Version 1.80.0

CHANGELOG.md

@@ -779,3 +779,322 @@
 * Update Synapse to 1.73.0
 * Update Cloudron base image to 4.0.0
 * [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.73.0)
+
+[1.57.0]
+* Update Synapse to 1.74.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.74.0)
+* Improve user search for international display names. ([\#14464](https://github.com/matrix-org/synapse/issues/14464))
+* Stop using deprecated `keyIds` parameter when calling `/_matrix/key/v2/server`. ([\#14490](https://github.com/matrix-org/synapse/issues/14490), [\#14525](https://github.com/matrix-org/synapse/issues/14525))
+* Add new `push.enabled` config option to allow opting out of push notification calculation. ([\#14551](https://github.com/matrix-org/synapse/issues/14551), [\#14619](https://github.com/matrix-org/synapse/issues/14619))
+* Advertise support for Matrix 1.5 on `/_matrix/client/versions`. ([\#14576](https://github.com/matrix-org/synapse/issues/14576))
+* Improve opentracing and logging for to-device message handling. ([\#14598](https://github.com/matrix-org/synapse/issues/14598))
+* Allow selecting "prejoin" events by state keys in addition to event types. ([\#14642](https://github.com/matrix-org/synapse/issues/14642))
+* Fix a long-standing bug where a device list update might not be sent to clients in certain circumstances. ([\#14435](https://github.com/matrix-org/synapse/issues/14435), [\#14592](https://github.com/matrix-org/synapse/issues/14592), [\#14604](https://github.com/matrix-org/synapse/issues/14604))
+* Suppress a spurious warning when `POST /rooms/<room_id>/<membership>/`, `POST /join/<room_id_or_alias`, or the unspecced `PUT /join/<room_id_or_alias>/<txn_id>` receive an empty HTTP request body. ([\#14600](https://github.com/matrix-org/synapse/issues/14600))
+* Return spec-compliant JSON errors when unknown endpoints are requested. ([\#14620](https://github.com/matrix-org/synapse/issues/14620), [\#14621](https://github.com/matrix-org/synapse/issues/14621))
+* Update html templates to load images over HTTPS. Contributed by @ashfame. ([\#14625](https://github.com/matrix-org/synapse/issues/14625))
+* Fix a long-standing bug where the user directory would return 1 more row than requested. ([\#14631](https://github.com/matrix-org/synapse/issues/14631))
+* Reject invalid read receipt requests with empty room or event IDs. Contributed by Nick @ Beeper (@fizzadar). ([\#14632](https://github.com/matrix-org/synapse/issues/14632))
+* Fix a bug introduced in Synapse 1.67.0 where not specifying a config file or a server URL would lead to the `register_new_matrix_user` script failing. ([\#14637](https://github.com/matrix-org/synapse/issues/14637))
+* Fix a long-standing bug where the user directory and room/user stats might be out of sync. ([\#14639](https://github.com/matrix-org/synapse/issues/14639), [\#14643](https://github.com/matrix-org/synapse/issues/14643))
+* Fix a bug introduced in Synapse 1.72.0 where the background updates to add non-thread unique indexes on receipts would fail if they were previously interrupted. ([\#14650](https://github.com/matrix-org/synapse/issues/14650))
+* Improve validation of field size limits in events. ([\#14664](https://github.com/matrix-org/synapse/issues/14664))
+* Fix bugs introduced in Synapse 1.55.0 and 1.69.0 where application services would not be notified of events in the correct rooms, due to stale caches. ([\#14670](https://github.com/matrix-org/synapse/issues/14670))
+
+[1.58.0]
+* Update Synapse to 1.75.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.75.0)
+* Fix race where calling /members or /state with an at parameter could fail for newly created rooms, when using multiple workers. (#14817)
+* Add a cached function to synapse.module_api that returns a decorator to cache return values of functions. (#14663)
+* Add experimental support for MSC3391 (removing account data). (#14714)
+* Support RFC7636 Proof Key for Code Exchange for OAuth single sign-on. (#14750)
+* Support non-OpenID compliant userinfo claims for subject and picture. (#14753)
+* Improve performance of /sync when filtering all rooms, message types, or senders. (#14786)
+* Improve performance of the /hierarchy endpoint. (#14263)
+* Fix the MAU Limits section of the Grafana dashboard relying on a specific job name for the workers of a Synapse deployment. (#14644)
+* Fix a bug introduced in Synapse 1.70.0 which could cause spurious UNIQUE constraint failed errors in the rotate_notifs background job. (#14669)
+* Ensure stream IDs are always updated after caches get invalidated with workers. Contributed by Nick @ Beeper (@Fizzadar). (#14723)
+* Remove the unspecced device field from /pushrules responses. (#14727)
+* Fix a bug introduced in Synapse 1.73.0 where the picture_claim configured under oidc_providers was unused (the default value of "picture" was used instead). (#14751)
+* Unescape HTML entities in URL preview titles making use of oEmbed responses. (#14781)
+* Disable sending confirmation email when 3pid is disabled. (#14725)
+
+[1.59.0]
+* Update Synapse to 1.76.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.76.0)
+* Faster joins: Fix a bug introduced in Synapse 1.69 where device list EDUs could fail to be handled after a restart when a faster join sync is in progress. (#14914)
+* Update the default room version to v10 (MSC 3904). Contributed by @FSG-Cat. (#14111)
+* Add a set_displayname() method to the module API for setting a user's display name. (#14629)
+* Add a dedicated listener configuration for health endpoint. (#14747)
+* Implement support for MSC3890: Remotely silence local notifications. (#14775)
+* Implement experimental support for MSC3930: Push rules for (MSC3381) Polls. (#14787)
+* Per MSC3925, bundle the whole of the replacement with any edited events, and optionally inhibit server-side replacement. (#14811)
+* Faster joins: always serve a partial join response to servers that request it with the stable query param. (#14839)
+* Faster joins: allow non-lazy-loading ("eager") syncs to complete after a partial join by omitting partial state rooms until they become fully stated. (#14870)
+* Faster joins: request partial joins by default. Admins can opt-out of this for the time being---see the upgrade notes. (#14905)
+
+[1.60.0]
+* Update Synapse to 1.77.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.77.0)
+* Fix bug where retried replication requests would return a failure. Introduced in v1.76.0. ([\#15024](https://github.com/matrix-org/synapse/issues/15024))
+
+[1.61.0]
+* Update Synapse to 1.78.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.78.0)
+* Implement the experimental `exact_event_match` push rule condition from MSC3758. (#14964)
+* Add account data to the command line user data export tool. (#14969)
+* Implement MSC3873 to disambiguate push rule keys with dots in them. (#15004)
+* Allow Synapse to use a specific Redis logical database in worker-mode deployments. (#15034)
+* Tag opentracing spans for federation requests with the name of the worker serving the request. (#15042)
+* Implement the experimental `exact_event_property_contains` push rule condition from MSC3966. (#15045)
+
+[1.62.0]
+* Update Synapse to 1.79.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.79.0)
+* Fix a bug introduced in Synapse 1.79.0rc1 where attempting to register a on_remove_user_third_party_identifier module API callback would be a no-op. (#15227)
+* Fix a rare bug introduced in Synapse 1.73 where events could remain unsent to other homeservers after a faster-join to a room. (#15248)
+* Add two new Third Party Rules module API callbacks: on_add_user_third_party_identifier and on_remove_user_third_party_identifier. (#15044)
+* Experimental support for MSC3967 to not require UIA for setting up cross-signing on first use. (#15077)
+* Add media information to the command line user data export tool. (#15107)
+* Add an admin API to delete a specific event report. (#15116)
+* Add support for knocking to workers. (#15133)
+* Allow use of the /filter Client-Server APIs on workers. (#15134)
+* Update support for MSC2677: remove support for server-side aggregation of reactions. (#15172)
+* Stabilise support for MSC3758: event_property_is push condition. (#15185)
+
+[1.62.1]
+* Update post installation message
+
+[1.63.0]
+* Update Synapse to 1.80.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.80.0)
+* Fix a bug in which the POST `/_matrix/client/v3/rooms/{roomId}/report/{eventId}` endpoint would return the wrong error if the user did not have permission to view the event. This aligns Synapse's implementation with MSC2249. (#15298, #15300)
+* Fix a bug introduced in Synapse 1.75.0rc1 where the SQLite port_db script
+* would fail to open the SQLite database. (#15301)
+* Stabilise support for MSC3966: event_property_contains push condition. (#15187)
+* Implement MSC2659: application service ping endpoint. Contributed by Tulir @ Beeper. (#15249)
+* Allow loading /register/available endpoint on workers. (#15268)
+* Improve performance of creating and authenticating events. (#15195)
+* Add topic and name events to group of events that are batch persisted when creating a room. (#15229)
+* Fix a long-standing bug in which the user directory would assume any remote membership state events represent a profile change. (#14755, #14756)
+* Implement MSC3873 to fix a long-standing bug where properties with dots were handled ambiguously in push rules. (#15190)
+* Faster joins: Fix a bug introduced in Synapse 1.66 where spurious "Failed to find memberships ..." errors would be logged. (#15232)
+* Fix a long-standing error when sending message into deleted room. (#15235)
+
+[1.64.0]
+* Update Synapse to 1.81.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.81.0)
+* Fix the set_device_id_for_pushers_txn background update crash. (#15391)
+* Add the ability to enable/disable registrations when in the OIDC flow. (#14978)
+* Add a primitive helper script for listing worker endpoints. (#15243)
+* Experimental support for passing One Time Key and device key requests to application services (MSC3983 and MSC3984). (#15314, #15321)
+* Allow loading /password_policy endpoint on workers. (#15331)
+* Add experimental support for Unix sockets. Contributed by Jason Little. (#15353)
+* Build Debian packages for Ubuntu 23.04 (Lunar Lobster). (#15381)
+* Fix a long-standing bug where edits of non-m.room.message events would not be correctly bundled. (#15295)
+* Fix a bug introduced in Synapse v1.55.0 which could delay remote homeservers being able to decrypt encrypted messages sent by local users. (#15297)
+* Add a check to SQLite port_db script
+* to ensure that the sqlite database passed to the script exists before trying to port from it. (#15306)
+* Fix a bug introduced in Synapse 1.76.0 where responses from worker deployments could include an internal `_INT_STREAM_POS` key. (#15309)
+* Fix a long-standing bug that Synpase only used the legacy appservice routes. (#15317)
+* Fix a long-standing bug preventing users from rejoining rooms after being banned and unbanned over federation. Contributed by Nico. (#15323)
+* Fix bug in worker mode where on a rolling restart of workers the "typing" worker would consume 100% CPU until it got restarted. (#15332)
+* Fix a long-standing bug where some to_device messages could be dropped when using workers. (#15349)
+* Fix a bug introduced in Synapse 1.70.0 where the background sync from a faster join could spin for hours when one of the events involved had been marked for backoff. (#15351)
+* Fix missing app variable in mail subject for password resets. Contributed by Cyberes. (#15352)
+* Fix a rare bug introduced in Synapse 1.66.0 where initial syncs would fail when the user had been kicked from a faster joined room that had not finished syncing. (#15383)
+
+[1.65.0]
+* Update Synapse to 1.82.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.81.0)
+* Allow loading the `/directory/room/{roomAlias}` endpoint on workers. ([\#15333](https://github.com/matrix-org/synapse/issues/15333))
+* Add some validation to `instance_map` configuration loading. ([\#15431](https://github.com/matrix-org/synapse/issues/15431))
+* Allow loading the `/capabilities` endpoint on workers. ([\#15436](https://github.com/matrix-org/synapse/issues/15436))
+* Delete server-side backup keys when deactivating an account. ([\#15181](https://github.com/matrix-org/synapse/issues/15181))
+* Fix and document untold assumption that `on_logged_out` module hooks will be called before the deletion of pushers. ([\#15410](https://github.com/matrix-org/synapse/issues/15410))
+* Improve robustness when handling a perspective key response by deduplicating received server keys. ([\#15423](https://github.com/matrix-org/synapse/issues/15423))
+* Synapse now correctly fails to start if the config option `app_service_config_files` is not a list. ([\#15425](https://github.com/matrix-org/synapse/issues/15425))
+* Disable loading `RefreshTokenServlet` (`/_matrix/client/(r0|v3|unstable)/refresh`) on workers. ([\#15428](https://github.com/matrix-org/synapse/issues/15428))
+
+[1.66.0]
+* Update Synapse to 1.83.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.83.0)
+* Experimental support to recursively provide relations per [MSC3981](https://github.com/matrix-org/matrix-spec-proposals/pull/3981). ([\#15315](https://github.com/matrix-org/synapse/issues/15315))
+* Experimental support for [MSC3970](https://github.com/matrix-org/matrix-spec-proposals/pull/3970): Scope transaction IDs to devices. ([\#15318](https://github.com/matrix-org/synapse/issues/15318))
+* Add an [admin API endpoint](https://matrix-org.github.io/synapse/v1.83/admin_api/experimental_features.html) to support per-user feature flags. ([\#15344](https://github.com/matrix-org/synapse/issues/15344))
+* Add a module API to send an HTTP push notification. ([\#15387](https://github.com/matrix-org/synapse/issues/15387))
+* Add an [admin API endpoint](https://matrix-org.github.io/synapse/v1.83/admin_api/statistics.html#get-largest-rooms-by-size-in-database) to query the largest rooms by disk space used in the database. ([\#15482](https://github.com/matrix-org/synapse/issues/15482))
+* Disable push rule evaluation for rooms excluded from sync. ([\#15361](https://github.com/matrix-org/synapse/issues/15361))
+* Fix a long-standing bug where cached server key results which were directly fetched would not be properly re-used. ([\#15417](https://github.com/matrix-org/synapse/issues/15417))
+* Fix a bug introduced in Synapse 1.73.0 where some experimental push rules were returned by default. ([\#15494](https://github.com/matrix-org/synapse/issues/15494))
+
+[1.67.0]
+* Update Synapse to 1.84.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.84.0)
+* Fix a bug introduced in Synapse 1.84.0rc1 where errors during startup were not reported correctly on Python < 3.10. ([\#15599](https://github.com/matrix-org/synapse/issues/15599))
+* Add an option to prevent media downloads from configured domains. ([\#15197](https://github.com/matrix-org/synapse/issues/15197))
+* Add `forget_rooms_on_leave` config option to automatically forget rooms when users leave them or are removed from them. ([\#15224](https://github.com/matrix-org/synapse/issues/15224))
+* Add redis TLS configuration options. ([\#15312](https://github.com/matrix-org/synapse/issues/15312))
+* Add a config option to delay push notifications by a random amount, to discourage time-based profiling. ([\#15516](https://github.com/matrix-org/synapse/issues/15516))
+* Stabilize support for [MSC2659](https://github.com/matrix-org/matrix-spec-proposals/pull/2659): application service ping endpoint. Contributed by Tulir @ Beeper. ([\#15528](https://github.com/matrix-org/synapse/issues/15528))
+* Implement [MSC4009](https://github.com/matrix-org/matrix-spec-proposals/pull/4009) to expand the supported characters in Matrix IDs. ([\#15536](https://github.com/matrix-org/synapse/issues/15536))
+* Advertise support for Matrix 1.6 on `/_matrix/client/versions`. ([\#15559](https://github.com/matrix-org/synapse/issues/15559))
+* Print full error and stack-trace of any exception that occurs during startup/initialization. ([\#15569](https://github.com/matrix-org/synapse/issues/15569))
+* Don't fail on federation over TOR where SRV queries are not supported. Contributed by Zdzichu. ([\#15523](https://github.com/matrix-org/synapse/issues/15523))
+* Experimental support for [MSC4010](https://github.com/matrix-org/matrix-spec-proposals/pull/4010) which rejects setting the `"m.push_rules"` via account data. ([\#15554](https://github.com/matrix-org/synapse/issues/15554), [\#15555](https://github.com/matrix-org/synapse/issues/15555))
+* Fix a long-standing bug where an invalid membership event could cause an internal server error. ([\#15564](https://github.com/matrix-org/synapse/issues/15564))
+* Require at least poetry-core v1.1.0. ([\#15566](https://github.com/matrix-org/synapse/issues/15566), [\#15571](https://github.com/matrix-org/synapse/issues/15571))
+
+[1.67.1]
+* Update Synapse to 1.84.1
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.84.1)
+* Fix a bug introduced in Synapse v1.84.0 where workers do not start up when no `instance_map` was provided
+
+[1.68.0]
+* Update Synapse to 1.85.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.85.0)
+* GHSA-26c5-ppr8-f33p / CVE-2023-32682 — Low Severity
+* GHSA-98px-6486-j7qc / CVE-2023-32683 — Low Severity
+* Fix a performance issue introduced in Synapse v1.83.0 which meant that purging rooms was very slow and database-intensive. (#15693)
+* Improve performance of backfill requests by performing backfill of previously failed requests in the background. (#15585)
+* Add a new admin API to create a new device for a user. (#15611)
+
+[1.68.1]
+* Update Synapse to 1.85.1
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.85.1)
+* Fix bug in schema delta that broke upgrades for some deployments. Introduced in v1.85.0. (#15738, #15739)
+
+[1.68.2]
+* Update Synapse to 1.85.2
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.85.2)
+* Fix regression where using TLS for HTTP replication between workers did not work. Introduced in v1.85.0. (#15746)
+
+[1.69.0]
+* Update Synapse to 1.86.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.86.0)
+* Fix an error when having workers of different versions running. (#15774)
+* Stable support for MSC3882 to allow an existing device/session to generate a login token for use on a new device/session. (#15388)
+* Support resolving a room's canonical alias via the module API. (#15450)
+* Enable support for MSC3952: intentional mentions. (#15520)
+* Experimental MSC3861 support: delegate auth to an OIDC provider. (#15582)
+* Add Synapse version deploy annotations to Grafana dashboard which enables easy correlation between behavior changes witnessed in a graph to a certain Synapse version and nail down regressions. (#15674)
+* Add a catch-all * to the supported relation types when redacting an event and its related events. This is an update to MSC3912 implementation. (#15705)
+* Speed up /messages by backfilling in the background when there are no backward extremities where we are directly paginating. (#15710)
+* Expose a metric reporting the database background update status. (#15740)
+* Correctly clear caches when we delete a room. (#15609)
+* Check permissions for enabling encryption earlier during room creation to avoid creating broken rooms. (#15695)
+
+[1.70.0]
+* Update Synapse to 1.87.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.87.0)
+* Improve /messages response time by avoiding backfill when we already have messages to return. (#15737)
+* Add spam checker module API for logins. (#15838)
+* Fix a long-standing bug where media files were served in an unsafe manner. Contributed by @joshqou. (#15680)
+* Avoid invalidating a cache that was just prefilled. (#15758)
+* Fix requesting multiple keys at once over federation, related to MSC3983. (#15770)
+* Fix joining rooms through aliases where the alias server isn't a real homeserver. Contributed by @tulir @ Beeper. (#15776)
+
+[1.70.1]
+* Add workaround for broken thumbnailing
+* Update s3 storage provider
+
+[1.71.0]
+* Update Synapse to 1.88.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.88.0)
+* Add not_user_type param to the list accounts admin API. (#15844)
+* Pin pydantic to ^=1.7.4 to avoid backwards-incompatible API changes from the 2.0.0 release.
+* Contributed by @PaarthShah. (#15862)
+* Correctly resize thumbnails with pillow version >=10. (#15876)
+
+[1.72.0]
+* Update Synapse to 1.89.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.89.0)
+* Add Unix Socket support for HTTP Replication Listeners. Document and provide usage instructions for utilizing Unix sockets in Synapse. Contributed by Jason Little. (#15708, #15924)
+* Allow + in Matrix IDs, per MSC4009. (#15911)
+* Support room version 11 from MSC3820. (#15912)
+* Allow configuring the set of workers to proxy outbound federation traffic through via outbound_federation_restricted_to. (#15913, #15969)
+* Implement MSC3814, dehydrated devices v2/shrivelled sessions and move MSC2697 behind a config flag. Contributed by Nico from Famedly, H-Shay and poljar. (#15929)
+* Fix a long-standing bug where remote invites weren't correctly pushed. (#15820)
+* Fix background schema updates failing over a large upgrade gap. (#15887)
+* Fix a bug introduced in 1.86.0 where Synapse starting with an empty experimental_features configuration setting. (#15925)
+* Fixed deploy annotations in the provided Grafana dashboard config, so that it shows for any homeserver and not just matrix.org. Contributed by @wrjlewis. (#15957)
+* Ensure a long state res does not starve CPU by occasionally yielding to the reactor. (#15960)
+* Properly handle redactions of creation events. (#15973)
+* Fix a bug where resyncing stale device lists could block responding to federation transactions, and thus delay receiving new data from the remote server. (#15975)
+
+[1.73.0]
+* Update Synapse to 1.90.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.90.0)
+* Scope transaction IDs to devices (implement MSC3970). (#15629)
+* Remove old rows from the cache_invalidation_stream_by_instance table automatically (this table is unused in SQLite). (#15868)
+* Fix a long-standing bug where purging history and paginating simultaneously could lead to database corruption when using workers. (#15791)
+* Fix a long-standing bug where profile endpoint returned a 404 when the user's display name was empty. (#16012)
+* Fix a long-standing bug where the synapse_port_db failed to configure sequences for application services and partial stated rooms. (#16043)
+* Fix long-standing bug with deletion in dehydrated devices v2. (#16046)
+
+[1.74.0]
+* Turn addon can be optionally enabled/disabled
+
+[1.75.0]
+* Update Synapse to 1.91.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.91.0)
+
+[1.75.1]
+* Update Synapse to 1.91.1
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.91.1)
+* Fix a performance regression introduced in Synapse 1.91.0 where event persistence would cause an excessive linear growth in CPU usage. (#16220)
+
+[1.75.2]
+* Update Synapse to 1.91.2
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.91.2)
+* Revert MSC3861 introspection cache, admin impersonation and account lock. (#16258)
+
+[1.76.0]
+* Update Synapse to 1.92.1
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.92.0)
+* Revert MSC3861 introspection cache, admin impersonation and account lock. (#16258)
+* Fix incorrect docstring for Ratelimiter. (#16255)
+
+[1.76.1]
+* Update Synapse to 1.92.2
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.92.2)
+
+[1.76.2]
+* Update Synapse to 1.92.3
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.92.3)
+* Pillow 10.0.1 is now mandatory because of libwebp CVE-2023-4863, since Pillow provides libwebp in the wheels. (#16347)
+
+[1.77.0]
+* Update Synapse to 1.93.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.93.0)
+* GHSA-4f74-84v3-j9q5 / CVE-2023-41335 — Low Severity  Temporary storage of plaintext passwords during password changes.
+* GHSA-7565-cq32-vx2x / CVE-2023-42453 — Low Severity Improper validation of receipts allows forged read receipts.
+* Add automatic purge after all users have forgotten a room. (#15488)
+* Restore room purge/shutdown after a Synapse restart. (#15488)
+* Support resolving homeservers using matrix-fed DNS SRV records from MSC4040. (#16137)
+* Add the ability to use G (GiB) and T (TiB) suffixes in configuration options that refer to numbers of bytes. (#16219)
+* Add span information to requests sent to appservices. Contributed by MTRNord. (#16227)
+* Add the ability to enable/disable registrations when using CAS. Contributed by Aurélien Grimpard. (#16262)
+* Allow the /notifications endpoint to be routed to workers. (#16265)
+
+[1.78.0]
+* Update base image to 4.2.0
+
+[1.79.0]
+* Update Synapse to 1.94.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.94.0)
+* Render plain, CSS, CSV, JSON and common image formats in the browser (inline) when requested through the /download endpoint. (#15988)
+* Add experimental support for MSC4028 to push all encrypted events to clients. (#16361)
+* Minor performance improvement when sending presence to federated servers. (#16385)
+* Minor performance improvement by caching server ACL checking. (#16360)
+
+[1.80.0]
+* Update Synapse to 1.95.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.95.0)
+* Remove legacy unspecced `knock_state_events` field returned in some responses. (#16403)
+* Fix a bug introduced in Synapse 1.81.0 where an AttributeError would be raised when `_matrix/client/v3/account/whoami` is called over a unix socket. Contributed by @Sir-Photch. (#16404)
+* Properly return inline media when content types have parameters. (#16440)
+* Prevent the purging of large rooms from timing out when Postgres is in use. The timeout which causes this issue was introduced in Synapse 1.88.0. (#16455)
+* Improve the performance of purging rooms, particularly encrypted rooms. (#16457)
+* Fix a bug introduced in Synapse 1.59.0 where servers could be incorrectly marked as available after an error response was received. (#16506)
+

CloudronManifest.json

@@ -5,8 +5,8 @@
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG.md",
   "tagline": "Secure & decentralized communication",
-  "version": "1.56.0",
-  "upstreamVersion": "1.73.0",
+  "version": "1.80.0",
+  "upstreamVersion": "1.95.0",
   "healthCheckPath": "/",
   "httpPort": 8008,
   "memoryLimit": 536870912,
@@ -15,7 +15,7 @@
     "ldap": {},
     "postgresql": {},
     "sendmail": { "supportsDisplayName": true },
-    "turn": {}
+    "turn": { "optional": true }
   },
   "manifestVersion": 2,
   "website": "https://matrix.org",
@@ -30,7 +30,7 @@
     "https://screenshots.cloudron.io/org.matrix.synapse/3.png"
   ],
   "postInstallMessage": "file://POSTINSTALL.md",
-  "minBoxVersion": "7.2.0",
+  "minBoxVersion": "7.5.1",
   "forumUrl": "https://forum.cloudron.io/category/50/matrix-synapse-riot",
   "documentationUrl": "https://docs.cloudron.io/apps/synapse/",
   "optionalSso": true

Dockerfile

@@ -1,4 +1,4 @@
-FROM cloudron/base:4.0.0@sha256:31b195ed0662bdb06a6e8a5ddbedb6f191ce92e8bee04c03fb02dd4e9d0286df
+FROM cloudron/base:4.2.0@sha256:46da2fffb36353ef714f97ae8e962bd2c212ca091108d768ba473078319a47f4
 
 RUN mkdir -p /app/pkg
 
@@ -9,13 +9,19 @@ RUN virtualenv -p python3 /app/code/env
 ENV VIRTUAL_ENV=/app/code/env
 ENV PATH="$VIRTUAL_ENV/bin:$PATH"
 
-ARG VERSION=v1.73.0
+ARG VERSION=1.95.0
+
+# https://github.com/matrix-org/synapse-s3-storage-provider
+ARG STORAGE_PROVIDER_VERSION=1beb6af95e1f5caedb8e6e7e1cc176cdb2106d37
 
 # Synapse (https://github.com/matrix-org/synapse/blob/master/INSTALL.md)
 # lxml - required for previews
 RUN pip install --upgrade pip && \
     pip install --upgrade setuptools && \
-    pip install matrix-synapse==${VERSION} psycopg2-binary python-ldap matrix-synapse-ldap3 lxml publicsuffix2 git+https://github.com/matrix-org/synapse-s3-storage-provider.git@ffd3fa477321608e57d27644197e721965e0e858 matrix-synapse[oidc]
+    pip install matrix-synapse==v${VERSION} psycopg2-binary python-ldap matrix-synapse-ldap3 lxml publicsuffix2 git+https://github.com/matrix-org/synapse-s3-storage-provider.git@${STORAGE_PROVIDER_VERSION} matrix-synapse[oidc]
+
+# workaround (https://github.com/matrix-org/synapse/issues/15873) . remove after 1.87.0
+RUN sed -e "s/Image.ANTIALIAS/Image.LANCZOS/" -i /app/code/env/lib/python3.10/site-packages/synapse/media/thumbnailer.py
 
 RUN ln -sf /app/data/index.html /app/code/env/lib/python3.10/site-packages/synapse/static/index.html
 

POSTINSTALL.md

@@ -1,5 +1,5 @@
 Account ids are created with the username and the second level domain under which the
-app is installed e.g. `@$CLOUDRON-USERNAME@$CLOUDRON-APP-DOMAIN`.
+app is installed e.g. `@$CLOUDRON-USERNAME:$CLOUDRON-APP-DOMAIN`.
 
 For federation to work, the delegation URI `https://$CLOUDRON-APP-DOMAIN/.well-known/matrix/server`
 must be configured. See the [docs](https://docs.cloudron.io/apps/synapse/#post-installation) on how to do this.

start.sh

@@ -81,10 +81,12 @@ else
 fi
 
 # turn (https://github.com/matrix-org/synapse/blob/master/docs/turn-howto.md#synapse-setup)
-yq eval -i ".turn_uris=[]" /app/data/configs/homeserver.yaml
-yq eval -i ".turn_uris[0]=\"turn:${CLOUDRON_TURN_SERVER}:${CLOUDRON_TURN_TLS_PORT}?transport=udp\"" /app/data/configs/homeserver.yaml
-yq eval -i ".turn_uris[1]=\"turn:${CLOUDRON_TURN_SERVER}:${CLOUDRON_TURN_TLS_PORT}?transport=tcp\"" /app/data/configs/homeserver.yaml
-yq eval -i ".turn_shared_secret=\"${CLOUDRON_TURN_SECRET}\"" /app/data/configs/homeserver.yaml
+if [[ -n "${CLOUDRON_TURN_SERVER:-}" ]]; then
+    yq eval -i ".turn_uris=[]" /app/data/configs/homeserver.yaml
+    yq eval -i ".turn_uris[0]=\"turn:${CLOUDRON_TURN_SERVER}:${CLOUDRON_TURN_TLS_PORT}?transport=udp\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".turn_uris[1]=\"turn:${CLOUDRON_TURN_SERVER}:${CLOUDRON_TURN_TLS_PORT}?transport=tcp\"" /app/data/configs/homeserver.yaml
+    yq eval -i ".turn_shared_secret=\"${CLOUDRON_TURN_SECRET}\"" /app/data/configs/homeserver.yaml
+fi
 
 # fix permissions
 echo "==> Fixing permissions"

test/package-lock.json

@@ -9,12 +9,11 @@
       "version": "1.0.0",
       "license": "ISC",
       "dependencies": {
-        "chromedriver": "^108.0.0",
+        "chromedriver": "^119.0.0",
         "expect.js": "^0.3.1",
-        "mocha": "^10.1.0",
-        "selenium-server-standalone-jar": "^3.141.59",
-        "selenium-webdriver": "^4.7.0",
-        "superagent": "^8.0.5"
+        "mocha": "^10.2.0",
+        "selenium-webdriver": "^4.14.0",
+        "superagent": "^8.1.2"
       }
     },
     "node_modules/@testim/chrome-version": {
@@ -98,7 +97,7 @@
     "node_modules/asap": {
       "version": "2.0.6",
       "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
-      "integrity": "sha1-5QNHYR1+aQlDIIu9r+vLwvuGbUY="
+      "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA=="
     },
     "node_modules/asynckit": {
       "version": "0.4.0",
@@ -106,9 +105,9 @@
       "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
     },
     "node_modules/axios": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.1.3.tgz",
-      "integrity": "sha512-00tXVRwKx/FZr/IDVFt4C+f9FYairX517WoGCL6dpOntqLkZofjhu43F/Xl44UOpqa+9sLFDrG/XAnFsUYgkDA==",
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.4.0.tgz",
+      "integrity": "sha512-S4XCWMEmzvo64T9GfvQDOXgYRDJ/wsSZc7Jvdgx5u1sd0JwsuPLqb3SYmusag+edF6ziyMensPVqLTSc1PiSEA==",
       "dependencies": {
         "follow-redirects": "^1.15.0",
         "form-data": "^4.0.0",
@@ -237,14 +236,14 @@
       }
     },
     "node_modules/chromedriver": {
-      "version": "108.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-108.0.0.tgz",
-      "integrity": "sha512-/kb0rb0dlC4RfXh2BOT7RV87K6d+It3VV5YXebLzO5a8t2knNffiTE23XPJQCH+l1xmgoW8/sOX/NB9irskvOQ==",
+      "version": "119.0.0",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-119.0.0.tgz",
+      "integrity": "sha512-3TmabGT7xg57/Jbsg6B/Kqk3HaSbCP1ZHkR5zNft5vT/IWKjZCAGTH9waMI+i5KHSEiMH0zOw/WF98l+1Npkpw==",
       "hasInstallScript": true,
       "dependencies": {
         "@testim/chrome-version": "^1.1.3",
-        "axios": "^1.1.3",
-        "compare-versions": "^5.0.1",
+        "axios": "^1.4.0",
+        "compare-versions": "^6.0.0",
         "extract-zip": "^2.0.1",
         "https-proxy-agent": "^5.0.1",
         "proxy-from-env": "^1.1.0",
@@ -254,7 +253,7 @@
         "chromedriver": "bin/chromedriver"
       },
       "engines": {
-        "node": ">=14"
+        "node": ">=18"
       }
     },
     "node_modules/cliui": {
@@ -295,9 +294,9 @@
       }
     },
     "node_modules/compare-versions": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-5.0.1.tgz",
-      "integrity": "sha512-v8Au3l0b+Nwkp4G142JcgJFh1/TUhdxut7wzD1Nq1dyp5oa3tXaqb03EXOAB6jS4gMlalkjAUPZBMiAfKUixHQ=="
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.0.0.tgz",
+      "integrity": "sha512-s2MzYxfRsE9f/ow8hjn7ysa7pod1xhHdQMsgiJtKx6XSNf4x2N1KG4fjrkUmXcP/e9Y2ZX4zB6sHIso0Lm6evQ=="
     },
     "node_modules/component-emitter": {
       "version": "1.3.0",
@@ -310,9 +309,9 @@
       "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s="
     },
     "node_modules/cookiejar": {
-      "version": "2.1.3",
-      "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.3.tgz",
-      "integrity": "sha512-JxbCBUdrfr6AQjOXrxoTvAMJO4HBTUIlBzslcJPAz+/KT8yk53fXun51u+RenNYvad/+Vc2DIz5o9UxlCDymFQ=="
+      "version": "2.1.4",
+      "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.4.tgz",
+      "integrity": "sha512-LDx6oHrK+PhzLKJU9j5S7/Y3jM/mUHvD/DeI1WQmJn652iPC5Y4TBzC9l+5OMOXlyTTA+SmVUPm0HQUwpD5Jqw=="
     },
     "node_modules/core-util-is": {
       "version": "1.0.3",
@@ -360,9 +359,9 @@
       }
     },
     "node_modules/dezalgo": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/dezalgo/-/dezalgo-1.0.3.tgz",
-      "integrity": "sha1-f3Qt4Gb8dIvI24IFad3c5Jvw1FY=",
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/dezalgo/-/dezalgo-1.0.4.tgz",
+      "integrity": "sha512-rXSP0bf+5n0Qonsb+SVVfNfIsimO4HEtmnIpPHY8Q1UCzKlQrDMfdobr8nJOOsRgWCyMRqeSBQzmWUMq7zvVig==",
       "dependencies": {
         "asap": "^2.0.0",
         "wrappy": "1"
@@ -512,30 +511,19 @@
       }
     },
     "node_modules/formidable": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/formidable/-/formidable-2.0.1.tgz",
-      "integrity": "sha512-rjTMNbp2BpfQShhFbR3Ruk3qk2y9jKpvMW78nJgx8QKtxjDVrwbZG+wvDOmVbifHyOUOQJXxqEy6r0faRrPzTQ==",
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/formidable/-/formidable-2.1.2.tgz",
+      "integrity": "sha512-CM3GuJ57US06mlpQ47YcunuUZ9jpm8Vx+P2CGt2j7HpgkKZO/DJYQ0Bobim8G6PFQmK5lOqOOdUXboU+h73A4g==",
       "dependencies": {
-        "dezalgo": "1.0.3",
-        "hexoid": "1.0.0",
-        "once": "1.4.0",
-        "qs": "6.9.3"
+        "dezalgo": "^1.0.4",
+        "hexoid": "^1.0.0",
+        "once": "^1.4.0",
+        "qs": "^6.11.0"
       },
       "funding": {
         "url": "https://ko-fi.com/tunnckoCore/commissions"
       }
     },
-    "node_modules/formidable/node_modules/qs": {
-      "version": "6.9.3",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.9.3.tgz",
-      "integrity": "sha512-EbZYNarm6138UKKq46tdx08Yo/q9ZhFoAXAI1meAFd2GtbRDhbZY2WQSICskT0c5q99aFzLG1D4nvTk9tqfXIw==",
-      "engines": {
-        "node": ">=0.6"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
     "node_modules/fs.realpath": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
@@ -568,9 +556,9 @@
       }
     },
     "node_modules/get-intrinsic": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.3.tgz",
-      "integrity": "sha512-QJVz1Tj7MS099PevUG5jvnt9tSkXN8K14dxQlikJuPt4uD9hHAHjLyLBiLR5zELelBdD9QNRAXZzsJx0WaDL9A==",
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.0.tgz",
+      "integrity": "sha512-L049y6nFOuom5wGyRc3/gdTLO94dySVKRACj1RmJZBQXlbTMhtNIgkWkUHq+jYmZvKf14EW1EoJnnjbmoHij0Q==",
       "dependencies": {
         "function-bind": "^1.1.1",
         "has": "^1.0.3",
@@ -809,9 +797,9 @@
       }
     },
     "node_modules/jszip": {
-      "version": "3.10.0",
-      "resolved": "https://registry.npmjs.org/jszip/-/jszip-3.10.0.tgz",
-      "integrity": "sha512-LDfVtOLtOxb9RXkYOwPyNBTQDL4eUbqahtoY6x07GiDJHwSYvn8sHHIw8wINImV3MqbMNve2gSuM1DDqEKk09Q==",
+      "version": "3.10.1",
+      "resolved": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz",
+      "integrity": "sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g==",
       "dependencies": {
         "lie": "~3.3.0",
         "pako": "~1.0.2",
@@ -917,9 +905,9 @@
       }
     },
     "node_modules/mocha": {
-      "version": "10.1.0",
-      "resolved": "https://registry.npmjs.org/mocha/-/mocha-10.1.0.tgz",
-      "integrity": "sha512-vUF7IYxEoN7XhQpFLxQAEMtE4W91acW4B6En9l97MwE9stL1A9gusXfoHZCLVHDUJ/7V5+lbCM6yMqzo5vNymg==",
+      "version": "10.2.0",
+      "resolved": "https://registry.npmjs.org/mocha/-/mocha-10.2.0.tgz",
+      "integrity": "sha512-IDY7fl/BecMwFHzoqF2sg/SHHANeBoMMXFlS9r0OXKDssYE1M5O43wUY/9BVPeIvfH2zmEbBfseqN9gBQZzXkg==",
       "dependencies": {
         "ansi-colors": "4.1.1",
         "browser-stdout": "1.3.1",
@@ -1004,9 +992,9 @@
       }
     },
     "node_modules/object-inspect": {
-      "version": "1.12.2",
-      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz",
-      "integrity": "sha512-z+cPxW0QGUp0mcqcsgQyLVRDoXFQbXOwBaqyF7VIgI4TWNQsDHrBpUQslRmIfAoYWdYzs6UlKJtB2XJpTaNSpQ==",
+      "version": "1.12.3",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz",
+      "integrity": "sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g==",
       "funding": {
         "url": "https://github.com/sponsors/ljharb"
       }
@@ -1104,9 +1092,9 @@
       }
     },
     "node_modules/qs": {
-      "version": "6.11.0",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
-      "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
+      "version": "6.11.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.2.tgz",
+      "integrity": "sha512-tDNIz22aBzCDxLtVH++VnTfzxlfeK5CbqohpSqpJgj1Wg/cQbStNAz3NuqCs5vV+pjBsK4x4pN9HlVh7rcYRiA==",
       "dependencies": {
         "side-channel": "^1.0.4"
       },
@@ -1126,9 +1114,9 @@
       }
     },
     "node_modules/readable-stream": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz",
-      "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+      "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
       "dependencies": {
         "core-util-is": "~1.0.0",
         "inherits": "~2.0.3",
@@ -1177,28 +1165,23 @@
       "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
       "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
     },
-    "node_modules/selenium-server-standalone-jar": {
-      "version": "3.141.59",
-      "resolved": "https://registry.npmjs.org/selenium-server-standalone-jar/-/selenium-server-standalone-jar-3.141.59.tgz",
-      "integrity": "sha512-gh7LagmKMkthQZo0q9qrDSWy+ISYnCUhOUW6IyRQIMGdg8Os/uMfChTDO17DYzxKmNIDx/h6+yfBj34QYALycw=="
-    },
     "node_modules/selenium-webdriver": {
-      "version": "4.7.0",
-      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.7.0.tgz",
-      "integrity": "sha512-ZB/77G6xKz96beiUIq6RSdU/Klccg8Fg6lGvEmsVSeLwOWjmJDRehBeXE/y59mytOqitYSewFzJsSU5Xov1X+Q==",
+      "version": "4.14.0",
+      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.14.0.tgz",
+      "integrity": "sha512-637rs8anqMKHbWxcBZpyG3Gcs+rBUtAUiqk0O/knUqH4Paj3MFUZrz88/pVGOLNryEVy2z92fZomT8p1ENl1gA==",
       "dependencies": {
-        "jszip": "^3.10.0",
+        "jszip": "^3.10.1",
         "tmp": "^0.2.1",
-        "ws": ">=8.7.0"
+        "ws": ">=8.14.2"
       },
       "engines": {
         "node": ">= 14.20.0"
       }
     },
     "node_modules/semver": {
-      "version": "7.3.8",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz",
-      "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==",
+      "version": "7.5.4",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz",
+      "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==",
       "dependencies": {
         "lru-cache": "^6.0.0"
       },
@@ -1279,16 +1262,16 @@
       }
     },
     "node_modules/superagent": {
-      "version": "8.0.5",
-      "resolved": "https://registry.npmjs.org/superagent/-/superagent-8.0.5.tgz",
-      "integrity": "sha512-lQVE0Praz7nHiSaJLKBM/cZyi7J0E4io8tWnGSBdBrqAzhzrjQ/F5iGP9Zr29CJC8N5zYdhG2kKaNcB6dKxp7g==",
+      "version": "8.1.2",
+      "resolved": "https://registry.npmjs.org/superagent/-/superagent-8.1.2.tgz",
+      "integrity": "sha512-6WTxW1EB6yCxV5VFOIPQruWGHqc3yI7hEmZK6h+pyk69Lk/Ut7rLUY6W/ONF2MjBuGjvmMiIpsrVJ2vjrHlslA==",
       "dependencies": {
         "component-emitter": "^1.3.0",
-        "cookiejar": "^2.1.3",
+        "cookiejar": "^2.1.4",
         "debug": "^4.3.4",
         "fast-safe-stringify": "^2.1.1",
         "form-data": "^4.0.0",
-        "formidable": "^2.0.1",
+        "formidable": "^2.1.2",
         "methods": "^1.1.2",
         "mime": "2.6.0",
         "qs": "^6.11.0",
@@ -1362,7 +1345,7 @@
     "node_modules/util-deprecate": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
-      "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8="
+      "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
     },
     "node_modules/workerpool": {
       "version": "6.2.1",
@@ -1391,15 +1374,15 @@
       "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
     },
     "node_modules/ws": {
-      "version": "8.8.0",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-8.8.0.tgz",
-      "integrity": "sha512-JDAgSYQ1ksuwqfChJusw1LSJ8BizJ2e/vVu5Lxjq3YvNJNlROv1ui4i+c/kUUrPheBvQl4c5UbERhTwKa6QBJQ==",
+      "version": "8.14.2",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.14.2.tgz",
+      "integrity": "sha512-wEBG1ftX4jcglPxgFCMJmZ2PLtSbJ2Peg6TmpJFTbe9GZYOQCDPdMYu/Tm0/bGZkw8paZnJY45J4K2PZrLYq8g==",
       "engines": {
         "node": ">=10.0.0"
       },
       "peerDependencies": {
         "bufferutil": "^4.0.1",
-        "utf-8-validate": "^5.0.2"
+        "utf-8-validate": ">=5.0.2"
       },
       "peerDependenciesMeta": {
         "bufferutil": {
@@ -1547,7 +1530,7 @@
     "asap": {
       "version": "2.0.6",
       "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
-      "integrity": "sha1-5QNHYR1+aQlDIIu9r+vLwvuGbUY="
+      "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA=="
     },
     "asynckit": {
       "version": "0.4.0",
@@ -1555,9 +1538,9 @@
       "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
     },
     "axios": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.1.3.tgz",
-      "integrity": "sha512-00tXVRwKx/FZr/IDVFt4C+f9FYairX517WoGCL6dpOntqLkZofjhu43F/Xl44UOpqa+9sLFDrG/XAnFsUYgkDA==",
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.4.0.tgz",
+      "integrity": "sha512-S4XCWMEmzvo64T9GfvQDOXgYRDJ/wsSZc7Jvdgx5u1sd0JwsuPLqb3SYmusag+edF6ziyMensPVqLTSc1PiSEA==",
       "requires": {
         "follow-redirects": "^1.15.0",
         "form-data": "^4.0.0",
@@ -1650,13 +1633,13 @@
       }
     },
     "chromedriver": {
-      "version": "108.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-108.0.0.tgz",
-      "integrity": "sha512-/kb0rb0dlC4RfXh2BOT7RV87K6d+It3VV5YXebLzO5a8t2knNffiTE23XPJQCH+l1xmgoW8/sOX/NB9irskvOQ==",
+      "version": "119.0.0",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-119.0.0.tgz",
+      "integrity": "sha512-3TmabGT7xg57/Jbsg6B/Kqk3HaSbCP1ZHkR5zNft5vT/IWKjZCAGTH9waMI+i5KHSEiMH0zOw/WF98l+1Npkpw==",
       "requires": {
         "@testim/chrome-version": "^1.1.3",
-        "axios": "^1.1.3",
-        "compare-versions": "^5.0.1",
+        "axios": "^1.4.0",
+        "compare-versions": "^6.0.0",
         "extract-zip": "^2.0.1",
         "https-proxy-agent": "^5.0.1",
         "proxy-from-env": "^1.1.0",
@@ -1695,9 +1678,9 @@
       }
     },
     "compare-versions": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-5.0.1.tgz",
-      "integrity": "sha512-v8Au3l0b+Nwkp4G142JcgJFh1/TUhdxut7wzD1Nq1dyp5oa3tXaqb03EXOAB6jS4gMlalkjAUPZBMiAfKUixHQ=="
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.0.0.tgz",
+      "integrity": "sha512-s2MzYxfRsE9f/ow8hjn7ysa7pod1xhHdQMsgiJtKx6XSNf4x2N1KG4fjrkUmXcP/e9Y2ZX4zB6sHIso0Lm6evQ=="
     },
     "component-emitter": {
       "version": "1.3.0",
@@ -1710,9 +1693,9 @@
       "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s="
     },
     "cookiejar": {
-      "version": "2.1.3",
-      "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.3.tgz",
-      "integrity": "sha512-JxbCBUdrfr6AQjOXrxoTvAMJO4HBTUIlBzslcJPAz+/KT8yk53fXun51u+RenNYvad/+Vc2DIz5o9UxlCDymFQ=="
+      "version": "2.1.4",
+      "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.4.tgz",
+      "integrity": "sha512-LDx6oHrK+PhzLKJU9j5S7/Y3jM/mUHvD/DeI1WQmJn652iPC5Y4TBzC9l+5OMOXlyTTA+SmVUPm0HQUwpD5Jqw=="
     },
     "core-util-is": {
       "version": "1.0.3",
@@ -1743,9 +1726,9 @@
       "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk="
     },
     "dezalgo": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/dezalgo/-/dezalgo-1.0.3.tgz",
-      "integrity": "sha1-f3Qt4Gb8dIvI24IFad3c5Jvw1FY=",
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/dezalgo/-/dezalgo-1.0.4.tgz",
+      "integrity": "sha512-rXSP0bf+5n0Qonsb+SVVfNfIsimO4HEtmnIpPHY8Q1UCzKlQrDMfdobr8nJOOsRgWCyMRqeSBQzmWUMq7zvVig==",
       "requires": {
         "asap": "^2.0.0",
         "wrappy": "1"
@@ -1846,21 +1829,14 @@
       }
     },
     "formidable": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/formidable/-/formidable-2.0.1.tgz",
-      "integrity": "sha512-rjTMNbp2BpfQShhFbR3Ruk3qk2y9jKpvMW78nJgx8QKtxjDVrwbZG+wvDOmVbifHyOUOQJXxqEy6r0faRrPzTQ==",
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/formidable/-/formidable-2.1.2.tgz",
+      "integrity": "sha512-CM3GuJ57US06mlpQ47YcunuUZ9jpm8Vx+P2CGt2j7HpgkKZO/DJYQ0Bobim8G6PFQmK5lOqOOdUXboU+h73A4g==",
       "requires": {
-        "dezalgo": "1.0.3",
-        "hexoid": "1.0.0",
-        "once": "1.4.0",
-        "qs": "6.9.3"
-      },
-      "dependencies": {
-        "qs": {
-          "version": "6.9.3",
-          "resolved": "https://registry.npmjs.org/qs/-/qs-6.9.3.tgz",
-          "integrity": "sha512-EbZYNarm6138UKKq46tdx08Yo/q9ZhFoAXAI1meAFd2GtbRDhbZY2WQSICskT0c5q99aFzLG1D4nvTk9tqfXIw=="
-        }
+        "dezalgo": "^1.0.4",
+        "hexoid": "^1.0.0",
+        "once": "^1.4.0",
+        "qs": "^6.11.0"
       }
     },
     "fs.realpath": {
@@ -1885,9 +1861,9 @@
       "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg=="
     },
     "get-intrinsic": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.3.tgz",
-      "integrity": "sha512-QJVz1Tj7MS099PevUG5jvnt9tSkXN8K14dxQlikJuPt4uD9hHAHjLyLBiLR5zELelBdD9QNRAXZzsJx0WaDL9A==",
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.0.tgz",
+      "integrity": "sha512-L049y6nFOuom5wGyRc3/gdTLO94dySVKRACj1RmJZBQXlbTMhtNIgkWkUHq+jYmZvKf14EW1EoJnnjbmoHij0Q==",
       "requires": {
         "function-bind": "^1.1.1",
         "has": "^1.0.3",
@@ -2054,9 +2030,9 @@
       }
     },
     "jszip": {
-      "version": "3.10.0",
-      "resolved": "https://registry.npmjs.org/jszip/-/jszip-3.10.0.tgz",
-      "integrity": "sha512-LDfVtOLtOxb9RXkYOwPyNBTQDL4eUbqahtoY6x07GiDJHwSYvn8sHHIw8wINImV3MqbMNve2gSuM1DDqEKk09Q==",
+      "version": "3.10.1",
+      "resolved": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz",
+      "integrity": "sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g==",
       "requires": {
         "lie": "~3.3.0",
         "pako": "~1.0.2",
@@ -2129,9 +2105,9 @@
       }
     },
     "mocha": {
-      "version": "10.1.0",
-      "resolved": "https://registry.npmjs.org/mocha/-/mocha-10.1.0.tgz",
-      "integrity": "sha512-vUF7IYxEoN7XhQpFLxQAEMtE4W91acW4B6En9l97MwE9stL1A9gusXfoHZCLVHDUJ/7V5+lbCM6yMqzo5vNymg==",
+      "version": "10.2.0",
+      "resolved": "https://registry.npmjs.org/mocha/-/mocha-10.2.0.tgz",
+      "integrity": "sha512-IDY7fl/BecMwFHzoqF2sg/SHHANeBoMMXFlS9r0OXKDssYE1M5O43wUY/9BVPeIvfH2zmEbBfseqN9gBQZzXkg==",
       "requires": {
         "ansi-colors": "4.1.1",
         "browser-stdout": "1.3.1",
@@ -2195,9 +2171,9 @@
       "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA=="
     },
     "object-inspect": {
-      "version": "1.12.2",
-      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz",
-      "integrity": "sha512-z+cPxW0QGUp0mcqcsgQyLVRDoXFQbXOwBaqyF7VIgI4TWNQsDHrBpUQslRmIfAoYWdYzs6UlKJtB2XJpTaNSpQ=="
+      "version": "1.12.3",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz",
+      "integrity": "sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g=="
     },
     "once": {
       "version": "1.4.0",
@@ -2268,9 +2244,9 @@
       }
     },
     "qs": {
-      "version": "6.11.0",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
-      "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
+      "version": "6.11.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.2.tgz",
+      "integrity": "sha512-tDNIz22aBzCDxLtVH++VnTfzxlfeK5CbqohpSqpJgj1Wg/cQbStNAz3NuqCs5vV+pjBsK4x4pN9HlVh7rcYRiA==",
       "requires": {
         "side-channel": "^1.0.4"
       }
@@ -2284,9 +2260,9 @@
       }
     },
     "readable-stream": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz",
-      "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+      "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
       "requires": {
         "core-util-is": "~1.0.0",
         "inherits": "~2.0.3",
@@ -2323,25 +2299,20 @@
       "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
       "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
     },
-    "selenium-server-standalone-jar": {
-      "version": "3.141.59",
-      "resolved": "https://registry.npmjs.org/selenium-server-standalone-jar/-/selenium-server-standalone-jar-3.141.59.tgz",
-      "integrity": "sha512-gh7LagmKMkthQZo0q9qrDSWy+ISYnCUhOUW6IyRQIMGdg8Os/uMfChTDO17DYzxKmNIDx/h6+yfBj34QYALycw=="
-    },
     "selenium-webdriver": {
-      "version": "4.7.0",
-      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.7.0.tgz",
-      "integrity": "sha512-ZB/77G6xKz96beiUIq6RSdU/Klccg8Fg6lGvEmsVSeLwOWjmJDRehBeXE/y59mytOqitYSewFzJsSU5Xov1X+Q==",
+      "version": "4.14.0",
+      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.14.0.tgz",
+      "integrity": "sha512-637rs8anqMKHbWxcBZpyG3Gcs+rBUtAUiqk0O/knUqH4Paj3MFUZrz88/pVGOLNryEVy2z92fZomT8p1ENl1gA==",
       "requires": {
-        "jszip": "^3.10.0",
+        "jszip": "^3.10.1",
         "tmp": "^0.2.1",
-        "ws": ">=8.7.0"
+        "ws": ">=8.14.2"
       }
     },
     "semver": {
-      "version": "7.3.8",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz",
-      "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==",
+      "version": "7.5.4",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz",
+      "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==",
       "requires": {
         "lru-cache": "^6.0.0"
       }
@@ -2401,16 +2372,16 @@
       "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig=="
     },
     "superagent": {
-      "version": "8.0.5",
-      "resolved": "https://registry.npmjs.org/superagent/-/superagent-8.0.5.tgz",
-      "integrity": "sha512-lQVE0Praz7nHiSaJLKBM/cZyi7J0E4io8tWnGSBdBrqAzhzrjQ/F5iGP9Zr29CJC8N5zYdhG2kKaNcB6dKxp7g==",
+      "version": "8.1.2",
+      "resolved": "https://registry.npmjs.org/superagent/-/superagent-8.1.2.tgz",
+      "integrity": "sha512-6WTxW1EB6yCxV5VFOIPQruWGHqc3yI7hEmZK6h+pyk69Lk/Ut7rLUY6W/ONF2MjBuGjvmMiIpsrVJ2vjrHlslA==",
       "requires": {
         "component-emitter": "^1.3.0",
-        "cookiejar": "^2.1.3",
+        "cookiejar": "^2.1.4",
         "debug": "^4.3.4",
         "fast-safe-stringify": "^2.1.1",
         "form-data": "^4.0.0",
-        "formidable": "^2.0.1",
+        "formidable": "^2.1.2",
         "methods": "^1.1.2",
         "mime": "2.6.0",
         "qs": "^6.11.0",
@@ -2463,7 +2434,7 @@
     "util-deprecate": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
-      "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8="
+      "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
     },
     "workerpool": {
       "version": "6.2.1",
@@ -2486,9 +2457,9 @@
       "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
     },
     "ws": {
-      "version": "8.8.0",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-8.8.0.tgz",
-      "integrity": "sha512-JDAgSYQ1ksuwqfChJusw1LSJ8BizJ2e/vVu5Lxjq3YvNJNlROv1ui4i+c/kUUrPheBvQl4c5UbERhTwKa6QBJQ==",
+      "version": "8.14.2",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.14.2.tgz",
+      "integrity": "sha512-wEBG1ftX4jcglPxgFCMJmZ2PLtSbJ2Peg6TmpJFTbe9GZYOQCDPdMYu/Tm0/bGZkw8paZnJY45J4K2PZrLYq8g==",
       "requires": {}
     },
     "y18n": {

test/package.json

@@ -9,11 +9,10 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^108.0.0",
+    "chromedriver": "^119.0.0",
     "expect.js": "^0.3.1",
-    "mocha": "^10.1.0",
-    "selenium-server-standalone-jar": "^3.141.59",
-    "selenium-webdriver": "^4.7.0",
-    "superagent": "^8.0.5"
+    "mocha": "^10.2.0",
+    "selenium-webdriver": "^4.14.0",
+    "superagent": "^8.1.2"
   }
 }