8b36740bad82d421b4e93f2b78611eb6958c36e9
25511 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Devon Hudson
|
8b36740bad |
Fix InFlightGauge typing to allow upgrading to prometheus_client 0.24 (#19379)
Fixes #19375
`prometheus_client` 0.24 makes `Collector` a generic type.
Previously, `InFlightGauge` inherited from both `Generic[MetricsEntry]`
and `Collector`, resulting in the error `TypeError: cannot create a
consistent MRO` when using `prometheus_client` >= 0.24. This behaviour
of disallowing multiple `Generic` inheritance is more strictly enforced
starting with python 3.14, but can still lead to issues with earlier
versions of python.
This PR separates runtime and typing inheritance for `InFlightGauge`:
- Runtime: `InFlightGauge` inherits only from `Collector`
- Typing: `InFlightGauge` is generic
This preserves static typing, avoids MRO conflicts, and supports both
`prometheus_client` <0.24 and >=0.24.
I have tested these changes out locally with `prometheus_client` 0.23.1
& 0.24 on python 3.14 while sending a bunch of messages over federation
and watching a grafana dashboard configured to show
`synapse_util_metrics_block_in_flight_total` &
`synapse_util_metrics_block_in_flight_real_time_sum` (the only metric
setup to use `InFlightGauge`) and things are working in each case.
|
||
|
dependabot[bot]
|
cb376ee73b |
Bump pyasn1 from 0.6.1 to 0.6.2 (#19387)
Bumps [pyasn1](https://github.com/pyasn1/pyasn1) from 0.6.1 to 0.6.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pyasn1/pyasn1/releases">pyasn1's releases</a>.</em></p> <blockquote> <h2>Release 0.6.2</h2> <p>It's a minor release.</p> <ul> <li>Fixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).</li> <li>Added support for Python 3.14.</li> <li>Added SECURITY.md policy.</li> <li>Migrated to pyproject.toml packaging.</li> </ul> <p>All changes are noted in the <a href="https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst">CHANGELOG</a>.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst">pyasn1's changelog</a>.</em></p> <blockquote> <h2>Revision 0.6.2, released 16-01-2026</h2> <ul> <li>CVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits in OID/RELATIVE-OID decoder (thanks to tsigouris007)</li> <li>Added support for Python 3.14 [pr <a href="https://redirect.github.com/pyasn1/pyasn1/issues/97">#97</a>](<a href="https://redirect.github.com/pyasn1/pyasn1/pull/97">pyasn1/pyasn1#97</a>)</li> <li>Added SECURITY.md policy</li> <li>Fixed unit tests failing due to missing code [issue <a href="https://redirect.github.com/pyasn1/pyasn1/issues/91">#91</a>](<a href="https://redirect.github.com/pyasn1/pyasn1/issues/91">pyasn1/pyasn1#91</a>) [pr <a href="https://redirect.github.com/pyasn1/pyasn1/issues/92">#92</a>](<a href="https://redirect.github.com/pyasn1/pyasn1/pull/92">pyasn1/pyasn1#92</a>)</li> <li>Migrated to pyproject.toml packaging [pr <a href="https://redirect.github.com/pyasn1/pyasn1/issues/90">#90</a>](<a href="https://redirect.github.com/pyasn1/pyasn1/pull/90">pyasn1/pyasn1#90</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Eric Eastwood
|
87d93b1ae6 |
Latest changes from importing/exporting from Grafana 12.3.1 (#19381)
These are automatic changes from importing/exporting from Grafana 12.3.1. In order to verify that I'm not sneaking in any changes, you can follow these steps to get the same output. Reproduction instructions: 1. Start [Grafana](https://hub.docker.com/r/grafana/grafana) ``` docker run -d --name=grafana --add-host host.docker.internal:host-gateway -p 3000:3000 grafana/grafana ``` 1. Visit the Grafana dashboard, http://localhost:3000/ (Credentials: `admin`/`admin`) 1. Import the Synapse dashboard: `contrib/grafana/synapse.json` 1. Export the Synapse dashboard. On the dashboard page -> **Export** -> **Export as code** -> Using the **Classic** model -> Check **Export for sharing externally** -> Copy 1. Paste into `contrib/grafana/synapse.json` 1. `git status`/`git diff` to check if there is any diff Sanity checked the dashboard itself by importing the dashboard on https://grafana.matrix.org/ (Grafana 10.4.1 according to https://grafana.matrix.org/api/health). The process-level metrics won't work because https://github.com/element-hq/synapse/pull/19337 just merged and isn't on `matrix.org` yet. Also just generally, this dashboard works for me locally with the [load-tests](https://github.com/element-hq/synapse-rust-apps/pull/397) I've been doing. ### Motivation There are few fixes I want to make to the Grafana dashboard and it sucks having to manually translate everything back over because we have different formatting. Hopefully after this bulk change, future exports will have exactly what we want to change. |
||
|
Eric Eastwood
|
13c6476d6e |
Always rollback transaction when retrying (#19372)
Previously, because `conn.rollback()` was inside the `if i < MAX_NUMBER_OF_RETRIES:` condition, it never rolled back on the final retry. Part of https://github.com/element-hq/synapse/issues/19202 There are other problems mentioned in https://github.com/element-hq/synapse/issues/19202 but this is a nice standalone change. |
||
|
Eric Eastwood
|
6363d77ba2 |
Warn about skipping reactor metrics when using unknown reactor type (#19383)
Spawning from not seeing any reactor metrics in the Grafana dashboard in
some load tests, noticing `python_twisted_reactor_tick_time_bucket` is
`0` in Prometheus, following it back to Synapse and seeing that we don't
warn about skipping reactor metrics in all cases (when using an unknown
reactor type).
A follow-up to this would be to actually figure out how to instrument
the `ProxiedReactor` or why `ProxiedReactor` is being chosen in the
first place and see if we can get it to use a more normal type
🤔
### Reproduction instructions
1. Using the Complement scripts **with workers**: `WORKERS=1
./scripts-dev/complement.sh ./tests/csapi`
1. `docker logs complement_csapi_dirty_hs1 2>&1 | grep -i "reactor"`
1. With these changes, notice `Skipping configuring
ReactorLastSeenMetric: unexpected reactor type: <__main__.ProxiedReactor
object at 0x7fc0adaaea50>` and `Twisted reactor: ProxiedReactor`
1. Cleanup:
- `docker stop $(docker ps --all --filter "label=complement_context"
--quiet)`
- `docker rm $(docker ps --all --filter "label=complement_context"
--quiet)`
I'm unable to reproduce with the normal Synapse images or
`complement-synapse` without workers. They all use `Twisted reactor:
EPollReactor`
<details>
<summary>Checking <code>docker/Dockerfile-workers</code></summary>
1. Build the Docker image for Synapse: `docker build -t
matrixdotorg/synapse -f docker/Dockerfile . && docker build -t
matrixdotorg/synapse-workers -f docker/Dockerfile-workers .`
([docs](
|
||
|
Andrew Ferrazzutti
|
079c52e16b |
MSC4140: delayed event content as text, not bytes (#19360)
Store the JSON content of scheduled delayed events as text instead of a byte array. This brings it in line with the `event_json` table's `json` column, and fixes the inability to schedule a delayed event with non-ASCII characters in its content. Fixes #19242 |
||
|
Eric Eastwood
|
a1e9abc7df |
Add Prometheus HTTP service discovery endpoint for easy discovery of all workers in Docker image (#19336)
Add Prometheus [HTTP service discovery](https://prometheus.io/docs/prometheus/latest/http_sd/) endpoint for easy discovery of all workers in Docker image. Follow-up to https://github.com/element-hq/synapse/pull/19324 Spawning from wanting to [run a load test](https://github.com/element-hq/synapse-rust-apps/pull/397) against the Complement Docker image of Synapse and see metrics from the homeserver. `GET http://<synapse_container>:9469/metrics/service_discovery` ```json5 [ { "targets": [ "<host>", ... ], "labels": { "<labelname>": "<labelvalue>", ... } }, ... ] ``` The metrics from each worker can also be accessed via `http://<synapse_container>:9469/metrics/worker/<worker_name>` which is what the service discovery response points to behind the scenes. This way, you only need to expose a single port (9469) to access all metrics. <details> <summary>Real HTTP service discovery response</summary> ```json5 [ { "targets": [ "localhost:9469" ], "labels": { "job": "event_persister", "index": "1", "__metrics_path__": "/metrics/worker/event_persister1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "event_persister", "index": "2", "__metrics_path__": "/metrics/worker/event_persister2" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "background_worker", "index": "1", "__metrics_path__": "/metrics/worker/background_worker1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "event_creator", "index": "1", "__metrics_path__": "/metrics/worker/event_creator1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "user_dir", "index": "1", "__metrics_path__": "/metrics/worker/user_dir1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "media_repository", "index": "1", "__metrics_path__": "/metrics/worker/media_repository1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "federation_inbound", "index": "1", "__metrics_path__": "/metrics/worker/federation_inbound1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "federation_reader", "index": "1", "__metrics_path__": "/metrics/worker/federation_reader1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "federation_sender", "index": "1", "__metrics_path__": "/metrics/worker/federation_sender1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "synchrotron", "index": "1", "__metrics_path__": "/metrics/worker/synchrotron1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "client_reader", "index": "1", "__metrics_path__": "/metrics/worker/client_reader1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "appservice", "index": "1", "__metrics_path__": "/metrics/worker/appservice1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "pusher", "index": "1", "__metrics_path__": "/metrics/worker/pusher1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "device_lists", "index": "1", "__metrics_path__": "/metrics/worker/device_lists1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "device_lists", "index": "2", "__metrics_path__": "/metrics/worker/device_lists2" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "stream_writers", "index": "1", "__metrics_path__": "/metrics/worker/stream_writers1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "main", "index": "1", "__metrics_path__": "/metrics/worker/main" } } ] ``` </details> And how it ends up as targets in Prometheus (http://localhost:9090/targets): (image) ### Testing strategy 1. Make sure your firewall allows the Docker containers to communicate to the host (`host.docker.internal`) so they can access exposed ports of other Docker containers. We want to allow Synapse to access the Prometheus container and Grafana to access to the Prometheus container. - `sudo ufw allow in on docker0 comment "Allow traffic from the default Docker network to the host machine (host.docker.internal)"` - `sudo ufw allow in on br-+ comment "(from Matrix Complement testing) Allow traffic from custom Docker networks to the host machine (host.docker.internal)"` - [Complement firewall docs]( |
||
|
Eric Eastwood
|
58f59ffbcb |
Refactor Grafana dashboard to use server_name label (#19337)
- Update `synapse_xxx` (server-level) metrics to use
`server_name="$server_name",` instead of `instance="$instance"`
- Add `synapse_server_name_info` metric to map Synapse `server_name`s to
the `instance`s they're hosted on.
- For process level metrics, update to use `xxx * on (instance, job,
index) group_left(server_name)
synapse_server_name_info{server_name="$server_name"}`
All of the changes here are backwards compatible with whatever people
were doing before with their Prometheus/Grafana dashboards.
Previously, the recommendation was to use the `instance` label to group
everything under the same server (
|
||
|
Devon Hudson
|
9b776c6a48 |
Minor changelog tweaks post-release (#19376)
### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [X] Pull request is based on the develop branch * [X] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [X] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) |
||
|
Devon Hudson
|
8eb9d7895d | Merge branch 'master' into develop | ||
|
Andrew Morgan
|
9285cdf041 |
Update usage of deprecated release.title in release script (#19358)
|
||
|
Devon Hudson
|
27223a349c | 1.145.0 | ||
|
Olivier 'reivilibre
|
8e2e81430c |
Tweak docstrings and signatures of auth_types_for_event and get_catchup_room_event_ids. (#19320)
A couple of tiny tweaks pulled out of #18968. |
||
|
dependabot[bot]
|
164b980085 | Bump the minor-and-patches group with 2 updates (#19339) | ||
|
Andrew Morgan
|
daa4398818 | Update Element logo to be an absolute URL, so it will render on PyPI (#19368) | ||
|
timedout
|
6e80f2c43a |
Fall back to checking power levels when sourcing local restricted join users (#19321)
Fix https://github.com/element-hq/synapse/issues/19120 by always falling back to checking power levels for local users if a local creator cannot be found in a v12 room. Complement tests: https://github.com/matrix-org/complement/pull/836 |
||
|
Will Hunt
|
8f42f07bef |
Remove MSC2697 (legacy dehydrated devices) (#19346)
Fixes #19347 This deprecates MSC2697 which has been closed since May 2024. As per #19347 this seems to be a thing we can just rip out. The crypto team have moved onto MSC3814 and are suggesting that developers who rely on MSC2697 should use MSC3814 instead. MSC2697 implementation originally introduced by https://github.com/matrix-org/synapse/pull/8380 |
||
|
dependabot[bot]
|
5a3362c012 |
Bump authlib from 1.6.5 to 1.6.6 (#19363)
Bumps [authlib](https://github.com/authlib/authlib) from 1.6.5 to 1.6.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/blob/main/docs/changelog.rst">authlib's changelog</a>.</em></p> <blockquote> <h2>Version 1.6.6</h2> <p><strong>Released on Dec 12, 2025</strong></p> <ul> <li><code>get_jwt_config</code> takes a <code>client</code> parameter, :pr:<code>844</code>.</li> <li>Fix incorrect signature when <code>Content-Type</code> is x-www-form-urlencoded for OAuth 1.0 Client, :pr:<code>778</code>.</li> <li>Use <code>expires_in</code> in <code>OAuth2Token</code> when <code>expires_at</code> is unparsable, :pr:<code>842</code>.</li> <li>Always track <code>state</code> in session for OAuth client integrations.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Devon Hudson
|
ff0fa0fd51 | Merge branch 'release-v1.145' into develop | ||
|
Devon Hudson
|
438aa7c876 | 1.145.0rc4 | ||
|
Devon Hudson
|
15700e0a32 | Only exclude .so files for sdist packaging | ||
|
Mathieu Velten
|
d372ab3280 |
Add cancel_task API to the task scheduler (#19310)
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> |
||
|
Eric Eastwood
|
ace2614fad |
Remove docs on dead legacy metric names (#19341)
These metrics were [removed completely from the codebase]( |
||
|
dependabot[bot]
|
da7b32e8df |
Bump urllib3 from 2.6.0 to 2.6.3 (#19361)
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.0 to 2.6.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.6.3</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by <a href="https://github.com/D47A"><code>@D47A</code></a>, 8.9 High, GHSA-38jv-5279-wg99)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3743">urllib3/urllib3#3743</a>)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3752">urllib3/urllib3#3752</a>)</li> </ul> <h2>2.6.2</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3734">urllib3/urllib3#3734</a>)</li> </ul> <h2>2.6.1</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3731">#3731</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.6.3 (2026-01-07)</h1> <ul> <li>Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (<code>GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99></code>__)</li> <li>Started treating <code>Retry-After</code> times greater than 6 hours as 6 hours by default. (<code>[#3743](https://github.com/urllib3/urllib3/issues/3743) <https://github.com/urllib3/urllib3/issues/3743></code>__)</li> <li>Fixed <code>urllib3.connection.VerifiedHTTPSConnection</code> on Emscripten. (<code>[#3752](https://github.com/urllib3/urllib3/issues/3752) <https://github.com/urllib3/urllib3/issues/3752></code>__)</li> </ul> <h1>2.6.2 (2025-12-11)</h1> <ul> <li>Fixed <code>HTTPResponse.read_chunked()</code> to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (<code>[#3734](https://github.com/urllib3/urllib3/issues/3734) <https://github.com/urllib3/urllib3/issues/3734></code>__)</li> </ul> <h1>2.6.1 (2025-12-08)</h1> <ul> <li>Restore previously removed <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods. (<code>[#3731](https://github.com/urllib3/urllib3/issues/3731) <https://github.com/urllib3/urllib3/issues/3731></code>__)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Devon Hudson
|
3f2887cf80 | Merge branch 'release-v1.145' into develop | ||
|
Devon Hudson
|
ade89c4317 | 1.145.0rc3 | ||
|
Devon Hudson
|
66b1daa679 | Limit maturin includes to sdist packaging | ||
|
Andrew Morgan
|
1db2302303 | Bump mdbook from 0.4.17 -> 0.5.2 and remove custom table-of-contents plugin (#19356) | ||
|
Lukas Tautz
|
8ff1960878 |
Fix: use correct parameter when calling get_local_current_membership_for_user_in_room (#19353)
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> |
||
|
Devon Hudson
|
cbc5469113 | Merge branch 'release-v1.145' into develop | ||
|
Devon Hudson
|
ecd67df49d | 1.145.0rc2 | ||
|
Devon Hudson
|
13dff90b5b | Fix sdist include formatting for maturin | ||
|
Kierre
|
7ea78671a3 |
Drop support for Ubuntu 25.04 'Plucky Puffin', add support for Ubuntu 25.10 'Questing Quokka' (#19348)
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> |
||
|
Hugh Nimmo-Smith
|
4dcf113bff |
Support for stable m.oauth UIA stage for MSC4312 (#19273)
|
||
|
Patrice Brend'amour
|
a094d922c9 | Implement synapse issue #16751: Treat local_media_directory as optional storage provider (#19204) | ||
|
Devon Hudson
|
16bc8c78ba | Update changelog after reverting PR | ||
|
Devon Hudson
|
6ac61e4be4 |
Revert "Add an Admin API endpoint for listing quarantined media (#19268)" (#19351)
Fixes #19349
This reverts commit
|
||
|
Devon Hudson
|
987b61a92b |
Revert "Add an Admin API endpoint for listing quarantined media (#19268)" (#19351)
Fixes #19349
This reverts commit
|
||
|
dependabot[bot]
|
18ef7f3085 |
Bump pynacl from 1.5.0 to 1.6.2 (#19350)
Bumps [pynacl](https://github.com/pyca/pynacl) from 1.5.0 to 1.6.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/pynacl/blob/main/CHANGELOG.rst">pynacl's changelog</a>.</em></p> <blockquote> <h2>1.6.2 (2026-01-01)</h2> <ul> <li>Updated <code>libsodium</code> to 1.0.20-stable (2025-12-31 build) to resolve <code>CVE-2025-69277</code>.</li> </ul> <h2>1.6.1 (2025-11-10)</h2> <ul> <li>The <code>MAKE</code> environment variable can now be used to specify the <code>make</code> binary that should be used in the build process.</li> </ul> <h2>1.6.0 (2025-09-11)</h2> <ul> <li><strong>BACKWARDS INCOMPATIBLE:</strong> Removed support for Python 3.6 and 3.7.</li> <li>Added support for the low level AEAD AES bindings.</li> <li>Added support for <code>crypto_core_ed25519_from_uniform</code>.</li> <li>Update <code>libsodium</code> to 1.0.20-stable (2025-08-27 build).</li> <li>Added support for free-threaded Python 3.14.</li> <li>Added support for Windows on ARM wheels.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Tulir Asokan
|
ac6463c6da |
Fix media creation being ratelimited for appservices (#19335)
Co-authored-by: Andrew Morgan <andrew@amorgan.xyz> |
||
|
Andrew Morgan
|
1500733f4a |
Replace usage of deprecated assertEquals with assertEqual (#19345)
|
||
|
Devon Hudson
|
d6d1404a8e | Add nifty titles to top level deprecations | ||
|
Devon Hudson
|
39f80296c5 | 1.145.0rc1 | ||
|
Olivier 'reivilibre
|
cd252db3f5 |
Transform events with client metadata before serialising in /event response. (#19340)
Fix /event/ endpoint not transforming event with per-requester metadata Pass notif_event through filter_events_for_client \ Not aware of an actual issue here, but seems silly to bypass it Call it filter_and_transform_events_for_client to make it more obvious --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org> |
||
|
Mathieu Velten
|
444bc56cda |
Add rate limit conf to user directory endpoint (#19291)
The goal is to avoid that an user could scrape the user directory too quickly. |
||
|
dependabot[bot]
|
6b755f964b |
Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#19334)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5.0.0 to 6.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>v6 - What's new</h2> <blockquote> <p>[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (<code>runs.using: node24</code>) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <h3>Node.js 24</h3> <p>This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.</p> <h2>What's Changed</h2> <ul> <li>Upload Artifact Node 24 support by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/719">actions/upload-artifact#719</a></li> <li>fix: update <code>@actions/artifact</code> for Node.js 24 punycode deprecation by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/744">actions/upload-artifact#744</a></li> <li>prepare release v6.0.0 for Node.js 24 support by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/745">actions/upload-artifact#745</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0">https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
169d5b9590 |
Bump reqwest from 0.12.24 to 0.12.25 in the patches group (#19331)
Bumps the patches group with 1 update: [reqwest](https://github.com/seanmonstar/reqwest). Updates `reqwest` from 0.12.24 to 0.12.25 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/releases">reqwest's releases</a>.</em></p> <blockquote> <h2>v0.12.25</h2> <h2>Highlights</h2> <ul> <li>Add <code>Error::is_upgrade()</code> to determine if the error was from an HTTP upgrade.</li> <li>Fix sending <code>Proxy-Authorization</code> if only username is configured.</li> <li>Fix sending <code>Proxy-Authorization</code> to HTTPS proxies when the target is HTTP.</li> <li>Refactor internal decompression handling to use tower-http.</li> </ul> <h2>What's Changed</h2> <ul> <li>tests: fix wasm timeout test with uncached response by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2853">seanmonstar/reqwest#2853</a></li> <li>docs: document connection pooling behavior by <a href="https://github.com/vinzmyko"><code>@vinzmyko</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2851">seanmonstar/reqwest#2851</a></li> <li>docs: document WASM client by <a href="https://github.com/vinzmyko"><code>@vinzmyko</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2859">seanmonstar/reqwest#2859</a></li> <li>chore: minor improvement for docs by <a href="https://github.com/black5box"><code>@black5box</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2862">seanmonstar/reqwest#2862</a></li> <li>fix: send <code>proxy-authorization</code> even with empty <code>password</code> by <a href="https://github.com/barjin"><code>@barjin</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2868">seanmonstar/reqwest#2868</a></li> <li>feat(error): add <code>is_upgrade</code> method to detect protocol upgrade errors by <a href="https://github.com/0x676e67"><code>@0x676e67</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2822">seanmonstar/reqwest#2822</a></li> <li>Use decompression from tower-http by <a href="https://github.com/ducaale"><code>@ducaale</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2840">seanmonstar/reqwest#2840</a></li> <li>fix(proxy): forward Proxy-Authorization header to HTTPS proxies for HTTP targets by <a href="https://github.com/0x676e67"><code>@0x676e67</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2872">seanmonstar/reqwest#2872</a></li> <li>v0.12.25 by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2880">seanmonstar/reqwest#2880</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/vinzmyko"><code>@vinzmyko</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2851">seanmonstar/reqwest#2851</a></li> <li><a href="https://github.com/black5box"><code>@black5box</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2862">seanmonstar/reqwest#2862</a></li> <li><a href="https://github.com/barjin"><code>@barjin</code></a> made their first contribution in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2868">seanmonstar/reqwest#2868</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/seanmonstar/reqwest/compare/v0.12.24...v0.12.25">https://github.com/seanmonstar/reqwest/compare/v0.12.24...v0.12.25</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md">reqwest's changelog</a>.</em></p> <blockquote> <h2>v0.12.25</h2> <ul> <li>Add <code>Error::is_upgrade()</code> to determine if the error was from an HTTP upgrade.</li> <li>Fix sending <code>Proxy-Authorization</code> if only username is configured.</li> <li>Fix sending <code>Proxy-Authorization</code> to HTTPS proxies when the target is HTTP.</li> <li>Refactor internal decompression handling to use tower-http.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
691e43bac9 |
Bump actions/cache from 4.3.0 to 5.0.1 (#19332)
Bumps [actions/cache](https://github.com/actions/cache) from 4.3.0 to 5.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v5.0.1</h2> <blockquote> <p>[!IMPORTANT] <strong><code>actions/cache@v5</code> runs on the Node.js 24 runtime and requires a minimum Actions Runner version of <code>2.327.1</code>.</strong></p> <p>If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <hr /> <h1>v5.0.1</h1> <h2>What's Changed</h2> <ul> <li>fix: update <code>@actions/cache</code> for Node.js 24 punycode deprecation by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1685">actions/cache#1685</a></li> <li>prepare release v5.0.1 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1686">actions/cache#1686</a></li> </ul> <h1>v5.0.0</h1> <h2>What's Changed</h2> <ul> <li>Upgrade to use node24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1630">actions/cache#1630</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1684">actions/cache#1684</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v5...v5.0.1">https://github.com/actions/cache/compare/v5...v5.0.1</a></p> <h2>v5.0.0</h2> <blockquote> <p>[!IMPORTANT] <strong><code>actions/cache@v5</code> runs on the Node.js 24 runtime and requires a minimum Actions Runner version of <code>2.327.1</code>.</strong></p> <p>If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <hr /> <h2>What's Changed</h2> <ul> <li>Upgrade to use node24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1630">actions/cache#1630</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1684">actions/cache#1684</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v4.3.0...v5.0.0">https://github.com/actions/cache/compare/v4.3.0...v5.0.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h2>Changelog</h2> <h3>5.0.1</h3> <ul> <li>Update <code>@azure/storage-blob</code> to <code>^12.29.1</code> via <code>@actions/cache@5.0.1</code> <a href="https://redirect.github.com/actions/cache/pull/1685">#1685</a></li> </ul> <h3>5.0.0</h3> <blockquote> <p>[!IMPORTANT] <code>actions/cache@v5</code> runs on the Node.js 24 runtime and requires a minimum Actions Runner version of <code>2.327.1</code>. If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <h3>4.3.0</h3> <ul> <li>Bump <code>@actions/cache</code> to <a href="https://redirect.github.com/actions/toolkit/pull/2132">v4.1.0</a></li> </ul> <h3>4.2.4</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.5</li> </ul> <h3>4.2.3</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.3 (obfuscates SAS token in debug logs for cache entries)</li> </ul> <h3>4.2.2</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.2</li> </ul> <h3>4.2.1</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.1</li> </ul> <h3>4.2.0</h3> <p>TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. <a href="https://github.com/actions/cache">actions/cache</a> now integrates with the new cache service (v2) APIs.</p> <p>The new service will gradually roll out as of <strong>February 1st, 2025</strong>. The legacy service will also be sunset on the same date. Changes in these release are <strong>fully backward compatible</strong>.</p> <p><strong>We are deprecating some versions of this action</strong>. We recommend upgrading to version <code>v4</code> or <code>v3</code> as soon as possible before <strong>February 1st, 2025.</strong> (Upgrade instructions below).</p> <p>If you are using pinned SHAs, please use the SHAs of versions <code>v4.2.0</code> or <code>v3.4.0</code></p> <p>If you do not upgrade, all workflow runs using any of the deprecated <a href="https://github.com/actions/cache">actions/cache</a> will fail.</p> <p>Upgrading to the recommended versions will not break your workflows.</p> <h3>4.1.2</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
8f96a83d16 |
Bump actions/download-artifact from 6.0.0 to 7.0.0 (#19333)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6.0.0 to 7.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h2>v7 - What's new</h2> <blockquote> <p>[!IMPORTANT] actions/download-artifact@v7 now runs on Node.js 24 (<code>runs.using: node24</code>) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <h3>Node.js 24</h3> <p>This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.</p> <h2>What's Changed</h2> <ul> <li>Update GHES guidance to include reference to Node 20 version by <a href="https://github.com/patrikpolyak"><code>@patrikpolyak</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/440">actions/download-artifact#440</a></li> <li>Download Artifact Node24 support by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/415">actions/download-artifact#415</a></li> <li>fix: update <code>@actions/artifact</code> to fix Node.js 24 punycode deprecation by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/451">actions/download-artifact#451</a></li> <li>prepare release v7.0.0 for Node.js 24 support by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/452">actions/download-artifact#452</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/patrikpolyak"><code>@patrikpolyak</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/440">actions/download-artifact#440</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/415">actions/download-artifact#415</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v6.0.0...v7.0.0">https://github.com/actions/download-artifact/compare/v6.0.0...v7.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Eric Eastwood
|
803e4b4d88 |
Make it more clear how shared_extra_conf is combined in our Docker configuration scripts (#19323)
For reference, this PR used to include this whole `shared_config` block in the diff.
But https://github.com/element-hq/synapse/pull/19324 was merged first which introduced parts of it already.
Here is what this code used to look like:
|