Merge remote-tracking branch 'origin/develop' into matrix-org-hotfixes

2023-09-13 11:12:26 +01:00 · 2023-09-13 11:12:26 +01:00 · 3bb8cce692
parent ec703e7d97 ab13fb08bf
commit 3bb8cce692
148 changed files with 2489 additions and 1061 deletions
--- a/.ci/scripts/calculate_jobs.py
+++ b/.ci/scripts/calculate_jobs.py
@ -47,7 +47,7 @@ if not IS_PR:
            "database": "sqlite",
            "extras": "all",
        }
-        for version in ("3.9", "3.10", "3.11", "3.12.0-rc.1")
+        for version in ("3.9", "3.10", "3.11", "3.12.0-rc.2")
    )
 trial_postgres_tests = [
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@ -35,7 +35,7 @@ jobs:
    steps:
      - uses: actions/checkout@v3
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@1.60.0
+        uses: dtolnay/rust-toolchain@1.61.0
      - uses: Swatinem/rust-cache@v2
      - uses: matrix-org/setup-python-poetry@v1
        with:
@ -93,7 +93,7 @@ jobs:
        uses: actions/checkout@v3
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@1.60.0
+        uses: dtolnay/rust-toolchain@1.61.0
      - uses: Swatinem/rust-cache@v2
      - name: Setup Poetry
@ -150,7 +150,7 @@ jobs:
        with:
          ref: ${{ github.event.pull_request.head.sha }}
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@1.60.0
+        uses: dtolnay/rust-toolchain@1.61.0
      - uses: Swatinem/rust-cache@v2
      - uses: matrix-org/setup-python-poetry@v1
        with:
@ -167,7 +167,7 @@ jobs:
      - uses: actions/checkout@v3
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@1.60.0
+        uses: dtolnay/rust-toolchain@1.61.0
        with:
            components: clippy
      - uses: Swatinem/rust-cache@v2
@ -268,7 +268,7 @@ jobs:
            postgres:${{ matrix.job.postgres-version }}
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@1.60.0
+        uses: dtolnay/rust-toolchain@1.61.0
      - uses: Swatinem/rust-cache@v2
      - uses: matrix-org/setup-python-poetry@v1
@ -308,7 +308,7 @@ jobs:
      - uses: actions/checkout@v3
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@1.60.0
+        uses: dtolnay/rust-toolchain@1.61.0
      - uses: Swatinem/rust-cache@v2
      # There aren't wheels for some of the older deps, so we need to install
@ -416,7 +416,7 @@ jobs:
        run: cat sytest-blacklist .ci/worker-blacklist > synapse-blacklist-with-workers
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@1.60.0
+        uses: dtolnay/rust-toolchain@1.61.0
      - uses: Swatinem/rust-cache@v2
      - name: Run SyTest
@ -556,7 +556,7 @@ jobs:
          path: synapse
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@1.60.0
+        uses: dtolnay/rust-toolchain@1.61.0
      - uses: Swatinem/rust-cache@v2
      - uses: actions/setup-go@v4
@ -584,7 +584,7 @@ jobs:
      - uses: actions/checkout@v3
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@1.60.0
+        uses: dtolnay/rust-toolchain@1.61.0
      - uses: Swatinem/rust-cache@v2
      - run: cargo test
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,9 +1,35 @@
 # Synapse 1.92.1 (2023-09-12)
 This minor release was needed only because of CI-related trouble on [v1.92.0](https://github.com/matrix-org/synapse/releases/tag/v1.92.0), which was never released.
 ### Internal Changes
 - Stop building Ubuntu Kinetic since it is EOL and repos seem to be dead.
 # Synapse 1.92.0 (2023-09-12)
 This release includes the same [bugfix](https://github.com/matrix-org/synapse/issues/16258) as Synapse 1.91.2.
 This version was never released following a CI build failure, cf [v1.92.1 changelog](https://github.com/matrix-org/synapse/releases/tag/v1.92.1).
 ### Bugfixes
 - Revert [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) introspection cache, admin impersonation and account lock. ([\#16258](https://github.com/matrix-org/synapse/issues/16258))
 ### Internal Changes
 - Fix incorrect docstring for `Ratelimiter`. ([\#16255](https://github.com/matrix-org/synapse/issues/16255))
 - Update the release script to work on macOS. ([\#16266](https://github.com/matrix-org/synapse/issues/16266))
 # Synapse 1.91.2 (2023-09-06)
 ### Bugfixes
 - Revert [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) introspection cache, admin impersonation and account lock. ([\#16258](https://github.com/matrix-org/synapse/issues/16258))
 # Synapse 1.92.0rc1 (2023-09-05)
 ### Features
@ -59,6 +85,7 @@
 * Bump types-psycopg2 from 2.9.21.10 to 2.9.21.11. ([\#16200](https://github.com/matrix-org/synapse/issues/16200))
 * Bump types-pyyaml from 6.0.12.10 to 6.0.12.11. ([\#16199](https://github.com/matrix-org/synapse/issues/16199))
 # Synapse 1.91.1 (2023-09-04)
 ### Bugfixes
--- a/Cargo.lock
+++ b/Cargo.lock
@ -138,9 +138,9 @@ checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f"
 [[package]]
 name = "memchr"
-version = "2.5.0"
+version = "2.6.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
+checksum = "8f232d6ef707e1956a43342693d2a31e72989554d58299d7a88738cc95b0d35c"
 [[package]]
 name = "memoffset"
@ -291,9 +291,9 @@ dependencies = [
 [[package]]
 name = "regex"
-version = "1.9.4"
+version = "1.9.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "12de2eff854e5fa4b1295edd650e227e9d8fb0c9e90b12e7f36d6a6811791a29"
+checksum = "697061221ea1b4a94a624f67d0ae2bfe4e22b8a17b6a192afb11046542cc8c47"
 dependencies = [
 "aho-corasick",
 "memchr",
@ -303,9 +303,9 @@ dependencies = [
 [[package]]
 name = "regex-automata"
-version = "0.3.7"
+version = "0.3.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49530408a136e16e5b486e883fbb6ba058e8e4e8ae6621a77b048b314336e629"
+checksum = "c2f401f4955220693b56f8ec66ee9c78abffd8d1c4f23dc41a23839eb88f0795"
 dependencies = [
 "aho-corasick",
 "memchr",
@ -352,9 +352,9 @@ dependencies = [
 [[package]]
 name = "serde_json"
-version = "1.0.105"
+version = "1.0.106"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "693151e1ac27563d6dbcec9dee9fbd5da8539b20fa14ad3752b2e6d363ace360"
+checksum = "2cc66a619ed80bf7a0f6b17dd063a84b88f6dea1813737cf469aef1d081142c2"
 dependencies = [
 "itoa",
 "ryu",
--- a/changelog.d/15997.misc
+++ b/changelog.d/15997.misc
@ -0,0 +1 @@
 Allow modules to delete rooms.
--- a/changelog.d/16066.bugfix
+++ b/changelog.d/16066.bugfix
@ -0,0 +1 @@
 Fix a long-standing bug where multi-device accounts could cause high load due to presence.
--- a/changelog.d/16090.misc
+++ b/changelog.d/16090.misc
@ -0,0 +1 @@
 Add GCC and GNU Make to the Nix flake development environment so that `ruff` can be compiled.
--- a/changelog.d/16137.feature
+++ b/changelog.d/16137.feature
@ -0,0 +1 @@
 Support resolving homeservers using `matrix-fed` DNS SRV records from [MSC4040](https://github.com/matrix-org/matrix-spec-proposals/pull/4040).
--- a/changelog.d/16170.bugfix
+++ b/changelog.d/16170.bugfix
@ -0,0 +1 @@
 Fix a long-standing bug where multi-device accounts could cause high load due to presence.
--- a/changelog.d/16171.bugfix
+++ b/changelog.d/16171.bugfix
@ -0,0 +1 @@
 Fix a long-standing bug where multi-device accounts could cause high load due to presence.
--- a/changelog.d/16172.bugfix
+++ b/changelog.d/16172.bugfix
@ -0,0 +1 @@
 Fix a long-standing bug where multi-device accounts could cause high load due to presence.
--- a/changelog.d/16174.bugfix
+++ b/changelog.d/16174.bugfix
@ -0,0 +1 @@
 Fix a long-standing bug where multi-device accounts could cause high load due to presence.
--- a/changelog.d/16219.feature
+++ b/changelog.d/16219.feature
@ -0,0 +1 @@
 Add the ability to use `G` (GiB) and `T` (TiB) suffixes in configuration options that refer to numbers of bytes.
--- a/changelog.d/16227.feature
+++ b/changelog.d/16227.feature
@ -0,0 +1 @@
 Add span information to requests sent to appservices. Contributed by MTRNord.
--- a/changelog.d/16235.misc
+++ b/changelog.d/16235.misc
@ -0,0 +1 @@
 Fix type checking when using the new version of Twisted.
--- a/changelog.d/16240.misc
+++ b/changelog.d/16240.misc
@ -0,0 +1 @@
 Delete device messages asynchronously and in staged batches using the task scheduler.
--- a/changelog.d/16248.misc
+++ b/changelog.d/16248.misc
@ -0,0 +1 @@
 Bump minimum supported Rust version to 1.61.0.
--- a/changelog.d/16251.bugfix
+++ b/changelog.d/16251.bugfix
@ -0,0 +1 @@
 Fix a long-standing bug where appservices using MSC2409 to receive to_device messages, would only get messages for one user.
--- a/changelog.d/16252.bugfix
+++ b/changelog.d/16252.bugfix
@ -0,0 +1 @@
 Fix bug when using workers where Synapse could end up re-requesting the same remote device repeatedly.
--- a/changelog.d/16255.misc
+++ b/changelog.d/16255.misc
@ -1 +0,0 @@
 Fix incorrect docstring for `Ratelimiter`.
--- a/changelog.d/16257.bugfix
+++ b/changelog.d/16257.bugfix
@ -0,0 +1 @@
 Fix long-standing bug where we kept re-requesting a remote server's key repeatedly, potentially causing delays in receiving events over federation.
--- a/changelog.d/16260.misc
+++ b/changelog.d/16260.misc
@ -0,0 +1 @@
 Update rust to version 1.71.1 in the nix development environment.
--- a/changelog.d/16261.misc
+++ b/changelog.d/16261.misc
@ -0,0 +1 @@
 Simplify server key storage.
--- a/changelog.d/16262.feature
+++ b/changelog.d/16262.feature
@ -0,0 +1 @@
 Add the ability to enable/disable registrations when in the CAS flow. Contributed by Aurélien Grimpard.
--- a/changelog.d/16263.misc
+++ b/changelog.d/16263.misc
@ -0,0 +1 @@
 Add GCC and GNU Make to the Nix flake development environment so that `ruff` can be compiled.
--- a/changelog.d/16264.misc
+++ b/changelog.d/16264.misc
@ -0,0 +1 @@
 Reduce CPU overhead of change password endpoint.
--- a/changelog.d/16265.feature
+++ b/changelog.d/16265.feature
@ -0,0 +1 @@
 Allow `/notifications` endpoint to be routed to workers.
--- a/changelog.d/16272.bugfix
+++ b/changelog.d/16272.bugfix
@ -0,0 +1 @@
 Avoid temporary storage of sensitive information.
--- a/changelog.d/16273.misc
+++ b/changelog.d/16273.misc
@ -0,0 +1 @@
 Stop purging from tables slated for removal.
--- a/changelog.d/16274.feature
+++ b/changelog.d/16274.feature
@ -0,0 +1 @@
 Enable users to easily unsubscribe to notifications emails via the `List-Unsubscribe` header.
--- a/changelog.d/16276.misc
+++ b/changelog.d/16276.misc
@ -0,0 +1 @@
 Improve type hints.
--- a/changelog.d/16277.misc
+++ b/changelog.d/16277.misc
@ -0,0 +1 @@
 Raise setuptools_rust version cap to 1.7.0.
--- a/changelog.d/16278.misc
+++ b/changelog.d/16278.misc
@ -0,0 +1 @@
 Fix using the new task scheduler causing lots of CPU to be used.
--- a/changelog.d/16280.misc
+++ b/changelog.d/16280.misc
@ -0,0 +1 @@
 Upgrade CI run of Python 3.12 from rc1 to rc2.
--- a/changelog.d/16281.misc
+++ b/changelog.d/16281.misc
@ -0,0 +1 @@
 Include values in SQL debug when using `execute_values` with Postgres.
--- a/changelog.d/16282.doc
+++ b/changelog.d/16282.doc
@ -0,0 +1 @@
 Fix typos in the documentation.
--- a/changelog.d/16283.misc
+++ b/changelog.d/16283.misc
@ -0,0 +1 @@
 Enable additional linting checks.
--- a/changelog.d/16298.misc
+++ b/changelog.d/16298.misc
@ -0,0 +1 @@
 Don't try refetching device lists for users on remote hosts that are marked as "down".
--- a/changelog.d/16300.misc
+++ b/changelog.d/16300.misc
@ -0,0 +1 @@
 Bump mypy from 1.4.1 to 1.5.1.
--- a/changelog.d/16309.misc
+++ b/changelog.d/16309.misc
@ -0,0 +1 @@
 Small improvements to logging in replication code.
--- a/contrib/cmdclient/http.py
+++ b/contrib/cmdclient/http.py
@ -37,7 +37,6 @@ class HttpClient:
            Deferred: Succeeds when we get a 2xx HTTP response. The result
            will be the decoded JSON body.
        """
        pass
    def get_json(self, url, args=None):
        """Gets some json from the given host homeserver and path
@ -53,7 +52,6 @@ class HttpClient:
            Deferred: Succeeds when we get a 2xx HTTP response. The result
            will be the decoded JSON body.
        """
        pass
 class TwistedHttpClient(HttpClient):
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,15 @@
 matrix-synapse-py3 (1.92.1) stable; urgency=medium
  * New Synapse release 1.92.1.
 -- Synapse Packaging team <packages@matrix.org>  Tue, 12 Sep 2023 13:19:42 +0200
 matrix-synapse-py3 (1.92.0) stable; urgency=medium
  * New Synapse release 1.92.0.
 -- Synapse Packaging team <packages@matrix.org>  Tue, 12 Sep 2023 11:59:23 +0200
 matrix-synapse-py3 (1.91.2) stable; urgency=medium
  * New synapse release 1.91.2.
--- a/docker/configure_workers_and_start.py
+++ b/docker/configure_workers_and_start.py
@ -183,6 +183,7 @@ WORKERS_CONFIG: Dict[str, Dict[str, Any]] = {
            "^/_matrix/client/(r0|v3|unstable)/password_policy$",
            "^/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$",
            "^/_matrix/client/(r0|v3|unstable)/capabilities$",
            "^/_matrix/client/(r0|v3|unstable)/notifications$",
        ],
        "shared_extra_conf": {},
        "worker_extra_conf": "",
--- a/docker/start.py
+++ b/docker/start.py
@ -239,7 +239,7 @@ def main(args: List[str], environ: MutableMapping[str, str]) -> None:
        log("Could not find %s, will not use" % (jemallocpath,))
    # if there are no config files passed to synapse, try adding the default file
-    if not any(p.startswith("--config-path") or p.startswith("-c") for p in args):
+    if not any(p.startswith(("--config-path", "-c")) for p in args):
        config_dir = environ.get("SYNAPSE_CONFIG_DIR", "/data")
        config_path = environ.get(
            "SYNAPSE_CONFIG_PATH", config_dir + "/homeserver.yaml"
--- a/docs/ancient_architecture_notes.md
+++ b/docs/ancient_architecture_notes.md
@ -24,7 +24,7 @@ Server with a domain specific API.
 1. **Messaging Layer**
    This is what the rest of the homeserver hits to send messages, join rooms,
-    etc. It also allows you to register callbacks for when it get's notified by
+    etc. It also allows you to register callbacks for when it gets notified by
    lower levels that e.g. a new message has been received.
    It is responsible for serializing requests to send to the data
--- a/docs/changelogs/CHANGES-2019.md
+++ b/docs/changelogs/CHANGES-2019.md
@ -164,7 +164,7 @@ Synapse 1.6.0rc2 (2019-11-25)
 Bugfixes
 --------
- Fix a bug which could cause the background database update hander for event labels to get stuck in a loop raising exceptions. ([\#6407](https://github.com/matrix-org/synapse/issues/6407))
+- Fix a bug which could cause the background database update handler for event labels to get stuck in a loop raising exceptions. ([\#6407](https://github.com/matrix-org/synapse/issues/6407))
 Synapse 1.6.0rc1 (2019-11-20)
@ -191,7 +191,7 @@ Bugfixes
 - Appservice requests will no longer contain a double slash prefix when the appservice url provided ends in a slash. ([\#6306](https://github.com/matrix-org/synapse/issues/6306))
 - Fix `/purge_room` admin API. ([\#6307](https://github.com/matrix-org/synapse/issues/6307))
 - Fix the `hidden` field in the `devices` table for SQLite versions prior to 3.23.0. ([\#6313](https://github.com/matrix-org/synapse/issues/6313))
- Fix bug which casued rejected events to be persisted with the wrong room state. ([\#6320](https://github.com/matrix-org/synapse/issues/6320))
+- Fix bug which caused rejected events to be persisted with the wrong room state. ([\#6320](https://github.com/matrix-org/synapse/issues/6320))
 - Fix bug where `rc_login` ratelimiting would prematurely kick in. ([\#6335](https://github.com/matrix-org/synapse/issues/6335))
 - Prevent the server taking a long time to start up when guest registration is enabled. ([\#6338](https://github.com/matrix-org/synapse/issues/6338))
 - Fix bug where upgrading a guest account to a full user would fail when account validity is enabled. ([\#6359](https://github.com/matrix-org/synapse/issues/6359))
@ -232,7 +232,7 @@ Internal Changes
 - Add some documentation about worker replication. ([\#6305](https://github.com/matrix-org/synapse/issues/6305))
 - Move admin endpoints into separate files. Contributed by Awesome Technologies Innovationslabor GmbH. ([\#6308](https://github.com/matrix-org/synapse/issues/6308))
 - Document the use of `lint.sh` for code style enforcement & extend it to run on specified paths only. ([\#6312](https://github.com/matrix-org/synapse/issues/6312))
- Add optional python dependencies and dependant binary libraries to snapcraft packaging. ([\#6317](https://github.com/matrix-org/synapse/issues/6317))
+- Add optional python dependencies and dependent binary libraries to snapcraft packaging. ([\#6317](https://github.com/matrix-org/synapse/issues/6317))
 - Remove the dependency on psutil and replace functionality with the stdlib `resource` module. ([\#6318](https://github.com/matrix-org/synapse/issues/6318), [\#6336](https://github.com/matrix-org/synapse/issues/6336))
 - Improve documentation for EventContext fields. ([\#6319](https://github.com/matrix-org/synapse/issues/6319))
 - Add some checks that we aren't using state from rejected events. ([\#6330](https://github.com/matrix-org/synapse/issues/6330))
@ -653,7 +653,7 @@ Internal Changes
 - Return 502 not 500 when failing to reach any remote server. ([\#5810](https://github.com/matrix-org/synapse/issues/5810))
 - Reduce global pauses in the events stream caused by expensive state resolution during persistence. ([\#5826](https://github.com/matrix-org/synapse/issues/5826))
 - Add a lower bound to well-known lookup cache time to avoid repeated lookups. ([\#5836](https://github.com/matrix-org/synapse/issues/5836))
- Whitelist history visbility sytests in worker mode tests. ([\#5843](https://github.com/matrix-org/synapse/issues/5843))
+- Whitelist history visibility sytests in worker mode tests. ([\#5843](https://github.com/matrix-org/synapse/issues/5843))
 Synapse 1.2.1 (2019-07-26)
@ -817,7 +817,7 @@ See the [upgrade notes](docs/upgrade.md#upgrading-to-v110) for more details.
 Features
 --------
- Added possibilty to disable local password authentication. Contributed by Daniel Hoffend. ([\#5092](https://github.com/matrix-org/synapse/issues/5092))
+- Added possibility to disable local password authentication. Contributed by Daniel Hoffend. ([\#5092](https://github.com/matrix-org/synapse/issues/5092))
 - Add monthly active users to phonehome stats. ([\#5252](https://github.com/matrix-org/synapse/issues/5252))
 - Allow expired user to trigger renewal email sending manually. ([\#5363](https://github.com/matrix-org/synapse/issues/5363))
 - Statistics on forward extremities per room are now exposed via Prometheus. ([\#5384](https://github.com/matrix-org/synapse/issues/5384), [\#5458](https://github.com/matrix-org/synapse/issues/5458), [\#5461](https://github.com/matrix-org/synapse/issues/5461))
@ -850,7 +850,7 @@ Bugfixes
 - Fix bug where clients could tight loop calling `/sync` for a period. ([\#5507](https://github.com/matrix-org/synapse/issues/5507))
 - Fix bug with `jinja2` preventing Synapse from starting. Users who had this problem should now simply need to run `pip install matrix-synapse`. ([\#5514](https://github.com/matrix-org/synapse/issues/5514))
 - Fix a regression where homeservers on private IP addresses were incorrectly blacklisted. ([\#5523](https://github.com/matrix-org/synapse/issues/5523))
- Fixed m.login.jwt using unregistred user_id and added pyjwt>=1.6.4 as jwt conditional dependencies. Contributed by Pau Rodriguez-Estivill. ([\#5555](https://github.com/matrix-org/synapse/issues/5555), [\#5586](https://github.com/matrix-org/synapse/issues/5586))
+- Fixed m.login.jwt using unregistered user_id and added pyjwt>=1.6.4 as jwt conditional dependencies. Contributed by Pau Rodriguez-Estivill. ([\#5555](https://github.com/matrix-org/synapse/issues/5555), [\#5586](https://github.com/matrix-org/synapse/issues/5586))
 - Fix a bug that would cause invited users to receive several emails for a single 3PID invite in case the inviter is rate limited. ([\#5576](https://github.com/matrix-org/synapse/issues/5576))
--- a/docs/changelogs/CHANGES-2020.md
+++ b/docs/changelogs/CHANGES-2020.md
@ -251,7 +251,7 @@ Internal Changes
 - Optimise `/createRoom` with multiple invited users. ([\#8559](https://github.com/matrix-org/synapse/issues/8559))
 - Implement and use an `@lru_cache` decorator. ([\#8595](https://github.com/matrix-org/synapse/issues/8595))
- Don't instansiate Requester directly. ([\#8614](https://github.com/matrix-org/synapse/issues/8614))
+- Don't instantiate Requester directly. ([\#8614](https://github.com/matrix-org/synapse/issues/8614))
 - Type hints for `RegistrationStore`. ([\#8615](https://github.com/matrix-org/synapse/issues/8615))
 - Change schema to support access tokens belonging to one user but granting access to another. ([\#8616](https://github.com/matrix-org/synapse/issues/8616))
 - Remove unused OPTIONS handlers. ([\#8621](https://github.com/matrix-org/synapse/issues/8621))
@ -518,7 +518,7 @@ Bugfixes
 - Fix a bug which cause the logging system to report errors, if `DEBUG` was enabled and no `context` filter was applied. ([\#8278](https://github.com/matrix-org/synapse/issues/8278))
 - Fix edge case where push could get delayed for a user until a later event was pushed. ([\#8287](https://github.com/matrix-org/synapse/issues/8287))
 - Fix fetching malformed events from remote servers. ([\#8324](https://github.com/matrix-org/synapse/issues/8324))
- Fix `UnboundLocalError` from occuring when appservices send a malformed register request. ([\#8329](https://github.com/matrix-org/synapse/issues/8329))
+- Fix `UnboundLocalError` from occurring when appservices send a malformed register request. ([\#8329](https://github.com/matrix-org/synapse/issues/8329))
 - Don't send push notifications to expired user accounts. ([\#8353](https://github.com/matrix-org/synapse/issues/8353))
 - Fix a regression in v1.19.0 with reactivating users through the admin API. ([\#8362](https://github.com/matrix-org/synapse/issues/8362))
 - Fix a bug where during device registration the length of the device name wasn't limited. ([\#8364](https://github.com/matrix-org/synapse/issues/8364))
@ -815,7 +815,7 @@ Bugfixes
 - Fix a bug introduced in Synapse v1.7.2 which caused inaccurate membership counts in the room directory. ([\#7977](https://github.com/matrix-org/synapse/issues/7977))
 - Fix a long standing bug: 'Duplicate key value violates unique constraint "event_relations_id"' when message retention is configured. ([\#7978](https://github.com/matrix-org/synapse/issues/7978))
 - Fix "no create event in auth events" when trying to reject invitation after inviter leaves. Bug introduced in Synapse v1.10.0. ([\#7980](https://github.com/matrix-org/synapse/issues/7980))
- Fix various comments and minor discrepencies in server notices code. ([\#7996](https://github.com/matrix-org/synapse/issues/7996))
+- Fix various comments and minor discrepancies in server notices code. ([\#7996](https://github.com/matrix-org/synapse/issues/7996))
 - Fix a long standing bug where HTTP HEAD requests resulted in a 400 error. ([\#7999](https://github.com/matrix-org/synapse/issues/7999))
 - Fix a long-standing bug which caused two copies of some log lines to be written when synctl was used along with a MemoryHandler logger. ([\#8011](https://github.com/matrix-org/synapse/issues/8011), [\#8012](https://github.com/matrix-org/synapse/issues/8012))
@ -1460,7 +1460,7 @@ Bugfixes
 - Transfer alias mappings on room upgrade. ([\#6946](https://github.com/matrix-org/synapse/issues/6946))
 - Ensure that a user interactive authentication session is tied to a single request. ([\#7068](https://github.com/matrix-org/synapse/issues/7068), [\#7455](https://github.com/matrix-org/synapse/issues/7455))
 - Fix a bug in the federation API which could cause occasional "Failed to get PDU" errors. ([\#7089](https://github.com/matrix-org/synapse/issues/7089))
- Return the proper error (`M_BAD_ALIAS`) when a non-existant canonical alias is provided. ([\#7109](https://github.com/matrix-org/synapse/issues/7109))
+- Return the proper error (`M_BAD_ALIAS`) when a non-existent canonical alias is provided. ([\#7109](https://github.com/matrix-org/synapse/issues/7109))
 - Fix a bug which meant that groups updates were not correctly replicated between workers. ([\#7117](https://github.com/matrix-org/synapse/issues/7117))
 - Fix starting workers when federation sending not split out. ([\#7133](https://github.com/matrix-org/synapse/issues/7133))
 - Ensure `is_verified` is a boolean in responses to `GET /_matrix/client/r0/room_keys/keys`. Also warn the user if they forgot the `version` query param. ([\#7150](https://github.com/matrix-org/synapse/issues/7150))
@ -1482,7 +1482,7 @@ Bugfixes
 - Fix bad error handling that would cause Synapse to crash if it's provided with a YAML configuration file that's either empty or doesn't parse into a key-value map. ([\#7341](https://github.com/matrix-org/synapse/issues/7341))
 - Fix incorrect metrics reporting for `renew_attestations` background task. ([\#7344](https://github.com/matrix-org/synapse/issues/7344))
 - Prevent non-federating rooms from appearing in responses to federated `POST /publicRoom` requests when a filter was included. ([\#7367](https://github.com/matrix-org/synapse/issues/7367))
- Fix a bug which would cause the room durectory to be incorrectly populated if Synapse was upgraded directly from v1.2.1 or earlier to v1.4.0 or later. Note that this fix does not apply retrospectively; see the [upgrade notes](docs/upgrade.md#upgrading-to-v1130) for more information. ([\#7387](https://github.com/matrix-org/synapse/issues/7387))
+- Fix a bug which would cause the room directory to be incorrectly populated if Synapse was upgraded directly from v1.2.1 or earlier to v1.4.0 or later. Note that this fix does not apply retrospectively; see the [upgrade notes](docs/upgrade.md#upgrading-to-v1130) for more information. ([\#7387](https://github.com/matrix-org/synapse/issues/7387))
 - Fix bug in `EventContext.deserialize`. ([\#7393](https://github.com/matrix-org/synapse/issues/7393))
@ -1638,7 +1638,7 @@ Security advisory
 -----------------
 Synapse may be vulnerable to request-smuggling attacks when it is used with a
-reverse-proxy. The vulnerabilties are fixed in Twisted 20.3.0, and are
+reverse-proxy. The vulnerabilities are fixed in Twisted 20.3.0, and are
 described in
 [CVE-2020-10108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10108)
 and
@ -1748,7 +1748,7 @@ Internal Changes
 - Refactoring work in preparation for changing the event redaction algorithm. ([\#6874](https://github.com/matrix-org/synapse/issues/6874), [\#6875](https://github.com/matrix-org/synapse/issues/6875), [\#6983](https://github.com/matrix-org/synapse/issues/6983), [\#7003](https://github.com/matrix-org/synapse/issues/7003))
 - Improve performance of v2 state resolution for large rooms. ([\#6952](https://github.com/matrix-org/synapse/issues/6952), [\#7095](https://github.com/matrix-org/synapse/issues/7095))
 - Reduce time spent doing GC, by freezing objects on startup. ([\#6953](https://github.com/matrix-org/synapse/issues/6953))
- Minor perfermance fixes to `get_auth_chain_ids`. ([\#6954](https://github.com/matrix-org/synapse/issues/6954))
+- Minor performance fixes to `get_auth_chain_ids`. ([\#6954](https://github.com/matrix-org/synapse/issues/6954))
 - Don't record remote cross-signing keys in the `devices` table. ([\#6956](https://github.com/matrix-org/synapse/issues/6956))
 - Use flake8-comprehensions to enforce good hygiene of list/set/dict comprehensions. ([\#6957](https://github.com/matrix-org/synapse/issues/6957))
 - Merge worker apps together. ([\#6964](https://github.com/matrix-org/synapse/issues/6964), [\#7002](https://github.com/matrix-org/synapse/issues/7002), [\#7055](https://github.com/matrix-org/synapse/issues/7055), [\#7104](https://github.com/matrix-org/synapse/issues/7104))
@ -1809,7 +1809,7 @@ Bugfixes
 - Allow URL-encoded User IDs on `/_synapse/admin/v2/users/<user_id>[/admin]` endpoints. Thanks to @NHAS for reporting. ([\#6825](https://github.com/matrix-org/synapse/issues/6825))
 - Fix Synapse refusing to start if `federation_certificate_verification_whitelist` option is blank. ([\#6849](https://github.com/matrix-org/synapse/issues/6849))
 - Fix errors from logging in the purge jobs related to the message retention policies support. ([\#6945](https://github.com/matrix-org/synapse/issues/6945))
- Return a 404 instead of 200 for querying information of a non-existant user through the admin API. ([\#6901](https://github.com/matrix-org/synapse/issues/6901))
+- Return a 404 instead of 200 for querying information of a non-existent user through the admin API. ([\#6901](https://github.com/matrix-org/synapse/issues/6901))
 Updates to the Docker image
@ -1889,7 +1889,7 @@ Bugfixes
 Synapse 1.10.0rc4 (2020-02-11)
 ==============================
-This release candidate was built incorrectly and is superceded by 1.10.0rc5.
+This release candidate was built incorrectly and is superseded by 1.10.0rc5.
 Synapse 1.10.0rc3 (2020-02-10)
 ==============================
--- a/docs/changelogs/CHANGES-2021.md
+++ b/docs/changelogs/CHANGES-2021.md
@ -2270,7 +2270,7 @@ Features
 Bugfixes
 --------
- Fix spurious errors in logs when deleting a non-existant pusher. ([\#9121](https://github.com/matrix-org/synapse/issues/9121))
+- Fix spurious errors in logs when deleting a non-existent pusher. ([\#9121](https://github.com/matrix-org/synapse/issues/9121))
 - Fix a long-standing bug where Synapse would return a 500 error when a thumbnail did not exist (and auto-generation of thumbnails was not enabled). ([\#9163](https://github.com/matrix-org/synapse/issues/9163))
 - Fix a long-standing bug where an internal server error was raised when attempting to preview an HTML document in an unknown character encoding. ([\#9164](https://github.com/matrix-org/synapse/issues/9164))
 - Fix a long-standing bug where invalid data could cause errors when calculating the presentable room name for push. ([\#9165](https://github.com/matrix-org/synapse/issues/9165))
@ -2522,7 +2522,7 @@ Bugfixes
 - Fix a long-standing bug where a `m.image` event without a `url` would cause errors on push. ([\#8965](https://github.com/matrix-org/synapse/issues/8965))
 - Fix a small bug in v2 state resolution algorithm, which could also cause performance issues for rooms with large numbers of power levels. ([\#8971](https://github.com/matrix-org/synapse/issues/8971))
 - Add validation to the `sendToDevice` API to raise a missing parameters error instead of a 500 error. ([\#8975](https://github.com/matrix-org/synapse/issues/8975))
- Add validation of group IDs to raise a 400 error instead of a 500 eror. ([\#8977](https://github.com/matrix-org/synapse/issues/8977))
+- Add validation of group IDs to raise a 400 error instead of a 500 error. ([\#8977](https://github.com/matrix-org/synapse/issues/8977))
 Improved Documentation
--- a/docs/changelogs/CHANGES-2022.md
+++ b/docs/changelogs/CHANGES-2022.md
@ -208,7 +208,7 @@ Improved Documentation
 ----------------------
 - Upload documentation PRs to Netlify. ([\#12947](https://github.com/matrix-org/synapse/issues/12947), [\#14370](https://github.com/matrix-org/synapse/issues/14370))
- Add addtional TURN server configuration example based on [eturnal](https://github.com/processone/eturnal) and adjust general TURN server doc structure. ([\#14293](https://github.com/matrix-org/synapse/issues/14293))
+- Add additional TURN server configuration example based on [eturnal](https://github.com/processone/eturnal) and adjust general TURN server doc structure. ([\#14293](https://github.com/matrix-org/synapse/issues/14293))
 - Add example on how to load balance /sync requests. Contributed by [aceArt](https://aceart.de). ([\#14297](https://github.com/matrix-org/synapse/issues/14297))
 - Edit sample Nginx reverse proxy configuration to use HTTP/1.1. Contributed by Brad Jones. ([\#14414](https://github.com/matrix-org/synapse/issues/14414))
@ -490,7 +490,7 @@ Internal Changes
 - When authenticating batched events, check for auth events in batch as well as DB. ([\#14214](https://github.com/matrix-org/synapse/issues/14214))
 - Update CI config to avoid GitHub Actions deprecation warnings. ([\#14216](https://github.com/matrix-org/synapse/issues/14216), [\#14224](https://github.com/matrix-org/synapse/issues/14224))
 - Update dependency requirements to allow building with poetry-core 1.3.2. ([\#14217](https://github.com/matrix-org/synapse/issues/14217))
- Rename the `cache_memory` extra to `cache-memory`, for compatability with poetry-core 1.3.0 and [PEP 685](https://peps.python.org/pep-0685/). From-source installations using this extra will need to install using the new name. ([\#14221](https://github.com/matrix-org/synapse/issues/14221))
+- Rename the `cache_memory` extra to `cache-memory`, for compatibility with poetry-core 1.3.0 and [PEP 685](https://peps.python.org/pep-0685/). From-source installations using this extra will need to install using the new name. ([\#14221](https://github.com/matrix-org/synapse/issues/14221))
 - Specify dev-dependencies using lower bounds, to reduce the likelihood of a dependabot merge conflict. The lockfile continues to pin to specific versions. ([\#14227](https://github.com/matrix-org/synapse/issues/14227))
@ -534,7 +534,7 @@ Bugfixes
 Internal Changes
 ----------------
- Rename the `url_preview` extra to `url-preview`, for compatability with poetry-core 1.3.0 and [PEP 685](https://peps.python.org/pep-0685/). From-source installations using this extra will need to install using the new name. ([\#14085](https://github.com/matrix-org/synapse/issues/14085))
+- Rename the `url_preview` extra to `url-preview`, for compatibility with poetry-core 1.3.0 and [PEP 685](https://peps.python.org/pep-0685/). From-source installations using this extra will need to install using the new name. ([\#14085](https://github.com/matrix-org/synapse/issues/14085))
 Synapse 1.69.0rc2 (2022-10-06)
@ -719,7 +719,7 @@ Improved Documentation
 - Note that `libpq` is required on ARM-based Macs. ([\#13480](https://github.com/matrix-org/synapse/issues/13480))
 - Fix a mistake in the config manual introduced in Synapse 1.22.0: the `event_cache_size` _is_ scaled by `caches.global_factor`. ([\#13726](https://github.com/matrix-org/synapse/issues/13726))
 - Fix a typo in the documentation for the login ratelimiting configuration. ([\#13727](https://github.com/matrix-org/synapse/issues/13727))
- Define Synapse's compatability policy for SQLite versions. ([\#13728](https://github.com/matrix-org/synapse/issues/13728))
+- Define Synapse's compatibility policy for SQLite versions. ([\#13728](https://github.com/matrix-org/synapse/issues/13728))
 - Add docs for the common fix of deleting the `matrix_synapse.egg-info/` directory for fixing Python dependency problems. ([\#13785](https://github.com/matrix-org/synapse/issues/13785))
 - Update request log format documentation to mention the format used when the authenticated user is controlling another user. ([\#13794](https://github.com/matrix-org/synapse/issues/13794))
@ -2035,7 +2035,7 @@ Internal Changes
 - Add opentracing spans to calls to external cache. ([\#12380](https://github.com/matrix-org/synapse/issues/12380))
 - Lay groundwork for using `poetry` to manage Synapse's dependencies. ([\#12381](https://github.com/matrix-org/synapse/issues/12381), [\#12407](https://github.com/matrix-org/synapse/issues/12407), [\#12412](https://github.com/matrix-org/synapse/issues/12412), [\#12418](https://github.com/matrix-org/synapse/issues/12418))
 - Make missing `importlib_metadata` dependency explicit. ([\#12384](https://github.com/matrix-org/synapse/issues/12384), [\#12400](https://github.com/matrix-org/synapse/issues/12400))
- Update type annotations for compatiblity with prometheus_client 0.14. ([\#12389](https://github.com/matrix-org/synapse/issues/12389))
+- Update type annotations for compatibility with prometheus_client 0.14. ([\#12389](https://github.com/matrix-org/synapse/issues/12389))
 - Remove support for the unstable identifiers specified in [MSC3288](https://github.com/matrix-org/matrix-doc/pull/3288). ([\#12398](https://github.com/matrix-org/synapse/issues/12398))
 - Add missing type hints to configuration classes. ([\#12402](https://github.com/matrix-org/synapse/issues/12402))
 - Add files used to build the Docker image used for complement testing into the Synapse repository. ([\#12404](https://github.com/matrix-org/synapse/issues/12404))
@ -2207,7 +2207,7 @@ Deprecations and Removals
 - **Remove workaround introduced in Synapse 1.50.0 for Mjolnir compatibility. Breaks compatibility with Mjolnir 1.3.1 and earlier. ([\#11700](https://github.com/matrix-org/synapse/issues/11700))**
 - **`synctl` has been moved into into `synapse._scripts` and is exposed as an entry point; see [upgrade notes](https://github.com/matrix-org/synapse/blob/develop/docs/upgrade.md#synctl-script-has-been-moved). ([\#12140](https://github.com/matrix-org/synapse/issues/12140))
- Remove backwards compatibilty with pagination tokens from the `/relations` and `/aggregations` endpoints generated from Synapse < v1.52.0. ([\#12138](https://github.com/matrix-org/synapse/issues/12138))
+- Remove backwards compatibility with pagination tokens from the `/relations` and `/aggregations` endpoints generated from Synapse < v1.52.0. ([\#12138](https://github.com/matrix-org/synapse/issues/12138))
 - The groups/communities feature in Synapse has been deprecated. ([\#12200](https://github.com/matrix-org/synapse/issues/12200))
@ -2586,10 +2586,10 @@ Bugfixes
 Improved Documentation
 ----------------------
- Warn against using a Let's Encrypt certificate for TLS/DTLS TURN server client connections, and suggest using ZeroSSL certificate instead. This works around client-side connectivity errors caused by WebRTC libraries that reject Let's Encrypt certificates. Contibuted by @AndrewFerr. ([\#11686](https://github.com/matrix-org/synapse/issues/11686))
+- Warn against using a Let's Encrypt certificate for TLS/DTLS TURN server client connections, and suggest using ZeroSSL certificate instead. This works around client-side connectivity errors caused by WebRTC libraries that reject Let's Encrypt certificates. Contributed by @AndrewFerr. ([\#11686](https://github.com/matrix-org/synapse/issues/11686))
 - Document the new `SYNAPSE_TEST_PERSIST_SQLITE_DB` environment variable in the contributing guide. ([\#11715](https://github.com/matrix-org/synapse/issues/11715))
 - Document that the minimum supported PostgreSQL version is now 10. ([\#11725](https://github.com/matrix-org/synapse/issues/11725))
- Fix typo in demo docs: differnt. ([\#11735](https://github.com/matrix-org/synapse/issues/11735))
+- Fix typo in demo docs: different. ([\#11735](https://github.com/matrix-org/synapse/issues/11735))
 - Update room spec URL in config files. ([\#11739](https://github.com/matrix-org/synapse/issues/11739))
 - Mention `python3-venv` and `libpq-dev` dependencies in the contribution guide. ([\#11740](https://github.com/matrix-org/synapse/issues/11740))
 - Update documentation for configuring login with Facebook. ([\#11755](https://github.com/matrix-org/synapse/issues/11755))
@ -2707,7 +2707,7 @@ Improved Documentation
 - Update Synapse install command for FreeBSD as the package is now prefixed with `py38`. Contributed by @itchychips. ([\#11267](https://github.com/matrix-org/synapse/issues/11267))
 - Document the usage of refresh tokens. ([\#11427](https://github.com/matrix-org/synapse/issues/11427))
- Add details for how to configure a TURN server when behind a NAT. Contibuted by @AndrewFerr. ([\#11553](https://github.com/matrix-org/synapse/issues/11553))
+- Add details for how to configure a TURN server when behind a NAT. Contributed by @AndrewFerr. ([\#11553](https://github.com/matrix-org/synapse/issues/11553))
 - Add references for using Postgres to the Docker documentation. ([\#11640](https://github.com/matrix-org/synapse/issues/11640))
 - Fix the documentation link in newly-generated configuration files. ([\#11678](https://github.com/matrix-org/synapse/issues/11678))
 - Correct the documentation for `nginx` to use a case-sensitive url pattern. Fixes an error introduced in v1.21.0. ([\#11680](https://github.com/matrix-org/synapse/issues/11680))
--- a/docs/changelogs/CHANGES-pre-1.0.md
+++ b/docs/changelogs/CHANGES-pre-1.0.md
@ -823,7 +823,7 @@ Bugfixes
 - Fix error message for events with m.room.create missing from auth_events ([\#3960](https://github.com/matrix-org/synapse/issues/3960))
 - Fix errors due to concurrent monthly_active_user upserts ([\#3961](https://github.com/matrix-org/synapse/issues/3961))
 - Fix exceptions when processing incoming events over federation ([\#3968](https://github.com/matrix-org/synapse/issues/3968))
- Replaced all occurences of e.message with str(e). Contributed by Schnuffle ([\#3970](https://github.com/matrix-org/synapse/issues/3970))
+- Replaced all occurrences of e.message with str(e). Contributed by Schnuffle ([\#3970](https://github.com/matrix-org/synapse/issues/3970))
 - Fix lazy loaded sync in the presence of rejected state events ([\#3986](https://github.com/matrix-org/synapse/issues/3986))
 - Fix error when logging incomplete HTTP requests ([\#3990](https://github.com/matrix-org/synapse/issues/3990))
@ -841,7 +841,7 @@ Internal Changes
 - Fix the docker image building on python 3 ([\#3911](https://github.com/matrix-org/synapse/issues/3911))
 - Add a regression test for logging failed HTTP requests on Python 3. ([\#3912](https://github.com/matrix-org/synapse/issues/3912))
 - Comments and interface cleanup for on_receive_pdu ([\#3924](https://github.com/matrix-org/synapse/issues/3924))
- Fix spurious exceptions when remote http client closes conncetion ([\#3925](https://github.com/matrix-org/synapse/issues/3925))
+- Fix spurious exceptions when remote http client closes connection ([\#3925](https://github.com/matrix-org/synapse/issues/3925))
 - Log exceptions thrown by background tasks ([\#3927](https://github.com/matrix-org/synapse/issues/3927))
 - Add a cache to get_destination_retry_timings ([\#3933](https://github.com/matrix-org/synapse/issues/3933), [\#3991](https://github.com/matrix-org/synapse/issues/3991))
 - Automate pushes to docker hub ([\#3946](https://github.com/matrix-org/synapse/issues/3946))
@ -1057,7 +1057,7 @@ Bugfixes
 - Make the tests pass on Twisted < 18.7.0 ([\#3676](https://github.com/matrix-org/synapse/issues/3676))
 - Don’t ship recaptcha_ajax.js, use it directly from Google ([\#3677](https://github.com/matrix-org/synapse/issues/3677))
 - Fixes test_reap_monthly_active_users so it passes under postgres ([\#3681](https://github.com/matrix-org/synapse/issues/3681))
- Fix mau blocking calulation bug on login ([\#3689](https://github.com/matrix-org/synapse/issues/3689))
+- Fix mau blocking calculation bug on login ([\#3689](https://github.com/matrix-org/synapse/issues/3689))
 - Fix missing yield in synapse.storage.monthly_active_users.initialise_reserved_users ([\#3692](https://github.com/matrix-org/synapse/issues/3692))
 - Improve HTTP request logging to include all requests ([\#3700](https://github.com/matrix-org/synapse/issues/3700))
 - Avoid timing out requests while we are streaming back the response ([\#3701](https://github.com/matrix-org/synapse/issues/3701))
@ -1314,10 +1314,10 @@ Changes:
 -   Remove users from user directory on deactivate (PR #3277)
 -   Avoid sending consent notice to guest users (PR #3288)
 -   disable CPUMetrics if no /proc/self/stat (PR #3299)
-   Consistently use six\'s iteritems and wrap lazy keys/values in list() if they\'re not meant to be lazy (PR #3307)
+-   Consistently use six's iteritems and wrap lazy keys/values in list() if they're not meant to be lazy (PR #3307)
 -   Add private IPv6 addresses to example config for url preview blacklist (PR #3317) Thanks to @thegcat!
 -   Reduce stuck read-receipts: ignore depth when updating (PR #3318)
-   Put python\'s logs into Trial when running unit tests (PR #3319)
+-   Put python's logs into Trial when running unit tests (PR #3319)
 Changes, python 3 migration:
@ -1344,13 +1344,13 @@ Changes in synapse v0.30.0 (2018-05-24)
 \'Server Notices\' are a new feature introduced in Synapse 0.30. They provide a channel whereby server administrators can send messages to users on the server.
-They are used as part of communication of the server policies (see `docs/consent_tracking.md`), however the intention is that they may also find a use for features such as \"Message of the day\".
+They are used as part of communication of the server policies (see `docs/consent_tracking.md`), however the intention is that they may also find a use for features such as "Message of the day".
 This feature is specific to Synapse, but uses standard Matrix communication mechanisms, so should work with any Matrix client. For more details see `docs/server_notices.md`
 Further Server Notices/Consent Tracking Support:
-   Allow overriding the server\_notices user\'s avatar (PR #3273)
+-   Allow overriding the server\_notices user's avatar (PR #3273)
 -   Use the localpart in the consent uri (PR #3272)
 -   Support for putting %(consent\_uri)s in messages (PR #3271)
 -   Block attempts to send server notices to remote users (PR #3270)
@ -1380,7 +1380,7 @@ Changes:
 -   Remove unused update\_external\_syncs (PR #3233)
 -   Use stream rather depth ordering for push actions (PR #3212)
 -   Make purge\_history operate on tokens (PR #3221)
-   Don\'t support limitless pagination (PR #3265)
+-   Don't support limitless pagination (PR #3265)
 Bug Fixes:
@ -1454,7 +1454,7 @@ Changes - Python 3 migration:
 -   Make event properties raise AttributeError instead (PR #3102) Thanks to @NotAFile!
 -   Use six.moves.urlparse (PR #3108) Thanks to @NotAFile!
 -   Add py3 tests to tox with folders that work (PR #3145) Thanks to @NotAFile!
-   Don\'t yield in list comprehensions (PR #3150) Thanks to @NotAFile!
+-   Don't yield in list comprehensions (PR #3150) Thanks to @NotAFile!
 -   Move more xrange to six (PR #3151) Thanks to @NotAFile!
 -   make imports local (PR #3152) Thanks to @NotAFile!
 -   move httplib import to six (PR #3153) Thanks to @NotAFile!
