[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	No	No Known Exploit

Commit messages

Package name: linkifyjs

The new version differs by 71 commits.

• 30fb24e 🎉 v.2.0.0 🎉
• 4d07072 Merge pull request Spacing bug in Safari element-hq/element-web#127 from SoapBox/protocol-parsing
• 46b8c82 Check to that HTTP Auth URL work
• b9a1281 Updated parser tests to account for protocol parsing
• ff06755 Always parse links that begin with a protocol
• 3ae6099 Merge pull request Rendering performance in Vector feels about 3-5x slower than the vanilla react example. element-hq/element-web#125 from SoapBox/ignore-tags
• e2f3003 ignoreTags option support for jQuery interface
• c9f1c0e Fixing qunit tests for ignoreTags option
• 46fe179 Ignore tags test updates for linkifyElement
• 0ecd737 ignoreTags tests for linkifyHtml
• c854e75 ignoreTags support for linkifyHtml
• 7dfe1db ignoreTags support for linkifyElement
• e474b1d Initial support for ignoreTags option
• ff7ee36 Merge pull request Typing into the input box on Mobile Safari is incredibly sluggish. element-hq/element-web#124 from SoapBox/update-dependencies
• cb17b61 Updating dev dependencies, travis targets
• f33c353 Fixing a few links and references in README.md
• d4510a4 Merge pull request Invite based on 3PIDs element-hq/element-web#115 from EugenMayer/fixpackagejson
• 8ba0678 Merge pull request Smart user picker (autocomplete based on seen user IDs) - for new room users & invites element-hq/element-web#114 from tmct/master
• 49df7a6 fix npm package json git reference, see https://github.com/nfrasser/simple-html-tokenizer.git#master
• be55603 Fix AMD link
• 233a6c0 v2.0.0-beta.9
• 64fff90 Merge pull request Compact layout mode for power-users (less vertical whitespace) element-hq/element-web#109 from akarve/master
• 8696cba Correct require path for hashtag plugin
• e7ac584 Merge pull request Historical user avatars can be buggy element-hq/element-web#106 from fcarreiro/master

See the full diff

Package name: matrix-react-sdk

The new version differs by 69 commits.

• b5cd540 0.7.3
• f6495b1 Prepare changelog for v0.7.3
• 17a57b1 Bump js-sdk to released
• 3756add Merge pull request We have a regression on backfill not being triggered when scrolling to the top on newly joined/created rooms element-hq/element-web#502 from matrix-org/dbkr/join_3p_location
• cf23db7 Merge pull request Disable syntax highlighting by default, or on stuff that doesn't look like code element-hq/element-web#508 from matrix-org/dbkr/linkify_213
• 7785797 Update to linkify 2.1.3
• 9d30371 more s/Vector/Riot/
• 91771ec Ce n'est pas Python
• 6abf6c9 Merge pull request jon has NPEs whilst switching rooms during sync https://gist.github.com/jfrederickson/dfe890190232654de94b element-hq/element-web#505 from matrix-org/dbkr/dont_replacestate
• be99f17 Oops, right variable
• 8aeb0cf Dedicated function for resetting screen state
• c41a8da Argh, there's more
• 2f7366c Comment state fields
• dca19a4 Merge pull request Switching rooms during an upload makes the upload appear to be targetting the new room. element-hq/element-web#506 from matrix-org/dbkr/sign_in_not_log_in
• 302074c Merge pull request User popover UX inconsistencies element-hq/element-web#504 from matrix-org/dbkr/fix_login_if_joined
• ca5204c fix collapsed tooltip - https://github.com/When RHS panel is collapsed, the icon to expand it has the wrong title attribute element-hq/element-web#2381
• d5af2d2 Use '#' / 'Sign Out' universally
• 8cbddfc Fix version going blank after logging in
• 7b28dde Prevent error when clicking 'log in'
• 60ce499 Merge pull request Redesign members list element-hq/element-web#497 from matrix-org/dbkr/richtext_use_markdown_wrapper
• 9a633ee Move 'show join button' functionality out
• 66ef1e8 Merge pull request Sometimes vector URLs are being rewritten to include the room ID rather than the canonical room alias element-hq/element-web#501 from matrix-org/dbkr/get_hs_name
• 4942f4f Typo
• b366973 let anyone create aliases - fixes https://github.com/Even if you don't have permission to create m.room.aliases events, you should be able to publish aliases on your local HS for a room element-hq/element-web#1585

See the full diff

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic