Update dependency matrix-js-sdk to v34 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
matrix-js-sdk	^25.0.0 -> ^34.0.0

GitHub Vulnerability Alerts

CVE-2024-42369

Impact

A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug.

Even if the CVSS score would be 4.1 (AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L) we classify this as High severity issue.

Patches

This was patched in matrix-js-sdk 34.3.1.

Workarounds

Sanity check rooms before passing them to the matrix-js-sdk or avoid calling either getRoomUpgradeHistory or leaveRoomChain.

References

N/A.

CVE-2024-47080

Impact

In matrix-js-sdk versions 9.11.0 through 34.7.0, the method MatrixClient.sendSharedHistoryKeys is vulnerable to interception by malicious homeservers. The method implements functionality proposed in MSC3061 and can be used by clients to share historical message keys with newly invited users, granting them access to past messages in the room.

However, it unconditionally sends these "shared" keys to all of the invited user's devices, regardless of whether the user's cryptographic identity is verified or whether the user's devices are signed by that identity. This allows the attacker to potentially inject its own devices to receive sensitive historical keys without proper security checks.

Note that this only affects clients running the SDK with the legacy crypto stack. Clients using the new Rust cryptography stack (i.e. those that call MatrixClient.initRustCrypto() instead of MatrixClient.initCrypto()) are unaffected by this vulnerability, because MatrixClient.sendSharedHistoryKeys() raises an exception in such environments.

Patches

Fixed in matrix-js-sdk 34.8.0 by removing the vulnerable functionality.

Workarounds

Remove use of affected functionality from clients.

References

• MSC3061

For more information

If you have any questions or comments about this advisory, please email us at security at matrix.org.

---

Release Notes

matrix-org/matrix-js-sdk (matrix-js-sdk)

v34.8.0

Compare Source

==================================================================================================
This release removes insecure functionality, resolving CVE-2024-47080 / GHSA-4jf8-g8wp-cx7c.

v34.7.0

Compare Source

==================================================================================================

🦖 Deprecations

• RTCSession cleanup: deprecate getKeysForParticipant() and getEncryption(); add emitEncryptionKeys() (#​4427). Contributed by @​hughns.

✨ Features

• Bump matrix-rust-sdk to 9.1.0 (#​4435). Contributed by @​richvdh.
• Rotate Matrix RTC media encryption key when a new member joins a call for Post Compromise Security (#​4422). Contributed by @​hughns.
• Update media event content types to include captions (#​4403). Contributed by @​tulir.
• Update OIDC registration types to match latest MSC2966 state (#​4432). Contributed by @​t3chguy.
• Add CryptoApi.pinCurrentUserIdentity and UserIdentity.needsUserApproval (#​4415). Contributed by @​richvdh.

v34.6.0

Compare Source

==================================================================================================

🦖 Deprecations

• Element-R: Mark unsupported MatrixClient methods as deprecated (#​4389). Contributed by @​richvdh.

✨ Features

• Add crypto mode setting for invisible crypto, and apply it to decrypting events (#​4407). Contributed by @​uhoreg.
• Don't share full key history for RTC per-participant encryption (#​4406). Contributed by @​hughns.
• Export membership types (#​4405). Contributed by @​Johennes.
• Fix sending redacts in embedded (widget) mode (#​4398). Contributed by @​toger5.
• Expose the event ID of a call membership (#​4395). Contributed by @​robintown.
• MSC4133 - Extended profiles (#​4391). Contributed by @​Half-Shot.

v34.5.0

Compare Source

==================================================================================================

🦖 Deprecations

• Deprecate unused callback hooks CryptoCallbacks.onSecretRequested and CryptoCallbacks.getDehydrationKey (#​4376). Contributed by @​richvdh.

v34.4.0

Compare Source

==================================================================================================

✨ Features

• Use non-legacy calls if any are found (#​4337). Contributed by @​AndrewFerr.

🐛 Bug Fixes

• Retry event decryption failures on first failure (#​4346). Contributed by @​hughns.
• Ensure "type" = "module" ES declaration in pre-release.sh (#​4350). Contributed by @​BLCK-B.
• Handle MatrixRTC encryption keys arriving out of order (#​4345). Contributed by @​hughns.
• Resend MatrixRTC encryption keys if a membership has changed (#​4343). Contributed by @​hughns.

v34.3.1

Compare Source

==================================================================================================

v34.3.0

Compare Source

==================================================================================================

✨ Features

• Bump matrix-widget-api (#​4336). Contributed by @​AndrewFerr.
• Also check for MSC3757 for session state keys (#​4334). Contributed by @​AndrewFerr.
• Support Futures via widgets (#​4311). Contributed by @​AndrewFerr.
• Support MSC4140: Delayed events (Futures) (#​4294). Contributed by @​AndrewFerr.
• Handle late-arriving m.room_key.withheld messages (#​4310). Contributed by @​richvdh.
• Be specific about what is considered a MSC4143 call member event. (#​4328). Contributed by @​toger5.
• Add index.ts for matrixrtc module (#​4314). Contributed by @​toger5.

🐛 Bug Fixes

• Fix hashed ID server lookups with no Olm (#​4333). Contributed by @​dbkr.

v34.2.0

Compare Source

==================================================================================================

🐛 Bug Fixes

• Element-R: detect "withheld key" UTD errors, and mark them as such (#​4302). Contributed by @​richvdh.

v34.1.0

Compare Source

==================================================================================================

✨ Features

• Add ability to choose how many timeline events to sync when peeking (#​4300). Contributed by @​jgarplind.
• Remove redundant hack for using the old pickle key in rust crypto (#​4282). Contributed by @​richvdh.
• Add fetching the well known in embedded mode. (#​4259). Contributed by @​toger5.

🐛 Bug Fixes

• Fix room state being updated with old (now overwritten) state and emitting for those updates. (#​4242). Contributed by @​toger5.
• Fix incorrect "Olm is not available" errors (#​4301). Contributed by @​richvdh.
• Fix build for example script (#​4286). Contributed by @​richvdh.
• Declare matrix-js-sdk as an ES module (#​4285). Contributed by @​richvdh.

v34.0.0

Compare Source

==================================================================================================

🚨 BREAKING CHANGES

• Fetch capabilities in the background (#​4246). Contributed by @​dbkr.

✨ Features

• Prefix the user+device state key if needed (#​4262). Contributed by @​AndrewFerr.
• Use legacy call membership if anyone else is (#​4260). Contributed by @​AndrewFerr.
• Fetch capabilities in the background (#​4246). Contributed by @​dbkr.
• Use server name instead of homeserver url to allow well-known lookups during QR OIDC reciprocation (#​4233). Contributed by @​t3chguy.
• Add via parameter for MSC4156 (#​4247). Contributed by @​Johennes.
• Make the js-sdk compatible with MSC preferred foci and active focus. (#​4195). Contributed by @​toger5.
• Replace usages of setImmediate with setTimeout for wider compatibility (#​4240). Contributed by @​t3chguy.

🐛 Bug Fixes

• [Backport staging] Fix "Unable to restore session" error (#​4299). Contributed by @​RiotRobot.
• [Backport staging] Fix error when sending encrypted messages in large rooms (#​4297). Contributed by @​RiotRobot.
• Element-R: Fix resource leaks in verification logic (#​4263). Contributed by @​richvdh.
• Upgrade Rust Crypto SDK to 6.1.0 (#​4261). Contributed by @​richvdh.
• Correctly transform base64 with multiple instances of + or / (#​4252). Contributed by @​robintown.
• Work around spec bug for m.room.avatar state event content type (#​4245). Contributed by @​t3chguy.

v33.1.0

Compare Source

==================================================================================================

✨ Features

• MSC4108 support OIDC QR code login (#​4134). Contributed by @​t3chguy.
• Add crypto methods for export and import of secrets bundle (#​4227). Contributed by @​t3chguy.

🐛 Bug Fixes

• Fix screen sharing in recent Chrome (#​4243). Contributed by @​RiotRobot.
• Fix incorrect assumptions about required fields in /search response (#​4228). Contributed by @​t3chguy.
• Fix the queueToDevice tests for the new fakeindexeddb (#​4225). Contributed by @​dbkr.

v33.0.0

Compare Source

==================================================================================================

🚨 BREAKING CHANGES

• Remove more deprecated methods, fields, and exports (#​4217). Contributed by @​t3chguy.
• Remove deprecated methods and fields (#​4201). Contributed by @​t3chguy.

🦖 Deprecations

• Remove more deprecated methods, fields, and exports (#​4217). Contributed by @​t3chguy.
• Remove deprecated methods and fields (#​4201). Contributed by @​t3chguy.

✨ Features

• initRustCrypto: allow app to pass in the store key directly (#​4210). Contributed by @​richvdh.
• Preserve ESM for async imports to work correctly (#​4187). Contributed by @​ms-dosx86.

🐛 Bug Fixes

• Don't run migration for Rust crypto if the legacy store is empty (#​4218). Contributed by @​andybalaam.
• Bump matrix-sdk-crypto-wasm to 5.0.0 (#​4216). Contributed by @​richvdh.
• Wire up verification cancel & mismatch for rust crypto (#​4202). Contributed by @​t3chguy.
• Only pass id_server if we had one to begin with (#​4200). Contributed by @​t3chguy.

v32.4.0

Compare Source

==================================================================================================

• No changes

v32.3.0

Compare Source

==================================================================================================

✨ Features

• Simplify OIDC types & export decodeIdToken (#​4193). Contributed by @​t3chguy.
• Add helpers for authenticated media, and associated documentation (#​4185). Contributed by @​turt2live.

🐛 Bug Fixes

• Fix state_events.ts types (#​4196). Contributed by @​t3chguy.
• Fix sendEventHttpRequest for m.room.redaction events without redacts (#​4192). Contributed by @​t3chguy.

v32.2.0

Compare Source

==================================================================================================

✨ Features

• Use a different error code for UTDs when user was not in the room (#​4172). Contributed by @​uhoreg.
• Modernize window.crypto access constants (#​4169). Contributed by @​turt2live.
• Improve compliance with MSC3266 (#​4155). Contributed by @​AndrewFerr.
• Add comment to make clear that RoomStateEvent.Events does not update related objects in the js-sdk (#​4152). Contributed by @​toger5.
• Crypto: use a new error code for UTDs from device-relative historical events (#​4139). Contributed by @​richvdh.

🐛 Bug Fixes

• Element-R: Fix rust migration when ssss secret are stored not encryted in cache (old legacy behavior) (#​4168). Contributed by @​BillCarsonFr.

v32.1.0

Compare Source

==================================================================================================

✨ Features

• Add support for device dehydration v2 (Element R) (#​4062). Contributed by @​uhoreg.
• OIDC improvements in prep of OIDC-QR reciprocation (#​4149). Contributed by @​t3chguy.

🐛 Bug Fixes

• Validate backup private key before migrating it (#​4114). Contributed by @​BillCarsonFr.
• ElementR| Retry query backup until it works during migration to avoid spurious correption error popup (#​4113). Contributed by @​BillCarsonFr.

v32.0.0

Compare Source

==================================================================================================

🚨 BREAKING CHANGES

• Remove various deprecated methods & re-exports (#​4125). Contributed by @​t3chguy.
• Remove the logic that throws when the lazy loading options has changed. (#​4124). Contributed by @​langleyd.
• Fix highlights from threads disappearing on new messages (#​4106). Contributed by @​dbkr.

✨ Features

• Add new decryptExistingEvent test helper (#​4133). Contributed by @​richvdh.
• Improve types for sendEvent (#​4108). Contributed by @​t3chguy.
• Remove various deprecated methods & re-exports (#​4125). Contributed by @​t3chguy.
• Add new enum for verification methods. (#​4129). Contributed by @​richvdh.
• Add some test utils in a new entrypoint (#​4127). Contributed by @​richvdh.
• Improve types for sendStateEvent (#​4105). Contributed by @​t3chguy.

