Bump matrix-react-sdk from 1.5.0 to 3.21.0

[dependabot]

Bumps matrix-react-sdk from 1.5.0 to 3.21.0.

Release notes

Sourced from matrix-react-sdk's releases.

v3.21.0

Full Changelog

Security notice

matrix-react-sdk 3.21.0 fixes a low severity issue (GHSA-8796-gc9j-63rv) related to file upload. When uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file, but only after several user interactions to open the preview in a separate tab. This only impacts the local user while in the process of uploading. It cannot be exploited remotely or by other users. Thanks to Muhammad Zaid Ghifari for responsibly disclosing this via Matrix's Security Disclosure Policy.

All changes

• Upgrade to JS SDK 11.0.0
• [Release] Add missing space on beta feedback dialog #6019
• [Release] Add feedback mechanism for beta features, namely Spaces #6013
• Add feedback mechanism for beta features, namely Spaces #6012

v3.21.0-rc.1

Full Changelog

• Upgrade to JS SDK 11.0.0-rc.1
• Add disclaimer about subspaces being experimental in add existing dialog #5978
• Spaces Beta release #5933
• Improve permissions error when adding new server to room directory #6009
• Allow user to progress through space creation & setup using Enter #6006
• Upgrade sanitize types #6008
• Upgrade cheerio and resolve type errors #6007
• Add slash commands support to edit message composer #5865
• Fix the two todays problem #5940
• Switch the Home Space out for an All rooms space #5969
• Show device ID in UserInfo when there is no device name #5985
• Switch back to release version of sanitize-html #6005
• Bump hosted-git-info from 2.8.8 to 2.8.9 #5998
• Don't use the event's metadata to calc the scale of an image #5982
• Adjust MIME type of upload confirmation if needed #5981

... (truncated)

Changelog

Sourced from matrix-react-sdk's changelog.

Changes in 3.21.0 (2021-05-17)

Full Changelog

Security notice

matrix-react-sdk 3.21.0 fixes a low severity issue (GHSA-8796-gc9j-63rv) related to file upload. When uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file, but only after several user interactions to open the preview in a separate tab. This only impacts the local user while in the process of uploading. It cannot be exploited remotely or by other users. Thanks to Muhammad Zaid Ghifari for responsibly disclosing this via Matrix's Security Disclosure Policy.

All changes

• Upgrade to JS SDK 11.0.0
• [Release] Add missing space on beta feedback dialog #6019
• [Release] Add feedback mechanism for beta features, namely Spaces #6013
• Add feedback mechanism for beta features, namely Spaces #6012

Changes in 3.21.0-rc.1 (2021-05-11)

Full Changelog

• Upgrade to JS SDK 11.0.0-rc.1
• Add disclaimer about subspaces being experimental in add existing dialog #5978
• Spaces Beta release #5933
• Improve permissions error when adding new server to room directory #6009
• Allow user to progress through space creation & setup using Enter #6006
• Upgrade sanitize types #6008
• Upgrade cheerio and resolve type errors #6007
• Add slash commands support to edit message composer #5865
• Fix the two todays problem #5940
• Switch the Home Space out for an All rooms space #5969
• Show device ID in UserInfo when there is no device name #5985
• Switch back to release version of sanitize-html

... (truncated)

Commits

• 3673292 v3.21.0
• 6b884a5 Prepare changelog for v3.21.0
• 6c066ee Upgrade matrix-js-sdk to 11.0.0
• 26599ab Merge pull request #6019 from matrix-org/jryans/beta-feedback-nbsp-release
• 0717df7 Add missing space on beta feedback dialog
• 2bb9ef6 Merge pull request #6013 from matrix-org/t3chguy/fix/17238
• 7396ce7 Tweak the feedbacks a tad
• 7de6268 Sprinkle some more feedback prompts in the spaces beta
• 392505e v3.21.0-rc.1
• 6574811 Prepare changelog for v3.21.0-rc.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.