Commit Graph

85 Commits

Author SHA1 Message Date
gnuxie e46e355050 Update to MPS 0.9.0. 2024-04-06 20:03:34 +01:00
gnuxie 87c09d8719 Correctly configure package.json for MPS.
This has taken forever to get working, but now it is.
index.ts is changed because that's how we know
we've overriden the bot-sdk dep correctly.
2024-04-06 20:03:33 +01:00
gnuxie 2929266c37 bs 2024-04-06 20:03:32 +01:00
gnuxie edb10cd7c3 install matrix-protection-suite 2024-04-06 20:03:32 +01:00
dependabot[bot] 788e89a079 Bump follow-redirects from 1.15.4 to 1.15.6 (#292)
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.4 to 1.15.6.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.4...v1.15.6)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-17 11:33:23 +00:00
dependabot[bot] 38a6cac329 Bump sanitize-html from 2.11.0 to 2.12.1 (#278)
Bumps [sanitize-html](https://github.com/apostrophecms/sanitize-html) from 2.11.0 to 2.12.1.
- [Changelog](https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md)
- [Commits](https://github.com/apostrophecms/sanitize-html/compare/2.11.0...2.12.1)

---
updated-dependencies:
- dependency-name: sanitize-html
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-01 17:43:03 +00:00
dependabot[bot] faee9367af Bump jsdom from 16.7.0 to 24.0.0 (#215)
* Bump jsdom from 16.7.0 to 24.0.0

Bumps [jsdom](https://github.com/jsdom/jsdom) from 16.7.0 to 24.0.0.
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)
- [Commits](https://github.com/jsdom/jsdom/compare/16.7.0...24.0.0)

---
updated-dependencies:
- dependency-name: jsdom
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Make an arbritrary decision when upgrading @types/jsdom.

https://github.com/DefinitelyTyped/DefinitelyTyped#how-do-definitely-typed-package-versions-relate-to-versions-of-the-corresponding-library
Apparently the typings for jsdom are really out of date.
So we have to take the risk and use an older version that
seems to be ok so that we can upgrade the package.

I did consider just using 21.1.6 for both so that we could be
stubbornly accurate but there's no indication how long it will take
for the typings package to be upgraded.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: gnuxie <Gnuxie@protonmail.com>
2024-02-03 17:51:15 +00:00
dependabot[bot] 66dfab7d4c Bump ulidx from 0.3.0 to 2.2.1 (#213)
Bumps [ulidx](https://github.com/perry-mitchell/ulidx) from 0.3.0 to 2.2.1.
- [Changelog](https://github.com/perry-mitchell/ulidx/blob/main/CHANGELOG.md)
- [Commits](https://github.com/perry-mitchell/ulidx/compare/v0.3.0...v2.2.1)

---
updated-dependencies:
- dependency-name: ulidx
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-22 22:36:08 +00:00
dependabot[bot] 3a44659916 Bump the development-dependencies group with 11 updates (#212)
Bumps the development-dependencies group with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [@types/crypto-js](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/crypto-js) | `4.1.2` | `4.2.2` |
| [@types/js-yaml](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/js-yaml) | `4.0.5` | `4.0.9` |
| [@types/mocha](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/mocha) | `10.0.1` | `10.0.6` |
| [@types/nedb](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/nedb) | `1.8.13` | `1.8.16` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.6.0` | `20.11.5` |
| [@types/request](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/request) | `2.48.8` | `2.48.12` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `6.5.0` | `6.19.0` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `6.5.0` | `6.19.0` |
| [eslint](https://github.com/eslint/eslint) | `8.49.0` | `8.56.0` |
| [expect](https://github.com/jestjs/jest/tree/HEAD/packages/expect) | `29.6.4` | `29.7.0` |
| [typescript](https://github.com/Microsoft/TypeScript) | `5.2.2` | `5.3.3` |


Updates `@types/crypto-js` from 4.1.2 to 4.2.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/crypto-js)

Updates `@types/js-yaml` from 4.0.5 to 4.0.9
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/js-yaml)

Updates `@types/mocha` from 10.0.1 to 10.0.6
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/mocha)

Updates `@types/nedb` from 1.8.13 to 1.8.16
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/nedb)

Updates `@types/node` from 20.6.0 to 20.11.5
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@types/request` from 2.48.8 to 2.48.12
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/request)

Updates `@typescript-eslint/eslint-plugin` from 6.5.0 to 6.19.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.19.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 6.5.0 to 6.19.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.19.0/packages/parser)

Updates `eslint` from 8.49.0 to 8.56.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.49.0...v8.56.0)

Updates `expect` from 29.6.4 to 29.7.0
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v29.7.0/packages/expect)

Updates `typescript` from 5.2.2 to 5.3.3
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v5.2.2...v5.3.3)

---
updated-dependencies:
- dependency-name: "@types/crypto-js"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: "@types/js-yaml"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: "@types/mocha"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: "@types/nedb"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: "@types/request"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: expect
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-22 21:59:59 +00:00
dependabot[bot] 2fe30e3971 Bump express and @types/express (#121)
Bumps [express](https://github.com/expressjs/express) and [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express). These dependencies needed to be updated together.

Updates `express` from 4.18.1 to 4.18.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.18.1...4.18.2)

Updates `@types/express` from 4.17.13 to 4.17.17
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express)

---
updated-dependencies:
- dependency-name: express
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: "@types/express"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-15 15:23:33 +00:00
dependabot[bot] 9cb364123d Bump body-parser from 1.20.1 to 1.20.2 (#119)
Bumps [body-parser](https://github.com/expressjs/body-parser) from 1.20.1 to 1.20.2.
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](https://github.com/expressjs/body-parser/compare/1.20.1...1.20.2)

---
updated-dependencies:
- dependency-name: body-parser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-15 14:57:18 +00:00
dependabot[bot] 1a407e9cc7 Bump follow-redirects from 1.15.1 to 1.15.4 (#203)
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.1 to 1.15.4.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.1...v1.15.4)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-15 14:55:51 +00:00
dependabot[bot] df29fec4cf Bump postcss from 8.4.16 to 8.4.31 (#140)
Bumps [postcss](https://github.com/postcss/postcss) from 8.4.16 to 8.4.31.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.4.16...8.4.31)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-26 00:17:49 +01:00
dependabot[bot] 41746d3667 Bump crypto-js from 4.1.1 to 4.2.0 (#159)
Bumps [crypto-js](https://github.com/brix/crypto-js) from 4.1.1 to 4.2.0.
- [Commits](https://github.com/brix/crypto-js/compare/4.1.1...4.2.0)

---
updated-dependencies:
- dependency-name: crypto-js
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-26 00:16:22 +01:00
Marcel d620ffa206 Move to eslint (#88)
* Move to eslint

* Cleanup leftover tslint

* Cleanup the eslint config file
2023-09-13 12:26:51 +01:00
dependabot[bot] 272d81946b Bump config and @types/config (#118)
Bumps [config](https://github.com/node-config/node-config) and [@types/config](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/config). These dependencies needed to be updated together.

Updates `config` from 3.3.8 to 3.3.9
- [Release notes](https://github.com/node-config/node-config/releases)
- [Changelog](https://github.com/node-config/node-config/blob/master/History.md)
- [Commits](https://github.com/node-config/node-config/compare/v3.3.8...v3.3.9)

Updates `@types/config` from 3.3.0 to 3.3.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/config)

---
updated-dependencies:
- dependency-name: config
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: "@types/config"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-11 15:08:49 +01:00
dependabot[bot] a328f52558 Bump yaml from 2.2.2 to 2.3.2 (#111)
Bumps [yaml](https://github.com/eemeli/yaml) from 2.2.2 to 2.3.2.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.2.2...v2.3.2)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-11 15:03:58 +01:00
dependabot[bot] 0112a995b7 Bump the development-dependencies group with 9 updates (#116)
Bumps the development-dependencies group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [@types/crypto-js](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/crypto-js) | `4.0.2` | `4.1.2` |
| [@types/nedb](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/nedb) | `1.8.12` | `1.8.13` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `18.16.7` | `20.6.0` |
| [eslint](https://github.com/eslint/eslint) | `7.32.0` | `8.49.0` |
| [expect](https://github.com/jestjs/jest/tree/HEAD/packages/expect) | `27.2.4` | `29.6.4` |
| [mocha](https://github.com/mochajs/mocha) | `9.2.2` | `10.2.0` |
| [@types/mocha](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/mocha) | `9.0.0` | `10.0.1` |
| [ts-mocha](https://github.com/piotrwitek/ts-mocha) | `9.0.2` | `10.0.0` |
| [typescript](https://github.com/Microsoft/TypeScript) | `5.1.6` | `5.2.2` |


Updates `@types/crypto-js` from 4.0.2 to 4.1.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/crypto-js)

Updates `@types/nedb` from 1.8.12 to 1.8.13
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/nedb)

Updates `@types/node` from 18.16.7 to 20.6.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 7.32.0 to 8.49.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v7.32.0...v8.49.0)

Updates `expect` from 27.2.4 to 29.6.4
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v29.6.4/packages/expect)

Updates `mocha` from 9.2.2 to 10.2.0
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mochajs/mocha/compare/v9.2.2...v10.2.0)

Updates `@types/mocha` from 9.0.0 to 10.0.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/mocha)

Updates `ts-mocha` from 9.0.2 to 10.0.0
- [Release notes](https://github.com/piotrwitek/ts-mocha/releases)
- [Changelog](https://github.com/piotrwitek/ts-mocha/blob/master/CHANGELOG.md)
- [Commits](https://github.com/piotrwitek/ts-mocha/commits)

Updates `typescript` from 5.1.6 to 5.2.2
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v5.1.6...v5.2.2)

---
updated-dependencies:
- dependency-name: "@types/crypto-js"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: "@types/nedb"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: expect
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: mocha
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: "@types/mocha"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: ts-mocha
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-11 13:38:45 +01:00
Marcel 645dd8950f Upgrade matrix-appservice bridge to ^9.0.1 (#102) 2023-09-11 11:08:16 +01:00
dependabot[bot] c9cc5693ac Bump matrix-appservice-bridge from 8.1.1 to 8.1.2 (#71)
Bumps [matrix-appservice-bridge](https://github.com/matrix-org/matrix-appservice-bridge) from 8.1.1 to 8.1.2.
- [Release notes](https://github.com/matrix-org/matrix-appservice-bridge/releases)
- [Changelog](https://github.com/matrix-org/matrix-appservice-bridge/blob/8.1.2/CHANGELOG.md)
- [Commits](https://github.com/matrix-org/matrix-appservice-bridge/compare/8.1.1...8.1.2)

---
updated-dependencies:
- dependency-name: matrix-appservice-bridge
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-04 12:37:09 +01:00
Marcel 1f9d37564b Update to typescript 5 (#68) 2023-08-19 14:46:23 +01:00
dependabot[bot] e64aded3bd Bump word-wrap from 1.2.3 to 1.2.4 (#67)
Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/jonschlinkert/word-wrap/releases)
- [Commits](https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4)

---
updated-dependencies:
- dependency-name: word-wrap
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-20 12:39:04 +01:00
dependabot[bot] 18f5f59a4e Bump semver from 5.7.1 to 5.7.2 (#66)
Bumps [semver](https://github.com/npm/node-semver) from 5.7.1 to 5.7.2.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v5.7.1...v5.7.2)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-19 18:03:44 +01:00
gnuxie 74312e43f6 Update to node 18.
End of life was moved forwards by 7 months so we don't have a choice.
https://nodejs.org/en/blog/announcements/nodejs16-eol.
2023-05-10 19:57:17 +01:00
dependabot[bot] 4e0e832855 Bump yaml from 2.1.1 to 2.2.2 (#49)
Bumps [yaml](https://github.com/eemeli/yaml) from 2.1.1 to 2.2.2.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.1.1...v2.2.2)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-28 22:30:02 +01:00
Gnuxie 9e8783312a Use matrix-appservice-bridge's PostgreSQL datastore for Draupnir appservice (#46)
* use matrix-appservice-bridge support for postgres

* upgrade matrix-appservice-bridge to include postgres fixes.

These are unreleased and a specific develop commit, but we're the only ones
who have made changes so far to the develop branch,
so should be fine.

* Upgrade matrix-appservice-bridge to 8.1.1.

8.0.1 was never added to npm for some weird reason.
2023-03-31 18:16:23 +01:00
gnuxie d17d94a80a Update TypeScript so it can infer from narrowing unknown. 2023-01-19 17:56:48 +00:00
dependabot[bot] 41d9acc32f Bump json5 from 1.0.1 to 1.0.2 (#3)
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](https://github.com/json5/json5/compare/v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-14 23:22:28 +00:00
dependabot[bot] dafbd20393 Bump express from 4.17.1 to 4.17.3 (#455)
Bumps [express](https://github.com/expressjs/express) from 4.17.1 to 4.17.3.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.17.1...4.17.3)

---
updated-dependencies:
- dependency-name: express
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-08 16:19:00 +00:00
Gnuxie 433ff7eadd A look at PolicyList.update (#454)
This started out as just a way to find out why mjolnir was syncing with lists several times for each update to a policy list.

The main changes are

- Verbosity was irrelevant to the sync command but for some reason was an option.
  Unfortunately all this did was suppress whether to tell you when it had finished, meaning it wouldn't
  when verbose logging was disabled. Historically this was probably a parameter that got passed through
  to applyServerAcl/applyUserBans, which can be horribly verbose, but they access the config directly.

- Stop emitting `'PolicyList.update'` when there are no changes.
- Include a revision ID for the `'PolicyList.update'`method and event.
- Use the revision ID in the `ProtectedRoomsSet` so that we don't unnecessarily resynchronize all rooms when the `'PolicyList.update'` event is received. Though not when the `sync` command is used. Since this is supposed to `sync` in the case when there is a state reset or otherwise or the user has changed some room settings.
- insert an await lock around the `PolicyList.update` method to avoid a race condition where a call can be started and finished within the extent of an existing call (via another task, this can happen if the server is slow with handling one request). `PolicyList.udpate` now has a helper that is synchronous to be called directly after requesting the room state. The reason for this is to enforce that no one `await`s while updating the policy list's cache of rules. Which is important because it is one of the biggest methods that I tolerate and visually checking for `await` is impossible.
- The revision ID uses a ULID, but this is unnecessary and could have just been a "dumb counter".

closes https://github.com/matrix-org/mjolnir/issues/447
2022-12-08 16:09:55 +00:00
David Teller 2915757b7d Very basic support for Sentry. (#398)
The Sentry package is very useful for monitoring runtime errors. With this PR,
we simply add the necessary mechanism to:

- log to sentry any uncaught error that reaches the toplevel, including startup errors.
2022-11-30 16:06:02 +01:00
Gnuxie e35b855744 Gnuxie/appservice logging (#441)
* upgrade to matrix-appservice-bridge 8.0.0

this is so we can use their new logger

* Configure and use matrix-appservice-bridge's `Logger`

https://github.com/matrix-org/mjolnir/issues/422
Haven't changed all of the mjolnir components to use this,
just the appservice.
The fact that we've configured this properly means we get
logging from matrix-appservice-bridge components too (we didn't before).

* use try/catch instead
2022-11-30 13:30:38 +00:00
Gnuxie 333c55e18c Config fixes (#432)
* Use the npm package `config` to load the config.

This is what was used prior to https://github.com/matrix-org/mjolnir/pull/347.
It was a nice idea motivated to drop a dependency that was confusing.
It was just never followed through and was underestimated how much disruption it would cause.
It was also believed that the library would mean there could only ever be one global copy of the config,
It was followed up by:
https://github.com/matrix-org/mjolnir/pull/369
https://github.com/matrix-org/mjolnir/pull/357
https://github.com/matrix-org/mjolnir/pull/429
https://github.com/matrix-org/mjolnir/pull/397/files
https://github.com/matrix-org/mjolnir/issues/365

For simplicity sake I am reinstating the library.
The practice of loading default.yaml by default is also dangerous
and has led to issues multiple times in #mjolnir:matrix.org.
It is a sample and not a default.

In a following commit I will be adding the ability to specify the
config to use from the cli.

* Allow config to be specified with an explicit cli argument.

* Update doc to transition away from old config handling
2022-11-23 10:55:22 +00:00
dependabot[bot] 4b357732eb Bump minimatch from 3.0.4 to 3.1.2 (#423)
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2.
- [Release notes](https://github.com/isaacs/minimatch/releases)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-15 18:21:21 +00:00
Jess Porter 50f80f2392 manymjolnir appservice (#364)
Mjolnir can now be run as an application service,
meaning it will host multiple independent mjolnirs that can be requested by users.
If the user is on the same homeserver as the appservice is deployed on,
then they can provision a mjolnir via a widget https://github.com/matrix-org/mjolnir-widget.
Otherwise they can invite the appservice bot to a room they want to protect.
This will create them a mjolnir, a management room and a policy list.

The appservice shares the same docker image as the bot,
but is started slightly differently by specifying "appservice"
as the first argument to docker run (this s managed by `mjolnir-entrypoint.sh`. 
We could have used another Dockerfile for the appservice,
extending the existing one but we decided not to because there
would have been lots of fiddling around the entrypoint
and logistics involved around adding a tag for it via github actions.
Not to mention that this would be duplicating the image
just to run it with a different binary.

A list of followup issues can be found here https://github.com/issues?q=is%3Aopen+is%3Aissue+author%3AGnuxie+archived%3Afalse+label%3AA-Appservice.

Somewhat relevant and squashed commit messages(regrettably squashing because frankly these won't make sense in isolation): 

* draft widget backend

* add `managementRoomId` to `provisionNewMjolnir`

* remove ratelimits from appservice mjolnirs

* add /join endpoint to api backend


* tighter guard around room type in PolicyList

matrix-bot-sdk imporved the types for this

* enable esModuleInterop

* launch and use postgres in a container whilst using mx-tester


* limited access control

policy list used for access control

* Redesign initialization API of many mjolnir.

It's much harder to forget to initialize the components now that you have to in order to construct them in the first place.


* Ammend config not to clash with existing CI

this means that the appsrvice bot is now called 'mjolnir-bot' by default
which was easier than going through old code base and renaming


* Change entrypoint in Dockerfile so that we can start the appservice.

We could have used another Dockerfile for the appservice,
extending the exising one but we decided not to because there
would have been lots of fiddling around the entrypoint
and logistics involved around adding a tag for it via github actions.
Not to mention that this would be duplicating the image
just to run it with a different binary.

This solution is much simpler, backwards compatible, and conscious about the future.


Co-authored-by: gnuxie <gnuxie@element.io>
2022-11-15 18:03:06 +00:00
gnuxie 58e36d4e23 Factor out protected rooms config management from Mjolnir.
The combination of `resyncJoinedRooms`, `unprotectedWatchedListRooms`,
`explicitlyProtectedRoomIds`, `protectedJoinedRoomIds` was incomprehensible.
https://github.com/matrix-org/mjolnir/issues/370

