Update to current develop by jason-famedly · Pull Request #6 · clokep/synapse

jason-famedly · 2026-01-31T00:24:41Z

Bring branch up to to develop as of Friday night(1/30/26)

Other than pyproject.toml and poetry.lock needing adjustments, the only other conflict for the merge was in tests/server.py for cleaning up the database at the end of each test case.

Additional commit is to adjust a sliding sync transaction that was using execute_values() with fetch=False. We have that asserted to not happen, so it redirecting to the execute_batch() implementation that under psycopg uses the pipelined executemany(). This may need revisiting in the future to change the psycopg version of execute_values() to use the new copy_write() implementation instead.

Please sync develop to your base branch before proceeding

Bumps [attrs](https://github.com/sponsors/hynek) from 25.3.0 to 25.4.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/sponsors/hynek/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=attrs&package-manager=pip&previous-version=25.3.0&new-version=25.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…9217) Bumps [types-bleach](https://github.com/typeshed-internal/stub_uploader) from 6.2.0.20250809 to 6.3.0.20251115. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-bleach&package-manager=pip&previous-version=6.2.0.20250809&new-version=6.3.0.20251115)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [rpds-py](https://github.com/crate-py/rpds) from 0.28.0 to 0.29.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/crate-py/rpds/releases">rpds-py's releases</a>.</em></p> <blockquote> <h2>v0.29.0</h2>  <h2>What's Changed</h2> <ul> <li>Bump actions/download-artifact from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/195">crate-py/rpds#195</a></li> <li>Bump github/codeql-action from 4.30.9 to 4.31.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/194">crate-py/rpds#194</a></li> <li>Bump actions/upload-artifact from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/192">crate-py/rpds#192</a></li> <li>Bump astral-sh/setup-uv from 7.1.1 to 7.1.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/193">crate-py/rpds#193</a></li> <li>Bump github/codeql-action from 4.31.0 to 4.31.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/196">crate-py/rpds#196</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/199">crate-py/rpds#199</a></li> <li>Bump softprops/action-gh-release from 2.4.1 to 2.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/198">crate-py/rpds#198</a></li> <li>Bump rpds from 1.1.2 to 1.2.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/crate-py/rpds/pull/197">crate-py/rpds#197</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/crate-py/rpds/compare/v0.28.0...v0.29.0">https://github.com/crate-py/rpds/compare/v0.28.0...v0.29.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/crate-py/rpds/commit/5fb6f35abb2901542f27d01595f032815ffa39cd"><code>5fb6f35</code></a> Prepare for 0.29.0</li> <li><a href="https://github.com/crate-py/rpds/commit/d17dbd1d84449070c4a94ddb779a0f68f9bb6ec8"><code>d17dbd1</code></a> Add rpds's Stack.</li> <li><a href="https://github.com/crate-py/rpds/commit/74707afd0c9aa7bcdf165b85bb741158ae20c987"><code>74707af</code></a> Follow the rpds API more closely for Queue.</li> <li><a href="https://github.com/crate-py/rpds/commit/41455f3794d22829e9a338cf63a9fd6a3e379049"><code>41455f3</code></a> -> native uv for dpeendency groups.</li> <li><a href="https://github.com/crate-py/rpds/commit/e93532daa50685b211892397291d0f44b0334314"><code>e93532d</code></a> Use 3.14 by default in nox.</li> <li><a href="https://github.com/crate-py/rpds/commit/020c41fb88d011c7919971348d56b800a4c2b53c"><code>020c41f</code></a> Remove dead hooks.</li> <li><a href="https://github.com/crate-py/rpds/commit/6e08b759e4fd895752541ea21b37b1690c2924d8"><code>6e08b75</code></a> Accept zizmor's cooldown suggestions for dependabot.</li> <li><a href="https://github.com/crate-py/rpds/commit/a5d40a9fd324dc0941744014c98bcc84c94c599f"><code>a5d40a9</code></a> Merge pull request <a href="https://redirect.github.com/crate-py/rpds/issues/197">#197</a> from crate-py/dependabot/cargo/rpds-1.2.0</li> <li><a href="https://github.com/crate-py/rpds/commit/b830be14163a5a81fdc087efde7c65c2305b1b99"><code>b830be1</code></a> Merge pull request <a href="https://redirect.github.com/crate-py/rpds/issues/198">#198</a> from crate-py/dependabot/github_actions/softprops/act...</li> <li><a href="https://github.com/crate-py/rpds/commit/e7ac33078a9086089bc633e61bccad9060864f04"><code>e7ac330</code></a> Merge pull request <a href="https://redirect.github.com/crate-py/rpds/issues/199">#199</a> from crate-py/pre-commit-ci-update-config</li> <li>Additional commits viewable in <a href="https://github.com/crate-py/rpds/compare/v0.28.0...v0.29.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rpds-py&package-manager=pip&previous-version=0.28.0&new-version=0.29.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.0.0 to 6.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v6.1.0</h2> <h2>What's Changed</h2> <h3>Enhancements</h3> <ul> <li>Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by <a href="https://github.com/nicholasngai"><code>@nicholasngai</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/665">actions/setup-go#665</a></li> <li>Add support for .tool-versions file and update workflow by <a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/673">actions/setup-go#673</a></li> <li>Add comprehensive breaking changes documentation for v6 by <a href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/674">actions/setup-go#674</a></li> </ul> <h3>Dependency updates</h3> <ul> <li>Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking changes in v6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/617">actions/setup-go#617</a></li> <li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/641">actions/setup-go#641</a></li> <li>Upgrade semver and <code>@types/semver</code> by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/652">actions/setup-go#652</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/nicholasngai"><code>@nicholasngai</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/665">actions/setup-go#665</a></li> <li><a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/673">actions/setup-go#673</a></li> <li><a href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/674">actions/setup-go#674</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v6...v6.1.0">https://github.com/actions/setup-go/compare/v6...v6.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-go/commit/4dc6199c7b1a012772edbd06daecab0f50c9053c"><code>4dc6199</code></a> Bump semver and <code>@types/semver</code> (<a href="https://redirect.github.com/actions/setup-go/issues/652">#652</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/f3787be646645f6c7bfecfa3e48f82a00d113834"><code>f3787be</code></a> Add comprehensive breaking changes documentation for v6 (<a href="https://redirect.github.com/actions/setup-go/issues/674">#674</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/3a0c2c82458cbb45a3cbfeeb2b91ce8f85420560"><code>3a0c2c8</code></a> Bump actions/publish-action from 0.3.0 to 0.4.0 (<a href="https://redirect.github.com/actions/setup-go/issues/641">#641</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/faf52423ec0d44c58f68e83b614bfcd99dded66f"><code>faf5242</code></a> Add support for .tool-versions file in setup-go, update workflow (<a href="https://redirect.github.com/actions/setup-go/issues/673">#673</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/7bc60db215a8b16959b0b5cccfdc95950d697b25"><code>7bc60db</code></a> Fall back to downloading from go.dev/dl instead of storage.googleapis.com/gol...</li> <li><a href="https://github.com/actions/setup-go/commit/c0137caad775660c0844396c52da96e560aba63d"><code>c0137ca</code></a> Bump eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking chang...</li> <li>See full diff in <a href="https://github.com/actions/setup-go/compare/44694675825211faa026b3c33043df3e48a5fa00...4dc6199c7b1a012772edbd06daecab0f50c9053c">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=6.0.0&new-version=6.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

We add some logic to expire sliding sync connections if they get old or if there is too much pending data to return. The values of the constants are picked fairly arbitrarily, these are currently: 1. More than 100 rooms with pending events if the connection hasn't been used in over an hour 2. The connection hasn't been used for over a week Reviewable commit-by-commit --------- Co-authored-by: Eric Eastwood <erice@element.io>

…ent-hq#19221)

We have various constants to try and avoid mistyping of durations, e.g. `ONE_HOUR_SECONDS * MILLISECONDS_PER_SECOND`, however this can get a little verbose and doesn't help with typing. Instead, let's move towards a dedicated `Duration` class (basically a [`timedelta`](https://docs.python.org/3/library/datetime.html#timedelta-objects) with helper methods). This PR introduces the new types and converts all usages of the existing constants with it. Future PRs may work to move the clock methods to also use it (e.g. `call_later` and `looping_call`). Reviewable commit-by-commit.

MSC4380 aims to be a simplified implementation of MSC4155; the hope is that we can get it specced and rolled out rapidly, so that we can resolve the fact that `matrix.org` has enabled MSC4155. The implementation leans heavily on what's already there for MSC4155. It has its own `experimental_features` flag. If both MSC4155 and MSC4380 are enabled, and a user has both configurations set, then we prioritise the MSC4380 one. Contributed wearing my 🎩 Spec Core Team hat.

…ows (element-hq#18960)

…ches (element-hq#19220)

Rather than using dodgy regexes which keep breaking. Also fixes a regression where it looks like we didn't fail CI if the delta was in the wrong place.

…ated refresh token (element-hq#19230)

…nt-hq#17782)

We have checks to try and catch the case where Synapse is being run from a source directory, but the compiled Rust code is out-of-date. This commonly happens when Synapse is updated without running `poetry install` (or equivalent). These checks did not correctly handle `.egg-info` installs, and so were not run. Currently, the `.egg-info` directory is created automatically by poetry (due to using setuptools to build Rust).

This changes the arguments in clock functions to be `Duration` and converts call sites and constants into `Duration`. There are still some more functions around that should be converted (e.g. `timeout_deferred`), but we leave that to another PR. We also changes `.as_secs()` to return a float, as the rounding broke things subtly. The only reason to keep it (its the same as `timedelta.total_seconds()`) is for symmetry with `as_millis()`. Follows on from element-hq#19223

Fixes element-hq#19198 Returns HTTP 400 when `alias` or `alt_alias` inside of `m.room.canonical_alias` `content` are not of type string. Previously this resulted in HTTP 500 errors as Synapse assumed they were strings and would raise an exception when it tried to treat them as such if they actually weren't. With the changes implemented: <img width="800" height="616" alt="Screenshot from 2025-11-28 16-48-06" src="https://github.com/user-attachments/assets/1333a4b3-7b4f-435f-bbff-f48870bc4d96" /> <img width="800" height="316" alt="Screenshot from 2025-11-28 16-47-42" src="https://github.com/user-attachments/assets/5928abf8-88a2-4bd9-9420-9a1f743f66f5" /> ### Pull Request Checklist  * [X] Pull request is based on the develop branch * [X] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [X] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))

Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.9.0 to 5.10.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/metadata-action/releases">docker/metadata-action's releases</a>.</em></p> <blockquote> <h2>v5.10.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.66.0 to 0.68.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/559">docker/metadata-action#559</a> <a href="https://redirect.github.com/docker/metadata-action/pull/569">docker/metadata-action#569</a></li> <li>Bump js-yaml from 3.14.1 to 3.14.2 in <a href="https://redirect.github.com/docker/metadata-action/pull/564">docker/metadata-action#564</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/metadata-action/compare/v5.9.0...v5.10.0">https://github.com/docker/metadata-action/compare/v5.9.0...v5.10.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/metadata-action/commit/c299e40c65443455700f0fdfc63efafe5b349051"><code>c299e40</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/569">#569</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/metadata-action/commit/f015d7914a06d5c4931affc0780479c2336fd8e3"><code>f015d79</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/metadata-action/commit/121bcc2ca8f5f246e9af338aeb41e55825fe7c88"><code>121bcc2</code></a> chore(deps): Bump <code>@docker/actions-toolkit</code> from 0.67.0 to 0.68.0</li> <li><a href="https://github.com/docker/metadata-action/commit/f7b6bf41b94feca9834c527e3bd584efa2e7280b"><code>f7b6bf4</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/564">#564</a> from docker/dependabot/npm_and_yarn/js-yaml-3.14.2</li> <li><a href="https://github.com/docker/metadata-action/commit/0b95c6b8604d853d90ab386caf3a1e754d9697f7"><code>0b95c6b</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/565">#565</a> from docker/dependabot/github_actions/actions/checkout-6</li> <li><a href="https://github.com/docker/metadata-action/commit/17f70d7525d8de2c783e41c092e28219c8fc2a67"><code>17f70d7</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/568">#568</a> from motoki317/docs/fix-to-24h-schedule-pattern</li> <li><a href="https://github.com/docker/metadata-action/commit/afd7e6d7bbf70ea7bc2e4f3c782fe1feabe42d88"><code>afd7e6d</code></a> docs(README): Fix date format from 12h to 24h in schedule pattern</li> <li><a href="https://github.com/docker/metadata-action/commit/602aff8e11accbaf5f2233069201ffe332de3d5e"><code>602aff8</code></a> chore(deps): Bump actions/checkout from 5 to 6</li> <li><a href="https://github.com/docker/metadata-action/commit/aecb1a49a52523dc3b4dcab352cae7572eb61c87"><code>aecb1a4</code></a> chore(deps): Bump js-yaml from 3.14.1 to 3.14.2</li> <li><a href="https://github.com/docker/metadata-action/commit/8d8c7c12f7b958582a5cb82ba16d5903cb27976a"><code>8d8c7c1</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/559">#559</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li>Additional commits viewable in <a href="https://github.com/docker/metadata-action/compare/318604b99e75e41977312d83839a89be02ca4893...c299e40c65443455700f0fdfc63efafe5b349051">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/metadata-action&package-manager=github_actions&previous-version=5.9.0&new-version=5.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Small improvement to the release script to prompt the user to consider upcoming deprecations that should be mentioned in the changelog. ### Pull Request Checklist  * [X] Pull request is based on the develop branch * [X] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [X] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Olivier 'reivilibre' <oliverw@element.io>

…nt-hq#19243) --------- Signed-off-by: Andre Klärner <kandre@ak-online.be> Co-authored-by: Olivier 'reivilibre <olivier@librepush.net>

…-hq#19358)

### Pull Request Checklist  * [X] Pull request is based on the develop branch * [X] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [X] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))

- Update `synapse_xxx` (server-level) metrics to use `server_name="$server_name",` instead of `instance="$instance"` - Add `synapse_server_name_info` metric to map Synapse `server_name`s to the `instance`s they're hosted on. - For process level metrics, update to use `xxx * on (instance, job, index) group_left(server_name) synapse_server_name_info{server_name="$server_name"}` All of the changes here are backwards compatible with whatever people were doing before with their Prometheus/Grafana dashboards. Previously, the recommendation was to use the `instance` label to group everything under the same server (https://github.com/element-hq/synapse/blob/803e4b4d884b2de4b9e20dc47ffb59a983b8a4b5/docs/metrics-howto.md#L93-L147) But the `instance` label actually has a special meaning and we're actually abusing it by using it that way: > `instance`: The `<host>:<port>` part of the target's URL that was scraped. > > *-- https://prometheus.io/docs/concepts/jobs_instances/#automatically-generated-labels-and-time-series* Since element-hq#18592 (Synapse `v1.139.0`), we now have the `server_name` label to use instead. --- Additionally, the assumption that a single process is serving a single server is no longer true with [Synapse Pro for small hosts](https://docs.element.io/latest/element-server-suite-pro/synapse-pro-for-small-hosts/overview/). Part of element-hq/synapse-small-hosts#106 ### Motivating use case Although this change also benefits [Synapse Pro for small hosts](https://docs.element.io/latest/element-server-suite-pro/synapse-pro-for-small-hosts/overview/) (element-hq/synapse-small-hosts#106), this is actually spawning from adding Prometheus metrics to our workerized Docker image (element-hq#19324, element-hq#19336) with a more correct label setup (without `instance`) and wanting the dashboard to be better. ### Testing strategy 1. Make sure your firewall allows the Docker containers to communicate to the host (`host.docker.internal`) so they can access exposed ports of other Docker containers. We want to allow Synapse to access the Prometheus container and Grafana to access to the Prometheus container. - `sudo ufw allow in on docker0 comment "Allow traffic from the default Docker network to the host machine (host.docker.internal)"` - `sudo ufw allow in on br-+ comment "(from Matrix Complement testing) Allow traffic from custom Docker networks to the host machine (host.docker.internal)"` - [Complement firewall docs](https://github.com/matrix-org/complement/blob/ee6acd9154bbae2d0071a9cb39593c0a5e37268b/README.md#potential-conflict-with-firewall-software) 1. Build the Docker image for Synapse: `docker build -t matrixdotorg/synapse -f docker/Dockerfile .` ([docs](https://github.com/element-hq/synapse/blob/7a24fafbc376b9bffeb3277b1ad4aa950720c96c/docker/README-testing.md#building-and-running-the-images-manually)) 1. Generate config for Synapse: ``` docker run -it --rm \ --mount type=volume,src=synapse-data,dst=/data \ -e SYNAPSE_SERVER_NAME=my.docker.synapse.server \ -e SYNAPSE_REPORT_STATS=yes \ -e SYNAPSE_ENABLE_METRICS=1 \ matrixdotorg/synapse:latest generate ``` 1. Start Synapse: ``` docker run -d --name synapse \ --mount type=volume,src=synapse-data,dst=/data \ -p 8008:8008 \ -p 19090:19090 \ matrixdotorg/synapse:latest ``` 1. You should be able to see metrics from Synapse at http://localhost:19090/_synapse/metrics 1. Create a Prometheus config (`prometheus.yml`) ```yaml global: scrape_interval: 15s scrape_timeout: 15s evaluation_interval: 15s scrape_configs: - job_name: prometheus scrape_interval: 15s metrics_path: /_synapse/metrics scheme: http static_configs: - targets: # This should point to the Synapse metrics listener (we're using `host.docker.internal` because this is from within the Prometheus container) - host.docker.internal:19090 ``` 1. Start Prometheus (update the volume bind mount to the config you just saved somewhere): ``` docker run \ --detach \ --name=prometheus \ --add-host host.docker.internal:host-gateway \ -p 9090:9090 \ -v ~/Documents/code/random/prometheus-config/prometheus.yml:/etc/prometheus/prometheus.yml \ prom/prometheus ``` 1. Make sure you're seeing some data in Prometheus. On http://localhost:9090/query, search for `synapse_build_info` 1. Start [Grafana](https://hub.docker.com/r/grafana/grafana) ``` docker run -d --name=grafana --add-host host.docker.internal:host-gateway -p 3000:3000 grafana/grafana ``` 1. Visit the Grafana dashboard, http://localhost:3000/ (Credentials: `admin`/`admin`) 1. **Connections** -> **Data Sources** -> **Add data source** -> **Prometheus** - Prometheus server URL: `http://host.docker.internal:9090` 1. Import the Synapse dashboard: `contrib/grafana/synapse.json` To test workers, you can use the testing strategy from element-hq#19336 (assumes both changes from this PR and the other PR are combined)

…all workers in Docker image (element-hq#19336) Add Prometheus [HTTP service discovery](https://prometheus.io/docs/prometheus/latest/http_sd/) endpoint for easy discovery of all workers in Docker image. Follow-up to element-hq#19324 Spawning from wanting to [run a load test](element-hq/synapse-rust-apps#397) against the Complement Docker image of Synapse and see metrics from the homeserver. `GET http://<synapse_container>:9469/metrics/service_discovery` ```json5 [ { "targets": [ "<host>", ... ], "labels": { "<labelname>": "<labelvalue>", ... } }, ... ] ``` The metrics from each worker can also be accessed via `http://<synapse_container>:9469/metrics/worker/<worker_name>` which is what the service discovery response points to behind the scenes. This way, you only need to expose a single port (9469) to access all metrics. <details> <summary>Real HTTP service discovery response</summary> ```json5 [ { "targets": [ "localhost:9469" ], "labels": { "job": "event_persister", "index": "1", "__metrics_path__": "/metrics/worker/event_persister1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "event_persister", "index": "2", "__metrics_path__": "/metrics/worker/event_persister2" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "background_worker", "index": "1", "__metrics_path__": "/metrics/worker/background_worker1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "event_creator", "index": "1", "__metrics_path__": "/metrics/worker/event_creator1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "user_dir", "index": "1", "__metrics_path__": "/metrics/worker/user_dir1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "media_repository", "index": "1", "__metrics_path__": "/metrics/worker/media_repository1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "federation_inbound", "index": "1", "__metrics_path__": "/metrics/worker/federation_inbound1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "federation_reader", "index": "1", "__metrics_path__": "/metrics/worker/federation_reader1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "federation_sender", "index": "1", "__metrics_path__": "/metrics/worker/federation_sender1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "synchrotron", "index": "1", "__metrics_path__": "/metrics/worker/synchrotron1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "client_reader", "index": "1", "__metrics_path__": "/metrics/worker/client_reader1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "appservice", "index": "1", "__metrics_path__": "/metrics/worker/appservice1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "pusher", "index": "1", "__metrics_path__": "/metrics/worker/pusher1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "device_lists", "index": "1", "__metrics_path__": "/metrics/worker/device_lists1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "device_lists", "index": "2", "__metrics_path__": "/metrics/worker/device_lists2" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "stream_writers", "index": "1", "__metrics_path__": "/metrics/worker/stream_writers1" } }, { "targets": [ "localhost:9469" ], "labels": { "job": "main", "index": "1", "__metrics_path__": "/metrics/worker/main" } } ] ``` </details> And how it ends up as targets in Prometheus (http://localhost:9090/targets): (image) ### Testing strategy 1. Make sure your firewall allows the Docker containers to communicate to the host (`host.docker.internal`) so they can access exposed ports of other Docker containers. We want to allow Synapse to access the Prometheus container and Grafana to access to the Prometheus container. - `sudo ufw allow in on docker0 comment "Allow traffic from the default Docker network to the host machine (host.docker.internal)"` - `sudo ufw allow in on br-+ comment "(from Matrix Complement testing) Allow traffic from custom Docker networks to the host machine (host.docker.internal)"` - [Complement firewall docs](https://github.com/matrix-org/complement/blob/ee6acd9154bbae2d0071a9cb39593c0a5e37268b/README.md#potential-conflict-with-firewall-software) 1. Build the Docker image for Synapse: `docker build -t matrixdotorg/synapse -f docker/Dockerfile . && docker build -t matrixdotorg/synapse-workers -f docker/Dockerfile-workers .` ([docs](https://github.com/element-hq/synapse/blob/7a24fafbc376b9bffeb3277b1ad4aa950720c96c/docker/README-testing.md#building-and-running-the-images-manually)) 1. Start Synapse: ``` docker run -d --name synapse \ --mount type=volume,src=synapse-data,dst=/data \ -e SYNAPSE_SERVER_NAME=my.docker.synapse.server \ -e SYNAPSE_REPORT_STATS=no \ -e SYNAPSE_ENABLE_METRICS=1 \ -p 8008:8008 \ -p 9469:9469 \ matrixdotorg/synapse-workers:latest ``` - Also try with workers: ``` docker run -d --name synapse \ --mount type=volume,src=synapse-data,dst=/data \ -e SYNAPSE_SERVER_NAME=my.docker.synapse.server \ -e SYNAPSE_REPORT_STATS=no \ -e SYNAPSE_ENABLE_METRICS=1 \ -e SYNAPSE_WORKER_TYPES="\ event_persister:2, \ background_worker, \ event_creator, \ user_dir, \ media_repository, \ federation_inbound, \ federation_reader, \ federation_sender, \ synchrotron, \ client_reader, \ appservice, \ pusher, \ device_lists:2, \ stream_writers=account_data+presence+receipts+to_device+typing" \ -p 8008:8008 \ -p 9469:9469 \ matrixdotorg/synapse-workers:latest ``` 1. You should be able to see Prometheus service discovery endpoint at http://localhost:9469/metrics/service_discovery 1. Create a Prometheus config (`prometheus.yml`) ```yaml global: scrape_interval: 15s scrape_timeout: 15s evaluation_interval: 15s scrape_configs: - job_name: synapse scrape_interval: 15s metrics_path: /_synapse/metrics scheme: http # We set `honor_labels` so that each service can set their own `job` label # # > honor_labels controls how Prometheus handles conflicts between labels that are # > already present in scraped data and labels that Prometheus would attach # > server-side ("job" and "instance" labels, manually configured target # > labels, and labels generated by service discovery implementations). # > # > *-- https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config* honor_labels: true # Use HTTP service discovery # # Reference: # - https://prometheus.io/docs/prometheus/latest/http_sd/ # - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config http_sd_configs: - url: 'http://localhost:9469/metrics/service_discovery' ``` 1. Start Prometheus (update the volume bind mount to the config you just saved somewhere): ``` docker run \ --detach \ --name=prometheus \ --add-host host.docker.internal:host-gateway \ -p 9090:9090 \ -v ~/Documents/code/random/prometheus-config/prometheus.yml:/etc/prometheus/prometheus.yml \ prom/prometheus ``` 1. Make sure you're seeing some data in Prometheus. On http://localhost:9090/query, search for `synapse_build_info` 1. Start [Grafana](https://hub.docker.com/r/grafana/grafana) ``` docker run -d --name=grafana --add-host host.docker.internal:host-gateway -p 3000:3000 grafana/grafana ``` 1. Visit the Grafana dashboard, http://localhost:3000/ (Credentials: `admin`/`admin`) 1. **Connections** -> **Data Sources** -> **Add data source** -> **Prometheus** - Prometheus server URL: `http://host.docker.internal:9090` 1. Import the Synapse dashboard: https://github.com/element-hq/synapse/blob/develop/contrib/grafana/synapse.json

Store the JSON content of scheduled delayed events as text instead of a byte array. This brings it in line with the `event_json` table's `json` column, and fixes the inability to schedule a delayed event with non-ASCII characters in its content. Fixes element-hq#19242

…lement-hq#19383) Spawning from not seeing any reactor metrics in the Grafana dashboard in some load tests, noticing `python_twisted_reactor_tick_time_bucket` is `0` in Prometheus, following it back to Synapse and seeing that we don't warn about skipping reactor metrics in all cases (when using an unknown reactor type). A follow-up to this would be to actually figure out how to instrument the `ProxiedReactor` or why `ProxiedReactor` is being chosen in the first place and see if we can get it to use a more normal type :thinking: ### Reproduction instructions 1. Using the Complement scripts **with workers**: `WORKERS=1 ./scripts-dev/complement.sh ./tests/csapi` 1. `docker logs complement_csapi_dirty_hs1 2>&1 | grep -i "reactor"` 1. With these changes, notice `Skipping configuring ReactorLastSeenMetric: unexpected reactor type: <__main__.ProxiedReactor object at 0x7fc0adaaea50>` and `Twisted reactor: ProxiedReactor` 1. Cleanup: - `docker stop $(docker ps --all --filter "label=complement_context" --quiet)` - `docker rm $(docker ps --all --filter "label=complement_context" --quiet)` I'm unable to reproduce with the normal Synapse images or `complement-synapse` without workers. They all use `Twisted reactor: EPollReactor` <details> <summary>Checking <code>docker/Dockerfile-workers</code></summary> 1. Build the Docker image for Synapse: `docker build -t matrixdotorg/synapse -f docker/Dockerfile . && docker build -t matrixdotorg/synapse-workers -f docker/Dockerfile-workers .` ([docs](https://github.com/element-hq/synapse/blob/7a24fafbc376b9bffeb3277b1ad4aa950720c96c/docker/README-testing.md#building-and-running-the-images-manually)) 1. Start Synapse: ``` docker run -d --name synapse \ --mount type=volume,src=synapse-data,dst=/data \ -e SYNAPSE_SERVER_NAME=my.docker.synapse.server \ -e SYNAPSE_REPORT_STATS=no \ -e SYNAPSE_ENABLE_METRICS=1 \ -p 8008:8008 \ -p 9469:9469 \ matrixdotorg/synapse-workers:latest ``` 1. `docker logs synapse 2>&1 | grep -i "reactor"` 1. Says `Twisted reactor: EPollReactor` </details>

Previously, because `conn.rollback()` was inside the `if i < MAX_NUMBER_OF_RETRIES:` condition, it never rolled back on the final retry. Part of element-hq#19202 There are other problems mentioned in element-hq#19202 but this is a nice standalone change.

…hq#19381) These are automatic changes from importing/exporting from Grafana 12.3.1. In order to verify that I'm not sneaking in any changes, you can follow these steps to get the same output. Reproduction instructions: 1. Start [Grafana](https://hub.docker.com/r/grafana/grafana) ``` docker run -d --name=grafana --add-host host.docker.internal:host-gateway -p 3000:3000 grafana/grafana ``` 1. Visit the Grafana dashboard, http://localhost:3000/ (Credentials: `admin`/`admin`) 1. Import the Synapse dashboard: `contrib/grafana/synapse.json` 1. Export the Synapse dashboard. On the dashboard page -> **Export** -> **Export as code** -> Using the **Classic** model -> Check **Export for sharing externally** -> Copy 1. Paste into `contrib/grafana/synapse.json` 1. `git status`/`git diff` to check if there is any diff Sanity checked the dashboard itself by importing the dashboard on https://grafana.matrix.org/ (Grafana 10.4.1 according to https://grafana.matrix.org/api/health). The process-level metrics won't work because element-hq#19337 just merged and isn't on `matrix.org` yet. Also just generally, this dashboard works for me locally with the [load-tests](element-hq/synapse-rust-apps#397) I've been doing. ### Motivation There are few fixes I want to make to the Grafana dashboard and it sucks having to manually translate everything back over because we have different formatting. Hopefully after this bulk change, future exports will have exactly what we want to change.

Bumps [pyasn1](https://github.com/pyasn1/pyasn1) from 0.6.1 to 0.6.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pyasn1/pyasn1/releases">pyasn1's releases</a>.</em></p> <blockquote> <h2>Release 0.6.2</h2> <p>It's a minor release.</p> <ul> <li>Fixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).</li> <li>Added support for Python 3.14.</li> <li>Added SECURITY.md policy.</li> <li>Migrated to pyproject.toml packaging.</li> </ul> <p>All changes are noted in the <a href="https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst">CHANGELOG</a>.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst">pyasn1's changelog</a>.</em></p> <blockquote> <h2>Revision 0.6.2, released 16-01-2026</h2> <ul> <li>CVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits in OID/RELATIVE-OID decoder (thanks to tsigouris007)</li> <li>Added support for Python 3.14 [pr <a href="https://redirect.github.com/pyasn1/pyasn1/issues/97">#97</a>](<a href="https://redirect.github.com/pyasn1/pyasn1/pull/97">pyasn1/pyasn1#97</a>)</li> <li>Added SECURITY.md policy</li> <li>Fixed unit tests failing due to missing code [issue <a href="https://redirect.github.com/pyasn1/pyasn1/issues/91">#91</a>](<a href="https://redirect.github.com/pyasn1/pyasn1/issues/91">pyasn1/pyasn1#91</a>) [pr <a href="https://redirect.github.com/pyasn1/pyasn1/issues/92">#92</a>](<a href="https://redirect.github.com/pyasn1/pyasn1/pull/92">pyasn1/pyasn1#92</a>)</li> <li>Migrated to pyproject.toml packaging [pr <a href="https://redirect.github.com/pyasn1/pyasn1/issues/90">#90</a>](<a href="https://redirect.github.com/pyasn1/pyasn1/pull/90">pyasn1/pyasn1#90</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424"><code>e7356f8</code></a> Prepare release 0.6.2</li> <li><a href="https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970"><code>3908f14</code></a> Merge commit from fork</li> <li><a href="https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c"><code>0a7e067</code></a> Add support for Python 3.14 (<a href="https://redirect.github.com/pyasn1/pyasn1/issues/97">#97</a>)</li> <li><a href="https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1"><code>33656e9</code></a> Create Security Policy</li> <li><a href="https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e"><code>fa62307</code></a> fix for issue <a href="https://redirect.github.com/pyasn1/pyasn1/issues/91">#91</a>: unit tests failing due to missing code (<a href="https://redirect.github.com/pyasn1/pyasn1/issues/92">#92</a>)</li> <li><a href="https://github.com/pyasn1/pyasn1/commit/f1ed02e41c193a66741572185bab94d34f43daec"><code>f1ed02e</code></a> Package pyasn1 with pyproject.toml (<a href="https://redirect.github.com/pyasn1/pyasn1/issues/90">#90</a>)</li> <li><a href="https://github.com/pyasn1/pyasn1/commit/93c4d4f0b6af84c13517b5700104ac57fb6d3fe5"><code>93c4d4f</code></a> Switch documentation user to pyasn1 (<a href="https://redirect.github.com/pyasn1/pyasn1/issues/89">#89</a>)</li> <li>See full diff in <a href="https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyasn1&package-manager=pip&previous-version=0.6.1&new-version=0.6.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/element-hq/synapse/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…0.24 (element-hq#19379) Fixes element-hq#19375 `prometheus_client` 0.24 makes `Collector` a generic type. Previously, `InFlightGauge` inherited from both `Generic[MetricsEntry]` and `Collector`, resulting in the error `TypeError: cannot create a consistent MRO` when using `prometheus_client` >= 0.24. This behaviour of disallowing multiple `Generic` inheritance is more strictly enforced starting with python 3.14, but can still lead to issues with earlier versions of python. This PR separates runtime and typing inheritance for `InFlightGauge`: - Runtime: `InFlightGauge` inherits only from `Collector` - Typing: `InFlightGauge` is generic This preserves static typing, avoids MRO conflicts, and supports both `prometheus_client` <0.24 and >=0.24. I have tested these changes out locally with `prometheus_client` 0.23.1 & 0.24 on python 3.14 while sending a bunch of messages over federation and watching a grafana dashboard configured to show `synapse_util_metrics_block_in_flight_total` & `synapse_util_metrics_block_in_flight_real_time_sum` (the only metric setup to use `InFlightGauge`) and things are working in each case. https://github.com/element-hq/synapse/blob/a1e9abc7df3e6c43a95cba059348546a4c9d4491/synapse/util/metrics.py#L112-L119 ### Pull Request Checklist  * [X] Pull request is based on the develop branch * [X] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [X] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))

…ker Complement tests (element-hq#19385) Follow-up to element-hq#19383 The [`ProxiedReactor`](https://github.com/element-hq/synapse/blob/079c52e16b3e75929380d59c5f1d85b66c1a4ccf/synapse/app/complement_fork_starter.py#L38-L71) is a special custom reactor used in the `synapse/app/complement_fork_starter.py`. It's used by default when using `WORKERS=1 ./scripts-dev/complement.sh` (see `SYNAPSE_USE_EXPERIMENTAL_FORKING_LAUNCHER`). The point of the forking launcher is to improve start-up times and the point of the [`ProxiedReactor`](https://github.com/element-hq/synapse/blob/079c52e16b3e75929380d59c5f1d85b66c1a4ccf/synapse/app/complement_fork_starter.py#L38-L71) is explained in the [docstring](https://github.com/element-hq/synapse/blob/079c52e16b3e75929380d59c5f1d85b66c1a4ccf/synapse/app/complement_fork_starter.py#L38-L56) (introduced in matrix-org/synapse#13127) ### Reproduction instructions 1. Using the Complement scripts **with workers**: `WORKERS=1 COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh ./tests/csapi` 1. `docker logs complement_csapi_dirty_hs1 2>&1 | grep -i "reactor"` 1. With these changes, notice `Twisted reactor: ProxiedReactor` but no warning about `Skipping configuring ReactorLastSeenMetric: unexpected reactor type: <__main__.ProxiedReactor object at 0x7fc0adaaea50>` 1. Cleanup: - `docker stop $(docker ps --all --filter "label=complement_context" --quiet)` - `docker rm $(docker ps --all --filter "label=complement_context" --quiet)` To test that we're actually seeing reactor metrics, I've been using this with the load-test runs in element-hq/synapse-rust-apps#397

When we change the `required_state` config for a room in sliding sync, we insert a new entry into the `sliding_sync_connection_required_state` table. As the sliding sync connection advances we can accrue a lot of stale entries, so let's clear those out. This is a sort of follow on from element-hq#19211 --------- Co-authored-by: Eric Eastwood <erice@element.io>

On restart we retry joining partially stated rooms, but if you have a bunch in the database this can cause big performance issues if we start them all at once. So we stagger them.

…nt persistence rate (element-hq#19399) This is the same thing we already do in the [`matrix.org` dashboard](https://grafana.matrix.org/d/000000012/synapse) and although the purple dots aren't new (introduced in matrix-org/synapse#10001), you can see that was the intention in element-hq#18510. I think this was just how our contrib dashboard looked at the time and perhaps was a Grafana version mismatch thing which is why it didn't translate.

….0 (element-hq#19412) Hello, I'm writing on behalf of the Citadel product developed by ERCOM. This PR bumps `pyo3` from 0.26.0 to 0.27.2 and `pythonize` from 0.26.0 to 0.27.0. For the code migration I followed the guide found here: [link](https://pyo3.rs/v0.27.0/migration.html).

The `Clock` tracks looping calls to allow cancelling of all looping calls. However, this stopped them from getting garbage collected. This was introduced in element-hq#18828 Fixes element-hq#19392

…iate on psycop2 for now This will use executemany()(inside of execute_batch()) from psycopg instead, which uses pipeline mode

clokep · 2026-02-03T16:14:30Z

Test failures are flakes, so let's get this merged.

anoadragon453 and others added 30 commits November 19, 2025 11:37

move postgres 13 deprecation note to top of changelog

3779c59

Allow ruff to auto-fix trailing spaces in multi-line comments (elem…

b7e592a

…ent-hq#19221)

1.143.0

2eb76b4

Capitalize Synapse in changelog

87d6e27

Merge branch 'master' into develop

ae98771

Put MSC2666 endpoint behind an experimental flag (element-hq#19219)

ba65d8c

Stop building wheels for MacOS (element-hq#19225)

2741ead

Fix case where get_partial_current_state_deltas could return >100 r…

703464c

…ows (element-hq#18960)

Prevent lint-newsfile job activating when fixing dependabot PR bran…

52089f1

…ches (element-hq#19220)

Move RestartDelayedEventServlet to workers (element-hq#19207)

566670c

Use sqlglot to properly check SQL delta files (element-hq#19224)

78ec304

Rather than using dodgy regexes which keep breaking. Also fixes a regression where it looks like we didn't fail CI if the delta was in the wrong place.

Add a unit test that ensures that deleting a device purges the associ…

778897a

…ated refresh token (element-hq#19230)

Move call invite filtering logic to filter_events_for_client (eleme…

034c5e6

…nt-hq#17782)

Document how merging config files works - see element-hq#11203 (eleme…

c20dd88

…nt-hq#19243) --------- Signed-off-by: Andre Klärner <kandre@ak-online.be> Co-authored-by: Olivier 'reivilibre <olivier@librepush.net>

anoadragon453 and others added 27 commits January 13, 2026 15:52

Update usage of deprecated release.title in release script (element…

9285cdf

…-hq#19358)

Merge branch 'master' into develop

8eb9d78

Give an estimate for room complexity values. (element-hq#19384)

8bdb72c

1.146.0rc1

a0e6a05

Don't retry joining partial state rooms all at once (element-hq#19402)

9a743a4

On restart we retry joining partially stated rooms, but if you have a bunch in the database this can cause big performance issues if we start them all at once. So we stagger them.

Limit health endpoint to /health$ (element-hq#19405)

24df0ed

1.146.0

53e8a3c

Merge branch 'master' into develop

9ad3f0c

Fix looping calls not getting GCed. (element-hq#19416)

0dfcffa

The `Clock` tracks looping calls to allow cancelling of all looping calls. However, this stopped them from getting garbage collected. This was introduced in element-hq#18828 Fixes element-hq#19392

Merge branch 'develop' into jason/psycopg-merge-develop

c195ee6

Adjust for execute_values() usage with fetch=False to only be appropr…

99ff2ac

…iate on psycop2 for now This will use executemany()(inside of execute_batch()) from psycopg instead, which uses pipeline mode

jason-famedly mentioned this pull request Jan 31, 2026

Adjust for feedback from PR#18999 #7

Merged

clokep merged commit 680ffee into clokep:psycopg3 Feb 3, 2026
44 of 47 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update to current develop#6

Update to current develop#6
clokep merged 148 commits intoclokep:psycopg3from
jason-famedly:jason/psycopg-merge-develop

jason-famedly commented Jan 31, 2026

Uh oh!

clokep commented Feb 3, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

20 participants

Conversation

jason-famedly commented Jan 31, 2026

Uh oh!

clokep commented Feb 3, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

20 participants