Commit Graph

23507 Commits

Author SHA1 Message Date
dependabot[bot]
95320bc34e
Bump ruff from 0.1.7 to 0.1.13 (#16814) 2024-01-16 11:35:57 +00:00
dependabot[bot]
69637f8bac
Bump service-identity from 23.1.0 to 24.1.0 (#16816) 2024-01-15 13:54:38 +00:00
dependabot[bot]
2ce91cf26f
Bump typing-extensions from 4.8.0 to 4.9.0 (#16815) 2024-01-15 13:54:23 +00:00
dependabot[bot]
d895a64f19
Bump lxml from 4.9.3 to 5.1.0 (#16813) 2024-01-15 13:53:54 +00:00
dependabot[bot]
a83a270069
Bump immutabledict from 4.0.0 to 4.1.0 (#16812) 2024-01-15 13:53:33 +00:00
Erik Johnston
c6e0d845d3
Fix building of deps after bump of pillow version (#16817)
Broke in https://github.com/element-hq/synapse/pull/16802
2024-01-15 13:51:48 +00:00
Erik Johnston
4e4a0f79b9
Update license in Debian metadata (#16807) 2024-01-11 16:25:16 +00:00
Erik Johnston
c43f751013
Optimize query for fetching to-device messages in /sync (#16805)
The current query supports passing in a list of users, which generates a
query using `user_id = ANY(..)`. This is generates a less efficient
query plan that is notably slower than a simple `user_id = ?` condition.

Note: The new function is mostly a copy and paste and then a
simplification of the existing function.
2024-01-11 13:37:57 +00:00
Erik Johnston
b11f7b5122
Improve DB performance of calculating badge counts for push. (#16756)
The crux of the change is to try and make the queries simpler and pull
out fewer rows. Before, there were quite a few joins against subqueries,
which caused postgres to pull out more rows than necessary.

Instead, let's simplify the query and do some of the filtering out in
Python instead, letting Postgres do better optimizations now that it
doesn't have to deal with joins against subqueries.

Review note: this is a complete rewrite of the function, so not sure how
useful the diff is.

---------

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
2024-01-11 11:52:13 +00:00
dependabot[bot]
79a88b5fc9
Bump pillow from 10.1.0 to 10.2.0 (#16802) 2024-01-11 11:25:23 +00:00
dependabot[bot]
791c282349
Bump actions/upload-artifact from 3 to 4 (#16796) 2024-01-11 10:16:49 +00:00
dependabot[bot]
f1e6b9717e
Bump actions/download-artifact from 3 to 4 (#16795) 2024-01-11 10:16:01 +00:00
dependabot[bot]
b309a4ecdf
Bump dawidd6/action-download-artifact from 2.28.0 to 3.0.0 (#16794) 2024-01-11 10:15:31 +00:00
Erik Johnston
a986f86c82
Correctly handle OIDC config with no client_secret set (#16806)
In previous versions of authlib using `client_secret_basic` without a
`client_secret` would result in an invalid auth header. Since authlib
1.3 it throws an exception.

The configuration may be accepted in by very lax servers, so we don't
want to deny it outright. Instead, let's default the
`client_auth_method` to `none`, which does the right thing. If the
config specifies `client_auth_method` and no `client_secret` then that
is going to be bogus and we should reject it
2024-01-10 17:16:49 +00:00
Erik Johnston
cbe8a80d10
Faster load recents for sync (#16783)
This hopefully reduces the amount of state we need to keep in memory
2024-01-10 15:11:59 +00:00
dependabot[bot]
c9ac102668
Bump types-commonmark from 0.9.2.4 to 0.9.2.20240106 (#16797)
Bumps [types-commonmark](https://github.com/python/typeshed) from
0.9.2.4 to 0.9.2.20240106.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/python/typeshed/commits">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-commonmark&package-manager=pip&previous-version=0.9.2.4&new-version=0.9.2.20240106)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-10 15:06:35 +00:00
dependabot[bot]
b715799bb5
Bump pyo3 from 0.20.0 to 0.20.2 (#16791)
Bumps [pyo3](https://github.com/pyo3/pyo3) from 0.20.0 to 0.20.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pyo3/pyo3/releases">pyo3's
releases</a>.</em></p>
<blockquote>
<h2>PyO3 0.20.2</h2>
<p>This release corrects a failure to compile of the <code>either</code>
feature when the <code>experimental-inspect</code> feature is not
enabled.</p>
<p>It also adds backwards-compatibility for <code>pyo3</code> 0.20.0 to
build against <code>pyo3-build-config</code> 0.20.2, as
<code>pyo3</code> 0.20.0 was (unintentionally) not pinned against an
exact patch version <code>pyo3-build-config</code>, and
<code>pyo3</code> 0.20.0 could not build against
<code>pyo3-build-config</code> 0.20.1 due to an internal API
adjustment.</p>
<p>Thank you to the following users for the improvements:</p>
<p><a
href="https://github.com/adamreichold"><code>@​adamreichold</code></a>
<a
href="https://github.com/davidhewitt"><code>@​davidhewitt</code></a></p>
<h2>PyO3 0.20.1</h2>
<p>This release is a maintenance release to resolve <a
href="https://redirect.github.com/rust-lang/rust-clippy/issues/12039">a
clippy warning</a> which triggers on function arguments of
<code>Py&lt;Self&gt;</code>.</p>
<p>This release also contains a few minor API additions, including
optional support for the <code>either</code> and <code>smallvec</code>
crates.</p>
<p>Thank you to the following users for the improvements:</p>
<p><a
href="https://github.com/adamreichold"><code>@​adamreichold</code></a>
<a href="https://github.com/aldanor"><code>@​aldanor</code></a>
<a href="https://github.com/alex"><code>@​alex</code></a>
<a href="https://github.com/daemontus"><code>@​daemontus</code></a>
<a href="https://github.com/davidhewitt"><code>@​davidhewitt</code></a>
<a href="https://github.com/mejrs"><code>@​mejrs</code></a>
<a href="https://github.com/messense"><code>@​messense</code></a>
<a href="https://github.com/neachdainn"><code>@​neachdainn</code></a>
<a href="https://github.com/orhun"><code>@​orhun</code></a>
<a
href="https://github.com/suriya-ganesh"><code>@​suriya-ganesh</code></a>
<a href="https://github.com/wyfo"><code>@​wyfo</code></a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/PyO3/pyo3/blob/main/CHANGELOG.md">pyo3's
changelog</a>.</em></p>
<blockquote>
<h2>[0.20.2] - 2024-01-04</h2>
<h3>Packaging</h3>
<ul>
<li>Pin <code>pyo3</code> and <code>pyo3-ffi</code> dependencies on
<code>pyo3-build-config</code> to require the same patch version, i.e.
<code>pyo3</code> 0.20.2 requires <em>exactly</em>
<code>pyo3-build-config</code> 0.20.2. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3721">#3721</a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix compile failure when building <code>pyo3</code> 0.20.0 with
latest <code>pyo3-build-config</code> 0.20.X. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3724">#3724</a></li>
<li>Fix docs.rs build. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3722">#3722</a></li>
</ul>
<h2>[0.20.1] - 2023-12-30</h2>
<h3>Added</h3>
<ul>
<li>Add optional <code>either</code> feature to add conversions for
<code>either::Either&lt;L, R&gt;</code> sum type. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3456">#3456</a></li>
<li>Add optional <code>smallvec</code> feature to add conversions for
<code>smallvec::SmallVec</code>. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3507">#3507</a></li>
<li>Add <code>take</code> and <code>into_inner</code> methods to
<code>GILOnceCell</code> <a
href="https://redirect.github.com/PyO3/pyo3/pull/3556">#3556</a></li>
<li><code>#[classmethod]</code> methods can now also receive
<code>Py&lt;PyType&gt;</code> as their first argument. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3587">#3587</a></li>
<li><code>#[pyfunction(pass_module)]</code> can now also receive
<code>Py&lt;PyModule&gt;</code> as their first argument. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3587">#3587</a></li>
<li>Add <code>traverse</code> method to <code>GILProtected</code>. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3616">#3616</a></li>
<li>Added <code>abi3-py312</code> feature <a
href="https://redirect.github.com/PyO3/pyo3/pull/3687">#3687</a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix minimum version specification for optional <code>chrono</code>
dependency. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3512">#3512</a></li>
<li>Silenced new <code>clippy::unnecessary_fallible_conversions</code>
warning when using a <code>Py&lt;Self&gt;</code> <code>self</code>
receiver. <a
href="https://redirect.github.com/PyO3/pyo3/pull/3564">#3564</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bcef18b988"><code>bcef18b</code></a>
release: 0.20.2</li>
<li><a
href="fa6d60b77e"><code>fa6d60b</code></a>
Use a definite version specification when depending on
pyo3-build-config.</li>
<li><a
href="f9f0bdde70"><code>f9f0bdd</code></a>
Merge pull request <a
href="https://redirect.github.com/pyo3/pyo3/issues/3724">#3724</a> from
davidhewitt/fix-build-config-issue</li>
<li><a
href="cf213252fa"><code>cf21325</code></a>
re-add emit_pyo3_cfgs for pyo3 0.20.0 compatibility</li>
<li><a
href="f7893858d2"><code>f789385</code></a>
Merge pull request <a
href="https://redirect.github.com/pyo3/pyo3/issues/3722">#3722</a> from
PyO3/fix-doc-build</li>
<li><a
href="9120b35f35"><code>9120b35</code></a>
Include the experimental-inspect feature for the docs.rs build thereby
making...</li>
<li><a
href="2e79c557cc"><code>2e79c55</code></a>
Add CI job to test the equivalent of a docs.rs build.</li>
<li><a
href="2564ca4e75"><code>2564ca4</code></a>
Fix missing feature flags in implementation of Either conversion.</li>
<li><a
href="be4d5627a3"><code>be4d562</code></a>
Merge pull request <a
href="https://redirect.github.com/pyo3/pyo3/issues/3713">#3713</a> from
PyO3/release-0.20.1</li>
<li><a
href="d3f034a80f"><code>d3f034a</code></a>
release: 0.20.1</li>
<li>Additional commits viewable in <a
href="https://github.com/pyo3/pyo3/compare/v0.20.0...v0.20.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyo3&package-manager=cargo&previous-version=0.20.0&new-version=0.20.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-10 15:06:18 +00:00
Erik Johnston
0a96fa52a2
Pull less state out if we fail to backfill (#16788)
Sometimes we fail to fetch events during backfill due to missing state,
and we often end up querying the same bad events periodically (as people
backpaginate). In such cases its likely we will continue to fail to get
the state, and therefore we should try *before* loading the state that
we have from the DB (as otherwise it's wasted DB and memory).

---------

Co-authored-by: reivilibre <oliverw@matrix.org>
2024-01-10 14:42:13 +00:00
dependabot[bot]
1485cfd0f2
Bump anyhow from 1.0.75 to 1.0.79 (#16789)
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.75 to 1.0.79.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/anyhow/releases">anyhow's
releases</a>.</em></p>
<blockquote>
<h2>1.0.79</h2>
<ul>
<li>Work around improperly cached build script result by sccache (<a
href="https://redirect.github.com/dtolnay/anyhow/issues/340">#340</a>)</li>
</ul>
<h2>1.0.78</h2>
<ul>
<li>Reduce spurious rebuilds under RustRover IDE when using a nightly
toolchain (<a
href="https://redirect.github.com/dtolnay/anyhow/issues/337">#337</a>)</li>
</ul>
<h2>1.0.77</h2>
<ul>
<li>Make <code>anyhow::Error::backtrace</code> available on stable Rust
compilers 1.65+ (<a
href="https://redirect.github.com/dtolnay/anyhow/issues/293">#293</a>,
thanks <a
href="https://github.com/LukasKalbertodt"><code>@​LukasKalbertodt</code></a>)</li>
</ul>
<h2>1.0.76</h2>
<ul>
<li>Opt in to <code>unsafe_op_in_unsafe_fn</code> lint (<a
href="https://redirect.github.com/dtolnay/anyhow/issues/329">#329</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="71ab53dd2e"><code>71ab53d</code></a>
Release 1.0.79</li>
<li><a
href="60705a53ce"><code>60705a5</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/anyhow/issues/340">#340</a>
from dtolnay/depinfo</li>
<li><a
href="17e252bfdf"><code>17e252b</code></a>
Include env-dep:RUSTC_BOOTSTRAP in dep-info for sccache</li>
<li><a
href="04774c0894"><code>04774c0</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/anyhow/issues/338">#338</a>
from dtolnay/nightlyci</li>
<li><a
href="1fd290c222"><code>1fd290c</code></a>
Make CI verify that error_generic_member_access works in latest
nightly</li>
<li><a
href="ee414707be"><code>ee41470</code></a>
RUSTC must be set by Cargo for build script</li>
<li><a
href="38c79ef242"><code>38c79ef</code></a>
Release 1.0.78</li>
<li><a
href="ded2295ff5"><code>ded2295</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/anyhow/issues/337">#337</a>
from dtolnay/bootstrap</li>
<li><a
href="ae45b672c9"><code>ae45b67</code></a>
Do not rebuild on RUSTC_BOOTSTRAP changes on nightly compiler</li>
<li><a
href="2d32366f58"><code>2d32366</code></a>
Update crate name used for build script probe</li>
<li>Additional commits viewable in <a
href="https://github.com/dtolnay/anyhow/compare/1.0.75...1.0.79">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anyhow&package-manager=cargo&previous-version=1.0.75&new-version=1.0.79)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-10 14:38:57 +00:00
dependabot[bot]
5d2e606076
Bump sentry-sdk from 1.35.0 to 1.39.1 (#16799)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from
1.35.0 to 1.39.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/sentry-python/releases">sentry-sdk's
releases</a>.</em></p>
<blockquote>
<h2>1.39.1</h2>
<h3>Various fixes &amp; improvements</h3>
<ul>
<li>Fix psycopg2 detection in the Django integration (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2593">#2593</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>Filter out empty string releases (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2591">#2591</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>Fixed local var not present when there is an error in a user's
<code>error_sampler</code> function (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2511">#2511</a>)
by <a
href="https://github.com/antonpirker"><code>@​antonpirker</code></a></li>
<li>Fixed typing in <code>aiohttp</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2590">#2590</a>)
by <a
href="https://github.com/antonpirker"><code>@​antonpirker</code></a></li>
</ul>
<h2>1.39.0</h2>
<h3>Various fixes &amp; improvements</h3>
<ul>
<li>Add support for cluster clients from Redis SDK (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2394">#2394</a>)
by <a href="https://github.com/md384"><code>@​md384</code></a></li>
<li>Improve location reporting for timer metrics (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2552">#2552</a>)
by <a
href="https://github.com/mitsuhiko"><code>@​mitsuhiko</code></a></li>
<li>Fix Celery <code>TypeError</code> with no-argument
<code>apply_async</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2575">#2575</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@​szokeasaurusrex</code></a></li>
<li>Fix Lambda integration with EventBridge source (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2546">#2546</a>)
by <a
href="https://github.com/davidcroda"><code>@​davidcroda</code></a></li>
<li>Add max tries to Spotlight (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2571">#2571</a>)
by <a href="https://github.com/hazAT"><code>@​hazAT</code></a></li>
<li>Handle <code>os.path.devnull</code> access issues (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2579">#2579</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>Change <code>code.filepath</code> frame picking logic (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2568">#2568</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>Trigger AWS Lambda tests on label (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2538">#2538</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>Run permissions step on pull_request_target but not push (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2548">#2548</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>Hash AWS Lambda test functions based on current revision (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2557">#2557</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>Update Django version in tests (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2562">#2562</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>Make metrics tests non-flaky (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2572">#2572</a>)
by <a
href="https://github.com/antonpirker"><code>@​antonpirker</code></a></li>
</ul>
<h2>1.38.0</h2>
<h3>Various fixes &amp; improvements</h3>
<ul>
<li>Only add trace context to checkins and do not run
<code>event_processors</code> for checkins (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2536">#2536</a>)
by <a
href="https://github.com/antonpirker"><code>@​antonpirker</code></a></li>
<li>Metric span summaries (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2522">#2522</a>)
by <a
href="https://github.com/mitsuhiko"><code>@​mitsuhiko</code></a></li>
<li>Add source context to code locations (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2539">#2539</a>)
by <a
href="https://github.com/jan-auer"><code>@​jan-auer</code></a></li>
<li>Use in-app filepath instead of absolute path (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2541">#2541</a>)
by <a
href="https://github.com/antonpirker"><code>@​antonpirker</code></a></li>
<li>Switch to <code>jinja2</code> for generating CI yamls (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2534">#2534</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
</ul>
<h2>1.37.1</h2>
<h3>Various fixes &amp; improvements</h3>
<ul>
<li>Fix <code>NameError</code> on <code>parse_version</code> with
eventlet (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2532">#2532</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>build(deps): bump checkouts/data-schemas from <code>68def1e</code>
to <code>e9f7d58</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2501">#2501</a>)
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
</ul>
<h2>1.37.0</h2>
<h3>Various fixes &amp; improvements</h3>
<ul>
<li>
<p>Move installed modules code to utils (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2429">#2429</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></p>
<p>Note: We moved the internal function
<code>_get_installed_modules</code> from
<code>sentry_sdk.integrations.modules</code> to
<code>sentry_sdk.utils</code>.
So if you use this function you have to update your imports</p>
</li>
<li>
<p>Add code locations for metrics (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2526">#2526</a>)
by <a href="https://github.com/jan-auer"><code>@​jan-auer</code></a></p>
</li>
<li>
<p>Add query source to DB spans (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2521">#2521</a>)
by <a
href="https://github.com/antonpirker"><code>@​antonpirker</code></a></p>
</li>
<li>
<p>Send events to Spotlight sidecar (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2524">#2524</a>)
by <a href="https://github.com/HazAT"><code>@​HazAT</code></a></p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md">sentry-sdk's
changelog</a>.</em></p>
<blockquote>
<h2>1.39.1</h2>
<h3>Various fixes &amp; improvements</h3>
<ul>
<li>Fix psycopg2 detection in the Django integration (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2593">#2593</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>Filter out empty string releases (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2591">#2591</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>Fixed local var not present when there is an error in a user's
<code>error_sampler</code> function (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2511">#2511</a>)
by <a
href="https://github.com/antonpirker"><code>@​antonpirker</code></a></li>
<li>Fixed typing in <code>aiohttp</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2590">#2590</a>)
by <a
href="https://github.com/antonpirker"><code>@​antonpirker</code></a></li>
</ul>
<h2>1.39.0</h2>
<h3>Various fixes &amp; improvements</h3>
<ul>
<li>Add support for cluster clients from Redis SDK (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2394">#2394</a>)
by <a href="https://github.com/md384"><code>@​md384</code></a></li>
<li>Improve location reporting for timer metrics (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2552">#2552</a>)
by <a
href="https://github.com/mitsuhiko"><code>@​mitsuhiko</code></a></li>
<li>Fix Celery <code>TypeError</code> with no-argument
<code>apply_async</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2575">#2575</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@​szokeasaurusrex</code></a></li>
<li>Fix Lambda integration with EventBridge source (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2546">#2546</a>)
by <a
href="https://github.com/davidcroda"><code>@​davidcroda</code></a></li>
<li>Add max tries to Spotlight (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2571">#2571</a>)
by <a href="https://github.com/hazAT"><code>@​hazAT</code></a></li>
<li>Handle <code>os.path.devnull</code> access issues (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2579">#2579</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>Change <code>code.filepath</code> frame picking logic (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2568">#2568</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>Trigger AWS Lambda tests on label (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2538">#2538</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>Run permissions step on pull_request_target but not push (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2548">#2548</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>Hash AWS Lambda test functions based on current revision (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2557">#2557</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>Update Django version in tests (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2562">#2562</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>Make metrics tests non-flaky (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2572">#2572</a>)
by <a
href="https://github.com/antonpirker"><code>@​antonpirker</code></a></li>
</ul>
<h2>1.38.0</h2>
<h3>Various fixes &amp; improvements</h3>
<ul>
<li>Only add trace context to checkins and do not run
<code>event_processors</code> for checkins (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2536">#2536</a>)
by <a
href="https://github.com/antonpirker"><code>@​antonpirker</code></a></li>
<li>Metric span summaries (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2522">#2522</a>)
by <a
href="https://github.com/mitsuhiko"><code>@​mitsuhiko</code></a></li>
<li>Add source context to code locations (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2539">#2539</a>)
by <a
href="https://github.com/jan-auer"><code>@​jan-auer</code></a></li>
<li>Use in-app filepath instead of absolute path (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2541">#2541</a>)
by <a
href="https://github.com/antonpirker"><code>@​antonpirker</code></a></li>
<li>Switch to <code>jinja2</code> for generating CI yamls (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2534">#2534</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
</ul>
<h2>1.37.1</h2>
<h3>Various fixes &amp; improvements</h3>
<ul>
<li>Fix <code>NameError</code> on <code>parse_version</code> with
eventlet (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2532">#2532</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></li>
<li>build(deps): bump checkouts/data-schemas from <code>68def1e</code>
to <code>e9f7d58</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2501">#2501</a>)
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a></li>
</ul>
<h2>1.37.0</h2>
<h3>Various fixes &amp; improvements</h3>
<ul>
<li>
<p>Move installed modules code to utils (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2429">#2429</a>)
by <a
href="https://github.com/sentrivana"><code>@​sentrivana</code></a></p>
<p>Note: We moved the internal function
<code>_get_installed_modules</code> from
<code>sentry_sdk.integrations.modules</code> to
<code>sentry_sdk.utils</code>.</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2b46ec3ba2"><code>2b46ec3</code></a>
Update CHANGELOG.md</li>
<li><a
href="d634c059ea"><code>d634c05</code></a>
release: 1.39.1</li>
<li><a
href="d76fa98332"><code>d76fa98</code></a>
fix(django): Fix psycopg2 detection (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2593">#2593</a>)</li>
<li><a
href="64c42ca975"><code>64c42ca</code></a>
fix(utils): Filter out empty string releases (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2591">#2591</a>)</li>
<li><a
href="47313123d8"><code>4731312</code></a>
Fixed local var not present when error in users error_sampler function
(<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2511">#2511</a>)</li>
<li><a
href="4deaa38413"><code>4deaa38</code></a>
Fixed typing in aiohttp (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2590">#2590</a>)</li>
<li><a
href="507d4098fb"><code>507d409</code></a>
Merge branch 'release/1.39.0'</li>
<li><a
href="c6cd6360d8"><code>c6cd636</code></a>
Update CHANGELOG.md</li>
<li><a
href="c3a60a60a2"><code>c3a60a6</code></a>
release: 1.39.0</li>
<li><a
href="7df152ba3d"><code>7df152b</code></a>
Change <code>code.filepath</code> frame picking logic (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2568">#2568</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/getsentry/sentry-python/compare/1.35.0...1.39.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sentry-sdk&package-manager=pip&previous-version=1.35.0&new-version=1.39.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-10 14:38:21 +00:00
dependabot[bot]
51096b62d9
Bump serde_json from 1.0.108 to 1.0.111 (#16792)
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.108 to
1.0.111.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/serde-rs/json/releases">serde_json's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.111</h2>
<ul>
<li>Improve floating point parsing performance on loongarch64 (<a
href="https://redirect.github.com/serde-rs/json/issues/1100">#1100</a>,
thanks <a
href="https://github.com/heiher"><code>@​heiher</code></a>)</li>
</ul>
<h2>v1.0.110</h2>
<ul>
<li>Update proc-macro2 to fix caching issue when using a rustc-wrapper
such as sccache</li>
</ul>
<h2>v1.0.109</h2>
<ul>
<li>Documentation improvements</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0131ac6821"><code>0131ac6</code></a>
Release 1.0.111</li>
<li><a
href="96ecfadd3f"><code>96ecfad</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1100">#1100</a>
from heiher/limb-64-la64</li>
<li><a
href="c80dbaf8ff"><code>c80dbaf</code></a>
Set limb width to 64 for loongarch64</li>
<li><a
href="df5cf215b7"><code>df5cf21</code></a>
Release 1.0.110</li>
<li><a
href="c35856a93c"><code>c35856a</code></a>
Pull in proc-macro2 sccache fix</li>
<li><a
href="f88bf1fccb"><code>f88bf1f</code></a>
Release 1.0.109</li>
<li><a
href="bb62c73ece"><code>bb62c73</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1097">#1097</a>
from serde-rs/doccfg</li>
<li><a
href="df36d109fd"><code>df36d10</code></a>
Restore doc cfg on re-exports</li>
<li><a
href="c367091342"><code>c367091</code></a>
Merge pull request <a
href="https://redirect.github.com/serde-rs/json/issues/1095">#1095</a>
from dtolnay/hashtest</li>
<li><a
href="b328ee7df4"><code>b328ee7</code></a>
Eliminate hash closure in favor of calling hash_one directly</li>
<li>Additional commits viewable in <a
href="https://github.com/serde-rs/json/compare/v1.0.108...v1.0.111">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=serde_json&package-manager=cargo&previous-version=1.0.108&new-version=1.0.111)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-10 14:37:53 +00:00
Erik Johnston
578c5c736e
Reduce amount of state pulled out when querying federation hierachy (#16785)
There are two changes here:

1. Only pull out the required state when handling the request.
2. Change the get filtered state return type to check that we're only
querying state that was requested

---------

Co-authored-by: reivilibre <oliverw@matrix.org>
2024-01-10 14:31:35 +00:00
Erik Johnston
4c67f0391b
Split up deleting devices into batches (#16766)
Otherwise for users with large numbers of devices this can cause a lot
of woe.
2024-01-10 13:55:16 +00:00
Erik Johnston
72e9b74bbf
Fix auto-merge CI to correctly wait for linting. (#16781)
Otherwise if you hit the `Enable auto-merge` button and the linting
fails the PR is still aut-merged.
2024-01-10 13:53:44 +00:00
Erik Johnston
8189942a1f
Remove CI check for sign off (#16776)
Since we don't require one anymore.
2024-01-10 13:53:20 +00:00
Andrew Morgan
13e3740f70
Add a link to the Request log format page from Logging Sample Config (#16778) 2024-01-10 13:34:55 +00:00
dependabot[bot]
b96ce9229d
Bump types-jsonschema from 4.20.0.0 to 4.20.0.20240105 (#16800)
Bumps [types-jsonschema](https://github.com/python/typeshed) from
4.20.0.0 to 4.20.0.20240105.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/python/typeshed/commits">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-jsonschema&package-manager=pip&previous-version=4.20.0.0&new-version=4.20.0.20240105)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-10 13:27:45 +00:00
Erik Johnston
c3f2f0f063
Faster partial join to room with complex auth graph (#7)
Instead of persisting outliers in a bunch of batches, let's just do them
all at once.

This is fine because all `_auth_and_persist_outliers_inner` is doing is
checking the auth rules for each event, which requires the events to be
topologically sorted by the auth graph.
2024-01-10 12:29:42 +00:00
dependabot[bot]
a0f0fdf4d4
Bump authlib from 1.2.1 to 1.3.0 (#16801)
Bumps [authlib](https://github.com/lepture/authlib) from 1.2.1 to 1.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/lepture/authlib/releases">authlib's
releases</a>.</em></p>
<blockquote>
<h2>Version 1.3.0</h2>
<p><strong>Bug fixes</strong></p>
<ul>
<li>Restore AuthorizationServer.create_authorization_response behavior,
via <a
href="https://redirect.github.com/lepture/authlib/issues/558">#558</a>
by <a
href="https://github.com/TurnrDev"><code>@​TurnrDev</code></a></li>
<li>Include leeway in validate_iat() for JWT, via <a
href="https://redirect.github.com/lepture/authlib/issues/565">#565</a>
by <a href="https://github.com/dhallam"><code>@​dhallam</code></a></li>
<li>Fix encode_client_secret_basic, via <a
href="https://redirect.github.com/lepture/authlib/issues/594">#594</a>
by <a href="https://github.com/Prilkop"><code>@​Prilkop</code></a></li>
<li>Use single key in JWK if JWS does not specify kid, via <a
href="https://redirect.github.com/lepture/authlib/issues/596">#596</a>
by <a
href="https://github.com/dklimpel"><code>@​dklimpel</code></a></li>
<li>Fix error when RFC9068 JWS has no scope field, via <a
href="https://redirect.github.com/lepture/authlib/issues/598">#598</a>
by <a
href="https://github.com/tanguilp"><code>@​tanguilp</code></a></li>
<li>Get werkzeug version using importlib, via <a
href="https://redirect.github.com/lepture/authlib/issues/591">#591</a>
by <a
href="https://github.com/Sparrow0hawk"><code>@​Sparrow0hawk</code></a></li>
</ul>
<p><strong>Breaking changes</strong></p>
<ul>
<li>RFC9068 implementation, via <a
href="https://redirect.github.com/lepture/authlib/issues/586">#586</a>
by <a href="https://github.com/azmeuk"><code>@​azmeuk</code></a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/lepture/authlib/blob/master/docs/changelog.rst">authlib's
changelog</a>.</em></p>
<blockquote>
<h2>Version 1.3.0</h2>
<p><strong>Released on Dec 17, 2023</strong></p>
<ul>
<li>Restore
<code>AuthorizationServer.create_authorization_response</code> behavior,
via :PR:<code>558</code></li>
<li>Include <code>leeway</code> in <code>validate_iat()</code> for JWT,
via :PR:<code>565</code></li>
<li>Fix <code>encode_client_secret_basic</code>, via
:PR:<code>594</code></li>
<li>Use single key in JWK if JWS does not specify <code>kid</code>, via
:PR:<code>596</code></li>
<li>Fix error when RFC9068 JWS has no scope field, via
:PR:<code>598</code></li>
<li>Get werkzeug version using importlib, via :PR:<code>591</code></li>
</ul>
<p><strong>New features</strong>:</p>
<ul>
<li>RFC9068 implementation, via :PR:<code>586</code>, by <a
href="https://github.com/azmeuk"><code>@​azmeuk</code></a>.</li>
</ul>
<p><strong>Breaking changes</strong>:</p>
<ul>
<li>End support for python 3.7</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a7d68b4c3b"><code>a7d68b4</code></a>
chore: release 1.3.0</li>
<li><a
href="a26f1d0993"><code>a26f1d0</code></a>
Merge GitHub action for release</li>
<li><a
href="2d66702dec"><code>2d66702</code></a>
Merge pull request <a
href="https://redirect.github.com/lepture/authlib/issues/591">#591</a>
from Sparrow0hawk/patch-2</li>
<li><a
href="0f8e08738b"><code>0f8e087</code></a>
docs: add changelog for 1.3.0</li>
<li><a
href="3ffc950d5b"><code>3ffc950</code></a>
chore: fix pypi release action</li>
<li><a
href="a2543b9ad0"><code>a2543b9</code></a>
chore: add pypi github action</li>
<li><a
href="c7e1b2d41d"><code>c7e1b2d</code></a>
chore: move configuration from setup.cfg to pyproject.toml</li>
<li><a
href="04e83f60ae"><code>04e83f6</code></a>
Merge pull request <a
href="https://redirect.github.com/lepture/authlib/issues/598">#598</a>
from tanguilp/fix-rfc9068-no-scope-in-jws</li>
<li><a
href="092f688b0d"><code>092f688</code></a>
Fix error when RFC9068 JWS has no scope field</li>
<li><a
href="ac58322655"><code>ac58322</code></a>
Get werkzeug version using importlib</li>
<li>Additional commits viewable in <a
href="https://github.com/lepture/authlib/compare/v1.2.1...v1.3.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=authlib&package-manager=pip&previous-version=1.2.1&new-version=1.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-10 11:30:21 +00:00
Erik Johnston
06ea5f78fc Fixup changelog links 2024-01-09 15:09:32 +00:00
Erik Johnston
d4c652bedc Fix changelog links 2024-01-09 14:01:47 +00:00
Erik Johnston
7109274c65 1.99.0rc1 2024-01-09 13:44:02 +00:00
reivilibre
a83a337c4d
Filter out rooms from the room directory being served to other homeservers when those rooms block that homeserver by their Access Control Lists. (#16759)
The idea here being that the directory server shouldn't advertise rooms
to a requesting server is the requesting server would not be allowed to
join or participate in the room.

<!--
Fixes: # <!-- -->
<!--
Supersedes: # <!-- -->
<!--
Follows: # <!-- -->
<!--
Part of: # <!-- -->
Base: `develop` <!-- git-stack-base-branch:develop -->

<!--
This pull request is commit-by-commit review friendly. <!-- -->
<!--
This pull request is intended for commit-by-commit review. <!-- -->

Original commit schedule, with full messages:

<ol>
<li>

Pass `from_federation_origin` down into room list retrieval code 

</li>
<li>

Don't cache /publicRooms response for inbound federated requests 

</li>
<li>

fixup! Don't cache /publicRooms response for inbound federated requests 

</li>
<li>

Cap the number of /publicRooms entries to 100 

</li>
<li>

Simplify code now that you can't request unlimited rooms 

</li>
<li>

Filter out rooms from federated requests that don't have the correct ACL

</li>
<li>

Request a handful more when filtering ACLs so that we can try to avoid
shortchanging the requester

</li>
</ol>

---------

Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org>
2024-01-08 17:24:20 +00:00
Erik Johnston
5d3850b038
Port EventInternalMetadata class to Rust (#16782)
There are a couple of things we need to be careful of here:

1. The current python code does no validation when loading from the DB,
so we need to be careful to ignore such errors (at least on jki.re there
are some old events with internal metadata fields of the wrong type).
2. We want to be memory efficient, as we often have many hundreds of
thousands of events in the cache at a time.

---------

Co-authored-by: Quentin Gliech <quenting@element.io>
2024-01-08 14:06:48 +00:00
Erik Johnston
81b1c56288
Fix linting (#16780)
Introduced in #16762
2024-01-05 13:29:00 +00:00
Erik Johnston
7469fa7585
Simplify internal metadata class. (#16762)
We remove these fields as they're just duplicating data the event
already stores, and (for reasons 🤫) I'd like to simplify
the class to only store simple types.

I'm not entirely convinced that we shouldn't instead add helper methods
to the event class to generate stream tokens, but I don't really think
that's where they belong either
2024-01-05 13:03:20 +00:00
Gaël Goinvic
9ee3db1de5
Implement cosign on docker image (#16774)
Signed-off-by: Gaël Goinvic <gaelg@element.io>
2024-01-04 11:49:33 +00:00
David Baker
25b3ba5328
Add recursion_depth to /relations if recursing (#16775)
This is an extra response parameter just added to MSC3981. In the
current impl, the recursion depth is always 3, so this just returns a
static 3 if the recurse parameter is supplied.
2024-01-04 09:57:21 +00:00
Adam Jędrzejewski
c7d0d02be7
Search non ASCII display names using Admin API (#16767)
Closes #16370

Signed-off-by: Adam Jedrzejewski <adamjedrzejewski@icloud.com>
2024-01-04 09:36:57 +00:00
Erik Johnston
798a507ee0
Update the contributing guide after reliecensing (#16772) 2024-01-03 11:31:03 +00:00
FadhlanR
eabedd9520
Fix email verification redirection (#16761)
Previously, the response status of `HTMLResource` was hardcoded as
`200`. However, for proper redirection after the user verifies their
email, we require the status to be `302`. This PR addresses that issue
by using `code` as response status.
2024-01-02 16:25:26 +00:00
Erik Johnston
0f535f2a01 Re-enable automatic triaging 2024-01-02 16:22:44 +00:00
Erik Johnston
a027e3ecc3 Revert "Disable automatic traiging"
This reverts commit 742bae3761.
2024-01-02 16:22:44 +00:00
Andrew Morgan
1607ed5b2c
Delete the add version picker GHA workflow (#9453)
Added in https://github.com/matrix-org/synapse/pull/16533, this workflow
was intended to be run once to add the version picker to all historical
versions of the https://matrix-org.github.io/synapse documentation
website.

Note that the latest version of the docs built from this repo now exist
at https://element-hq.github.io/synapse/.

The workflow has been run successfully and the version picker was added
to the documentation. Thus we can now delete this workflow.

---

Note: Do not confuse this PR with
https://github.com/matrix-org/synapse/issues/9453. This PR was made
while we were populating this repo with "Dummy issues" after the
changeover from matrix-org/synapse to element-hq/synapse - therefore
referencing this PR may cause some confusion.
2024-01-02 16:10:19 +00:00
Christian Lölkes
35b6365317
Add another custom statistics collection server (#16769)
Signed-off-by: Christian Lölkes <christian.loelkes@gmail.com>
2024-01-02 11:54:12 +00:00
Dirk Klimpel
14ed84ac33
Enable user without password (#16770)
Closes:
- https://github.com/matrix-org/synapse/issues/10397
- #10397 

An administrator should know whether he wants to set a password or not.
There are many uses cases where a blank password is required.

- Use of only some users with SSO.
- Use of bots with password, users with SSO
2024-01-02 11:52:51 +00:00
Fredrik Lanker
c1fe945dd5
Remove config value from header (#16763)
Signed-off-by: Fredrik Lanker <fredrik@lanker.se>
2024-01-02 11:50:50 +00:00
Erik Johnston
8a50312099
Move the rust stubs inline for better IDE integration (#16757)
At least for vscode this allows click through / type checking / syntax
highlighting.
2023-12-21 13:31:36 +00:00
Erik Johnston
719014d9d5
Fix sample config doc CI (#16758)
I accidentally broke it during the move by removing a trailing new line.
2023-12-21 13:31:19 +00:00
Erik Johnston
742bae3761 Disable automatic traiging 2023-12-15 14:34:25 +00:00