From 879de54001ca71be64f769bfd5647e019b47cd26 Mon Sep 17 00:00:00 2001 From: Timo Date: Thu, 23 Jan 2025 16:26:49 +0100 Subject: [PATCH 1/4] bump matrix-js-sdk and matrix-widget-api --- package.json | 2 +- yarn.lock | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/package.json b/package.json index 5f2ff77e9..972b2dc7d 100644 --- a/package.json +++ b/package.json @@ -90,7 +90,7 @@ "livekit-client": "^2.5.7", "lodash-es": "^4.17.21", "loglevel": "^1.9.1", - "matrix-js-sdk": "matrix-org/matrix-js-sdk#develop", + "matrix-js-sdk": "matrix-org/matrix-js-sdk#eaca58283432cbfc43a1703029ac3da75926285e", "matrix-widget-api": "^1.10.0", "normalize.css": "^8.0.1", "observable-hooks": "^4.2.3", diff --git a/yarn.lock b/yarn.lock index 12f3d27f6..0f94f57e1 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6327,9 +6327,9 @@ matrix-events-sdk@0.0.1: resolved "https://registry.yarnpkg.com/matrix-events-sdk/-/matrix-events-sdk-0.0.1.tgz#c8c38911e2cb29023b0bbac8d6f32e0de2c957dd" integrity sha512-1QEOsXO+bhyCroIe2/A5OwaxHvBm7EsSQ46DEDn8RBIfQwN5HWBpFvyWWR4QY0KHPPnnJdI99wgRiAl7Ad5qaA== -matrix-js-sdk@matrix-org/matrix-js-sdk#develop: - version "35.1.0" - resolved "https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/9134471dc72a14b29eb207f1c5ef207521f40bd3" +matrix-js-sdk@matrix-org/matrix-js-sdk#e2b0e02dd03e53fb54fa939e5f9a6710d5f96f9f: + version "36.0.0" + resolved "https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/e2b0e02dd03e53fb54fa939e5f9a6710d5f96f9f" dependencies: "@babel/runtime" "^7.12.5" "@matrix-org/matrix-sdk-crypto-wasm" "^12.1.0" @@ -6348,9 +6348,9 @@ matrix-js-sdk@matrix-org/matrix-js-sdk#develop: uuid "11" matrix-widget-api@^1.10.0: - version "1.11.0" - resolved "https://registry.yarnpkg.com/matrix-widget-api/-/matrix-widget-api-1.11.0.tgz#2f548b11a7c0df789d5d4fdb5cc9ef7af8aef3da" - integrity sha512-ED/9hrJqDWVLeED0g1uJnYRhINh3ZTquwurdM+Hc8wLVJIQ8G/r7A7z74NC+8bBIHQ1Jo7i1Uq5CoJp/TzFYrA== + version "1.13.0" + resolved "https://registry.yarnpkg.com/matrix-widget-api/-/matrix-widget-api-1.13.0.tgz#40344b264b08d6d98ab9d547a41eb74dd6d8c3f7" + integrity sha512-+LrvwkR1izL4h2euX8PDrvG/3PZZDEd6As+lmnR3jAVwbFJtU5iTnwmZGnCca9ddngCvXvAHkcpJBEPyPTZneQ== dependencies: "@types/events" "^3.0.0" events "^3.2.0" From 892c4a33a54939c65d3023404db1142d52bae38a Mon Sep 17 00:00:00 2001 From: Timo Date: Thu, 23 Jan 2025 16:26:55 +0100 Subject: [PATCH 2/4] fix secure random --- src/auth/useRecaptcha.ts | 4 ++-- src/auth/useRegisterPasswordlessUser.ts | 4 ++-- src/home/UnauthenticatedView.tsx | 4 ++-- src/settings/FeedbackSettingsTab.tsx | 4 ++-- src/settings/rageshake.ts | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/auth/useRecaptcha.ts b/src/auth/useRecaptcha.ts index f04685c36..0ae1f3ee5 100644 --- a/src/auth/useRecaptcha.ts +++ b/src/auth/useRecaptcha.ts @@ -6,7 +6,7 @@ Please see LICENSE in the repository root for full details. */ import { useEffect, useCallback, useRef, useState } from "react"; -import { randomString } from "matrix-js-sdk/src/randomstring"; +import { secureRandomString } from "matrix-js-sdk/src/randomstring"; import { useTranslation } from "react-i18next"; import { logger } from "matrix-js-sdk/src/logger"; @@ -31,7 +31,7 @@ export function useRecaptcha(sitekey?: string): { recaptchaId: string; } { const { t } = useTranslation(); - const [recaptchaId] = useState(() => randomString(16)); + const [recaptchaId] = useState(() => secureRandomString(16)); const promiseRef = useRef(undefined); useEffect(() => { diff --git a/src/auth/useRegisterPasswordlessUser.ts b/src/auth/useRegisterPasswordlessUser.ts index 2226f14a1..6bdb22e7a 100644 --- a/src/auth/useRegisterPasswordlessUser.ts +++ b/src/auth/useRegisterPasswordlessUser.ts @@ -6,7 +6,7 @@ Please see LICENSE in the repository root for full details. */ import { useCallback } from "react"; -import { randomString } from "matrix-js-sdk/src/randomstring"; +import { secureRandomString } from "matrix-js-sdk/src/randomstring"; import { useClient } from "../ClientContext"; import { useInteractiveRegistration } from "../auth/useInteractiveRegistration"; @@ -42,7 +42,7 @@ export function useRegisterPasswordlessUser(): UseRegisterPasswordlessUserType { const userName = generateRandomName(); const [client, session] = await register( userName, - randomString(16), + secureRandomString(16), displayName, recaptchaResponse, true, diff --git a/src/home/UnauthenticatedView.tsx b/src/home/UnauthenticatedView.tsx index 90c37c50a..1c20ec24e 100644 --- a/src/home/UnauthenticatedView.tsx +++ b/src/home/UnauthenticatedView.tsx @@ -6,7 +6,7 @@ Please see LICENSE in the repository root for full details. */ import { type FC, useCallback, useState, type FormEventHandler } from "react"; -import { randomString } from "matrix-js-sdk/src/randomstring"; +import { secureRandomString } from "matrix-js-sdk/src/randomstring"; import { Trans, useTranslation } from "react-i18next"; import { Button, Heading, Text } from "@vector-im/compound-web"; import { logger } from "matrix-js-sdk/src/logger"; @@ -67,7 +67,7 @@ export const UnauthenticatedView: FC = () => { const userName = generateRandomName(); const [client, session] = await register( userName, - randomString(16), + secureRandomString(16), displayName, recaptchaResponse, true, diff --git a/src/settings/FeedbackSettingsTab.tsx b/src/settings/FeedbackSettingsTab.tsx index 78a116cdb..6fff63ca5 100644 --- a/src/settings/FeedbackSettingsTab.tsx +++ b/src/settings/FeedbackSettingsTab.tsx @@ -6,7 +6,7 @@ Please see LICENSE in the repository root for full details. */ import { type ChangeEvent, type FC, useCallback } from "react"; -import { randomString } from "matrix-js-sdk/src/randomstring"; +import { secureRandomString } from "matrix-js-sdk/src/randomstring"; import { Trans, useTranslation } from "react-i18next"; import { Button, Text } from "@vector-im/compound-web"; import { logger } from "matrix-js-sdk/src/logger"; @@ -36,7 +36,7 @@ export const FeedbackSettingsTab: FC = ({ roomId }) => { const description = typeof descriptionData === "string" ? descriptionData : ""; const sendLogs = Boolean(data.get("sendLogs")); - const rageshakeRequestId = randomString(16); + const rageshakeRequestId = secureRandomString(16); submitRageshake({ description, diff --git a/src/settings/rageshake.ts b/src/settings/rageshake.ts index c2d0ebf84..f8c666507 100644 --- a/src/settings/rageshake.ts +++ b/src/settings/rageshake.ts @@ -30,7 +30,7 @@ Please see LICENSE in the repository root for full details. import EventEmitter from "events"; import { throttle } from "lodash-es"; import { type Logger, logger } from "matrix-js-sdk/src/logger"; -import { randomString } from "matrix-js-sdk/src/randomstring"; +import { secureRandomString } from "matrix-js-sdk/src/randomstring"; import { type LoggingMethod } from "loglevel"; import type loglevel from "loglevel"; @@ -128,7 +128,7 @@ class IndexedDBLogStore { private indexedDB: IDBFactory, private loggerInstance: ConsoleLogger, ) { - this.id = "instance-" + randomString(16); + this.id = "instance-" + secureRandomString(16); loggerInstance.on(ConsoleLoggerEvent.Log, this.onLoggerLog); window.addEventListener("beforeunload", () => { From 1fb4b4e7c61e6b18eec399d81c5638735dddffeb Mon Sep 17 00:00:00 2001 From: Hugh Nimmo-Smith Date: Wed, 29 Jan 2025 10:53:11 +0000 Subject: [PATCH 3/4] Use release version of js-sdk --- package.json | 4 ++-- yarn.lock | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 972b2dc7d..fa10fa9aa 100644 --- a/package.json +++ b/package.json @@ -90,7 +90,7 @@ "livekit-client": "^2.5.7", "lodash-es": "^4.17.21", "loglevel": "^1.9.1", - "matrix-js-sdk": "matrix-org/matrix-js-sdk#eaca58283432cbfc43a1703029ac3da75926285e", + "matrix-js-sdk": "^36.1.0", "matrix-widget-api": "^1.10.0", "normalize.css": "^8.0.1", "observable-hooks": "^4.2.3", @@ -119,4 +119,4 @@ "vitest": "^3.0.0", "vitest-axe": "^1.0.0-pre.3" } -} +} \ No newline at end of file diff --git a/yarn.lock b/yarn.lock index 0f94f57e1..cb0022c0f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6327,9 +6327,10 @@ matrix-events-sdk@0.0.1: resolved "https://registry.yarnpkg.com/matrix-events-sdk/-/matrix-events-sdk-0.0.1.tgz#c8c38911e2cb29023b0bbac8d6f32e0de2c957dd" integrity sha512-1QEOsXO+bhyCroIe2/A5OwaxHvBm7EsSQ46DEDn8RBIfQwN5HWBpFvyWWR4QY0KHPPnnJdI99wgRiAl7Ad5qaA== -matrix-js-sdk@matrix-org/matrix-js-sdk#e2b0e02dd03e53fb54fa939e5f9a6710d5f96f9f: - version "36.0.0" - resolved "https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/e2b0e02dd03e53fb54fa939e5f9a6710d5f96f9f" +matrix-js-sdk@^36.1.0: + version "36.1.0" + resolved "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-36.1.0.tgz#3685a85c0c1adf4e2c3622bce76c11430963f23d" + integrity sha512-KNPswMSAGKDxBybJedxRpWadaRes9paxmjTCUsQT8t1Jg3ZENraAt6ynIaxh6PxazAH9D5ly6EYKHaLMLbZ1Dg== dependencies: "@babel/runtime" "^7.12.5" "@matrix-org/matrix-sdk-crypto-wasm" "^12.1.0" From bd141cc3c6720af8eacfc9be86bba2147c4f0e07 Mon Sep 17 00:00:00 2001 From: Hugh Nimmo-Smith Date: Wed, 29 Jan 2025 11:07:28 +0000 Subject: [PATCH 4/4] Lint --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index fa10fa9aa..b3af9c6aa 100644 --- a/package.json +++ b/package.json @@ -119,4 +119,4 @@ "vitest": "^3.0.0", "vitest-axe": "^1.0.0-pre.3" } -} \ No newline at end of file +}