chore: Configure Renovate

[renovate]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

📚 See our Reading List for relevant documentation you may be interested in reading.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

Detected Package Files

• rust/Cargo.toml (cargo)
• contrib/vertobot/cpanfile (cpanfile)
• contrib/docker/docker-compose.yml (docker-compose)
• contrib/docker_compose_workers/docker-compose.yaml (docker-compose)
• otlp-test/docker-compose.yaml (docker-compose)
• docker/Dockerfile (dockerfile)
• docker/Dockerfile-dhvirtualenv (dockerfile)
• docker/Dockerfile-famedly (dockerfile)
• docker/Dockerfile-workers (dockerfile)
• docker/complement/Dockerfile (dockerfile)
• docker/editable.Dockerfile (dockerfile)
• .github/workflows/complement_tests.yml (github-actions)
• .github/workflows/docker-famedly.yml (github-actions)
• .github/workflows/docker-pr-dev.yml (github-actions)
• .github/workflows/docker.yml (github-actions)
• .github/workflows/docs-pr.yaml (github-actions)
• .github/workflows/docs.yaml (github-actions)
• .github/workflows/famedly-tests.yml (github-actions)
• .github/workflows/fix_lint.yaml (github-actions)
• .github/workflows/latest_deps.yml (github-actions)
• .github/workflows/poetry_lockfile.yaml (github-actions)
• .github/workflows/push_complement_image.yml (github-actions)
• .github/workflows/release-artifacts.yml (github-actions)
• .github/workflows/schema.yaml (github-actions)
• .github/workflows/tests.yml (github-actions)
• .github/workflows/triage-incoming.yml (github-actions)
• .github/workflows/triage_labelled.yml (github-actions)
• .github/workflows/twisted_trunk.yml (github-actions)
• .gitlab-ci.yml (gitlabci)
• complement/go.mod (gomod)
• pyproject.toml (poetry)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Hopefully safe environment variables to allow users to configure.
• Show all Merge Confidence badges for pull requests.
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Show only the Age and Confidence Merge Confidence badges for pull requests.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.
• Ensure that every dependency pinned by digest and sourced from Forgejo contains a link to the commit-to-commit diff
• Ensure that every dependency pinned by digest and sourced from Gitea contains a link to the commit-to-commit diff
• Ensure that every dependency pinned by digest and sourced from GitHub.com and Github enterprise contains a link to the commit-to-commit diff
• Correctly link to the source code for golang.org/x packages
• Link to pkg.go.dev/... for golang.org/x packages' title

---

What to Expect

With your current configuration, Renovate will create 80 Pull Requests:

Update dependency gitpython to v3.1.47 [SECURITY]

• Branch name: renovate/pypi-gitpython-vulnerability
• Merge into: master
• Upgrade gitpython to 3.1.47

Update dependency python-multipart to v0.0.26 [SECURITY]

• Branch name: renovate/pypi-python-multipart-vulnerability
• Merge into: master
• Upgrade python-multipart to 0.0.26

Update dependency lxml to v6.1.0 [SECURITY]

• Branch name: renovate/pypi-lxml-vulnerability
• Merge into: master
• Upgrade lxml to 6.1.0

Update dependency Pillow to v12.2.0 [SECURITY]

• Branch name: renovate/pypi-pillow-vulnerability
• Merge into: master
• Upgrade Pillow to 12.2.0

Update dtolnay/rust-toolchain digest to 3c5f7ea

• Schedule: ["at any time"]
• Branch name: renovate/dtolnay-rust-toolchain-digest
• Merge into: master
• Upgrade dtolnay/rust-toolchain to 3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9

Update github.com/matrix-org/complement digest to 9b87d55

• Schedule: ["at any time"]
• Branch name: renovate/github.com-matrix-org-complement-digest
• Merge into: master
• Upgrade github.com/matrix-org/complement to 9b87d558bc03

Update github.com/matrix-org/gomatrixserverlib digest to 20c9de3

• Schedule: ["at any time"]
• Branch name: renovate/github.com-matrix-org-gomatrixserverlib-digest
• Merge into: master
• Upgrade github.com/matrix-org/gomatrixserverlib to 20c9de33969e

