Update package version to 1.120.2

chore(deps): update dependency element-hq/synapse to v1.139.2
| datasource | package | from | to | | --------------- | ------------------ | ------- | ------- | | github-releases | element-hq/synapse | 1.139.1 | 1.139.2 |
2025-10-09 07:44:51 +00:00 · 2025-10-09 06:19:41 +00:00 · 2025-10-07 16:56:40 +00:00 · 2025-10-07 15:18:55 +00:00
5 changed files with 27 additions and 18 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1469,3 +1469,12 @@
 * [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.139.0)
 * /register requests from old application service implementations may break when using MAS

+[1.120.1]
+* Update synapse to 1.139.1
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.139.1)
+* Fix [CVE-2025-61672](https://www.cve.org/CVERecord?id=CVE-2025-61672) / [GHSA-fh66-fcv5-jjfr](https://github.com/element-hq/synapse/security/advisories/GHSA-fh66-fcv5-jjfr). Lack of validation for device keys in Synapse before 1.139.1 allows an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. ([#17097](https://github.com/element-hq/synapse/issues/17097))
+* Drop support for unstable field names from the long-accepted [MSC2732](https://github.com/matrix-org/matrix-spec-proposals/pull/2732) (Olm fallback keys) proposal. This change allows unit tests to pass following the security patch above. ([#18996](https://github.com/element-hq/synapse/issues/18996))
+
+[1.120.2]
+* Update synapse to 1.139.2
+
--- a/CloudronManifest.json
+++ b/CloudronManifest.json
@@ -5,8 +5,8 @@
  "description": "file://DESCRIPTION.md",
  "changelog": "file://CHANGELOG.md",
  "tagline": "Secure & decentralized communication",
-  "version": "1.120.0",
-  "upstreamVersion": "1.139.0",
+  "version": "1.120.2",
+  "upstreamVersion": "1.139.2",
  "healthCheckPath": "/",
  "httpPort": 8008,
  "memoryLimit": 536870912,
--- a/2
+++ b/2
@@ -8,7 +8,7 @@ WORKDIR /app/code
 RUN python3 -m venv /app/code/env

 # renovate: datasource=github-releases depName=element-hq/synapse versioning=semver extractVersion=^v(?<version>.+)$
-ARG SYNAPSE_VERSION=1.139.0
+ARG SYNAPSE_VERSION=1.139.2

 # renovate: datasource=github-releases depName=matrix-org/synapse-s3-storage-provider versioning=semver extractVersion=^v(?<version>.+)$
 ARG S3PROVIDER_VERSION=1.5.0
--- a/test/package-lock.json
+++ b/test/package-lock.json
@@ -9,10 +9,10 @@
      "version": "1.0.0",
      "license": "ISC",
      "dependencies": {
-        "chromedriver": "^141.0.0",
+        "chromedriver": "^141.0.1",
        "expect.js": "^0.3.1",
        "mocha": "^11.7.4",
-        "selenium-webdriver": "^4.35.0"
+        "selenium-webdriver": "^4.36.0"
      }
    },
    "node_modules/@bazel/runfiles": {
@@ -259,9 +259,9 @@
      }
    },
    "node_modules/chromedriver": {
-      "version": "141.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-141.0.0.tgz",
-      "integrity": "sha512-w0U5jyWlLaRHV+dhaSikDz4x0qOwZcbles2HBu4oRdd+Eq7M43Uns4eoP/6dKu9Uc5ppcK9gA/E9GHROGXhgPg==",
+      "version": "141.0.1",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-141.0.1.tgz",
+      "integrity": "sha512-BvBP/wlZDU/oDSQ7cbolKE2DI/PP2T2qDWN75+QiPkW5bUs/pd5uz4LYREl1fyoIerhLGhS0OSmMxpUfDbP4Tg==",
      "hasInstallScript": true,
      "license": "Apache-2.0",
      "dependencies": {
@@ -1480,9 +1480,9 @@
      "license": "MIT"
    },
    "node_modules/selenium-webdriver": {
-      "version": "4.35.0",
-      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.35.0.tgz",
-      "integrity": "sha512-Baaeiuyu7BIIsSYf0SI7Mi55gsNmdI00KM0Hcofw1RnAY+0QEVpdh5yAxueDxgTZS8vcbGZFU0NJ6Qc1riIrLg==",
+      "version": "4.36.0",
+      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.36.0.tgz",
+      "integrity": "sha512-rZGqjXiqNVL6QNqKNEk5DPaIMPbvApcmAS9QsXyt5wT3sfTSHGCh4AX/YKeDTOwei1BOZDlPOKBd82WCosUt9w==",
      "funding": [
        {
          "type": "github",
@@ -1497,8 +1497,8 @@
      "dependencies": {
        "@bazel/runfiles": "^6.3.1",
        "jszip": "^3.10.1",
-        "tmp": "^0.2.3",
-        "ws": "^8.18.2"
+        "tmp": "^0.2.5",
+        "ws": "^8.18.3"
      },
      "engines": {
        "node": ">= 20.0.0"
@@ -1772,9 +1772,9 @@
      "license": "MIT"
    },
    "node_modules/tmp": {
-      "version": "0.2.3",
-      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz",
-      "integrity": "sha512-nZD7m9iCPC5g0pYmcaxogYKggSfLsdxl8of3Q/oIbqCqLLIO9IAF0GWjX1z9NZRHPiXv8Wex4yDCaZsgEw0Y8w==",
+      "version": "0.2.5",
+      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.5.tgz",
+      "integrity": "sha512-voyz6MApa1rQGUxT3E+BK7/ROe8itEx7vD8/HEvt4xwXucvQ5G5oeEiHkmHZJuBO21RpOf+YYm9MOivj709jow==",
      "license": "MIT",
      "engines": {
        "node": ">=14.14"
--- a/test/package.json
+++ b/test/package.json
@@ -9,9 +9,9 @@
  "author": "",
  "license": "ISC",
  "dependencies": {
-    "chromedriver": "^141.0.0",
+    "chromedriver": "^141.0.1",
    "expect.js": "^0.3.1",
    "mocha": "^11.7.4",
-    "selenium-webdriver": "^4.35.0"
+    "selenium-webdriver": "^4.36.0"
  }
 }
Author	SHA1	Message	Date
Package Updates	598555f81c	Update package version to 1.120.2	2025-10-09 07:44:51 +00:00
Renovate Bot	d20e138c80	chore(deps): update dependency element-hq/synapse to v1.139.2 \| datasource \| package \| from \| to \| \| --------------- \| ------------------ \| ------- \| ------- \| \| github-releases \| element-hq/synapse \| 1.139.1 \| 1.139.2 \|	2025-10-09 06:19:41 +00:00
Package Updates	27d01a431f	Update package version to 1.120.1	2025-10-07 16:56:40 +00:00
Renovate Bot	bce2eb54b5	chore(deps): update dependency element-hq/synapse to v1.139.1 \| datasource \| package \| from \| to \| \| --------------- \| ------------------ \| ------- \| ------- \| \| github-releases \| element-hq/synapse \| 1.139.0 \| 1.139.1 \|	2025-10-07 15:18:55 +00:00