mayeut"><code>@​mayeut</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1011">actions/setup-python#1011</a>
This update maps arm64 to aarch64 for Linux ARM64 PyPy
installations.</li>
</ul>
<h3>Dependency updates:</h3>
<ul>
<li>Upgrade <code>@​vercel/ncc</code> from 0.38.1 to 0.38.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1016">actions/setup-python#1016</a></li>
<li>Upgrade <code>@​actions/glob</code> from 0.4.0 to 0.5.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1015">actions/setup-python#1015</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/colesbury"><code>@​colesbury</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/973">actions/setup-python#973</a></li>
<li><a
href="https://github.com/mahabaleshwars"><code>@​mahabaleshwars</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/1043">actions/setup-python#1043</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-python/compare/v5...v5.5.0">https://github.com/actions/setup-python/compare/v5...v5.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-python/commit/8d9ed9ac5c53483de85588cdf95a591a75ab9f55"><code>8d9ed9a</code></a>
Add e2e Testing for free threaded and Bump <code>@​action/cache</code>
from 4.0.0 to 4.0.3 ...</li>
<li><a
href="https://github.com/actions/setup-python/commit/19e4675e06535f6b54e894da5c1f044400bb4996"><code>19e4675</code></a>
Add support for .tool-versions file in setup-python (<a
href="https://redirect.github.com/actions/setup-python/issues/1043">#1043</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/6fd11e170a18f6ae448d1080a4a63cc987aed84c"><code>6fd11e1</code></a>
Bump <code>@​actions/glob</code> from 0.4.0 to 0.5.0 (<a
href="https://redirect.github.com/actions/setup-python/issues/1015">#1015</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/9e62be81b28222addecf85e47571213eb7680449"><code>9e62be8</code></a>
Support free threaded Python versions like '3.13t' (<a
href="https://redirect.github.com/actions/setup-python/issues/973">#973</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/6ca8e8598faa206f7140a65ba31b899bebe16f58"><code>6ca8e85</code></a>
Bump <code>@​vercel/ncc</code> from 0.38.1 to 0.38.3 (<a
href="https://redirect.github.com/actions/setup-python/issues/1016">#1016</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/8039c45ed9a312fba91f3399cd0605ba2ebfe93c"><code>8039c45</code></a>
fix: install PyPy on Linux ARM64 (<a
href="https://redirect.github.com/actions/setup-python/issues/1011">#1011</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-python/compare/42375524e23c412d93fb67b49958b491fce71c38...8d9ed9ac5c53483de85588cdf95a591a75ab9f55">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=5.4.0&new-version=5.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 12:31:59 +00:00
dependabot[bot] 1deb6e03e0 Bump pyo3-log from 0.12.1 to 0.12.2 (#18269) 
Bumps [pyo3-log](https://github.com/vorner/pyo3-log) from 0.12.1 to
0.12.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vorner/pyo3-log/blob/main/CHANGELOG.md">pyo3-log's
changelog</a>.</em></p>
<blockquote>
<h1>0.12.2</h1>
<ul>
<li>Allow pyo3 0.24.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vorner/pyo3-log/commit/99ee890b2ba9cac31d5733c80df0fbe944170f2d"><code>99ee890</code></a>
Release 0.12.2</li>
<li><a
href="https://github.com/vorner/pyo3-log/commit/d1a27f574fbf5e4c45a109a543b92c308562c007"><code>d1a27f5</code></a>
Merge pull request <a
href="https://redirect.github.com/vorner/pyo3-log/issues/61">#61</a>
from gi0baro/pyo3-024</li>
<li><a
href="https://github.com/vorner/pyo3-log/commit/66fd9498c34cde58a7b4bf67abaac1e515768d89"><code>66fd949</code></a>
Allow PyO3 0.24</li>
<li>See full diff in <a
href="https://github.com/vorner/pyo3-log/compare/v0.12.1...v0.12.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyo3-log&package-manager=cargo&previous-version=0.12.1&new-version=0.12.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 14:12:58 +02:00
Will Hunt 02eed668b8 Document media hashing changes (#18296) 
Essentially document the change in behaviour in #18277 

### Pull Request Checklist

<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->

* [x] Pull request is based on the develop branch
* [x] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
  - Use markdown where necessary, mostly for `code blocks`.