Update actions/upload-artifact action to v7.0.1

• Schedule: ["at any time"]
• Branch name: renovate/actions-upload-artifact-7.x
• Merge into: master
• Upgrade actions/upload-artifact to 043fb46d1a93c77aae656e7c1c64a875d1fc6a0a

Update dependency click to v8.3.3

• Schedule: ["at any time"]
• Branch name: renovate/click-8.x-lockfile
• Merge into: master
• Upgrade click to 8.3.3

Update dependency phonenumbers to v9.0.29

• Schedule: ["at any time"]
• Branch name: renovate/phonenumbers-9.x-lockfile
• Merge into: master
• Upgrade phonenumbers to 9.0.29

Update dependency psycopg2 to v2.9.12

• Schedule: ["at any time"]
• Branch name: renovate/psycopg2-2.x-lockfile
• Merge into: master
• Upgrade psycopg2 to 2.9.12

Update dependency pygithub to v2.9.1

• Schedule: ["at any time"]
• Branch name: renovate/pygithub-2.x-lockfile
• Merge into: master
• Upgrade pygithub to 2.9.1

Update dependency pysaml2 to v7.5.4

• Schedule: ["at any time"]
• Branch name: renovate/pysaml2-7.x-lockfile
• Merge into: master
• Upgrade pysaml2 to 7.5.4

Update dependency requests to v2.33.1

• Schedule: ["at any time"]
• Branch name: renovate/requests-2.x-lockfile
• Merge into: master
• Upgrade requests to 2.33.1

Update dependency setuptools_rust to v1.12.1

• Schedule: ["at any time"]
• Branch name: renovate/setuptools_rust-1.x-lockfile
• Merge into: master
• Upgrade setuptools_rust to 1.12.1

Update dependency tomli to v2.4.1

• Schedule: ["at any time"]
• Branch name: renovate/tomli-2.x-lockfile
• Merge into: master
• Upgrade tomli to 2.4.1

Update dependency types-bleach to v6.3.0.20260408

• Schedule: ["at any time"]
• Branch name: renovate/types-bleach-6.x-lockfile
• Merge into: master
• Upgrade types-bleach to 6.3.0.20260408

Update dependency types-jsonschema to v4.26.0.20260408

• Schedule: ["at any time"]
• Branch name: renovate/types-jsonschema-4.x-lockfile
• Merge into: master
• Upgrade types-jsonschema to 4.26.0.20260408

Update dependency types-netaddr to v1.3.0.20260408

• Schedule: ["at any time"]
• Branch name: renovate/types-netaddr-1.x-lockfile
• Merge into: master
• Upgrade types-netaddr to 1.3.0.20260408

Update dependency types-opentracing to v2.4.10.20260408

• Schedule: ["at any time"]
• Branch name: renovate/types-opentracing-2.x-lockfile
• Merge into: master
• Upgrade types-opentracing to 2.4.10.20260408

Update dependency types-psycopg2 to v2.9.21.20260422

• Schedule: ["at any time"]
• Branch name: renovate/types-psycopg2-2.x-lockfile
• Merge into: master
• Upgrade types-psycopg2 to 2.9.21.20260422

Update dependency types-pyyaml to v6.0.12.20260408

• Schedule: ["at any time"]
• Branch name: renovate/types-pyyaml-6.x-lockfile
• Merge into: master
• Upgrade types-pyyaml to 6.0.12.20260408

Update dependency types-setuptools to v82.0.0.20260408

• Schedule: ["at any time"]
• Branch name: renovate/types-setuptools-82.x-lockfile
• Merge into: master
• Upgrade types-setuptools to 82.0.0.20260408

Update docker.io/library/debian Docker tag to trixie-20260421

• Schedule: ["at any time"]
• Branch name: renovate/docker.io-library-debian-13.x
• Merge into: master
• Upgrade docker.io/library/debian to trixie-20260421

Update actions/setup-python action to v6.2.0

• Schedule: ["at any time"]
• Branch name: renovate/actions-setup-python-6.x
• Merge into: master
• Upgrade actions/setup-python to a309ff8b426b58ec0e2a45f0f869d46889d02405

Update dependency authlib to v1.7.0

• Schedule: ["at any time"]
• Branch name: renovate/authlib-1.x-lockfile
• Merge into: master
• Upgrade authlib to 1.7.0

Update dependency Future to v0.52

• Schedule: ["at any time"]
• Branch name: renovate/future-0.x
• Merge into: master
• Upgrade Future to 0.52

Update dependency idna to v3.13

• Schedule: ["at any time"]
• Branch name: renovate/idna-3.x-lockfile
• Merge into: master
• Upgrade idna to 3.13

Update dependency IO::Async to v0.805

• Schedule: ["at any time"]
• Branch name: renovate/io-async-0.x
• Merge into: master
• Upgrade IO::Async to 0.805

Update dependency IO::Async::SSL to v0.25

• Schedule: ["at any time"]
• Branch name: renovate/io-async-ssl-0.x
• Merge into: master
• Upgrade IO::Async::SSL to 0.25

Update dependency Net::Async::Matrix to v0.19

• Schedule: ["at any time"]
• Branch name: renovate/net-async-matrix-0.x
• Merge into: master
• Upgrade Net::Async::Matrix to 0.19

Update dependency Net::Async::WebSocket::Protocol to v0.14

• Schedule: ["at any time"]
• Branch name: renovate/net-async-websocket-protocol-0.x
• Merge into: master
• Upgrade Net::Async::WebSocket::Protocol to 0.14

Update dependency packaging to v26.2

• Schedule: ["at any time"]
• Branch name: renovate/packaging-26.x-lockfile
• Merge into: master
• Upgrade packaging to 26.2

Update dependency parent to v0.244

• Schedule: ["at any time"]
• Branch name: renovate/parent-0.x
• Merge into: master
• Upgrade parent to 0.244

Update dependency prometheus-client to v0.25.0

• Schedule: ["at any time"]
• Branch name: renovate/prometheus-client-0.x-lockfile
• Merge into: master
• Upgrade prometheus-client to 0.25.0

Update dependency pydantic to v2.13.3

• Schedule: ["at any time"]
• Branch name: renovate/pydantic-2.x-lockfile
• Merge into: master
• Upgrade pydantic to 2.13.3

Update dependency pympler to v1.1

• Schedule: ["at any time"]
• Branch name: renovate/pympler-1.x-lockfile
• Merge into: master
• Upgrade pympler to 1.1

Update dependency pyOpenSSL to v26.1.0

• Schedule: ["at any time"]
• Branch name: renovate/pyopenssl-26.x-lockfile
• Merge into: master
• Upgrade pyOpenSSL to 26.1.0

Update dependency python to 3.14

• Schedule: ["at any time"]
• Branch name: renovate/python-3.x
• Merge into: master
• Upgrade python to 3.14

Update dependency ruff to v0.15.12

• Schedule: ["at any time"]
• Branch name: renovate/ruff-0.x
• Merge into: master
• Upgrade ruff to ==0.15.12

Update dependency sentry-sdk to v2.58.0

• Schedule: ["at any time"]
• Branch name: renovate/sentry-sdk-2.x-lockfile
• Merge into: master
• Upgrade sentry-sdk to 2.58.0

Update dependency sqlglot to v30.6.0

• Schedule: ["at any time"]
• Branch name: renovate/sqlglot-30.x-lockfile
• Merge into: master
• Upgrade sqlglot to 30.6.0

Update dependency types-requests to v2.33.0.20260408

• Schedule: ["at any time"]
• Branch name: renovate/types-requests-2.x-lockfile
• Merge into: master
• Upgrade types-requests to 2.33.0.20260408

Update dependency zope-interface to v8.4

• Schedule: ["at any time"]
• Branch name: renovate/zope-interface-8.x-lockfile
• Merge into: master
• Upgrade zope-interface to 8.4

Update docker.io/library/python Docker tag to v3.14

• Schedule: ["at any time"]
• Branch name: renovate/docker.io-library-python-3.x
• Merge into: master
• Upgrade docker.io/library/python to 3.14-slim-trixie

Update docker.io/python Docker tag to v3.14

• Schedule: ["at any time"]
• Branch name: renovate/docker.io-python-3.x
• Merge into: master
• Upgrade docker.io/python to 3.14-slim

Update go toolchain directive to v1.26.2

• Schedule: ["at any time"]
• Branch name: renovate/go-1.x
• Merge into: master
• Upgrade go to 1.26.2

Update module github.com/docker/docker to v28.5.2+incompatible

• Schedule: ["at any time"]
• Branch name: renovate/github.com-docker-docker-28.x
• Merge into: master
• Upgrade github.com/docker/docker to v28.5.2+incompatible

Update opentelemetry-python monorepo to v1.41.1

• Schedule: ["at any time"]
• Branch name: renovate/opentelemetry-python-monorepo
• Merge into: master
• Upgrade opentelemetry-api to ==1.41.1
• Upgrade opentelemetry-exporter-otlp to ==1.41.1
• Upgrade opentelemetry-sdk to ==1.41.1

Update otel/opentelemetry-collector Docker tag to v0.151.0

• Schedule: ["at any time"]
• Branch name: renovate/otel-opentelemetry-collector-0.x
• Merge into: master
• Upgrade otel/opentelemetry-collector to 0.151.0

Update Rust crate icu_segmenter to v2.2.0

• Schedule: ["at any time"]
• Branch name: renovate/icu_segmenter-2.x-lockfile
• Merge into: master
• Upgrade icu_segmenter to 2.2.0

Update Rust crate pyo3 to 0.28.0

• Schedule: ["at any time"]
• Branch name: renovate/pyo3-0.x
• Merge into: master
• Upgrade pyo3 to 0.28.0

Update Rust crate pythonize to 0.28.0

• Schedule: ["at any time"]
• Branch name: renovate/pythonize-0.x
• Merge into: master
• Upgrade pythonize to 0.28.0

Update Rust crate reqwest to 0.13.0

• Schedule: ["at any time"]
• Branch name: renovate/reqwest-0.x
• Merge into: master
• Upgrade reqwest to 0.13.0

Update Rust crate sha2 to 0.11.0

• Schedule: ["at any time"]
• Branch name: renovate/sha2-0.x
• Merge into: master
• Upgrade sha2 to 0.11.0

Update Rust crate tokio to v1.52.1

• Schedule: ["at any time"]
• Branch name: renovate/tokio-1.x-lockfile
• Merge into: master
• Upgrade tokio to 1.52.1

Update sigstore/cosign-installer action to v4.1.1

• Schedule: ["at any time"]
• Branch name: renovate/sigstore-cosign-installer-4.x
• Merge into: master
• Upgrade sigstore/cosign-installer to cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003

Update Swatinem/rust-cache action to v2.9.1

• Schedule: ["at any time"]
• Branch name: renovate/swatinem-rust-cache-2.x
• Merge into: master
• Upgrade Swatinem/rust-cache to c19371144df3bb44fab255c43d04cbc2ab54d1c4

Update actions/cache action to v5.0.5

• Schedule: ["at any time"]
• Branch name: renovate/actions-cache-5.x
• Merge into: master
• Upgrade actions/cache to 27d5ce7f107fe9357f9df03efb73ab90386fccae
• Upgrade actions/cache to v5

Update actions/checkout action to v6

• Schedule: ["at any time"]
• Branch name: renovate/actions-checkout-6.x
• Merge into: master
• Upgrade actions/checkout to v6

Update actions/configure-pages action to v6

• Schedule: ["at any time"]
• Branch name: renovate/actions-configure-pages-6.x
• Merge into: master
• Upgrade actions/configure-pages to v6

Update actions/deploy-pages action to v5

• Schedule: ["at any time"]
• Branch name: renovate/actions-deploy-pages-5.x
• Merge into: master
• Upgrade actions/deploy-pages to v5

Update actions/setup-go action to v6

• Schedule: ["at any time"]
• Branch name: renovate/actions-setup-go-6.x
• Merge into: master
• Upgrade actions/setup-go to v6

Update actions/upload-artifact action to v7

• Schedule: ["at any time"]
• Branch name: renovate/major-github-artifact-actions
• Merge into: master
• Upgrade actions/upload-artifact to v7

Update actions/upload-pages-artifact action to v5

• Schedule: ["at any time"]
• Branch name: renovate/actions-upload-pages-artifact-5.x
• Merge into: master
• Upgrade actions/upload-pages-artifact to v5

Update codecov/codecov-action action to v6

• Schedule: ["at any time"]
• Branch name: renovate/codecov-codecov-action-6.x
• Merge into: master
• Upgrade codecov/codecov-action to v6

Update dependency attrs to v26

• Schedule: ["at any time"]
• Branch name: renovate/attrs-26.x-lockfile
• Merge into: master
• Upgrade attrs to 26.1.0

Update dependency cryptography to v47

• Schedule: ["at any time"]
• Branch name: renovate/cryptography-47.x-lockfile
• Merge into: master
• Upgrade cryptography to 47.0.0

Update dependency Data::UUID to v1

• Schedule: ["at any time"]
• Branch name: renovate/data-uuid-1.x
• Merge into: master
• Upgrade Data::UUID to 1.227

Update dependency Getopt::Long to v2

• Schedule: ["at any time"]
• Branch name: renovate/getopt-long-2.x
• Merge into: master
• Upgrade Getopt::Long to 2.58

Update dependency IO::Socket::SSL to v2

• Schedule: ["at any time"]
• Branch name: renovate/io-socket-ssl-2.x
• Merge into: master
• Upgrade IO::Socket::SSL to 2.098

Update dependency JSON to v4

• Schedule: ["at any time"]
• Branch name: renovate/json-4.x
• Merge into: master
• Upgrade JSON to 4.11

Update dependency ubuntu to v24

• Schedule: ["at any time"]
• Branch name: renovate/ubuntu-24.x
• Merge into: master
• Upgrade ubuntu to 24.04

Update dependency YAML to v1

• Schedule: ["at any time"]
• Branch name: renovate/yaml-1.x
• Merge into: master
• Upgrade YAML to 1.31

Update docker.io/library/postgres Docker tag to v18

• Schedule: ["at any time"]
• Branch name: renovate/docker.io-library-postgres-18.x
• Merge into: master
• Upgrade docker.io/library/postgres to 18-trixie

Update docker.io/postgres Docker tag to v18

• Schedule: ["at any time"]
• Branch name: renovate/docker.io-postgres-18.x
• Merge into: master
• Upgrade docker.io/postgres to 18-alpine

Update docker/build-push-action action to v7.1.0

• Schedule: ["at any time"]
• Branch name: renovate/docker-build-push-action-7.x
• Merge into: master
• Upgrade docker/build-push-action to bcafcacb16a39f128d818304e6c9c0c18556b85f
• Upgrade docker/build-push-action to v7

Update docker/login-action action to v4.1.0

• Schedule: ["at any time"]
• Branch name: renovate/docker-login-action-4.x
• Merge into: master
• Upgrade docker/login-action to 4907a6ddec9925e35a0a9e82d7399ccc52663121
• Upgrade docker/login-action to v4

Update docker/metadata-action action to v6

• Schedule: ["at any time"]
• Branch name: renovate/docker-metadata-action-6.x
• Merge into: master
• Upgrade docker/metadata-action to v6

Update docker/setup-buildx-action action to v4

• Schedule: ["at any time"]
• Branch name: renovate/docker-setup-buildx-action-4.x
• Merge into: master
• Upgrade docker/setup-buildx-action to v4

🚸 PR creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prHourlyLimit for details.

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR was generated by Mend Renovate. View the repository job log.

[Copilot]

Pull request overview

This PR adds Renovate configuration to enable automated dependency updates for the Synapse project. The configuration uses the recommended preset and will create 49 pull requests to update various dependencies across multiple package managers including Python, Rust, Docker, and GitHub Actions.

Changes:

• Adds renovate.json with basic Renovate configuration using the config:recommended preset

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The repository already has Dependabot configured in .github/dependabot.yml for pip, docker, github-actions, and cargo ecosystems. Running both Renovate and Dependabot simultaneously can lead to duplicate dependency update PRs and conflicts. Consider either disabling Dependabot or configuring Renovate to ignore the ecosystems already managed by Dependabot. If you intend to migrate from Dependabot to Renovate, the .github/dependabot.yml file should be removed or disabled.

Suggested change

	"config:recommended"
	"config:recommended"
	],
	"packageRules": [
	{
	"matchManagers": [
	"pip_requirements",
	"pip_setup",
	"pipenv",
	"poetry",
	"pip-compile",
	"dockerfile",
	"github-actions",
	"cargo"
	],
	"enabled": false
	}