From 170f5cd4730333add2ed5c3b058a021f003ee898 Mon Sep 17 00:00:00 2001 From: Ajay Bura <32841439+ajbura@users.noreply.github.com> Date: Sat, 21 Feb 2026 12:21:27 +0530 Subject: [PATCH 01/20] Request session info from sw if missing (#2664) * request session info from sw if missing * fix async session request in fetch * respond fetch synchronously and add early check for non media requests (#2670) * make sure we call respondWith synchronously * simplify isMediaRequest in sw * improve naming in sw * get back baseUrl check into validMediaRequest * pass original request into fetch in sw * extract mediaPath util and performs checks properly --------- Co-authored-by: mmmykhailo <35040944+mmmykhailo@users.noreply.github.com> --- src/app/pages/Router.tsx | 2 - src/index.tsx | 11 ++-- src/sw.ts | 128 ++++++++++++++++++++++++++++++--------- 3 files changed, 105 insertions(+), 36 deletions(-) diff --git a/src/app/pages/Router.tsx b/src/app/pages/Router.tsx index 04d14a07..f8647d18 100644 --- a/src/app/pages/Router.tsx +++ b/src/app/pages/Router.tsx @@ -68,7 +68,6 @@ import { Create } from './client/create'; import { CreateSpaceModalRenderer } from '../features/create-space'; import { SearchModalRenderer } from '../features/search'; import { getFallbackSession } from '../state/sessions'; -import { pushSessionToSW } from '../../sw-session'; export const createRouter = (clientConfig: ClientConfig, screenSize: ScreenSize) => { const { hashRouter } = clientConfig; @@ -116,7 +115,6 @@ export const createRouter = (clientConfig: ClientConfig, screenSize: ScreenSize) if (afterLoginPath) setAfterLoginRedirectPath(afterLoginPath); return redirect(getLoginPath()); } - pushSessionToSW(session.baseUrl, session.accessToken); return null; }} element={ diff --git a/src/index.tsx b/src/index.tsx index 71e723ab..6cc0ca38 100644 --- a/src/index.tsx +++ b/src/index.tsx @@ -34,17 +34,14 @@ if ('serviceWorker' in navigator) { navigator.serviceWorker.register(swUrl).then(sendSessionToSW); navigator.serviceWorker.ready.then(sendSessionToSW); - window.addEventListener('load', sendSessionToSW); - // When returning from background - document.addEventListener('visibilitychange', () => { - if (document.visibilityState === 'visible') { + navigator.serviceWorker.addEventListener('message', (ev) => { + const { type } = ev.data ?? {}; + + if (type === 'requestSession') { sendSessionToSW(); } }); - - // When restored from bfcache (important on iOS) - window.addEventListener('pageshow', sendSessionToSW); } const mountApp = () => { diff --git a/src/sw.ts b/src/sw.ts index d4eebc02..69293b1d 100644 --- a/src/sw.ts +++ b/src/sw.ts @@ -3,14 +3,6 @@ export type {}; declare const self: ServiceWorkerGlobalScope; -self.addEventListener('install', () => { - self.skipWaiting(); -}); - -self.addEventListener('activate', (event: ExtendableEvent) => { - event.waitUntil(self.clients.claim()); -}); - type SessionInfo = { accessToken: string; baseUrl: string; @@ -21,6 +13,9 @@ type SessionInfo = { */ const sessions = new Map(); +const clientToResolve = new Map void>(); +const clientToSessionPromise = new Map>(); + async function cleanupDeadClients() { const activeClients = await self.clients.matchAll(); const activeIds = new Set(activeClients.map((c) => c.id)); @@ -28,10 +23,72 @@ async function cleanupDeadClients() { Array.from(sessions.keys()).forEach((id) => { if (!activeIds.has(id)) { sessions.delete(id); + clientToResolve.delete(id); + clientToSessionPromise.delete(id); } }); } +function setSession(clientId: string, accessToken: any, baseUrl: any) { + if (typeof accessToken === 'string' && typeof baseUrl === 'string') { + sessions.set(clientId, { accessToken, baseUrl }); + } else { + // Logout or invalid session + sessions.delete(clientId); + } + + const resolveSession = clientToResolve.get(clientId); + if (resolveSession) { + resolveSession(sessions.get(clientId)); + clientToResolve.delete(clientId); + clientToSessionPromise.delete(clientId); + } +} + +function requestSession(client: Client): Promise { + const promise = + clientToSessionPromise.get(client.id) ?? + new Promise((resolve) => { + clientToResolve.set(client.id, resolve); + client.postMessage({ type: 'requestSession' }); + }); + + if (!clientToSessionPromise.has(client.id)) { + clientToSessionPromise.set(client.id, promise); + } + + return promise; +} + +async function requestSessionWithTimeout( + clientId: string, + timeoutMs = 3000 +): Promise { + const client = await self.clients.get(clientId); + if (!client) return undefined; + + const sessionPromise = requestSession(client); + + const timeout = new Promise((resolve) => { + setTimeout(() => resolve(undefined), timeoutMs); + }); + + return Promise.race([sessionPromise, timeout]); +} + +self.addEventListener('install', () => { + self.skipWaiting(); +}); + +self.addEventListener('activate', (event: ExtendableEvent) => { + event.waitUntil( + (async () => { + await self.clients.claim(); + await cleanupDeadClients(); + })() + ); +}); + /** * Receive session updates from clients */ @@ -41,23 +98,28 @@ self.addEventListener('message', (event: ExtendableMessageEvent) => { const { type, accessToken, baseUrl } = event.data || {}; - if (type !== 'setSession') return; - - cleanupDeadClients(); - - if (typeof accessToken === 'string' && typeof baseUrl === 'string') { - sessions.set(client.id, { accessToken, baseUrl }); - } else { - // Logout or invalid session - sessions.delete(client.id); + if (type === 'setSession') { + setSession(client.id, accessToken, baseUrl); + cleanupDeadClients(); } }); -function validMediaRequest(url: string, baseUrl: string): boolean { - const downloadUrl = new URL('/_matrix/client/v1/media/download', baseUrl); - const thumbnailUrl = new URL('/_matrix/client/v1/media/thumbnail', baseUrl); +const MEDIA_PATHS = ['/_matrix/client/v1/media/download', '/_matrix/client/v1/media/thumbnail']; - return url.startsWith(downloadUrl.href) || url.startsWith(thumbnailUrl.href); +function mediaPath(url: string): boolean { + try { + const { pathname } = new URL(url); + return MEDIA_PATHS.some((p) => pathname.startsWith(p)); + } catch { + return false; + } +} + +function validMediaRequest(url: string, baseUrl: string): boolean { + return MEDIA_PATHS.some((p) => { + const validUrl = new URL(p, baseUrl); + return url.startsWith(validUrl.href); + }); } function fetchConfig(token: string): RequestInit { @@ -72,13 +134,25 @@ function fetchConfig(token: string): RequestInit { self.addEventListener('fetch', (event: FetchEvent) => { const { url, method } = event.request; - if (method !== 'GET') return; - if (!event.clientId) return; + if (method !== 'GET' || !mediaPath(url)) return; - const session = sessions.get(event.clientId); - if (!session) return; + const { clientId } = event; + if (!clientId) return; - if (!validMediaRequest(url, session.baseUrl)) return; + const session = sessions.get(clientId); + if (session) { + if (validMediaRequest(url, session.baseUrl)) { + event.respondWith(fetch(url, fetchConfig(session.accessToken))); + } + return; + } - event.respondWith(fetch(url, fetchConfig(session.accessToken))); + event.respondWith( + requestSessionWithTimeout(clientId).then((s) => { + if (s && validMediaRequest(url, s.baseUrl)) { + return fetch(url, fetchConfig(s.accessToken)); + } + return fetch(event.request); + }) + ); }); From 9ff15b8b03a5717096e4ba7ab9e111366c45b20a Mon Sep 17 00:00:00 2001 From: Ajay Bura <32841439+ajbura@users.noreply.github.com> Date: Sun, 22 Feb 2026 09:44:04 +0530 Subject: [PATCH 02/20] fix space lobby / search selected hook not working (#2675) --- src/app/hooks/router/useSelectedSpace.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/app/hooks/router/useSelectedSpace.ts b/src/app/hooks/router/useSelectedSpace.ts index 2e8e73a0..b891fde7 100644 --- a/src/app/hooks/router/useSelectedSpace.ts +++ b/src/app/hooks/router/useSelectedSpace.ts @@ -18,7 +18,7 @@ export const useSelectedSpace = (): string | undefined => { export const useSpaceLobbySelected = (spaceIdOrAlias: string): boolean => { const match = useMatch({ - path: getSpaceLobbyPath(spaceIdOrAlias), + path: decodeURIComponent(getSpaceLobbyPath(spaceIdOrAlias)), caseSensitive: true, end: false, }); @@ -28,7 +28,7 @@ export const useSpaceLobbySelected = (spaceIdOrAlias: string): boolean => { export const useSpaceSearchSelected = (spaceIdOrAlias: string): boolean => { const match = useMatch({ - path: getSpaceSearchPath(spaceIdOrAlias), + path: decodeURIComponent(getSpaceSearchPath(spaceIdOrAlias)), caseSensitive: true, end: false, }); From 1f03891b258f996c5c85bddfecd05a2b3efca4aa Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 22 Feb 2026 15:43:30 +1100 Subject: [PATCH 03/20] fix(deps): update dependency folds to v2.6.1 (#2679) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 582f02f4..7d48d644 100644 --- a/package-lock.json +++ b/package-lock.json @@ -32,7 +32,7 @@ "emojibase-data": "15.3.2", "file-saver": "2.0.5", "focus-trap-react": "10.0.2", - "folds": "2.5.0", + "folds": "2.6.1", "html-dom-parser": "4.0.0", "html-react-parser": "4.2.0", "i18next": "23.12.2", @@ -7158,9 +7158,9 @@ } }, "node_modules/folds": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/folds/-/folds-2.5.0.tgz", - "integrity": "sha512-UJhvXAQ1XnZ9w10KJwSW+frvzzWE/zcF0dH3fDVCD70RFHAxwEi0UkkVS8CaZGxZF2Wvt3qTJyTS5LW3LwwUAw==", + "version": "2.6.1", + "resolved": "https://registry.npmjs.org/folds/-/folds-2.6.1.tgz", + "integrity": "sha512-0L1ZSqwjFSg2fesa//C4DgP47Vp/KqDuzjAaOEYN21AvoptyVI+6OEXWrtIdE8DPQCZYr0bV+tqbrLyA6uAhaw==", "license": "Apache-2.0", "peerDependencies": { "@vanilla-extract/css": "1.9.2", diff --git a/package.json b/package.json index 601323ad..84383522 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "emojibase-data": "15.3.2", "file-saver": "2.0.5", "focus-trap-react": "10.0.2", - "folds": "2.5.0", + "folds": "2.6.1", "html-dom-parser": "4.0.0", "html-react-parser": "4.2.0", "i18next": "23.12.2", From 91c8731940d028a832f05fbf05508220e2519481 Mon Sep 17 00:00:00 2001 From: Ajay Bura <32841439+ajbura@users.noreply.github.com> Date: Sun, 22 Feb 2026 10:18:23 +0530 Subject: [PATCH 04/20] Add permission for managing emojis & stickers (#2678) add permission for managing emojis & stickers --- .../room-settings/permissions/usePermissionItems.ts | 7 +++++++ .../space-settings/permissions/usePermissionItems.ts | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/src/app/features/room-settings/permissions/usePermissionItems.ts b/src/app/features/room-settings/permissions/usePermissionItems.ts index 513f82b4..f3b45424 100644 --- a/src/app/features/room-settings/permissions/usePermissionItems.ts +++ b/src/app/features/room-settings/permissions/usePermissionItems.ts @@ -177,6 +177,13 @@ export const usePermissionGroups = (): PermissionGroup[] => { const otherSettingsGroup: PermissionGroup = { name: 'Other', items: [ + { + location: { + state: true, + key: StateEvent.PoniesRoomEmotes, + }, + name: 'Manage Emojis & Stickers', + }, { location: { state: true, diff --git a/src/app/features/space-settings/permissions/usePermissionItems.ts b/src/app/features/space-settings/permissions/usePermissionItems.ts index 8192e7bc..a02cf420 100644 --- a/src/app/features/space-settings/permissions/usePermissionItems.ts +++ b/src/app/features/space-settings/permissions/usePermissionItems.ts @@ -125,6 +125,13 @@ export const usePermissionGroups = (): PermissionGroup[] => { const otherSettingsGroup: PermissionGroup = { name: 'Other', items: [ + { + location: { + state: true, + key: StateEvent.PoniesRoomEmotes, + }, + name: 'Manage Emojis & Stickers', + }, { location: { state: true, From b6cc0e307795c68b779e5d5dc2b61e1ed4e8ce4d Mon Sep 17 00:00:00 2001 From: Krishan <33421343+kfiven@users.noreply.github.com> Date: Sun, 22 Feb 2026 18:15:23 +1100 Subject: [PATCH 05/20] Update node to v24.13.1 LTS (#2622) * Update node to v24.13.1 LTS * Fix dockerfile node version * Simplify node and nginx version, bump nginx * Fix casing --- .github/workflows/build-pull-request.yml | 2 +- .github/workflows/netlify-dev.yml | 2 +- .github/workflows/prod-deploy.yml | 2 +- Dockerfile | 4 ++-- README.md | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-pull-request.yml b/.github/workflows/build-pull-request.yml index 450e4e29..e6ecb709 100644 --- a/.github/workflows/build-pull-request.yml +++ b/.github/workflows/build-pull-request.yml @@ -16,7 +16,7 @@ jobs: - name: Setup node uses: actions/setup-node@v4.4.0 with: - node-version: 20.12.2 + node-version: 24.13.1 cache: 'npm' - name: Install dependencies run: npm ci diff --git a/.github/workflows/netlify-dev.yml b/.github/workflows/netlify-dev.yml index 66cd5ad5..bf7264c6 100644 --- a/.github/workflows/netlify-dev.yml +++ b/.github/workflows/netlify-dev.yml @@ -15,7 +15,7 @@ jobs: - name: Setup node uses: actions/setup-node@v4.4.0 with: - node-version: 20.12.2 + node-version: 24.13.1 cache: 'npm' - name: Install dependencies run: npm ci diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml index fe8a722f..e9e4de8b 100644 --- a/.github/workflows/prod-deploy.yml +++ b/.github/workflows/prod-deploy.yml @@ -14,7 +14,7 @@ jobs: - name: Setup node uses: actions/setup-node@v4.4.0 with: - node-version: 20.12.2 + node-version: 24.13.1 cache: 'npm' - name: Install dependencies run: npm ci diff --git a/Dockerfile b/Dockerfile index 6489cb86..0e89e4e7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ## Builder -FROM node:20.12.2-alpine3.18 as builder +FROM node:24.13.1-alpine AS builder WORKDIR /src @@ -11,7 +11,7 @@ RUN npm run build ## App -FROM nginx:1.29.3-alpine +FROM nginx:1.29.5-alpine COPY --from=builder /src/dist /app COPY --from=builder /src/docker-nginx.conf /etc/nginx/conf.d/default.conf diff --git a/README.md b/README.md index 427898f9..f1c36082 100644 --- a/README.md +++ b/README.md @@ -83,7 +83,7 @@ mxFo+ioe/ABCufSmyqFye0psX3Sp ## Local development > [!TIP] -> We recommend using a version manager as versions change very quickly. You will likely need to switch between multiple Node.js versions based on the needs of different projects you're working on. [NVM on windows](https://github.com/coreybutler/nvm-windows#installation--upgrades) on Windows and [nvm](https://github.com/nvm-sh/nvm) on Linux/macOS are pretty good choices. Recommended nodejs version is Iron LTS (v20). +> We recommend using a version manager as versions change very quickly. You will likely need to switch between multiple Node.js versions based on the needs of different projects you're working on. [NVM on windows](https://github.com/coreybutler/nvm-windows#installation--upgrades) on Windows and [nvm](https://github.com/nvm-sh/nvm) on Linux/macOS are pretty good choices. Recommended nodejs version is Krypton LTS (v24.13.1). Execute the following commands to start a development server: ```sh From 2d6730de56d920b7aef0e291bdfe874ce996acac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 22 Feb 2026 18:26:08 +1100 Subject: [PATCH 06/20] Bump actions/checkout from 4.2.0 to 6.0.2 (#2640) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.0 to 6.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.2.0...v6.0.2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-pull-request.yml | 2 +- .github/workflows/docker-pr.yml | 2 +- .github/workflows/lockfile.yml | 2 +- .github/workflows/netlify-dev.yml | 2 +- .github/workflows/prod-deploy.yml | 4 ++-- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-pull-request.yml b/.github/workflows/build-pull-request.yml index e6ecb709..ef4563db 100644 --- a/.github/workflows/build-pull-request.yml +++ b/.github/workflows/build-pull-request.yml @@ -12,7 +12,7 @@ jobs: PR_NUMBER: ${{github.event.number}} steps: - name: Checkout repository - uses: actions/checkout@v4.2.0 + uses: actions/checkout@v6.0.2 - name: Setup node uses: actions/setup-node@v4.4.0 with: diff --git a/.github/workflows/docker-pr.yml b/.github/workflows/docker-pr.yml index 398785ab..bc68fe2a 100644 --- a/.github/workflows/docker-pr.yml +++ b/.github/workflows/docker-pr.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4.2.0 + uses: actions/checkout@v6.0.2 - name: Build Docker image uses: docker/build-push-action@v6.18.0 with: diff --git a/.github/workflows/lockfile.yml b/.github/workflows/lockfile.yml index be52eb50..8a57a3b5 100644 --- a/.github/workflows/lockfile.yml +++ b/.github/workflows/lockfile.yml @@ -14,7 +14,7 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@v4.2.0 + uses: actions/checkout@v6.0.2 - name: NPM Lockfile Changes uses: codepunkt/npm-lockfile-changes@b40543471c36394409466fdb277a73a0856d7891 with: diff --git a/.github/workflows/netlify-dev.yml b/.github/workflows/netlify-dev.yml index bf7264c6..fe3706a2 100644 --- a/.github/workflows/netlify-dev.yml +++ b/.github/workflows/netlify-dev.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4.2.0 + uses: actions/checkout@v6.0.2 - name: Setup node uses: actions/setup-node@v4.4.0 with: diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml index e9e4de8b..bc7e77d2 100644 --- a/.github/workflows/prod-deploy.yml +++ b/.github/workflows/prod-deploy.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4.2.0 + uses: actions/checkout@v6.0.2 - name: Setup node uses: actions/setup-node@v4.4.0 with: @@ -66,7 +66,7 @@ jobs: packages: write steps: - name: Checkout repository - uses: actions/checkout@v4.2.0 + uses: actions/checkout@v6.0.2 - name: Set up QEMU uses: docker/setup-qemu-action@v3.6.0 - name: Set up Docker Buildx From 2e6c5f7c044c3f85c1b284d2fdaff86e2c491a2a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 22 Feb 2026 18:26:54 +1100 Subject: [PATCH 07/20] Bump actions/upload-artifact from 4.6.2 to 6.0.0 (#2644) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 6.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.6.2...v6.0.0) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-pull-request.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-pull-request.yml b/.github/workflows/build-pull-request.yml index ef4563db..fae87b2c 100644 --- a/.github/workflows/build-pull-request.yml +++ b/.github/workflows/build-pull-request.yml @@ -25,7 +25,7 @@ jobs: NODE_OPTIONS: '--max_old_space_size=4096' run: npm run build - name: Upload artifact - uses: actions/upload-artifact@v4.6.2 + uses: actions/upload-artifact@v6.0.0 with: name: preview path: dist @@ -33,7 +33,7 @@ jobs: - name: Save pr number run: echo ${PR_NUMBER} > ./pr.txt - name: Upload pr number - uses: actions/upload-artifact@v4.6.2 + uses: actions/upload-artifact@v6.0.0 with: name: pr path: ./pr.txt From 826b3c299748ea5bb7a5593875440b955ad74a65 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 22 Feb 2026 18:57:23 +1100 Subject: [PATCH 08/20] chore(deps): update actions/setup-node action to v6 (#2681) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/build-pull-request.yml | 2 +- .github/workflows/netlify-dev.yml | 2 +- .github/workflows/prod-deploy.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-pull-request.yml b/.github/workflows/build-pull-request.yml index fae87b2c..b7646e58 100644 --- a/.github/workflows/build-pull-request.yml +++ b/.github/workflows/build-pull-request.yml @@ -14,7 +14,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v6.0.2 - name: Setup node - uses: actions/setup-node@v4.4.0 + uses: actions/setup-node@v6.2.0 with: node-version: 24.13.1 cache: 'npm' diff --git a/.github/workflows/netlify-dev.yml b/.github/workflows/netlify-dev.yml index fe3706a2..06e0abda 100644 --- a/.github/workflows/netlify-dev.yml +++ b/.github/workflows/netlify-dev.yml @@ -13,7 +13,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v6.0.2 - name: Setup node - uses: actions/setup-node@v4.4.0 + uses: actions/setup-node@v6.2.0 with: node-version: 24.13.1 cache: 'npm' diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml index bc7e77d2..4c88ad0f 100644 --- a/.github/workflows/prod-deploy.yml +++ b/.github/workflows/prod-deploy.yml @@ -12,7 +12,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v6.0.2 - name: Setup node - uses: actions/setup-node@v4.4.0 + uses: actions/setup-node@v6.2.0 with: node-version: 24.13.1 cache: 'npm' From a9022184fc20547c8480461c1c221b6985921512 Mon Sep 17 00:00:00 2001 From: Ajay Bura <32841439+ajbura@users.noreply.github.com> Date: Mon, 23 Feb 2026 11:27:39 +0530 Subject: [PATCH 09/20] Set message power to moderator in space (#2684) --- src/app/components/create-room/utils.ts | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/app/components/create-room/utils.ts b/src/app/components/create-room/utils.ts index a0ca7488..d0a45c3d 100644 --- a/src/app/components/create-room/utils.ts +++ b/src/app/components/create-room/utils.ts @@ -74,6 +74,10 @@ export const createRoomParentState = (parent: Room) => ({ }, }); +const createSpacePowerLevelsOverride = () => ({ + events_default: 50, +}); + export const createRoomEncryptionState = () => ({ type: 'm.room.encryption', state_key: '', @@ -121,6 +125,10 @@ export const createRoom = async (mx: MatrixClient, data: CreateRoomData): Promis initial_state: initialState, }; + if (data.type === RoomType.Space) { + options.power_level_content_override = createSpacePowerLevelsOverride(); + } + const result = await mx.createRoom(options); if (data.parent) { From 7a9f6d222305ecceca142a92fffc1083c3ee4c18 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Feb 2026 17:43:15 +1100 Subject: [PATCH 10/20] Bump linkifyjs and linkify-react from 4.1.3 to 4.3.2 (#2682) * Bump linkifyjs from 4.1.3 to 4.3.2 Bumps [linkifyjs](https://github.com/nfrasser/linkifyjs/tree/HEAD/packages/linkifyjs) from 4.1.3 to 4.3.2. - [Release notes](https://github.com/nfrasser/linkifyjs/releases) - [Changelog](https://github.com/nfrasser/linkifyjs/blob/main/CHANGELOG.md) - [Commits](https://github.com/nfrasser/linkifyjs/commits/v4.3.2/packages/linkifyjs) --- updated-dependencies: - dependency-name: linkifyjs dependency-version: 4.3.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] * update linkify react --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ajay Bura <32841439+ajbura@users.noreply.github.com> --- package-lock.json | 18 ++++++++++-------- package.json | 4 ++-- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7d48d644..78604792 100644 --- a/package-lock.json +++ b/package-lock.json @@ -41,8 +41,8 @@ "immer": "9.0.16", "is-hotkey": "0.2.0", "jotai": "2.6.0", - "linkify-react": "4.1.3", - "linkifyjs": "4.1.3", + "linkify-react": "4.3.2", + "linkifyjs": "4.3.2", "matrix-js-sdk": "38.2.0", "millify": "6.1.0", "pdfjs-dist": "4.2.67", @@ -8492,18 +8492,20 @@ } }, "node_modules/linkify-react": { - "version": "4.1.3", - "resolved": "https://registry.npmjs.org/linkify-react/-/linkify-react-4.1.3.tgz", - "integrity": "sha512-rhI3zM/fxn5BfRPHfi4r9N7zgac4vOIxub1wHIWXLA5ENTMs+BGaIaFO1D1PhmxgwhIKmJz3H7uCP0Dg5JwSlA==", + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/linkify-react/-/linkify-react-4.3.2.tgz", + "integrity": "sha512-mi744h1hf+WDsr+paJgSBBgYNLMWNSHyM9V9LVUo03RidNGdw1VpI7Twnt+K3pEh3nIzB4xiiAgZxpd61ItKpQ==", + "license": "MIT", "peerDependencies": { "linkifyjs": "^4.0.0", "react": ">= 15.0.0" } }, "node_modules/linkifyjs": { - "version": "4.1.3", - "resolved": "https://registry.npmjs.org/linkifyjs/-/linkifyjs-4.1.3.tgz", - "integrity": "sha512-auMesunaJ8yfkHvK4gfg1K0SaKX/6Wn9g2Aac/NwX+l5VdmFZzo/hdPGxEOETj+ryRa4/fiOPjeeKURSAJx1sg==" + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/linkifyjs/-/linkifyjs-4.3.2.tgz", + "integrity": "sha512-NT1CJtq3hHIreOianA8aSXn6Cw0JzYOuDQbOrSPe7gqFnCpKP++MQe3ODgO3oh2GJFORkAAdqredOa60z63GbA==", + "license": "MIT" }, "node_modules/locate-path": { "version": "6.0.0", diff --git a/package.json b/package.json index 84383522..631ced3d 100644 --- a/package.json +++ b/package.json @@ -52,8 +52,8 @@ "immer": "9.0.16", "is-hotkey": "0.2.0", "jotai": "2.6.0", - "linkify-react": "4.1.3", - "linkifyjs": "4.1.3", + "linkify-react": "4.3.2", + "linkifyjs": "4.3.2", "matrix-js-sdk": "38.2.0", "millify": "6.1.0", "pdfjs-dist": "4.2.67", From b2cb7171782e49514b9f90e8cc7b5d2ca09e9766 Mon Sep 17 00:00:00 2001 From: Ajay Bura <32841439+ajbura@users.noreply.github.com> Date: Mon, 23 Feb 2026 12:26:14 +0530 Subject: [PATCH 11/20] fix noreferrer typo in url preview link (#2685) --- src/app/components/url-preview/UrlPreviewCard.tsx | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/app/components/url-preview/UrlPreviewCard.tsx b/src/app/components/url-preview/UrlPreviewCard.tsx index 2a51969a..cbe85df2 100644 --- a/src/app/components/url-preview/UrlPreviewCard.tsx +++ b/src/app/components/url-preview/UrlPreviewCard.tsx @@ -30,7 +30,15 @@ export const UrlPreviewCard = as<'div', { url: string; ts: number }>( if (previewStatus.status === AsyncStatus.Error) return null; const renderContent = (prev: IPreviewUrlResponse) => { - const imgUrl = mxcUrlToHttp(mx, prev['og:image'] || '', useAuthentication, 256, 256, 'scale', false); + const imgUrl = mxcUrlToHttp( + mx, + prev['og:image'] || '', + useAuthentication, + 256, + 256, + 'scale', + false + ); return ( <> @@ -42,7 +50,7 @@ export const UrlPreviewCard = as<'div', { url: string; ts: number }>( as="a" href={url} target="_blank" - rel="no-referrer" + rel="noreferrer" size="T200" priority="300" > From ed0ad61bc42b05d56b6dda38a3b34b6dec0256c1 Mon Sep 17 00:00:00 2001 From: Ajay Bura <32841439+ajbura@users.noreply.github.com> Date: Mon, 23 Feb 2026 12:38:25 +0530 Subject: [PATCH 12/20] Verify SSO window message origin (#2686) --- src/app/components/uia-stages/SSOStage.tsx | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/app/components/uia-stages/SSOStage.tsx b/src/app/components/uia-stages/SSOStage.tsx index f85bcb30..e3d6126a 100644 --- a/src/app/components/uia-stages/SSOStage.tsx +++ b/src/app/components/uia-stages/SSOStage.tsx @@ -26,7 +26,12 @@ export function SSOStage({ useEffect(() => { const handleMessage = (evt: MessageEvent) => { - if (ssoWindow && evt.data === 'authDone' && evt.source === ssoWindow) { + if ( + evt.origin === new URL(ssoRedirectURL).origin && + ssoWindow && + evt.data === 'authDone' && + evt.source === ssoWindow + ) { ssoWindow.close(); setSSOWindow(undefined); handleSubmit(); @@ -37,7 +42,7 @@ export function SSOStage({ return () => { window.removeEventListener('message', handleMessage); }; - }, [ssoWindow, handleSubmit]); + }, [ssoWindow, handleSubmit, ssoRedirectURL]); return ( From dab44edef2f5d90b4849f9aaba2cce5985a677bd Mon Sep 17 00:00:00 2001 From: Krishan <33421343+kfiven@users.noreply.github.com> Date: Mon, 23 Feb 2026 18:12:37 +1100 Subject: [PATCH 13/20] Add prod-deploy.yml to Docker PR workflow paths (#2687) --- .github/workflows/docker-pr.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/docker-pr.yml b/.github/workflows/docker-pr.yml index bc68fe2a..e2dd0943 100644 --- a/.github/workflows/docker-pr.yml +++ b/.github/workflows/docker-pr.yml @@ -5,6 +5,7 @@ on: paths: - 'Dockerfile' - '.github/workflows/docker-pr.yml' + - '.github/workflows/prod-deploy.yml' jobs: docker-build: From cd80d4c9e8c29aacb7eb076d6846cdd5c2503882 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Feb 2026 18:13:17 +1100 Subject: [PATCH 14/20] Bump docker/build-push-action from 6.18.0 to 6.19.2 (#2642) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.18.0 to 6.19.2. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6.18.0...v6.19.2) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: 6.19.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker-pr.yml | 2 +- .github/workflows/prod-deploy.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-pr.yml b/.github/workflows/docker-pr.yml index e2dd0943..38f6a4fe 100644 --- a/.github/workflows/docker-pr.yml +++ b/.github/workflows/docker-pr.yml @@ -14,7 +14,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v6.0.2 - name: Build Docker image - uses: docker/build-push-action@v6.18.0 + uses: docker/build-push-action@v6.19.2 with: context: . push: false diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml index 4c88ad0f..72a0fe62 100644 --- a/.github/workflows/prod-deploy.yml +++ b/.github/workflows/prod-deploy.yml @@ -90,7 +90,7 @@ jobs: ${{ secrets.DOCKER_USERNAME }}/cinny ghcr.io/${{ github.repository }} - name: Build and push Docker image - uses: docker/build-push-action@v6.18.0 + uses: docker/build-push-action@v6.19.2 with: context: . platforms: linux/amd64,linux/arm64 From df3a3ba789824a6771f93c6692c42aef30eaa804 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Feb 2026 18:18:01 +1100 Subject: [PATCH 15/20] Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#2641) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.11.1 to 3.12.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 3.12.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/prod-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml index 72a0fe62..f55ba58a 100644 --- a/.github/workflows/prod-deploy.yml +++ b/.github/workflows/prod-deploy.yml @@ -70,7 +70,7 @@ jobs: - name: Set up QEMU uses: docker/setup-qemu-action@v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3.11.1 + uses: docker/setup-buildx-action@v3.12.0 - name: Login to Docker Hub uses: docker/login-action@v3.6.0 with: From 02106a99b99e607a1045eb5608874648d9f7d80a Mon Sep 17 00:00:00 2001 From: Krishan <33421343+kfiven@users.noreply.github.com> Date: Mon, 23 Feb 2026 22:32:06 +1100 Subject: [PATCH 16/20] Release v4.10.4 (#2688) --- package-lock.json | 4 ++-- package.json | 2 +- src/app/features/settings/about/About.tsx | 2 +- src/app/pages/auth/AuthFooter.tsx | 2 +- src/app/pages/client/WelcomePage.tsx | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 78604792..14e525d2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "cinny", - "version": "4.10.3", + "version": "4.10.4", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "cinny", - "version": "4.10.3", + "version": "4.10.4", "license": "AGPL-3.0-only", "dependencies": { "@atlaskit/pragmatic-drag-and-drop": "1.1.6", diff --git a/package.json b/package.json index 631ced3d..2002bc30 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "cinny", - "version": "4.10.3", + "version": "4.10.4", "description": "Yet another matrix client", "main": "index.js", "type": "module", diff --git a/src/app/features/settings/about/About.tsx b/src/app/features/settings/about/About.tsx index 7cf121d5..7c876a15 100644 --- a/src/app/features/settings/about/About.tsx +++ b/src/app/features/settings/about/About.tsx @@ -46,7 +46,7 @@ export function About({ requestClose }: AboutProps) { Cinny - v4.10.3 + v4.10.4 Yet another matrix client. diff --git a/src/app/pages/auth/AuthFooter.tsx b/src/app/pages/auth/AuthFooter.tsx index 124b0384..ad9da463 100644 --- a/src/app/pages/auth/AuthFooter.tsx +++ b/src/app/pages/auth/AuthFooter.tsx @@ -15,7 +15,7 @@ export function AuthFooter() { target="_blank" rel="noreferrer" > - v4.10.3 + v4.10.4 Twitter diff --git a/src/app/pages/client/WelcomePage.tsx b/src/app/pages/client/WelcomePage.tsx index 969a5cd4..23085286 100644 --- a/src/app/pages/client/WelcomePage.tsx +++ b/src/app/pages/client/WelcomePage.tsx @@ -24,7 +24,7 @@ export function WelcomePage() { target="_blank" rel="noreferrer noopener" > - v4.10.3 + v4.10.4 } From f64280993980439b71f326b329613d1f5f605e4a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 23 Feb 2026 22:56:52 +1100 Subject: [PATCH 17/20] chore(deps): update docker/login-action action to v3.7.0 (#2689) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/prod-deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml index f55ba58a..39f0b671 100644 --- a/.github/workflows/prod-deploy.yml +++ b/.github/workflows/prod-deploy.yml @@ -72,12 +72,12 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3.12.0 - name: Login to Docker Hub - uses: docker/login-action@v3.6.0 + uses: docker/login-action@v3.7.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to the Container registry - uses: docker/login-action@v3.6.0 + uses: docker/login-action@v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} From 739786d9abe1467d9c43dcc8ff8caadbfee62964 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 23 Feb 2026 22:57:44 +1100 Subject: [PATCH 18/20] chore(deps): update docker/setup-qemu-action action to v3.7.0 (#2691) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/prod-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml index 39f0b671..182efbd2 100644 --- a/.github/workflows/prod-deploy.yml +++ b/.github/workflows/prod-deploy.yml @@ -68,7 +68,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v6.0.2 - name: Set up QEMU - uses: docker/setup-qemu-action@v3.6.0 + uses: docker/setup-qemu-action@v3.7.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3.12.0 - name: Login to Docker Hub From f2d8ad0b6bdaf1ef904a7a4a553361685f404afd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 23 Feb 2026 22:58:20 +1100 Subject: [PATCH 19/20] chore(deps): update docker/metadata-action action to v5.10.0 (#2690) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/prod-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml index 182efbd2..8c3dcc56 100644 --- a/.github/workflows/prod-deploy.yml +++ b/.github/workflows/prod-deploy.yml @@ -84,7 +84,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5.8.0 + uses: docker/metadata-action@v5.10.0 with: images: | ${{ secrets.DOCKER_USERNAME }}/cinny From 6347640a35d85a60a4794879e11c8a11e065005a Mon Sep 17 00:00:00 2001 From: Krishan <33421343+kfiven@users.noreply.github.com> Date: Mon, 23 Feb 2026 23:05:01 +1100 Subject: [PATCH 20/20] Release v4.10.5 (#2692) --- package-lock.json | 4 ++-- package.json | 2 +- src/app/features/settings/about/About.tsx | 2 +- src/app/pages/auth/AuthFooter.tsx | 2 +- src/app/pages/client/WelcomePage.tsx | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 14e525d2..05466866 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "cinny", - "version": "4.10.4", + "version": "4.10.5", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "cinny", - "version": "4.10.4", + "version": "4.10.5", "license": "AGPL-3.0-only", "dependencies": { "@atlaskit/pragmatic-drag-and-drop": "1.1.6", diff --git a/package.json b/package.json index 2002bc30..de8ee72d 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "cinny", - "version": "4.10.4", + "version": "4.10.5", "description": "Yet another matrix client", "main": "index.js", "type": "module", diff --git a/src/app/features/settings/about/About.tsx b/src/app/features/settings/about/About.tsx index 7c876a15..f7af2d6a 100644 --- a/src/app/features/settings/about/About.tsx +++ b/src/app/features/settings/about/About.tsx @@ -46,7 +46,7 @@ export function About({ requestClose }: AboutProps) { Cinny - v4.10.4 + v4.10.5 Yet another matrix client. diff --git a/src/app/pages/auth/AuthFooter.tsx b/src/app/pages/auth/AuthFooter.tsx index ad9da463..146f039b 100644 --- a/src/app/pages/auth/AuthFooter.tsx +++ b/src/app/pages/auth/AuthFooter.tsx @@ -15,7 +15,7 @@ export function AuthFooter() { target="_blank" rel="noreferrer" > - v4.10.4 + v4.10.5 Twitter diff --git a/src/app/pages/client/WelcomePage.tsx b/src/app/pages/client/WelcomePage.tsx index 23085286..79630990 100644 --- a/src/app/pages/client/WelcomePage.tsx +++ b/src/app/pages/client/WelcomePage.tsx @@ -24,7 +24,7 @@ export function WelcomePage() { target="_blank" rel="noreferrer noopener" > - v4.10.4 + v4.10.5 }