From 94ada8ed86be602bbab24f4921d03b4a47e521dc Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Mon, 8 Dec 2025 13:38:10 -0700 Subject: [PATCH 01/18] Use uv to test full set of minimum deps in CI --- .ci/scripts/prepare_old_deps.sh | 39 --------------------------------- .github/workflows/tests.yml | 15 +++++-------- pyproject.toml | 27 +++++++++++++++++++---- 3 files changed, 29 insertions(+), 52 deletions(-) delete mode 100755 .ci/scripts/prepare_old_deps.sh diff --git a/.ci/scripts/prepare_old_deps.sh b/.ci/scripts/prepare_old_deps.sh deleted file mode 100755 index 29d281dc23a..00000000000 --- a/.ci/scripts/prepare_old_deps.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/env bash -# this script is run by GitHub Actions in a plain `jammy` container; it -# - installs the minimal system requirements, and poetry; -# - patches the project definition file to refer to old versions only; -# - creates a venv with these old versions using poetry; and finally -# - invokes `trial` to run the tests with old deps. - -set -ex - -# Prevent virtualenv from auto-updating pip to an incompatible version -export VIRTUALENV_NO_DOWNLOAD=1 - -# TODO: in the future, we could use an implementation of -# https://github.com/python-poetry/poetry/issues/3527 -# https://github.com/pypa/pip/issues/8085 -# to select the lowest possible versions, rather than resorting to this sed script. - -# Patch the project definitions in-place: -# - `-E` use extended regex syntax. -# - Don't modify the line that defines required Python versions. -# - Replace all lower and tilde bounds with exact bounds. -# - Replace all caret bounds with exact bounds. -# - Delete all lines referring to psycopg2 - so no testing of postgres support. -# - Use pyopenssl 17.0, which is the oldest version that works with -# a `cryptography` compiled against OpenSSL 1.1. -# - Omit systemd: we're not logging to journal here. - -sed -i -E ' - /^\s*requires-python\s*=/b - s/[~>]=/==/g - s/\^/==/g - /psycopg2/d - s/pyOpenSSL\s*==\s*16\.0\.0"/pyOpenSSL==17.0.0"/ - /systemd/d -' pyproject.toml - -echo "::group::Patched pyproject.toml" -cat pyproject.toml -echo "::endgroup::" diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index aff2832b943..1da7e891361 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -451,15 +451,12 @@ jobs: with: python-version: '3.10' - - name: Prepare old deps - if: steps.cache-poetry-old-deps.outputs.cache-hit != 'true' - run: .ci/scripts/prepare_old_deps.sh - - # Note: we install using `pip` here, not poetry. `poetry install` ignores the - # build-system section (https://github.com/python-poetry/poetry/issues/6154), but - # we explicitly want to test that you can `pip install` using the oldest version - # of poetry-core and setuptools-rust. - - run: pip install .[all,test] + # Note: we install using `uv` here, not poetry or pip to allow us to test with the + # minimum version of all dependencies, both those explicitly specified and those + # implicitly brought in by the explicit dependencies. + - run: pip install uv + - run: uv pip install --resolution=lowest -e .[all,test] + - run: cat pyproject.toml # We nuke the local copy, as we've installed synapse into the virtualenv # (rather than use an editable install, which we no longer support). If we diff --git a/pyproject.toml b/pyproject.toml index ce2ecf63634..d47866b16a9 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -42,7 +42,7 @@ dependencies = [ "Twisted[tls]>=21.2.0", "treq>=21.5.0", # Twisted has required pyopenssl 16.0 since about Twisted 16.6. - "pyOpenSSL>=16.0.0", + "pyOpenSSL>=21.0.0", "PyYAML>=5.3", "pyasn1>=0.1.9", "pyasn1-modules>=0.0.7", @@ -110,7 +110,7 @@ oidc = ["authlib>=0.15.1"] # `systemd.journal.JournalHandler`, as is documented in # `contrib/systemd/log_config.yaml`. systemd = ["systemd-python>=231"] -url-preview = ["lxml>=4.6.3"] +url-preview = ["lxml>=4.9.1"] sentry = ["sentry-sdk>=0.7.2"] opentracing = ["jaeger-client>=4.2.0", "opentracing>=2.2.0"] jwt = ["authlib"] @@ -143,7 +143,7 @@ all = [ # oidc and jwt "authlib>=0.15.1", # url-preview - "lxml>=4.6.3", + "lxml>=4.9.1", # sentry "sentry-sdk>=0.7.2", # opentracing @@ -151,7 +151,8 @@ all = [ # redis "txredisapi>=1.4.7", "hiredis", # cache-memory - "pympler", + # 1.0 added support for python 3.10 + "pympler>=1.0", # omitted: # - test: it's useful to have this separate from dev deps in the olddeps job # - systemd: this is a system-based requirement @@ -177,6 +178,24 @@ synapse_port_db = "synapse._scripts.synapse_port_db:main" synapse_review_recent_signups = "synapse._scripts.review_recent_signups:main" update_synapse_database = "synapse._scripts.update_synapse_database:main" +[tool.uv] +override-dependencies = [ + # Transitive dependency constraints + # These dependencies aren't directly required by Syanpse. + # However, in order for Synapse to build, Synapse requires a higher minimum version + # for these dependencies than the direct dependency that pulls them in specifies. + "cffi>=1.15", # via cryptography + "defusedxml>=0.7.1", # via PIL + "hiredis>=0.3", # via hiredis + "pynacl>=1.3", # via signedjson + "pyparsing>=2.4", # via packaging + "pyrsistent>=0.18.0", # via jsonschema + "pytz>=2018.3", # via pysaml2 + "thrift>=0.10", # via jaeger-client + "tornado>=6.0", # via jaeger-client + "zope-interface>=6.2", # via twisted +] + [tool.towncrier] package = "synapse" From 20b7fad6cab0894effdcffd43bedfbe39b4e5083 Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Mon, 8 Dec 2025 13:43:20 -0700 Subject: [PATCH 02/18] Add changelog entry --- changelog.d/19289.misc | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/19289.misc diff --git a/changelog.d/19289.misc b/changelog.d/19289.misc new file mode 100644 index 00000000000..4ad0dbc4300 --- /dev/null +++ b/changelog.d/19289.misc @@ -0,0 +1 @@ +Use `uv` to test olddeps to ensure all transitive dependencies use minimum versions. From aa62700c4a76a4e82d4cda21454765a07488e64d Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Mon, 8 Dec 2025 14:09:32 -0700 Subject: [PATCH 03/18] Update poetry.lock --- poetry.lock | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/poetry.lock b/poetry.lock index 14b1f085b8a..d836ce0deb8 100644 --- a/poetry.lock +++ b/poetry.lock @@ -31,7 +31,7 @@ description = "The ultimate Python library in building OAuth and OpenID Connect optional = true python-versions = ">=3.9" groups = ["main"] -markers = "extra == \"all\" or extra == \"jwt\" or extra == \"oidc\"" +markers = "extra == \"oidc\" or extra == \"jwt\" or extra == \"all\"" files = [ {file = "authlib-1.6.5-py2.py3-none-any.whl", hash = "sha256:3e0e0507807f842b02175507bdee8957a1d5707fd4afb17c32fb43fee90b6e3a"}, {file = "authlib-1.6.5.tar.gz", hash = "sha256:6aaf9c79b7cc96c900f0b284061691c5d4e61221640a948fe690b556a6d6d10b"}, @@ -481,7 +481,7 @@ description = "XML bomb protection for Python stdlib modules" optional = true python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" groups = ["main"] -markers = "extra == \"all\" or extra == \"saml2\"" +markers = "extra == \"saml2\" or extra == \"all\"" files = [ {file = "defusedxml-0.7.1-py2.py3-none-any.whl", hash = "sha256:a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61"}, {file = "defusedxml-0.7.1.tar.gz", hash = "sha256:1bb3032db185915b62d7c6209c5a8792be6a32ab2fedacc84e01b52c51aa3e69"}, @@ -506,7 +506,7 @@ description = "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and l optional = true python-versions = ">=3.7" groups = ["main"] -markers = "extra == \"all\" or extra == \"saml2\"" +markers = "extra == \"saml2\" or extra == \"all\"" files = [ {file = "elementpath-4.1.5-py3-none-any.whl", hash = "sha256:2ac1a2fb31eb22bbbf817f8cf6752f844513216263f0e3892c8e79782fe4bb55"}, {file = "elementpath-4.1.5.tar.gz", hash = "sha256:c2d6dc524b29ef751ecfc416b0627668119d8812441c555d7471da41d4bacb8d"}, @@ -556,7 +556,7 @@ description = "Python wrapper for hiredis" optional = true python-versions = ">=3.8" groups = ["main"] -markers = "extra == \"all\" or extra == \"redis\"" +markers = "extra == \"redis\" or extra == \"all\"" files = [ {file = "hiredis-3.3.0-cp310-cp310-macosx_10_15_universal2.whl", hash = "sha256:9937d9b69321b393fbace69f55423480f098120bc55a3316e1ca3508c4dbbd6f"}, {file = "hiredis-3.3.0-cp310-cp310-macosx_10_15_x86_64.whl", hash = "sha256:50351b77f89ba6a22aff430b993653847f36b71d444509036baa0f2d79d1ebf4"}, @@ -879,7 +879,7 @@ description = "Jaeger Python OpenTracing Tracer implementation" optional = true python-versions = ">=3.7" groups = ["main"] -markers = "extra == \"all\" or extra == \"opentracing\"" +markers = "extra == \"opentracing\" or extra == \"all\"" files = [ {file = "jaeger-client-4.8.0.tar.gz", hash = "sha256:3157836edab8e2c209bd2d6ae61113db36f7ee399e66b1dcbb715d87ab49bfe0"}, ] @@ -1017,7 +1017,7 @@ description = "A strictly RFC 4510 conforming LDAP V3 pure Python client library optional = true python-versions = "*" groups = ["main"] -markers = "extra == \"all\" or extra == \"matrix-synapse-ldap3\"" +markers = "extra == \"matrix-synapse-ldap3\" or extra == \"all\"" files = [ {file = "ldap3-2.9.1-py2.py3-none-any.whl", hash = "sha256:5869596fc4948797020d3f03b7939da938778a0f9e2009f7a072ccf92b8e8d70"}, {file = "ldap3-2.9.1.tar.gz", hash = "sha256:f3e7fc4718e3f09dda568b57100095e0ce58633bcabbed8667ce3f8fbaa4229f"}, @@ -1119,7 +1119,7 @@ description = "Powerful and Pythonic XML processing library combining libxml2/li optional = true python-versions = ">=3.8" groups = ["main"] -markers = "extra == \"all\" or extra == \"url-preview\"" +markers = "extra == \"url-preview\" or extra == \"all\"" files = [ {file = "lxml-6.0.2-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:e77dd455b9a16bbd2a5036a63ddbd479c19572af81b624e79ef422f929eef388"}, {file = "lxml-6.0.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:5d444858b9f07cefff6455b983aea9a67f7462ba1f6cbe4a21e8bf6791bf2153"}, @@ -1405,7 +1405,7 @@ description = "An LDAP3 auth provider for Synapse" optional = true python-versions = ">=3.7" groups = ["main"] -markers = "extra == \"all\" or extra == \"matrix-synapse-ldap3\"" +markers = "extra == \"matrix-synapse-ldap3\" or extra == \"all\"" files = [ {file = "matrix-synapse-ldap3-0.3.0.tar.gz", hash = "sha256:8bb6517173164d4b9cc44f49de411d8cebdb2e705d5dd1ea1f38733c4a009e1d"}, {file = "matrix_synapse_ldap3-0.3.0-py3-none-any.whl", hash = "sha256:8b4d701f8702551e98cc1d8c20dbed532de5613584c08d0df22de376ba99159d"}, @@ -1648,7 +1648,7 @@ description = "OpenTracing API for Python. See documentation at http://opentraci optional = true python-versions = "*" groups = ["main"] -markers = "extra == \"all\" or extra == \"opentracing\"" +markers = "extra == \"opentracing\" or extra == \"all\"" files = [ {file = "opentracing-2.4.0.tar.gz", hash = "sha256:a173117e6ef580d55874734d1fa7ecb6f3655160b8b8974a2a1e98e5ec9c840d"}, ] @@ -1838,7 +1838,7 @@ description = "psycopg2 - Python-PostgreSQL Database Adapter" optional = true python-versions = ">=3.9" groups = ["main"] -markers = "extra == \"all\" or extra == \"postgres\"" +markers = "extra == \"postgres\" or extra == \"all\"" files = [ {file = "psycopg2-2.9.11-cp310-cp310-win_amd64.whl", hash = "sha256:103e857f46bb76908768ead4e2d0ba1d1a130e7b8ed77d3ae91e8b33481813e8"}, {file = "psycopg2-2.9.11-cp311-cp311-win_amd64.whl", hash = "sha256:210daed32e18f35e3140a1ebe059ac29209dd96468f2f7559aa59f75ee82a5cb"}, @@ -1856,7 +1856,7 @@ description = ".. image:: https://travis-ci.org/chtd/psycopg2cffi.svg?branch=mas optional = true python-versions = "*" groups = ["main"] -markers = "platform_python_implementation == \"PyPy\" and (extra == \"all\" or extra == \"postgres\")" +markers = "platform_python_implementation == \"PyPy\" and (extra == \"postgres\" or extra == \"all\")" files = [ {file = "psycopg2cffi-2.9.0.tar.gz", hash = "sha256:7e272edcd837de3a1d12b62185eb85c45a19feda9e62fa1b120c54f9e8d35c52"}, ] @@ -1872,7 +1872,7 @@ description = "A Simple library to enable psycopg2 compatability" optional = true python-versions = "*" groups = ["main"] -markers = "platform_python_implementation == \"PyPy\" and (extra == \"all\" or extra == \"postgres\")" +markers = "platform_python_implementation == \"PyPy\" and (extra == \"postgres\" or extra == \"all\")" files = [ {file = "psycopg2cffi-compat-1.1.tar.gz", hash = "sha256:d25e921748475522b33d13420aad5c2831c743227dc1f1f2585e0fdb5c914e05"}, ] @@ -2154,7 +2154,7 @@ description = "A development tool to measure, monitor and analyze the memory beh optional = true python-versions = ">=3.6" groups = ["main"] -markers = "extra == \"all\" or extra == \"cache-memory\"" +markers = "extra == \"cache-memory\" or extra == \"all\"" files = [ {file = "Pympler-1.0.1-py3-none-any.whl", hash = "sha256:d260dda9ae781e1eab6ea15bacb84015849833ba5555f141d2d9b7b7473b307d"}, {file = "Pympler-1.0.1.tar.gz", hash = "sha256:993f1a3599ca3f4fcd7160c7545ad06310c9e12f70174ae7ae8d4e25f6c5d3fa"}, @@ -2214,7 +2214,7 @@ description = "Python implementation of SAML Version 2 Standard" optional = true python-versions = ">=3.9,<4.0" groups = ["main"] -markers = "extra == \"all\" or extra == \"saml2\"" +markers = "extra == \"saml2\" or extra == \"all\"" files = [ {file = "pysaml2-7.5.0-py3-none-any.whl", hash = "sha256:bc6627cc344476a83c757f440a73fda1369f13b6fda1b4e16bca63ffbabb5318"}, {file = "pysaml2-7.5.0.tar.gz", hash = "sha256:f36871d4e5ee857c6b85532e942550d2cf90ea4ee943d75eb681044bbc4f54f7"}, @@ -2239,7 +2239,7 @@ description = "Extensions to the standard Python datetime module" optional = true python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7" groups = ["main"] -markers = "extra == \"all\" or extra == \"saml2\"" +markers = "extra == \"saml2\" or extra == \"all\"" files = [ {file = "python-dateutil-2.8.2.tar.gz", hash = "sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86"}, {file = "python_dateutil-2.8.2-py2.py3-none-any.whl", hash = "sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9"}, @@ -2267,7 +2267,7 @@ description = "World timezone definitions, modern and historical" optional = true python-versions = "*" groups = ["main"] -markers = "extra == \"all\" or extra == \"saml2\"" +markers = "extra == \"saml2\" or extra == \"all\"" files = [ {file = "pytz-2025.2-py2.py3-none-any.whl", hash = "sha256:5ddf76296dd8c44c26eb8f4b6f35488f3ccbf6fbbd7adee0b7262d43f0ec2f00"}, {file = "pytz-2025.2.tar.gz", hash = "sha256:360b9e3dbb49a209c21ad61809c7fb453643e048b38924c765813546746e81c3"}, @@ -2671,7 +2671,7 @@ description = "Python client for Sentry (https://sentry.io)" optional = true python-versions = ">=3.6" groups = ["main"] -markers = "extra == \"all\" or extra == \"sentry\"" +markers = "extra == \"sentry\" or extra == \"all\"" files = [ {file = "sentry_sdk-2.46.0-py2.py3-none-any.whl", hash = "sha256:4eeeb60198074dff8d066ea153fa6f241fef1668c10900ea53a4200abc8da9b1"}, {file = "sentry_sdk-2.46.0.tar.gz", hash = "sha256:91821a23460725734b7741523021601593f35731808afc0bb2ba46c27b8acd91"}, @@ -2881,7 +2881,7 @@ description = "Tornado IOLoop Backed Concurrent Futures" optional = true python-versions = "*" groups = ["main"] -markers = "extra == \"all\" or extra == \"opentracing\"" +markers = "extra == \"opentracing\" or extra == \"all\"" files = [ {file = "threadloop-1.0.2-py2-none-any.whl", hash = "sha256:5c90dbefab6ffbdba26afb4829d2a9df8275d13ac7dc58dccb0e279992679599"}, {file = "threadloop-1.0.2.tar.gz", hash = "sha256:8b180aac31013de13c2ad5c834819771992d350267bddb854613ae77ef571944"}, @@ -2897,7 +2897,7 @@ description = "Python bindings for the Apache Thrift RPC system" optional = true python-versions = "*" groups = ["main"] -markers = "extra == \"all\" or extra == \"opentracing\"" +markers = "extra == \"opentracing\" or extra == \"all\"" files = [ {file = "thrift-0.16.0.tar.gz", hash = "sha256:2b5b6488fcded21f9d312aa23c9ff6a0195d0f6ae26ddbd5ad9e3e25dfc14408"}, ] @@ -2970,7 +2970,7 @@ description = "Tornado is a Python web framework and asynchronous networking lib optional = true python-versions = ">=3.9" groups = ["main"] -markers = "extra == \"all\" or extra == \"opentracing\"" +markers = "extra == \"opentracing\" or extra == \"all\"" files = [ {file = "tornado-6.5-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:f81067dad2e4443b015368b24e802d0083fecada4f0a4572fdb72fc06e54a9a6"}, {file = "tornado-6.5-cp39-abi3-macosx_10_9_x86_64.whl", hash = "sha256:9ac1cbe1db860b3cbb251e795c701c41d343f06a96049d6274e7c77559117e41"}, @@ -3104,7 +3104,7 @@ description = "non-blocking redis client for python" optional = true python-versions = "*" groups = ["main"] -markers = "extra == \"all\" or extra == \"redis\"" +markers = "extra == \"redis\" or extra == \"all\"" files = [ {file = "txredisapi-1.4.11-py3-none-any.whl", hash = "sha256:ac64d7a9342b58edca13ef267d4fa7637c1aa63f8595e066801c1e8b56b22d0b"}, {file = "txredisapi-1.4.11.tar.gz", hash = "sha256:3eb1af99aefdefb59eb877b1dd08861efad60915e30ad5bf3d5bf6c5cedcdbc6"}, @@ -3350,7 +3350,7 @@ description = "An XML Schema validator and decoder" optional = true python-versions = ">=3.7" groups = ["main"] -markers = "extra == \"all\" or extra == \"saml2\"" +markers = "extra == \"saml2\" or extra == \"all\"" files = [ {file = "xmlschema-2.4.0-py3-none-any.whl", hash = "sha256:dc87be0caaa61f42649899189aab2fd8e0d567f2cf548433ba7b79278d231a4a"}, {file = "xmlschema-2.4.0.tar.gz", hash = "sha256:d74cd0c10866ac609e1ef94a5a69b018ad16e39077bc6393408b40c6babee793"}, @@ -3485,4 +3485,4 @@ url-preview = ["lxml"] [metadata] lock-version = "2.1" python-versions = ">=3.10.0,<4.0.0" -content-hash = "98b9062f48205a3bcc99b43ae665083d360a15d4a208927fa978df9c36fd5315" +content-hash = "5687ecea1e71359deabde6fadcf9e53921df121d58e2e7b67d988552dc7c0662" From 63604e32cad08a48ff127c713c31f491f139b311 Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Mon, 8 Dec 2025 14:15:21 -0700 Subject: [PATCH 04/18] Create venv --- .github/workflows/tests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 1da7e891361..22a03effe08 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -455,6 +455,7 @@ jobs: # minimum version of all dependencies, both those explicitly specified and those # implicitly brought in by the explicit dependencies. - run: pip install uv + - run: uv venv - run: uv pip install --resolution=lowest -e .[all,test] - run: cat pyproject.toml From bb38768a196a8c9e75a07410306b34e93a035fef Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Mon, 8 Dec 2025 14:38:24 -0700 Subject: [PATCH 05/18] Python is run on system --- .github/workflows/tests.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 22a03effe08..f5ca480d7b8 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -455,9 +455,7 @@ jobs: # minimum version of all dependencies, both those explicitly specified and those # implicitly brought in by the explicit dependencies. - run: pip install uv - - run: uv venv - - run: uv pip install --resolution=lowest -e .[all,test] - - run: cat pyproject.toml + - run: uv pip install --system --resolution=lowest -e .[all,test] # We nuke the local copy, as we've installed synapse into the virtualenv # (rather than use an editable install, which we no longer support). If we From a4f24eb69189a6debc7a520490e07d72c6e8d425 Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Mon, 8 Dec 2025 15:07:30 -0700 Subject: [PATCH 06/18] Remove editable install --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index f5ca480d7b8..f9d22c8f4ae 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -455,7 +455,7 @@ jobs: # minimum version of all dependencies, both those explicitly specified and those # implicitly brought in by the explicit dependencies. - run: pip install uv - - run: uv pip install --system --resolution=lowest -e .[all,test] + - run: uv pip install --system --resolution=lowest .[all,test] # We nuke the local copy, as we've installed synapse into the virtualenv # (rather than use an editable install, which we no longer support). If we From 4cb6658c59389e7089edc2af464caff0ea29aa70 Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Mon, 8 Dec 2025 15:16:12 -0700 Subject: [PATCH 07/18] Specify minimum urllib3 version --- pyproject.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/pyproject.toml b/pyproject.toml index d47866b16a9..5933ea368ea 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -193,6 +193,7 @@ override-dependencies = [ "pytz>=2018.3", # via pysaml2 "thrift>=0.10", # via jaeger-client "tornado>=6.0", # via jaeger-client + "urllib3>=1.26.0", # via treq; 1.26.0 is the first version compatible with Python 3.10+ "zope-interface>=6.2", # via twisted ] From 1ca19a950209722c03a850cd85feba6a326c5587 Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Mon, 8 Dec 2025 15:22:03 -0700 Subject: [PATCH 08/18] Bump urllib3 minimum --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 5933ea368ea..493e30e537d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -193,7 +193,7 @@ override-dependencies = [ "pytz>=2018.3", # via pysaml2 "thrift>=0.10", # via jaeger-client "tornado>=6.0", # via jaeger-client - "urllib3>=1.26.0", # via treq; 1.26.0 is the first version compatible with Python 3.10+ + "urllib3>=1.26.5", # via treq; 1.26.5 fixes Python 3.10+ collections.abc compatibility "zope-interface>=6.2", # via twisted ] From fa1d3cefd6596a01dbcfb4135df94a9eacda2304 Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Mon, 8 Dec 2025 15:50:49 -0700 Subject: [PATCH 09/18] Add requests dep --- pyproject.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/pyproject.toml b/pyproject.toml index 493e30e537d..fd3000ac77f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -191,6 +191,7 @@ override-dependencies = [ "pyparsing>=2.4", # via packaging "pyrsistent>=0.18.0", # via jsonschema "pytz>=2018.3", # via pysaml2 + "requests>=2.16.0", # 2.16.0+ no longer vendors urllib3, avoiding Python 3.10+ incompatibility "thrift>=0.10", # via jaeger-client "tornado>=6.0", # via jaeger-client "urllib3>=1.26.5", # via treq; 1.26.5 fixes Python 3.10+ collections.abc compatibility From dc7a807825bb1dbb6955d3a3b41375c434d2fd75 Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Tue, 9 Dec 2025 15:07:16 -0700 Subject: [PATCH 10/18] Readd workflow step name --- .github/workflows/tests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index f9d22c8f4ae..0a23fdd6684 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -451,6 +451,7 @@ jobs: with: python-version: '3.10' + - name: Prepare old deps # Note: we install using `uv` here, not poetry or pip to allow us to test with the # minimum version of all dependencies, both those explicitly specified and those # implicitly brought in by the explicit dependencies. From 29845a2a628297fd63840e2ed04742349c22c759 Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Tue, 9 Dec 2025 15:10:11 -0700 Subject: [PATCH 11/18] Reduce minimum versions required --- poetry.lock | 2 +- pyproject.toml | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/poetry.lock b/poetry.lock index d836ce0deb8..9c33588d181 100644 --- a/poetry.lock +++ b/poetry.lock @@ -3485,4 +3485,4 @@ url-preview = ["lxml"] [metadata] lock-version = "2.1" python-versions = ">=3.10.0,<4.0.0" -content-hash = "5687ecea1e71359deabde6fadcf9e53921df121d58e2e7b67d988552dc7c0662" +content-hash = "26db27a54004aff965cee2391fa7b6883fabd86d5262fdcb4f65c71e898f7a87" diff --git a/pyproject.toml b/pyproject.toml index fd3000ac77f..b24c56244e5 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -42,7 +42,8 @@ dependencies = [ "Twisted[tls]>=21.2.0", "treq>=21.5.0", # Twisted has required pyopenssl 16.0 since about Twisted 16.6. - "pyOpenSSL>=21.0.0", + # pyOpenSSL 16.2.0 fixes compatibility with OpenSSL 1.1.0. + "pyOpenSSL>=16.2.0", "PyYAML>=5.3", "pyasn1>=0.1.9", "pyasn1-modules>=0.0.7", @@ -110,7 +111,7 @@ oidc = ["authlib>=0.15.1"] # `systemd.journal.JournalHandler`, as is documented in # `contrib/systemd/log_config.yaml`. systemd = ["systemd-python>=231"] -url-preview = ["lxml>=4.9.1"] +url-preview = ["lxml>=4.6.3"] sentry = ["sentry-sdk>=0.7.2"] opentracing = ["jaeger-client>=4.2.0", "opentracing>=2.2.0"] jwt = ["authlib"] @@ -143,7 +144,7 @@ all = [ # oidc and jwt "authlib>=0.15.1", # url-preview - "lxml>=4.9.1", + "lxml>=4.6.3", # sentry "sentry-sdk>=0.7.2", # opentracing @@ -151,7 +152,7 @@ all = [ # redis "txredisapi>=1.4.7", "hiredis", # cache-memory - # 1.0 added support for python 3.10 + # 1.0 added support for python 3.10, our current minimum supported python version "pympler>=1.0", # omitted: # - test: it's useful to have this separate from dev deps in the olddeps job From cb3f98036cdd0560c573246e892420676030630d Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Tue, 9 Dec 2025 15:29:34 -0700 Subject: [PATCH 12/18] Add commentary to pyproject.toml --- pyproject.toml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index b24c56244e5..83e27aa4f03 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -180,11 +180,14 @@ synapse_review_recent_signups = "synapse._scripts.review_recent_signups:main" update_synapse_database = "synapse._scripts.update_synapse_database:main" [tool.uv] +# From the uv docs (https://docs.astral.sh/uv/concepts/resolution/#dependency-overrides): +# As with constraints, overrides do not add a dependency on the package and only take +# effect if the package is requested in a direct or transitive dependency. override-dependencies = [ # Transitive dependency constraints # These dependencies aren't directly required by Syanpse. # However, in order for Synapse to build, Synapse requires a higher minimum version - # for these dependencies than the direct dependency that pulls them in specifies. + # for these dependencies than the minimum specified by the direct dependency. "cffi>=1.15", # via cryptography "defusedxml>=0.7.1", # via PIL "hiredis>=0.3", # via hiredis From c7e9148938d145a9d1ec6a12c742af097fd660b3 Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Tue, 9 Dec 2025 15:30:50 -0700 Subject: [PATCH 13/18] Fix typo --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 83e27aa4f03..71a9ac816d1 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -185,7 +185,7 @@ update_synapse_database = "synapse._scripts.update_synapse_database:main" # effect if the package is requested in a direct or transitive dependency. override-dependencies = [ # Transitive dependency constraints - # These dependencies aren't directly required by Syanpse. + # These dependencies aren't directly required by Synapse. # However, in order for Synapse to build, Synapse requires a higher minimum version # for these dependencies than the minimum specified by the direct dependency. "cffi>=1.15", # via cryptography From 1a6eec59f3149270909deb29365f193994aa4d1c Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Tue, 9 Dec 2025 16:15:08 -0700 Subject: [PATCH 14/18] Fix github workflow syntax --- .github/workflows/tests.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 0a23fdd6684..cab6bbdefee 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -452,11 +452,12 @@ jobs: python-version: '3.10' - name: Prepare old deps - # Note: we install using `uv` here, not poetry or pip to allow us to test with the - # minimum version of all dependencies, both those explicitly specified and those - # implicitly brought in by the explicit dependencies. - - run: pip install uv - - run: uv pip install --system --resolution=lowest .[all,test] + # Note: we install using `uv` here, not poetry or pip to allow us to test with the + # minimum version of all dependencies, both those explicitly specified and those + # implicitly brought in by the explicit dependencies. + run: | + pip install uv + uv pip install --system --resolution=lowest .[all,test] # We nuke the local copy, as we've installed synapse into the virtualenv # (rather than use an editable install, which we no longer support). If we From ef4a1b1c29318ea6c87f660ca94676dbc5489daa Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Tue, 9 Dec 2025 16:33:18 -0700 Subject: [PATCH 15/18] Triple check this catches bad minimums --- pyproject.toml | 1 - 1 file changed, 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 406fda83560..7ab095fe59c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -199,7 +199,6 @@ override-dependencies = [ "thrift>=0.10", # via jaeger-client "tornado>=6.0", # via jaeger-client "urllib3>=1.26.5", # via treq; 1.26.5 fixes Python 3.10+ collections.abc compatibility - "zope-interface>=6.2", # via twisted ] From f703f30d27ba1c4469745b85fc025cb819da21c2 Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Tue, 9 Dec 2025 16:40:24 -0700 Subject: [PATCH 16/18] Revert "Triple check this catches bad minimums" This reverts commit ef4a1b1c29318ea6c87f660ca94676dbc5489daa. --- pyproject.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/pyproject.toml b/pyproject.toml index 7ab095fe59c..406fda83560 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -199,6 +199,7 @@ override-dependencies = [ "thrift>=0.10", # via jaeger-client "tornado>=6.0", # via jaeger-client "urllib3>=1.26.5", # via treq; 1.26.5 fixes Python 3.10+ collections.abc compatibility + "zope-interface>=6.2", # via twisted ] From 3cb3b96cd27413c17ecc94eedd764c94ec83bc64 Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Thu, 11 Dec 2025 09:34:35 -0700 Subject: [PATCH 17/18] Move transitive deps to normal dep lists --- poetry.lock | 65 ++++++++++++++++++++++++++++++++++++++++++++--- pyproject.toml | 68 ++++++++++++++++++++++++++++++++++---------------- 2 files changed, 108 insertions(+), 25 deletions(-) diff --git a/poetry.lock b/poetry.lock index 4754affe801..4dacae38a47 100644 --- a/poetry.lock +++ b/poetry.lock @@ -2207,6 +2207,63 @@ typing-extensions = {version = ">=4.9", markers = "python_version < \"3.13\" and docs = ["sphinx (!=5.2.0,!=5.2.0.post0,!=7.2.5)", "sphinx_rtd_theme"] test = ["pretend", "pytest (>=3.0.1)", "pytest-rerunfailures"] +[[package]] +name = "pyparsing" +version = "3.2.5" +description = "pyparsing - Classes and methods to define and execute parsing grammars" +optional = false +python-versions = ">=3.9" +groups = ["main"] +files = [ + {file = "pyparsing-3.2.5-py3-none-any.whl", hash = "sha256:e38a4f02064cf41fe6593d328d0512495ad1f3d8a91c4f73fc401b3079a59a5e"}, + {file = "pyparsing-3.2.5.tar.gz", hash = "sha256:2df8d5b7b2802ef88e8d016a2eb9c7aeaa923529cd251ed0fe4608275d4105b6"}, +] + +[package.extras] +diagrams = ["jinja2", "railroad-diagrams"] + +[[package]] +name = "pyrsistent" +version = "0.20.0" +description = "Persistent/Functional/Immutable data structures" +optional = false +python-versions = ">=3.8" +groups = ["main"] +files = [ + {file = "pyrsistent-0.20.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:8c3aba3e01235221e5b229a6c05f585f344734bd1ad42a8ac51493d74722bbce"}, + {file = "pyrsistent-0.20.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c1beb78af5423b879edaf23c5591ff292cf7c33979734c99aa66d5914ead880f"}, + {file = "pyrsistent-0.20.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:21cc459636983764e692b9eba7144cdd54fdec23ccdb1e8ba392a63666c60c34"}, + {file = "pyrsistent-0.20.0-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f5ac696f02b3fc01a710427585c855f65cd9c640e14f52abe52020722bb4906b"}, + {file = "pyrsistent-0.20.0-cp310-cp310-win32.whl", hash = "sha256:0724c506cd8b63c69c7f883cc233aac948c1ea946ea95996ad8b1380c25e1d3f"}, + {file = "pyrsistent-0.20.0-cp310-cp310-win_amd64.whl", hash = "sha256:8441cf9616d642c475684d6cf2520dd24812e996ba9af15e606df5f6fd9d04a7"}, + {file = "pyrsistent-0.20.0-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:0f3b1bcaa1f0629c978b355a7c37acd58907390149b7311b5db1b37648eb6958"}, + {file = "pyrsistent-0.20.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5cdd7ef1ea7a491ae70d826b6cc64868de09a1d5ff9ef8d574250d0940e275b8"}, + {file = "pyrsistent-0.20.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cae40a9e3ce178415040a0383f00e8d68b569e97f31928a3a8ad37e3fde6df6a"}, + {file = "pyrsistent-0.20.0-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:6288b3fa6622ad8a91e6eb759cfc48ff3089e7c17fb1d4c59a919769314af224"}, + {file = "pyrsistent-0.20.0-cp311-cp311-win32.whl", hash = "sha256:7d29c23bdf6e5438c755b941cef867ec2a4a172ceb9f50553b6ed70d50dfd656"}, + {file = "pyrsistent-0.20.0-cp311-cp311-win_amd64.whl", hash = "sha256:59a89bccd615551391f3237e00006a26bcf98a4d18623a19909a2c48b8e986ee"}, + {file = "pyrsistent-0.20.0-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:09848306523a3aba463c4b49493a760e7a6ca52e4826aa100ee99d8d39b7ad1e"}, + {file = "pyrsistent-0.20.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a14798c3005ec892bbada26485c2eea3b54109cb2533713e355c806891f63c5e"}, + {file = "pyrsistent-0.20.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b14decb628fac50db5e02ee5a35a9c0772d20277824cfe845c8a8b717c15daa3"}, + {file = "pyrsistent-0.20.0-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:2e2c116cc804d9b09ce9814d17df5edf1df0c624aba3b43bc1ad90411487036d"}, + {file = "pyrsistent-0.20.0-cp312-cp312-win32.whl", hash = "sha256:e78d0c7c1e99a4a45c99143900ea0546025e41bb59ebc10182e947cf1ece9174"}, + {file = "pyrsistent-0.20.0-cp312-cp312-win_amd64.whl", hash = "sha256:4021a7f963d88ccd15b523787d18ed5e5269ce57aa4037146a2377ff607ae87d"}, + {file = "pyrsistent-0.20.0-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:79ed12ba79935adaac1664fd7e0e585a22caa539dfc9b7c7c6d5ebf91fb89054"}, + {file = "pyrsistent-0.20.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f920385a11207dc372a028b3f1e1038bb244b3ec38d448e6d8e43c6b3ba20e98"}, + {file = "pyrsistent-0.20.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4f5c2d012671b7391803263419e31b5c7c21e7c95c8760d7fc35602353dee714"}, + {file = "pyrsistent-0.20.0-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ef3992833fbd686ee783590639f4b8343a57f1f75de8633749d984dc0eb16c86"}, + {file = "pyrsistent-0.20.0-cp38-cp38-win32.whl", hash = "sha256:881bbea27bbd32d37eb24dd320a5e745a2a5b092a17f6debc1349252fac85423"}, + {file = "pyrsistent-0.20.0-cp38-cp38-win_amd64.whl", hash = "sha256:6d270ec9dd33cdb13f4d62c95c1a5a50e6b7cdd86302b494217137f760495b9d"}, + {file = "pyrsistent-0.20.0-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:ca52d1ceae015859d16aded12584c59eb3825f7b50c6cfd621d4231a6cc624ce"}, + {file = "pyrsistent-0.20.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b318ca24db0f0518630e8b6f3831e9cba78f099ed5c1d65ffe3e023003043ba0"}, + {file = "pyrsistent-0.20.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fed2c3216a605dc9a6ea50c7e84c82906e3684c4e80d2908208f662a6cbf9022"}, + {file = "pyrsistent-0.20.0-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:2e14c95c16211d166f59c6611533d0dacce2e25de0f76e4c140fde250997b3ca"}, + {file = "pyrsistent-0.20.0-cp39-cp39-win32.whl", hash = "sha256:f058a615031eea4ef94ead6456f5ec2026c19fb5bd6bfe86e9665c4158cf802f"}, + {file = "pyrsistent-0.20.0-cp39-cp39-win_amd64.whl", hash = "sha256:58b8f6366e152092194ae68fefe18b9f0b4f89227dfd86a07770c3d86097aebf"}, + {file = "pyrsistent-0.20.0-py3-none-any.whl", hash = "sha256:c55acc4733aad6560a7f5f818466631f07efc001fd023f34a6c203f8b6df0f0b"}, + {file = "pyrsistent-0.20.0.tar.gz", hash = "sha256:4c48f78f62ab596c679086084d0dd13254ae4f3d6c72a83ffdf5ebdef8f265a4"}, +] + [[package]] name = "pysaml2" version = "7.5.0" @@ -3468,15 +3525,15 @@ docs = ["Sphinx", "repoze.sphinx.autointerface"] test = ["zope.i18nmessageid", "zope.testing", "zope.testrunner"] [extras] -all = ["authlib", "hiredis", "jaeger-client", "lxml", "matrix-synapse-ldap3", "opentracing", "psycopg2", "psycopg2cffi", "psycopg2cffi-compat", "pympler", "pysaml2", "sentry-sdk", "txredisapi"] +all = ["authlib", "defusedxml", "hiredis", "jaeger-client", "lxml", "matrix-synapse-ldap3", "opentracing", "psycopg2", "psycopg2cffi", "psycopg2cffi-compat", "pympler", "pysaml2", "pytz", "sentry-sdk", "thrift", "tornado", "txredisapi"] cache-memory = ["pympler"] jwt = ["authlib"] matrix-synapse-ldap3 = ["matrix-synapse-ldap3"] oidc = ["authlib"] -opentracing = ["jaeger-client", "opentracing"] +opentracing = ["jaeger-client", "opentracing", "thrift", "tornado"] postgres = ["psycopg2", "psycopg2cffi", "psycopg2cffi-compat"] redis = ["hiredis", "txredisapi"] -saml2 = ["pysaml2"] +saml2 = ["defusedxml", "pysaml2", "pytz"] sentry = ["sentry-sdk"] systemd = ["systemd-python"] test = ["idna", "parameterized"] @@ -3485,4 +3542,4 @@ url-preview = ["lxml"] [metadata] lock-version = "2.1" python-versions = ">=3.10.0,<4.0.0" -content-hash = "f7e2f6b6b3982d1efdd6caa73f3533dade12c43e0f6b2f7d2a2d08e820c911e1" +content-hash = "abbbdff591a306b56cc8890dbb2f477ac5f1a2d328baa6409e01084abc655bbf" diff --git a/pyproject.toml b/pyproject.toml index 406fda83560..228d6aaf22c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -96,6 +96,20 @@ dependencies = [ # This is used for parsing multipart responses "python-multipart>=0.0.9", + + # Transitive dependency constraints + # These dependencies aren't directly required by Synapse. + # However, in order for Synapse to build, Synapse requires a higher minimum version + # for these dependencies than the minimum specified by the