Skip to content

Bump all locked dependencies to their latest versions.#19519

Merged
sandhose merged 5 commits intodevelopfrom
quenting/bump-locked-deps-03-2026
Mar 3, 2026
Merged

Bump all locked dependencies to their latest versions.#19519
sandhose merged 5 commits intodevelopfrom
quenting/bump-locked-deps-03-2026

Conversation

@sandhose
Copy link
Member

@sandhose sandhose commented Mar 3, 2026
edited
Loading

This is a manual lock bump, as it looks like Dependabot is currently timing out updating dependencies. This should hopefully unlock it, as it will have fewer dependencies to update.

Two outstanding exceptions:

  • pympler upgrade adds a pywin32 deps, which is missing sdist (so CI is complaining)
  • pysaml2 for some unknown reason pinned the MAX version of pyopenssl, which duplicates pyopenssl and cryptography, which obviously breaks stuff

sandhose added 4 commits March 3, 2026 11:43
@sandhose
Bump all locked dependencies to their latest versions.
75591ec 
This is a manual lock bump, as it looks like Dependabot is currently
timing out updating dependencies. This should hopefully unlock it, as it
will have fewer dependencies to update.
@sandhose
Newsfile
e8e923e
@sandhose
Downgrade pympler to avoid the pywin32 dependency
b2b235c
@sandhose
Bump down pysaml2 to avoid double pyOpenSSL & cryptography
29aa0af
@sandhose sandhose marked this pull request as ready for review March 3, 2026 11:28
@sandhose sandhose requested a review from a team as a code owner March 3, 2026 11:28
@sandhose sandhose added the T-Task label Mar 3, 2026
@sandhose sandhose merged commit 094a48e into develop Mar 3, 2026
80 of 82 checks passed
@sandhose sandhose deleted the quenting/bump-locked-deps-03-2026 branch March 3, 2026 13:30
alexlebens pushed a commit to alexlebens/infrastructure that referenced this pull request Mar 10, 2026
@alexlebens
chore(deps): update dependency element-hq/synapse to v1.149.0 (#4580)
159eef8 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [element-hq/synapse](https://github.com/element-hq/synapse) | minor | `v1.148.0` → `v1.149.0` |

---

### Release Notes

<details>
<summary>element-hq/synapse (element-hq/synapse)</summary>

### [`v1.149.0`](https://github.com/element-hq/synapse/releases/tag/v1.149.0)

[Compare Source](element-hq/synapse@v1.148.0...v1.149.0)

### Synapse 1.149.0 (2026-03-10)

No significant changes since 1.149.0rc1.

### Synapse 1.149.0rc1 (2026-03-03)

#### Features

- Add experimental support for [MSC4388: Secure out-of-band channel for sign in with QR](matrix-org/matrix-spec-proposals#4388). ([#&#8203;19127](element-hq/synapse#19127))
- Add stable support for [MSC4380](matrix-org/matrix-spec-proposals#4380) invite blocking. ([#&#8203;19431](element-hq/synapse#19431))

#### Bugfixes

- Fix the 'Login as a user' Admin API not checking if the user exists before issuing an access token. ([#&#8203;18518](element-hq/synapse#18518))
- Fix `/sync` missing membership event in `state_after` (experimental [MSC4222](matrix-org/matrix-spec-proposals#4222) implementation) in some scenarios. ([#&#8203;19460](element-hq/synapse#19460))

#### Internal Changes

- Add log to explain when and why we freeze objects in the garbage collector. ([#&#8203;19440](element-hq/synapse#19440))
- Better instrument `JoinRoomAliasServlet` with tracing. ([#&#8203;19461](element-hq/synapse#19461))
- Fix Complement CI not running against the code from our PRs. ([#&#8203;19475](element-hq/synapse#19475))
- Log `docker system info` in CI so we have a plain record of how GitHub runners evolve over time. ([#&#8203;19480](element-hq/synapse#19480))
- Rename the `test_disconnect` test helper so that pytest doesn't see it as a test. ([#&#8203;19486](element-hq/synapse#19486))
- Add a log line when we delete devices. Contributed by [@&#8203;bradtgmurray](https://github.com/bradtgmurray) @&#8203; Beeper. ([#&#8203;19496](element-hq/synapse#19496))
- Pre-allocate the buffer based on the expected `Content-Length` with the Rust HTTP client. ([#&#8203;19498](element-hq/synapse#19498))
- Cancel long-running sync requests if the client has gone away. ([#&#8203;19499](element-hq/synapse#19499))
- Try and reduce reactor tick times when under heavy load. ([#&#8203;19507](element-hq/synapse#19507))
- Simplify Rust HTTP client response streaming and limiting. ([#&#8203;19510](element-hq/synapse#19510))
- Replace deprecated collection import locations with current locations. ([#&#8203;19515](element-hq/synapse#19515))
- Bump most locked Python dependencies to their latest versions. ([#&#8203;19519](element-hq/synapse#19519))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->

Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4580
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@erikjohnston erikjohnston erikjohnston approved these changes

Assignees

No one assigned

Labels

T-Task

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sandhose @erikjohnston