@ -1556,7 +1556,7 @@ v0.27.3-rc1 used a stale version of the develop branch so the changelog overstat
 Changes in synapse v0.27.3-rc1 (2018-04-09)
 ===========================================
-Notable changes include API support for joinability of groups. Also new metrics and phone home stats. Phone home stats include better visibility of system usage so we can tweak synpase to work better for all users rather than our own experience with matrix.org. Also, recording \'r30\' stat which is the measure we use to track overal growth of the Matrix ecosystem. It is defined as:-
+Notable changes include API support for joinability of groups. Also new metrics and phone home stats. Phone home stats include better visibility of system usage so we can tweak synpase to work better for all users rather than our own experience with matrix.org. Also, recording \'r30\' stat which is the measure we use to track overall growth of the Matrix ecosystem. It is defined as:-
 Counts the number of native 30 day retained users, defined as:- \* Users who have created their accounts more than 30 days
@ -1654,7 +1654,7 @@ Changes:
 -   No longer require a specific version of saml2 (PR #2695) Thanks to @okurz!
 -   Remove `verbosity`/`log_file` from generated config (PR #2755)
 -   Add and improve metrics and logging (PR #2770, #2778, #2785, #2786, #2787, #2793, #2794, #2795, #2809, #2810, #2833, #2834, #2844, #2965, #2927, #2975, #2790, #2796, #2838)
-   When using synctl with workers, don\'t start the main synapse automatically (PR #2774)
+-   When using synctl with workers, Don't start the main synapse automatically (PR #2774)
 -   Minor performance improvements (PR #2773, #2792)
 -   Use a connection pool for non-federation outbound connections (PR #2817)
 -   Make it possible to run unit tests against postgres (PR #2829)
@ -1848,7 +1848,7 @@ Changes:
 Bug fixes:
 -   Fix caching error in the push evaluator (PR #2332)
-   Fix bug where pusherpool didn\'t start and broke some rooms (PR #2342)
+-   Fix bug where pusherpool didn't start and broke some rooms (PR #2342)
 -   Fix port script for user directory tables (PR #2375)
 -   Fix device lists notifications when user rejoins a room (PR #2443, #2449)
 -   Fix sync to always send down current state events in timeline (PR #2451)
@ -1860,7 +1860,7 @@ Changes in synapse v0.22.1 (2017-07-06)
 Bug fixes:
-   Fix bug where pusher pool didn\'t start and caused issues when interacting with some rooms (PR #2342)
+-   Fix bug where pusher pool didn't start and caused issues when interacting with some rooms (PR #2342)
 Changes in synapse v0.22.0 (2017-07-06)
 =======================================
@ -1933,7 +1933,7 @@ Changes:
 -   Various small performance fixes (PR #2201, #2202, #2224, #2226, #2227, #2228, #2229)
 -   Update username availability checker API (PR #2209, #2213)
-   When purging, don\'t de-delta state groups we\'re about to delete (PR #2214)
+-   When purging, Don't de-delta state groups we're about to delete (PR #2214)
 -   Documentation to check synapse version (PR #2215) Thanks to @hamber-dick!
 -   Add an index to event\_search to speed up purge history API (PR #2218)
@ -1982,7 +1982,7 @@ Bug fixes:
 -   Fix invite state to always include all events (PR #2163)
 -   Fix bug where synapse would always fetch state for any missing event (PR #2170)
 -   Fix a leak with timed out HTTP connections (PR #2180)
-   Fix bug where we didn\'t time out HTTP requests to ASes (PR #2192)
+-   Fix bug where we didn't time out HTTP requests to ASes (PR #2192)
 Docs:
@ -2016,7 +2016,7 @@ Changes:
 -   Minor `/sync` performance improvements. (PR #2002, #2013, #2022)
 -   Add some debug to help diagnose weird federation issue (PR #2035)
 -   Correctly limit retries for all federation requests (PR #2050, #2061)
-   Don\'t lock table when persisting new one time keys (PR #2053)
+-   Don't lock table when persisting new one time keys (PR #2053)
 -   Reduce some CPU work on DB threads (PR #2054)
 -   Cache hosts in room (PR #2060)
 -   Batch sending of device list pokes (PR #2063)
@ -2033,7 +2033,7 @@ Bug fixes:
 -   Fix bug when federation received a PDU while a room join is in progress (PR #2016)
 -   Fix resetting state on rejected events (PR #2025)
 -   Fix installation issues in readme. Thanks @ricco386 (PR #2037)
-   Fix caching of remote servers\' signature keys (PR #2042)
+-   Fix caching of remote servers' signature keys (PR #2042)
 -   Fix some leaking log context (PR #2048, #2049, #2057, #2058)
 -   Fix rejection of invites not reaching sync (PR #2056)
@ -2060,7 +2060,7 @@ Changes:
 -   Reduce database table sizes (PR #1873, #1916, #1923, #1963)
 -   Update contrib/ to not use syutil. Thanks to andrewshadura! (PR #1907)
-   Don\'t fetch current state when sending an event in common case (PR #1955)
+-   Don't fetch current state when sending an event in common case (PR #1955)
 Bug fixes:
@ -2068,7 +2068,7 @@ Bug fixes:
 -   Fix caching to not cache error responses (PR #1913)
 -   Fix APIs to make kick & ban reasons work (PR #1917)
 -   Fix bugs in the /keys/changes api (PR #1921)
-   Fix bug where users couldn\'t forget rooms they were banned from (PR #1922)
+-   Fix bug where users couldn't forget rooms they were banned from (PR #1922)
 -   Fix issue with long language values in pushers API (PR #1925)
 -   Fix a race in transaction queue (PR #1930)
 -   Fix dynamic thumbnailing to preserve aspect ratio. Thanks to jkolo! (PR #1945)
@ -2129,7 +2129,7 @@ Changes:
 -   Measure size of some caches by sum of the size of cached values (PR #1815)
 -   Measure metrics of string\_cache (PR #1821)
 -   Reduce logging verbosity (PR #1822, #1823, #1824)
-   Don\'t clobber a displayname or avatar\_url if provided by an m.room.member event (PR #1852)
+-   Don't clobber a displayname or avatar\_url if provided by an m.room.member event (PR #1852)
 -   Better handle 401/404 response for federation /send/ (PR #1866, #1871)
 Fixes:
@ -2141,7 +2141,7 @@ Fixes:
 Performance:
-   Don\'t block messages sending on bumping presence (PR #1789)
+-   Don't block messages sending on bumping presence (PR #1789)
 -   Change device\_inbox stream index to include user (PR #1793)
 -   Optimise state resolution (PR #1818)
 -   Use DB cache of joined users for presence (PR #1862)
@ -2157,7 +2157,7 @@ Changes in synapse v0.18.7-rc2 (2017-01-07)
 Bug fixes:
-   Fix error in rc1\'s discarding invalid inbound traffic logic that was incorrectly discarding missing events
+-   Fix error in rc1's discarding invalid inbound traffic logic that was incorrectly discarding missing events
 Changes in synapse v0.18.7-rc1 (2017-01-06)
 ===========================================
@ -2181,7 +2181,7 @@ Changes in synapse v0.18.6-rc3 (2017-01-05)
 Bug fixes:
 -   Fix bug where we failed to send ban events to the banned server (PR #1758)
-   Fix bug where we sent event that didn\'t originate on this server to other servers (PR #1764)
+-   Fix bug where we sent event that didn't originate on this server to other servers (PR #1764)
 -   Fix bug where processing an event from a remote server took a long time because we were making long HTTP requests (PR #1765, PR #1744)
 Changes:
@ -2208,7 +2208,7 @@ Changes in synapse v0.18.5 (2016-12-16)
 Bug fixes:
-   Fix federation /backfill returning events it shouldn\'t (PR #1700)
+-   Fix federation /backfill returning events it shouldn't (PR #1700)
 -   Fix crash in url preview (PR #1701)
 Changes in synapse v0.18.5-rc3 (2016-12-13)
@ -2231,11 +2231,11 @@ Changes:
 Bug fixes:
-   Fix handling of 500 and 429\'s over federation (PR #1650)
+-   Fix handling of 500 and 429's over federation (PR #1650)
 -   Fix Content-Type header parsing (PR #1660)
 -   Fix error when previewing sites that include unicode, thanks to kyrias (PR #1664)
 -   Fix some cases where we drop read receipts (PR #1678)
-   Fix bug where calls to `/sync` didn\'t correctly timeout (PR #1683)
+-   Fix bug where calls to `/sync` didn't correctly timeout (PR #1683)
 -   Fix bug where E2E key query would fail if a single remote host failed (PR #1686)
 Changes in synapse v0.18.5-rc2 (2016-11-24)
@ -2243,7 +2243,7 @@ Changes in synapse v0.18.5-rc2 (2016-11-24)
 Bug fixes:
-   Don\'t send old events over federation, fixes bug in -rc1.
+-   Don't send old events over federation, fixes bug in -rc1.
 Changes in synapse v0.18.5-rc1 (2016-11-24)
 ===========================================
@ -2254,7 +2254,7 @@ Features:
 Changes:
-   Use external ldap auth pacakge (PR #1628)
+-   Use external ldap auth package (PR #1628)
 -   Split out federation transaction sending to a worker (PR #1635)
 -   Fail with a coherent error message if /sync?filter= is invalid (PR #1636)
 -   More efficient notif count queries (PR #1644)
@ -2289,7 +2289,7 @@ SECURITY UPDATE
 Explicitly require authentication when using LDAP3. This is the default on versions of `ldap3` above 1.0, but some distributions will package an older version.
-If you are using LDAP3 login and have a version of `ldap3` older than 1.0 it is **CRITICAL to updgrade**.
+If you are using LDAP3 login and have a version of `ldap3` older than 1.0 it is **CRITICAL to upgrade**.
 Changes in synapse v0.18.2 (2016-11-01)
 =======================================
@ -2440,7 +2440,7 @@ Features:
 Changes:
 -   Avoid pulling the full state of a room out so often (PR #1047, #1049, #1063, #1068)
-   Don\'t notify for online to online presence transitions. (PR #1054)
+-   Don't notify for online to online presence transitions. (PR #1054)
 -   Occasionally persist unpersisted presence updates (PR #1055)
 -   Allow application services to have an optional \'url\' (PR #1056)
 -   Clean up old sent transactions from DB (PR #1059)
@ -2472,7 +2472,7 @@ Features:
 Changes:
-   Don\'t print stack traces when failing to get remote keys (PR #996)
+-   Don't print stack traces when failing to get remote keys (PR #996)
 -   Various federation /event/ perf improvements (PR #998)
 -   Only process one local membership event per room at a time (PR #1005)
 -   Move default display name push rule (PR #1011, #1023)
@ -2488,7 +2488,7 @@ Bug fixes:
 -   Fix /sync to not clobber status\_msg (PR #997)
 -   Fix redacted state events to include prev\_content (PR #1003)
 -   Fix some bugs in the auth/ldap handler (PR #1007)
-   Fix backfill request to limit URI length, so that remotes don\'t reject the requests due to path length limits (PR #1012)
+-   Fix backfill request to limit URI length, so that remotes Don't reject the requests due to path length limits (PR #1012)
 -   Fix AS push code to not send duplicate events (PR #1025)
 Changes in synapse v0.17.0 (2016-08-08)
@ -2577,8 +2577,8 @@ Changes:
 -   Send the correct host header when fetching keys (PR #941)
 -   Log the hostname the reCAPTCHA was completed on (PR #946)
 -   Make the device id on e2e key upload optional (PR #956)
-   Add r0.2.0 to the \"supported versions\" list (PR #960)
+-   Add r0.2.0 to the "supported versions" list (PR #960)
-   Don\'t include name of room for invites in push (PR #961)
+-   Don't include name of room for invites in push (PR #961)
 Bug fixes:
@ -2596,7 +2596,7 @@ Changes in synapse v0.16.1-r1 (2016-07-08)
 THIS IS A CRITICAL SECURITY UPDATE.
-This fixes a bug which allowed users\' accounts to be accessed by unauthorised users.
+This fixes a bug which allowed users' accounts to be accessed by unauthorised users.
 Changes in synapse v0.16.1 (2016-06-20)
 =======================================
@ -2619,7 +2619,7 @@ Features: None
 Changes:
 -   Log requester for `/publicRoom` endpoints when possible (PR #856)
-   502 on `/thumbnail` when can\'t connect to remote server (PR #862)
+-   502 on `/thumbnail` when can't connect to remote server (PR #862)
 -   Linearize fetching of gaps on incoming events (PR #871)
 Bugs fixes:
@ -2640,7 +2640,7 @@ NB: As of v0.14 all AS config files must have an ID field.
 Bug fixes:
-   Don\'t make rooms published by default (PR #857)
+-   Don't make rooms published by default (PR #857)
 Changes in synapse v0.16.0-rc2 (2016-06-08)
 ===========================================
@ -2658,7 +2658,7 @@ Bug fixes:
 -   Fix \'From\' header in email notifications (PR #843)
 -   Fix presence where timeouts were not being fired for the first 8h after restarts (PR #842)
-   Fix bug where synapse sent malformed transactions to AS\'s when retrying transactions (Commits 310197b, 8437906)
+-   Fix bug where synapse sent malformed transactions to AS's when retrying transactions (Commits 310197b, 8437906)
 Performance improvements:
@ -2685,7 +2685,7 @@ Changes:
 -   Report per request metrics for all of the things using request\_handler (PR #756)
 -   Correctly handle `NULL` password hashes from the database (PR #775)
-   Allow receipts for events we haven\'t seen in the db (PR #784)
+-   Allow receipts for events we haven't seen in the db (PR #784)
 -   Make synctl read a cache factor from config file (PR #785)
 -   Increment badge count per missed convo, not per msg (PR #793)
 -   Special case m.room.third\_party\_invite event auth to match invites (PR #814)
@ -2737,7 +2737,7 @@ Changes:
 Bug fixes:
 -   Fix bug where disabling all notifications still resulted in push (PR #678)
-   Fix bug where users couldn\'t reject remote invites if remote refused (PR #691)
+-   Fix bug where users couldn't reject remote invites if remote refused (PR #691)
 -   Fix bug where synapse attempted to backfill from itself (PR #693)
 -   Fix bug where profile information was not correctly added when joining remote rooms (PR #703)
 -   Fix bug where register API required incorrect key name for AS registration (PR #727)
@ -2775,7 +2775,7 @@ Features:
 -   Add event\_id to response to state event PUT (PR #581)
 -   Allow guest users access to messages in rooms they have joined (PR #587)
 -   Add config for what state is included in a room invite (PR #598)
-   Send the inviter\'s member event in room invite state (PR #607)
+-   Send the inviter's member event in room invite state (PR #607)
 -   Add error codes for malformed/bad JSON in /login (PR #608)
 -   Add support for changing the actions for default rules (PR #609)
 -   Add environment variable SYNAPSE\_CACHE\_FACTOR, default it to 0.1 (PR #612)
@ -2788,7 +2788,7 @@ Changes:
 -   Make adding push rules idempotent (PR #587)
 -   Improve presence performance (PR #582, #586)
 -   Change presence semantics for `last_active_ago` (PR #582, #586)
-   Don\'t allow `m.room.create` to be changed (PR #596)
+-   Don't allow `m.room.create` to be changed (PR #596)
 -   Add 800x600 to default list of valid thumbnail sizes (PR #616)
 -   Always include kicks and bans in full /sync (PR #625)
 -   Send history visibility on boundary changes (PR #626)
@ -2854,7 +2854,7 @@ Features:
 Changes:
-   Change `/sync` so that guest users only get rooms they\'ve joined (PR #469)
+-   Change `/sync` so that guest users only get rooms they've joined (PR #469)
 -   Change to require unbanning before other membership changes (PR #501)
 -   Change default push rules to notify for all messages (PR #486)
 -   Change default push rules to not notify on membership changes (PR #514)
@ -2863,12 +2863,12 @@ Changes:
 -   Change server manhole to use SSH rather than telnet (PR #473)
 -   Change server to require AS users to be registered before use (PR #487)
 -   Change server not to start when ASes are invalidly configured (PR #494)
-   Change server to require ID and `as_token` to be unique for AS\'s (PR #496)
+-   Change server to require ID and `as_token` to be unique for AS's (PR #496)
 -   Change maximum pagination limit to 1000 (PR #497)
 Bug fixes:
-   Fix bug where `/sync` didn\'t return when something under the leave key changed (PR #461)
+-   Fix bug where `/sync` didn't return when something under the leave key changed (PR #461)
 -   Fix bug where we returned smaller rather than larger than requested thumbnails when `method=crop` (PR #464)
 -   Fix thumbnails API to only return cropped thumbnails when asking for a cropped thumbnail (PR #475)
 -   Fix bug where we occasionally still logged access tokens (PR #477)
@ -2888,7 +2888,7 @@ Changes in synapse v0.12.0-rc3 (2015-12-23)
 -   Allow guest accounts access to `/sync` (PR #455)
 -   Allow filters to include/exclude rooms at the room level rather than just from the components of the sync for each room. (PR #454)
 -   Include urls for room avatars in the response to `/publicRooms` (PR #453)
-   Don\'t set a identicon as the avatar for a user when they register (PR #450)
+-   Don't set a identicon as the avatar for a user when they register (PR #450)
 -   Add a `display_name` to third-party invites (PR #449)
 -   Send more information to the identity server for third-party invites so that it can send richer messages to the invitee (PR #446)
 -   Cache the responses to `/initialSync` for 5 minutes. If a client retries a request to `/initialSync` before the a response was computed to the first request then the same response is used for both requests (PR #457)
@ -2917,7 +2917,7 @@ Changes in synapse v0.12.0-rc1 (2015-12-10)
    -   Filter JSON objects may now be passed as query parameters to `/sync` (PR #431)
    -   Fix implementation of `/admin/whois` (PR #418)
    -   Only include the rooms that user has left in `/sync` if the client requests them in the filter (PR #423)
-    -   Don\'t push for `m.room.message` by default (PR #411)
+    -   Don't push for `m.room.message` by default (PR #411)
    -   Add API for setting per account user data (PR #392)
    -   Allow users to forget rooms (PR #385)
 -   Performance improvements and monitoring:
@ -2932,8 +2932,8 @@ Changes in synapse v0.11.1 (2015-11-20)
 =======================================
 -   Add extra options to search API (PR #394)
-   Fix bug where we did not correctly cap federation retry timers. This meant it could take several hours for servers to start talking to ressurected servers, even when they were receiving traffic from them (PR #393)
+-   Fix bug where we did not correctly cap federation retry timers. This meant it could take several hours for servers to start talking to resurrected servers, even when they were receiving traffic from them (PR #393)
-   Don\'t advertise login token flow unless CAS is enabled. This caused issues where some clients would always use the fallback API if they did not recognize all login flows (PR #391)
+-   Don't advertise login token flow unless CAS is enabled. This caused issues where some clients would always use the fallback API if they did not recognize all login flows (PR #391)
 -   Change /v2 sync API to rename `private_user_data` to `account_data` (PR #386)
 -   Change /v2 sync API to remove the `event_map` and rename keys in `rooms` object (PR #389)
@ -2973,7 +2973,7 @@ Changes in synapse v0.11.0-rc1 (2015-11-11)
 -   Change retry schedule for application services (PR #320)
 -   Change retry schedule for remote servers (PR #340)
 -   Fix bug where we hosted static content in the incorrect place (PR #329)
-   Fix bug where we didn\'t increment retry interval for remote servers (PR #343)
+-   Fix bug where we didn't increment retry interval for remote servers (PR #343)
 Changes in synapse v0.10.1-rc1 (2015-10-15)
 ===========================================
@ -3058,9 +3058,9 @@ General:
 -   Error if a user tries to register with an email already in use. (PR #211)
 -   Add extra and improve existing caches (PR #212, #219, #226, #228)
 -   Batch various storage request (PR #226, #228)
-   Fix bug where we didn\'t correctly log the entity that triggered the request if the request came in via an application service (PR #230)
+-   Fix bug where we didn't correctly log the entity that triggered the request if the request came in via an application service (PR #230)
 -   Fix bug where we needlessly regenerated the full list of rooms an AS is interested in. (PR #232)
-   Add support for AS\'s to use v2\_alpha registration API (PR #210)
+-   Add support for AS's to use v2\_alpha registration API (PR #210)
 Configuration:
@ -3148,7 +3148,7 @@ Configuration:
 Federation:
 -   Improve resilience of backfill by ensuring we fetch any missing auth events.
-   Improve performance of backfill and joining remote rooms by removing unnecessary computations. This included handling events we\'d previously handled as well as attempting to compute the current state for outliers.
+-   Improve performance of backfill and joining remote rooms by removing unnecessary computations. This included handling events we'd previously handled as well as attempting to compute the current state for outliers.
 Changes in synapse v0.9.1 (2015-05-26)
 ======================================
@ -3156,7 +3156,7 @@ Changes in synapse v0.9.1 (2015-05-26)
 General:
 -   Add support for backfilling when a client paginates. This allows servers to request history for a room from remote servers when a client tries to paginate history the server does not have - SYN-36
-   Fix bug where you couldn\'t disable non-default pushrules - SYN-378
+-   Fix bug where you couldn't disable non-default pushrules - SYN-378
 -   Fix `register_new_user` script - SYN-359
 -   Improve performance of fetching events from the database, this improves both initialSync and sending of events.
 -   Improve performance of event streams, allowing synapse to handle more simultaneous connected clients.
@ -3225,7 +3225,7 @@ General:
 -   Added new default push rules and made them configurable by clients:
    -   Suppress all notice messages.
    -   Notify when invited to a new room.
-    -   Notify for messages that don\'t match any rule.
+    -   Notify for messages that Don't match any rule.
    -   Notify on incoming call.
 Federation:
@ -3268,7 +3268,7 @@ Changes in synapse v0.7.0 (2015-02-12)
        > -   Computing the state of a room at a point in time, used for authorization on federation requests.
        > -   Fetching events from the database.
-        > -   User\'s room membership, used for authorizing presence updates.
+        > -   User's room membership, used for authorizing presence updates.
    -   Upgraded JSON library to improve parsing and serialisation speeds.
@ -3298,7 +3298,7 @@ Changes in synapse 0.6.0 (2014-12-16)
 Changes in synapse 0.5.4a (2014-12-13)
 ======================================
-   Fix bug while generating the error message when a file path specified in the config doesn\'t exist.
+-   Fix bug while generating the error message when a file path specified in the config doesn't exist.
 Changes in synapse 0.5.4 (2014-12-03)
 =====================================
@ -3329,7 +3329,7 @@ Changes in synapse 0.5.1 (2014-11-26)
 See UPGRADES.rst for specific instructions on how to upgrade.
 -   Fix bug where we served up an Event that did not match its signatures.
-   Fix regression where we no longer correctly handled the case where a homeserver receives an event for a room it doesn\'t recognise (but is in.)
+-   Fix regression where we no longer correctly handled the case where a homeserver receives an event for a room it doesn't recognise (but is in.)
 Changes in synapse 0.5.0 (2014-11-19)
 =====================================
@ -3342,7 +3342,7 @@ Homeserver:
 -   Add authentication and authorization to the federation protocol. Events are now signed by their originating homeservers.
 -   Implement the new authorization model for rooms.
-   Split out web client into a seperate repository: matrix-angular-sdk.
+-   Split out web client into a separate repository: matrix-angular-sdk.
 -   Change the structure of PDUs.
 -   Fix bug where user could not join rooms via an alias containing 4-byte UTF-8 characters.
 -   Merge concept of PDUs and Events internally.
@ -3352,7 +3352,7 @@ Homeserver:
 Webclient:
-   The webclient has been moved to a seperate repository.
+-   The webclient has been moved to a separate repository.
 Changes in synapse 0.4.2 (2014-10-31)
 =====================================
@ -3410,10 +3410,10 @@ Webclient:
 -   Add button to send messages to users from the home page.
 -   Add support for using TURN for VoIP calls.
 -   Show display name change messages.
-   Fix bug where the client didn\'t get the state of a newly joined room until after it has been refreshed.
+-   Fix bug where the client didn't get the state of a newly joined room until after it has been refreshed.
 -   Fix bugs with tab complete.
 -   Fix bug where holding down the down arrow caused chrome to chew 100% CPU.
-   Fix bug where desktop notifications occasionally used \"Undefined\" as the display name.
+-   Fix bug where desktop notifications occasionally used "Undefined" as the display name.
 -   Fix more places where we sometimes saw room IDs incorrectly.
 -   Fix bug which caused lag when entering text in the text box.
@ -3427,21 +3427,21 @@ Homeserver:
 Webclient:
 -   Add support for video calls with basic UI.
-   Fix bug where one to one chats were named after your display name rather than the other person\'s.
+-   Fix bug where one to one chats were named after your display name rather than the other person's.
 -   Fix bug which caused lag when typing in the textarea.
-   Refuse to run on browsers we know won\'t work.
+-   Refuse to run on browsers we know won't work.
 -   Trigger pagination when joining new rooms.
-   Fix bug where we sometimes didn\'t display invitations in recents.
+-   Fix bug where we sometimes didn't display invitations in recents.
 -   Automatically join room when accepting a VoIP call.
-   Disable outgoing and reject incoming calls on browsers we don\'t support VoIP in.
+-   Disable outgoing and reject incoming calls on browsers we Don't support VoIP in.
-   Don\'t display desktop notifications for messages in the room you are non-idle and speaking in.
+-   Don't display desktop notifications for messages in the room you are non-idle and speaking in.
 Changes in synapse 0.3.2 (2014-09-18)
 =====================================
 Webclient:
-   Fix bug where an empty \"bing words\" list in old accounts didn\'t send notifications when it should have done.
+-   Fix bug where an empty "bing words" list in old accounts didn't send notifications when it should have done.
 Changes in synapse 0.3.1 (2014-09-18)
 =====================================
@ -3451,7 +3451,7 @@ This is a release to hotfix v0.3.0 to fix two regressions.
 Webclient:
 -   Fix a regression where we sometimes displayed duplicate events.
-   Fix a regression where we didn\'t immediately remove rooms you were banned in from the recents list.
+-   Fix a regression where we didn't immediately remove rooms you were banned in from the recents list.
 Changes in synapse 0.3.0 (2014-09-18)
 =====================================
@ -3462,8 +3462,8 @@ Homeserver:
 -   When a user changes their displayname or avatar the server will now update all their join states to reflect this.
 -   The server now adds \"age\" key to events to indicate how old they are. This is clock independent, so at no point does any server or webclient have to assume their clock is in sync with everyone else.
-   Fix bug where we didn\'t correctly pull in missing PDUs.
+-   Fix bug where we didn't correctly pull in missing PDUs.
-   Fix bug where prev\_content key wasn\'t always returned.
+-   Fix bug where prev\_content key wasn't always returned.
 -   Add support for password resets.
 Webclient:
@ -3473,7 +3473,7 @@ Webclient:
 -   Always show room aliases in the UI if one is present.
 -   No longer show user-count in the recents side panel.
 -   Add up & down arrow support to the text box for message sending to step through your sent history.
-   Don\'t display notifications for our own messages.
+-   Don't display notifications for our own messages.
 -   Emotes are now formatted correctly in desktop notifications.
 -   The recents list now differentiates between public & private rooms.
 -   Fix bug where when switching between rooms the pagination flickered before the view jumped to the bottom of the screen.
@ -3503,7 +3503,7 @@ Webclient:
 -   VoIP UI and reliability improvements.
 -   Add glare support for VoIP.
 -   Improvements to initial startup speed.
-   Don\'t display duplicate join events.
+-   Don't display duplicate join events.
 -   Local echo of messages.
 -   Differentiate sending and sent of local echo.
 -   Various minor bug fixes.
@ -3587,7 +3587,7 @@ Homeserver:
 Changes in synapse 0.1.0 (2014-08-29)
 =====================================
-Presence has been reenabled in this release.
+Presence has been re-enabled in this release.
 Homeserver:
@ -3629,7 +3629,7 @@ Webclient:
 -   Add profile pages.
 -   Improve CSS layout of room.
 -   Disambiguate identical display names.
-   Don\'t get remote users display names and avatars individually.
+-   Don't get remote users display names and avatars individually.
 -   Use the new initial sync API to reduce number of round trips to the homeserver.
 -   Change url scheme to use room aliases instead of room ids where known.
 -   Increase longpoll timeout.
--- a/docs/consent_tracking.md
+++ b/docs/consent_tracking.md
@ -8,9 +8,9 @@ to the server until they have.
 There are several parts to this functionality; each requires some specific
 configuration in `homeserver.yaml` to be enabled.
-Note that various parts of the configuation and this document refer to the
+Note that various parts of the configuration and this document refer to the
 "privacy policy": agreement with a privacy policy is one particular use of this
-feature, but of course adminstrators can specify other terms and conditions
+feature, but of course administrators can specify other terms and conditions
 unrelated to "privacy" per se.
 Collecting policy agreement from a user
--- a/docs/development/contributing_guide.md
+++ b/docs/development/contributing_guide.md
@ -266,7 +266,7 @@ The easiest way to do so is to run Postgres via a docker container. In one
 terminal:
 ```shell
-docker run --rm -e POSTGRES_PASSWORD=mysecretpassword -e POSTGRES_USER=postgres -e POSTGRES_DB=postgress -p 5432:5432 postgres:14
+docker run --rm -e POSTGRES_PASSWORD=mysecretpassword -e POSTGRES_USER=postgres -e POSTGRES_DB=postgres -p 5432:5432 postgres:14
 ```
 If you see an error like
--- a/docs/development/synapse_architecture/faster_joins.md
+++ b/docs/development/synapse_architecture/faster_joins.md
@ -264,7 +264,7 @@ But don't want to send out sensitive data in other HS's events in this way.
 Suppose we discover after resync that we shouldn't have sent out one our events (not a prev_event) to a target HS. Not much we can do.
 What about if we didn't send them an event but shouldn't've?
 E.g. what if someone joined from a new HS shortly after you did? We wouldn't talk to them.
-Could imagine sending out the "Missed" events after the resync but... painful to work out what they shuld have seen if they joined/left.
+Could imagine sending out the "Missed" events after the resync but... painful to work out what they should have seen if they joined/left.
 Instead, just send them the latest event (if they're still in the room after resync) and let them backfill.(?)
 - Don't do this currently.
 - If anyone who has received our messages sends a message to a HS we missed, they can backfill our messages
--- a/docs/log_contexts.md
+++ b/docs/log_contexts.md
@ -86,7 +86,7 @@ So we have stopped processing the request (and will probably go on to
 start processing the next), without clearing the logcontext.
 To circumvent this problem, synapse code assumes that, wherever you have
-an awaitable, you will want to `await` it. To that end, whereever
+an awaitable, you will want to `await` it. To that end, wherever
 functions return awaitables, we adopt the following conventions:
 **Rules for functions returning awaitables:**
--- a/docs/postgres.md
+++ b/docs/postgres.md
@ -249,7 +249,7 @@ of `COLLATE` and `CTYPE` unless the config flag `allow_unsafe_locale`, found in
 underneath the database, or if a different version of the locale is used on any
 replicas.
-If you have a databse with an unsafe locale, the safest way to fix the issue is to dump the database and recreate it with
+If you have a database with an unsafe locale, the safest way to fix the issue is to dump the database and recreate it with
 the correct locale parameter (as shown above). It is also possible to change the
 parameters on a live database and run a `REINDEX` on the entire database,
 however extreme care must be taken to avoid database corruption.
--- a/docs/setup/installation.md
+++ b/docs/setup/installation.md
@ -37,7 +37,7 @@ Dockerfile to automate a synapse server in a single Docker image, at
 <https://hub.docker.com/r/avhost/docker-matrix/tags/>
 Slavi Pantaleev has created an Ansible playbook,
-which installs the offical Docker image of Matrix Synapse
+which installs the official Docker image of Matrix Synapse
 along with many other Matrix-related services (Postgres database, Element, coturn,
 ma1sd, SSL support, etc.).
 For more details, see
@ -93,7 +93,7 @@ For `bookworm` and `sid`, it can be installed simply with:
 sudo apt install matrix-synapse
 ```
-Synapse is also avaliable in `bullseye-backports`.  Please
+Synapse is also available in `bullseye-backports`.  Please
 see the [Debian documentation](https://backports.debian.org/Instructions/)
 for information on how to use backports.
--- a/docs/tcp_replication.md
+++ b/docs/tcp_replication.md
@ -38,7 +38,7 @@ noted when manually using the protocol:
    been disabled on the main process.
 -   The server will only time connections out that have sent a `PING`
    command. If a ping is sent then the connection will be closed if no
-    further commands are receieved within 15s. Both the client and
+    further commands are received within 15s. Both the client and
    server protocol implementations will send an initial PING on
    connection and ensure at least one command every 5s is sent (not
    necessarily `PING`).
@ -128,7 +128,7 @@ batching. See `RdataCommand` for more details.
 ### Example
-An example iteraction is shown below. Each line is prefixed with '>'
+An example interaction is shown below. Each line is prefixed with '>'
 or '<' to indicate which side is sending, these are *not* included on
 the wire:
--- a/docs/turn-howto.md
+++ b/docs/turn-howto.md
@ -18,7 +18,7 @@ This documentation provides two TURN server configuration examples:
 For TURN relaying to work, the TURN service must be hosted on a server/endpoint with a public IP.
-Hosting TURN behind NAT requires port forwaring and for the NAT gateway to have a public IP.
+Hosting TURN behind NAT requires port forwarding and for the NAT gateway to have a public IP.
 However, even with appropriate configuration, NAT is known to cause issues and to often not work.
 Afterwards, the homeserver needs some further configuration.
--- a/docs/upgrade.md
+++ b/docs/upgrade.md
@ -88,6 +88,14 @@ process, for example:
    dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb
    ```
 # Upgrading to v1.93.0
 ## Minimum supported Rust version
 The minimum supported Rust version has been increased from v1.60.0 to v1.61.0.
 Users building from source will need to ensure their `rustc` version is up to
 date.
 # Upgrading to v1.90.0
 ## App service query parameter authorization is now a configuration option
@ -1344,7 +1352,7 @@ In line with our [deprecation policy](deprecation_policy.md),
 we've dropped support for Python 3.5 and PostgreSQL 9.5, as they are no
 longer supported upstream.
-This release of Synapse requires Python 3.6+ and PostgresSQL 9.6+ or
+This release of Synapse requires Python 3.6+ and PostgreSQL 9.6+ or
 SQLite 3.22+.
 ## Removal of old List Accounts Admin API
@ -2304,7 +2312,7 @@ for details.
 # Upgrading to v0.11.0
 This release includes the option to send anonymous usage stats to
-matrix.org, and requires that administrators explictly opt in or out by
+matrix.org, and requires that administrators explicitly opt in or out by
 setting the `report_stats` option to either `true` or `false`.
 We would really appreciate it if you could help our project out by
@ -2408,7 +2416,7 @@ latest module, please run:
 # Upgrading to v0.5.0
-The webclient has been split out into a seperate repository/pacakage in
+The webclient has been split out into a separate repository/package in
 this release. Before you restart your homeserver you will need to pull
 in the webclient package by running:
--- a/docs/usage/administration/admin_api/federation.md
+++ b/docs/usage/administration/admin_api/federation.md
@ -77,7 +77,7 @@ The following fields are returned in the JSON response body:
    remote server, in ms. This is `0` if the last attempt to communicate with the
    remote server was successful.
  - `retry_interval` - integer - How long since the last time Synapse tried to reach
-    the remote server before trying again, in ms. This is `0` if no further retrying occuring.
+    the remote server before trying again, in ms. This is `0` if no further retrying occurring.
  - `failure_ts` - nullable integer - The first time Synapse tried and failed to reach the
    remote server, in ms. This is `null` if communication with the remote server has never failed.
  - `last_successful_stream_ordering` - nullable integer - The stream ordering of the most
--- a/docs/usage/configuration/config_documentation.md
+++ b/docs/usage/configuration/config_documentation.md
@ -25,8 +25,10 @@ messages from the database after 5 minutes, rather than 5 months.
 In addition, configuration options referring to size use the following suffixes:
 * `M` = MiB, or 1,048,576 bytes
 * `K` = KiB, or 1024 bytes
 * `M` = MiB, or 1,048,576 bytes
 * `G` = GiB, or 1,073,741,824 bytes
 * `T` = TiB, or 1,099,511,627,776 bytes
 For example, setting `max_avatar_size: 10M` means that Synapse will not accept files larger than 10,485,760 bytes
 for a user avatar.
@ -519,7 +521,7 @@ listeners:
 Example configuration #2:
 ```yaml
 listeners:
-  # Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
+  # Insecure HTTP listener: for when matrix traffic passes through a reverse proxy
  # that unwraps TLS.
  #
  # If you plan to use a reverse proxy, please see
@ -2943,7 +2945,7 @@ Normally, the connection to the key server is validated via TLS certificates.
 Additional security can be provided by configuring a `verify key`, which
 will make synapse check that the response is signed by that key.
-This setting supercedes an older setting named `perspectives`. The old format
+This setting supersedes an older setting named `perspectives`. The old format
 is still supported for backwards-compatibility, but it is deprecated.
 `trusted_key_servers` defaults to matrix.org, but using it will generate a
@ -3428,6 +3430,12 @@ Has the following sub-options:
   and the values must match the given value. Alternately if the given value
   is `None` then any value is allowed (the attribute just must exist).
   All of the listed attributes must match for the login to be permitted.
 * `enable_registration`: set to 'false' to disable automatic registration of new
   users. This allows the CAS SSO flow to be limited to sign in only, rather than
   automatically registering users that have a valid SSO login but do not have
   a pre-registered account. Defaults to true.
   *Added in Synapse 1.93.0.*
 Example configuration:
 ```yaml
@ -3439,6 +3447,7 @@ cas_config:
  required_attributes:
    userGroup: "staff"
    department: None
  enable_registration: true
 ```
 ---
 ### `sso`
--- a/docs/workers.md
+++ b/docs/workers.md
@ -246,6 +246,7 @@ information.
    ^/_matrix/client/(r0|v3|unstable)/user/.*/filter(/|$)
    ^/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$
    ^/_matrix/client/(r0|v3|unstable)/capabilities$
    ^/_matrix/client/(r0|v3|unstable)/notifications$
    # Encryption requests
    ^/_matrix/client/(r0|v3|unstable)/keys/query$
--- a/flake.lock
+++ b/flake.lock
@ -258,11 +258,11 @@
        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
-        "lastModified": 1690510705,
+        "lastModified": 1693966243,
-        "narHash": "sha256-6mjs3Gl9/xrseFh9iNcNq1u5yJ/MIoAmjoaG7SXZDIE=",
+        "narHash": "sha256-a2CA1aMIPE67JWSVIGoGtD3EGlFdK9+OlJQs0FOWCKY=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "851ae4c128905a62834d53ce7704ebc1ba481bea",
+        "rev": "a8b4bb4cbb744baaabc3e69099f352f99164e2c1",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -82,7 +82,7 @@
                  #
                  # NOTE: We currently need to set the Rust version unnecessarily high
                  # in order to work around https://github.com/matrix-org/synapse/issues/15939
-                  (rust-bin.stable."1.70.0".default.override {
+                  (rust-bin.stable."1.71.1".default.override {
                    # Additionally install the "rust-src" extension to allow diving into the
                    # Rust source code in an IDE (rust-analyzer will also make use of it).
                    extensions = [ "rust-src" ];
@ -90,6 +90,11 @@
                  # The rust-analyzer language server implementation.
                  rust-analyzer
                  # GCC includes a linker; needed for building `ruff`
                  gcc
                  # Needed for building `ruff`
                  gnumake
                  # Native dependencies for running Synapse.
                  icu
                  libffi
@ -236,6 +241,19 @@
                  URI
                  YAMLLibYAML
                ]}";
                # Clear the LD_LIBRARY_PATH environment variable on shell init.
                #
                # By default, devenv will set LD_LIBRARY_PATH to point to .devenv/profile/lib. This causes
                # issues when we include `gcc` as a dependency to build C libraries, as the version of glibc
                # that the development environment's cc compiler uses may differ from that of the system.
                #
                # When LD_LIBRARY_PATH is set, system tools will attempt to use the development environment's
                # libraries. Which, when built against a different glibc version lead, to "version 'GLIBC_X.YY'
                # not found" errors.
                enterShell = ''
                  unset LD_LIBRARY_PATH
                '';
              }
            ];
          };
--- a/mypy.ini
+++ b/mypy.ini
@ -23,7 +23,6 @@ warn_unused_ignores = True
 # warn_return_any = True
 # no_implicit_reexport = True
 strict_equality = True
 strict_concatenate = True
 # Run mypy type checking with the minimum supported Python version to catch new usage
 # that isn't backwards-compatible (types, overloads, etc).
--- a/poetry.lock
+++ b/poetry.lock
@ -148,33 +148,33 @@ lxml = ["lxml"]
 [[package]]
 name = "black"
-version = "23.7.0"
+version = "23.9.1"
 description = "The uncompromising code formatter."
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "black-23.7.0-cp310-cp310-macosx_10_16_arm64.whl", hash = "sha256:5c4bc552ab52f6c1c506ccae05681fab58c3f72d59ae6e6639e8885e94fe2587"},
+    {file = "black-23.9.1-cp310-cp310-macosx_10_16_arm64.whl", hash = "sha256:d6bc09188020c9ac2555a498949401ab35bb6bf76d4e0f8ee251694664df6301"},
-    {file = "black-23.7.0-cp310-cp310-macosx_10_16_universal2.whl", hash = "sha256:552513d5cd5694590d7ef6f46e1767a4df9af168d449ff767b13b084c020e63f"},
+    {file = "black-23.9.1-cp310-cp310-macosx_10_16_universal2.whl", hash = "sha256:13ef033794029b85dfea8032c9d3b92b42b526f1ff4bf13b2182ce4e917f5100"},
-    {file = "black-23.7.0-cp310-cp310-macosx_10_16_x86_64.whl", hash = "sha256:86cee259349b4448adb4ef9b204bb4467aae74a386bce85d56ba4f5dc0da27be"},
+    {file = "black-23.9.1-cp310-cp310-macosx_10_16_x86_64.whl", hash = "sha256:75a2dc41b183d4872d3a500d2b9c9016e67ed95738a3624f4751a0cb4818fe71"},
-    {file = "black-23.7.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:501387a9edcb75d7ae8a4412bb8749900386eaef258f1aefab18adddea1936bc"},
+    {file = "black-23.9.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:13a2e4a93bb8ca74a749b6974925c27219bb3df4d42fc45e948a5d9feb5122b7"},
-    {file = "black-23.7.0-cp310-cp310-win_amd64.whl", hash = "sha256:fb074d8b213749fa1d077d630db0d5f8cc3b2ae63587ad4116e8a436e9bbe995"},
+    {file = "black-23.9.1-cp310-cp310-win_amd64.whl", hash = "sha256:adc3e4442eef57f99b5590b245a328aad19c99552e0bdc7f0b04db6656debd80"},
-    {file = "black-23.7.0-cp311-cp311-macosx_10_16_arm64.whl", hash = "sha256:b5b0ee6d96b345a8b420100b7d71ebfdd19fab5e8301aff48ec270042cd40ac2"},
+    {file = "black-23.9.1-cp311-cp311-macosx_10_16_arm64.whl", hash = "sha256:8431445bf62d2a914b541da7ab3e2b4f3bc052d2ccbf157ebad18ea126efb91f"},
-    {file = "black-23.7.0-cp311-cp311-macosx_10_16_universal2.whl", hash = "sha256:893695a76b140881531062d48476ebe4a48f5d1e9388177e175d76234ca247cd"},
+    {file = "black-23.9.1-cp311-cp311-macosx_10_16_universal2.whl", hash = "sha256:8fc1ddcf83f996247505db6b715294eba56ea9372e107fd54963c7553f2b6dfe"},
-    {file = "black-23.7.0-cp311-cp311-macosx_10_16_x86_64.whl", hash = "sha256:c333286dc3ddca6fdff74670b911cccedacb4ef0a60b34e491b8a67c833b343a"},
+    {file = "black-23.9.1-cp311-cp311-macosx_10_16_x86_64.whl", hash = "sha256:7d30ec46de88091e4316b17ae58bbbfc12b2de05e069030f6b747dfc649ad186"},
-    {file = "black-23.7.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:831d8f54c3a8c8cf55f64d0422ee875eecac26f5f649fb6c1df65316b67c8926"},
+    {file = "black-23.9.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:031e8c69f3d3b09e1aa471a926a1eeb0b9071f80b17689a655f7885ac9325a6f"},
-    {file = "black-23.7.0-cp311-cp311-win_amd64.whl", hash = "sha256:7f3bf2dec7d541b4619b8ce526bda74a6b0bffc480a163fed32eb8b3c9aed8ad"},
+    {file = "black-23.9.1-cp311-cp311-win_amd64.whl", hash = "sha256:538efb451cd50f43aba394e9ec7ad55a37598faae3348d723b59ea8e91616300"},
-    {file = "black-23.7.0-cp38-cp38-macosx_10_16_arm64.whl", hash = "sha256:f9062af71c59c004cd519e2fb8f5d25d39e46d3af011b41ab43b9c74e27e236f"},
+    {file = "black-23.9.1-cp38-cp38-macosx_10_16_arm64.whl", hash = "sha256:638619a559280de0c2aa4d76f504891c9860bb8fa214267358f0a20f27c12948"},
-    {file = "black-23.7.0-cp38-cp38-macosx_10_16_universal2.whl", hash = "sha256:01ede61aac8c154b55f35301fac3e730baf0c9cf8120f65a9cd61a81cfb4a0c3"},
+    {file = "black-23.9.1-cp38-cp38-macosx_10_16_universal2.whl", hash = "sha256:a732b82747235e0542c03bf352c126052c0fbc458d8a239a94701175b17d4855"},
-    {file = "black-23.7.0-cp38-cp38-macosx_10_16_x86_64.whl", hash = "sha256:327a8c2550ddc573b51e2c352adb88143464bb9d92c10416feb86b0f5aee5ff6"},
+    {file = "black-23.9.1-cp38-cp38-macosx_10_16_x86_64.whl", hash = "sha256:cf3a4d00e4cdb6734b64bf23cd4341421e8953615cba6b3670453737a72ec204"},
-    {file = "black-23.7.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6d1c6022b86f83b632d06f2b02774134def5d4d4f1dac8bef16d90cda18ba28a"},
+    {file = "black-23.9.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cf99f3de8b3273a8317681d8194ea222f10e0133a24a7548c73ce44ea1679377"},
-    {file = "black-23.7.0-cp38-cp38-win_amd64.whl", hash = "sha256:27eb7a0c71604d5de083757fbdb245b1a4fae60e9596514c6ec497eb63f95320"},
+    {file = "black-23.9.1-cp38-cp38-win_amd64.whl", hash = "sha256:14f04c990259576acd093871e7e9b14918eb28f1866f91968ff5524293f9c573"},
-    {file = "black-23.7.0-cp39-cp39-macosx_10_16_arm64.whl", hash = "sha256:8417dbd2f57b5701492cd46edcecc4f9208dc75529bcf76c514864e48da867d9"},
+    {file = "black-23.9.1-cp39-cp39-macosx_10_16_arm64.whl", hash = "sha256:c619f063c2d68f19b2d7270f4cf3192cb81c9ec5bc5ba02df91471d0b88c4c5c"},
-    {file = "black-23.7.0-cp39-cp39-macosx_10_16_universal2.whl", hash = "sha256:47e56d83aad53ca140da0af87678fb38e44fd6bc0af71eebab2d1f59b1acf1d3"},
+    {file = "black-23.9.1-cp39-cp39-macosx_10_16_universal2.whl", hash = "sha256:6a3b50e4b93f43b34a9d3ef00d9b6728b4a722c997c99ab09102fd5efdb88325"},
-    {file = "black-23.7.0-cp39-cp39-macosx_10_16_x86_64.whl", hash = "sha256:25cc308838fe71f7065df53aedd20327969d05671bac95b38fdf37ebe70ac087"},
+    {file = "black-23.9.1-cp39-cp39-macosx_10_16_x86_64.whl", hash = "sha256:c46767e8df1b7beefb0899c4a95fb43058fa8500b6db144f4ff3ca38eb2f6393"},
-    {file = "black-23.7.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:642496b675095d423f9b8448243336f8ec71c9d4d57ec17bf795b67f08132a91"},
+    {file = "black-23.9.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:50254ebfa56aa46a9fdd5d651f9637485068a1adf42270148cd101cdf56e0ad9"},
-    {file = "black-23.7.0-cp39-cp39-win_amd64.whl", hash = "sha256:ad0014efc7acf0bd745792bd0d8857413652979200ab924fbf239062adc12491"},
+    {file = "black-23.9.1-cp39-cp39-win_amd64.whl", hash = "sha256:403397c033adbc45c2bd41747da1f7fc7eaa44efbee256b53842470d4ac5a70f"},
-    {file = "black-23.7.0-py3-none-any.whl", hash = "sha256:9fd59d418c60c0348505f2ddf9609c1e1de8e7493eab96198fc89d9f865e7a96"},
+    {file = "black-23.9.1-py3-none-any.whl", hash = "sha256:6ccd59584cc834b6d127628713e4b6b968e5f79572da66284532525a042549f9"},
-    {file = "black-23.7.0.tar.gz", hash = "sha256:022a582720b0d9480ed82576c920a8c1dde97cc38ff11d8d8859b3bd6ca9eedb"},
+    {file = "black-23.9.1.tar.gz", hash = "sha256:24b6b3ff5c6d9ea08a8888f6977eae858e1f340d7260cf56d70a49823236b62d"},
 ]
 [package.dependencies]
@ -184,7 +184,7 @@ packaging = ">=22.0"
 pathspec = ">=0.9.0"
 platformdirs = ">=2"
 tomli = {version = ">=1.1.0", markers = "python_version < \"3.11\""}
-typing-extensions = {version = ">=3.10.0.0", markers = "python_version < \"3.10\""}
+typing-extensions = {version = ">=4.0.1", markers = "python_version < \"3.11\""}
 [package.extras]
 colorama = ["colorama (>=0.4.3)"]
@ -586,13 +586,13 @@ smmap = ">=3.0.1,<6"
 [[package]]
 name = "gitpython"
-version = "3.1.32"
+version = "3.1.35"
 description = "GitPython is a Python library used to interact with Git repositories"
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "GitPython-3.1.32-py3-none-any.whl", hash = "sha256:e3d59b1c2c6ebb9dfa7a184daf3b6dd4914237e7488a1730a6d8f6f5d0b4187f"},
+    {file = "GitPython-3.1.35-py3-none-any.whl", hash = "sha256:c19b4292d7a1d3c0f653858db273ff8a6614100d1eb1528b014ec97286193c09"},
-    {file = "GitPython-3.1.32.tar.gz", hash = "sha256:8d9b8cb1e80b9735e8717c9362079d3ce4c6e5ddeebedd0361b228c3a67a62f6"},
+    {file = "GitPython-3.1.35.tar.gz", hash = "sha256:9cbefbd1789a5fe9bcf621bb34d3f441f3a90c8461d377f84eda73e721d9b06b"},
 ]
 [package.dependencies]
@ -1445,37 +1445,38 @@ files = [
 [[package]]
 name = "mypy"
-version = "1.4.1"
+version = "1.5.1"
 description = "Optional static typing for Python"
 optional = false
-python-versions = ">=3.7"
+python-versions = ">=3.8"
 files = [
-    {file = "mypy-1.4.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:566e72b0cd6598503e48ea610e0052d1b8168e60a46e0bfd34b3acf2d57f96a8"},
+    {file = "mypy-1.5.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:f33592ddf9655a4894aef22d134de7393e95fcbdc2d15c1ab65828eee5c66c70"},
-    {file = "mypy-1.4.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:ca637024ca67ab24a7fd6f65d280572c3794665eaf5edcc7e90a866544076878"},
+    {file = "mypy-1.5.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:258b22210a4a258ccd077426c7a181d789d1121aca6db73a83f79372f5569ae0"},
-    {file = "mypy-1.4.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0dde1d180cd84f0624c5dcaaa89c89775550a675aff96b5848de78fb11adabcd"},
+    {file = "mypy-1.5.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a9ec1f695f0c25986e6f7f8778e5ce61659063268836a38c951200c57479cc12"},
-    {file = "mypy-1.4.1-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:8c4d8e89aa7de683e2056a581ce63c46a0c41e31bd2b6d34144e2c80f5ea53dc"},
+    {file = "mypy-1.5.1-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:abed92d9c8f08643c7d831300b739562b0a6c9fcb028d211134fc9ab20ccad5d"},
-    {file = "mypy-1.4.1-cp310-cp310-win_amd64.whl", hash = "sha256:bfdca17c36ae01a21274a3c387a63aa1aafe72bff976522886869ef131b937f1"},
+    {file = "mypy-1.5.1-cp310-cp310-win_amd64.whl", hash = "sha256:a156e6390944c265eb56afa67c74c0636f10283429171018446b732f1a05af25"},
-    {file = "mypy-1.4.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:7549fbf655e5825d787bbc9ecf6028731973f78088fbca3a1f4145c39ef09462"},
+    {file = "mypy-1.5.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:6ac9c21bfe7bc9f7f1b6fae441746e6a106e48fc9de530dea29e8cd37a2c0cc4"},
-    {file = "mypy-1.4.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:98324ec3ecf12296e6422939e54763faedbfcc502ea4a4c38502082711867258"},
+    {file = "mypy-1.5.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:51cb1323064b1099e177098cb939eab2da42fea5d818d40113957ec954fc85f4"},
-    {file = "mypy-1.4.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:141dedfdbfe8a04142881ff30ce6e6653c9685b354876b12e4fe6c78598b45e2"},
+    {file = "mypy-1.5.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:596fae69f2bfcb7305808c75c00f81fe2829b6236eadda536f00610ac5ec2243"},
-    {file = "mypy-1.4.1-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:8207b7105829eca6f3d774f64a904190bb2231de91b8b186d21ffd98005f14a7"},
+    {file = "mypy-1.5.1-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:32cb59609b0534f0bd67faebb6e022fe534bdb0e2ecab4290d683d248be1b275"},
-    {file = "mypy-1.4.1-cp311-cp311-win_amd64.whl", hash = "sha256:16f0db5b641ba159eff72cff08edc3875f2b62b2fa2bc24f68c1e7a4e8232d01"},
+    {file = "mypy-1.5.1-cp311-cp311-win_amd64.whl", hash = "sha256:159aa9acb16086b79bbb0016145034a1a05360626046a929f84579ce1666b315"},
-    {file = "mypy-1.4.1-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:470c969bb3f9a9efcedbadcd19a74ffb34a25f8e6b0e02dae7c0e71f8372f97b"},
+    {file = "mypy-1.5.1-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:f6b0e77db9ff4fda74de7df13f30016a0a663928d669c9f2c057048ba44f09bb"},
-    {file = "mypy-1.4.1-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e5952d2d18b79f7dc25e62e014fe5a23eb1a3d2bc66318df8988a01b1a037c5b"},
+    {file = "mypy-1.5.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:26f71b535dfc158a71264e6dc805a9f8d2e60b67215ca0bfa26e2e1aa4d4d373"},
-    {file = "mypy-1.4.1-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:190b6bab0302cec4e9e6767d3eb66085aef2a1cc98fe04936d8a42ed2ba77bb7"},
+    {file = "mypy-1.5.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2fc3a600f749b1008cc75e02b6fb3d4db8dbcca2d733030fe7a3b3502902f161"},
-    {file = "mypy-1.4.1-cp37-cp37m-win_amd64.whl", hash = "sha256:9d40652cc4fe33871ad3338581dca3297ff5f2213d0df345bcfbde5162abf0c9"},
+    {file = "mypy-1.5.1-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:26fb32e4d4afa205b24bf645eddfbb36a1e17e995c5c99d6d00edb24b693406a"},
-    {file = "mypy-1.4.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:01fd2e9f85622d981fd9063bfaef1aed6e336eaacca00892cd2d82801ab7c042"},
+    {file = "mypy-1.5.1-cp312-cp312-win_amd64.whl", hash = "sha256:82cb6193de9bbb3844bab4c7cf80e6227d5225cc7625b068a06d005d861ad5f1"},
-    {file = "mypy-1.4.1-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:2460a58faeea905aeb1b9b36f5065f2dc9a9c6e4c992a6499a2360c6c74ceca3"},
+    {file = "mypy-1.5.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:4a465ea2ca12804d5b34bb056be3a29dc47aea5973b892d0417c6a10a40b2d65"},
-    {file = "mypy-1.4.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a2746d69a8196698146a3dbe29104f9eb6a2a4d8a27878d92169a6c0b74435b6"},
+    {file = "mypy-1.5.1-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:9fece120dbb041771a63eb95e4896791386fe287fefb2837258925b8326d6160"},
-    {file = "mypy-1.4.1-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:ae704dcfaa180ff7c4cfbad23e74321a2b774f92ca77fd94ce1049175a21c97f"},
+    {file = "mypy-1.5.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d28ddc3e3dfeab553e743e532fb95b4e6afad51d4706dd22f28e1e5e664828d2"},
-    {file = "mypy-1.4.1-cp38-cp38-win_amd64.whl", hash = "sha256:43d24f6437925ce50139a310a64b2ab048cb2d3694c84c71c3f2a1626d8101dc"},
+    {file = "mypy-1.5.1-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:57b10c56016adce71fba6bc6e9fd45d8083f74361f629390c556738565af8eeb"},
-    {file = "mypy-1.4.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:c482e1246726616088532b5e964e39765b6d1520791348e6c9dc3af25b233828"},
+    {file = "mypy-1.5.1-cp38-cp38-win_amd64.whl", hash = "sha256:ff0cedc84184115202475bbb46dd99f8dcb87fe24d5d0ddfc0fe6b8575c88d2f"},
-    {file = "mypy-1.4.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:43b592511672017f5b1a483527fd2684347fdffc041c9ef53428c8dc530f79a3"},
+    {file = "mypy-1.5.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:8f772942d372c8cbac575be99f9cc9d9fb3bd95c8bc2de6c01411e2c84ebca8a"},
-    {file = "mypy-1.4.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:34a9239d5b3502c17f07fd7c0b2ae6b7dd7d7f6af35fbb5072c6208e76295816"},
+    {file = "mypy-1.5.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:5d627124700b92b6bbaa99f27cbe615c8ea7b3402960f6372ea7d65faf376c14"},
-    {file = "mypy-1.4.1-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:5703097c4936bbb9e9bce41478c8d08edd2865e177dc4c52be759f81ee4dd26c"},
+    {file = "mypy-1.5.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:361da43c4f5a96173220eb53340ace68cda81845cd88218f8862dfb0adc8cddb"},
-    {file = "mypy-1.4.1-cp39-cp39-win_amd64.whl", hash = "sha256:e02d700ec8d9b1859790c0475df4e4092c7bf3272a4fd2c9f33d87fac4427b8f"},
+    {file = "mypy-1.5.1-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:330857f9507c24de5c5724235e66858f8364a0693894342485e543f5b07c8693"},
-    {file = "mypy-1.4.1-py3-none-any.whl", hash = "sha256:45d32cec14e7b97af848bddd97d85ea4f0db4d5a149ed9676caa4eb2f7402bb4"},
+    {file = "mypy-1.5.1-cp39-cp39-win_amd64.whl", hash = "sha256:c543214ffdd422623e9fedd0869166c2f16affe4ba37463975043ef7d2ea8770"},
-    {file = "mypy-1.4.1.tar.gz", hash = "sha256:9bbcd9ab8ea1f2e1c8031c21445b511442cc45c89951e49bbf852cbb70755b1b"},
+    {file = "mypy-1.5.1-py3-none-any.whl", hash = "sha256:f757063a83970d67c444f6e01d9550a7402322af3557ce7630d3c957386fa8f5"},
    {file = "mypy-1.5.1.tar.gz", hash = "sha256:b031b9601f1060bf1281feab89697324726ba0c0bae9d7cd7ab4b690940f0b92"},
 ]
 [package.dependencies]
@ -1486,7 +1487,6 @@ typing-extensions = ">=4.1.0"
 [package.extras]
 dmypy = ["psutil (>=4.0)"]
 install-types = ["pip"]
 python2 = ["typed-ast (>=1.4.0,<2)"]
 reports = ["lxml"]
 [[package]]
@ -1502,17 +1502,17 @@ files = [
 [[package]]
 name = "mypy-zope"
-version = "1.0.0"
+version = "1.0.1"
 description = "Plugin for mypy to support zope interfaces"
 optional = false
 python-versions = "*"
 files = [
-    {file = "mypy-zope-1.0.0.tar.gz", hash = "sha256:be815c2fcb5333aa87e8ec682029ad3214142fe2a05ea383f9ff2d77c98008b7"},
+    {file = "mypy-zope-1.0.1.tar.gz", hash = "sha256:003953896629d762d7f497135171ad549df42a8ac63c1521a230832dd6f7fc25"},
-    {file = "mypy_zope-1.0.0-py3-none-any.whl", hash = "sha256:9732e9b2198f2aec3343b38a51905ff49d44dc9e39e8e8bc6fc490b232388209"},
+    {file = "mypy_zope-1.0.1-py3-none-any.whl", hash = "sha256:ffa291a7af9f5904ce9f0e56de44323a4476e28aaf0d68361b62b1b0e997d0b8"},
 ]
 [package.dependencies]
-mypy = ">=1.0.0,<1.5.0"
+mypy = ">=1.0.0,<1.6.0"
 "zope.interface" = "*"
 "zope.schema" = "*"
@ -2077,7 +2077,6 @@ files = [
    {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938"},
    {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d"},
    {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515"},
    {file = "PyYAML-6.0.1-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290"},
    {file = "PyYAML-6.0.1-cp310-cp310-win32.whl", hash = "sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924"},
    {file = "PyYAML-6.0.1-cp310-cp310-win_amd64.whl", hash = "sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d"},
    {file = "PyYAML-6.0.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007"},
@ -2085,15 +2084,8 @@ files = [
    {file = "PyYAML-6.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d"},
    {file = "PyYAML-6.0.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc"},
    {file = "PyYAML-6.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673"},
    {file = "PyYAML-6.0.1-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b"},
    {file = "PyYAML-6.0.1-cp311-cp311-win32.whl", hash = "sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741"},
    {file = "PyYAML-6.0.1-cp311-cp311-win_amd64.whl", hash = "sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34"},
    {file = "PyYAML-6.0.1-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28"},
    {file = "PyYAML-6.0.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9"},
    {file = "PyYAML-6.0.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0"},
    {file = "PyYAML-6.0.1-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4"},
    {file = "PyYAML-6.0.1-cp312-cp312-win32.whl", hash = "sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54"},
    {file = "PyYAML-6.0.1-cp312-cp312-win_amd64.whl", hash = "sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df"},
    {file = "PyYAML-6.0.1-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47"},
    {file = "PyYAML-6.0.1-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98"},
    {file = "PyYAML-6.0.1-cp36-cp36m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c"},
@ -2110,7 +2102,6 @@ files = [
    {file = "PyYAML-6.0.1-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5"},
    {file = "PyYAML-6.0.1-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696"},
    {file = "PyYAML-6.0.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735"},
    {file = "PyYAML-6.0.1-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6"},
    {file = "PyYAML-6.0.1-cp38-cp38-win32.whl", hash = "sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206"},
    {file = "PyYAML-6.0.1-cp38-cp38-win_amd64.whl", hash = "sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62"},
    {file = "PyYAML-6.0.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8"},
@ -2118,7 +2109,6 @@ files = [
    {file = "PyYAML-6.0.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6"},
    {file = "PyYAML-6.0.1-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0"},
    {file = "PyYAML-6.0.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c"},
    {file = "PyYAML-6.0.1-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5"},
    {file = "PyYAML-6.0.1-cp39-cp39-win32.whl", hash = "sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c"},
    {file = "PyYAML-6.0.1-cp39-cp39-win_amd64.whl", hash = "sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486"},
    {file = "PyYAML-6.0.1.tar.gz", hash = "sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43"},
@ -2866,44 +2856,43 @@ urllib3 = ">=1.26.0"
 [[package]]
 name = "twisted"
-version = "22.10.0"
+version = "23.8.0"
 description = "An asynchronous networking framework written in Python"
 optional = false
 python-versions = ">=3.7.1"
 files = [
-    {file = "Twisted-22.10.0-py3-none-any.whl", hash = "sha256:86c55f712cc5ab6f6d64e02503352464f0400f66d4f079096d744080afcccbd0"},
+    {file = "twisted-23.8.0-py3-none-any.whl", hash = "sha256:b8bdba145de120ffb36c20e6e071cce984e89fba798611ed0704216fb7f884cd"},
-    {file = "Twisted-22.10.0.tar.gz", hash = "sha256:32acbd40a94f5f46e7b42c109bfae2b302250945561783a8b7a059048f2d4d31"},
+    {file = "twisted-23.8.0.tar.gz", hash = "sha256:3c73360add17336a622c0d811c2a2ce29866b6e59b1125fd6509b17252098a24"},
 ]
 [package.dependencies]
-attrs = ">=19.2.0"
+attrs = ">=21.3.0"
-Automat = ">=0.8.0"
+automat = ">=0.8.0"
 constantly = ">=15.1"
 hyperlink = ">=17.1.1"
 idna = {version = ">=2.4", optional = true, markers = "extra == \"tls\""}
-incremental = ">=21.3.0"
+incremental = ">=22.10.0"
 pyopenssl = {version = ">=21.0.0", optional = true, markers = "extra == \"tls\""}
 service-identity = {version = ">=18.1.0", optional = true, markers = "extra == \"tls\""}
 twisted-iocpsupport = {version = ">=1.0.2,<2", markers = "platform_system == \"Windows\""}
-typing-extensions = ">=3.6.5"
+typing-extensions = ">=3.10.0"
-"zope.interface" = ">=4.4.2"
+zope-interface = ">=5"
 [package.extras]
-all-non-platform = ["PyHamcrest (>=1.9.0)", "appdirs (>=1.4.0)", "bcrypt (>=3.0.0)", "contextvars (>=2.4,<3)", "cryptography (>=2.6)", "cython-test-exception-raiser (>=1.0.2,<2)", "h2 (>=3.0,<5.0)", "hypothesis (>=6.0,<7.0)", "idna (>=2.4)", "priority (>=1.1.0,<2.0)", "pyasn1", "pyopenssl (>=21.0.0)", "pyserial (>=3.0)", "pywin32 (!=226)", "service-identity (>=18.1.0)"]
+all-non-platform = ["twisted[conch,contextvars,http2,serial,test,tls]", "twisted[conch,contextvars,http2,serial,test,tls]"]
-conch = ["appdirs (>=1.4.0)", "bcrypt (>=3.0.0)", "cryptography (>=2.6)", "pyasn1"]
+conch = ["appdirs (>=1.4.0)", "bcrypt (>=3.1.3)", "cryptography (>=3.3)"]
 conch-nacl = ["PyNaCl", "appdirs (>=1.4.0)", "bcrypt (>=3.0.0)", "cryptography (>=2.6)", "pyasn1"]
 contextvars = ["contextvars (>=2.4,<3)"]
-dev = ["coverage (>=6b1,<7)", "pydoctor (>=22.9.0,<22.10.0)", "pyflakes (>=2.2,<3.0)", "python-subunit (>=1.4,<2.0)", "readthedocs-sphinx-ext (>=2.1,<3.0)", "sphinx (>=5.0,<6)", "sphinx-rtd-theme (>=1.0,<2.0)", "towncrier (>=22.8,<23.0)", "twistedchecker (>=0.7,<1.0)"]
+dev = ["coverage (>=6b1,<7)", "pyflakes (>=2.2,<3.0)", "python-subunit (>=1.4,<2.0)", "twisted[dev-release]", "twistedchecker (>=0.7,<1.0)"]
-dev-release = ["pydoctor (>=22.9.0,<22.10.0)", "readthedocs-sphinx-ext (>=2.1,<3.0)", "sphinx (>=5.0,<6)", "sphinx-rtd-theme (>=1.0,<2.0)", "towncrier (>=22.8,<23.0)"]
+dev-release = ["pydoctor (>=23.4.0,<23.5.0)", "pydoctor (>=23.4.0,<23.5.0)", "readthedocs-sphinx-ext (>=2.2,<3.0)", "readthedocs-sphinx-ext (>=2.2,<3.0)", "sphinx (>=5,<7)", "sphinx (>=5,<7)", "sphinx-rtd-theme (>=1.2,<2.0)", "sphinx-rtd-theme (>=1.2,<2.0)", "towncrier (>=22.12,<23.0)", "towncrier (>=22.12,<23.0)", "urllib3 (<2)", "urllib3 (<2)"]
-gtk-platform = ["PyHamcrest (>=1.9.0)", "appdirs (>=1.4.0)", "bcrypt (>=3.0.0)", "contextvars (>=2.4,<3)", "cryptography (>=2.6)", "cython-test-exception-raiser (>=1.0.2,<2)", "h2 (>=3.0,<5.0)", "hypothesis (>=6.0,<7.0)", "idna (>=2.4)", "priority (>=1.1.0,<2.0)", "pyasn1", "pygobject", "pyopenssl (>=21.0.0)", "pyserial (>=3.0)", "pywin32 (!=226)", "service-identity (>=18.1.0)"]
+gtk-platform = ["pygobject", "pygobject", "twisted[all-non-platform]", "twisted[all-non-platform]"]
 http2 = ["h2 (>=3.0,<5.0)", "priority (>=1.1.0,<2.0)"]
-macos-platform = ["PyHamcrest (>=1.9.0)", "appdirs (>=1.4.0)", "bcrypt (>=3.0.0)", "contextvars (>=2.4,<3)", "cryptography (>=2.6)", "cython-test-exception-raiser (>=1.0.2,<2)", "h2 (>=3.0,<5.0)", "hypothesis (>=6.0,<7.0)", "idna (>=2.4)", "priority (>=1.1.0,<2.0)", "pyasn1", "pyobjc-core", "pyobjc-framework-CFNetwork", "pyobjc-framework-Cocoa", "pyopenssl (>=21.0.0)", "pyserial (>=3.0)", "pywin32 (!=226)", "service-identity (>=18.1.0)"]
+macos-platform = ["pyobjc-core", "pyobjc-core", "pyobjc-framework-cfnetwork", "pyobjc-framework-cfnetwork", "pyobjc-framework-cocoa", "pyobjc-framework-cocoa", "twisted[all-non-platform]", "twisted[all-non-platform]"]
-mypy = ["PyHamcrest (>=1.9.0)", "PyNaCl", "appdirs (>=1.4.0)", "bcrypt (>=3.0.0)", "contextvars (>=2.4,<3)", "coverage (>=6b1,<7)", "cryptography (>=2.6)", "cython-test-exception-raiser (>=1.0.2,<2)", "h2 (>=3.0,<5.0)", "hypothesis (>=6.0,<7.0)", "idna (>=2.4)", "mypy (==0.930)", "mypy-zope (==0.3.4)", "priority (>=1.1.0,<2.0)", "pyasn1", "pydoctor (>=22.9.0,<22.10.0)", "pyflakes (>=2.2,<3.0)", "pyopenssl (>=21.0.0)", "pyserial (>=3.0)", "python-subunit (>=1.4,<2.0)", "pywin32 (!=226)", "readthedocs-sphinx-ext (>=2.1,<3.0)", "service-identity (>=18.1.0)", "sphinx (>=5.0,<6)", "sphinx-rtd-theme (>=1.0,<2.0)", "towncrier (>=22.8,<23.0)", "twistedchecker (>=0.7,<1.0)", "types-pyOpenSSL", "types-setuptools"]
+mypy = ["mypy (==0.981)", "mypy-extensions (==0.4.3)", "mypy-zope (==0.3.11)", "twisted[all-non-platform,dev]", "types-pyopenssl", "types-setuptools"]
-osx-platform = ["PyHamcrest (>=1.9.0)", "appdirs (>=1.4.0)", "bcrypt (>=3.0.0)", "contextvars (>=2.4,<3)", "cryptography (>=2.6)", "cython-test-exception-raiser (>=1.0.2,<2)", "h2 (>=3.0,<5.0)", "hypothesis (>=6.0,<7.0)", "idna (>=2.4)", "priority (>=1.1.0,<2.0)", "pyasn1", "pyobjc-core", "pyobjc-framework-CFNetwork", "pyobjc-framework-Cocoa", "pyopenssl (>=21.0.0)", "pyserial (>=3.0)", "pywin32 (!=226)", "service-identity (>=18.1.0)"]
+osx-platform = ["twisted[macos-platform]", "twisted[macos-platform]"]
 serial = ["pyserial (>=3.0)", "pywin32 (!=226)"]
-test = ["PyHamcrest (>=1.9.0)", "cython-test-exception-raiser (>=1.0.2,<2)", "hypothesis (>=6.0,<7.0)"]
+test = ["cython-test-exception-raiser (>=1.0.2,<2)", "hypothesis (>=6.56)", "pyhamcrest (>=2)"]
 tls = ["idna (>=2.4)", "pyopenssl (>=21.0.0)", "service-identity (>=18.1.0)"]
-windows-platform = ["PyHamcrest (>=1.9.0)", "appdirs (>=1.4.0)", "bcrypt (>=3.0.0)", "contextvars (>=2.4,<3)", "cryptography (>=2.6)", "cython-test-exception-raiser (>=1.0.2,<2)", "h2 (>=3.0,<5.0)", "hypothesis (>=6.0,<7.0)", "idna (>=2.4)", "priority (>=1.1.0,<2.0)", "pyasn1", "pyopenssl (>=21.0.0)", "pyserial (>=3.0)", "pywin32 (!=226)", "pywin32 (!=226)", "service-identity (>=18.1.0)"]
+windows-platform = ["pywin32 (!=226)", "pywin32 (!=226)", "twisted[all-non-platform]", "twisted[all-non-platform]"]
 [[package]]
 name = "twisted-iocpsupport"
@ -2998,13 +2987,13 @@ files = [
 [[package]]
 name = "types-pillow"
-version = "10.0.0.2"
+version = "10.0.0.3"
 description = "Typing stubs for Pillow"
 optional = false
 python-versions = "*"
 files = [
-    {file = "types-Pillow-10.0.0.2.tar.gz", hash = "sha256:fe09380ab22d412ced989a067e9ee4af719fa3a47ba1b53b232b46514a871042"},
+    {file = "types-Pillow-10.0.0.3.tar.gz", hash = "sha256:ae0c877d363da349bbb82c5463c9e78037290cc07d3714cb0ceaf5d2f7f5c825"},
-    {file = "types_Pillow-10.0.0.2-py3-none-any.whl", hash = "sha256:29d51a3ce6ef51fabf728a504d33b4836187ff14256b2e86996d55c91ab214b1"},
+    {file = "types_Pillow-10.0.0.3-py3-none-any.whl", hash = "sha256:54a49f3c6a3f5e95ebeee396d7773dde22ce2515d594f9c0596c0a983558f0d4"},
 ]
 [[package]]
@ -3059,13 +3048,13 @@ types-urllib3 = "*"
 [[package]]
 name = "types-setuptools"
-version = "68.0.0.3"
+version = "68.2.0.0"
 description = "Typing stubs for setuptools"
 optional = false
 python-versions = "*"
 files = [
-    {file = "types-setuptools-68.0.0.3.tar.gz", hash = "sha256:d57ae6076100b5704b3cc869fdefc671e1baf4c2cd6643f84265dfc0b955bf05"},
+    {file = "types-setuptools-68.2.0.0.tar.gz", hash = "sha256:a4216f1e2ef29d089877b3af3ab2acf489eb869ccaf905125c69d2dc3932fd85"},
-    {file = "types_setuptools-68.0.0.3-py3-none-any.whl", hash = "sha256:fec09e5c18264c5c09351c00be01a34456fb7a88e457abe97401325f84ad9d36"},
+    {file = "types_setuptools-68.2.0.0-py3-none-any.whl", hash = "sha256:77edcc843e53f8fc83bb1a840684841f3dc804ec94562623bfa2ea70d5a2ba1b"},
 ]
 [[package]]
--- a/pyproject.toml
+++ b/pyproject.toml
@ -43,33 +43,39 @@ target-version = ['py38', 'py39', 'py310', 'py311']
 [tool.ruff]
 line-length = 88
-# See https://github.com/charliermarsh/ruff/#pycodestyle
+# See https://beta.ruff.rs/docs/rules/#error-e
 # for error codes. The ones we ignore are:
 #  E731: do not assign a lambda expression, use a def
 #  E501: Line too long (black enforces this for us)
 #  E731: do not assign a lambda expression, use a def
 #
 # flake8-bugbear compatible checks. Its error codes are described at
-# https://github.com/charliermarsh/ruff/#flake8-bugbear
+# https://beta.ruff.rs/docs/rules/#flake8-bugbear-b
 #  B019: Use of functools.lru_cache or functools.cache on methods can lead to memory leaks
 #  B023: Functions defined inside a loop must not use variables redefined in the loop
 #  B024: Abstract base class with no abstract method.
 ignore = [
    "B019",
    "B023",
    "B024",
    "E501",
    "E731",
 ]
 select = [
-    # pycodestyle checks.
+    # pycodestyle
    "E",
    "W",
-    # pyflakes checks.
+    # pyflakes
    "F",
-    # flake8-bugbear checks.
+    # flake8-bugbear
    "B0",
-    # flake8-comprehensions checks.
+    # flake8-comprehensions
    "C4",
    # flake8-2020
    "YTT",
    # flake8-slots
    "SLOT",
    # flake8-debugger
    "T10",
    # flake8-pie
    "PIE",
    # flake8-executable
    "EXE",
 ]
 [tool.isort]
@ -89,7 +95,7 @@ manifest-path = "rust/Cargo.toml"
 [tool.poetry]
 name = "matrix-synapse"
-version = "1.92.0rc1"
+version = "1.92.1"
 description = "Homeserver for the Matrix decentralised comms protocol"
 authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
 license = "Apache-2.0"
@ -370,7 +376,7 @@ furo = ">=2022.12.7,<2024.0.0"
 # system changes.
 # We are happy to raise these upper bounds upon request,
 # provided we check that it's safe to do so (i.e. that CI passes).
-requires = ["poetry-core>=1.1.0,<=1.7.0", "setuptools_rust>=1.3,<=1.6.0"]
+requires = ["poetry-core>=1.1.0,<=1.7.0", "setuptools_rust>=1.3,<=1.7.0"]
 build-backend = "poetry.core.masonry.api"
--- a/rust/Cargo.toml
+++ b/rust/Cargo.toml
@ -7,7 +7,7 @@ name = "synapse"
 version = "0.1.0"
 edition = "2021"
-rust-version = "1.60.0"
+rust-version = "1.61.0"
 [lib]
 name = "synapse"
@ -23,7 +23,12 @@ name = "synapse.synapse_rust"
 anyhow = "1.0.63"
 lazy_static = "1.4.0"
 log = "0.4.17"
-pyo3 = { version = "0.17.1", features = ["macros", "anyhow", "abi3", "abi3-py37"] }
+pyo3 = { version = "0.17.1", features = [
    "macros",
    "anyhow",
    "abi3",
    "abi3-py37",
 ] }
 pyo3-log = "0.8.1"
 pythonize = "0.17.0"
 regex = "1.6.0"
--- a/scripts-dev/build_debian_packages.py
+++ b/scripts-dev/build_debian_packages.py
@ -32,7 +32,6 @@ DISTS = (
    "debian:sid",  # (EOL not specified yet) (our EOL forced by Python 3.11 is 2027-10-24)
    "ubuntu:focal",  # 20.04 LTS (EOL 2025-04) (our EOL forced by Python 3.8 is 2024-10-14)
    "ubuntu:jammy",  # 22.04 LTS (EOL 2027-04) (our EOL forced by Python 3.10 is 2026-10-04)
    "ubuntu:kinetic",  # 22.10 (EOL 2023-07-20) (our EOL forced by Python 3.10 is 2026-10-04)
    "ubuntu:lunar",  # 23.04 (EOL 2024-01) (our EOL forced by Python 3.11 is 2027-10-24)
    "debian:trixie",  # (EOL not specified yet)
 )
--- a/scripts-dev/federation_client.py
+++ b/scripts-dev/federation_client.py
@ -329,6 +329,17 @@ class MatrixConnectionAdapter(HTTPAdapter):
                raise ValueError("Invalid host:port '%s'" % (server_name,))
            return out[0], port, out[0]
        # Look up SRV for Matrix 1.8 `matrix-fed` service first
        try:
            srv = srvlookup.lookup("matrix-fed", "tcp", server_name)[0]
            print(
                f"SRV lookup on _matrix-fed._tcp.{server_name} gave {srv}",
                file=sys.stderr,
            )
            return srv.host, srv.port, server_name
        except Exception:
            pass
        # Fall back to deprecated `matrix` service
        try:
            srv = srvlookup.lookup("matrix", "tcp", server_name)[0]
            print(
@ -337,6 +348,7 @@ class MatrixConnectionAdapter(HTTPAdapter):
            )
            return srv.host, srv.port, server_name
        except Exception:
            # Fall even further back to just port 8448
            return server_name, 8448, server_name
    @staticmethod
--- a/scripts-dev/mypy_synapse_plugin.py
+++ b/scripts-dev/mypy_synapse_plugin.py
@ -30,9 +30,10 @@ class SynapsePlugin(Plugin):
        self, fullname: str
    ) -> Optional[Callable[[MethodSigContext], CallableType]]:
        if fullname.startswith(
-            "synapse.util.caches.descriptors.CachedFunction.__call__"
+            (
-        ) or fullname.startswith(
+                "synapse.util.caches.descriptors.CachedFunction.__call__",
-            "synapse.util.caches.descriptors._LruCachedFunction.__call__"
+                "synapse.util.caches.descriptors._LruCachedFunction.__call__",
            )
        ):
            return cached_function_method_signature
        return None
--- a/scripts-dev/release.py
+++ b/scripts-dev/release.py
@ -244,11 +244,17 @@ def _prepare() -> None:
    else:
        debian_version = new_version
-    run_until_successful(
+    if sys.platform == "darwin":
-        f'dch -M -v {debian_version} "New Synapse release {new_version}."',
+        run_until_successful(
-        shell=True,
+            f"docker run --rm -v .:/synapse ubuntu:latest /synapse/scripts-dev/docker_update_debian_changelog.sh {new_version}",
-    )
+            shell=True,
-    run_until_successful('dch -M -r -D stable ""', shell=True)
+        )
    else:
        run_until_successful(
            f'dch -M -v {debian_version} "New Synapse release {new_version}."',
            shell=True,
        )
        run_until_successful('dch -M -r -D stable ""', shell=True)
    # Show the user the changes and ask if they want to edit the change log.
    synapse_repo.git.add("-u")
@ -566,19 +572,27 @@ def _notify(message: str) -> None:
    # for this.
    click.echo(f"\a{message}")
    app_name = "Synapse Release Script"
    # Try and run notify-send, but don't raise an Exception if this fails
    # (This is best-effort)
-    # TODO Support other platforms?
+    if sys.platform == "darwin":
-    subprocess.run(
+        # See https://developer.apple.com/library/archive/documentation/AppleScript/Conceptual/AppleScriptLangGuide/reference/ASLR_cmds.html#//apple_ref/doc/uid/TP40000983-CH216-SW224
-        [
+        subprocess.run(
-            "notify-send",
+            f"""osascript -e 'display notification "{message}" with title "{app_name}"'""",
-            "--app-name",
+            shell=True,
-            "Synapse Release Script",
+        )
-            "--expire-time",
+    else:
-            "3600000",
+        subprocess.run(
-            message,
+            [
-        ]
+                "notify-send",
-    )
+                "--app-name",
                app_name,
                "--expire-time",
                "3600000",
                message,
            ]
        )
@cli.command()
--- a/synapse/_scripts/update_synapse_database.py
+++ b/synapse/_scripts/update_synapse_database.py
@ -1,4 +1,3 @@
 #!/usr/bin/env python
 # Copyright 2019 The Matrix.org Foundation C.I.C.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
--- a/synapse/api/presence.py
+++ b/synapse/api/presence.py
@ -20,18 +20,53 @@ from synapse.api.constants import PresenceState
 from synapse.types import JsonDict
@attr.s(slots=True, auto_attribs=True)
 class UserDevicePresenceState:
    """
    Represents the current presence state of a user's device.
    user_id: The user ID.
    device_id: The user's device ID.
    state: The presence state, see PresenceState.
    last_active_ts: Time in msec that the device last interacted with server.
    last_sync_ts: Time in msec that the device last *completed* a sync
        (or event stream).
    """
    user_id: str
    device_id: Optional[str]
    state: str
    last_active_ts: int
    last_sync_ts: int
    @classmethod
    def default(
        cls, user_id: str, device_id: Optional[str]
    ) -> "UserDevicePresenceState":
        """Returns a default presence state."""
        return cls(
            user_id=user_id,
            device_id=device_id,
            state=PresenceState.OFFLINE,
            last_active_ts=0,
            last_sync_ts=0,
        )
@attr.s(slots=True, frozen=True, auto_attribs=True)
 class UserPresenceState:
    """Represents the current presence state of the user.
-    user_id
+    user_id: The user ID.
-    last_active: Time in msec that the user last interacted with server.
+    state: The presence state, see PresenceState.
-    last_federation_update: Time in msec since either a) we sent a presence
+    last_active_ts: Time in msec that the user last interacted with server.
    last_federation_update_ts: Time in msec since either a) we sent a presence
        update to other servers or b) we received a presence update, depending
        on if is a local user or not.
-    last_user_sync: Time in msec that the user last *completed* a sync
+    last_user_sync_ts: Time in msec that the user last *completed* a sync
        (or event stream).
    status_msg: User set status message.
    currently_active: True if the user is currently syncing.
    """
    user_id: str
--- a/synapse/appservice/api.py
+++ b/synapse/appservice/api.py
@ -40,6 +40,7 @@ from synapse.appservice import (
 from synapse.events import EventBase
 from synapse.events.utils import SerializeEventConfig, serialize_event
 from synapse.http.client import SimpleHttpClient, is_unknown_endpoint
 from synapse.logging import opentracing
 from synapse.types import DeviceListUpdates, JsonDict, ThirdPartyInstanceID
 from synapse.util.caches.response_cache import ResponseCache
@ -125,6 +126,17 @@ class ApplicationServiceApi(SimpleHttpClient):
            hs.get_clock(), "as_protocol_meta", timeout_ms=HOUR_IN_MS
        )
    def _get_headers(self, service: "ApplicationService") -> Dict[bytes, List[bytes]]:
        """This makes sure we have always the auth header and opentracing headers set."""
        # This is also ensured before in the functions. However this is needed to please
        # the typechecks.
        assert service.hs_token is not None
        headers = {b"Authorization": [b"Bearer " + service.hs_token.encode("ascii")]}
        opentracing.inject_header_dict(headers, check_destination=False)
        return headers
    async def query_user(self, service: "ApplicationService", user_id: str) -> bool:
        if service.url is None:
            return False
@ -136,10 +148,11 @@ class ApplicationServiceApi(SimpleHttpClient):
            args = None
            if self.config.use_appservice_legacy_authorization:
                args = {"access_token": service.hs_token}
            response = await self.get_json(
                f"{service.url}{APP_SERVICE_PREFIX}/users/{urllib.parse.quote(user_id)}",
                args,
-                headers={"Authorization": [f"Bearer {service.hs_token}"]},
+                headers=self._get_headers(service),
            )
            if response is not None:  # just an empty json object
                return True
@ -162,10 +175,11 @@ class ApplicationServiceApi(SimpleHttpClient):
            args = None
            if self.config.use_appservice_legacy_authorization:
                args = {"access_token": service.hs_token}
            response = await self.get_json(
                f"{service.url}{APP_SERVICE_PREFIX}/rooms/{urllib.parse.quote(alias)}",
                args,
-                headers={"Authorization": [f"Bearer {service.hs_token}"]},
+                headers=self._get_headers(service),
            )
            if response is not None:  # just an empty json object
                return True
@ -203,10 +217,11 @@ class ApplicationServiceApi(SimpleHttpClient):
                    **fields,
                    b"access_token": service.hs_token,
                }
            response = await self.get_json(
                f"{service.url}{APP_SERVICE_PREFIX}/thirdparty/{kind}/{urllib.parse.quote(protocol)}",
                args=args,
-                headers={"Authorization": [f"Bearer {service.hs_token}"]},
+                headers=self._get_headers(service),
            )
            if not isinstance(response, list):
                logger.warning(
@ -243,10 +258,11 @@ class ApplicationServiceApi(SimpleHttpClient):
                args = None
                if self.config.use_appservice_legacy_authorization:
                    args = {"access_token": service.hs_token}
                info = await self.get_json(
                    f"{service.url}{APP_SERVICE_PREFIX}/thirdparty/protocol/{urllib.parse.quote(protocol)}",
                    args,
-                    headers={"Authorization": [f"Bearer {service.hs_token}"]},
+                    headers=self._get_headers(service),
                )
                if not _is_valid_3pe_metadata(info):
@ -283,7 +299,7 @@ class ApplicationServiceApi(SimpleHttpClient):
        await self.post_json_get_json(
            uri=f"{service.url}{APP_SERVICE_PREFIX}/ping",
            post_json={"transaction_id": txn_id},
-            headers={"Authorization": [f"Bearer {service.hs_token}"]},
+            headers=self._get_headers(service),
        )
    async def push_bulk(
@ -364,7 +380,7 @@ class ApplicationServiceApi(SimpleHttpClient):
                f"{service.url}{APP_SERVICE_PREFIX}/transactions/{urllib.parse.quote(str(txn_id))}",
                json_body=body,
                args=args,
-                headers={"Authorization": [f"Bearer {service.hs_token}"]},
+                headers=self._get_headers(service),
            )
            if logger.isEnabledFor(logging.DEBUG):
                logger.debug(
@ -437,7 +453,7 @@ class ApplicationServiceApi(SimpleHttpClient):
            response = await self.post_json_get_json(
                uri,
                body,
-                headers={"Authorization": [f"Bearer {service.hs_token}"]},
+                headers=self._get_headers(service),
            )
        except HttpResponseException as e:
            # The appservice doesn't support this endpoint.
@ -498,7 +514,7 @@ class ApplicationServiceApi(SimpleHttpClient):
            response = await self.post_json_get_json(
                uri,
                query,
-                headers={"Authorization": [f"Bearer {service.hs_token}"]},
+                headers=self._get_headers(service),
            )
        except HttpResponseException as e:
            # The appservice doesn't support this endpoint.
--- a/synapse/config/_base.py
+++ b/synapse/config/_base.py
@ -179,8 +179,9 @@ class Config:
        If an integer is provided it is treated as bytes and is unchanged.
-        String byte sizes can have a suffix of 'K' or `M`, representing kibibytes and
+        String byte sizes can have a suffix of 'K', `M`, `G` or `T`,
-        mebibytes respectively. No suffix is understood as a plain byte count.
+        representing kibibytes, mebibytes, gibibytes and tebibytes respectively.
        No suffix is understood as a plain byte count.
        Raises:
            TypeError, if given something other than an integer or a string
@ -189,7 +190,7 @@ class Config:
        if type(value) is int:  # noqa: E721
            return value
        elif isinstance(value, str):
-            sizes = {"K": 1024, "M": 1024 * 1024}
+            sizes = {"K": 1024, "M": 1024 * 1024, "G": 1024**3, "T": 1024**4}
            size = 1
            suffix = value[-1]
            if suffix in sizes:
--- a/synapse/config/cas.py
+++ b/synapse/config/cas.py
@ -57,6 +57,8 @@ class CasConfig(Config):
                required_attributes
            )
            self.cas_enable_registration = cas_config.get("enable_registration", True)
            self.idp_name = cas_config.get("idp_name", "CAS")
            self.idp_icon = cas_config.get("idp_icon")
            self.idp_brand = cas_config.get("idp_brand")
@ -67,6 +69,7 @@ class CasConfig(Config):
            self.cas_protocol_version = None
            self.cas_displayname_attribute = None
            self.cas_required_attributes = []
            self.cas_enable_registration = False
 # CAS uses a legacy required attributes mapping, not the one provided by
--- a/synapse/config/oembed.py
+++ b/synapse/config/oembed.py
@ -30,7 +30,7 @@ class OEmbedEndpointConfig:
    # The API endpoint to fetch.
    api_endpoint: str
    # The patterns to match.
-    url_patterns: List[Pattern]
+    url_patterns: List[Pattern[str]]
    # The supported formats.
    formats: Optional[List[str]]
--- a/synapse/crypto/keyring.py
+++ b/synapse/crypto/keyring.py
@ -23,12 +23,7 @@ from signedjson.key import (
    get_verify_key,
    is_signing_algorithm_supported,
 )
-from signedjson.sign import (
+from signedjson.sign import SignatureVerifyException, signature_ids, verify_signed_json
    SignatureVerifyException,
    encode_canonical_json,
    signature_ids,
    verify_signed_json,
 )
 from signedjson.types import VerifyKey
 from unpaddedbase64 import decode_base64
@ -596,24 +591,12 @@ class BaseV2KeyFetcher(KeyFetcher):
                    verify_key=verify_key, valid_until_ts=key_data["expired_ts"]
                )
-        key_json_bytes = encode_canonical_json(response_json)
+        await self.store.store_server_keys_response(
-
+            server_name=server_name,
-        await make_deferred_yieldable(
+            from_server=from_server,
-            defer.gatherResults(
+            ts_added_ms=time_added_ms,
-                [
+            verify_keys=verify_keys,
-                    run_in_background(
+            response_json=response_json,
                        self.store.store_server_keys_json,
                        server_name=server_name,
                        key_id=key_id,
                        from_server=from_server,
                        ts_now_ms=time_added_ms,
                        ts_expires_ms=ts_valid_until_ms,
                        key_json_bytes=key_json_bytes,
                    )
                    for key_id in verify_keys
                ],
                consumeErrors=True,
            ).addErrback(unwrapFirstError)
        )
        return verify_keys
@ -775,10 +758,6 @@ class PerspectivesKeyFetcher(BaseV2KeyFetcher):
            keys.setdefault(server_name, {}).update(processed_response)
        await self.store.store_server_signature_keys(
            perspective_name, time_now_ms, added_keys
        )
        return keys
    def _validate_perspectives_response(
--- a/synapse/events/snapshot.py
+++ b/synapse/events/snapshot.py
@ -55,7 +55,6 @@ class UnpersistedEventContextBase(ABC):
        A method to convert an UnpersistedEventContext to an EventContext, suitable for
        sending to the database with the associated event.
        """
        pass
    @abstractmethod
    async def get_prev_state_ids(
@ -69,7 +68,6 @@ class UnpersistedEventContextBase(ABC):
            state_filter: specifies the type of state event to fetch from DB, example:
            EventTypes.JoinRules
        """
        pass
@attr.s(slots=True, auto_attribs=True)
--- a/synapse/handlers/cas.py
+++ b/synapse/handlers/cas.py
@ -70,6 +70,7 @@ class CasHandler:
        self._cas_protocol_version = hs.config.cas.cas_protocol_version
        self._cas_displayname_attribute = hs.config.cas.cas_displayname_attribute
        self._cas_required_attributes = hs.config.cas.cas_required_attributes
        self._cas_enable_registration = hs.config.cas.cas_enable_registration
        self._http_client = hs.get_proxied_http_client()
@ -395,4 +396,5 @@ class CasHandler:
            client_redirect_url,
            cas_response_to_user_attributes,
            grandfather_existing_users,
            registration_enabled=self._cas_enable_registration,
        )
--- a/synapse/handlers/device.py
+++ b/synapse/handlers/device.py
@ -43,9 +43,12 @@ from synapse.metrics.background_process_metrics import (
 )
 from synapse.types import (
    JsonDict,
    JsonMapping,
    ScheduledTask,
    StrCollection,
    StreamKeyType,
    StreamToken,
    TaskStatus,
    UserID,
    get_domain_from_id,
    get_verify_key_from_cross_signing_key,
@ -55,13 +58,17 @@ from synapse.util.async_helpers import Linearizer
 from synapse.util.caches.expiringcache import ExpiringCache
 from synapse.util.cancellation import cancellable
 from synapse.util.metrics import measure_func
-from synapse.util.retryutils import NotRetryingDestination
+from synapse.util.retryutils import (
    NotRetryingDestination,
    filter_destinations_by_retry_limiter,
 )
 if TYPE_CHECKING:
    from synapse.server import HomeServer
 logger = logging.getLogger(__name__)
 DELETE_DEVICE_MSGS_TASK_NAME = "delete_device_messages"
 MAX_DEVICE_DISPLAY_NAME_LEN = 100
 DELETE_STALE_DEVICES_INTERVAL_MS = 24 * 60 * 60 * 1000
@ -78,6 +85,7 @@ class DeviceWorkerHandler:
        self._appservice_handler = hs.get_application_service_handler()
        self._state_storage = hs.get_storage_controllers().state
        self._auth_handler = hs.get_auth_handler()
        self._event_sources = hs.get_event_sources()
        self.server_name = hs.hostname
        self._msc3852_enabled = hs.config.experimental.msc3852_enabled
        self._query_appservices_for_keys = (
@ -386,6 +394,7 @@ class DeviceHandler(DeviceWorkerHandler):
        self._account_data_handler = hs.get_account_data_handler()
        self._storage_controllers = hs.get_storage_controllers()
        self.db_pool = hs.get_datastores().main.db_pool
        self._task_scheduler = hs.get_task_scheduler()
        self.device_list_updater = DeviceListUpdater(hs, self)
@ -419,6 +428,10 @@ class DeviceHandler(DeviceWorkerHandler):
                self._delete_stale_devices,
            )
        self._task_scheduler.register_action(
            self._delete_device_messages, DELETE_DEVICE_MSGS_TASK_NAME
        )
    def _check_device_name_length(self, name: Optional[str]) -> None:
        """
        Checks whether a device name is longer than the maximum allowed length.
@ -530,6 +543,7 @@ class DeviceHandler(DeviceWorkerHandler):
            user_id: The user to delete devices from.
            device_ids: The list of device IDs to delete
        """
        to_device_stream_id = self._event_sources.get_current_token().to_device_key
        try:
            await self.store.delete_devices(user_id, device_ids)
@ -559,12 +573,49 @@ class DeviceHandler(DeviceWorkerHandler):
                    f"org.matrix.msc3890.local_notification_settings.{device_id}",
                )
            # Delete device messages asynchronously and in batches using the task scheduler
            await self._task_scheduler.schedule_task(
                DELETE_DEVICE_MSGS_TASK_NAME,
                resource_id=device_id,
                params={
                    "user_id": user_id,
                    "device_id": device_id,
                    "up_to_stream_id": to_device_stream_id,
                },
            )
        # Pushers are deleted after `delete_access_tokens_for_user` is called so that
        # modules using `on_logged_out` hook can use them if needed.
        await self.hs.get_pusherpool().remove_pushers_by_devices(user_id, device_ids)
        await self.notify_device_update(user_id, device_ids)
    DEVICE_MSGS_DELETE_BATCH_LIMIT = 100
    async def _delete_device_messages(
        self,
        task: ScheduledTask,
    ) -> Tuple[TaskStatus, Optional[JsonMapping], Optional[str]]:
        """Scheduler task to delete device messages in batch of `DEVICE_MSGS_DELETE_BATCH_LIMIT`."""
        assert task.params is not None
        user_id = task.params["user_id"]
        device_id = task.params["device_id"]
        up_to_stream_id = task.params["up_to_stream_id"]
        res = await self.store.delete_messages_for_device(
            user_id=user_id,
            device_id=device_id,
            up_to_stream_id=up_to_stream_id,
            limit=DeviceHandler.DEVICE_MSGS_DELETE_BATCH_LIMIT,
        )
        if res < DeviceHandler.DEVICE_MSGS_DELETE_BATCH_LIMIT:
            return TaskStatus.COMPLETE, None, None
        else:
            # There is probably still device messages to be deleted, let's keep the task active and it will be run
            # again in a subsequent scheduler loop run (probably the next one, if not too many tasks are running).
            return TaskStatus.ACTIVE, None, None
    async def update_device(self, user_id: str, device_id: str, content: dict) -> None:
        """Update the given device
@ -982,7 +1033,7 @@ class DeviceListWorkerUpdater:
    async def multi_user_device_resync(
        self, user_ids: List[str], mark_failed_as_stale: bool = True
-    ) -> Dict[str, Optional[JsonDict]]:
+    ) -> Dict[str, Optional[JsonMapping]]:
        """
        Like `user_device_resync` but operates on multiple users **from the same origin**
        at once.
@ -1011,6 +1062,7 @@ class DeviceListUpdater(DeviceListWorkerUpdater):
        self._notifier = hs.get_notifier()
        self._remote_edu_linearizer = Linearizer(name="remote_device_list")
        self._resync_linearizer = Linearizer(name="remote_device_resync")
        # user_id -> list of updates waiting to be handled.
        self._pending_updates: Dict[
@ -1220,8 +1272,18 @@ class DeviceListUpdater(DeviceListWorkerUpdater):
            self._resync_retry_in_progress = True
            # Get all of the users that need resyncing.
            need_resync = await self.store.get_user_ids_requiring_device_list_resync()
            # Filter out users whose host is marked as "down" up front.
            hosts = await filter_destinations_by_retry_limiter(
                {get_domain_from_id(u) for u in need_resync}, self.clock, self.store
            )
            hosts = set(hosts)
            # Iterate over the set of user IDs.
            for user_id in need_resync:
                if get_domain_from_id(user_id) not in hosts:
                    continue
                try:
                    # Try to resync the current user's devices list.
                    result = (await self.multi_user_device_resync([user_id], False))[
@ -1253,7 +1315,7 @@ class DeviceListUpdater(DeviceListWorkerUpdater):
    async def multi_user_device_resync(
        self, user_ids: List[str], mark_failed_as_stale: bool = True
-    ) -> Dict[str, Optional[JsonDict]]:
+    ) -> Dict[str, Optional[JsonMapping]]:
        """
        Like `user_device_resync` but operates on multiple users **from the same origin**
        at once.
@ -1273,9 +1335,11 @@ class DeviceListUpdater(DeviceListWorkerUpdater):
        failed = set()
        # TODO(Perf): Actually batch these up
        for user_id in user_ids:
-            user_result, user_failed = await self._user_device_resync_returning_failed(
+            async with self._resync_linearizer.queue(user_id):
-                user_id
+                (
-            )
+                    user_result,
                    user_failed,
                ) = await self._user_device_resync_returning_failed(user_id)
            result[user_id] = user_result
            if user_failed:
                failed.add(user_id)
@ -1287,7 +1351,7 @@ class DeviceListUpdater(DeviceListWorkerUpdater):
    async def _user_device_resync_returning_failed(
        self, user_id: str
-    ) -> Tuple[Optional[JsonDict], bool]:
+    ) -> Tuple[Optional[JsonMapping], bool]:
        """Fetches all devices for a user and updates the device cache with them.
        Args:
@ -1300,6 +1364,12 @@ class DeviceListUpdater(DeviceListWorkerUpdater):
              e.g. due to a connection problem.
            - True iff the resync failed and the device list should be marked as stale.
        """
        # Check that we haven't gone and fetched the devices since we last
        # checked if we needed to resync these device lists.
        if await self.store.get_users_whose_devices_are_cached([user_id]):
            cached = await self.store.get_cached_devices_for_user(user_id)
            return cached, False
        logger.debug("Attempting to resync the device list for %s", user_id)
        log_kv({"message": "Doing resync to update device list."})
        # Fetch all devices for the user.
--- a/synapse/handlers/initial_sync.py
+++ b/synapse/handlers/initial_sync.py
@ -13,7 +13,7 @@
 # limitations under the License.
 import logging
-from typing import TYPE_CHECKING, List, Optional, Tuple, cast
+from typing import TYPE_CHECKING, List, Optional, Tuple
 from synapse.api.constants import (
    AccountDataTypes,
@ -23,7 +23,6 @@ from synapse.api.constants import (
    Membership,
 )
 from synapse.api.errors import SynapseError
 from synapse.events import EventBase
 from synapse.events.utils import SerializeEventConfig
 from synapse.events.validator import EventValidator
 from synapse.handlers.presence import format_user_presence_state
@ -35,7 +34,6 @@ from synapse.types import (
    JsonDict,
    Requester,
    RoomStreamToken,
    StateMap,
    StreamKeyType,
    StreamToken,
    UserID,
@ -199,9 +197,7 @@ class InitialSyncHandler:
                    deferred_room_state = run_in_background(
                        self._state_storage_controller.get_state_for_events,
                        [event.event_id],
-                    ).addCallback(
+                    ).addCallback(lambda states: states[event.event_id])
                        lambda states: cast(StateMap[EventBase], states[event.event_id])
                    )
                (messages, token), current_state = await make_deferred_yieldable(
                    gather_results(
--- a/synapse/handlers/pagination.py
+++ b/synapse/handlers/pagination.py
@ -713,7 +713,7 @@ class PaginationHandler:
        self,
        delete_id: str,
        room_id: str,
-        requester_user_id: str,
+        requester_user_id: Optional[str],
        new_room_user_id: Optional[str] = None,
        new_room_name: Optional[str] = None,
        message: Optional[str] = None,
@ -732,6 +732,10 @@ class PaginationHandler:
            requester_user_id:
                User who requested the action. Will be recorded as putting the room on the
                blocking list.
                If None, the action was not manually requested but instead
                triggered automatically, e.g. through a Synapse module
                or some other policy.
                MUST NOT be None if block=True.
            new_room_user_id:
                If set, a new room will be created with this user ID
                as the creator and admin, and all users in the old room will be
@ -818,7 +822,7 @@ class PaginationHandler:
    def start_shutdown_and_purge_room(
        self,
        room_id: str,
-        requester_user_id: str,
+        requester_user_id: Optional[str],
        new_room_user_id: Optional[str] = None,
        new_room_name: Optional[str] = None,
        message: Optional[str] = None,
@ -833,6 +837,10 @@ class PaginationHandler:
            requester_user_id:
                User who requested the action and put the room on the
                blocking list.
                If None, the action was not manually requested but instead
                triggered automatically, e.g. through a Synapse module
                or some other policy.
                MUST NOT be None if block=True.
            new_room_user_id:
                If set, a new room will be created with this user ID
                as the creator and admin, and all users in the old room will be
--- a/synapse/handlers/presence.py
+++ b/synapse/handlers/presence.py
@ -13,13 +13,56 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-"""This module is responsible for keeping track of presence status of local
+"""
 This module is responsible for keeping track of presence status of local
 and remote users.
 The methods that define policy are:
    - PresenceHandler._update_states
    - PresenceHandler._handle_timeouts
    - should_notify
 # Tracking local presence
 For local users, presence is tracked on a per-device basis. When a user has multiple
 devices the user presence state is derived by coalescing the presence from each
 device:
    BUSY > ONLINE > UNAVAILABLE > OFFLINE
 The time that each device was last active and last synced is tracked in order to
 automatically downgrade a device's presence state:
    A device may move from ONLINE -> UNAVAILABLE, if it has not been active for
    a period of time.
    A device may go from any state -> OFFLINE, if it is not active and has not
    synced for a period of time.
 The timeouts are handled using a wheel timer, which has coarse buckets. Timings
 do not need to be exact.
 Generally a device's presence state is updated whenever a user syncs (via the
 set_presence parameter), when the presence API is called, or if "pro-active"
 events occur, including:
 * Sending an event, receipt, read marker.
 * Updating typing status.
 The busy state has special status that it cannot is not downgraded by a call to
 sync with a lower priority state *and* it takes a long period of time to transition
 to offline.
 # Persisting (and restoring) presence
 For all users, presence is persisted on a per-user basis. Data is kept in-memory
 and persisted periodically. When Synapse starts each worker loads the current
 presence state and then tracks the presence stream to keep itself up-to-date.
 When restoring presence for local users a pseudo-device is created to match the
 user state; this device follows the normal timeout logic (see above) and will
 automatically be replaced with any information from currently available devices.
 """
 import abc
 import contextlib
@ -30,6 +73,7 @@ from contextlib import contextmanager
 from types import TracebackType
 from typing import (
    TYPE_CHECKING,
    AbstractSet,
    Any,
    Callable,
    Collection,
@ -49,7 +93,7 @@ from prometheus_client import Counter
 import synapse.metrics
 from synapse.api.constants import EduTypes, EventTypes, Membership, PresenceState
 from synapse.api.errors import SynapseError
-from synapse.api.presence import UserPresenceState
+from synapse.api.presence import UserDevicePresenceState, UserPresenceState
 from synapse.appservice import ApplicationService
 from synapse.events.presence_router import PresenceRouter
 from synapse.logging.context import run_in_background
@ -111,6 +155,8 @@ LAST_ACTIVE_GRANULARITY = 60 * 1000
 # How long to wait until a new /events or /sync request before assuming
 # the client has gone.
 SYNC_ONLINE_TIMEOUT = 30 * 1000
 # Busy status waits longer, but does eventually go offline.
 BUSY_ONLINE_TIMEOUT = 60 * 60 * 1000
 # How long to wait before marking the user as idle. Compared against last active
 IDLE_TIMER = 5 * 60 * 1000
@ -137,6 +183,7 @@ class BasePresenceHandler(abc.ABC):
    writer"""
    def __init__(self, hs: "HomeServer"):
        self.hs = hs
        self.clock = hs.get_clock()
        self.store = hs.get_datastores().main
        self._storage_controllers = hs.get_storage_controllers()
@ -162,6 +209,7 @@ class BasePresenceHandler(abc.ABC):
            self.VALID_PRESENCE += (PresenceState.BUSY,)
        active_presence = self.store.take_presence_startup_info()
        # The combined status across all user devices.
        self.user_to_current_state = {state.user_id: state for state in active_presence}
    @abc.abstractmethod
@ -426,8 +474,6 @@ class _NullContextManager(ContextManager[None]):
 class WorkerPresenceHandler(BasePresenceHandler):
    def __init__(self, hs: "HomeServer"):
        super().__init__(hs)
        self.hs = hs
        self._presence_writer_instance = hs.config.worker.writers.presence[0]
        # Route presence EDUs to the right worker
@ -691,7 +737,6 @@ class WorkerPresenceHandler(BasePresenceHandler):
 class PresenceHandler(BasePresenceHandler):
    def __init__(self, hs: "HomeServer"):
        super().__init__(hs)
        self.hs = hs
        self.wheel_timer: WheelTimer[str] = WheelTimer()
        self.notifier = hs.get_notifier()
@ -708,9 +753,27 @@ class PresenceHandler(BasePresenceHandler):
            lambda: len(self.user_to_current_state),
        )
        # The per-device presence state, maps user to devices to per-device presence state.
        self._user_to_device_to_current_state: Dict[
            str, Dict[Optional[str], UserDevicePresenceState]
        ] = {}
        now = self.clock.time_msec()
        if self._presence_enabled:
            for state in self.user_to_current_state.values():
                # Create a psuedo-device to properly handle time outs. This will
                # be overridden by any "real" devices within SYNC_ONLINE_TIMEOUT.
                pseudo_device_id = None
                self._user_to_device_to_current_state[state.user_id] = {
                    pseudo_device_id: UserDevicePresenceState(
                        user_id=state.user_id,
                        device_id=pseudo_device_id,
                        state=state.state,
                        last_active_ts=state.last_active_ts,
                        last_sync_ts=state.last_user_sync_ts,
                    )
                }
                self.wheel_timer.insert(
                    now=now, obj=state.user_id, then=state.last_active_ts + IDLE_TIMER
                )
@ -752,7 +815,7 @@ class PresenceHandler(BasePresenceHandler):
        # Keeps track of the number of *ongoing* syncs on other processes.
        #
-        # While any sync is ongoing on another process the user will never
+        # While any sync is ongoing on another process the user's device will never
        # go offline.
        #
        # Each process has a unique identifier and an update frequency. If
@ -981,22 +1044,21 @@ class PresenceHandler(BasePresenceHandler):
        timers_fired_counter.inc(len(states))
-        syncing_user_ids = {
+        # Set of user ID & device IDs which are currently syncing.
-            user_id
+        syncing_user_devices = {
-            for (user_id, _), count in self._user_device_to_num_current_syncs.items()
+            user_id_device_id
            for user_id_device_id, count in self._user_device_to_num_current_syncs.items()
            if count
        }
-        syncing_user_ids.update(
+        syncing_user_devices.update(
-            user_id
+            itertools.chain(*self.external_process_to_current_syncs.values())
            for user_id, _ in itertools.chain(
                *self.external_process_to_current_syncs.values()
            )
        )
        changes = handle_timeouts(
            states,
            is_mine_fn=self.is_mine_id,
-            syncing_user_ids=syncing_user_ids,
+            syncing_user_devices=syncing_user_devices,
            user_to_devices=self._user_to_device_to_current_state,
            now=now,
        )
@ -1016,11 +1078,26 @@ class PresenceHandler(BasePresenceHandler):
        bump_active_time_counter.inc()
-        prev_state = await self.current_state_for_user(user_id)
+        now = self.clock.time_msec()
-        new_fields: Dict[str, Any] = {"last_active_ts": self.clock.time_msec()}
+        # Update the device information & mark the device as online if it was
-        if prev_state.state == PresenceState.UNAVAILABLE:
+        # unavailable.
-            new_fields["state"] = PresenceState.ONLINE
+        devices = self._user_to_device_to_current_state.setdefault(user_id, {})
        device_state = devices.setdefault(
            device_id,
            UserDevicePresenceState.default(user_id, device_id),
        )
        device_state.last_active_ts = now
        if device_state.state == PresenceState.UNAVAILABLE:
            device_state.state = PresenceState.ONLINE
        # Update the user state, this will always update last_active_ts and
        # might update the presence state.
        prev_state = await self.current_state_for_user(user_id)
        new_fields: Dict[str, Any] = {
            "last_active_ts": now,
            "state": _combine_device_states(devices.values()),
        }
        await self._update_states([prev_state.copy_and_replace(**new_fields)])
@ -1132,6 +1209,12 @@ class PresenceHandler(BasePresenceHandler):
            if is_syncing and (user_id, device_id) not in process_presence:
                process_presence.add((user_id, device_id))
            elif not is_syncing and (user_id, device_id) in process_presence:
                devices = self._user_to_device_to_current_state.setdefault(user_id, {})
                device_state = devices.setdefault(
                    device_id, UserDevicePresenceState.default(user_id, device_id)
                )
                device_state.last_sync_ts = sync_time_msec
                new_state = prev_state.copy_and_replace(
                    last_user_sync_ts=sync_time_msec
                )
@ -1151,11 +1234,24 @@ class PresenceHandler(BasePresenceHandler):
            process_presence = self.external_process_to_current_syncs.pop(
                process_id, set()
            )
-            prev_states = await self.current_state_for_users(
+
                {user_id for user_id, device_id in process_presence}
            )
            time_now_ms = self.clock.time_msec()
            # Mark each device as having a last sync time.
            updated_users = set()
            for user_id, device_id in process_presence:
                device_state = self._user_to_device_to_current_state.setdefault(
                    user_id, {}
                ).setdefault(
                    device_id, UserDevicePresenceState.default(user_id, device_id)
                )
                device_state.last_sync_ts = time_now_ms
                updated_users.add(user_id)
            # Update each user (and insert into the appropriate timers to check if
            # they've gone offline).
            prev_states = await self.current_state_for_users(updated_users)
            await self._update_states(
                [
                    prev_state.copy_and_replace(last_user_sync_ts=time_now_ms)
@ -1277,6 +1373,20 @@ class PresenceHandler(BasePresenceHandler):
        if prev_state.state == PresenceState.BUSY and is_sync:
            presence = PresenceState.BUSY
        # Update the device specific information.
        devices = self._user_to_device_to_current_state.setdefault(user_id, {})
        device_state = devices.setdefault(
            device_id,
            UserDevicePresenceState.default(user_id, device_id),
        )
        device_state.state = presence
        device_state.last_active_ts = now
        if is_sync:
            device_state.last_sync_ts = now
        # Based on the state of each user's device calculate the new presence state.
        presence = _combine_device_states(devices.values())
        new_fields = {"state": presence}
        if presence == PresenceState.ONLINE or presence == PresenceState.BUSY:
@ -1873,7 +1983,8 @@ class PresenceEventSource(EventSource[int, UserPresenceState]):
 def handle_timeouts(
    user_states: List[UserPresenceState],
    is_mine_fn: Callable[[str], bool],
-    syncing_user_ids: Set[str],
+    syncing_user_devices: AbstractSet[Tuple[str, Optional[str]]],
    user_to_devices: Dict[str, Dict[Optional[str], UserDevicePresenceState]],
    now: int,
 ) -> List[UserPresenceState]:
    """Checks the presence of users that have timed out and updates as
@ -1882,7 +1993,8 @@ def handle_timeouts(
    Args:
        user_states: List of UserPresenceState's to check.
        is_mine_fn: Function that returns if a user_id is ours
-        syncing_user_ids: Set of user_ids with active syncs.
+        syncing_user_devices: A set of (user ID, device ID) tuples with active syncs..
        user_to_devices: A map of user ID to device ID to UserDevicePresenceState.
        now: Current time in ms.
    Returns:
@ -1891,9 +2003,16 @@ def handle_timeouts(
    changes = {}  # Actual changes we need to notify people about
    for state in user_states:
-        is_mine = is_mine_fn(state.user_id)
+        user_id = state.user_id
        is_mine = is_mine_fn(user_id)
-        new_state = handle_timeout(state, is_mine, syncing_user_ids, now)
+        new_state = handle_timeout(
            state,
            is_mine,
            syncing_user_devices,
            user_to_devices.get(user_id, {}),
            now,
        )
        if new_state:
            changes[state.user_id] = new_state
@ -1901,14 +2020,19 @@ def handle_timeouts(
 def handle_timeout(
-    state: UserPresenceState, is_mine: bool, syncing_user_ids: Set[str], now: int
+    state: UserPresenceState,
    is_mine: bool,
    syncing_device_ids: AbstractSet[Tuple[str, Optional[str]]],
    user_devices: Dict[Optional[str], UserDevicePresenceState],
    now: int,
 ) -> Optional[UserPresenceState]:
    """Checks the presence of the user to see if any of the timers have elapsed
    Args:
-        state
+        state: UserPresenceState to check.
        is_mine: Whether the user is ours
-        syncing_user_ids: Set of user_ids with active syncs.
+        syncing_user_devices: A set of (user ID, device ID) tuples with active syncs..
        user_devices: A map of device ID to UserDevicePresenceState.
        now: Current time in ms.
    Returns:
@ -1919,34 +2043,63 @@ def handle_timeout(
        return None
    changed = False
    user_id = state.user_id
    if is_mine:
-        if state.state == PresenceState.ONLINE:
+        # Check per-device whether the device should be considered idle or offline
-            if now - state.last_active_ts > IDLE_TIMER:
+        # due to timeouts.
-                # Currently online, but last activity ages ago so auto
+        device_changed = False
-                # idle
+        offline_devices = []
-                state = state.copy_and_replace(state=PresenceState.UNAVAILABLE)
+        for device_id, device_state in user_devices.items():
-                changed = True
+            if device_state.state == PresenceState.ONLINE:
-            elif now - state.last_active_ts > LAST_ACTIVE_GRANULARITY:
+                if now - device_state.last_active_ts > IDLE_TIMER:
-                # So that we send down a notification that we've
+                    # Currently online, but last activity ages ago so auto
-                # stopped updating.
+                    # idle
                    device_state.state = PresenceState.UNAVAILABLE
                    device_changed = True
            # If there are have been no sync for a while (and none ongoing),
            # set presence to offline.
            if (state.user_id, device_id) not in syncing_device_ids:
                # If the user has done something recently but hasn't synced,
                # don't set them as offline.
                sync_or_active = max(
                    device_state.last_sync_ts, device_state.last_active_ts
                )
                # Implementations aren't meant to timeout a device with a busy
                # state, but it needs to timeout *eventually* or else the user
                # will be stuck in that state.
                online_timeout = (
                    BUSY_ONLINE_TIMEOUT
                    if device_state.state == PresenceState.BUSY
                    else SYNC_ONLINE_TIMEOUT
                )
                if now - sync_or_active > online_timeout:
                    # Mark the device as going offline.
                    offline_devices.append(device_id)
                    device_changed = True
        # Offline devices are not needed and do not add information.
        for device_id in offline_devices:
            user_devices.pop(device_id)
        # If the presence state of the devices changed, then (maybe) update
        # the user's overall presence state.
        if device_changed:
            new_presence = _combine_device_states(user_devices.values())
            if new_presence != state.state:
                state = state.copy_and_replace(state=new_presence)
                changed = True
        if now - state.last_active_ts > LAST_ACTIVE_GRANULARITY:
            # So that we send down a notification that we've
            # stopped updating.
            changed = True
        if now - state.last_federation_update_ts > FEDERATION_PING_INTERVAL:
            # Need to send ping to other servers to ensure they don't
            # timeout and set us to offline
            changed = True
        # If there are have been no sync for a while (and none ongoing),
        # set presence to offline
        if user_id not in syncing_user_ids:
            # If the user has done something recently but hasn't synced,
            # don't set them as offline.
            sync_or_active = max(state.last_user_sync_ts, state.last_active_ts)
            if now - sync_or_active > SYNC_ONLINE_TIMEOUT:
                state = state.copy_and_replace(state=PresenceState.OFFLINE)
                changed = True
    else:
        # We expect to be poked occasionally by the other side.
        # This is to protect against forgetful/buggy servers, so that
@ -2021,6 +2174,13 @@ def handle_update(
                new_state = new_state.copy_and_replace(last_federation_update_ts=now)
                federation_ping = True
        if new_state.state == PresenceState.BUSY:
            wheel_timer.insert(
                now=now,
                obj=user_id,
                then=new_state.last_user_sync_ts + BUSY_ONLINE_TIMEOUT,
            )
    else:
        wheel_timer.insert(
            now=now,
@ -2036,6 +2196,46 @@ def handle_update(
    return new_state, persist_and_notify, federation_ping
 PRESENCE_BY_PRIORITY = {
    PresenceState.BUSY: 4,
    PresenceState.ONLINE: 3,
    PresenceState.UNAVAILABLE: 2,
    PresenceState.OFFLINE: 1,
 }
 def _combine_device_states(
    device_states: Iterable[UserDevicePresenceState],
 ) -> str:
    """
    Find the device to use presence information from.
    Orders devices by priority, then last_active_ts.
    Args:
        device_states: An iterable of device presence states
    Return:
        The combined presence state.
    """
    # Based on (all) the user's devices calculate the new presence state.
    presence = PresenceState.OFFLINE
    last_active_ts = -1
    # Find the device to use the presence state of based on the presence priority,
    # but tie-break with how recently the device has been seen.
    for device_state in device_states:
        if (PRESENCE_BY_PRIORITY[device_state.state], device_state.last_active_ts) > (
            PRESENCE_BY_PRIORITY[presence],
            last_active_ts,
        ):
            presence = device_state.state
            last_active_ts = device_state.last_active_ts
    return presence
 async def get_interested_parties(
    store: DataStore, presence_router: PresenceRouter, states: List[UserPresenceState]
 ) -> Tuple[Dict[str, List[UserPresenceState]], Dict[str, List[UserPresenceState]]]:
--- a/synapse/handlers/room.py
+++ b/synapse/handlers/room.py
@ -1787,7 +1787,7 @@ class RoomShutdownHandler:
    async def shutdown_room(
        self,
        room_id: str,
-        requester_user_id: str,
+        requester_user_id: Optional[str],
        new_room_user_id: Optional[str] = None,
        new_room_name: Optional[str] = None,
        message: Optional[str] = None,
@ -1811,6 +1811,10 @@ class RoomShutdownHandler:
            requester_user_id:
                User who requested the action and put the room on the
                blocking list.
                If None, the action was not manually requested but instead
                triggered automatically, e.g. through a Synapse module
                or some other policy.
                MUST NOT be None if block=True.
            new_room_user_id:
                If set, a new room will be created with this user ID
                as the creator and admin, and all users in the old room will be
@ -1863,6 +1867,10 @@ class RoomShutdownHandler:
        # Action the block first (even if the room doesn't exist yet)
        if block:
            if requester_user_id is None:
                raise ValueError(
                    "shutdown_room: block=True not allowed when requester_user_id is None."
                )
            # This will work even if the room is already blocked, but that is
            # desirable in case the first attempt at blocking the room failed below.
            await self.store.block_room(room_id, requester_user_id)
--- a/synapse/handlers/send_email.py
+++ b/synapse/handlers/send_email.py
@ -17,7 +17,7 @@ import logging
 from email.mime.multipart import MIMEMultipart
 from email.mime.text import MIMEText
 from io import BytesIO
-from typing import TYPE_CHECKING, Any, Optional
+from typing import TYPE_CHECKING, Any, Dict, Optional
 from pkg_resources import parse_version
@ -151,6 +151,7 @@ class SendEmailHandler:
        app_name: str,
        html: str,
        text: str,
        additional_headers: Optional[Dict[str, str]] = None,
    ) -> None:
        """Send a multipart email with the given information.
@ -160,6 +161,7 @@ class SendEmailHandler:
            app_name: The app name to include in the From header.
            html: The HTML content to include in the email.
            text: The plain text content to include in the email.
            additional_headers: A map of additional headers to include.
        """
        try:
            from_string = self._from % {"app": app_name}
@ -181,6 +183,7 @@ class SendEmailHandler:
        multipart_msg["To"] = email_address
        multipart_msg["Date"] = email.utils.formatdate()
        multipart_msg["Message-ID"] = email.utils.make_msgid()
        # Discourage automatic responses to Synapse's emails.
        # Per RFC 3834, automatic responses should not be sent if the "Auto-Submitted"
        # header is present with any value other than "no". See
@ -194,6 +197,11 @@ class SendEmailHandler:
        #    https://stackoverflow.com/a/25324691/5252017
        #    https://stackoverflow.com/a/61646381/5252017
        multipart_msg["X-Auto-Response-Suppress"] = "All"
        if additional_headers:
            for header, value in additional_headers.items():
                multipart_msg[header] = value
        multipart_msg.attach(text_part)
        multipart_msg.attach(html_part)
--- a/synapse/handlers/sync.py
+++ b/synapse/handlers/sync.py
@ -40,6 +40,7 @@ from synapse.api.filtering import FilterCollection
 from synapse.api.presence import UserPresenceState
 from synapse.api.room_versions import KNOWN_ROOM_VERSIONS
 from synapse.events import EventBase
 from synapse.handlers.device import DELETE_DEVICE_MSGS_TASK_NAME
 from synapse.handlers.relations import BundledAggregations
 from synapse.logging import issue9533_logger
 from synapse.logging.context import current_context
@ -268,6 +269,7 @@ class SyncHandler:
        self._storage_controllers = hs.get_storage_controllers()
        self._state_storage_controller = self._storage_controllers.state
        self._device_handler = hs.get_device_handler()
        self._task_scheduler = hs.get_task_scheduler()
        self.should_calculate_push_rules = hs.config.push.enable_push
@ -360,11 +362,19 @@ class SyncHandler:
        # (since we now know that the device has received them)
        if since_token is not None:
            since_stream_id = since_token.to_device_key
-            deleted = await self.store.delete_messages_for_device(
+            # Delete device messages asynchronously and in batches using the task scheduler
-                sync_config.user.to_string(), sync_config.device_id, since_stream_id
+            await self._task_scheduler.schedule_task(
                DELETE_DEVICE_MSGS_TASK_NAME,
                resource_id=sync_config.device_id,
                params={
                    "user_id": sync_config.user.to_string(),
                    "device_id": sync_config.device_id,
                    "up_to_stream_id": since_stream_id,
                },
            )
            logger.debug(
-                "Deleted %d to-device messages up to %d", deleted, since_stream_id
+                "Deletion of to-device messages up to %d scheduled",
                since_stream_id,
            )
        if timeout == 0 or since_token is None or full_state:
--- a/synapse/http/federation/matrix_federation_agent.py
+++ b/synapse/http/federation/matrix_federation_agent.py
@ -399,15 +399,34 @@ class MatrixHostnameEndpoint:
        if port or _is_ip_literal(host):
            return [Server(host, port or 8448)]
        # Check _matrix-fed._tcp SRV record.
        logger.debug("Looking up SRV record for %s", host.decode(errors="replace"))
        server_list = await self._srv_resolver.resolve_service(
            b"_matrix-fed._tcp." + host
        )
        if server_list:
            if logger.isEnabledFor(logging.DEBUG):
                logger.debug(
                    "Got %s from SRV lookup for %s",
                    ", ".join(map(str, server_list)),
                    host.decode(errors="replace"),
                )
            return server_list
        # No _matrix-fed._tcp SRV record, fallback to legacy _matrix._tcp SRV record.
        logger.debug(
            "Looking up deprecated SRV record for %s", host.decode(errors="replace")
        )
        server_list = await self._srv_resolver.resolve_service(b"_matrix._tcp." + host)
        if server_list:
-            logger.debug(
+            if logger.isEnabledFor(logging.DEBUG):
-                "Got %s from SRV lookup for %s",
+                logger.debug(
-                ", ".join(map(str, server_list)),
+                    "Got %s from deprecated SRV lookup for %s",
-                host.decode(errors="replace"),
+                    ", ".join(map(str, server_list)),
-            )
+                    host.decode(errors="replace"),
                )
            return server_list
        # No SRV records, so we fallback to host and 8448
--- a/synapse/logging/context.py
+++ b/synapse/logging/context.py
@ -728,7 +728,7 @@ async def _unwrap_awaitable(awaitable: Awaitable[R]) -> R:
@overload
-def preserve_fn(  # type: ignore[misc]
+def preserve_fn(
    f: Callable[P, Awaitable[R]],
 ) -> Callable[P, "defer.Deferred[R]"]:
    # The `type: ignore[misc]` above suppresses
@ -756,7 +756,7 @@ def preserve_fn(
@overload
-def run_in_background(  # type: ignore[misc]
+def run_in_background(
    f: Callable[P, Awaitable[R]], *args: P.args, **kwargs: P.kwargs
 ) -> "defer.Deferred[R]":
    # The `type: ignore[misc]` above suppresses
--- a/synapse/logging/opentracing.py
+++ b/synapse/logging/opentracing.py
@ -991,11 +991,7 @@ def trace_with_opname(
        if not opentracing:
            return func
-        # type-ignore: mypy seems to be confused by the ParamSpecs here.
+        return _custom_sync_async_decorator(func, _wrapping_logic)
        # I think the problem is https://github.com/python/mypy/issues/12909
        return _custom_sync_async_decorator(
            func, _wrapping_logic  # type: ignore[arg-type]
        )
    return _decorator
@ -1040,9 +1036,7 @@ def tag_args(func: Callable[P, R]) -> Callable[P, R]:
        set_tag(SynapseTags.FUNC_KWARGS, str(kwargs))
        yield
-    # type-ignore: mypy seems to be confused by the ParamSpecs here.
+    return _custom_sync_async_decorator(func, _wrapping_logic)
    # I think the problem is https://github.com/python/mypy/issues/12909
    return _custom_sync_async_decorator(func, _wrapping_logic)  # type: ignore[arg-type]
@contextlib.contextmanager
--- a/synapse/media/url_previewer.py
+++ b/synapse/media/url_previewer.py
@ -846,9 +846,7 @@ def _is_media(content_type: str) -> bool:
 def _is_html(content_type: str) -> bool:
    content_type = content_type.lower()
-    return content_type.startswith("text/html") or content_type.startswith(
+    return content_type.startswith(("text/html", "application/xhtml"))
        "application/xhtml"
    )
 def _is_json(content_type: str) -> bool:
--- a/synapse/module_api/init.py
+++ b/synapse/module_api/init.py
@ -1730,6 +1730,19 @@ class ModuleApi:
        room_alias_str = room_alias.to_string() if room_alias else None
        return room_id, room_alias_str
    async def delete_room(self, room_id: str) -> None:
        """
        Schedules the deletion of a room from Synapse's database.
        If the room is already being deleted, this method does nothing.
        This method does not wait for the room to be deleted.
        Added in Synapse v1.89.0.
        """
        # Future extensions to this method might want to e.g. allow use of `force_purge`.
        # TODO In the future we should make sure this is persistent.
        self._hs.get_pagination_handler().start_shutdown_and_purge_room(room_id, None)
    async def set_displayname(
        self,
        user_id: UserID,
--- a/synapse/module_api/callbacks/third_party_event_rules_callbacks.py
+++ b/synapse/module_api/callbacks/third_party_event_rules_callbacks.py
@ -40,7 +40,7 @@ CHECK_VISIBILITY_CAN_BE_MODIFIED_CALLBACK = Callable[
    [str, StateMap[EventBase], str], Awaitable[bool]
 ]
 ON_NEW_EVENT_CALLBACK = Callable[[EventBase, StateMap[EventBase]], Awaitable]
-CHECK_CAN_SHUTDOWN_ROOM_CALLBACK = Callable[[str, str], Awaitable[bool]]
+CHECK_CAN_SHUTDOWN_ROOM_CALLBACK = Callable[[Optional[str], str], Awaitable[bool]]
 CHECK_CAN_DEACTIVATE_USER_CALLBACK = Callable[[str, bool], Awaitable[bool]]
 ON_PROFILE_UPDATE_CALLBACK = Callable[[str, ProfileInfo, bool, bool], Awaitable]
 ON_USER_DEACTIVATION_STATUS_CHANGED_CALLBACK = Callable[[str, bool, bool], Awaitable]
@ -429,12 +429,17 @@ class ThirdPartyEventRulesModuleApiCallbacks:
                    "Failed to run module API callback %s: %s", callback, e
                )
-    async def check_can_shutdown_room(self, user_id: str, room_id: str) -> bool:
+    async def check_can_shutdown_room(
        self, user_id: Optional[str], room_id: str
    ) -> bool:
        """Intercept requests to shutdown a room. If `False` is returned, the
         room must not be shut down.
        Args:
-            requester: The ID of the user requesting the shutdown.
+            user_id: The ID of the user requesting the shutdown.
                If no user ID is supplied, then the room is being shut down through
                some mechanism other than a user's request, e.g. through a module's
                request.
            room_id: The ID of the room.
        """
        for callback in self._check_can_shutdown_room_callbacks:
--- a/synapse/push/mailer.py
+++ b/synapse/push/mailer.py
@ -298,20 +298,26 @@ class Mailer:
                notifs_by_room, state_by_room, notif_events, reason
            )
        unsubscribe_link = self._make_unsubscribe_link(user_id, app_id, email_address)
        template_vars: TemplateVars = {
            "user_display_name": user_display_name,
-            "unsubscribe_link": self._make_unsubscribe_link(
+            "unsubscribe_link": unsubscribe_link,
                user_id, app_id, email_address
            ),
            "summary_text": summary_text,
            "rooms": rooms,
            "reason": reason,
        }
-        await self.send_email(email_address, summary_text, template_vars)
+        await self.send_email(
            email_address, summary_text, template_vars, unsubscribe_link
        )
    async def send_email(
-        self, email_address: str, subject: str, extra_template_vars: TemplateVars
+        self,
        email_address: str,
        subject: str,
        extra_template_vars: TemplateVars,
        unsubscribe_link: Optional[str] = None,
    ) -> None:
        """Send an email with the given information and template text"""
        template_vars: TemplateVars = {
@ -330,6 +336,23 @@ class Mailer:
            app_name=self.app_name,
            html=html_text,
            text=plain_text,
            # Include the List-Unsubscribe header which some clients render in the UI.
            # Per RFC 2369, this can be a URL or mailto URL. See
            #     https://www.rfc-editor.org/rfc/rfc2369.html#section-3.2
            #
            # It is preferred to use email, but Synapse doesn't support incoming email.
            #
            # Also include the List-Unsubscribe-Post header from RFC 8058. See
            #     https://www.rfc-editor.org/rfc/rfc8058.html#section-3.1
            #
            # Note that many email clients will not render the unsubscribe link
            # unless DKIM, etc. is properly setup.
            additional_headers={
                "List-Unsubscribe-Post": "List-Unsubscribe=One-Click",
                "List-Unsubscribe": f"<{unsubscribe_link}>",
            }
            if unsubscribe_link
            else None,
        )
    async def _get_room_vars(
--- a/synapse/replication/http/devices.py
+++ b/synapse/replication/http/devices.py
@ -20,7 +20,7 @@ from twisted.web.server import Request
 from synapse.http.server import HttpServer
 from synapse.logging.opentracing import active_span
 from synapse.replication.http._base import ReplicationEndpoint
-from synapse.types import JsonDict
+from synapse.types import JsonDict, JsonMapping
 if TYPE_CHECKING:
    from synapse.server import HomeServer
@ -82,7 +82,7 @@ class ReplicationMultiUserDevicesResyncRestServlet(ReplicationEndpoint):
    async def _handle_request(  # type: ignore[override]
        self, request: Request, content: JsonDict
-    ) -> Tuple[int, Dict[str, Optional[JsonDict]]]:
+    ) -> Tuple[int, Dict[str, Optional[JsonMapping]]]:
        user_ids: List[str] = content["user_ids"]
        logger.info("Resync for %r", user_ids)
--- a/synapse/replication/tcp/handler.py
+++ b/synapse/replication/tcp/handler.py
@ -644,7 +644,7 @@ class ReplicationCommandHandler:
                    [stream.parse_row(row) for row in rows],
                )
-            logger.info("Caught up with stream '%s' to %i", stream_name, cmd.new_token)
+        logger.info("Caught up with stream '%s' to %i", stream_name, cmd.new_token)
        # We've now caught up to position sent to us, notify handler.
        await self._replication_data_handler.on_position(
--- a/synapse/replication/tcp/resource.py
+++ b/synapse/replication/tcp/resource.py
@ -191,7 +191,12 @@ class ReplicationStreamer:
                        if updates:
                            logger.info(
-                                "Streaming: %s -> %s", stream.NAME, updates[-1][0]
+                                "Streaming: %s -> %s (limited: %s, updates: %s, max token: %s)",
                                stream.NAME,
                                updates[-1][0],
                                limited,
                                len(updates),
                                current_token,
                            )
                            stream_updates_counter.labels(stream.NAME).inc(len(updates))
--- a/synapse/rest/init.py
+++ b/synapse/rest/init.py
@ -123,7 +123,7 @@ class ClientRestResource(JsonResource):
        if is_main_process:
            report_event.register_servlets(hs, client_resource)
            openid.register_servlets(hs, client_resource)
-            notifications.register_servlets(hs, client_resource)
+        notifications.register_servlets(hs, client_resource)
        devices.register_servlets(hs, client_resource)
        if is_main_process:
            thirdparty.register_servlets(hs, client_resource)
--- a/synapse/rest/client/account.py
+++ b/synapse/rest/client/account.py
@ -179,85 +179,81 @@ class PasswordRestServlet(RestServlet):
        #
        # In the second case, we require a password to confirm their identity.
-        requester = None
+        try:
-        if self.auth.has_access_token(request):
+            requester = None
-            requester = await self.auth.get_user_by_req(request)
+            if self.auth.has_access_token(request):
-            try:
+                requester = await self.auth.get_user_by_req(request)
                params, session_id = await self.auth_handler.validate_user_via_ui_auth(
                    requester,
                    request,
-                    body.dict(exclude_unset=True),
+                    body.dict(exclude_unset=True, exclude={"new_password"}),
                    "modify your account password",
                )
-            except InteractiveAuthIncompleteError as e:
+                user_id = requester.user.to_string()
-                # The user needs to provide more steps to complete auth, but
+            else:
                # they're not required to provide the password again.
                #
                # If a password is available now, hash the provided password and
                # store it for later.
                if new_password:
                    new_password_hash = await self.auth_handler.hash(new_password)
                    await self.auth_handler.set_session_data(
                        e.session_id,
                        UIAuthSessionDataConstants.PASSWORD_HASH,
                        new_password_hash,
                    )
                raise
            user_id = requester.user.to_string()
        else:
            try:
                result, params, session_id = await self.auth_handler.check_ui_auth(
                    [[LoginType.EMAIL_IDENTITY]],
                    request,
-                    body.dict(exclude_unset=True),
+                    body.dict(exclude_unset=True, exclude={"new_password"}),
                    "modify your account password",
                )
-            except InteractiveAuthIncompleteError as e:
+
-                # The user needs to provide more steps to complete auth, but
+                if LoginType.EMAIL_IDENTITY in result:
-                # they're not required to provide the password again.
+                    threepid = result[LoginType.EMAIL_IDENTITY]
-                #
+                    if "medium" not in threepid or "address" not in threepid:
-                # If a password is available now, hash the provided password and
+                        raise SynapseError(500, "Malformed threepid")
-                # store it for later.
+                    if threepid["medium"] == "email":
-                if new_password:
+                        # For emails, canonicalise the address.
-                    new_password_hash = await self.auth_handler.hash(new_password)
+                        # We store all email addresses canonicalised in the DB.
-                    await self.auth_handler.set_session_data(
+                        # (See add_threepid in synapse/handlers/auth.py)
-                        e.session_id,
+                        try:
-                        UIAuthSessionDataConstants.PASSWORD_HASH,
+                            threepid["address"] = validate_email(threepid["address"])
-                        new_password_hash,
+                        except ValueError as e:
                            raise SynapseError(400, str(e))
                    # if using email, we must know about the email they're authing with!
                    threepid_user_id = await self.datastore.get_user_id_by_threepid(
                        threepid["medium"], threepid["address"]
                    )
                    if not threepid_user_id:
                        raise SynapseError(
                            404, "Email address not found", Codes.NOT_FOUND
                        )
                    user_id = threepid_user_id
                else:
                    logger.error("Auth succeeded but no known type! %r", result.keys())
                    raise SynapseError(500, "", Codes.UNKNOWN)
        except InteractiveAuthIncompleteError as e:
            # The user needs to provide more steps to complete auth, but
            # they're not required to provide the password again.
            #
            # If a password is available now, hash the provided password and
            # store it for later. We only do this if we don't already have the
            # password hash stored, to avoid repeatedly hashing the password.
            if not new_password:
                raise
-            if LoginType.EMAIL_IDENTITY in result:
+            existing_session_password_hash = await self.auth_handler.get_session_data(
-                threepid = result[LoginType.EMAIL_IDENTITY]
+                e.session_id, UIAuthSessionDataConstants.PASSWORD_HASH, None
-                if "medium" not in threepid or "address" not in threepid:
+            )
-                    raise SynapseError(500, "Malformed threepid")
+            if existing_session_password_hash:
-                if threepid["medium"] == "email":
+                raise
-                    # For emails, canonicalise the address.
+
-                    # We store all email addresses canonicalised in the DB.
+            new_password_hash = await self.auth_handler.hash(new_password)
-                    # (See add_threepid in synapse/handlers/auth.py)
+            await self.auth_handler.set_session_data(
-                    try:
+                e.session_id,
-                        threepid["address"] = validate_email(threepid["address"])
+                UIAuthSessionDataConstants.PASSWORD_HASH,
-                    except ValueError as e:
+                new_password_hash,
-                        raise SynapseError(400, str(e))
+            )
-                # if using email, we must know about the email they're authing with!
+            raise
                threepid_user_id = await self.datastore.get_user_id_by_threepid(
                    threepid["medium"], threepid["address"]
                )
                if not threepid_user_id:
                    raise SynapseError(404, "Email address not found", Codes.NOT_FOUND)
                user_id = threepid_user_id
            else:
                logger.error("Auth succeeded but no known type! %r", result.keys())
                raise SynapseError(500, "", Codes.UNKNOWN)
        # If we have a password in this request, prefer it. Otherwise, use the
        # password hash from an earlier request.
        if new_password:
            password_hash: Optional[str] = await self.auth_handler.hash(new_password)
        elif session_id is not None:
-            password_hash = await self.auth_handler.get_session_data(
+            password_hash = existing_session_password_hash
                session_id, UIAuthSessionDataConstants.PASSWORD_HASH, None
            )
        else:
            # UI validation was skipped, but the request did not include a new
            # password.
--- a/Show More
+++ b/Show More
		`@ -0,0 +1 @@`
							`Fix a long-standing bug where multi-device accounts could cause high load due to presence.`
		`@ -0,0 +1 @@`
							Add GCC and GNU Make to the Nix flake development environment so that `ruff` can be compiled.
		`@ -0,0 +1 @@`
							Support resolving homeservers using `matrix-fed` DNS SRV records from [MSC4040](https://github.com/matrix-org/matrix-spec-proposals/pull/4040).
		`@ -0,0 +1 @@`
							Add the ability to use `G` (GiB) and `T` (TiB) suffixes in configuration options that refer to numbers of bytes.
		`@ -0,0 +1 @@`
							`Add span information to requests sent to appservices. Contributed by MTRNord.`
		`@ -0,0 +1 @@`
							`Fix type checking when using the new version of Twisted.`
		`@ -0,0 +1 @@`
							`Delete device messages asynchronously and in staged batches using the task scheduler.`
		`@ -0,0 +1 @@`
							`Bump minimum supported Rust version to 1.61.0.`
		`@ -0,0 +1 @@`
							`Fix a long-standing bug where appservices using MSC2409 to receive to_device messages, would only get messages for one user.`
		`@ -0,0 +1 @@`
							`Fix bug when using workers where Synapse could end up re-requesting the same remote device repeatedly.`