Merge tag 'v26.2.0' into sc

* The Browserify artifact is being deprecated, scheduled for removal in the October 10th release cycle. ([\matrix-org#3189](matrix-org#3189)).
* ElementR: Add `CryptoApi#bootstrapSecretStorage` ([\matrix-org#3483](matrix-org#3483)). Contributed by @florianduros.
* Deprecate `MatrixClient.findVerificationRequestDMInProgress`, `MatrixClient.getVerificationRequestsToDeviceInProgress`, and `MatrixClient.requestVerification`, in favour of methods in `CryptoApi`. ([\matrix-org#3474](matrix-org#3474)).
* Introduce a new `Crypto.VerificationRequest` interface, and deprecate direct access to the old `VerificationRequest` class. Also deprecate some related classes that were exported from `src/crypto/verification/request/VerificationRequest` ([\matrix-org#3449](matrix-org#3449)).
* OIDC: navigate to authorization endpoint ([\matrix-org#3499](matrix-org#3499)). Contributed by @kerryarchibald.
* Support for interactive device verification in Element-R. ([\matrix-org#3505](matrix-org#3505)).
* Support for interactive device verification in Element-R. ([\matrix-org#3508](matrix-org#3508)).
* Support for interactive device verification in Element-R. ([\matrix-org#3490](matrix-org#3490)). Fixes element-hq/element-web#25316.
* Element-R: Store cross signing keys in secret storage ([\matrix-org#3498](matrix-org#3498)). Contributed by @florianduros.
* OIDC: add dynamic client registration util function ([\matrix-org#3481](matrix-org#3481)). Contributed by @kerryarchibald.
* Add getLastUnthreadedReceiptFor utility to Thread delegating to the underlying Room ([\matrix-org#3493](matrix-org#3493)).
* ElementR: Add `rust-crypto#createRecoveryKeyFromPassphrase` implementation ([\matrix-org#3472](matrix-org#3472)). Contributed by @florianduros.
* Aggregate relations regardless of whether event fits into the timeline ([\matrix-org#3496](matrix-org#3496)). Fixes element-hq/element-web#25596.
* Fix bug where switching media caused media in subsequent calls to fail ([\matrix-org#3489](matrix-org#3489)).
* Fix: remove polls from room state on redaction ([\matrix-org#3475](matrix-org#3475)). Fixes element-hq/element-web#25573. Contributed by @kerryarchibald.
* Fix export type `GeneratedSecretStorageKey` ([\matrix-org#3479](matrix-org#3479)). Contributed by @florianduros.
* Close IDB database before deleting it to prevent spurious unexpected close errors ([\matrix-org#3478](matrix-org#3478)). Fixes element-hq/element-web#25597.

Author: su-ex

.eslintrc.js

@@ -74,7 +74,7 @@ module.exports = {
         "jest/no-standalone-expect": [
             "error",
             {
-                additionalTestBlockFunctions: ["beforeAll", "beforeEach", "oldBackendOnly"],
+                additionalTestBlockFunctions: ["beforeAll", "beforeEach", "oldBackendOnly", "newBackendOnly"],
             },
         ],
     },

.github/workflows/cypress.yml

@@ -15,7 +15,7 @@ concurrency:
 jobs:
     cypress:
         name: Cypress
-        uses: matrix-org/matrix-react-sdk/.github/workflows/cypress.yaml@develop
+        uses: matrix-org/matrix-react-sdk/.github/workflows/cypress.yaml@v3.74.0
         permissions:
             actions: read
             issues: read

.github/workflows/downstream-artifacts.yml

@@ -19,7 +19,7 @@ concurrency:
 jobs:
     build-element-web:
         name: Build element-web
-        uses: matrix-org/matrix-react-sdk/.github/workflows/element-web.yaml@develop
+        uses: matrix-org/matrix-react-sdk/.github/workflows/element-web.yaml@v3.73.1
         with:
             matrix-js-sdk-sha: ${{ github.sha }}
             react-sdk-repository: matrix-org/matrix-react-sdk

.github/workflows/release-npm.yml

@@ -24,18 +24,16 @@ jobs:
 
             - name: 🚀 Publish to npm
               id: npm-publish
-              uses: JS-DevTools/npm-publish@0f451a94170d1699fd50710966d48fb26194d939 # v1
+              uses: JS-DevTools/npm-publish@a25b4180b728b0279fca97d4e5bccf391685aead # v2.2.0
               with:
                   token: ${{ secrets.NPM_TOKEN }}
                   access: public
                   tag: next
+                  ignore-scripts: false
 
             - name: 🎖️ Add `latest` dist-tag to final releases
-              if: github.event.release.prerelease == false
-              run: |
-                  package=$(cat package.json | jq -er .name)
-                  npm dist-tag add "$package@$release" latest
+              if: github.event.release.prerelease == false && steps.npm-publish.outputs.id
+              run: npm dist-tag add "$release" latest
               env:
-                  # JS-DevTools/npm-publish overrides `NODE_AUTH_TOKEN` with `INPUT_TOKEN` in .npmrc
-                  INPUT_TOKEN: ${{ secrets.NPM_TOKEN }}
-                  release: ${{ steps.npm-publish.outputs.version }}
+                  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+                  release: ${{ steps.npm-publish.outputs.id }}

CHANGELOG.md

@@ -1,3 +1,29 @@
+Changes in [26.2.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v26.2.0) (2023-07-04)
+==================================================================================================
+
+## 🦖 Deprecations
+ * The Browserify artifact is being deprecated, scheduled for removal in the October 10th release cycle. ([\#3189](https://github.com/matrix-org/matrix-js-sdk/issues/3189)).
+ * ElementR: Add `CryptoApi#bootstrapSecretStorage` ([\#3483](https://github.com/matrix-org/matrix-js-sdk/pull/3483)). Contributed by @florianduros.
+ * Deprecate `MatrixClient.findVerificationRequestDMInProgress`, `MatrixClient.getVerificationRequestsToDeviceInProgress`, and `MatrixClient.requestVerification`, in favour of methods in `CryptoApi`. ([\#3474](https://github.com/matrix-org/matrix-js-sdk/pull/3474)).
+ * Introduce a new `Crypto.VerificationRequest` interface, and deprecate direct access to the old `VerificationRequest` class. Also deprecate some related classes that were exported from `src/crypto/verification/request/VerificationRequest` ([\#3449](https://github.com/matrix-org/matrix-js-sdk/pull/3449)).
+
+## ✨ Features
+ * OIDC: navigate to authorization endpoint ([\#3499](https://github.com/matrix-org/matrix-js-sdk/pull/3499)). Contributed by @kerryarchibald.
+ * Support for interactive device verification in Element-R. ([\#3505](https://github.com/matrix-org/matrix-js-sdk/pull/3505)).
+ * Support for interactive device verification in Element-R. ([\#3508](https://github.com/matrix-org/matrix-js-sdk/pull/3508)).
+ * Support for interactive device verification in Element-R. ([\#3490](https://github.com/matrix-org/matrix-js-sdk/pull/3490)). Fixes vector-im/element-web#25316.
+ * Element-R: Store cross signing keys in secret storage ([\#3498](https://github.com/matrix-org/matrix-js-sdk/pull/3498)). Contributed by @florianduros.
+ * OIDC: add dynamic client registration util function ([\#3481](https://github.com/matrix-org/matrix-js-sdk/pull/3481)). Contributed by @kerryarchibald.
+ * Add getLastUnthreadedReceiptFor utility to Thread delegating to the underlying Room ([\#3493](https://github.com/matrix-org/matrix-js-sdk/pull/3493)).
+ * ElementR: Add `rust-crypto#createRecoveryKeyFromPassphrase` implementation ([\#3472](https://github.com/matrix-org/matrix-js-sdk/pull/3472)). Contributed by @florianduros.
+
+## 🐛 Bug Fixes
+ * Aggregate relations regardless of whether event fits into the timeline ([\#3496](https://github.com/matrix-org/matrix-js-sdk/pull/3496)). Fixes vector-im/element-web#25596.
+ * Fix bug where switching media caused media in subsequent calls to fail ([\#3489](https://github.com/matrix-org/matrix-js-sdk/pull/3489)).
+ * Fix: remove polls from room state on redaction ([\#3475](https://github.com/matrix-org/matrix-js-sdk/pull/3475)). Fixes vector-im/element-web#25573. Contributed by @kerryarchibald.
+ * Fix export type `GeneratedSecretStorageKey` ([\#3479](https://github.com/matrix-org/matrix-js-sdk/pull/3479)). Contributed by @florianduros.
+ * Close IDB database before deleting it to prevent spurious unexpected close errors ([\#3478](https://github.com/matrix-org/matrix-js-sdk/pull/3478)). Fixes vector-im/element-web#25597.
+
 Changes in [26.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v26.1.0) (2023-06-20)
 ==================================================================================================
 

package.json

@@ -1,6 +1,6 @@
 {
     "name": "matrix-js-sdk",
-    "version": "26.1.0",
+    "version": "26.2.0",
     "description": "Matrix Client-Server SDK for Javascript",
     "engines": {
         "node": ">=16.0.0"
@@ -55,7 +55,7 @@
     ],
     "dependencies": {
         "@babel/runtime": "^7.12.5",
-        "@matrix-org/matrix-sdk-crypto-js": "^0.1.0-alpha.10",
+        "@matrix-org/matrix-sdk-crypto-js": "^0.1.0-alpha.11",
         "another-json": "^0.2.0",
         "bs58": "^5.0.0",
         "content-type": "^1.0.4",
@@ -107,7 +107,7 @@
         "eslint-import-resolver-typescript": "^3.5.1",
         "eslint-plugin-import": "^2.26.0",
         "eslint-plugin-jest": "^27.1.6",
-        "eslint-plugin-jsdoc": "^45.0.0",
+        "eslint-plugin-jsdoc": "^46.0.0",
         "eslint-plugin-matrix-org": "^1.0.0",
         "eslint-plugin-tsdoc": "^0.2.17",
         "eslint-plugin-unicorn": "^47.0.0",

spec/integ/crypto/cross-signing.spec.ts

@@ -19,7 +19,8 @@ import "fake-indexeddb/auto";
 import { IDBFactory } from "fake-indexeddb";
 
 import { CRYPTO_BACKENDS, InitCrypto } from "../../test-utils/test-utils";
-import { createClient, MatrixClient, IAuthDict, UIAuthCallback } from "../../../src";
+import { createClient, IAuthDict, MatrixClient } from "../../../src";
+import { mockSetupCrossSigningRequests } from "../../test-utils/mockEndpoints";
 
 afterEach(() => {
     // reset fake-indexeddb after each test, to make sure we don't leak connections
@@ -62,45 +63,14 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
     });
 
     /**
-     * Mock the requests needed to set up cross signing
-     *
-     * Return `{}` for `GET _matrix/client/r0/user/:userId/account_data/:type` request
-     * Return `{}` for `POST _matrix/client/v3/keys/signatures/upload` request (named `upload-sigs` for fetchMock check)
-     * Return `{}` for `POST /_matrix/client/(unstable|v3)/keys/device_signing/upload` request (named `upload-keys` for fetchMock check)
-     */
-    function mockSetupCrossSigningRequests(): void {
-        // have account_data requests return an empty object
-        fetchMock.get("express:/_matrix/client/r0/user/:userId/account_data/:type", {});
-
-        // we expect a request to upload signatures for our device ...
-        fetchMock.post({ url: "path:/_matrix/client/v3/keys/signatures/upload", name: "upload-sigs" }, {});
-
-        // ... and one to upload the cross-signing keys (with UIA)
-        fetchMock.post(
-            // legacy crypto uses /unstable/; /v3/ is correct
-            {
-                url: new RegExp("/_matrix/client/(unstable|v3)/keys/device_signing/upload"),
-                name: "upload-keys",
-            },
-            {},
-        );
-    }
-
-    /**
-     * Create cross-signing keys, publish the keys
-     * Mock and bootstrap all the required steps
+     * Create cross-signing keys and publish the keys
      *
      * @param authDict - The parameters to as the `auth` dict in the key upload request.
      * @see https://spec.matrix.org/v1.6/client-server-api/#authentication-types
      */
     async function bootstrapCrossSigning(authDict: IAuthDict): Promise<void> {
-        const uiaCallback: UIAuthCallback<void> = async (makeRequest) => {
-            await makeRequest(authDict);
-        };
-
-        // now bootstrap cross signing, and check it resolves successfully
         await aliceClient.getCrypto()?.bootstrapCrossSigning({
-            authUploadDeviceSigningKeys: uiaCallback,
+            authUploadDeviceSigningKeys: (makeRequest) => makeRequest(authDict).then(() => undefined),
         });
     }