🐛 Bug Fixes

• Improve types for IPowerLevelsContent and hasSufficientPowerLevelFor (#​4128). Contributed by @​galash13.
• Remove the logic that throws when the lazy loading options has changed. (#​4124). Contributed by @​langleyd.
• Fix highlights from threads disappearing on new messages (#​4106). Contributed by @​dbkr.
• Extend logic for local notification processing to threads (#​4111). Contributed by @​dbkr.
• Fix public rooms post request search params and body (#​4110). Contributed by @​ajbura.
• Fix bugs with the first reply to a thread (#​4104). Contributed by @​dbkr.

v31.6.1

Compare Source

==================================================================================================

🐛 Bug Fixes

• Fix merging of default push rules (#​4136).

v31.6.0

Compare Source

==================================================================================================

✨ Features

• Introduce Membership TS type (take 2) (#​4107). Contributed by @​andybalaam.
• fix automatic DM avatar with functional members (#​4017). Contributed by @​HarHarLinks.
• Export types describing all specced media event formats (#​4092). Contributed by @​t3chguy.
• Add .m.rule.is_room_mention push rule to DEFAULT_OVERRIDE_RULES (#​4100). Contributed by @​t3chguy.
• Make sending ContentLoaded optional for a widgetClient (#​4086). Contributed by @​toger5.

🐛 Bug Fixes

• Migrate own identity local trust to rust crypto (#​4090). Contributed by @​BillCarsonFr.
• Fix race condition with sliding sync extensions (#​4089). Contributed by @​zzorba.

v31.5.0

Compare Source

==================================================================================================

✨ Features

• Update MSC2965 OIDC Discovery implementation (#​4064). Contributed by @​t3chguy.

🐛 Bug Fixes

• Add basic retry for rust crypto outgoing requests (#​4061). Contributed by @​BillCarsonFr.

v31.4.0

Compare Source

==================================================================================================

✨ Features

• Validate account_management_uri and account_management_actions_supported from OIDC Issuer well-known (#​4074). Contributed by @​t3chguy.
• Allow specifying OIDC url state parameter for passing data to callback (#​4068). Contributed by @​t3chguy.
• Add getAuthIssuer method for MSC2965 (#​4071). Contributed by @​t3chguy.
• Allow specifying more OIDC client metadata for dynamic registration (#​4070). Contributed by @​t3chguy.
• Add unread marker event type (#​4069). Contributed by @​dbkr.
• Add "AsJson" forms of the key import/export methods (#​4057). Contributed by @​andybalaam.

🐛 Bug Fixes

• Ignore memberships of users that are not in the call (#​4065). Contributed by @​toger5.
• Await encrypted messages (#​4063). Contributed by @​toger5.
• ElementR | Ensure own user and device trust are updated after migration before giving back control to the app. (#​4059). Contributed by @​BillCarsonFr.
• Bump matrix-sdk-crypto-wasm to 4.5.0 (#​4060). Contributed by @​andybalaam.

v31.3.0

Compare Source

==================================================================================================

✨ Features

• Add expire_ts compatibility to matrixRTC (#​4032). Contributed by @​toger5.
• Element-R: support for migration of the room list from legacy crypto (#​4036). Contributed by @​richvdh.
• Element-R: check persistent room list for encryption config (#​4035). Contributed by @​richvdh.
• Support optional MSC3860 redirects (#​4007). Contributed by @​turt2live.

🐛 Bug Fixes

• WebR: migrate the megolm session imported flag (#​4037). Contributed by @​BillCarsonFr.
• ElementR: fix emoji verification stalling when both ends hit start at the same time (#​4004). Contributed by @​uhoreg.
• Dependencies: Bump wasm bindings version to 4.3.0 (#​4042). Contributed by @​BillCarsonFr.
• Element R: emit events when devices have changed (#​4019). Contributed by @​uhoreg.
• ElementR: report invalid keys rather than failing to restore from backup (#​4006). Contributed by @​uhoreg.
• Make timeline a getter (#​4022). Contributed by @​florianduros.
• Implement getting verification cancellation info in Rust crypto (#​3947). Contributed by @​uhoreg.
• Fix crypto migration for megolm sessions with no sender key (#​4024). Contributed by @​richvdh.

v31.2.0

Compare Source

==================================================================================================

✨ Features

• Emit events during migration from libolm (#​3982). Contributed by @​richvdh.
• Support for migration from from libolm (#​3978). Contributed by @​richvdh.

🐛 Bug Fixes

• ElementR | backup: call expensive roomKeyCounts less often (#​4015). Contributed by @​BillCarsonFr.
• Decrypt and Import full backups in chunk with progress (#​4005). Contributed by @​BillCarsonFr.
• Fix new threads not appearing. (#​4009). Contributed by @​dbkr.

v31.1.0

Compare Source

==================================================================================================

✨ Features

• Broaden spec version support (#​4016). Contributed by @​RiotRobot.

v31.0.0

Compare Source

==================================================================================================

🚨 BREAKING CHANGES

• Bump minimum spec version to v1.5 (#​3970). Contributed by @​richvdh.

✨ Features

• Bump minimum spec version to v1.5 (#​3970). Contributed by @​richvdh.
• Send authenticated /versions request (#​3968). Contributed by @​dbkr.

🐛 Bug Fixes

• Revert "Bump matrix-sdk-crypto-wasm to 3.6.0" (#​3991). Contributed by @​andybalaam.
• #​22606 Fix "Remove" button to users without "m.room.redaction" (#​3981). Contributed by @​rashmitpankhania.
• ElementR: Ensure Encryption order per room (#​3973). Contributed by @​BillCarsonFr.
• Element-R: fix bootstrapSecretStorage not resetting key backup when requested (#​3976). Contributed by @​uhoreg.

v30.3.0

Compare Source

==================================================================================================

✨ Features

• Element-R: disable sending room key requests (#​3939). Contributed by @​richvdh.

🐛 Bug Fixes

• Fix notifications appearing for old events (#​3946). Contributed by @​dbkr.
• Don't back up keys that we got from backup (#​3934). Contributed by @​uhoreg.
• Fix upload with empty Content-Type (#​3918). Contributed by @​JakubOnderka.
• Prevent phantom notifications from events not in a room's timeline (#​3942). Contributed by @​dbkr.

v30.2.0

Compare Source

==================================================================================================

✨ Features

• Only await key query after lazy members resolved (#​3902). Contributed by @​BillCarsonFr.

🐛 Bug Fixes

• Rewrite receipt-handling code (#​3901). Contributed by @​andybalaam.
• Explicitly free some Rust-side objects (#​3911). Contributed by @​richvdh.
• Fix type for TimestampToEventResponse.origin_server_ts (#​3906). Contributed by @​Half-Shot.

v30.1.0

Compare Source

==================================================================================================

✨ Features

• Rotate per-participant keys when a member leaves (#​3833). Contributed by @​dbkr.
• Add E2EE for embedded mode of Element Call (#​3667). Contributed by @​SimonBrandner.

🐛 Bug Fixes

• Shorten TimelineWindow when an event is removed (#​3862). Contributed by @​andybalaam.
• Ignore receipts pointing at missing or invalid events (#​3817). Contributed by @​andybalaam.
• Fix members being loaded from server on initial sync (defeating lazy loading) (#​3830). Contributed by @​BillCarsonFr.

v30.0.1

Compare Source

==================================================================================================

🐛 Bug Fixes

• Ensure setUserCreator is called when a store is assigned (#​3867). Fixes vector-im/element-web#26520. Contributed by @​MidhunSureshR.

v30.0.0

Compare Source

==================================================================================================

🚨 BREAKING CHANGES

• Refactor & make base64 functions browser-safe (#​3818).
• IndexedDBStore.startup() must be called after using it on sdk.createClient now.

🦖 Deprecations

• Deprecate MatrixEvent.toJSON (#​3801).

✨ Features

• Element-R: Add the git sha of the binding crate to CryptoApi#getVersion (#​3838). Contributed by @​florianduros.
• Element-R: Wire up globalBlacklistUnverifiedDevices field to rust crypto encryption settings (#​3790). Fixes vector-im/element-web#26315. Contributed by @​florianduros.
• Element-R: Wire up room rotation (#​3807). Fixes vector-im/element-web#26318. Contributed by @​florianduros.
• Element-R: Add current version of the rust-sdk and vodozemac (#​3825). Contributed by @​florianduros.
• Element-R: Wire up room history visibility (#​3805). Fixes vector-im/element-web#26319. Contributed by @​florianduros.
• Element-R: log when we send to-device messages (#​3810).

🐛 Bug Fixes

• Fix reemitter not being correctly wired on user objects created in storage classes (#​3796). Contributed by @​MidhunSureshR.
• Element-R: silence log errors when viewing a pending event (#​3824).
• Don't emit a closed event if the indexeddb is closed by Element (#​3832). Fixes vector-im/element-web#25941. Contributed by @​dhenneke.
• Element-R: silence log errors when viewing a decryption failure (#​3821).

v29.1.0

Compare Source

==================================================================================================

✨ Features

• OIDC: refresh tokens (#​3764). Contributed by @​kerryarchibald.
• OIDC: add prompt param to auth url creation (#​3794). Contributed by @​kerryarchibald.
• Allow applications to specify their own logger instance (#​3792). Fixes #​1899.
• Export AutoDiscoveryError and fix type of ALL_ERRORS (#​3768).

🐛 Bug Fixes

• Fix sending call member events on leave (#​3799). Fixes vector-im/element-call#1763.
• Don't use event.sender in CallMembership (#​3793).
• Element-R: Don't mark QR code verification as done until it's done (#​3791). Fixes vector-im/element-web#26293.
• Element-R: Connect device to key backup when crypto is created (#​3784). Fixes vector-im/element-web#26316. Contributed by @​florianduros.
• Element-R: Avoid errors in VerificationRequest.generateQRCode when QR code is unavailable (#​3779). Fixes vector-im/element-web#26300. Contributed by @​florianduros.
• ElementR: Check key backup when user identity changes (#​3760). Fixes vector-im/element-web#26244. Contributed by @​florianduros.
• Element-R: emit VerificationRequestReceived on incoming request (#​3762). Fixes vector-im/element-web#26245.

v29.0.0

Compare Source

==================================================================================================

🚨 BREAKING CHANGES

• Remove browserify builds (#​3759).

✨ Features

• Export AutoDiscoveryError and fix type of ALL_ERRORS (#​3768).
• Support for stable MSC3882 get_login_token (#​3416). Contributed by @​hughns.
• Remove IsUserMention and IsRoomMention from DEFAULT_OVERRIDE_RULES (#​3752). Contributed by @​kerryarchibald.

🐛 Bug Fixes

• Fix a case where joinRoom creates a duplicate Room object (#​3747).
• Add membershipID to call memberships (#​3745).
• Fix the warning for messages from unsigned devices (#​3743).
• Stop keep alive, when sync was stoped (#​3720). Contributed by @​finsterwalder.

v28.2.0

Compare Source

==================================================================================================

🦖 Deprecations

• Implement getEncryptionInfoForEvent and deprecate getEventEncryptionInfo (#​3693).
• The Browserify artifact is being deprecated, scheduled for removal in the October 10th release cycle. (#​3189)

✨ Features

• Delete knocked room when knock membership changes (#​3729). Contributed by @​maheichyk.
• Introduce MatrixRTCSession lower level group call primitive (#​3663).
• Sync knock rooms (#​3703). Contributed by @​maheichyk.

🐛 Bug Fixes

• Dont access indexed db when undefined (#​3707). Contributed by @​finsterwalder.
• Don't reset unread count when adding a synthetic receipt (#​3706). Fixes #​3684. Contributed by @​andybalaam.

v28.1.0

Compare Source

============================================================================================================

🦖 Deprecations

• Deprecate MatrixClient.checkUserTrust (#​3691).
• Deprecate MatrixClient.{prepare,create}KeyBackupVersion in favour of new CryptoApi.resetKeyBackup API (#​3689).
• The Browserify artifact is being deprecated, scheduled for removal in the October 10th release cycle. (#​3189)

✨ Features

• Allow calls without ICE/TURN/STUN servers (#​3695).
• Emit summary update event (#​3687). Fixes vector-im/element-web#26033.
• ElementR: Update CryptoApi.userHasCrossSigningKeys (#​3646). Contributed by @​florianduros.
• Add join_rule field to /publicRooms response (#​3673). Contributed by @​charlynguyen.
• Use sender instead of content.creator field on m.room.create events (#​3675).

🐛 Bug Fixes

• Provide better error for ICE Server SyntaxError (#​3694). Fixes vector-im/element-web#21804.
• Legacy crypto: re-check key backup after bootstrapSecretStorage (#​3692). Fixes vector-im/element-web#26115.

v28.0.0

Compare Source

==================================================================================================

🚨 BREAKING CHANGES

• Set minimum supported Matrix 1.1 version (drop legacy r0 versions) (#​3007). Fixes vector-im/element-web#16876.

🦖 Deprecations

• **The Browserify artifact is being deprecated, scheduled for removal in the October 10th re

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

APK Size: 2.1 MB