chore(deps): update matrixdotorg/synapse docker tag to v1.128.0

[renovate]

This PR contains the following updates:

Package	Update	Change
matrixdotorg/synapse (source)	minor	v1.127.1 -> v1.128.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

element-hq/synapse (matrixdotorg/synapse)

v1.128.0

Compare Source

Synapse 1.128.0 (2025-04-08)

No significant changes since 1.128.0rc1.

Synapse 1.128.0rc1 (2025-04-01)

Features

• Add an access token introspection cache to make Matrix Authentication Service integration (MSC3861) more efficient. (#​18231)
• Add background job to clear unreferenced state groups. (#​18254)
• Hashes of media files are now tracked by Synapse. Media quarantines will now apply to all files with the same hash. (#​18277, #​18302, #​18296)

Bugfixes

• Add index to sliding sync (MSC4186) membership snapshot table, to fix a performance issue. (#​18074)

Updates to the Docker image

• Specify the architecture of installed packages via an APT config option, which is more reliable than appending package names with :{arch}. (#​18271)
• Always specify base image debian versions with a build argument. (#​18272)
• Allow passing arguments to start_for_complement.sh (to be sent to configure_workers_and_start.py). (#​18273)
• Make some improvements to the prefix-log script in the workers image. (#​18274)
• Use uv pip to install supervisor in the worker image. (#​18275)
• Avoid needing to download & use rsync in a build layer. (#​18287)

Improved Documentation

• Fix how to obtain access token and change naming from riot to element (#​18225)
• Correct a small typo in the SSO mapping providers documentation. (#​18276)
• Add docs for how to clear out the Poetry wheel cache. (#​18283)

Internal Changes

• Add a column participant to room_memberships table. (#​18068)
• Update Poetry to 2.1.1, including updating the lock file version. (#​18251)
• Pin GitHub Actions dependencies by commit hash. (#​18255)
• Add DB delta to remove the old state group deletion job. (#​18284)

Updates to locked dependencies

• Bump actions/add-to-project from f5473ac to 280af8a. (#​18303)
• Bump actions/cache from 4.2.2 to 4.2.3. (#​18266)
• Bump actions/download-artifact from 4.2.0 to 4.2.1. (#​18268)
• Bump actions/setup-python from 5.4.0 to 5.5.0. (#​18298)
• Bump actions/upload-artifact from 4.6.1 to 4.6.2. (#​18304)
• Bump authlib from 1.4.1 to 1.5.1. (#​18306)
• Bump dawidd6/action-download-artifact from 8 to 9. (#​18204)
• Bump jinja2 from 3.1.5 to 3.1.6. (#​18223)
• Bump log from 0.4.26 to 0.4.27. (#​18267)
• Bump phonenumbers from 8.13.50 to 9.0.2. (#​18299)
• Bump pygithub from 2.5.0 to 2.6.1. (#​18243)
• Bump pyo3-log from 0.12.1 to 0.12.2. (#​18269)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[f2c-ci-robot]

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[wanghe-fit2cloud]

There are no significant discrepancies, potential issues, or optimizations necessary at this time based on the provided changes. The image field has been updated from v1.127.1 to v1.128.0, which is simply an upgrade of the Synapse service image without introducing new features or breaking backward compatibility.

If you have further questions about Dockerfile configurations or specific requirements, feel free to ask!

[wanghe-fit2cloud]

The code difference provided appears to be an update for the image version from v1.127.1 to v1.128.0. The other configurations remain unchanged, which suggests no immediate irregularities or issues.

To optimize this configuration for performance or security:

1. Security: Ensure that all environment variables are properly sanitized to prevent privilege escalation vulnerabilities.

   • Update -UID=1000 and -GID=1000 to only include necessary permissions if they're not strictly required.

2. Logging Efficiency: Although using 'max-size' is sufficient for some use cases, ensure it aligns with your logging strategy to avoid unnecessary disk space usage.

   • If further tuning is needed, consider adjusting the log retention policy based on system constraints.

3. Compatibility: Verify if there are any known bugs or updates related to the new Synapse version (v1.128.0) that you might want to address early.

In summary, the current setup does not have major issues but can benefit from some minimal optimizations focused on securing sensitive information and ensuring efficient log management.