Separating out the management of `explicitlyProtectedRoomIds`, then
making sure all policy lists have to be explicitly protected
(in either setting of `config.protectAllJoinedRooms`) will make
this code much much simpler.
We will later change the `status` command to explicitly show
which lists are watched and which are watched and protected.
2022-10-19 15:21:51 +01:00
Gnuxie f5a1a39861 audit yarn.lock (#356)
### Auditing the lock file

```
npm install --package-lock-only
npm audit fix
rm yarn.lock
yarn import
```

```
npm audit

json-schema  <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
  jsprim  0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
  Depends on vulnerable versions of json-schema
  node_modules/jsprim

minimist  <1.2.6
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist

nanoid  3.0.0 - 3.1.30
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix`
node_modules/nanoid
node_modules/postcss/node_modules/nanoid
  mocha  8.2.0 - 9.1.4
  Depends on vulnerable versions of nanoid
  node_modules/mocha

5 vulnerabilities (2 moderate, 3 critical)

To address all issues, run:
  npm audit fix
```

### minimist

minimist@1.2.5
used by mocha, tslint and matrix-bot-sdk@0.5.19

via
```
MatrixClient::replyHtmlText
MatrixClient::replyHtmlNotice
MatrixClient::sendHtmlNotice
MatrixClient::sendHtmlTex
```

none of which we use.

### nanoid

As for nanoid this is used by mocha.
It's also used by postcss vis the bot sdk

```
├─┬ matrix-bot-sdk@0.5.19
│ └─┬ sanitize-html@2.7.1
│   └─┬ postcss@8.4.16
│     ├── nanoid@3.3.4

```
though unless i'm missing something nanoid@3.3.4 doesn't fit into the vulnerable versions  `3.0.0 - 3.1.30`


### json-schema

As for json-schema, it is used by jsprim@1.4.2 within 'validateJsonObjectJS'.
fortunately we depend on jsprim via the http-signatures@1.2.0 package which only use jsprim for rfc1123.
(which request depends upon in the matrix-bot-sdk).

```
├─┬ matrix-bot-sdk@0.5.19
│ ├─┬ request@2.88.2
│ │ ├─┬ http-signature@1.2.0
│ │ │ ├─┬ jsprim@1.4.2
│ │ │ │ ├── json-schema@0.4.0
2022-08-16 18:49:33 +01:00
Jess Porter 4376679b99 load config yaml manually, remove more references to static config (#347) 2022-08-16 15:51:18 +01:00
David Teller cb34af02c6 Revert "Fix: roomMemberTest off-by-one error (#319)" (#323)
This reverts commit d8aac434f1.
2022-07-05 15:29:01 +02:00
David Teller d8aac434f1 Fix: roomMemberTest off-by-one error (#319) 2022-07-05 14:38:53 +02:00
Jonathan de Jong cc9f393ed7 fix CI (#282)
ts-mocha has also been updated to make running locally possible (else it gives a confusing error that tsconfig.json is not "json" or the likes)
2022-05-03 11:20:40 +01:00
dependabot[bot] 31ef9065da Bump minimist from 1.2.5 to 1.2.6 (#260)
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-25 10:05:23 +00:00
David Teller e05616b327 New command !mjolnir since <date or duration> <kick | ban | show> <limit> [reason] [...rooms] (#238)
A new command `since` to affect all users who have joined a protected room since a given date.
2022-03-21 10:39:15 +01:00
David Teller 26ae55cd24 A command to show when users in a given room have joined (#225) 2022-03-07 11:34:25 +01:00
David Teller 82a2e63d23 A room Protection designed to measure lag in a room (#217) 2022-02-24 13:43:31 +01:00
gnuxie 9e96d399c0 Remove axios from the test suite, it is unnecessary.
It's probably also got problems.
2022-01-25 18:22:34 +00:00
dependabot[bot] 4490f9ba82 Bump follow-redirects from 1.14.4 to 1.14.7
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.4 to 1.14.7.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.4...v1.14.7)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-17 12:22:15 +01:00
David Teller a21415a04c Give the ability to moderators to react quickly to /report abuse reports. (#137) 2021-11-09 13:15:49 +01:00
David Teller 06e5f00b2d Intercept /report and display human-readable abuse reports in the moderation room - Resolves #38 (#135)
* Intercept /report and display human-readable abuse reports in the moderation room - Resolves #38
2021-10-07 14:42:08 +02:00
gnuxie ac075fd22e Remove dependencies from old test harness 2021-09-27 15:33:15 +01:00