Update package version to 1.121.0

| datasource      | package            | from    | to      |
| --------------- | ------------------ | ------- | ------- |
| github-releases | element-hq/synapse | 1.139.2 | 1.140.0 |

CHANGELOG.md

@@ -1475,3 +1475,18 @@
 * Fix [CVE-2025-61672](https://www.cve.org/CVERecord?id=CVE-2025-61672) / [GHSA-fh66-fcv5-jjfr](https://github.com/element-hq/synapse/security/advisories/GHSA-fh66-fcv5-jjfr). Lack of validation for device keys in Synapse before 1.139.1 allows an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. ([#17097](https://github.com/element-hq/synapse/issues/17097))
 * Drop support for unstable field names from the long-accepted [MSC2732](https://github.com/matrix-org/matrix-spec-proposals/pull/2732) (Olm fallback keys) proposal. This change allows unit tests to pass following the security patch above. ([#18996](https://github.com/element-hq/synapse/issues/18996))
 
+[1.120.2]
+* Update synapse to 1.139.2
+
+[1.120.3]
+* Update synapse-s3-storage-provider to 1.6.0
+
+[1.121.0]
+* Update synapse to 1.140.0
+* [Full Changelog](https://github.com/element-hq/synapse/releases/tag/v1.140.0)
+* Add a new Media Query by ID Admin API that allows server admins to query and investigate the metadata of local or cached remote media via the origin/media_id identifier found in a Matrix Content URI. (#18911)
+* Add a new Fetch Event Admin API to fetch an event by ID. (#18963)
+* Update MSC4284: Policy Servers implementation to support signatures when available. (#18934)
+* Add experimental implementation of the GET /_matrix/client/v1/rtc/transports endpoint for the latest draft of MSC4143: MatrixRTC. (#18967)
+* Expose a defer_to_threadpool function in the Synapse Module API that allows modules to run a function on a separate thread in a custom threadpool. (#19032)
+

CloudronManifest.json

@@ -5,8 +5,8 @@
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG.md",
   "tagline": "Secure & decentralized communication",
-  "version": "1.120.1",
+  "version": "1.121.0",
-  "upstreamVersion": "1.139.1",
+  "upstreamVersion": "1.140.0",
   "healthCheckPath": "/",
   "httpPort": 8008,
   "memoryLimit": 536870912,

Dockerfile

@@ -8,10 +8,10 @@ WORKDIR /app/code
 RUN python3 -m venv /app/code/env
 
 # renovate: datasource=github-releases depName=element-hq/synapse versioning=semver extractVersion=^v(?<version>.+)$
-ARG SYNAPSE_VERSION=1.139.1
+ARG SYNAPSE_VERSION=1.140.0
 
 # renovate: datasource=github-releases depName=matrix-org/synapse-s3-storage-provider versioning=semver extractVersion=^v(?<version>.+)$
-ARG S3PROVIDER_VERSION=1.5.0
+ARG S3PROVIDER_VERSION=1.6.0
 
 # Synapse (https://github.com/matrix-org/synapse/blob/master/INSTALL.md)
 # lxml - required for previews

test/package-lock.json

@@ -9,7 +9,7 @@
       "version": "1.0.0",
       "license": "ISC",
       "dependencies": {
-        "chromedriver": "^141.0.0",
+        "chromedriver": "^141.0.2",
         "expect.js": "^0.3.1",
         "mocha": "^11.7.4",
         "selenium-webdriver": "^4.36.0"
@@ -259,9 +259,9 @@
       }
     },
     "node_modules/chromedriver": {
-      "version": "141.0.0",
+      "version": "141.0.2",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-141.0.0.tgz",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-141.0.2.tgz",
-      "integrity": "sha512-w0U5jyWlLaRHV+dhaSikDz4x0qOwZcbles2HBu4oRdd+Eq7M43Uns4eoP/6dKu9Uc5ppcK9gA/E9GHROGXhgPg==",
+      "integrity": "sha512-MNtgzm5SjTtbHDXlpuXkQ7brxkOYTK+qDbnmr7UrurfuhqJfIkL+nnKo7hev/hR6sFL8mV8r5+1Kn51Mo9zsDg==",
       "hasInstallScript": true,
       "license": "Apache-2.0",
       "dependencies": {

test/package.json

@@ -9,7 +9,7 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^141.0.0",
+    "chromedriver": "^141.0.2",
     "expect.js": "^0.3.1",
     "mocha": "^11.7.4",
     "selenium-webdriver": "^4.36.0"