Skip to content

chore(deps): bump matrix-js-sdk from 36.2.0 to 38.2.0 in /tools/matrix-bot in the npm_and_yarn group across 1 directory#393

Merged
tomusdrw merged 2 commits intomainfrom
dependabot/npm_and_yarn/tools/matrix-bot/npm_and_yarn-b791a25b0f
Apr 7, 2026
Merged

chore(deps): bump matrix-js-sdk from 36.2.0 to 38.2.0 in /tools/matrix-bot in the npm_and_yarn group across 1 directory#393
tomusdrw merged 2 commits intomainfrom
dependabot/npm_and_yarn/tools/matrix-bot/npm_and_yarn-b791a25b0f

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 6, 2026

Bumps the npm_and_yarn group with 1 update in the /tools/matrix-bot directory: matrix-js-sdk.

Updates matrix-js-sdk from 36.2.0 to 38.2.0

Release notes

Sourced from matrix-js-sdk's releases.

v38.2.0

Fix CVE-2025-59160 / GHSA-mp7c-m3rh-r56v

v38.1.0

✨ Features

  • Remove custom org.matrix.msc4075.rtc.notification.parent relation type (#4979). Contributed by @​toger5.
  • MatrixRTC: Add RTC decline event (#4978). Contributed by @​toger5.
  • Make a MatrixRTCSession emit once the RTCNotification is sent (#4976). Contributed by @​toger5.
  • Use hydra semantics for unknown room versions (#4957). Contributed by @​dbkr.
  • Expose the StatusChanged event through the RTCSession (#4974). Contributed by @​toger5.
  • Add probablyLeft event to the MatrixRTCSession (#4962). Contributed by @​toger5.

🐛 Bug Fixes

v38.1.0-rc.0

✨ Features

  • Remove custom org.matrix.msc4075.rtc.notification.parent relation type (#4979). Contributed by @​toger5.
  • MatrixRTC: Add RTC decline event (#4978). Contributed by @​toger5.
  • Make a MatrixRTCSession emit once the RTCNotification is sent (#4976). Contributed by @​toger5.
  • Use hydra semantics for unknown room versions (#4957). Contributed by @​dbkr.
  • Expose the StatusChanged event through the RTCSession (#4974). Contributed by @​toger5.
  • Add probablyLeft event to the MatrixRTCSession (#4962). Contributed by @​toger5.

🐛 Bug Fixes

v38.0.0

🚨 BREAKING CHANGES

  • Release tranche of breaking changes (#4975).
  • Remove support for FetchHttpApi onlyData = false
  • Remove deprecated IJoinRoomOpts.syncRoom
  • Remove deprecated methods which are unsupported in rust crypto
  • Remove deprecated getAuthIssuer method
  • Remove deprecated beginKeyVerification method
  • Remove deprecated isEncryptedDisabledForUnverifiedDevices getter
  • Remove deprecated UndecryptableToDeviceEvent MatrixClient emit
  • Remove deprecated defer utility method
  • Remove deprecated UIAResponse dummy type
  • Remove deprecated MatrixRTCSession MembershipConfig fields

... (truncated)

Changelog

Sourced from matrix-js-sdk's changelog.

Changes in 38.2.0 (2025-09-16)

Fix CVE-2025-59160 / GHSA-mp7c-m3rh-r56v

Changes in 38.1.0 (2025-09-09)

✨ Features

  • Remove custom org.matrix.msc4075.rtc.notification.parent relation type (#4979). Contributed by @​toger5.
  • MatrixRTC: Add RTC decline event (#4978). Contributed by @​toger5.
  • Make a MatrixRTCSession emit once the RTCNotification is sent (#4976). Contributed by @​toger5.
  • Use hydra semantics for unknown room versions (#4957). Contributed by @​dbkr.
  • Expose the StatusChanged event through the RTCSession (#4974). Contributed by @​toger5.
  • Add probablyLeft event to the MatrixRTCSession (#4962). Contributed by @​toger5.

🐛 Bug Fixes

Changes in 38.0.0 (2025-08-27)

🚨 BREAKING CHANGES

  • Release tranche of breaking changes (#4975).
  • Remove support for FetchHttpApi onlyData = false
  • Remove deprecated IJoinRoomOpts.syncRoom
  • Remove deprecated methods which are unsupported in rust crypto
  • Remove deprecated getAuthIssuer method
  • Remove deprecated beginKeyVerification method
  • Remove deprecated isEncryptedDisabledForUnverifiedDevices getter
  • Remove deprecated UndecryptableToDeviceEvent MatrixClient emit
  • Remove deprecated defer utility method
  • Remove deprecated UIAResponse dummy type
  • Remove deprecated MatrixRTCSession MembershipConfig fields
  • Remove deprecated findVerificationRequestDMInProgress and storeSessionBackupPrivateKey methods in favour of overloads

✨ Features

  • Allow multiple rtc sessions per room (with different sessionDescriptions) (#4945). Contributed by @​toger5.
  • Add support for login_hint in authorization url generation (#4943). Contributed by @​odelcroi.
  • Only process MatrixRTC sessions associated with calls for callMembershipsForRoom (#4960). Contributed by @​fkwp.

Changes in 37.13.0 (2025-08-11)

... (truncated)

Commits
Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump matrix-js-sdk
56fe656 
Bumps the npm_and_yarn group with 1 update in the /tools/matrix-bot directory: [matrix-js-sdk](https://github.com/matrix-org/matrix-js-sdk).


Updates `matrix-js-sdk` from 36.2.0 to 38.2.0
- [Release notes](https://github.com/matrix-org/matrix-js-sdk/releases)
- [Changelog](https://github.com/matrix-org/matrix-js-sdk/blob/develop/CHANGELOG.md)
- [Commits](matrix-org/matrix-js-sdk@v36.2.0...v38.2.0)

---
updated-dependencies:
- dependency-name: matrix-js-sdk
  dependency-version: 38.2.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 6, 2026
@netlify
Copy link
Copy Markdown

netlify bot commented Apr 6, 2026
edited
Loading

Deploy Preview for graypaper-reader ready!

Name Link
🔨 Latest commit 7c3f839
🔍 Latest deploy log https://app.netlify.com/projects/graypaper-reader/deploys/69d401963e5e2300076f2bce
😎 Deploy Preview https://deploy-preview-393--graypaper-reader.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 6, 2026

Visual Regression Test Report ✅ Passed

Github run id: 24045782330

🔗 Artifacts: Download

@tomusdrw tomusdrw merged commit 16d4f65 into main Apr 7, 2026
4 checks passed
@tomusdrw tomusdrw deleted the dependabot/npm_and_yarn/tools/matrix-bot/npm_and_yarn-b791a25b0f branch April 7, 2026 10:57
tomusdrw added a commit that referenced this pull request Apr 7, 2026
@tomusdrw @claude
fix: regenerate lockfile after dependabot matrix-js-sdk bump
bc3ebb7 
The dependabot PR #393 updated matrix-js-sdk from 36.2.0 to 38.2.0 in
tools/matrix-bot but the lockfile was left out of sync, causing npm ci
to fail in CI with missing matrix-js-sdk@38.4.0,
@matrix-org/matrix-sdk-crypto-wasm@15.3.0, and sdp-transform@2.15.0.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tomusdrw tomusdrw mentioned this pull request Apr 7, 2026
Merged
2 tasks
tomusdrw added a commit that referenced this pull request Apr 7, 2026
@tomusdrw @claude
fix: regenerate lockfile after dependabot matrix-js-sdk bump (#397)
e892a48 
The dependabot PR #393 updated matrix-js-sdk from 36.2.0 to 38.2.0 in
tools/matrix-bot but the lockfile was left out of sync, causing npm ci
to fail in CI with missing matrix-js-sdk@38.4.0,
@matrix-org/matrix-sdk-crypto-wasm@15.3.0, and sdp-transform@2.15.0.

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tomusdrw