mirror of
https://github.com/toeverything/AFFiNE.git
synced 2026-02-13 12:55:00 +00:00
2f118206cc8f8d9f04a1b6a147fcd353b4f68a24
10732 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
EYHN
|
2f118206cc |
feat(core): mcp server setting (#13630)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * MCP Server integration available in cloud workspaces with a dedicated settings panel. * Manage personal access tokens: generate/revoke tokens and view revealed token. * One-click copy of a prefilled server configuration JSON. * New query to fetch revealed access tokens. * **Improvements** * Integration list adapts to workspace type (cloud vs. local). * More reliable token refresh with clearer loading, error and revalidation states. * **Localization** * Added “Copied to clipboard” message and MCP Server name/description translations. * **Chores** * Updated icon dependency across many packages. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Cats Juice
|
ca9811792d |
feat(component): emoji and icon picker (#13638)
 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Icon Picker added with Emoji and Icon panels, search/filtering, recent selections, color selection, skin tone options, and smooth group navigation. - **Documentation** - Storybook example added to preview and test the Icon Picker. - **Chores** - Bumped icon library dependency to a newer minor version. - Added emoji data dependency to support the Emoji Picker. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Jachin
|
812c2d86d4 |
feat(server): add Swagger API docs (#13455)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Interactive API documentation available at /api/docs when running in development. * **Chores** * Added a development dependency to enable generation of the API documentation. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> Co-authored-by: DarkSky <darksky2048@gmail.com> |
||
|
DarkSky
|
762b702e46 |
feat: sync rcat data (#13628)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * RevenueCat support: public webhook endpoint, webhook handler/service, nightly reconciliation and per-user sync; subscriptions now expose provider and iapStore; new user-facing error for App Store/Play-managed subscriptions. * **Chores** * Multi-provider subscription schema (Provider, IapStore); Stripe credentials moved into payment.stripe (top-level apiKey/webhookKey deprecated); new payment.revenuecat config and defaults added. * **Tests** * Comprehensive RevenueCat integration test suite and snapshots. * **Documentation** * Admin config descriptions updated with deprecation guidance. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Lakr
|
75a6c79b2c |
fix(ios): crash at swift runtime error (#13635)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Fetch copilot model options per prompt (default, optional, pro) with generated GraphQL query and schema types. * **Chores** * Upgraded iOS deps: Apollo iOS 1.23.0, EventSource 0.1.5, Swift Collections 1.2.1. * Switched Intelligents to static linking and updated project integration. * Parameterized and standardized GraphQL codegen tooling; setup automation now syncs versions and safely backs up/restores custom scalars. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Wu Yue
|
b25759c264 |
feat(core): support gemini model switch in ai (#13631)
<img width="757" height="447" alt="截屏2025-09-22 17 49 34" src="https://github.com/user-attachments/assets/bab96f45-112e-4d74-bc38-54429d8a54ab" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Subscription-aware AI model picker in chat: browse models with version and category, see active selection, switch models, and receive notifications when choosing pro models without a subscription. Selections persist across sessions. - Central AI model service wired into chat UI for consistent model selection and availability. - Changes - Streamlined AI model availability: reduced to a curated set for a more focused experience. - Context menu buttons can display supplemental info next to labels. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
renovate[bot]
|
da3e3eb3fa |
chore: bump up @faker-js/faker version to v10 (#13626)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@faker-js/faker](https://fakerjs.dev) ([source](https://redirect.github.com/faker-js/faker)) | [`^9.6.0` -> `^10.0.0`](https://renovatebot.com/diffs/npm/@faker-js%2ffaker/9.8.0/10.0.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@faker-js/faker](https://fakerjs.dev) ([source](https://redirect.github.com/faker-js/faker)) | [`^9.3.0` -> `^10.0.0`](https://renovatebot.com/diffs/npm/@faker-js%2ffaker/9.8.0/10.0.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>faker-js/faker (@​faker-js/faker)</summary> ### [`v10.0.0`](https://redirect.github.com/faker-js/faker/blob/HEAD/CHANGELOG.md#1000-2025-08-21) [Compare Source](https://redirect.github.com/faker-js/faker/compare/v9.9.0...v10.0.0) ##### New Locales - **locale:** extended list of colors in Polish ([#​3586](https://redirect.github.com/faker-js/faker/issues/3586)) ([9940d54]( |
||
|
DarkSky
|
e3f3c8c4a8 |
feat: add config for mail server name (#13632)
fix #13627 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added configurable display names for primary and fallback SMTP servers, improving email sender identification. * Defaults to “AFFiNE Server,” with support for MAILER_SERVERNAME environment variable for the primary SMTP. * Exposed in admin settings for easy setup alongside existing SMTP options. * Names are now passed through to mail transport options for consistent use across emails. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
3720
|
7fe95f50f4 |
fix(editor): callout delete merge and slash menu (#13597)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Press Enter inside a callout splits the paragraph at the cursor into a new focused paragraph. - Clicking an empty callout inserts and focuses a new paragraph; emoji menu behavior unchanged. - New command to convert a callout paragraph to callout/selection flow for Backspace handling. - New native API: ShareableContent.isUsingMicrophone(processId). - Bug Fixes - Backspace inside callout paragraphs now merges or deletes text predictably and selects the callout when appropriate. - Style - Callout layout refined: top-aligned content and adjusted emoji spacing. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Cats Juice
|
195864fc88 |
feat(core): edit icon in navigation panel (#13595)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Rename dialog now edits per-item explorer icons (emoji or custom) and can skip name-change callbacks. Doc icon picker added to the editor with localized "Add icon" placeholder and readonly rendering. Icon editor supports fallbacks, trigger variants, and improved input/test-id wiring. - **Style** - Updated icon picker and trigger sizing and placeholder visuals; title/icon layout adjustments. - **Chores** - Explorer icon storage and module added to persist and serve icons across the app. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
dependabot[bot]
|
93554304e2 |
chore: bump dompurify from 3.1.6 to 3.2.7 (#13622)
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.1.6 to 3.2.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cure53/DOMPurify/releases">dompurify's releases</a>.</em></p> <blockquote> <h2>DOMPurify 3.2.7</h2> <ul> <li>Added new attributes and elements to default allow-list, thanks <a href="https://github.com/elrion018"><code>@elrion018</code></a></li> <li>Added <code>tagName</code> parameter to custom element <code>attributeNameCheck</code>, thanks <a href="https://github.com/nelstrom"><code>@nelstrom</code></a></li> <li>Added better check for animated <code>href</code> attributes, thanks <a href="https://github.com/llamakko"><code>@llamakko</code></a></li> <li>Updated and improved the bundled types, thanks <a href="https://github.com/ssi02014"><code>@ssi02014</code></a></li> <li>Updated several tests to better align with new browser encoding behaviors</li> <li>Improved the handling of potentially risky content inside CDATA elements, thanks <a href="https://github.com/securityMB"><code>@securityMB</code></a> & <a href="https://github.com/terjanq"><code>@terjanq</code></a></li> <li>Improved the regular expression for raw-text elements to cover textareas, thanks <a href="https://github.com/securityMB"><code>@securityMB</code></a> & <a href="https://github.com/terjanq"><code>@terjanq</code></a></li> </ul> <h2>DOMPurify 3.2.6</h2> <ul> <li>Fixed several typos and removed clutter from our documentation, thanks <a href="https://github.com/Rotzbua"><code>@Rotzbua</code></a></li> <li>Added <code>matrix:</code> as an allowed URI scheme, thanks <a href="https://github.com/kleinesfilmroellchen"><code>@kleinesfilmroellchen</code></a></li> <li>Added better config hardening against prototype pollution, thanks <a href="https://github.com/EffectRenan"><code>@EffectRenan</code></a></li> <li>Added better handling of attribute removal, thanks <a href="https://github.com/michalnieruchalski-tiugo"><code>@michalnieruchalski-tiugo</code></a></li> <li>Added better configuration for aggressive mXSS scrubbing behavior, thanks <a href="https://github.com/BryanValverdeU"><code>@BryanValverdeU</code></a></li> <li>Removed the script that caused the fake entry <a href="https://security.snyk.io/vuln/SNYK-JS-DOMPURIFY-10176060">CVE-2025-48050</a></li> </ul> <h2>DOMPurify 3.2.5</h2> <ul> <li>Added a check to the mXSS detection regex to be more strict, thanks <a href="https://github.com/masatokinugawa"><code>@masatokinugawa</code></a></li> <li>Added ESM type imports in source, removes patch function, thanks <a href="https://github.com/donmccurdy"><code>@donmccurdy</code></a></li> <li>Added script to verify various TypeScript configurations, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> <li>Added more modern browsers to the Karma launchers list</li> <li>Added Node 23.x to tested runtimes, removed Node 17.x</li> <li>Fixed the generation of source maps, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> <li>Fixed an unexpected behavior with <code>ALLOWED_URI_REGEXP</code> using the 'g' flag, thanks <a href="https://github.com/hhk-png"><code>@hhk-png</code></a></li> <li>Fixed a few typos in the README file</li> </ul> <h2>DOMPurify 3.2.4</h2> <ul> <li>Fixed a conditional and config dependent mXSS-style <a href="https://nsysean.github.io/posts/dompurify-323-bypass/">bypass</a> reported by <a href="https://github.com/nsysean"><code>@nsysean</code></a></li> <li>Added a new feature to allow specific hook removal, thanks <a href="https://github.com/davecardwell"><code>@davecardwell</code></a></li> <li>Added <em>purify.js</em> and <em>purify.min.js</em> to exports, thanks <a href="https://github.com/Aetherinox"><code>@Aetherinox</code></a></li> <li>Added better logic in case no window object is president, thanks <a href="https://github.com/yehuya"><code>@yehuya</code></a></li> <li>Updated some dependencies called out by dependabot</li> <li>Updated license files etc to show the correct year</li> </ul> <h2>DOMPurify 3.2.3</h2> <ul> <li>Fixed two conditional sanitizer bypasses discovered by <a href="https://github.com/parrot409"><code>@parrot409</code></a> and <a href="https://x.com/slonser_"><code>@Slonser</code></a></li> <li>Updated the attribute clobbering checks to prevent future bypasses, thanks <a href="https://github.com/parrot409"><code>@parrot409</code></a></li> </ul> <h2>DOMPurify 3.2.2</h2> <ul> <li>Fixed a possible bypass in case a rather specific config for custom elements is set, thanks <a href="https://github.com/yaniv-git"><code>@yaniv-git</code></a></li> <li>Fixed several minor issues with the type definitions, thanks again <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> <li>Fixed a minor issue with the types reference for trusted types, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> <li>Fixed a minor problem with the template detection regex on some systems, thanks <a href="https://github.com/svdb99"><code>@svdb99</code></a></li> </ul> <h2>DOMPurify 3.2.1</h2> <ul> <li>Fixed several minor issues with the type definitions, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a> <a href="https://github.com/ghiscoding"><code>@ghiscoding</code></a> <a href="https://github.com/asamuzaK"><code>@asamuzaK</code></a> <a href="https://github.com/MiniDigger"><code>@MiniDigger</code></a></li> <li>Fixed an issue with non-minified dist files and order of imports, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
renovate[bot]
|
2f38953cf9 |
chore: bump up electron version to v35.7.5 [SECURITY] (#13561)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [electron](https://redirect.github.com/electron/electron) | [`35.5.1` -> `35.7.5`](https://renovatebot.com/diffs/npm/electron/35.5.1/35.7.5) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-55305](https://redirect.github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg) ### Impact This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against. ### Workarounds There are no app side workarounds, you must update to a patched version of Electron. ### Fixed Versions * `38.0.0-beta.6` * `37.3.1` * `36.8.1` * `35.7.5` ### For more information If you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org) --- ### Release Notes <details> <summary>electron/electron (electron)</summary> ### [`v35.7.5`](https://redirect.github.com/electron/electron/releases/tag/v35.7.5): electron v35.7.5 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.7.4...v35.7.5) ##### Release Notes for v35.7.5 > \[!WARNING] > Electron 35.x.y has reached end-of-support as per the project's [support policy](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#version-support-policy). Developers and applications are encouraged to upgrade to a newer version of Electron. ##### Fixes - Fixed an issue where `shell.openPath` was not non-blocking as expected. [#​48079](https://redirect.github.com/electron/electron/pull/48079) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/48088), [37](https://redirect.github.com/electron/electron/pull/48088), [38](https://redirect.github.com/electron/electron/pull/48088))</span> ### [`v35.7.4`](https://redirect.github.com/electron/electron/releases/tag/v35.7.4): electron v35.7.4 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.7.2...v35.7.4) ##### Release Notes for v35.7.4 - Fix ffmpeg generation on Windows non-x64 ### [`v35.7.2`](https://redirect.github.com/electron/electron/releases/tag/v35.7.2): electron v35.7.2 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.7.0...v35.7.2) ##### Release Notes for v35.7.2 ##### Fixes - Fixed an issue where printing PDFs with `webContents.print({ silent: true })` would fail. [#​47645](https://redirect.github.com/electron/electron/pull/47645) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47624), [37](https://redirect.github.com/electron/electron/pull/47397))</span> ### [`v35.7.0`](https://redirect.github.com/electron/electron/releases/tag/v35.7.0): electron v35.7.0 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.6.0...v35.7.0) ##### Release Notes for v35.7.0 ##### Other Changes - Updated Node.js to v22.16.0. [#​47213](https://redirect.github.com/electron/electron/pull/47213) ### [`v35.6.0`](https://redirect.github.com/electron/electron/releases/tag/v35.6.0): electron v35.6.0 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.5.1...v35.6.0) ##### Release Notes for v35.6.0 ##### Features - Added support for `--no-experimental-global-navigator` flag. [#​47416](https://redirect.github.com/electron/electron/pull/47416) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47417), [37](https://redirect.github.com/electron/electron/pull/47418))</span> - Added support for customizing system accent color and highlighting of active window border. [#​47539](https://redirect.github.com/electron/electron/pull/47539) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47538), [37](https://redirect.github.com/electron/electron/pull/47537))</span> ##### Fixes - Fixed a potential crash using `session.clearData` in some circumstances. [#​47410](https://redirect.github.com/electron/electron/pull/47410) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47411), [37](https://redirect.github.com/electron/electron/pull/47412))</span> - Fixed an error when importing `electron` for the first time from an ESM module loaded by a CJS module in a packaged app. [#​47344](https://redirect.github.com/electron/electron/pull/47344) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47343), [37](https://redirect.github.com/electron/electron/pull/47342))</span> - Fixed an issue where calling `Fetch.continueResponse` via debugger with `WebContentsView` could cause a crash. [#​47443](https://redirect.github.com/electron/electron/pull/47443) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47442), [37](https://redirect.github.com/electron/electron/pull/47444))</span> - Fixed an issue where utility processes could leak file handles. [#​47542](https://redirect.github.com/electron/electron/pull/47542) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47541), [37](https://redirect.github.com/electron/electron/pull/47543))</span> - Partially fixes an issue with printing a PDF via `webContents.print()` where the callback would not be called. [#​47399](https://redirect.github.com/electron/electron/pull/47399) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47400), [37](https://redirect.github.com/electron/electron/pull/47398))</span> ##### Other Changes - Backported fix for [`4206375`](https://redirect.github.com/electron/electron/commit/420637585). [#​47369](https://redirect.github.com/electron/electron/pull/47369) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45MS4xIiwidXBkYXRlZEluVmVyIjoiNDEuOTcuMTAiLCJ0YXJnZXRCcmFuY2giOiJjYW5hcnkiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
renovate[bot]
|
ebf75e4d31 |
chore: bump up apollographql/apollo-ios version to v1.23.0 (#13623)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Update | Change | |---|---|---| | [apollographql/apollo-ios](https://redirect.github.com/apollographql/apollo-ios) | minor | `from: "1.22.0"` -> `from: "1.23.0"` | | [apollographql/apollo-ios](https://redirect.github.com/apollographql/apollo-ios) | minor | `1.22.0` -> `1.23.0` | --- ### Release Notes <details> <summary>apollographql/apollo-ios (apollographql/apollo-ios)</summary> ### [`v1.23.0`](https://redirect.github.com/apollographql/apollo-ios/blob/HEAD/CHANGELOG.md#v1230) [Compare Source](https://redirect.github.com/apollographql/apollo-ios/compare/1.22.0...1.23.0) ##### New - **Added `requireNonOptionalMockFields` flag to `ApolloCodegenConfiguration.OutputOptions`. ([#​669](https://redirect.github.com/apollographql/apollo-ios-dev/pull/669)):** Added new flag to codegen output options to allow having non-optional fields in the test mocks if desired. *Thank you to [@​dwroth](https://redirect.github.com/dwroth) for the contribution.* ##### Improvement - **Added public initializer to `DatabaseRow`. ([#​664](https://redirect.github.com/apollographql/apollo-ios-dev/pull/664)):** Not having a public initializer on `DatabasRow` was hindering the ability to create custom `SQLiteDatabase` implementations. This solves that by adding a public initializer to `DatabaseRow`.*Thank you to [@​ChrisLaganiere](https://redirect.github.com/ChrisLaganiere) for the contribution.* ##### Fixed - **Unncessary deprecation warning in codegen options initializer. ([#​3563](https://redirect.github.com/apollographql/apollo-ios/issues/3563)):** Added `@_disfavoredOverload` to the deprecated initialized in `ApolloCodegenConfiguration` to prevent possible warnings caused by the compiler selecting a deprecated initializer versus the new/current initializer. See PR [#​682](https://redirect.github.com/apollographql/apollo-ios-dev/pull/682). *Thank you to [@​CraigSiemens](https://redirect.github.com/CraigSiemens) for raising the issue.* </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
2d0721a78f |
chore: bump axios from 1.9.0 to 1.12.2 (#13621)
Bumps [axios](https://github.com/axios/axios) from 1.9.0 to 1.12.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>Release v1.12.2</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li><strong>fetch:</strong> use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (<a href="https://redirect.github.com/axios/axios/issues/7030">#7030</a>) (<a href=" |
||
|
Jachin
|
e08fc5ef06 |
feat(server): change the playground option to GraphiQL. (#13451)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * The GraphQL interactive UI is now available only in development environments and will not be accessible in production. This change affects only the availability of the interactive interface; public exports and API context types remain unchanged. Users in development can continue to use the tool as before, while production deployments will no longer expose the interactive UI. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
Finn Weigand
|
363f64ebfa |
feat: add dedicated sign-up config for oauth (#13610)
Currently, it is only possible to disable all registrations. However, it would be helpful if you could disable normal registration but enable OAuth registration. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a setting to enable/disable new user signups via OAuth (default: enabled). * Admin Settings (Authentication) now includes a toggle for OAuth signups. * OAuth signup flow now respects this setting, preventing new registrations via OAuth when disabled. * Self-hosted configuration schema updated to include the new option. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Hudint Finn Weigand <dev@hudint.de> Co-authored-by: DarkSky <darksky2048@gmail.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
renovate[bot]
|
21bb8142b0 |
chore: bump up Recouse/EventSource version to from: "0.1.5" (#13620)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Update | Change | |---|---|---| | [Recouse/EventSource](https://redirect.github.com/Recouse/EventSource) | patch | `from: "0.1.4"` -> `from: "0.1.5"` | --- ### Release Notes <details> <summary>Recouse/EventSource (Recouse/EventSource)</summary> ### [`v0.1.5`](https://redirect.github.com/Recouse/EventSource/releases/tag/0.1.5) [Compare Source](https://redirect.github.com/Recouse/EventSource/compare/0.1.4...0.1.5) #### What's Changed - Fix potential data corruption by [@​Recouse](https://redirect.github.com/Recouse) in [#​30](https://redirect.github.com/Recouse/EventSource/pull/30) - Concurrency improvements by [@​Recouse](https://redirect.github.com/Recouse) in [#​31](https://redirect.github.com/Recouse/EventSource/pull/31) - Update EventParser.swift to Support CR LF by [@​Lakr233](https://redirect.github.com/Lakr233) in [#​28](https://redirect.github.com/Recouse/EventSource/pull/28) #### New Contributors - [@​Lakr233](https://redirect.github.com/Lakr233) made their first contribution in [#​28](https://redirect.github.com/Recouse/EventSource/pull/28) **Full Changelog**: <https://github.com/Recouse/EventSource/compare/0.1.4...0.1.5> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
Bl4ckspell
|
750b008dc8 |
feat(android): add monochrome icon support (#13527)
Add missing themed icon support for android app icon. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Android app icon now supports a monochrome variant for adaptive icons, enabling themed icons on compatible launchers. * Improved icon consistency and visibility across system themes (including dark mode). * Applied to both standard and round launcher icons. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
renovate[bot]
|
d231b47f1f |
chore: bump up nestjs (#13614)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@nestjs/bullmq](https://redirect.github.com/nestjs/bull) | [`11.0.2` -> `11.0.3`](https://renovatebot.com/diffs/npm/@nestjs%2fbullmq/11.0.2/11.0.3) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/common](https://nestjs.com) ([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/common)) | [`11.1.5` -> `11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fcommon/11.1.5/11.1.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/core](https://nestjs.com) ([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/core)) | [`11.1.5` -> `11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fcore/11.1.5/11.1.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/platform-express](https://nestjs.com) ([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-express)) | [`11.1.5` -> `11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-express/11.1.5/11.1.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/platform-socket.io](https://nestjs.com) ([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-socket.io)) | [`11.1.5` -> `11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-socket.io/11.1.5/11.1.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/schedule](https://redirect.github.com/nestjs/schedule) | [`6.0.0` -> `6.0.1`](https://renovatebot.com/diffs/npm/@nestjs%2fschedule/6.0.0/6.0.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/websockets](https://redirect.github.com/nestjs/nest) ([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/websockets)) | [`11.1.5` -> `11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fwebsockets/11.1.5/11.1.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>nestjs/bull (@​nestjs/bullmq)</summary> ### [`v11.0.3`](https://redirect.github.com/nestjs/bull/releases/tag/%40nestjs/bullmq%4011.0.3) [Compare Source](https://redirect.github.com/nestjs/bull/compare/@nestjs/bullmq@11.0.2...@nestjs/bullmq@11.0.3) #### What's Changed - feat(bullmq): add telemetry support for workers by [@​noeljackson](https://redirect.github.com/noeljackson) in [#​2585](https://redirect.github.com/nestjs/bull/pull/2585) #### New Contributors - [@​noeljackson](https://redirect.github.com/noeljackson) made their first contribution in [#​2585](https://redirect.github.com/nestjs/bull/pull/2585) **Full Changelog**: <https://github.com/nestjs/bull/compare/@nestjs/bull-shared@11.0.0...@​nestjs/bullmq@11.0.3> </details> <details> <summary>nestjs/nest (@​nestjs/common)</summary> ### [`v11.1.6`](https://redirect.github.com/nestjs/nest/releases/tag/v11.1.6) [Compare Source](https://redirect.github.com/nestjs/nest/compare/v11.1.5...v11.1.6) ##### v11.1.6 (2025-08-07) ##### Bug fixes - `core` - [#​15504](https://redirect.github.com/nestjs/nest/pull/15504) fix(core): fix race condition in class dependency resolution from imported modules ([@​hajekjiri](https://redirect.github.com/hajekjiri)) - [#​15469](https://redirect.github.com/nestjs/nest/pull/15469) fix(core): attach root inquirer for nested transient providers ([@​kamilmysliwiec](https://redirect.github.com/kamilmysliwiec)) - `microservices` - [#​15508](https://redirect.github.com/nestjs/nest/pull/15508) fix(microservices): report correct buffer length in exception ([@​kim-sung-jee](https://redirect.github.com/kim-sung-jee)) - [#​15492](https://redirect.github.com/nestjs/nest/pull/15492) fix(microservices): fix kafka serilization of class instances ([@​LeonBiersch](https://redirect.github.com/LeonBiersch)) ##### Dependencies - `platform-fastify` - [#​15493](https://redirect.github.com/nestjs/nest/pull/15493) chore(deps): bump [@​fastify/cors](https://redirect.github.com/fastify/cors) from 11.0.1 to 11.1.0 ([@​dependabot\[bot\]](https://redirect.github.com/apps/dependabot)) ##### Committers: 6 - Jiri Hajek ([@​hajekjiri](https://redirect.github.com/hajekjiri)) - Kamil Mysliwiec ([@​kamilmysliwiec](https://redirect.github.com/kamilmysliwiec)) - Leon Biersch ([@​LeonBiersch](https://redirect.github.com/LeonBiersch)) - Seongjee Kim ([@​kim-sung-jee](https://redirect.github.com/kim-sung-jee)) - [@​premierbell](https://redirect.github.com/premierbell) - pTr ([@​ptrgits](https://redirect.github.com/ptrgits)) </details> <details> <summary>nestjs/schedule (@​nestjs/schedule)</summary> ### [`v6.0.1`](https://redirect.github.com/nestjs/schedule/releases/tag/6.0.1) [Compare Source](https://redirect.github.com/nestjs/schedule/compare/6.0.0...6.0.1) #### What's Changed - Add threshold to CronOptions by [@​arjunatlightspeed](https://redirect.github.com/arjunatlightspeed) in [#​2085](https://redirect.github.com/nestjs/schedule/pull/2085) - refactor : clear jobs before application shutdown by [@​spotlight21c](https://redirect.github.com/spotlight21c) in [#​2053](https://redirect.github.com/nestjs/schedule/pull/2053) - fix(deps): update dependency cron to v4.3.3 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​2001](https://redirect.github.com/nestjs/schedule/pull/2001) #### New Contributors - [@​arjunatlightspeed](https://redirect.github.com/arjunatlightspeed) made their first contribution in [#​2085](https://redirect.github.com/nestjs/schedule/pull/2085) - [@​spotlight21c](https://redirect.github.com/spotlight21c) made their first contribution in [#​2053](https://redirect.github.com/nestjs/schedule/pull/2053) **Full Changelog**: <https://github.com/nestjs/schedule/compare/6.0.0...6.0.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
Richard Lora
|
4efbb630fc |
fix(core): correct emoji extraction logic using regex (#12749)
https://github.com/user-attachments/assets/ef612f34-0388-49a2-bcad-0cac07a5f785 This PR solves the issue where a majority of emoji's are unable to become the document or folders icon. The regex used is below with the test string of a variety of emoji's: https://regex101.com/r/0anB6Z/1 Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
renovate[bot]
|
19bd29e90c |
chore: bump up apple/swift-collections version to from: "1.2.1" (#13535)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Update | Change | |---|---|---| | [apple/swift-collections](https://redirect.github.com/apple/swift-collections) | patch | `from: "1.2.0"` -> `from: "1.2.1"` | --- ### Release Notes <details> <summary>apple/swift-collections (apple/swift-collections)</summary> ### [`v1.2.1`](https://redirect.github.com/apple/swift-collections/releases/tag/1.2.1): Swift Collections 1.2.1 [Compare Source](https://redirect.github.com/apple/swift-collections/compare/1.2.0...1.2.1) This is a patch release with the following minor improvements: - `BigString` sometimes miscounted distances in its character view, resulting in an invalid collection conformance. This is now fixed. ([#​485](https://redirect.github.com/apple/swift-collections/issues/485)) - `BigString`'s Unicode Scalar and character views now make better use of known lengths of the text chunks stored in the tree, resulting in significantly improved performance for their distance measurements. ([#​486](https://redirect.github.com/apple/swift-collections/issues/486)) - The Foundation-specific toolchain configuration was updated to include the Deque type. ([#​496](https://redirect.github.com/apple/swift-collections/issues/496)) #### What's Changed - \[BigString] Fix character indexing operations by [@​lorentey](https://redirect.github.com/lorentey) in [#​485](https://redirect.github.com/apple/swift-collections/pull/485) - \[BigString] Harvest some low-hanging performance fruit by [@​lorentey](https://redirect.github.com/lorentey) in [#​486](https://redirect.github.com/apple/swift-collections/pull/486) - Include DequeModule in the Foundation toolchain build by [@​cthielen](https://redirect.github.com/cthielen) in [#​496](https://redirect.github.com/apple/swift-collections/pull/496) **Full Changelog**: <https://github.com/apple/swift-collections/compare/1.2.0...1.2.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS44Mi43IiwidXBkYXRlZEluVmVyIjoiNDEuOTcuMTAiLCJ0YXJnZXRCcmFuY2giOiJjYW5hcnkiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
ShellWen | 颉文, Chen Chang
|
2a2793eada |
fix: Correct spacing in AI partner description (#13593)
Fixed spacing issue in AI partner description. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Improved readability by fixing a minor punctuation/spacing issue in the project’s introductory text (added a space after a comma). * Polished wording to better reflect professional tone without altering meaning. * No changes to functionality, configuration, or user workflows. * No impact on APIs, interfaces, or compatibility. * No additional steps required for users; purely a documentation refinement. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Cats Juice
|
b6a3241451 |
chore(core): hide embedding status in chat (#13605)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Style** * Simplified the AI chat composer tip: removed the dynamic embedding-status tooltip so only a single static caution remains — “AI outputs can be misleading or wrong.” * **Tests** * One end-to-end test related to embedding status was commented out and is no longer executed. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Lakr
|
360c9545f4 |
feat(ios): [IAP] Paywall Initial Commit (#13609)
Requires https://github.com/toeverything/AFFiNE/pull/13606 to be merged. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Introduced an in-app Paywall with Pro, AI, and Believer plans, feature previews, paging dots, and selectable pricing options. - Added purchase and restore actions, plus a unified, polished UI using new color/icon resources. - Documentation - Added Swift Code Style Guidelines. - Chores - Updated dependencies (including MarkdownView 3.4.2), added new resource packages, and removed an unused dependency. - Raised iOS deployment target to 16.5 and refreshed project settings. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
Lakr
|
1f228382c2 |
chore: fix building the app (#13606)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Built-in Then-style DSL for fluent configuration. - Centralized theming via a new resources library exposing standardized colors and icons for SwiftUI and UIKit. - Refactor - Migrated color and icon accessors to the new resources provider. - Removed redundant imports and streamlined UI configuration. - Dependencies - Updated MarkdownView to 3.4.2. - Removed the Then third-party dependency; updated package sources; added resources package and assets. - Documentation - Added iOS Swift code style and architecture guidelines. - Chores - Updated Xcode project format and repository ignore rules. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
DarkSky
|
ee77c548ca |
feat: get prompt model names (#13607)
fix AI-419 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - New API to fetch available models for a prompt, returning default, optional, and pro models with human‑readable names. - Added temperature and topP settings to prompt configuration for finer control. - Refactor - When no model is chosen, the default model is used instead of auto-picking a pro model. - Model metadata across providers now includes readable names, improving listings and selection UX. - Tests - Updated test snapshots and descriptions to reflect the new default-model behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
DarkSky
|
a0b73cdcec |
feat: improve model resolve (#13601)
fix AI-419 |
||
|
EYHN
|
89646869e4 |
feat(ios): create paywall api (#13602)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Introduced a new iOS Paywall plugin with a simple API to display a paywall and receive a success response. - Added JavaScript wrapper and type definitions for easy integration. - Refactor - Reorganized the iOS project structure for plugins. - Chores - Removed unused legacy iOS plugins to streamline the app and reduce build complexity. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
L-Sun
|
34a3c83d84 |
fix(editor): prevent SwiftKey IME double input (#13590)
Close [BS-3610](https://linear.app/affine-design/issue/BS-3610/bug-每次按空格会出现重复单词-,特定输入法,比如swiftkey) #### PR Dependency Tree * **PR #13591** * **PR #13590** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Bug Fixes - Android: More reliable Backspace/delete handling, preventing missed inputs and double-deletions. - Android: Cursor/selection is correctly restored after merging a paragraph with the previous block. - Android: Smoother IME composition input; captures correct composition range. - Deletion across lines and around embeds/empty lines is more consistent. - Chores - Internal event handling updated to improve Android compatibility and stability (no user-facing changes). <!-- end of auto-generated comment: release notes by coderabbit.ai --> #### PR Dependency Tree * **PR #13591** * **PR #13590** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal)v0.24.2 v0.25.0-beta.0 |
||
|
L-Sun
|
fd717af3db |
fix(core): update and fix oxlint error (#13591)
#### PR Dependency Tree * **PR #13591** 👈 * **PR #13590** This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Bug Fixes - Improved drag-and-drop stability: draggables, drop targets, and monitors now respond when option sources or external data change. - Improved async actions and permission checks to always use the latest callbacks and error handlers. - Chores - Lint/Prettier configs updated to ignore the Git directory. - Upgraded oxlint dev dependency. - Tests - Updated several end-to-end tests for more reliable text selection, focus handling, and timing. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
renovate[bot]
|
039976ee6d |
chore: bump up vite version to v6.3.6 [SECURITY] (#13573)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`6.3.5` -> `6.3.6`](https://renovatebot.com/diffs/npm/vite/6.3.5/6.3.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-58751](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c) ### Summary Files starting with the same name with the public directory were served bypassing the `server.fs` settings. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using --host or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) - uses [the public directory feature](https://vite.dev/guide/assets.html#the-public-directory) (enabled by default) - a symlink exists in the public directory ### Details The [servePublicMiddleware]( |
||
|
dependabot[bot]
|
e158e11608 |
chore: bump sha.js from 2.4.11 to 2.4.12 (#13560)
Bumps [sha.js](https://github.com/crypto-browserify/sha.js) from 2.4.11 to 2.4.12. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/browserify/sha.js/blob/master/CHANGELOG.md">sha.js's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/browserify/sha.js/compare/v2.4.11...v2.4.12">v2.4.12</a> - 2025-07-01</h2> <h3>Commits</h3> <ul> <li>[eslint] switch to eslint <a href=" |
||
|
renovate[bot]
|
18faaa38a0 |
chore: bump up mermaid version to v10.9.4 [SECURITY] (#13518)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [mermaid](https://redirect.github.com/mermaid-js/mermaid) | [`10.9.3` -> `10.9.4`](https://renovatebot.com/diffs/npm/mermaid/10.9.3/10.9.4) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-54881](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-7rqq-prvp-x9jh) ### Summary In the default configuration of mermaid 11.9.0, user supplied input for sequence diagram labels is passed to `innerHTML` during calculation of element size, causing XSS. ### Details Sequence diagram node labels with KaTeX delimiters are passed through `calculateMathMLDimensions`. This method passes the full label to `innerHTML` which allows allows malicious users to inject arbitrary HTML and cause XSS when mermaid-js is used in it's default configuration (with KaTeX support enabled). The vulnerability lies here: ```ts export const calculateMathMLDimensions = async (text: string, config: MermaidConfig) => { text = await renderKatex(text, config); const divElem = document.createElement('div'); divElem.innerHTML = text; // XSS sink, text has not been sanitized. divElem.id = 'katex-temp'; divElem.style.visibility = 'hidden'; divElem.style.position = 'absolute'; divElem.style.top = '0'; const body = document.querySelector('body'); body?.insertAdjacentElement('beforeend', divElem); const dim = { width: divElem.clientWidth, height: divElem.clientHeight }; divElem.remove(); return dim; }; ``` The `calculateMathMLDimensions` method was introduced in 5c69e5fdb004a6d0a2abe97e23d26e223a059832 two years ago, which was released in [Mermaid 10.9.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.0). ### PoC Render the following diagram and observe the modified DOM. ``` sequenceDiagram participant A as Alice<img src="x" onerror="document.write(`xss on ${document.domain}`)">$$\\text{Alice}$$ A->>John: Hello John, how are you? Alice-)John: See you later! ``` Here is a PoC on mermaid.live: https://mermaid.live/edit#pako:eNpVUMtOwzAQ_BWzyoFKaRTyaFILiio4IK7ckA-1km1iKbaLY6spUf4dJ0AF68uOZ2dm7REqXSNQ6PHDoarwWfDGcMkUudaJGysqceLKkj3hPdl3osJ7IRvSm-qBwcCAaIXGaONRrSsnUdnobITF28PQ954lwXglai25UNNhxWAXBMyXxcGOi-3kL_5k79e73atuFSUv2HWazH1IWn0m3CC5aPf4b3p2WK--BW-4DJCOWzQ3TM0HQmiMqIFa4zAEicZv4iGMsw0D26JEBtS3NR656ywDpiYv869_11r-Ko12TQv0yLveI3eqfcjP111HUNVonrRTFuhdsVgAHWEAmuRxlG7SuEzKMi-yJAnhAjTLIk_EcbFJtuk2y9MphM8lM47KIp--AOZghtU ### Impact XSS on all sites that use mermaid and render user supplied diagrams without further sanitization. ### Remediation The value of the `text` argument for the `calculateMathMLDimensions` method needs to be sanitized before getting passed on to `innerHTML`. --- ### Release Notes <details> <summary>mermaid-js/mermaid (mermaid)</summary> ### [`v10.9.4`](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.4) [Compare Source](https://redirect.github.com/mermaid-js/mermaid/compare/v10.9.3...v10.9.4) This release backports the fix for GHSA-7rqq-prvp-x9jh from [v11.10.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.10.0), preventing a potential XSS attack in labels in sequence diagrams. See: [`9d68517`]( |
||
|
DarkSky
|
e2156ea135 | feat(server): integrate blob to context (#13491) v0.24.1 | ||
|
L-Sun
|
795bfb2f95 |
fix(ios): enable horizontal scroll for database (#13494)
Close [BS-3625](https://linear.app/affine-design/issue/BS-3625/移动端database-table-view无法横向滚动) #### PR Dependency Tree * **PR #13494** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved iOS mobile table view scrolling: horizontal overflow is no longer forcibly hidden, preventing clipped content and enabling smoother horizontal navigation. * Users can now access columns that previously appeared truncated on narrow screens. * Vertical scrolling behavior remains unchanged. * No impact on non‑iOS devices. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
L-Sun
|
0710da15c6 |
fix(editor): hook of database is invoked repeatedly (#13493)
Close [AF-2789](https://linear.app/affine-design/issue/AF-2789/安卓客户端日期没了) #### PR Dependency Tree * **PR #13493** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved editing mode stability in mobile Kanban cells by preventing redundant enter/exit transitions, resulting in smoother interactions and reduced flicker. * Enhanced mobile Table cells to avoid duplicate editing state changes, minimizing unnecessary updates and improving responsiveness. * Overall, editing transitions are now idempotent across affected mobile views, reducing visual jitter and improving performance during edit operations. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Peng Xiao
|
693ae9c834 |
fix(core): pasted code artifact should be inserted as codeblock (#13492)
fix AI-417 #### PR Dependency Tree * **PR #13492** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Copying code snippets now uses a rich format for improved paste fidelity in compatible editors. * Preserves code block formatting and language when pasted, reducing manual cleanup. * Continues to support plain text and HTML paste for broad compatibility. * Works more reliably when moving content within the app. * Existing copy confirmation remains unchanged. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
L-Sun
|
9d38f79395 |
fix(editor): deactivate editor when selection out of editor (#13490)
Close [AI-415](https://linear.app/affine-design/issue/AI-415/code-artifact-复制更好的支持code-block和插入正文) #### PR Dependency Tree * **PR #13490** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Editor now deactivates when text selection moves outside the app, preventing unintended interactions. * Better handling when selection changes to external content, reducing cases where the editor stayed active incorrectly. * **Stability** * Improved reliability around selection, focus, and visibility changes to avoid accidental edits or actions. <!-- end of auto-generated comment: release notes by coderabbit.ai --> #### PR Dependency Tree * **PR #13490** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal)v0.24.1-beta.1 |
||
|
L-Sun
|
680f3b3006 |
feat(editor): impl shape text with dom renderer (#13471)
#### PR Dependency Tree
* **PR #13464**
* **PR #13465**
* **PR #13471** 👈
* **PR #13472**
* **PR #13473**
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* DOM rendering added for groups, mind maps and connectors so group
titles/outlines and mindmap connectors are visible on canvas.
* Shapes now support right-to-left text with proper vertical alignment.
* **Improvements**
* Connector labels scale with viewport zoom for crisper display.
* Group-related selections (including nested groups) now update visuals
consistently.
* **Performance**
* Reduced DOM churn and fewer redraws during rendering and selection
changes.
* **Refactor**
* Renderer import/export surfaces consolidated with no user-facing
behavior changes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
|
||
|
Peng Xiao
|
fbf234f9fa |
fix(core): code artifact copy should retain the original format (#13489)
fix AI-415 #### PR Dependency Tree * **PR #13489** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved code block stability to prevent layout shifts and overlapping during syntax highlighting. * Ensured consistent height and alignment for code snippets. * **Style** * Refined code block appearance for clearer, more polished presentation. * **Chores** * Internal adjustments to support more reliable rendering of highlighted code. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
L-Sun
|
e9ede5213e |
fix(core): incorrect position of mobile notification card (#13485)
#### PR Dependency Tree * **PR #13485** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Style** * Improved mobile toast notification layout for better responsiveness across screen sizes. * Replaced fixed left alignment with dynamic edge offsets, ensuring consistent spacing near screen edges. * Removed forced centering and rigid width constraints to reduce clipping and overlap on narrow viewports. * Visual behavior only; no changes to interaction or functionality. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
德布劳外 · 贾贵
|
aea6f81937 |
fix(core): remove attachment chip failed (#13468)
> CLOSE PD-2697 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Removing an attachment chip now also removes duplicate attachments with the same source, preventing duplicate attachments in the AI chat chip list. * Removing a selected context chip now also removes duplicate selected contexts with the same identifier, preventing duplicate context chips. * Attachments from different sources and chips of other types (document, file, tag, collection) remain unaffected. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
L-Sun
|
66c2bf3151 |
fix(editor): incorrect z-index in dom renderer (#13465)
#### PR Dependency Tree * **PR #13464** * **PR #13465** 👈 * **PR #13471** * **PR #13472** * **PR #13473** This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved stacking order across canvas elements (shapes, connectors, brush, highlighter), reducing unexpected overlap. * Corrected z-index application for placeholders and fully rendered elements to ensure consistent layering during edits. * **Refactor** * Centralized z-index handling for canvas elements to provide predictable, uniform layering behavior across the app. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
L-Sun
|
aa052096c1 |
feat(editor): brush and highlighter dom renderer (#13464)
#### PR Dependency Tree * **PR #13464** 👈 * **PR #13465** This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * DOM-based SVG rendering for Brush and Highlighter with zoom, rotation, layering and improved visualization. * **Refactor** * Consolidated renderer exports into a single entry point for simpler integration. * **Chores** * Updated view registrations to include the new DOM renderer extensions. * Improved highlighter sizing consistency based on serialized bounds. * **Revert** * Removed highlighter renderer registration from the shape module. <!-- end of auto-generated comment: release notes by coderabbit.ai --> #### PR Dependency Tree * **PR #13464** 👈 * **PR #13465** * **PR #13471** * **PR #13472** * **PR #13473** This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) |
||
|
Wu Yue
|
c2f3018eb7 |
fix(core): missing lit component props (#13482)
Close [AI-413](https://linear.app/affine-design/issue/AI-413) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Chat messages now scroll vertically, preventing content from being cut off. * Chat actions are no longer displayed or fetched, reducing unnecessary loading. * Peek view chat composer behavior is aligned with the main chat, ensuring consistent feature availability across views. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
DarkSky
|
dd9d8adbf8 |
fix(server): multi step tool call (#13486)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Bug Fixes - Enforced a consistent step limit for AI responses across providers, preventing excessively long generations in both text and streaming modes for more predictable results. - Refactor - Centralized step limit configuration into a shared provider, ensuring uniform behavior across providers and simplifying future maintenance. - Standardized application of step limits in text generation and streaming flows to align provider behavior and improve overall reliability. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
L-Sun
|
7e0de251cb |
fix(editor): remove patch of key-binding in andriod (#13483)
In recent versions of Android (or maybe webview), the `KeyboardEvent.key` for the backspace key now has the correct value. This PR remove the patch since it will trigger two delete actions when press backspace at the first character of paragraph" Related PR https://github.com/toeverything/AFFiNE/issues/10523 #### PR Dependency Tree * **PR #13483** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Streamlined keyboard shortcut handling for greater consistency across platforms. * Reduced overhead by consolidating event bindings; no change to expected shortcut behavior for end-users. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
L-Sun
|
5c73fc9767 |
chore(editor): adjust notification of database editing (#13484)
#### PR Dependency Tree * **PR #13484** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Bug Fixes - Reduced repeated mobile editing notifications; the notice now appears once and only reappears after you dismiss it. - More consistent notification behavior on mobile for a less disruptive editing experience. - Refactor - Streamlined internal event handling to improve reliability and reduce potential listener leaks, resulting in smoother interactions. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Peng Xiao
|
a0c22b7d06 |
fix(core): manage payment details entry adjustment (#13481)
#### PR Dependency Tree * **PR #13481** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Bug Fixes - The “Update payment method” prompt now appears only when your subscription is past due. - Payment Method section now shows whenever a paid plan record exists (loading placeholders unchanged). - Action button styling adjusts for past-due subscriptions (uses the alternate/secondary style). <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
DarkSky
|
072557eba1 |
feat(server): adapt gpt5 (#13478)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Added GPT-5 family and made GPT-5/-mini the new defaults for Copilot scenarios and prompts. - Bug Fixes - Improved streaming chunk formats and reasoning/text semantics, consistent attachment mediaType handling, and more reliable reranking via log-prob handling. - Refactor - Unified maxOutputTokens usage; removed per-call step caps and migrated several tools to a unified inputSchema shape. - Chores - Upgraded AI SDK dependencies and bumped an internal dependency version. - Tests - Updated mocks and tests to reference GPT-5 variants and new stream formats. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |