Update package version to 1.109.0

| datasource      | package            | from    | to      |
| --------------- | ------------------ | ------- | ------- |
| github-releases | element-hq/synapse | 1.127.1 | 1.128.0 |

CHANGELOG.md

@@ -1372,3 +1372,24 @@
 [1.107.0]
 * Update base image to 5.0.0
 
+[1.108.0]
+* Update synapse to 1.127.0
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.127.0)
+* Update MSC4140 implementation to no longer cancel a user's own delayed state events with an event type & state key that match a more recent state event sent by that user. (#17810)
+* Fixed a minor typo in the Synapse documentation. Contributed by @karuto12. (#18224)
+* Remove undocumented SYNAPSE_USE_FROZEN_DICTS environment variable. (#18123)
+* Fix detection of workflow failures in the release script. (#18211)
+* Add caching support to media endpoints. (#18235)
+
+[1.108.1]
+* Update synapse to 1.127.1
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.127.1)
+* Fix CVE-2025-30355 / GHSA-v56r-hwv5-mxg6. High severity vulnerability affecting federation. The vulnerability has been exploited in the wild.
+
+[1.109.0]
+* Update synapse to 1.128.0
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.128.0)
+* Add an access token introspection cache to make Matrix Authentication Service integration (MSC3861) more efficient. (#18231)
+* Add background job to clear unreferenced state groups. (#18254)
+* Hashes of media files are now tracked by Synapse. Media quarantines will now apply to all files with the same hash. (#18277, #18302, #18296)
+

CloudronManifest.json

@@ -5,8 +5,8 @@
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG.md",
   "tagline": "Secure & decentralized communication",
-  "version": "1.107.0",
+  "version": "1.109.0",
-  "upstreamVersion": "1.126.0",
+  "upstreamVersion": "1.128.0",
   "healthCheckPath": "/",
   "httpPort": 8008,
   "memoryLimit": 536870912,

Dockerfile

@@ -8,7 +8,7 @@ WORKDIR /app/code
 RUN python3 -m venv /app/code/env
 
 # renovate: datasource=github-releases depName=element-hq/synapse versioning=semver extractVersion=^v(?<version>.+)$
-ARG SYNAPSE_VERSION=1.126.0
+ARG SYNAPSE_VERSION=1.128.0
 
 # renovate: datasource=github-releases depName=matrix-org/synapse-s3-storage-provider versioning=semver extractVersion=^v(?<version>.+)$
 ARG S3PROVIDER_VERSION=1.5.0
@@ -23,7 +23,7 @@ RUN curl -L https://publicsuffix.org/list/public_suffix_list.dat -o /app/code/en
 
 RUN ln -sf /app/data/index.html /app/code/env/lib/python3.12/site-packages/synapse/static/index.html
 
-RUN chown -R cloudron.cloudron /app/code
+RUN chown -R cloudron:cloudron /app/code
 
 ADD index.html homeserver.yaml.template start.sh /app/pkg/
 

start.sh

@@ -102,7 +102,7 @@ fi
 
 # fix permissions
 echo "==> Fixing permissions"
-chown -R cloudron.cloudron /app/data /run/synapse
+chown -R cloudron:cloudron /app/data /run/synapse
 
 echo "==> Starting synapse"
 exec gosu cloudron:cloudron python3 -m synapse.app.homeserver --config-path /app/data/configs/homeserver.yaml -n

test/package-lock.json

@@ -9,10 +9,10 @@
       "version": "1.0.0",
       "license": "ISC",
       "dependencies": {
-        "chromedriver": "^134.0.2",
+        "chromedriver": "^135.0.0",
         "expect.js": "^0.3.1",
         "mocha": "^11.1.0",
-        "selenium-webdriver": "^4.29.0"
+        "selenium-webdriver": "^4.31.0"
       }
     },
     "node_modules/@bazel/runfiles": {
@@ -301,9 +301,9 @@
       }
     },
     "node_modules/chromedriver": {
-      "version": "134.0.2",
+      "version": "135.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-134.0.2.tgz",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-135.0.0.tgz",
-      "integrity": "sha512-r1yIHP0Lo61CdFGjZXITSY2ZGYBS5B/qwOs8NMm0r31qnyS4MAuSmMiIiZKhu+ThxfcT8zPrGPGT6RmM0LWljQ==",
+      "integrity": "sha512-ilE3cIrIieiRU/a6MNpt0CL0UZs2tu0lQAes+el5SV03MB1zYIEXy+dDeueid/g8AmT1loy7TB2fjWwcHLY8lg==",
       "hasInstallScript": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -1451,9 +1451,9 @@
       "license": "MIT"
     },
     "node_modules/selenium-webdriver": {
-      "version": "4.29.0",
+      "version": "4.31.0",
-      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.29.0.tgz",
+      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.31.0.tgz",
-      "integrity": "sha512-8XPGtDoji5xk7ZUCzFT1rqHmCp67DCzESsttId7DzmrJmlTRmRLF6X918rbwclcH89amcBNM4zB3lVPj404I0g==",
+      "integrity": "sha512-0MWEwypM0+c1NnZ87UEMxZdwphKoaK2UJ2qXzKWrJiM0gazFjgNVimxlHTOO90G2cOhphZqwpqSCJy62NTEzyA==",
       "funding": [
         {
           "type": "github",

test/package.json

@@ -9,9 +9,9 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^134.0.2",
+    "chromedriver": "^135.0.0",
     "expect.js": "^0.3.1",
     "mocha": "^11.1.0",
-    "selenium-webdriver": "^4.29.0"
+    "selenium-webdriver": "^4.31.0"
   }
 }