Merged
Conversation
When we change the `required_state` config for a room in sliding sync, we insert a new entry into the `sliding_sync_connection_required_state` table. As the sliding sync connection advances we can accrue a lot of stale entries, so let's clear those out. This is a sort of follow on from #19211 --------- Co-authored-by: Eric Eastwood <erice@element.io>
On restart we retry joining partially stated rooms, but if you have a bunch in the database this can cause big performance issues if we start them all at once. So we stagger them.
…job"` (#19400) We're already using `job=~"$job"` in the majority of the other panels. This is just aligning the stragglers. ### Background For a variable in Grafana, when the "All" value is selected, it translates the variable into a wildcard regex. By default, this is just a giant list of all of the possible values or'd together. It's possible to define a "custom all value" like we've done for `index` as `.*` and feels like we should also do this in a follow-up PR. Input: ``` job="$job" ``` Before (using **exact** match) -> resulted in matching nothing: ``` job="(appservice|background_worker|client_reader|device_lists|event_creator|event_persister|federation_inbound|federation_reader|federation_sender|media_repository|pusher|stream_writers|synapse|synchrotron|user_dir)"" ``` After (using **regex** match) -> matches all jobs as expected: ``` job=~"(appservice|background_worker|client_reader|device_lists|event_creator|event_persister|federation_inbound|federation_reader|federation_sender|media_repository|pusher|stream_writers|synapse|synchrotron|user_dir)"" ```
…nt persistence rate (#19399) This is the same thing we already do in the [`matrix.org` dashboard](https://grafana.matrix.org/d/000000012/synapse) and although the purple dots aren't new (introduced in matrix-org/synapse#10001), you can see that was the intention in element-hq/synapse#18510. I think this was just how our contrib dashboard looked at the time and perhaps was a Grafana version mismatch thing which is why it didn't translate.
…oup (#19407) Bumps the minor-and-patches group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 6.0.1 to 6.0.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.2</h2> <h2>What's Changed</h2> <ul> <li>Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2355">actions/checkout#2355</a></li> <li>Fix tag handling: preserve annotations and explicit fetch-tags by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6.0.1...v6.0.2">https://github.com/actions/checkout/compare/v6.0.1...v6.0.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v6.0.2</h2> <ul> <li>Fix tag handling: preserve annotations and explicit fetch-tags by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li> </ul> <h2>v6.0.1</h2> <ul> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> </ul> <h2>v6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>v5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>v5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>v4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>v4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd"><code>de0fac2</code></a> Fix tag handling: preserve annotations and explicit fetch-tags (<a href="https://redirect.github.com/actions/checkout/issues/2356">#2356</a>)</li> <li><a href="https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49"><code>064fe7f</code></a> Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.20 to 0.0.22. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kludex/python-multipart/releases">python-multipart's releases</a>.</em></p> <blockquote> <h2>Version 0.0.22</h2> <h2>What's Changed</h2> <ul> <li>Drop directory path from filename in <code>File</code> <a href="https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4">9433f4b</a>.</li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.21...0.0.22">https://github.com/Kludex/python-multipart/compare/0.0.21...0.0.22</a></p> <h2>Version 0.0.21</h2> <h2>What's Changed</h2> <ul> <li>Add support for Python 3.14 and drop EOL 3.8 and 3.9 by <a href="https://github.com/hugovk"><code>@hugovk</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/216">Kludex/python-multipart#216</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/waketzheng"><code>@waketzheng</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/python-multipart/pull/203">Kludex/python-multipart#203</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.20...0.0.21">https://github.com/Kludex/python-multipart/compare/0.0.20...0.0.21</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md">python-multipart's changelog</a>.</em></p> <blockquote> <h2>0.0.22 (2026-01-25)</h2> <ul> <li>Drop directory path from filename in <code>File</code> <a href="https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4">9433f4b</a>.</li> </ul> <h2>0.0.21 (2025-12-17)</h2> <ul> <li>Add support for Python 3.14 and drop EOL 3.8 and 3.9 <a href="https://redirect.github.com/Kludex/python-multipart/pull/216">#216</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Kludex/python-multipart/commit/bea7bbb2904da8ce39123a845088dc72464eaddf"><code>bea7bbb</code></a> Version 0.0.22 (<a href="https://redirect.github.com/Kludex/python-multipart/issues/222">#222</a>)</li> <li><a href="https://github.com/Kludex/python-multipart/commit/0fb59a9df0f273bfde99740b302ccb2ae45e2b8a"><code>0fb59a9</code></a> chore: add return type on test (<a href="https://redirect.github.com/Kludex/python-multipart/issues/221">#221</a>)</li> <li><a href="https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4"><code>9433f4b</code></a> Merge commit from fork</li> <li><a href="https://github.com/Kludex/python-multipart/commit/d5c91ecb0aa1cae03fe2d9811d193c952e714f17"><code>d5c91ec</code></a> Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/Kludex/python-multipart/issues/219">#219</a>)</li> <li><a href="https://github.com/Kludex/python-multipart/commit/5a90631b484f8d3284b691d453c24be3db57f5cb"><code>5a90631</code></a> bump uv (<a href="https://redirect.github.com/Kludex/python-multipart/issues/218">#218</a>)</li> <li><a href="https://github.com/Kludex/python-multipart/commit/1f72955602445706b5517a6f58a720796ad3d96a"><code>1f72955</code></a> Version 0.0.21 (<a href="https://redirect.github.com/Kludex/python-multipart/issues/217">#217</a>)</li> <li><a href="https://github.com/Kludex/python-multipart/commit/47ecfed3533ed8dcafd800508dbf594438fd0949"><code>47ecfed</code></a> Add support for Python 3.14 and drop EOL 3.8 and 3.9 (<a href="https://redirect.github.com/Kludex/python-multipart/issues/216">#216</a>)</li> <li><a href="https://github.com/Kludex/python-multipart/commit/f18b70941b727c947f7e6b17e1c3321f5ad3afb6"><code>f18b709</code></a> Bump the github-actions group across 1 directory with 4 updates (<a href="https://redirect.github.com/Kludex/python-multipart/issues/214">#214</a>)</li> <li><a href="https://github.com/Kludex/python-multipart/commit/b388e9a7a82605cc8613798926afe8f6074cb372"><code>b388e9a</code></a> chore: use depedency-groups in <code>pyproject.toml</code> (<a href="https://redirect.github.com/Kludex/python-multipart/issues/212">#212</a>)</li> <li><a href="https://github.com/Kludex/python-multipart/commit/6113e750971918a51f79c3bb2585e95ed1c53245"><code>6113e75</code></a> Bump the github-actions group across 1 directory with 3 updates (<a href="https://redirect.github.com/Kludex/python-multipart/issues/210">#210</a>)</li> <li>Additional commits viewable in <a href="https://github.com/Kludex/python-multipart/compare/0.0.20...0.0.22">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/element-hq/synapse/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
….0 (#19412) Hello, I'm writing on behalf of the Citadel product developed by ERCOM. This PR bumps `pyo3` from 0.26.0 to 0.27.2 and `pythonize` from 0.26.0 to 0.27.0. For the code migration I followed the guide found here: [link](https://pyo3.rs/v0.27.0/migration.html).
The `Clock` tracks looping calls to allow cancelling of all looping calls. However, this stopped them from getting garbage collected. This was introduced in element-hq/synapse#18828 Fixes element-hq/synapse#19392
…oup (#19423) Bumps the minor-and-patches group with 1 update: [actions/setup-go](https://github.com/actions/setup-go). Updates `actions/setup-go` from 6.1.0 to 6.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v6.2.0</h2> <h2>What's Changed</h2> <h3>Enhancements</h3> <ul> <li>Example for restore-only cache in documentation by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/696">actions/setup-go#696</a></li> <li>Update Node.js version in action.yml by <a href="https://github.com/ccoVeille"><code>@ccoVeille</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/691">actions/setup-go#691</a></li> <li>Documentation update of actions/checkout by <a href="https://github.com/deining"><code>@deining</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/683">actions/setup-go#683</a></li> </ul> <h3>Dependency updates</h3> <ul> <li>Upgrade js-yaml from 3.14.1 to 3.14.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/682">actions/setup-go#682</a></li> <li>Upgrade <code>@actions/cache</code> to v5 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/695">actions/setup-go#695</a></li> <li>Upgrade actions/checkout from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/686">actions/setup-go#686</a></li> <li>Upgrade qs from 6.14.0 to 6.14.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/703">actions/setup-go#703</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ccoVeille"><code>@ccoVeille</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/691">actions/setup-go#691</a></li> <li><a href="https://github.com/deining"><code>@deining</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/683">actions/setup-go#683</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v6...v6.2.0">https://github.com/actions/setup-go/compare/v6...v6.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-go/commit/7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5"><code>7a3fe6c</code></a> Bump qs from 6.14.0 to 6.14.1 (<a href="https://redirect.github.com/actions/setup-go/issues/703">#703</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/b9adafd441833a027479ddd0db37eaece68d35cb"><code>b9adafd</code></a> Bump actions/checkout from 5 to 6 (<a href="https://redirect.github.com/actions/setup-go/issues/686">#686</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/d73f6bcfc2b419b74f47075f8a487b40cc4680f8"><code>d73f6bc</code></a> README.md: correct to actions/checkout@v6 (<a href="https://redirect.github.com/actions/setup-go/issues/683">#683</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/ae252ee6fb24babc50e89fc67c4aa608e69fbf8f"><code>ae252ee</code></a> Bump <code>@actions/cache</code> to v5 (<a href="https://redirect.github.com/actions/setup-go/issues/695">#695</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/bf7446afafbce8902019569bc0aab5a59380c516"><code>bf7446a</code></a> Bump js-yaml from 3.14.1 to 3.14.2 (<a href="https://redirect.github.com/actions/setup-go/issues/682">#682</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/02aadfee7f572f67453450365b688df2c3f95730"><code>02aadfe</code></a> Fix Node.js version in action.yml (<a href="https://redirect.github.com/actions/setup-go/issues/691">#691</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/4aaadf42668403795cdfdb15b1c4250e9fed12b9"><code>4aaadf4</code></a> Example for restore-only cache in documentation (<a href="https://redirect.github.com/actions/setup-go/issues/696">#696</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-go/compare/4dc6199c7b1a012772edbd06daecab0f50c9053c...7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… directory (#19391) Bumps the patches group with 1 update in the / directory: [serde_json](https://github.com/serde-rs/json). Updates `serde_json` from 1.0.145 to 1.0.148 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/json/releases">serde_json's releases</a>.</em></p> <blockquote> <h2>v1.0.148</h2> <ul> <li>Update <code>zmij</code> dependency to 1.0</li> </ul> <h2>v1.0.147</h2> <ul> <li>Switch float-to-string algorithm from Ryū to Żmij for better f32 and f64 serialization performance (<a href="https://redirect.github.com/serde-rs/json/issues/1304">#1304</a>)</li> </ul> <h2>v1.0.146</h2> <ul> <li>Set fast_arithmetic=64 for riscv64 (<a href="https://redirect.github.com/serde-rs/json/issues/1305">#1305</a>, thanks <a href="https://github.com/Xeonacid"><code>@Xeonacid</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/serde-rs/json/commit/8b291c4c5620476d6834c69fbfb24d13a24d4596"><code>8b291c4</code></a> Release 1.0.148</li> <li><a href="https://github.com/serde-rs/json/commit/1aefe152735f1b11ce7f641f8e86448d227163bf"><code>1aefe15</code></a> Update to zmij 1.0</li> <li><a href="https://github.com/serde-rs/json/commit/62d6e8d6158ccc1608fb57d9a8a73cc8d15f5b2a"><code>62d6e8d</code></a> Release 1.0.147</li> <li><a href="https://github.com/serde-rs/json/commit/fd829a65beb37d2db296f1a64c22c25ad508d6d8"><code>fd829a6</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/json/issues/1304">#1304</a> from dtolnay/zmij</li> <li><a href="https://github.com/serde-rs/json/commit/e757a3d8813bfacad8354ae3af89fa19a471da6b"><code>e757a3d</code></a> Switch from ryu -> zmij for float formatting</li> <li><a href="https://github.com/serde-rs/json/commit/75ad7e6b4eb8a26560300d2d7332d6dd8cd5b277"><code>75ad7e6</code></a> Release 1.0.146</li> <li><a href="https://github.com/serde-rs/json/commit/bc6c8276d9597fae216085f940c712f4d4fce4bc"><code>bc6c827</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/json/issues/1305">#1305</a> from Xeonacid/patch-1</li> <li><a href="https://github.com/serde-rs/json/commit/a09210adf529842b912db6f69ad9858ad2f90e16"><code>a09210a</code></a> Set fast_arithmetic=64 for riscv64</li> <li><a href="https://github.com/serde-rs/json/commit/01182e54b5dbadee79696bd472b67391e92679af"><code>01182e5</code></a> Update actions/upload-artifact@v5 -> v6</li> <li><a href="https://github.com/serde-rs/json/commit/383b13a45feb2955236735397c53218acd4da515"><code>383b13a</code></a> Update actions/upload-artifact@v4 -> v5</li> <li>Additional commits viewable in <a href="https://github.com/serde-rs/json/compare/v1.0.145...v1.0.148">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Devon Hudson <devonhudson@librem.one>
…ing issues. (#19410) Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
…ning dependency (#19417) ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) There is a typo in check_dependencies.py which makes setuptools_rust a runtime requirement, but there is no need for it at runtime. This patch solves the typo. I tested starting 1.146.0 with this patch and without setuptools_rust and it starts correctly
Co-authored-by: Devon Hudson <devonhudson@librem.one>
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #237 +/- ##
==========================================
- Coverage 80.13% 80.13% -0.01%
==========================================
Files 500 500
Lines 71200 71220 +20
Branches 10700 10703 +3
==========================================
+ Hits 57053 57069 +16
- Misses 10903 10906 +3
- Partials 3244 3245 +1
... and 3 files with indirect coverage changes Continue to review full report in Codecov by Sentry.
🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
Release bump to Synapse v1.147.1 (Famedly packaging), pulling in upstream fixes and release metadata updates, including security hardening and operational/dashboard improvements.
Changes:
- Fix memory leak around tracked looping calls; add pruning for Sliding Sync required-state dedup table entries.
- Harden endpoints and federation: block trailing-path access to
/healthand reject signatures using a known-insecure server signing key. - Bump versions / dependencies (Python + Rust/pyo3), refresh Grafana dashboard selectors, and update CI workflows + release metadata.
Reviewed changes
Copilot reviewed 35 out of 37 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/util/test_clock.py | Adds tests for looping-call GC and shutdown cleanup. |
| tests/util/test_check_dependencies.py | Updates dependency-ignore test for canonicalized setuptools-rust naming. |
| tests/storage/test_sliding_sync_tables.py | Adds tests for pruning sliding_sync_connection_required_state entries. |
| tests/rest/test_health.py | Adds regression test ensuring /health rejects extra path segments. |
| tests/federation/test_federation_base.py | Adds test that events signed by a banned key are refused. |
| tests/crypto/test_keyring.py | Adds test that JSON signed by a banned key fails verification. |
| synapse/util/clock.py | Switches looping-call tracking to WeakSet; adds debug wrapper metadata. |
| synapse/util/check_dependencies.py | Canonicalizes requirement names to ignore setuptools-rust reliably. |
| synapse/storage/databases/main/sliding_sync.py | Prunes unused required-state IDs for a connection after position cleanup. |
| synapse/rest/health.py | Returns JSON 404 for non-exact /health paths. |
| synapse/handlers/federation.py | Throttles partial-state room sync startup by sleeping briefly between starts. |
| synapse/crypto/keyring.py | Introduces banned server signing key list and rejects signatures using it. |
| synapse/config/experimental.py | Documents requirement for experimental features to have tracking issues. |
| schema/synapse-config.schema.yaml | Bumps schema $id to v1.147 and normalizes whitespace. |
| rust/src/push/mod.rs | Updates PyO3 extraction APIs for pyo3 0.27.x. |
| rust/src/http_client.rs | Adjusts extraction error mapping for updated PyO3 APIs. |
| rust/src/http.rs | Updates downcast calls to cast() for new PyO3 APIs. |
| rust/Cargo.toml | Bumps pyo3 to 0.27.2 and pythonize to 0.27.0. |
| Cargo.lock | Updates Rust lockfile for bumped dependencies (incl. zmij). |
| pyproject.toml | Bumps Synapse version to 1.147.1. |
| poetry.lock | Bumps python-multipart and updates its Python constraint metadata. |
| docs/development/experimental_features.md | Adds guidance for tracking issues for experimental features. |
| debian/changelog | Adds Debian changelog entries for 1.147.0/1.147.1. |
| contrib/grafana/synapse.json | Updates PromQL selectors to use job=~"$job" and minor panel style tweaks. |
| CHANGES.md | Adds 1.147.1 release notes (incl. banned-key security hardening). |
| .github/workflows/twisted_trunk.yml | Updates pinned GitHub Actions versions used in Twisted trunk workflow. |
| .github/workflows/triage_labelled.yml | Updates pinned actions/checkout version. |
| .github/workflows/tests.yml | Updates pinned actions/checkout and Go setup; bumps Rust nightly used for clippy. |
| .github/workflows/schema.yaml | Updates pinned actions/checkout version. |
| .github/workflows/release-artifacts.yml | Updates pinned actions/checkout version. |
| .github/workflows/push_complement_image.yml | Updates pinned actions/checkout version. |
| .github/workflows/poetry_lockfile.yaml | Updates pinned actions/checkout version. |
| .github/workflows/latest_deps.yml | Updates pinned actions/checkout and Go setup versions. |
| .github/workflows/fix_lint.yaml | Updates pinned actions/checkout version. |
| .github/workflows/docs.yaml | Updates pinned actions/checkout version. |
| .github/workflows/docs-pr.yaml | Updates pinned actions/checkout version. |
| .github/workflows/docker.yml | Updates pinned actions/checkout version. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
itsoyou
approved these changes
Feb 18, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Famedly Synapse Release v1.147.1_1
depends on: famedly/complement#11
Famedly additions for v1.146.0_1
None
Notes for Famedly: