Open
Conversation
Bumps [bytes](https://github.com/tokio-rs/bytes) from 1.11.0 to 1.11.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/bytes/releases">bytes's releases</a>.</em></p> <blockquote> <h2>Bytes v1.11.1</h2> <h1>1.11.1 (February 3rd, 2026)</h1> <ul> <li>Fix integer overflow in <code>BytesMut::reserve</code></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md">bytes's changelog</a>.</em></p> <blockquote> <h1>1.11.1 (February 3rd, 2026)</h1> <ul> <li>Fix integer overflow in <code>BytesMut::reserve</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tokio-rs/bytes/commit/417dccdeff249e0c011327de7d92e0d6fbe7cc43"><code>417dccd</code></a> Release bytes v1.11.1 (<a href="https://redirect.github.com/tokio-rs/bytes/issues/820">#820</a>)</li> <li><a href="https://github.com/tokio-rs/bytes/commit/d0293b0e35838123c51ca5dfdf468ecafee4398f"><code>d0293b0</code></a> Merge commit from fork</li> <li>See full diff in <a href="https://github.com/tokio-rs/bytes/compare/v1.11.0...v1.11.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/element-hq/synapse/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…rejected. (#19429) Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
This is useful so we can test Synapse specific behaviors like our admin API. (see docs in PR, `complement/README.md`) ``` COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh --in-repo ``` Complement calls these ["out-of-repo"](https://github.com/matrix-org/complement/blob/78c255edcebfcb0ac5e3c86d49d76cb21fdd035a/OUT-OF-REPO-TESTS.md) tests but it's a bit of a misnomer once they're in your project. (just depends on the perspective) There has been [previous desire](element-hq/synapse#19021 (comment)) for this kind of thing but this is spawning from wanting to have some tests for our purge history admin API (element-hq/synapse-rust-apps#430). There are some Sytest tests ([`matrix-org/sytest` -> `tests/48admin.pl#L91-L618`](https://github.com/matrix-org/sytest/blob/1be04cce46c0f84abac736390dc3fab17f35a756/tests/48admin.pl#L91-L618)) for this already but I'd much rather work in Complement instead of Sytest. I'm wanting these tests to ensure that our new `event-cache` rust app for Synapse Pro doesn't break these kind of erasure features (element-hq/synapse-rust-apps#366 and element-hq/synapse-rust-apps#153). Interestingly, there is already [`matrix-org/complement` -> `tests/csapi/admin_test.go`](https://github.com/matrix-org/complement/blob/78c255edcebfcb0ac5e3c86d49d76cb21fdd035a/tests/csapi/admin_test.go) (added in matrix-org/complement#322) in the Complement repo iteslf that tests the `/_synapse/admin/v1/send_server_notice` endpoint but it's a bit of an interesting case as [Dendrite also supports this endpoint](matrix-org/dendrite#2180). I don't think it's good practice to continually shove in more and more Synapse-specific behavior into the Complement repo itself. We already have success with other out-of-repo tests for projects like the [SBG](https://github.com/element-hq/sbg/tree/b76b05b53e40bf6890e51dd1b83cec3460274eb2/complement_tests), [TI-Messenger Proxy](https://github.com/element-hq/ti-messenger-proxy/tree/c8fa87feccc743c01cccbbc2685321206b532925/complement), and our [Synapse Pro for small hosts](https://github.com/element-hq/synapse-small-hosts/tree/c2ea7eabf3e1d7c26a5312ebef326b254937be99/complement).
Part of: MSC4354 whose experimental feature tracking issue is element-hq/synapse#19409 Follows: #19340 (a necessary bugfix for `/event/` to set this metadata) Partially supersedes: #18968 This PR implements the first batch of work to support MSC4354 Sticky Events. Sticky events are events that have been configured with a finite 'stickiness' duration, capped to 1 hour per current MSC draft. Whilst an event is sticky, we provide stronger delivery guarantees for the event, both to our clients and to remote homeservers, essentially making it reliable delivery as long as we have a functional connection to the client/server and until the stickiness expires. This PR merely supports creating sticky events and receiving the sticky TTL metadata in clients. It is not suitable for trialling sticky events since none of the other semantics are implemented. Contains a temporary SQLite workaround due to a bug in our supported version enforcement: element-hq/synapse#19452 --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org> Co-authored-by: Eric Eastwood <erice@element.io>
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.3 to 46.0.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>46.0.5 - 2026-02-10</p> <pre><code> * An attacker could create a malicious public key that reveals portions of your private key when using certain uncommon elliptic curves (binary curves). This version now includes additional security checks to prevent this attack. This issue only affects binary elliptic curves, which are rarely used in real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine** for reporting the issue. **CVE-2026-26007** * Support for ``SECT*`` binary elliptic curves is deprecated and will be removed in the next release. <p>.. v46-0-4:</p> <p>46.0.4 - 2026-01-27<br /> </code></pre></p> <ul> <li><code>Dropped support for win_arm64 wheels</code>_.</li> <li>Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.</li> </ul> <p>.. _v46-0-3:</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad"><code>06e120e</code></a> bump version for 46.0.5 release (<a href="https://redirect.github.com/pyca/cryptography/issues/14289">#14289</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"><code>0eebb9d</code></a> EC check key on cofactor > 1 (<a href="https://redirect.github.com/pyca/cryptography/issues/14287">#14287</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e"><code>bedf6e1</code></a> fix openssl version on 46 branch (<a href="https://redirect.github.com/pyca/cryptography/issues/14220">#14220</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471"><code>e6f44fc</code></a> bump for 46.0.4 and drop win arm64 due to CI issues (<a href="https://redirect.github.com/pyca/cryptography/issues/14217">#14217</a>)</li> <li>See full diff in <a href="https://github.com/pyca/cryptography/compare/46.0.3...46.0.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/element-hq/synapse/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.48.0 to 1.49.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tokio/releases">tokio's releases</a>.</em></p> <blockquote> <h2>Tokio v1.49.0</h2> <h1>1.49.0 (January 3rd, 2026)</h1> <h3>Added</h3> <ul> <li>net: add support for <code>TCLASS</code> option on IPv6 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7781">#7781</a>)</li> <li>runtime: stabilize <code>runtime::id::Id</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7125">#7125</a>)</li> <li>task: implement <code>Extend</code> for <code>JoinSet</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7195">#7195</a>)</li> <li>task: stabilize the <code>LocalSet::id()</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7776">#7776</a>)</li> </ul> <h3>Changed</h3> <ul> <li>net: deprecate <code>{TcpStream,TcpSocket}::set_linger</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7752">#7752</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>macros: fix the hygiene issue of <code>join!</code> and <code>try_join!</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7766">#7766</a>)</li> <li>runtime: revert "replace manual vtable definitions with Wake" (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7699">#7699</a>)</li> <li>sync: return <code>TryRecvError::Disconnected</code> from <code>Receiver::try_recv</code> after <code>Receiver::close</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7686">#7686</a>)</li> <li>task: remove unnecessary trait bounds on the <code>Debug</code> implementation (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7720">#7720</a>)</li> </ul> <h3>Unstable</h3> <ul> <li>fs: handle <code>EINTR</code> in <code>fs::write</code> for io-uring (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7786">#7786</a>)</li> <li>fs: support io-uring with <code>tokio::fs::read</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7696">#7696</a>)</li> <li>runtime: disable io-uring on <code>EPERM</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7724">#7724</a>)</li> <li>time: add alternative timer for better multicore scalability (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7467">#7467</a>)</li> </ul> <h3>Documented</h3> <ul> <li>docs: fix a typos in <code>bounded.rs</code> and <code>park.rs</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7817">#7817</a>)</li> <li>io: add <code>SyncIoBridge</code> cross-references to <code>copy</code> and <code>copy_buf</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7798">#7798</a>)</li> <li>io: doc that <code>AsyncWrite</code> does not inherit from <code>std::io::Write</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7705">#7705</a>)</li> <li>metrics: clarify that <code>num_alive_tasks</code> is not strongly consistent (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7614">#7614</a>)</li> <li>net: clarify the cancellation safety of the <code>TcpStream::peek</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7305">#7305</a>)</li> <li>net: clarify the drop behavior of <code>unix::OwnedWriteHalf</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7742">#7742</a>)</li> <li>net: clarify the platform-dependent backlog in <code>TcpSocket</code> docs (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7738">#7738</a>)</li> <li>runtime: mention <code>LocalRuntime</code> in <code>new_current_thread</code> docs (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7820">#7820</a>)</li> <li>sync: add missing period to <code>mpsc::Sender::try_send</code> docs (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7721">#7721</a>)</li> <li>sync: clarify the cancellation safety of <code>oneshot::Receiver</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7780">#7780</a>)</li> <li>sync: improve the docs for the <code>errors</code> of mpsc (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7722">#7722</a>)</li> <li>task: add example for <code>spawn_local</code> usage on local runtime (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7689">#7689</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/tokio/issues/7125">#7125</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7125">tokio-rs/tokio#7125</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7195">#7195</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7195">tokio-rs/tokio#7195</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7305">#7305</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7305">tokio-rs/tokio#7305</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7467">#7467</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7467">tokio-rs/tokio#7467</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7614">#7614</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7614">tokio-rs/tokio#7614</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7686">#7686</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7686">tokio-rs/tokio#7686</a> <a href="https://redirect.github.com/tokio-rs/tokio/issues/7689">#7689</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7689">tokio-rs/tokio#7689</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tokio-rs/tokio/commit/e3b89bbefa7564e2eba2fb9f849ef7bf87d60fad"><code>e3b89bb</code></a> chore: prepare Tokio v1.49.0 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7824">#7824</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/4f577b84e939c8d427d79fdc73919842d8735de2"><code>4f577b8</code></a> Merge 'tokio-1.47.3' into 'master'</li> <li><a href="https://github.com/tokio-rs/tokio/commit/f320197693ee09e28f1fca0e55418081adcdfc25"><code>f320197</code></a> chore: prepare Tokio v1.47.3 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7823">#7823</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/ea6b144cd1042d6841a7830b18f2df77c3db904b"><code>ea6b144</code></a> ci: freeze rustc on nightly-2025-01-25 in <code>netlify.toml</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7652">#7652</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/264e703296bccd6783a438815d91055d4517099b"><code>264e703</code></a> Merge <code>tokio-1.43.4</code> into <code>tokio-1.47.x</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7822">#7822</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/dfb0f00838ca1986dee04a54a6299d35b0a4072c"><code>dfb0f00</code></a> chore: prepare Tokio v1.43.4 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7821">#7821</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/4a91f197b03dc335010fffcf0e0c14e1f4011b42"><code>4a91f19</code></a> ci: fix wasm32-wasip1 tests (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7788">#7788</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/601c383ab6def5a6d2f95a434c95a97b65059628"><code>601c383</code></a> ci: upgrade FreeBSD from 14.2 to 14.3 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7758">#7758</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/484cb52d8d21cb8156decbeba9569651fcc09d0d"><code>484cb52</code></a> sync: return <code>TryRecvError::Disconnected</code> from <code>Receiver::try_recv</code> after `Re...</li> <li><a href="https://github.com/tokio-rs/tokio/commit/16f20c34ed9bc11eb1e7cdec441ab844b198d2cd"><code>16f20c3</code></a> rt: mention <code>LocalRuntime</code> in <code>new_current_thread</code> docs (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7820">#7820</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tokio-rs/tokio/compare/tokio-1.48.0...tokio-1.49.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This allows the Rust HTTP client to be configured to force HTTP/2 even on plaintext connections. This is useful in contexts where the remote server is known to server HTTP/2 over plain text. Added because we use the Synapse Rust HTTP client with the Synapse Pro `event-cache` module. We use this because it's independent from the Python reactor which makes things slower than expected. Currently, the Synapse Rust HTTP client uses HTTP/1 which means a new connection for every request. With HTTP/2, we can share the connection across requests. We want to see if this will make a performance difference and less stress on the database connection situation, see element-hq/synapse-rust-apps#452 (comment) Here is the sibling PR for using HTTP/2 on the Synapse Pro `event-cache` module side: element-hq/synapse-pro-modules#35
…mpatible in /complement (#19436) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 28.2.2+incompatible to 28.3.3+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v28.3.3</h2> <h2>28.3.3</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.3.3">docker/cli, 28.3.3 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.3.3">moby/moby, 28.3.3 milestone</a></li> </ul> <h3>Security</h3> <p>This release fixes an issue where, after a firewalld reload, published container ports could be accessed directly from the local network, even when they were intended to be accessible only via a loopback address. <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54388">CVE-2025-54388</a> / <a href="https://github.com/moby/moby/security/advisories/GHSA-x4rx-4gw3-53p4">GHSA-x4rx-4gw3-53p4</a> / <a href="https://redirect.github.com/moby/moby/pull/50506">moby/moby#50506</a>.</p> <h3>Packaging updates</h3> <ul> <li>Update Buildx to <a href="https://github.com/docker/buildx/releases/tag/v0.26.1">v0.26.1</a>. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/1230">docker/docker-ce-packaging#1230</a></li> <li>Update Compose to <a href="https://github.com/docker/compose/releases/tag/v2.39.1">v2.39.1</a>. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/1234">docker/docker-ce-packaging#1234</a></li> <li>Update Docker Model CLI plugin to <a href="https://github.com/docker/model-cli/releases/tag/v0.1.36">v0.1.36</a>. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/1233">docker/docker-ce-packaging#1233</a></li> </ul> <h3>Go SDK</h3> <ul> <li>cli/command/formatter: add <code>TrunateID()</code> utility as alternative for <code>github.com/docker/docker/pkg/stringid.TrunateID()</code>. <a href="https://redirect.github.com/docker/cli/pull/6180">docker/cli#6180</a></li> </ul> <h2>28.3.2</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.3.2">docker/cli, 28.3.2 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.3.2">moby/moby, 28.3.2 milestone</a></li> <li>Deprecated and removed features, see <a href="https://github.com/docker/cli/blob/v28.3.2/docs/deprecated.md">Deprecated Features</a>.</li> <li>Changes to the Engine API, see <a href="https://github.com/moby/moby/blob/v28.3.2/docs/api/version-history.md">API version history</a>.</li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>Fix <code>--use-api-socket</code> not working correctly when targeting a remote daemon. <a href="https://redirect.github.com/docker/cli/pull/6157">docker/cli#6157</a></li> <li>Fix stray "otel error" logs being printed if debug logging is enabled. <a href="https://redirect.github.com/docker/cli/pull/6160">docker/cli#6160</a></li> <li>Quote SSH arguments when connecting to a remote daemon over an SSH connection to avoid unexpected expansion. <a href="https://redirect.github.com/docker/cli/pull/6147">docker/cli#6147</a></li> <li>Warn when <code>DOCKER_AUTH_CONFIG</code> is set during <code>docker login</code> and <code>docker logout</code>. <a href="https://redirect.github.com/docker/cli/pull/6163">docker/cli#6163</a></li> </ul> <h3>Packaging updates</h3> <ul> <li>Update Compose to <a href="https://github.com/docker/compose/releases/tag/v2.38.2">v2.38.2</a>. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/1225">docker/docker-ce-packaging#1225</a></li> <li>Update Docker Model CLI plugin to <a href="https://github.com/docker/model-cli/releases/tag/v0.1.33">v0.1.33</a>. <a href="https://redirect.github.com/docker/docker-ce-packaging/pull/1227">docker/docker-ce-packaging#1227</a></li> <li>Update Go runtime to 1.24.5. <a href="https://redirect.github.com/moby/moby/pull/50354">moby/moby#50354</a></li> </ul> <h2>28.3.1</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.3.1">docker/cli, 28.3.1 milestone</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/moby/moby/commit/bea959c7b793b32a893820b97c4eadc7c87fabb0"><code>bea959c</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/50506">#50506</a> from robmry/backport-28.x/fix_firewalld_reload</li> <li><a href="https://github.com/moby/moby/commit/3e9ff78b94efdd73bbccb13fe781b79ce7ca8cf1"><code>3e9ff78</code></a> bridge: Reapply endpoint iptables rules on firewalld reload</li> <li><a href="https://github.com/moby/moby/commit/29ed80aa867e93b5f5134b053325d01fb6528da7"><code>29ed80a</code></a> bridge: Trigger firewalld reload during bridge integration tests</li> <li><a href="https://github.com/moby/moby/commit/da489a11d4055fa01eeffa5a016cb03250733257"><code>da489a1</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/50478">#50478</a> from thaJeztah/28.x_backport_gha_bump_bk</li> <li><a href="https://github.com/moby/moby/commit/f173e45ae9bf199d1f3334d2fd5c4079c8d6daec"><code>f173e45</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/50480">#50480</a> from austinvazquez/cherry-pick-ea29dffaa541289591aa...</li> <li><a href="https://github.com/moby/moby/commit/e4b1f899962f287dee2291d387f04dde4b5c7e1a"><code>e4b1f89</code></a> daemon/server: remove compatibility with API v1.4 auth-config on push</li> <li><a href="https://github.com/moby/moby/commit/0c9e14dcce15b163dd1f655f9fdd33a1e71b0408"><code>0c9e14d</code></a> hack/buildkit-ref: temporarily bump BuildKit to head of v0.23 branch</li> <li><a href="https://github.com/moby/moby/commit/bf6d688157b015ac1f018367c5d8fa5fa47af6fb"><code>bf6d688</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/50471">#50471</a> from austinvazquez/cherry-pick-b1ce0c89f0214cc6711c...</li> <li><a href="https://github.com/moby/moby/commit/4205776b8538e11805bf5bdb6ff2e356d4ee358f"><code>4205776</code></a> client: always send (empty) body on push</li> <li><a href="https://github.com/moby/moby/commit/e77ff99ede5ee5952b3a9227863552ae6e5b6fb1"><code>e77ff99</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/50354">#50354</a> from vvoland/50353-28.x</li> <li>Additional commits viewable in <a href="https://github.com/docker/docker/compare/v28.2.2...v28.3.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/element-hq/synapse/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…19469) Bumps the minor-and-patches group with 3 updates in the / directory: [docker/login-action](https://github.com/docker/login-action), [actions/setup-python](https://github.com/actions/setup-python) and [actions/cache](https://github.com/actions/cache). Updates `docker/login-action` from 3.6.0 to 3.7.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v3.7.0</h2> <ul> <li>Add <code>scope</code> input to set scopes for the authentication token by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/912">docker/login-action#912</a></li> <li>Add support for AWS European Sovereign Cloud ECR by <a href="https://github.com/dphi"><code>@dphi</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/914">docker/login-action#914</a></li> <li>Ensure passwords are redacted with <code>registry-auth</code> input by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/911">docker/login-action#911</a></li> <li>build(deps): bump lodash from 4.17.21 to 4.17.23 in <a href="https://redirect.github.com/docker/login-action/pull/915">docker/login-action#915</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.6.0...v3.7.0">https://github.com/docker/login-action/compare/v3.6.0...v3.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/login-action/commit/c94ce9fb468520275223c153574b00df6fe4bcc9"><code>c94ce9f</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/915">#915</a> from docker/dependabot/npm_and_yarn/lodash-4.17.23</li> <li><a href="https://github.com/docker/login-action/commit/8339c958ce8511f38d0c474c1886a87c802bf1ef"><code>8339c95</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/912">#912</a> from docker/scope</li> <li><a href="https://github.com/docker/login-action/commit/c83e9320c8beb50b77dd007c46d5c8161f0cac4a"><code>c83e932</code></a> build(deps): bump lodash from 4.17.21 to 4.17.23</li> <li><a href="https://github.com/docker/login-action/commit/b268aa57e39ff0a5386d2fd1eded4e2e1d60d705"><code>b268aa5</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/a60322927812ddc99316dd6252b4fba6d8f09ac1"><code>a603229</code></a> documentation for scope input</li> <li><a href="https://github.com/docker/login-action/commit/7567f92a74b2639be1bd8bc932a112a0d81283da"><code>7567f92</code></a> Add scope input to set scopes for the authentication token</li> <li><a href="https://github.com/docker/login-action/commit/0567fa5ae8c9a197cb207537dc5cbb43ca3d803f"><code>0567fa5</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/914">#914</a> from dphi/add-support-for-amazonaws.eu</li> <li><a href="https://github.com/docker/login-action/commit/f6ef57754547a85003a0e18f789be661346d4a6e"><code>f6ef577</code></a> feat: add support for AWS European Sovereign Cloud ECR registries</li> <li><a href="https://github.com/docker/login-action/commit/916386b00027d425839f8da46d302dab33f5875b"><code>916386b</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/911">#911</a> from crazy-max/ensure-redact</li> <li><a href="https://github.com/docker/login-action/commit/5b3f94a294ea5478af3af437baa6ad0d3dcd04fd"><code>5b3f94a</code></a> chore: update generated content</li> <li>Additional commits viewable in <a href="https://github.com/docker/login-action/compare/5e57cd118135c172c3672efd75eb46360885c0ef...c94ce9fb468520275223c153574b00df6fe4bcc9">compare view</a></li> </ul> </details> <br /> Updates `actions/setup-python` from 6.1.0 to 6.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-python/releases">actions/setup-python's releases</a>.</em></p> <blockquote> <h2>v6.2.0</h2> <h2>What's Changed</h2> <h3>Dependency Upgrades</h3> <ul> <li>Upgrade dependencies to Node 24 compatible versions by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1259">actions/setup-python#1259</a></li> <li>Upgrade urllib3 from 2.5.0 to 2.6.3 in <code>/__tests__/data</code> by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1253">actions/setup-python#1253</a> and <a href="https://redirect.github.com/actions/setup-python/pull/1264">actions/setup-python#1264</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-python/compare/v6...v6.2.0">https://github.com/actions/setup-python/compare/v6...v6.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-python/commit/a309ff8b426b58ec0e2a45f0f869d46889d02405"><code>a309ff8</code></a> Bump urllib3 from 2.6.0 to 2.6.3 in /<strong>tests</strong>/data (<a href="https://redirect.github.com/actions/setup-python/issues/1264">#1264</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/bfe8cc55a7890e3d6672eda6460ef37bfcc70755"><code>bfe8cc5</code></a> Upgrade <a href="https://github.com/actions"><code>@actions</code></a> dependencies to Node 24 compatible versions (<a href="https://redirect.github.com/actions/setup-python/issues/1259">#1259</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/4f41a90a1f38628c7ccc608d05fbafe701bc20ae"><code>4f41a90</code></a> Bump urllib3 from 2.5.0 to 2.6.0 in /<strong>tests</strong>/data (<a href="https://redirect.github.com/actions/setup-python/issues/1253">#1253</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-python/compare/83679a892e2d95755f2dac6acb0bfd1e9ac5d548...a309ff8b426b58ec0e2a45f0f869d46889d02405">compare view</a></li> </ul> </details> <br /> Updates `actions/cache` from 5.0.1 to 5.0.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v5.0.3</h2> <h2>What's Changed</h2> <ul> <li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li> <li>Bump <code>@actions/core</code> to v2.0.3</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v5...v5.0.3">https://github.com/actions/cache/compare/v5...v5.0.3</a></p> <h2>v.5.0.2</h2> <h1>v5.0.2</h1> <h2>What's Changed</h2> <p>When creating cache entries, 429s returned from the cache service will not be retried.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h2>How to prepare a release</h2> <blockquote> <p>[!NOTE]<br /> Relevant for maintainers with write access only.</p> </blockquote> <ol> <li>Switch to a new branch from <code>main</code>.</li> <li>Run <code>npm test</code> to ensure all tests are passing.</li> <li>Update the version in <a href="https://github.com/actions/cache/blob/main/package.json"><code>https://github.com/actions/cache/blob/main/package.json</code></a>.</li> <li>Run <code>npm run build</code> to update the compiled files.</li> <li>Update this <a href="https://github.com/actions/cache/blob/main/RELEASES.md"><code>https://github.com/actions/cache/blob/main/RELEASES.md</code></a> with the new version and changes in the <code>## Changelog</code> section.</li> <li>Run <code>licensed cache</code> to update the license report.</li> <li>Run <code>licensed status</code> and resolve any warnings by updating the <a href="https://github.com/actions/cache/blob/main/.licensed.yml"><code>https://github.com/actions/cache/blob/main/.licensed.yml</code></a> file with the exceptions.</li> <li>Commit your changes and push your branch upstream.</li> <li>Open a pull request against <code>main</code> and get it reviewed and merged.</li> <li>Draft a new release <a href="https://github.com/actions/cache/releases">https://github.com/actions/cache/releases</a> use the same version number used in <code>package.json</code> <ol> <li>Create a new tag with the version number.</li> <li>Auto generate release notes and update them to match the changes you made in <code>RELEASES.md</code>.</li> <li>Toggle the set as the latest release option.</li> <li>Publish the release.</li> </ol> </li> <li>Navigate to <a href="https://github.com/actions/cache/actions/workflows/release-new-action-version.yml">https://github.com/actions/cache/actions/workflows/release-new-action-version.yml</a> <ol> <li>There should be a workflow run queued with the same version number.</li> <li>Approve the run to publish the new version and update the major tags for this action.</li> </ol> </li> </ol> <h2>Changelog</h2> <h3>5.0.3</h3> <ul> <li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li> <li>Bump <code>@actions/core</code> to v2.0.3</li> </ul> <h3>5.0.2</h3> <ul> <li>Bump <code>@actions/cache</code> to v5.0.3 <a href="https://redirect.github.com/actions/cache/pull/1692">#1692</a></li> </ul> <h3>5.0.1</h3> <ul> <li>Update <code>@azure/storage-blob</code> to <code>^12.29.1</code> via <code>@actions/cache@5.0.1</code> <a href="https://redirect.github.com/actions/cache/pull/1685">#1685</a></li> </ul> <h3>5.0.0</h3> <blockquote> <p>[!IMPORTANT] <code>actions/cache@v5</code> runs on the Node.js 24 runtime and requires a minimum Actions Runner version of <code>2.327.1</code>. If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <h3>4.3.0</h3> <ul> <li>Bump <code>@actions/cache</code> to <a href="https://redirect.github.com/actions/toolkit/pull/2132">v4.1.0</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/cdf6c1fa76f9f475f3d7449005a359c84ca0f306"><code>cdf6c1f</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1695">#1695</a> from actions/Link-/prepare-5.0.3</li> <li><a href="https://github.com/actions/cache/commit/a1bee22673bee4afb9ce4e0a1dc3da1c44060b7d"><code>a1bee22</code></a> Add review for the <code>@actions/http-client</code> license</li> <li><a href="https://github.com/actions/cache/commit/46957638dc5c5ff0c34c0143f443c07d3a7c769f"><code>4695763</code></a> Add licensed output</li> <li><a href="https://github.com/actions/cache/commit/dc73bb9f7bf74a733c05ccd2edfd1f2ac9e5f502"><code>dc73bb9</code></a> Upgrade dependencies and address security warnings</li> <li><a href="https://github.com/actions/cache/commit/345d5c2f761565bace4b6da356737147e9041e3a"><code>345d5c2</code></a> Add 5.0.3 builds</li> <li><a href="https://github.com/actions/cache/commit/8b402f58fbc84540c8b491a91e594a4576fec3d7"><code>8b402f5</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1692">#1692</a> from GhadimiR/main</li> <li><a href="https://github.com/actions/cache/commit/304ab5a0701ee61908ccb4b5822347949a2e2002"><code>304ab5a</code></a> license for httpclient</li> <li><a href="https://github.com/actions/cache/commit/609fc19e67cd310e97eb36af42355843ffcb35be"><code>609fc19</code></a> Update licensed record for cache</li> <li><a href="https://github.com/actions/cache/commit/b22231e43df11a67538c05e88835f1fa097599c5"><code>b22231e</code></a> Build</li> <li><a href="https://github.com/actions/cache/commit/93150cdfb36a9d84d4e8628c8870bec84aedcf8a"><code>93150cd</code></a> Add PR link to releases</li> <li>Additional commits viewable in <a href="https://github.com/actions/cache/compare/9255dc7a253b0ccc959486e2bca901246202afeb...cdf6c1fa76f9f475f3d7449005a359c84ca0f306">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Part of element-hq/serverproduct-internal#1153 Pushes Synapse docker images to the Element OCI Registry in addition to the dockerhub and ghcr registries. Ready for review despite Draft status. See element-hq/synapse#19420 (comment) ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [X] Pull request is based on the develop branch * [X] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [X] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Quentin Gliech <quenting@element.io>
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.12.26 to 0.12.28. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/releases">reqwest's releases</a>.</em></p> <blockquote> <h2>v0.12.28</h2> <h2>What's Changed</h2> <ul> <li>fix: correctly import TokioIo on Windows by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2896">seanmonstar/reqwest#2896</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/seanmonstar/reqwest/compare/v0.12.27...v0.12.28">https://github.com/seanmonstar/reqwest/compare/v0.12.27...v0.12.28</a></p> <h2>v0.12.27</h2> <h2>tl;dr</h2> <ul> <li>Add <code>ClientBuilder::windows_named_pipe(name)</code> option that will force all requests over that Windows Named Pipe.</li> </ul> <h2>What's Changed</h2> <ul> <li>chore: Disable unused tokio-util codec feature by <a href="https://github.com/tottoto"><code>@tottoto</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2893">seanmonstar/reqwest#2893</a></li> <li>chore: Use http_body_util::BodyDataStream by <a href="https://github.com/tottoto"><code>@tottoto</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2892">seanmonstar/reqwest#2892</a></li> <li>feat: add windows_named_pipe() option to client builder by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2789">seanmonstar/reqwest#2789</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/seanmonstar/reqwest/compare/v0.12.26...v0.12.27">https://github.com/seanmonstar/reqwest/compare/v0.12.26...v0.12.27</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md">reqwest's changelog</a>.</em></p> <blockquote> <h2>v0.12.28</h2> <ul> <li>Fix compiling on Windows if TLS and SOCKS features are not enabled.</li> </ul> <h2>v0.12.27</h2> <ul> <li>Add <code>ClientBuilder::windows_named_pipe(name)</code> option that will force all requests over that Windows Named Piper.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/seanmonstar/reqwest/commit/d97859910c357827ad5993d37ce750ad595f4fff"><code>d978599</code></a> v0.12.28</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/ef2768a823b28bf00e23e218e034be035b08d770"><code>ef2768a</code></a> fix: correctly import TokioIo on Windows (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2896">#2896</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/1bf6441b68c3e908d2588a3bb4f2043ceed737bf"><code>1bf6441</code></a> v0.12.27</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/4967b1b4e25c2e9cc9f4f2cb0f4e4181f13366ba"><code>4967b1b</code></a> feat: add windows_named_pipe() option to client builder (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2789">#2789</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/ef5b239cbaa5e93607415bcf943c8f571da13e42"><code>ef5b239</code></a> chore: Use http_body_util::BodyDataStream (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2892">#2892</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/a8100047976e138483e2128ee0ea004931ceead0"><code>a810004</code></a> chore: Disable unused tokio-util codec feature (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2893">#2893</a>)</li> <li>See full diff in <a href="https://github.com/seanmonstar/reqwest/compare/v0.12.26...v0.12.28">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Quentin Gliech <quenting@element.io>
This is so that when we update dependencies etc we correctly ensure that the Rust library has been rebuilt.
Reverts element-hq/synapse#19463 The complement tests haven't been reviewed and require more testing. Discussed in the internal [backend team lobby](https://matrix.to/#/!SGNQGPGUwtcPBUotTL:matrix.org/$XDARK2u2iLL5wWaxiL6tJYkLg80Sn6yWWEQib8ahl5Q?via=jki.re&via=element.io&via=matrix.org) room.
There was a problem hiding this comment.
Pull request overview
This PR represents the Famedly release of Synapse version 1.148.0_1, which includes upstream Synapse v1.148.0rc1 plus a Famedly-specific fix for an inconsistent stream error log message. The main feature addition is support for MSC4354: Sticky Events, which allows events to be marked with a duration during which they should be reliably delivered to clients.
Changes:
- Added full implementation of MSC4354 Sticky Events including storage, replication, API endpoints, and client-facing changes
- Removed support for rejected MSC3244 (Room version capabilities)
- Enhanced Rust HTTP client to support HTTP/2-only mode
- Added in-repo Complement tests for Synapse-specific behavior
- Updated StreamToken format to include sticky_events_key
- Fixed documentation reference from
experimentaltoexperimental_features
Reviewed changes
Copilot reviewed 58 out of 61 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| synapse/storage/databases/main/sticky_events.py | New storage layer for sticky events with cleanup logic |
| synapse/storage/schema/main/delta/93/01_sticky_events.sql | Database schema for sticky_events table |
| synapse/rest/client/room.py | API endpoint changes to accept sticky duration query parameter |
| synapse/visibility.py | Logic to calculate and add sticky TTL to event unsigned data |
| synapse/types/init.py | Extended StreamToken to include sticky_events_key |
| synapse/replication/tcp/streams/_base.py | New StickyEventsStream for replication |
| tests/storage/test_sticky_events.py | Comprehensive storage layer tests |
| tests/rest/client/test_sticky_events.py | Client API tests for sticky events |
| rust/src/http_client.rs | Added http2_only parameter to HTTP client |
| synapse/util/rust.py | Updated Rust file digest to include workspace config files |
| complement/tests/federation_test.go | New in-repo Complement test infrastructure |
| synapse/api/constants.py | Added StickyEvent constants and StickyEventField TypedDict |
| synapse/rest/client/capabilities.py | Removed MSC3244 capabilities |
| docs/development/experimental_features.md | Fixed experimental_features reference |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| -- For pulling out sticky events by room at send time, obeying stream ordering range limits. | ||
| CREATE INDEX sticky_events_room_idx ON sticky_events (room_id, event_stream_ordering); | ||
|
|
||
| -- A optional integer for combining sticky events with delayed events. Used at send time. |
There was a problem hiding this comment.
Typo in comment: "A optional" should be "An optional".
| sticky_duration = ev.sticky_duration() | ||
| if sticky_duration is None: | ||
| continue | ||
| # Calculate the end time as start_time + effecitve sticky duration |
There was a problem hiding this comment.
Typo in comment: "effecitve" should be "effective".
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## master #240 +/- ##
========================================
Coverage 80.13% 80.14%
========================================
Files 500 501 +1
Lines 71220 71375 +155
Branches 10703 10732 +29
========================================
+ Hits 57071 57201 +130
- Misses 10905 10920 +15
- Partials 3244 3254 +10
... and 1 file with indirect coverage changes Continue to review full report in Codecov by Sentry.
🚀 New features to boost your workflow:
|
itsoyou
approved these changes
Feb 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Famedly Synapse Release v1.148.0_1
Famedly additions for v1.148.0_1
Notes for Famedly: