Accepting request 1299100 from network:messaging:matrix

Forwarded request #1299099 from darix

- Update to 1.136.0 (boo#1247970)

OBS-URL: https://build.opensuse.org/request/show/1299100
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/matrix-synapse?expand=0&rev=137

_service

@@ -4,11 +4,11 @@
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="url">https://github.com/element-hq/synapse.git</param>
     <param name="scm">git</param>
-    <param name="revision">v1.132.0</param>
+    <param name="revision">v1.136.0</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="versionrewrite-replacement">\1</param>
     <!--
-    <param name="revision">v1.133.0rc1</param>
+    <param name="revision">v1.137.0rc1</param>
     <param name="versionrewrite-pattern">v([\.\d]+)(rc.*)</param>
     <param name="versionrewrite-replacement">\1~\2</param>
     -->

bump-dependencies.patch

@@ -1,13 +0,0 @@
-Index: synapse/pyproject.toml
-===================================================================
---- synapse.orig/pyproject.toml
-+++ synapse/pyproject.toml
-@@ -191,7 +191,7 @@ pymacaroons = ">=0.13.0"
- msgpack = ">=0.5.2"
- phonenumbers = ">=8.2.0"
- # we use GaugeHistogramMetric, which was added in prom-client 0.4.0.
--prometheus-client = ">=0.4.0"
-+prometheus-client = ">=0.13.1"
- # we use `order`, which arrived in attrs 19.2.0.
- # Note: 21.1.0 broke `/sync`, see https://github.com/matrix-org/synapse/issues/9936
- attrs = ">=19.2.0,!=21.1.0"

matrix-synapse-1.132.0.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:dc3752e61759ade4d753ecfb8153585d97308bc692d7cca8016dee31500d5c04
-size 39460877

matrix-synapse-1.136.0.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b37cca2f7ec18717ba2ff0c68176c63bedd12a6a4e6bde5ff22ee72b6dcc5bcd
+size 40179213

matrix-synapse-1.4.1-paths.patch

@@ -15,7 +15,7 @@ Index: synapse/synapse/config/key.py
 ===================================================================
 --- synapse.orig/synapse/config/key.py
 +++ synapse/synapse/config/key.py
-@@ -117,7 +117,7 @@ class KeyConfig(Config):
+@@ -131,7 +131,7 @@ class KeyConfig(Config):
              signing_key_path = config.get("signing_key_path")
              if signing_key_path is None:
                  signing_key_path = os.path.join(
@@ -24,7 +24,7 @@ Index: synapse/synapse/config/key.py
                  )
  
              self.signing_key = self.read_signing_keys(signing_key_path, "signing_key")
-@@ -190,7 +190,7 @@ class KeyConfig(Config):
+@@ -232,7 +232,7 @@ class KeyConfig(Config):
          generate_secrets: bool = False,
          **kwargs: Any,
      ) -> str:
@@ -37,7 +37,7 @@ Index: synapse/synapse/config/logger.py
 ===================================================================
 --- synapse.orig/synapse/config/logger.py
 +++ synapse/synapse/config/logger.py
-@@ -156,7 +156,7 @@ class LoggingConfig(Config):
+@@ -158,7 +158,7 @@ class LoggingConfig(Config):
      def generate_config_section(
          self, config_dir_path: str, server_name: str, **kwargs: Any
      ) -> str:
@@ -50,7 +50,7 @@ Index: synapse/synapse/config/server.py
 ===================================================================
 --- synapse.orig/synapse/config/server.py
 +++ synapse/synapse/config/server.py
-@@ -810,7 +810,7 @@ class ServerConfig(Config):
+@@ -813,7 +813,7 @@ class ServerConfig(Config):
              bind_port = 8448
              unsecure_port = 8008
  

matrix-synapse-test.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package matrix-synapse-test
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -27,7 +27,7 @@
 
 %define         pkgname matrix-synapse
 Name:           %{pkgname}-test
-Version:        1.132.0
+Version:        1.136.0
 Release:        0
 Summary:        Test package for %{pkgname}
 License:        AGPL-3.0-or-later

matrix-synapse.changes

@@ -1,3 +1,366 @@
+-------------------------------------------------------------------
+Tue Aug 12 14:41:41 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.136.0 (boo#1247970)
+  Please check the relevant section in the upgrade notes as this
+  release contains changes to MAS support, metrics labels and the
+  module API which may require your attention when upgrading.
+
+  This is the Synapse portion of the Matrix coordinated security
+  release. This release includes support for room version 12 which
+  fixes a number of security vulnerabilities, including
+  CVE-2025-49090.
+
+  The default room version is not changed. Not all clients will
+  support room version 12 immediately, and not all users will be
+  using the latest version of their clients. Large, public rooms
+  are advised to wait a few weeks before upgrading to room version
+  12 to allow users throughout the Matrix ecosystem to update their
+  clients.
+
+  https://github.com/element-hq/synapse/blob/develop/docs/upgrade.md#upgrading-to-v11360
+
+  - Features
+    - Add configurable rate limiting for the creation of rooms.
+      (#18514)
+    - Add support for MSC4293 - Redact on Kick/Ban. (#18540)
+    - When admins enable themselves to see soft-failed events, they
+      will also see if the cause is due to the policy server
+      flagging them as spam via unsigned. (#18585)
+    - Add ability to configure forward/outbound proxy via
+      homeserver config instead of environment variables. See
+      http_proxy, https_proxy, no_proxy_hosts. (#18686)
+    - Advertise experimental support for MSC4306 (Thread
+      Subscriptions) through /_matrix/clients/versions if enabled.
+      (#18722)
+    - Stabilise support for delegating authentication to Matrix
+      Authentication Service. (#18759)
+    - Implement the push rules for experimental MSC4306: Thread
+      Subscriptions. (#18762)
+  - Bugfixes
+    - Fix bug introduced in 1.135.2 and 1.136.0rc2 where the Make
+      Room Admin API would not treat a room v12's creator power
+      level as the highest in room. (#18805)
+    - Update MSC4293 redaction logic for room v12. (#80)
+    - Allow return code 403 (allowed by C2S Spec since v1.2) when
+      fetching profiles via federation. (#18696)
+    - Register the MSC4306 (Thread Subscriptions) endpoints in the
+      CS API when the experimental feature is enabled. (#18726)
+    - Fix a long-standing bug where suspended users could not have
+      server notices sent to them (a 403 was returned to the
+      admin). (#18750)
+    - Fix an issue that could cause logcontexts to be lost on
+      rate-limited requests. Found by @realtyem. (#18763)
+    - Fix invalidation of storage cache that was broken in 1.135.0.
+      (#18786)
+  - Improved Documentation
+    - Minor improvements to README. (#18700)
+    - Document that there can be multiple workers handling the
+      receipts stream. (#18760)
+    - Improve worker documentation for some device paths. (#18761)
+  - Deprecations and Removals
+    - Deprecate run_as_background_process exported as part of the
+      module API interface in favor of
+      ModuleApi.run_as_background_process. See the relevant section
+      in the upgrade notes for more information. (#18737)
+  - Internal Changes
+    - Add a parameter to upgrade_rooms(..) to allow auto join local
+      users. (#82)
+    - Add debug logging for HMAC digest verification failures when
+      using the admin API to register users. (#18474)
+    - Speed up upgrading a room with large numbers of banned users.
+      (#18574)
+    - Fix config documentation generation script on Windows by
+      enforcing UTF-8. (#18580)
+    - Refactor cache, background process, Counter, LaterGauge,
+      GaugeBucketCollector, Histogram, and Gauge metrics to be
+      homeserver-scoped. (#18656, #18714, #18715, #18724, #18753,
+      #18725, #18670, #18748, #18751)
+    - Reduce database usage in Sliding Sync by not querying for
+      background update completion after the update is known to be
+      complete. (#18718)
+    - Improve order of validation and ratelimiting in room
+      creation. (#18723)
+    - Bump minimum version bound on Twisted to 21.2.0. (#18727,
+      #18729)
+    - Use twisted.internet.testing module in tests instead of
+      deprecated twisted.test.proto_helpers. (#18728)
+    - Remove obsolete /send_event replication endpoint. (#18730)
+    - Update metrics linting to be able to handle custom metrics.
+      (#18733)
+    - Work around twisted.protocols.amp.TooLong error by reducing
+      logging in some tests. (#18736)
+    - Prevent "Move labelled issues to correct projects" GitHub
+      Actions workflow from failing when an issue is already on the
+      project board. (#18755)
+    - Bump minimum supported Rust version (MSRV) to 1.82.0. Missed
+      in #18553 (released in Synapse 1.134.0). (#18757)
+    - Make Clock.sleep(...) return a coroutine, so that mypy can
+      catch places where we don't await on it. (#18772)
+    - Update implementation of MSC4306: Thread Subscriptions to
+      include automatic subscription conflict prevention as
+      introduced in later drafts. (#18756)
+  - Updates to locked dependencies
+    - Bump gitpython from 3.1.44 to 3.1.45. (#18743)
+    - Bump mypy-zope from 1.0.12 to 1.0.13. (#18744)
+    - Bump phonenumbers from 9.0.9 to 9.0.10. (#18741)
+    - Bump ruff from 0.12.4 to 0.12.5. (#18742)
+    - Bump sentry-sdk from 2.32.0 to 2.33.2. (#18745)
+    - Bump tokio from 1.46.1 to 1.47.0. (#18740)
+    - Bump types-jsonschema from 4.24.0.20250708 to
+      4.25.0.20250720. (#18703)
+    - Bump types-psycopg2 from 2.9.21.20250516 to 2.9.21.20250718.
+      (#18706)
+
+-------------------------------------------------------------------
+Mon Aug 11 19:37:33 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.135.2
+  This is the Synapse portion of the Matrix coordinated security
+  release. This release includes support for room version 12 which
+  fixes a number of security vulnerabilities, including
+  CVE-2025-49090.
+
+  The default room version is not changed. Not all clients will
+  support room version 12 immediately, and not all users will be
+  using the latest version of their clients. Large, public rooms
+  are advised to wait a few weeks before upgrading to room version
+  12 to allow users throughout the Matrix ecosystem to update their
+  clients.
+
+  - Bugfixes
+    - Fix invalidation of storage cache that was broken in 1.135.0.
+      (#18786)
+  - Internal Changes
+    - Add a parameter to upgrade_rooms(..) to allow auto join local
+      users. (#82)
+    - Speed up upgrading a room with large numbers of banned users.
+      (#18574)
+
+-------------------------------------------------------------------
+Fri Aug  1 13:01:11 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.135.0
+  - Features
+    - Add recaptcha_private_key_path and recaptcha_public_key_path
+      config option. (#17984, #18684)
+    - Add plain-text handling for rich-text topics as per MSC3765.
+      (#18195)
+    - If enabled by the user, server admins will see soft failed
+      events over the Client-Server API. (#18238)
+    - Add experimental support for MSC4277: Harmonizing the
+      reporting endpoints. (#18263)
+    - Add ability to limit amount of media uploaded by a user in a
+      given time period. (#18527)
+    - Enable workers to write directly to the device lists stream
+      and handle device list updates, reducing load on the main
+      process. (#18581)
+    - Support arbitrary profile fields. Contributed by @clokep.
+      (#18635)
+    - Advertise support for Matrix v1.12. (#18647)
+    - Add an option to issue redactions as an admin user via the
+      admin redaction endpoint. (#18671)
+    - Add experimental and incomplete support for MSC4306: Thread
+      Subscriptions. (#18674)
+    - Include event_id when getting state with ?format=event.
+      Contributed by @tulir @ Beeper. (#18675)
+  - Bugfixes
+    - Fix user failing to deactivate with MAS when /_synapse/mas is
+      handled by a worker. (#18716)
+    - Fix CPU and database spinning when retrying sending events to
+      servers whilst at the same time purging those events.
+      (#18499)
+    - Don't allow creation of tags with names longer than 255
+      bytes, as per the spec. (#18660)
+    - Fix sliding_sync_connections-related errors when porting from
+      SQLite to Postgres. (#18677)
+    - Fix the MAS integration not working when Synapse is started
+      with --daemonize or using synctl. (#18691)
+  - Improved Documentation
+    - Document that some config options for the user directory are
+      in violation of the Matrix spec. (#18548)
+    - Update rc_delayed_event_mgmt docs to the actual nesting
+      level. Contributed by @HarHarLinks. (#18692)
+  - Internal Changes
+    - Fix performance regression introduced in #18238 by adding a
+      cache to is_server_admin. (#18747)
+    - Add a dedicated internal API for Matrix Authentication
+      Service to Synapse communication. (#18520)
+    - Allow user registrations to be done on workers. (#18552)
+    - Remove unnecessary HTTP replication calls. (#18564)
+    - Refactor Measure block metrics to be homeserver-scoped.
+      (#18601)
+    - Refactor cache metrics to be homeserver-scoped. (#18604)
+    - Unbreak "Latest dependencies" workflow by using the --without
+      dev poetry option instead of removed --no-dev. (#18617)
+    - Update URL Preview code to work with lxml 6.0.0+. (#18622)
+    - Use markdown-it-py instead of commonmark in the release
+      script. (#18637)
+    - Fix typing errors with upgraded mypy version. (#18653)
+    - Add doc comment explaining that config files are shallowly
+      merged. (#18664)
+    - Minor speed up of insertion into stream_positions table.
+      (#18672)
+    - Remove unused allow_no_prev_events option when creating an
+      event. (#18676)
+    - Clean up MetricsResource and Prometheus hacks. (#18687)
+    - Fix dirty Cargo.lock changes appearing after install
+      (base64). (#18689)
+    - Prevent dirty Cargo.lock changes from install. (#18693)
+    - Correct spelling of 'Admin token used' log line. (#18697)
+    - Reduce log spam when client stops downloading media while it
+      is being streamed to them. (#18699)
+  - Updates to locked dependencies
+    - Bump authlib from 1.6.0 to 1.6.1. (#18704)
+    - Bump base64 from 0.21.7 to 0.22.1. (#18666)
+    - Bump jsonschema from 4.24.0 to 4.25.0. (#18707)
+    - Bump lxml from 5.4.0 to 6.0.0. (#18631)
+    - Bump mypy from 1.13.0 to 1.16.1. (#18653)
+    - Bump once_cell from 1.19.0 to 1.21.3. (#18710)
+    - Bump phonenumbers from 9.0.8 to 9.0.9. (#18681)
+    - Bump ruff from 0.12.2 to 0.12.5. (#18683, #18705)
+    - Bump serde_json from 1.0.140 to 1.0.141. (#18709)
+    - Bump sigstore/cosign-installer from 3.9.1 to 3.9.2. (#18708)
+    - Bump types-jsonschema from 4.24.0.20250528 to
+      4.24.0.20250708. (#18682)
+- drop bump-dependencies.patch
+
+-------------------------------------------------------------------
+Tue Jul 15 22:32:52 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.134.0
+  - Features
+    - Support for MSC4235: via query param for hierarchy endpoint.
+      Contributed by Krishan (@kfiven). (#18070)
+    - Add forget_forced_upon_leave capability as per MSC4267.
+      (#18196)
+    - Add federated_user_may_invite spam checker callback which
+      receives the entire invite event. Contributed by @tulir @
+      Beeper. (#18241)
+  - Bugfixes
+    - Fix KeyError on background updates when using split
+      main/state databases. (#18509)
+    - Improve performance of device deletion by adding missing
+      index. (#18582)
+    - Fix avatar_url and displayname being sent on federation
+      profile queries when they are not set. (#18593)
+    - Respond with 401 & M_USER_LOCKED when a locked user calls
+      POST /login, as per the spec. (#18594)
+    - Ensure policy servers are not asked to scan policy server
+      change events, allowing rooms to disable the use of a policy
+      server while the policy server is down. (#18605)
+  - Improved Documentation
+    - Fix documentation of the Delete Room Admin API's status
+      field. (#18519)
+    - Deprecations and Removals
+    - Stop adding the "origin" field to newly-created events
+      (PDUs). (#18418)
+  - Internal Changes
+    - Replace PyICU crate with equivalent icu_segmenter Rust crate.
+      (#18553, #18646)
+    - Improve docstring on simple_upsert_many. (#18573)
+    - Raise poetry-core version cap to 2.1.3. (#18575)
+    - Raise setuptools_rust version cap to 1.11.1. (#18576)
+    - Better handling of ratelimited requests. (#18595, #18600)
+    - Update to Rust 1.87.0 in CI, and bump the pinned commit of
+      the dtolnay/rust-toolchain GitHub Action to
+      b3b07ba8b418998c39fb20f53e8b695cdcc8de1b. (#18596)
+    - Speed up bulk device deletion. (#18602)
+    - Speed up the building of arm-based wheels in CI. (#18618)
+    - Speed up the building of Docker images in CI. (#18620)
+    - Add .zed/ directory to .gitignore. (#18623)
+    - Log the room ID we're purging state for. (#18625)
+  - Updates to locked dependencies
+    - Bump Swatinem/rust-cache from 2.7.8 to 2.8.0. (#18612)
+    - Bump attrs from 24.2.0 to 25.3.0. (#18649)
+    - Bump authlib from 1.5.2 to 1.6.0. (#18642)
+    - Bump base64 from 0.21.7 to 0.22.1. (#18589)
+    - Bump base64 from 0.21.7 to 0.22.1. (#18629)
+    - Bump docker/build-push-action from 6.17.0 to 6.18.0. (#18497)
+    - Bump docker/setup-buildx-action from 3.10.0 to 3.11.1.
+      (#18587)
+    - Bump hiredis from 3.1.0 to 3.2.1. (#18638)
+    - Bump ijson from 3.3.0 to 3.4.0. (#18650)
+    - Bump jsonschema from 4.23.0 to 4.24.0. (#18630)
+    - Bump msgpack from 1.1.0 to 1.1.1. (#18651)
+    - Bump mypy-zope from 1.0.11 to 1.0.12. (#18640)
+    - Bump phonenumbers from 9.0.2 to 9.0.8. (#18652)
+    - Bump pillow from 11.2.1 to 11.3.0. (#18624)
+    - Bump prometheus-client from 0.21.0 to 0.22.1. (#18609)
+    - Bump pyasn1-modules from 0.4.1 to 0.4.2. (#18495)
+    - Bump pydantic from 2.11.4 to 2.11.7. (#18639)
+    - Bump reqwest from 0.12.15 to 0.12.20. (#18590)
+    - Bump reqwest from 0.12.20 to 0.12.22. (#18627)
+    - Bump ruff from 0.11.11 to 0.12.1. (#18645)
+    - Bump ruff from 0.12.1 to 0.12.2. (#18657)
+    - Bump sentry-sdk from 2.22.0 to 2.32.0. (#18633)
+    - Bump setuptools-rust from 1.10.2 to 1.11.1. (#18655)
+    - Bump sigstore/cosign-installer from 3.8.2 to 3.9.0. (#18588)
+    - Bump sigstore/cosign-installer from 3.9.0 to 3.9.1. (#18608)
+    - Bump stefanzweifel/git-auto-commit-action from 5.2.0 to
+      6.0.1. (#18607)
+    - Bump tokio from 1.45.1 to 1.46.0. (#18628)
+    - Bump tokio from 1.46.0 to 1.46.1. (#18667)
+    - Bump treq from 24.9.1 to 25.5.0. (#18610)
+    - Bump types-bleach from 6.2.0.20241123 to 6.2.0.20250514.
+      (#18634)
+    - Bump types-jsonschema from 4.23.0.20250516 to
+      4.24.0.20250528. (#18611)
+    - Bump types-opentracing from 2.4.10.6 to 2.4.10.20250622.
+      (#18586)
+    - Bump types-psycopg2 from 2.9.21.20250318 to 2.9.21.20250516.
+      (#18658)
+    - Bump types-pyyaml from 6.0.12.20241230 to 6.0.12.20250516.
+      (#18643)
+    - Bump types-setuptools from 75.2.0.20241019 to
+      80.9.0.20250529. (#18644)
+    - Bump typing-extensions from 4.12.2 to 4.14.0. (#18654)
+    - Bump typing-extensions from 4.14.0 to 4.14.1. (#18668)
+    - Bump urllib3 from 2.2.2 to 2.5.0. (#18572)
+
+-------------------------------------------------------------------
+Tue Jul  1 16:05:58 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 1.133.0
+  - Features
+    - Add support for the MSC4260 user report API. (#18120)
+  - Bugfixes
+    - Fix an issue where, during state resolution for v11 rooms,
+      Synapse would incorrectly calculate the power level of the
+      creator when there was no power levels event in the room.
+      (#18534, #18547)
+    - Fix long-standing bug where sliding sync did not honour the
+      room_id_to_include config option. (#18535)
+    - Fix an issue where "Lock timeout is getting excessive"
+      warnings would be logged even when the lock timeout was <10
+      minutes. (#18543)
+    - Fix an issue where Synapse could calculate the wrong power
+      level for the creator of the room if there was no power
+      levels event. (#18545)
+  - Improved Documentation
+    - Generate config documentation from JSON Schema file. (#18528)
+    - Fix typo in user type documentation. (#18568)
+  - Internal Changes
+    - Increase performance of introspecting access tokens when
+      using delegated auth. (#18357, #18561)
+    - Log user deactivations. (#18541)
+    - Enable flake8-logging and flake8-logging-format rules in Ruff
+      and fix related issues throughout the codebase. (#18542)
+    - Clean up old, unused rows from the device_federation_inbox
+      table. (#18546)
+    - Run config schema CI on develop and release branches.
+      (#18551)
+    - Add support for Twisted 25.5.0+ releases. (#18577)
+    - Update PyO3 to version 0.25. (#18578)
+  - Updates to locked dependencies
+    - Bump actions/setup-python from 5.5.0 to 5.6.0. (#18555)
+    - Bump base64 from 0.21.7 to 0.22.1. (#18559)
+    - Bump dawidd6/action-download-artifact from 9 to 11. (#18556)
+    - Bump headers from 0.4.0 to 0.4.1. (#18529)
+    - Bump requests from 2.32.2 to 2.32.4. (#18533)
+    - Bump types-requests from 2.32.0.20250328 to 2.32.4.20250611.
+      (#18558)
+
 -------------------------------------------------------------------
 Tue Jun 17 17:34:22 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
 

matrix-synapse.obsinfo

@@ -1,4 +1,4 @@
 name: matrix-synapse
-version: 1.132.0
-mtime: 1750162617
-commit: d1139ebfc11b13417aaf9acb289d7a0d0d93482b
+version: 1.136.0
+mtime: 1755001198
+commit: e8c6cb3d9e4cc5a20c40f9b6d79d5bfdfa73fcab

matrix-synapse.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package matrix-synapse
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -32,12 +32,12 @@
 %global immutabledict_version         4.2.1
 %global idna_version                  3.8
 %global ijson_version                 3.3.0
-%global jsonschema_version            4.20.0
+%global jsonschema_version            4.25.0
 %global matrix_common_version         1.3.0
 %global matrix_common_max_version     2
 %global msgpack_version               1.1.0
 %global netaddr_version               1.3.0
-%global phonenumbers_version          8.13.52
+%global phonenumbers_version          9.0.10
 %global prometheus_client_version     0.20.0
 %global psutil_version                2.0.0
 %global pyOpenSSL_version             25.0.0
@@ -56,9 +56,10 @@
 %global packaging_version             24.0
 %global psycopg2_version              2.9.9
 %global pysaml2_version               7.5.0
-%global Authlib_version               1.5.2
-# TODO: 5.4.0
-%global lxml_version                  5.3.0
+# TOOD: 1.6.1
+%global Authlib_version               1.6.0
+%global lxml_version                  6.0.0
+# TODO: 2.34.1
 %global sentry_sdk_version            2.20.0
 %global PyJWT_version                 2.6.0
 %global jaeger_client_version         4.8.0
@@ -69,14 +70,13 @@
 %global txredisapi_version            1.4.10
 %global Pympler_version               1.0.1
 %global pydantic_version              2.7.1
-%global pyicu_version                 2.13.1
 %global python_multipart_version      0.0.9
 %else
 # some version locks based on poetry.lock
 %global Jinja2_version                3.0
 %global Pillow_version                10.0.1
 %global PyYAML_version                5.3
-%global Twisted_version               18.9.0
+%global Twisted_version               21.2.0
 %global attrs_version                 21.1.1
 %global bcrypt_version                3.1.7
 %global bleach_version                1.4.3
@@ -91,7 +91,7 @@
 %global msgpack_version               0.5.2
 %global netaddr_version               0.7.18
 %global phonenumbers_version          8.13.37
-%global prometheus_client_version     0.4.0
+%global prometheus_client_version     0.6.0
 %global psutil_version                2.0.0
 %global pyOpenSSL_version             16.0.0
 %global pyasn1_version                0.1.9
@@ -103,7 +103,7 @@
 %global sortedcontainers_version      1.5.2
 %global systemd_version               231
 %global typing_extensions_version     3.10.0
-%global treq_version                  15.1
+%global treq_version                  21.5.0
 %global unpaddedbase64_version        2.1.0
 %global matrix_synapse_ldap3_version  0.2.1
 %global packaging_version             20.0
@@ -119,7 +119,6 @@
 %global txredisapi_version            1.4.7
 %global Pympler_version               1.0.1
 %global pydantic_version              1.7.4
-%global pyicu_version                 2.10.2
 %global python_multipart_version      0.0.9
 %endif
 
@@ -158,7 +157,7 @@
 %define         pkgname matrix-synapse
 %define         eggname matrix_synapse
 Name:           %{pkgname}
-Version:        1.132.0
+Version:        1.136.0
 Release:        0
 Summary:        Matrix protocol reference homeserver
 License:        AGPL-3.0-or-later
@@ -176,7 +175,6 @@ Source51:       matrix-synapse-generate-config.sh
 # to clean up your working copy afterwards: git reset --hard ; rm -rv .pc patches
 Source99:       series
 Patch0:         matrix-synapse-1.4.1-paths.patch
-Patch1:         bump-dependencies.patch
 # https://github.com/matrix-org/synapse/pull/10719
 # disable by marking as source until we get a decision upstream
 Source100:      10719-Fix-instert-of-duplicate-key-into-event_json.patch
@@ -311,8 +309,6 @@ BuildRequires:  %{use_python}-txredisapi >= %{txredisapi_version}
 %endif
 BuildRequires:  %{use_python}-Pympler >= %{Pympler_version}
 %requires_peq   %{use_python}-Pympler
-BuildRequires:  %{use_python}-PyICU >= %{pyicu_version}
-%requires_peq   %{use_python}-PyICU
 # We only provide/obsolete python2 to ensure that users upgrade.
 Obsoletes:      python2-matrix-synapse < %{version}-%{release}
 Provides:       python2-matrix-synapse = %{version}-%{release}

vendor.tar.zst

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:5612f692b8d4a9ebcfffdd938430815b3d22cdc99ef5de4fb2d544d2c1d8eacb
-size 4451699
+oid sha256:e97424f9e8056d8576af60075a32e5c049a85d4ca5a4bc56e5969540b0e4cb7a
+size 22421551