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
 2025-04-01 12:43:05 +02:00
dependabot[bot] 9f8ed14535 Bump actions/download-artifact from 4.2.0 to 4.2.1 (#18268) 
Bumps
[actions/download-artifact](https://github.com/actions/download-artifact)
from 4.2.0 to 4.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/download-artifact/releases">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Add unit tests by <a
href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/392">actions/download-artifact#392</a></li>
<li>Fix bug introduced in 4.2.0 by <a
href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/391">actions/download-artifact#391</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v4.2.0...v4.2.1">https://github.com/actions/download-artifact/compare/v4.2.0...v4.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/download-artifact/commit/95815c38cf2ff2164869cbab79da8d1f422bc89e"><code>95815c3</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/391">#391</a>
from GhadimiR/main</li>
<li><a
href="https://github.com/actions/download-artifact/commit/278fca438a0f334c0505181835b4796f2785949b"><code>278fca4</code></a>
Move log statements</li>
<li><a
href="https://github.com/actions/download-artifact/commit/68909842a1073010f1cf920ed7f153e2948f9c16"><code>6890984</code></a>
Merge branch 'main' into main</li>
<li><a
href="https://github.com/actions/download-artifact/commit/f9415c0ec30f02c18e075f091cafcfe4159168d0"><code>f9415c0</code></a>
Run unit tests in CI</li>
<li><a
href="https://github.com/actions/download-artifact/commit/76a6eb5cbca98dccb5e14c0116e53f5df13b220d"><code>76a6eb5</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/392">#392</a>
from GhadimiR/add_unit_tests</li>
<li><a
href="https://github.com/actions/download-artifact/commit/a2426d7c4522072f4d5824c9508d7ea97107cb8e"><code>a2426d7</code></a>
Merge branch 'main' into add_unit_tests</li>
<li><a
href="https://github.com/actions/download-artifact/commit/3ffa694f6f7e3d53f63807f78267796f57911dd4"><code>3ffa694</code></a>
lint</li>
<li><a
href="https://github.com/actions/download-artifact/commit/53f6aa5f93b626e252398abac720a28f6eb048ed"><code>53f6aa5</code></a>
Add extra assertion to download single artifact test</li>
<li><a
href="https://github.com/actions/download-artifact/commit/b456700053c87aa7d6b31d212292755e1e6eb923"><code>b456700</code></a>
lint</li>
<li><a
href="https://github.com/actions/download-artifact/commit/9eab798a9885c1be58a1c4381da1109644016e98"><code>9eab798</code></a>
Configure tsconfig</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/download-artifact/compare/b14cf4c92620c250e1c074ab0a5800e37df86765...95815c38cf2ff2164869cbab79da8d1f422bc89e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/download-artifact&package-manager=github_actions&previous-version=4.2.0&new-version=4.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 08:08:57 +00:00
dependabot[bot] 3bc04d05a4 Bump pygithub from 2.5.0 to 2.6.1 (#18243) 
Bumps [pygithub](https://github.com/pygithub/pygithub) from 2.5.0 to
2.6.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pygithub/pygithub/releases">pygithub's
releases</a>.</em></p>
<blockquote>
<h2>v2.6.1</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Fix broken pickle support for <code>Auth</code> classes by <a
href="https://github.com/EnricoMi"><code>@​EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3211">PyGithub/PyGithub#3211</a></li>
<li>Remove schema from <code>Deployment</code>, remove
<code>message</code> attribute by <a
href="https://github.com/EnricoMi"><code>@​EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3223">PyGithub/PyGithub#3223</a></li>
<li>Fix incorrect deprecated import by <a
href="https://github.com/EnricoMi"><code>@​EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3225">PyGithub/PyGithub#3225</a></li>
<li>Add <code>CodeSecurityConfigRepository</code> returned by
<code>get_repos_for_code_security_config</code> by <a
href="https://github.com/EnricoMi"><code>@​EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3219">PyGithub/PyGithub#3219</a></li>
<li>Make <code>GitTag.verification</code> return
<code>GitCommitVerification</code> by <a
href="https://github.com/EnricoMi"><code>@​EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3226">PyGithub/PyGithub#3226</a></li>
</ul>
<h3>Maintenance</h3>
<ul>
<li>Mention removal of <code>AppAuth.private_key</code> in changelog by
<a href="https://github.com/EnricoMi"><code>@​EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3212">PyGithub/PyGithub#3212</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/PyGithub/PyGithub/compare/v2.6.0...v2.6.1">https://github.com/PyGithub/PyGithub/compare/v2.6.0...v2.6.1</a></p>
<h2>v2.6.0</h2>
<h3>Breaking Changes</h3>
<ul>
<li>Rework <code>Views</code> and <code>Clones</code> by <a
href="https://github.com/EnricoMi"><code>@​EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3168">PyGithub/PyGithub#3168</a>:
View and clones traffic information returned by
<code>Repository.get_views_traffic</code> and
<code>Repository.get_clones_traffic</code>
now return proper PyGithub objects, instead of a <code>dict</code>, with
all information that used to be provided by the <code>dict</code>:</li>
</ul>
<p>Code like</p>
<pre
lang="python"><code>repo.get_views_traffic().[&quot;views&quot;].timestamp
repo.get_clones_traffic().[&quot;clones&quot;].timestamp
</code></pre>
<p>should be replaced with</p>
<pre lang="python"><code>repo.get_views_traffic().views.timestamp
repo.get_clones_traffic().clones.timestamp
</code></pre>
<ul>
<li>Fix typos by <a
href="https://github.com/kianmeng"><code>@​kianmeng</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3086">PyGithub/PyGithub#3086</a>:
Property <code>OrganizationCustomProperty.respository_id</code> renamed
to <code>OrganizationCustomProperty.repository_id</code>.</li>
</ul>
<h3>New Features</h3>
<ul>
<li>Add capability for global laziness by <a
href="https://github.com/EnricoMi"><code>@​EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/2746">PyGithub/PyGithub#2746</a></li>
<li>Add Support for GitHub Copilot Seat Management in Organizations by
<a href="https://github.com/pashafateev"><code>@​pashafateev</code></a>
in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3082">PyGithub/PyGithub#3082</a></li>
<li>Get branches where commit is head by <a
href="https://github.com/EnricoMi"><code>@​EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3083">PyGithub/PyGithub#3083</a></li>
<li>Support downloading a Release Asset by <a
href="https://github.com/neel-m"><code>@​neel-m</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3060">PyGithub/PyGithub#3060</a></li>
<li>Add <code>Repository.merge_upstream</code> method by <a
href="https://github.com/Felixoid"><code>@​Felixoid</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3175">PyGithub/PyGithub#3175</a></li>
<li>Support updating pull request draft status by <a
href="https://github.com/didot"><code>@​didot</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3104">PyGithub/PyGithub#3104</a></li>
<li>Add transfer ownership method to Repository by <a
href="https://github.com/tanannie22"><code>@​tanannie22</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3091">PyGithub/PyGithub#3091</a></li>
<li>Add enable and disable a Workflow by <a
href="https://github.com/nickrmcclorey"><code>@​nickrmcclorey</code></a>
in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3088">PyGithub/PyGithub#3088</a></li>
<li>Add support for managing Code Security Configrations by <a
href="https://github.com/billnapier"><code>@​billnapier</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3095">PyGithub/PyGithub#3095</a></li>
<li>Allow for private_key / sign function in AppAuth by <a
href="https://github.com/EnricoMi"><code>@​EnricoMi</code></a> in <a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3065">PyGithub/PyGithub#3065</a></li>
</ul>
<h3>Improvements</h3>
<ul>
<li>Update RateLimit object with all the new categories GitHub added. by
<a href="https://github.com/billnapier"><code>@​billnapier</code></a> in
<a
href="https://redirect.github.com/PyGithub/PyGithub/pull/3096">PyGithub/PyGithub#3096</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/PyGithub/PyGithub/blob/v2.6.1/doc/changes.rst">pygithub's
changelog</a>.</em></p>
<blockquote>
<h2>Version 2.6.1 (February 21, 2025)</h2>
<p>Bug Fixes
^^^^^^^^^</p>
<ul>
<li>Fix broken pickle support for <code>Auth</code> classes
(<code>[#3211](https://github.com/pygithub/pygithub/issues/3211)
&lt;https://github.com/PyGithub/PyGithub/pull/3211&gt;</code><em>)
(<code>f975552a
&lt;https://github.com/PyGithub/PyGithub/commit/f975552a&gt;</code></em>)</li>
<li>Remove schema from <code>Deployment</code>, remove
<code>message</code> attribute
(<code>[#3223](https://github.com/pygithub/pygithub/issues/3223)
&lt;https://github.com/PyGithub/PyGithub/pull/3223&gt;</code><em>)
(<code>d12e7d4c
&lt;https://github.com/PyGithub/PyGithub/commit/d12e7d4c&gt;</code></em>)</li>
<li>Fix incorrect deprecated import
(<code>[#3225](https://github.com/pygithub/pygithub/issues/3225)
&lt;https://github.com/PyGithub/PyGithub/pull/3225&gt;</code><em>)
(<code>93297440
&lt;https://github.com/PyGithub/PyGithub/commit/93297440&gt;</code></em>)</li>
<li>Add <code>CodeSecurityConfigRepository</code> returned by
<code>get_repos_for_code_security_config</code>
(<code>[#3219](https://github.com/pygithub/pygithub/issues/3219)
&lt;https://github.com/PyGithub/PyGithub/pull/3219&gt;</code><em>)
(<code>f997a2f6
&lt;https://github.com/PyGithub/PyGithub/commit/f997a2f6&gt;</code></em>)</li>
<li>Make <code>GitTag.verification</code> return
<code>GitCommitVerification</code>
(<code>[#3226](https://github.com/pygithub/pygithub/issues/3226)
&lt;https://github.com/PyGithub/PyGithub/pull/3226&gt;</code><em>)
(<code>048a1a38
&lt;https://github.com/PyGithub/PyGithub/commit/048a1a38&gt;</code></em>)</li>
</ul>
<p>Maintenance
^^^^^^^^^^^</p>
<ul>
<li>Mention removal of <code>AppAuth.private_key</code> in changelog
(<code>[#3212](https://github.com/pygithub/pygithub/issues/3212)
&lt;https://github.com/PyGithub/PyGithub/pull/3212&gt;</code><em>)
(<code>f5dc1c76
&lt;https://github.com/PyGithub/PyGithub/commit/f5dc1c76&gt;</code></em>)</li>
</ul>
<h2>Version 2.6.0 (February 15, 2025)</h2>
<p>Breaking Changes
^^^^^^^^^^^^^^^^</p>
<ul>
<li>
<p>Rework <code>Views</code> and <code>Clones</code>
(<code>[#3168](https://github.com/pygithub/pygithub/issues/3168)
&lt;https://github.com/PyGithub/PyGithub/pull/3168&gt;</code><em>)
(<code>f7d52249
&lt;https://github.com/PyGithub/PyGithub/commit/f7d52249&gt;</code></em>):</p>
<p>View and clones traffic information returned by
<code>Repository.get_views_traffic</code> and
<code>Repository.get_clones_traffic</code>
now return proper PyGithub objects, instead of a <code>dict</code>, with
all information that used to be provided by the <code>dict</code>:</p>
</li>
</ul>
<p>Code like</p>
<p>.. code-block:: python</p>
<p>repo.get_views_traffic().[&quot;views&quot;].timestamp
repo.get_clones_traffic().[&quot;clones&quot;].timestamp</p>
<p>should be replaced with</p>
<p>.. code-block:: python</p>
<p>repo.get_views_traffic().views.timestamp
repo.get_clones_traffic().clones.timestamp</p>
<ul>
<li>
<p>Add <code>GitCommitVerification</code> class
(<code>[#3028](https://github.com/pygithub/pygithub/issues/3028)
&lt;https://github.com/PyGithub/PyGithub/pull/3028&gt;</code><em>)
(<code>822e6d71
&lt;https://github.com/PyGithub/PyGithub/commit/822e6d71&gt;</code></em>):</p>
<p>Changes the return value of <code>GitTag.verification</code> and
<code>GitCommit.verification</code> from <code>dict</code> to
<code>GitCommitVerification</code>.</p>
<p>Code like</p>
<p>.. code-block:: python</p>
<p>tag.verification[&quot;reason&quot;]
commit.verification[&quot;reason&quot;]</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/da30d6e793ffb4fbe70383b59d2eb7026fe2d8c7"><code>da30d6e</code></a>
Releasing v2.6.1 (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3230">#3230</a>)</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/f997a2f65308fb720503c7bda24a8859dad81e03"><code>f997a2f</code></a>
Add <code>CodeSecurityConfigRepository</code> returned by
`get_repos_for_code_security_c...</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/048a1a3837e8ff4936ee547cd516ebf91613aa73"><code>048a1a3</code></a>
Make <code>GitTag.verification</code> return
<code>GitCommitVerification</code> (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3226">#3226</a>)</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/93297440ce7911b8b32203287efb223c56384faa"><code>9329744</code></a>
Fix incorrect deprecated import (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3225">#3225</a>)</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/d12e7d4cb42b7e55812dbedaabb0642a9baf6e50"><code>d12e7d4</code></a>
Remove schema from <code>Deployment</code>, remove <code>message</code>
attribute (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3223">#3223</a>)</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/f975552acd0a745b717523a52730214647d3d696"><code>f975552</code></a>
Fix broken pickle support for <code>Auth</code> classes (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3211">#3211</a>)</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/f5dc1c762ff2fa7d643a62d6358983da72f66ee4"><code>f5dc1c7</code></a>
Mention removal of <code>AppAuth.private_key</code> in changelog (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3212">#3212</a>)</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/e3e07d7466b4b1b9cae5b50f1a68c7db92e5cb8f"><code>e3e07d7</code></a>
Fix PyPi upload (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3200">#3200</a>)</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/620c83994af1201860b255e04ceb7821e0d2fe2d"><code>620c839</code></a>
Fix PyPi upload (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3199">#3199</a>)</li>
<li><a
href="https://github.com/PyGithub/PyGithub/commit/bf98e178547db7d4e5e4c04d9deb63ff45b135d6"><code>bf98e17</code></a>
Release 2.6.0 (<a
href="https://redirect.github.com/pygithub/pygithub/issues/3198">#3198</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pygithub/pygithub/compare/v2.5.0...v2.6.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pygithub&package-manager=pip&previous-version=2.5.0&new-version=2.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 09:58:27 +02:00
dependabot[bot] 4dba011c31 Bump dawidd6/action-download-artifact from 8 to 9 (#18204) 
Bumps
[dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact)
from 8 to 9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dawidd6/action-download-artifact/releases">dawidd6/action-download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v9</h2>
<h2>What's Changed</h2>
<ul>
<li>add merge_multiple option by <a
href="https://github.com/timostroehlein"><code>@​timostroehlein</code></a>
in <a
href="https://redirect.github.com/dawidd6/action-download-artifact/pull/327">dawidd6/action-download-artifact#327</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/timostroehlein"><code>@​timostroehlein</code></a>
made their first contribution in <a
href="https://redirect.github.com/dawidd6/action-download-artifact/pull/327">dawidd6/action-download-artifact#327</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dawidd6/action-download-artifact/compare/v8...v9">https://github.com/dawidd6/action-download-artifact/compare/v8...v9</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dawidd6/action-download-artifact/commit/07ab29fd4a977ae4d2b275087cf67563dfdf0295"><code>07ab29f</code></a>
add merge_multiple option (<a
href="https://redirect.github.com/dawidd6/action-download-artifact/issues/327">#327</a>)</li>
<li>See full diff in <a
href="https://github.com/dawidd6/action-download-artifact/compare/20319c5641d495c8a52e688b7dc5fada6c3a9fbc...07ab29fd4a977ae4d2b275087cf67563dfdf0295">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dawidd6/action-download-artifact&package-manager=github_actions&previous-version=8&new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 09:56:53 +02:00
dependabot[bot] 76ffd3ba01 Bump actions/cache from 4.2.2 to 4.2.3 (#18266) 
Bumps [actions/cache](https://github.com/actions/cache) from 4.2.2 to
4.2.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v4.2.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to use <code>@​actions/cache</code> 4.0.3 package &amp;
prepare for new release by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1577">actions/cache#1577</a>
(SAS tokens for cache entries are now masked in debug logs)</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1577">actions/cache#1577</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v4.2.2...v4.2.3">https://github.com/actions/cache/compare/v4.2.2...v4.2.3</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>4.2.3</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.3 (obfuscates SAS token in
debug logs for cache entries)</li>
</ul>
<h3>4.2.2</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.2</li>
</ul>
<h3>4.2.1</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.1</li>
</ul>
<h3>4.2.0</h3>
<p>TLDR; The cache backend service has been rewritten from the ground up
for improved performance and reliability. <a
href="https://github.com/actions/cache">actions/cache</a> now integrates
with the new cache service (v2) APIs.</p>
<p>The new service will gradually roll out as of <strong>February 1st,
2025</strong>. The legacy service will also be sunset on the same date.
Changes in these release are <strong>fully backward
compatible</strong>.</p>
<p><strong>We are deprecating some versions of this action</strong>. We
recommend upgrading to version <code>v4</code> or <code>v3</code> as
soon as possible before <strong>February 1st, 2025.</strong> (Upgrade
instructions below).</p>
<p>If you are using pinned SHAs, please use the SHAs of versions
<code>v4.2.0</code> or <code>v3.4.0</code></p>
<p>If you do not upgrade, all workflow runs using any of the deprecated
<a href="https://github.com/actions/cache">actions/cache</a> will
fail.</p>
<p>Upgrading to the recommended versions will not break your
workflows.</p>
<h3>4.1.2</h3>
<ul>
<li>Add GitHub Enterprise Cloud instances hostname filters to inform API
endpoint choices - <a
href="https://redirect.github.com/actions/cache/pull/1474">#1474</a></li>
<li>Security fix: Bump braces from 3.0.2 to 3.0.3 - <a
href="https://redirect.github.com/actions/cache/pull/1475">#1475</a></li>
</ul>
<h3>4.1.1</h3>
<ul>
<li>Restore original behavior of <code>cache-hit</code> output - <a
href="https://redirect.github.com/actions/cache/pull/1467">#1467</a></li>
</ul>
<h3>4.1.0</h3>
<ul>
<li>Ensure <code>cache-hit</code> output is set when a cache is missed -
<a
href="https://redirect.github.com/actions/cache/pull/1404">#1404</a></li>
<li>Deprecate <code>save-always</code> input - <a
href="https://redirect.github.com/actions/cache/pull/1452">#1452</a></li>
</ul>
<h3>4.0.2</h3>
<ul>
<li>Fixed restore <code>fail-on-cache-miss</code> not working.</li>
</ul>
<h3>4.0.1</h3>
<ul>
<li>Updated <code>isGhes</code> check</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/cache/commit/5a3ec84eff668545956fd18022155c47e93e2684"><code>5a3ec84</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1577">#1577</a>
from salmanmkc/salmanmkc/4-test</li>
<li><a
href="https://github.com/actions/cache/commit/7de21022a7b6824c106a9847befcbd8154b45b6a"><code>7de2102</code></a>
Update releases.md</li>
<li><a
href="https://github.com/actions/cache/commit/76d40dd347779762a1c829bbeeda5da4d81ca8c1"><code>76d40dd</code></a>
Update to use the latest version of the cache package to obfuscate the
SAS</li>
<li><a
href="https://github.com/actions/cache/commit/76dd5eb692f606c28d4b7a4ea7cfdffc926ba06a"><code>76dd5eb</code></a>
update cache with main</li>
<li><a
href="https://github.com/actions/cache/commit/8c80c27c5e4498d5675b05fb1eff96a56c593b06"><code>8c80c27</code></a>
new package</li>
<li><a
href="https://github.com/actions/cache/commit/45cfd0e7fffd1869ea4d5bfb54a464d825c1f742"><code>45cfd0e</code></a>
updates</li>
<li><a
href="https://github.com/actions/cache/commit/edd449b9cf39c2a20dc7c3d505ff6dc193c48a02"><code>edd449b</code></a>
updated cache with latest changes</li>
<li><a
href="https://github.com/actions/cache/commit/0576707e373f92196b81695442ed3f80c347f9c7"><code>0576707</code></a>
latest test before pr</li>
<li><a
href="https://github.com/actions/cache/commit/3105dc9754dd9cd935ffcf45c091ed2cadbf42b9"><code>3105dc9</code></a>
update</li>
<li><a
href="https://github.com/actions/cache/commit/9450d42d15022999ad2fa60a8b91f01fc92a0563"><code>9450d42</code></a>
mask</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/cache/compare/d4323d4df104b026a6aa633fdb11d772146be0bf...5a3ec84eff668545956fd18022155c47e93e2684">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=4.2.2&new-version=4.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 09:55:30 +02:00