systems/infrastructure
1
Fork 0
Code Issues 1 Pull requests 17 Activity Actions

Update matrixdotorg/synapse Docker tag to v1.92.3 #73

Merged
jake merged 1 commit from renovate/matrixdotorg-synapse-1.x into master 2023-09-23 13:57:29 +01:00
Conversation 0 Commits 1 Files changed 1 +1 -1
renovate commented 2023-09-18 16:00:46 +01:00
Collaborator
Copy link

This PR contains the following updates:

Package Update Change
matrixdotorg/synapse patch v1.92.2 -> v1.92.3

Release Notes

matrix-org/synapse (matrixdotorg/synapse)

v1.92.3

Compare Source

Synapse 1.92.3 (2023-09-18)

This is again a security update targeted at mitigating CVE-2023-4863.
It turns out that libwebp is bundled statically in Pillow wheels so we need to update this dependency instead of
libwebp package at the OS level.

Unlike what was advertised in 1.92.2 changelog this release also impacts PyPI wheels and Debian packages from matrix.org.

We encourage admins to upgrade as soon as possible.

Internal Changes
  • Pillow 10.0.1 is now mandatory because of libwebp CVE-2023-4863, since Pillow provides libwebp in the wheels. (#​16347)
Updates to locked dependencies
  • Bump pillow from 10.0.0 to 10.0.1. (#​16344)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [matrixdotorg/synapse](https://github.com/matrix-org/synapse) | patch | `v1.92.2` -> `v1.92.3` | --- ### Release Notes <details> <summary>matrix-org/synapse (matrixdotorg/synapse)</summary> ### [`v1.92.3`](https://github.com/matrix-org/synapse/releases/tag/v1.92.3) [Compare Source](https://github.com/matrix-org/synapse/compare/v1.92.2...v1.92.3) ### Synapse 1.92.3 (2023-09-18) This is again a security update targeted at mitigating [CVE-2023-4863](https://cve.org/CVERecord?id=CVE-2023-4863). It turns out that libwebp is bundled statically in Pillow wheels so we need to update this dependency instead of libwebp package at the OS level. Unlike what was advertised in 1.92.2 changelog this release also impacts PyPI wheels and Debian packages from matrix.org. We encourage admins to upgrade as soon as possible. ##### Internal Changes - Pillow 10.0.1 is now mandatory because of libwebp CVE-2023-4863, since Pillow provides libwebp in the wheels. ([#&#8203;16347](https://github.com/matrix-org/synapse/issues/16347)) ##### Updates to locked dependencies - Bump pillow from 10.0.0 to 10.0.1. ([#&#8203;16344](https://github.com/matrix-org/synapse/issues/16344)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi45Ni4zIiwidXBkYXRlZEluVmVyIjoiMzYuOTYuMyIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->
renovate added 1 commit 2023-09-18 16:00:46 +01:00
Update matrixdotorg/synapse Docker tag to v1.92.3
All checks were successful
/ terraform (push) Successful in 1m41s
Details
/ ansible (push) Successful in 2m53s
Details
61412f1cfa
jake merged commit ea33feb643 into master 2023-09-23 13:57:29 +01:00
jake deleted branch renovate/matrixdotorg-synapse-1.x 2023-09-23 13:57:29 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: systems/infrastructure#73
No description provided.
Delete branch "renovate/matrixdotorg-synapse-1.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?