Update docker.io/matrixdotorg/synapse Docker tag to v1.92.3 (!679) · Merge requests · Jerry / homelab-iac

Renovate [bot] requested to merge renovate/docker.io-matrixdotorg-synapse-1.x into master Sep 18, 2023

This MR contains the following updates:

Package	Update	Change
docker.io/matrixdotorg/synapse	patch	`v1.92.2` -> `v1.92.3`

Release Notes

matrix-org/synapse (docker.io/matrixdotorg/synapse)

`v1.92.3`

Compare Source

Synapse 1.92.3 (2023-09-18)

This is again a security update targeted at mitigating CVE-2023-4863. It turns out that libwebp is bundled statically in Pillow wheels so we need to update this dependency instead of libwebp package at the OS level.

Unlike what was advertised in 1.92.2 changelog this release also impacts PyPI wheels and Debian packages from matrix.org.

We encourage admins to upgrade as soon as possible.

Internal Changes

Pillow 10.0.1 is now mandatory because of libwebp CVE-2023-4863, since Pillow provides libwebp in the wheels. (#16347)

Updates to locked dependencies

Bump pillow from 10.0.0 to 10.0.1. (#16344)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Update docker.io/matrixdotorg/synapse Docker tag to v1.92.3