From 88be52c88a03d3d017470350d98adbc731d51815 Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <babolivier@matrix.org>
Date: Mon, 28 Mar 2022 16:00:40 +0100
Subject: [PATCH 1/6] Revert "Revert "Replace instances of deprecated
 `Jinja2.Markup` with `markupsafe.Markup`" (#12296)"

This reverts commit 000426095224401649827d6cdc5a7d5e0ef4e17c.
---
 synapse/push/mailer.py         | 9 +++++----
 synapse/python_dependencies.py | 4 ++--
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/synapse/push/mailer.py b/synapse/push/mailer.py
index 649a4f49d024..5ccdd88364d7 100644
--- a/synapse/push/mailer.py
+++ b/synapse/push/mailer.py
@@ -18,6 +18,7 @@
 
 import bleach
 import jinja2
+from markupsafe import Markup
 
 from synapse.api.constants import EventTypes, Membership, RoomTypes
 from synapse.api.errors import StoreError
@@ -867,7 +868,7 @@ def _make_unsubscribe_link(
         )
 
 
-def safe_markup(raw_html: str) -> jinja2.Markup:
+def safe_markup(raw_html: str) -> Markup:
     """
     Sanitise a raw HTML string to a set of allowed tags and attributes, and linkify any bare URLs.
 
@@ -877,7 +878,7 @@ def safe_markup(raw_html: str) -> jinja2.Markup:
     Returns:
         A Markup object ready to safely use in a Jinja template.
     """
-    return jinja2.Markup(
+    return Markup(
         bleach.linkify(
             bleach.clean(
                 raw_html,
@@ -891,7 +892,7 @@ def safe_markup(raw_html: str) -> jinja2.Markup:
     )
 
 
-def safe_text(raw_text: str) -> jinja2.Markup:
+def safe_text(raw_text: str) -> Markup:
     """
     Sanitise text (escape any HTML tags), and then linkify any bare URLs.
 
@@ -901,7 +902,7 @@ def safe_text(raw_text: str) -> jinja2.Markup:
     Returns:
         A Markup object ready to safely use in a Jinja template.
     """
-    return jinja2.Markup(
+    return Markup(
         bleach.linkify(bleach.clean(raw_text, tags=[], attributes=[], strip=False))
     )
 
diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
index 79ae06ce5d07..232f9a959570 100644
--- a/synapse/python_dependencies.py
+++ b/synapse/python_dependencies.py
@@ -74,8 +74,8 @@
     # Note: 21.1.0 broke `/sync`, see #9936
     "attrs>=19.2.0,!=21.1.0",
     "netaddr>=0.7.18",
-    # Jinja2 3.1.0 removes the deprecated jinja2.Markup class, which we rely on.
-    "Jinja2<3.1.0",
+    "Jinja2>=2.9",
+    "MarkupSafe>=2.0",
     "bleach>=1.4.3",
     # We use `ParamSpec`, which was added in `typing-extensions` 3.10.0.0.
     "typing-extensions>=3.10.0",

From 9c20e494ae4c4b5c18a6b77d8195631bb6772806 Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <babolivier@matrix.org>
Date: Mon, 28 Mar 2022 16:01:25 +0100
Subject: [PATCH 2/6] Pin Jinja2 to ~=3.0

---
 synapse/python_dependencies.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
index 232f9a959570..1ddc1e87d33e 100644
--- a/synapse/python_dependencies.py
+++ b/synapse/python_dependencies.py
@@ -74,8 +74,7 @@
     # Note: 21.1.0 broke `/sync`, see #9936
     "attrs>=19.2.0,!=21.1.0",
     "netaddr>=0.7.18",
-    "Jinja2>=2.9",
-    "MarkupSafe>=2.0",
+    "Jinja2~=3.0",
     "bleach>=1.4.3",
     # We use `ParamSpec`, which was added in `typing-extensions` 3.10.0.0.
     "typing-extensions>=3.10.0",

From 2be9bdbaea440d8ac05ef0f19e4da7c7fbc644ad Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <babolivier@matrix.org>
Date: Mon, 28 Mar 2022 16:03:21 +0100
Subject: [PATCH 3/6] Changelog

---
 changelog.d/12313.misc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/12313.misc

diff --git a/changelog.d/12313.misc b/changelog.d/12313.misc
new file mode 100644
index 000000000000..d90347b83f66
--- /dev/null
+++ b/changelog.d/12313.misc
@@ -0,0 +1 @@
+Correctly import `Markup` from `MarkupSafe` instead of `Jinja2`.

From 66809d7cccfa7287f6f91878805a2f4c4c899e92 Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <babolivier@matrix.org>
Date: Mon, 28 Mar 2022 17:00:25 +0100
Subject: [PATCH 4/6] Explain better

---
 changelog.d/12313.misc         | 2 +-
 synapse/python_dependencies.py | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/changelog.d/12313.misc b/changelog.d/12313.misc
index d90347b83f66..fd8f0190213b 100644
--- a/changelog.d/12313.misc
+++ b/changelog.d/12313.misc
@@ -1 +1 @@
-Correctly import `Markup` from `MarkupSafe` instead of `Jinja2`.
+Import `Markup` from `MarkupSafe` as importing it from `Jinja2` has been deprecated for some time and recently removed.
diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
index 1ddc1e87d33e..33de3799c5ee 100644
--- a/synapse/python_dependencies.py
+++ b/synapse/python_dependencies.py
@@ -74,6 +74,7 @@
     # Note: 21.1.0 broke `/sync`, see #9936
     "attrs>=19.2.0,!=21.1.0",
     "netaddr>=0.7.18",
+    # Jinja 2.x is incompatible with recent versions of MarkupSafe, on which it depends.
     "Jinja2~=3.0",
     "bleach>=1.4.3",
     # We use `ParamSpec`, which was added in `typing-extensions` 3.10.0.0.

From 4b9bb6c6f365d5eed53376bf8c089db4e8c09ed5 Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <babolivier@matrix.org>
Date: Mon, 28 Mar 2022 18:36:07 +0200
Subject: [PATCH 5/6] Apply suggestions from code review

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
---
 changelog.d/12313.misc         | 2 +-
 synapse/python_dependencies.py | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/changelog.d/12313.misc b/changelog.d/12313.misc
index fd8f0190213b..f59f6cdc40da 100644
--- a/changelog.d/12313.misc
+++ b/changelog.d/12313.misc
@@ -1 +1 @@
-Import `Markup` from `MarkupSafe` as importing it from `Jinja2` has been deprecated for some time and recently removed.
+Fix compatibility with the recently-released Jinja 3.1.
diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
index 33de3799c5ee..38841d014b96 100644
--- a/synapse/python_dependencies.py
+++ b/synapse/python_dependencies.py
@@ -74,7 +74,9 @@
     # Note: 21.1.0 broke `/sync`, see #9936
     "attrs>=19.2.0,!=21.1.0",
     "netaddr>=0.7.18",
-    # Jinja 2.x is incompatible with recent versions of MarkupSafe, on which it depends.
+    # Jinja 2.x is incompatible with MarkupSafe>=2.1. To ensure that admins do not
+    # end up with a broken installation, with recent MarkupSafe but old Jinja, we
+    # add a lower bound to the Jinja2 dependency.
     "Jinja2~=3.0",
     "bleach>=1.4.3",
     # We use `ParamSpec`, which was added in `typing-extensions` 3.10.0.0.

From 77e2553ce658fc70aa69260cc5241ebeab76351f Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <babolivier@matrix.org>
Date: Mon, 28 Mar 2022 18:36:35 +0200
Subject: [PATCH 6/6] Update synapse/python_dependencies.py

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
---
 synapse/python_dependencies.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
index 38841d014b96..8419ab3aca95 100644
--- a/synapse/python_dependencies.py
+++ b/synapse/python_dependencies.py
@@ -77,7 +77,7 @@
     # Jinja 2.x is incompatible with MarkupSafe>=2.1. To ensure that admins do not
     # end up with a broken installation, with recent MarkupSafe but old Jinja, we
     # add a lower bound to the Jinja2 dependency.
-    "Jinja2~=3.0",
+    "Jinja2>=3.0",
     "bleach>=1.4.3",
     # We use `ParamSpec`, which was added in `typing-extensions` 3.10.0.0.
     "typing-extensions>=3.10.0",