Update package version to 1.108.1

| datasource      | package            | from    | to      |
| --------------- | ------------------ | ------- | ------- |
| github-releases | element-hq/synapse | 1.127.0 | 1.127.1 |

CHANGELOG.md

@@ -1341,3 +1341,48 @@
 * Update synapse to 1.122.0
 * [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.122.0)
 
+[1.103.0]
+* Update synapse to 1.123.0
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.123.0)
+
+[1.104.0]
+* Update synapse to 1.124.0
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.124.0)
+
+[1.105.0]
+* Update synapse to 1.125.0
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.125.0)
+* Add functionality to be able to use multiple values in SSO feature attribute_requirements. (#17949)
+* Add experimental config options admin_token_path and client_secret_path for MSC3861. (#18004)
+* Add get_current_time_msec() method to the module API for sound time comparisons with Synapse. (#18144)
+* Update the response when a client attempts to add an invalid email address to the user's account from a 500, to a 400 with error text. (#18125)
+* Fix user directory search when using a legacy module with a check_username_for_spam callback. Broke in v1.122.0. (#18135)
+
+[1.106.0]
+* Update synapse to 1.126.0
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.126.0)
+* Define ratelimit configuration for delayed event management. (#18019)
+* Add form_secret_path config option. (#18090)
+* Add the --no-secrets-in-config command line option. (#18092)
+* Add background job to clear unreferenced state groups. (#18154)
+* Add support for specifying/overriding id_token_signing_alg_values_supported for an OpenID identity provider. (#18177)
+* Add worker_replication_secret_path config option. (#18191)
+* Add support for specifying/overriding redirect_uri in the authorization and token requests against an OpenID identity provider. (#18197)
+
+[1.107.0]
+* Update base image to 5.0.0
+
+[1.108.0]
+* Update synapse to 1.127.0
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.127.0)
+* Update MSC4140 implementation to no longer cancel a user's own delayed state events with an event type & state key that match a more recent state event sent by that user. (#17810)
+* Fixed a minor typo in the Synapse documentation. Contributed by @karuto12. (#18224)
+* Remove undocumented SYNAPSE_USE_FROZEN_DICTS environment variable. (#18123)
+* Fix detection of workflow failures in the release script. (#18211)
+* Add caching support to media endpoints. (#18235)
+
+[1.108.1]
+* Update synapse to 1.127.1
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.127.1)
+* Fix CVE-2025-30355 / GHSA-v56r-hwv5-mxg6. High severity vulnerability affecting federation. The vulnerability has been exploited in the wild.
+

CloudronManifest.json

@@ -5,8 +5,8 @@
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG.md",
   "tagline": "Secure & decentralized communication",
-  "version": "1.102.0",
+  "version": "1.108.1",
-  "upstreamVersion": "1.122.0",
+  "upstreamVersion": "1.127.1",
   "healthCheckPath": "/",
   "httpPort": 8008,
   "memoryLimit": 536870912,

Dockerfile

@@ -1,30 +1,27 @@
-FROM cloudron/base:4.2.0@sha256:46da2fffb36353ef714f97ae8e962bd2c212ca091108d768ba473078319a47f4
+FROM cloudron/base:5.0.0@sha256:04fd70dbd8ad6149c19de39e35718e024417c3e01dc9c6637eaf4a41ec4e596c
 
 RUN mkdir -p /app/pkg
 
 WORKDIR /app/code
 
-# https://pythonspeed.com/articles/activate-virtualenv-dockerfile/
+# https://github.com/element-hq/synapse/blob/master/docs/setup/installation.md?plain=1#L202
-RUN virtualenv -p python3 /app/code/env
+RUN python3 -m venv /app/code/env
-ENV VIRTUAL_ENV=/app/code/env
-ENV PATH="$VIRTUAL_ENV/bin:$PATH"
 
 # renovate: datasource=github-releases depName=element-hq/synapse versioning=semver extractVersion=^v(?<version>.+)$
-ARG SYNAPSE_VERSION=1.122.0
+ARG SYNAPSE_VERSION=1.127.1
 
 # renovate: datasource=github-releases depName=matrix-org/synapse-s3-storage-provider versioning=semver extractVersion=^v(?<version>.+)$
 ARG S3PROVIDER_VERSION=1.5.0
 
 # Synapse (https://github.com/matrix-org/synapse/blob/master/INSTALL.md)
 # lxml - required for previews
-RUN pip install --upgrade pip && \
+RUN source /app/code/env/bin/activate && \
-    pip install --upgrade setuptools && \
+    pip3 install --no-cache-dir matrix-synapse==v${SYNAPSE_VERSION} psycopg2-binary python-ldap matrix-synapse-ldap3 lxml publicsuffix2 git+https://github.com/matrix-org/synapse-s3-storage-provider.git@v${S3PROVIDER_VERSION} matrix-synapse[oidc]
-    pip install matrix-synapse==v${SYNAPSE_VERSION} psycopg2-binary python-ldap matrix-synapse-ldap3 lxml publicsuffix2 git+https://github.com/matrix-org/synapse-s3-storage-provider.git@v${S3PROVIDER_VERSION} matrix-synapse[oidc]
 
 # Updated suffix list
-RUN curl -L https://publicsuffix.org/list/public_suffix_list.dat -o /app/code/env/lib/python3.10/site-packages/publicsuffix2/public_suffix_list.dat
+RUN curl -L https://publicsuffix.org/list/public_suffix_list.dat -o /app/code/env/lib/python3.12/site-packages/publicsuffix2/public_suffix_list.dat
 
-RUN ln -sf /app/data/index.html /app/code/env/lib/python3.10/site-packages/synapse/static/index.html
+RUN ln -sf /app/data/index.html /app/code/env/lib/python3.12/site-packages/synapse/static/index.html
 
 RUN chown -R cloudron.cloudron /app/code
 

start.sh

@@ -4,6 +4,8 @@ set -eu
 
 mkdir -p /app/data/data /app/data/configs /run/synapse
 
+source /app/code/env/bin/activate
+
 if [[ ! -f /app/data/configs/homeserver.yaml ]]; then
     echo "==> Detected first run"
 
@@ -103,4 +105,4 @@ echo "==> Fixing permissions"
 chown -R cloudron.cloudron /app/data /run/synapse
 
 echo "==> Starting synapse"
-gosu cloudron:cloudron python3 -m synapse.app.homeserver --config-path /app/data/configs/homeserver.yaml -n
+exec gosu cloudron:cloudron python3 -m synapse.app.homeserver --config-path /app/data/configs/homeserver.yaml -n

test/package-lock.json

@@ -9,10 +9,10 @@
       "version": "1.0.0",
       "license": "ISC",
       "dependencies": {
-        "chromedriver": "^131.0.5",
+        "chromedriver": "^134.0.5",
         "expect.js": "^0.3.1",
-        "mocha": "^11.0.1",
+        "mocha": "^11.1.0",
-        "selenium-webdriver": "^4.27.0"
+        "selenium-webdriver": "^4.30.0"
       }
     },
     "node_modules/@bazel/runfiles": {
@@ -301,9 +301,9 @@
       }
     },
     "node_modules/chromedriver": {
-      "version": "131.0.5",
+      "version": "134.0.5",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-131.0.5.tgz",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-134.0.5.tgz",
-      "integrity": "sha512-OQY4BHUe9JedxH4aAsPZJcf8Y0lMlE7y+3tiCvQSCQ6qDz2b99R0qsqyqzUUSW2DFx0bg4YxmK8CDVMKb9u5kg==",
+      "integrity": "sha512-edXbiuShAvH6Elx8Hobl4NQkgNRMIozcW7ZlEiE8TBynZHRazrepO9hfftQzZgztPvjMQiSWeWjZaDV3SecYaw==",
       "hasInstallScript": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -323,14 +323,17 @@
       }
     },
     "node_modules/cliui": {
-      "version": "7.0.4",
+      "version": "8.0.1",
-      "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz",
+      "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz",
-      "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==",
+      "integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==",
       "license": "ISC",
       "dependencies": {
         "string-width": "^4.2.0",
-        "strip-ansi": "^6.0.0",
+        "strip-ansi": "^6.0.1",
         "wrap-ansi": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=12"
       }
     },
     "node_modules/cliui/node_modules/ansi-regex": {
@@ -1153,9 +1156,9 @@
       }
     },
     "node_modules/mocha": {
-      "version": "11.0.1",
+      "version": "11.1.0",
-      "resolved": "https://registry.npmjs.org/mocha/-/mocha-11.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/mocha/-/mocha-11.1.0.tgz",
-      "integrity": "sha512-+3GkODfsDG71KSCQhc4IekSW+ItCK/kiez1Z28ksWvYhKXV/syxMlerR/sC7whDp7IyreZ4YxceMLdTs5hQE8A==",
+      "integrity": "sha512-8uJR5RTC2NgpY3GrYcgpZrsEd9zKbPDpob1RezyR2upGHRQtHWofmzTMzTMSV6dru3tj5Ukt0+Vnq1qhFEEwAg==",
       "license": "MIT",
       "dependencies": {
         "ansi-colors": "^4.1.3",
@@ -1175,8 +1178,8 @@
         "strip-json-comments": "^3.1.1",
         "supports-color": "^8.1.1",
         "workerpool": "^6.5.1",
-        "yargs": "^16.2.0",
+        "yargs": "^17.7.2",
-        "yargs-parser": "^20.2.9",
+        "yargs-parser": "^21.1.1",
         "yargs-unparser": "^2.0.0"
       },
       "bin": {
@@ -1448,9 +1451,9 @@
       "license": "MIT"
     },
     "node_modules/selenium-webdriver": {
-      "version": "4.27.0",
+      "version": "4.30.0",
-      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.27.0.tgz",
+      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.30.0.tgz",
-      "integrity": "sha512-LkTJrNz5socxpPnWPODQ2bQ65eYx9JK+DQMYNihpTjMCqHwgWGYQnQTCAAche2W3ZP87alA+1zYPvgS8tHNzMQ==",
+      "integrity": "sha512-3DGtQI/xyAg05SrqzzpFaXRWYL+Kku3fsikCoBaxApKzhBMUX5UiHdPb2je2qKMf2PjJiEFaj0L5xELHYRbYMA==",
       "funding": [
         {
           "type": "github",
@@ -1469,7 +1472,7 @@
         "ws": "^8.18.0"
       },
       "engines": {
-        "node": ">= 14.21.0"
+        "node": ">= 18.20.5"
       }
     },
     "node_modules/serialize-javascript": {
@@ -1925,30 +1928,30 @@
       }
     },
     "node_modules/yargs": {
-      "version": "16.2.0",
+      "version": "17.7.2",
-      "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz",
+      "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz",
-      "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==",
+      "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==",
       "license": "MIT",
       "dependencies": {
-        "cliui": "^7.0.2",
+        "cliui": "^8.0.1",
         "escalade": "^3.1.1",
         "get-caller-file": "^2.0.5",
         "require-directory": "^2.1.1",
-        "string-width": "^4.2.0",
+        "string-width": "^4.2.3",
         "y18n": "^5.0.5",
-        "yargs-parser": "^20.2.2"
+        "yargs-parser": "^21.1.1"
       },
       "engines": {
-        "node": ">=10"
+        "node": ">=12"
       }
     },
     "node_modules/yargs-parser": {
-      "version": "20.2.9",
+      "version": "21.1.1",
-      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.9.tgz",
+      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz",
-      "integrity": "sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==",
+      "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==",
       "license": "ISC",
       "engines": {
-        "node": ">=10"
+        "node": ">=12"
       }
     },
     "node_modules/yargs-unparser": {

test/package.json

@@ -9,9 +9,9 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^131.0.5",
+    "chromedriver": "^134.0.5",
     "expect.js": "^0.3.1",
-    "mocha": "^11.0.1",
+    "mocha": "^11.1.0",
-    "selenium-webdriver": "^4.27.0"
+    "selenium-webdriver": "^4.30.0"
   }
 }

test/test.js

@@ -111,8 +111,10 @@ describe('Application life cycle test', function () {
         await browser.findElement(By.xpath('//input[@label="Confirm password"]')).sendKeys(PASSWORD);
         await browser.findElement(By.xpath('//input[@value="Register"]')).click();
 
-        await waitForElement(By.xpath('//h1[text()="You\'re in"]'));
+        await waitForElement(By.xpath('//h1[text()="You\'re in"] | //h1[contains(., "Welcome")]'));
-        await browser.findElement(By.xpath('//div[@role="button" and text()="Skip"]')).click();
+        if (await browser.findElements(By.xpath('//div[@role="button" and text()="Skip"]')).then(found => !!found.length)) {
+            await browser.findElement(By.xpath('//div[@role="button" and text()="Skip"]')).click();
+        }
 
         await waitForElement(By.xpath(`//h1[contains(., "Welcome")]`));
     }
@@ -144,22 +146,20 @@ describe('Application life cycle test', function () {
             await waitForElement(By.xpath('//div[text()="Proceed with reset" or text()="Reset all"]'));
 
             if (await browser.findElements(By.xpath('//div[text()="Reset all"]')).then(found => !!found.length)) {
-
                 await browser.findElement(By.xpath('//div[text()="Reset all"]')).click();
             }
 
             await waitForElement(By.xpath('//div[text()="Proceed with reset"]'));
             await browser.findElement(By.xpath('//div[text()="Proceed with reset"]')).click();
 
-            await waitForElement(By.xpath('//button[text()="Continue"]'));
+            await waitForElement(By.xpath('//button[@class="mx_Dialog_primary" and text()="Continue"]'));
-            await browser.findElement(By.xpath('//button[text()="Continue"]')).click();
+            await browser.findElement(By.xpath('//button[@class="mx_Dialog_primary" and text()="Continue"]')).click();
 
             await waitForElement(By.xpath('//div[text()="Copy"]'));
             await browser.findElement(By.xpath('//div[text()="Copy"]')).click();
 
-            await waitForElement(By.xpath('//button[text()="Continue"]'));
+            await waitForElement(By.xpath('//button[@class="mx_Dialog_primary" and text()="Continue"]'));
-            await browser.findElement(By.xpath('//button[text()="Continue"]')).click();
+            await browser.findElement(By.xpath('//button[@class="mx_Dialog_primary" and text()="Continue"]')).click();
-
             await waitForElement(By.xpath('//button[text()="Done"] | //div[text()="Single Sign On"]'));
 
             if (await browser.findElements(By.xpath('//div[text()="Single Sign On"]')).then(found => !!found.length)) {
@@ -327,7 +327,7 @@ describe('Application life cycle test', function () {
     it('can send message', sendMessage);
     it('can get app info', getAppInfo);
 
-    it('can restart app', function () { execSync(`cloudron restart ${app.id}`); });
+    it('can restart app', function () { execSync(`cloudron restart --app ${app.id}`); });
 
     it('backup app', function () { execSync(`cloudron backup create --app ${app.id}`, EXEC_ARGS); });