direct dependency. + # We should periodically check to see if these dependencies are still necessary and + # remove any that are no longer required. + "cffi>=1.15", # via cryptography + "pynacl>=1.3", # via signedjson + "pyparsing>=2.4", # via packaging + "pyrsistent>=0.18.0", # via jsonschema + "requests>=2.16.0", # 2.16.0+ no longer vendors urllib3, avoiding Python 3.10+ incompatibility + "urllib3>=1.26.5", # via treq; 1.26.5 fixes Python 3.10+ collections.abc compatibility + "zope-interface>=6.2", # via twisted ] [project.optional-dependencies] @@ -105,7 +119,16 @@ postgres = [ "psycopg2cffi>=2.8;platform_python_implementation == 'PyPy'", "psycopg2cffi-compat==1.1;platform_python_implementation == 'PyPy'", ] -saml2 = ["pysaml2>=4.5.0"] +saml2 = [ + "pysaml2>=4.5.0", + + # Transitive dependencies from pysaml2 + # These dependencies aren't directly required by Synapse. + # However, in order for Synapse to build, Synapse requires a higher minimum version + # for these dependencies than the minimum specified by the direct dependency. + "defusedxml>=0.7.1", # via pysaml2 + "pytz>=2018.3", # via pysaml2 +] oidc = ["authlib>=0.15.1"] # systemd-python is necessary for logging to the systemd journal via # `systemd.journal.JournalHandler`, as is documented in @@ -113,13 +136,23 @@ oidc = ["authlib>=0.15.1"] systemd = ["systemd-python>=231"] url-preview = ["lxml>=4.6.3"] sentry = ["sentry-sdk>=0.7.2"] -opentracing = ["jaeger-client>=4.2.0", "opentracing>=2.2.0"] +opentracing = [ + "jaeger-client>=4.2.0", + "opentracing>=2.2.0", + + # Transitive dependencies from jaeger-client + # These dependencies aren't directly required by Synapse. + # However, in order for Synapse to build, Synapse requires a higher minimum version + # for these dependencies than the minimum specified by the direct dependency. + "thrift>=0.10", # via jaeger-client + "tornado>=6.0", # via jaeger-client +] jwt = ["authlib"] # hiredis is not a *strict* dependency, but it makes things much faster. # (if it is not installed, we fall back to slow code.) -redis = ["txredisapi>=1.4.7", "hiredis"] +redis = ["txredisapi>=1.4.7", "hiredis>=0.3"] # Required to use experimental `caches.track_memory_usage` config option. -cache-memory = ["pympler"] +cache-memory = ["pympler>=1.0"] # If this is updated, don't forget to update the equivalent lines in # tool.poetry.group.dev.dependencies. test = ["parameterized>=0.9.0", "idna>=3.3"] @@ -150,13 +183,22 @@ all = [ # opentracing "jaeger-client>=4.2.0", "opentracing>=2.2.0", # redis - "txredisapi>=1.4.7", "hiredis", + "txredisapi>=1.4.7", "hiredis>=0.3", # cache-memory # 1.0 added support for python 3.10, our current minimum supported python version "pympler>=1.0", # omitted: # - test: it's useful to have this separate from dev deps in the olddeps job # - systemd: this is a system-based requirement + + # Transitive dependencies + # These dependencies aren't directly required by Synapse. + # However, in order for Synapse to build, Synapse requires a higher minimum version + # for these dependencies than the minimum specified by the direct dependency. + "defusedxml>=0.7.1", # via pysaml2 + "pytz>=2018.3", # via pysaml2 + "thrift>=0.10", # via jaeger-client + "tornado>=6.0", # via jaeger-client ] [project.urls] @@ -184,22 +226,6 @@ update_synapse_database = "synapse._scripts.update_synapse_database:main" # As with constraints, overrides do not add a dependency on the package and only take # effect if the package is requested in a direct or transitive dependency. override-dependencies = [ - # Transitive dependency constraints - # These dependencies aren't directly required by Synapse. - # However, in order for Synapse to build, Synapse requires a higher minimum version - # for these dependencies than the minimum specified by the direct dependency. - "cffi>=1.15", # via cryptography - "defusedxml>=0.7.1", # via PIL - "hiredis>=0.3", # via hiredis - "pynacl>=1.3", # via signedjson - "pyparsing>=2.4", # via packaging - "pyrsistent>=0.18.0", # via jsonschema - "pytz>=2018.3", # via pysaml2 - "requests>=2.16.0", # 2.16.0+ no longer vendors urllib3, avoiding Python 3.10+ incompatibility - "thrift>=0.10", # via jaeger-client - "tornado>=6.0", # via jaeger-client - "urllib3>=1.26.5", # via treq; 1.26.5 fixes Python 3.10+ collections.abc compatibility - "zope-interface>=6.2", # via twisted ] From 1e850bdfd1fa119f3858a591f6d9aba7145a430c Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Thu, 11 Dec 2025 09:40:48 -0700 Subject: [PATCH 18/18] Remove uv block from pyproject file --- pyproject.toml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 228d6aaf22c..eb587a24510 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -221,14 +221,6 @@ synapse_port_db = "synapse._scripts.synapse_port_db:main" synapse_review_recent_signups = "synapse._scripts.review_recent_signups:main" update_synapse_database = "synapse._scripts.update_synapse_database:main" -[tool.uv] -# From the uv docs (https://docs.astral.sh/uv/concepts/resolution/#dependency-overrides): -# As with constraints, overrides do not add a dependency on the package and only take -# effect if the package is requested in a direct or transitive dependency. -override-dependencies = [ -] - - [tool.towncrier] package = "synapse" filename = "CHANGES.md"