Merge branch 'develop' into verji-develop

.github/actions/sign-release-tarball/action.yml

@@ -22,7 +22,7 @@ runs:
 
         - name: Upload tarball signature
           if: ${{ inputs.upload-url }}
-          uses: shogo82148/actions-upload-release-asset@5bd52f05dd8076794da5975d4c0a4f3bce7dd8f5 # v1
+          uses: shogo82148/actions-upload-release-asset@8f032eff0255912cc9c8455797fd6d72f25c7ab7 # v1
           with:
               upload_url: ${{ inputs.upload-url }}
               asset_path: ${{ env.VERSION }}.tar.gz.asc

.github/actions/upload-release-assets/action.yml

@@ -29,13 +29,13 @@ runs:
 
         - name: Upload asset signatures
           if: inputs.gpg-fingerprint
-          uses: shogo82148/actions-upload-release-asset@5bd52f05dd8076794da5975d4c0a4f3bce7dd8f5 # v1
+          uses: shogo82148/actions-upload-release-asset@8f032eff0255912cc9c8455797fd6d72f25c7ab7 # v1
           with:
               upload_url: ${{ inputs.upload-url }}
               asset_path: ${{ inputs.asset-path }}.asc
 
         - name: Upload assets
-          uses: shogo82148/actions-upload-release-asset@5bd52f05dd8076794da5975d4c0a4f3bce7dd8f5 # v1
+          uses: shogo82148/actions-upload-release-asset@8f032eff0255912cc9c8455797fd6d72f25c7ab7 # v1
           with:
               upload_url: ${{ inputs.upload-url }}
               asset_path: ${{ inputs.asset-path }}

.github/workflows/downstream-end-to-end-tests.yml

@@ -3,10 +3,16 @@
 
 name: matrix-react-sdk End to End Tests
 on:
-    workflow_run:
-        workflows: ["Build downstream artifacts"]
-        types:
-            - completed
+    merge_group:
+        types: [checks_requested]
+
+    pull_request: {}
+
+    # For now at least, we don't run this or the downstream-end-to-end-tests against pushes
+    # to develop or master.
+    #
+    #push:
+    #    branches: [develop, master]
 
 concurrency:
     group: ${{ github.workflow }}-${{ github.event.workflow_run.head_branch || github.run_id }}
@@ -15,44 +21,14 @@ concurrency:
 jobs:
     playwright:
         name: Playwright
-        # We only want to run the playwright tests on merge queue to prevent regressions
-        # from creeping in. They take a long time to run and consume multiple concurrent runners.
-        if: github.event.workflow_run.event == 'merge_group'
         uses: matrix-org/matrix-react-sdk/.github/workflows/end-to-end-tests.yaml@develop
         permissions:
             actions: read
             issues: read
-            statuses: write
             pull-requests: read
-            deployments: write
         with:
+            matrix-js-sdk-sha: ${{ github.sha }}
             react-sdk-repository: matrix-org/matrix-react-sdk
-        secrets:
-            ELEMENT_BOT_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }}
-
-    # We want to make the Playwright tests a required check for the merge queue.
-    #
-    # Unfortunately, GitHub doesn't distinguish between "checks needed for branch
-    # protection" (ie, the things that must pass before the PR will even be added
-    # to the merge queue) and "checks needed in the merge queue". We just have to add
-    # the check to the branch protection list.
-    #
-    # Ergo, if we know we're not going to run the Playwright tests, we need to add a
-    # passing status check manually.
-    mark_skipped:
-        if: github.event.workflow_run.event != 'merge_group'
-        permissions:
-            statuses: write
-        runs-on: ubuntu-latest
-        steps:
-            - uses: Sibz/github-status-action@071b5370da85afbb16637d6eed8524a06bc2053e # v1
-              with:
-                  authToken: "${{ secrets.GITHUB_TOKEN }}"
-                  state: success
-                  description: Playwright skipped
-
-                  # Keep in step with the `context` that is updated by `Sibz/github-status-action`
-                  # in matrix-org/matrix-react-sdk/.github/workflows/end-to-end-tests.yaml.
-                  context: "${{ github.workflow }} / end-to-end-tests"
-
-                  sha: "${{ github.event.workflow_run.head_sha }}"
+            # We only want to run the playwright tests on merge queue to prevent regressions
+            # from creeping in. They take a long time to run and consume multiple concurrent runners.
+            skip: ${{ github.event_name != 'merge_group' }}

.github/workflows/pull_request.yaml

@@ -14,7 +14,7 @@ jobs:
         name: Preview Changelog
         runs-on: ubuntu-latest
         steps:
-            - uses: mheap/github-action-required-labels@132879b972cb7f2ac593006455875098e73cc7f2 # v5
+            - uses: mheap/github-action-required-labels@5847eef68201219cf0a4643ea7be61e77837bbce # v5
               if: github.event_name != 'merge_group'
               with:
                   labels: |

.github/workflows/release-drafter-workflow.yml

@@ -1,4 +1,5 @@
-name: Release Drafter
+# Workflow used by other workflows to generate draft releases.
+name: Release Drafter Reusable
 on:
     workflow_call:
         inputs:

.github/workflows/release-drafter.yml

@@ -1,3 +1,7 @@
+# Generates the draft release for the js-sdk
+# Normally triggered whenever anything is merged to the staging branch, but
+# also has a workflow dispatch trigger in case it needs running manually due
+# to failures / workflow updates etc.
 name: Release Drafter
 on:
     push:

.github/workflows/release-make.yml

@@ -59,7 +59,7 @@ jobs:
 
             - name: Get draft release
               id: draft-release
-              uses: cardinalby/git-get-release-action@cedef2faf69cb7c55b285bad07688d04430b7ada # v1
+              uses: cardinalby/git-get-release-action@5172c3a026600b1d459b117738c605fabc9e4e44 # v1
               env:
                   GITHUB_TOKEN: ${{ github.token }}
               with:

.github/workflows/sonarcloud.yml

@@ -12,10 +12,6 @@ on:
                 type: boolean
                 required: false
                 description: "Whether to combine multiple LCOV and jest-sonar-report files in coverage artifact"
-            extra_args:
-                type: string
-                required: false
-                description: "Extra args to pass to SonarCloud"
 jobs:
     sonarqube:
         runs-on: ubuntu-latest
@@ -34,7 +30,7 @@ jobs:
                   target_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
 
             - name: "🧮 Checkout code"
-              uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+              uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
               with:
                   repository: ${{ github.event.workflow_run.head_repository.full_name }}
                   ref: ${{ github.event.workflow_run.head_branch }} # checkout commit that triggered this workflow
@@ -60,14 +56,14 @@ jobs:
 
             - id: extra_args
               run: |
-                  coverage=$(find coverage -type f -name '*lcov.info' | tr '\n' ',' | sed 's/,$//g')
-                  echo "reportPaths=$coverage" >> $GITHUB_OUTPUT
-                  reports=$(find coverage -type f -name 'jest-sonar-report*.xml' | tr '\n' ',' | sed 's/,$//g')
-                  echo "testExecutionReportPaths=$reports" >> $GITHUB_OUTPUT
+                  coverage=$(find coverage -type f -name '*lcov.info' -printf '%h/%f,' | tr -d '\r\n' | sed 's/,$//g')
+                  echo "sonar.javascript.lcov.reportPaths=$coverage" >> sonar-project.properties
+                  reports=$(find coverage -type f -name 'jest-sonar-report*.xml' -printf '%h/%f,' | tr -d '\r\n' | sed 's/,$//g')
+                  echo "sonar.testExecutionReportPaths=$reports" >> sonar-project.properties
 
             - name: "🩻 SonarCloud Scan"
               id: sonarcloud
-              uses: matrix-org/sonarcloud-workflow-action@v2.7
+              uses: matrix-org/sonarcloud-workflow-action@v3.2
               # workflow_run fails report against the develop commit always, we don't want that for PRs
               continue-on-error: ${{ github.event.workflow_run.head_branch != 'develop' }}
               with:
@@ -78,10 +74,6 @@ jobs:
                   branch: ${{ github.event.workflow_run.head_branch }}
                   revision: ${{ github.event.workflow_run.head_sha }}
                   token: ${{ secrets.SONAR_TOKEN }}
-                  extra_args: |
-                      ${{ inputs.extra_args }}
-                      -Dsonar.javascript.lcov.reportPaths=${{ steps.extra_args.outputs.reportPaths }}
-                      -Dsonar.testExecutionReportPaths=${{ steps.extra_args.outputs.testExecutionReportPaths }}
 
             - uses: Sibz/github-status-action@071b5370da85afbb16637d6eed8524a06bc2053e # v1
               if: always()

.github/workflows/tests.yml

@@ -71,6 +71,24 @@ jobs:
             disable_coverage: true
             matrix-js-sdk-sha: ${{ github.sha }}
 
+    complement-crypto:
+        name: "Run Complement Crypto tests"
+        if: github.event_name == 'merge_group'
+        uses: matrix-org/complement-crypto/.github/workflows/single_sdk_tests.yml@main
+        with:
+            use_js_sdk: "."
+
+    # we need this so the job is reported properly when run in a merge queue
+    downstream-complement-crypto:
+        name: Downstream Complement Crypto tests
+        runs-on: ubuntu-latest
+        if: always()
+        needs:
+            - complement-crypto
+        steps:
+            - if: needs.complement-crypto.result != 'skipped' && needs.complement-crypto.result != 'success'
+              run: exit 1
+
     # Hook for branch protection to skip downstream testing outside of merge queues
     # and skip sonarcloud coverage within merge queues
     downstream:

CHANGELOG.md

@@ -1,3 +1,71 @@
+Changes in [32.3.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v32.3.0) (2024-05-21)
+==================================================================================================
+## ✨ Features
+
+* Simplify OIDC types \& export `decodeIdToken` ([#4193](https://github.com/matrix-org/matrix-js-sdk/pull/4193)). Contributed by @t3chguy.
+* Add helpers for authenticated media, and associated documentation ([#4185](https://github.com/matrix-org/matrix-js-sdk/pull/4185)). Contributed by @turt2live.
+
+## 🐛 Bug Fixes
+
+* Fix state\_events.ts types ([#4196](https://github.com/matrix-org/matrix-js-sdk/pull/4196)). Contributed by @t3chguy.
+* Fix sendEventHttpRequest for `m.room.redaction` events without `redacts` ([#4192](https://github.com/matrix-org/matrix-js-sdk/pull/4192)). Contributed by @t3chguy.
+
+
+Changes in [32.2.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v32.2.0) (2024-05-07)
+==================================================================================================
+## ✨ Features
+
+* Use a different error code for UTDs when user was not in the room ([#4172](https://github.com/matrix-org/matrix-js-sdk/pull/4172)). Contributed by @uhoreg.
+* Modernize window.crypto access constants ([#4169](https://github.com/matrix-org/matrix-js-sdk/pull/4169)). Contributed by @turt2live.
+* Improve compliance with MSC3266 ([#4155](https://github.com/matrix-org/matrix-js-sdk/pull/4155)). Contributed by @AndrewFerr.
+* Add comment to make clear that RoomStateEvent.Events does not update related objects in the js-sdk ([#4152](https://github.com/matrix-org/matrix-js-sdk/pull/4152)). Contributed by @toger5.
+* Crypto: use a new error code for UTDs from device-relative historical events ([#4139](https://github.com/matrix-org/matrix-js-sdk/pull/4139)). Contributed by @richvdh.
+
+## 🐛 Bug Fixes
+
+* Element-R: Fix rust migration when ssss secret are stored not encryted in cache (old legacy behavior) ([#4168](https://github.com/matrix-org/matrix-js-sdk/pull/4168)). Contributed by @BillCarsonFr.
+
+
+Changes in [32.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v32.1.0) (2024-04-23)
+==================================================================================================
+## ✨ Features
+
+* Add support for device dehydration v2 (Element R) ([#4062](https://github.com/matrix-org/matrix-js-sdk/pull/4062)). Contributed by @uhoreg.
+* OIDC improvements in prep of OIDC-QR reciprocation ([#4149](https://github.com/matrix-org/matrix-js-sdk/pull/4149)). Contributed by @t3chguy.
+
+## 🐛 Bug Fixes
+
+* Validate backup private key before migrating it ([#4114](https://github.com/matrix-org/matrix-js-sdk/pull/4114)). Contributed by @BillCarsonFr.
+* ElementR| Retry query backup until it works during migration to avoid spurious correption error popup ([#4113](https://github.com/matrix-org/matrix-js-sdk/pull/4113)). Contributed by @BillCarsonFr.
+
+
+Changes in [32.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v32.0.0) (2024-04-09)
+==================================================================================================
+## 🚨 BREAKING CHANGES
+
+* Remove various deprecated methods \& re-exports ([#4125](https://github.com/matrix-org/matrix-js-sdk/pull/4125)). Contributed by @t3chguy.
+* Remove the logic that throws when the lazy loading options has changed. ([#4124](https://github.com/matrix-org/matrix-js-sdk/pull/4124)). Contributed by @langleyd.
+* Fix highlights from threads disappearing on new messages ([#4106](https://github.com/matrix-org/matrix-js-sdk/pull/4106)). Contributed by @dbkr.
+
+## ✨ Features
+
+* Add new `decryptExistingEvent` test helper ([#4133](https://github.com/matrix-org/matrix-js-sdk/pull/4133)). Contributed by @richvdh.
+* Improve types for `sendEvent` ([#4108](https://github.com/matrix-org/matrix-js-sdk/pull/4108)). Contributed by @t3chguy.
+* Remove various deprecated methods \& re-exports ([#4125](https://github.com/matrix-org/matrix-js-sdk/pull/4125)). Contributed by @t3chguy.
+* Add new enum for verification methods. ([#4129](https://github.com/matrix-org/matrix-js-sdk/pull/4129)). Contributed by @richvdh.
+* Add some test utils in a new entrypoint ([#4127](https://github.com/matrix-org/matrix-js-sdk/pull/4127)). Contributed by @richvdh.
+* Improve types for `sendStateEvent` ([#4105](https://github.com/matrix-org/matrix-js-sdk/pull/4105)). Contributed by @t3chguy.
+
+## 🐛 Bug Fixes
+
+* Improve types for `IPowerLevelsContent` and `hasSufficientPowerLevelFor` ([#4128](https://github.com/matrix-org/matrix-js-sdk/pull/4128)). Contributed by @galash13.
+* Remove the logic that throws when the lazy loading options has changed. ([#4124](https://github.com/matrix-org/matrix-js-sdk/pull/4124)). Contributed by @langleyd.
+* Fix highlights from threads disappearing on new messages ([#4106](https://github.com/matrix-org/matrix-js-sdk/pull/4106)). Contributed by @dbkr.
+* Extend logic for local notification processing to threads ([#4111](https://github.com/matrix-org/matrix-js-sdk/pull/4111)). Contributed by @dbkr.
+* Fix public rooms post request search params and body ([#4110](https://github.com/matrix-org/matrix-js-sdk/pull/4110)). Contributed by @ajbura.
+* Fix bugs with the first reply to a thread ([#4104](https://github.com/matrix-org/matrix-js-sdk/pull/4104)). Contributed by @dbkr.
+
+
 Changes in [31.6.1](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v31.6.1) (2024-03-28)
 ==================================================================================================
 ## 🐛 Bug Fixes

README.md

@@ -21,6 +21,10 @@ endpoints from before Matrix 1.1, for example.
 
 # Quickstart
 
+> [!IMPORTANT]
+> Servers may require or use authenticated endpoints for media (images, files, avatars, etc). See the
+> [Authenticated Media](#authenticated-media) section for information on how to enable support for this.
+
 Using `yarn` instead of `npm` is recommended. Please see the Yarn [install guide](https://classic.yarnpkg.com/en/docs/install)
 if you do not have it already.
 
@@ -89,6 +93,34 @@ Object.keys(client.store.rooms).forEach((roomId) => {
 });
 ```
 
+## Authenticated media
+
+Servers supporting [MSC3916](https://github.com/matrix-org/matrix-spec-proposals/pull/3916) will require clients, like
+yours, to include an `Authorization` header when `/download`ing or `/thumbnail`ing media. For NodeJS environments this
+may be as easy as the following code snippet, though web browsers may need to use [Service Workers](https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API)
+to append the header when using the endpoints in `<img />` elements and similar.
+
+```javascript
+const downloadUrl = client.mxcUrlToHttp(
+    /*mxcUrl=*/ "mxc://example.org/abc123", // the MXC URI to download/thumbnail, typically from an event or profile
+    /*width=*/ undefined, // part of the thumbnail API. Use as required.
+    /*height=*/ undefined, // part of the thumbnail API. Use as required.
+    /*resizeMethod=*/ undefined, // part of the thumbnail API. Use as required.
+    /*allowDirectLinks=*/ false, // should generally be left `false`.
+    /*allowRedirects=*/ true, // implied supported with authentication
+    /*useAuthentication=*/ true, // the flag we're after in this example
+);
+const img = await fetch(downloadUrl, {
+    headers: {
+        Authorization: `Bearer ${client.getAccessToken()}`,
+    },
+});
+// Do something with `img`.
+```
+
+> [!WARNING]
+> In future the js-sdk will _only_ return authentication-required URLs, mandating population of the `Authorization` header.
+
 ## What does this SDK do?
 
 This SDK provides a full object model around the Matrix Client-Server API and emits

package.json

@@ -1,6 +1,6 @@
 {
     "name": "matrix-js-sdk",
-    "version": "31.6.1",
+    "version": "32.3.0",
     "description": "Matrix Client-Server SDK for Javascript",
     "engines": {
         "node": ">=18.0.0"
@@ -83,6 +83,7 @@
         "@babel/preset-typescript": "^7.12.7",
         "@casualbot/jest-sonar-reporter": "2.2.7",
         "@matrix-org/olm": "3.2.15",
+        "@peculiar/webcrypto": "^1.4.5",
         "@types/bs58": "^4.0.1",
         "@types/content-type": "^1.1.5",
         "@types/debug": "^4.1.7",
@@ -101,11 +102,11 @@
         "eslint-config-prettier": "^9.0.0",
         "eslint-import-resolver-typescript": "^3.5.1",
         "eslint-plugin-import": "^2.26.0",
-        "eslint-plugin-jest": "^27.1.6",
+        "eslint-plugin-jest": "^28.0.0",
         "eslint-plugin-jsdoc": "^48.0.0",
         "eslint-plugin-matrix-org": "^1.0.0",
         "eslint-plugin-tsdoc": "^0.2.17",
-        "eslint-plugin-unicorn": "^51.0.0",
+        "eslint-plugin-unicorn": "^53.0.0",
         "fake-indexeddb": "^5.0.2",
         "fetch-mock": "9.11.0",
         "fetch-mock-jest": "^1.5.1",
@@ -114,19 +115,18 @@
         "jest-environment-jsdom": "^29.0.0",
         "jest-localstorage-mock": "^2.4.6",
         "jest-mock": "^29.0.0",
+        "knip": "^5.0.0",
         "lint-staged": "^15.0.2",
         "matrix-mock-request": "^2.5.0",
+        "node-fetch": "^2.7.0",
         "prettier": "3.2.5",
         "rimraf": "^5.0.0",
         "ts-node": "^10.9.2",
         "typedoc": "^0.25.10",
         "typedoc-plugin-coverage": "^3.0.0",
         "typedoc-plugin-mdn-links": "^3.0.3",
         "typedoc-plugin-missing-exports": "^2.0.0",
-        "typescript": "^5.3.3",
-        "node-fetch": "^2.7.0",
-        "knip": "^4.0.1",
-        "@peculiar/webcrypto": "^1.4.5"
+        "typescript": "^5.3.3"
     },
     "@casualbot/jest-sonar-reporter": {
         "outputDirectory": "coverage",